diff --git a/packages/portal b/packages/portal
index 36097e5..f6d3f4e 160000
--- a/packages/portal
+++ b/packages/portal
@@ -1 +1 @@
-Subproject commit 36097e5b074e1a775596d0ec5d638dbec921e5d0
+Subproject commit f6d3f4efb23be0c597a3a8188badb121fac3ab2e
diff --git a/packages/shared/shared/api/chat.py b/packages/shared/shared/api/chat.py
index 52e029e..123e04d 100644
--- a/packages/shared/shared/api/chat.py
+++ b/packages/shared/shared/api/chat.py
@@ -247,10 +247,21 @@ async def list_messages(
 
     Ownership enforced: caller must own the conversation OR be platform_admin.
     """
-    # Fetch conversation first to verify ownership and get tenant_id
-    conv_stmt = select(WebConversation).where(WebConversation.id == conversation_id)
-    conv_result = await session.execute(conv_stmt)
-    conversation = conv_result.scalar_one_or_none()
+    # Set tenant context for RLS — use caller's tenant_id first to allow the lookup
+    # For platform admins, temporarily set from the header (may be the selected tenant)
+    initial_tenant_id = caller.tenant_id
+    if initial_tenant_id:
+        initial_token = _rls_set(engine, initial_tenant_id)
+    else:
+        initial_token = None
+
+    try:
+        conv_stmt = select(WebConversation).where(WebConversation.id == conversation_id)
+        conv_result = await session.execute(conv_stmt)
+        conversation = conv_result.scalar_one_or_none()
+    finally:
+        if initial_token is not None:
+            current_tenant_id.reset(initial_token)
 
     if conversation is None:
         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Conversation not found")