chore: auto-commit (21 archivos)

- app.md - backend/dist/assets/index-D_Kep7Fb.js - backend/dist/index.html - backend/handlers.go - backend/main.go - frontend/src/App.tsx - frontend/src/api.ts - frontend/src/components/CardChatPanel.tsx - frontend/src/components/LoginPage.tsx - frontend/src/types.ts - ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 18:17:04 +02:00
parent 1923fd31a4
commit 2524340759
20 changed files with 2165 additions and 236 deletions
@@ -4,7 +4,7 @@
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Kanban</title>
-    <script type="module" crossorigin src="/assets/index-D_Kep7Fb.js"></script>
+    <script type="module" crossorigin src="/assets/index-CFDWXN9Z.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-b0xjFtx2.css">
  </head>
  <body>
@@ -0,0 +1,158 @@
+package main
+
+import (
+	"encoding/json"
+	"sync"
+	"sync/atomic"
+	"time"
+)
+
+// EventHub is an in-process pub/sub used to push board mutations and
+// notifications to connected clients (SSE for board-wide events, WS for
+// per-card chat). Drop policy on slow consumers: best-effort send; if a
+// subscriber's buffered channel is full the event is dropped and the
+// hub increments dropCount. Clients are expected to reconcile state via
+// a full reload when reconnecting.
+type EventHub struct {
+	mu        sync.RWMutex
+	userSubs  map[string]map[chan Event]struct{}
+	cardSubs  map[string]map[chan Event]struct{}
+	dropCount uint64
+}
+
+// Event is the envelope broadcast to subscribers.
+//
+//	Type    — discriminator (e.g. "card.updated", "message.created").
+//	CardID  — set when payload pertains to a specific card.
+//	UserID  — set for per-user private events (e.g. notifications). Empty
+//	          means broadcast to every user subscriber.
+//	Payload — arbitrary JSON describing the change.
+//	TS      — RFC3339 timestamp.
+type Event struct {
+	Type    string          `json:"type"`
+	CardID  string          `json:"card_id,omitempty"`
+	UserID  string          `json:"user_id,omitempty"`
+	Payload json.RawMessage `json:"payload,omitempty"`
+	TS      string          `json:"ts"`
+}
+
+const eventBufSize = 64
+
+func NewEventHub() *EventHub {
+	return &EventHub{
+		userSubs: map[string]map[chan Event]struct{}{},
+		cardSubs: map[string]map[chan Event]struct{}{},
+	}
+}
+
+// SubscribeUser returns a channel that receives every public event plus
+// private events targeted at userID. Caller MUST eventually call
+// UnsubscribeUser to release resources.
+func (h *EventHub) SubscribeUser(userID string) chan Event {
+	ch := make(chan Event, eventBufSize)
+	h.mu.Lock()
+	set, ok := h.userSubs[userID]
+	if !ok {
+		set = map[chan Event]struct{}{}
+		h.userSubs[userID] = set
+	}
+	set[ch] = struct{}{}
+	h.mu.Unlock()
+	return ch
+}
+
+func (h *EventHub) UnsubscribeUser(userID string, ch chan Event) {
+	h.mu.Lock()
+	if set, ok := h.userSubs[userID]; ok {
+		delete(set, ch)
+		if len(set) == 0 {
+			delete(h.userSubs, userID)
+		}
+	}
+	h.mu.Unlock()
+	close(ch)
+}
+
+// SubscribeCard returns a channel that receives events scoped to cardID
+// (chat messages + typing indicators).
+func (h *EventHub) SubscribeCard(cardID string) chan Event {
+	ch := make(chan Event, eventBufSize)
+	h.mu.Lock()
+	set, ok := h.cardSubs[cardID]
+	if !ok {
+		set = map[chan Event]struct{}{}
+		h.cardSubs[cardID] = set
+	}
+	set[ch] = struct{}{}
+	h.mu.Unlock()
+	return ch
+}
+
+func (h *EventHub) UnsubscribeCard(cardID string, ch chan Event) {
+	h.mu.Lock()
+	if set, ok := h.cardSubs[cardID]; ok {
+		delete(set, ch)
+		if len(set) == 0 {
+			delete(h.cardSubs, cardID)
+		}
+	}
+	h.mu.Unlock()
+	close(ch)
+}
+
+// Publish delivers ev to every matching subscriber. If ev.UserID is set
+// it is delivered ONLY to that user's subscribers; otherwise it fans out
+// to all user subscribers. Card subscribers ALWAYS receive events that
+// match ev.CardID. Best-effort: full channels are skipped.
+func (h *EventHub) Publish(ev Event) {
+	if ev.TS == "" {
+		ev.TS = time.Now().UTC().Format(time.RFC3339)
+	}
+	h.mu.RLock()
+	defer h.mu.RUnlock()
+
+	deliver := func(ch chan Event) {
+		select {
+		case ch <- ev:
+		default:
+			atomic.AddUint64(&h.dropCount, 1)
+		}
+	}
+
+	if ev.UserID != "" {
+		if set, ok := h.userSubs[ev.UserID]; ok {
+			for ch := range set {
+				deliver(ch)
+			}
+		}
+	} else {
+		for _, set := range h.userSubs {
+			for ch := range set {
+				deliver(ch)
+			}
+		}
+	}
+	if ev.CardID != "" {
+		if set, ok := h.cardSubs[ev.CardID]; ok {
+			for ch := range set {
+				deliver(ch)
+			}
+		}
+	}
+}
+
+func (h *EventHub) DropCount() uint64 {
+	return atomic.LoadUint64(&h.dropCount)
+}
+
+// PublishJSON marshals payload and publishes a single Event.
+func (h *EventHub) PublishJSON(typ, cardID, userID string, payload interface{}) {
+	var raw json.RawMessage
+	if payload != nil {
+		b, err := json.Marshal(payload)
+		if err == nil {
+			raw = b
+		}
+	}
+	h.Publish(Event{Type: typ, CardID: cardID, UserID: userID, Payload: raw})
+}
@@ -0,0 +1,146 @@
+package main
+
+import (
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+)
+
+func TestEventHub_BroadcastToAllUsers(t *testing.T) {
+	hub := NewEventHub()
+	chA := hub.SubscribeUser("alice")
+	chB := hub.SubscribeUser("bob")
+	defer hub.UnsubscribeUser("alice", chA)
+	defer hub.UnsubscribeUser("bob", chB)
+
+	hub.PublishJSON("card.updated", "c1", "", map[string]string{"id": "c1"})
+
+	for _, ch := range []chan Event{chA, chB} {
+		select {
+		case ev := <-ch:
+			if ev.Type != "card.updated" {
+				t.Fatalf("type = %q, want card.updated", ev.Type)
+			}
+		case <-time.After(time.Second):
+			t.Fatal("timeout waiting for event")
+		}
+	}
+}
+
+func TestEventHub_PrivateUserEvent(t *testing.T) {
+	hub := NewEventHub()
+	chA := hub.SubscribeUser("alice")
+	chB := hub.SubscribeUser("bob")
+	defer hub.UnsubscribeUser("alice", chA)
+	defer hub.UnsubscribeUser("bob", chB)
+
+	hub.PublishJSON("notification.created", "", "alice", map[string]string{"foo": "bar"})
+
+	select {
+	case ev := <-chA:
+		if ev.UserID != "alice" {
+			t.Fatalf("user_id = %q, want alice", ev.UserID)
+		}
+	case <-time.After(time.Second):
+		t.Fatal("alice did not get private event")
+	}
+
+	select {
+	case ev := <-chB:
+		t.Fatalf("bob received private event for alice: %+v", ev)
+	case <-time.After(100 * time.Millisecond):
+		// expected
+	}
+}
+
+func TestEventHub_CardSubscription(t *testing.T) {
+	hub := NewEventHub()
+	ch := hub.SubscribeCard("card-1")
+	defer hub.UnsubscribeCard("card-1", ch)
+
+	hub.PublishJSON("message.created", "card-1", "", map[string]string{"id": "m1"})
+	hub.PublishJSON("message.created", "card-2", "", map[string]string{"id": "m2"})
+
+	select {
+	case ev := <-ch:
+		if ev.CardID != "card-1" {
+			t.Fatalf("card_id = %q, want card-1", ev.CardID)
+		}
+	case <-time.After(time.Second):
+		t.Fatal("timeout")
+	}
+	select {
+	case ev := <-ch:
+		t.Fatalf("received unexpected event for other card: %+v", ev)
+	case <-time.After(100 * time.Millisecond):
+	}
+}
+
+func TestEventHub_DropPolicyOnSlowConsumer(t *testing.T) {
+	hub := NewEventHub()
+	ch := hub.SubscribeUser("slow")
+	defer hub.UnsubscribeUser("slow", ch)
+
+	// Fill the buffer + N extra to force drops.
+	const extra = 50
+	for i := 0; i < eventBufSize+extra; i++ {
+		hub.PublishJSON("noise", "", "slow", nil)
+	}
+	if got := hub.DropCount(); got < extra {
+		t.Fatalf("DropCount = %d, want >= %d", got, extra)
+	}
+}
+
+func TestEventHub_UnsubscribeRemoves(t *testing.T) {
+	hub := NewEventHub()
+	ch := hub.SubscribeUser("alice")
+	hub.UnsubscribeUser("alice", ch)
+	// channel must be closed
+	select {
+	case _, ok := <-ch:
+		if ok {
+			t.Fatal("expected closed channel")
+		}
+	default:
+		// channel could be drained-and-closed
+	}
+	// Publish should not panic and should not deliver anywhere.
+	hub.PublishJSON("noise", "", "alice", nil)
+}
+
+func TestEventHub_ConcurrentPublishers(t *testing.T) {
+	hub := NewEventHub()
+	ch := hub.SubscribeUser("u")
+	defer hub.UnsubscribeUser("u", ch)
+
+	var received atomic.Uint64
+	done := make(chan struct{})
+	go func() {
+		for range ch {
+			received.Add(1)
+		}
+		close(done)
+	}()
+
+	var wg sync.WaitGroup
+	const writers = 10
+	const each = 100
+	for i := 0; i < writers; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			for j := 0; j < each; j++ {
+				hub.PublishJSON("ping", "", "u", nil)
+			}
+		}()
+	}
+	wg.Wait()
+	// Give the consumer time to drain.
+	time.Sleep(200 * time.Millisecond)
+	got := received.Load()
+	dropped := hub.DropCount()
+	if got+dropped < writers*each {
+		t.Fatalf("received=%d drop=%d want sum >= %d", got, dropped, writers*each)
+	}
+}
@@ -74,8 +74,21 @@ func handleGetBoard(db *DB) http.HandlerFunc {
 	}
 }

+// publishInvalidated emits a board.invalidated event so connected clients
+// refetch /api/board. Best-effort: dropped events recover on next mutation
+// or via the periodic safety reload kept in the SPA.
+func publishInvalidated(hub *EventHub, cardID, columnID string) {
+	if hub == nil {
+		return
+	}
+	hub.PublishJSON("board.invalidated", cardID, "", map[string]string{
+		"card_id":   cardID,
+		"column_id": columnID,
+	})
+}
+
 // POST /api/columns { name }
-func handleCreateColumn(db *DB) http.HandlerFunc {
+func handleCreateColumn(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var body struct{ Name string `json:"name"` }
 		if err := infra.HTTPParseBody(r, &body, maxBodyBytes); err != nil {
@@ -91,12 +104,13 @@ func handleCreateColumn(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, "", c.ID)
 		infra.HTTPJSONResponse(w, http.StatusCreated, c)
 	}
 }

 // PATCH /api/columns/{id} { name?, position?, location?, width? }
-func handleUpdateColumn(db *DB) http.HandlerFunc {
+func handleUpdateColumn(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		var body struct {
@@ -116,24 +130,26 @@ func handleUpdateColumn(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, "", id)
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // DELETE /api/columns/{id}
-func handleDeleteColumn(db *DB) http.HandlerFunc {
+func handleDeleteColumn(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		if err := db.DeleteColumn(id); err != nil {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, "", id)
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // POST /api/columns/reorder { ids: [...] }
-func handleReorderColumns(db *DB) http.HandlerFunc {
+func handleReorderColumns(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var body struct{ IDs []string `json:"ids"` }
 		if err := infra.HTTPParseBody(r, &body, maxBodyBytes); err != nil {
@@ -144,12 +160,13 @@ func handleReorderColumns(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, "", "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // POST /api/cards { column_id, requester?, title, description? }
-func handleCreateCard(db *DB) http.HandlerFunc {
+func handleCreateCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var body struct {
 			ColumnID    string   `json:"column_id"`
@@ -186,12 +203,13 @@ func handleCreateCard(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, c.ID, body.ColumnID)
 		infra.HTTPJSONResponse(w, http.StatusCreated, c)
 	}
 }

 // PATCH /api/cards/{id} { requester?, title?, description?, color? }
-func handleUpdateCard(db *DB) http.HandlerFunc {
+func handleUpdateCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		var raw map[string]any
@@ -249,12 +267,13 @@ func handleUpdateCard(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // PUT /api/cards/{id}/stickers { stickers: [{emoji,x,y}, ...] }
-func handleUpdateCardStickers(db *DB) http.HandlerFunc {
+func handleUpdateCardStickers(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		var body struct {
@@ -268,12 +287,13 @@ func handleUpdateCardStickers(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // DELETE /api/cards/{id}
-func handleDeleteCard(db *DB) http.HandlerFunc {
+func handleDeleteCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
@@ -281,12 +301,13 @@ func handleDeleteCard(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // POST /api/cards/{id}/move { column_id, ordered_ids }
-func handleMoveCard(db *DB) http.HandlerFunc {
+func handleMoveCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		var body struct {
@@ -310,6 +331,7 @@ func handleMoveCard(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, body.ColumnID)
 		w.WriteHeader(http.StatusNoContent)
 	}
 }
@@ -328,7 +350,10 @@ func handleListCardMessages(db *DB) http.HandlerFunc {
 }

 // POST /api/cards/{id}/messages { body }
-func handleCreateCardMessage(db *DB) http.HandlerFunc {
+//
+// Parses @mentions, fans out notifications and publishes message.created via
+// the hub so SSE/WS subscribers see the message immediately.
+func handleCreateCardMessage(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		var body struct {
@@ -347,7 +372,7 @@ func handleCreateCardMessage(db *DB) http.HandlerFunc {
 			infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
 			return
 		}
-		m, err := db.CreateCardMessage(id, actor, body.Body)
+		m, _, _, err := db.CreateCardMessageAndNotify(id, actor, body.Body, hub)
 		if err != nil {
 			if strings.Contains(err.Error(), "not found") {
 				notFound(w, err.Error())
@@ -361,8 +386,9 @@ func handleCreateCardMessage(db *DB) http.HandlerFunc {
 }

 // DELETE /api/cards/{cid}/messages/{mid}
-func handleDeleteCardMessage(db *DB) http.HandlerFunc {
+func handleDeleteCardMessage(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		cid := r.PathValue("id")
 		mid := r.PathValue("mid")
 		actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
 		if actor == "" {
@@ -377,12 +403,15 @@ func handleDeleteCardMessage(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		if hub != nil {
+			hub.PublishJSON("message.deleted", cid, "", map[string]string{"id": mid})
+		}
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // POST /api/cards/{id}/duplicate
-func handleDuplicateCard(db *DB) http.HandlerFunc {
+func handleDuplicateCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
@@ -395,6 +424,7 @@ func handleDuplicateCard(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, c.ID, c.ColumnID)
 		infra.HTTPJSONResponse(w, http.StatusCreated, c)
 	}
 }
@@ -425,7 +455,7 @@ func handleListTrash(db *DB) http.HandlerFunc {
 }

 // POST /api/cards/{id}/restore
-func handleRestoreCard(db *DB) http.HandlerFunc {
+func handleRestoreCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		actor, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
@@ -433,6 +463,7 @@ func handleRestoreCard(db *DB) http.HandlerFunc {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }
@@ -553,44 +584,48 @@ func handleListArchive(db *DB) http.HandlerFunc {
 }

 // POST /api/cards/{id}/archive
-func handleArchiveCard(db *DB) http.HandlerFunc {
+func handleArchiveCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		if err := db.ArchiveCard(id); err != nil {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // POST /api/cards/{id}/unarchive
-func handleUnarchiveCard(db *DB) http.HandlerFunc {
+func handleUnarchiveCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		if err := db.UnarchiveCard(id); err != nil {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

 // DELETE /api/cards/{id}/purge
-func handlePurgeCard(db *DB) http.HandlerFunc {
+func handlePurgeCard(db *DB, hub *EventHub) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		id := r.PathValue("id")
 		if err := db.PurgeCard(id); err != nil {
 			serverError(w, err)
 			return
 		}
+		publishInvalidated(hub, id, "")
 		w.WriteHeader(http.StatusNoContent)
 	}
 }

-func apiRoutes(db *DB, chatWorkdir string, logger *ChatLogger, internalToken string, flags *FeatureFlags) []infra.Route {
+func apiRoutes(db *DB, chatWorkdir string, logger *ChatLogger, internalToken string, flags *FeatureFlags, hub *EventHub) []infra.Route {
 	return []infra.Route{
 		{Method: "GET", Path: "/api/flags", Handler: handleListFlags(flags)},
+		{Method: "GET", Path: "/api/version", Handler: handleVersion()},
 		{Method: "POST", Path: "/api/auth/register", Handler: handleRegister(db, flags)},
 		{Method: "POST", Path: "/api/auth/login", Handler: handleLogin(db)},
 		{Method: "POST", Path: "/api/auth/logout", Handler: handleLogout(db)},
@@ -598,37 +633,53 @@ func apiRoutes(db *DB, chatWorkdir string, logger *ChatLogger, internalToken str
 		{Method: "PATCH", Path: "/api/me", Handler: handlePatchMe(db)},
 		{Method: "GET", Path: "/api/users", Handler: handleListUsers(db)},
 		{Method: "GET", Path: "/api/board", Handler: handleGetBoard(db)},
-		{Method: "POST", Path: "/api/columns", Handler: handleCreateColumn(db)},
-		{Method: "POST", Path: "/api/columns/reorder", Handler: handleReorderColumns(db)},
-		{Method: "PATCH", Path: "/api/columns/{id}", Handler: handleUpdateColumn(db)},
-		{Method: "DELETE", Path: "/api/columns/{id}", Handler: handleDeleteColumn(db)},
-		{Method: "POST", Path: "/api/cards", Handler: handleCreateCard(db)},
-		{Method: "PATCH", Path: "/api/cards/{id}", Handler: handleUpdateCard(db)},
-		{Method: "PUT", Path: "/api/cards/{id}/stickers", Handler: handleUpdateCardStickers(db)},
-		{Method: "DELETE", Path: "/api/cards/{id}", Handler: handleDeleteCard(db)},
-		{Method: "POST", Path: "/api/cards/{id}/move", Handler: handleMoveCard(db)},
-		{Method: "POST", Path: "/api/cards/{id}/duplicate", Handler: handleDuplicateCard(db)},
+		{Method: "POST", Path: "/api/columns", Handler: handleCreateColumn(db, hub)},
+		{Method: "POST", Path: "/api/columns/reorder", Handler: handleReorderColumns(db, hub)},
+		{Method: "PATCH", Path: "/api/columns/{id}", Handler: handleUpdateColumn(db, hub)},
+		{Method: "DELETE", Path: "/api/columns/{id}", Handler: handleDeleteColumn(db, hub)},
+		{Method: "POST", Path: "/api/cards", Handler: handleCreateCard(db, hub)},
+		{Method: "PATCH", Path: "/api/cards/{id}", Handler: handleUpdateCard(db, hub)},
+		{Method: "PUT", Path: "/api/cards/{id}/stickers", Handler: handleUpdateCardStickers(db, hub)},
+		{Method: "DELETE", Path: "/api/cards/{id}", Handler: handleDeleteCard(db, hub)},
+		{Method: "POST", Path: "/api/cards/{id}/move", Handler: handleMoveCard(db, hub)},
+		{Method: "POST", Path: "/api/cards/{id}/duplicate", Handler: handleDuplicateCard(db, hub)},
 		{Method: "GET", Path: "/api/cards/{id}/messages", Handler: handleListCardMessages(db)},
-		{Method: "POST", Path: "/api/cards/{id}/messages", Handler: handleCreateCardMessage(db)},
-		{Method: "DELETE", Path: "/api/cards/{id}/messages/{mid}", Handler: handleDeleteCardMessage(db)},
+		{Method: "POST", Path: "/api/cards/{id}/messages", Handler: handleCreateCardMessage(db, hub)},
+		{Method: "DELETE", Path: "/api/cards/{id}/messages/{mid}", Handler: handleDeleteCardMessage(db, hub)},
 		{Method: "GET", Path: "/api/cards/{id}/history", Handler: handleCardHistory(db)},
 		{Method: "GET", Path: "/api/trash", Handler: handleListTrash(db)},
-		{Method: "POST", Path: "/api/cards/{id}/restore", Handler: handleRestoreCard(db)},
+		{Method: "POST", Path: "/api/cards/{id}/restore", Handler: handleRestoreCard(db, hub)},
 		{Method: "GET", Path: "/api/reports/daily", Handler: handleDailyReport(db)},
 		{Method: "GET", Path: "/api/reports/daily/summary", Handler: handleGetDailySummary(db)},
 		{Method: "POST", Path: "/api/reports/daily/summary", Handler: handleGenerateDailySummary(db)},
 		{Method: "GET", Path: "/api/settings/{key}", Handler: handleGetSetting(db)},
 		{Method: "PUT", Path: "/api/settings/{key}", Handler: handlePutSetting(db)},
 		{Method: "GET", Path: "/api/archive", Handler: handleListArchive(db)},
-		{Method: "POST", Path: "/api/cards/{id}/archive", Handler: handleArchiveCard(db)},
-		{Method: "POST", Path: "/api/cards/{id}/unarchive", Handler: handleUnarchiveCard(db)},
-		{Method: "DELETE", Path: "/api/cards/{id}/purge", Handler: handlePurgeCard(db)},
+		{Method: "POST", Path: "/api/cards/{id}/archive", Handler: handleArchiveCard(db, hub)},
+		{Method: "POST", Path: "/api/cards/{id}/unarchive", Handler: handleUnarchiveCard(db, hub)},
+		{Method: "DELETE", Path: "/api/cards/{id}/purge", Handler: handlePurgeCard(db, hub)},
 		{Method: "POST", Path: "/api/chat", Handler: handleChat(db, chatWorkdir, logger)},
 		{Method: "GET", Path: "/api/chat/ws", Handler: handleChatWS(db, chatWorkdir, logger, internalToken)},
 		{Method: "POST", Path: "/api/tool/{name}", Handler: handleInternalTool(db, internalToken, logger)},
 		{Method: "GET", Path: "/api/metrics", Handler: handleMetrics(db)},
 		{Method: "GET", Path: "/api/tags", Handler: handleListTags(db)},
 		{Method: "GET", Path: "/api/requesters", Handler: handleListRequesters(db)},
+		{Method: "GET", Path: "/api/events", Handler: handleEventStream(hub)},
+		{Method: "GET", Path: "/api/cards/{id}/chat/ws", Handler: handleCardChatWS(db, hub)},
+		{Method: "GET", Path: "/api/notifications", Handler: handleListNotifications(db)},
+		{Method: "GET", Path: "/api/notifications/unread-count", Handler: handleUnreadCount(db)},
+		{Method: "POST", Path: "/api/notifications/{id}/read", Handler: handleMarkNotificationRead(db, hub)},
+		{Method: "POST", Path: "/api/notifications/read-all", Handler: handleMarkAllNotificationsRead(db, hub)},
+	}
+}
+
+// GET /api/version → {"version": "<semver>"}
+//
+// Public, no auth. Skipped from session middleware via skip list updated in
+// main.go to keep the SPA pre-login able to display the running build.
+func handleVersion() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		infra.HTTPJSONResponse(w, http.StatusOK, map[string]string{"version": Version})
 	}
 }

@@ -21,6 +21,11 @@ import (
 //go:embed all:dist
 var frontendDist embed.FS

+// Version is the build-time identifier of the kanban app. It is injected
+// from app.md's `version:` field via -ldflags "-X main.Version=..." by run.sh
+// (and by docker/CI). Defaults to "dev" for hand-built binaries.
+var Version = "dev"
+
 func main() {
 	// Subcommand `kanban mcp` runs as MCP server over stdio (spawned by claude -p).
 	if len(os.Args) > 1 && os.Args[1] == "mcp" {
@@ -63,7 +68,8 @@ func main() {
 	wd := chatWorkdir(*dbPath)
 	logger := newChatLogger(filepath.Join(wd, "chat.log"))
 	log.Printf("chat tool log: %s", logger.path)
-	mux := infra.HTTPRouter(apiRoutes(db, wd, logger, internalToken, &featureFlags))
+	hub := NewEventHub()
+	mux := infra.HTTPRouter(apiRoutes(db, wd, logger, internalToken, &featureFlags, hub))

 	feHandler := frontendHandler()
 	if feHandler != nil {
@@ -76,7 +82,7 @@ func main() {
 	authMW := infra.HTTPSessionCookieMiddleware(infra.SessionCookieConfig{
 		DB:         db.conn,
 		CookieName: cookieName,
-		SkipPaths:  []string{"/api/auth/", "/api/tool/", "/api/flags", "/health", "/assets/", "/index.html"},
+		SkipPaths:  []string{"/api/auth/", "/api/tool/", "/api/flags", "/api/version", "/health", "/assets/", "/index.html"},
 		UserCtxKey: userCtxKey,
 	})

@@ -0,0 +1,42 @@
+-- Per-user notifications + persisted @mentions.
+-- Created by card chat messages (card_messages).
+--
+-- Kinds:
+--   mention       — user mentioned via @username in body
+--   assigned_chat — user is the card's assignee and someone else commented
+--   reply         — user previously commented on this card (or is requester)
+-- A row is created per (recipient_user, message). The kind chosen is the
+-- highest priority among those that apply: mention > assigned_chat > reply.
+
+CREATE TABLE IF NOT EXISTS notifications (
+    id          TEXT PRIMARY KEY,
+    user_id     TEXT NOT NULL,
+    card_id     TEXT NOT NULL,
+    message_id  TEXT NOT NULL,
+    kind        TEXT NOT NULL,
+    actor_id    TEXT NOT NULL,
+    created_at  TEXT NOT NULL,
+    read_at     TEXT,
+    FOREIGN KEY (card_id)    REFERENCES cards(id)         ON DELETE CASCADE,
+    FOREIGN KEY (message_id) REFERENCES card_messages(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_notifications_user_unread
+    ON notifications(user_id, read_at, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_notifications_user_created
+    ON notifications(user_id, created_at DESC);
+
+CREATE TABLE IF NOT EXISTS card_mentions (
+    id          TEXT PRIMARY KEY,
+    card_id     TEXT NOT NULL,
+    message_id  TEXT NOT NULL,
+    user_id     TEXT NOT NULL,
+    created_at  TEXT NOT NULL,
+    FOREIGN KEY (card_id)    REFERENCES cards(id)         ON DELETE CASCADE,
+    FOREIGN KEY (message_id) REFERENCES card_messages(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_card_mentions_user    ON card_mentions(user_id, created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_card_mentions_card    ON card_mentions(card_id);
+CREATE INDEX IF NOT EXISTS idx_card_mentions_message ON card_mentions(message_id);
@@ -0,0 +1,328 @@
+package main
+
+import (
+	"database/sql"
+	"fmt"
+	"regexp"
+	"strings"
+	"time"
+)
+
+// Notification kinds, ordered by priority (highest first). When a single
+// message triggers multiple kinds for one user, the highest-priority kind
+// is the one persisted.
+const (
+	NotifKindMention      = "mention"
+	NotifKindAssignedChat = "assigned_chat"
+	NotifKindReply        = "reply"
+)
+
+func notifKindPriority(k string) int {
+	switch k {
+	case NotifKindMention:
+		return 3
+	case NotifKindAssignedChat:
+		return 2
+	case NotifKindReply:
+		return 1
+	}
+	return 0
+}
+
+type Notification struct {
+	ID         string  `json:"id"`
+	UserID     string  `json:"user_id"`
+	CardID     string  `json:"card_id"`
+	MessageID  string  `json:"message_id"`
+	Kind       string  `json:"kind"`
+	ActorID    string  `json:"actor_id"`
+	CreatedAt  string  `json:"created_at"`
+	ReadAt     *string `json:"read_at"`
+	CardTitle  string  `json:"card_title"`
+	CardSeqNum int     `json:"card_seq_num"`
+	ActorName  string  `json:"actor_name"`
+	Snippet    string  `json:"snippet"`
+}
+
+type CardMention struct {
+	ID        string `json:"id"`
+	CardID    string `json:"card_id"`
+	MessageID string `json:"message_id"`
+	UserID    string `json:"user_id"`
+	CreatedAt string `json:"created_at"`
+}
+
+var mentionRe = regexp.MustCompile(`(?i)@([a-z0-9][a-z0-9_.-]{0,63})`)
+
+// extractMentions returns the set of @usernames referenced in body, lowercased.
+// The leading '@' is not included. Each username is returned at most once.
+func extractMentions(body string) []string {
+	matches := mentionRe.FindAllStringSubmatch(body, -1)
+	if len(matches) == 0 {
+		return nil
+	}
+	seen := map[string]struct{}{}
+	out := make([]string, 0, len(matches))
+	for _, m := range matches {
+		u := strings.ToLower(m[1])
+		if _, ok := seen[u]; ok {
+			continue
+		}
+		seen[u] = struct{}{}
+		out = append(out, u)
+	}
+	return out
+}
+
+// CreateCardMessageAndNotify wraps CreateCardMessage with mention parsing,
+// notification fan-out and pub/sub publication. The returned slice contains
+// the user_ids that received a notification (useful for tests).
+func (db *DB) CreateCardMessageAndNotify(cardID, authorID, body string, hub *EventHub) (*CardMessage, []Notification, []CardMention, error) {
+	msg, err := db.CreateCardMessage(cardID, authorID, body)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	mentions, err := db.resolveAndStoreMentions(cardID, msg.ID, body)
+	if err != nil {
+		return msg, nil, nil, err
+	}
+
+	notifs, err := db.fanoutNotifications(cardID, msg, authorID, mentions)
+	if err != nil {
+		return msg, nil, mentions, err
+	}
+
+	if hub != nil {
+		hub.PublishJSON("message.created", cardID, "", msg)
+		for _, n := range notifs {
+			hub.PublishJSON("notification.created", cardID, n.UserID, n)
+		}
+	}
+	return msg, notifs, mentions, nil
+}
+
+// resolveAndStoreMentions parses @usernames from body, resolves them to
+// existing user_ids (silently ignoring unknowns) and persists the matches
+// in card_mentions.
+func (db *DB) resolveAndStoreMentions(cardID, messageID, body string) ([]CardMention, error) {
+	usernames := extractMentions(body)
+	if len(usernames) == 0 {
+		return nil, nil
+	}
+	placeholders := strings.Repeat("?,", len(usernames))
+	placeholders = placeholders[:len(placeholders)-1]
+	args := make([]interface{}, 0, len(usernames))
+	for _, u := range usernames {
+		args = append(args, u)
+	}
+	rows, err := db.conn.Query(
+		fmt.Sprintf(`SELECT id, username FROM users WHERE username IN (%s)`, placeholders),
+		args...,
+	)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	resolved := map[string]string{}
+	for rows.Next() {
+		var id, uname string
+		if err := rows.Scan(&id, &uname); err != nil {
+			return nil, err
+		}
+		resolved[uname] = id
+	}
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+	if len(resolved) == 0 {
+		return nil, nil
+	}
+	now := time.Now().UTC().Format(time.RFC3339)
+	out := make([]CardMention, 0, len(resolved))
+	for _, userID := range resolved {
+		m := CardMention{ID: newID(), CardID: cardID, MessageID: messageID, UserID: userID, CreatedAt: now}
+		if _, err := db.conn.Exec(
+			`INSERT INTO card_mentions (id, card_id, message_id, user_id, created_at) VALUES (?, ?, ?, ?, ?)`,
+			m.ID, m.CardID, m.MessageID, m.UserID, m.CreatedAt,
+		); err != nil {
+			return out, err
+		}
+		out = append(out, m)
+	}
+	return out, nil
+}
+
+// fanoutNotifications computes the recipient set for a new message and
+// inserts one notification row per recipient with the highest-priority kind.
+//
+// Recipients = {assignee_id of card} ∪ {previous authors of card_messages
+// on this card} ∪ {users mentioned in this message} \ {author}.
+//
+// Kind precedence: mention > assigned_chat > reply.
+func (db *DB) fanoutNotifications(cardID string, msg *CardMessage, authorID string, mentions []CardMention) ([]Notification, error) {
+	recipients := map[string]string{} // userID -> kind
+
+	upgrade := func(userID, kind string) {
+		if userID == "" || userID == authorID {
+			return
+		}
+		existing, ok := recipients[userID]
+		if !ok || notifKindPriority(kind) > notifKindPriority(existing) {
+			recipients[userID] = kind
+		}
+	}
+
+	// Previous authors on this card.
+	rows, err := db.conn.Query(
+		`SELECT DISTINCT author_id FROM card_messages
+		 WHERE card_id = ? AND author_id IS NOT NULL AND author_id != '' AND id != ?`,
+		cardID, msg.ID,
+	)
+	if err != nil {
+		return nil, err
+	}
+	for rows.Next() {
+		var uid sql.NullString
+		if err := rows.Scan(&uid); err != nil {
+			rows.Close()
+			return nil, err
+		}
+		if uid.Valid {
+			upgrade(uid.String, NotifKindReply)
+		}
+	}
+	rows.Close()
+
+	// Assignee.
+	var assignee sql.NullString
+	if err := db.conn.QueryRow(`SELECT assignee_id FROM cards WHERE id = ?`, cardID).Scan(&assignee); err != nil && err != sql.ErrNoRows {
+		return nil, err
+	}
+	if assignee.Valid {
+		upgrade(assignee.String, NotifKindAssignedChat)
+	}
+
+	// Mentions (highest priority).
+	for _, m := range mentions {
+		upgrade(m.UserID, NotifKindMention)
+	}
+
+	if len(recipients) == 0 {
+		return nil, nil
+	}
+
+	now := time.Now().UTC().Format(time.RFC3339)
+	out := make([]Notification, 0, len(recipients))
+
+	// Snippet for hydrated notif payload.
+	snippet := msg.Body
+	if len(snippet) > 140 {
+		snippet = snippet[:140] + "…"
+	}
+	var cardTitle string
+	var cardSeq int
+	_ = db.conn.QueryRow(`SELECT title, seq_num FROM cards WHERE id = ?`, cardID).Scan(&cardTitle, &cardSeq)
+	var actorName string
+	_ = db.conn.QueryRow(`SELECT COALESCE(NULLIF(display_name, ''), username) FROM users WHERE id = ?`, authorID).Scan(&actorName)
+
+	for userID, kind := range recipients {
+		n := Notification{
+			ID: newID(), UserID: userID, CardID: cardID, MessageID: msg.ID,
+			Kind: kind, ActorID: authorID, CreatedAt: now,
+			CardTitle: cardTitle, CardSeqNum: cardSeq, ActorName: actorName, Snippet: snippet,
+		}
+		if _, err := db.conn.Exec(
+			`INSERT INTO notifications (id, user_id, card_id, message_id, kind, actor_id, created_at) VALUES (?, ?, ?, ?, ?, ?, ?)`,
+			n.ID, n.UserID, n.CardID, n.MessageID, n.Kind, n.ActorID, n.CreatedAt,
+		); err != nil {
+			return out, err
+		}
+		out = append(out, n)
+	}
+	return out, nil
+}
+
+// ListNotifications returns notifications for userID. If onlyUnread is true,
+// already-read entries are skipped. Limit defaults to 50 when <= 0.
+func (db *DB) ListNotifications(userID string, onlyUnread bool, limit int) ([]Notification, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	q := `SELECT n.id, n.user_id, n.card_id, n.message_id, n.kind, n.actor_id, n.created_at, n.read_at,
+	             COALESCE(c.title, ''), COALESCE(c.seq_num, 0),
+	             COALESCE(NULLIF(u.display_name, ''), u.username, ''),
+	             COALESCE(m.body, '')
+	      FROM notifications n
+	      LEFT JOIN cards c          ON c.id = n.card_id
+	      LEFT JOIN users u          ON u.id = n.actor_id
+	      LEFT JOIN card_messages m  ON m.id = n.message_id
+	      WHERE n.user_id = ?`
+	if onlyUnread {
+		q += ` AND n.read_at IS NULL`
+	}
+	q += ` ORDER BY n.created_at DESC LIMIT ?`
+	rows, err := db.conn.Query(q, userID, limit)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	out := []Notification{}
+	for rows.Next() {
+		var n Notification
+		var readAt sql.NullString
+		var body string
+		if err := rows.Scan(&n.ID, &n.UserID, &n.CardID, &n.MessageID, &n.Kind, &n.ActorID, &n.CreatedAt,
+			&readAt, &n.CardTitle, &n.CardSeqNum, &n.ActorName, &body); err != nil {
+			return nil, err
+		}
+		if readAt.Valid {
+			s := readAt.String
+			n.ReadAt = &s
+		}
+		if len(body) > 140 {
+			n.Snippet = body[:140] + "…"
+		} else {
+			n.Snippet = body
+		}
+		out = append(out, n)
+	}
+	return out, rows.Err()
+}
+
+func (db *DB) CountUnreadNotifications(userID string) (int, error) {
+	var n int
+	err := db.conn.QueryRow(
+		`SELECT COUNT(*) FROM notifications WHERE user_id = ? AND read_at IS NULL`, userID,
+	).Scan(&n)
+	return n, err
+}
+
+func (db *DB) MarkNotificationRead(userID, notifID string) error {
+	now := time.Now().UTC().Format(time.RFC3339)
+	res, err := db.conn.Exec(
+		`UPDATE notifications SET read_at = ? WHERE id = ? AND user_id = ? AND read_at IS NULL`,
+		now, notifID, userID,
+	)
+	if err != nil {
+		return err
+	}
+	if n, _ := res.RowsAffected(); n == 0 {
+		// Not an error: idempotent.
+		return nil
+	}
+	return nil
+}
+
+func (db *DB) MarkAllNotificationsRead(userID string) (int, error) {
+	now := time.Now().UTC().Format(time.RFC3339)
+	res, err := db.conn.Exec(
+		`UPDATE notifications SET read_at = ? WHERE user_id = ? AND read_at IS NULL`,
+		now, userID,
+	)
+	if err != nil {
+		return 0, err
+	}
+	n, _ := res.RowsAffected()
+	return int(n), nil
+}
@@ -0,0 +1,179 @@
+package main
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+)
+
+func TestExtractMentions(t *testing.T) {
+	cases := []struct {
+		in   string
+		want []string
+	}{
+		{"hola @alice", []string{"alice"}},
+		{"@Bob y @bob mismo", []string{"bob"}},
+		{"sin menciones", nil},
+		{"email@foo.com no cuenta como @real_user", []string{"foo.com", "real_user"}},
+		{"@a-b-c y @d.e", []string{"a-b-c", "d.e"}},
+	}
+	for _, c := range cases {
+		got := extractMentions(c.in)
+		sort.Strings(got)
+		sort.Strings(c.want)
+		if !reflect.DeepEqual(got, c.want) {
+			t.Errorf("extractMentions(%q) = %v, want %v", c.in, got, c.want)
+		}
+	}
+}
+
+func mkUser(t *testing.T, db *DB, username string) string {
+	t.Helper()
+	u, err := db.CreateUser(username, "passw", username)
+	if err != nil {
+		t.Fatalf("CreateUser %q: %v", username, err)
+	}
+	return u.ID
+}
+
+func mkCard(t *testing.T, db *DB, columnID, requester, title, assigneeID string) string {
+	t.Helper()
+	c, err := db.CreateCard(columnID, requester, title, "", "")
+	if err != nil {
+		t.Fatalf("CreateCard: %v", err)
+	}
+	if assigneeID != "" {
+		if err := db.UpdateCardWithActor(c.ID, CardPatch{AssigneeID: &assigneeID, HasAssignee: true}, ""); err != nil {
+			t.Fatalf("assign: %v", err)
+		}
+	}
+	return c.ID
+}
+
+func TestCreateCardMessageAndNotify_AssigneeAndPreviousAuthors(t *testing.T) {
+	db := setupTestDB(t)
+
+	alice := mkUser(t, db, "alice")
+	bob := mkUser(t, db, "bob")
+	carol := mkUser(t, db, "carol")
+
+	col, err := db.CreateColumn("Todo")
+	if err != nil {
+		t.Fatalf("CreateColumn: %v", err)
+	}
+	card := mkCard(t, db, col.ID, "x", "card", bob)
+
+	// 1) alice writes; bob is assignee → bob gets assigned_chat.
+	_, notifs, _, err := db.CreateCardMessageAndNotify(card, alice, "hola", nil)
+	if err != nil {
+		t.Fatalf("create msg: %v", err)
+	}
+	if len(notifs) != 1 || notifs[0].UserID != bob || notifs[0].Kind != NotifKindAssignedChat {
+		t.Fatalf("expected single assigned_chat for bob, got %+v", notifs)
+	}
+
+	// 2) carol replies (carol is neither assignee nor previous author).
+	//    alice (previous author) gets reply; bob (assignee) gets assigned_chat.
+	_, notifs, _, err = db.CreateCardMessageAndNotify(card, carol, "hola alice", nil)
+	if err != nil {
+		t.Fatalf("create msg: %v", err)
+	}
+	gotKinds := map[string]string{}
+	for _, n := range notifs {
+		gotKinds[n.UserID] = n.Kind
+	}
+	wantKinds := map[string]string{alice: NotifKindReply, bob: NotifKindAssignedChat}
+	if !reflect.DeepEqual(gotKinds, wantKinds) {
+		t.Fatalf("kinds = %+v, want %+v", gotKinds, wantKinds)
+	}
+}
+
+func TestCreateCardMessageAndNotify_MentionsBeatOtherKinds(t *testing.T) {
+	db := setupTestDB(t)
+	alice := mkUser(t, db, "alice")
+	bob := mkUser(t, db, "bob")
+	col, _ := db.CreateColumn("Todo")
+	card := mkCard(t, db, col.ID, "x", "card", bob) // bob is assignee
+
+	// alice mentions bob explicitly → kind must be 'mention', not 'assigned_chat'.
+	_, notifs, mentions, err := db.CreateCardMessageAndNotify(card, alice, "oye @bob mira esto", nil)
+	if err != nil {
+		t.Fatalf("create: %v", err)
+	}
+	if len(mentions) != 1 || mentions[0].UserID != bob {
+		t.Fatalf("mentions = %+v, want [bob]", mentions)
+	}
+	if len(notifs) != 1 || notifs[0].UserID != bob || notifs[0].Kind != NotifKindMention {
+		t.Fatalf("notifs = %+v, want single mention for bob", notifs)
+	}
+}
+
+func TestCreateCardMessageAndNotify_UnknownMentionsIgnored(t *testing.T) {
+	db := setupTestDB(t)
+	alice := mkUser(t, db, "alice")
+	col, _ := db.CreateColumn("Todo")
+	card := mkCard(t, db, col.ID, "x", "card", "")
+
+	_, notifs, mentions, err := db.CreateCardMessageAndNotify(card, alice, "hola @noexiste", nil)
+	if err != nil {
+		t.Fatalf("create: %v", err)
+	}
+	if len(mentions) != 0 || len(notifs) != 0 {
+		t.Fatalf("got mentions=%v notifs=%v, want empty", mentions, notifs)
+	}
+}
+
+func TestCreateCardMessageAndNotify_AuthorNeverSelfNotified(t *testing.T) {
+	db := setupTestDB(t)
+	alice := mkUser(t, db, "alice")
+	col, _ := db.CreateColumn("Todo")
+	card := mkCard(t, db, col.ID, "x", "card", alice) // alice is assignee
+
+	// alice mentions herself + is assignee → no notification.
+	_, notifs, _, err := db.CreateCardMessageAndNotify(card, alice, "monologo @alice", nil)
+	if err != nil {
+		t.Fatalf("create: %v", err)
+	}
+	if len(notifs) != 0 {
+		t.Fatalf("notifs = %+v, want empty (self)", notifs)
+	}
+}
+
+func TestListAndMarkRead(t *testing.T) {
+	db := setupTestDB(t)
+	alice := mkUser(t, db, "alice")
+	bob := mkUser(t, db, "bob")
+	col, _ := db.CreateColumn("Todo")
+	card := mkCard(t, db, col.ID, "x", "card", bob)
+
+	_, _, _, _ = db.CreateCardMessageAndNotify(card, alice, "1", nil)
+	_, _, _, _ = db.CreateCardMessageAndNotify(card, alice, "2", nil)
+
+	got, err := db.ListNotifications(bob, true, 0)
+	if err != nil {
+		t.Fatalf("list: %v", err)
+	}
+	if len(got) != 2 {
+		t.Fatalf("len = %d, want 2", len(got))
+	}
+	if n, _ := db.CountUnreadNotifications(bob); n != 2 {
+		t.Fatalf("unread count = %d, want 2", n)
+	}
+
+	if err := db.MarkNotificationRead(bob, got[0].ID); err != nil {
+		t.Fatalf("mark read: %v", err)
+	}
+	if n, _ := db.CountUnreadNotifications(bob); n != 1 {
+		t.Fatalf("unread count after mark = %d, want 1", n)
+	}
+	// idempotent
+	if err := db.MarkNotificationRead(bob, got[0].ID); err != nil {
+		t.Fatalf("mark read 2nd time: %v", err)
+	}
+	if n, _ := db.MarkAllNotificationsRead(bob); n != 1 {
+		t.Fatalf("mark all = %d, want 1", n)
+	}
+	if n, _ := db.CountUnreadNotifications(bob); n != 0 {
+		t.Fatalf("unread count after mark-all = %d, want 0", n)
+	}
+}
@@ -0,0 +1,297 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	"fn-registry/functions/infra"
+	"nhooyr.io/websocket"
+)
+
+const (
+	sseHeartbeat     = 25 * time.Second
+	wsChatHeartbeat  = 30 * time.Second
+	wsChatReadLimit  = 64 * 1024
+	wsChatWriteWait  = 5 * time.Second
+	typingDebounceMs = 1500
+)
+
+// handleEventStream serves the per-user SSE channel.
+//
+// One stream per browser tab. Auto-reconnect lives on the client (browsers
+// retry EventSource by default). The server publishes:
+//
+//	board.*           — column/card mutations (broadcast to every user).
+//	message.created   — chat message added on any card (broadcast).
+//	notification.*    — private events for one recipient (UserID set).
+func handleEventStream(hub *EventHub) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
+		if userID == "" {
+			infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
+			return
+		}
+		flusher, ok := w.(http.Flusher)
+		if !ok {
+			http.Error(w, "streaming unsupported", http.StatusInternalServerError)
+			return
+		}
+		w.Header().Set("Content-Type", "text/event-stream")
+		w.Header().Set("Cache-Control", "no-cache, no-transform")
+		w.Header().Set("Connection", "keep-alive")
+		w.Header().Set("X-Accel-Buffering", "no")
+		w.WriteHeader(http.StatusOK)
+		// Initial flush so the browser knows the stream is open.
+		fmt.Fprint(w, ": hello\n\n")
+		flusher.Flush()
+
+		ch := hub.SubscribeUser(userID)
+		defer hub.UnsubscribeUser(userID, ch)
+
+		ticker := time.NewTicker(sseHeartbeat)
+		defer ticker.Stop()
+
+		for {
+			select {
+			case <-r.Context().Done():
+				return
+			case <-ticker.C:
+				if _, err := fmt.Fprint(w, ": ping\n\n"); err != nil {
+					return
+				}
+				flusher.Flush()
+			case ev, ok := <-ch:
+				if !ok {
+					return
+				}
+				if ev.UserID != "" && ev.UserID != userID {
+					// Defensive: hub already routes private events but the
+					// broadcast path could leak if a future change adds
+					// fan-out. Skip explicitly.
+					continue
+				}
+				b, err := json.Marshal(ev)
+				if err != nil {
+					continue
+				}
+				if _, err := fmt.Fprintf(w, "event: %s\ndata: %s\n\n", ev.Type, b); err != nil {
+					return
+				}
+				flusher.Flush()
+			}
+		}
+	}
+}
+
+// cardChatWSIn is the message sent by the browser over the per-card WS.
+type cardChatWSIn struct {
+	Type string `json:"type"`           // "send" | "typing"
+	Body string `json:"body,omitempty"` // only for "send"
+}
+
+// cardChatWSOut is the message the server pushes to subscribers of a card.
+//
+// Types:
+//
+//	message.created  — new CardMessage (full payload).
+//	typing           — UserID is typing (no body).
+//	error            — server-side error, connection stays open.
+type cardChatWSOut struct {
+	Type    string      `json:"type"`
+	Message *CardMessage `json:"message,omitempty"`
+	UserID  string      `json:"user_id,omitempty"`
+	Error   string      `json:"error,omitempty"`
+}
+
+// handleCardChatWS upgrades the request to WebSocket and provides bidirectional
+// realtime chat for a single card. Each connection is subscribed to the
+// card's event channel; sends originating from this connection are persisted
+// then republished through the hub so peer connections (including this one)
+// see them.
+func handleCardChatWS(db *DB, hub *EventHub) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		cardID := r.PathValue("id")
+		userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
+		if userID == "" {
+			infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
+			return
+		}
+		// Confirm card exists before upgrading to avoid leaking goroutines on
+		// invalid IDs.
+		var exists int
+		if err := db.conn.QueryRow(`SELECT 1 FROM cards WHERE id = ?`, cardID).Scan(&exists); err != nil {
+			notFound(w, "card not found")
+			return
+		}
+
+		conn, err := infra.WSUpgrader(w, r, []string{"*"})
+		if err != nil {
+			return
+		}
+		defer conn.Close(websocket.StatusInternalError, "internal")
+		conn.SetReadLimit(wsChatReadLimit)
+
+		ch := hub.SubscribeCard(cardID)
+		defer hub.UnsubscribeCard(cardID, ch)
+
+		ctx, cancel := context.WithCancel(r.Context())
+		defer cancel()
+
+		// Writer goroutine: forward hub events to this socket.
+		go func() {
+			ticker := time.NewTicker(wsChatHeartbeat)
+			defer ticker.Stop()
+			for {
+				select {
+				case <-ctx.Done():
+					return
+				case <-ticker.C:
+					wctx, c := context.WithTimeout(ctx, wsChatWriteWait)
+					_ = conn.Ping(wctx)
+					c()
+				case ev, ok := <-ch:
+					if !ok {
+						return
+					}
+					if ev.CardID != cardID {
+						continue
+					}
+					out := cardChatWSOut{Type: ev.Type}
+					switch ev.Type {
+					case "message.created":
+						var m CardMessage
+						if err := json.Unmarshal(ev.Payload, &m); err == nil {
+							out.Message = &m
+						}
+					case "card.typing":
+						var p struct {
+							UserID string `json:"user_id"`
+						}
+						_ = json.Unmarshal(ev.Payload, &p)
+						// Skip echoing the typer's own indicator.
+						if p.UserID == userID {
+							continue
+						}
+						out.UserID = p.UserID
+					default:
+						continue
+					}
+					b, err := json.Marshal(out)
+					if err != nil {
+						continue
+					}
+					wctx, c := context.WithTimeout(ctx, wsChatWriteWait)
+					if err := conn.Write(wctx, websocket.MessageText, b); err != nil {
+						c()
+						cancel()
+						return
+					}
+					c()
+				}
+			}
+		}()
+
+		// Reader loop: persist sends and broadcast typing.
+		for {
+			_, raw, err := conn.Read(ctx)
+			if err != nil {
+				return
+			}
+			var in cardChatWSIn
+			if err := json.Unmarshal(raw, &in); err != nil {
+				continue
+			}
+			switch in.Type {
+			case "send":
+				if in.Body == "" {
+					continue
+				}
+				if _, _, _, err := db.CreateCardMessageAndNotify(cardID, userID, in.Body, hub); err != nil {
+					b, _ := json.Marshal(cardChatWSOut{Type: "error", Error: err.Error()})
+					wctx, c := context.WithTimeout(ctx, wsChatWriteWait)
+					_ = conn.Write(wctx, websocket.MessageText, b)
+					c()
+				}
+			case "typing":
+				hub.PublishJSON("card.typing", cardID, "", map[string]string{"user_id": userID})
+			}
+		}
+	}
+}
+
+// Notification HTTP handlers.
+
+func handleListNotifications(db *DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
+		if userID == "" {
+			infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
+			return
+		}
+		onlyUnread := r.URL.Query().Get("unread") == "1"
+		limit := 50
+		out, err := db.ListNotifications(userID, onlyUnread, limit)
+		if err != nil {
+			serverError(w, err)
+			return
+		}
+		infra.HTTPJSONResponse(w, http.StatusOK, out)
+	}
+}
+
+func handleUnreadCount(db *DB) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
+		if userID == "" {
+			infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
+			return
+		}
+		n, err := db.CountUnreadNotifications(userID)
+		if err != nil {
+			serverError(w, err)
+			return
+		}
+		infra.HTTPJSONResponse(w, http.StatusOK, map[string]int{"count": n})
+	}
+}
+
+func handleMarkNotificationRead(db *DB, hub *EventHub) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
+		if userID == "" {
+			infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
+			return
+		}
+		id := r.PathValue("id")
+		if err := db.MarkNotificationRead(userID, id); err != nil {
+			serverError(w, err)
+			return
+		}
+		if hub != nil {
+			hub.PublishJSON("notification.read", "", userID, map[string]string{"id": id})
+		}
+		w.WriteHeader(http.StatusNoContent)
+	}
+}
+
+func handleMarkAllNotificationsRead(db *DB, hub *EventHub) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userID, _ := infra.UserIDFromContext(r.Context(), userCtxKey)
+		if userID == "" {
+			infra.HTTPErrorResponse(w, infra.HTTPError{Status: http.StatusUnauthorized, Code: "unauthorized", Message: "session required"})
+			return
+		}
+		n, err := db.MarkAllNotificationsRead(userID)
+		if err != nil {
+			serverError(w, err)
+			return
+		}
+		if hub != nil {
+			hub.PublishJSON("notification.read_all", "", userID, map[string]int{"count": n})
+		}
+		infra.HTTPJSONResponse(w, http.StatusOK, map[string]int{"count": n})
+	}
+}