@agenticmail/enterprise 0.5.133 → 0.5.134

package/dist/runtime-PHQ2QP2S.js

@@ -0,0 +1,49 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-Y7ZDAH4R.js";
+import "./chunk-TYW5XTOW.js";
+import "./chunk-AQH4DFYV.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-67KZYSLU.js";
+import "./chunk-JLSQOQ5L.js";
+import "./chunk-NRF3YRF7.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/server-7J734AN4.js

@@ -0,0 +1,12 @@
+import {
+  createServer
+} from "./chunk-4B5L7JVW.js";
+import "./chunk-3SMTCIR4.js";
+import "./chunk-RO537U6H.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-67KZYSLU.js";
+import "./chunk-JLSQOQ5L.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-LP6RJ66F.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-42YEZIIA.js";
+import "./chunk-MHIFVS5L.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.133",
+  "version": "0.5.134",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/agent-tools/tools/google/gmail.ts

@@ -177,6 +177,33 @@ function buildRawEmail(opts: {
   return lines.join('\r\n');
 }
 
+// Cache for Gmail signature (fetched once per tool creation)
+let cachedSignature: string | null = null;
+let signatureFetched = false;
+
+async function getSignature(token: string): Promise<string> {
+  if (signatureFetched) return cachedSignature || '';
+  signatureFetched = true;
+  try {
+    const res = await gmail(token, '/settings/sendAs');
+    const primary = res.sendAs?.find((s: any) => s.isPrimary) || res.sendAs?.[0];
+    cachedSignature = primary?.signature || null;
+  } catch { cachedSignature = null; }
+  return cachedSignature || '';
+}
+
+function appendSignature(body: string, signatureHtml: string): string {
+  if (!signatureHtml) return body;
+  // For plain text, strip HTML tags from signature and append
+  const plainSig = signatureHtml.replace(/<br\s*\/?>/gi, '\n').replace(/<[^>]+>/g, '').trim();
+  return body + '\n\n' + plainSig;
+}
+
+function appendSignatureHtml(bodyHtml: string, signatureHtml: string): string {
+  if (!signatureHtml) return bodyHtml;
+  return bodyHtml + '<br><br>' + signatureHtml;
+}
+
 export function createGmailTools(config: GoogleToolsConfig, _options?: ToolCreationOptions): AnyAgentTool[] {
   const tp = config.tokenProvider;
   return [
@@ -317,9 +344,12 @@ export function createGmailTools(config: GoogleToolsConfig, _options?: ToolCreat
         try {
           const token = await tp.getAccessToken();
           const email = tp.getEmail();
+          const sig = await getSignature(token);
+          const bodyWithSig = appendSignature(params.body, sig);
+          const htmlWithSig = params.html ? appendSignatureHtml(params.html, sig) : (sig ? `<div>${params.body.replace(/\n/g, '<br>')}</div><br><br>${sig}` : undefined);
           const raw = buildRawEmail({
             from: email, to: params.to, cc: params.cc, bcc: params.bcc,
-            subject: params.subject, body: params.body, html: params.html,
+            subject: params.subject, body: bodyWithSig, html: htmlWithSig,
             replyTo: params.replyTo, inReplyTo: params.inReplyTo, references: params.references,
           });
           const sendBody: any = { raw: encodeBase64Url(raw) };
@@ -371,9 +401,12 @@ export function createGmailTools(config: GoogleToolsConfig, _options?: ToolCreat
           const subject = oh.Subject?.startsWith('Re:') ? oh.Subject : `Re: ${oh.Subject || ''}`;
           const references = [oh.References, oh['Message-ID']].filter(Boolean).join(' ');
 
+          const sig = await getSignature(token);
+          const bodyWithSig = appendSignature(params.body, sig);
+          const htmlWithSig = params.html ? appendSignatureHtml(params.html, sig) : (sig ? `<div>${params.body.replace(/\n/g, '<br>')}</div><br><br>${sig}` : undefined);
           const raw = buildRawEmail({
             from: email, to, cc: params.cc,
-            subject, body: params.body, html: params.html,
+            subject, body: bodyWithSig, html: htmlWithSig,
             inReplyTo: oh['Message-ID'], references,
           });
 

package/src/agent-tools/tools/google/index.ts

@@ -12,6 +12,7 @@ export { createGoogleSheetsTools } from './sheets.js';
 export { createGoogleDocsTools } from './docs.js';
 export { createGoogleContactsTools } from './contacts.js';
 export { createMeetingTools } from './meetings.js';
+export { createGoogleTasksTools } from './tasks.js';
 
 import type { AnyAgentTool, ToolCreationOptions } from '../../types.js';
 import type { TokenProvider } from '../oauth-token-provider.js';
@@ -22,6 +23,7 @@ import { createGoogleSheetsTools } from './sheets.js';
 import { createGoogleDocsTools } from './docs.js';
 import { createGoogleContactsTools } from './contacts.js';
 import { createMeetingTools } from './meetings.js';
+import { createGoogleTasksTools } from './tasks.js';
 
 export interface GoogleToolsConfig {
   tokenProvider: TokenProvider;
@@ -44,5 +46,6 @@ export function createAllGoogleTools(config: GoogleToolsConfig, options?: ToolCr
     ...createGoogleDocsTools(config, options),
     ...createGoogleContactsTools(config, options),
     ...createMeetingTools(config, options),
+    ...createGoogleTasksTools(config.tokenProvider),
   ];
 }

package/src/agent-tools/tools/google/tasks.ts

@@ -0,0 +1,202 @@
+/**
+ * Google Tasks API Tools
+ *
+ * Lets agents create, list, complete, and manage tasks.
+ * Uses Google Tasks API v1.
+ */
+
+import type { AnyAgentTool } from '../../types.js';
+import type { TokenProvider } from './index.js';
+
+// ─── Helper ─────────────────────────────────────────────
+
+async function tasks(token: string, path: string, opts?: { method?: string; body?: any; query?: Record<string, string> }): Promise<any> {
+  const url = new URL(`https://tasks.googleapis.com/tasks/v1${path}`);
+  if (opts?.query) for (const [k, v] of Object.entries(opts.query)) url.searchParams.set(k, v);
+  const res = await fetch(url.toString(), {
+    method: opts?.method || 'GET',
+    headers: {
+      Authorization: `Bearer ${token}`,
+      ...(opts?.body ? { 'Content-Type': 'application/json' } : {}),
+    },
+    ...(opts?.body ? { body: JSON.stringify(opts.body) } : {}),
+  });
+  if (!res.ok) {
+    const errText = await res.text();
+    throw new Error(`Google Tasks API ${res.status}: ${errText}`);
+  }
+  if (res.status === 204) return {};
+  return res.json();
+}
+
+function jsonResult(data: any) { return { success: true, output: JSON.stringify(data, null, 2) }; }
+function errorResult(msg: string) { return { success: false, output: `Error: ${msg}` }; }
+
+// ─── Tool Definitions ───────────────────────────────────
+
+export function createGoogleTasksTools(tp: TokenProvider): AnyAgentTool[] {
+  return [
+    {
+      name: 'google_tasks_list_tasklists',
+      description: 'List all task lists (like "My Tasks", custom lists). Returns task list IDs needed for other operations.',
+      category: 'utility' as const,
+      parameters: { type: 'object' as const, properties: {}, required: [] },
+      async execute() {
+        try {
+          const token = await tp.getAccessToken();
+          const result = await tasks(token, '/users/@me/lists');
+          const lists = (result.items || []).map((l: any) => ({ id: l.id, title: l.title, updated: l.updated }));
+          return jsonResult({ taskLists: lists });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_tasks_list',
+      description: 'List tasks in a task list. Shows pending tasks by default. Use showCompleted=true to include completed tasks.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          taskListId: { type: 'string', description: 'Task list ID (default: "@default" for primary list)' },
+          showCompleted: { type: 'string', description: '"true" to include completed tasks' },
+          maxResults: { type: 'string', description: 'Max results (default: 20)' },
+        },
+        required: [],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const listId = params.taskListId || '@default';
+          const query: Record<string, string> = { maxResults: params.maxResults || '20' };
+          if (params.showCompleted === 'true') query.showCompleted = 'true';
+          else query.showCompleted = 'false';
+          const result = await tasks(token, `/lists/${encodeURIComponent(listId)}/tasks`, { query });
+          const items = (result.items || []).map((t: any) => ({
+            id: t.id, title: t.title, notes: t.notes, status: t.status,
+            due: t.due, completed: t.completed, updated: t.updated, parent: t.parent,
+          }));
+          return jsonResult({ tasks: items, count: items.length });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_tasks_create',
+      description: 'Create a new task. Use this to track work items, reminders, and follow-ups.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          title: { type: 'string', description: 'Task title (required)' },
+          notes: { type: 'string', description: 'Task notes/details' },
+          due: { type: 'string', description: 'Due date in RFC 3339 format (e.g. "2026-02-24T00:00:00.000Z")' },
+          taskListId: { type: 'string', description: 'Task list ID (default: "@default")' },
+        },
+        required: ['title'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const listId = params.taskListId || '@default';
+          const body: any = { title: params.title };
+          if (params.notes) body.notes = params.notes;
+          if (params.due) body.due = params.due;
+          const result = await tasks(token, `/lists/${encodeURIComponent(listId)}/tasks`, { method: 'POST', body });
+          return jsonResult({ created: true, id: result.id, title: result.title, due: result.due });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_tasks_complete',
+      description: 'Mark a task as completed.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          taskId: { type: 'string', description: 'Task ID (required)' },
+          taskListId: { type: 'string', description: 'Task list ID (default: "@default")' },
+        },
+        required: ['taskId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const listId = params.taskListId || '@default';
+          const result = await tasks(token, `/lists/${encodeURIComponent(listId)}/tasks/${encodeURIComponent(params.taskId)}`, {
+            method: 'PATCH', body: { status: 'completed' },
+          });
+          return jsonResult({ completed: true, id: result.id, title: result.title });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_tasks_update',
+      description: 'Update a task (title, notes, due date).',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          taskId: { type: 'string', description: 'Task ID (required)' },
+          title: { type: 'string', description: 'New title' },
+          notes: { type: 'string', description: 'New notes' },
+          due: { type: 'string', description: 'New due date (RFC 3339)' },
+          taskListId: { type: 'string', description: 'Task list ID (default: "@default")' },
+        },
+        required: ['taskId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const listId = params.taskListId || '@default';
+          const body: any = {};
+          if (params.title) body.title = params.title;
+          if (params.notes) body.notes = params.notes;
+          if (params.due) body.due = params.due;
+          const result = await tasks(token, `/lists/${encodeURIComponent(listId)}/tasks/${encodeURIComponent(params.taskId)}`, {
+            method: 'PATCH', body,
+          });
+          return jsonResult({ updated: true, id: result.id, title: result.title, due: result.due });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_tasks_delete',
+      description: 'Delete a task.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          taskId: { type: 'string', description: 'Task ID (required)' },
+          taskListId: { type: 'string', description: 'Task list ID (default: "@default")' },
+        },
+        required: ['taskId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const listId = params.taskListId || '@default';
+          await tasks(token, `/lists/${encodeURIComponent(listId)}/tasks/${encodeURIComponent(params.taskId)}`, { method: 'DELETE' });
+          return jsonResult({ deleted: true, taskId: params.taskId });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_tasks_create_list',
+      description: 'Create a new task list (e.g. "Follow-ups", "Customer Issues").',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          title: { type: 'string', description: 'Task list title (required)' },
+        },
+        required: ['title'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const result = await tasks(token, '/users/@me/lists', { method: 'POST', body: { title: params.title } });
+          return jsonResult({ created: true, id: result.id, title: result.title });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+  ];
+}

package/src/cli-agent.ts

@@ -160,13 +160,17 @@ export async function runAgent(_args: string[]) {
   await runtime.start();
   const runtimeApp = runtime.getApp();
 
-  // 7b. Initialize permission engine so tool calls aren't blocked
+  // 7b. Initialize shared singletons from routes.js so hooks work in standalone mode
   try {
-    const { permissionEngine } = await import('./engine/routes.js');
-    await permissionEngine.setDb(engineDb);
+    const routes = await import('./engine/routes.js');
+    await routes.permissionEngine.setDb(engineDb);
     console.log('   Permissions: loaded from DB');
+    // Initialize lifecycle singleton so recordLLMUsage and other hooks work
+    await routes.lifecycle.setDb(engineDb);
+    await routes.lifecycle.loadFromDb();
+    console.log('   Hooks lifecycle: initialized');
   } catch (permErr: any) {
-    console.warn(`   Permissions: failed to load (${permErr.message}) — tools may be blocked`);
+    console.warn(`   Routes init: failed (${permErr.message}) — some features may not work`);
   }
 
   // 8. Start health check HTTP server
@@ -284,7 +288,73 @@ export async function runAgent(_args: string[]) {
         console.log(`[onboarding] ✅ Onboarding complete — ${policyNames.length} policies acknowledged`);
       }
 
-      // 11. Send welcome email to manager if configured
+      // 11. Auto-setup Gmail signature from org template (BEFORE welcome email so it's included)
+      try {
+        const orgSettings = await db.getSettings();
+        const sigTemplate = (orgSettings as any)?.signatureTemplate;
+        const sigEmailConfig = config.emailConfig || {};
+        let sigToken = sigEmailConfig.oauthAccessToken;
+        if (sigEmailConfig.oauthRefreshToken && sigEmailConfig.oauthClientId) {
+          try {
+            const tokenUrl = (sigEmailConfig.provider || sigEmailConfig.oauthProvider) === 'google'
+              ? 'https://oauth2.googleapis.com/token'
+              : 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
+            const tokenRes = await fetch(tokenUrl, {
+              method: 'POST',
+              headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+              body: new URLSearchParams({
+                client_id: sigEmailConfig.oauthClientId,
+                client_secret: sigEmailConfig.oauthClientSecret,
+                refresh_token: sigEmailConfig.oauthRefreshToken,
+                grant_type: 'refresh_token',
+              }),
+            });
+            const tokenData = await tokenRes.json() as any;
+            if (tokenData.access_token) sigToken = tokenData.access_token;
+          } catch {}
+        }
+        if (sigTemplate && sigToken) {
+          const agName = config.displayName || config.name;
+          const agRole = config.identity?.role || 'AI Agent';
+          const agEmail = config.email?.address || sigEmailConfig?.email || '';
+          const companyName = orgSettings?.name || '';
+          const logoUrl = orgSettings?.logoUrl || '';
+
+          const signature = sigTemplate
+            .replace(/\{\{name\}\}/g, agName)
+            .replace(/\{\{role\}\}/g, agRole)
+            .replace(/\{\{email\}\}/g, agEmail)
+            .replace(/\{\{company\}\}/g, companyName)
+            .replace(/\{\{logo\}\}/g, logoUrl)
+            .replace(/\{\{phone\}\}/g, '');
+
+          const sendAsRes = await fetch('https://gmail.googleapis.com/gmail/v1/users/me/settings/sendAs', {
+            headers: { Authorization: `Bearer ${sigToken}` },
+          });
+          const sendAs = await sendAsRes.json() as any;
+          const primary = sendAs.sendAs?.find((s: any) => s.isPrimary) || sendAs.sendAs?.[0];
+          if (primary) {
+            const patchRes = await fetch(`https://gmail.googleapis.com/gmail/v1/users/me/settings/sendAs/${encodeURIComponent(primary.sendAsEmail)}`, {
+              method: 'PATCH',
+              headers: { Authorization: `Bearer ${sigToken}`, 'Content-Type': 'application/json' },
+              body: JSON.stringify({ signature }),
+            });
+            if (patchRes.ok) {
+              console.log(`[signature] ✅ Gmail signature set for ${primary.sendAsEmail}`);
+            } else {
+              const errBody = await patchRes.text();
+              console.log(`[signature] Failed (${patchRes.status}): ${errBody.slice(0, 200)}`);
+            }
+          }
+        } else {
+          if (!sigTemplate) console.log('[signature] No signature template configured');
+          if (!sigToken) console.log('[signature] No OAuth token for signature setup');
+        }
+      } catch (sigErr: any) {
+        console.log(`[signature] Skipped: ${sigErr.message}`);
+      }
+
+      // 12. Send welcome email to manager if configured
       // Manager email can come from config.managerEmail or config.manager.email
       const managerEmail = (config as any).managerEmail || ((config as any).manager?.type === 'external' ? (config as any).manager.email : null);
       const emailConfig = (config as any).emailConfig;
@@ -416,66 +486,6 @@ Available tools: gmail_send (to, subject, body) or agenticmail_send (to, subject
       console.error(`[onboarding] Error: ${err.message}`);
     }
 
-    // 12. Auto-setup Gmail signature from org template
-    try {
-      const orgSettings = await db.getSettings();
-      const sigTemplate = (orgSettings as any)?.signatureTemplate;
-      const sigEmailConfig = config.emailConfig || {};
-      // Get a fresh access token for signature setup
-      let sigToken = sigEmailConfig.oauthAccessToken;
-      if (sigEmailConfig.oauthRefreshToken && sigEmailConfig.oauthClientId) {
-        try {
-          const tokenUrl = (sigEmailConfig.provider || sigEmailConfig.oauthProvider) === 'google'
-            ? 'https://oauth2.googleapis.com/token'
-            : 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
-          const tokenRes = await fetch(tokenUrl, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-            body: new URLSearchParams({
-              client_id: sigEmailConfig.oauthClientId,
-              client_secret: sigEmailConfig.oauthClientSecret,
-              refresh_token: sigEmailConfig.oauthRefreshToken,
-              grant_type: 'refresh_token',
-            }),
-          });
-          const tokenData = await tokenRes.json() as any;
-          if (tokenData.access_token) sigToken = tokenData.access_token;
-        } catch {}
-      }
-      if (sigTemplate && sigToken) {
-        const agentName = config.displayName || config.name;
-        const role = config.identity?.role || 'AI Agent';
-        const agentEmailAddr = config.email?.address || sigEmailConfig?.email || '';
-        const companyName = orgSettings?.name || '';
-        const logoUrl = orgSettings?.logoUrl || '';
-
-        const signature = sigTemplate
-          .replace(/\{\{name\}\}/g, agentName)
-          .replace(/\{\{role\}\}/g, role)
-          .replace(/\{\{email\}\}/g, agentEmailAddr)
-          .replace(/\{\{company\}\}/g, companyName)
-          .replace(/\{\{logo\}\}/g, logoUrl)
-          .replace(/\{\{phone\}\}/g, '');
-
-        // Set Gmail signature via API
-        const sendAsRes = await fetch('https://gmail.googleapis.com/gmail/v1/users/me/settings/sendAs', {
-          headers: { Authorization: `Bearer ${sigToken}` },
-        });
-        const sendAs = await sendAsRes.json() as any;
-        const primary = sendAs.sendAs?.find((s: any) => s.isPrimary) || sendAs.sendAs?.[0];
-        if (primary) {
-          await fetch(`https://gmail.googleapis.com/gmail/v1/users/me/settings/sendAs/${encodeURIComponent(primary.sendAsEmail)}`, {
-            method: 'PATCH',
-            headers: { Authorization: `Bearer ${sigToken}`, 'Content-Type': 'application/json' },
-            body: JSON.stringify({ signature }),
-          });
-          console.log(`[signature] ✅ Gmail signature set for ${primary.sendAsEmail}`);
-        }
-      }
-    } catch (sigErr: any) {
-      console.log(`[signature] Skipped: ${sigErr.message}`);
-    }
-
     // 13. Start email inbox polling loop
     startEmailPolling(AGENT_ID, config, lifecycle, runtime, engineDb, memoryManager);
   }, 3000);
@@ -689,7 +699,14 @@ FORMATTING RULES (STRICTLY ENFORCED):
 - Use line breaks between paragraphs, nothing else for formatting
 - Keep it warm and conversational, not robotic or formatted
 
-CRITICAL: You MUST call gmail_reply EXACTLY ONCE to send your reply. Do NOT call it multiple times. Do NOT just generate text without calling the tool.`;
+CRITICAL: You MUST call gmail_reply EXACTLY ONCE to send your reply. Do NOT call it multiple times. Do NOT just generate text without calling the tool.
+
+== TASK MANAGEMENT ==
+When you receive work requests, action items, or follow-ups:
+- Use google_tasks_create to track them (title, notes, due date)
+- Check google_tasks_list at the start of interactions to see pending work
+- Use google_tasks_complete when done with items
+This helps you stay organized and ensures nothing falls through the cracks.`;
 
           const session = await runtime.spawnSession({
             agentId,

package/src/engine/agent-routes.ts

@@ -593,6 +593,7 @@ export function createAgentRoutes(opts: {
         'https://www.googleapis.com/auth/spreadsheets',
         'https://www.googleapis.com/auth/documents',
         'https://www.googleapis.com/auth/contacts',
+        'https://www.googleapis.com/auth/tasks',
       ];
 
       if (!oauthClientId) return c.json({ error: 'oauthClientId is required for Google OAuth' }, 400);