Squashed commit of the following:

commit bcdb026ae43e4f95d0b2c4f9bd440a2df9d6b514
Author: Ran <16112591+chen-ran@users.noreply.github.com>
Date:   Thu Feb 12 17:10:32 2026 +0800

    chore: update DEVELOPMENT.md

commit 30281742ef
Merge: ca5c6a1 5b05f13
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Thu Feb 12 15:49:17 2026 +0800

    merge(github/main): integrate fx dependency injection framework

    Merge upstream fx refactor and adapt all services to use go.uber.org/fx
    for dependency injection. Resolve conflicts in main.go, server.go,
    and service constructors while preserving our domain model changes.

    - Fix telegram adapter panic on shutdown (double close channel)
    - Fix feishu adapter processing messages after stop
    - Increase directory lookup timeout from 2s to 5s

commit ca5c6a1866
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Thu Feb 12 15:33:09 2026 +0800

    refactor(core): restructure conversation, channel and message domains

    - Rename chat module to conversation with flow-based architecture
    - Move channelidentities into channel/identities subpackage
    - Add channel/route for routing logic
    - Add message service with event hub
    - Add MCP providers: container, directory, schedule
    - Refactor Feishu/Telegram adapters with directory and stream support
    - Add platform management page and channel badges in web UI
    - Update database schema for conversations, messages and channel routes
    - Add @memoh/shared package for cross-package type definitions

commit 75e2ef0467
Merge: d99ba38 01cb6c8
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Thu Feb 12 14:45:49 2026 +0800

    merge(github): merge github/main, resolve index.ts URL conflict

    Keep our defensive absolute-URL check in createAuthFetcher.

commit d99ba38b7d
Merge: 860e20f 35ce7d1
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Thu Feb 12 05:20:18 2026 +0800

    merge(github): merge github/main, keep our code and docs/spec

commit 860e20fe70
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Wed Feb 11 22:13:27 2026 +0800

    docs(docs): add concepts and style guides for VitePress site

    - Add concepts: identity-and-binding, index (en/zh)
    - Add style: terminology (en/zh)
    - Update index and zh/index
    - Update .vitepress/config.ts

commit a75fdb8040
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Wed Feb 11 17:37:16 2026 +0800

    refactor(mcp): standardize unified tool gateway on go-sdk

    Split business executors from federation sources and migrate unified tool/federation transports to the official go-sdk for stricter MCP compliance and safer session lifecycle handling. Add targeted regression tests for accept compatibility, initialization retries, pending cleanup, and include updated swagger artifacts.

commit 02b33c8e85
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Wed Feb 11 15:42:21 2026 +0800

    refactor(core): finalize user-centric identity and policy cleanup

    Unify auth and chat identity semantics around user_id, enforce personal-bot owner-only authorization, and remove legacy compatibility branches in integration tests.

commit 06e8619a37
Author: BBQ <bbq@BBQdeMacBook-Air.local>
Date:   Wed Feb 11 14:47:03 2026 +0800

    refactor(core): migrate channel identity and binding across app

    Align channel identity and bind flow across backend and app-facing layers, including generated swagger artifacts and package lock updates while excluding docs content changes.

internal/handlers/auth.go

@@ -9,39 +9,38 @@ import (
 
 	"github.com/labstack/echo/v4"
 
+	"github.com/memohai/memoh/internal/accounts"
 	"github.com/memohai/memoh/internal/auth"
-	"github.com/memohai/memoh/internal/boot"
-	"github.com/memohai/memoh/internal/users"
 )
 
 type AuthHandler struct {
-	userService *users.Service
-	jwtSecret   string
-	expiresIn   time.Duration
-	logger      *slog.Logger
+	accountService *accounts.Service
+	jwtSecret      string
+	expiresIn      time.Duration
+	logger         *slog.Logger
 }
 
 type LoginRequest struct {
-	Username string `json:"username" validate:"required"`
-	Password string `json:"password" validate:"required"`
+	Username string `json:"username"`
+	Password string `json:"password"`
 }
 
 type LoginResponse struct {
-	AccessToken string `json:"access_token" validate:"required"`
-	TokenType   string `json:"token_type" validate:"required"`
-	ExpiresAt   string `json:"expires_at" validate:"required"`
-	UserID      string `json:"user_id" validate:"required"`
-	Role        string `json:"role" validate:"required"`
-	DisplayName string `json:"display_name" validate:"required"`
-	Username    string `json:"username" validate:"required"`
+	AccessToken string `json:"access_token"`
+	TokenType   string `json:"token_type"`
+	ExpiresAt   string `json:"expires_at"`
+	UserID      string `json:"user_id"`
+	Role        string `json:"role"`
+	DisplayName string `json:"display_name"`
+	Username    string `json:"username"`
 }
 
-func NewAuthHandler(log *slog.Logger, userService *users.Service, runtimeConfig *boot.RuntimeConfig) *AuthHandler {
+func NewAuthHandler(log *slog.Logger, accountService *accounts.Service, jwtSecret string, expiresIn time.Duration) *AuthHandler {
 	return &AuthHandler{
-		userService: userService,
-		jwtSecret:   runtimeConfig.JwtSecret,
-		expiresIn:   runtimeConfig.JwtExpiresIn,
-		logger:      log.With(slog.String("handler", "auth")),
+		accountService: accountService,
+		jwtSecret:      jwtSecret,
+		expiresIn:      expiresIn,
+		logger:         log.With(slog.String("handler", "auth")),
 	}
 }
 
@@ -60,7 +59,7 @@ func (h *AuthHandler) Register(e *echo.Echo) {
 // @Failure 500 {object} ErrorResponse
 // @Router /auth/login [post]
 func (h *AuthHandler) Login(c echo.Context) error {
-	if h.userService == nil {
+	if h.accountService == nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, "user service not configured")
 	}
 	if strings.TrimSpace(h.jwtSecret) == "" {
@@ -79,17 +78,17 @@ func (h *AuthHandler) Login(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusBadRequest, "username and password are required")
 	}
 
-	user, err := h.userService.Login(c.Request().Context(), req.Username, req.Password)
+	account, err := h.accountService.Login(c.Request().Context(), req.Username, req.Password)
 	if err != nil {
-		if errors.Is(err, users.ErrInvalidCredentials) {
+		if errors.Is(err, accounts.ErrInvalidCredentials) {
 			return echo.NewHTTPError(http.StatusUnauthorized, "invalid credentials")
 		}
-		if errors.Is(err, users.ErrInactiveUser) {
+		if errors.Is(err, accounts.ErrInactiveAccount) {
 			return echo.NewHTTPError(http.StatusUnauthorized, "user is inactive")
 		}
 		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
 	}
-	token, expiresAt, err := auth.GenerateToken(user.ID, h.jwtSecret, h.expiresIn)
+	token, expiresAt, err := auth.GenerateToken(account.ID, h.jwtSecret, h.expiresIn)
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, err.Error())
 	}
@@ -98,9 +97,9 @@ func (h *AuthHandler) Login(c echo.Context) error {
 		AccessToken: token,
 		TokenType:   "Bearer",
 		ExpiresAt:   expiresAt.Format(time.RFC3339),
-		UserID:      user.ID,
-		Username:    user.Username,
-		Role:        user.Role,
-		DisplayName: user.DisplayName,
+		UserID:      account.ID,
+		Username:    account.Username,
+		Role:        account.Role,
+		DisplayName: account.DisplayName,
 	})
 }