fix: set RLS tenant context for chat conversation lookups

Chat API queries on web_conversations need tenant context set before
RLS policies allow the SELECT. Also fixes crypto.randomUUID fallback.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

packages/shared/shared/api/chat.py

@@ -247,10 +247,21 @@ async def list_messages(
 
     Ownership enforced: caller must own the conversation OR be platform_admin.
     """
-    # Fetch conversation first to verify ownership and get tenant_id
+    # Set tenant context for RLS — use caller's tenant_id first to allow the lookup
-    conv_stmt = select(WebConversation).where(WebConversation.id == conversation_id)
+    # For platform admins, temporarily set from the header (may be the selected tenant)
-    conv_result = await session.execute(conv_stmt)
+    initial_tenant_id = caller.tenant_id
-    conversation = conv_result.scalar_one_or_none()
+    if initial_tenant_id:
+        initial_token = _rls_set(engine, initial_tenant_id)
+    else:
+        initial_token = None
+
+    try:
+        conv_stmt = select(WebConversation).where(WebConversation.id == conversation_id)
+        conv_result = await session.execute(conv_stmt)
+        conversation = conv_result.scalar_one_or_none()
+    finally:
+        if initial_token is not None:
+            current_tenant_id.reset(initial_token)
 
     if conversation is None:
         raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Conversation not found")