From 0e4159c2fd459d4199b1966b4fc869c223c76b77 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Mon, 9 Mar 2026 23:44:09 -0700
Subject: [PATCH] fix(my-agents): scope instance list to current user

GET /instances returned all tenant instances for admin accounts,
causing cross-user agent visibility. Changed to
GET /instances/user/:userId so each user only sees their own agents.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../my_agents/presentation/pages/my_agents_page.dart         | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/it0_app/lib/features/my_agents/presentation/pages/my_agents_page.dart b/it0_app/lib/features/my_agents/presentation/pages/my_agents_page.dart
index ca2cc09..9692802 100644
--- a/it0_app/lib/features/my_agents/presentation/pages/my_agents_page.dart
+++ b/it0_app/lib/features/my_agents/presentation/pages/my_agents_page.dart
@@ -13,6 +13,7 @@ import '../../../../core/theme/app_colors.dart';
 import '../../../../core/utils/date_formatter.dart';
 import '../../../../core/widgets/error_view.dart';
 import '../../../agent_instance_chat/presentation/pages/agent_instance_chat_page.dart';
+import '../../../auth/data/providers/auth_provider.dart';
 
 // ---------------------------------------------------------------------------
 // Model
@@ -66,8 +67,10 @@ class AgentInstance {
 
 final myInstancesProvider = FutureProvider<List<AgentInstance>>((ref) async {
   final dio = ref.watch(dioClientProvider);
+  final userId = ref.watch(authStateProvider).user?.id;
+  if (userId == null) return [];
   try {
-    final res = await dio.get(ApiEndpoints.agentInstances);
+    final res = await dio.get('${ApiEndpoints.agentInstances}/user/$userId');
     final data = res.data;
     if (data is List) {
       return data