npm - @agent-native/core - Versions diffs - 0.15.12 → 0.16.0 - Mend

@agent-native/core 0.15.12 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (411) hide show

package/README.md +37 -0
package/dist/agent/app-model-defaults.d.ts +37 -0
package/dist/agent/app-model-defaults.d.ts.map +1 -0
package/dist/agent/app-model-defaults.js +136 -0
package/dist/agent/app-model-defaults.js.map +1 -0
package/dist/agent/engine/registry.d.ts +12 -7
package/dist/agent/engine/registry.d.ts.map +1 -1
package/dist/agent/engine/registry.js +28 -8
package/dist/agent/engine/registry.js.map +1 -1
package/dist/agent/production-agent.d.ts +2 -0
package/dist/agent/production-agent.d.ts.map +1 -1
package/dist/agent/production-agent.js +3 -1
package/dist/agent/production-agent.js.map +1 -1
package/dist/browser-sessions/actions.d.ts +7 -0
package/dist/browser-sessions/actions.d.ts.map +1 -0
package/dist/browser-sessions/actions.js +223 -0
package/dist/browser-sessions/actions.js.map +1 -0
package/dist/browser-sessions/routes.d.ts +7 -0
package/dist/browser-sessions/routes.d.ts.map +1 -0
package/dist/browser-sessions/routes.js +159 -0
package/dist/browser-sessions/routes.js.map +1 -0
package/dist/browser-sessions/store.d.ts +33 -0
package/dist/browser-sessions/store.d.ts.map +1 -0
package/dist/browser-sessions/store.js +506 -0
package/dist/browser-sessions/store.js.map +1 -0
package/dist/browser-sessions/types.d.ts +68 -0
package/dist/browser-sessions/types.d.ts.map +1 -0
package/dist/browser-sessions/types.js +2 -0
package/dist/browser-sessions/types.js.map +1 -0
package/dist/cli/code-agent-commands.d.ts +36 -0
package/dist/cli/code-agent-commands.d.ts.map +1 -0
package/dist/cli/code-agent-commands.js +192 -0
package/dist/cli/code-agent-commands.js.map +1 -0
package/dist/cli/code-agent-connector.d.ts +17 -0
package/dist/cli/code-agent-connector.d.ts.map +1 -0
package/dist/cli/code-agent-connector.js +724 -0
package/dist/cli/code-agent-connector.js.map +1 -0
package/dist/cli/code-agent-executor.d.ts +31 -0
package/dist/cli/code-agent-executor.d.ts.map +1 -0
package/dist/cli/code-agent-executor.js +921 -0
package/dist/cli/code-agent-executor.js.map +1 -0
package/dist/cli/code-agent-runs.d.ts +102 -0
package/dist/cli/code-agent-runs.d.ts.map +1 -0
package/dist/cli/code-agent-runs.js +277 -0
package/dist/cli/code-agent-runs.js.map +1 -0
package/dist/cli/code.d.ts +66 -0
package/dist/cli/code.d.ts.map +1 -0
package/dist/cli/code.js +1306 -0
package/dist/cli/code.js.map +1 -0
package/dist/cli/create.d.ts +2 -1
package/dist/cli/create.d.ts.map +1 -1
package/dist/cli/create.js +11 -1
package/dist/cli/create.js.map +1 -1
package/dist/cli/index.js +26 -1
package/dist/cli/index.js.map +1 -1
package/dist/cli/migrate.d.ts +27 -0
package/dist/cli/migrate.d.ts.map +1 -1
package/dist/cli/migrate.js +1328 -20
package/dist/cli/migrate.js.map +1 -1
package/dist/cli/templates-meta.d.ts.map +1 -1
package/dist/cli/templates-meta.js +27 -3
package/dist/cli/templates-meta.js.map +1 -1
package/dist/cli/workspacify.d.ts +2 -0
package/dist/cli/workspacify.d.ts.map +1 -1
package/dist/cli/workspacify.js +2 -1
package/dist/cli/workspacify.js.map +1 -1
package/dist/client/AgentNative.d.ts +32 -0
package/dist/client/AgentNative.d.ts.map +1 -0
package/dist/client/AgentNative.js +79 -0
package/dist/client/AgentNative.js.map +1 -0
package/dist/client/AgentNativeEmbedded.d.ts +47 -0
package/dist/client/AgentNativeEmbedded.d.ts.map +1 -0
package/dist/client/AgentNativeEmbedded.js +148 -0
package/dist/client/AgentNativeEmbedded.js.map +1 -0
package/dist/client/AgentNativeFrame.d.ts +25 -0
package/dist/client/AgentNativeFrame.d.ts.map +1 -0
package/dist/client/AgentNativeFrame.js +68 -0
package/dist/client/AgentNativeFrame.js.map +1 -0
package/dist/client/AgentPanel.d.ts +19 -2
package/dist/client/AgentPanel.d.ts.map +1 -1
package/dist/client/AgentPanel.js +15 -4
package/dist/client/AgentPanel.js.map +1 -1
package/dist/client/AssistantChat.d.ts +1 -1
package/dist/client/AssistantChat.d.ts.map +1 -1
package/dist/client/AssistantChat.js +79 -48
package/dist/client/AssistantChat.js.map +1 -1
package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
package/dist/client/MultiTabAssistantChat.js +2 -1
package/dist/client/MultiTabAssistantChat.js.map +1 -1
package/dist/client/NewWorkspaceAppFlow.d.ts.map +1 -1
package/dist/client/NewWorkspaceAppFlow.js +3 -2
package/dist/client/NewWorkspaceAppFlow.js.map +1 -1
package/dist/client/browser-session-bridge.d.ts +44 -0
package/dist/client/browser-session-bridge.d.ts.map +1 -0
package/dist/client/browser-session-bridge.js +339 -0
package/dist/client/browser-session-bridge.js.map +1 -0
package/dist/client/client-action.d.ts +7 -0
package/dist/client/client-action.d.ts.map +1 -0
package/dist/client/client-action.js +4 -0
package/dist/client/client-action.js.map +1 -0
package/dist/client/components/ui/tooltip.d.ts.map +1 -1
package/dist/client/components/ui/tooltip.js +1 -1
package/dist/client/components/ui/tooltip.js.map +1 -1
package/dist/client/composer/AgentComposerFrame.d.ts +17 -0
package/dist/client/composer/AgentComposerFrame.d.ts.map +1 -0
package/dist/client/composer/AgentComposerFrame.js +14 -0
package/dist/client/composer/AgentComposerFrame.js.map +1 -0
package/dist/client/composer/MentionPopover.d.ts.map +1 -1
package/dist/client/composer/MentionPopover.js +2 -2
package/dist/client/composer/MentionPopover.js.map +1 -1
package/dist/client/composer/PromptComposer.d.ts +35 -2
package/dist/client/composer/PromptComposer.d.ts.map +1 -1
package/dist/client/composer/PromptComposer.js +31 -17
package/dist/client/composer/PromptComposer.js.map +1 -1
package/dist/client/composer/TiptapComposer.d.ts +20 -2
package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
package/dist/client/composer/TiptapComposer.js +112 -22
package/dist/client/composer/TiptapComposer.js.map +1 -1
package/dist/client/composer/index.d.ts +3 -2
package/dist/client/composer/index.d.ts.map +1 -1
package/dist/client/composer/index.js +1 -0
package/dist/client/composer/index.js.map +1 -1
package/dist/client/composer/types.d.ts +1 -0
package/dist/client/composer/types.d.ts.map +1 -1
package/dist/client/composer/types.js.map +1 -1
package/dist/client/extensions/AgentNativeExtensionFrame.d.ts +58 -0
package/dist/client/extensions/AgentNativeExtensionFrame.d.ts.map +1 -0
package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts +2 -0
package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts.map +1 -0
package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js +110 -0
package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js.map +1 -0
package/dist/client/extensions/AgentNativeExtensionFrame.js +354 -0
package/dist/client/extensions/AgentNativeExtensionFrame.js.map +1 -0
package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts +2 -0
package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts.map +1 -0
package/dist/client/extensions/AgentNativeExtensionFrame.spec.js +68 -0
package/dist/client/extensions/AgentNativeExtensionFrame.spec.js.map +1 -0
package/dist/client/extensions/agent-native-extension-runtime.d.ts +69 -0
package/dist/client/extensions/agent-native-extension-runtime.d.ts.map +1 -0
package/dist/client/extensions/agent-native-extension-runtime.js +348 -0
package/dist/client/extensions/agent-native-extension-runtime.js.map +1 -0
package/dist/client/extensions/index.d.ts +2 -0
package/dist/client/extensions/index.d.ts.map +1 -1
package/dist/client/extensions/index.js +2 -0
package/dist/client/extensions/index.js.map +1 -1
package/dist/client/extensions/portable-extension.d.ts +86 -0
package/dist/client/extensions/portable-extension.d.ts.map +1 -0
package/dist/client/extensions/portable-extension.js +480 -0
package/dist/client/extensions/portable-extension.js.map +1 -0
package/dist/client/host-bridge.d.ts +266 -0
package/dist/client/host-bridge.d.ts.map +1 -0
package/dist/client/host-bridge.js +745 -0
package/dist/client/host-bridge.js.map +1 -0
package/dist/client/host-tools.d.ts +40 -0
package/dist/client/host-tools.d.ts.map +1 -0
package/dist/client/host-tools.js +94 -0
package/dist/client/host-tools.js.map +1 -0
package/dist/client/index.d.ts +13 -2
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +11 -2
package/dist/client/index.js.map +1 -1
package/dist/client/resources/BuiltinCapabilityDetail.d.ts +10 -0
package/dist/client/resources/BuiltinCapabilityDetail.d.ts.map +1 -0
package/dist/client/resources/BuiltinCapabilityDetail.js +51 -0
package/dist/client/resources/BuiltinCapabilityDetail.js.map +1 -0
package/dist/client/resources/ResourceEditor.d.ts +3 -1
package/dist/client/resources/ResourceEditor.d.ts.map +1 -1
package/dist/client/resources/ResourceEditor.js +40 -17
package/dist/client/resources/ResourceEditor.js.map +1 -1
package/dist/client/resources/ResourceTree.d.ts.map +1 -1
package/dist/client/resources/ResourceTree.js +23 -2
package/dist/client/resources/ResourceTree.js.map +1 -1
package/dist/client/resources/ResourcesPanel.d.ts.map +1 -1
package/dist/client/resources/ResourcesPanel.js +77 -17
package/dist/client/resources/ResourcesPanel.js.map +1 -1
package/dist/client/resources/index.d.ts +1 -0
package/dist/client/resources/index.d.ts.map +1 -1
package/dist/client/resources/index.js +1 -0
package/dist/client/resources/index.js.map +1 -1
package/dist/client/resources/use-builtin-capabilities.d.ts +62 -0
package/dist/client/resources/use-builtin-capabilities.d.ts.map +1 -0
package/dist/client/resources/use-builtin-capabilities.js +54 -0
package/dist/client/resources/use-builtin-capabilities.js.map +1 -0
package/dist/client/resources/use-resources.d.ts +30 -2
package/dist/client/resources/use-resources.d.ts.map +1 -1
package/dist/client/resources/use-resources.js +42 -1
package/dist/client/resources/use-resources.js.map +1 -1
package/dist/client/settings/SettingsPanel.d.ts.map +1 -1
package/dist/client/settings/SettingsPanel.js +151 -2
package/dist/client/settings/SettingsPanel.js.map +1 -1
package/dist/client/use-chat-models.d.ts.map +1 -1
package/dist/client/use-chat-models.js +20 -0
package/dist/client/use-chat-models.js.map +1 -1
package/dist/client/use-chat-threads.d.ts.map +1 -1
package/dist/client/use-chat-threads.js +46 -2
package/dist/client/use-chat-threads.js.map +1 -1
package/dist/client/use-chat-threads.spec.js +77 -0
package/dist/client/use-chat-threads.spec.js.map +1 -1
package/dist/code-agents/index.d.ts +4 -0
package/dist/code-agents/index.d.ts.map +1 -0
package/dist/code-agents/index.js +4 -0
package/dist/code-agents/index.js.map +1 -0
package/dist/connections/catalog.d.ts +134 -0
package/dist/connections/catalog.d.ts.map +1 -0
package/dist/connections/catalog.js +180 -0
package/dist/connections/catalog.js.map +1 -0
package/dist/connections/index.d.ts +2 -0
package/dist/connections/index.d.ts.map +1 -0
package/dist/connections/index.js +2 -0
package/dist/connections/index.js.map +1 -0
package/dist/extensions/change-marker.d.ts +10 -0
package/dist/extensions/change-marker.d.ts.map +1 -0
package/dist/extensions/change-marker.js +42 -0
package/dist/extensions/change-marker.js.map +1 -0
package/dist/extensions/routes.d.ts.map +1 -1
package/dist/extensions/routes.js +1 -7
package/dist/extensions/routes.js.map +1 -1
package/dist/extensions/schema.d.ts +1 -0
package/dist/extensions/schema.d.ts.map +1 -1
package/dist/extensions/schema.js +1 -0
package/dist/extensions/schema.js.map +1 -1
package/dist/extensions/slots/routes.js +1 -1
package/dist/extensions/slots/routes.js.map +1 -1
package/dist/extensions/store.d.ts +3 -0
package/dist/extensions/store.d.ts.map +1 -1
package/dist/extensions/store.js +112 -4
package/dist/extensions/store.js.map +1 -1
package/dist/index.d.ts +4 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +6 -1
package/dist/index.js.map +1 -1
package/dist/integrations/adapters/telegram.d.ts.map +1 -1
package/dist/integrations/adapters/telegram.js +1 -0
package/dist/integrations/adapters/telegram.js.map +1 -1
package/dist/integrations/index.d.ts +5 -1
package/dist/integrations/index.d.ts.map +1 -1
package/dist/integrations/index.js +4 -1
package/dist/integrations/index.js.map +1 -1
package/dist/integrations/plugin.d.ts +8 -0
package/dist/integrations/plugin.d.ts.map +1 -1
package/dist/integrations/plugin.js +760 -32
package/dist/integrations/plugin.js.map +1 -1
package/dist/integrations/remote-commands-store.d.ts +36 -0
package/dist/integrations/remote-commands-store.d.ts.map +1 -0
package/dist/integrations/remote-commands-store.js +273 -0
package/dist/integrations/remote-commands-store.js.map +1 -0
package/dist/integrations/remote-devices-store.d.ts +43 -0
package/dist/integrations/remote-devices-store.d.ts.map +1 -0
package/dist/integrations/remote-devices-store.js +315 -0
package/dist/integrations/remote-devices-store.js.map +1 -0
package/dist/integrations/remote-push-store.d.ts +37 -0
package/dist/integrations/remote-push-store.d.ts.map +1 -0
package/dist/integrations/remote-push-store.js +299 -0
package/dist/integrations/remote-push-store.js.map +1 -0
package/dist/integrations/remote-retry-job.d.ts +7 -0
package/dist/integrations/remote-retry-job.d.ts.map +1 -0
package/dist/integrations/remote-retry-job.js +45 -0
package/dist/integrations/remote-retry-job.js.map +1 -0
package/dist/integrations/remote-run-events-store.d.ts +18 -0
package/dist/integrations/remote-run-events-store.d.ts.map +1 -0
package/dist/integrations/remote-run-events-store.js +82 -0
package/dist/integrations/remote-run-events-store.js.map +1 -0
package/dist/integrations/remote-types.d.ts +101 -0
package/dist/integrations/remote-types.d.ts.map +1 -0
package/dist/integrations/remote-types.js +2 -0
package/dist/integrations/remote-types.js.map +1 -0
package/dist/integrations/webhook-handler.d.ts +2 -0
package/dist/integrations/webhook-handler.d.ts.map +1 -1
package/dist/integrations/webhook-handler.js +4 -1
package/dist/integrations/webhook-handler.js.map +1 -1
package/dist/jobs/scheduler.d.ts +4 -2
package/dist/jobs/scheduler.d.ts.map +1 -1
package/dist/jobs/scheduler.js +9 -3
package/dist/jobs/scheduler.js.map +1 -1
package/dist/mcp-client/builtin-capabilities.d.ts +20 -0
package/dist/mcp-client/builtin-capabilities.d.ts.map +1 -0
package/dist/mcp-client/builtin-capabilities.js +75 -0
package/dist/mcp-client/builtin-capabilities.js.map +1 -0
package/dist/mcp-client/builtin-store.d.ts +10 -0
package/dist/mcp-client/builtin-store.d.ts.map +1 -0
package/dist/mcp-client/builtin-store.js +55 -0
package/dist/mcp-client/builtin-store.js.map +1 -0
package/dist/mcp-client/index.d.ts +3 -1
package/dist/mcp-client/index.d.ts.map +1 -1
package/dist/mcp-client/index.js +3 -1
package/dist/mcp-client/index.js.map +1 -1
package/dist/mcp-client/routes.d.ts +28 -0
package/dist/mcp-client/routes.d.ts.map +1 -1
package/dist/mcp-client/routes.js +195 -1
package/dist/mcp-client/routes.js.map +1 -1
package/dist/org/context.d.ts.map +1 -1
package/dist/org/context.js +34 -0
package/dist/org/context.js.map +1 -1
package/dist/resources/handlers.d.ts +4 -0
package/dist/resources/handlers.d.ts.map +1 -1
package/dist/resources/handlers.js +46 -7
package/dist/resources/handlers.js.map +1 -1
package/dist/resources/script-helpers.d.ts +8 -1
package/dist/resources/script-helpers.d.ts.map +1 -1
package/dist/resources/script-helpers.js +18 -8
package/dist/resources/script-helpers.js.map +1 -1
package/dist/resources/store.d.ts +19 -0
package/dist/resources/store.d.ts.map +1 -1
package/dist/resources/store.js +86 -3
package/dist/resources/store.js.map +1 -1
package/dist/scripts/agent-engines/list-agent-engines.d.ts +1 -1
package/dist/scripts/agent-engines/list-agent-engines.d.ts.map +1 -1
package/dist/scripts/agent-engines/list-agent-engines.js +18 -7
package/dist/scripts/agent-engines/list-agent-engines.js.map +1 -1
package/dist/scripts/agent-engines/manage-agent-engine.d.ts.map +1 -1
package/dist/scripts/agent-engines/manage-agent-engine.js +100 -7
package/dist/scripts/agent-engines/manage-agent-engine.js.map +1 -1
package/dist/scripts/resources/delete.d.ts.map +1 -1
package/dist/scripts/resources/delete.js +4 -1
package/dist/scripts/resources/delete.js.map +1 -1
package/dist/scripts/resources/effective.d.ts +11 -0
package/dist/scripts/resources/effective.d.ts.map +1 -0
package/dist/scripts/resources/effective.js +54 -0
package/dist/scripts/resources/effective.js.map +1 -0
package/dist/scripts/resources/index.d.ts.map +1 -1
package/dist/scripts/resources/index.js +1 -0
package/dist/scripts/resources/index.js.map +1 -1
package/dist/scripts/resources/list.d.ts +1 -1
package/dist/scripts/resources/list.d.ts.map +1 -1
package/dist/scripts/resources/list.js +17 -5
package/dist/scripts/resources/list.js.map +1 -1
package/dist/scripts/resources/read.d.ts +1 -1
package/dist/scripts/resources/read.d.ts.map +1 -1
package/dist/scripts/resources/read.js +20 -5
package/dist/scripts/resources/read.js.map +1 -1
package/dist/scripts/resources/write.d.ts.map +1 -1
package/dist/scripts/resources/write.js +4 -1
package/dist/scripts/resources/write.js.map +1 -1
package/dist/scripts/runner.d.ts +11 -1
package/dist/scripts/runner.d.ts.map +1 -1
package/dist/scripts/runner.js +75 -27
package/dist/scripts/runner.js.map +1 -1
package/dist/server/action-discovery.d.ts.map +1 -1
package/dist/server/action-discovery.js +5 -0
package/dist/server/action-discovery.js.map +1 -1
package/dist/server/agent-chat-plugin.d.ts +24 -0
package/dist/server/agent-chat-plugin.d.ts.map +1 -1
package/dist/server/agent-chat-plugin.js +608 -54
package/dist/server/agent-chat-plugin.js.map +1 -1
package/dist/server/core-routes-plugin.d.ts.map +1 -1
package/dist/server/core-routes-plugin.js +2 -0
package/dist/server/core-routes-plugin.js.map +1 -1
package/dist/server/embedded.d.ts +72 -0
package/dist/server/embedded.d.ts.map +1 -0
package/dist/server/embedded.js +119 -0
package/dist/server/embedded.js.map +1 -0
package/dist/server/index.d.ts +8 -1
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +7 -1
package/dist/server/index.js.map +1 -1
package/dist/server/poll.d.ts.map +1 -1
package/dist/server/poll.js +184 -13
package/dist/server/poll.js.map +1 -1
package/dist/server/resources-plugin.d.ts.map +1 -1
package/dist/server/resources-plugin.js +11 -2
package/dist/server/resources-plugin.js.map +1 -1
package/dist/sharing/actions/extension-change.d.ts +4 -0
package/dist/sharing/actions/extension-change.d.ts.map +1 -0
package/dist/sharing/actions/extension-change.js +13 -0
package/dist/sharing/actions/extension-change.js.map +1 -0
package/dist/sharing/actions/set-resource-visibility.d.ts.map +1 -1
package/dist/sharing/actions/set-resource-visibility.js +3 -0
package/dist/sharing/actions/set-resource-visibility.js.map +1 -1
package/dist/sharing/actions/share-resource.d.ts.map +1 -1
package/dist/sharing/actions/share-resource.js +4 -0
package/dist/sharing/actions/share-resource.js.map +1 -1
package/dist/sharing/actions/unshare-resource.d.ts.map +1 -1
package/dist/sharing/actions/unshare-resource.js +3 -0
package/dist/sharing/actions/unshare-resource.js.map +1 -1
package/dist/templates/default/AGENTS.md +3 -3
package/dist/templates/workspace-core/AGENTS.md +7 -0
package/dist/templates/workspace-root/AGENTS.md +7 -0
package/dist/templates/workspace-root/README.md +25 -0
package/dist/triggers/dispatcher.d.ts +3 -1
package/dist/triggers/dispatcher.d.ts.map +1 -1
package/dist/triggers/dispatcher.js +9 -3
package/dist/triggers/dispatcher.js.map +1 -1
package/dist/workspace-connections/index.d.ts +2 -0
package/dist/workspace-connections/index.d.ts.map +1 -0
package/dist/workspace-connections/index.js +2 -0
package/dist/workspace-connections/index.js.map +1 -0
package/dist/workspace-connections/store.d.ts +229 -0
package/dist/workspace-connections/store.d.ts.map +1 -0
package/dist/workspace-connections/store.js +938 -0
package/dist/workspace-connections/store.js.map +1 -0
package/docs/content/agent-teams.md +6 -0
package/docs/content/cloneable-saas.md +1 -0
package/docs/content/code-agents-ui.md +261 -0
package/docs/content/dispatch.md +40 -3
package/docs/content/embedding-sdk.md +459 -0
package/docs/content/faq.md +1 -0
package/docs/content/getting-started.md +1 -0
package/docs/content/mcp-clients.md +41 -3
package/docs/content/migration-workbench.md +237 -54
package/docs/content/multi-app-workspace.md +41 -0
package/docs/content/multi-tenancy.md +1 -1
package/docs/content/template-brain.md +418 -0
package/docs/content/template-dispatch.md +30 -0
package/docs/content/workspace-connections.md +509 -0
package/docs/content/workspace-management.md +12 -12
package/docs/content/workspace.md +180 -40
package/package.json +7 -2
package/src/templates/default/AGENTS.md +3 -3
package/src/templates/workspace-core/AGENTS.md +7 -0
package/src/templates/workspace-root/AGENTS.md +7 -0
package/src/templates/workspace-root/README.md +25 -0

package/dist/workspace-connections/store.js ADDED Viewed

@@ -0,0 +1,938 @@
+import { randomUUID } from "node:crypto";
+import { getDbExec, intType, isPostgres, isUniqueViolation, retryOnDdlRace, safeJsonParse, } from "../db/client.js";
+import { getRequestOrgId, getRequestUserEmail, } from "../server/request-context.js";
+import { listWorkspaceConnectionProviders, } from "../connections/catalog.js";
+let _initPromise;
+function workspaceConnectionsTable() {
+    return isPostgres()
+        ? "public.workspace_connections"
+        : "workspace_connections";
+}
+function workspaceConnectionGrantsTable() {
+    return isPostgres()
+        ? "public.workspace_connection_grants"
+        : "workspace_connection_grants";
+}
+function isDuplicateColumnError(err) {
+    const code = String(err?.code ?? "");
+    const message = String(err?.message ?? err)
+        .toLowerCase()
+        .trim();
+    return (code === "42701" ||
+        message.includes("duplicate column") ||
+        message.includes("already exists"));
+}
+async function ensureColumn(client, table, name, definition) {
+    try {
+        await retryOnDdlRace(() => client.execute(isPostgres()
+            ? `ALTER TABLE ${table} ADD COLUMN IF NOT EXISTS ${name} ${definition}`
+            : `ALTER TABLE ${table} ADD COLUMN ${name} ${definition}`));
+    }
+    catch (err) {
+        if (!isDuplicateColumnError(err))
+            throw err;
+    }
+}
+async function ensureWorkspaceConnectionColumns(client, table) {
+    await ensureColumn(client, table, "provider", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "label", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "account_id", "TEXT");
+    await ensureColumn(client, table, "account_label", "TEXT");
+    await ensureColumn(client, table, "status", "TEXT NOT NULL DEFAULT 'connected'");
+    await ensureColumn(client, table, "scopes_json", "TEXT NOT NULL DEFAULT '[]'");
+    await ensureColumn(client, table, "config_json", "TEXT NOT NULL DEFAULT '{}'");
+    await ensureColumn(client, table, "allowed_apps_json", "TEXT NOT NULL DEFAULT '[]'");
+    await ensureColumn(client, table, "credential_refs_json", "TEXT NOT NULL DEFAULT '[]'");
+    await ensureColumn(client, table, "owner_email", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "org_id", "TEXT");
+    await ensureColumn(client, table, "created_at", `${intType()} NOT NULL DEFAULT 0`);
+    await ensureColumn(client, table, "updated_at", `${intType()} NOT NULL DEFAULT 0`);
+    await ensureColumn(client, table, "last_checked_at", intType());
+    await ensureColumn(client, table, "last_error", "TEXT");
+}
+async function ensureWorkspaceConnectionGrantColumns(client, table) {
+    await ensureColumn(client, table, "connection_id", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "provider", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "app_id", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "scopes_json", "TEXT NOT NULL DEFAULT '[]'");
+    await ensureColumn(client, table, "config_json", "TEXT NOT NULL DEFAULT '{}'");
+    await ensureColumn(client, table, "credential_refs_json", "TEXT NOT NULL DEFAULT '[]'");
+    await ensureColumn(client, table, "granted_by_email", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "owner_email", "TEXT NOT NULL DEFAULT ''");
+    await ensureColumn(client, table, "org_id", "TEXT");
+    await ensureColumn(client, table, "created_at", `${intType()} NOT NULL DEFAULT 0`);
+    await ensureColumn(client, table, "updated_at", `${intType()} NOT NULL DEFAULT 0`);
+}
+export async function ensureWorkspaceConnectionsTable() {
+    if (!_initPromise) {
+        _initPromise = (async () => {
+            const client = getDbExec();
+            const table = workspaceConnectionsTable();
+            const grantsTable = workspaceConnectionGrantsTable();
+            await retryOnDdlRace(() => client.execute(`
+          CREATE TABLE IF NOT EXISTS ${table} (
+            id TEXT PRIMARY KEY,
+            provider TEXT NOT NULL DEFAULT '',
+            label TEXT NOT NULL DEFAULT '',
+            account_id TEXT,
+            account_label TEXT,
+            status TEXT NOT NULL DEFAULT 'connected',
+            scopes_json TEXT NOT NULL DEFAULT '[]',
+            config_json TEXT NOT NULL DEFAULT '{}',
+            allowed_apps_json TEXT NOT NULL DEFAULT '[]',
+            credential_refs_json TEXT NOT NULL DEFAULT '[]',
+            owner_email TEXT NOT NULL DEFAULT '',
+            org_id TEXT,
+            created_at ${intType()} NOT NULL DEFAULT 0,
+            updated_at ${intType()} NOT NULL DEFAULT 0,
+            last_checked_at ${intType()},
+            last_error TEXT
+          )
+        `));
+            await ensureWorkspaceConnectionColumns(client, table);
+            await retryOnDdlRace(() => client.execute(`CREATE INDEX IF NOT EXISTS idx_workspace_connections_scope_provider ON ${table} (org_id, owner_email, provider)`));
+            await retryOnDdlRace(() => client.execute(`CREATE INDEX IF NOT EXISTS idx_workspace_connections_updated_at ON ${table} (updated_at)`));
+            await retryOnDdlRace(() => client.execute(`
+          CREATE TABLE IF NOT EXISTS ${grantsTable} (
+            id TEXT PRIMARY KEY,
+            connection_id TEXT NOT NULL DEFAULT '',
+            provider TEXT NOT NULL DEFAULT '',
+            app_id TEXT NOT NULL DEFAULT '',
+            scopes_json TEXT NOT NULL DEFAULT '[]',
+            config_json TEXT NOT NULL DEFAULT '{}',
+            credential_refs_json TEXT NOT NULL DEFAULT '[]',
+            granted_by_email TEXT NOT NULL DEFAULT '',
+            owner_email TEXT NOT NULL DEFAULT '',
+            org_id TEXT,
+            created_at ${intType()} NOT NULL DEFAULT 0,
+            updated_at ${intType()} NOT NULL DEFAULT 0
+          )
+        `));
+            await ensureWorkspaceConnectionGrantColumns(client, grantsTable);
+            await retryOnDdlRace(() => client.execute(`CREATE UNIQUE INDEX IF NOT EXISTS idx_workspace_connection_grants_connection_app ON ${grantsTable} (connection_id, app_id)`));
+            await retryOnDdlRace(() => client.execute(`CREATE INDEX IF NOT EXISTS idx_workspace_connection_grants_scope_app ON ${grantsTable} (org_id, owner_email, app_id)`));
+            await retryOnDdlRace(() => client.execute(`CREATE INDEX IF NOT EXISTS idx_workspace_connection_grants_updated_at ON ${grantsTable} (updated_at)`));
+        })().catch((err) => {
+            _initPromise = undefined;
+            throw err;
+        });
+    }
+    return _initPromise;
+}
+function requireWorkspaceConnectionScope() {
+    const ownerEmail = getRequestUserEmail()?.trim().toLowerCase();
+    if (!ownerEmail) {
+        throw new Error("Workspace connections require an authenticated user.");
+    }
+    return {
+        ownerEmail,
+        orgId: getRequestOrgId()?.trim() || null,
+    };
+}
+function scopedWhere(scope) {
+    if (scope.orgId) {
+        return { sql: "org_id = ?", args: [scope.orgId] };
+    }
+    return {
+        sql: "owner_email = ? AND org_id IS NULL",
+        args: [scope.ownerEmail],
+    };
+}
+function normalizeStringArray(value) {
+    if (!Array.isArray(value))
+        return [];
+    return value
+        .filter((entry) => typeof entry === "string")
+        .map((entry) => entry.trim())
+        .filter(Boolean);
+}
+function normalizeRequiredString(value, label) {
+    const normalized = typeof value === "string" ? value.trim() : "";
+    if (!normalized) {
+        throw new Error(`${label} is required.`);
+    }
+    return normalized;
+}
+function normalizeObject(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value))
+        return {};
+    return value;
+}
+function normalizeCredentialRefs(value) {
+    if (!Array.isArray(value))
+        return [];
+    return value
+        .filter((entry) => !!entry &&
+        typeof entry === "object" &&
+        !Array.isArray(entry) &&
+        typeof entry.key === "string")
+        .map((entry) => sanitizeCredentialRef(entry))
+        .filter((entry) => entry.key.trim().length > 0);
+}
+function normalizeStatus(value) {
+    if (value === "checking" ||
+        value === "needs_reauth" ||
+        value === "error" ||
+        value === "disabled") {
+        return value;
+    }
+    return "connected";
+}
+function millis(value) {
+    if (value == null)
+        return null;
+    if (value instanceof Date)
+        return value.getTime();
+    if (typeof value === "number" && Number.isFinite(value))
+        return value;
+    const parsed = Date.parse(String(value));
+    return Number.isFinite(parsed) ? parsed : null;
+}
+function iso(value) {
+    if (value == null)
+        return null;
+    const num = Number(value);
+    if (!Number.isFinite(num) || num <= 0)
+        return null;
+    return new Date(num).toISOString();
+}
+const SECRET_KEYS = new Set([
+    "apikey",
+    "authorization",
+    "clientsecret",
+    "cookie",
+    "password",
+    "privatekey",
+    "refreshtoken",
+    "secret",
+    "token",
+    "accesstoken",
+]);
+function normalizedKey(key) {
+    return key.toLowerCase().replace(/[^a-z0-9]/g, "");
+}
+function sanitizeJson(value, allowCredentialRefKey = false) {
+    if (Array.isArray(value)) {
+        return value.map((entry) => sanitizeJson(entry, allowCredentialRefKey));
+    }
+    if (!value || typeof value !== "object")
+        return value;
+    const result = {};
+    for (const [key, entry] of Object.entries(value)) {
+        const normalized = normalizedKey(key);
+        if (SECRET_KEYS.has(normalized) &&
+            !(allowCredentialRefKey && normalized === "key")) {
+            result[key] = "[redacted]";
+            continue;
+        }
+        result[key] = sanitizeJson(entry, allowCredentialRefKey);
+    }
+    return result;
+}
+function sanitizeConfig(config) {
+    return sanitizeJson(normalizeObject(config), false);
+}
+function sanitizeCredentialRef(ref) {
+    const sanitized = sanitizeJson(ref, true);
+    if (Object.prototype.hasOwnProperty.call(sanitized, "value")) {
+        sanitized.value = "[redacted]";
+    }
+    return sanitized;
+}
+function parseRow(row) {
+    return serializeWorkspaceConnection({
+        id: String(row.id),
+        provider: String(row.provider ?? ""),
+        label: String(row.label ?? ""),
+        accountId: row.account_id == null ? null : String(row.account_id),
+        accountLabel: row.account_label == null ? null : String(row.account_label),
+        status: normalizeStatus(row.status),
+        scopes: normalizeStringArray(safeJsonParse(row.scopes_json, [])),
+        config: normalizeObject(safeJsonParse(row.config_json, {})),
+        allowedApps: normalizeStringArray(safeJsonParse(row.allowed_apps_json, [])),
+        credentialRefs: normalizeCredentialRefs(safeJsonParse(row.credential_refs_json, [])),
+        ownerEmail: String(row.owner_email ?? ""),
+        orgId: row.org_id == null ? null : String(row.org_id),
+        createdAt: iso(row.created_at) ?? new Date(0).toISOString(),
+        updatedAt: iso(row.updated_at) ?? new Date(0).toISOString(),
+        lastCheckedAt: iso(row.last_checked_at),
+        lastError: row.last_error == null ? null : String(row.last_error),
+    });
+}
+function parseGrantRow(row) {
+    return serializeWorkspaceConnectionGrant({
+        id: String(row.id),
+        connectionId: String(row.connection_id ?? ""),
+        provider: String(row.provider ?? ""),
+        appId: String(row.app_id ?? ""),
+        scopes: normalizeStringArray(safeJsonParse(row.scopes_json, [])),
+        config: normalizeObject(safeJsonParse(row.config_json, {})),
+        credentialRefs: normalizeCredentialRefs(safeJsonParse(row.credential_refs_json, [])),
+        grantedByEmail: String(row.granted_by_email ?? ""),
+        ownerEmail: String(row.owner_email ?? ""),
+        orgId: row.org_id == null ? null : String(row.org_id),
+        createdAt: iso(row.created_at) ?? new Date(0).toISOString(),
+        updatedAt: iso(row.updated_at) ?? new Date(0).toISOString(),
+    });
+}
+export function serializeWorkspaceConnection(connection) {
+    return {
+        ...connection,
+        scopes: normalizeStringArray(connection.scopes),
+        config: sanitizeConfig(connection.config),
+        allowedApps: normalizeStringArray(connection.allowedApps),
+        credentialRefs: normalizeCredentialRefs(connection.credentialRefs),
+    };
+}
+export function serializeWorkspaceConnectionGrant(grant) {
+    return {
+        ...grant,
+        scopes: normalizeStringArray(grant.scopes),
+        config: sanitizeConfig(grant.config),
+        credentialRefs: normalizeCredentialRefs(grant.credentialRefs),
+    };
+}
+export function getWorkspaceConnectionAppAccess(connection, appId, grants = []) {
+    const normalizedAppId = appId.trim();
+    if (!normalizedAppId) {
+        return {
+            appId: normalizedAppId,
+            available: false,
+            mode: "unavailable",
+            reason: "No app id was provided.",
+            grantId: null,
+        };
+    }
+    if (connection.allowedApps.length === 0) {
+        return {
+            appId: normalizedAppId,
+            available: true,
+            mode: "all-apps",
+            reason: "Connection is available to every app in the workspace.",
+            grantId: null,
+        };
+    }
+    if (connection.allowedApps.includes(normalizedAppId)) {
+        return {
+            appId: normalizedAppId,
+            available: true,
+            mode: "allowed-app",
+            reason: `Connection is directly allowed for ${normalizedAppId}.`,
+            grantId: null,
+        };
+    }
+    const explicitGrant = grants.find((grant) => grant.connectionId === connection.id && grant.appId === normalizedAppId);
+    if (explicitGrant) {
+        return {
+            appId: normalizedAppId,
+            available: true,
+            mode: "explicit-grant",
+            reason: `Connection has an explicit grant for ${normalizedAppId}.`,
+            grantId: explicitGrant.id,
+        };
+    }
+    return {
+        appId: normalizedAppId,
+        available: false,
+        mode: "unavailable",
+        reason: `Grant ${normalizedAppId} access before this connection can be reused by the app.`,
+        grantId: null,
+    };
+}
+export function workspaceConnectionIsAvailableToApp(connection, appId, grants = []) {
+    return getWorkspaceConnectionAppAccess(connection, appId, grants).available;
+}
+function uniqueStrings(values) {
+    return Array.from(new Set(values.map((value) => value.trim()).filter(Boolean)));
+}
+function publicCredentialRefs(refs, source) {
+    return refs.map((ref) => ({
+        key: ref.key,
+        scope: ref.scope,
+        provider: ref.provider,
+        label: ref.label,
+        source,
+    }));
+}
+function grantsForConnection(connectionId, grants, appId) {
+    return grants.filter((grant) => grant.connectionId === connectionId && (!appId || grant.appId === appId));
+}
+function explicitGrantForConnection(connectionId, grants, appId) {
+    return grantsForConnection(connectionId, grants, appId)[0];
+}
+function connectionForApp(connection, appId, grants) {
+    const normalizedAppId = appId.trim();
+    const appAccess = getWorkspaceConnectionAppAccess(connection, normalizedAppId, grants);
+    return {
+        ...connection,
+        appAccess,
+        explicitGrant: explicitGrantForConnection(connection.id, grants, normalizedAppId) ??
+            null,
+    };
+}
+function serializeConnectionForApp(connection, appId, grants) {
+    const explicitGrant = explicitGrantForConnection(connection.id, grants, appId);
+    const appAccess = getWorkspaceConnectionAppAccess(connection, appId, grants);
+    return {
+        id: connection.id,
+        label: connection.label,
+        provider: connection.provider,
+        accountId: connection.accountId,
+        accountLabel: connection.accountLabel,
+        status: connection.status,
+        grantedToApp: appAccess.available,
+        grantScope: connection.allowedApps.length === 0 ? "all-apps" : "selected-apps",
+        appAccess,
+        allowedApps: connection.allowedApps,
+        credentialRefs: publicCredentialRefs(connection.credentialRefs, "connection"),
+        lastCheckedAt: connection.lastCheckedAt,
+        lastError: connection.lastError,
+        explicitGrant: explicitGrant
+            ? {
+                id: explicitGrant.id,
+                appId: explicitGrant.appId,
+                scopes: explicitGrant.scopes,
+                credentialRefs: publicCredentialRefs(explicitGrant.credentialRefs, "grant"),
+                updatedAt: explicitGrant.updatedAt,
+            }
+            : null,
+    };
+}
+function grantAvailabilityMessage(grantState, providerId, appId) {
+    switch (grantState) {
+        case "connected":
+            return `${appId} has an active ${providerId} workspace connection.`;
+        case "granted":
+            return `${appId} has ${providerId} access, but the granted connection is not connected yet.`;
+        case "needs_grant":
+            return `A ${providerId} workspace connection exists; grant ${appId} access to reuse it.`;
+        case "not_connected":
+        default:
+            return `No shared ${providerId} workspace connection is available yet.`;
+    }
+}
+export function summarizeWorkspaceConnectionProviderForApp({ providerId, appId, connections, grants = [], includeConnections = "granted", }) {
+    const normalizedProviderId = providerId.trim();
+    const normalizedAppId = appId.trim();
+    const allConnections = connections.filter((connection) => connection.provider === normalizedProviderId);
+    const grantedConnections = allConnections.filter((connection) => getWorkspaceConnectionAppAccess(connection, normalizedAppId, grants)
+        .available);
+    const connectedConnections = grantedConnections.filter((connection) => connection.status === "connected");
+    const ungrantedConnectionCount = allConnections.length - grantedConnections.length;
+    const unhealthyGrantedConnectionCount = grantedConnections.length - connectedConnections.length;
+    const grantState = connectedConnections.length
+        ? "connected"
+        : grantedConnections.length
+            ? "granted"
+            : allConnections.length
+                ? "needs_grant"
+                : "not_connected";
+    const explicitGrantCount = allConnections.reduce((count, connection) => explicitGrantForConnection(connection.id, grants, normalizedAppId)
+        ? count + 1
+        : count, 0);
+    const credentialRefCount = allConnections.reduce((count, connection) => {
+        const explicitGrant = explicitGrantForConnection(connection.id, grants, normalizedAppId);
+        return (count +
+            connection.credentialRefs.length +
+            (explicitGrant?.credentialRefs.length ?? 0));
+    }, 0);
+    const visibleConnections = includeConnections === "all" ? allConnections : grantedConnections;
+    return {
+        appId: normalizedAppId,
+        provider: normalizedProviderId,
+        grantState,
+        grantAvailability: grantState === "connected" || grantState === "granted"
+            ? "available"
+            : grantState,
+        grantAvailabilityMessage: grantAvailabilityMessage(grantState, normalizedProviderId, normalizedAppId),
+        connectionCount: allConnections.length,
+        grantedConnectionCount: grantedConnections.length,
+        activeConnectionCount: connectedConnections.length,
+        ungrantedConnectionCount,
+        unhealthyGrantedConnectionCount,
+        explicitGrantCount,
+        credentialRefCount,
+        hasWorkspaceConnection: allConnections.length > 0,
+        hasGrantedWorkspaceConnection: grantedConnections.length > 0,
+        hasActiveWorkspaceConnection: connectedConnections.length > 0,
+        statuses: uniqueStrings(allConnections.map((connection) => connection.status)),
+        connections: visibleConnections.map((connection) => serializeConnectionForApp(connection, normalizedAppId, grants)),
+    };
+}
+function requiredCredentialKeys(provider) {
+    return uniqueStrings((provider.credentialKeys ?? [])
+        .filter((credential) => credential.required ?? false)
+        .map((credential) => credential.key));
+}
+function missingRequiredCredentialKeys(provider, connection, grants = []) {
+    const available = new Set([
+        ...connection.credentialRefs,
+        ...grants.flatMap((grant) => grant.credentialRefs),
+    ]
+        .map((ref) => ref.key.trim())
+        .filter(Boolean));
+    return requiredCredentialKeys(provider).filter((key) => !available.has(key));
+}
+export function summarizeWorkspaceConnectionProviderReadiness({ provider, connections, grants = [], appId, includeConnections, }) {
+    const providerConnections = connections.filter((connection) => connection.provider === provider.id);
+    const activeConnections = providerConnections.filter((connection) => connection.status !== "disabled");
+    const attentionConnections = activeConnections.filter((connection) => connection.status === "error" ||
+        connection.status === "needs_reauth" ||
+        Boolean(connection.lastError));
+    const missingKeys = uniqueStrings(activeConnections.flatMap((connection) => missingRequiredCredentialKeys(provider, connection, grantsForConnection(connection.id, grants, appId))));
+    const readyConnections = activeConnections.filter((connection) => connection.status === "connected" &&
+        missingRequiredCredentialKeys(provider, connection, grantsForConnection(connection.id, grants, appId)).length === 0);
+    const checkingConnections = activeConnections.filter((connection) => connection.status === "checking");
+    let status = "not_configured";
+    if (readyConnections.length > 0) {
+        status = "ready";
+    }
+    else if (attentionConnections.length > 0) {
+        status = "needs_attention";
+    }
+    else if (missingKeys.length > 0) {
+        status = "needs_credentials";
+    }
+    else if (checkingConnections.length > 0) {
+        status = "checking";
+    }
+    else if (providerConnections.length > 0) {
+        status = "disabled";
+    }
+    return {
+        status,
+        connectionCount: providerConnections.length,
+        activeConnectionCount: activeConnections.length,
+        readyConnectionCount: readyConnections.length,
+        requiredCredentialKeys: requiredCredentialKeys(provider),
+        missingRequiredCredentialKeys: missingKeys,
+        appGrant: appId
+            ? summarizeWorkspaceConnectionProviderForApp({
+                providerId: provider.id,
+                appId,
+                connections,
+                grants,
+                includeConnections,
+            })
+            : null,
+    };
+}
+export async function listWorkspaceConnectionProviderCatalogForApp({ appId, provider, capability, templateUse, includeDisabled = true, includeConnections = "all", }) {
+    const [connections, grants] = await Promise.all([
+        listWorkspaceConnections({ provider, includeDisabled }),
+        listWorkspaceConnectionGrants({ provider, appId }),
+    ]);
+    const providers = listWorkspaceConnectionProviders({
+        capability,
+        templateUse,
+    })
+        .filter((item) => !provider || item.id === provider)
+        .map((item) => {
+        const workspaceConnection = summarizeWorkspaceConnectionProviderForApp({
+            providerId: item.id,
+            appId,
+            connections,
+            grants,
+            includeConnections,
+        });
+        const readiness = summarizeWorkspaceConnectionProviderReadiness({
+            provider: item,
+            connections,
+            grants,
+            appId,
+            includeConnections,
+        });
+        return {
+            ...item,
+            workspaceConnection,
+            readiness,
+        };
+    });
+    return {
+        appId,
+        providers,
+        connections,
+        grants,
+        counts: {
+            providers: providers.length,
+            connections: connections.length,
+            grants: grants.length,
+            readyProviders: providers.filter((item) => item.readiness.status === "ready").length,
+        },
+    };
+}
+export async function listWorkspaceConnectionsForApp({ appId, provider, includeDisabled = false, }) {
+    const normalizedAppId = normalizeRequiredString(appId, "listWorkspaceConnectionsForApp appId");
+    const [connections, grants] = await Promise.all([
+        listWorkspaceConnections({ provider, includeDisabled }),
+        listWorkspaceConnectionGrants({ provider, appId: normalizedAppId }),
+    ]);
+    return connections
+        .map((connection) => connectionForApp(connection, normalizedAppId, grants))
+        .filter((connection) => connection.appAccess.available);
+}
+export async function resolveWorkspaceConnectionForApp({ appId, provider, includeDisabled = false, connectionId, requireConnected = false, }) {
+    const normalizedAppId = normalizeRequiredString(appId, "resolveWorkspaceConnectionForApp appId");
+    const normalizedConnectionId = connectionId?.trim();
+    const requestedConnections = await listWorkspaceConnections({
+        provider,
+        includeDisabled: includeDisabled || Boolean(normalizedConnectionId),
+    });
+    const candidateConnections = normalizedConnectionId
+        ? requestedConnections.filter((connection) => connection.id === normalizedConnectionId)
+        : requestedConnections;
+    const grants = await listWorkspaceConnectionGrants({
+        provider,
+        appId: normalizedAppId,
+        connectionId: normalizedConnectionId,
+    });
+    if (normalizedConnectionId && candidateConnections.length === 0) {
+        return {
+            available: false,
+            connection: null,
+            appAccess: null,
+            reason: `Workspace connection "${normalizedConnectionId}" was not found in the current request scope.`,
+        };
+    }
+    for (const connection of candidateConnections) {
+        const connectionWithAccess = connectionForApp(connection, normalizedAppId, grants);
+        if (!connectionWithAccess.appAccess.available) {
+            if (normalizedConnectionId) {
+                return {
+                    available: false,
+                    connection: connectionWithAccess,
+                    appAccess: connectionWithAccess.appAccess,
+                    reason: connectionWithAccess.appAccess.reason,
+                };
+            }
+            continue;
+        }
+        if (!includeDisabled && connection.status === "disabled") {
+            if (normalizedConnectionId) {
+                return {
+                    available: false,
+                    connection: connectionWithAccess,
+                    appAccess: connectionWithAccess.appAccess,
+                    reason: `Workspace connection "${connection.id}" is disabled.`,
+                };
+            }
+            continue;
+        }
+        if (requireConnected && connection.status !== "connected") {
+            if (normalizedConnectionId) {
+                return {
+                    available: false,
+                    connection: connectionWithAccess,
+                    appAccess: connectionWithAccess.appAccess,
+                    reason: `Workspace connection "${connection.id}" is ${connection.status}; a connected workspace connection is required.`,
+                };
+            }
+            continue;
+        }
+        return {
+            available: true,
+            connection: connectionWithAccess,
+            appAccess: connectionWithAccess.appAccess,
+            reason: connectionWithAccess.appAccess.reason,
+        };
+    }
+    return {
+        available: false,
+        connection: null,
+        appAccess: null,
+        reason: provider
+            ? `No available ${provider} workspace connection was found for ${normalizedAppId}.`
+            : `No available workspace connection was found for ${normalizedAppId}.`,
+    };
+}
+async function getGrantedConnectionIdsForApp(client, scope, appId) {
+    const table = workspaceConnectionGrantsTable();
+    const where = scopedWhere(scope);
+    const { rows } = await client.execute({
+        sql: `SELECT connection_id FROM ${table} WHERE app_id = ? AND ${where.sql}`,
+        args: [appId, ...where.args],
+    });
+    return new Set(rows
+        .map((row) => String(row.connection_id ?? ""))
+        .filter(Boolean));
+}
+export async function listWorkspaceConnections(options = {}) {
+    await ensureWorkspaceConnectionsTable();
+    const client = getDbExec();
+    const table = workspaceConnectionsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const clauses = [where.sql];
+    const args = [...where.args];
+    const appId = options.appId?.trim();
+    if (options.provider) {
+        clauses.push("provider = ?");
+        args.push(options.provider);
+    }
+    if (!options.includeDisabled) {
+        clauses.push("status != ?");
+        args.push("disabled");
+    }
+    const { rows } = await client.execute({
+        sql: `SELECT * FROM ${table} WHERE ${clauses.join(" AND ")} ORDER BY updated_at DESC`,
+        args,
+    });
+    const connections = rows.map((row) => parseRow(row));
+    if (!appId)
+        return connections;
+    const grantedConnectionIds = await getGrantedConnectionIdsForApp(client, scope, appId);
+    return connections.filter((connection) => connection.allowedApps.length === 0 ||
+        connection.allowedApps.includes(appId) ||
+        grantedConnectionIds.has(connection.id));
+}
+export async function getWorkspaceConnection(id) {
+    await ensureWorkspaceConnectionsTable();
+    const client = getDbExec();
+    const table = workspaceConnectionsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const { rows } = await client.execute({
+        sql: `SELECT * FROM ${table} WHERE id = ? AND ${where.sql} LIMIT 1`,
+        args: [id, ...where.args],
+    });
+    if (rows.length === 0)
+        return null;
+    return parseRow(rows[0]);
+}
+export async function upsertWorkspaceConnection(input) {
+    await ensureWorkspaceConnectionsTable();
+    const provider = input.provider.trim();
+    if (!provider) {
+        throw new Error("upsertWorkspaceConnection requires a provider.");
+    }
+    const client = getDbExec();
+    const table = workspaceConnectionsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const id = input.id?.trim() || randomUUID();
+    const now = Date.now();
+    const label = input.label?.trim() || input.accountLabel?.trim() || provider;
+    const status = normalizeStatus(input.status);
+    const scopes = normalizeStringArray(input.scopes);
+    const config = sanitizeConfig(input.config);
+    const allowedApps = normalizeStringArray(input.allowedApps);
+    const credentialRefs = normalizeCredentialRefs(input.credentialRefs);
+    const lastCheckedAt = millis(input.lastCheckedAt);
+    const lastError = input.lastError ?? null;
+    const update = await client.execute({
+        sql: `UPDATE ${table}
+      SET provider = ?, label = ?, account_id = ?, account_label = ?,
+        status = ?, scopes_json = ?, config_json = ?, allowed_apps_json = ?,
+        credential_refs_json = ?, updated_at = ?, last_checked_at = ?,
+        last_error = ?
+      WHERE id = ? AND ${where.sql}`,
+        args: [
+            provider,
+            label,
+            input.accountId ?? null,
+            input.accountLabel ?? null,
+            status,
+            JSON.stringify(scopes),
+            JSON.stringify(config),
+            JSON.stringify(allowedApps),
+            JSON.stringify(credentialRefs),
+            now,
+            lastCheckedAt,
+            lastError,
+            id,
+            ...where.args,
+        ],
+    });
+    if (update.rowsAffected === 0) {
+        try {
+            await client.execute({
+                sql: `INSERT INTO ${table}
+          (id, provider, label, account_id, account_label, status,
+            scopes_json, config_json, allowed_apps_json, credential_refs_json,
+            owner_email, org_id, created_at, updated_at, last_checked_at,
+            last_error)
+          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+                args: [
+                    id,
+                    provider,
+                    label,
+                    input.accountId ?? null,
+                    input.accountLabel ?? null,
+                    status,
+                    JSON.stringify(scopes),
+                    JSON.stringify(config),
+                    JSON.stringify(allowedApps),
+                    JSON.stringify(credentialRefs),
+                    scope.ownerEmail,
+                    scope.orgId,
+                    now,
+                    now,
+                    lastCheckedAt,
+                    lastError,
+                ],
+            });
+        }
+        catch (err) {
+            if (isUniqueViolation(err)) {
+                throw new Error(`Workspace connection "${id}" already exists outside the current request scope.`);
+            }
+            throw err;
+        }
+    }
+    const connection = await getWorkspaceConnection(id);
+    if (!connection) {
+        throw new Error(`Workspace connection "${id}" was not found after upsert.`);
+    }
+    return connection;
+}
+export async function listWorkspaceConnectionGrants(options = {}) {
+    await ensureWorkspaceConnectionsTable();
+    const client = getDbExec();
+    const table = workspaceConnectionGrantsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const clauses = [where.sql];
+    const args = [...where.args];
+    const connectionId = options.connectionId?.trim();
+    const appId = options.appId?.trim();
+    const provider = options.provider?.trim();
+    if (connectionId) {
+        clauses.push("connection_id = ?");
+        args.push(connectionId);
+    }
+    if (appId) {
+        clauses.push("app_id = ?");
+        args.push(appId);
+    }
+    if (provider) {
+        clauses.push("provider = ?");
+        args.push(provider);
+    }
+    const { rows } = await client.execute({
+        sql: `SELECT * FROM ${table} WHERE ${clauses.join(" AND ")} ORDER BY updated_at DESC`,
+        args,
+    });
+    return rows.map((row) => parseGrantRow(row));
+}
+export async function getWorkspaceConnectionGrant(connectionId, appId) {
+    await ensureWorkspaceConnectionsTable();
+    const normalizedConnectionId = normalizeRequiredString(connectionId, "getWorkspaceConnectionGrant connectionId");
+    const normalizedAppId = normalizeRequiredString(appId, "getWorkspaceConnectionGrant appId");
+    const client = getDbExec();
+    const table = workspaceConnectionGrantsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const { rows } = await client.execute({
+        sql: `SELECT * FROM ${table} WHERE connection_id = ? AND app_id = ? AND ${where.sql} LIMIT 1`,
+        args: [normalizedConnectionId, normalizedAppId, ...where.args],
+    });
+    if (rows.length === 0)
+        return null;
+    return parseGrantRow(rows[0]);
+}
+export async function upsertWorkspaceConnectionGrant(input) {
+    await ensureWorkspaceConnectionsTable();
+    const connectionId = normalizeRequiredString(input.connectionId, "upsertWorkspaceConnectionGrant connectionId");
+    const appId = normalizeRequiredString(input.appId, "upsertWorkspaceConnectionGrant appId");
+    const connection = await getWorkspaceConnection(connectionId);
+    if (!connection) {
+        throw new Error(`Workspace connection "${connectionId}" was not found in the current request scope.`);
+    }
+    const client = getDbExec();
+    const table = workspaceConnectionGrantsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const id = input.id?.trim() || randomUUID();
+    const now = Date.now();
+    const provider = input.provider?.trim() || connection.provider;
+    const scopes = normalizeStringArray(input.scopes);
+    const config = sanitizeConfig(input.config);
+    const credentialRefs = normalizeCredentialRefs(input.credentialRefs);
+    const update = await client.execute({
+        sql: `UPDATE ${table}
+      SET provider = ?, scopes_json = ?, config_json = ?,
+        credential_refs_json = ?, granted_by_email = ?, updated_at = ?
+      WHERE connection_id = ? AND app_id = ? AND ${where.sql}`,
+        args: [
+            provider,
+            JSON.stringify(scopes),
+            JSON.stringify(config),
+            JSON.stringify(credentialRefs),
+            scope.ownerEmail,
+            now,
+            connectionId,
+            appId,
+            ...where.args,
+        ],
+    });
+    if (update.rowsAffected === 0) {
+        try {
+            await client.execute({
+                sql: `INSERT INTO ${table}
+          (id, connection_id, provider, app_id, scopes_json, config_json,
+            credential_refs_json, granted_by_email, owner_email, org_id,
+            created_at, updated_at)
+          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+                args: [
+                    id,
+                    connectionId,
+                    provider,
+                    appId,
+                    JSON.stringify(scopes),
+                    JSON.stringify(config),
+                    JSON.stringify(credentialRefs),
+                    scope.ownerEmail,
+                    scope.ownerEmail,
+                    scope.orgId,
+                    now,
+                    now,
+                ],
+            });
+        }
+        catch (err) {
+            if (isUniqueViolation(err)) {
+                throw new Error(`Workspace connection grant for "${connectionId}" and "${appId}" already exists outside the current request scope.`);
+            }
+            throw err;
+        }
+    }
+    const grant = await getWorkspaceConnectionGrant(connectionId, appId);
+    if (!grant) {
+        throw new Error(`Workspace connection grant for "${connectionId}" and "${appId}" was not found after upsert.`);
+    }
+    return grant;
+}
+export async function revokeWorkspaceConnectionGrant(connectionId, appId) {
+    await ensureWorkspaceConnectionsTable();
+    const normalizedConnectionId = normalizeRequiredString(connectionId, "revokeWorkspaceConnectionGrant connectionId");
+    const normalizedAppId = normalizeRequiredString(appId, "revokeWorkspaceConnectionGrant appId");
+    const client = getDbExec();
+    const table = workspaceConnectionGrantsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const result = await client.execute({
+        sql: `DELETE FROM ${table} WHERE connection_id = ? AND app_id = ? AND ${where.sql}`,
+        args: [normalizedConnectionId, normalizedAppId, ...where.args],
+    });
+    return result.rowsAffected > 0;
+}
+export async function deleteWorkspaceConnection(id) {
+    await ensureWorkspaceConnectionsTable();
+    const client = getDbExec();
+    const table = workspaceConnectionsTable();
+    const grantsTable = workspaceConnectionGrantsTable();
+    const scope = requireWorkspaceConnectionScope();
+    const where = scopedWhere(scope);
+    const result = await client.execute({
+        sql: `DELETE FROM ${table} WHERE id = ? AND ${where.sql}`,
+        args: [id, ...where.args],
+    });
+    if (result.rowsAffected > 0) {
+        await client.execute({
+            sql: `DELETE FROM ${grantsTable} WHERE connection_id = ? AND ${where.sql}`,
+            args: [id, ...where.args],
+        });
+    }
+    return result.rowsAffected > 0;
+}
+//# sourceMappingURL=store.js.map