chore: remove unused items from openhands.server package (#14202 )

Co-authored-by: openhands <openhands@all-hands.dev>
Remove unused items from openhands.core package (#14201 )
2026-04-29 03:00:45 -04:00 · 2026-04-28 17:57:23 -06:00 · 2026-04-28 17:05:57 -06:00 · 2026-04-28 15:00:50 -06:00 · 2026-04-28 14:47:26 -06:00 · 2026-04-28 14:21:14 -06:00
1264 changed files with 36497 additions and 150215 deletions
--- a/.agents/skills/custom-codereview-guide.md
+++ b/.agents/skills/custom-codereview-guide.md
@@ -0,0 +1,47 @@
+---
+name: custom-codereview-guide
+description: Repo-specific code review guidelines for All-Hands-AI/OpenHands. Provides frontend and backend review rules in addition to the default code review skill.
+triggers:
+- /codereview
+---
+
+# All-Hands-AI/OpenHands Code Review Guidelines
+
+You are an expert code reviewer for the **All-Hands-AI/OpenHands** repository. This skill provides repo-specific review guidelines.
+
+## Frontend: i18n / Translation Key Usage
+
+**Never dynamically construct i18n keys via string interpolation or template literals.**
+
+All translation keys must come from the `I18nKey` enum (`frontend/src/i18n/declaration.ts`) or from canonical mapping objects like `AGENT_STATUS_MAP` (`frontend/src/utils/status.ts`). Dynamically constructed keys (e.g., `` t(`STATUS$${value.toUpperCase()}`) ``) will silently fall back to the raw key string at runtime because `i18next` returns the key itself when a translation is missing — this produces broken UI text with no build-time or test-time error.
+
+### What to flag
+
+- Any call to `t(...)` or `i18next.t(...)` where the key is built at runtime via template literals, string concatenation, or helper functions rather than referencing `I18nKey` or a known mapping
+- Any new i18n key referenced in code that does not exist in `frontend/src/i18n/translation.json`
+
+### Correct pattern
+
+```ts
+import { AGENT_STATUS_MAP } from "#/utils/status";
+
+const i18nKey = AGENT_STATUS_MAP[agentState];
+const message = i18nKey ? t(i18nKey) : fallback;
+```
+
+### Incorrect pattern
+
+```ts
+// BAD: constructs a key that may not exist in translation.json
+const message = t(`STATUS$${agentState.toUpperCase()}`);
+```
+
+## Frontend: Data Fetching Architecture
+
+UI components must never call API client methods (`frontend/src/api/`) directly. All data access must go through TanStack Query hooks:
+
+```
+UI components → TanStack Query hooks (frontend/src/hooks/query/ or mutation/) → API client (frontend/src/api/) → API endpoints
+```
+
+Flag any component that imports directly from `#/api/` and calls fetch/mutation functions without a TanStack Query wrapper.
--- a/.agents/skills/update-sdk/SKILL.md
+++ b/.agents/skills/update-sdk/SKILL.md
@@ -95,13 +95,13 @@ git tag X.Y.Z

 Create a `saas-rel-X.Y.Z` branch from the tagged commit for the SaaS deployment pipeline.

-#### Step 3: CI builds Docker images automatically
+#### Step 3: Images get tagged automatically

-The `ghcr-build.yml` workflow triggers on tag pushes and produces:
- `ghcr.io/openhands/openhands:X.Y.Z`, `X.Y`, `X`, `latest`
- `ghcr.io/openhands/runtime:X.Y.Z-nikolaik`, `X.Y-nikolaik`
+Every push to `main` / `saas-rel-*` / `oss-rel-*` builds and publishes `ghcr.io/openhands/openhands` and `ghcr.io/openhands/enterprise-server` images for that commit (tagged by SHA, short SHA, and branch name).

-The tagging logic lives in `containers/build.sh` — when `GITHUB_REF_NAME` matches a semver pattern (`^[0-9]+\.[0-9]+\.[0-9]+$`), it auto-generates major, major.minor, and `latest` tags.
+Pushing a git tag `X.Y.Z` then tags the images for that commit with `X.Y.Z`, `X.Y`, `X`, and `latest`. Non-semver tags just get their literal name applied.
+
+Requires the commit to already be built. If you push the tag too early, the retag CI job fails loudly — re-run it from the Actions UI once the build completes.

 ## Development: Pin SDK to an Unreleased Commit

--- a/.agents/skills/update-sdk/references/docker-image-locations.md
+++ b/.agents/skills/update-sdk/references/docker-image-locations.md
@@ -46,39 +46,16 @@ These files contain image tags that **must** be updated whenever the SDK version
 ### `openhands/version.py`
 - Reads version from `pyproject.toml` at runtime → `openhands.__version__`

-### `openhands/resolver/issue_resolver.py`
- Builds `ghcr.io/openhands/runtime:{openhands.__version__}-nikolaik` dynamically
-
-### `openhands/runtime/utils/runtime_build.py`
- Base repo URL `ghcr.io/openhands/runtime` is a constant; version comes from elsewhere
-
 ### `.github/scripts/update_pr_description.sh`
 - Uses `${SHORT_SHA}` variable at CI runtime, not hardcoded

 ### `enterprise/Dockerfile`
 - `ARG BASE="ghcr.io/openhands/openhands"` — base image, version supplied at build time

-## V0 Legacy Files (separate update cadence)
-
-These reference the V0 runtime image (`ghcr.io/openhands/runtime:X.Y-nikolaik`) for local Docker/Kubernetes paths. They are **not** updated as part of a V1 release but may be updated independently.
-
-### `Development.md`
- `export SANDBOX_RUNTIME_CONTAINER_IMAGE=ghcr.io/openhands/runtime:X.Y-nikolaik`
-
-### `openhands/runtime/impl/kubernetes/README.md`
- `runtime_container_image = "docker.openhands.dev/openhands/runtime:X.Y-nikolaik"`
-
-### `enterprise/enterprise_local/README.md`
- Uses `ghcr.io/openhands/runtime:main-nikolaik` (points to `main`, not versioned)
-
-### `third_party/runtime/impl/daytona/README.md`
- Uses `${OPENHANDS_VERSION}` variable, not hardcoded
-
 ## Image Registries

 | Registry | Usage |
 |----------|-------|
 | `ghcr.io/openhands/agent-server` | V1 agent-server (sandbox) — built by SDK repo CI |
 | `ghcr.io/openhands/openhands` | Main app image — built by `ghcr-build.yml` |
-| `ghcr.io/openhands/runtime` | V0 runtime sandbox — built by `ghcr-build.yml` |
 | `docker.openhands.dev/openhands/*` | Mirror/CDN for the above images |
--- a/.gitattributes
+++ b/.gitattributes
@@ -4,4 +4,5 @@
 * text eol=lf
 # Git incorrectly thinks some media is text
 *.png -text
+*.gif -text
 *.mp4 -text
--- a/.github/actions/docker-image-tags/action.yml
+++ b/.github/actions/docker-image-tags/action.yml
@@ -0,0 +1,51 @@
+name: Compute Docker image tags
+description: Produce the canonical OpenHands Docker tag set (ref name, short SHA, full SHA — each in bare and `sha-` prefixed form) for a given image, with optional suffix and extra raw tags.
+
+inputs:
+  image:
+    description: Fully qualified image name (e.g. ghcr.io/owner/openhands).
+    required: true
+  ref-name:
+    description: Git ref name to emit as a tag (e.g. main, pr-123, saas-rel-1.2.3).
+    required: true
+  suffix:
+    description: Suffix appended to every tag (e.g. -amd64, -nikolaik-arm64). Leave empty for base (multi-arch manifest) tags.
+    required: false
+    default: ""
+  extra-tags:
+    description: Additional newline-separated metadata-action tag rules (e.g. extra `type=raw,value=...` lines).
+    required: false
+    default: ""
+
+outputs:
+  tags:
+    description: Newline-separated list of fully qualified image tags.
+    value: ${{ steps.meta.outputs.tags }}
+  labels:
+    description: Image labels emitted by docker/metadata-action.
+    value: ${{ steps.meta.outputs.labels }}
+  version:
+    description: Sanitized version string (ref-name with any suffix applied). Safe to use in docker tags.
+    value: ${{ steps.meta.outputs.version }}
+
+runs:
+  using: composite
+  steps:
+    - name: Compute tags
+      id: meta
+      uses: docker/metadata-action@v6
+      env:
+        # Use the PR head SHA (not the merge SHA) for sha-prefixed tags.
+        DOCKER_METADATA_PR_HEAD_SHA: "true"
+      with:
+        images: ${{ inputs.image }}
+        flavor: |
+          latest=false
+          suffix=${{ inputs.suffix }}
+        tags: |
+          type=raw,value=${{ inputs.ref-name }}
+          type=sha,prefix=sha-
+          type=sha,prefix=
+          type=sha,format=long,prefix=sha-
+          type=sha,format=long,prefix=
+          ${{ inputs.extra-tags }}
--- a/.github/actions/docker-merge-manifest/action.yml
+++ b/.github/actions/docker-merge-manifest/action.yml
@@ -0,0 +1,43 @@
+name: Merge multi-arch Docker manifest
+description: Build a multi-arch manifest from per-arch image tags pushed by an earlier build step.
+
+inputs:
+  base-tags:
+    description: Newline-separated list of base tags (without architecture suffix).
+    required: true
+  archs:
+    description: Space-separated list of architectures (e.g. "amd64 arm64").
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Login to GHCR
+      uses: docker/login-action@v4
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ github.token }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Create multi-arch manifests
+      shell: bash
+      env:
+        BASE_TAGS: ${{ inputs.base-tags }}
+        ARCHS: ${{ inputs.archs }}
+      run: |
+        while IFS= read -r tag; do
+          [[ -z "$tag" ]] && continue
+          sources=""
+          for arch in $ARCHS; do
+            if ! docker buildx imagetools inspect "${tag}-${arch}" > /dev/null 2>&1; then
+              echo "::error::Missing image ${tag}-${arch}"
+              exit 1
+            fi
+            sources+=" ${tag}-${arch}"
+          done
+          echo "Creating manifest for $tag from:$sources"
+          docker buildx imagetools create -t "$tag" $sources
+        done <<< "$BASE_TAGS"
--- a/.github/scripts/update_pr_description.sh
+++ b/.github/scripts/update_pr_description.sh
@@ -13,7 +13,6 @@ DOCKER_RUN_COMMAND="docker run -it --rm \
  -p 3000:3000 \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --add-host host.docker.internal:host-gateway \
-  -e SANDBOX_RUNTIME_CONTAINER_IMAGE=docker.openhands.dev/openhands/runtime:${SHORT_SHA}-nikolaik \
  --name openhands-app-${SHORT_SHA} \
  docker.openhands.dev/openhands/openhands:${SHORT_SHA}"

--- a/.github/workflows/_build-image.yml
+++ b/.github/workflows/_build-image.yml
@@ -0,0 +1,116 @@
+# Reusable workflow: build a multi-arch Docker image and publish a merged manifest.
+# Called per image from .github/workflows/ghcr-build.yml.
+name: Build and push multi-arch image
+
+on:
+  workflow_call:
+    inputs:
+      image:
+        description: Fully-qualified image name (e.g. "ghcr.io/all-hands-ai/openhands").
+        required: true
+        type: string
+      context:
+        description: Docker build context.
+        required: false
+        type: string
+        default: "."
+      dockerfile:
+        description: Path to the Dockerfile.
+        required: true
+        type: string
+      extra-build-args:
+        description: Additional build-args (newline-separated). OPENHANDS_BUILD_VERSION is added automatically.
+        required: false
+        type: string
+        default: ""
+      provenance:
+        description: Value passed to docker/build-push-action provenance.
+        required: false
+        type: boolean
+        default: false
+      sbom:
+        description: Value passed to docker/build-push-action sbom.
+        required: false
+        type: boolean
+        default: false
+      buildx-driver-opts:
+        description: Extra buildx driver-opts (e.g. "network=host" for enterprise).
+        required: false
+        type: string
+        default: ""
+
+env:
+  RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
+  RELEVANT_REF_NAME: ${{ github.event.pull_request.number && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}
+
+jobs:
+  build:
+    name: Build ${{ inputs.image }} (${{ matrix.arch }})
+    runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-22.04' }}
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Login to GHCR
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: ${{ inputs.buildx-driver-opts }}
+      - name: Compute per-arch tags
+        id: meta
+        uses: ./.github/actions/docker-image-tags
+        with:
+          image: ${{ inputs.image }}
+          ref-name: ${{ env.RELEVANT_REF_NAME }}
+          suffix: -${{ matrix.arch }}
+      - name: Build and push
+        uses: docker/build-push-action@v7
+        with:
+          context: ${{ inputs.context }}
+          file: ${{ inputs.dockerfile }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/${{ matrix.arch }}
+          build-args: |
+            OPENHANDS_BUILD_VERSION=${{ env.RELEVANT_REF_NAME }}
+            ${{ inputs.extra-build-args }}
+          cache-from: |
+            type=registry,ref=${{ inputs.image }}:buildcache-${{ steps.meta.outputs.version }}
+            type=registry,ref=${{ inputs.image }}:buildcache-main-${{ matrix.arch }}
+          cache-to: type=registry,ref=${{ inputs.image }}:buildcache-${{ steps.meta.outputs.version }},mode=max
+          provenance: ${{ inputs.provenance }}
+          sbom: ${{ inputs.sbom }}
+
+  merge:
+    name: Merge ${{ inputs.image }} manifest
+    runs-on: ubuntu-22.04
+    needs: build
+    permissions:
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Compute base tags
+        id: meta_base
+        uses: ./.github/actions/docker-image-tags
+        with:
+          image: ${{ inputs.image }}
+          ref-name: ${{ env.RELEVANT_REF_NAME }}
+      - name: Merge manifests
+        uses: ./.github/actions/docker-merge-manifest
+        with:
+          base-tags: ${{ steps.meta_base.outputs.tags }}
+          archs: "amd64 arm64"
--- a/.github/workflows/check-version-consistency.yml
+++ b/.github/workflows/check-version-consistency.yml
@@ -12,7 +12,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6

      - name: Set up Python
        uses: actions/setup-python@v6
--- a/.github/workflows/e2e-tests.yml
+++ b/.github/workflows/e2e-tests.yml
@@ -1,228 +0,0 @@
-name: End-to-End Tests
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, labeled]
-    branches:
-      - main
-      - develop
-  workflow_dispatch:
-
-jobs:
-  e2e-tests:
-    if: contains(github.event.pull_request.labels.*.name, 'end-to-end') || github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-
-    env:
-      GITHUB_REPO_NAME: ${{ github.repository }}
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
-
-      - name: Install poetry via pipx
-        uses: abatilo/actions-poetry@v4
-        with:
-          poetry-version: 2.1.3
-
-      - name: Set up Python
-        uses: actions/setup-python@v6
-        with:
-          python-version: '3.12'
-          cache: 'poetry'
-
-      - name: Install system dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y libgtk-3-0 libnotify4 libnss3 libxss1 libxtst6 xauth xvfb libgbm1 libasound2t64 netcat-openbsd
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: '22'
-          cache: 'npm'
-          cache-dependency-path: 'frontend/package-lock.json'
-
-      - name: Setup environment for end-to-end tests
-        run: |
-          # Create test results directory
-          mkdir -p test-results
-
-          # Create downloads directory for OpenHands (use a directory in the home folder)
-          mkdir -p $HOME/downloads
-          sudo chown -R $USER:$USER $HOME/downloads
-          sudo chmod -R 755 $HOME/downloads
-
-      - name: Build OpenHands
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          LLM_MODEL: ${{ secrets.LLM_MODEL || 'gpt-4o' }}
-          LLM_API_KEY: ${{ secrets.LLM_API_KEY || 'test-key' }}
-          LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
-          INSTALL_DOCKER: 1
-          RUNTIME: docker
-          FRONTEND_PORT: 12000
-          FRONTEND_HOST: 0.0.0.0
-          BACKEND_HOST: 0.0.0.0
-          BACKEND_PORT: 3000
-          ENABLE_BROWSER: true
-          INSTALL_PLAYWRIGHT: 1
-        run: |
-          # Fix poetry.lock file if needed
-          echo "Fixing poetry.lock file if needed..."
-          poetry lock
-
-          # Build OpenHands using make build
-          echo "Running make build..."
-          make build
-
-          # Install Chromium Headless Shell for Playwright (needed for pytest-playwright)
-          echo "Installing Chromium Headless Shell for Playwright..."
-          poetry run playwright install chromium-headless-shell
-
-          # Verify Playwright browsers are installed (for e2e tests only)
-          echo "Verifying Playwright browsers installation for e2e tests..."
-          BROWSER_CHECK=$(poetry run python tests/e2e/check_playwright.py 2>/dev/null)
-
-          if [ "$BROWSER_CHECK" != "chromium_found" ]; then
-            echo "ERROR: Chromium browser not found or not working for e2e tests"
-            echo "$BROWSER_CHECK"
-            exit 1
-          else
-            echo "Playwright browsers are properly installed for e2e tests."
-          fi
-
-          # Docker runtime will handle workspace directory creation
-
-          # Start the application using make run with custom parameters and reduced logging
-          echo "Starting OpenHands using make run..."
-          # Set environment variables to reduce logging verbosity
-          export PYTHONUNBUFFERED=1
-          export LOG_LEVEL=WARNING
-          export UVICORN_LOG_LEVEL=warning
-          export OPENHANDS_LOG_LEVEL=WARNING
-          FRONTEND_PORT=12000 FRONTEND_HOST=0.0.0.0 BACKEND_HOST=0.0.0.0 make run > /tmp/openhands-e2e-test.log 2>&1 &
-
-          # Store the PID of the make run process
-          MAKE_PID=$!
-          echo "OpenHands started with PID: $MAKE_PID"
-
-          # Wait for the application to start
-          echo "Waiting for OpenHands to start..."
-          max_attempts=15
-          attempt=1
-
-          while [ $attempt -le $max_attempts ]; do
-            echo "Checking if OpenHands is running (attempt $attempt of $max_attempts)..."
-
-            # Check if the process is still running
-            if ! ps -p $MAKE_PID > /dev/null; then
-              echo "ERROR: OpenHands process has terminated unexpectedly"
-              echo "Last 50 lines of the log:"
-              tail -n 50 /tmp/openhands-e2e-test.log
-              exit 1
-            fi
-
-            # Check if frontend port is open
-            if nc -z localhost 12000; then
-              # Verify we can get HTML content
-              if curl -s http://localhost:12000 | grep -q "<html"; then
-                echo "SUCCESS: OpenHands is running and serving HTML content on port 12000"
-                break
-              else
-                echo "Port 12000 is open but not serving HTML content yet"
-              fi
-            else
-              echo "Frontend port 12000 is not open yet"
-            fi
-
-            # Show log output on each attempt
-            echo "Recent log output:"
-            tail -n 20 /tmp/openhands-e2e-test.log
-
-            # Wait before next attempt
-            echo "Waiting 10 seconds before next check..."
-            sleep 10
-            attempt=$((attempt + 1))
-
-            # Exit if we've reached the maximum number of attempts
-            if [ $attempt -gt $max_attempts ]; then
-              echo "ERROR: OpenHands failed to start after $max_attempts attempts"
-              echo "Last 50 lines of the log:"
-              tail -n 50 /tmp/openhands-e2e-test.log
-              exit 1
-            fi
-          done
-
-          # Final verification that the app is running
-          if ! nc -z localhost 12000 || ! curl -s http://localhost:12000 | grep -q "<html"; then
-            echo "ERROR: OpenHands is not running properly on port 12000"
-            echo "Last 50 lines of the log:"
-            tail -n 50 /tmp/openhands-e2e-test.log
-            exit 1
-          fi
-
-          # Print success message
-          echo "OpenHands is running successfully on port 12000"
-
-      - name: Run end-to-end tests
-        env:
-          GITHUB_TOKEN: ${{ secrets.E2E_TEST_GITHUB_TOKEN }}
-          LLM_MODEL: ${{ secrets.LLM_MODEL || 'gpt-4o' }}
-          LLM_API_KEY: ${{ secrets.LLM_API_KEY || 'test-key' }}
-          LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
-        run: |
-          # Check if the application is running
-          if ! nc -z localhost 12000; then
-            echo "ERROR: OpenHands is not running on port 12000"
-            echo "Last 50 lines of the log:"
-            tail -n 50 /tmp/openhands-e2e-test.log
-            exit 1
-          fi
-
-          # Run the tests with detailed output
-          cd tests/e2e
-          poetry run python -m pytest \
-            test_settings.py::test_github_token_configuration \
-            test_conversation.py::test_conversation_start \
-            test_browsing_catchphrase.py::test_browsing_catchphrase \
-            test_multi_conversation_resume.py::test_multi_conversation_resume \
-            -v --no-header --capture=no --timeout=900
-
-      - name: Upload test results
-        if: always()
-        uses: actions/upload-artifact@v6
-        with:
-          name: playwright-report
-          path: tests/e2e/test-results/
-          retention-days: 30
-
-      - name: Upload OpenHands logs
-        if: always()
-        uses: actions/upload-artifact@v6
-        with:
-          name: openhands-logs
-          path: |
-            /tmp/openhands-e2e-test.log
-            /tmp/openhands-e2e-build.log
-            /tmp/openhands-backend.log
-            /tmp/openhands-frontend.log
-            /tmp/backend-health-check.log
-            /tmp/frontend-check.log
-            /tmp/vite-config.log
-            /tmp/makefile-contents.log
-          retention-days: 30
-
-      - name: Cleanup
-        if: always()
-        run: |
-          # Stop OpenHands processes
-          echo "Stopping OpenHands processes..."
-          pkill -f "python -m openhands.server" || true
-          pkill -f "npm run dev" || true
-          pkill -f "make run" || true
-
-          # Print process status for debugging
-          echo "Checking if any OpenHands processes are still running:"
-          ps aux | grep -E "openhands|npm run dev" || true
--- a/.github/workflows/fe-e2e-tests.yml
+++ b/.github/workflows/fe-e2e-tests.yml
@@ -41,7 +41,7 @@ jobs:
        working-directory: ./frontend
        run: npx playwright test --project=chromium
      - name: Upload Playwright report
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        if: always()
        with:
          name: playwright-report
--- a/.github/workflows/ghcr-build.yml
+++ b/.github/workflows/ghcr-build.yml
@@ -1,17 +1,13 @@
-# Workflow that builds, tests and then pushes the OpenHands and runtime docker images to the ghcr.io repository
+# Workflow that builds and pushes the OpenHands app and enterprise Docker images to ghcr.io.
+# Per-image build logic lives in .github/workflows/_build-image.yml.
 name: Docker

-# Always run on "main"
-# Always run on tags
-# Always run on PRs
-# Can also be triggered manually
 on:
  push:
    branches:
      - main
      - "saas-rel-*"
-    tags:
-      - "*"
+      - "oss-rel-*"
  pull_request:
  workflow_dispatch:
    inputs:
@@ -20,243 +16,37 @@ on:
        required: true
        default: ""

-# If triggered by a PR, it will be in the same group. However, each commit on main will be in its own unique group
+# PR events share a group so pushes supersede each other; each commit on a release branch gets its own group.
 concurrency:
  group: ${{ github.workflow }}-${{ (github.head_ref && github.ref) || github.run_id }}
  cancel-in-progress: true

-env:
-  RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
-
 jobs:
-  define-matrix:
-    runs-on: ubuntu-latest
-    outputs:
-      base_image: ${{ steps.define-base-images.outputs.base_image }}
-      platforms: ${{ steps.define-base-images.outputs.platforms }}
-    steps:
-      - name: Define base images
-        shell: bash
-        id: define-base-images
-        run: |
-          if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
-            platforms="linux/amd64"
-            json=$(jq -n -c --arg platforms "$platforms" '[
-                { image: "nikolaik/python-nodejs:python3.12-nodejs22-slim", tag: "nikolaik", platforms: $platforms }
-              ]')
-          else
-            platforms="linux/amd64,linux/arm64"
-            json=$(jq -n -c --arg platforms "$platforms" '[
-                { image: "nikolaik/python-nodejs:python3.12-nodejs22-slim", tag: "nikolaik", platforms: $platforms },
-                { image: "ubuntu:24.04", tag: "ubuntu", platforms: $platforms }
-              ]')
-          fi
-          echo "base_image=$json" >> "$GITHUB_OUTPUT"
-          echo "platforms=$platforms" >> "$GITHUB_OUTPUT"
-
-  # Builds the OpenHands Docker images
-  ghcr_build_app:
-    name: Build App Image
-    runs-on: ubuntu-22.04
-    if: "!(github.event_name == 'push' && startsWith(github.ref, 'refs/tags/ext-v'))"
-    needs: define-matrix
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.7.0
-        with:
-          image: tonistiigi/binfmt:latest
-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Lowercase Repository Owner
-        run: |
-          echo REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
-      - name: Build and push app image
-        if: "!github.event.pull_request.head.repo.fork"
-        run: |
-          ./containers/build.sh -i openhands -o ${{ env.REPO_OWNER }} --push -p ${{ needs.define-matrix.outputs.platforms }}
-
-  # Builds the runtime Docker images
-  ghcr_build_runtime:
-    name: Build Runtime Image
-    runs-on: ubuntu-22.04
-    if: "!(github.event_name == 'push' && startsWith(github.ref, 'refs/tags/ext-v'))"
-    permissions:
-      contents: read
-      packages: write
-    needs: define-matrix
-    strategy:
-      matrix:
-        base_image: ${{ fromJson(needs.define-matrix.outputs.base_image) }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.7.0
-        with:
-          image: tonistiigi/binfmt:latest
-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-      - name: Install poetry via pipx
-        run: pipx install poetry
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-          cache: poetry
-      - name: Install Python dependencies using Poetry
-        run: make install-python-dependencies POETRY_GROUP=main INSTALL_PLAYWRIGHT=0
-      - name: Create source distribution and Dockerfile
-        run: poetry run python3 -m openhands.runtime.utils.runtime_build --base_image ${{ matrix.base_image.image }} --build_folder containers/runtime --force_rebuild
-      - name: Lowercase Repository Owner
-        run: |
-          echo REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
-      - name: Short SHA
-        run: |
-          echo SHORT_SHA=$(git rev-parse --short "$RELEVANT_SHA") >> $GITHUB_ENV
-      - name: Determine docker build params
-        if: github.event.pull_request.head.repo.fork != true
-        shell: bash
-        run: |
-
-          ./containers/build.sh -i runtime -o ${{ env.REPO_OWNER }} -t ${{ matrix.base_image.tag }} --dry -p ${{ matrix.base_image.platforms }}
-
-          DOCKER_BUILD_JSON=$(jq -c . < docker-build-dry.json)
-          echo "DOCKER_TAGS=$(echo "$DOCKER_BUILD_JSON" | jq -r '.tags | join(",")')" >> $GITHUB_ENV
-          echo "DOCKER_PLATFORM=$(echo "$DOCKER_BUILD_JSON" | jq -r '.platform')" >> $GITHUB_ENV
-          echo "DOCKER_BUILD_ARGS=$(echo "$DOCKER_BUILD_JSON" | jq -r '.build_args | join(",")')" >> $GITHUB_ENV
-      - name: Build and push runtime image ${{ matrix.base_image.image }}
-        if: github.event.pull_request.head.repo.fork != true
-        uses: docker/build-push-action@v6
-        with:
-          push: true
-          tags: ${{ env.DOCKER_TAGS }}
-          platforms: ${{ env.DOCKER_PLATFORM }}
-          # Caching directives to boost performance
-          cache-from: type=registry,ref=ghcr.io/${{ env.REPO_OWNER }}/runtime:buildcache-${{ matrix.base_image.tag }}
-          cache-to: type=registry,ref=ghcr.io/${{ env.REPO_OWNER }}/runtime:buildcache-${{ matrix.base_image.tag }},mode=max
-          build-args: ${{ env.DOCKER_BUILD_ARGS }}
-          context: containers/runtime
-          provenance: false
-      # Forked repos can't push to GHCR, so we just build in order to populate the cache for rebuilding
-      - name: Build runtime image ${{ matrix.base_image.image }} for fork
-        if: github.event.pull_request.head.repo.fork
-        uses: docker/build-push-action@v6
-        with:
-          tags: ghcr.io/${{ env.REPO_OWNER }}/runtime:${{ env.RELEVANT_SHA }}-${{ matrix.base_image.tag }}
-          context: containers/runtime
-      - name: Upload runtime source for fork
-        if: github.event.pull_request.head.repo.fork
-        uses: actions/upload-artifact@v6
-        with:
-          name: runtime-src-${{ matrix.base_image.tag }}
-          path: containers/runtime
-
-  ghcr_build_enterprise:
-    name: Push Enterprise Image
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      packages: write
-    needs: [define-matrix, ghcr_build_app]
-    # Do not build enterprise in forks
+  build_app:
+    name: App
    if: github.event.pull_request.head.repo.fork != true
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
+    uses: ./.github/workflows/_build-image.yml
+    with:
+      image: ghcr.io/openhands/openhands
+      dockerfile: containers/app/Dockerfile

-      # Set up Docker Buildx for better performance
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: network=host
-
-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ghcr.io/openhands/enterprise-server
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=sha
-            type=sha,format=long
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=match,pattern=cloud-\d+\.\d+\.\d+
-          flavor: |
-            latest=auto
-            prefix=
-            suffix=
-        env:
-          DOCKER_METADATA_PR_HEAD_SHA: true
-      - name: Determine app image tag
-        shell: bash
-        run: |
-          # Use the commit SHA to pin the exact app image built by ghcr_build_app,
-          # rather than a mutable branch tag like "main" which can serve stale cached layers.
-          echo "OPENHANDS_DOCKER_TAG=${RELEVANT_SHA}" >> $GITHUB_ENV
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: enterprise/Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          build-args: |
-            OPENHANDS_VERSION=${{ env.OPENHANDS_DOCKER_TAG }}
-          platforms: linux/amd64
-          # Add build provenance
-          provenance: true
-          # Add build attestations for better security
-          sbom: true
-
-  # "All Runtime Tests Passed" is a required job for PRs to merge
-  # We can remove this once the config changes
-  runtime_tests_check_success:
-    name: All Runtime Tests Passed
-    runs-on: ubuntu-22.04
-    steps:
-      - name: All tests passed
-        run: echo "All runtime tests have passed successfully!"
+  build_enterprise:
+    name: Enterprise
+    if: github.event.pull_request.head.repo.fork != true
+    needs: build_app
+    uses: ./.github/workflows/_build-image.yml
+    with:
+      image: ghcr.io/openhands/enterprise-server
+      dockerfile: enterprise/Dockerfile
+      extra-build-args: OPENHANDS_VERSION=sha-${{ github.event.pull_request.head.sha || github.sha }}
+      provenance: true
+      sbom: true
+      buildx-driver-opts: network=host

  update_pr_description:
    name: Update PR Description
    if: github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'
-    needs: [ghcr_build_runtime]
+    needs: build_app
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
@@ -264,7 +54,7 @@ jobs:

      - name: Get short SHA
        id: short_sha
-        run: echo "SHORT_SHA=$(echo ${{ github.event.pull_request.head.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
+        run: echo "SHORT_SHA=$(echo ${{ github.event.pull_request.head.sha }} | cut -c1-7)" >> "$GITHUB_OUTPUT"

      - name: Update PR Description
        env:
@@ -275,4 +65,4 @@ jobs:
        shell: bash
        run: |
          echo "Updating PR description with Docker and uvx commands"
-          bash ${GITHUB_WORKSPACE}/.github/scripts/update_pr_description.sh
+          bash "${GITHUB_WORKSPACE}/.github/scripts/update_pr_description.sh"
--- a/.github/workflows/openhands-resolver.yml
+++ b/.github/workflows/openhands-resolver.yml
@@ -1,433 +0,0 @@
-name: Auto-Fix Tagged Issue with OpenHands
-
-on:
-  workflow_call:
-    inputs:
-      max_iterations:
-        required: false
-        type: number
-        default: 50
-      macro:
-        required: false
-        type: string
-        default: "@openhands-agent"
-      target_branch:
-        required: false
-        type: string
-        default: "main"
-        description: "Target branch to pull and create PR against"
-      pr_type:
-        required: false
-        type: string
-        default: "draft"
-        description: "The PR type that is going to be created (draft, ready)"
-      LLM_MODEL:
-        required: false
-        type: string
-        default: "anthropic/claude-sonnet-4-20250514"
-      LLM_API_VERSION:
-        required: false
-        type: string
-        default: ""
-      base_container_image:
-        required: false
-        type: string
-        default: ""
-        description: "Custom sandbox env"
-      runner:
-        required: false
-        type: string
-        default: "ubuntu-latest"
-    secrets:
-      LLM_MODEL:
-        required: false
-      LLM_API_KEY:
-        required: true
-      LLM_BASE_URL:
-        required: false
-      PAT_TOKEN:
-        required: false
-      PAT_USERNAME:
-        required: false
-
-  issues:
-    types: [labeled]
-  pull_request:
-    types: [labeled]
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  pull_request_review:
-    types: [submitted]
-
-permissions:
-  contents: write
-  pull-requests: write
-  issues: write
-
-jobs:
-  auto-fix:
-    if: |
-      github.event_name == 'workflow_call' ||
-      github.event.label.name == 'fix-me' ||
-      github.event.label.name == 'fix-me-experimental' ||
-      (
-        ((github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment') &&
-        contains(github.event.comment.body, inputs.macro || '@openhands-agent') &&
-        (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'COLLABORATOR' || github.event.comment.author_association == 'MEMBER')
-        ) ||
-
-        (github.event_name == 'pull_request_review' &&
-        contains(github.event.review.body, inputs.macro || '@openhands-agent') &&
-        (github.event.review.author_association == 'OWNER' || github.event.review.author_association == 'COLLABORATOR' || github.event.review.author_association == 'MEMBER')
-        )
-      )
-    runs-on: "${{ inputs.runner || 'ubuntu-latest' }}"
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-      - name: Set up Python
-        uses: actions/setup-python@v6
-        with:
-          python-version: "3.12"
-      - name: Upgrade pip
-        run: |
-          python -m pip install --upgrade pip
-
-      - name: Get latest versions and create requirements.txt
-        run: |
-          python -m pip index versions openhands-ai > openhands_versions.txt
-          OPENHANDS_VERSION=$(head -n 1 openhands_versions.txt | awk '{print $2}' | tr -d '()')
-
-          # Create a new requirements.txt locally within the workflow, ensuring no reference to the repo's file
-          echo "openhands-ai==${OPENHANDS_VERSION}" > /tmp/requirements.txt
-          cat /tmp/requirements.txt
-
-      - name: Cache pip dependencies
-        if: |
-          !(
-            github.event.label.name == 'fix-me-experimental' ||
-            (
-              (github.event_name == 'issue_comment' || github.event_name == 'pull_request_review_comment') &&
-              contains(github.event.comment.body, '@openhands-agent-exp')
-            ) ||
-            (
-              github.event_name == 'pull_request_review' &&
-              contains(github.event.review.body, '@openhands-agent-exp')
-            )
-          )
-        uses: actions/cache@v5
-        with:
-          path: ${{ env.pythonLocation }}/lib/python3.12/site-packages/*
-          key: ${{ runner.os }}-pip-openhands-resolver-${{ hashFiles('/tmp/requirements.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-openhands-resolver-${{ hashFiles('/tmp/requirements.txt') }}
-
-      - name: Check required environment variables
-        env:
-          LLM_MODEL: ${{ secrets.LLM_MODEL || inputs.LLM_MODEL }}
-          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
-          LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
-          LLM_API_VERSION: ${{ inputs.LLM_API_VERSION }}
-          PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
-          PAT_USERNAME: ${{ secrets.PAT_USERNAME }}
-          GITHUB_TOKEN: ${{ github.token }}
-        run: |
-          required_vars=("LLM_API_KEY")
-          for var in "${required_vars[@]}"; do
-            if [ -z "${!var}" ]; then
-              echo "Error: Required environment variable $var is not set."
-              exit 1
-            fi
-          done
-
-          # Check optional variables and warn about fallbacks
-          if [ -z "$LLM_BASE_URL" ]; then
-            echo "Warning: LLM_BASE_URL is not set, will use default API endpoint"
-          fi
-
-          if [ -z "$PAT_TOKEN" ]; then
-            echo "Warning: PAT_TOKEN is not set, falling back to GITHUB_TOKEN"
-          fi
-
-          if [ -z "$PAT_USERNAME" ]; then
-            echo "Warning: PAT_USERNAME is not set, will use openhands-agent"
-          fi
-
-      - name: Set environment variables
-        env:
-          REVIEW_BODY: ${{ github.event.review.body || '' }}
-        run: |
-          # Handle pull request events first
-          if [ -n "${{ github.event.pull_request.number }}" ]; then
-            echo "ISSUE_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_ENV
-            echo "ISSUE_TYPE=pr" >> $GITHUB_ENV
-          # Handle pull request review events
-          elif [ -n "$REVIEW_BODY" ]; then
-            echo "ISSUE_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_ENV
-            echo "ISSUE_TYPE=pr" >> $GITHUB_ENV
-          # Handle issue comment events that reference a PR
-          elif [ -n "${{ github.event.issue.pull_request }}" ]; then
-            echo "ISSUE_NUMBER=${{ github.event.issue.number }}" >> $GITHUB_ENV
-            echo "ISSUE_TYPE=pr" >> $GITHUB_ENV
-          # Handle regular issue events
-          else
-            echo "ISSUE_NUMBER=${{ github.event.issue.number }}" >> $GITHUB_ENV
-            echo "ISSUE_TYPE=issue" >> $GITHUB_ENV
-          fi
-
-          if [ -n "$REVIEW_BODY" ]; then
-            echo "COMMENT_ID=${{ github.event.review.id || 'None' }}" >> $GITHUB_ENV
-          else
-            echo "COMMENT_ID=${{ github.event.comment.id || 'None' }}" >> $GITHUB_ENV
-          fi
-
-          echo "MAX_ITERATIONS=${{ inputs.max_iterations || 50 }}" >> $GITHUB_ENV
-          echo "SANDBOX_ENV_GITHUB_TOKEN=${{ secrets.PAT_TOKEN || github.token }}" >> $GITHUB_ENV
-          echo "SANDBOX_BASE_CONTAINER_IMAGE=${{ inputs.base_container_image }}" >> $GITHUB_ENV
-
-          # Set branch variables
-          echo "TARGET_BRANCH=${{ inputs.target_branch || 'main' }}" >> $GITHUB_ENV
-
-      - name: Comment on issue with start message
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.PAT_TOKEN || github.token }}
-          script: |
-            const issueType = process.env.ISSUE_TYPE;
-            github.rest.issues.createComment({
-              issue_number: ${{ env.ISSUE_NUMBER }},
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `[OpenHands](https://github.com/OpenHands/OpenHands) started fixing the ${issueType}! You can monitor the progress [here](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}).`
-            });
-
-      - name: Install OpenHands
-        id: install_openhands
-        uses: actions/github-script@v7
-        env:
-          COMMENT_BODY: ${{ github.event.comment.body || '' }}
-          REVIEW_BODY: ${{ github.event.review.body || '' }}
-          LABEL_NAME: ${{ github.event.label.name || '' }}
-          EVENT_NAME: ${{ github.event_name }}
-        with:
-          script: |
-            const commentBody = process.env.COMMENT_BODY.trim();
-            const reviewBody = process.env.REVIEW_BODY.trim();
-            const labelName = process.env.LABEL_NAME.trim();
-            const eventName = process.env.EVENT_NAME.trim();
-            // Check conditions
-            const isExperimentalLabel = labelName === "fix-me-experimental";
-            const isIssueCommentExperimental =
-              (eventName === "issue_comment" || eventName === "pull_request_review_comment") &&
-              commentBody.includes("@openhands-agent-exp");
-            const isReviewCommentExperimental =
-              eventName === "pull_request_review" && reviewBody.includes("@openhands-agent-exp");
-
-            // Set output variable
-            core.setOutput('isExperimental', isExperimentalLabel || isIssueCommentExperimental || isReviewCommentExperimental);
-
-            // Perform package installation
-            if (isExperimentalLabel || isIssueCommentExperimental || isReviewCommentExperimental) {
-              console.log("Installing experimental OpenHands...");
-
-              await exec.exec("pip install git+https://github.com/openhands/openhands.git");
-            } else {
-              console.log("Installing from requirements.txt...");
-
-              await exec.exec("pip install -r /tmp/requirements.txt");
-            }
-
-      - name: Attempt to resolve issue
-        env:
-          GITHUB_TOKEN: ${{ secrets.PAT_TOKEN || github.token }}
-          GITHUB_USERNAME: ${{ secrets.PAT_USERNAME || 'openhands-agent' }}
-          GIT_USERNAME: ${{ secrets.PAT_USERNAME || 'openhands-agent' }}
-          LLM_MODEL: ${{ secrets.LLM_MODEL || inputs.LLM_MODEL }}
-          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
-          LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
-          LLM_API_VERSION: ${{ inputs.LLM_API_VERSION }}
-          PYTHONPATH: ""
-        run: |
-          cd /tmp && python -m openhands.resolver.resolve_issue \
-            --selected-repo ${{ github.repository }} \
-            --issue-number ${{ env.ISSUE_NUMBER }} \
-            --issue-type ${{ env.ISSUE_TYPE }} \
-            --max-iterations ${{ env.MAX_ITERATIONS }} \
-            --comment-id ${{ env.COMMENT_ID }} \
-            --is-experimental ${{ steps.install_openhands.outputs.isExperimental }}
-
-      - name: Check resolution result
-        id: check_result
-        run: |
-          if cd /tmp && grep -q '"success":true' output/output.jsonl; then
-            echo "RESOLUTION_SUCCESS=true" >> $GITHUB_OUTPUT
-          else
-            echo "RESOLUTION_SUCCESS=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Upload output.jsonl as artifact
-        uses: actions/upload-artifact@v6
-        if: always() # Upload even if the previous steps fail
-        with:
-          name: resolver-output
-          path: /tmp/output/output.jsonl
-          retention-days: 30 # Keep the artifact for 30 days
-
-      - name: Create draft PR or push branch
-        if: always() # Create PR or branch even if the previous steps fail
-        env:
-          GITHUB_TOKEN: ${{ secrets.PAT_TOKEN || github.token }}
-          GITHUB_USERNAME: ${{ secrets.PAT_USERNAME || 'openhands-agent' }}
-          GIT_USERNAME: ${{ secrets.PAT_USERNAME || 'openhands-agent' }}
-          LLM_MODEL: ${{ secrets.LLM_MODEL || inputs.LLM_MODEL }}
-          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
-          LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}
-          LLM_API_VERSION: ${{ inputs.LLM_API_VERSION }}
-          PYTHONPATH: ""
-        run: |
-          if [ "${{ steps.check_result.outputs.RESOLUTION_SUCCESS }}" == "true" ]; then
-            cd /tmp && python -m openhands.resolver.send_pull_request \
-              --issue-number ${{ env.ISSUE_NUMBER }} \
-              --target-branch ${{ env.TARGET_BRANCH }} \
-              --pr-type ${{ inputs.pr_type || 'draft' }} \
-              --reviewer ${{ github.actor }} | tee pr_result.txt && \
-              grep "PR created" pr_result.txt | sed 's/.*\///g' > pr_number.txt
-          else
-            cd /tmp && python -m openhands.resolver.send_pull_request \
-              --issue-number ${{ env.ISSUE_NUMBER }} \
-              --pr-type branch \
-              --send-on-failure | tee branch_result.txt && \
-              grep "branch created" branch_result.txt | sed 's/.*\///g; s/.expand=1//g' > branch_name.txt
-          fi
-
-      # Step leaves comment for when agent is invoked on PR
-      - name: Analyze Push Logs (Updated PR or No Changes) # Skip comment if PR update was successful OR leave comment if the agent made no code changes
-        uses: actions/github-script@v7
-        if: always()
-        env:
-          AGENT_RESPONDED: ${{ env.AGENT_RESPONDED || 'false' }}
-          ISSUE_NUMBER: ${{ env.ISSUE_NUMBER }}
-        with:
-          github-token: ${{ secrets.PAT_TOKEN || github.token }}
-          script: |
-            const fs = require('fs');
-            const issueNumber = process.env.ISSUE_NUMBER;
-            let logContent = '';
-
-            try {
-              logContent = fs.readFileSync('/tmp/pr_result.txt', 'utf8').trim();
-            } catch (error) {
-              console.error('Error reading pr_result.txt file:', error);
-            }
-
-            const noChangesMessage = `No changes to commit for issue #${issueNumber}. Skipping commit.`;
-
-            // Check logs from send_pull_request.py (pushes code to GitHub)
-            if (logContent.includes("Updated pull request")) {
-              console.log("Updated pull request found. Skipping comment.");
-              process.env.AGENT_RESPONDED = 'true';
-            } else if (logContent.includes(noChangesMessage)) {
-              github.rest.issues.createComment({
-                issue_number: issueNumber,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                body: `The workflow to fix this issue encountered an error. Openhands failed to create any code changes.`
-              });
-              process.env.AGENT_RESPONDED = 'true';
-            }
-
-      # Step leaves comment for when agent is invoked on issue
-      - name: Comment on issue # Comment link to either PR or branch created by agent
-        uses: actions/github-script@v7
-        if: always() # Comment on issue even if the previous steps fail
-        env:
-          AGENT_RESPONDED: ${{ env.AGENT_RESPONDED || 'false' }}
-          ISSUE_NUMBER: ${{ env.ISSUE_NUMBER }}
-          RESOLUTION_SUCCESS: ${{ steps.check_result.outputs.RESOLUTION_SUCCESS }}
-        with:
-          github-token: ${{ secrets.PAT_TOKEN || github.token }}
-          script: |
-            const fs = require('fs');
-            const path = require('path');
-            const issueNumber = process.env.ISSUE_NUMBER;
-            const success = process.env.RESOLUTION_SUCCESS === 'true';
-
-            let prNumber = '';
-            let branchName = '';
-            let resultExplanation = '';
-
-            try {
-              if (success) {
-                prNumber = fs.readFileSync('/tmp/pr_number.txt', 'utf8').trim();
-              } else {
-                branchName = fs.readFileSync('/tmp/branch_name.txt', 'utf8').trim();
-              }
-            } catch (error) {
-              console.error('Error reading file:', error);
-            }
-
-
-            try {
-              if (!success){
-                // Read result_explanation from JSON file for failed resolution
-                const outputFilePath = path.resolve('/tmp/output/output.jsonl');
-                if (fs.existsSync(outputFilePath)) {
-                  const outputContent = fs.readFileSync(outputFilePath, 'utf8');
-                  const jsonLines = outputContent.split('\n').filter(line => line.trim() !== '');
-
-                  if (jsonLines.length > 0) {
-                    // First entry in JSON lines has the key 'result_explanation'
-                    const firstEntry = JSON.parse(jsonLines[0]);
-                    resultExplanation = firstEntry.result_explanation || '';
-                  }
-                }
-              }
-            } catch (error){
-              console.error('Error reading file:', error);
-            }
-
-            // Check "success" log from resolver output
-            if (success && prNumber) {
-              github.rest.issues.createComment({
-                issue_number: issueNumber,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                body: `A potential fix has been generated and a draft PR #${prNumber} has been created. Please review the changes.`
-              });
-              process.env.AGENT_RESPONDED = 'true';
-            } else if (!success && branchName) {
-              let commentBody = `An attempt was made to automatically fix this issue, but it was unsuccessful. A branch named '${branchName}' has been created with the attempted changes. You can view the branch [here](https://github.com/${context.repo.owner}/${context.repo.repo}/tree/${branchName}). Manual intervention may be required.`;
-
-              if (resultExplanation) {
-                commentBody += `\n\nAdditional details about the failure:\n${resultExplanation}`;
-              }
-
-              github.rest.issues.createComment({
-                issue_number: issueNumber,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                body: commentBody
-              });
-              process.env.AGENT_RESPONDED = 'true';
-            }
-
-      # Leave error comment when both PR/Issue comment handling fail
-      - name: Fallback Error Comment
-        uses: actions/github-script@v7
-        if: ${{ env.AGENT_RESPONDED == 'false' }} # Only run if no conditions were met in previous steps
-        env:
-          ISSUE_NUMBER: ${{ env.ISSUE_NUMBER }}
-        with:
-          github-token: ${{ secrets.PAT_TOKEN || github.token }}
-          script: |
-            const issueNumber = process.env.ISSUE_NUMBER;
-
-            github.rest.issues.createComment({
-              issue_number: issueNumber,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `The workflow to fix this issue encountered an error. Please check the [workflow logs](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}) for more information.`
-            });
--- a/.github/workflows/pr-artifacts.yml
+++ b/.github/workflows/pr-artifacts.yml
@@ -31,11 +31,11 @@ jobs:
                    echo "is_fork=false" >> $GITHUB_OUTPUT
                  fi

-            - uses: actions/checkout@v5
+            - uses: actions/checkout@v6
              if: steps.check-fork.outputs.is_fork == 'false'
              with:
                  ref: ${{ github.event.pull_request.head.ref }}
-                  token: ${{ secrets.ALLHANDS_BOT_GITHUB_PAT }}
+                  token: ${{ secrets.OPENHANDS_BOT_GITHUB_PAT_PUBLIC }}

            - name: Remove .pr/ directory
              id: remove
@@ -59,7 +59,7 @@ jobs:

            - name: Update PR comment after cleanup
              if: steps.check-fork.outputs.is_fork == 'false' && steps.remove.outputs.removed == 'true'
-              uses: actions/github-script@v7
+              uses: actions/github-script@v9
              with:
                  script: |
                      const marker = '<!-- pr-artifacts-notice -->';
@@ -93,7 +93,7 @@ jobs:
            contents: read
            pull-requests: write
        steps:
-            - uses: actions/checkout@v5
+            - uses: actions/checkout@v6

            - name: Check for .pr/ directory
              id: check
@@ -107,7 +107,7 @@ jobs:

            - name: Post or update PR comment
              if: steps.check.outputs.exists == 'true'
-              uses: actions/github-script@v7
+              uses: actions/github-script@v9
              with:
                  script: |
                      const marker = '<!-- pr-artifacts-notice -->';
--- a/.github/workflows/pr-review-by-openhands.yml
+++ b/.github/workflows/pr-review-by-openhands.yml
@@ -2,12 +2,14 @@
 name: PR Review by OpenHands

 on:
-    # TEMPORARY MITIGATION (Clinejection hardening)
-    #
-    # We temporarily avoid `pull_request_target` here. We'll restore it after the PR review
-    # workflow is fully hardened for untrusted execution.
+    # Use pull_request for same-repo PRs so workflow changes can self-verify in PRs.
    pull_request:
        types: [opened, ready_for_review, labeled, review_requested]
+    # Use pull_request_target for fork PRs.
+    # The bot token used here is intentionally scoped to PR review operations,
+    # so the remaining blast radius is bounded even though PR content is untrusted.
+    pull_request_target:
+        types: [opened, ready_for_review, labeled, review_requested]

 permissions:
    contents: read
@@ -16,13 +18,33 @@ permissions:

 jobs:
    pr-review:
-        # Note: fork PRs will not have access to repository secrets under `pull_request`.
-        # Skip forks to avoid noisy failures until we restore a hardened `pull_request_target` flow.
+        # Run on same-repo PRs via pull_request and on fork PRs via pull_request_target.
+        # Trigger when one of the following conditions is met:
+        #   1. A new non-draft PR is opened by a non-first-time contributor, OR
+        #   2. A draft PR is converted to ready for review by a non-first-time contributor, OR
+        #   3. The 'review-this' label is added, OR
+        #   4. openhands-agent or all-hands-bot is requested as a reviewer
+        # Note: FIRST_TIME_CONTRIBUTOR and NONE PRs require manual trigger via label/reviewer request.
+        # Trigger logic:
+        #   1. Route same-repo PRs through `pull_request` and fork PRs through `pull_request_target`
+        #   2. Auto-trigger on `opened` / `ready_for_review` for non-first-time contributors
+        #   3. Always allow manual triggers via `review-this` or reviewer request
+        # The author association check is duplicated intentionally for both
+        # auto-triggered actions (`opened` and `ready_for_review`).
        if: |
-            github.event.pull_request.head.repo.full_name == github.repository &&
            (
-                (github.event.action == 'opened' && github.event.pull_request.draft == false) ||
-                github.event.action == 'ready_for_review' ||
+                (
+                    github.event_name == 'pull_request' &&
+                    github.event.pull_request.head.repo.full_name == github.repository
+                ) ||
+                (
+                    github.event_name == 'pull_request_target' &&
+                    github.event.pull_request.head.repo.full_name != github.repository
+                )
+            ) &&
+            (
+                (github.event.action == 'opened' && github.event.pull_request.draft == false && github.event.pull_request.author_association != 'FIRST_TIME_CONTRIBUTOR' && github.event.pull_request.author_association != 'NONE') ||
+                (github.event.action == 'ready_for_review' && github.event.pull_request.author_association != 'FIRST_TIME_CONTRIBUTOR' && github.event.pull_request.author_association != 'NONE') ||
                (github.event.action == 'labeled' && github.event.label.name == 'review-this') ||
                (
                    github.event.action == 'review_requested' &&
@@ -44,5 +66,5 @@ jobs:
                  llm-base-url: https://llm-proxy.app.all-hands.dev
                  review-style: roasted
                  llm-api-key: ${{ secrets.LLM_API_KEY }}
-                  github-token: ${{ secrets.ALLHANDS_BOT_GITHUB_PAT }}
+                  github-token: ${{ secrets.OPENHANDS_BOT_GITHUB_PAT_PUBLIC }}
                  lmnr-api-key: ${{ secrets.LMNR_SKILLS_API_KEY }}
--- a/.github/workflows/pr-review-evaluation.yml
+++ b/.github/workflows/pr-review-evaluation.yml
@@ -51,7 +51,7 @@ jobs:
            # Always checkout main branch for security - cannot test script changes in PRs
            - name: Checkout extensions repository
              if: steps.check-trace.outputs.trace_exists == 'true'
-              uses: actions/checkout@v5
+              uses: actions/checkout@v6
              with:
                  repository: OpenHands/extensions
                  path: extensions
@@ -77,7 +77,7 @@ jobs:
                      --trace-file trace-info/laminar_trace_info.json

            - name: Upload evaluation logs
-              uses: actions/upload-artifact@v5
+              uses: actions/upload-artifact@v7
              if: always() && steps.check-trace.outputs.trace_exists == 'true'
              with:
                  name: pr-review-evaluation-${{ github.event.pull_request.number }}
--- a/.github/workflows/py-tests.yml
+++ b/.github/workflows/py-tests.yml
@@ -60,12 +60,8 @@ jobs:
        run: PYTHONPATH=".:$PYTHONPATH" poetry run pytest --forked -n auto -s ./tests/unit --cov=openhands --cov-branch
        env:
          COVERAGE_FILE: ".coverage.${{ matrix.python_version }}"
-      - name: Run Runtime Tests with CLIRuntime
-        run: PYTHONPATH=".:$PYTHONPATH" TEST_RUNTIME=cli poetry run pytest -n 5 --reruns 2 --reruns-delay 3 -s tests/runtime/test_bash.py --cov=openhands --cov-branch
-        env:
-          COVERAGE_FILE: ".coverage.runtime.${{ matrix.python_version }}"
      - name: Store coverage file
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: coverage-openhands
          path: |
@@ -97,7 +93,7 @@ jobs:
        env:
          COVERAGE_FILE: ".coverage.enterprise.${{ matrix.python_version }}"
      - name: Store coverage file
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: coverage-enterprise
          path: ".coverage.enterprise.${{ matrix.python_version }}"
@@ -115,7 +111,7 @@ jobs:
    steps:
      - uses: actions/checkout@v6

-      - uses: actions/download-artifact@v7
+      - uses: actions/download-artifact@v8
        id: download
        with:
          pattern: coverage-*
--- a/.github/workflows/tag-image.yml
+++ b/.github/workflows/tag-image.yml
@@ -0,0 +1,59 @@
+# Adds a git-tag name to existing Docker images.
+# Triggered when a tag is pushed: finds the images built at the tag's commit
+# (tagged `sha-<full>`) and adds the tag name as an alias for the same manifest.
+# Semver tags (X.Y.Z) also get X.Y, X, and latest aliases.
+# No rebuild — pure registry-side retag via `docker buildx imagetools create`.
+name: Tag Docker images
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  retag:
+    runs-on: ubuntu-22.04
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        image:
+          - ghcr.io/openhands/openhands
+          - ghcr.io/openhands/enterprise-server
+    steps:
+      - name: Login to GHCR
+        uses: docker/login-action@v4
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Compute tags
+        id: meta
+        uses: docker/metadata-action@v6
+        with:
+          images: ${{ matrix.image }}
+          flavor: latest=auto
+          tags: |
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+      - name: Add tags to existing image
+        env:
+          SRC: ${{ matrix.image }}:sha-${{ github.sha }}
+          TAGS: ${{ steps.meta.outputs.tags }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          if ! docker buildx imagetools inspect "$SRC" > /dev/null 2>&1; then
+            echo "::error::Source image $SRC does not exist. The Docker workflow for commit ${{ github.sha }} may not have completed successfully. Re-run this workflow once the build finishes."
+            exit 1
+          fi
+          args=()
+          while IFS= read -r tag; do
+            [[ -z "$tag" ]] && continue
+            args+=(-t "$tag")
+          done <<< "$TAGS"
+          docker buildx imagetools create "${args[@]}" "$SRC"
--- a/.github/workflows/welcome-good-first-issue.yml
+++ b/.github/workflows/welcome-good-first-issue.yml
@@ -14,7 +14,7 @@ jobs:
    steps:
      - name: Check if welcome comment already exists
        id: check_comment
-        uses: actions/github-script@v7
+        uses: actions/github-script@v9
        with:
          result-encoding: string
          script: |
@@ -33,7 +33,7 @@ jobs:

      - name: Leave welcome comment
        if: steps.check_comment.outputs.result == 'false'
-        uses: actions/github-script@v7
+        uses: actions/github-script@v9
        with:
          script: |
            const repoUrl = `https://github.com/${context.repo.owner}/${context.repo.repo}`;
--- a/.gitignore
+++ b/.gitignore
@@ -254,10 +254,6 @@ run_instance_logs

 runtime_*.tar

-# docker build
-containers/runtime/Dockerfile
-containers/runtime/project.tar.gz
-containers/runtime/code
 **/node_modules/

 # test results
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -13,13 +13,21 @@ export RUNTIME=local
 make build && make run FRONTEND_PORT=12000 FRONTEND_HOST=0.0.0.0 BACKEND_HOST=0.0.0.0 &> /tmp/openhands-log.txt &
 ```

+Local run troubleshooting notes:
+- If the backend fails with `nc: command not found`, install `netcat-openbsd`.
+- If local runtime startup fails with `duplicate session: test-session`, clear the stale tmux session on the default socket: `tmux -S /tmp/tmux-$(id -u)/default kill-session -t test-session`.
+- Local runtime browser startup expects Playwright browsers under `~/.cache/playwright`; if needed run `PLAYWRIGHT_BROWSERS_PATH=$HOME/.cache/playwright poetry run playwright install chromium`.
+- In this sandbox environment, an inherited `SESSION_API_KEY` can make `/api/v1/settings` return 401 in the browser. Unset it before `make run` when you want to use the local web UI directly.
+- In this sandbox, `frontend`'s `npm run dev:mock` / `dev:mock:saas` can start but still be awkward to browse through the work-host proxy. For PR QA screenshots, a reliable fallback is to `npm run build` with the desired `VITE_MOCK_*` env, then serve `build/` with a tiny custom HTTP server that returns the minimal mock JSON endpoints needed by the settings page.
+
+
 IMPORTANT: Before making any changes to the codebase, ALWAYS run `make install-pre-commit-hooks` to ensure pre-commit hooks are properly installed.

 Before pushing any changes, you MUST ensure that any lint errors or simple test errors have been fixed.

 * If you've made changes to the backend, you should run `pre-commit run --config ./dev_config/python/.pre-commit-config.yaml` (this will run on staged files).
 * If you've made changes to the frontend, you should run `cd frontend && npm run lint:fix && npm run build ; cd ..`
-* If you've made changes to the VSCode extension, you should run `cd openhands/integrations/vscode && npm run lint:fix && npm run compile ; cd ../../..`
+* If you've made changes to the VSCode extension, you should run `cd openhands/app_server/integrations/vscode && npm run lint:fix && npm run compile ; cd ../../..`

 The pre-commit hooks MUST pass successfully before pushing any changes to the repository. This is a mandatory requirement to maintain code quality and consistency.

@@ -138,9 +146,11 @@ Frontend:
  - Query hooks should follow the pattern use[Resource] (e.g., `useConversationSkills`)
  - Mutation hooks should follow the pattern use[Action] (e.g., `useDeleteConversation`)
  - Architecture rule: UI components → TanStack Query hooks → Data Access Layer (`frontend/src/api`) → API endpoints
+  - For SaaS organization management screens, prefer deriving the selected organization from `useOrganizations()` plus the selected org ID store instead of adding a dedicated single-org fetch when only list-level fields (for example `name`) are needed.
+

 VSCode Extension:
- Located in the `openhands/integrations/vscode` directory
+- Located in the `openhands/app_server/integrations/vscode` directory
 - Setup: Run `npm install` in the extension directory
 - Linting:
  - Run linting with fixes: `npm run lint:fix`
@@ -226,6 +236,7 @@ Each integration follows a consistent pattern with service classes, storage mode
 - Database changes require careful migration planning in `enterprise/migrations/`
 - Always test changes in both OpenHands and enterprise contexts
 - Use the enterprise-specific Makefile commands for development
+- When the `openhands-ai` package (root project) version has been updated, run `poetry lock` in the `enterprise/` folder to update the version in the enterprise poetry lockfile.

 **Enterprise Testing Best Practices:**

@@ -273,6 +284,32 @@ If you are starting a pull request (PR), please follow the template in `.github/

 These details may or may not be useful for your current task.

+### Conversation State Management
+
+#### Agent State and Sandbox Status:
+The frontend uses `useAgentState` hook (`frontend/src/hooks/use-agent-state.ts`) to determine the current conversation state. This hook:
+- Returns `curAgentState` (AgentState enum) for UI state determination
+- Returns `isArchived` flag when `sandbox_status === "MISSING"` (archived conversations)
+- Prioritizes live WebSocket execution status over cached API data
+
+#### Archived Conversations (sandbox_status === "MISSING"):
+When a conversation's sandbox is no longer available (archived):
+- `useAgentState` returns `AgentState.STOPPED` and `isArchived: true`
+- Chat input is replaced with an archived banner (`ArchivedBanner` component)
+- VS Code tab, Terminal, and Planner show read-only messages instead of loading states
+- All interactive elements that require a running sandbox are disabled
+
+#### Testing useAgentState:
+When mocking `useAgentState` in tests, always include the `isArchived` property:
+```typescript
+vi.mock("#/hooks/use-agent-state", () => ({
+  useAgentState: () => ({
+    curAgentState: AgentState.AWAITING_USER_INPUT,
+    isArchived: false,
+  }),
+}));
+```
+
 ### Microagents

 Microagents are specialized prompts that enhance OpenHands with domain-specific knowledge and task-specific workflows. They are Markdown files that can include frontmatter for configuration.
@@ -352,6 +389,7 @@ There are two main patterns for saving settings in the OpenHands frontend:
 **When to use each pattern:**
 - Use Pattern 1 (Immediate Save) for entity management where each item is independent
 - Use Pattern 2 (Manual Save) for configuration forms where settings are interdependent or need validation
+- Git provider tokens in the local/OSS integrations settings are managed through the V1 secrets endpoints (`POST`/`DELETE /api/v1/secrets/git-providers`). Do not reuse the logout flow for disconnecting tokens; `useLogout` is for actual app logout and still targets legacy OSS logout behavior.

 ### Adding New LLM Models

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -36,8 +36,6 @@ Full details in our [Development Guide](./Development.md).

 - **[Frontend](./frontend/README.md)** - React application
 - **[App Server (V1)](./openhands/app_server/README.md)** - Current FastAPI application server and REST API modules
- **[Agents](./openhands/agenthub/README.md)** - AI agent implementations
- **[Runtime](./openhands/runtime/README.md)** - Execution environments
 - **[Evaluation](https://github.com/OpenHands/benchmarks)** - Testing and benchmarks

 ## What Can You Build?
--- a/CREDITS.md
+++ b/CREDITS.md
@@ -16,7 +16,7 @@ open source community:

 #### [Aider](https://github.com/paul-gauthier/aider)
   - License: Apache License 2.0
-   - Description: AI pair programming tool. OpenHands has adapted and integrated its linter module for code-related tasks in [`agentskills utilities`](https://github.com/OpenHands/OpenHands/tree/main/openhands/runtime/plugins/agent_skills/utils/aider)
+   - Description: AI pair programming tool. OpenHands has adapted and integrated its linter module for code-related tasks.

 #### [BrowserGym](https://github.com/ServiceNow/BrowserGym)
   - License: Apache License 2.0
--- a/Development.md
+++ b/Development.md
@@ -309,16 +309,6 @@ poetry run pytest ./tests/unit/test_*.py

 ---

-## Using Existing Docker Images
-
-To reduce build time, you can use an existing runtime image:
-
-```bash
-export SANDBOX_RUNTIME_CONTAINER_IMAGE=ghcr.io/openhands/runtime:1.2-nikolaik
-```
-
---
-
 ## Help

 ```bash
@@ -339,4 +329,3 @@ make help
 - [/tests/unit/README.md](./tests/unit/README.md): Guide to writing and running unit tests
 - [OpenHands/benchmarks](https://github.com/OpenHands/benchmarks): Documentation for the evaluation framework and benchmarks
 - [/skills/README.md](./skills/README.md): Information about the skills architecture and implementation
- [/openhands/runtime/README.md](./openhands/runtime/README.md): Documentation for the runtime environment and execution model
--- a/29
+++ b/29
@@ -11,7 +11,15 @@ DEFAULT_WORKSPACE_DIR = "./workspace"
 DEFAULT_MODEL = "gpt-4o"
 CONFIG_FILE = config.toml
 PRE_COMMIT_CONFIG_PATH = "./dev_config/python/.pre-commit-config.yaml"
-PYTHON_VERSION = 3.12
+PYTHON_MIN_VERSION = 3.12
+PYTHON_MAX_VERSION = 3.14
+PYTHON_CANDIDATES ?= python3.13 python3.12 python3
+PYTHON ?= $(shell for cmd in $(PYTHON_CANDIDATES); do \
+	if command -v $$cmd > /dev/null 2>&1 && $$cmd -c 'import sys; raise SystemExit(0 if ((3, 12) <= sys.version_info[:2] < (3, 14)) else 1)' > /dev/null 2>&1; then \
+		echo $$cmd; \
+		exit 0; \
+	fi; \
+ done)
 KIND_CLUSTER_NAME = "local-hands"

 # ANSI color codes
@@ -63,10 +71,10 @@ check-system:

 check-python:
 	@echo "$(YELLOW)Checking Python installation...$(RESET)"
-	@if command -v python$(PYTHON_VERSION) > /dev/null; then \
-		echo "$(BLUE)$(shell python$(PYTHON_VERSION) --version) is already installed.$(RESET)"; \
+	@if [ -n "$(PYTHON)" ]; then \
+		echo "$(BLUE)$$($(PYTHON) --version) is already installed (using $(PYTHON)).$(RESET)"; \
 	else \
-		echo "$(RED)Python $(PYTHON_VERSION) is not installed. Please install Python $(PYTHON_VERSION) to continue.$(RESET)"; \
+		echo "$(RED)A compatible Python interpreter (>= $(PYTHON_MIN_VERSION), < $(PYTHON_MAX_VERSION)) is required. Please install Python 3.12 or 3.13 to continue.$(RESET)"; \
 		exit 1; \
 	fi

@@ -118,31 +126,34 @@ check-tmux:

 check-poetry:
 	@echo "$(YELLOW)Checking Poetry installation...$(RESET)"
-	@if command -v poetry > /dev/null; then \
+	@if [ -z "$(PYTHON)" ]; then \
+		echo "$(RED)A compatible Python interpreter (>= $(PYTHON_MIN_VERSION), < $(PYTHON_MAX_VERSION)) is required. Please install Python 3.12 or 3.13 to continue.$(RESET)"; \
+		exit 1; \
+	elif command -v poetry > /dev/null; then \
 		POETRY_VERSION=$(shell poetry --version 2>&1 | sed -E 's/Poetry \(version ([0-9]+\.[0-9]+\.[0-9]+)\)/\1/'); \
 		IFS='.' read -r -a POETRY_VERSION_ARRAY <<< "$$POETRY_VERSION"; \
 		if [ $${POETRY_VERSION_ARRAY[0]} -gt 1 ] || ([ $${POETRY_VERSION_ARRAY[0]} -eq 1 ] && [ $${POETRY_VERSION_ARRAY[1]} -ge 8 ]); then \
 			echo "$(BLUE)$(shell poetry --version) is already installed.$(RESET)"; \
 		else \
 			echo "$(RED)Poetry 1.8 or later is required. You can install poetry by running the following command, then adding Poetry to your PATH:"; \
-			echo "$(RED) curl -sSL https://install.python-poetry.org | python$(PYTHON_VERSION) -$(RESET)"; \
+			echo "$(RED) curl -sSL https://install.python-poetry.org | $(PYTHON) -$(RESET)"; \
 			echo "$(RED)More detail here: https://python-poetry.org/docs/#installing-with-the-official-installer$(RESET)"; \
 			exit 1; \
 		fi; \
 	else \
 		echo "$(RED)Poetry is not installed. You can install poetry by running the following command, then adding Poetry to your PATH:"; \
-		echo "$(RED) curl -sSL https://install.python-poetry.org | python$(PYTHON_VERSION) -$(RESET)"; \
+		echo "$(RED) curl -sSL https://install.python-poetry.org | $(PYTHON) -$(RESET)"; \
 		echo "$(RED)More detail here: https://python-poetry.org/docs/#installing-with-the-official-installer$(RESET)"; \
 		exit 1; \
 	fi

-install-python-dependencies:
+install-python-dependencies: check-python
 	@echo "$(GREEN)Installing Python dependencies...$(RESET)"
 	@if [ -z "${TZ}" ]; then \
 		echo "Defaulting TZ (timezone) to UTC"; \
 		export TZ="UTC"; \
 	fi
-	poetry env use python$(PYTHON_VERSION)
+	poetry env use $(PYTHON)
 	@if [ "$(shell uname)" = "Darwin" ]; then \
 		echo "$(BLUE)Installing chroma-hnswlib...$(RESET)"; \
 		export HNSWLIB_NO_NATIVE=1; \
--- a/containers/app/Dockerfile
+++ b/containers/app/Dockerfile
@@ -1,5 +1,5 @@
 ARG OPENHANDS_BUILD_VERSION=dev
-FROM node:25.8-trixie-slim AS frontend-builder
+FROM node:25.9-trixie-slim AS frontend-builder

 WORKDIR /app

@@ -88,11 +88,8 @@ USER openhands

 COPY --chown=openhands:openhands --chmod=770 ./skills ./skills
 COPY --chown=openhands:openhands --chmod=770 ./openhands ./openhands
-COPY --chown=openhands:openhands --chmod=777 ./openhands/runtime/plugins ./openhands/runtime/plugins
 COPY --chown=openhands:openhands pyproject.toml poetry.lock README.md MANIFEST.in LICENSE ./

-# This is run as "openhands" user, and will create __pycache__ with openhands:openhands ownership
-RUN python openhands/core/download.py # No-op to download assets
 # Add this line to set group ownership of all files/directories not already in "app" group
 # openhands:openhands -> openhands:openhands
 RUN find /app \! -group openhands -exec chgrp openhands {} +
--- a/containers/app/config.sh
+++ b/containers/app/config.sh
@@ -1,4 +0,0 @@
-DOCKER_REGISTRY=ghcr.io
-DOCKER_ORG=openhands
-DOCKER_IMAGE=openhands
-DOCKER_BASE_DIR="."
--- a/containers/app/entrypoint.sh
+++ b/containers/app/entrypoint.sh
@@ -23,18 +23,6 @@ if [ -z "$WORKSPACE_MOUNT_PATH" ]; then
  unset WORKSPACE_BASE
 fi

-if [[ "$INSTALL_THIRD_PARTY_RUNTIMES" == "true" ]]; then
-  echo "Downloading and installing third_party_runtimes..."
-  echo "Warning: Third-party runtimes are provided as-is, not actively supported and may be removed in future releases."
-
-  if pip install 'openhands-ai[third_party_runtimes]' -qqq 2> >(tee /dev/stderr); then
-    echo "third_party_runtimes installed successfully."
-  else
-    echo "Failed to install third_party_runtimes." >&2
-    exit 1
-  fi
-fi
-
 if [[ "$SANDBOX_USER_ID" -eq 0 ]]; then
  echo "Running OpenHands as root"
  export RUN_AS_OPENHANDS=false
--- a/containers/build.sh
+++ b/containers/build.sh
@@ -1,187 +0,0 @@
-#!/usr/bin/env bash
-set -eo pipefail
-
-# Initialize variables with default values
-image_name=""
-org_name=""
-push=0
-load=0
-tag_suffix=""
-dry_run=0
-platform_override=""
-
-# Function to display usage information
-usage() {
-    echo "Usage: $0 -i <image_name> [-o <org_name>] [--push] [--load] [-t <tag_suffix>] [-p <platform>] [--dry]"
-    echo "  -i: Image name (required)"
-    echo "  -o: Organization name"
-    echo "  --push: Push the image"
-    echo "  --load: Load the image"
-    echo "  -t: Tag suffix"
-    echo "  -p: Platform(s) to build for (e.g. linux/amd64 or linux/amd64,linux/arm64)"
-    echo "  --dry: Don't build, only create build-args.json"
-    exit 1
-}
-
-# Parse command-line options
-while [[ $# -gt 0 ]]; do
-    case $1 in
-        -i) image_name="$2"; shift 2 ;;
-        -o) org_name="$2"; shift 2 ;;
-        --push) push=1; shift ;;
-        --load) load=1; shift ;;
-        -t) tag_suffix="$2"; shift 2 ;;
-        -p) platform_override="$2"; shift 2 ;;
-        --dry) dry_run=1; shift ;;
-        *) usage ;;
-    esac
-done
-# Check if required arguments are provided
-if [[ -z "$image_name" ]]; then
-    echo "Error: Image name is required."
-    usage
-fi
-
-echo "Building: $image_name"
-tags=()
-
-OPENHANDS_BUILD_VERSION="dev"
-
-cache_tag_base="buildcache"
-cache_tag="$cache_tag_base"
-
-if [[ -n $RELEVANT_SHA ]]; then
-  git_hash=$(git rev-parse --short "$RELEVANT_SHA")
-  tags+=("$git_hash")
-  tags+=("$RELEVANT_SHA")
-fi
-
-if [[ -n $GITHUB_REF_NAME ]]; then
-  # check if ref name is a version number
-  if [[ $GITHUB_REF_NAME =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-    major_version=$(echo "$GITHUB_REF_NAME" | cut -d. -f1)
-    minor_version=$(echo "$GITHUB_REF_NAME" | cut -d. -f1,2)
-    tags+=("$major_version" "$minor_version")
-    tags+=("latest")
-  fi
-  sanitized_ref_name=$(echo "$GITHUB_REF_NAME" | sed 's/[^a-zA-Z0-9.-]\+/-/g')
-  OPENHANDS_BUILD_VERSION=$sanitized_ref_name
-  sanitized_ref_name=$(echo "$sanitized_ref_name" | tr '[:upper:]' '[:lower:]') # lower case is required in tagging
-  tags+=("$sanitized_ref_name")
-  cache_tag+="-${sanitized_ref_name}"
-fi
-
-if [[ -n $tag_suffix ]]; then
-  cache_tag+="-${tag_suffix}"
-  for i in "${!tags[@]}"; do
-    tags[$i]="${tags[$i]}-$tag_suffix"
-  done
-fi
-
-echo "Tags: ${tags[@]}"
-
-if [[ "$image_name" == "openhands" ]]; then
-  dir="./containers/app"
-elif [[ "$image_name" == "runtime" ]]; then
-  dir="./containers/runtime"
-else
-  dir="./containers/$image_name"
-fi
-
-if [[ (! -f "$dir/Dockerfile") && "$image_name" != "runtime" ]]; then
-  # Allow runtime to be built without a Dockerfile
-  echo "No Dockerfile found"
-  exit 1
-fi
-if [[ ! -f "$dir/config.sh" ]]; then
-  echo "No config.sh found for Dockerfile"
-  exit 1
-fi
-
-source "$dir/config.sh"
-
-if [[ -n "$org_name" ]]; then
-  DOCKER_ORG="$org_name"
-fi
-
-# If $DOCKER_IMAGE_SOURCE_TAG is set, add it to the tags
-if [[ -n "$DOCKER_IMAGE_SOURCE_TAG" ]]; then
-  tags+=("$DOCKER_IMAGE_SOURCE_TAG")
-fi
-# If $DOCKER_IMAGE_TAG is set, add it to the tags
-if [[ -n "$DOCKER_IMAGE_TAG" ]]; then
-  tags+=("$DOCKER_IMAGE_TAG")
-fi
-
-DOCKER_REPOSITORY="$DOCKER_REGISTRY/$DOCKER_ORG/$DOCKER_IMAGE"
-DOCKER_REPOSITORY=${DOCKER_REPOSITORY,,} # lowercase
-echo "Repo: $DOCKER_REPOSITORY"
-echo "Base dir: $DOCKER_BASE_DIR"
-
-args=""
-full_tags=()
-for tag in "${tags[@]}"; do
-  args+=" -t $DOCKER_REPOSITORY:$tag"
-  full_tags+=("$DOCKER_REPOSITORY:$tag")
-done
-
-
-if [[ $push -eq 1 ]]; then
-  args+=" --push"
-  args+=" --cache-to=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag,mode=max"
-fi
-
-if [[ $load -eq 1 ]]; then
-  args+=" --load"
-fi
-
-echo "Args: $args"
-
-# Determine the platform(s) to build for
-if [[ -n "$platform_override" ]]; then
-  platform="$platform_override"
-elif [[ $load -eq 1 ]]; then
-  # When loading, build only for the current platform
-  platform=$(docker version -f '{{.Server.Os}}/{{.Server.Arch}}')
-else
-  # For push or without load, build for multiple platforms
-  platform="linux/amd64,linux/arm64"
-fi
-if [[ $dry_run -eq 1 ]]; then
-  echo "Dry Run is enabled. Writing build config to docker-build-dry.json"
-  jq -n \
-    --argjson tags "$(printf '%s\n' "${full_tags[@]}" | jq -R . | jq -s .)" \
-    --arg platform "$platform" \
-    --arg openhands_build_version "$OPENHANDS_BUILD_VERSION" \
-    --arg dockerfile "$dir/Dockerfile" \
-    '{
-      tags: $tags,
-      platform: $platform,
-      build_args: [
-        "OPENHANDS_BUILD_VERSION=" + $openhands_build_version
-      ],
-      dockerfile: $dockerfile
-    }' > docker-build-dry.json
-
-    exit 0
-fi
-
-
-
-echo "Building for platform(s): $platform"
-
-docker buildx build \
-  $args \
-  --build-arg OPENHANDS_BUILD_VERSION="$OPENHANDS_BUILD_VERSION" \
-  --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag \
-  --cache-from=type=registry,ref=$DOCKER_REPOSITORY:$cache_tag_base-main \
-  --platform $platform \
-  --provenance=false \
-  -f "$dir/Dockerfile" \
-  "$DOCKER_BASE_DIR"
-
-# If load was requested, print the loaded images
-if [[ $load -eq 1 ]]; then
-  echo "Local images built:"
-  docker images "$DOCKER_REPOSITORY" --format "{{.Repository}}:{{.Tag}}"
-fi
--- a/containers/runtime/README.md
+++ b/containers/runtime/README.md
@@ -1,12 +0,0 @@
-# Dynamically constructed Dockerfile
-
-This folder builds a runtime image (sandbox), which will use a dynamically generated `Dockerfile`
-that depends on the `base_image` **AND** a [Python source distribution](https://docs.python.org/3.10/distutils/sourcedist.html) that is based on the current commit of `openhands`.
-
-The following command will generate a `Dockerfile` file for `nikolaik/python-nodejs:python3.12-nodejs22` (the default base image), an updated `config.sh` and the runtime source distribution files/folders into `containers/runtime`:
-
-```bash
-poetry run python3 -m openhands.runtime.utils.runtime_build \
-    --base_image nikolaik/python-nodejs:python3.12-nodejs22 \
-    --build_folder containers/runtime
-```
--- a/containers/runtime/config.sh
+++ b/containers/runtime/config.sh
@@ -1,7 +0,0 @@
-DOCKER_REGISTRY=ghcr.io
-DOCKER_ORG=openhands
-DOCKER_BASE_DIR="./containers/runtime"
-DOCKER_IMAGE=runtime
-# These variables will be appended by the runtime_build.py script
-# DOCKER_IMAGE_TAG=
-# DOCKER_IMAGE_SOURCE_TAG=
--- a/dev_config/python/.pre-commit-config.yaml
+++ b/dev_config/python/.pre-commit-config.yaml
@@ -3,9 +3,9 @@ repos:
    rev: v5.0.0
    hooks:
      - id: trailing-whitespace
-        exclude: ^(docs/|modules/|python/|openhands-ui/|third_party/|enterprise/)
+        exclude: ^(docs/|modules/|python/|openhands-ui/|enterprise/)
      - id: end-of-file-fixer
-        exclude: ^(docs/|modules/|python/|openhands-ui/|third_party/|enterprise/)
+        exclude: ^(docs/|modules/|python/|openhands-ui/|enterprise/)
      - id: check-yaml
        args: ["--allow-multiple-documents"]
      - id: debug-statements
@@ -37,12 +37,12 @@ repos:
        entry: ruff check --config dev_config/python/ruff.toml
        types_or: [python, pyi, jupyter]
        args: [--fix, --unsafe-fixes]
-        exclude: ^(third_party/|enterprise/)
+        exclude: ^(enterprise/)
      # Run the formatter.
      - id: ruff-format
        entry: ruff format --config dev_config/python/ruff.toml
        types_or: [python, pyi, jupyter]
-        exclude: ^(third_party/|enterprise/)
+        exclude: ^(enterprise/)

  - repo: https://github.com/pre-commit/mirrors-mypy
    rev: v1.15.0
@@ -58,8 +58,9 @@ repos:
            types-Markdown,
            pydantic,
            lxml,
-            "openhands-sdk==1.14",
-            "openhands-tools==1.14",
+            "openhands-sdk==1.17.0",
+            "openhands-tools==1.17.0",
+            "sqlalchemy>=2.0",
          ]
        # To see gaps add `--html-report mypy-report/`
        entry: mypy --config-file dev_config/python/mypy.ini openhands/
--- a/dev_config/python/mypy.ini
+++ b/dev_config/python/mypy.ini
@@ -10,10 +10,7 @@ strict_optional = True
 disable_error_code = type-abstract

 # Exclude third-party runtime directory from type checking
-exclude = (third_party/|enterprise/)
-
-[mypy-openhands.memory.condenser.impl.*]
-disable_error_code = override
+exclude = (enterprise/)

 [mypy-openai.*]
 follow_imports = skip
--- a/dev_config/python/ruff.toml
+++ b/dev_config/python/ruff.toml
@@ -1,5 +1,5 @@
 # Exclude third-party runtime directory from linting
-exclude = ["third_party/", "enterprise/"]
+exclude = ["enterprise/"]

 [lint]
 select = [
--- a/enterprise/LICENSE
+++ b/enterprise/LICENSE
@@ -1,5 +1,7 @@
 # PolyForm Free Trial License 1.0.0

+Copyright (c) 2026 All Hands AI
+
 ## Acceptance

 In order to get any license under these terms, you must agree
--- a/enterprise/alembic.ini
+++ b/enterprise/alembic.ini
@@ -59,7 +59,7 @@ handlers = console
 qualname =

 [logger_sqlalchemy]
-level = DEBUG
+level = WARNING
 handlers =
 qualname = sqlalchemy.engine

--- a/enterprise/allhands-realm-github-provider.json.tmpl
+++ b/enterprise/allhands-realm-github-provider.json.tmpl
@@ -724,12 +724,14 @@
        "https://$WEB_HOST/oauth/device/keycloak-callback",
        "https://$WEB_HOST/api/email/verified",
        "/realms/$KEYCLOAK_REALM_NAME/$KEYCLOAK_CLIENT_ID/*",
-        "https://laminar.$WEB_HOST/api/auth/callback/keycloak"
+        "https://laminar.$WEB_HOST/api/auth/callback/keycloak",
+        "https://analytics.$WEB_HOST/api/auth/callback/keycloak"
      ],
      "webOrigins": [
        "https://$WEB_HOST",
        "https://$AUTH_WEB_HOST",
-        "https://laminar.$WEB_HOST"
+        "https://laminar.$WEB_HOST",
+        "https://analytics.$WEB_HOST"
      ],
      "notBefore": 0,
      "bearerOnly": false,
--- a/enterprise/dev_config/python/.pre-commit-config.yaml
+++ b/enterprise/dev_config/python/.pre-commit-config.yaml
@@ -50,6 +50,7 @@ repos:
          - ./
          - stripe==11.5.0
          - pygithub==2.6.1
+          - sqlalchemy>=2.0
        # Use -p (package) to avoid dual module name conflict when using MYPYPATH
        # MYPYPATH=enterprise allows resolving bare imports like "from integrations.xxx"
        # Note: tests package excluded to avoid conflict with core openhands tests
--- a/enterprise/enterprise_local/README.md
+++ b/enterprise/enterprise_local/README.md
@@ -61,13 +61,6 @@ export LITE_LLM_API_KEY=<your LLM API key>
 python enterprise_local/convert_to_env.py
 ```

-You'll also need to set up the runtime image, so that the dev server doesn't try to rebuild it.
-
-```
-export SANDBOX_RUNTIME_CONTAINER_IMAGE=ghcr.io/openhands/runtime:main-nikolaik
-docker pull $SANDBOX_RUNTIME_CONTAINER_IMAGE
-```
-
 By default the application will log in json, you can override.

 ```
@@ -203,7 +196,6 @@ And then invoking `printenv`. NOTE: _DO NOT DO THIS WITH PROD!!!_ (Hopefully by
                "REDIS_HOST": "localhost:6379",
                "OPENHANDS": "<YOUR LOCAL OPENHANDS DIR>",
                "FRONTEND_DIRECTORY": "<YOUR LOCAL OPENHANDS DIR>/frontend/build",
-                "SANDBOX_RUNTIME_CONTAINER_IMAGE": "ghcr.io/openhands/runtime:main-nikolaik",
                "FILE_STORE_PATH": "<YOUR HOME DIRECTORY>>/.openhands-state",
                "OPENHANDS_CONFIG_CLS": "server.config.SaaSServerConfig",
                "GITHUB_APP_ID": "1062351",
@@ -237,7 +229,6 @@ And then invoking `printenv`. NOTE: _DO NOT DO THIS WITH PROD!!!_ (Hopefully by
                "REDIS_HOST": "localhost:6379",
                "OPENHANDS": "<YOUR LOCAL OPENHANDS DIR>",
                "FRONTEND_DIRECTORY": "<YOUR LOCAL OPENHANDS DIR>/frontend/build",
-                "SANDBOX_RUNTIME_CONTAINER_IMAGE": "ghcr.io/openhands/runtime:main-nikolaik",
                "FILE_STORE_PATH": "<YOUR HOME DIRECTORY>>/.openhands-state",
                "OPENHANDS_CONFIG_CLS": "server.config.SaaSServerConfig",
                "GITHUB_APP_ID": "1062351",
--- a/enterprise/enterprise_local/convert_to_env.py
+++ b/enterprise/enterprise_local/convert_to_env.py
@@ -112,9 +112,6 @@ lines.append(
 lines.append(
    'OPENHANDS_BITBUCKET_DATA_CENTER_SERVICE_CLS=integrations.bitbucket_data_center.bitbucket_dc_service.SaaSBitbucketDCService'
 )
-lines.append(
-    'OPENHANDS_CONVERSATION_VALIDATOR_CLS=storage.saas_conversation_validator.SaasConversationValidator'
-)
 lines.append('POSTHOG_CLIENT_KEY=test')
 lines.append('ENABLE_PROACTIVE_CONVERSATION_STARTERS=true')
 lines.append('MAX_CONCURRENT_CONVERSATIONS=10')
--- a/enterprise/integrations/bitbucket/bitbucket_service.py
+++ b/enterprise/integrations/bitbucket/bitbucket_service.py
@@ -1,9 +1,11 @@
 from pydantic import SecretStr
 from server.auth.token_manager import TokenManager

+from openhands.app_server.integrations.bitbucket.bitbucket_service import (
+    BitBucketService,
+)
+from openhands.app_server.integrations.service_types import ProviderType
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.bitbucket.bitbucket_service import BitBucketService
-from openhands.integrations.service_types import ProviderType


 class SaaSBitBucketService(BitBucketService):
--- a/enterprise/integrations/bitbucket_data_center/bitbucket_dc_service.py
+++ b/enterprise/integrations/bitbucket_data_center/bitbucket_dc_service.py
@@ -1,11 +1,11 @@
 from pydantic import SecretStr
 from server.auth.token_manager import TokenManager

-from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.bitbucket_data_center.bitbucket_dc_service import (
+from openhands.app_server.integrations.bitbucket_data_center.bitbucket_dc_service import (
    BitbucketDCService,
 )
-from openhands.integrations.service_types import ProviderType
+from openhands.app_server.integrations.service_types import ProviderType
+from openhands.core.logger import openhands_logger as logger


 class SaaSBitbucketDCService(BitbucketDCService):
--- a/enterprise/integrations/github/data_collector.py
+++ b/enterprise/integrations/github/data_collector.py
@@ -19,12 +19,12 @@ from server.auth.constants import GITHUB_APP_CLIENT_ID, GITHUB_APP_PRIVATE_KEY
 from storage.openhands_pr import OpenhandsPR
 from storage.openhands_pr_store import OpenhandsPRStore

+from openhands.app_server.conversation_paths import get_conversation_dir
+from openhands.app_server.file_store import get_file_store
+from openhands.app_server.integrations.github.github_service import GithubServiceImpl
+from openhands.app_server.integrations.service_types import ProviderType
 from openhands.core.config import load_openhands_config
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.github.github_service import GithubServiceImpl
-from openhands.integrations.service_types import ProviderType
-from openhands.storage import get_file_store
-from openhands.storage.locations import get_conversation_dir

 config = load_openhands_config()
 file_store = get_file_store(config.file_store, config.file_store_path)
@@ -112,7 +112,7 @@ class GitHubDataCollector:
        suffix = path.format(repo_id, number)

        if conversation_id:
-            return f'{get_conversation_dir(conversation_id)}{suffix}'
+            return f'{get_conversation_dir(conversation_id)}/{suffix}'

        return suffix

@@ -429,6 +429,11 @@ class GitHubDataCollector:
        - Num openhands review comments
        """
        pr_number = openhands_pr.pr_number
+        if openhands_pr.installation_id is None:
+            logger.warning(
+                f'Skipping PR {openhands_pr.repo_name}#{pr_number}: missing installation_id'
+            )
+            return
        installation_id = int(openhands_pr.installation_id)
        repo_id = openhands_pr.repo_id

--- a/enterprise/integrations/github/github_manager.py
+++ b/enterprise/integrations/github/github_manager.py
@@ -2,7 +2,6 @@ from types import MappingProxyType

 from github import Auth, Github, GithubIntegration
 from integrations.github.data_collector import GitHubDataCollector
-from integrations.github.github_solvability import summarize_issue_solvability
 from integrations.github.github_view import (
    GithubFactory,
    GithubFailingAction,
@@ -20,7 +19,6 @@ from integrations.models import (
 from integrations.types import ResolverViewInterface
 from integrations.utils import (
    CONVERSATION_URL,
-    ENABLE_SOLVABILITY_ANALYSIS,
    HOST_URL,
    OPENHANDS_RESOLVER_TEMPLATES_DIR,
    get_session_expired_message,
@@ -32,17 +30,16 @@ from pydantic import SecretStr
 from server.auth.auth_error import ExpiredError
 from server.auth.constants import GITHUB_APP_CLIENT_ID, GITHUB_APP_PRIVATE_KEY
 from server.auth.token_manager import TokenManager
-from server.utils.conversation_callback_utils import register_callback_processor

+from openhands.app_server.integrations.provider import ProviderToken, ProviderType
+from openhands.app_server.integrations.service_types import AuthenticationError
+from openhands.app_server.secrets.secrets_models import Secrets
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.provider import ProviderToken, ProviderType
-from openhands.integrations.service_types import AuthenticationError
 from openhands.server.types import (
    LLMAuthenticationError,
    MissingSettingsError,
    SessionExpiredError,
 )
-from openhands.storage.data_models.secrets import Secrets


 class GithubManager(Manager[GithubViewType]):
@@ -318,17 +315,12 @@ class GithubManager(Manager[GithubViewType]):
            return

    async def start_job(self, github_view: GithubViewType) -> None:
-        """Kick off a job with openhands agent.
+        """Kick off a job with openhands agent using V1 app conversation system.

        1. Get user credential
        2. Initialize new conversation with repo
        3. Save interaction data
        """
-        # Importing here prevents circular import
-        from server.conversation_callback_processor.github_callback_processor import (
-            GithubCallbackProcessor,
-        )
-
        try:
            msg_info: str = ''

@@ -364,26 +356,7 @@ class GithubManager(Manager[GithubViewType]):
                    )
                )

-                # We first initialize a conversation and generate the solvability report BEFORE starting the conversation runtime
-                # This helps us accumulate llm spend without requiring a running runtime. This setups us up for
-                #   1. If there is a problem starting the runtime we still have accumulated total conversation cost
-                #   2. In the future, based on the report confidence we can conditionally start the conversation
-                #   3. Once the conversation is started, its base cost will include the report's spend as well which allows us to control max budget per resolver task
-                convo_metadata = await github_view.initialize_new_conversation()
-                solvability_summary = None
-                if not ENABLE_SOLVABILITY_ANALYSIS:
-                    logger.info(
-                        '[Github]: Solvability report feature is disabled, skipping'
-                    )
-                else:
-                    try:
-                        solvability_summary = await summarize_issue_solvability(
-                            github_view, user_token
-                        )
-                    except Exception as e:
-                        logger.warning(
-                            f'[Github]: Error summarizing issue solvability: {str(e)}'
-                        )
+                conversation_id = await github_view.initialize_new_conversation()

                saas_user_auth = await get_saas_user_auth(
                    github_view.user_info.keycloak_user_id, self.token_manager
@@ -392,38 +365,21 @@ class GithubManager(Manager[GithubViewType]):
                await github_view.create_new_conversation(
                    self.jinja_env,
                    secret_store.provider_tokens,
-                    convo_metadata,
+                    conversation_id,
                    saas_user_auth,
                )

-                conversation_id = github_view.conversation_id
+                conversation_id_hex = github_view.conversation_id

                logger.info(
-                    f'[GitHub] Created conversation {conversation_id} for user {user_info.username}'
+                    f'[GitHub] Created conversation {conversation_id_hex} for user {user_info.username}'
                )

-                if not github_view.v1_enabled:
-                    # Create a GithubCallbackProcessor
-                    processor = GithubCallbackProcessor(
-                        github_view=github_view,
-                        send_summary_instruction=True,
-                    )
-
-                    # Register the callback processor
-                    register_callback_processor(conversation_id, processor)
-
-                    logger.info(
-                        f'[Github] Registered callback processor for conversation {conversation_id}'
-                    )
+                # V1 callback processors are registered by the view during conversation creation

                # Send message with conversation link
-                conversation_link = CONVERSATION_URL.format(conversation_id)
-                base_msg = f"I'm on it! {user_info.username} can [track my progress at all-hands.dev]({conversation_link})"
-                # Combine messages: include solvability report with "I'm on it!" if successful
-                if solvability_summary:
-                    msg_info = f'{base_msg}\n\n{solvability_summary}'
-                else:
-                    msg_info = base_msg
+                conversation_link = CONVERSATION_URL.format(conversation_id_hex)
+                msg_info = f"I'm on it! {user_info.username} can [track my progress at all-hands.dev]({conversation_link})"

            except MissingSettingsError as e:
                logger.warning(
--- a/enterprise/integrations/github/github_service.py
+++ b/enterprise/integrations/github/github_service.py
@@ -4,9 +4,9 @@ from integrations.store_repo_utils import store_repositories_in_db
 from pydantic import SecretStr
 from server.auth.token_manager import TokenManager

+from openhands.app_server.integrations.github.github_service import GitHubService
+from openhands.app_server.integrations.service_types import ProviderType, Repository
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.github.github_service import GitHubService
-from openhands.integrations.service_types import ProviderType, Repository
 from openhands.server.types import AppMode


--- a/enterprise/integrations/github/github_solvability.py
+++ b/enterprise/integrations/github/github_solvability.py
@@ -1,186 +0,0 @@
-import asyncio
-import time
-
-from github import Auth, Github
-from integrations.github.github_view import (
-    GithubInlinePRComment,
-    GithubIssueComment,
-    GithubPRComment,
-    GithubViewType,
-)
-from integrations.solvability.data import load_classifier
-from integrations.solvability.models.report import SolvabilityReport
-from integrations.solvability.models.summary import SolvabilitySummary
-from integrations.utils import ENABLE_SOLVABILITY_ANALYSIS
-from pydantic import ValidationError
-from server.config import get_config
-from storage.saas_settings_store import SaasSettingsStore
-
-from openhands.core.config import LLMConfig
-from openhands.core.logger import openhands_logger as logger
-from openhands.utils.async_utils import call_sync_from_async
-from openhands.utils.utils import create_registry_and_conversation_stats
-
-
-def fetch_github_issue_context(
-    github_view: GithubViewType,
-    user_token: str,
-) -> str:
-    """Fetch full GitHub issue/PR context including title, body, and comments.
-
-    Args:
-        full_repo_name: Full repository name in the format 'owner/repo'
-        issue_number: The issue or PR number
-        user_token: GitHub user access token
-        max_comments: Maximum number of comments to fetch (default: 10)
-        max_comment_length: Maximum length of each comment to include in the context (default: 500)
-
-    Returns:
-        A comprehensive string containing the issue/PR context
-    """
-
-    # Build context string
-    context_parts = []
-
-    # Add title and body
-    context_parts.append(f'Title: {github_view.title}')
-    context_parts.append(f'Description:\n{github_view.description}')
-
-    with Github(auth=Auth.Token(user_token)) as github_client:
-        repo = github_client.get_repo(github_view.full_repo_name)
-        issue = repo.get_issue(github_view.issue_number)
-        if issue.labels:
-            labels = [label.name for label in issue.labels]
-            context_parts.append(f"Labels: {', '.join(labels)}")
-
-    for comment in github_view.previous_comments:
-        context_parts.append(f'- {comment.author}: {comment.body}')
-
-    return '\n\n'.join(context_parts)
-
-
-async def summarize_issue_solvability(
-    github_view: GithubViewType,
-    user_token: str,
-    timeout: float = 60.0 * 5,
-) -> str:
-    """Generate a solvability summary for an issue using the resolver view interface.
-
-    Args:
-        resolver_view: A resolver view interface instance (e.g., GithubIssue, GithubPRComment)
-        user_token: GitHub user access token for API access
-        timeout: Maximum time in seconds to wait for the result (default: 60.0)
-
-    Returns:
-        The solvability summary as a string
-
-    Raises:
-        ValueError: If LLM settings cannot be found for the user
-        asyncio.TimeoutError: If the operation exceeds the specified timeout
-    """
-    if not ENABLE_SOLVABILITY_ANALYSIS:
-        raise ValueError('Solvability report feature is disabled')
-
-    if github_view.user_info.keycloak_user_id is None:
-        raise ValueError(
-            f'[Solvability] No user ID found for user {github_view.user_info.username}'
-        )
-
-    # Grab the user's information so we can load their LLM configuration
-    store = SaasSettingsStore(
-        user_id=github_view.user_info.keycloak_user_id,
-        config=get_config(),
-    )
-
-    user_settings = await store.load()
-
-    if user_settings is None:
-        raise ValueError(
-            f'[Solvability] No user settings found for user ID {github_view.user_info.user_id}'
-        )
-
-    # Check if solvability analysis is enabled for this user, exit early if
-    # needed
-    if not getattr(user_settings, 'enable_solvability_analysis', False):
-        raise ValueError(
-            f'Solvability analysis disabled for user {github_view.user_info.user_id}'
-        )
-
-    if user_settings.llm_api_key is None:
-        raise ValueError(
-            f'[Solvability] No LLM API key found for user {github_view.user_info.user_id}'
-        )
-
-    try:
-        llm_config = LLMConfig(
-            model=user_settings.llm_model,
-            api_key=user_settings.llm_api_key.get_secret_value(),
-            base_url=user_settings.llm_base_url,
-        )
-    except ValidationError as e:
-        raise ValueError(
-            f'[Solvability] Invalid LLM configuration for user {github_view.user_info.user_id}: {str(e)}'
-        )
-
-    # Fetch the full GitHub issue/PR context using the GitHub API
-    start_time = time.time()
-    issue_context = fetch_github_issue_context(github_view, user_token)
-    logger.info(
-        f'[Solvability] Grabbed issue context for {github_view.conversation_id}',
-        extra={
-            'conversation_id': github_view.conversation_id,
-            'response_latency': time.time() - start_time,
-            'full_repo_name': github_view.full_repo_name,
-            'issue_number': github_view.issue_number,
-        },
-    )
-
-    # For comment-based triggers, also include the specific comment that triggered the action
-    if isinstance(
-        github_view, (GithubIssueComment, GithubPRComment, GithubInlinePRComment)
-    ):
-        issue_context += f'\n\nTriggering Comment:\n{github_view.comment_body}'
-
-    solvability_classifier = load_classifier('default-classifier')
-
-    async with asyncio.timeout(timeout):
-        solvability_report: SolvabilityReport = await call_sync_from_async(
-            lambda: solvability_classifier.solvability_report(
-                issue_context, llm_config=llm_config
-            )
-        )
-
-        logger.info(
-            f'[Solvability] Generated report for {github_view.conversation_id}',
-            extra={
-                'conversation_id': github_view.conversation_id,
-                'report': solvability_report.model_dump(exclude=['issue']),
-            },
-        )
-
-        llm_registry, conversation_stats, _ = create_registry_and_conversation_stats(
-            get_config(),
-            github_view.conversation_id,
-            github_view.user_info.keycloak_user_id,
-            None,
-        )
-
-        solvability_summary = await call_sync_from_async(
-            lambda: SolvabilitySummary.from_report(
-                solvability_report,
-                llm=llm_registry.get_llm(
-                    service_id='solvability_analysis', config=llm_config
-                ),
-            )
-        )
-        conversation_stats.save_metrics()
-
-        logger.info(
-            f'[Solvability] Generated summary for {github_view.conversation_id}',
-            extra={
-                'conversation_id': github_view.conversation_id,
-                'summary': solvability_summary.model_dump(exclude=['content']),
-            },
-        )
-
-        return solvability_summary.format_as_markdown()
--- a/enterprise/integrations/github/github_view.py
+++ b/enterprise/integrations/github/github_view.py
@@ -14,11 +14,9 @@ from integrations.resolver_org_router import resolve_org_for_repo
 from integrations.types import ResolverViewInterface, UserData
 from integrations.utils import (
    ENABLE_PROACTIVE_CONVERSATION_STARTERS,
-    ENABLE_V1_GITHUB_RESOLVER,
    HOST,
    HOST_URL,
    get_oh_labels,
-    get_user_v1_enabled_setting,
    has_exact_mention,
 )
 from jinja2 import Environment
@@ -27,38 +25,28 @@ from server.auth.token_manager import TokenManager
 from server.config import get_config
 from storage.org_store import OrgStore
 from storage.proactive_conversation_store import ProactiveConversationStore
-from storage.saas_conversation_store import SaasConversationStore
 from storage.saas_secrets_store import SaasSecretsStore

 from openhands.agent_server.models import SendMessageRequest
 from openhands.app_server.app_conversation.app_conversation_models import (
    AppConversationStartRequest,
    AppConversationStartTaskStatus,
-)
-from openhands.app_server.config import get_app_conversation_service
-from openhands.app_server.services.injector import InjectorState
-from openhands.app_server.user.specifiy_user_context import USER_CONTEXT_ATTR
-from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.github.github_service import GithubServiceImpl
-from openhands.integrations.provider import PROVIDER_TOKEN_TYPE, ProviderType
-from openhands.integrations.service_types import Comment
-from openhands.sdk import TextContent
-from openhands.server.services.conversation_service import start_conversation
-from openhands.server.user_auth.user_auth import UserAuth
-from openhands.storage.data_models.conversation_metadata import (
-    ConversationMetadata,
    ConversationTrigger,
 )
+from openhands.app_server.config import get_app_conversation_service
+from openhands.app_server.integrations.github.github_service import GithubServiceImpl
+from openhands.app_server.integrations.provider import PROVIDER_TOKEN_TYPE, ProviderType
+from openhands.app_server.integrations.service_types import Comment
+from openhands.app_server.services.injector import InjectorState
+from openhands.app_server.user.specifiy_user_context import USER_CONTEXT_ATTR
+from openhands.app_server.user_auth.user_auth import UserAuth
+from openhands.core.logger import openhands_logger as logger
+from openhands.sdk import TextContent
 from openhands.utils.async_utils import call_sync_from_async
-from openhands.utils.conversation_summary import get_default_conversation_title

 OH_LABEL, INLINE_OH_LABEL = get_oh_labels(HOST)


-async def is_v1_enabled_for_github_resolver(user_id: str) -> bool:
-    return await get_user_v1_enabled_setting(user_id) and ENABLE_V1_GITHUB_RESOLVER
-
-
 async def get_user_proactive_conversation_setting(user_id: str | None) -> bool:
    """Get the user's proactive conversation setting.

@@ -106,7 +94,6 @@ class GithubIssue(ResolverViewInterface):
    title: str
    description: str
    previous_comments: list[Comment]
-    v1_enabled: bool

    def _get_branch_name(self) -> str | None:
        return getattr(self, 'branch_name', None)
@@ -153,11 +140,7 @@ class GithubIssue(ResolverViewInterface):

        return user_secrets.custom_secrets if user_secrets else None

-    async def initialize_new_conversation(self) -> ConversationMetadata:
-        self.v1_enabled = await is_v1_enabled_for_github_resolver(
-            self.user_info.keycloak_user_id
-        )
-
+    async def initialize_new_conversation(self) -> UUID:
        # Resolve target org based on claimed git organizations
        self.resolved_org_id = await resolve_org_for_repo(
            provider='github',
@@ -165,88 +148,20 @@ class GithubIssue(ResolverViewInterface):
            keycloak_user_id=self.user_info.keycloak_user_id,
        )

-        logger.info(
-            f'[GitHub V1]: User flag found for {self.user_info.keycloak_user_id} is {self.v1_enabled}'
-        )
-        if self.v1_enabled:
-            # Create dummy conversationm metadata
-            # Don't save to conversation store
-            # V1 conversations are stored in a separate table
-            self.conversation_id = uuid4().hex
-            return ConversationMetadata(
-                conversation_id=self.conversation_id,
-                selected_repository=self.full_repo_name,
-            )
-
-        # Create the conversation store with resolver org routing
-        # (bypasses initialize_conversation to avoid threading enterprise-only
-        # resolver_org_id through the generic OSS interface)
-        store = await SaasConversationStore.get_resolver_instance(
-            get_config(),
-            self.user_info.keycloak_user_id,
-            self.resolved_org_id,
-        )
-
-        conversation_id = uuid4().hex
-        conversation_metadata = ConversationMetadata(
-            trigger=ConversationTrigger.RESOLVER,
-            conversation_id=conversation_id,
-            title=get_default_conversation_title(conversation_id),
-            user_id=self.user_info.keycloak_user_id,
-            selected_repository=self.full_repo_name,
-            selected_branch=self._get_branch_name(),
-            git_provider=ProviderType.GITHUB,
-        )
-        await store.save_metadata(conversation_metadata)
-
-        self.conversation_id = conversation_id
-        return conversation_metadata
+        # All conversations use V1 app conversation service
+        conversation_id = uuid4()
+        self.conversation_id = conversation_id.hex
+        return conversation_id

    async def create_new_conversation(
        self,
        jinja_env: Environment,
        git_provider_tokens: PROVIDER_TOKEN_TYPE,
-        conversation_metadata: ConversationMetadata,
+        conversation_id: UUID,
        saas_user_auth: UserAuth,
    ):
-        logger.info(
-            f'[GitHub V1]: User flag found for {self.user_info.keycloak_user_id} is {self.v1_enabled}'
-        )
-        if self.v1_enabled:
-            # Use V1 app conversation service
-            await self._create_v1_conversation(
-                jinja_env, saas_user_auth, conversation_metadata
-            )
-        else:
-            await self._create_v0_conversation(
-                jinja_env, git_provider_tokens, conversation_metadata
-            )
-
-    async def _create_v0_conversation(
-        self,
-        jinja_env: Environment,
-        git_provider_tokens: PROVIDER_TOKEN_TYPE,
-        conversation_metadata: ConversationMetadata,
-    ):
-        """Create conversation using the legacy V0 system."""
-        logger.info('[GitHub]: Creating V0 conversation')
-        custom_secrets = await self._get_user_secrets()
-
-        user_instructions, conversation_instructions = await self._get_instructions(
-            jinja_env
-        )
-
-        await start_conversation(
-            user_id=self.user_info.keycloak_user_id,
-            git_provider_tokens=git_provider_tokens,
-            custom_secrets=custom_secrets,
-            initial_user_msg=user_instructions,
-            image_urls=None,
-            replay_json=None,
-            conversation_id=conversation_metadata.conversation_id,
-            conversation_metadata=conversation_metadata,
-            conversation_instructions=conversation_instructions,
-        )
+        # V0 conversation path has been removed - all conversations use V1 app conversation service
+        await self._create_v1_conversation(jinja_env, saas_user_auth, conversation_id)

    async def _get_v1_initial_user_message(self, jinja_env: Environment) -> str:
        """Build the initial user message for V1 resolver conversations.
@@ -258,7 +173,6 @@ class GithubIssue(ResolverViewInterface):
        comments, inline review comments) override this method to control ordering
        (e.g., context first, then the triggering comment, then previous comments).
        """
-
        user_instructions, conversation_instructions = await self._get_instructions(
            jinja_env
        )
@@ -275,7 +189,7 @@ class GithubIssue(ResolverViewInterface):
        self,
        jinja_env: Environment,
        saas_user_auth: UserAuth,
-        conversation_metadata: ConversationMetadata,
+        conversation_id: UUID,
    ):
        """Create conversation using the new V1 app conversation system."""
        logger.info('[GitHub V1]: Creating V1 conversation')
@@ -295,7 +209,7 @@ class GithubIssue(ResolverViewInterface):

        # Create the V1 conversation start request with the callback processor
        start_request = AppConversationStartRequest(
-            conversation_id=UUID(conversation_metadata.conversation_id),
+            conversation_id=conversation_id,
            # NOTE: Resolver instructions are intended to be lower priority than the
            # system prompt, so we inject them into the initial user message.
            system_message_suffix=None,
@@ -849,7 +763,6 @@ class GithubFactory:
                title='',
                description='',
                previous_comments=[],
-                v1_enabled=False,
            )

        elif GithubFactory.is_issue_comment(message):
@@ -875,7 +788,6 @@ class GithubFactory:
                title='',
                description='',
                previous_comments=[],
-                v1_enabled=False,
            )

        elif GithubFactory.is_pr_comment(message):
@@ -917,7 +829,6 @@ class GithubFactory:
                title='',
                description='',
                previous_comments=[],
-                v1_enabled=False,
            )

        elif GithubFactory.is_inline_pr_comment(message):
@@ -951,7 +862,6 @@ class GithubFactory:
                title='',
                description='',
                previous_comments=[],
-                v1_enabled=False,
            )

        else:
--- a/enterprise/integrations/gitlab/gitlab_manager.py
+++ b/enterprise/integrations/gitlab/gitlab_manager.py
@@ -24,17 +24,16 @@ from integrations.v1_utils import get_saas_user_auth
 from jinja2 import Environment, FileSystemLoader
 from pydantic import SecretStr
 from server.auth.token_manager import TokenManager
-from server.utils.conversation_callback_utils import register_callback_processor

+from openhands.app_server.integrations.gitlab.gitlab_service import GitLabServiceImpl
+from openhands.app_server.integrations.provider import ProviderToken, ProviderType
+from openhands.app_server.secrets.secrets_models import Secrets
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.gitlab.gitlab_service import GitLabServiceImpl
-from openhands.integrations.provider import ProviderToken, ProviderType
 from openhands.server.types import (
    LLMAuthenticationError,
    MissingSettingsError,
    SessionExpiredError,
 )
-from openhands.storage.data_models.secrets import Secrets


 class GitlabManager(Manager[GitlabViewType]):
@@ -171,17 +170,11 @@ class GitlabManager(Manager[GitlabViewType]):
            )

    async def start_job(self, gitlab_view: GitlabViewType) -> None:
-        """
-        Start a job for the GitLab view.
+        """Start a job for the GitLab view using V1 app conversation system.

        Args:
            gitlab_view: The GitLab view object containing issue/PR/comment info
        """
-        # Importing here prevents circular import
-        from server.conversation_callback_processor.gitlab_callback_processor import (
-            GitlabCallbackProcessor,
-        )
-
        try:
            try:
                user_info = gitlab_view.user_info
@@ -215,8 +208,8 @@ class GitlabManager(Manager[GitlabViewType]):
                    )
                )

-                # Initialize conversation and get metadata (following GitHub pattern)
-                convo_metadata = await gitlab_view.initialize_new_conversation()
+                # Initialize conversation and get UUID
+                conversation_id = await gitlab_view.initialize_new_conversation()

                saas_user_auth = await get_saas_user_auth(
                    gitlab_view.user_info.keycloak_user_id, self.token_manager
@@ -225,31 +218,19 @@ class GitlabManager(Manager[GitlabViewType]):
                await gitlab_view.create_new_conversation(
                    self.jinja_env,
                    secret_store.provider_tokens,
-                    convo_metadata,
+                    conversation_id,
                    saas_user_auth,
                )

-                conversation_id = gitlab_view.conversation_id
+                conversation_id_hex = gitlab_view.conversation_id

                logger.info(
-                    f'[GitLab] Created conversation {conversation_id} for user {user_info.username}'
+                    f'[GitLab] Created conversation {conversation_id_hex} for user {user_info.username}'
                )

-                if not gitlab_view.v1_enabled:
-                    # Create a GitlabCallbackProcessor for this conversation
-                    processor = GitlabCallbackProcessor(
-                        gitlab_view=gitlab_view,
-                        send_summary_instruction=True,
-                    )
+                # V1 callback processors are registered by the view during conversation creation

-                    # Register the callback processor
-                    register_callback_processor(conversation_id, processor)
-
-                    logger.info(
-                        f'[GitLab] Created callback processor for conversation {conversation_id}'
-                    )
-
-                conversation_link = CONVERSATION_URL.format(conversation_id)
+                conversation_link = CONVERSATION_URL.format(conversation_id_hex)
                msg_info = f"I'm on it! {user_info.username} can [track my progress at all-hands.dev]({conversation_link})"

            except MissingSettingsError as e:
--- a/enterprise/integrations/gitlab/gitlab_service.py
+++ b/enterprise/integrations/gitlab/gitlab_service.py
@@ -7,14 +7,14 @@ from server.auth.token_manager import TokenManager
 from storage.gitlab_webhook import GitlabWebhook, WebhookStatus
 from storage.gitlab_webhook_store import GitlabWebhookStore

-from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.gitlab.gitlab_service import GitLabService
-from openhands.integrations.service_types import (
+from openhands.app_server.integrations.gitlab.gitlab_service import GitLabService
+from openhands.app_server.integrations.service_types import (
    ProviderType,
    RateLimitError,
    Repository,
    RequestMethod,
 )
+from openhands.core.logger import openhands_logger as logger
 from openhands.server.types import AppMode


--- a/enterprise/integrations/gitlab/gitlab_view.py
+++ b/enterprise/integrations/gitlab/gitlab_view.py
@@ -6,48 +6,36 @@ from integrations.resolver_context import ResolverUserContext
 from integrations.resolver_org_router import resolve_org_for_repo
 from integrations.types import ResolverViewInterface, UserData
 from integrations.utils import (
-    ENABLE_V1_GITLAB_RESOLVER,
    HOST,
    get_oh_labels,
-    get_user_v1_enabled_setting,
    has_exact_mention,
 )
 from jinja2 import Environment
 from server.auth.token_manager import TokenManager
 from server.config import get_config
-from storage.saas_conversation_store import SaasConversationStore
 from storage.saas_secrets_store import SaasSecretsStore

 from openhands.agent_server.models import SendMessageRequest
 from openhands.app_server.app_conversation.app_conversation_models import (
    AppConversationStartRequest,
    AppConversationStartTaskStatus,
-)
-from openhands.app_server.config import get_app_conversation_service
-from openhands.app_server.services.injector import InjectorState
-from openhands.app_server.user.specifiy_user_context import USER_CONTEXT_ATTR
-from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.gitlab.gitlab_service import GitLabServiceImpl
-from openhands.integrations.provider import PROVIDER_TOKEN_TYPE, ProviderType
-from openhands.integrations.service_types import Comment
-from openhands.sdk import TextContent
-from openhands.server.services.conversation_service import start_conversation
-from openhands.server.user_auth.user_auth import UserAuth
-from openhands.storage.data_models.conversation_metadata import (
-    ConversationMetadata,
    ConversationTrigger,
 )
-from openhands.utils.conversation_summary import get_default_conversation_title
+from openhands.app_server.config import get_app_conversation_service
+from openhands.app_server.integrations.gitlab.gitlab_service import GitLabServiceImpl
+from openhands.app_server.integrations.provider import PROVIDER_TOKEN_TYPE, ProviderType
+from openhands.app_server.integrations.service_types import Comment
+from openhands.app_server.services.injector import InjectorState
+from openhands.app_server.user.specifiy_user_context import USER_CONTEXT_ATTR
+from openhands.app_server.user_auth.user_auth import UserAuth
+from openhands.core.logger import openhands_logger as logger
+from openhands.sdk import TextContent

 OH_LABEL, INLINE_OH_LABEL = get_oh_labels(HOST)
 CONFIDENTIAL_NOTE = 'confidential_note'
 NOTE_TYPES = ['note', CONFIDENTIAL_NOTE]


-async def is_v1_enabled_for_gitlab_resolver(user_id: str) -> bool:
-    return await get_user_v1_enabled_setting(user_id) and ENABLE_V1_GITLAB_RESOLVER
-
-
 # =================================================
 # SECTION: Factory to create appriorate Gitlab view
 # =================================================
@@ -69,7 +57,6 @@ class GitlabIssue(ResolverViewInterface):
    description: str
    previous_comments: list[Comment]
    is_mr: bool
-    v1_enabled: bool

    def _get_branch_name(self) -> str | None:
        return getattr(self, 'branch_name', None)
@@ -115,10 +102,7 @@ class GitlabIssue(ResolverViewInterface):

        return user_secrets.custom_secrets if user_secrets else None

-    async def initialize_new_conversation(self) -> ConversationMetadata:
-        # v1_enabled is already set at construction time in the factory method
-        # This is the source of truth for the conversation type
-
+    async def initialize_new_conversation(self) -> UUID:
        # Resolve target org based on claimed git organizations
        self.resolved_org_id = await resolve_org_for_repo(
            provider='gitlab',
@@ -126,89 +110,26 @@ class GitlabIssue(ResolverViewInterface):
            keycloak_user_id=self.user_info.keycloak_user_id,
        )

-        if self.v1_enabled:
-            # Create dummy conversation metadata
-            # Don't save to conversation store
-            # V1 conversations are stored in a separate table
-            self.conversation_id = uuid4().hex
-            return ConversationMetadata(
-                conversation_id=self.conversation_id,
-                selected_repository=self.full_repo_name,
-            )
-
-        # Create the conversation store with resolver org routing
-        # (bypasses initialize_conversation to avoid threading enterprise-only
-        # resolver_org_id through the generic OSS interface)
-        store = await SaasConversationStore.get_resolver_instance(
-            get_config(),
-            self.user_info.keycloak_user_id,
-            self.resolved_org_id,
-        )
-
-        conversation_id = uuid4().hex
-        conversation_metadata = ConversationMetadata(
-            trigger=ConversationTrigger.RESOLVER,
-            conversation_id=conversation_id,
-            title=get_default_conversation_title(conversation_id),
-            user_id=self.user_info.keycloak_user_id,
-            selected_repository=self.full_repo_name,
-            selected_branch=self._get_branch_name(),
-            git_provider=ProviderType.GITLAB,
-        )
-        await store.save_metadata(conversation_metadata)
-
-        self.conversation_id = conversation_id
-        return conversation_metadata
+        # All conversations use V1 app conversation service
+        conversation_id = uuid4()
+        self.conversation_id = conversation_id.hex
+        return conversation_id

    async def create_new_conversation(
        self,
        jinja_env: Environment,
        git_provider_tokens: PROVIDER_TOKEN_TYPE,
-        conversation_metadata: ConversationMetadata,
+        conversation_id: UUID,
        saas_user_auth: UserAuth,
    ):
-        # v1_enabled is already set at construction time in the factory method
-        if self.v1_enabled:
-            # Use V1 app conversation service
-            await self._create_v1_conversation(
-                jinja_env, saas_user_auth, conversation_metadata
-            )
-        else:
-            await self._create_v0_conversation(
-                jinja_env, git_provider_tokens, conversation_metadata
-            )
-
-    async def _create_v0_conversation(
-        self,
-        jinja_env: Environment,
-        git_provider_tokens: PROVIDER_TOKEN_TYPE,
-        conversation_metadata: ConversationMetadata,
-    ):
-        """Create conversation using the legacy V0 system."""
-        logger.info('[GitLab]: Creating V0 conversation')
-        custom_secrets = await self._get_user_secrets()
-
-        user_instructions, conversation_instructions = await self._get_instructions(
-            jinja_env
-        )
-
-        await start_conversation(
-            user_id=self.user_info.keycloak_user_id,
-            git_provider_tokens=git_provider_tokens,
-            custom_secrets=custom_secrets,
-            initial_user_msg=user_instructions,
-            image_urls=None,
-            replay_json=None,
-            conversation_id=conversation_metadata.conversation_id,
-            conversation_metadata=conversation_metadata,
-            conversation_instructions=conversation_instructions,
-        )
+        # V0 conversation path has been removed - all conversations use V1 app conversation service
+        await self._create_v1_conversation(jinja_env, saas_user_auth, conversation_id)

    async def _create_v1_conversation(
        self,
        jinja_env: Environment,
        saas_user_auth: UserAuth,
-        conversation_metadata: ConversationMetadata,
+        conversation_id: UUID,
    ):
        """Create conversation using the new V1 app conversation system."""
        logger.info('[GitLab V1]: Creating V1 conversation')
@@ -234,7 +155,7 @@ class GitlabIssue(ResolverViewInterface):

        # Create the V1 conversation start request with the callback processor
        start_request = AppConversationStartRequest(
-            conversation_id=UUID(conversation_metadata.conversation_id),
+            conversation_id=conversation_id,
            system_message_suffix=conversation_instructions,
            initial_message=initial_message,
            selected_repository=self.full_repo_name,
@@ -483,16 +404,6 @@ class GitlabFactory:
            user_id=user_id, username=username, keycloak_user_id=keycloak_user_id
        )

-        # Check v1_enabled at construction time - this is the source of truth
-        v1_enabled = (
-            await is_v1_enabled_for_gitlab_resolver(keycloak_user_id)
-            if keycloak_user_id
-            else False
-        )
-        logger.info(
-            f'[GitLab V1]: User flag found for {keycloak_user_id} is {v1_enabled}'
-        )
-
        if GitlabFactory.is_labeled_issue(message):
            issue_iid = payload['object_attributes']['iid']

@@ -514,7 +425,6 @@ class GitlabFactory:
                description='',
                previous_comments=[],
                is_mr=False,
-                v1_enabled=v1_enabled,
            )

        elif GitlabFactory.is_issue_comment(message):
@@ -545,7 +455,6 @@ class GitlabFactory:
                description='',
                previous_comments=[],
                is_mr=False,
-                v1_enabled=v1_enabled,
            )

        elif GitlabFactory.is_mr_comment(message):
@@ -578,7 +487,6 @@ class GitlabFactory:
                description='',
                previous_comments=[],
                is_mr=True,
-                v1_enabled=v1_enabled,
            )

        elif GitlabFactory.is_mr_comment(message, inline=True):
@@ -619,7 +527,6 @@ class GitlabFactory:
                description='',
                previous_comments=[],
                is_mr=True,
-                v1_enabled=v1_enabled,
            )

        raise ValueError(f'Unhandled GitLab webhook event: {message}')
--- a/enterprise/integrations/jira/jira_manager.py
+++ b/enterprise/integrations/jira/jira_manager.py
@@ -24,31 +24,31 @@ from integrations.jira.jira_types import (
    RepositoryNotFoundError,
    StartingConvoException,
 )
-from integrations.jira.jira_view import JiraFactory, JiraNewConversationView
+from integrations.jira.jira_view import JiraFactory
 from integrations.manager import Manager
 from integrations.models import Message
 from integrations.utils import (
    HOST,
    HOST_URL,
    OPENHANDS_RESOLVER_TEMPLATES_DIR,
+    format_jira_comment_body,
    get_oh_labels,
    get_session_expired_message,
 )
 from jinja2 import Environment, FileSystemLoader
 from server.auth.saas_user_auth import get_user_auth_from_keycloak_id
 from server.auth.token_manager import TokenManager
-from server.utils.conversation_callback_utils import register_callback_processor
 from storage.jira_integration_store import JiraIntegrationStore
 from storage.jira_user import JiraUser
 from storage.jira_workspace import JiraWorkspace

+from openhands.app_server.user_auth.user_auth import UserAuth
 from openhands.core.logger import openhands_logger as logger
 from openhands.server.types import (
    LLMAuthenticationError,
    MissingSettingsError,
    SessionExpiredError,
 )
-from openhands.server.user_auth.user_auth import UserAuth
 from openhands.utils.http_session import httpx_verify_option

 JIRA_CLOUD_API_URL = 'https://api.atlassian.com/ex/jira'
@@ -259,11 +259,6 @@ class JiraManager(Manager[JiraViewInterface]):

    async def start_job(self, view: JiraViewInterface) -> None:
        """Start a Jira job/conversation."""
-        # Import here to prevent circular import
-        from server.conversation_callback_processor.jira_callback_processor import (
-            JiraCallbackProcessor,
-        )
-
        try:
            logger.info(
                '[Jira] Starting job',
@@ -285,19 +280,7 @@ class JiraManager(Manager[JiraViewInterface]):
                },
            )

-            # Register callback processor for updates
-            if isinstance(view, JiraNewConversationView):
-                processor = JiraCallbackProcessor(
-                    issue_key=view.payload.issue_key,
-                    workspace_name=view.jira_workspace.name,
-                )
-                register_callback_processor(conversation_id, processor)
-                logger.info(
-                    '[Jira] Callback processor registered',
-                    extra={'conversation_id': conversation_id},
-                )
-
-            # Send success response
+            # Create success message
            msg_info = view.get_response_msg()

        except MissingSettingsError as e:
@@ -359,7 +342,7 @@ class JiraManager(Manager[JiraViewInterface]):
        url = (
            f'{JIRA_CLOUD_API_URL}/{jira_cloud_id}/rest/api/2/issue/{issue_key}/comment'
        )
-        data = {'body': message}
+        data = format_jira_comment_body(message)
        async with httpx.AsyncClient(verify=httpx_verify_option()) as client:
            response = await client.post(
                url, auth=(svc_acc_email, svc_acc_api_key), json=data
--- a/enterprise/integrations/jira/jira_payload.py
+++ b/enterprise/integrations/jira/jira_payload.py
@@ -136,11 +136,10 @@ class JiraPayloadParser:
        items = changelog.get('items', [])

        # Extract labels that were added
-        labels = [
-            item.get('toString', '')
-            for item in items
-            if item.get('field') == 'labels' and 'toString' in item
-        ]
+        labels = set()
+        for item in items:
+            if item.get('field') == 'labels' and item.get('toString'):
+                labels.update(item['toString'].split())

        if self.oh_label not in labels:
            return JiraPayloadSkipped(
--- a/enterprise/integrations/jira/jira_types.py
+++ b/enterprise/integrations/jira/jira_types.py
@@ -7,7 +7,7 @@ from jinja2 import Environment
 from storage.jira_user import JiraUser
 from storage.jira_workspace import JiraWorkspace

-from openhands.server.user_auth.user_auth import UserAuth
+from openhands.app_server.user_auth.user_auth import UserAuth

 if TYPE_CHECKING:
    from integrations.jira.jira_payload import JiraWebhookPayload
--- a/enterprise/integrations/jira/jira_v1_callback_processor.py
+++ b/enterprise/integrations/jira/jira_v1_callback_processor.py
@@ -0,0 +1,238 @@
+import logging
+from uuid import UUID
+
+import httpx
+from integrations.utils import format_jira_comment_body, get_summary_instruction
+from pydantic import Field
+
+from openhands.agent_server.models import AskAgentRequest, AskAgentResponse
+from openhands.app_server.event_callback.event_callback_models import (
+    EventCallback,
+    EventCallbackProcessor,
+)
+from openhands.app_server.event_callback.event_callback_result_models import (
+    EventCallbackResult,
+    EventCallbackResultStatus,
+)
+from openhands.app_server.event_callback.util import (
+    ensure_conversation_found,
+    ensure_running_sandbox,
+    get_agent_server_url_from_sandbox,
+)
+from openhands.sdk import Event
+from openhands.sdk.event import ConversationStateUpdateEvent
+from openhands.utils.http_session import httpx_verify_option
+
+_logger = logging.getLogger(__name__)
+
+JIRA_CLOUD_API_URL = 'https://api.atlassian.com/ex/jira'
+
+
+class JiraV1CallbackProcessor(EventCallbackProcessor):
+    """Callback processor for Jira V1 integrations."""
+
+    should_request_summary: bool = Field(default=True)
+    svc_acc_email: str
+    decrypted_api_key: str
+    issue_key: str
+    jira_cloud_id: str
+
+    async def __call__(
+        self,
+        conversation_id: UUID,
+        callback: EventCallback,
+        event: Event,
+    ) -> EventCallbackResult | None:
+        """Process events for Jira V1 integration."""
+        # Only handle ConversationStateUpdateEvent for execution_status
+        if not isinstance(event, ConversationStateUpdateEvent):
+            return None
+
+        if event.key != 'execution_status':
+            return None
+
+        _logger.info('[Jira] Callback agent state was %s', event)
+
+        # Only request summary when execution has finished successfully
+        if event.value != 'finished':
+            return None
+
+        _logger.info('[Jira] Should request summary: %s', self.should_request_summary)
+
+        if not self.should_request_summary:
+            return None
+
+        self.should_request_summary = False
+
+        try:
+            _logger.info(f'[Jira] Requesting summary {conversation_id}')
+            summary = await self._request_summary(conversation_id)
+            _logger.info(
+                f'[Jira] Posting summary {conversation_id}',
+                extra={'summary': summary},
+            )
+            await self._post_summary_to_jira(summary)
+
+            return EventCallbackResult(
+                status=EventCallbackResultStatus.SUCCESS,
+                event_callback_id=callback.id,
+                event_id=event.id,
+                conversation_id=conversation_id,
+                detail=summary,
+            )
+        except Exception as e:
+            _logger.exception(f'[Jira] Failed to post summary: {e}', stack_info=True)
+            return EventCallbackResult(
+                status=EventCallbackResultStatus.ERROR,
+                event_callback_id=callback.id,
+                event_id=event.id,
+                conversation_id=conversation_id,
+                detail=str(e),
+            )
+
+    async def _request_summary(self, conversation_id: UUID) -> str:
+        """Ask the agent to produce a summary of its work and return the agent response."""
+        # Import services within the method to avoid circular imports
+        from openhands.app_server.config import (
+            get_app_conversation_info_service,
+            get_httpx_client,
+            get_sandbox_service,
+        )
+        from openhands.app_server.services.injector import InjectorState
+        from openhands.app_server.user.specifiy_user_context import (
+            ADMIN,
+            USER_CONTEXT_ATTR,
+        )
+
+        # Create injector state for dependency injection
+        state = InjectorState()
+        setattr(state, USER_CONTEXT_ATTR, ADMIN)
+
+        async with (
+            get_app_conversation_info_service(state) as app_conversation_info_service,
+            get_sandbox_service(state) as sandbox_service,
+            get_httpx_client(state) as httpx_client,
+        ):
+            # 1. Conversation lookup
+            app_conversation_info = ensure_conversation_found(
+                await app_conversation_info_service.get_app_conversation_info(
+                    conversation_id
+                ),
+                conversation_id,
+            )
+
+            # 2. Sandbox lookup + validation
+            sandbox = ensure_running_sandbox(
+                await sandbox_service.get_sandbox(app_conversation_info.sandbox_id),
+                app_conversation_info.sandbox_id,
+            )
+
+            assert (
+                sandbox.session_api_key is not None
+            ), f'No session API key for sandbox: {sandbox.id}'
+
+            # 3. URL + instruction
+            agent_server_url = get_agent_server_url_from_sandbox(sandbox)
+
+            # Prepare message based on agent state
+            message_content = get_summary_instruction()
+
+            # Ask the agent and return the response text
+            return await self._ask_question(
+                httpx_client=httpx_client,
+                agent_server_url=agent_server_url,
+                conversation_id=conversation_id,
+                session_api_key=sandbox.session_api_key,
+                message_content=message_content,
+            )
+
+    async def _ask_question(
+        self,
+        httpx_client: httpx.AsyncClient,
+        agent_server_url: str,
+        conversation_id: UUID,
+        session_api_key: str,
+        message_content: str,
+    ) -> str:
+        """Send a message to the agent server via the V1 API and return response text."""
+        send_message_request = AskAgentRequest(question=message_content)
+
+        url = (
+            f"{agent_server_url.rstrip('/')}"
+            f"/api/conversations/{conversation_id}/ask_agent"
+        )
+        headers = {'X-Session-API-Key': session_api_key}
+        payload = send_message_request.model_dump()
+
+        try:
+            response = await httpx_client.post(
+                url,
+                json=payload,
+                headers=headers,
+                timeout=30.0,
+            )
+            response.raise_for_status()
+
+            agent_response = AskAgentResponse.model_validate(response.json())
+            return agent_response.response
+
+        except httpx.HTTPStatusError as e:
+            error_detail = f'HTTP {e.response.status_code} error'
+            try:
+                error_body = e.response.text
+                if error_body:
+                    error_detail += f': {error_body}'
+            except Exception:
+                pass
+
+            _logger.exception(
+                '[Jira] HTTP error sending message to %s: %s. '
+                'Request payload: %s. Response headers: %s',
+                url,
+                error_detail,
+                payload,
+                dict(e.response.headers),
+                stack_info=True,
+            )
+            raise Exception(f'Failed to send message to agent server: {error_detail}')
+
+        except httpx.TimeoutException:
+            error_detail = f'Request timeout after 30 seconds to {url}'
+            _logger.exception(
+                '[Jira] Timeout error: %s. Request payload: %s',
+                error_detail,
+                payload,
+                stack_info=True,
+            )
+            raise Exception(f'Failed to send message to agent server: {error_detail}')
+
+    async def _post_summary_to_jira(self, summary: str):
+        """Post the summary back to the Jira issue."""
+        if not all(
+            [
+                self.svc_acc_email,
+                self.decrypted_api_key,
+                self.issue_key,
+                self.jira_cloud_id,
+            ]
+        ):
+            _logger.warning('[Jira] Missing required data for posting summary')
+            return
+
+        # Add a comment to the Jira issue with the summary
+        comment_url = (
+            f'{JIRA_CLOUD_API_URL}/{self.jira_cloud_id}'
+            f'/rest/api/2/issue/{self.issue_key}/comment'
+        )
+
+        message = f'OpenHands resolved this issue:\n\n{summary}'
+        comment_body = format_jira_comment_body(message)
+
+        async with httpx.AsyncClient(verify=httpx_verify_option()) as client:
+            response = await client.post(
+                comment_url,
+                auth=(self.svc_acc_email, self.decrypted_api_key),
+                json=comment_body,
+            )
+            response.raise_for_status()
+            _logger.info(f'[Jira] Posted summary to {self.issue_key}')
--- a/enterprise/integrations/jira/jira_view.py
+++ b/enterprise/integrations/jira/jira_view.py
@@ -7,7 +7,7 @@ Views are responsible for:
 """

 from dataclasses import dataclass, field
-from uuid import uuid4
+from uuid import UUID, uuid4

 import httpx
 from integrations.jira.jira_payload import JiraWebhookPayload
@@ -16,25 +16,34 @@ from integrations.jira.jira_types import (
    RepositoryNotFoundError,
    StartingConvoException,
 )
+from integrations.jira.jira_v1_callback_processor import (
+    JiraV1CallbackProcessor,
+)
+from integrations.resolver_context import ResolverUserContext
 from integrations.resolver_org_router import resolve_org_for_repo
-from integrations.utils import CONVERSATION_URL, infer_repo_from_message
+from integrations.utils import (
+    CONVERSATION_URL,
+    infer_repo_from_message,
+)
 from jinja2 import Environment
-from server.config import get_config
 from storage.jira_conversation import JiraConversation
 from storage.jira_integration_store import JiraIntegrationStore
 from storage.jira_user import JiraUser
 from storage.jira_workspace import JiraWorkspace
-from storage.saas_conversation_store import SaasConversationStore

-from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.provider import ProviderHandler
-from openhands.server.services.conversation_service import start_conversation
-from openhands.server.user_auth.user_auth import UserAuth
-from openhands.storage.data_models.conversation_metadata import (
-    ConversationMetadata,
+from openhands.agent_server.models import SendMessageRequest
+from openhands.app_server.app_conversation.app_conversation_models import (
+    AppConversationStartRequest,
+    AppConversationStartTaskStatus,
    ConversationTrigger,
 )
-from openhands.utils.conversation_summary import get_default_conversation_title
+from openhands.app_server.config import get_app_conversation_service
+from openhands.app_server.integrations.provider import ProviderHandler, ProviderType
+from openhands.app_server.services.injector import InjectorState
+from openhands.app_server.user.specifiy_user_context import USER_CONTEXT_ATTR
+from openhands.app_server.user_auth.user_auth import UserAuth
+from openhands.core.logger import openhands_logger as logger
+from openhands.sdk import TextContent
 from openhands.utils.http_session import httpx_verify_option

 JIRA_CLOUD_API_URL = 'https://api.atlassian.com/ex/jira'
@@ -54,7 +63,7 @@ class JiraNewConversationView(JiraViewInterface):
    saas_user_auth: UserAuth
    jira_user: JiraUser
    jira_workspace: JiraWorkspace
-    selected_repo: str | None = None
+    selected_repo: str = ''
    conversation_id: str = ''

    # Lazy-loaded issue details (cached after first fetch)
@@ -64,6 +73,9 @@ class JiraNewConversationView(JiraViewInterface):
    # Decrypted API key (set by factory)
    _decrypted_api_key: str = field(default='', repr=False)

+    # Resolved org ID for V1 conversations
+    resolved_org_id: UUID | None = None
+
    async def get_issue_details(self) -> tuple[str, str]:
        """Fetch issue details from Jira API (cached after first call).

@@ -169,107 +181,129 @@ class JiraNewConversationView(JiraViewInterface):
        if not self.selected_repo:
            raise StartingConvoException('No repository selected for this conversation')

+        jira_conversation = JiraConversation(
+            conversation_id=self.conversation_id,
+            issue_id=self.payload.issue_id,
+            issue_key=self.payload.issue_key,
+            jira_user_id=self.jira_user.id,
+        )
+        await integration_store.create_conversation(jira_conversation)
+
+        conversation_id = await self._initialize_conversation()
+        await self._create_v1_conversation(jinja_env, conversation_id)
+        return self.conversation_id
+
+    async def _initialize_conversation(self) -> UUID:
+        """Initialize conversation and return the conversation ID.
+
+        The JiraConversation mapping is saved to the integration store (above), but
+        V1 conversation metadata is managed by the app conversation system, not
+        the legacy conversation store.
+        """
+        logger.info('[Jira]: Initializing V1 conversation')
+
+        # Generate a conversation ID for V1
+        conversation_id = uuid4()
+        self.conversation_id = conversation_id.hex
+        self.resolved_org_id = await self._get_resolved_org_id()
+
+        return conversation_id
+
+    async def _create_v1_conversation(
+        self,
+        jinja_env: Environment,
+        conversation_id: UUID,
+    ):
+        """Create conversation using the new V1 app conversation system."""
+        logger.info('[Jira]: Creating V1 conversation')
+
+        initial_user_text = await self._get_v1_initial_user_message(jinja_env)
+
+        # Create the initial message request
+        initial_message = SendMessageRequest(
+            role='user', content=[TextContent(text=initial_user_text)]
+        )
+
+        # Create the Jira V1 callback processor
+        jira_callback_processor = self._create_jira_v1_callback_processor()
+
+        injector_state = InjectorState()
+
+        # Create the V1 conversation start request
+        start_request = AppConversationStartRequest(
+            conversation_id=conversation_id,
+            system_message_suffix=None,
+            initial_message=initial_message,
+            selected_repository=self.selected_repo,
+            selected_branch=None,
+            git_provider=ProviderType.GITHUB,
+            title=f'Jira Issue {self.payload.issue_key}: {self._issue_title or "Unknown"}',
+            trigger=ConversationTrigger.JIRA,
+            processors=[jira_callback_processor],
+        )
+
+        # Set up the Jira user context for the V1 system
+        jira_user_context = ResolverUserContext(
+            saas_user_auth=self.saas_user_auth,
+            resolver_org_id=self.resolved_org_id,
+        )
+        setattr(injector_state, USER_CONTEXT_ATTR, jira_user_context)
+
+        async with get_app_conversation_service(
+            injector_state
+        ) as app_conversation_service:
+            async for task in app_conversation_service.start_app_conversation(
+                start_request
+            ):
+                if task.status == AppConversationStartTaskStatus.ERROR:
+                    logger.error(f'Failed to start V1 conversation: {task.detail}')
+                    raise RuntimeError(
+                        f'Failed to start V1 conversation: {task.detail}'
+                    )
+
+    async def _get_v1_initial_user_message(self, jinja_env: Environment) -> str:
+        """Build the initial user message for V1 resolver conversations."""
+        issue_title, issue_description = await self.get_issue_details()
+
+        user_msg_template = jinja_env.get_template('jira_new_conversation.j2')
+        user_msg = user_msg_template.render(
+            issue_key=self.payload.issue_key,
+            issue_title=issue_title,
+            issue_description=issue_description,
+            user_message=self.payload.user_msg,
+        )
+
+        return user_msg
+
+    def _create_jira_v1_callback_processor(self):
+        """Create a V1 callback processor for Jira integration."""
+        return JiraV1CallbackProcessor(
+            svc_acc_email=self.jira_workspace.svc_acc_email,
+            decrypted_api_key=self._decrypted_api_key,
+            issue_key=self.payload.issue_key,
+            jira_cloud_id=self.jira_workspace.jira_cloud_id,
+        )
+
+    async def _get_resolved_org_id(self) -> UUID | None:
+        """Resolve the org ID for V1 conversations."""
        provider_tokens = await self.saas_user_auth.get_provider_tokens()
-        user_secrets = await self.saas_user_auth.get_secrets()
-        instructions, user_msg = await self._get_instructions(jinja_env)
+        if not provider_tokens:
+            return None

        try:
-            user_id = self.jira_user.keycloak_user_id
-
-            # Resolve git provider from repository
-            resolved_git_provider = None
-            if provider_tokens:
-                try:
-                    provider_handler = ProviderHandler(provider_tokens)
-                    repository = await provider_handler.verify_repo_provider(
-                        self.selected_repo
-                    )
-                    resolved_git_provider = repository.git_provider
-                except Exception as e:
-                    logger.warning(
-                        f'[Jira] Failed to resolve git provider for {self.selected_repo}: {e}'
-                    )
-
-            # Resolve target org based on claimed git organizations
-            resolved_org_id = None
-            if resolved_git_provider and self.selected_repo:
-                try:
-                    resolved_org_id = await resolve_org_for_repo(
-                        provider=resolved_git_provider.value,
-                        full_repo_name=self.selected_repo,
-                        keycloak_user_id=user_id,
-                    )
-                except Exception as e:
-                    logger.warning(
-                        f'[Jira] Failed to resolve org for {self.selected_repo}: {e}'
-                    )
-
-            # Create the conversation store with resolver org routing
-            store = await SaasConversationStore.get_resolver_instance(
-                get_config(),
-                user_id,
-                resolved_org_id,
+            provider_handler = ProviderHandler(provider_tokens)
+            repository = await provider_handler.verify_repo_provider(self.selected_repo)
+            resolved_org_id = await resolve_org_for_repo(
+                provider=repository.git_provider.value,
+                full_repo_name=self.selected_repo,
+                keycloak_user_id=self.jira_user.keycloak_user_id,
            )
-
-            conversation_id = uuid4().hex
-            conversation_metadata = ConversationMetadata(
-                trigger=ConversationTrigger.JIRA,
-                conversation_id=conversation_id,
-                title=get_default_conversation_title(conversation_id),
-                user_id=user_id,
-                selected_repository=self.selected_repo,
-                selected_branch=None,
-                git_provider=resolved_git_provider,
-            )
-            await store.save_metadata(conversation_metadata)
-
-            await start_conversation(
-                user_id=user_id,
-                git_provider_tokens=provider_tokens,
-                custom_secrets=user_secrets.custom_secrets if user_secrets else None,
-                initial_user_msg=user_msg,
-                image_urls=None,
-                replay_json=None,
-                conversation_id=conversation_id,
-                conversation_metadata=conversation_metadata,
-                conversation_instructions=instructions,
-            )
-
-            self.conversation_id = conversation_id
-
-            logger.info(
-                '[Jira] Created conversation',
-                extra={
-                    'conversation_id': self.conversation_id,
-                    'issue_key': self.payload.issue_key,
-                    'selected_repo': self.selected_repo,
-                    'resolved_org_id': str(resolved_org_id)
-                    if resolved_org_id
-                    else None,
-                },
-            )
-
-            # Store Jira conversation mapping
-            jira_conversation = JiraConversation(
-                conversation_id=self.conversation_id,
-                issue_id=self.payload.issue_id,
-                issue_key=self.payload.issue_key,
-                jira_user_id=self.jira_user.id,
-            )
-
-            await integration_store.create_conversation(jira_conversation)
-
-            return self.conversation_id
-
+            return resolved_org_id
        except Exception as e:
-            if isinstance(e, StartingConvoException):
-                raise
-            logger.error(
-                '[Jira] Failed to create conversation',
-                extra={'issue_key': self.payload.issue_key, 'error': str(e)},
-                exc_info=True,
+            logger.warning(
+                f'[Jira] Failed to resolve org for {self.selected_repo}: {e}'
            )
-            raise StartingConvoException(f'Failed to create conversation: {str(e)}')
+            return None

    def get_response_msg(self) -> str:
        """Get the response message to send back to Jira."""
--- a/enterprise/integrations/jira_dc/jira_dc_manager.py
+++ b/enterprise/integrations/jira_dc/jira_dc_manager.py
@@ -20,25 +20,25 @@ from integrations.utils import (
    OPENHANDS_RESOLVER_TEMPLATES_DIR,
    filter_potential_repos_by_user_msg,
    get_session_expired_message,
+    markdown_to_jira_markup,
 )
 from jinja2 import Environment, FileSystemLoader
 from server.auth.saas_user_auth import get_user_auth_from_keycloak_id
 from server.auth.token_manager import TokenManager
-from server.utils.conversation_callback_utils import register_callback_processor
 from storage.jira_dc_integration_store import JiraDcIntegrationStore
 from storage.jira_dc_user import JiraDcUser
 from storage.jira_dc_workspace import JiraDcWorkspace

+from openhands.app_server.integrations.provider import ProviderHandler
+from openhands.app_server.integrations.service_types import Repository
+from openhands.app_server.user_auth.user_auth import UserAuth
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.provider import ProviderHandler
-from openhands.integrations.service_types import Repository
 from openhands.server.shared import server_config
 from openhands.server.types import (
    LLMAuthenticationError,
    MissingSettingsError,
    SessionExpiredError,
 )
-from openhands.server.user_auth.user_auth import UserAuth
 from openhands.utils.http_session import httpx_verify_option


@@ -354,12 +354,7 @@ class JiraDcManager(Manager[JiraDcViewInterface]):
            return False

    async def start_job(self, jira_dc_view: JiraDcViewInterface) -> None:
-        """Start a Jira DC job/conversation."""
-        # Import here to prevent circular import
-        from server.conversation_callback_processor.jira_dc_callback_processor import (
-            JiraDcCallbackProcessor,
-        )
-
+        """Start a Jira DC job/conversation using V1 app conversation system."""
        try:
            user_info: JiraDcUser = jira_dc_view.jira_dc_user
            logger.info(
@@ -367,7 +362,15 @@ class JiraDcManager(Manager[JiraDcViewInterface]):
                f'issue {jira_dc_view.job_context.issue_key}',
            )

-            # Create conversation
+            # Set decrypted API key for new conversations (needed for V1 callback processor)
+            if isinstance(jira_dc_view, JiraDcNewConversationView):
+                api_key = self.token_manager.decrypt_text(
+                    jira_dc_view.jira_dc_workspace.svc_acc_api_key
+                )
+                jira_dc_view._decrypted_api_key = api_key
+
+            # Create conversation using V1 app conversation system
+            # The callback processor is registered automatically by the view
            conversation_id = await jira_dc_view.create_or_update_conversation(
                self.jinja_env
            )
@@ -376,21 +379,6 @@ class JiraDcManager(Manager[JiraDcViewInterface]):
                f'[Jira DC] Created/Updated conversation {conversation_id} for issue {jira_dc_view.job_context.issue_key}'
            )

-            if isinstance(jira_dc_view, JiraDcNewConversationView):
-                # Register callback processor for updates
-                processor = JiraDcCallbackProcessor(
-                    issue_key=jira_dc_view.job_context.issue_key,
-                    workspace_name=jira_dc_view.jira_dc_workspace.name,
-                    base_api_url=jira_dc_view.job_context.base_api_url,
-                )
-
-                # Register the callback processor
-                register_callback_processor(conversation_id, processor)
-
-                logger.info(
-                    f'[Jira DC] Created callback processor for conversation {conversation_id}'
-                )
-
            # Send initial response
            msg_info = jira_dc_view.get_response_msg()

@@ -468,7 +456,8 @@ class JiraDcManager(Manager[JiraDcViewInterface]):
        """
        url = f'{base_api_url}/rest/api/2/issue/{issue_key}/comment'
        headers = {'Authorization': f'Bearer {svc_acc_api_key}'}
-        data = {'body': message}
+        # Convert standard Markdown to Jira Wiki Markup for proper rendering
+        data = {'body': markdown_to_jira_markup(message)}
        async with httpx.AsyncClient(verify=httpx_verify_option()) as client:
            response = await client.post(url, headers=headers, json=data)
            response.raise_for_status()
--- a/enterprise/integrations/jira_dc/jira_dc_types.py
+++ b/enterprise/integrations/jira_dc/jira_dc_types.py
@@ -5,7 +5,7 @@ from jinja2 import Environment
 from storage.jira_dc_user import JiraDcUser
 from storage.jira_dc_workspace import JiraDcWorkspace

-from openhands.server.user_auth.user_auth import UserAuth
+from openhands.app_server.user_auth.user_auth import UserAuth


 class JiraDcViewInterface(ABC):
--- a/enterprise/integrations/jira_dc/jira_dc_v1_callback_processor.py
+++ b/enterprise/integrations/jira_dc/jira_dc_v1_callback_processor.py
@@ -0,0 +1,243 @@
+"""Jira Data Center V1 callback processor.
+
+This processor handles events from V1 conversations and posts
+summaries back to Jira DC issues when the agent finishes work.
+"""
+
+import logging
+from uuid import UUID
+
+import httpx
+from integrations.utils import get_summary_instruction, markdown_to_jira_markup
+from pydantic import Field
+
+from openhands.agent_server.models import AskAgentRequest, AskAgentResponse
+from openhands.app_server.event_callback.event_callback_models import (
+    EventCallback,
+    EventCallbackProcessor,
+)
+from openhands.app_server.event_callback.event_callback_result_models import (
+    EventCallbackResult,
+    EventCallbackResultStatus,
+)
+from openhands.app_server.event_callback.util import (
+    ensure_conversation_found,
+    ensure_running_sandbox,
+    get_agent_server_url_from_sandbox,
+)
+from openhands.sdk import Event
+from openhands.sdk.event import ConversationStateUpdateEvent
+from openhands.utils.http_session import httpx_verify_option
+
+_logger = logging.getLogger(__name__)
+
+
+class JiraDcV1CallbackProcessor(EventCallbackProcessor):
+    """Callback processor for Jira Data Center V1 integrations."""
+
+    should_request_summary: bool = Field(default=True)
+    issue_key: str
+    workspace_name: str
+    base_api_url: str
+    svc_acc_api_key: str  # Decrypted API key
+
+    async def __call__(
+        self,
+        conversation_id: UUID,
+        callback: EventCallback,
+        event: Event,
+    ) -> EventCallbackResult | None:
+        """Process events for Jira DC V1 integration."""
+        # Only handle ConversationStateUpdateEvent for execution_status
+        if not isinstance(event, ConversationStateUpdateEvent):
+            return None
+
+        if event.key != 'execution_status':
+            return None
+
+        _logger.info('[Jira DC] Callback agent state was %s', event)
+
+        # Only request summary when execution has finished successfully
+        if event.value != 'finished':
+            return None
+
+        _logger.info(
+            '[Jira DC] Should request summary: %s', self.should_request_summary
+        )
+
+        if not self.should_request_summary:
+            return None
+
+        self.should_request_summary = False
+
+        try:
+            _logger.info(f'[Jira DC] Requesting summary {conversation_id}')
+            summary = await self._request_summary(conversation_id)
+            _logger.info(
+                f'[Jira DC] Posting summary {conversation_id}',
+                extra={'summary': summary},
+            )
+            await self._post_summary_to_jira_dc(summary)
+
+            return EventCallbackResult(
+                status=EventCallbackResultStatus.SUCCESS,
+                event_callback_id=callback.id,
+                event_id=event.id,
+                conversation_id=conversation_id,
+                detail=summary,
+            )
+        except Exception as e:
+            _logger.exception(f'[Jira DC] Failed to post summary: {e}', stack_info=True)
+            return EventCallbackResult(
+                status=EventCallbackResultStatus.ERROR,
+                event_callback_id=callback.id,
+                event_id=event.id,
+                conversation_id=conversation_id,
+                detail=str(e),
+            )
+
+    async def _request_summary(self, conversation_id: UUID) -> str:
+        """Ask the agent to produce a summary of its work and return the agent response."""
+        # Import services within the method to avoid circular imports
+        from openhands.app_server.config import (
+            get_app_conversation_info_service,
+            get_httpx_client,
+            get_sandbox_service,
+        )
+        from openhands.app_server.services.injector import InjectorState
+        from openhands.app_server.user.specifiy_user_context import (
+            ADMIN,
+            USER_CONTEXT_ATTR,
+        )
+
+        # Create injector state for dependency injection
+        state = InjectorState()
+        setattr(state, USER_CONTEXT_ATTR, ADMIN)
+
+        async with (
+            get_app_conversation_info_service(state) as app_conversation_info_service,
+            get_sandbox_service(state) as sandbox_service,
+            get_httpx_client(state) as httpx_client,
+        ):
+            # 1. Conversation lookup
+            app_conversation_info = ensure_conversation_found(
+                await app_conversation_info_service.get_app_conversation_info(
+                    conversation_id
+                ),
+                conversation_id,
+            )
+
+            # 2. Sandbox lookup + validation
+            sandbox = ensure_running_sandbox(
+                await sandbox_service.get_sandbox(app_conversation_info.sandbox_id),
+                app_conversation_info.sandbox_id,
+            )
+
+            assert (
+                sandbox.session_api_key is not None
+            ), f'No session API key for sandbox: {sandbox.id}'
+
+            # 3. URL + instruction
+            agent_server_url = get_agent_server_url_from_sandbox(sandbox)
+
+            # Prepare message based on agent state
+            message_content = get_summary_instruction()
+
+            # Ask the agent and return the response text
+            return await self._ask_question(
+                httpx_client=httpx_client,
+                agent_server_url=agent_server_url,
+                conversation_id=conversation_id,
+                session_api_key=sandbox.session_api_key,
+                message_content=message_content,
+            )
+
+    async def _ask_question(
+        self,
+        httpx_client: httpx.AsyncClient,
+        agent_server_url: str,
+        conversation_id: UUID,
+        session_api_key: str,
+        message_content: str,
+    ) -> str:
+        """Send a message to the agent server via the V1 API and return response text."""
+        send_message_request = AskAgentRequest(question=message_content)
+
+        url = (
+            f"{agent_server_url.rstrip('/')}"
+            f"/api/conversations/{conversation_id}/ask_agent"
+        )
+        headers = {'X-Session-API-Key': session_api_key}
+        payload = send_message_request.model_dump()
+
+        try:
+            response = await httpx_client.post(
+                url,
+                json=payload,
+                headers=headers,
+                timeout=30.0,
+            )
+            response.raise_for_status()
+
+            agent_response = AskAgentResponse.model_validate(response.json())
+            return agent_response.response
+
+        except httpx.HTTPStatusError as e:
+            error_detail = f'HTTP {e.response.status_code} error'
+            try:
+                error_body = e.response.text
+                if error_body:
+                    error_detail += f': {error_body}'
+            except Exception:
+                pass
+
+            _logger.exception(
+                '[Jira DC] HTTP error sending message to %s: %s. '
+                'Request payload: %s. Response headers: %s',
+                url,
+                error_detail,
+                payload,
+                dict(e.response.headers),
+                stack_info=True,
+            )
+            raise Exception(f'Failed to send message to agent server: {error_detail}')
+
+        except httpx.TimeoutException:
+            error_detail = f'Request timeout after 30 seconds to {url}'
+            _logger.exception(
+                '[Jira DC] Timeout error: %s. Request payload: %s',
+                error_detail,
+                payload,
+                stack_info=True,
+            )
+            raise Exception(f'Failed to send message to agent server: {error_detail}')
+
+    async def _post_summary_to_jira_dc(self, summary: str):
+        """Post the summary back to the Jira DC issue."""
+        if not all(
+            [
+                self.svc_acc_api_key,
+                self.issue_key,
+                self.base_api_url,
+            ]
+        ):
+            _logger.warning('[Jira DC] Missing required data for posting summary')
+            return
+
+        # Add a comment to the Jira DC issue with the summary
+        comment_url = f'{self.base_api_url}/rest/api/2/issue/{self.issue_key}/comment'
+
+        message = f'OpenHands resolved this issue:\n\n{summary}'
+        # Convert standard Markdown to Jira Wiki Markup for proper rendering
+        comment_body = {'body': markdown_to_jira_markup(message)}
+
+        headers = {'Authorization': f'Bearer {self.svc_acc_api_key}'}
+
+        async with httpx.AsyncClient(verify=httpx_verify_option()) as client:
+            response = await client.post(
+                comment_url,
+                headers=headers,
+                json=comment_body,
+            )
+            response.raise_for_status()
+            _logger.info(f'[Jira DC] Posted summary to {self.issue_key}')
--- a/enterprise/integrations/jira_dc/jira_dc_view.py
+++ b/enterprise/integrations/jira_dc/jira_dc_view.py
@@ -1,34 +1,49 @@
-from dataclasses import dataclass
+"""Jira Data Center view implementations and factory.
+
+Views are responsible for:
+- Holding the webhook payload and auth context
+- Creating conversations using V1 app conversation system
+"""
+
+from dataclasses import dataclass, field
+from uuid import UUID, uuid4

 from integrations.jira_dc.jira_dc_types import (
    JiraDcViewInterface,
    StartingConvoException,
 )
+from integrations.jira_dc.jira_dc_v1_callback_processor import JiraDcV1CallbackProcessor
 from integrations.models import JobContext
-from integrations.utils import CONVERSATION_URL, get_final_agent_observation
+from integrations.resolver_context import ResolverUserContext
+from integrations.resolver_org_router import resolve_org_for_repo
+from integrations.utils import CONVERSATION_URL
 from jinja2 import Environment
 from storage.jira_dc_conversation import JiraDcConversation
 from storage.jira_dc_integration_store import JiraDcIntegrationStore
 from storage.jira_dc_user import JiraDcUser
 from storage.jira_dc_workspace import JiraDcWorkspace

-from openhands.core.logger import openhands_logger as logger
-from openhands.core.schema.agent import AgentState
-from openhands.events.action import MessageAction
-from openhands.events.serialization.event import event_to_dict
-from openhands.server.services.conversation_service import (
-    create_new_conversation,
-    setup_init_conversation_settings,
+from openhands.agent_server.models import SendMessageRequest
+from openhands.app_server.app_conversation.app_conversation_models import (
+    AppConversationStartRequest,
+    AppConversationStartTaskStatus,
+    ConversationTrigger,
 )
-from openhands.server.shared import ConversationStoreImpl, config, conversation_manager
-from openhands.server.user_auth.user_auth import UserAuth
-from openhands.storage.data_models.conversation_metadata import ConversationTrigger
+from openhands.app_server.config import get_app_conversation_service
+from openhands.app_server.integrations.provider import ProviderHandler, ProviderType
+from openhands.app_server.services.injector import InjectorState
+from openhands.app_server.user.specifiy_user_context import USER_CONTEXT_ATTR
+from openhands.app_server.user_auth.user_auth import UserAuth
+from openhands.core.logger import openhands_logger as logger
+from openhands.sdk import TextContent

 integration_store = JiraDcIntegrationStore.get_instance()


@dataclass
 class JiraDcNewConversationView(JiraDcViewInterface):
+    """View for creating a new Jira DC conversation."""
+
    job_context: JobContext
    saas_user_auth: UserAuth
    jira_dc_user: JiraDcUser
@@ -36,9 +51,14 @@ class JiraDcNewConversationView(JiraDcViewInterface):
    selected_repo: str | None
    conversation_id: str

-    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
-        """Instructions passed when conversation is first initialized"""
+    # Decrypted API key (set by manager)
+    _decrypted_api_key: str = field(default='', repr=False)

+    # Resolved org ID for V1 conversations
+    resolved_org_id: UUID | None = None
+
+    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
+        """Instructions passed when conversation is first initialized."""
        instructions_template = jinja_env.get_template('jira_dc_instructions.j2')
        instructions = instructions_template.render()

@@ -54,58 +74,148 @@ class JiraDcNewConversationView(JiraDcViewInterface):
        return instructions, user_msg

    async def create_or_update_conversation(self, jinja_env: Environment) -> str:
-        """Create a new Jira DC conversation"""
+        """Create a new Jira DC conversation using V1 app conversation system.

+        Returns:
+            The conversation ID
+
+        Raises:
+            StartingConvoException: If conversation creation fails
+        """
        if not self.selected_repo:
            raise StartingConvoException('No repository selected for this conversation')

-        provider_tokens = await self.saas_user_auth.get_provider_tokens()
-        user_secrets = await self.saas_user_auth.get_secrets()
+        # Generate conversation ID
+        self.conversation_id = uuid4().hex
+
+        # Save the JiraDC conversation mapping
+        jira_dc_conversation = JiraDcConversation(
+            conversation_id=self.conversation_id,
+            issue_id=self.job_context.issue_id,
+            issue_key=self.job_context.issue_key,
+            jira_dc_user_id=self.jira_dc_user.id,
+        )
+        await integration_store.create_conversation(jira_dc_conversation)
+
+        # Create V1 conversation
+        await self._create_v1_conversation(jinja_env)
+        return self.conversation_id
+
+    async def _create_v1_conversation(self, jinja_env: Environment):
+        """Create conversation using the V1 app conversation system."""
+        logger.info('[Jira DC]: Creating V1 conversation')
+
        instructions, user_msg = await self._get_instructions(jinja_env)

+        # Create the initial message request
+        initial_message = SendMessageRequest(
+            role='user', content=[TextContent(text=user_msg)]
+        )
+
+        # Create the Jira DC V1 callback processor
+        jira_dc_callback_processor = self._create_jira_dc_v1_callback_processor()
+
+        # Resolve org ID for the V1 system
+        self.resolved_org_id = await self._get_resolved_org_id()
+
+        # Determine git provider
+        git_provider = await self._get_git_provider()
+
+        injector_state = InjectorState()
+
+        # Create the V1 conversation start request
+        start_request = AppConversationStartRequest(
+            conversation_id=UUID(self.conversation_id),
+            system_message_suffix=instructions if instructions else None,
+            initial_message=initial_message,
+            selected_repository=self.selected_repo,
+            selected_branch=None,
+            git_provider=git_provider,
+            title=f'Jira DC Issue {self.job_context.issue_key}: {self.job_context.issue_title or "Unknown"}',
+            trigger=ConversationTrigger.JIRA,
+            processors=[jira_dc_callback_processor],
+        )
+
+        # Set up the Jira DC user context for the V1 system
+        jira_dc_user_context = ResolverUserContext(
+            saas_user_auth=self.saas_user_auth,
+            resolver_org_id=self.resolved_org_id,
+        )
+        setattr(injector_state, USER_CONTEXT_ATTR, jira_dc_user_context)
+
+        async with get_app_conversation_service(
+            injector_state
+        ) as app_conversation_service:
+            async for task in app_conversation_service.start_app_conversation(
+                start_request
+            ):
+                if task.status == AppConversationStartTaskStatus.ERROR:
+                    logger.error(f'Failed to start V1 conversation: {task.detail}')
+                    raise RuntimeError(
+                        f'Failed to start V1 conversation: {task.detail}'
+                    )
+
+        logger.info(f'[Jira DC]: Created new conversation: {self.conversation_id}')
+
+    def _create_jira_dc_v1_callback_processor(self) -> JiraDcV1CallbackProcessor:
+        """Create a V1 callback processor for Jira DC integration."""
+        return JiraDcV1CallbackProcessor(
+            issue_key=self.job_context.issue_key,
+            workspace_name=self.jira_dc_workspace.name,
+            base_api_url=self.job_context.base_api_url,
+            svc_acc_api_key=self._decrypted_api_key,
+        )
+
+    async def _get_git_provider(self) -> ProviderType | None:
+        """Determine the git provider from the selected repository."""
+        if not self.selected_repo:
+            return None
+
+        provider_tokens = await self.saas_user_auth.get_provider_tokens()
+        if not provider_tokens:
+            return None
+
        try:
-            agent_loop_info = await create_new_conversation(
-                user_id=self.jira_dc_user.keycloak_user_id,
-                git_provider_tokens=provider_tokens,
-                selected_repository=self.selected_repo,
-                selected_branch=None,
-                initial_user_msg=user_msg,
-                conversation_instructions=instructions,
-                image_urls=None,
-                replay_json=None,
-                conversation_trigger=ConversationTrigger.JIRA_DC,
-                custom_secrets=user_secrets.custom_secrets if user_secrets else None,
-            )
-
-            self.conversation_id = agent_loop_info.conversation_id
-
-            logger.info(f'[Jira DC] Created conversation {self.conversation_id}')
-
-            # Store Jira DC conversation mapping
-            jira_dc_conversation = JiraDcConversation(
-                conversation_id=self.conversation_id,
-                issue_id=self.job_context.issue_id,
-                issue_key=self.job_context.issue_key,
-                jira_dc_user_id=self.jira_dc_user.id,
-            )
-
-            await integration_store.create_conversation(jira_dc_conversation)
-
-            return self.conversation_id
+            provider_handler = ProviderHandler(provider_tokens)
+            repository = await provider_handler.verify_repo_provider(self.selected_repo)
+            return repository.git_provider
        except Exception as e:
-            logger.error(
-                f'[Jira DC] Failed to create conversation: {str(e)}', exc_info=True
+            logger.warning(
+                f'[Jira DC] Failed to determine git provider for {self.selected_repo}: {e}'
            )
-            raise StartingConvoException(f'Failed to create conversation: {str(e)}')
+            return None
+
+    async def _get_resolved_org_id(self) -> UUID | None:
+        """Resolve the org ID for V1 conversations."""
+        provider_tokens = await self.saas_user_auth.get_provider_tokens()
+        if not provider_tokens or not self.selected_repo:
+            return None
+
+        try:
+            provider_handler = ProviderHandler(provider_tokens)
+            repository = await provider_handler.verify_repo_provider(self.selected_repo)
+            resolved_org_id = await resolve_org_for_repo(
+                provider=repository.git_provider.value,
+                full_repo_name=self.selected_repo,
+                keycloak_user_id=self.jira_dc_user.keycloak_user_id,
+            )
+            return resolved_org_id
+        except Exception as e:
+            logger.warning(
+                f'[Jira DC] Failed to resolve org for {self.selected_repo}: {e}'
+            )
+            return None

    def get_response_msg(self) -> str:
-        """Get the response message to send back to Jira DC"""
+        """Get the response message to send back to Jira DC."""
        conversation_link = CONVERSATION_URL.format(self.conversation_id)
        return f"I'm on it! {self.job_context.display_name} can [track my progress here|{conversation_link}]."


@dataclass
 class JiraDcExistingConversationView(JiraDcViewInterface):
+    """View for sending messages to an existing Jira DC conversation."""
+
    job_context: JobContext
    saas_user_auth: UserAuth
    jira_dc_user: JiraDcUser
@@ -114,8 +224,7 @@ class JiraDcExistingConversationView(JiraDcViewInterface):
    conversation_id: str

    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
-        """Instructions passed when conversation is first initialized"""
-
+        """Instructions passed when conversation is updated."""
        user_msg_template = jinja_env.get_template('jira_dc_existing_conversation.j2')
        user_msg = user_msg_template.render(
            issue_key=self.job_context.issue_key,
@@ -127,64 +236,107 @@ class JiraDcExistingConversationView(JiraDcViewInterface):
        return '', user_msg

    async def create_or_update_conversation(self, jinja_env: Environment) -> str:
-        """Update an existing Jira conversation"""
+        """Send a message to an existing V1 conversation.

-        user_id = self.jira_dc_user.keycloak_user_id
+        Returns:
+            The conversation ID
+        """
+        await self._send_message_to_v1_conversation(jinja_env)
+        return self.conversation_id

-        try:
-            conversation_store = await ConversationStoreImpl.get_instance(
-                config, user_id
+    async def _send_message_to_v1_conversation(self, jinja_env: Environment):
+        """Send a message to an existing V1 conversation using the agent server API."""
+        import httpx
+
+        from openhands.app_server.config import (
+            get_app_conversation_info_service,
+            get_httpx_client,
+            get_sandbox_service,
+        )
+        from openhands.app_server.event_callback.util import (
+            ensure_conversation_found,
+            get_agent_server_url_from_sandbox,
+        )
+        from openhands.app_server.sandbox.sandbox_models import SandboxStatus
+        from openhands.app_server.services.injector import InjectorState
+        from openhands.app_server.user.specifiy_user_context import (
+            ADMIN,
+            USER_CONTEXT_ATTR,
+        )
+
+        _, user_msg = await self._get_instructions(jinja_env)
+
+        # Create injector state for dependency injection
+        state = InjectorState()
+        setattr(state, USER_CONTEXT_ATTR, ADMIN)
+
+        async with (
+            get_app_conversation_info_service(state) as app_conversation_info_service,
+            get_sandbox_service(state) as sandbox_service,
+            get_httpx_client(state) as httpx_client,
+        ):
+            # 1. Conversation lookup
+            conversation_uuid = UUID(self.conversation_id)
+            app_conversation_info = ensure_conversation_found(
+                await app_conversation_info_service.get_app_conversation_info(
+                    conversation_uuid
+                ),
+                conversation_uuid,
            )

+            # 2. Sandbox lookup + validation
+            sandbox = await sandbox_service.get_sandbox(
+                app_conversation_info.sandbox_id
+            )
+
+            if sandbox is None or sandbox.status != SandboxStatus.RUNNING:
+                logger.warning(
+                    f'[Jira DC] Sandbox not running for conversation {self.conversation_id}'
+                )
+                return
+
+            if sandbox.session_api_key is None:
+                logger.warning(
+                    f'[Jira DC] No session API key for sandbox: {sandbox.id}'
+                )
+                return
+
+            # 3. Build URL and send message
+            agent_server_url = get_agent_server_url_from_sandbox(sandbox)
+
+            send_message_request = SendMessageRequest(
+                role='user', content=[TextContent(text=user_msg)]
+            )
+
+            url = (
+                f"{agent_server_url.rstrip('/')}"
+                f'/api/conversations/{self.conversation_id}/messages'
+            )
+            headers = {'X-Session-API-Key': sandbox.session_api_key}
+            payload = send_message_request.model_dump()
+
            try:
-                await conversation_store.get_metadata(self.conversation_id)
-            except FileNotFoundError:
-                raise StartingConvoException('Conversation no longer exists.')
-
-            provider_tokens = await self.saas_user_auth.get_provider_tokens()
-            if provider_tokens is None:
-                raise ValueError('Could not load provider tokens')
-            providers_set = list(provider_tokens.keys())
-
-            conversation_init_data = await setup_init_conversation_settings(
-                user_id, self.conversation_id, providers_set
-            )
-
-            # Either join ongoing conversation, or restart the conversation
-            agent_loop_info = await conversation_manager.maybe_start_agent_loop(
-                self.conversation_id, conversation_init_data, user_id
-            )
-
-            if agent_loop_info.event_store is None:
-                raise StartingConvoException('Event store not available')
-
-            final_agent_observation = get_final_agent_observation(
-                agent_loop_info.event_store
-            )
-            agent_state = (
-                None
-                if len(final_agent_observation) == 0
-                else final_agent_observation[0].agent_state
-            )
-
-            if not agent_state or agent_state == AgentState.LOADING:
-                raise StartingConvoException('Conversation is still starting')
-
-            _, user_msg = await self._get_instructions(jinja_env)
-            user_message_event = MessageAction(content=user_msg)
-            await conversation_manager.send_event_to_conversation(
-                self.conversation_id, event_to_dict(user_message_event)
-            )
-
-            return self.conversation_id
-        except Exception as e:
-            logger.error(
-                f'[Jira] Failed to create conversation: {str(e)}', exc_info=True
-            )
-            raise StartingConvoException(f'Failed to create conversation: {str(e)}')
+                response = await httpx_client.post(
+                    url,
+                    json=payload,
+                    headers=headers,
+                    timeout=30.0,
+                )
+                response.raise_for_status()
+                logger.info(
+                    f'[Jira DC] Sent message to existing conversation {self.conversation_id}'
+                )
+            except httpx.HTTPStatusError as e:
+                logger.error(
+                    f'[Jira DC] Failed to send message: HTTP {e.response.status_code}'
+                )
+                raise
+            except Exception as e:
+                logger.error(f'[Jira DC] Failed to send message: {e}')
+                raise

    def get_response_msg(self) -> str:
-        """Get the response message to send back to Jira"""
+        """Get the response message to send back to Jira."""
        conversation_link = CONVERSATION_URL.format(self.conversation_id)
        return f"I'm on it! {self.job_context.display_name} can [continue tracking my progress here|{conversation_link}]."

@@ -200,7 +352,6 @@ class JiraDcFactory:
        jira_dc_workspace: JiraDcWorkspace,
    ) -> JiraDcViewInterface:
        """Create appropriate Jira DC view based on the payload."""
-
        if not jira_dc_user or not saas_user_auth or not jira_dc_workspace:
            raise StartingConvoException('User not authenticated with Jira integration')

--- a/enterprise/integrations/linear/linear_manager.py
+++ b/enterprise/integrations/linear/linear_manager.py
@@ -1,536 +0,0 @@
-import hashlib
-import hmac
-from typing import Dict, Optional, Tuple
-
-import httpx
-from fastapi import Request
-from integrations.linear.linear_types import LinearViewInterface
-from integrations.linear.linear_view import (
-    LinearExistingConversationView,
-    LinearFactory,
-    LinearNewConversationView,
-)
-from integrations.manager import Manager
-from integrations.models import JobContext, Message
-from integrations.utils import (
-    HOST_URL,
-    OPENHANDS_RESOLVER_TEMPLATES_DIR,
-    filter_potential_repos_by_user_msg,
-    get_session_expired_message,
-)
-from jinja2 import Environment, FileSystemLoader
-from server.auth.saas_user_auth import get_user_auth_from_keycloak_id
-from server.auth.token_manager import TokenManager
-from server.utils.conversation_callback_utils import register_callback_processor
-from storage.linear_integration_store import LinearIntegrationStore
-from storage.linear_user import LinearUser
-from storage.linear_workspace import LinearWorkspace
-
-from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.provider import ProviderHandler
-from openhands.integrations.service_types import Repository
-from openhands.server.shared import server_config
-from openhands.server.types import (
-    LLMAuthenticationError,
-    MissingSettingsError,
-    SessionExpiredError,
-)
-from openhands.server.user_auth.user_auth import UserAuth
-from openhands.utils.http_session import httpx_verify_option
-
-
-class LinearManager(Manager[LinearViewInterface]):
-    def __init__(self, token_manager: TokenManager):
-        self.token_manager = token_manager
-        self.integration_store = LinearIntegrationStore.get_instance()
-        self.api_url = 'https://api.linear.app/graphql'
-        self.jinja_env = Environment(
-            loader=FileSystemLoader(OPENHANDS_RESOLVER_TEMPLATES_DIR + 'linear')
-        )
-
-    async def authenticate_user(
-        self, linear_user_id: str, workspace_id: int
-    ) -> tuple[LinearUser | None, UserAuth | None]:
-        """Authenticate Linear user and get their OpenHands user auth."""
-
-        # Find active Linear user by Linear user ID and workspace ID
-        linear_user = await self.integration_store.get_active_user(
-            linear_user_id, workspace_id
-        )
-
-        if not linear_user:
-            logger.warning(
-                f'[Linear] No active Linear user found for {linear_user_id} in workspace {workspace_id}'
-            )
-            return None, None
-
-        saas_user_auth = await get_user_auth_from_keycloak_id(
-            linear_user.keycloak_user_id
-        )
-        return linear_user, saas_user_auth
-
-    async def _get_repositories(self, user_auth: UserAuth) -> list[Repository]:
-        """Get repositories that the user has access to."""
-        provider_tokens = await user_auth.get_provider_tokens()
-        if provider_tokens is None:
-            return []
-        access_token = await user_auth.get_access_token()
-        user_id = await user_auth.get_user_id()
-        client = ProviderHandler(
-            provider_tokens=provider_tokens,
-            external_auth_token=access_token,
-            external_auth_id=user_id,
-        )
-        repos: list[Repository] = await client.get_repositories(
-            'pushed', server_config.app_mode, None, None, None, None
-        )
-        return repos
-
-    async def validate_request(
-        self, request: Request
-    ) -> Tuple[bool, Optional[str], Optional[Dict]]:
-        """Verify Linear webhook signature."""
-        signature = request.headers.get('linear-signature')
-        body = await request.body()
-        payload = await request.json()
-        actor_url = payload.get('actor', {}).get('url', '')
-        workspace_name = ''
-
-        # Extract workspace name from actor URL
-        # Format: https://linear.app/{workspace}/profiles/{user}
-        if actor_url.startswith('https://linear.app/'):
-            url_parts = actor_url.split('/')
-            if len(url_parts) >= 4:
-                workspace_name = url_parts[3]  # Extract workspace name
-            else:
-                logger.warning(f'[Linear] Invalid actor URL format: {actor_url}')
-                return False, None, None
-        else:
-            logger.warning(
-                f'[Linear] Actor URL does not match expected format: {actor_url}'
-            )
-            return False, None, None
-
-        if not workspace_name:
-            logger.warning('[Linear] No workspace name found in webhook payload')
-            return False, None, None
-
-        if not signature:
-            logger.warning('[Linear] No signature found in webhook headers')
-            return False, None, None
-
-        workspace = await self.integration_store.get_workspace_by_name(workspace_name)
-
-        if not workspace:
-            logger.warning('[Linear] Could not identify workspace for webhook')
-            return False, None, None
-
-        if workspace.status != 'active':
-            logger.warning(f'[Linear] Workspace {workspace.id} is not active')
-            return False, None, None
-
-        webhook_secret = self.token_manager.decrypt_text(workspace.webhook_secret)
-        digest = hmac.new(webhook_secret.encode(), body, hashlib.sha256).hexdigest()
-
-        if hmac.compare_digest(signature, digest):
-            logger.info('[Linear] Webhook signature verified successfully')
-            return True, signature, payload
-
-        return False, None, None
-
-    def parse_webhook(self, payload: Dict) -> JobContext | None:
-        action = payload.get('action')
-        type = payload.get('type')
-
-        if action == 'create' and type == 'Comment':
-            data = payload.get('data', {})
-            comment = data.get('body', '')
-
-            if '@openhands' not in comment:
-                return None
-
-            issue_data = data.get('issue', {})
-            issue_id = issue_data.get('id', '')
-            issue_key = issue_data.get('identifier', '')
-        elif action == 'update' and type == 'Issue':
-            data = payload.get('data', {})
-            labels = data.get('labels', [])
-
-            has_openhands_label = False
-            label_id = ''
-            for label in labels:
-                if label.get('name') == 'openhands':
-                    label_id = label.get('id', '')
-                    has_openhands_label = True
-                    break
-
-            if not has_openhands_label and not label_id:
-                return None
-
-            labelIdChanges = data.get('updatedFrom', {}).get('labelIds', [])
-
-            if labelIdChanges and label_id in labelIdChanges:
-                return None  # Label was added previously, ignore this webhook
-
-            issue_id = data.get('id', '')
-            issue_key = data.get('identifier', '')
-            comment = ''
-
-        else:
-            return None
-
-        actor = payload.get('actor', {})
-        display_name = actor.get('name', '')
-        user_email = actor.get('email', '')
-        actor_url = actor.get('url', '')
-        actor_id = actor.get('id', '')
-        workspace_name = ''
-
-        if actor_url.startswith('https://linear.app/'):
-            url_parts = actor_url.split('/')
-            if len(url_parts) >= 4:
-                workspace_name = url_parts[3]  # Extract workspace name
-            else:
-                logger.warning(f'[Linear] Invalid actor URL format: {actor_url}')
-                return None
-        else:
-            logger.warning(
-                f'[Linear] Actor URL does not match expected format: {actor_url}'
-            )
-            return None
-
-        if not all(
-            [issue_id, issue_key, display_name, user_email, actor_id, workspace_name]
-        ):
-            logger.warning('[Linear] Missing required fields in webhook payload')
-            return None
-
-        return JobContext(
-            issue_id=issue_id,
-            issue_key=issue_key,
-            user_msg=comment,
-            user_email=user_email,
-            platform_user_id=actor_id,
-            workspace_name=workspace_name,
-            display_name=display_name,
-        )
-
-    async def receive_message(self, message: Message):
-        """Process incoming Linear webhook message."""
-        payload = message.message.get('payload', {})
-        job_context = self.parse_webhook(payload)
-
-        if not job_context:
-            logger.info('[Linear] Webhook does not match trigger conditions')
-            return
-
-        # Get workspace by user email domain
-        workspace = await self.integration_store.get_workspace_by_name(
-            job_context.workspace_name
-        )
-        if not workspace:
-            logger.warning(
-                f'[Linear] No workspace found for email domain: {job_context.workspace_name}'
-            )
-            await self._send_error_comment(
-                job_context.issue_id,
-                'Your workspace is not configured with Linear integration.',
-                None,
-            )
-            return
-
-        # Prevent any recursive triggers from the service account
-        if job_context.user_email == workspace.svc_acc_email:
-            return
-
-        if workspace.status != 'active':
-            logger.warning(f'[Linear] Workspace {workspace.id} is not active')
-            await self._send_error_comment(
-                job_context.issue_id,
-                'Linear integration is not active for your workspace.',
-                workspace,
-            )
-            return
-
-        # Authenticate user
-        linear_user, saas_user_auth = await self.authenticate_user(
-            job_context.platform_user_id, workspace.id
-        )
-        if not linear_user or not saas_user_auth:
-            logger.warning(
-                f'[Linear] User authentication failed for {job_context.user_email}'
-            )
-            await self._send_error_comment(
-                job_context.issue_id,
-                f'User {job_context.user_email} is not authenticated or active in the Linear integration.',
-                workspace,
-            )
-            return
-
-        # Get issue details
-        try:
-            api_key = self.token_manager.decrypt_text(workspace.svc_acc_api_key)
-            issue_title, issue_description = await self.get_issue_details(
-                job_context.issue_id, api_key
-            )
-            job_context.issue_title = issue_title
-            job_context.issue_description = issue_description
-        except Exception as e:
-            logger.error(f'[Linear] Failed to get issue context: {str(e)}')
-            await self._send_error_comment(
-                job_context.issue_id,
-                'Failed to retrieve issue details. Please check the issue ID and try again.',
-                workspace,
-            )
-            return
-
-        try:
-            # Create Linear view
-            linear_view = await LinearFactory.create_linear_view_from_payload(
-                job_context,
-                saas_user_auth,
-                linear_user,
-                workspace,
-            )
-        except Exception as e:
-            logger.error(
-                f'[Linear] Failed to create linear view: {str(e)}', exc_info=True
-            )
-            await self._send_error_comment(
-                job_context.issue_id,
-                'Failed to initialize conversation. Please try again.',
-                workspace,
-            )
-            return
-
-        if not await self.is_job_requested(message, linear_view):
-            return
-
-        await self.start_job(linear_view)
-
-    async def is_job_requested(
-        self, message: Message, linear_view: LinearViewInterface
-    ) -> bool:
-        """
-        Check if a job is requested and handle repository selection.
-        """
-
-        if isinstance(linear_view, LinearExistingConversationView):
-            return True
-
-        try:
-            # Get user repositories
-            user_repos: list[Repository] = await self._get_repositories(
-                linear_view.saas_user_auth
-            )
-
-            target_str = f'{linear_view.job_context.issue_description}\n{linear_view.job_context.user_msg}'
-
-            # Try to infer repository from issue description
-            match, repos = filter_potential_repos_by_user_msg(target_str, user_repos)
-
-            if match:
-                # Found exact repository match
-                linear_view.selected_repo = repos[0].full_name
-                logger.info(f'[Linear] Inferred repository: {repos[0].full_name}')
-                return True
-            else:
-                # No clear match - send repository selection comment
-                await self._send_repo_selection_comment(linear_view)
-                return False
-
-        except Exception as e:
-            logger.error(f'[Linear] Error in is_job_requested: {str(e)}')
-            return False
-
-    async def start_job(self, linear_view: LinearViewInterface) -> None:
-        """Start a Linear job/conversation."""
-        # Import here to prevent circular import
-        from server.conversation_callback_processor.linear_callback_processor import (
-            LinearCallbackProcessor,
-        )
-
-        try:
-            user_info: LinearUser = linear_view.linear_user
-            logger.info(
-                f'[Linear] Starting job for user {user_info.keycloak_user_id} '
-                f'issue {linear_view.job_context.issue_key}',
-            )
-
-            # Create conversation
-            conversation_id = await linear_view.create_or_update_conversation(
-                self.jinja_env
-            )
-
-            logger.info(
-                f'[Linear] Created/Updated conversation {conversation_id} for issue {linear_view.job_context.issue_key}'
-            )
-
-            if isinstance(linear_view, LinearNewConversationView):
-                # Register callback processor for updates
-                processor = LinearCallbackProcessor(
-                    issue_id=linear_view.job_context.issue_id,
-                    issue_key=linear_view.job_context.issue_key,
-                    workspace_name=linear_view.linear_workspace.name,
-                )
-
-                # Register the callback processor
-                register_callback_processor(conversation_id, processor)
-
-                logger.info(
-                    f'[Linear] Created callback processor for conversation {conversation_id}'
-                )
-
-            # Send initial response
-            msg_info = linear_view.get_response_msg()
-
-        except MissingSettingsError as e:
-            logger.warning(f'[Linear] Missing settings error: {str(e)}')
-            msg_info = f'Please re-login into [OpenHands Cloud]({HOST_URL}) before starting a job.'
-
-        except LLMAuthenticationError as e:
-            logger.warning(f'[Linear] LLM authentication error: {str(e)}')
-            msg_info = f'Please set a valid LLM API key in [OpenHands Cloud]({HOST_URL}) before starting a job.'
-
-        except SessionExpiredError as e:
-            logger.warning(f'[Linear] Session expired: {str(e)}')
-            msg_info = get_session_expired_message()
-
-        except Exception as e:
-            logger.error(
-                f'[Linear] Unexpected error starting job: {str(e)}', exc_info=True
-            )
-            msg_info = 'Sorry, there was an unexpected error starting the job. Please try again.'
-
-        # Send response comment
-        try:
-            api_key = self.token_manager.decrypt_text(
-                linear_view.linear_workspace.svc_acc_api_key
-            )
-            await self.send_message(
-                msg_info,
-                linear_view.job_context.issue_id,
-                api_key,
-            )
-        except Exception as e:
-            logger.error(f'[Linear] Failed to send response message: {str(e)}')
-
-    async def _query_api(self, query: str, variables: Dict, api_key: str) -> Dict:
-        """Query Linear GraphQL API."""
-        headers = {'Authorization': api_key}
-        async with httpx.AsyncClient(verify=httpx_verify_option()) as client:
-            response = await client.post(
-                self.api_url,
-                headers=headers,
-                json={'query': query, 'variables': variables},
-            )
-            response.raise_for_status()
-            return response.json()
-
-    async def get_issue_details(self, issue_id: str, api_key: str) -> Tuple[str, str]:
-        """Get issue details from Linear API."""
-        query = """
-            query Issue($issueId: String!) {
-              issue(id: $issueId) {
-                id
-                identifier
-                title
-                description
-                syncedWith {
-                    metadata {
-                        ... on ExternalEntityInfoGithubMetadata {
-                        owner
-                        repo
-                        }
-                    }
-                }
-              }
-            }
-        """
-        issue_payload = await self._query_api(query, {'issueId': issue_id}, api_key)
-
-        if not issue_payload:
-            raise ValueError(f'Issue with ID {issue_id} not found.')
-
-        issue_data = issue_payload.get('data', {}).get('issue', {})
-        title = issue_data.get('title', '')
-        description = issue_data.get('description', '')
-        synced_with = issue_data.get('syncedWith', [])
-        owner = ''
-        repo = ''
-        if synced_with:
-            owner = synced_with[0].get('metadata', {}).get('owner', '')
-            repo = synced_with[0].get('metadata', {}).get('repo', '')
-
-        if not title:
-            raise ValueError(f'Issue with ID {issue_id} does not have a title.')
-
-        if not description:
-            raise ValueError(f'Issue with ID {issue_id} does not have a description.')
-
-        if owner and repo:
-            description += f'\n\nGit Repo: {owner}/{repo}'
-
-        return title, description
-
-    async def send_message(self, message: str, issue_id: str, api_key: str):
-        """Send message/comment to Linear issue.
-
-        Args:
-            message: The message content to send (plain text string)
-            issue_id: The Linear issue ID to comment on
-            api_key: The Linear API key for authentication
-        """
-        query = """
-            mutation CommentCreate($input: CommentCreateInput!) {
-              commentCreate(input: $input) {
-                success
-                comment {
-                  id
-                }
-              }
-            }
-        """
-        variables = {'input': {'issueId': issue_id, 'body': message}}
-        return await self._query_api(query, variables, api_key)
-
-    async def _send_error_comment(
-        self, issue_id: str, error_msg: str, workspace: LinearWorkspace | None
-    ):
-        """Send error comment to Linear issue."""
-        if not workspace:
-            logger.error('[Linear] Cannot send error comment - no workspace available')
-            return
-
-        try:
-            api_key = self.token_manager.decrypt_text(workspace.svc_acc_api_key)
-            await self.send_message(error_msg, issue_id, api_key)
-        except Exception as e:
-            logger.error(f'[Linear] Failed to send error comment: {str(e)}')
-
-    async def _send_repo_selection_comment(self, linear_view: LinearViewInterface):
-        """Send a comment with repository options for the user to choose."""
-        try:
-            comment_msg = (
-                'I need to know which repository to work with. '
-                'Please add it to your issue description or send a followup comment.'
-            )
-
-            api_key = self.token_manager.decrypt_text(
-                linear_view.linear_workspace.svc_acc_api_key
-            )
-
-            await self.send_message(
-                comment_msg,
-                linear_view.job_context.issue_id,
-                api_key,
-            )
-
-            logger.info(
-                f'[Linear] Sent repository selection comment for issue {linear_view.job_context.issue_key}'
-            )
-
-        except Exception as e:
-            logger.error(
-                f'[Linear] Failed to send repository selection comment: {str(e)}'
-            )
--- a/enterprise/integrations/linear/linear_types.py
+++ b/enterprise/integrations/linear/linear_types.py
@@ -1,40 +0,0 @@
-from abc import ABC, abstractmethod
-
-from integrations.models import JobContext
-from jinja2 import Environment
-from storage.linear_user import LinearUser
-from storage.linear_workspace import LinearWorkspace
-
-from openhands.server.user_auth.user_auth import UserAuth
-
-
-class LinearViewInterface(ABC):
-    """Interface for Linear views that handle different types of Linear interactions."""
-
-    job_context: JobContext
-    saas_user_auth: UserAuth
-    linear_user: LinearUser
-    linear_workspace: LinearWorkspace
-    selected_repo: str | None
-    conversation_id: str
-
-    @abstractmethod
-    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
-        """Get initial instructions for the conversation."""
-        pass
-
-    @abstractmethod
-    async def create_or_update_conversation(self, jinja_env: Environment) -> str:
-        """Create or update a conversation and return the conversation ID."""
-        pass
-
-    @abstractmethod
-    def get_response_msg(self) -> str:
-        """Get the response message to send back to Linear."""
-        pass
-
-
-class StartingConvoException(Exception):
-    """Exception raised when starting a conversation fails."""
-
-    pass
--- a/enterprise/integrations/linear/linear_view.py
+++ b/enterprise/integrations/linear/linear_view.py
@@ -1,288 +0,0 @@
-from dataclasses import dataclass
-from uuid import uuid4
-
-from integrations.linear.linear_types import LinearViewInterface, StartingConvoException
-from integrations.models import JobContext
-from integrations.resolver_org_router import resolve_org_for_repo
-from integrations.utils import CONVERSATION_URL, get_final_agent_observation
-from jinja2 import Environment
-from server.config import get_config
-from storage.linear_conversation import LinearConversation
-from storage.linear_integration_store import LinearIntegrationStore
-from storage.linear_user import LinearUser
-from storage.linear_workspace import LinearWorkspace
-from storage.saas_conversation_store import SaasConversationStore
-
-from openhands.core.logger import openhands_logger as logger
-from openhands.core.schema.agent import AgentState
-from openhands.events.action import MessageAction
-from openhands.events.serialization.event import event_to_dict
-from openhands.integrations.provider import ProviderHandler
-from openhands.server.services.conversation_service import (
-    setup_init_conversation_settings,
-    start_conversation,
-)
-from openhands.server.shared import ConversationStoreImpl, config, conversation_manager
-from openhands.server.user_auth.user_auth import UserAuth
-from openhands.storage.data_models.conversation_metadata import (
-    ConversationMetadata,
-    ConversationTrigger,
-)
-from openhands.utils.conversation_summary import get_default_conversation_title
-
-integration_store = LinearIntegrationStore.get_instance()
-
-
-@dataclass
-class LinearNewConversationView(LinearViewInterface):
-    job_context: JobContext
-    saas_user_auth: UserAuth
-    linear_user: LinearUser
-    linear_workspace: LinearWorkspace
-    selected_repo: str | None
-    conversation_id: str
-
-    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
-        """Instructions passed when conversation is first initialized"""
-
-        instructions_template = jinja_env.get_template('linear_instructions.j2')
-        instructions = instructions_template.render()
-
-        user_msg_template = jinja_env.get_template('linear_new_conversation.j2')
-
-        user_msg = user_msg_template.render(
-            issue_key=self.job_context.issue_key,
-            issue_title=self.job_context.issue_title,
-            issue_description=self.job_context.issue_description,
-            user_message=self.job_context.user_msg or '',
-        )
-
-        return instructions, user_msg
-
-    async def create_or_update_conversation(self, jinja_env: Environment) -> str:
-        """Create a new Linear conversation"""
-
-        if not self.selected_repo:
-            raise StartingConvoException('No repository selected for this conversation')
-
-        provider_tokens = await self.saas_user_auth.get_provider_tokens()
-        user_secrets = await self.saas_user_auth.get_secrets()
-        instructions, user_msg = await self._get_instructions(jinja_env)
-
-        try:
-            user_id = self.linear_user.keycloak_user_id
-
-            # Resolve git provider from repository
-            resolved_git_provider = None
-            if provider_tokens:
-                try:
-                    provider_handler = ProviderHandler(provider_tokens)
-                    repository = await provider_handler.verify_repo_provider(
-                        self.selected_repo
-                    )
-                    resolved_git_provider = repository.git_provider
-                except Exception as e:
-                    logger.warning(
-                        f'[Linear] Failed to resolve git provider for {self.selected_repo}: {e}'
-                    )
-
-            # Resolve target org based on claimed git organizations
-            resolved_org_id = None
-            if resolved_git_provider and self.selected_repo:
-                try:
-                    resolved_org_id = await resolve_org_for_repo(
-                        provider=resolved_git_provider.value,
-                        full_repo_name=self.selected_repo,
-                        keycloak_user_id=user_id,
-                    )
-                except Exception as e:
-                    logger.warning(
-                        f'[Linear] Failed to resolve org for {self.selected_repo}: {e}'
-                    )
-
-            # Create the conversation store with resolver org routing
-            # (bypasses initialize_conversation to avoid threading enterprise-only
-            # resolver_org_id through the generic OSS interface)
-            store = await SaasConversationStore.get_resolver_instance(
-                get_config(),
-                user_id,
-                resolved_org_id,
-            )
-
-            conversation_id = uuid4().hex
-            conversation_metadata = ConversationMetadata(
-                trigger=ConversationTrigger.LINEAR,
-                conversation_id=conversation_id,
-                title=get_default_conversation_title(conversation_id),
-                user_id=user_id,
-                selected_repository=self.selected_repo,
-                selected_branch=None,
-                git_provider=resolved_git_provider,
-            )
-            await store.save_metadata(conversation_metadata)
-
-            await start_conversation(
-                user_id=user_id,
-                git_provider_tokens=provider_tokens,
-                custom_secrets=user_secrets.custom_secrets if user_secrets else None,
-                initial_user_msg=user_msg,
-                image_urls=None,
-                replay_json=None,
-                conversation_id=conversation_id,
-                conversation_metadata=conversation_metadata,
-                conversation_instructions=instructions,
-            )
-
-            self.conversation_id = conversation_id
-
-            logger.info(f'[Linear] Created conversation {self.conversation_id}')
-
-            # Store Linear conversation mapping
-            linear_conversation = LinearConversation(
-                conversation_id=self.conversation_id,
-                issue_id=self.job_context.issue_id,
-                issue_key=self.job_context.issue_key,
-                linear_user_id=self.linear_user.id,
-            )
-
-            await integration_store.create_conversation(linear_conversation)
-
-            return self.conversation_id
-        except Exception as e:
-            logger.error(
-                f'[Linear] Failed to create conversation: {str(e)}', exc_info=True
-            )
-            raise StartingConvoException(f'Failed to create conversation: {str(e)}')
-
-    def get_response_msg(self) -> str:
-        """Get the response message to send back to Linear"""
-        conversation_link = CONVERSATION_URL.format(self.conversation_id)
-        return f"I'm on it! {self.job_context.display_name} can [track my progress here]({conversation_link})."
-
-
-@dataclass
-class LinearExistingConversationView(LinearViewInterface):
-    job_context: JobContext
-    saas_user_auth: UserAuth
-    linear_user: LinearUser
-    linear_workspace: LinearWorkspace
-    selected_repo: str | None
-    conversation_id: str
-
-    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
-        """Instructions passed when conversation is first initialized"""
-
-        user_msg_template = jinja_env.get_template('linear_existing_conversation.j2')
-        user_msg = user_msg_template.render(
-            issue_key=self.job_context.issue_key,
-            user_message=self.job_context.user_msg or '',
-            issue_title=self.job_context.issue_title,
-            issue_description=self.job_context.issue_description,
-        )
-
-        return '', user_msg
-
-    async def create_or_update_conversation(self, jinja_env: Environment) -> str:
-        """Update an existing Linear conversation"""
-
-        user_id = self.linear_user.keycloak_user_id
-
-        try:
-            conversation_store = await ConversationStoreImpl.get_instance(
-                config, user_id
-            )
-
-            try:
-                await conversation_store.get_metadata(self.conversation_id)
-            except FileNotFoundError:
-                raise StartingConvoException('Conversation no longer exists.')
-
-            provider_tokens = await self.saas_user_auth.get_provider_tokens()
-            if provider_tokens is None:
-                raise ValueError('Could not load provider tokens')
-            providers_set = list(provider_tokens.keys())
-
-            conversation_init_data = await setup_init_conversation_settings(
-                user_id, self.conversation_id, providers_set
-            )
-
-            # Either join ongoing conversation, or restart the conversation
-            agent_loop_info = await conversation_manager.maybe_start_agent_loop(
-                self.conversation_id, conversation_init_data, user_id
-            )
-
-            if agent_loop_info.event_store is None:
-                raise StartingConvoException('Event store not available')
-
-            final_agent_observation = get_final_agent_observation(
-                agent_loop_info.event_store
-            )
-            agent_state = (
-                None
-                if len(final_agent_observation) == 0
-                else final_agent_observation[0].agent_state
-            )
-
-            if not agent_state or agent_state == AgentState.LOADING:
-                raise StartingConvoException('Conversation is still starting')
-
-            _, user_msg = await self._get_instructions(jinja_env)
-            user_message_event = MessageAction(content=user_msg)
-            await conversation_manager.send_event_to_conversation(
-                self.conversation_id, event_to_dict(user_message_event)
-            )
-
-            return self.conversation_id
-        except Exception as e:
-            logger.error(
-                f'[Linear] Failed to create conversation: {str(e)}', exc_info=True
-            )
-            raise StartingConvoException(f'Failed to create conversation: {str(e)}')
-
-    def get_response_msg(self) -> str:
-        """Get the response message to send back to Linear"""
-        conversation_link = CONVERSATION_URL.format(self.conversation_id)
-        return f"I'm on it! {self.job_context.display_name} can [continue tracking my progress here]({conversation_link})."
-
-
-class LinearFactory:
-    """Factory for creating Linear views based on message content"""
-
-    @staticmethod
-    async def create_linear_view_from_payload(
-        job_context: JobContext,
-        saas_user_auth: UserAuth,
-        linear_user: LinearUser,
-        linear_workspace: LinearWorkspace,
-    ) -> LinearViewInterface:
-        """Create appropriate Linear view based on the message and user state"""
-
-        if not linear_user or not saas_user_auth or not linear_workspace:
-            raise StartingConvoException(
-                'User not authenticated with Linear integration'
-            )
-
-        conversation = await integration_store.get_user_conversations_by_issue_id(
-            job_context.issue_id, linear_user.id
-        )
-        if conversation:
-            logger.info(
-                f'[Linear] Found existing conversation for issue {job_context.issue_id}'
-            )
-            return LinearExistingConversationView(
-                job_context=job_context,
-                saas_user_auth=saas_user_auth,
-                linear_user=linear_user,
-                linear_workspace=linear_workspace,
-                selected_repo=None,
-                conversation_id=conversation.conversation_id,
-            )
-
-        return LinearNewConversationView(
-            job_context=job_context,
-            saas_user_auth=saas_user_auth,
-            linear_user=linear_user,
-            linear_workspace=linear_workspace,
-            selected_repo=None,  # Will be set later after repo inference
-            conversation_id='',  # Will be set when conversation is created
-        )
--- a/enterprise/integrations/resolver_context.py
+++ b/enterprise/integrations/resolver_context.py
@@ -1,11 +1,14 @@
 from uuid import UUID

+from openhands.app_server.integrations.provider import (
+    PROVIDER_TOKEN_TYPE,
+    ProviderHandler,
+)
+from openhands.app_server.integrations.service_types import ProviderType, UserGitInfo
 from openhands.app_server.user.user_context import UserContext
 from openhands.app_server.user.user_models import UserInfo
-from openhands.integrations.provider import PROVIDER_TOKEN_TYPE, ProviderHandler
-from openhands.integrations.service_types import ProviderType, UserGitInfo
+from openhands.app_server.user_auth.user_auth import UserAuth
 from openhands.sdk.secret import SecretSource, StaticSecret
-from openhands.server.user_auth.user_auth import UserAuth


 class ResolverUserContext(UserContext):
--- a/enterprise/integrations/resolver_org_router.py
+++ b/enterprise/integrations/resolver_org_router.py
@@ -16,21 +16,23 @@ from openhands.core.logger import openhands_logger as logger
 async def resolve_org_for_repo(
    provider: str,
    full_repo_name: str,
-    keycloak_user_id: str,
+    keycloak_user_id: str | None = None,
 ) -> UUID | None:
    """Determine the OpenHands org_id for a resolver conversation.

-    If the repo's git organization is claimed by an OpenHands org AND the user
-    is a member of that org, returns the claiming org's ID. Otherwise returns
-    None (caller should fall back to user.current_org_id / personal workspace).
+    If the repo's git organization is claimed by an OpenHands org, returns the
+    claiming org's ID. When keycloak_user_id is provided, also verifies the user
+    is a member of that org.

    Args:
        provider: Git provider name ("github", "gitlab", "bitbucket")
        full_repo_name: Full repository name (e.g., "OpenHands/foo")
-        keycloak_user_id: The user's Keycloak UUID string
+        keycloak_user_id: The user's Keycloak UUID string (optional). If provided,
+            membership is verified before returning the org_id.

    Returns:
-        The org_id if the repo's org is claimed and user is a member, else None
+        The org_id if the repo's org is claimed (and user is a member when
+        keycloak_user_id is provided), else None
    """
    git_org = full_repo_name.split('/')[0].lower()

@@ -44,6 +46,14 @@ async def resolve_org_for_repo(
            )
            return None

+        # Skip membership check if no user_id provided
+        if keycloak_user_id is None:
+            logger.info(
+                f'[OrgResolver] Resolved org {claim.org_id} '
+                f'for {provider}/{git_org} (no user membership check)',
+            )
+            return claim.org_id
+
        member = await OrgMemberStore.get_org_member(
            claim.org_id, UUID(keycloak_user_id)
        )
--- a/enterprise/integrations/slack/slack_errors.py
+++ b/enterprise/integrations/slack/slack_errors.py
@@ -26,6 +26,7 @@ class SlackErrorCode(Enum):
    PROVIDER_AUTH_FAILED = 'SLACK_ERR_006'
    LLM_AUTH_FAILED = 'SLACK_ERR_007'
    MISSING_SETTINGS = 'SLACK_ERR_008'
+    MISSING_SLACK_SCOPES = 'SLACK_ERR_009'
    UNEXPECTED_ERROR = 'SLACK_ERR_999'


@@ -98,6 +99,11 @@ _USER_MESSAGES: dict[SlackErrorCode, str] = {
        '{username} please re-login into '
        f'[OpenHands Cloud]({HOST_URL}) before starting a job.'
    ),
+    SlackErrorCode.MISSING_SLACK_SCOPES: (
+        '⚠️ The Slack app is missing required permissions. '
+        f'Please ask your workspace admin to re-install the OpenHands Slack App at {HOST_URL}/slack/install '
+        'to authorize the updated permissions.'
+    ),
    SlackErrorCode.UNEXPECTED_ERROR: (
        'Uh oh! There was an unexpected error (ref: {code}). Please try again later.'
    ),
--- a/enterprise/integrations/slack/slack_manager.py
+++ b/enterprise/integrations/slack/slack_manager.py
@@ -24,27 +24,26 @@ from integrations.utils import (
 from integrations.v1_utils import get_saas_user_auth
 from jinja2 import Environment, FileSystemLoader
 from server.constants import SLACK_CLIENT_ID
-from server.utils.conversation_callback_utils import register_callback_processor
 from slack_sdk.oauth import AuthorizeUrlGenerator
 from slack_sdk.web.async_client import AsyncWebClient
 from sqlalchemy import select
 from storage.database import a_session_maker
 from storage.slack_user import SlackUser

-from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.provider import ProviderHandler
-from openhands.integrations.service_types import (
+from openhands.app_server.integrations.provider import ProviderHandler
+from openhands.app_server.integrations.service_types import (
    AuthenticationError,
    ProviderTimeoutError,
    Repository,
 )
+from openhands.app_server.user_auth.user_auth import UserAuth
+from openhands.core.logger import openhands_logger as logger
 from openhands.server.shared import config, server_config, sio
 from openhands.server.types import (
    LLMAuthenticationError,
    MissingSettingsError,
    SessionExpiredError,
 )
-from openhands.server.user_auth.user_auth import UserAuth

 authorize_url_generator = AuthorizeUrlGenerator(
    client_id=SLACK_CLIENT_ID,
@@ -698,11 +697,7 @@ class SlackManager(Manager[SlackViewInterface]):
        return False

    async def start_job(self, slack_view: SlackViewInterface) -> None:
-        # Importing here prevents circular import
-        from server.conversation_callback_processor.slack_callback_processor import (
-            SlackCallbackProcessor,
-        )
-
+        """Start a Slack job using V1 app conversation system."""
        try:
            msg_info = None
            user_info = slack_view.slack_to_openhands_user
@@ -719,37 +714,7 @@ class SlackManager(Manager[SlackViewInterface]):
                    f'[Slack] Created conversation {conversation_id} for user {user_info.slack_display_name}'
                )

-                # Only add SlackCallbackProcessor for new conversations (not updates) and non-v1 conversations
-                if (
-                    not isinstance(slack_view, SlackUpdateExistingConversationView)
-                    and not slack_view.v1_enabled
-                ):
-                    # We don't re-subscribe for follow up messages from slack.
-                    # Summaries are generated for every messages anyways, we only need to do
-                    # this subscription once for the event which kicked off the job.
-
-                    processor = SlackCallbackProcessor(
-                        slack_user_id=slack_view.slack_user_id,
-                        channel_id=slack_view.channel_id,
-                        message_ts=slack_view.message_ts,
-                        thread_ts=slack_view.thread_ts,
-                        team_id=slack_view.team_id,
-                    )
-
-                    # Register the callback processor
-                    register_callback_processor(conversation_id, processor)
-
-                    logger.info(
-                        f'[Slack] Created callback processor for conversation {conversation_id}'
-                    )
-                elif isinstance(slack_view, SlackUpdateExistingConversationView):
-                    logger.info(
-                        f'[Slack] Skipping callback processor for existing conversation update {conversation_id}'
-                    )
-                elif slack_view.v1_enabled:
-                    logger.info(
-                        f'[Slack] Skipping callback processor for v1 conversation {conversation_id}'
-                    )
+                # V1 callback processors are registered by the view during conversation creation

                msg_info = slack_view.get_response_msg()

--- a/enterprise/integrations/slack/slack_types.py
+++ b/enterprise/integrations/slack/slack_types.py
@@ -5,7 +5,7 @@ from integrations.types import SummaryExtractionTracker
 from jinja2 import Environment
 from storage.slack_user import SlackUser

-from openhands.server.user_auth.user_auth import UserAuth
+from openhands.app_server.user_auth.user_auth import UserAuth


@dataclass
@@ -112,7 +112,6 @@ class SlackViewInterface(SlackMessageView, SummaryExtractionTracker, ABC):
    should_extract: bool
    send_summary_instruction: bool
    conversation_id: str
-    v1_enabled: bool

    @abstractmethod
    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
--- a/enterprise/integrations/slack/slack_view.py
+++ b/enterprise/integrations/slack/slack_view.py
@@ -5,6 +5,7 @@ from uuid import UUID, uuid4
 from integrations.models import Message
 from integrations.resolver_context import ResolverUserContext
 from integrations.resolver_org_router import resolve_org_for_repo
+from integrations.slack.slack_errors import SlackError, SlackErrorCode
 from integrations.slack.slack_types import (
    SlackMessageView,
    SlackViewInterface,
@@ -13,14 +14,10 @@ from integrations.slack.slack_types import (
 from integrations.slack.slack_v1_callback_processor import SlackV1CallbackProcessor
 from integrations.utils import (
    CONVERSATION_URL,
-    ENABLE_V1_SLACK_RESOLVER,
-    get_final_agent_observation,
-    get_user_v1_enabled_setting,
 )
 from jinja2 import Environment
-from server.config import get_config
 from slack_sdk import WebClient
-from storage.saas_conversation_store import SaasConversationStore
+from slack_sdk.errors import SlackApiError
 from storage.slack_conversation import SlackConversation
 from storage.slack_conversation_store import SlackConversationStore
 from storage.slack_team_store import SlackTeamStore
@@ -29,30 +26,18 @@ from storage.slack_user import SlackUser
 from openhands.app_server.app_conversation.app_conversation_models import (
    AppConversationStartRequest,
    AppConversationStartTaskStatus,
+    ConversationTrigger,
    SendMessageRequest,
 )
 from openhands.app_server.config import get_app_conversation_service
+from openhands.app_server.integrations.provider import ProviderHandler
 from openhands.app_server.sandbox.sandbox_models import SandboxStatus
 from openhands.app_server.services.injector import InjectorState
 from openhands.app_server.user.specifiy_user_context import USER_CONTEXT_ATTR
+from openhands.app_server.user_auth.user_auth import UserAuth
 from openhands.core.logger import openhands_logger as logger
-from openhands.core.schema.agent import AgentState
-from openhands.events.action import MessageAction
-from openhands.events.serialization.event import event_to_dict
-from openhands.integrations.provider import ProviderHandler
 from openhands.sdk import TextContent
-from openhands.server.services.conversation_service import (
-    setup_init_conversation_settings,
-    start_conversation,
-)
-from openhands.server.shared import ConversationStoreImpl, config, conversation_manager
-from openhands.server.user_auth.user_auth import UserAuth
-from openhands.storage.data_models.conversation_metadata import (
-    ConversationMetadata,
-    ConversationTrigger,
-)
 from openhands.utils.async_utils import GENERAL_TIMEOUT
-from openhands.utils.conversation_summary import get_default_conversation_title

 # =================================================
 # SECTION: Slack view types
@@ -64,10 +49,6 @@ slack_conversation_store = SlackConversationStore.get_instance()
 slack_team_store = SlackTeamStore.get_instance()


-async def is_v1_enabled_for_slack_resolver(user_id: str) -> bool:
-    return await get_user_v1_enabled_setting(user_id) and ENABLE_V1_SLACK_RESOLVER
-
-
@dataclass
 class SlackNewConversationView(SlackViewInterface):
    bot_access_token: str
@@ -83,7 +64,6 @@ class SlackNewConversationView(SlackViewInterface):
    send_summary_instruction: bool
    conversation_id: str
    team_id: str
-    v1_enabled: bool

    def _get_initial_prompt(self, text: str, blocks: list[dict]):
        bot_id = self._get_bot_id(blocks)
@@ -108,24 +88,34 @@ class SlackNewConversationView(SlackViewInterface):
        messages = []
        if self.thread_ts:
            client = WebClient(token=self.bot_access_token)
-            result = client.conversations_replies(
-                channel=self.channel_id,
-                ts=self.thread_ts,
-                inclusive=True,
-                latest=self.message_ts,
-                limit=CONTEXT_LIMIT,  # We can be smarter about getting more context/condensing it even in the future
-            )
+            try:
+                result = client.conversations_replies(
+                    channel=self.channel_id,
+                    ts=self.thread_ts,
+                    inclusive=True,
+                    latest=self.message_ts,
+                    limit=CONTEXT_LIMIT,  # We can be smarter about getting more context/condensing it even in the future
+                )
+            except SlackApiError as e:
+                if e.response.get('error') == 'missing_scope':
+                    raise SlackError(SlackErrorCode.MISSING_SLACK_SCOPES) from e
+                raise

            messages = result['messages']

        else:
            client = WebClient(token=self.bot_access_token)
-            result = client.conversations_history(
-                channel=self.channel_id,
-                inclusive=True,
-                latest=self.message_ts,
-                limit=CONTEXT_LIMIT,
-            )
+            try:
+                result = client.conversations_history(
+                    channel=self.channel_id,
+                    inclusive=True,
+                    latest=self.message_ts,
+                    limit=CONTEXT_LIMIT,
+                )
+            except SlackApiError as e:
+                if e.response.get('error') == 'missing_scope':
+                    raise SlackError(SlackErrorCode.MISSING_SLACK_SCOPES) from e
+                raise

            messages = result['messages']
            messages.reverse()
@@ -162,7 +152,7 @@ class SlackNewConversationView(SlackViewInterface):
                'Attempting to start conversation without confirming selected repo from user'
            )

-    async def save_slack_convo(self, v1_enabled: bool = False):
+    async def save_slack_convo(self):
        if self.slack_to_openhands_user:
            user_info: SlackUser = self.slack_to_openhands_user

@@ -174,7 +164,6 @@ class SlackNewConversationView(SlackViewInterface):
                    'keycloak_user_id': user_info.keycloak_user_id,
                    'org_id': user_info.org_id,
                    'parent_id': self.thread_ts or self.message_ts,
-                    'v1_enabled': v1_enabled,
                },
            )
            slack_conversation = SlackConversation(
@@ -184,7 +173,7 @@ class SlackNewConversationView(SlackViewInterface):
                org_id=user_info.org_id,
                parent_id=self.thread_ts
                or self.message_ts,  # conversations can start in a thread reply as well; we should always references the parent's (root level msg's) message ID
-                v1_enabled=v1_enabled,
+                v1_enabled=True,  # All conversations are V1
            )
            await slack_conversation_store.create_slack_conversation(slack_conversation)

@@ -205,7 +194,6 @@ class SlackNewConversationView(SlackViewInterface):
        self._verify_necessary_values_are_set()

        provider_tokens = await self.saas_user_auth.get_provider_tokens()
-        user_secrets = await self.saas_user_auth.get_secrets()

        # Determine git provider from repository (needed for both org routing and conversation creation)
        self._resolved_git_provider = None
@@ -223,68 +211,9 @@ class SlackNewConversationView(SlackViewInterface):
                keycloak_user_id=self.slack_to_openhands_user.keycloak_user_id,
            )

-        # Check if V1 conversations are enabled for this user
-        self.v1_enabled = await is_v1_enabled_for_slack_resolver(
-            self.slack_to_openhands_user.keycloak_user_id
-        )
-
-        if self.v1_enabled:
-            # Use V1 app conversation service
-            await self._create_v1_conversation(jinja)
-            return self.conversation_id
-        else:
-            # Use existing V0 conversation service
-            await self._create_v0_conversation(jinja, provider_tokens, user_secrets)
-            return self.conversation_id
-
-    async def _create_v0_conversation(
-        self, jinja: Environment, provider_tokens, user_secrets
-    ) -> None:
-        """Create conversation using the legacy V0 system."""
-        user_instructions, conversation_instructions = await self._get_instructions(
-            jinja
-        )
-
-        user_id = self.slack_to_openhands_user.keycloak_user_id
-
-        # Create the conversation store with resolver org routing
-        # (bypasses initialize_conversation to avoid threading enterprise-only
-        # resolver_org_id through the generic OSS interface)
-        store = await SaasConversationStore.get_resolver_instance(
-            get_config(),
-            user_id,
-            self.resolved_org_id,
-        )
-
-        conversation_id = uuid4().hex
-        conversation_metadata = ConversationMetadata(
-            trigger=ConversationTrigger.SLACK,
-            conversation_id=conversation_id,
-            title=get_default_conversation_title(conversation_id),
-            user_id=user_id,
-            selected_repository=self.selected_repo,
-            selected_branch=None,
-            git_provider=self._resolved_git_provider,
-        )
-        await store.save_metadata(conversation_metadata)
-
-        await start_conversation(
-            user_id=user_id,
-            git_provider_tokens=provider_tokens,
-            custom_secrets=user_secrets.custom_secrets if user_secrets else None,
-            initial_user_msg=user_instructions,
-            image_urls=None,
-            replay_json=None,
-            conversation_id=conversation_id,
-            conversation_metadata=conversation_metadata,
-            conversation_instructions=(
-                conversation_instructions if conversation_instructions else None
-            ),
-        )
-
-        self.conversation_id = conversation_id
-        logger.info(f'[Slack]: Created V0 conversation: {self.conversation_id}')
-        await self.save_slack_convo(v1_enabled=False)
+        # V0 conversation path has been removed - all conversations use V1 app conversation service
+        await self._create_v1_conversation(jinja)
+        return self.conversation_id

    async def _create_v1_conversation(self, jinja: Environment) -> None:
        """Create conversation using the new V1 app conversation system."""
@@ -341,7 +270,7 @@ class SlackNewConversationView(SlackViewInterface):
                    )

        logger.info(f'[Slack V1]: Created new conversation: {self.conversation_id}')
-        await self.save_slack_convo(v1_enabled=True)
+        await self.save_slack_convo()

    def get_response_msg(self) -> str:
        user_info: SlackUser = self.slack_to_openhands_user
@@ -363,13 +292,18 @@ class SlackUpdateExistingConversationView(SlackNewConversationView):

    async def _get_instructions(self, jinja_env: Environment) -> tuple[str, str]:
        client = WebClient(token=self.bot_access_token)
-        result = client.conversations_replies(
-            channel=self.channel_id,
-            ts=self.message_ts,
-            inclusive=True,
-            latest=self.message_ts,
-            limit=1,  # Get exact user message, in future we can be smarter with collecting additional context
-        )
+        try:
+            result = client.conversations_replies(
+                channel=self.channel_id,
+                ts=self.message_ts,
+                inclusive=True,
+                latest=self.message_ts,
+                limit=1,  # Get exact user message, in future we can be smarter with collecting additional context
+            )
+        except SlackApiError as e:
+            if e.response.get('error') == 'missing_scope':
+                raise SlackError(SlackErrorCode.MISSING_SLACK_SCOPES) from e
+            raise

        user_message = result['messages'][0]
        user_message = self._get_initial_prompt(
@@ -378,53 +312,6 @@ class SlackUpdateExistingConversationView(SlackNewConversationView):

        return user_message, ''

-    async def send_message_to_v0_conversation(self, jinja: Environment):
-        user_info: SlackUser = self.slack_to_openhands_user
-        user_id = user_info.keycloak_user_id
-        saas_user_auth: UserAuth = self.saas_user_auth
-        provider_tokens = await saas_user_auth.get_provider_tokens()
-
-        try:
-            conversation_store = await ConversationStoreImpl.get_instance(
-                config, user_id
-            )
-            await conversation_store.get_metadata(self.conversation_id)
-        except FileNotFoundError:
-            raise StartingConvoException('Conversation no longer exists.')
-
-        # Should we raise here if there are no provider tokens?
-        providers_set = list(provider_tokens.keys()) if provider_tokens else []
-
-        conversation_init_data = await setup_init_conversation_settings(
-            user_id, self.conversation_id, providers_set
-        )
-
-        # Either join ongoing conversation, or restart the conversation
-        agent_loop_info = await conversation_manager.maybe_start_agent_loop(
-            self.conversation_id, conversation_init_data, user_id
-        )
-
-        if agent_loop_info.event_store is None:
-            raise StartingConvoException('Event store not available')
-
-        final_agent_observation = get_final_agent_observation(
-            agent_loop_info.event_store
-        )
-        agent_state = (
-            None
-            if len(final_agent_observation) == 0
-            else final_agent_observation[0].agent_state
-        )
-
-        if not agent_state or agent_state == AgentState.LOADING:
-            raise StartingConvoException('Conversation is still starting')
-
-        instructions, _ = await self._get_instructions(jinja)
-        user_msg = MessageAction(content=instructions)
-        await conversation_manager.send_event_to_conversation(
-            self.conversation_id, event_to_dict(user_msg)
-        )
-
    async def send_message_to_v1_conversation(self, jinja: Environment):
        """Send a message to a v1 conversation using the agent server API."""
        # Import services within the method to avoid circular imports
@@ -495,7 +382,7 @@ class SlackUpdateExistingConversationView(SlackNewConversationView):
            )

            # 6. Send the message to the agent server
-            url = f"{agent_server_url.rstrip('/')}/api/conversations/{UUID(self.conversation_id)}/events"
+            url = f'{agent_server_url.rstrip("/")}/api/conversations/{UUID(self.conversation_id)}/events'

            headers = {'X-Session-API-Key': running_sandbox.session_api_key}
            payload = send_message_request.model_dump()
@@ -519,7 +406,7 @@ class SlackUpdateExistingConversationView(SlackNewConversationView):
                raise Exception(f'Failed to send message to v1 conversation: {str(e)}')

    async def create_or_update_conversation(self, jinja: Environment) -> str:
-        """Send new user message to converation"""
+        """Send new user message to conversation."""
        user_info: SlackUser = self.slack_to_openhands_user

        user_id = user_info.keycloak_user_id
@@ -531,10 +418,8 @@ class SlackUpdateExistingConversationView(SlackNewConversationView):
                f'{user_info.slack_display_name} is not authorized to send messages to this conversation.'
            )

-        if self.slack_conversation.v1_enabled:
-            await self.send_message_to_v1_conversation(jinja)
-        else:
-            await self.send_message_to_v0_conversation(jinja)
+        # All conversations use V1 app conversation system
+        await self.send_message_to_v1_conversation(jinja)

        return self.conversation_id

@@ -638,7 +523,6 @@ class SlackFactory:
                conversation_id=conversation.conversation_id,
                slack_conversation=conversation,
                team_id=team_id,
-                v1_enabled=False,
            )

        elif SlackFactory.did_user_select_repo_from_form(message):
@@ -656,7 +540,6 @@ class SlackFactory:
                send_summary_instruction=True,
                conversation_id='',
                team_id=team_id,
-                v1_enabled=False,
            )

        else:
@@ -674,7 +557,6 @@ class SlackFactory:
                send_summary_instruction=True,
                conversation_id='',
                team_id=team_id,
-                v1_enabled=False,
            )


--- a/enterprise/integrations/solvability/data/init.py
+++ b/enterprise/integrations/solvability/data/init.py
@@ -1,41 +0,0 @@
-"""
-Utilities for loading and managing pre-trained classifiers.
-
-Assumes that classifiers are stored adjacent to this file in the `solvability/data` directory, using a simple
-`name + .json` pattern.
-"""
-
-from pathlib import Path
-
-from integrations.solvability.models.classifier import SolvabilityClassifier
-
-
-def load_classifier(name: str) -> SolvabilityClassifier:
-    """
-    Load a classifier by name.
-
-    Args:
-        name (str): The name of the classifier to load.
-
-    Returns:
-        SolvabilityClassifier: The loaded classifier instance.
-    """
-    data_dir = Path(__file__).parent
-    classifier_path = data_dir / f'{name}.json'
-
-    if not classifier_path.exists():
-        raise FileNotFoundError(f"Classifier '{name}' not found at {classifier_path}")
-
-    with classifier_path.open('r') as f:
-        return SolvabilityClassifier.model_validate_json(f.read())
-
-
-def available_classifiers() -> list[str]:
-    """
-    List all available classifiers in the data directory.
-
-    Returns:
-        list[str]: A list of classifier names (without the .json extension).
-    """
-    data_dir = Path(__file__).parent
-    return [f.stem for f in data_dir.glob('*.json') if f.is_file()]
--- a/enterprise/integrations/solvability/data/default-classifier.json
+++ b/enterprise/integrations/solvability/data/default-classifier.json
--- a/enterprise/integrations/solvability/models/init.py
+++ b/enterprise/integrations/solvability/models/init.py
@@ -1,38 +0,0 @@
-"""
-Solvability Models Package
-
-This package contains the core machine learning models and components for predicting
-the solvability of GitHub issues and similar technical problems.
-
-The solvability prediction system works by:
-1. Using a Featurizer to extract semantic features from issue descriptions via LLM calls
-2. Training a RandomForestClassifier on these features to predict solvability
-3. Generating detailed reports with feature importance analysis
-
-Key Components:
- Feature: Defines individual features that can be extracted from issues
- Featurizer: Orchestrates LLM-based feature extraction with sampling and batching
- SolvabilityClassifier: Main ML pipeline combining featurization and classification
- SolvabilityReport: Comprehensive output with predictions, feature analysis, and metadata
- ImportanceStrategy: Configurable methods for calculating feature importance (SHAP, permutation, impurity)
-"""
-
-from integrations.solvability.models.classifier import SolvabilityClassifier
-from integrations.solvability.models.featurizer import (
-    EmbeddingDimension,
-    Feature,
-    FeatureEmbedding,
-    Featurizer,
-)
-from integrations.solvability.models.importance_strategy import ImportanceStrategy
-from integrations.solvability.models.report import SolvabilityReport
-
-__all__ = [
-    'Feature',
-    'EmbeddingDimension',
-    'FeatureEmbedding',
-    'Featurizer',
-    'ImportanceStrategy',
-    'SolvabilityClassifier',
-    'SolvabilityReport',
-]
--- a/enterprise/integrations/solvability/models/classifier.py
+++ b/enterprise/integrations/solvability/models/classifier.py
@@ -1,433 +0,0 @@
-from __future__ import annotations
-
-import base64
-import pickle
-from typing import Any
-
-import numpy as np
-import pandas as pd
-import shap
-from integrations.solvability.models.featurizer import Feature, Featurizer
-from integrations.solvability.models.importance_strategy import ImportanceStrategy
-from integrations.solvability.models.report import SolvabilityReport
-from pydantic import (
-    BaseModel,
-    PrivateAttr,
-    field_serializer,
-    field_validator,
-    model_validator,
-)
-from sklearn.ensemble import RandomForestClassifier
-from sklearn.exceptions import NotFittedError
-from sklearn.inspection import permutation_importance
-from sklearn.utils.validation import check_is_fitted
-
-from openhands.core.config import LLMConfig
-
-
-class SolvabilityClassifier(BaseModel):
-    """
-    Machine learning pipeline for predicting the solvability of GitHub issues and similar problems.
-
-    This classifier combines LLM-based feature extraction with traditional ML classification:
-    1. Uses a Featurizer to extract semantic boolean features from issue descriptions via LLM calls
-    2. Trains a RandomForestClassifier on these features to predict solvability scores
-    3. Provides feature importance analysis using configurable strategies (SHAP, permutation, impurity)
-    4. Generates comprehensive reports with predictions, feature analysis, and cost metrics
-
-    The classifier supports both training on labeled data and inference on new issues, with built-in
-    support for batch processing and concurrent feature extraction.
-    """
-
-    identifier: str
-    """
-    The identifier for the classifier.
-    """
-
-    featurizer: Featurizer
-    """
-    The featurizer to use for transforming the input data.
-    """
-
-    classifier: RandomForestClassifier
-    """
-    The RandomForestClassifier used for predicting solvability from extracted features.
-
-    This ensemble model provides robust predictions and built-in feature importance metrics.
-    """
-
-    importance_strategy: ImportanceStrategy = ImportanceStrategy.IMPURITY
-    """
-    Strategy to use for calculating feature importance.
-    """
-
-    samples: int = 10
-    """
-    Number of samples to use for calculating feature embedding coefficients.
-    """
-
-    random_state: int | None = None
-    """
-    Random state for reproducibility.
-    """
-
-    _classifier_attrs: dict[str, Any] = PrivateAttr(default_factory=dict)
-    """
-    Private dictionary storing cached results from feature extraction and importance calculations.
-
-    Contains keys like 'features_', 'cost_', 'feature_importances_', and 'labels_' that are populated
-    during transform(), fit(), and predict() operations. Access these via the corresponding properties.
-
-    This field is never serialized, so cached values will not persist across model save/load cycles.
-    """
-
-    model_config = {
-        'arbitrary_types_allowed': True,
-    }
-
-    @model_validator(mode='after')
-    def validate_random_state(self) -> SolvabilityClassifier:
-        """
-        Validate the random state configuration between this object and the classifier.
-        """
-        # If both random states are set, they definitely need to agree.
-        if self.random_state is not None and self.classifier.random_state is not None:
-            if self.random_state != self.classifier.random_state:
-                raise ValueError(
-                    'The random state of the classifier and the top-level classifier must agree.'
-                )
-
-        # Otherwise, we'll always set the classifier's random state to the top-level one.
-        self.classifier.random_state = self.random_state
-
-        return self
-
-    @property
-    def features_(self) -> pd.DataFrame:
-        """
-        Get the features used by the classifier for the most recent inputs.
-        """
-        if 'features_' not in self._classifier_attrs:
-            raise ValueError(
-                'SolvabilityClassifier.transform() has not yet been called.'
-            )
-        return self._classifier_attrs['features_']
-
-    @property
-    def cost_(self) -> pd.DataFrame:
-        """
-        Get the cost of the classifier for the most recent inputs.
-        """
-        if 'cost_' not in self._classifier_attrs:
-            raise ValueError(
-                'SolvabilityClassifier.transform() has not yet been called.'
-            )
-        return self._classifier_attrs['cost_']
-
-    @property
-    def feature_importances_(self) -> np.ndarray:
-        """
-        Get the feature importances for the most recent inputs.
-        """
-        if 'feature_importances_' not in self._classifier_attrs:
-            raise ValueError(
-                'No SolvabilityClassifier methods that produce feature importances (.fit(), .predict_proba(), and '
-                '.predict()) have been called.'
-            )
-        return self._classifier_attrs['feature_importances_']  # type: ignore[no-any-return]
-
-    @property
-    def is_fitted(self) -> bool:
-        """
-        Check if the classifier is fitted.
-        """
-        try:
-            check_is_fitted(self.classifier)
-            return True
-        except NotFittedError:
-            return False
-
-    def transform(self, issues: pd.Series, llm_config: LLMConfig) -> pd.DataFrame:
-        """
-        Transform the input issues using the featurizer to extract features.
-
-        This method orchestrates the feature extraction pipeline:
-        1. Uses the featurizer to generate embeddings for all issues
-        2. Converts embeddings to a structured DataFrame
-        3. Separates feature columns from metadata columns
-        4. Stores results for later access via properties
-
-        Args:
-            issues: A pandas Series containing the issue descriptions.
-            llm_config: LLM configuration to use for feature extraction.
-
-        Returns:
-            pd.DataFrame: A DataFrame containing only the feature columns (no metadata).
-        """
-        # Generate feature embeddings for all issues using batch processing
-        feature_embeddings = self.featurizer.embed_batch(
-            issues, samples=self.samples, llm_config=llm_config
-        )
-        df = pd.DataFrame(embedding.to_row() for embedding in feature_embeddings)
-
-        # Split into feature columns (used by classifier) and cost columns (metadata)
-        feature_columns = [feature.identifier for feature in self.featurizer.features]
-        cost_columns = [col for col in df.columns if col not in feature_columns]
-
-        # Store both sets for access via properties
-        self._classifier_attrs['features_'] = df[feature_columns]
-        self._classifier_attrs['cost_'] = df[cost_columns]
-
-        return self.features_
-
-    def fit(
-        self, issues: pd.Series, labels: pd.Series, llm_config: LLMConfig
-    ) -> SolvabilityClassifier:
-        """
-        Fit the classifier to the input issues and labels.
-
-        Args:
-            issues: A pandas Series containing the issue descriptions.
-
-            labels: A pandas Series containing the labels (0 or 1) for each issue.
-
-            llm_config: LLM configuration to use for feature extraction.
-
-        Returns:
-            SolvabilityClassifier: The fitted classifier.
-        """
-        features = self.transform(issues, llm_config=llm_config)
-        self.classifier.fit(features, labels)
-
-        # Store labels for permutation importance calculation
-        self._classifier_attrs['labels_'] = labels
-        self._classifier_attrs['feature_importances_'] = self._importance(
-            features, self.classifier.predict_proba(features), labels
-        )
-
-        return self
-
-    def predict_proba(self, issues: pd.Series, llm_config: LLMConfig) -> np.ndarray:
-        """
-        Predict the solvability probabilities for the input issues.
-
-        Returns class probabilities where the second column represents the probability
-        of the issue being solvable (positive class).
-
-        Args:
-            issues: A pandas Series containing the issue descriptions.
-            llm_config: LLM configuration to use for feature extraction.
-
-        Returns:
-            np.ndarray: Array of shape (n_samples, 2) with probabilities for each class.
-                       Column 0: probability of not solvable, Column 1: probability of solvable.
-        """
-        features = self.transform(issues, llm_config=llm_config)
-        scores = self.classifier.predict_proba(features)
-
-        # Calculate feature importances based on the configured strategy
-        # For permutation importance, we need ground truth labels if available
-        labels = self._classifier_attrs.get('labels_')
-        if (
-            self.importance_strategy == ImportanceStrategy.PERMUTATION
-            and labels is not None
-        ):
-            self._classifier_attrs['feature_importances_'] = self._importance(
-                features, scores, labels
-            )
-        else:
-            self._classifier_attrs['feature_importances_'] = self._importance(
-                features, scores
-            )
-
-        return scores  # type: ignore[no-any-return]
-
-    def predict(self, issues: pd.Series, llm_config: LLMConfig) -> np.ndarray:
-        """
-        Predict the solvability of the input issues by returning binary labels.
-
-        Uses a 0.5 probability threshold to convert probabilities to binary predictions.
-
-        Args:
-            issues: A pandas Series containing the issue descriptions.
-            llm_config: LLM configuration to use for feature extraction.
-
-        Returns:
-            np.ndarray: Boolean array where True indicates the issue is predicted as solvable.
-        """
-        probabilities = self.predict_proba(issues, llm_config=llm_config)
-        # Apply 0.5 threshold to convert probabilities to binary predictions
-        labels = probabilities[:, 1] >= 0.5
-        return labels
-
-    def _importance(
-        self,
-        features: pd.DataFrame,
-        scores: np.ndarray,
-        labels: np.ndarray | None = None,
-    ) -> np.ndarray:
-        """
-        Calculate feature importance scores using the configured strategy.
-
-        Different strategies provide different interpretations:
-        - SHAP: Shapley values indicating contribution to individual predictions
-        - PERMUTATION: Decrease in model performance when feature is shuffled
-        - IMPURITY: Gini impurity decrease from splits on each feature
-
-        Args:
-            features: Feature matrix used for predictions.
-            scores: Model prediction scores (unused for some strategies).
-            labels: Ground truth labels (required for permutation importance).
-
-        Returns:
-            np.ndarray: Feature importance scores, one per feature.
-        """
-        match self.importance_strategy:
-            case ImportanceStrategy.SHAP:
-                # Use SHAP TreeExplainer for tree-based models
-                explainer = shap.TreeExplainer(self.classifier)
-                shap_values = explainer.shap_values(features)
-                # Return mean SHAP values for the positive class (solvable)
-                return shap_values.mean(axis=0)[:, 1]  # type: ignore[no-any-return]
-
-            case ImportanceStrategy.PERMUTATION:
-                # Permutation importance requires ground truth labels
-                if labels is None:
-                    raise ValueError('Labels are required for permutation importance')
-                result = permutation_importance(
-                    self.classifier,
-                    features,
-                    labels,
-                    n_repeats=10,  # Number of permutation rounds for stability
-                    random_state=self.random_state,
-                )
-                return result.importances_mean  # type: ignore[no-any-return]
-
-            case ImportanceStrategy.IMPURITY:
-                # Use built-in feature importances from RandomForest
-                return self.classifier.feature_importances_  # type: ignore[no-any-return]
-
-            case _:
-                raise ValueError(
-                    f'Unknown importance strategy: {self.importance_strategy}'
-                )
-
-    def add_features(self, features: list[Feature]) -> SolvabilityClassifier:
-        """
-        Add new features to the classifier's featurizer.
-
-        Note: Adding features after training requires retraining the classifier
-        since the feature space will have changed.
-
-        Args:
-            features: List of Feature objects to add.
-
-        Returns:
-            SolvabilityClassifier: Self for method chaining.
-        """
-        for feature in features:
-            if feature not in self.featurizer.features:
-                self.featurizer.features.append(feature)
-        return self
-
-    def forget_features(self, features: list[Feature]) -> SolvabilityClassifier:
-        """
-        Remove features from the classifier's featurizer.
-
-        Note: Removing features after training requires retraining the classifier
-        since the feature space will have changed.
-
-        Args:
-            features: List of Feature objects to remove.
-
-        Returns:
-            SolvabilityClassifier: Self for method chaining.
-        """
-        for feature in features:
-            try:
-                self.featurizer.features.remove(feature)
-            except ValueError:
-                # Feature not in list, continue with others
-                continue
-        return self
-
-    @field_serializer('classifier')
-    @staticmethod
-    def _rfc_to_json(rfc: RandomForestClassifier) -> str:
-        """
-        Convert a RandomForestClassifier to a JSON-compatible value (a string).
-        """
-        return base64.b64encode(pickle.dumps(rfc)).decode('utf-8')
-
-    @field_validator('classifier', mode='before')
-    @staticmethod
-    def _json_to_rfc(value: str | RandomForestClassifier) -> RandomForestClassifier:
-        """
-        Convert a JSON-compatible value (a string) back to a RandomForestClassifier.
-        """
-        if isinstance(value, RandomForestClassifier):
-            return value
-
-        if isinstance(value, str):
-            try:
-                model = pickle.loads(base64.b64decode(value))
-                if isinstance(model, RandomForestClassifier):
-                    return model
-            except Exception as e:
-                raise ValueError(f'Failed to decode the classifier: {e}')
-
-        raise ValueError(
-            'The classifier must be a RandomForestClassifier or a JSON-compatible dictionary.'
-        )
-
-    def solvability_report(
-        self, issue: str, llm_config: LLMConfig, **kwargs: Any
-    ) -> SolvabilityReport:
-        """
-        Generate a solvability report for the given issue.
-
-        Args:
-            issue: The issue description for which to generate the report.
-            llm_config: Optional LLM configuration to use for feature extraction.
-            kwargs: Additional metadata to include in the report.
-
-        Returns:
-            SolvabilityReport: The generated solvability report.
-        """
-        if not self.is_fitted:
-            raise ValueError(
-                'The classifier must be fitted before generating a report.'
-            )
-
-        scores = self.predict_proba(pd.Series([issue]), llm_config=llm_config)
-
-        return SolvabilityReport(
-            identifier=self.identifier,
-            issue=issue,
-            score=scores[0, 1],
-            features=self.features_.iloc[0].to_dict(),
-            samples=self.samples,
-            importance_strategy=self.importance_strategy,
-            # Unlike the features, the importances are just a series with no link
-            # to the actual feature names. For that we have to recombine with the
-            # feature identifiers.
-            feature_importances=dict(
-                zip(
-                    self.featurizer.feature_identifiers(),
-                    self.feature_importances_.tolist(),
-                )
-            ),
-            random_state=self.random_state,
-            metadata=dict(kwargs) if kwargs else None,
-            # Both cost and response_latency are columns in the cost_ DataFrame,
-            # so we can get both by just unpacking the first row.
-            **self.cost_.iloc[0].to_dict(),
-        )
-
-    def __call__(
-        self, issue: str, llm_config: LLMConfig, **kwargs: Any
-    ) -> SolvabilityReport:
-        """
-        Generate a solvability report for the given issue.
-        """
-        return self.solvability_report(issue, llm_config=llm_config, **kwargs)
--- a/enterprise/integrations/solvability/models/difficulty_level.py
+++ b/enterprise/integrations/solvability/models/difficulty_level.py
@@ -1,38 +0,0 @@
-from __future__ import annotations
-
-from enum import Enum
-
-
-class DifficultyLevel(Enum):
-    """Enum representing the difficulty level based on solvability score."""
-
-    EASY = ('EASY', 0.7, '🟢')
-    MEDIUM = ('MEDIUM', 0.4, '🟡')
-    HARD = ('HARD', 0.0, '🔴')
-
-    def __init__(self, label: str, threshold: float, emoji: str):
-        self.label = label
-        self.threshold = threshold
-        self.emoji = emoji
-
-    @classmethod
-    def from_score(cls, score: float) -> DifficultyLevel:
-        """Get difficulty level from a solvability score.
-
-        Returns the difficulty level with the highest threshold that is less than or equal to the given score.
-        """
-        # Sort enum values by threshold in descending order
-        sorted_levels = sorted(cls, key=lambda x: x.threshold, reverse=True)
-
-        # Find the first level where score meets the threshold
-        for level in sorted_levels:
-            if score >= level.threshold:
-                return level
-
-        # This should never happen if thresholds are set correctly,
-        # but return the lowest threshold level as fallback
-        return sorted_levels[-1]
-
-    def format_display(self) -> str:
-        """Format the difficulty level for display."""
-        return f'{self.emoji} **Solvability: {self.label}**'
--- a/enterprise/integrations/solvability/models/featurizer.py
+++ b/enterprise/integrations/solvability/models/featurizer.py
@@ -1,368 +0,0 @@
-import json
-import time
-from concurrent.futures import ThreadPoolExecutor, as_completed
-from typing import Any
-
-from pydantic import BaseModel
-
-from openhands.core.config import LLMConfig
-from openhands.llm.llm import LLM
-
-
-class Feature(BaseModel):
-    """
-    Represents a single boolean feature that can be extracted from issue descriptions.
-
-    Features are semantic properties of issues (e.g., "has_code_example", "requires_debugging")
-    that are evaluated by LLMs and used as input to the solvability classifier.
-    """
-
-    identifier: str
-    """Unique identifier for the feature, used as column name in feature matrices."""
-
-    description: str
-    """Human-readable description of what the feature represents, used in LLM prompts."""
-
-    @property
-    def to_tool_description_field(self) -> dict[str, Any]:
-        """
-        Convert this feature to a JSON schema field for LLM tool calling.
-
-        Returns:
-            dict: JSON schema field definition for this feature.
-        """
-        return {
-            'type': 'boolean',
-            'description': self.description,
-        }
-
-
-class EmbeddingDimension(BaseModel):
-    """
-    Represents a single dimension (feature evaluation) within a feature embedding sample.
-
-    Each dimension corresponds to one feature being evaluated as true/false for a given issue.
-    """
-
-    feature_id: str
-    """Identifier of the feature being evaluated."""
-
-    result: bool
-    """Boolean result of the feature evaluation for this sample."""
-
-
-# Type alias for a single embedding sample - maps feature identifiers to boolean values
-EmbeddingSample = dict[str, bool]
-"""
-A single sample from the LLM evaluation of features for an issue.
-Maps feature identifiers to their boolean evaluations.
-"""
-
-
-class FeatureEmbedding(BaseModel):
-    """
-    Represents the complete feature embedding for a single issue, including multiple samples
-    and associated metadata about the LLM calls used to generate it.
-
-    Multiple samples are collected to account for LLM variability and provide more robust
-    feature estimates through averaging.
-    """
-
-    samples: list[EmbeddingSample]
-    """List of individual feature evaluation samples from the LLM."""
-
-    prompt_tokens: int | None = None
-    """Total prompt tokens consumed across all LLM calls for this embedding."""
-
-    completion_tokens: int | None = None
-    """Total completion tokens generated across all LLM calls for this embedding."""
-
-    response_latency: float | None = None
-    """Total response latency (seconds) across all LLM calls for this embedding."""
-
-    @property
-    def dimensions(self) -> list[str]:
-        """
-        Get all unique feature identifiers present across all samples.
-
-        Returns:
-            list[str]: List of feature identifiers that appear in at least one sample.
-        """
-        dims: set[str] = set()
-        for sample in self.samples:
-            dims.update(sample.keys())
-        return list(dims)
-
-    def coefficient(self, dimension: str) -> float | None:
-        """
-        Calculate the average coefficient (0-1) for a specific feature dimension.
-
-        This computes the proportion of samples where the feature was evaluated as True,
-        providing a continuous feature value for the classifier.
-
-        Args:
-            dimension: Feature identifier to calculate coefficient for.
-
-        Returns:
-            float | None: Average coefficient (0.0-1.0), or None if dimension not found.
-        """
-        # Extract boolean values for this dimension, converting to 0/1
-        values = [
-            1 if v else 0
-            for v in [sample.get(dimension) for sample in self.samples]
-            if v is not None
-        ]
-        if values:
-            return sum(values) / len(values)
-        return None
-
-    def to_row(self) -> dict[str, Any]:
-        """
-        Convert the embedding to a flat dictionary suitable for DataFrame construction.
-
-        Returns:
-            dict[str, Any]: Dictionary with metadata fields and feature coefficients.
-        """
-        return {
-            'response_latency': self.response_latency,
-            'prompt_tokens': self.prompt_tokens,
-            'completion_tokens': self.completion_tokens,
-            **{dimension: self.coefficient(dimension) for dimension in self.dimensions},
-        }
-
-    def sample_entropy(self) -> dict[str, float]:
-        """
-        Calculate the Shannon entropy of feature evaluations across samples.
-
-        Higher entropy indicates more variability in LLM responses for a feature,
-        which may suggest ambiguity in the feature definition or issue description.
-
-        Returns:
-            dict[str, float]: Mapping of feature identifiers to their entropy values (0-1).
-        """
-        from collections import Counter
-        from math import log2
-
-        entropy = {}
-        for dimension in self.dimensions:
-            # Count True/False occurrences for this feature across samples
-            counts = Counter(sample.get(dimension, False) for sample in self.samples)
-            total = sum(counts.values())
-            if total == 0:
-                entropy[dimension] = 0.0
-                continue
-            # Calculate Shannon entropy: -Σ(p * log2(p))
-            entropy_value = -sum(
-                (count / total) * log2(count / total)
-                for count in counts.values()
-                if count > 0
-            )
-            entropy[dimension] = entropy_value
-        return entropy
-
-
-class Featurizer(BaseModel):
-    """
-    Orchestrates LLM-based feature extraction from issue descriptions.
-
-    The Featurizer uses structured LLM tool calling to evaluate boolean features
-    for issue descriptions. It handles prompt construction, tool schema generation,
-    and batch processing with concurrency.
-    """
-
-    system_prompt: str
-    """System prompt that provides context and instructions to the LLM."""
-
-    message_prefix: str
-    """Prefix added to user messages before the issue description."""
-
-    features: list[Feature]
-    """List of features to extract from each issue description."""
-
-    def system_message(self) -> dict[str, Any]:
-        """
-        Construct the system message for LLM conversations.
-
-        Returns:
-            dict[str, Any]: System message dictionary for LLM API calls.
-        """
-        return {
-            'role': 'system',
-            'content': self.system_prompt,
-        }
-
-    def user_message(
-        self, issue_description: str, set_cache: bool = True
-    ) -> dict[str, Any]:
-        """
-        Construct the user message containing the issue description.
-
-        Args:
-            issue_description: The description of the issue to analyze.
-            set_cache: Whether to enable ephemeral caching for this message.
-                      Should be False for single samples to avoid cache overhead.
-
-        Returns:
-            dict[str, Any]: User message dictionary for LLM API calls.
-        """
-        message: dict[str, Any] = {
-            'role': 'user',
-            'content': f'{self.message_prefix}{issue_description}',
-        }
-        if set_cache:
-            message['cache_control'] = {'type': 'ephemeral'}
-        return message
-
-    @property
-    def tool_choice(self) -> dict[str, Any]:
-        """
-        Get the tool choice configuration for forcing LLM to use the featurizer tool.
-
-        Returns:
-            dict[str, Any]: Tool choice configuration for LLM API calls.
-        """
-        return {
-            'type': 'function',
-            'function': {'name': 'call_featurizer'},
-        }
-
-    @property
-    def tool_description(self) -> dict[str, Any]:
-        """
-        Generate the tool schema for the featurizer function.
-
-        Creates a JSON schema that describes the featurizer tool with all configured
-        features as boolean parameters.
-
-        Returns:
-            dict[str, Any]: Complete tool description for LLM API calls.
-        """
-        return {
-            'type': 'function',
-            'function': {
-                'name': 'call_featurizer',
-                'description': 'Record the features present in the issue.',
-                'parameters': {
-                    'type': 'object',
-                    'properties': {
-                        feature.identifier: feature.to_tool_description_field
-                        for feature in self.features
-                    },
-                },
-            },
-        }
-
-    def embed(
-        self,
-        issue_description: str,
-        llm_config: LLMConfig,
-        temperature: float = 1.0,
-        samples: int = 10,
-    ) -> FeatureEmbedding:
-        """
-        Generate a feature embedding for a single issue description.
-
-        Makes multiple LLM calls to collect samples and reduce variance in feature evaluations.
-        Each call uses tool calling to extract structured boolean feature values.
-
-        Args:
-            issue_description: The description of the issue to analyze.
-            llm_config: Configuration for the LLM to use.
-            temperature: Sampling temperature for the model. Higher values increase randomness.
-            samples: Number of samples to generate for averaging.
-
-        Returns:
-            FeatureEmbedding: Complete embedding with samples and metadata.
-        """
-        embedding_samples: list[dict[str, Any]] = []
-        response_latency: float = 0.0
-        prompt_tokens: int = 0
-        completion_tokens: int = 0
-
-        # TODO: use llm registry
-        llm = LLM(llm_config, service_id='solvability')
-
-        # Generate multiple samples to account for LLM variability
-        for _ in range(samples):
-            start_time = time.time()
-            response = llm.completion(
-                messages=[
-                    self.system_message(),
-                    self.user_message(issue_description, set_cache=(samples > 1)),
-                ],
-                tools=[self.tool_description],
-                tool_choice=self.tool_choice,
-                temperature=temperature,
-            )
-            stop_time = time.time()
-
-            # Extract timing and token usage metrics
-            latency = stop_time - start_time
-            # Parse the structured tool call response containing feature evaluations
-            features = response.choices[0].message.tool_calls[0].function.arguments  # type: ignore[index, union-attr]
-            embedding = json.loads(features)
-
-            # Accumulate results and metrics
-            embedding_samples.append(embedding)
-            prompt_tokens += response.usage.prompt_tokens  # type: ignore[union-attr, attr-defined]
-            completion_tokens += response.usage.completion_tokens  # type: ignore[union-attr, attr-defined]
-            response_latency += latency
-
-        return FeatureEmbedding(
-            samples=embedding_samples,
-            response_latency=response_latency,
-            prompt_tokens=prompt_tokens,
-            completion_tokens=completion_tokens,
-        )
-
-    def embed_batch(
-        self,
-        issue_descriptions: list[str],
-        llm_config: LLMConfig,
-        temperature: float = 1.0,
-        samples: int = 10,
-    ) -> list[FeatureEmbedding]:
-        """
-        Generate embeddings for a batch of issue descriptions using concurrent processing.
-
-        Processes multiple issues in parallel to improve throughput while maintaining
-        result ordering.
-
-        Args:
-            issue_descriptions: List of issue descriptions to analyze.
-            llm_config: Configuration for the LLM to use.
-            temperature: Sampling temperature for the model.
-            samples: Number of samples to generate per issue.
-
-        Returns:
-            list[FeatureEmbedding]: List of embeddings in the same order as input.
-        """
-        with ThreadPoolExecutor() as executor:
-            # Submit all embedding tasks concurrently
-            future_to_desc = {
-                executor.submit(
-                    self.embed,
-                    desc,
-                    llm_config,
-                    temperature=temperature,
-                    samples=samples,
-                ): i
-                for i, desc in enumerate(issue_descriptions)
-            }
-
-            # Collect results in original order to maintain consistency
-            results: list[FeatureEmbedding] = [None] * len(issue_descriptions)  # type: ignore[list-item]
-            for future in as_completed(future_to_desc):
-                index = future_to_desc[future]
-                results[index] = future.result()
-
-            return results
-
-    def feature_identifiers(self) -> list[str]:
-        """
-        Get the identifiers of all configured features.
-
-        Returns:
-            list[str]: List of feature identifiers in the order they were defined.
-        """
-        return [feature.identifier for feature in self.features]
--- a/enterprise/integrations/solvability/models/importance_strategy.py
+++ b/enterprise/integrations/solvability/models/importance_strategy.py
@@ -1,23 +0,0 @@
-from enum import Enum
-
-
-class ImportanceStrategy(str, Enum):
-    """
-    Strategy to use for calculating feature importances, which are used to estimate the predictive power of each feature
-    in training loops and explanations.
-    """
-
-    SHAP = 'shap'
-    """
-    Use SHAP (SHapley Additive exPlanations) to calculate feature importances.
-    """
-
-    PERMUTATION = 'permutation'
-    """
-    Use the permutation-based feature importances.
-    """
-
-    IMPURITY = 'impurity'
-    """
-    Use the impurity-based feature importances from the RandomForestClassifier.
-    """
--- a/enterprise/integrations/solvability/models/report.py
+++ b/enterprise/integrations/solvability/models/report.py
@@ -1,87 +0,0 @@
-from datetime import datetime
-from typing import Any
-
-from integrations.solvability.models.importance_strategy import ImportanceStrategy
-from pydantic import BaseModel, Field
-
-
-class SolvabilityReport(BaseModel):
-    """
-    Comprehensive report containing solvability predictions and analysis for a single issue.
-
-    This report includes the solvability score, extracted feature values, feature importance analysis,
-    cost metrics (tokens and latency), and metadata about the prediction process. It serves as the
-    primary output format for solvability analysis and can be used for logging, debugging, and
-    generating human-readable summaries.
-    """
-
-    identifier: str
-    """
-    The identifier of the solvability model used to generate the report.
-    """
-
-    issue: str
-    """
-    The issue description for which the solvability is predicted.
-
-    This field is exactly the input to the solvability model.
-    """
-
-    score: float
-    """
-    [0, 1]-valued score indicating the likelihood of the issue being solvable.
-    """
-
-    prompt_tokens: int
-    """
-    Total number of prompt tokens used in API calls made to generate the features.
-    """
-
-    completion_tokens: int
-    """
-    Total number of completion tokens used in API calls made to generate the features.
-    """
-
-    response_latency: float
-    """
-    Total response latency of API calls made to generate the features.
-    """
-
-    features: dict[str, float]
-    """
-    [0, 1]-valued scores for each feature in the model.
-
-    These are the values fed to the random forest classifier to generate the solvability score.
-    """
-
-    samples: int
-    """
-    Number of samples used to compute the feature embedding coefficients.
-    """
-
-    importance_strategy: ImportanceStrategy
-    """
-    Strategy used to calculate feature importances.
-    """
-
-    feature_importances: dict[str, float]
-    """
-    Importance scores for each feature in the model.
-
-    Interpretation of these scores depends on the importance strategy used.
-    """
-
-    created_at: datetime = Field(default_factory=datetime.now)
-    """
-    Datetime when the report was created.
-    """
-
-    random_state: int | None = None
-    """
-    Classifier random state used when generating this report.
-    """
-
-    metadata: dict[str, Any] | None = None
-    """
-    Metadata for logging and debugging purposes.
-    """
--- a/enterprise/integrations/solvability/models/summary.py
+++ b/enterprise/integrations/solvability/models/summary.py
@@ -1,172 +0,0 @@
-from __future__ import annotations
-
-import json
-from datetime import datetime
-from typing import Any
-
-from integrations.solvability.models.difficulty_level import DifficultyLevel
-from integrations.solvability.models.report import SolvabilityReport
-from integrations.solvability.prompts import load_prompt
-from pydantic import BaseModel, Field
-
-from openhands.llm import LLM
-
-
-class SolvabilitySummary(BaseModel):
-    """Summary of the solvability analysis in human-readable format."""
-
-    score: float
-    """
-    Solvability score indicating the likelihood of the issue being solvable.
-    """
-
-    summary: str
-    """
-    The executive summary content generated by the LLM.
-    """
-
-    actionable_feedback: str
-    """
-    Actionable feedback content generated by the LLM.
-    """
-
-    positive_feedback: str
-    """
-    Positive feedback content generated by the LLM, highlighting what is good about the issue.
-    """
-
-    prompt_tokens: int
-    """
-    Number of prompt tokens used in the API call to generate the summary.
-    """
-
-    completion_tokens: int
-    """
-    Number of completion tokens used in the API call to generate the summary.
-    """
-
-    response_latency: float
-    """
-    Response latency of the API call to generate the summary.
-    """
-
-    created_at: datetime = Field(default_factory=datetime.now)
-    """
-    Datetime when the summary was created.
-    """
-
-    @staticmethod
-    def tool_description() -> dict[str, Any]:
-        """Get the tool description for the LLM."""
-        return {
-            'type': 'function',
-            'function': {
-                'name': 'solvability_summary',
-                'description': 'Generate a human-readable summary of the solvability analysis.',
-                'parameters': {
-                    'type': 'object',
-                    'properties': {
-                        'summary': {
-                            'type': 'string',
-                            'description': 'A high-level (at most two sentences) summary of the solvability report.',
-                        },
-                        'actionable_feedback': {
-                            'type': 'string',
-                            'description': (
-                                'Bullet list of 1-3 pieces of actionable feedback on how the user can address the lowest scoring relevant features.'
-                            ),
-                        },
-                        'positive_feedback': {
-                            'type': 'string',
-                            'description': (
-                                'Bullet list of 1-3 pieces of positive feedback on the issue, highlighting what is good about it.'
-                            ),
-                        },
-                    },
-                    'required': ['summary', 'actionable_feedback'],
-                },
-            },
-        }
-
-    @staticmethod
-    def tool_choice() -> dict[str, Any]:
-        """Get the tool choice for the LLM."""
-        return {
-            'type': 'function',
-            'function': {
-                'name': 'solvability_summary',
-            },
-        }
-
-    @staticmethod
-    def system_message() -> dict[str, Any]:
-        """Get the system message for the LLM."""
-        return {
-            'role': 'system',
-            'content': load_prompt('summary_system_message'),
-        }
-
-    @staticmethod
-    def user_message(report: SolvabilityReport) -> dict[str, Any]:
-        """Get the user message for the LLM."""
-        return {
-            'role': 'user',
-            'content': load_prompt(
-                'summary_user_message',
-                report=report.model_dump(),
-                difficulty_level=DifficultyLevel.from_score(report.score).value[0],
-            ),
-        }
-
-    @staticmethod
-    def from_report(report: SolvabilityReport, llm: LLM) -> SolvabilitySummary:
-        """Create a SolvabilitySummary from a SolvabilityReport."""
-        import time
-
-        start_time = time.time()
-        response = llm.completion(
-            messages=[
-                SolvabilitySummary.system_message(),
-                SolvabilitySummary.user_message(report),
-            ],
-            tools=[SolvabilitySummary.tool_description()],
-            tool_choice=SolvabilitySummary.tool_choice(),
-        )
-        response_latency = time.time() - start_time
-
-        # Grab the arguments from the forced function call
-        arguments = json.loads(
-            response.choices[0].message.tool_calls[0].function.arguments
-        )
-
-        return SolvabilitySummary(
-            # The score is copied directly from the report
-            score=report.score,
-            # Performance and usage metrics are pulled from the response
-            prompt_tokens=response.usage.prompt_tokens,
-            completion_tokens=response.usage.completion_tokens,
-            response_latency=response_latency,
-            # Every other field should be taken from the forced function call
-            **arguments,
-        )
-
-    def format_as_markdown(self) -> str:
-        """Format the summary content as Markdown."""
-        # Convert score to difficulty level enum
-        difficulty_level = DifficultyLevel.from_score(self.score)
-
-        # Create the main difficulty display
-        result = f'{difficulty_level.format_display()}\n\n{self.summary}'
-
-        # If not easy, show the three features with lowest importance scores
-        if difficulty_level != DifficultyLevel.EASY:
-            # Add dropdown with lowest importance features
-            result += '\n\nYou can make the issue easier to resolve by addressing these concerns in the conversation:\n\n'
-            result += self.actionable_feedback
-
-        # If the difficulty isn't hard, add some positive feedback
-        if difficulty_level != DifficultyLevel.HARD:
-            result += '\n\nPositive feedback:\n\n'
-            result += self.positive_feedback
-
-        return result
--- a/enterprise/integrations/solvability/prompts/init.py
+++ b/enterprise/integrations/solvability/prompts/init.py
@@ -1,13 +0,0 @@
-from pathlib import Path
-
-import jinja2
-
-
-def load_prompt(prompt: str, **kwargs) -> str:
-    """Load a prompt by name. Passes all the keyword arguments to the prompt template."""
-    env = jinja2.Environment(loader=jinja2.FileSystemLoader(Path(__file__).parent))
-    template = env.get_template(f'{prompt}.j2')
-    return template.render(**kwargs)
-
-
-__all__ = ['load_prompt']
--- a/enterprise/integrations/solvability/prompts/summary_system_message.j2
+++ b/enterprise/integrations/solvability/prompts/summary_system_message.j2
@@ -1,10 +0,0 @@
-You are a helpful assistant that generates human-readable summaries of solvability reports.
-The report predicts how likely it is that the issue can be resolved, and is produced purely based on the information provided in the issue description and comments.
-The report explains which features are present in the issue and how impactful they are to the solvability score (using SHAP values).
-Your task is to create a concise, high-level summary of the solvability analysis,
-with an emphasis on the key factors that make the issue easy or hard to resolve.
-Focus on the features with extreme scores, BUT ONLY if they are related to the issue at hand after careful consideration.
-You should NEVER mention: SHAP, scores, feature names, or technical metrics.
-You will also be given the expected difficulty of the issue, as EASY/MEDIUM/HARD.
-Be sure to frame your responses with that difficulty in mind.
-For example, if the issue is HARD you should not describe it as "straightforward".
--- a/enterprise/integrations/solvability/prompts/summary_user_message.j2
+++ b/enterprise/integrations/solvability/prompts/summary_user_message.j2
@@ -1,9 +0,0 @@
-Generate a high-level summary of the solvability report:
-
-{{ report }}
-
-We estimate the issue is {{ difficulty_level }}.
-The summary should be concise (at most two sentences) and describe the primary characteristics of this issue.
-Focus on what information is present and what factors are most relevant to resolution.
-Actionable feedback should be something that can be addressed by the user purely by providing more information.
-Positive feedback should explain the features that are positively contributing to the solvability score.
--- a/enterprise/integrations/solvability/py.typed
+++ b/enterprise/integrations/solvability/py.typed
--- a/enterprise/integrations/store_repo_utils.py
+++ b/enterprise/integrations/store_repo_utils.py
@@ -3,9 +3,9 @@ from storage.stored_repository import StoredRepository
 from storage.user_repo_map import UserRepositoryMap
 from storage.user_repo_map_store import UserRepositoryMapStore

+from openhands.app_server.integrations.service_types import Repository
 from openhands.core.config.openhands_config import OpenHandsConfig
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.service_types import Repository


 async def store_repositories_in_db(repos: list[Repository], user_id: str) -> None:
--- a/enterprise/integrations/stripe_service.py
+++ b/enterprise/integrations/stripe_service.py
@@ -59,11 +59,11 @@ async def find_or_create_customer_by_user_id(user_id: str) -> dict | None:
        extra={'user_id': user_id, 'org_id': str(org.id)},
    )

-    # Create the customer in stripe
-    customer = await stripe.Customer.create_async(
-        email=org.contact_email,
-        metadata={'org_id': str(org.id)},
-    )
+    # Create the customer in stripe (only include email if available)
+    create_params: dict = {'metadata': {'org_id': str(org.id)}}
+    if org.contact_email:
+        create_params['email'] = org.contact_email
+    customer = await stripe.Customer.create_async(**create_params)

    # Save the stripe customer in the local db
    async with a_session_maker() as session:
@@ -108,11 +108,14 @@ async def migrate_customer(session, user_id: str, org: Org):
    if stripe_customer is None:
        return
    stripe_customer.org_id = org.id
-    customer = await stripe.Customer.modify_async(
-        id=stripe_customer.stripe_customer_id,
-        email=org.contact_email,
-        metadata={'user_id': '', 'org_id': str(org.id)},
-    )
+    # Only include email if available to avoid sending empty strings to Stripe
+    modify_params: dict = {
+        'id': stripe_customer.stripe_customer_id,
+        'metadata': {'user_id': '', 'org_id': str(org.id)},
+    }
+    if org.contact_email:
+        modify_params['email'] = org.contact_email
+    customer = await stripe.Customer.modify_async(**modify_params)

    logger.info(
        'migrated_customer',
--- a/enterprise/integrations/types.py
+++ b/enterprise/integrations/types.py
@@ -1,6 +1,7 @@
 from dataclasses import dataclass
 from enum import Enum
 from typing import TYPE_CHECKING
+from uuid import UUID

 from jinja2 import Environment
 from pydantic import BaseModel
@@ -8,9 +9,8 @@ from pydantic import BaseModel
 if TYPE_CHECKING:
    from integrations.models import Message

-    from openhands.integrations.provider import PROVIDER_TOKEN_TYPE
-    from openhands.server.user_auth.user_auth import UserAuth
-    from openhands.storage.data_models.conversation_metadata import ConversationMetadata
+    from openhands.app_server.integrations.provider import PROVIDER_TOKEN_TYPE
+    from openhands.app_server.user_auth.user_auth import UserAuth


 class GitLabResourceType(Enum):
@@ -53,11 +53,11 @@ class ResolverViewInterface(SummaryExtractionTracker):
        """Instructions passed when conversation is first initialized."""
        raise NotImplementedError()

-    async def initialize_new_conversation(self) -> 'ConversationMetadata':
-        """Initialize a new conversation and return metadata.
+    async def initialize_new_conversation(self) -> UUID:
+        """Initialize a new conversation and return the conversation ID.

-        For V1 conversations, creates a dummy ConversationMetadata.
-        For V0 conversations, initializes through the conversation store.
+        This method resolves the target organization and generates a new
+        conversation ID.
        """
        raise NotImplementedError()

@@ -65,7 +65,7 @@ class ResolverViewInterface(SummaryExtractionTracker):
        self,
        jinja_env: Environment,
        git_provider_tokens: 'PROVIDER_TOKEN_TYPE',
-        conversation_metadata: 'ConversationMetadata',
+        conversation_id: UUID,
        saas_user_auth: 'UserAuth',
    ) -> None:
        """Create a new conversation.
@@ -73,7 +73,7 @@ class ResolverViewInterface(SummaryExtractionTracker):
        Args:
            jinja_env: Jinja2 environment for template rendering
            git_provider_tokens: Token mapping for git providers
-            conversation_metadata: Metadata for the conversation
+            conversation_id: The UUID of the conversation to create
            saas_user_auth: User authentication for SaaS
        """
        raise NotImplementedError()
--- a/enterprise/integrations/utils.py
+++ b/enterprise/integrations/utils.py
@@ -1,31 +1,12 @@
 from __future__ import annotations

-import json
 import os
 import re
-from typing import TYPE_CHECKING

 from jinja2 import Environment, FileSystemLoader
 from server.constants import WEB_HOST
-from storage.org_store import OrgStore

-from openhands.core.logger import openhands_logger as logger
-from openhands.core.schema.agent import AgentState
-from openhands.events import Event, EventSource
-from openhands.events.action import (
-    AgentFinishAction,
-    MessageAction,
-)
-from openhands.events.event_filter import EventFilter
-from openhands.events.event_store_abc import EventStoreABC
-from openhands.events.observation.agent import AgentStateChangedObservation
-from openhands.integrations.service_types import Repository
-from openhands.storage.data_models.conversation_status import ConversationStatus
-
-if TYPE_CHECKING:
-    from openhands.server.conversation_manager.conversation_manager import (
-        ConversationManager,
-    )
+from openhands.app_server.integrations.service_types import Repository

 # ---- DO NOT REMOVE ----
 # WARNING: Langfuse depends on the WEB_HOST environment variable being set to track events.
@@ -34,10 +15,8 @@ HOST = WEB_HOST

 IS_LOCAL_DEPLOYMENT = 'localhost' in HOST
 HOST_URL = f'https://{HOST}' if not IS_LOCAL_DEPLOYMENT else f'http://{HOST}'
-GITHUB_WEBHOOK_URL = f'{HOST_URL}/integration/github/events'
 GITLAB_WEBHOOK_URL = f'{HOST_URL}/integration/gitlab/events'
-conversation_prefix = 'conversations/{}'
-CONVERSATION_URL = f'{HOST_URL}/{conversation_prefix}'
+CONVERSATION_URL = f'{HOST_URL}/conversations/{{}}'

 # Toggle for auto-response feature that proactively starts conversations with users when workflow tests fail
 ENABLE_PROACTIVE_CONVERSATION_STARTERS = (
@@ -84,30 +63,11 @@ def get_user_not_found_message(username: str | None = None) -> str:
    return f"It looks like you haven't created an OpenHands account yet. Please sign up at [OpenHands Cloud]({HOST_URL}) and try again."


-# Toggle for solvability report feature
-ENABLE_SOLVABILITY_ANALYSIS = (
-    os.getenv('ENABLE_SOLVABILITY_ANALYSIS', 'false').lower() == 'true'
-)
-
-# Toggle for V1 GitHub resolver feature
-ENABLE_V1_GITHUB_RESOLVER = (
-    os.getenv('ENABLE_V1_GITHUB_RESOLVER', 'false').lower() == 'true'
-)
-
-ENABLE_V1_SLACK_RESOLVER = (
-    os.getenv('ENABLE_V1_SLACK_RESOLVER', 'false').lower() == 'true'
-)
-
-# Toggle for V1 GitLab resolver feature
-ENABLE_V1_GITLAB_RESOLVER = (
-    os.getenv('ENABLE_V1_GITLAB_RESOLVER', 'false').lower() == 'true'
-)
-
 OPENHANDS_RESOLVER_TEMPLATES_DIR = (
    os.getenv('OPENHANDS_RESOLVER_TEMPLATES_DIR')
-    or 'openhands/integrations/templates/resolver/'
+    or 'openhands/app_server/integrations/templates/resolver/'
 )
-jinja_env = Environment(loader=FileSystemLoader(OPENHANDS_RESOLVER_TEMPLATES_DIR))
+_jinja_env = Environment(loader=FileSystemLoader(OPENHANDS_RESOLVER_TEMPLATES_DIR))


 def get_oh_labels(web_host: str) -> tuple[str, str]:
@@ -129,31 +89,11 @@ def get_oh_labels(web_host: str) -> tuple[str, str]:


 def get_summary_instruction():
-    summary_instruction_template = jinja_env.get_template('summary_prompt.j2')
+    summary_instruction_template = _jinja_env.get_template('summary_prompt.j2')
    summary_instruction = summary_instruction_template.render()
    return summary_instruction


-async def get_user_v1_enabled_setting(user_id: str | None) -> bool:
-    """Get the user's V1 conversation API setting.
-
-    Args:
-        user_id: The keycloak user ID
-
-    Returns:
-        True if V1 conversations are enabled for this user, False otherwise
-    """
-    if not user_id:
-        return False
-
-    org = await OrgStore.get_current_org_from_keycloak_user_id(user_id)
-
-    if not org or org.v1_enabled is None:
-        return False
-
-    return org.v1_enabled
-
-
 def has_exact_mention(text: str, mention: str) -> bool:
    """Check if the text contains an exact mention (not part of a larger word).

@@ -180,242 +120,6 @@ def has_exact_mention(text: str, mention: str) -> bool:
    return bool(re.search(rf'(?:^|[^\w@]){pattern}(?![\w-])', text_lower))


-def confirm_event_type(event: Event):
-    return isinstance(event, AgentStateChangedObservation) and not (
-        event.agent_state == AgentState.REJECTED
-        or event.agent_state == AgentState.USER_CONFIRMED
-        or event.agent_state == AgentState.USER_REJECTED
-        or event.agent_state == AgentState.LOADING
-        or event.agent_state == AgentState.RUNNING
-    )
-
-
-def get_readable_error_reason(reason: str):
-    if reason == 'STATUS$ERROR_LLM_AUTHENTICATION':
-        reason = 'Authentication with the LLM provider failed. Please check your API key or credentials'
-    elif reason == 'STATUS$ERROR_LLM_SERVICE_UNAVAILABLE':
-        reason = 'The LLM service is temporarily unavailable. Please try again later'
-    elif reason == 'STATUS$ERROR_LLM_INTERNAL_SERVER_ERROR':
-        reason = 'The LLM provider encountered an internal error. Please try again soon'
-    elif reason == 'STATUS$ERROR_LLM_OUT_OF_CREDITS':
-        reason = "You've run out of credits. Please top up to continue"
-    elif reason == 'STATUS$ERROR_LLM_CONTENT_POLICY_VIOLATION':
-        reason = 'Content policy violation. The output was blocked by content filtering policy'
-    return reason
-
-
-def get_summary_for_agent_state(
-    observations: list[AgentStateChangedObservation], conversation_link: str
-) -> str:
-    unknown_error_msg = f'OpenHands encountered an unknown error. [See the conversation]({conversation_link}) for more information, or try again'
-
-    if len(observations) == 0:
-        logger.error(
-            'Unknown error: No agent state observations found',
-            extra={'conversation_link': conversation_link},
-        )
-        return unknown_error_msg
-
-    observation: AgentStateChangedObservation = observations[0]
-    state = observation.agent_state
-
-    if state == AgentState.RATE_LIMITED:
-        logger.warning(
-            'Agent was rate limited',
-            extra={
-                'agent_state': state.value,
-                'conversation_link': conversation_link,
-                'observation_reason': getattr(observation, 'reason', None),
-            },
-        )
-        return 'OpenHands was rate limited by the LLM provider. Please try again later.'
-
-    if state == AgentState.ERROR:
-        reason = observation.reason
-        reason = get_readable_error_reason(reason)
-
-        logger.error(
-            'Agent encountered an error',
-            extra={
-                'agent_state': state.value,
-                'conversation_link': conversation_link,
-                'observation_reason': observation.reason,
-                'readable_reason': reason,
-            },
-        )
-
-        return f'OpenHands encountered an error: **{reason}**.\n\n[See the conversation]({conversation_link}) for more information.'
-
-    if state == AgentState.AWAITING_USER_INPUT:
-        logger.info(
-            'Agent is awaiting user input',
-            extra={
-                'agent_state': state.value,
-                'conversation_link': conversation_link,
-                'observation_reason': getattr(observation, 'reason', None),
-            },
-        )
-        return f'OpenHands is waiting for your input. [Continue the conversation]({conversation_link}) to provide additional instructions.'
-
-    # Log unknown agent state as error
-    logger.error(
-        'Unknown error: Unhandled agent state',
-        extra={
-            'agent_state': state.value if hasattr(state, 'value') else str(state),
-            'conversation_link': conversation_link,
-            'observation_reason': getattr(observation, 'reason', None),
-        },
-    )
-    return unknown_error_msg
-
-
-def get_final_agent_observation(
-    event_store: EventStoreABC,
-) -> list[AgentStateChangedObservation]:
-    events = list(
-        event_store.search_events(
-            filter=EventFilter(
-                source=EventSource.ENVIRONMENT,
-                include_types=(AgentStateChangedObservation,),
-            ),
-            limit=1,
-            reverse=True,
-        )
-    )
-    result = [e for e in events if isinstance(e, AgentStateChangedObservation)]
-    assert len(result) == len(events)
-    return result
-
-
-def get_last_user_msg(event_store: EventStoreABC) -> list[MessageAction]:
-    events = list(
-        event_store.search_events(
-            filter=EventFilter(
-                source=EventSource.USER,
-                include_types=(MessageAction,),
-            ),
-            limit=1,
-            reverse=True,
-        )
-    )
-    result = [e for e in events if isinstance(e, MessageAction)]
-    assert len(result) == len(events)
-    return result
-
-
-def extract_summary_from_event_store(
-    event_store: EventStoreABC, conversation_id: str
-) -> str:
-    """
-    Get agent summary or alternative message depending on current AgentState
-    """
-    conversation_link = CONVERSATION_URL.format(conversation_id)
-    summary_instruction = get_summary_instruction()
-
-    instruction_events = list(
-        event_store.search_events(
-            filter=EventFilter(
-                query=json.dumps(summary_instruction),
-                source=EventSource.USER,
-                include_types=(MessageAction,),
-            ),
-            limit=1,
-            reverse=True,
-        )
-    )
-
-    final_agent_observation = get_final_agent_observation(event_store)
-
-    # Find summary instruction event ID
-    if not instruction_events:
-        logger.warning(
-            'no_instruction_event_found', extra={'conversation_id': conversation_id}
-        )
-        return get_summary_for_agent_state(
-            final_agent_observation, conversation_link
-        )  # Agent did not receive summary instruction
-
-    summary_events = list(
-        event_store.search_events(
-            filter=EventFilter(
-                source=EventSource.AGENT,
-                include_types=(MessageAction, AgentFinishAction),
-            ),
-            limit=1,
-            reverse=True,
-            start_id=instruction_events[0].id,
-        )
-    )
-
-    if not summary_events:
-        logger.warning(
-            'no_agent_messages_found', extra={'conversation_id': conversation_id}
-        )
-        return get_summary_for_agent_state(
-            final_agent_observation, conversation_link
-        )  # Agent failed to generate summary
-
-    summary_event = summary_events[0]
-    if isinstance(summary_event, MessageAction):
-        return summary_event.content
-
-    assert isinstance(summary_event, AgentFinishAction)
-    return summary_event.final_thought
-
-
-async def get_event_store_from_conversation_manager(
-    conversation_manager: ConversationManager, conversation_id: str
-) -> EventStoreABC:
-    agent_loop_infos = await conversation_manager.get_agent_loop_info(
-        filter_to_sids={conversation_id}
-    )
-    if not agent_loop_infos or agent_loop_infos[0].status != ConversationStatus.RUNNING:
-        raise RuntimeError(f'conversation_not_running:{conversation_id}')
-    event_store = agent_loop_infos[0].event_store
-    if not event_store:
-        raise RuntimeError(f'event_store_missing:{conversation_id}')
-    return event_store
-
-
-async def get_last_user_msg_from_conversation_manager(
-    conversation_manager: ConversationManager, conversation_id: str
-):
-    event_store = await get_event_store_from_conversation_manager(
-        conversation_manager, conversation_id
-    )
-    return get_last_user_msg(event_store)
-
-
-async def extract_summary_from_conversation_manager(
-    conversation_manager: ConversationManager, conversation_id: str
-) -> str:
-    """
-    Get agent summary or alternative message depending on current AgentState
-    """
-
-    event_store = await get_event_store_from_conversation_manager(
-        conversation_manager, conversation_id
-    )
-    summary = extract_summary_from_event_store(event_store, conversation_id)
-    return append_conversation_footer(summary, conversation_id)
-
-
-def append_conversation_footer(message: str, conversation_id: str) -> str:
-    """
-    Append a small footer with the conversation URL to a message.
-
-    Args:
-        message: The original message content
-        conversation_id: The conversation ID to link to
-
-    Returns:
-        The message with the conversation footer appended
-    """
-    conversation_link = CONVERSATION_URL.format(conversation_id)
-    footer = f'\n\n[View full conversation]({conversation_link})'
-    return message + footer
-
-
 def infer_repo_from_message(user_msg: str) -> list[str]:
    """
    Extract all repository names in the format 'owner/repo' from various Git provider URLs
@@ -436,12 +140,13 @@ def infer_repo_from_message(user_msg: str) -> list[str]:
        r'(?=\s|$|}}|[\]\)\'",.:`])'  # right boundary
    )

-    matches: list[str] = []
+    # Use dict to preserve ordering
+    matches: dict[str, bool] = {}

    # Git URLs first (highest priority)
    for owner, repo in re.findall(git_url_pattern, normalized_msg):
        repo = re.sub(r'\.git$', '', repo)
-        matches.append(f'{owner}/{repo}')
+        matches[f'{owner}/{repo}'] = True

    # Direct mentions
    for owner, repo in re.findall(direct_pattern, normalized_msg):
@@ -457,9 +162,10 @@ def infer_repo_from_message(user_msg: str) -> list[str]:
            continue

        if full_match not in matches:
-            matches.append(full_match)
+            matches[full_match] = True

-    return matches
+    result = list(matches)
+    return result


 def filter_potential_repos_by_user_msg(
@@ -595,3 +301,18 @@ def markdown_to_jira_markup(markdown_text: str) -> str:
        # Log the error but don't raise it - return original text as fallback
        print(f'Error converting markdown to Jira markup: {str(e)}')
        return markdown_text or ''
+
+
+def format_jira_comment_body(message: str) -> dict:
+    """Format a message as a Jira API v2 comment body.
+
+    This helper ensures consistent comment formatting across all Jira integrations.
+    Converts markdown to Jira Wiki Markup and wraps in the expected API structure.
+
+    Args:
+        message: The message content to send (may contain markdown)
+
+    Returns:
+        dict: The comment body in Jira API v2 format {'body': ...}
+    """
+    return {'body': markdown_to_jira_markup(message)}
--- a/enterprise/integrations/v1_utils.py
+++ b/enterprise/integrations/v1_utils.py
@@ -7,8 +7,8 @@ from pydantic import SecretStr
 from server.auth.saas_user_auth import SaasUserAuth
 from server.auth.token_manager import TokenManager

+from openhands.app_server.user_auth.user_auth import UserAuth
 from openhands.core.logger import openhands_logger as logger
-from openhands.server.user_auth.user_auth import UserAuth


 def is_budget_exceeded_error(error_message: str) -> bool:
--- a/enterprise/migrations/env.py
+++ b/enterprise/migrations/env.py
@@ -6,6 +6,12 @@ from logging.config import fileConfig
 # These plugin setup messages would otherwise appear before logging is configured
 logging.getLogger('alembic.runtime.plugins').setLevel(logging.WARNING)

+# Prevent SQLAlchemy engine from logging SQL results at DEBUG level, which can
+# leak sensitive column data (e.g. API keys, tokens) into log aggregators.
+# This is set before any engine is created so it takes effect immediately.
+logging.getLogger('sqlalchemy.engine').setLevel(logging.WARNING)
+logging.getLogger('sqlalchemy.engine.Engine').setLevel(logging.WARNING)
+
 from alembic import context  # noqa: E402
 from google.cloud.sql.connector import Connector  # noqa: E402
 from sqlalchemy import create_engine, text  # noqa: E402
@@ -70,6 +76,12 @@ config = context.config
 if config.config_file_name is not None:
    fileConfig(config.config_file_name)

+# Re-apply SQLAlchemy engine log suppression after fileConfig, which may override
+# our earlier settings from alembic.ini. This ensures DEBUG-level SQL result logging
+# is always suppressed, preventing sensitive data from leaking into log aggregators.
+logging.getLogger('sqlalchemy.engine').setLevel(logging.WARNING)
+logging.getLogger('sqlalchemy.engine.Engine').setLevel(logging.WARNING)
+

 def run_migrations_offline() -> None:
    """Run migrations in 'offline' mode.
--- a/enterprise/migrations/versions/103_add_mcp_config_to_org_member.py
+++ b/enterprise/migrations/versions/103_add_mcp_config_to_org_member.py
@@ -6,7 +6,6 @@ Create Date: 2026-03-26

 """

-import json
 from typing import Sequence, Union

 import sqlalchemy as sa
@@ -24,18 +23,18 @@ def upgrade() -> None:

    # Migrate existing org-level MCP configs to all members in each org.
    # This preserves existing configurations while transitioning to user-specific settings.
-    conn = op.get_bind()
-    orgs_with_config = conn.execute(
-        sa.text('SELECT id, mcp_config FROM org WHERE mcp_config IS NOT NULL')
-    ).fetchall()
-
-    for org_id, mcp_config in orgs_with_config:
-        conn.execute(
-            sa.text(
-                'UPDATE org_member SET mcp_config = :config WHERE org_id = :org_id'
-            ),
-            {'config': json.dumps(mcp_config), 'org_id': str(org_id)},
+    # Uses server-side SQL to avoid pulling sensitive config data into the Python process.
+    op.execute(
+        sa.text(
+            """
+            UPDATE org_member
+            SET mcp_config = org.mcp_config
+            FROM org
+            WHERE org_member.org_id = org.id
+              AND org.mcp_config IS NOT NULL
+            """
        )
+    )


 def downgrade() -> None:
--- a/enterprise/migrations/versions/107_add_onboarding_completed_to_user.py
+++ b/enterprise/migrations/versions/107_add_onboarding_completed_to_user.py
@@ -0,0 +1,31 @@
+"""Add onboarding_completed column to user table.
+
+Tracks whether a user has completed the onboarding flow.
+Used to redirect new SaaS users to /onboarding after accepting TOS.
+
+Revision ID: 107
+Revises: 106
+Create Date: 2026-03-31
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = '107'
+down_revision: Union[str, None] = '106'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.add_column(
+        'user',
+        sa.Column('onboarding_completed', sa.Boolean(), nullable=True, default=False),
+    )
+
+
+def downgrade() -> None:
+    op.drop_column('user', 'onboarding_completed')
--- a/enterprise/migrations/versions/108_add_agent_settings_to_enterprise_settings.py
+++ b/enterprise/migrations/versions/108_add_agent_settings_to_enterprise_settings.py
@@ -0,0 +1,563 @@
+"""Add agent_settings columns to enterprise settings tables.
+
+Revision ID: 108
+Revises: 107
+Create Date: 2026-03-22 00:00:00.000000
+
+"""
+
+from collections.abc import Mapping
+from typing import Any, Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = '108'
+down_revision: Union[str, None] = '107'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+_EMPTY_JSON = sa.text("'{}'::json")
+
+
+def _deep_merge(
+    base: dict[str, Any], overrides: Mapping[str, Any] | None
+) -> dict[str, Any]:
+    merged = dict(base)
+    for key, value in (overrides or {}).items():
+        existing = merged.get(key)
+        if isinstance(existing, dict) and isinstance(value, Mapping):
+            merged[key] = _deep_merge(existing, value)
+        else:
+            merged[key] = value
+    return merged
+
+
+def _strip_none_and_empty(value: Any) -> Any:
+    if isinstance(value, Mapping):
+        cleaned: dict[str, Any] = {}
+        for key, item in value.items():
+            cleaned_item = _strip_none_and_empty(item)
+            if cleaned_item is None:
+                continue
+            if isinstance(cleaned_item, dict) and not cleaned_item:
+                continue
+            cleaned[key] = cleaned_item
+        return cleaned
+    return value
+
+
+def _build_user_agent_settings(row: Mapping[str, Any]) -> dict[str, Any]:
+    generated = _strip_none_and_empty(
+        {
+            'schema_version': 1,
+            'agent': row['agent'],
+            'llm': {
+                'model': row['llm_model'],
+                'base_url': row['llm_base_url'],
+            },
+            'condenser': {
+                'enabled': row['enable_default_condenser'],
+                'max_size': row['condenser_max_size'],
+            },
+            'mcp_config': row['mcp_config'],
+        }
+    )
+    return _deep_merge(generated, row.get('agent_settings') or {})
+
+
+def _build_user_conversation_settings(row: Mapping[str, Any]) -> dict[str, Any]:
+    generated = _strip_none_and_empty(
+        {
+            'max_iterations': row['max_iterations'],
+            'confirmation_mode': row['confirmation_mode'],
+            'security_analyzer': row['security_analyzer'],
+        }
+    )
+    return _deep_merge(generated, row.get('conversation_settings') or {})
+
+
+def _build_org_member_agent_settings_diff(row: Mapping[str, Any]) -> dict[str, Any]:
+    generated = _strip_none_and_empty(
+        {
+            'schema_version': 1,
+            'llm': {
+                'model': row['llm_model'],
+                'base_url': row['llm_base_url'],
+            },
+            'mcp_config': row['mcp_config'],
+        }
+    )
+    return _deep_merge(generated, row.get('agent_settings_diff') or {})
+
+
+def _build_org_member_conversation_settings_diff(
+    row: Mapping[str, Any],
+) -> dict[str, Any]:
+    generated = _strip_none_and_empty({'max_iterations': row['max_iterations']})
+    return _deep_merge(generated, row.get('conversation_settings_diff') or {})
+
+
+def _build_org_agent_settings(row: Mapping[str, Any]) -> dict[str, Any]:
+    generated = _strip_none_and_empty(
+        {
+            'schema_version': 1,
+            'agent': row['agent'],
+            'llm': {
+                'model': row['default_llm_model'],
+                'base_url': row['default_llm_base_url'],
+            },
+            'condenser': {
+                'enabled': row['enable_default_condenser'],
+                'max_size': row['condenser_max_size'],
+            },
+            'mcp_config': row['mcp_config'],
+        }
+    )
+    return _deep_merge(generated, row.get('agent_settings') or {})
+
+
+def _build_org_conversation_settings(row: Mapping[str, Any]) -> dict[str, Any]:
+    generated = _strip_none_and_empty(
+        {
+            'max_iterations': row['default_max_iterations'],
+            'confirmation_mode': row['confirmation_mode'],
+            'security_analyzer': row['security_analyzer'],
+        }
+    )
+    return _deep_merge(generated, row.get('conversation_settings') or {})
+
+
+def _get_nested_value(data: Mapping[str, Any] | None, *path: str) -> Any:
+    current: Any = data or {}
+    for key in path:
+        if not isinstance(current, Mapping) or key not in current:
+            return None
+        current = current[key]
+    return current
+
+
+def _legacy_user_settings_values(row: Mapping[str, Any]) -> dict[str, Any]:
+    agent_settings = row.get('agent_settings') or {}
+    conversation_settings = row.get('conversation_settings') or {}
+    condenser_enabled = _get_nested_value(agent_settings, 'condenser', 'enabled')
+    return {
+        'agent': _get_nested_value(agent_settings, 'agent'),
+        'max_iterations': _get_nested_value(conversation_settings, 'max_iterations'),
+        'security_analyzer': _get_nested_value(
+            conversation_settings, 'security_analyzer'
+        ),
+        'confirmation_mode': _get_nested_value(
+            conversation_settings, 'confirmation_mode'
+        ),
+        'llm_model': _get_nested_value(agent_settings, 'llm', 'model'),
+        'llm_base_url': _get_nested_value(agent_settings, 'llm', 'base_url'),
+        'enable_default_condenser': (
+            True if condenser_enabled is None else condenser_enabled
+        ),
+        'condenser_max_size': _get_nested_value(
+            agent_settings, 'condenser', 'max_size'
+        ),
+    }
+
+
+def _legacy_org_member_values(row: Mapping[str, Any]) -> dict[str, Any]:
+    agent_settings_diff = row.get('agent_settings_diff') or {}
+    conversation_settings_diff = row.get('conversation_settings_diff') or {}
+    return {
+        'llm_model': _get_nested_value(agent_settings_diff, 'llm', 'model'),
+        'llm_base_url': _get_nested_value(agent_settings_diff, 'llm', 'base_url'),
+        'max_iterations': _get_nested_value(
+            conversation_settings_diff, 'max_iterations'
+        ),
+        'mcp_config': _get_nested_value(agent_settings_diff, 'mcp_config'),
+    }
+
+
+def _legacy_org_values(row: Mapping[str, Any]) -> dict[str, Any]:
+    agent_settings = row.get('agent_settings') or {}
+    conversation_settings = row.get('conversation_settings') or {}
+    condenser_enabled = _get_nested_value(agent_settings, 'condenser', 'enabled')
+    return {
+        'agent': _get_nested_value(agent_settings, 'agent'),
+        'default_max_iterations': _get_nested_value(
+            conversation_settings, 'max_iterations'
+        ),
+        'security_analyzer': _get_nested_value(
+            conversation_settings, 'security_analyzer'
+        ),
+        'confirmation_mode': _get_nested_value(
+            conversation_settings, 'confirmation_mode'
+        ),
+        'default_llm_model': _get_nested_value(agent_settings, 'llm', 'model'),
+        'default_llm_base_url': _get_nested_value(agent_settings, 'llm', 'base_url'),
+        'enable_default_condenser': (
+            True if condenser_enabled is None else condenser_enabled
+        ),
+        'mcp_config': _get_nested_value(agent_settings, 'mcp_config'),
+        'condenser_max_size': _get_nested_value(
+            agent_settings, 'condenser', 'max_size'
+        ),
+    }
+
+
+def upgrade() -> None:
+    op.add_column(
+        'user_settings',
+        sa.Column(
+            'agent_settings', sa.JSON(), nullable=False, server_default=_EMPTY_JSON
+        ),
+    )
+    op.add_column(
+        'user_settings',
+        sa.Column(
+            'conversation_settings',
+            sa.JSON(),
+            nullable=False,
+            server_default=_EMPTY_JSON,
+        ),
+    )
+    op.add_column(
+        'org_member',
+        sa.Column(
+            'agent_settings_diff',
+            sa.JSON(),
+            nullable=False,
+            server_default=_EMPTY_JSON,
+        ),
+    )
+    op.add_column(
+        'org_member',
+        sa.Column(
+            'conversation_settings_diff',
+            sa.JSON(),
+            nullable=False,
+            server_default=_EMPTY_JSON,
+        ),
+    )
+    op.add_column(
+        'org',
+        sa.Column(
+            'agent_settings', sa.JSON(), nullable=False, server_default=_EMPTY_JSON
+        ),
+    )
+    op.add_column(
+        'org',
+        sa.Column(
+            'conversation_settings',
+            sa.JSON(),
+            nullable=False,
+            server_default=_EMPTY_JSON,
+        ),
+    )
+
+    op.add_column('org', sa.Column('_llm_api_key', sa.String(), nullable=True))
+    op.add_column(
+        'org_member',
+        sa.Column(
+            'has_custom_llm_api_key',
+            sa.Boolean(),
+            nullable=False,
+            server_default=sa.false(),
+        ),
+    )
+
+    bind = op.get_bind()
+
+    user_settings_table = sa.table(
+        'user_settings',
+        sa.column('id', sa.Integer()),
+        sa.column('agent', sa.String()),
+        sa.column('max_iterations', sa.Integer()),
+        sa.column('security_analyzer', sa.String()),
+        sa.column('confirmation_mode', sa.Boolean()),
+        sa.column('llm_model', sa.String()),
+        sa.column('llm_base_url', sa.String()),
+        sa.column('enable_default_condenser', sa.Boolean()),
+        sa.column('condenser_max_size', sa.Integer()),
+        sa.column('mcp_config', sa.JSON()),
+        sa.column('agent_settings', sa.JSON()),
+        sa.column('conversation_settings', sa.JSON()),
+    )
+    user_settings_rows = bind.execute(
+        sa.select(
+            user_settings_table.c.id,
+            user_settings_table.c.agent,
+            user_settings_table.c.max_iterations,
+            user_settings_table.c.security_analyzer,
+            user_settings_table.c.confirmation_mode,
+            user_settings_table.c.llm_model,
+            user_settings_table.c.llm_base_url,
+            user_settings_table.c.enable_default_condenser,
+            user_settings_table.c.condenser_max_size,
+            user_settings_table.c.mcp_config,
+            user_settings_table.c.agent_settings,
+            user_settings_table.c.conversation_settings,
+        )
+    ).mappings()
+    for row in user_settings_rows:
+        bind.execute(
+            user_settings_table.update()
+            .where(user_settings_table.c.id == row['id'])
+            .values(
+                agent_settings=_build_user_agent_settings(row),
+                conversation_settings=_build_user_conversation_settings(row),
+            )
+        )
+
+    org_member_table = sa.table(
+        'org_member',
+        sa.column('org_id', sa.Uuid()),
+        sa.column('user_id', sa.Uuid()),
+        sa.column('max_iterations', sa.Integer()),
+        sa.column('llm_model', sa.String()),
+        sa.column('llm_base_url', sa.String()),
+        sa.column('mcp_config', sa.JSON()),
+        sa.column('agent_settings_diff', sa.JSON()),
+        sa.column('conversation_settings_diff', sa.JSON()),
+    )
+    org_member_rows = bind.execute(
+        sa.select(
+            org_member_table.c.org_id,
+            org_member_table.c.user_id,
+            org_member_table.c.max_iterations,
+            org_member_table.c.llm_model,
+            org_member_table.c.llm_base_url,
+            org_member_table.c.mcp_config,
+            org_member_table.c.agent_settings_diff,
+            org_member_table.c.conversation_settings_diff,
+        )
+    ).mappings()
+    for row in org_member_rows:
+        bind.execute(
+            org_member_table.update()
+            .where(org_member_table.c.org_id == row['org_id'])
+            .where(org_member_table.c.user_id == row['user_id'])
+            .values(
+                agent_settings_diff=_build_org_member_agent_settings_diff(row),
+                conversation_settings_diff=_build_org_member_conversation_settings_diff(
+                    row
+                ),
+            )
+        )
+
+    org_table = sa.table(
+        'org',
+        sa.column('id', sa.Uuid()),
+        sa.column('agent', sa.String()),
+        sa.column('default_max_iterations', sa.Integer()),
+        sa.column('security_analyzer', sa.String()),
+        sa.column('confirmation_mode', sa.Boolean()),
+        sa.column('default_llm_model', sa.String()),
+        sa.column('default_llm_base_url', sa.String()),
+        sa.column('enable_default_condenser', sa.Boolean()),
+        sa.column('mcp_config', sa.JSON()),
+        sa.column('condenser_max_size', sa.Integer()),
+        sa.column('agent_settings', sa.JSON()),
+        sa.column('conversation_settings', sa.JSON()),
+    )
+    org_rows = bind.execute(
+        sa.select(
+            org_table.c.id,
+            org_table.c.agent,
+            org_table.c.default_max_iterations,
+            org_table.c.security_analyzer,
+            org_table.c.confirmation_mode,
+            org_table.c.default_llm_model,
+            org_table.c.default_llm_base_url,
+            org_table.c.enable_default_condenser,
+            org_table.c.mcp_config,
+            org_table.c.condenser_max_size,
+            org_table.c.agent_settings,
+            org_table.c.conversation_settings,
+        )
+    ).mappings()
+    for row in org_rows:
+        bind.execute(
+            org_table.update()
+            .where(org_table.c.id == row['id'])
+            .values(
+                agent_settings=_build_org_agent_settings(row),
+                conversation_settings=_build_org_conversation_settings(row),
+            )
+        )
+
+    op.alter_column('user_settings', 'agent_settings', server_default=None)
+    op.alter_column('user_settings', 'conversation_settings', server_default=None)
+    op.alter_column('org_member', 'agent_settings_diff', server_default=None)
+    op.alter_column('org_member', 'conversation_settings_diff', server_default=None)
+    op.alter_column('org', 'agent_settings', server_default=None)
+    op.alter_column('org', 'conversation_settings', server_default=None)
+    op.alter_column('org_member', 'has_custom_llm_api_key', server_default=None)
+    op.drop_column('user_settings', 'agent')
+    op.drop_column('user_settings', 'max_iterations')
+    op.drop_column('user_settings', 'security_analyzer')
+    op.drop_column('user_settings', 'confirmation_mode')
+    op.drop_column('user_settings', 'llm_model')
+    op.drop_column('user_settings', 'llm_base_url')
+    op.drop_column('user_settings', 'enable_default_condenser')
+    op.drop_column('user_settings', 'condenser_max_size')
+    op.drop_column('org_member', 'max_iterations')
+    op.drop_column('org_member', 'llm_model')
+    op.drop_column('org_member', 'llm_base_url')
+    op.drop_column('org_member', 'mcp_config')
+    op.drop_column('org', 'agent')
+    op.drop_column('org', 'default_max_iterations')
+    op.drop_column('org', 'security_analyzer')
+    op.drop_column('org', 'confirmation_mode')
+    op.drop_column('org', 'default_llm_model')
+    op.drop_column('org', 'default_llm_base_url')
+    op.drop_column('org', 'enable_default_condenser')
+    op.drop_column('org', 'mcp_config')
+    op.drop_column('org', 'condenser_max_size')
+
+
+def downgrade() -> None:
+    op.add_column('user_settings', sa.Column('agent', sa.String(), nullable=True))
+    op.add_column(
+        'user_settings', sa.Column('max_iterations', sa.Integer(), nullable=True)
+    )
+    op.add_column(
+        'user_settings', sa.Column('security_analyzer', sa.String(), nullable=True)
+    )
+    op.add_column(
+        'user_settings', sa.Column('confirmation_mode', sa.Boolean(), nullable=True)
+    )
+    op.add_column('user_settings', sa.Column('llm_model', sa.String(), nullable=True))
+    op.add_column(
+        'user_settings', sa.Column('llm_base_url', sa.String(), nullable=True)
+    )
+    op.add_column(
+        'user_settings',
+        sa.Column(
+            'enable_default_condenser',
+            sa.Boolean(),
+            nullable=False,
+            server_default=sa.true(),
+        ),
+    )
+    op.add_column(
+        'user_settings', sa.Column('condenser_max_size', sa.Integer(), nullable=True)
+    )
+    op.add_column('org_member', sa.Column('llm_base_url', sa.String(), nullable=True))
+    op.add_column('org_member', sa.Column('llm_model', sa.String(), nullable=True))
+    op.add_column(
+        'org_member', sa.Column('max_iterations', sa.Integer(), nullable=True)
+    )
+    op.add_column('org_member', sa.Column('mcp_config', sa.JSON(), nullable=True))
+    op.add_column('org', sa.Column('agent', sa.String(), nullable=True))
+    op.add_column(
+        'org', sa.Column('default_max_iterations', sa.Integer(), nullable=True)
+    )
+    op.add_column('org', sa.Column('security_analyzer', sa.String(), nullable=True))
+    op.add_column('org', sa.Column('confirmation_mode', sa.Boolean(), nullable=True))
+    op.add_column('org', sa.Column('default_llm_model', sa.String(), nullable=True))
+    op.add_column('org', sa.Column('default_llm_base_url', sa.String(), nullable=True))
+    op.add_column(
+        'org',
+        sa.Column(
+            'enable_default_condenser',
+            sa.Boolean(),
+            nullable=False,
+            server_default=sa.true(),
+        ),
+    )
+    op.add_column('org', sa.Column('mcp_config', sa.JSON(), nullable=True))
+    op.add_column('org', sa.Column('condenser_max_size', sa.Integer(), nullable=True))
+
+    bind = op.get_bind()
+
+    user_settings_table = sa.table(
+        'user_settings',
+        sa.column('id', sa.Integer()),
+        sa.column('agent_settings', sa.JSON()),
+        sa.column('conversation_settings', sa.JSON()),
+        sa.column('agent', sa.String()),
+        sa.column('max_iterations', sa.Integer()),
+        sa.column('security_analyzer', sa.String()),
+        sa.column('confirmation_mode', sa.Boolean()),
+        sa.column('llm_model', sa.String()),
+        sa.column('llm_base_url', sa.String()),
+        sa.column('enable_default_condenser', sa.Boolean()),
+        sa.column('condenser_max_size', sa.Integer()),
+    )
+    user_settings_rows = bind.execute(
+        sa.select(
+            user_settings_table.c.id,
+            user_settings_table.c.agent_settings,
+            user_settings_table.c.conversation_settings,
+        )
+    ).mappings()
+    for row in user_settings_rows:
+        bind.execute(
+            user_settings_table.update()
+            .where(user_settings_table.c.id == row['id'])
+            .values(**_legacy_user_settings_values(row))
+        )
+
+    org_member_table = sa.table(
+        'org_member',
+        sa.column('org_id', sa.Uuid()),
+        sa.column('user_id', sa.Uuid()),
+        sa.column('agent_settings_diff', sa.JSON()),
+        sa.column('conversation_settings_diff', sa.JSON()),
+        sa.column('llm_model', sa.String()),
+        sa.column('llm_base_url', sa.String()),
+        sa.column('max_iterations', sa.Integer()),
+        sa.column('mcp_config', sa.JSON()),
+    )
+    org_member_rows = bind.execute(
+        sa.select(
+            org_member_table.c.org_id,
+            org_member_table.c.user_id,
+            org_member_table.c.agent_settings_diff,
+            org_member_table.c.conversation_settings_diff,
+        )
+    ).mappings()
+    for row in org_member_rows:
+        bind.execute(
+            org_member_table.update()
+            .where(org_member_table.c.org_id == row['org_id'])
+            .where(org_member_table.c.user_id == row['user_id'])
+            .values(**_legacy_org_member_values(row))
+        )
+
+    org_table = sa.table(
+        'org',
+        sa.column('id', sa.Uuid()),
+        sa.column('agent_settings', sa.JSON()),
+        sa.column('conversation_settings', sa.JSON()),
+        sa.column('agent', sa.String()),
+        sa.column('default_max_iterations', sa.Integer()),
+        sa.column('security_analyzer', sa.String()),
+        sa.column('confirmation_mode', sa.Boolean()),
+        sa.column('default_llm_model', sa.String()),
+        sa.column('default_llm_base_url', sa.String()),
+        sa.column('enable_default_condenser', sa.Boolean()),
+        sa.column('mcp_config', sa.JSON()),
+        sa.column('condenser_max_size', sa.Integer()),
+    )
+    org_rows = bind.execute(
+        sa.select(
+            org_table.c.id,
+            org_table.c.agent_settings,
+            org_table.c.conversation_settings,
+        )
+    ).mappings()
+    for row in org_rows:
+        bind.execute(
+            org_table.update()
+            .where(org_table.c.id == row['id'])
+            .values(**_legacy_org_values(row))
+        )
+
+    op.drop_column('org', 'agent_settings')
+    op.drop_column('org', 'conversation_settings')
+    op.drop_column('org', '_llm_api_key')
+    op.drop_column('org_member', 'agent_settings_diff')
+    op.drop_column('org_member', 'conversation_settings_diff')
+    op.drop_column('org_member', 'has_custom_llm_api_key')
+    op.drop_column('user_settings', 'agent_settings')
+    op.drop_column('user_settings', 'conversation_settings')
--- a/enterprise/migrations/versions/109_add_llm_profiles_to_user.py
+++ b/enterprise/migrations/versions/109_add_llm_profiles_to_user.py
@@ -0,0 +1,36 @@
+"""Add llm_profiles column to user table.
+
+The Settings model exposes ``llm_profiles`` (saved LLM configurations plus
+the active profile name), but the SaaS path persists a flattened Settings
+dump onto the User/Org rows. Without a column here the field is silently
+dropped on store() and always defaults to empty on load(), so saved
+profiles disappear after any settings update or page refresh.
+
+The column is plain ``String`` because the ORM-level ``EncryptedJSON``
+TypeDecorator stores JSON-serialized profiles as a JWE-encrypted string —
+profiles can carry per-profile ``api_key`` values, so the at-rest
+representation must match the existing org/member encrypted-secret pattern.
+
+Revision ID: 109
+Revises: 108
+Create Date: 2026-04-28
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = '109'
+down_revision: Union[str, None] = '108'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.add_column('user', sa.Column('llm_profiles', sa.String(), nullable=True))
+
+
+def downgrade() -> None:
+    op.drop_column('user', 'llm_profiles')
--- a/enterprise/migrations/versions/110_add_agent_kind_to_conversation_metadata.py
+++ b/enterprise/migrations/versions/110_add_agent_kind_to_conversation_metadata.py
@@ -0,0 +1,31 @@
+"""Add agent_kind column to conversation_metadata table.
+
+Stores the agent type ('llm' or 'acp') for each conversation so the
+correct agent-server endpoint can be used when routing requests.
+
+Revision ID: 110
+Revises: 109
+Create Date: 2026-04-28
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = '110'
+down_revision: Union[str, None] = '109'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.add_column(
+        'conversation_metadata',
+        sa.Column('agent_kind', sa.String(), nullable=True),
+    )
+
+
+def downgrade() -> None:
+    op.drop_column('conversation_metadata', 'agent_kind')
--- a/enterprise/poetry.lock
+++ b/enterprise/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.3.3 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand.

 [[package]]
 name = "agent-client-protocol"
@@ -1708,61 +1708,61 @@ files = [

 [[package]]
 name = "cryptography"
-version = "46.0.6"
+version = "46.0.7"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = "!=3.9.0,!=3.9.1,>=3.8"
 groups = ["main"]
 files = [
-    {file = "cryptography-46.0.6-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:64235194bad039a10bb6d2d930ab3323baaec67e2ce36215fd0952fad0930ca8"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:26031f1e5ca62fcb9d1fcb34b2b60b390d1aacaa15dc8b895a9ed00968b97b30"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:9a693028b9cbe51b5a1136232ee8f2bc242e4e19d456ded3fa7c86e43c713b4a"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:67177e8a9f421aa2d3a170c3e56eca4e0128883cf52a071a7cbf53297f18b175"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:d9528b535a6c4f8ff37847144b8986a9a143585f0540fbcb1a98115b543aa463"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:22259338084d6ae497a19bae5d4c66b7ca1387d3264d1c2c0e72d9e9b6a77b97"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:760997a4b950ff00d418398ad73fbc91aa2894b5c1db7ccb45b4f68b42a63b3c"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:3dfa6567f2e9e4c5dceb8ccb5a708158a2a871052fa75c8b78cb0977063f1507"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:cdcd3edcbc5d55757e5f5f3d330dd00007ae463a7e7aa5bf132d1f22a4b62b19"},
-    {file = "cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:d4e4aadb7fc1f88687f47ca20bb7227981b03afaae69287029da08096853b738"},
-    {file = "cryptography-46.0.6-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:2b417edbe8877cda9022dde3a008e2deb50be9c407eef034aeeb3a8b11d9db3c"},
-    {file = "cryptography-46.0.6-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:380343e0653b1c9d7e1f55b52aaa2dbb2fdf2730088d48c43ca1c7c0abb7cc2f"},
-    {file = "cryptography-46.0.6-cp311-abi3-win32.whl", hash = "sha256:bcb87663e1f7b075e48c3be3ecb5f0b46c8fc50b50a97cf264e7f60242dca3f2"},
-    {file = "cryptography-46.0.6-cp311-abi3-win_amd64.whl", hash = "sha256:6739d56300662c468fddb0e5e291f9b4d084bead381667b9e654c7dd81705124"},
-    {file = "cryptography-46.0.6-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:2ef9e69886cbb137c2aef9772c2e7138dc581fad4fcbcf13cc181eb5a3ab6275"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7f417f034f91dcec1cb6c5c35b07cdbb2ef262557f701b4ecd803ee8cefed4f4"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d24c13369e856b94892a89ddf70b332e0b70ad4a5c43cf3e9cb71d6d7ffa1f7b"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:aad75154a7ac9039936d50cf431719a2f8d4ed3d3c277ac03f3339ded1a5e707"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:3c21d92ed15e9cfc6eb64c1f5a0326db22ca9c2566ca46d845119b45b4400361"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:4668298aef7cddeaf5c6ecc244c2302a2b8e40f384255505c22875eebb47888b"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_31_armv7l.whl", hash = "sha256:8ce35b77aaf02f3b59c90b2c8a05c73bac12cea5b4e8f3fbece1f5fddea5f0ca"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:c89eb37fae9216985d8734c1afd172ba4927f5a05cfd9bf0e4863c6d5465b013"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:ed418c37d095aeddf5336898a132fba01091f0ac5844e3e8018506f014b6d2c4"},
-    {file = "cryptography-46.0.6-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:69cf0056d6947edc6e6760e5f17afe4bea06b56a9ac8a06de9d2bd6b532d4f3a"},
-    {file = "cryptography-46.0.6-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:8e7304c4f4e9490e11efe56af6713983460ee0780f16c63f219984dab3af9d2d"},
-    {file = "cryptography-46.0.6-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:b928a3ca837c77a10e81a814a693f2295200adb3352395fad024559b7be7a736"},
-    {file = "cryptography-46.0.6-cp314-cp314t-win32.whl", hash = "sha256:97c8115b27e19e592a05c45d0dd89c57f81f841cc9880e353e0d3bf25b2139ed"},
-    {file = "cryptography-46.0.6-cp314-cp314t-win_amd64.whl", hash = "sha256:c797e2517cb7880f8297e2c0f43bb910e91381339336f75d2c1c2cbf811b70b4"},
-    {file = "cryptography-46.0.6-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:12cae594e9473bca1a7aceb90536060643128bb274fcea0fc459ab90f7d1ae7a"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:639301950939d844a9e1c4464d7e07f902fe9a7f6b215bb0d4f28584729935d8"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:ed3775295fb91f70b4027aeba878d79b3e55c0b3e97eaa4de71f8f23a9f2eb77"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:8927ccfbe967c7df312ade694f987e7e9e22b2425976ddbf28271d7e58845290"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:b12c6b1e1651e42ab5de8b1e00dc3b6354fdfd778e7fa60541ddacc27cd21410"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:063b67749f338ca9c5a0b7fe438a52c25f9526b851e24e6c9310e7195aad3b4d"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:02fad249cb0e090b574e30b276a3da6a149e04ee2f049725b1f69e7b8351ec70"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:7e6142674f2a9291463e5e150090b95a8519b2fb6e6aaec8917dd8d094ce750d"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:456b3215172aeefb9284550b162801d62f5f264a081049a3e94307fe20792cfa"},
-    {file = "cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:341359d6c9e68834e204ceaf25936dffeafea3829ab80e9503860dcc4f4dac58"},
-    {file = "cryptography-46.0.6-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9a9c42a2723999a710445bc0d974e345c32adfd8d2fac6d8a251fa829ad31cfb"},
-    {file = "cryptography-46.0.6-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:6617f67b1606dfd9fe4dbfa354a9508d4a6d37afe30306fe6c101b7ce3274b72"},
-    {file = "cryptography-46.0.6-cp38-abi3-win32.whl", hash = "sha256:7f6690b6c55e9c5332c0b59b9c8a3fb232ebf059094c17f9019a51e9827df91c"},
-    {file = "cryptography-46.0.6-cp38-abi3-win_amd64.whl", hash = "sha256:79e865c642cfc5c0b3eb12af83c35c5aeff4fa5c672dc28c43721c2c9fdd2f0f"},
-    {file = "cryptography-46.0.6-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:2ea0f37e9a9cf0df2952893ad145fd9627d326a59daec9b0802480fa3bcd2ead"},
-    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:a3e84d5ec9ba01f8fd03802b2147ba77f0c8f2617b2aff254cedd551844209c8"},
-    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:12f0fa16cc247b13c43d56d7b35287ff1569b5b1f4c5e87e92cc4fcc00cd10c0"},
-    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:50575a76e2951fe7dbd1f56d181f8c5ceeeb075e9ff88e7ad997d2f42af06e7b"},
-    {file = "cryptography-46.0.6-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:90e5f0a7b3be5f40c3a0a0eafb32c681d8d2c181fc2a1bdabe9b3f611d9f6b1a"},
-    {file = "cryptography-46.0.6-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:6728c49e3b2c180ef26f8e9f0a883a2c585638db64cf265b49c9ba10652d430e"},
-    {file = "cryptography-46.0.6.tar.gz", hash = "sha256:27550628a518c5c6c903d84f637fbecf287f6cb9ced3804838a1295dc1fd0759"},
+    {file = "cryptography-46.0.7-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:ea42cbe97209df307fdc3b155f1b6fa2577c0defa8f1f7d3be7d31d189108ad4"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:b36a4695e29fe69215d75960b22577197aca3f7a25b9cf9d165dcfe9d80bc325"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:5ad9ef796328c5e3c4ceed237a183f5d41d21150f972455a9d926593a1dcb308"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:73510b83623e080a2c35c62c15298096e2a5dc8d51c3b4e1740211839d0dea77"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:cbd5fb06b62bd0721e1170273d3f4d5a277044c47ca27ee257025146c34cbdd1"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:420b1e4109cc95f0e5700eed79908cef9268265c773d3a66f7af1eef53d409ef"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:24402210aa54baae71d99441d15bb5a1919c195398a87b563df84468160a65de"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:8a469028a86f12eb7d2fe97162d0634026d92a21f3ae0ac87ed1c4a447886c83"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:9694078c5d44c157ef3162e3bf3946510b857df5a3955458381d1c7cfc143ddb"},
+    {file = "cryptography-46.0.7-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:42a1e5f98abb6391717978baf9f90dc28a743b7d9be7f0751a6f56a75d14065b"},
+    {file = "cryptography-46.0.7-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:91bbcb08347344f810cbe49065914fe048949648f6bd5c2519f34619142bbe85"},
+    {file = "cryptography-46.0.7-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:5d1c02a14ceb9148cc7816249f64f623fbfee39e8c03b3650d842ad3f34d637e"},
+    {file = "cryptography-46.0.7-cp311-abi3-win32.whl", hash = "sha256:d23c8ca48e44ee015cd0a54aeccdf9f09004eba9fc96f38c911011d9ff1bd457"},
+    {file = "cryptography-46.0.7-cp311-abi3-win_amd64.whl", hash = "sha256:397655da831414d165029da9bc483bed2fe0e75dde6a1523ec2fe63f3c46046b"},
+    {file = "cryptography-46.0.7-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:d151173275e1728cf7839aaa80c34fe550c04ddb27b34f48c232193df8db5842"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:db0f493b9181c7820c8134437eb8b0b4792085d37dbb24da050476ccb664e59c"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:ebd6daf519b9f189f85c479427bbd6e9c9037862cf8fe89ee35503bd209ed902"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:b7b412817be92117ec5ed95f880defe9cf18a832e8cafacf0a22337dc1981b4d"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:fbfd0e5f273877695cb93baf14b185f4878128b250cc9f8e617ea0c025dfb022"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:ffca7aa1d00cf7d6469b988c581598f2259e46215e0140af408966a24cf086ce"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_31_armv7l.whl", hash = "sha256:60627cf07e0d9274338521205899337c5d18249db56865f943cbe753aa96f40f"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:80406c3065e2c55d7f49a9550fe0c49b3f12e5bfff5dedb727e319e1afb9bf99"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:c5b1ccd1239f48b7151a65bc6dd54bcfcc15e028c8ac126d3fada09db0e07ef1"},
+    {file = "cryptography-46.0.7-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:d5f7520159cd9c2154eb61eb67548ca05c5774d39e9c2c4339fd793fe7d097b2"},
+    {file = "cryptography-46.0.7-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:fcd8eac50d9138c1d7fc53a653ba60a2bee81a505f9f8850b6b2888555a45d0e"},
+    {file = "cryptography-46.0.7-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:65814c60f8cc400c63131584e3e1fad01235edba2614b61fbfbfa954082db0ee"},
+    {file = "cryptography-46.0.7-cp314-cp314t-win32.whl", hash = "sha256:fdd1736fed309b4300346f88f74cd120c27c56852c3838cab416e7a166f67298"},
+    {file = "cryptography-46.0.7-cp314-cp314t-win_amd64.whl", hash = "sha256:e06acf3c99be55aa3b516397fe42f5855597f430add9c17fa46bf2e0fb34c9bb"},
+    {file = "cryptography-46.0.7-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:462ad5cb1c148a22b2e3bcc5ad52504dff325d17daf5df8d88c17dda1f75f2a4"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:84d4cced91f0f159a7ddacad249cc077e63195c36aac40b4150e7a57e84fffe7"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:128c5edfe5e5938b86b03941e94fac9ee793a94452ad1365c9fc3f4f62216832"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:5e51be372b26ef4ba3de3c167cd3d1022934bc838ae9eaad7e644986d2a3d163"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:cdf1a610ef82abb396451862739e3fc93b071c844399e15b90726ef7470eeaf2"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:1d25aee46d0c6f1a501adcddb2d2fee4b979381346a78558ed13e50aa8a59067"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:cdfbe22376065ffcf8be74dc9a909f032df19bc58a699456a21712d6e5eabfd0"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:abad9dac36cbf55de6eb49badd4016806b3165d396f64925bf2999bcb67837ba"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:935ce7e3cfdb53e3536119a542b839bb94ec1ad081013e9ab9b7cfd478b05006"},
+    {file = "cryptography-46.0.7-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:35719dc79d4730d30f1c2b6474bd6acda36ae2dfae1e3c16f2051f215df33ce0"},
+    {file = "cryptography-46.0.7-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:7bbc6ccf49d05ac8f7d7b5e2e2c33830d4fe2061def88210a126d130d7f71a85"},
+    {file = "cryptography-46.0.7-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a1529d614f44b863a7b480c6d000fe93b59acee9c82ffa027cfadc77521a9f5e"},
+    {file = "cryptography-46.0.7-cp38-abi3-win32.whl", hash = "sha256:f247c8c1a1fb45e12586afbb436ef21ff1e80670b2861a90353d9b025583d246"},
+    {file = "cryptography-46.0.7-cp38-abi3-win_amd64.whl", hash = "sha256:506c4ff91eff4f82bdac7633318a526b1d1309fc07ca76a3ad182cb5b686d6d3"},
+    {file = "cryptography-46.0.7-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:fc9ab8856ae6cf7c9358430e49b368f3108f050031442eaeb6b9d87e4dcf4e4f"},
+    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:d3b99c535a9de0adced13d159c5a9cf65c325601aa30f4be08afd680643e9c15"},
+    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:d02c738dacda7dc2a74d1b2b3177042009d5cab7c7079db74afc19e56ca1b455"},
+    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_34_aarch64.whl", hash = "sha256:04959522f938493042d595a736e7dbdff6eb6cc2339c11465b3ff89343b65f65"},
+    {file = "cryptography-46.0.7-pp311-pypy311_pp73-manylinux_2_34_x86_64.whl", hash = "sha256:3986ac1dee6def53797289999eabe84798ad7817f3e97779b5061a95b0ee4968"},
+    {file = "cryptography-46.0.7-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:258514877e15963bd43b558917bc9f54cf7cf866c38aa576ebf47a77ddbc43a4"},
+    {file = "cryptography-46.0.7.tar.gz", hash = "sha256:e4cfd68c5f3e0bfdad0d38e023239b96a2fe84146481852dffbcca442c245aa5"},
 ]

 [package.dependencies]
@@ -1775,7 +1775,7 @@ nox = ["nox[uv] (>=2024.4.15)"]
 pep8test = ["check-sdist", "click (>=8.0.1)", "mypy (>=1.14)", "ruff (>=0.11.11)"]
 sdist = ["build (>=1.0.0)"]
 ssh = ["bcrypt (>=3.1.5)"]
-test = ["certifi (>=2024)", "cryptography-vectors (==46.0.6)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
+test = ["certifi (>=2024)", "cryptography-vectors (==46.0.7)", "pretend (>=0.7)", "pytest (>=7.4.0)", "pytest-benchmark (>=4.0)", "pytest-cov (>=2.10.1)", "pytest-xdist (>=3.5.0)"]
 test-randomorder = ["pytest-randomly"]

 [[package]]
@@ -3585,7 +3585,7 @@ files = [
 [package.dependencies]
 googleapis-common-protos = ">=1.5.5"
 grpcio = ">=1.67.1"
-protobuf = ">=5.26.1,<6.0.dev0"
+protobuf = ">=5.26.1,<6.0dev"

 [[package]]
 name = "gspread"
@@ -3906,7 +3906,7 @@ pfzy = ">=0.3.1,<0.4.0"
 prompt-toolkit = ">=3.0.1,<4.0.0"

 [package.extras]
-docs = ["Sphinx (>=4.1.2,<5.0.0)", "furo (>=2021.8.17b43,<2022.0.0)", "myst-parser (>=0.15.1,<0.16.0)", "sphinx-autobuild (>=2021.3.14,<2022.0.0)", "sphinx-copybutton (>=0.4.0,<0.5.0)"]
+docs = ["Sphinx (>=4.1.2,<5.0.0)", "furo (>=2021.8.17-beta.43,<2022.0.0)", "myst-parser (>=0.15.1,<0.16.0)", "sphinx-autobuild (>=2021.3.14,<2022.0.0)", "sphinx-copybutton (>=0.4.0,<0.5.0)"]

 [[package]]
 name = "installer"
@@ -4348,7 +4348,7 @@ fqdn = {version = "*", optional = true, markers = "extra == \"format-nongpl\""}
 idna = {version = "*", optional = true, markers = "extra == \"format-nongpl\""}
 isoduration = {version = "*", optional = true, markers = "extra == \"format-nongpl\""}
 jsonpointer = {version = ">1.13", optional = true, markers = "extra == \"format-nongpl\""}
-jsonschema-specifications = ">=2023.3.6"
+jsonschema-specifications = ">=2023.03.6"
 referencing = ">=0.28.4"
 rfc3339-validator = {version = "*", optional = true, markers = "extra == \"format-nongpl\""}
 rfc3986-validator = {version = ">0.1.0", optional = true, markers = "extra == \"format-nongpl\""}
@@ -4756,7 +4756,7 @@ files = [
 ]

 [package.dependencies]
-certifi = ">=14.5.14"
+certifi = ">=14.05.14"
 durationpy = ">=0.7"
 python-dateutil = ">=2.5.3"
 pyyaml = ">=5.4.1"
@@ -4890,25 +4890,24 @@ valkey = ["valkey (>=6)"]

 [[package]]
 name = "litellm"
-version = "1.80.10"
+version = "1.83.0"
 description = "Library to easily interface with LLM API providers"
 optional = false
 python-versions = "<4.0,>=3.9"
 groups = ["main"]
 files = [
-    {file = "litellm-1.80.10-py3-none-any.whl", hash = "sha256:9b3e561efaba0eb1291cb1555d3dcb7283cf7f3cb65aadbcdb42e2a8765898c8"},
-    {file = "litellm-1.80.10.tar.gz", hash = "sha256:4a4aff7558945c2f7e5c6523e67c1b5525a46b10b0e1ad6b8f847cb13b16779e"},
+    {file = "litellm-1.83.0-py3-none-any.whl", hash = "sha256:88c536d339248f3987571493015784671ba3f193a328e1ea6780dbebaa2094a8"},
+    {file = "litellm-1.83.0.tar.gz", hash = "sha256:860bebc76c4bb27b4cf90b4a77acd66dba25aced37e3db98750de8a1766bfb7a"},
 ]

 [package.dependencies]
 aiohttp = ">=3.10"
 click = "*"
 fastuuid = ">=0.13.0"
-grpcio = {version = ">=1.62.3,<1.68.0", markers = "python_version < \"3.14\""}
 httpx = ">=0.23.0"
 importlib-metadata = ">=6.8.0"
 jinja2 = ">=3.1.2,<4.0.0"
-jsonschema = ">=4.22.0,<5.0.0"
+jsonschema = ">=4.23.0,<5.0.0"
 openai = ">=2.8.0"
 pydantic = ">=2.5.0,<3.0.0"
 python-dotenv = ">=0.2.0"
@@ -4917,9 +4916,11 @@ tokenizers = "*"

 [package.extras]
 caching = ["diskcache (>=5.6.1,<6.0.0)"]
-extra-proxy = ["azure-identity (>=1.15.0,<2.0.0) ; python_version >= \"3.9\"", "azure-keyvault-secrets (>=4.8.0,<5.0.0)", "google-cloud-iam (>=2.19.1,<3.0.0)", "google-cloud-kms (>=2.21.3,<3.0.0)", "prisma (==0.11.0)", "redisvl (>=0.4.1,<0.5.0) ; python_version >= \"3.9\" and python_version < \"3.14\"", "resend (>=0.8.0)"]
+extra-proxy = ["a2a-sdk (>=0.3.22,<0.4.0) ; python_version >= \"3.10\"", "azure-identity (>=1.15.0,<2.0.0) ; python_version >= \"3.9\"", "azure-keyvault-secrets (>=4.8.0,<5.0.0)", "google-cloud-iam (>=2.19.1,<3.0.0)", "google-cloud-kms (>=2.21.3,<3.0.0)", "prisma (>=0.11.0,<0.12.0)", "redisvl (>=0.4.1,<0.5.0) ; python_version >= \"3.9\" and python_version < \"3.14\"", "resend (>=0.8.0)"]
+google = ["google-cloud-aiplatform (>=1.38.0)"]
+grpc = ["grpcio (>=1.62.3,<1.68.dev0 || >1.71.0,!=1.71.1,!=1.72.0,!=1.72.1,!=1.73.0) ; python_version < \"3.14\"", "grpcio (>=1.75.0) ; python_version >= \"3.14\""]
 mlflow = ["mlflow (>3.1.4) ; python_version >= \"3.10\""]
-proxy = ["PyJWT (>=2.10.1,<3.0.0) ; python_version >= \"3.9\"", "apscheduler (>=3.10.4,<4.0.0)", "azure-identity (>=1.15.0,<2.0.0) ; python_version >= \"3.9\"", "azure-storage-blob (>=12.25.1,<13.0.0)", "backoff", "boto3 (==1.36.0)", "cryptography", "fastapi (>=0.120.1)", "fastapi-sso (>=0.16.0,<0.17.0)", "gunicorn (>=23.0.0,<24.0.0)", "litellm-enterprise (==0.1.25)", "litellm-proxy-extras (==0.4.14)", "mcp (>=1.21.2,<2.0.0) ; python_version >= \"3.10\"", "orjson (>=3.9.7,<4.0.0)", "polars (>=1.31.0,<2.0.0) ; python_version >= \"3.10\"", "pynacl (>=1.5.0,<2.0.0)", "python-multipart (>=0.0.18,<0.0.19)", "pyyaml (>=6.0.1,<7.0.0)", "rich (==13.7.1)", "rq", "soundfile (>=0.12.1,<0.13.0)", "uvicorn (>=0.31.1,<0.32.0)", "uvloop (>=0.21.0,<0.22.0) ; sys_platform != \"win32\"", "websockets (>=15.0.1,<16.0.0)"]
+proxy = ["PyJWT (>=2.12.0,<3.0.0) ; python_version >= \"3.9\"", "apscheduler (>=3.10.4,<4.0.0)", "azure-identity (>=1.15.0,<2.0.0) ; python_version >= \"3.9\"", "azure-storage-blob (>=12.25.1,<13.0.0)", "backoff", "boto3 (>=1.40.76,<2.0.0)", "cryptography", "fastapi (>=0.120.1)", "fastapi-sso (>=0.16.0,<0.17.0)", "gunicorn (>=23.0.0,<24.0.0)", "litellm-enterprise (==0.1.35)", "litellm-proxy-extras (>=0.4.62,<0.5.0)", "mcp (>=1.25.0,<2.0.0) ; python_version >= \"3.10\"", "orjson (>=3.9.7,<4.0.0)", "polars (>=1.31.0,<2.0.0) ; python_version >= \"3.10\"", "pynacl (>=1.5.0,<2.0.0)", "pyroscope-io (>=0.8,<0.9) ; sys_platform != \"win32\"", "python-multipart (>=0.0.20)", "pyyaml (>=6.0.1,<7.0.0)", "rich (>=13.7.1,<14.0.0)", "rq", "soundfile (>=0.12.1,<0.13.0)", "uvicorn (>=0.32.1,<1.0.0)", "uvloop (>=0.21.0,<0.22.0) ; sys_platform != \"win32\"", "websockets (>=15.0.1,<16.0.0)"]
 semantic-router = ["semantic-router (>=0.1.12) ; python_version >= \"3.9\" and python_version < \"3.14\""]
 utils = ["numpydoc"]

@@ -4960,14 +4961,14 @@ files = [

 [[package]]
 name = "lmnr"
-version = "0.7.46"
+version = "0.7.49"
 description = "Python SDK for Laminar"
 optional = false
 python-versions = "<4,>=3.10"
 groups = ["main"]
 files = [
-    {file = "lmnr-0.7.46-py3-none-any.whl", hash = "sha256:596599af3eb999c5fb253640967fa893d34998b78c577b8773c214d89efa81c9"},
-    {file = "lmnr-0.7.46.tar.gz", hash = "sha256:082c9d17a1962b559651eea843eff49c1ec54729654ba37388c4a360e862af78"},
+    {file = "lmnr-0.7.49-py3-none-any.whl", hash = "sha256:510113b02bac3e639fa80244c67ff0be5948234275b0ef04cd310d66c7d720bf"},
+    {file = "lmnr-0.7.49.tar.gz", hash = "sha256:0b6da7d1707ce4e248c15083835a70723be9e6cc652b77ddc95c12e27dc87ef3"},
 ]

 [package.dependencies]
@@ -4983,11 +4984,11 @@ opentelemetry-sdk = ">=1.39.0,<2.0.0"
 opentelemetry-semantic-conventions = "0.60b1"
 opentelemetry-semantic-conventions-ai = "0.4.13"
 orjson = ">=3.0.0,<4.0.0"
-packaging = ">=22.0"
+packaging = ">=22.0,<27.0"
 pydantic = ">=2.0.3,<3.0.0"
 python-dotenv = ">=1.0,<2.0"
 tenacity = ">=8.0,<10.0"
-tqdm = ">=4.0"
+tqdm = ">=4.0,<5.0"

 [package.extras]
 alephalpha = ["opentelemetry-instrumentation-alephalpha (==0.52.4)"]
@@ -6453,14 +6454,14 @@ llama = ["llama-index (>=0.12.29,<0.13.0)", "llama-index-core (>=0.12.29,<0.13.0

 [[package]]
 name = "openhands-agent-server"
-version = "1.16.1"
+version = "1.19.0"
 description = "OpenHands Agent Server - REST/WebSocket interface for OpenHands AI Agent"
 optional = false
 python-versions = ">=3.12"
 groups = ["main"]
 files = [
-    {file = "openhands_agent_server-1.16.1-py3-none-any.whl", hash = "sha256:015983b300510c9c329c8eace49fbd4117d31d0895a125e419c31a9964be4155"},
-    {file = "openhands_agent_server-1.16.1.tar.gz", hash = "sha256:489151d35250a424dede8646396bef7b7095adb25e5c973ca8bc6dcbd19cdf07"},
+    {file = "openhands_agent_server-1.19.0-py3-none-any.whl", hash = "sha256:132902dc918f446e3b0f5cda9f4da36a4881fc73fe509eb177959afe988c38bb"},
+    {file = "openhands_agent_server-1.19.0.tar.gz", hash = "sha256:4f81b5ec550881706b361c51a422b6daad2a33c73b94d2f3088c84ed32ce049e"},
 ]

 [package.dependencies]
@@ -6522,9 +6523,9 @@ memory-profiler = ">=0.61"
 numpy = "*"
 openai = "2.8"
 openhands-aci = "0.3.3"
-openhands-agent-server = "1.16.1"
-openhands-sdk = "1.16.1"
-openhands-tools = "1.16.1"
+openhands-agent-server = "1.19"
+openhands-sdk = "1.19"
+openhands-tools = "1.19"
 opentelemetry-api = ">=1.33.1"
 opentelemetry-exporter-otlp-proto-grpc = ">=1.33.1"
 orjson = ">=3.11.6"
@@ -6546,7 +6547,7 @@ python-docx = "*"
 python-dotenv = "*"
 python-frontmatter = ">=1.1"
 python-json-logger = ">=3.2.1"
-python-multipart = ">=0.0.22"
+python-multipart = ">=0.0.26"
 python-pptx = "*"
 python-socketio = "5.14"
 pythonnet = {version = "*", markers = "sys_platform == \"win32\""}
@@ -6570,23 +6571,20 @@ uvicorn = "*"
 whatthepatch = ">=1.0.6"
 zope-interface = "7.2"

-[package.extras]
-third-party-runtimes = ["daytona (==0.24.2)", "e2b-code-interpreter (>=2)", "modal (>=0.66.26,<1.2)", "runloop-api-client (==0.50)"]
-
 [package.source]
 type = "directory"
 url = ".."

 [[package]]
 name = "openhands-sdk"
-version = "1.16.1"
+version = "1.19.0"
 description = "OpenHands SDK - Core functionality for building AI agents"
 optional = false
 python-versions = ">=3.12"
 groups = ["main"]
 files = [
-    {file = "openhands_sdk-1.16.1-py3-none-any.whl", hash = "sha256:0b487929e03e8c87ac6d99f37ff5314df3db6af70a06b516b0858327f9744f2b"},
-    {file = "openhands_sdk-1.16.1.tar.gz", hash = "sha256:12f203c3766800bdf5d9dd4dd0a7988b88e13ff4954b0c208903778111e29567"},
+    {file = "openhands_sdk-1.19.0-py3-none-any.whl", hash = "sha256:704906533da50f2d0e93bf28609b1a36a4aa4ce578bfac13a3d1a76609d87db8"},
+    {file = "openhands_sdk-1.19.0.tar.gz", hash = "sha256:5611d877e6495a712725569f6bca3de8fabefd9e44c61dc30bd39f8883371508"},
 ]

 [package.dependencies]
@@ -6596,8 +6594,8 @@ fakeredis = {version = ">=2.32.1", extras = ["lua"]}
 fastmcp = ">=3.0.0"
 filelock = ">=3.20.1"
 httpx = {version = ">=0.27.0", extras = ["socks"]}
-litellm = "1.80.10"
-lmnr = ">=0.7.24"
+litellm = ">=1.82.6,<1.82.7 || >1.82.7,<1.82.8 || >1.82.8"
+lmnr = ">=0.7.47"
 pydantic = ">=2.12.5"
 python-frontmatter = ">=1.1.0"
 python-json-logger = ">=3.3.0"
@@ -6609,14 +6607,14 @@ boto3 = ["boto3 (>=1.35.0)"]

 [[package]]
 name = "openhands-tools"
-version = "1.16.1"
+version = "1.19.0"
 description = "OpenHands Tools - Runtime tools for AI agents"
 optional = false
 python-versions = ">=3.12"
 groups = ["main"]
 files = [
-    {file = "openhands_tools-1.16.1-py3-none-any.whl", hash = "sha256:f7fd1eb205571d02ee480ad71e96cac0c34c57c0938c4074fe135a579a7538d7"},
-    {file = "openhands_tools-1.16.1.tar.gz", hash = "sha256:64488f2d7705ff90f4bfb7dfd1a2f1fbb4f379059d96e0073677c168d97135e7"},
+    {file = "openhands_tools-1.19.0-py3-none-any.whl", hash = "sha256:ff5ddb40d628a468eda4488b2c0045470c88e396bab43330b6b468f3ada47b9e"},
+    {file = "openhands_tools-1.19.0.tar.gz", hash = "sha256:b4dc59a813fe1fe7bda519979498a7bdf07dd8f83ea3f0aad78c154f5fcb9a32"},
 ]

 [package.dependencies]
@@ -7140,7 +7138,7 @@ files = [
 ]

 [package.extras]
-docs = ["Sphinx (>=4.1.2,<5.0.0)", "furo (>=2021.8.17b43,<2022.0.0)", "myst-parser (>=0.15.1,<0.16.0)", "sphinx-autobuild (>=2021.3.14,<2022.0.0)", "sphinx-copybutton (>=0.4.0,<0.5.0)"]
+docs = ["Sphinx (>=4.1.2,<5.0.0)", "furo (>=2021.8.17-beta.43,<2022.0.0)", "myst-parser (>=0.15.1,<0.16.0)", "sphinx-autobuild (>=2021.3.14,<2022.0.0)", "sphinx-copybutton (>=0.4.0,<0.5.0)"]

 [[package]]
 name = "pg8000"
@@ -11889,14 +11887,14 @@ files = [

 [[package]]
 name = "pytest"
-version = "9.0.2"
+version = "9.0.3"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.10"
 groups = ["test"]
 files = [
-    {file = "pytest-9.0.2-py3-none-any.whl", hash = "sha256:711ffd45bf766d5264d487b917733b453d917afd2b0ad65223959f59089f875b"},
-    {file = "pytest-9.0.2.tar.gz", hash = "sha256:75186651a92bd89611d1d9fc20f0b4345fd827c41ccd5c299a868a05d70edf11"},
+    {file = "pytest-9.0.3-py3-none-any.whl", hash = "sha256:2c5efc453d45394fdd706ade797c0a81091eccd1d6e4bccfcd476e2b8e0ab5d9"},
+    {file = "pytest-9.0.3.tar.gz", hash = "sha256:b86ada508af81d19edeb213c681b1d48246c1a91d304c6c81a427674c17eb91c"},
 ]

 [package.dependencies]
@@ -12130,14 +12128,14 @@ requests-toolbelt = ">=0.6.0"

 [[package]]
 name = "python-multipart"
-version = "0.0.22"
+version = "0.0.26"
 description = "A streaming multipart parser for Python"
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
 files = [
-    {file = "python_multipart-0.0.22-py3-none-any.whl", hash = "sha256:2b2cd894c83d21bf49d702499531c7bafd057d730c201782048f7945d82de155"},
-    {file = "python_multipart-0.0.22.tar.gz", hash = "sha256:7340bef99a7e0032613f56dc36027b959fd3b30a787ed62d310e951f7c3a3a58"},
+    {file = "python_multipart-0.0.26-py3-none-any.whl", hash = "sha256:c0b169f8c4484c13b0dcf2ef0ec3a4adb255c4b7d18d8e420477d2b1dd03f185"},
+    {file = "python_multipart-0.0.26.tar.gz", hash = "sha256:08fadc45918cd615e26846437f50c5d6d23304da32c341f289a617127b081f17"},
 ]

 [[package]]
@@ -13111,10 +13109,10 @@ files = [
 ]

 [package.dependencies]
-botocore = ">=1.37.4,<2.0a0"
+botocore = ">=1.37.4,<2.0a.0"

 [package.extras]
-crt = ["botocore[crt] (>=1.37.4,<2.0a0)"]
+crt = ["botocore[crt] (>=1.37.4,<2.0a.0)"]

 [[package]]
 name = "scantree"
@@ -14146,6 +14144,14 @@ optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-macosx_10_9_x86_64.whl", hash = "sha256:e87be7572991552606a3155d2f6c2045ded8bce94bfd9f74bf521d949c219a1c"},
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-macosx_11_0_arm64.whl", hash = "sha256:86c2fdf178c66474a1be2965602818d30780e4e3ed890e3c206931f65d9a154c"},
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:035d259e64c41d02cc45afc3b8b46388b232e7d16d84734d851cca7334761da5"},
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:fa472cb9de7e14fee9408e144f29f68384cd8e9c677dff0002da19f361a59bdf"},
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:1a0ea86eccff74e85ab4a2cf77c813fad7c84162962ce242dff0c51601028832"},
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:8ab26dc998bbd4b4287b129f67c10ca715deb402ed77d0645674490ea509097e"},
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-win_amd64.whl", hash = "sha256:d4486653feaff3314ef45534dcb6f9ea8ab3aa160896287c6473788f88eb38be"},
+    {file = "tree_sitter_c_sharp-0.23.1-cp310-abi3-win_arm64.whl", hash = "sha256:e7a14b76ec23cc8386cf662d5ea602d81331376c93ca6299a97b174047790345"},
    {file = "tree_sitter_c_sharp-0.23.1-cp39-abi3-macosx_10_9_x86_64.whl", hash = "sha256:2b612a6e5bd17bb7fa2aab4bb6fc1fba45c94f09cb034ab332e45603b86e32fd"},
    {file = "tree_sitter_c_sharp-0.23.1-cp39-abi3-macosx_11_0_arm64.whl", hash = "sha256:1a8b98f62bc53efcd4d971151950c9b9cd5cbe3bacdb0cd69fdccac63350d83e"},
    {file = "tree_sitter_c_sharp-0.23.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:986e93d845a438ec3c4416401aa98e6a6f6631d644bbbc2e43fcb915c51d255d"},
@@ -15258,7 +15264,7 @@ files = [
 ]

 [package.extras]
-cffi = ["cffi (>=1.17,<2.0) ; platform_python_implementation != \"PyPy\" and python_version < \"3.14\"", "cffi (>=2.0.0b0) ; platform_python_implementation != \"PyPy\" and python_version >= \"3.14\""]
+cffi = ["cffi (>=1.17,<2.0) ; platform_python_implementation != \"PyPy\" and python_version < \"3.14\"", "cffi (>=2.0.0b) ; platform_python_implementation != \"PyPy\" and python_version >= \"3.14\""]

 [metadata]
 lock-version = "2.1"
--- a/enterprise/saas_server.py
+++ b/enterprise/saas_server.py
@@ -17,7 +17,6 @@ from server.auth.constants import (  # noqa: E402
    BITBUCKET_DATA_CENTER_HOST,
    ENABLE_JIRA,
    ENABLE_JIRA_DC,
-    ENABLE_LINEAR,
    GITHUB_APP_CLIENT_ID,
    GITLAB_APP_CLIENT_ID,
 )
@@ -29,12 +28,9 @@ from server.routes.api_keys import api_router as api_keys_router  # noqa: E402
 from server.routes.auth import api_router, oauth_router  # noqa: E402
 from server.routes.billing import billing_router  # noqa: E402
 from server.routes.email import api_router as email_router  # noqa: E402
-from server.routes.event_webhook import event_webhook_router  # noqa: E402
-from server.routes.feedback import router as feedback_router  # noqa: E402
 from server.routes.github_proxy import add_github_proxy_routes  # noqa: E402
 from server.routes.integration.jira import jira_integration_router  # noqa: E402
 from server.routes.integration.jira_dc import jira_dc_integration_router  # noqa: E402
-from server.routes.integration.linear import linear_integration_router  # noqa: E402
 from server.routes.integration.slack import slack_router  # noqa: E402
 from server.routes.mcp_patch import patch_mcp_server  # noqa: E402
 from server.routes.oauth_device import oauth_device_router  # noqa: E402
@@ -47,7 +43,6 @@ from server.routes.org_invitations import (  # noqa: E402
 from server.routes.orgs import org_router  # noqa: E402
 from server.routes.readiness import readiness_router  # noqa: E402
 from server.routes.service import service_router  # noqa: E402
-from server.routes.user import saas_user_router  # noqa: E402
 from server.routes.user_app_settings import user_app_settings_router  # noqa: E402
 from server.routes.users_v1 import (  # noqa: E402
    override_users_me_endpoint,
@@ -86,7 +81,6 @@ base_app.include_router(readiness_router)  # Add routes for readiness checks
 base_app.include_router(api_router)  # Add additional route for github auth
 base_app.include_router(oauth_router)  # Add additional route for oauth callback
 base_app.include_router(oauth_device_router)  # Add OAuth 2.0 Device Flow routes
-base_app.include_router(saas_user_router)  # Add additional route SAAS user calls
 base_app.include_router(user_app_settings_router)  # Add routes for user app settings
 base_app.include_router(
    billing_router
@@ -111,8 +105,15 @@ if GITHUB_APP_CLIENT_ID:

 # Add GitLab integration router only if GITLAB_APP_CLIENT_ID is set
 if GITLAB_APP_CLIENT_ID:
+    # Make sure that the callback processor is loaded here so we don't get an error when deserializing
+    from integrations.gitlab.gitlab_v1_callback_processor import (  # noqa: E402
+        GitlabV1CallbackProcessor,
+    )
    from server.routes.integration.gitlab import gitlab_integration_router  # noqa: E402

+    # Bludgeon mypy into not deleting my import
+    logger.debug(f'Loaded {GitlabV1CallbackProcessor.__name__}')
+
    base_app.include_router(gitlab_integration_router)

 base_app.include_router(api_keys_router)  # Add routes for API key management
@@ -138,8 +139,6 @@ if ENABLE_JIRA:
    base_app.include_router(jira_integration_router)
 if ENABLE_JIRA_DC:
    base_app.include_router(jira_dc_integration_router)
-if ENABLE_LINEAR:
-    base_app.include_router(linear_integration_router)
 if BITBUCKET_DATA_CENTER_HOST:
    from server.routes.bitbucket_dc_proxy import (
        router as bitbucket_dc_proxy_router,  # noqa: E402
@@ -147,10 +146,6 @@ if BITBUCKET_DATA_CENTER_HOST:

    base_app.include_router(bitbucket_dc_proxy_router)
 base_app.include_router(email_router)  # Add routes for email management
-base_app.include_router(feedback_router)  # Add routes for conversation feedback
-base_app.include_router(
-    event_webhook_router
-)  # Add routes for Events in nested runtimes


 base_app.add_middleware(
--- a/enterprise/server/auth/authorization.py
+++ b/enterprise/server/auth/authorization.py
@@ -40,8 +40,8 @@ from storage.org_member_store import OrgMemberStore
 from storage.role import Role
 from storage.role_store import RoleStore

+from openhands.app_server.user_auth import get_user_auth, get_user_id
 from openhands.core.logger import openhands_logger as logger
-from openhands.server.user_auth import get_user_auth, get_user_id


 class Permission(str, Enum):
@@ -87,6 +87,9 @@ class Permission(str, Enum):
    # Git organization claims
    MANAGE_ORG_CLAIMS = 'manage_org_claims'

+    # Manage Automations
+    MANAGE_AUTOMATIONS = 'manage_automations'
+

 class RoleName(str, Enum):
    """Role names used in the system."""
@@ -123,6 +126,8 @@ ROLE_PERMISSIONS: dict[RoleName, frozenset[Permission]] = {
            Permission.DELETE_ORGANIZATION,
            # Git organization claims
            Permission.MANAGE_ORG_CLAIMS,
+            # Manage Automations
+            Permission.MANAGE_AUTOMATIONS,
        ]
    ),
    RoleName.ADMIN: frozenset(
@@ -146,6 +151,8 @@ ROLE_PERMISSIONS: dict[RoleName, frozenset[Permission]] = {
            Permission.EDIT_ORG_SETTINGS,
            # Git organization claims
            Permission.MANAGE_ORG_CLAIMS,
+            # Manage Automations
+            Permission.MANAGE_AUTOMATIONS,
        ]
    ),
    RoleName.MEMBER: frozenset(
@@ -159,6 +166,8 @@ ROLE_PERMISSIONS: dict[RoleName, frozenset[Permission]] = {
            # Settings (View only)
            Permission.VIEW_ORG_SETTINGS,
            Permission.VIEW_LLM_SETTINGS,
+            # Manage Automations
+            Permission.MANAGE_AUTOMATIONS,
        ]
    ),
 }
--- a/enterprise/server/auth/constants.py
+++ b/enterprise/server/auth/constants.py
@@ -1,5 +1,7 @@
 import os

+from openhands.app_server.integrations.gitlab.constants import GITLAB_HOST
+
 GITHUB_APP_CLIENT_ID = os.getenv('GITHUB_APP_CLIENT_ID', '').strip()
 GITHUB_APP_CLIENT_SECRET = os.getenv('GITHUB_APP_CLIENT_SECRET', '').strip()
 GITHUB_APP_WEBHOOK_SECRET = os.getenv('GITHUB_APP_WEBHOOK_SECRET', '')
@@ -14,6 +16,7 @@ KEYCLOAK_SERVER_URL_EXT = os.getenv(
 KEYCLOAK_ADMIN_PASSWORD = os.getenv('KEYCLOAK_ADMIN_PASSWORD', '')
 GITLAB_APP_CLIENT_ID = os.getenv('GITLAB_APP_CLIENT_ID', '').strip()
 GITLAB_APP_CLIENT_SECRET = os.getenv('GITLAB_APP_CLIENT_SECRET', '').strip()
+GITLAB_TOKEN_URL = f'https://{GITLAB_HOST}/oauth/token'
 BITBUCKET_APP_CLIENT_ID = os.getenv('BITBUCKET_APP_CLIENT_ID', '').strip()
 BITBUCKET_APP_CLIENT_SECRET = os.getenv('BITBUCKET_APP_CLIENT_SECRET', '').strip()
 ENABLE_ENTERPRISE_SSO = os.getenv('ENABLE_ENTERPRISE_SSO', '').strip()
@@ -56,6 +59,23 @@ RECAPTCHA_SITE_KEY = os.getenv('RECAPTCHA_SITE_KEY', '').strip()
 RECAPTCHA_HMAC_SECRET = os.getenv('RECAPTCHA_HMAC_SECRET', '').strip()
 RECAPTCHA_BLOCK_THRESHOLD = float(os.getenv('RECAPTCHA_BLOCK_THRESHOLD', '0.3'))

+# Automation Service
+AUTOMATION_SERVICE_URL = os.getenv('AUTOMATION_SERVICE_URL', '').strip()
+if AUTOMATION_SERVICE_URL and not AUTOMATION_SERVICE_URL.startswith(
+    ('http://', 'https://')
+):
+    raise ValueError(
+        f'AUTOMATION_SERVICE_URL must start with http:// or https://, '
+        f'got: {AUTOMATION_SERVICE_URL}'
+    )
+AUTOMATION_EVENT_FORWARDING_ENABLED = os.getenv(
+    'AUTOMATION_EVENT_FORWARDING_ENABLED', 'false'
+) in ('1', 'true')
+# Shared secret for signing payloads sent to automation service (separate from GitHub webhook secret)
+AUTOMATION_WEBHOOK_SECRET = os.getenv('AUTOMATION_WEBHOOK_SECRET', '').strip()
+# Default HTTP timeout for automation service requests (seconds)
+AUTOMATION_SERVICE_TIMEOUT = int(os.getenv('AUTOMATION_SERVICE_TIMEOUT', '30'))
+
 # Account Defender labels that indicate suspicious activity
 SUSPICIOUS_LABELS = {
    'SUSPICIOUS_LOGIN_ACTIVITY',
--- a/enterprise/server/auth/github_utils.py
+++ b/enterprise/server/auth/github_utils.py
@@ -2,8 +2,8 @@ from integrations.github.github_service import SaaSGitHubService
 from pydantic import SecretStr
 from server.auth.auth_utils import user_verifier

+from openhands.app_server.integrations.github.github_types import GitHubUser
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.github.github_types import GitHubUser


 def is_user_allowed(user_login: str):
--- a/enterprise/server/auth/gitlab_sync.py
+++ b/enterprise/server/auth/gitlab_sync.py
@@ -3,8 +3,8 @@ import asyncio
 from pydantic import SecretStr
 from sqlalchemy import select

+from openhands.app_server.integrations.service_types import ProviderType
 from openhands.core.logger import openhands_logger as logger
-from openhands.integrations.service_types import ProviderType
 from openhands.server.types import AppMode


@@ -55,7 +55,7 @@ def schedule_gitlab_repo_sync(

            # Lazy import to avoid circular dependency:
            # middleware -> gitlab_sync -> integrations.gitlab.gitlab_service
-            # -> openhands.integrations.gitlab.gitlab_service -> get_impl
+            # -> openhands.app_server.integrations.gitlab.gitlab_service -> get_impl
            # -> integrations.gitlab.gitlab_service (circular)
            from integrations.gitlab.gitlab_service import SaaSGitLabService

--- a/enterprise/server/auth/saas_user_auth.py
+++ b/enterprise/server/auth/saas_user_auth.py
@@ -35,15 +35,15 @@ from storage.user_authorization_store import UserAuthorizationStore
 from storage.user_store import UserStore
 from tenacity import retry, retry_if_exception_type, stop_after_attempt, wait_fixed

-from openhands.integrations.provider import (
+from openhands.app_server.integrations.provider import (
    PROVIDER_TOKEN_TYPE,
    ProviderToken,
    ProviderType,
 )
-from openhands.server.settings import Settings
-from openhands.server.user_auth.user_auth import AuthType, UserAuth
-from openhands.storage.data_models.secrets import Secrets
-from openhands.storage.settings.settings_store import SettingsStore
+from openhands.app_server.secrets.secrets_models import Secrets
+from openhands.app_server.settings.settings_models import Settings
+from openhands.app_server.settings.settings_store import SettingsStore
+from openhands.app_server.user_auth.user_auth import AuthType, UserAuth

 token_manager = TokenManager()

--- a/enterprise/server/auth/token_manager.py
+++ b/enterprise/server/auth/token_manager.py
@@ -30,6 +30,7 @@ from server.auth.constants import (
    GITHUB_APP_CLIENT_SECRET,
    GITLAB_APP_CLIENT_ID,
    GITLAB_APP_CLIENT_SECRET,
+    GITLAB_TOKEN_URL,
    KEYCLOAK_REALM_NAME,
    KEYCLOAK_SERVER_URL,
    KEYCLOAK_SERVER_URL_EXT,
@@ -50,7 +51,7 @@ from storage.github_app_installation import GithubAppInstallation
 from storage.offline_token_store import OfflineTokenStore
 from tenacity import RetryCallState, retry, retry_if_exception_type, stop_after_attempt

-from openhands.integrations.service_types import ProviderType
+from openhands.app_server.integrations.service_types import ProviderType
 from openhands.server.types import SessionExpiredError
 from openhands.utils.http_session import httpx_verify_option

@@ -417,7 +418,7 @@ class TokenManager:
            return await self._parse_refresh_response(data)

    async def _refresh_gitlab_token(self, refresh_token: str) -> dict[str, str | int]:
-        url = 'https://gitlab.com/oauth/token'
+        url = GITLAB_TOKEN_URL
        logger.info(f'Refreshing GitLab token with URL: {url}')

        payload = {
--- a/Show More
+++ b/Show More