@agenticmail/enterprise 0.2.1

package/dist/engine/index.js

@@ -0,0 +1,1261 @@
+import {
+  AGENTICMAIL_TOOLS,
+  ALL_TOOLS,
+  ActivityTracker,
+  AgentConfigGenerator,
+  AgentLifecycleManager,
+  ApprovalEngine,
+  BUILTIN_SKILLS,
+  DeploymentEngine,
+  KnowledgeBaseEngine,
+  OPENCLAW_CORE_TOOLS,
+  PLAN_LIMITS,
+  PRESET_PROFILES,
+  PermissionEngine,
+  TOOL_INDEX,
+  TenantManager,
+  generateOpenClawToolPolicy,
+  getToolsBySkill,
+  init_tool_catalog
+} from "../chunk-N2JVTNNJ.js";
+import "../chunk-PNKVD2UK.js";
+
+// src/engine/index.ts
+init_tool_catalog();
+
+// src/engine/db-schema.ts
+var ENGINE_TABLES = `
+-- Managed agents (the deployed AI employees)
+CREATE TABLE IF NOT EXISTS managed_agents (
+  id TEXT PRIMARY KEY,
+  org_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  display_name TEXT NOT NULL,
+  state TEXT NOT NULL DEFAULT 'draft',
+  config JSON NOT NULL,
+  health JSON NOT NULL DEFAULT '{}',
+  usage JSON NOT NULL DEFAULT '{}',
+  permission_profile_id TEXT,
+  version INTEGER NOT NULL DEFAULT 1,
+  last_deployed_at TEXT,
+  last_health_check_at TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_managed_agents_org ON managed_agents(org_id);
+CREATE INDEX IF NOT EXISTS idx_managed_agents_state ON managed_agents(state);
+
+-- State transition history
+CREATE TABLE IF NOT EXISTS agent_state_history (
+  id TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  from_state TEXT NOT NULL,
+  to_state TEXT NOT NULL,
+  reason TEXT NOT NULL,
+  triggered_by TEXT NOT NULL,
+  error TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (agent_id) REFERENCES managed_agents(id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_state_history_agent ON agent_state_history(agent_id);
+CREATE INDEX IF NOT EXISTS idx_state_history_time ON agent_state_history(created_at);
+
+-- Permission profiles
+CREATE TABLE IF NOT EXISTS permission_profiles (
+  id TEXT PRIMARY KEY,
+  org_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  description TEXT,
+  config JSON NOT NULL,
+  is_preset INTEGER NOT NULL DEFAULT 0,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_permission_profiles_org ON permission_profiles(org_id);
+
+-- Organizations (tenants)
+CREATE TABLE IF NOT EXISTS organizations (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  slug TEXT NOT NULL UNIQUE,
+  plan TEXT NOT NULL DEFAULT 'free',
+  limits JSON NOT NULL DEFAULT '{}',
+  usage JSON NOT NULL DEFAULT '{}',
+  settings JSON NOT NULL DEFAULT '{}',
+  sso_config JSON,
+  allowed_domains JSON NOT NULL DEFAULT '[]',
+  billing JSON,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_organizations_slug ON organizations(slug);
+
+-- Knowledge bases
+CREATE TABLE IF NOT EXISTS knowledge_bases (
+  id TEXT PRIMARY KEY,
+  org_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  description TEXT,
+  agent_ids JSON NOT NULL DEFAULT '[]',
+  config JSON NOT NULL DEFAULT '{}',
+  stats JSON NOT NULL DEFAULT '{}',
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_knowledge_bases_org ON knowledge_bases(org_id);
+
+-- Knowledge base documents
+CREATE TABLE IF NOT EXISTS kb_documents (
+  id TEXT PRIMARY KEY,
+  knowledge_base_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  source_type TEXT NOT NULL,
+  source_url TEXT,
+  mime_type TEXT NOT NULL DEFAULT 'text/plain',
+  size INTEGER NOT NULL DEFAULT 0,
+  metadata JSON NOT NULL DEFAULT '{}',
+  status TEXT NOT NULL DEFAULT 'processing',
+  error TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now')),
+  FOREIGN KEY (knowledge_base_id) REFERENCES knowledge_bases(id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_kb_documents_kb ON kb_documents(knowledge_base_id);
+
+-- Knowledge base chunks (for RAG)
+CREATE TABLE IF NOT EXISTS kb_chunks (
+  id TEXT PRIMARY KEY,
+  document_id TEXT NOT NULL,
+  content TEXT NOT NULL,
+  token_count INTEGER NOT NULL DEFAULT 0,
+  position INTEGER NOT NULL DEFAULT 0,
+  embedding BLOB,
+  metadata JSON NOT NULL DEFAULT '{}',
+  FOREIGN KEY (document_id) REFERENCES kb_documents(id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_kb_chunks_doc ON kb_chunks(document_id);
+
+-- Tool call records (activity tracking)
+CREATE TABLE IF NOT EXISTS tool_calls (
+  id TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  org_id TEXT NOT NULL,
+  session_id TEXT,
+  tool_id TEXT NOT NULL,
+  tool_name TEXT NOT NULL,
+  parameters JSON,
+  result JSON,
+  timing JSON NOT NULL,
+  cost JSON,
+  permission JSON NOT NULL,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_tool_calls_agent ON tool_calls(agent_id);
+CREATE INDEX IF NOT EXISTS idx_tool_calls_org ON tool_calls(org_id);
+CREATE INDEX IF NOT EXISTS idx_tool_calls_time ON tool_calls(created_at);
+CREATE INDEX IF NOT EXISTS idx_tool_calls_tool ON tool_calls(tool_id);
+
+-- Activity events (real-time stream)
+CREATE TABLE IF NOT EXISTS activity_events (
+  id TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  org_id TEXT NOT NULL,
+  session_id TEXT,
+  type TEXT NOT NULL,
+  data JSON NOT NULL DEFAULT '{}',
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_activity_agent ON activity_events(agent_id);
+CREATE INDEX IF NOT EXISTS idx_activity_org ON activity_events(org_id);
+CREATE INDEX IF NOT EXISTS idx_activity_type ON activity_events(type);
+CREATE INDEX IF NOT EXISTS idx_activity_time ON activity_events(created_at);
+
+-- Conversation entries
+CREATE TABLE IF NOT EXISTS conversations (
+  id TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  session_id TEXT NOT NULL,
+  role TEXT NOT NULL,
+  content TEXT NOT NULL,
+  channel TEXT,
+  token_count INTEGER NOT NULL DEFAULT 0,
+  tool_calls JSON,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_conversations_agent ON conversations(agent_id);
+CREATE INDEX IF NOT EXISTS idx_conversations_session ON conversations(session_id);
+
+-- Approval requests
+CREATE TABLE IF NOT EXISTS approval_requests (
+  id TEXT PRIMARY KEY,
+  agent_id TEXT NOT NULL,
+  agent_name TEXT NOT NULL,
+  org_id TEXT NOT NULL,
+  tool_id TEXT NOT NULL,
+  tool_name TEXT NOT NULL,
+  reason TEXT NOT NULL,
+  risk_level TEXT NOT NULL,
+  side_effects JSON NOT NULL DEFAULT '[]',
+  parameters JSON,
+  context TEXT,
+  status TEXT NOT NULL DEFAULT 'pending',
+  decision JSON,
+  expires_at TEXT NOT NULL,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_approvals_org ON approval_requests(org_id);
+CREATE INDEX IF NOT EXISTS idx_approvals_status ON approval_requests(status);
+CREATE INDEX IF NOT EXISTS idx_approvals_agent ON approval_requests(agent_id);
+
+-- Approval policies
+CREATE TABLE IF NOT EXISTS approval_policies (
+  id TEXT PRIMARY KEY,
+  org_id TEXT NOT NULL,
+  name TEXT NOT NULL,
+  description TEXT,
+  triggers JSON NOT NULL,
+  approvers JSON NOT NULL,
+  timeout JSON NOT NULL,
+  notify JSON NOT NULL DEFAULT '{}',
+  enabled INTEGER NOT NULL DEFAULT 1,
+  created_at TEXT NOT NULL DEFAULT (datetime('now')),
+  updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+CREATE INDEX IF NOT EXISTS idx_approval_policies_org ON approval_policies(org_id);
+`;
+var ENGINE_TABLES_POSTGRES = ENGINE_TABLES.replace(/JSON/g, "JSONB").replace(/INTEGER NOT NULL DEFAULT 0/g, "INTEGER NOT NULL DEFAULT 0").replace(/datetime\('now'\)/g, "NOW()").replace(/INTEGER NOT NULL DEFAULT 1/g, "BOOLEAN NOT NULL DEFAULT TRUE").replace(/is_preset INTEGER NOT NULL DEFAULT 0/g, "is_preset BOOLEAN NOT NULL DEFAULT FALSE");
+
+// src/engine/db-adapter.ts
+var EngineDatabase = class {
+  db;
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Run all engine migrations
+   */
+  async migrate() {
+    const statements = ENGINE_TABLES.split(";").map((s) => s.trim()).filter((s) => s.length > 0);
+    for (const stmt of statements) {
+      await this.db.run(stmt);
+    }
+  }
+  // ─── Managed Agents ─────────────────────────────────
+  async upsertManagedAgent(agent) {
+    await this.db.run(`
+      INSERT INTO managed_agents (id, org_id, name, display_name, state, config, health, usage, permission_profile_id, version, last_deployed_at, last_health_check_at, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        state = excluded.state,
+        config = excluded.config,
+        health = excluded.health,
+        usage = excluded.usage,
+        permission_profile_id = excluded.permission_profile_id,
+        version = excluded.version,
+        last_deployed_at = excluded.last_deployed_at,
+        last_health_check_at = excluded.last_health_check_at,
+        updated_at = excluded.updated_at
+    `, [
+      agent.id,
+      agent.orgId,
+      agent.config.name,
+      agent.config.displayName,
+      agent.state,
+      JSON.stringify(agent.config),
+      JSON.stringify(agent.health),
+      JSON.stringify(agent.usage),
+      agent.config.permissionProfileId,
+      agent.version,
+      agent.lastDeployedAt || null,
+      agent.lastHealthCheckAt || null,
+      agent.createdAt,
+      agent.updatedAt
+    ]);
+  }
+  async getManagedAgent(id) {
+    const row = await this.db.get("SELECT * FROM managed_agents WHERE id = ?", [id]);
+    return row ? this.rowToManagedAgent(row) : null;
+  }
+  async getManagedAgentsByOrg(orgId) {
+    const rows = await this.db.all("SELECT * FROM managed_agents WHERE org_id = ? ORDER BY created_at DESC", [orgId]);
+    return rows.map((r) => this.rowToManagedAgent(r));
+  }
+  async getManagedAgentsByState(state) {
+    const rows = await this.db.all("SELECT * FROM managed_agents WHERE state = ?", [state]);
+    return rows.map((r) => this.rowToManagedAgent(r));
+  }
+  async deleteManagedAgent(id) {
+    await this.db.run("DELETE FROM managed_agents WHERE id = ?", [id]);
+  }
+  async countManagedAgents(orgId, state) {
+    const sql = state ? "SELECT COUNT(*) as count FROM managed_agents WHERE org_id = ? AND state = ?" : "SELECT COUNT(*) as count FROM managed_agents WHERE org_id = ?";
+    const row = await this.db.get(sql, state ? [orgId, state] : [orgId]);
+    return row?.count || 0;
+  }
+  // ─── State History ──────────────────────────────────
+  async addStateTransition(agentId, transition) {
+    await this.db.run(`
+      INSERT INTO agent_state_history (id, agent_id, from_state, to_state, reason, triggered_by, error, created_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+    `, [
+      crypto.randomUUID(),
+      agentId,
+      transition.from,
+      transition.to,
+      transition.reason,
+      transition.triggeredBy,
+      transition.error || null,
+      transition.timestamp
+    ]);
+  }
+  async getStateHistory(agentId, limit = 50) {
+    const rows = await this.db.all(
+      "SELECT * FROM agent_state_history WHERE agent_id = ? ORDER BY created_at DESC LIMIT ?",
+      [agentId, limit]
+    );
+    return rows.map((r) => ({
+      from: r.from_state,
+      to: r.to_state,
+      reason: r.reason,
+      triggeredBy: r.triggered_by,
+      timestamp: r.created_at,
+      error: r.error
+    }));
+  }
+  // ─── Permission Profiles ────────────────────────────
+  async upsertPermissionProfile(orgId, profile) {
+    await this.db.run(`
+      INSERT INTO permission_profiles (id, org_id, name, description, config, is_preset, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, 0, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        name = excluded.name, description = excluded.description,
+        config = excluded.config, updated_at = excluded.updated_at
+    `, [
+      profile.id,
+      orgId,
+      profile.name,
+      profile.description || null,
+      JSON.stringify(profile),
+      profile.createdAt,
+      profile.updatedAt
+    ]);
+  }
+  async getPermissionProfile(id) {
+    const row = await this.db.get("SELECT * FROM permission_profiles WHERE id = ?", [id]);
+    return row ? JSON.parse(row.config) : null;
+  }
+  async getPermissionProfilesByOrg(orgId) {
+    const rows = await this.db.all("SELECT config FROM permission_profiles WHERE org_id = ? ORDER BY name", [orgId]);
+    return rows.map((r) => JSON.parse(r.config));
+  }
+  async deletePermissionProfile(id) {
+    await this.db.run("DELETE FROM permission_profiles WHERE id = ?", [id]);
+  }
+  // ─── Organizations ──────────────────────────────────
+  async upsertOrganization(org) {
+    await this.db.run(`
+      INSERT INTO organizations (id, name, slug, plan, limits, usage, settings, sso_config, allowed_domains, billing, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        name = excluded.name, slug = excluded.slug, plan = excluded.plan,
+        limits = excluded.limits, usage = excluded.usage, settings = excluded.settings,
+        sso_config = excluded.sso_config, allowed_domains = excluded.allowed_domains,
+        billing = excluded.billing, updated_at = excluded.updated_at
+    `, [
+      org.id,
+      org.name,
+      org.slug,
+      org.plan,
+      JSON.stringify(org.limits),
+      JSON.stringify(org.usage),
+      JSON.stringify(org.settings),
+      org.ssoConfig ? JSON.stringify(org.ssoConfig) : null,
+      JSON.stringify(org.allowedDomains),
+      org.billing ? JSON.stringify(org.billing) : null,
+      org.createdAt,
+      org.updatedAt
+    ]);
+  }
+  async getOrganization(id) {
+    const row = await this.db.get("SELECT * FROM organizations WHERE id = ?", [id]);
+    return row ? this.rowToOrg(row) : null;
+  }
+  async getOrganizationBySlug(slug) {
+    const row = await this.db.get("SELECT * FROM organizations WHERE slug = ?", [slug]);
+    return row ? this.rowToOrg(row) : null;
+  }
+  async listOrganizations() {
+    const rows = await this.db.all("SELECT * FROM organizations ORDER BY created_at DESC");
+    return rows.map((r) => this.rowToOrg(r));
+  }
+  async deleteOrganization(id) {
+    await this.db.run("DELETE FROM organizations WHERE id = ?", [id]);
+  }
+  // ─── Knowledge Bases ────────────────────────────────
+  async upsertKnowledgeBase(kb) {
+    await this.db.run(`
+      INSERT INTO knowledge_bases (id, org_id, name, description, agent_ids, config, stats, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        name = excluded.name, description = excluded.description,
+        agent_ids = excluded.agent_ids, config = excluded.config,
+        stats = excluded.stats, updated_at = excluded.updated_at
+    `, [
+      kb.id,
+      kb.orgId,
+      kb.name,
+      kb.description || null,
+      JSON.stringify(kb.agentIds),
+      JSON.stringify(kb.config),
+      JSON.stringify(kb.stats),
+      kb.createdAt,
+      kb.updatedAt
+    ]);
+  }
+  async getKnowledgeBase(id) {
+    const row = await this.db.get("SELECT * FROM knowledge_bases WHERE id = ?", [id]);
+    if (!row) return null;
+    const kb = {
+      id: row.id,
+      orgId: row.org_id,
+      name: row.name,
+      description: row.description,
+      agentIds: JSON.parse(row.agent_ids),
+      config: JSON.parse(row.config),
+      stats: JSON.parse(row.stats),
+      createdAt: row.created_at,
+      updatedAt: row.updated_at,
+      documents: []
+    };
+    kb.documents = await this.getKBDocuments(id);
+    return kb;
+  }
+  async getKnowledgeBasesByOrg(orgId) {
+    const rows = await this.db.all("SELECT * FROM knowledge_bases WHERE org_id = ? ORDER BY name", [orgId]);
+    return rows.map((r) => ({
+      id: r.id,
+      orgId: r.org_id,
+      name: r.name,
+      description: r.description,
+      agentIds: JSON.parse(r.agent_ids),
+      config: JSON.parse(r.config),
+      stats: JSON.parse(r.stats),
+      createdAt: r.created_at,
+      updatedAt: r.updated_at,
+      documents: []
+      // Loaded on demand
+    }));
+  }
+  async deleteKnowledgeBase(id) {
+    await this.db.run("DELETE FROM knowledge_bases WHERE id = ?", [id]);
+  }
+  // ─── KB Documents & Chunks ──────────────────────────
+  async insertKBDocument(doc) {
+    await this.db.run(`
+      INSERT INTO kb_documents (id, knowledge_base_id, name, source_type, source_url, mime_type, size, metadata, status, error, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `, [
+      doc.id,
+      doc.knowledgeBaseId,
+      doc.name,
+      doc.sourceType,
+      doc.sourceUrl || null,
+      doc.mimeType,
+      doc.size,
+      JSON.stringify(doc.metadata),
+      doc.status,
+      doc.error || null,
+      doc.createdAt,
+      doc.updatedAt
+    ]);
+    for (const chunk of doc.chunks) {
+      await this.db.run(`
+        INSERT INTO kb_chunks (id, document_id, content, token_count, position, embedding, metadata)
+        VALUES (?, ?, ?, ?, ?, ?, ?)
+      `, [
+        chunk.id,
+        doc.id,
+        chunk.content,
+        chunk.tokenCount,
+        chunk.position,
+        chunk.embedding ? Buffer.from(new Float32Array(chunk.embedding).buffer) : null,
+        JSON.stringify(chunk.metadata)
+      ]);
+    }
+  }
+  async getKBDocuments(kbId) {
+    const docs = await this.db.all("SELECT * FROM kb_documents WHERE knowledge_base_id = ?", [kbId]);
+    const result = [];
+    for (const d of docs) {
+      const chunks = await this.db.all("SELECT * FROM kb_chunks WHERE document_id = ? ORDER BY position", [d.id]);
+      result.push({
+        id: d.id,
+        knowledgeBaseId: d.knowledge_base_id,
+        name: d.name,
+        sourceType: d.source_type,
+        sourceUrl: d.source_url,
+        mimeType: d.mime_type,
+        size: d.size,
+        metadata: JSON.parse(d.metadata),
+        status: d.status,
+        error: d.error,
+        createdAt: d.created_at,
+        updatedAt: d.updated_at,
+        chunks: chunks.map((c) => ({
+          id: c.id,
+          documentId: c.document_id,
+          content: c.content,
+          tokenCount: c.token_count,
+          position: c.position,
+          embedding: c.embedding ? Array.from(new Float32Array(c.embedding)) : void 0,
+          metadata: JSON.parse(c.metadata)
+        }))
+      });
+    }
+    return result;
+  }
+  async deleteKBDocument(docId) {
+    await this.db.run("DELETE FROM kb_documents WHERE id = ?", [docId]);
+  }
+  // ─── Tool Calls (Activity) ──────────────────────────
+  async insertToolCall(record) {
+    await this.db.run(`
+      INSERT INTO tool_calls (id, agent_id, org_id, session_id, tool_id, tool_name, parameters, result, timing, cost, permission, created_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `, [
+      record.id,
+      record.agentId,
+      record.orgId,
+      record.sessionId || null,
+      record.toolId,
+      record.toolName,
+      JSON.stringify(record.parameters),
+      record.result ? JSON.stringify(record.result) : null,
+      JSON.stringify(record.timing),
+      record.cost ? JSON.stringify(record.cost) : null,
+      JSON.stringify(record.permission),
+      record.timing.startedAt
+    ]);
+  }
+  async updateToolCallResult(id, result, timing, cost) {
+    await this.db.run(
+      "UPDATE tool_calls SET result = ?, timing = ?, cost = ? WHERE id = ?",
+      [JSON.stringify(result), JSON.stringify(timing), cost ? JSON.stringify(cost) : null, id]
+    );
+  }
+  async getToolCalls(opts) {
+    const conditions = [];
+    const params = [];
+    if (opts.agentId) {
+      conditions.push("agent_id = ?");
+      params.push(opts.agentId);
+    }
+    if (opts.orgId) {
+      conditions.push("org_id = ?");
+      params.push(opts.orgId);
+    }
+    if (opts.toolId) {
+      conditions.push("tool_id = ?");
+      params.push(opts.toolId);
+    }
+    if (opts.since) {
+      conditions.push("created_at >= ?");
+      params.push(opts.since);
+    }
+    const where = conditions.length > 0 ? "WHERE " + conditions.join(" AND ") : "";
+    params.push(opts.limit || 50);
+    const rows = await this.db.all(`SELECT * FROM tool_calls ${where} ORDER BY created_at DESC LIMIT ?`, params);
+    return rows.map((r) => ({
+      id: r.id,
+      agentId: r.agent_id,
+      orgId: r.org_id,
+      sessionId: r.session_id,
+      toolId: r.tool_id,
+      toolName: r.tool_name,
+      parameters: JSON.parse(r.parameters || "{}"),
+      result: r.result ? JSON.parse(r.result) : void 0,
+      timing: JSON.parse(r.timing),
+      cost: r.cost ? JSON.parse(r.cost) : void 0,
+      permission: JSON.parse(r.permission)
+    }));
+  }
+  // ─── Activity Events ────────────────────────────────
+  async insertActivityEvent(event) {
+    await this.db.run(`
+      INSERT INTO activity_events (id, agent_id, org_id, session_id, type, data, created_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?)
+    `, [event.id, event.agentId, event.orgId, event.sessionId || null, event.type, JSON.stringify(event.data), event.timestamp]);
+  }
+  async getActivityEvents(opts) {
+    const conditions = [];
+    const params = [];
+    if (opts.agentId) {
+      conditions.push("agent_id = ?");
+      params.push(opts.agentId);
+    }
+    if (opts.orgId) {
+      conditions.push("org_id = ?");
+      params.push(opts.orgId);
+    }
+    if (opts.types?.length) {
+      conditions.push(`type IN (${opts.types.map(() => "?").join(",")})`);
+      params.push(...opts.types);
+    }
+    if (opts.since) {
+      conditions.push("created_at >= ?");
+      params.push(opts.since);
+    }
+    const where = conditions.length > 0 ? "WHERE " + conditions.join(" AND ") : "";
+    params.push(opts.limit || 50);
+    const rows = await this.db.all(`SELECT * FROM activity_events ${where} ORDER BY created_at DESC LIMIT ?`, params);
+    return rows.map((r) => ({
+      id: r.id,
+      agentId: r.agent_id,
+      orgId: r.org_id,
+      sessionId: r.session_id,
+      type: r.type,
+      data: JSON.parse(r.data),
+      timestamp: r.created_at
+    }));
+  }
+  // ─── Conversations ──────────────────────────────────
+  async insertConversation(entry) {
+    await this.db.run(`
+      INSERT INTO conversations (id, agent_id, session_id, role, content, channel, token_count, tool_calls, created_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `, [
+      entry.id,
+      entry.agentId,
+      entry.sessionId,
+      entry.role,
+      entry.content,
+      entry.channel || null,
+      entry.tokenCount,
+      entry.toolCalls ? JSON.stringify(entry.toolCalls) : null,
+      entry.timestamp
+    ]);
+  }
+  async getConversation(sessionId, limit = 50) {
+    const rows = await this.db.all(
+      "SELECT * FROM conversations WHERE session_id = ? ORDER BY created_at ASC LIMIT ?",
+      [sessionId, limit]
+    );
+    return rows.map((r) => ({
+      id: r.id,
+      agentId: r.agent_id,
+      sessionId: r.session_id,
+      role: r.role,
+      content: r.content,
+      channel: r.channel,
+      tokenCount: r.token_count,
+      toolCalls: r.tool_calls ? JSON.parse(r.tool_calls) : void 0,
+      timestamp: r.created_at
+    }));
+  }
+  // ─── Approval Requests ──────────────────────────────
+  async insertApprovalRequest(req, orgId) {
+    await this.db.run(`
+      INSERT INTO approval_requests (id, agent_id, agent_name, org_id, tool_id, tool_name, reason, risk_level, side_effects, parameters, context, status, decision, expires_at, created_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `, [
+      req.id,
+      req.agentId,
+      req.agentName,
+      orgId,
+      req.toolId,
+      req.toolName,
+      req.reason,
+      req.riskLevel,
+      JSON.stringify(req.sideEffects),
+      req.parameters ? JSON.stringify(req.parameters) : null,
+      req.context || null,
+      req.status,
+      req.decision ? JSON.stringify(req.decision) : null,
+      req.expiresAt,
+      req.createdAt
+    ]);
+  }
+  async updateApprovalRequest(id, status, decision) {
+    await this.db.run(
+      "UPDATE approval_requests SET status = ?, decision = ? WHERE id = ?",
+      [status, decision ? JSON.stringify(decision) : null, id]
+    );
+  }
+  async getApprovalRequests(opts) {
+    const conditions = [];
+    const params = [];
+    if (opts.orgId) {
+      conditions.push("org_id = ?");
+      params.push(opts.orgId);
+    }
+    if (opts.status) {
+      conditions.push("status = ?");
+      params.push(opts.status);
+    }
+    if (opts.agentId) {
+      conditions.push("agent_id = ?");
+      params.push(opts.agentId);
+    }
+    const where = conditions.length > 0 ? "WHERE " + conditions.join(" AND ") : "";
+    params.push(opts.limit || 50);
+    const rows = await this.db.all(`SELECT * FROM approval_requests ${where} ORDER BY created_at DESC LIMIT ?`, params);
+    return rows.map((r) => ({
+      id: r.id,
+      agentId: r.agent_id,
+      agentName: r.agent_name,
+      toolId: r.tool_id,
+      toolName: r.tool_name,
+      reason: r.reason,
+      riskLevel: r.risk_level,
+      sideEffects: JSON.parse(r.side_effects),
+      parameters: r.parameters ? JSON.parse(r.parameters) : void 0,
+      context: r.context,
+      status: r.status,
+      decision: r.decision ? JSON.parse(r.decision) : void 0,
+      createdAt: r.created_at,
+      expiresAt: r.expires_at
+    }));
+  }
+  // ─── Approval Policies ──────────────────────────────
+  async upsertApprovalPolicy(orgId, policy) {
+    await this.db.run(`
+      INSERT INTO approval_policies (id, org_id, name, description, triggers, approvers, timeout, notify, enabled, created_at, updated_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      ON CONFLICT(id) DO UPDATE SET
+        name = excluded.name, description = excluded.description,
+        triggers = excluded.triggers, approvers = excluded.approvers,
+        timeout = excluded.timeout, notify = excluded.notify,
+        enabled = excluded.enabled, updated_at = excluded.updated_at
+    `, [
+      policy.id,
+      orgId,
+      policy.name,
+      policy.description || null,
+      JSON.stringify(policy.triggers),
+      JSON.stringify(policy.approvers),
+      JSON.stringify(policy.timeout),
+      JSON.stringify(policy.notify),
+      policy.enabled ? 1 : 0,
+      (/* @__PURE__ */ new Date()).toISOString(),
+      (/* @__PURE__ */ new Date()).toISOString()
+    ]);
+  }
+  async getApprovalPolicies(orgId) {
+    const rows = await this.db.all("SELECT * FROM approval_policies WHERE org_id = ? ORDER BY name", [orgId]);
+    return rows.map((r) => ({
+      id: r.id,
+      name: r.name,
+      description: r.description,
+      triggers: JSON.parse(r.triggers),
+      approvers: JSON.parse(r.approvers),
+      timeout: JSON.parse(r.timeout),
+      notify: JSON.parse(r.notify),
+      enabled: !!r.enabled
+    }));
+  }
+  async deleteApprovalPolicy(id) {
+    await this.db.run("DELETE FROM approval_policies WHERE id = ?", [id]);
+  }
+  // ─── Aggregate Stats ───────────────────────────────
+  async getEngineStats(orgId) {
+    const today = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+    const [agents, running, toolCalls, activity, approvals, kbs] = await Promise.all([
+      this.db.get("SELECT COUNT(*) as c FROM managed_agents WHERE org_id = ?", [orgId]),
+      this.db.get("SELECT COUNT(*) as c FROM managed_agents WHERE org_id = ? AND state = ?", [orgId, "running"]),
+      this.db.get("SELECT COUNT(*) as c FROM tool_calls WHERE org_id = ? AND created_at >= ?", [orgId, today]),
+      this.db.get("SELECT COUNT(*) as c FROM activity_events WHERE org_id = ? AND created_at >= ?", [orgId, today]),
+      this.db.get("SELECT COUNT(*) as c FROM approval_requests WHERE org_id = ? AND status = ?", [orgId, "pending"]),
+      this.db.get("SELECT COUNT(*) as c FROM knowledge_bases WHERE org_id = ?", [orgId])
+    ]);
+    return {
+      totalManagedAgents: agents?.c || 0,
+      runningAgents: running?.c || 0,
+      totalToolCallsToday: toolCalls?.c || 0,
+      totalActivityToday: activity?.c || 0,
+      pendingApprovals: approvals?.c || 0,
+      totalKnowledgeBases: kbs?.c || 0
+    };
+  }
+  /**
+   * Cleanup old data based on retention
+   */
+  async cleanup(retainDays) {
+    const cutoff = new Date(Date.now() - retainDays * 864e5).toISOString();
+    const tc = await this.db.get("SELECT COUNT(*) as c FROM tool_calls WHERE created_at < ?", [cutoff]);
+    const ev = await this.db.get("SELECT COUNT(*) as c FROM activity_events WHERE created_at < ?", [cutoff]);
+    const cv = await this.db.get("SELECT COUNT(*) as c FROM conversations WHERE created_at < ?", [cutoff]);
+    await this.db.run("DELETE FROM tool_calls WHERE created_at < ?", [cutoff]);
+    await this.db.run("DELETE FROM activity_events WHERE created_at < ?", [cutoff]);
+    await this.db.run("DELETE FROM conversations WHERE created_at < ?", [cutoff]);
+    return {
+      toolCalls: tc?.c || 0,
+      events: ev?.c || 0,
+      conversations: cv?.c || 0
+    };
+  }
+  // ─── Row Mappers ────────────────────────────────────
+  rowToManagedAgent(row) {
+    return {
+      id: row.id,
+      orgId: row.org_id,
+      config: JSON.parse(row.config),
+      state: row.state,
+      stateHistory: [],
+      // Loaded separately via getStateHistory
+      health: JSON.parse(row.health || "{}"),
+      usage: JSON.parse(row.usage || "{}"),
+      createdAt: row.created_at,
+      updatedAt: row.updated_at,
+      lastDeployedAt: row.last_deployed_at,
+      lastHealthCheckAt: row.last_health_check_at,
+      version: row.version
+    };
+  }
+  rowToOrg(row) {
+    return {
+      id: row.id,
+      name: row.name,
+      slug: row.slug,
+      plan: row.plan,
+      limits: JSON.parse(row.limits || "{}"),
+      usage: JSON.parse(row.usage || "{}"),
+      settings: JSON.parse(row.settings || "{}"),
+      ssoConfig: row.sso_config ? JSON.parse(row.sso_config) : void 0,
+      allowedDomains: JSON.parse(row.allowed_domains || "[]"),
+      billing: row.billing ? JSON.parse(row.billing) : void 0,
+      createdAt: row.created_at,
+      updatedAt: row.updated_at
+    };
+  }
+};
+
+// src/engine/openclaw-hook.ts
+var EnterpriseHook = class {
+  config;
+  permissionCache = /* @__PURE__ */ new Map();
+  pendingToolCalls = /* @__PURE__ */ new Map();
+  // callId → toolCallRecordId
+  connected = false;
+  constructor(config) {
+    this.config = {
+      engineUrl: config.engineUrl,
+      agentId: config.agentId,
+      orgId: config.orgId,
+      apiToken: config.apiToken || "",
+      knowledgeBaseEnabled: config.knowledgeBaseEnabled ?? true,
+      kbMaxTokens: config.kbMaxTokens ?? 2e3,
+      activityStreamEnabled: config.activityStreamEnabled ?? true,
+      failMode: config.failMode ?? "open",
+      permissionCacheTtlSec: config.permissionCacheTtlSec ?? 30
+    };
+  }
+  /**
+   * BEFORE a tool call — check permissions, record start
+   */
+  async beforeToolCall(ctx) {
+    try {
+      const cached = this.permissionCache.get(ctx.toolId);
+      if (cached && cached.expires > Date.now()) {
+        await this.recordToolCallStart(ctx);
+        return cached.result;
+      }
+      const permResult = await this.apiCall("/api/engine/permissions/check", "POST", {
+        agentId: this.config.agentId,
+        toolId: ctx.toolId
+      });
+      const result = {
+        allowed: permResult.allowed ?? this.config.failMode === "open",
+        reason: permResult.reason || "Unknown",
+        requiresApproval: permResult.requiresApproval || false,
+        sandbox: permResult.sandbox || false
+      };
+      this.permissionCache.set(ctx.toolId, {
+        result,
+        expires: Date.now() + this.config.permissionCacheTtlSec * 1e3
+      });
+      if (result.requiresApproval && result.allowed) {
+        const approval = await this.requestApproval(ctx);
+        if (approval) {
+          result.approvalId = approval.id;
+          if (approval.status === "denied") {
+            result.allowed = false;
+            result.reason = `Denied by ${approval.decision?.by}: ${approval.decision?.reason || "No reason given"}`;
+          } else if (approval.status === "expired") {
+            result.allowed = false;
+            result.reason = "Approval request expired";
+          }
+        }
+      }
+      if (result.allowed) {
+        await this.recordToolCallStart(ctx);
+      } else {
+        await this.recordActivity("tool_blocked", {
+          toolId: ctx.toolId,
+          toolName: ctx.toolName,
+          reason: result.reason
+        });
+      }
+      return result;
+    } catch (error) {
+      const allowed = this.config.failMode === "open";
+      return {
+        allowed,
+        reason: allowed ? `Engine unreachable (fail-open): ${error.message}` : `Engine unreachable (fail-closed): ${error.message}`,
+        requiresApproval: false
+      };
+    }
+  }
+  /**
+   * AFTER a tool call — record result, update usage
+   */
+  async afterToolCall(ctx, result) {
+    try {
+      await this.apiCall("/api/engine/agents/" + this.config.agentId + "/record-tool-call", "POST", {
+        toolId: ctx.toolId,
+        tokensUsed: (result.inputTokens || 0) + (result.outputTokens || 0),
+        costUsd: result.costUsd || 0,
+        isExternalAction: this.isExternalAction(ctx.toolId),
+        error: !result.success
+      });
+      await this.recordActivity(result.success ? "tool_call_end" : "tool_call_error", {
+        toolId: ctx.toolId,
+        toolName: ctx.toolName,
+        success: result.success,
+        error: result.error,
+        durationMs: ctx.timestamp ? Date.now() - ctx.timestamp.getTime() : void 0,
+        inputTokens: result.inputTokens,
+        outputTokens: result.outputTokens,
+        costUsd: result.costUsd
+      });
+    } catch {
+    }
+  }
+  /**
+   * BEFORE an LLM call — inject knowledge base context
+   */
+  async getKnowledgeContext(userMessage) {
+    if (!this.config.knowledgeBaseEnabled) return null;
+    try {
+      const result = await this.apiCall("/api/engine/knowledge-bases/context", "POST", {
+        agentId: this.config.agentId,
+        query: userMessage,
+        maxTokens: this.config.kbMaxTokens
+      });
+      return result.context || null;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * ON session start
+   */
+  async onSessionStart(sessionId) {
+    try {
+      await this.recordActivity("session_start", { sessionId });
+    } catch {
+    }
+  }
+  /**
+   * ON session end
+   */
+  async onSessionEnd(sessionId) {
+    try {
+      await this.recordActivity("session_end", { sessionId });
+    } catch {
+    }
+  }
+  /**
+   * Record a conversation message
+   */
+  async recordMessage(opts) {
+    try {
+      await this.apiCall("/api/engine/activity/record-message", "POST", {
+        agentId: this.config.agentId,
+        ...opts
+      });
+    } catch {
+    }
+  }
+  /**
+   * Get the tool policy for this agent (used on startup to configure OpenClaw)
+   */
+  async getToolPolicy() {
+    try {
+      return await this.apiCall(`/api/engine/permissions/${this.config.agentId}/policy`, "GET");
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Check if engine is reachable
+   */
+  async healthCheck() {
+    try {
+      const result = await this.apiCall("/health", "GET");
+      this.connected = result.status === "ok";
+      return this.connected;
+    } catch {
+      this.connected = false;
+      return false;
+    }
+  }
+  // ─── Private ──────────────────────────────────────────
+  async requestApproval(ctx) {
+    try {
+      const result = await this.apiCall("/api/engine/approvals/request", "POST", {
+        agentId: this.config.agentId,
+        agentName: this.config.agentId,
+        toolId: ctx.toolId,
+        toolName: ctx.toolName,
+        parameters: ctx.parameters,
+        context: `Session ${ctx.sessionId}`
+      });
+      if (result.request?.id) {
+        const start = Date.now();
+        while (Date.now() - start < 3e5) {
+          await new Promise((r) => setTimeout(r, 3e3));
+          const check = await this.apiCall(`/api/engine/approvals/${result.request.id}`, "GET");
+          if (check.request?.status !== "pending") return check.request;
+        }
+        return { status: "expired" };
+      }
+      return null;
+    } catch {
+      return null;
+    }
+  }
+  async recordToolCallStart(ctx) {
+    if (!this.config.activityStreamEnabled) return;
+    try {
+      await this.recordActivity("tool_call_start", {
+        toolId: ctx.toolId,
+        toolName: ctx.toolName,
+        sessionId: ctx.sessionId
+      });
+    } catch {
+    }
+  }
+  async recordActivity(type, data) {
+    try {
+      await this.apiCall("/api/engine/activity/record", "POST", {
+        agentId: this.config.agentId,
+        orgId: this.config.orgId,
+        type,
+        data
+      });
+    } catch {
+    }
+  }
+  isExternalAction(toolId) {
+    const externalTools = [
+      "agenticmail_send",
+      "agenticmail_reply",
+      "agenticmail_forward",
+      "agenticmail_sms_send",
+      "message",
+      "tts"
+    ];
+    return externalTools.includes(toolId);
+  }
+  async apiCall(path, method, body) {
+    const opts = {
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        ...this.config.apiToken ? { "Authorization": `Bearer ${this.config.apiToken}` } : {}
+      },
+      signal: AbortSignal.timeout(5e3)
+    };
+    if (body && method !== "GET") opts.body = JSON.stringify(body);
+    const resp = await fetch(`${this.config.engineUrl}${path}`, opts);
+    return resp.json();
+  }
+};
+function createEnterpriseHook(config) {
+  return new EnterpriseHook(config);
+}
+
+// src/engine/agenticmail-bridge.ts
+init_tool_catalog();
+var AgenticMailBridge = class {
+  hook;
+  config;
+  toolPolicy = null;
+  sessionId = "";
+  rateLimiter = { count: 0, resetAt: 0 };
+  constructor(config) {
+    this.config = config;
+    this.hook = new EnterpriseHook(config);
+  }
+  /**
+   * Initialize the bridge — load config, verify connection
+   */
+  async initialize() {
+    const connected = await this.hook.healthCheck();
+    if (connected && this.config.autoConfigureTools !== false) {
+      this.toolPolicy = await this.hook.getToolPolicy();
+    }
+    if (this.config.verbose) {
+      console.log(`[Enterprise] Bridge initialized. Connected: ${connected}`);
+      if (this.toolPolicy) {
+        console.log(`[Enterprise] Tool policy: ${this.toolPolicy.allowedTools.length} allowed, ${this.toolPolicy.blockedTools.length} blocked`);
+      }
+    }
+    return { connected, toolPolicy: this.toolPolicy };
+  }
+  /**
+   * Get a tool interceptor that can be registered with OpenClaw
+   */
+  getInterceptor() {
+    return {
+      beforeTool: async (toolId, params, sessionId) => {
+        this.sessionId = sessionId;
+        if (this.toolPolicy?.blockedTools.includes(toolId)) {
+          if (this.config.verbose) console.log(`[Enterprise] BLOCKED: ${toolId} (policy)`);
+          return { allowed: false, reason: `Tool "${toolId}" is blocked by enterprise policy` };
+        }
+        const now = Date.now();
+        if (now > this.rateLimiter.resetAt) {
+          this.rateLimiter = { count: 0, resetAt: now + 6e4 };
+        }
+        this.rateLimiter.count++;
+        const limit = this.toolPolicy?.rateLimits?.toolCallsPerMinute || 120;
+        if (this.rateLimiter.count > limit) {
+          return { allowed: false, reason: `Rate limit exceeded: ${this.rateLimiter.count}/${limit} calls/min` };
+        }
+        const result = await this.hook.beforeToolCall({
+          toolId,
+          toolName: toolId,
+          parameters: params,
+          sessionId,
+          timestamp: /* @__PURE__ */ new Date()
+        });
+        if (this.config.verbose && !result.allowed) {
+          console.log(`[Enterprise] BLOCKED: ${toolId} \u2014 ${result.reason}`);
+        }
+        return {
+          allowed: result.allowed,
+          reason: result.reason,
+          modifiedParams: result.modifiedParameters
+        };
+      },
+      afterTool: async (toolId, params, result, sessionId) => {
+        await this.hook.afterToolCall(
+          { toolId, toolName: toolId, parameters: params, sessionId, timestamp: /* @__PURE__ */ new Date() },
+          {
+            success: !result?.error,
+            output: typeof result === "string" ? result : JSON.stringify(result)?.slice(0, 500),
+            error: result?.error
+          }
+        );
+      }
+    };
+  }
+  /**
+   * Get knowledge base context to inject before LLM call
+   */
+  async getKBContext(userMessage) {
+    return this.hook.getKnowledgeContext(userMessage);
+  }
+  /**
+   * Generate coordination context for the agent's system prompt
+   */
+  getCoordinationContext() {
+    if (!this.config.injectCoordinationContext) return "";
+    const blocked = this.toolPolicy?.blockedTools || [];
+    const needsApproval = this.toolPolicy?.approvalRequired || [];
+    let ctx = "\n<enterprise-context>\n";
+    ctx += "\u{1F3E2} This agent is managed by AgenticMail Enterprise.\n";
+    if (blocked.length > 0) {
+      ctx += `\u26D4 Blocked tools (do not attempt): ${blocked.join(", ")}
+`;
+    }
+    if (needsApproval.length > 0) {
+      ctx += `\u26A0\uFE0F Tools requiring human approval: ${needsApproval.join(", ")}
+`;
+      ctx += "When using these tools, the call will pause until a human approves or denies.\n";
+    }
+    ctx += "</enterprise-context>\n";
+    return ctx;
+  }
+  /**
+   * Notify engine of session lifecycle
+   */
+  async onSessionStart(sessionId) {
+    this.sessionId = sessionId;
+    await this.hook.onSessionStart(sessionId);
+  }
+  async onSessionEnd(sessionId) {
+    await this.hook.onSessionEnd(sessionId);
+  }
+  /**
+   * Record a message in the conversation log
+   */
+  async recordMessage(role, content, opts) {
+    await this.hook.recordMessage({
+      sessionId: this.sessionId,
+      role,
+      content,
+      channel: opts?.channel,
+      tokenCount: opts?.tokenCount || Math.ceil(content.length / 4)
+    });
+  }
+  /**
+   * Get the loaded tool policy
+   */
+  getToolPolicy() {
+    return this.toolPolicy;
+  }
+  /**
+   * Generate OpenClaw-compatible config for tools.allow / tools.deny
+   * This is what gets written to the gateway config
+   */
+  getOpenClawToolConfig() {
+    if (!this.toolPolicy) return {};
+    return generateOpenClawToolPolicy(
+      this.toolPolicy.allowedTools,
+      this.toolPolicy.blockedTools
+    );
+  }
+};
+async function createAgenticMailBridge(config) {
+  const bridge = new AgenticMailBridge({
+    autoConfigureTools: true,
+    injectCoordinationContext: true,
+    verbose: false,
+    failMode: "open",
+    permissionCacheTtlSec: 30,
+    kbMaxTokens: 2e3,
+    knowledgeBaseEnabled: true,
+    activityStreamEnabled: true,
+    ...config
+  });
+  await bridge.initialize();
+  return bridge;
+}
+export {
+  AGENTICMAIL_TOOLS,
+  ALL_TOOLS,
+  ActivityTracker,
+  AgentConfigGenerator,
+  AgentLifecycleManager,
+  AgenticMailBridge,
+  ApprovalEngine,
+  BUILTIN_SKILLS,
+  DeploymentEngine,
+  ENGINE_TABLES,
+  ENGINE_TABLES_POSTGRES,
+  EngineDatabase,
+  EnterpriseHook,
+  KnowledgeBaseEngine,
+  OPENCLAW_CORE_TOOLS,
+  PLAN_LIMITS,
+  PRESET_PROFILES,
+  PermissionEngine,
+  TOOL_INDEX,
+  TenantManager,
+  createAgenticMailBridge,
+  createEnterpriseHook,
+  generateOpenClawToolPolicy,
+  getToolsBySkill
+};