cossistantcom · seemayr · Apr 11, 2026 · greptile-apps · Apr 11, 2026 · greptile-apps
diff --git a/apps/api/src/rest/routers/conversation-auth.test.ts b/apps/api/src/rest/routers/conversation-auth.test.ts
@@ -8,6 +8,9 @@ const safelyExtractRequestQueryMock = mock((async () => ({})) as (
 	...args: unknown[]
 ) => Promise<unknown>);
 const validateResponseMock = mock(<T>(value: T) => value);
+const resolvePrivateApiKeyActorUserMock = mock(
+	(async () => null) as (...args: unknown[]) => Promise<unknown>
+);
 
 const getVisitorMock = mock(
 	(async () => null) as (...args: unknown[]) => Promise<unknown>
@@ -55,6 +58,10 @@ mock.module("@api/utils/validate", () => ({
 	validateResponse: validateResponseMock,
 }));
 
+mock.module("@api/lib/private-api-key-actor", () => ({
+	resolvePrivateApiKeyActorUser: resolvePrivateApiKeyActorUserMock,
+}));
+
 mock.module("@api/db/queries", () => ({
 	getVisitor: getVisitorMock,
 	upsertVisitor: mock(async () => null),
@@ -317,15 +324,19 @@ describe("conversation auth and inbox routes", () => {
 			items: [createInboxItem()],
 			nextCursor: "cursor_2",
 		});
+		resolvePrivateApiKeyActorUserMock.mockResolvedValue(null);
 		mergeConversationMetadataMock.mockResolvedValue(createConversationRecord());
 	});
 
 	it("lists inbox conversations for private API keys", async () => {
+		resolvePrivateApiKeyActorUserMock.mockResolvedValue({
+			userId: "user-1",
+		});
 		safelyExtractRequestQueryMock.mockResolvedValue({
 			db: {},
 			apiKey: { keyType: APIKeyType.PRIVATE },
 			organization: { id: "org-1" },
-			website: { id: "site-1", organizationId: "org-1" },
+			website: { id: "site-1", organizationId: "org-1", teamId: "team-1" },
 			query: {
 				limit: 20,
 				cursor: null,
@@ -347,6 +358,39 @@ describe("conversation auth and inbox routes", () => {
 		expect(response.status).toBe(200);
 		expect(payload.nextCursor).toBe("cursor_2");
 		expect(payload.items[0]?.id).toBe(conversationId);
+		expect(listConversationsHeadersMock).toHaveBeenCalledWith(
+			{},
+			{
+				organizationId: "org-1",
+				websiteId: "site-1",
+				userId: "user-1",
+				limit: 20,
+				cursor: null,
+			}
+		);
+	});
+
+	it("keeps inbox lastSeenAt actorless when no teammate context is available", async () => {
+		resolvePrivateApiKeyActorUserMock.mockResolvedValue(null);
+		safelyExtractRequestQueryMock.mockResolvedValue({
+			db: {},
+			apiKey: { keyType: APIKeyType.PRIVATE },
+			organization: { id: "org-1" },
+			website: { id: "site-1", organizationId: "org-1", teamId: "team-1" },
+			query: {
+				limit: 20,
+				cursor: null,
+			},
+		});
+
+		const { conversationRouter } = await conversationRouterModulePromise;
+		const response = await conversationRouter.request(
+			new Request("http://localhost/inbox?limit=20", {
+				method: "GET",
+			})
+		);
+
+		expect(response.status).toBe(200);
 		expect(listConversationsHeadersMock).toHaveBeenCalledWith(
 			{},
 			{

diff --git a/apps/api/src/rest/routers/conversation.ts b/apps/api/src/rest/routers/conversation.ts
@@ -2043,12 +2043,21 @@ conversationRouter.openapi(
 			return privateContext;
 		}
 
+		const actor = await requirePrivateConversationActor({
+			c,
+			db: extracted.db,
+			apiKey: privateContext.apiKey,
+			organizationId: privateContext.organization.id,
+			websiteTeamId: privateContext.website.teamId,
+			required: false,
+		});
+
 		const [planInfo, result] = await Promise.all([
 			getPlanForWebsite(privateContext.website),
 			listConversationsHeaders(extracted.db, {
 				organizationId: privateContext.organization.id,
 				websiteId: privateContext.website.id,
-				userId: null,
+				userId: actor?.userId ?? null,
 				limit: extracted.query.limit,
 				cursor: extracted.query.cursor ?? null,
 			}),