@agenticmail/enterprise 0.5.301 → 0.5.303

package/dist/cli-verify-TZMX3GWV.js

@@ -0,0 +1,149 @@
+import {
+  DomainLock
+} from "./chunk-UPU23ZRG.js";
+import "./chunk-KFQGP6VL.js";
+
+// src/domain-lock/cli-verify.ts
+function getFlag(args, name) {
+  const idx = args.indexOf(name);
+  if (idx !== -1 && args[idx + 1]) return args[idx + 1];
+  return void 0;
+}
+function hasFlag(args, name) {
+  return args.includes(name);
+}
+function detectDbType(url) {
+  const u = url.toLowerCase().trim();
+  if (u.startsWith("postgres") || u.startsWith("pg:")) return "postgres";
+  if (u.startsWith("mysql")) return "mysql";
+  if (u.startsWith("mongodb")) return "mongodb";
+  if (u.startsWith("libsql") || u.includes(".turso.io")) return "turso";
+  if (u.endsWith(".db") || u.endsWith(".sqlite") || u.endsWith(".sqlite3") || u.startsWith("file:")) return "sqlite";
+  return "postgres";
+}
+async function runVerifyDomain(args) {
+  const { default: chalk } = await import("chalk");
+  const { default: ora } = await import("ora");
+  console.log("");
+  console.log(chalk.bold("  AgenticMail Enterprise \u2014 Domain Verification"));
+  console.log("");
+  let domain = getFlag(args, "--domain");
+  let dnsChallenge;
+  let db = null;
+  let dbConnected = false;
+  const envDbUrl = process.env.DATABASE_URL;
+  if (envDbUrl) {
+    const dbType = detectDbType(envDbUrl);
+    const spinner = ora(`Connecting to database (${dbType})...`).start();
+    try {
+      const { createAdapter } = await import("./factory-QYGGXVYW.js");
+      db = await createAdapter({ type: dbType, connectionString: envDbUrl });
+      await db.migrate();
+      const settings = await db.getSettings();
+      if (!domain && settings?.domain) domain = settings.domain;
+      if (settings?.domainDnsChallenge) dnsChallenge = settings.domainDnsChallenge;
+      dbConnected = true;
+      spinner.succeed(`Connected to ${dbType} database` + (domain ? ` (domain: ${domain})` : ""));
+    } catch (err) {
+      spinner.warn(`Could not connect via DATABASE_URL: ${err.message}`);
+      db = null;
+    }
+  }
+  if (!dbConnected) {
+    const dbPath = getFlag(args, "--db");
+    const dbType = getFlag(args, "--db-type") || "sqlite";
+    if (dbPath) {
+      const spinner = ora(`Connecting to ${dbType} database...`).start();
+      try {
+        const { createAdapter } = await import("./factory-QYGGXVYW.js");
+        db = await createAdapter({ type: dbType, connectionString: dbPath });
+        await db.migrate();
+        const settings = await db.getSettings();
+        if (!domain && settings?.domain) domain = settings.domain;
+        if (settings?.domainDnsChallenge) dnsChallenge = settings.domainDnsChallenge;
+        dbConnected = true;
+        spinner.succeed(`Connected to ${dbType} database`);
+      } catch {
+        spinner.warn("Could not read local database");
+      }
+    }
+  }
+  if (!domain) {
+    const { default: inquirer } = await import("inquirer");
+    const answer = await inquirer.prompt([{
+      type: "input",
+      name: "domain",
+      message: "Domain to verify:",
+      suffix: chalk.dim("  (e.g. agents.yourcompany.com)"),
+      validate: (v) => v.includes(".") || "Enter a valid domain",
+      filter: (v) => v.trim().toLowerCase()
+    }]);
+    domain = answer.domain;
+  }
+  const lock = new DomainLock();
+  const maxAttempts = hasFlag(args, "--poll") ? 5 : 1;
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    const spinner = ora(
+      maxAttempts > 1 ? `Checking DNS verification (attempt ${attempt}/${maxAttempts})...` : "Checking DNS verification..."
+    ).start();
+    try {
+      const result = await lock.checkVerification(domain);
+      if (!result.success) {
+        spinner.fail("Verification check failed");
+        console.log("");
+        console.error(chalk.red(`  ${result.error}`));
+        console.log("");
+        if (db) await db.disconnect();
+        process.exit(1);
+      }
+      if (result.verified) {
+        spinner.succeed("Domain verified!");
+        if (dbConnected && db) {
+          try {
+            await db.updateSettings({
+              domainStatus: "verified",
+              domainVerifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+            });
+            console.log(chalk.dim("  Database updated with verified status."));
+          } catch {
+          }
+        }
+        console.log("");
+        console.log(chalk.green.bold(`  \u2713 ${domain} is verified and protected.`));
+        console.log(chalk.dim("  Your deployment domain is locked. No other instance can claim it."));
+        console.log(chalk.dim("  The system now operates 100% offline \u2014 no outbound calls are made."));
+        console.log("");
+        if (db) await db.disconnect();
+        return;
+      }
+    } catch (err) {
+      spinner.warn(`Check failed: ${err.message}`);
+    }
+    if (attempt < maxAttempts) {
+      const waitSpinner = ora(`DNS record not found yet. Retrying in 10 seconds...`).start();
+      await new Promise((r) => setTimeout(r, 1e4));
+      waitSpinner.stop();
+    }
+  }
+  console.log("");
+  console.log(chalk.yellow("  DNS record not detected yet."));
+  console.log("");
+  console.log(chalk.bold("  Make sure this TXT record exists at your DNS provider:"));
+  console.log("");
+  console.log(`  ${chalk.bold("Host:")}   ${chalk.cyan(`_agenticmail-verify.${domain}`)}`);
+  console.log(`  ${chalk.bold("Type:")}   ${chalk.cyan("TXT")}`);
+  if (dnsChallenge) {
+    console.log(`  ${chalk.bold("Value:")}  ${chalk.cyan(dnsChallenge)}`);
+  } else {
+    console.log(`  ${chalk.bold("Value:")}  ${chalk.dim("(check your dashboard or setup output)")}`);
+  }
+  console.log("");
+  console.log(chalk.dim("  DNS propagation can take up to 48 hours."));
+  console.log(chalk.dim("  Run with --poll to retry automatically:"));
+  console.log(chalk.dim(`    npx @agenticmail/enterprise verify-domain --domain ${domain} --poll`));
+  console.log("");
+  if (db) await db.disconnect();
+}
+export {
+  runVerifyDomain
+};

package/dist/cli.js

@@ -14,10 +14,10 @@ switch (command) {
     import("./cli-submit-skill-LDFJGSKO.js").then((m) => m.runSubmitSkill(args.slice(1))).catch(fatal);
     break;
   case "recover":
-    import("./cli-recover-WS27YEB7.js").then((m) => m.runRecover(args.slice(1))).catch(fatal);
+    import("./cli-recover-2LWWVD4Q.js").then((m) => m.runRecover(args.slice(1))).catch(fatal);
     break;
   case "verify-domain":
-    import("./cli-verify-CVYMUGKX.js").then((m) => m.runVerifyDomain(args.slice(1))).catch(fatal);
+    import("./cli-verify-TZMX3GWV.js").then((m) => m.runVerifyDomain(args.slice(1))).catch(fatal);
     break;
   case "reset-password":
     import("./cli-reset-password-SO5Y6MW7.js").then((m) => m.runResetPassword(args.slice(1))).catch(fatal);
@@ -57,14 +57,14 @@ Skill Development:
     break;
   case "serve":
   case "start":
-    import("./cli-serve-HVULKNQH.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
+    import("./cli-serve-JZEXPYXY.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
-    import("./cli-agent-4GZGC6XO.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
+    import("./cli-agent-YSQVDBOZ.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:
-    import("./setup-JUB67BUU.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-ZZAOBEY4.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/dashboard/app.js

@@ -97,6 +97,7 @@ function App() {
   const [permissions, setPermissions] = useState('*'); // '*' = full access, or { pageId: true | ['tab1','tab2'] }
   const [mustResetPassword, setMustResetPassword] = useState(false);
   const [show2faReminder, setShow2faReminder] = useState(false);
+  const [impersonating, setImpersonating] = useState(null); // { user, impersonatedBy }
   const [forceResetPw, setForceResetPw] = useState('');
   const [forceResetPw2, setForceResetPw2] = useState('');
   const [forceResetLoading, setForceResetLoading] = useState(false);
@@ -146,6 +147,12 @@ function App() {
     apiCall('/settings').then(d => { const s = d.settings || d || {}; if (s.primaryColor) applyBrandColor(s.primaryColor); if (s.orgId) setOrgId(s.orgId); }).catch(() => {});
     apiCall('/me/permissions').then(d => {
       if (d && d.permissions) setPermissions(d.permissions);
+      // If user is assigned to a client org, auto-set org context
+      if (d && d.clientOrgId) {
+        localStorage.setItem('em_client_org_id', d.clientOrgId);
+      } else {
+        localStorage.removeItem('em_client_org_id');
+      }
     }).catch(() => {});
   }, [authed]);
 
@@ -281,7 +288,44 @@ function App() {
   const PageComponent = canAccessPage ? (pages[page] || DashboardPage) : null;
   const sidebarClass = 'sidebar' + (sidebarPinned ? ' expanded' : sidebarHovered ? ' hover-expanded' : '') + (mobileMenuOpen ? ' mobile-open' : '');
 
-  return h(AppContext.Provider, { value: { toast, toasts, user, theme, setPage, permissions } },
+  // Impersonation functions
+  const startImpersonation = useCallback(async (userId) => {
+    try {
+      const d = await authCall('/impersonate/' + userId, { method: 'POST' });
+      if (d.token && d.user) {
+        // Store real user info
+        setImpersonating({ user: d.user, impersonatedBy: d.impersonatedBy, originalToken: localStorage.getItem('em_token') });
+        // Set impersonated user's token
+        localStorage.setItem('em_token', d.token);
+        setUser(d.user);
+        if (d.user.permissions) setPermissions(d.user.permissions);
+        if (d.user.clientOrgId) {
+          localStorage.setItem('em_client_org_id', d.user.clientOrgId);
+          // Fetch org name for display
+          apiCall('/organizations/' + d.user.clientOrgId).then(function(o) {
+            if (o && o.name) setImpersonating(function(prev) { return prev ? Object.assign({}, prev, { user: Object.assign({}, prev.user, { clientOrgName: o.name }) }) : prev; });
+          }).catch(function() {});
+        } else localStorage.removeItem('em_client_org_id');
+        toast('Now viewing as ' + d.user.name, 'info');
+        setPage('dashboard');
+      }
+    } catch (e) { toast(e.message || 'Impersonation failed', 'error'); }
+  }, []);
+
+  const stopImpersonation = useCallback(() => {
+    if (impersonating && impersonating.originalToken) {
+      localStorage.setItem('em_token', impersonating.originalToken);
+    }
+    setImpersonating(null);
+    localStorage.removeItem('em_client_org_id');
+    // Reload real user
+    authCall('/me').then(d => { setUser(d.user || d); }).catch(() => {});
+    apiCall('/me/permissions').then(d => { if (d && d.permissions) setPermissions(d.permissions); }).catch(() => {});
+    toast('Stopped impersonation', 'success');
+    setPage('users');
+  }, [impersonating]);
+
+  return h(AppContext.Provider, { value: { toast, toasts, user, theme, setPage, permissions, impersonating, startImpersonation, stopImpersonation } },
     h('div', { className: 'app-layout' },
       // Mobile hamburger
       h('button', { className: 'mobile-hamburger', onClick: () => setMobileMenuOpen(true) },
@@ -337,6 +381,18 @@ function App() {
           )
         ),
         h('div', { className: 'page-content' },
+          // Impersonation banner
+          impersonating && h('div', { style: { display: 'flex', alignItems: 'center', gap: 12, padding: '10px 16px', margin: '0 0 16px', background: 'rgba(99,102,241,0.12)', border: '2px solid var(--primary, #6366f1)', borderRadius: 8, fontSize: 13 } },
+            I.agents(),
+            h('div', { style: { flex: 1 } },
+              h('strong', null, 'Viewing as: '),
+              impersonating.user.name + ' (' + impersonating.user.email + ')',
+              impersonating.user.role && h('span', { className: 'badge badge-neutral', style: { marginLeft: 8, fontSize: 10 } }, impersonating.user.role),
+              impersonating.user.clientOrgName && h('span', { className: 'badge badge-info', style: { marginLeft: 8, fontSize: 10 } }, 'Org: ' + impersonating.user.clientOrgName),
+              impersonating.user.clientOrgId && !impersonating.user.clientOrgName && h('span', { className: 'badge badge-info', style: { marginLeft: 8, fontSize: 10 } }, 'Client Org')
+            ),
+            h('button', { className: 'btn btn-primary btn-sm', onClick: stopImpersonation }, 'Stop Impersonating')
+          ),
           // 2FA recommendation banner
           show2faReminder && h('div', { style: { display: 'flex', alignItems: 'center', gap: 12, padding: '10px 16px', margin: '0 0 16px', background: 'var(--warning-soft, rgba(245,158,11,0.1))', border: '1px solid var(--warning, #f59e0b)', borderRadius: 8, fontSize: 13 } },
             I.shield(),

package/dist/dashboard/components/org-switcher.js

@@ -0,0 +1,118 @@
+import { h, useState, useEffect, Fragment, apiCall, useApp } from './utils.js';
+import { I } from './icons.js';
+
+/**
+ * OrgContextSwitcher — Global org context picker for multi-tenant pages.
+ *
+ * If the current user has a clientOrgId, the switcher is LOCKED to that org
+ * (they can only see their org's data). Owners/admins can switch freely.
+ */
+export function OrgContextSwitcher(props) {
+  var onOrgChange = props.onOrgChange;
+  var selectedOrgId = props.selectedOrgId || '';
+  var showLabel = props.showLabel !== false;
+  var style = props.style || {};
+
+  var app = useApp();
+  var user = app.user || {};
+  var userOrgId = user.clientOrgId || null;
+  var isLocked = !!userOrgId && user.role !== 'owner' && user.role !== 'admin';
+
+  var _orgs = useState([]);
+  var orgs = _orgs[0]; var setOrgs = _orgs[1];
+  var _loaded = useState(false);
+  var loaded = _loaded[0]; var setLoaded = _loaded[1];
+
+  useEffect(function() {
+    apiCall('/organizations').then(function(d) {
+      var list = d.organizations || [];
+      setOrgs(list);
+      setLoaded(true);
+      // Auto-select user's org on first load if org-bound
+      if (userOrgId && !selectedOrgId) {
+        var org = list.find(function(o) { return o.id === userOrgId; });
+        if (org) onOrgChange(userOrgId, org);
+      }
+    }).catch(function() { setLoaded(true); });
+  }, [userOrgId]);
+
+  // Don't render if no client orgs and user isn't org-bound
+  if (loaded && orgs.length === 0 && !userOrgId) return null;
+  if (!loaded) return null;
+
+  var effectiveId = isLocked ? userOrgId : selectedOrgId;
+  var selectedOrg = orgs.find(function(o) { return o.id === effectiveId; });
+
+  return h('div', {
+    style: Object.assign({
+      display: 'flex', alignItems: 'center', gap: 10, padding: '8px 14px',
+      background: 'var(--bg-tertiary)', borderRadius: 'var(--radius, 8px)',
+      marginBottom: 16, fontSize: 13
+    }, style)
+  },
+    showLabel && h('span', { style: { color: 'var(--text-muted)', fontWeight: 600, whiteSpace: 'nowrap' } }, I.building(), ' Viewing:'),
+    isLocked
+      ? h('div', { style: { fontWeight: 600, fontSize: 13, color: 'var(--text)', display: 'flex', alignItems: 'center', gap: 6 } },
+          selectedOrg ? selectedOrg.name : 'Your Organization',
+          h('span', { className: 'badge badge-neutral', style: { fontSize: 10 } }, 'Locked')
+        )
+      : h('select', {
+          value: selectedOrgId,
+          onChange: function(e) {
+            var id = e.target.value;
+            var org = orgs.find(function(o) { return o.id === id; });
+            onOrgChange(id, org || null);
+          },
+          style: {
+            padding: '6px 10px', borderRadius: 6, border: '1px solid var(--border)',
+            background: 'var(--bg-card)', color: 'var(--text)', fontSize: 13,
+            cursor: 'pointer', fontWeight: 600, flex: 1, maxWidth: 300
+          }
+        },
+        h('option', { value: '' }, 'My Organization'),
+        orgs.filter(function(o) { return o.is_active !== false; }).map(function(o) {
+          return h('option', { key: o.id, value: o.id }, o.name + (o.billing_rate_per_agent > 0 ? ' (' + (o.currency || 'USD') + ' ' + parseFloat(o.billing_rate_per_agent).toFixed(0) + '/agent)' : ''));
+        })
+      ),
+    selectedOrg && h('span', { style: { fontSize: 11, color: 'var(--text-muted)' } },
+      selectedOrg.contact_name ? selectedOrg.contact_name : '',
+      selectedOrg.contact_email ? ' \u2022 ' + selectedOrg.contact_email : ''
+    ),
+    // Impersonation banner
+    app.impersonating && h('span', { className: 'badge badge-warning', style: { fontSize: 10, marginLeft: 'auto' } }, 'Impersonating: ' + (user.name || user.email))
+  );
+}
+
+/**
+ * useOrgContext — Hook that provides org switching state.
+ * Auto-selects the user's client org if they are org-bound.
+ */
+export function useOrgContext() {
+  var app = useApp();
+  var user = app.user || {};
+  var userOrgId = user.clientOrgId || '';
+
+  var _sel = useState(userOrgId);
+  var selectedOrgId = _sel[0]; var setSelectedOrgId = _sel[1];
+  var _org = useState(null);
+  var selectedOrg = _org[0]; var setSelectedOrg = _org[1];
+
+  // If user changes (e.g. impersonation), update default
+  useEffect(function() {
+    if (userOrgId && !selectedOrgId) setSelectedOrgId(userOrgId);
+  }, [userOrgId]);
+
+  var onOrgChange = function(id, org) {
+    setSelectedOrgId(id);
+    setSelectedOrg(org);
+  };
+
+  var Switcher = function(extraProps) {
+    return h(OrgContextSwitcher, Object.assign({
+      selectedOrgId: selectedOrgId,
+      onOrgChange: onOrgChange
+    }, extraProps || {}));
+  };
+
+  return { selectedOrgId: selectedOrgId, selectedOrg: selectedOrg, onOrgChange: onOrgChange, Switcher: Switcher };
+}

package/dist/dashboard/pages/agents.js

@@ -3,6 +3,7 @@ import { I } from '../components/icons.js';
 import { E } from '../assets/icons/emoji-icons.js';
 import { CULTURES, LANGUAGES, PersonaForm } from '../components/persona-fields.js';
 import { HelpButton } from '../components/help-button.js';
+import { useOrgContext } from '../components/org-switcher.js';
 
 // ════════════════════════════════════════════════════════════
 // DEPLOY MODAL
@@ -1127,6 +1128,7 @@ export function CreateAgentWizard({ onClose, onCreated, toast }) {
 export function AgentsPage({ onSelectAgent }) {
   const app = useApp();
   const toast = app.toast;
+  var orgCtx = useOrgContext();
   const [agents, setAgents] = useState([]);
   const [creating, setCreating] = useState(false);
 
@@ -1138,9 +1140,13 @@ export function AgentsPage({ onSelectAgent }) {
     if (allowedAgents !== '*' && Array.isArray(allowedAgents)) {
       all = all.filter(a => allowedAgents.indexOf(a.id) >= 0);
     }
+    // Filter by selected org context
+    if (orgCtx.selectedOrgId) {
+      all = all.filter(a => a.client_org_id === orgCtx.selectedOrgId);
+    }
     setAgents(all);
   }).catch(() => {});
-  useEffect(() => { load(); }, []);
+  useEffect(() => { load(); }, [orgCtx.selectedOrgId]);
 
   // Delete moved to agent detail overview tab with triple confirmation
 
@@ -1149,6 +1155,7 @@ export function AgentsPage({ onSelectAgent }) {
   var _tip = { marginTop: 12, padding: 12, background: 'var(--bg-secondary, #1e293b)', borderRadius: 'var(--radius, 8px)', fontSize: 13 };
 
   return h(Fragment, null,
+    h(orgCtx.Switcher),
     h('div', { style: { display: 'flex', justifyContent: 'space-between', alignItems: 'center', marginBottom: 20 } },
       h('div', null, h('h1', { style: { fontSize: 20, fontWeight: 700, display: 'flex', alignItems: 'center' } }, 'Agents', h(HelpButton, { label: 'Agents' },
         h('p', null, 'Your AI workforce. Each agent has its own email identity, personality, skills, permissions, and deployment target.'),

package/dist/dashboard/pages/approvals.js

@@ -1,8 +1,11 @@
 import { h, useState, useEffect, Fragment, useApp, engineCall, showConfirm, buildAgentEmailMap, buildAgentDataMap, resolveAgentEmail, renderAgentBadge, getOrgId } from '../components/utils.js';
 import { I } from '../components/icons.js';
 import { HelpButton } from '../components/help-button.js';
+import { useOrgContext } from '../components/org-switcher.js';
 
 export function ApprovalsPage() {
+  var orgCtx = useOrgContext();
+  var effectiveOrgId = orgCtx.selectedOrgId || getOrgId();
   const { toast } = useApp();
   const [pending, setPending] = useState([]);
   const [history, setHistory] = useState([]);
@@ -13,7 +16,7 @@ export function ApprovalsPage() {
   const load = () => {
     engineCall('/approvals/pending').then(d => setPending(d.requests || [])).catch(() => {});
     engineCall('/approvals/history?limit=50').then(d => setHistory(d.requests || [])).catch(() => {});
-    engineCall('/agents?orgId=' + getOrgId()).then(d => setAgents(d.agents || [])).catch(() => {});
+    engineCall('/agents?orgId=' + effectiveOrgId).then(d => setAgents(d.agents || [])).catch(() => {});
   };
   useEffect(() => { load(); }, []);
 
@@ -33,6 +36,7 @@ export function ApprovalsPage() {
   var _tip = { marginTop: 12, padding: 12, background: 'var(--bg-secondary, #1e293b)', borderRadius: 'var(--radius, 8px)', fontSize: 13 };
 
   return h(Fragment, null,
+    h(orgCtx.Switcher),
     h('div', { style: { marginBottom: 20 } },
       h('h1', { style: { fontSize: 20, fontWeight: 700, display: 'flex', alignItems: 'center' } }, 'Approvals', h(HelpButton, { label: 'Approvals' },
         h('p', null, 'The human-in-the-loop checkpoint. When agents attempt sensitive actions (based on your permission settings), they pause and wait for your approval here.'),

package/dist/dashboard/pages/dashboard.js

@@ -2,6 +2,7 @@ import { h, useState, useEffect, Fragment, buildAgentEmailMap, buildAgentDataMap
 import { I } from '../components/icons.js';
 import { DetailModal } from '../components/modal.js';
 import { HelpButton } from '../components/help-button.js';
+import { useOrgContext } from '../components/org-switcher.js';
 
 export function SetupChecklist({ onNavigate }) {
   const [status, setStatus] = useState(null);
@@ -46,6 +47,8 @@ export function SetupChecklist({ onNavigate }) {
 }
 
 export function DashboardPage() {
+  var orgCtx = useOrgContext();
+  var effectiveOrgId = orgCtx.selectedOrgId || effectiveOrgId;
   const [stats, setStats] = useState(null);
   const [agents, setAgents] = useState([]);
   const [events, setEvents] = useState([]);
@@ -58,9 +61,9 @@ export function DashboardPage() {
   useEffect(() => {
     apiCall('/stats').then(setStats).catch(() => {});
     apiCall('/agents').then(d => setAgents(d.agents || d || [])).catch(() => {});
-    engineCall('/agents?orgId=' + getOrgId()).then(d => setEngineAgents(d.agents || [])).catch(() => {});
+    engineCall('/agents?orgId=' + effectiveOrgId).then(d => setEngineAgents(d.agents || [])).catch(() => {});
     engineCall('/activity/events?limit=10').then(d => setEvents(d.events || [])).catch(() => {});
-  }, []);
+  }, [effectiveOrgId]);
 
   // Merge admin + engine agents; engine agents (appended last) win in the data map
   var mergedForMap = [].concat(agents, engineAgents);
@@ -73,6 +76,7 @@ export function DashboardPage() {
   var _tip = { marginTop: 12, padding: 12, background: 'var(--bg-secondary, #1e293b)', borderRadius: 'var(--radius, 8px)', fontSize: 13 };
 
   return h(Fragment, null,
+    h(orgCtx.Switcher),
     h(SetupChecklist, { onNavigate: function(pg) { if (navTo) navTo(pg); } }),
     h('div', { className: 'stat-grid' },
       h('div', { className: 'stat-card' }, h('div', { className: 'stat-label', style: { display: 'flex', alignItems: 'center' } }, 'Total Agents', h(HelpButton, { label: 'Total Agents' },

package/dist/dashboard/pages/guardrails.js

@@ -1,6 +1,7 @@
 import { h, useState, useEffect, useCallback, Fragment, useApp, engineCall, buildAgentEmailMap, resolveAgentEmail, buildAgentDataMap, renderAgentBadge, getOrgId } from '../components/utils.js';
 import { I } from '../components/icons.js';
 import { HelpButton } from '../components/help-button.js';
+import { useOrgContext } from '../components/org-switcher.js';
 
 // ─── Constants ──────────────────────────────────────────
 
@@ -93,6 +94,8 @@ function EmptyState(props) {
 // ─── Main Page ──────────────────────────────────────────
 
 export function GuardrailsPage() {
+  var orgCtx = useOrgContext();
+  var effectiveOrgId = orgCtx.selectedOrgId || getOrgId();
   var app = useApp();
   var toast = app.toast;
   var tab = useState('overview');
@@ -101,7 +104,7 @@ export function GuardrailsPage() {
   var _ag = useState([]);
   var agents = _ag[0]; var setAgents = _ag[1];
   useEffect(function() {
-    engineCall('/agents?orgId=' + getOrgId()).then(function(d) { setAgents(d.agents || []); }).catch(function() {});
+    engineCall('/agents?orgId=' + effectiveOrgId).then(function(d) { setAgents(d.agents || []); }).catch(function() {});
   }, []);
 
   var TABS = [
@@ -164,8 +167,8 @@ function OverviewTab(props) {
   var load = function() {
     setLoading(true);
     Promise.all([
-      engineCall('/guardrails/interventions?orgId=' + getOrgId() + '&limit=10').catch(function() { return { interventions: [] }; }),
-      engineCall('/policies?orgId=' + getOrgId()).catch(function() { return { policies: [] }; }),
+      engineCall('/guardrails/interventions?orgId=' + effectiveOrgId + '&limit=10').catch(function() { return { interventions: [] }; }),
+      engineCall('/policies?orgId=' + effectiveOrgId).catch(function() { return { policies: [] }; }),
       engineCall('/onboarding/org/default').catch(function() { return { progress: [] }; }),
     ]).then(function(res) {
       setInterventions(res[0].interventions || []);
@@ -203,6 +206,7 @@ function OverviewTab(props) {
   var typeColor = function(t) { return t === 'kill' ? '#ef4444' : t === 'pause' ? '#f59e0b' : t === 'resume' ? '#15803d' : '#0ea5e9'; };
 
   return h(Fragment, null,
+    h(orgCtx.Switcher),
     // Quick action bar
     h('div', { className: 'card', style: { marginBottom: 16 } },
       h('div', { className: 'card-body', style: { display: 'flex', gap: 8, alignItems: 'center', flexWrap: 'wrap' } },
@@ -282,17 +286,17 @@ function PoliciesTab() {
   var editPolicy = _edit[0]; var setEditPolicy = _edit[1];
   var _exp = useState(null);
   var expanded = _exp[0]; var setExpanded = _exp[1];
-  var _form = useState({ orgId: getOrgId(), name: '', category: 'code_of_conduct', description: '', content: '', priority: 0, enforcement: 'mandatory', appliesTo: ['*'], tags: [], enabled: true });
+  var _form = useState({ orgId: effectiveOrgId, name: '', category: 'code_of_conduct', description: '', content: '', priority: 0, enforcement: 'mandatory', appliesTo: ['*'], tags: [], enabled: true });
   var form = _form[0]; var setForm = _form[1];
 
   var load = function() {
-    engineCall('/policies?orgId=' + getOrgId()).then(function(d) { setPolicies(d.policies || []); }).catch(function() {});
+    engineCall('/policies?orgId=' + effectiveOrgId).then(function(d) { setPolicies(d.policies || []); }).catch(function() {});
   };
   useEffect(load, []);
 
   var openCreate = function() {
     setEditPolicy(null);
-    setForm({ orgId: getOrgId(), name: '', category: 'code_of_conduct', description: '', content: '', priority: 0, enforcement: 'mandatory', appliesTo: ['*'], tags: [], enabled: true });
+    setForm({ orgId: effectiveOrgId, name: '', category: 'code_of_conduct', description: '', content: '', priority: 0, enforcement: 'mandatory', appliesTo: ['*'], tags: [], enabled: true });
     setShowModal(true);
   };
   var openEdit = function(p) {
@@ -314,7 +318,7 @@ function PoliciesTab() {
       .catch(function(e) { toast(e.message, 'error'); });
   };
   var applyDefaults = function() {
-    engineCall('/policies/templates/apply', { method: 'POST', body: JSON.stringify({ orgId: getOrgId(), createdBy: 'admin' }) })
+    engineCall('/policies/templates/apply', { method: 'POST', body: JSON.stringify({ orgId: effectiveOrgId, createdBy: 'admin' }) })
       .then(function(d) { toast('Applied ' + (d.policies ? d.policies.length : 0) + ' default templates', 'success'); load(); })
       .catch(function(e) { toast(e.message, 'error'); });
   };
@@ -451,7 +455,7 @@ function OnboardingTab(props) {
 
   var initiate = function() {
     if (!initAgentId) { toast('Enter an agent ID', 'error'); return; }
-    engineCall('/onboarding/initiate/' + initAgentId, { method: 'POST', body: JSON.stringify({ orgId: getOrgId() }) })
+    engineCall('/onboarding/initiate/' + initAgentId, { method: 'POST', body: JSON.stringify({ orgId: effectiveOrgId }) })
       .then(function() { toast('Onboarding initiated', 'success'); setInitAgentId(''); load(); })
       .catch(function(e) { toast(e.message, 'error'); });
   };
@@ -461,7 +465,7 @@ function OnboardingTab(props) {
       .catch(function(e) { toast(e.message, 'error'); });
   };
   var checkChanges = function() {
-    engineCall('/onboarding/check-changes', { method: 'POST', body: JSON.stringify({ orgId: getOrgId() }) })
+    engineCall('/onboarding/check-changes', { method: 'POST', body: JSON.stringify({ orgId: effectiveOrgId }) })
       .then(function(d) {
         var stale = d.staleAgents || [];
         if (stale.length === 0) { toast('All agents up to date', 'success'); }
@@ -555,7 +559,7 @@ function MemoryTab(props) {
   var showCreate = _show[0]; var setShowCreate = _show[1];
   var _exp = useState(null);
   var expanded = _exp[0]; var setExpanded = _exp[1];
-  var _form = useState({ agentId: '', orgId: getOrgId(), category: 'org_knowledge', title: '', content: '', source: 'admin', importance: 'normal', tags: [] });
+  var _form = useState({ agentId: '', orgId: effectiveOrgId, category: 'org_knowledge', title: '', content: '', source: 'admin', importance: 'normal', tags: [] });
   var form = _form[0]; var setForm = _form[1];
 
   var loadMemories = function(aid) {
@@ -762,13 +766,13 @@ function RulesTab(props) {
   var _showAnomaly = useState(false);
   var showAnomalyModal = _showAnomaly[0]; var setShowAnomalyModal = _showAnomaly[1];
   var _form = useState({
-    orgId: getOrgId(), name: '', description: '', category: 'anomaly', ruleType: 'threshold',
+    orgId: effectiveOrgId, name: '', description: '', category: 'anomaly', ruleType: 'threshold',
     conditions: { threshold: 10, windowMinutes: 60 },
     action: 'alert', severity: 'medium', cooldownMinutes: 15, enabled: true
   });
   var form = _form[0]; var setForm = _form[1];
   var _anomalyForm = useState({
-    orgId: getOrgId(), name: '', ruleType: 'error_rate',
+    orgId: effectiveOrgId, name: '', ruleType: 'error_rate',
     config: { maxErrorsPerHour: 50, windowMinutes: 60 }, action: 'pause', enabled: true
   });
   var anomalyForm = _anomalyForm[0]; var setAnomalyForm = _anomalyForm[1];
@@ -777,9 +781,9 @@ function RulesTab(props) {
 
   var load = function() {
     Promise.all([
-      engineCall('/guardrails/rules?orgId=' + getOrgId()).catch(function() { return { rules: [] }; }),
-      engineCall('/anomaly-rules?orgId=' + getOrgId()).catch(function() { return { rules: [] }; }),
-      engineCall('/guardrails/interventions?orgId=' + getOrgId() + '&limit=50').catch(function() { return { interventions: [] }; }),
+      engineCall('/guardrails/rules?orgId=' + effectiveOrgId).catch(function() { return { rules: [] }; }),
+      engineCall('/anomaly-rules?orgId=' + effectiveOrgId).catch(function() { return { rules: [] }; }),
+      engineCall('/guardrails/interventions?orgId=' + effectiveOrgId + '&limit=50').catch(function() { return { interventions: [] }; }),
     ]).then(function(res) {
       setRules(res[0].rules || []);
       setAnomalyRules(res[1].rules || []);
@@ -791,7 +795,7 @@ function RulesTab(props) {
   // Guardrail rules CRUD
   var openCreateRule = function() {
     setEditRule(null);
-    setForm({ orgId: getOrgId(), name: '', description: '', category: 'anomaly', ruleType: 'threshold', conditions: { threshold: 10, windowMinutes: 60 }, action: 'alert', severity: 'medium', cooldownMinutes: 15, enabled: true });
+    setForm({ orgId: effectiveOrgId, name: '', description: '', category: 'anomaly', ruleType: 'threshold', conditions: { threshold: 10, windowMinutes: 60 }, action: 'alert', severity: 'medium', cooldownMinutes: 15, enabled: true });
     setShowModal(true);
   };
   var openEditRule = function(r) {