@agenticmail/enterprise 0.5.297 → 0.5.298

package/dist/cli-serve-RRKVF3QM.js

@@ -0,0 +1,143 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/cli-serve.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function loadEnvFile() {
+  const candidates = [
+    join(process.cwd(), ".env"),
+    join(homedir(), ".agenticmail", ".env")
+  ];
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, "utf8");
+      for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) continue;
+        const eq = trimmed.indexOf("=");
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch {
+    }
+  }
+}
+async function ensureSecrets() {
+  const { randomUUID } = await import("crypto");
+  const envDir = join(homedir(), ".agenticmail");
+  const envPath = join(envDir, ".env");
+  let dirty = false;
+  if (!process.env.JWT_SECRET) {
+    process.env.JWT_SECRET = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new JWT_SECRET (existing sessions will need to re-login)");
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new AGENTICMAIL_VAULT_KEY");
+    console.log("[startup] \u26A0\uFE0F  Previously encrypted credentials will need to be re-entered in the dashboard");
+  }
+  if (dirty) {
+    try {
+      if (!existsSync(envDir)) {
+        const { mkdirSync } = await import("fs");
+        mkdirSync(envDir, { recursive: true });
+      }
+      const { appendFileSync } = await import("fs");
+      const lines = [];
+      let existing = "";
+      if (existsSync(envPath)) {
+        existing = readFileSync(envPath, "utf8");
+      }
+      if (!existing.includes("JWT_SECRET=")) {
+        lines.push(`JWT_SECRET=${process.env.JWT_SECRET}`);
+      }
+      if (!existing.includes("AGENTICMAIL_VAULT_KEY=")) {
+        lines.push(`AGENTICMAIL_VAULT_KEY=${process.env.AGENTICMAIL_VAULT_KEY}`);
+      }
+      if (lines.length) {
+        appendFileSync(envPath, "\n" + lines.join("\n") + "\n", { mode: 384 });
+        console.log(`[startup] Saved secrets to ${envPath}`);
+      }
+    } catch (e) {
+      console.warn(`[startup] Could not save secrets to ${envPath}: ${e.message}`);
+    }
+  }
+}
+async function runServe(_args) {
+  loadEnvFile();
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const PORT = parseInt(process.env.PORT || "8080", 10);
+  await ensureSecrets();
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const VAULT_KEY = process.env.AGENTICMAIL_VAULT_KEY;
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required.");
+    console.error("");
+    console.error("Set it via environment variable or .env file:");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start");
+    console.error("");
+    console.error("Or create a .env file (in cwd or ~/.agenticmail/.env):");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db");
+    console.error("  JWT_SECRET=your-secret-here");
+    console.error("  PORT=3200");
+    process.exit(1);
+  }
+  const { createAdapter } = await import("./factory-M6E7YAKW.js");
+  const { createServer } = await import("./server-CCQIW6GR.js");
+  const db = await createAdapter({
+    type: DATABASE_URL.startsWith("postgres") ? "postgres" : "sqlite",
+    connectionString: DATABASE_URL
+  });
+  await db.migrate();
+  const server = createServer({
+    port: PORT,
+    db,
+    jwtSecret: JWT_SECRET,
+    corsOrigins: ["*"]
+  });
+  await server.start();
+  console.log(`AgenticMail Enterprise server running on :${PORT}`);
+  const tunnelToken = process.env.CLOUDFLARED_TOKEN;
+  if (tunnelToken) {
+    try {
+      const { execSync, spawn } = await import("child_process");
+      try {
+        execSync("which cloudflared", { timeout: 3e3 });
+      } catch {
+        console.log("[startup] cloudflared not found \u2014 skipping tunnel auto-start");
+        console.log("[startup] Install cloudflared to enable tunnel: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/");
+        return;
+      }
+      try {
+        execSync('pgrep -f "cloudflared.*tunnel.*run"', { timeout: 3e3 });
+        console.log("[startup] cloudflared tunnel already running");
+        return;
+      } catch {
+      }
+      const subdomain = process.env.AGENTICMAIL_SUBDOMAIN || process.env.AGENTICMAIL_DOMAIN || "";
+      console.log(`[startup] Starting cloudflared tunnel${subdomain ? ` for ${subdomain}.agenticmail.io` : ""}...`);
+      const child = spawn("cloudflared", ["tunnel", "--no-autoupdate", "run", "--token", tunnelToken], {
+        detached: true,
+        stdio: "ignore"
+      });
+      child.unref();
+      console.log("[startup] cloudflared tunnel started (pid " + child.pid + ")");
+    } catch (e) {
+      console.warn("[startup] Could not auto-start cloudflared: " + e.message);
+    }
+  }
+}
+export {
+  runServe
+};

package/dist/cli.js

@@ -57,14 +57,14 @@ Skill Development:
     break;
   case "serve":
   case "start":
-    import("./cli-serve-GTTDOLB7.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
+    import("./cli-serve-RRKVF3QM.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
     import("./cli-agent-WSCDFYMU.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:
-    import("./setup-HK4WDXUL.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-OL4GJ53G.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/dashboard/app.js

@@ -143,7 +143,9 @@ function App() {
     if (!authed) return;
     engineCall('/approvals/pending').then(d => setPendingCount((d.requests || []).length)).catch(() => {});
     apiCall('/settings').then(d => { const s = d.settings || d || {}; if (s.primaryColor) applyBrandColor(s.primaryColor); if (s.orgId) setOrgId(s.orgId); }).catch(() => {});
-    apiCall('/me/permissions').then(d => { if (d && d.permissions) setPermissions(d.permissions); }).catch(() => {});
+    apiCall('/me/permissions').then(d => {
+      if (d && d.permissions) setPermissions(d.permissions);
+    }).catch(() => {});
   }, [authed]);
 
   const logout = useCallback(() => { authCall('/logout', { method: 'POST' }).catch(() => {}).finally(() => { setAuthed(false); setUser(null); }); }, []);

package/dist/dashboard/pages/agent-detail/index.js

@@ -57,6 +57,26 @@ export function AgentDetailPage(props) {
     return false;
   });
 
+  // Check agent-level access
+  var allowedAgents = perms === '*' ? '*' : (perms._allowedAgents || '*');
+  var hasAgentAccess = allowedAgents === '*' || (Array.isArray(allowedAgents) && allowedAgents.indexOf(agentId) >= 0);
+
+  if (!hasAgentAccess) {
+    return h('div', { style: { display: 'flex', flexDirection: 'column', alignItems: 'center', justifyContent: 'center', minHeight: '60vh', textAlign: 'center', padding: 40 } },
+      h('div', { style: { width: 64, height: 64, borderRadius: '50%', background: 'var(--danger-soft, rgba(220,38,38,0.1))', display: 'flex', alignItems: 'center', justifyContent: 'center', marginBottom: 20 } },
+        h('svg', { width: 32, height: 32, viewBox: '0 0 24 24', fill: 'none', stroke: 'var(--danger, #dc2626)', strokeWidth: 2, strokeLinecap: 'round', strokeLinejoin: 'round' },
+          h('rect', { x: 3, y: 11, width: 18, height: 11, rx: 2, ry: 2 }),
+          h('path', { d: 'M7 11V7a5 5 0 0 1 10 0v4' })
+        )
+      ),
+      h('h2', { style: { fontSize: 20, fontWeight: 700, marginBottom: 8 } }, 'Agent Access Restricted'),
+      h('p', { style: { fontSize: 14, color: 'var(--text-muted)', maxWidth: 400, lineHeight: 1.6 } },
+        'You don\'t have permission to access this agent. Contact your organization administrator to request access.'
+      ),
+      h('button', { className: 'btn btn-primary', style: { marginTop: 16 }, onClick: onBack }, 'Back to Agents')
+    );
+  }
+
   var load = function() {
     setLoading(true);
     Promise.all([

package/dist/dashboard/pages/agents.js

@@ -1125,11 +1125,21 @@ export function CreateAgentWizard({ onClose, onCreated, toast }) {
 // ════════════════════════════════════════════════════════════
 
 export function AgentsPage({ onSelectAgent }) {
-  const { toast } = useApp();
+  const app = useApp();
+  const toast = app.toast;
   const [agents, setAgents] = useState([]);
   const [creating, setCreating] = useState(false);
 
-  const load = () => apiCall('/agents').then(d => setAgents(d.agents || d || [])).catch(() => {});
+  const perms = app.permissions || '*';
+  const allowedAgents = perms === '*' ? '*' : (perms._allowedAgents || '*');
+
+  const load = () => apiCall('/agents').then(d => {
+    var all = d.agents || d || [];
+    if (allowedAgents !== '*' && Array.isArray(allowedAgents)) {
+      all = all.filter(a => allowedAgents.indexOf(a.id) >= 0);
+    }
+    setAgents(all);
+  }).catch(() => {});
   useEffect(() => { load(); }, []);
 
   // Delete moved to agent detail overview tab with triple confirmation

package/dist/dashboard/pages/users.js

@@ -6,23 +6,37 @@ import { HelpButton } from '../components/help-button.js';
 // ─── Permission Editor Component ───────────────────
 
 function PermissionEditor({ userId, userName, currentPerms, pageRegistry, onSave, onClose }) {
-  // Deep clone perms
+  // Deep clone perms (skip _allowedAgents from page grants)
   var [grants, setGrants] = useState(function() {
     if (currentPerms === '*') {
-      // Start with all pages selected (all tabs)
       var all = {};
       Object.keys(pageRegistry).forEach(function(pid) { all[pid] = true; });
       return all;
     }
-    // Clone existing
     var c = {};
     Object.keys(currentPerms || {}).forEach(function(pid) {
+      if (pid === '_allowedAgents') return; // skip agent field
       var g = currentPerms[pid];
       c[pid] = g === true ? true : (Array.isArray(g) ? g.slice() : true);
     });
     return c;
   });
   var [fullAccess, setFullAccess] = useState(currentPerms === '*');
+
+  // Agent access control
+  var [agents, setAgents] = useState([]);
+  var [allowedAgents, setAllowedAgents] = useState(function() {
+    if (currentPerms === '*') return '*';
+    return (currentPerms || {})._allowedAgents || '*';
+  });
+  var [allAgentsAccess, setAllAgentsAccess] = useState(function() {
+    if (currentPerms === '*') return true;
+    return (currentPerms || {})._allowedAgents === '*' || !(currentPerms || {})._allowedAgents;
+  });
+
+  useEffect(function() {
+    apiCall('/agents').then(function(d) { setAgents(d.agents || d || []); }).catch(function() {});
+  }, []);
   var [saving, setSaving] = useState(false);
   var [expandedPage, setExpandedPage] = useState(null);
 
@@ -86,8 +100,11 @@ function PermissionEditor({ userId, userName, currentPerms, pageRegistry, onSave
       var all = {};
       Object.keys(pageRegistry).forEach(function(pid) { all[pid] = true; });
       setGrants(all);
+      setAllAgentsAccess(true);
+      setAllowedAgents('*');
     } else {
       setGrants({});
+      setAllAgentsAccess(true);
     }
   };
 
@@ -101,7 +118,17 @@ function PermissionEditor({ userId, userName, currentPerms, pageRegistry, onSave
   var doSave = async function() {
     setSaving(true);
     try {
-      var permsToSave = fullAccess ? '*' : grants;
+      var permsToSave;
+      if (fullAccess) {
+        permsToSave = '*';
+      } else {
+        permsToSave = Object.assign({}, grants);
+        if (!allAgentsAccess && Array.isArray(allowedAgents)) {
+          permsToSave._allowedAgents = allowedAgents;
+        } else {
+          permsToSave._allowedAgents = '*';
+        }
+      }
       await onSave(permsToSave);
     } catch(e) { /* handled by parent */ }
     setSaving(false);
@@ -201,11 +228,61 @@ function PermissionEditor({ userId, userName, currentPerms, pageRegistry, onSave
       })
     ),
 
+    // ─── Agent Access ──────────────────────────
+    !fullAccess && h('div', { style: { marginTop: 16 } },
+      h('div', { style: { display: 'flex', alignItems: 'center', justifyContent: 'space-between', marginBottom: 8 } },
+        h('div', null,
+          h('strong', { style: { fontSize: 13 } }, 'Agent Access'),
+          h('div', { style: { fontSize: 11, color: 'var(--text-muted)', marginTop: 1 } }, 'Which agents this user can see and manage')
+        ),
+        h('label', { style: { display: 'flex', alignItems: 'center', gap: 6, fontSize: 12, cursor: 'pointer' } },
+          h('input', { type: 'checkbox', checked: allAgentsAccess, onChange: function() {
+            var newVal = !allAgentsAccess;
+            setAllAgentsAccess(newVal);
+            if (newVal) setAllowedAgents('*');
+            else setAllowedAgents([]);
+          }, style: _checkbox }),
+          'All Agents'
+        )
+      ),
+      !allAgentsAccess && h('div', { style: { maxHeight: 180, overflowY: 'auto', border: '1px solid var(--border)', borderRadius: 8 } },
+        agents.length === 0
+          ? h('div', { style: { padding: 16, textAlign: 'center', color: 'var(--text-muted)', fontSize: 12 } }, 'No agents found')
+          : agents.map(function(a) {
+              var checked = Array.isArray(allowedAgents) && allowedAgents.indexOf(a.id) >= 0;
+              return h('div', {
+                key: a.id,
+                style: Object.assign({}, _cs, checked ? { background: 'var(--bg-tertiary)' } : {}),
+                onClick: function() {
+                  setAllowedAgents(function(prev) {
+                    var arr = Array.isArray(prev) ? prev.slice() : [];
+                    var idx = arr.indexOf(a.id);
+                    if (idx >= 0) arr.splice(idx, 1);
+                    else arr.push(a.id);
+                    return arr;
+                  });
+                }
+              },
+                h('input', { type: 'checkbox', checked: checked, readOnly: true, style: _checkbox }),
+                h('div', { style: { flex: 1 } },
+                  h('div', { style: { fontWeight: 500, fontSize: 13 } }, a.displayName || a.name || a.id),
+                  a.role && h('div', { style: { fontSize: 11, color: 'var(--text-muted)' } }, a.role)
+                ),
+                a.status && h('span', { className: 'badge badge-' + (a.status === 'active' || a.status === 'running' ? 'success' : 'neutral'), style: { fontSize: 9 } }, a.status)
+              );
+            })
+      ),
+      !allAgentsAccess && Array.isArray(allowedAgents) && h('div', { style: { marginTop: 4, fontSize: 11, color: 'var(--text-muted)' } },
+        allowedAgents.length === 0 ? 'No agents selected — user will see no agents' : allowedAgents.length + ' agent' + (allowedAgents.length !== 1 ? 's' : '') + ' selected'
+      )
+    ),
+
     // Summary
     h('div', { style: { marginTop: 12, padding: 8, background: 'var(--bg-tertiary)', borderRadius: 6, fontSize: 11, color: 'var(--text-muted)' } },
       fullAccess
-        ? 'This user has full access to all pages and tabs.'
-        : 'Access to ' + Object.keys(grants).length + ' of ' + Object.keys(pageRegistry).length + ' pages.'
+        ? 'This user has full access to all pages, tabs, and agents.'
+        : 'Access to ' + Object.keys(grants).length + ' of ' + Object.keys(pageRegistry).length + ' pages' +
+          (allAgentsAccess ? ', all agents.' : ', ' + (Array.isArray(allowedAgents) ? allowedAgents.length : 0) + ' agents.')
     )
   );
 }
@@ -214,15 +291,31 @@ function PermissionEditor({ userId, userName, currentPerms, pageRegistry, onSave
 
 function InlinePermissionPicker({ permissions, pageRegistry, onChange }) {
   var [expandedPage, setExpandedPage] = useState(null);
-
-  // Resolve grants from permissions
-  var grants = permissions === '*' ? (function() { var a = {}; Object.keys(pageRegistry).forEach(function(p) { a[p] = true; }); return a; })() : (permissions || {});
+  var [agents, setAgents] = useState([]);
+  useEffect(function() { apiCall('/agents').then(function(d) { setAgents(d.agents || d || []); }).catch(function() {}); }, []);
+
+  // Resolve grants from permissions (skip _allowedAgents)
+  var rawGrants = permissions === '*' ? (function() { var a = {}; Object.keys(pageRegistry).forEach(function(p) { a[p] = true; }); return a; })() : (permissions || {});
+  var grants = {};
+  Object.keys(rawGrants).forEach(function(k) { if (k !== '_allowedAgents') grants[k] = rawGrants[k]; });
+  var currentAllowed = permissions === '*' ? '*' : (rawGrants._allowedAgents || '*');
+  var allAgentsMode = currentAllowed === '*';
+
+  var emitChange = function(nextGrants, nextAllowed) {
+    var result = Object.assign({}, nextGrants);
+    if (nextAllowed !== undefined) result._allowedAgents = nextAllowed;
+    else if (currentAllowed !== '*') result._allowedAgents = currentAllowed;
+    var allPages = Object.keys(nextGrants).length === Object.keys(pageRegistry).length && Object.values(nextGrants).every(function(v) { return v === true; });
+    var allAg = (result._allowedAgents || '*') === '*';
+    if (allPages && allAg) return onChange('*');
+    onChange(result);
+  };
 
   var togglePage = function(pid) {
     var next = Object.assign({}, grants);
     if (next[pid]) { delete next[pid]; if (expandedPage === pid) setExpandedPage(null); }
     else { next[pid] = true; }
-    onChange(Object.keys(next).length === Object.keys(pageRegistry).length ? '*' : next);
+    emitChange(next);
   };
 
   var toggleTab = function(pid, tabId) {
@@ -243,7 +336,7 @@ function InlinePermissionPicker({ permissions, pageRegistry, onChange }) {
         next[pid] = newArr.length === allTabs.length ? true : newArr;
       }
     }
-    onChange(Object.keys(next).length === Object.keys(pageRegistry).length && Object.values(next).every(function(v) { return v === true; }) ? '*' : next);
+    emitChange(next);
   };
 
   var isTabChecked = function(pid, tabId) {
@@ -288,7 +381,30 @@ function InlinePermissionPicker({ permissions, pageRegistry, onChange }) {
           );
         })
       );
-    })
+    }),
+    // Agent access section
+    agents.length > 0 && h('div', { style: { marginTop: 8 } },
+      h('div', { style: { fontSize: 10, fontWeight: 600, textTransform: 'uppercase', letterSpacing: '0.05em', color: 'var(--text-muted)', padding: '4px 10px 2px' } }, 'Agent Access'),
+      h('div', { style: { display: 'flex', alignItems: 'center', gap: 8, padding: '4px 10px', fontSize: 12, cursor: 'pointer' }, onClick: function() {
+        emitChange(grants, allAgentsMode ? [] : '*');
+      } },
+        h('input', { type: 'checkbox', checked: allAgentsMode, readOnly: true, style: { width: 14, height: 14, accentColor: 'var(--primary)', cursor: 'pointer' } }),
+        h('span', { style: { fontWeight: 500 } }, 'All Agents')
+      ),
+      !allAgentsMode && agents.map(function(a) {
+        var checked = Array.isArray(currentAllowed) && currentAllowed.indexOf(a.id) >= 0;
+        return h('div', { key: a.id, style: { display: 'flex', alignItems: 'center', gap: 8, padding: '3px 10px 3px 28px', fontSize: 11, cursor: 'pointer' }, onClick: function() {
+          var arr = Array.isArray(currentAllowed) ? currentAllowed.slice() : [];
+          var idx = arr.indexOf(a.id);
+          if (idx >= 0) arr.splice(idx, 1); else arr.push(a.id);
+          emitChange(grants, arr);
+        } },
+          h('input', { type: 'checkbox', checked: checked, readOnly: true, style: { width: 13, height: 13, accentColor: 'var(--primary)', cursor: 'pointer' } }),
+          h('span', null, a.displayName || a.name || a.id),
+          a.role && h('span', { style: { color: 'var(--text-muted)', marginLeft: 4 } }, '(' + a.role + ')')
+        );
+      })
+    )
   );
 }
 

package/dist/index.js

@@ -1,7 +1,7 @@
 import {
   provision,
   runSetupWizard
-} from "./chunk-A5LURBEY.js";
+} from "./chunk-DZU6DQ3I.js";
 import {
   AgenticMailManager,
   GoogleEmailProvider,
@@ -42,7 +42,7 @@ import {
   requireRole,
   securityHeaders,
   validate
-} from "./chunk-WQRGOMQJ.js";
+} from "./chunk-PNOFGWIB.js";
 import "./chunk-OF4MUWWS.js";
 import {
   PROVIDER_REGISTRY,

package/dist/page-registry-NV4AIPCF.js

@@ -0,0 +1,178 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/admin/page-registry.ts
+var PAGE_REGISTRY = {
+  // ─── Overview ────────────────────────────────────
+  dashboard: {
+    label: "Dashboard",
+    section: "overview",
+    description: "Main dashboard with key metrics and activity feed"
+  },
+  // ─── Management ──────────────────────────────────
+  agents: {
+    label: "Agents",
+    section: "management",
+    description: "View and manage AI agents",
+    tabs: {
+      overview: "Overview",
+      personal: "Personal Details",
+      email: "Email",
+      whatsapp: "WhatsApp",
+      channels: "Channels",
+      configuration: "Configuration",
+      manager: "Manager",
+      tools: "Tools",
+      skills: "Skills",
+      permissions: "Permissions",
+      activity: "Activity",
+      communication: "Communication",
+      workforce: "Workforce",
+      memory: "Memory",
+      guardrails: "Guardrails",
+      autonomy: "Autonomy",
+      budget: "Budget",
+      security: "Security",
+      "tool-security": "Tool Security",
+      deployment: "Deployment"
+    }
+  },
+  skills: {
+    label: "Skills",
+    section: "management",
+    description: "Manage agent skill packs"
+  },
+  "community-skills": {
+    label: "Community Skills",
+    section: "management",
+    description: "Browse and install community skill marketplace"
+  },
+  "skill-connections": {
+    label: "Integrations & MCP",
+    section: "management",
+    description: "MCP servers, built-in integrations, and community skills"
+  },
+  "database-access": {
+    label: "Database Access",
+    section: "management",
+    description: "Manage database connections and agent access",
+    tabs: {
+      connections: "Connections",
+      access: "Agent Access",
+      audit: "Audit Log"
+    }
+  },
+  knowledge: {
+    label: "Knowledge Bases",
+    section: "management",
+    description: "Manage knowledge base documents and collections"
+  },
+  "knowledge-contributions": {
+    label: "Knowledge Hub",
+    section: "management",
+    description: "Agent contributions to shared knowledge"
+  },
+  approvals: {
+    label: "Approvals",
+    section: "management",
+    description: "Review and approve pending agent actions"
+  },
+  "org-chart": {
+    label: "Org Chart",
+    section: "management",
+    description: "Visual agent hierarchy and reporting structure"
+  },
+  "task-pipeline": {
+    label: "Task Pipeline",
+    section: "management",
+    description: "Track task lifecycle from creation to completion"
+  },
+  workforce: {
+    label: "Workforce",
+    section: "management",
+    description: "Agent scheduling, workload, and availability"
+  },
+  messages: {
+    label: "Messages",
+    section: "management",
+    description: "Inter-agent and external message logs"
+  },
+  guardrails: {
+    label: "Guardrails",
+    section: "management",
+    description: "Global safety policies and content filters"
+  },
+  journal: {
+    label: "Journal",
+    section: "management",
+    description: "System event journal and decision log"
+  },
+  // ─── Administration ──────────────────────────────
+  dlp: {
+    label: "DLP",
+    section: "administration",
+    description: "Data loss prevention policies and alerts"
+  },
+  compliance: {
+    label: "Compliance",
+    section: "administration",
+    description: "Regulatory compliance settings and reports"
+  },
+  "domain-status": {
+    label: "Domain",
+    section: "administration",
+    description: "Domain configuration and deployment status"
+  },
+  users: {
+    label: "Users",
+    section: "administration",
+    description: "Manage dashboard users, roles, and permissions"
+  },
+  vault: {
+    label: "Vault",
+    section: "administration",
+    description: "Encrypted credential storage"
+  },
+  audit: {
+    label: "Audit Log",
+    section: "administration",
+    description: "Full audit trail of all system actions"
+  },
+  settings: {
+    label: "Settings",
+    section: "administration",
+    description: "Global platform configuration and branding"
+  }
+};
+function getAllPageIds() {
+  return Object.keys(PAGE_REGISTRY);
+}
+function getPageTabs(pageId) {
+  const page = PAGE_REGISTRY[pageId];
+  return page?.tabs ? Object.keys(page.tabs) : [];
+}
+function hasPageAccess(grants, pageId) {
+  if (grants === "*") return true;
+  return pageId in grants;
+}
+function hasTabAccess(grants, pageId, tabId) {
+  if (grants === "*") return true;
+  const pageGrant = grants[pageId];
+  if (!pageGrant) return false;
+  if (pageGrant === true) return true;
+  return pageGrant.includes(tabId);
+}
+function getAccessibleTabs(grants, pageId) {
+  if (grants === "*") return "all";
+  const pageGrant = grants[pageId];
+  if (!pageGrant) return [];
+  if (pageGrant === true || pageGrant === "*") return "all";
+  return Array.isArray(pageGrant) ? pageGrant : [];
+}
+export {
+  PAGE_REGISTRY,
+  getAccessibleTabs,
+  getAllPageIds,
+  getPageTabs,
+  hasPageAccess,
+  hasTabAccess
+};

package/dist/server-CCQIW6GR.js

@@ -0,0 +1,15 @@
+import {
+  createServer
+} from "./chunk-PNOFGWIB.js";
+import "./chunk-OF4MUWWS.js";
+import "./chunk-UF3ZJMJO.js";
+import "./chunk-3OC6RH7W.js";
+import "./chunk-2DDKGTD6.js";
+import "./chunk-YVK6F5OD.js";
+import "./chunk-MKRNEM5A.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-6WSX7QXF.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-OL4GJ53G.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-DZU6DQ3I.js";
+import "./chunk-Y3WLLVOK.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};