npm - @agenticmail/enterprise - Versions diffs - 0.5.326 → 0.5.328 - Mend

@agenticmail/enterprise 0.5.326 → 0.5.328

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (868) hide show

package/dist/dashboard/app.js +1 -1
package/dist/dashboard/pages/cluster.js +1 -1
package/logs/cloudflared-error.log +6 -0
package/logs/enterprise-out.log +2 -0
package/package.json +1 -1
package/god_is_great.html +0 -35
package/src/admin/page-registry.ts +0 -290
package/src/admin/routes.ts +0 -2968
package/src/agent-tools/common.ts +0 -260
package/src/agent-tools/index.ts +0 -542
package/src/agent-tools/merge.ts +0 -62
package/src/agent-tools/middleware.ts +0 -436
package/src/agent-tools/schema/typebox.ts +0 -25
package/src/agent-tools/security.ts +0 -352
package/src/agent-tools/tool-resolver.ts +0 -1018
package/src/agent-tools/tools/agenticmail.ts +0 -1017
package/src/agent-tools/tools/bash.ts +0 -179
package/src/agent-tools/tools/browser-tool.schema.ts +0 -112
package/src/agent-tools/tools/browser-tool.ts +0 -388
package/src/agent-tools/tools/browser.ts +0 -764
package/src/agent-tools/tools/edit.ts +0 -100
package/src/agent-tools/tools/enterprise-code-sandbox.ts +0 -395
package/src/agent-tools/tools/enterprise-database.ts +0 -377
package/src/agent-tools/tools/enterprise-diff.ts +0 -580
package/src/agent-tools/tools/enterprise-documents.ts +0 -896
package/src/agent-tools/tools/enterprise-http.ts +0 -485
package/src/agent-tools/tools/enterprise-security-scan.ts +0 -528
package/src/agent-tools/tools/enterprise-spreadsheet.ts +0 -825
package/src/agent-tools/tools/glob.ts +0 -129
package/src/agent-tools/tools/google/calendar.ts +0 -230
package/src/agent-tools/tools/google/chat.ts +0 -725
package/src/agent-tools/tools/google/contacts.ts +0 -209
package/src/agent-tools/tools/google/docs.ts +0 -162
package/src/agent-tools/tools/google/drive.ts +0 -392
package/src/agent-tools/tools/google/forms.ts +0 -367
package/src/agent-tools/tools/google/gmail.ts +0 -897
package/src/agent-tools/tools/google/index.ts +0 -86
package/src/agent-tools/tools/google/maps.ts +0 -543
package/src/agent-tools/tools/google/meeting-voice.ts +0 -885
package/src/agent-tools/tools/google/meetings.ts +0 -1094
package/src/agent-tools/tools/google/sheets.ts +0 -215
package/src/agent-tools/tools/google/slides.ts +0 -559
package/src/agent-tools/tools/google/tasks.ts +0 -200
package/src/agent-tools/tools/grep.ts +0 -178
package/src/agent-tools/tools/integrations/_factory.ts +0 -102
package/src/agent-tools/tools/integrations/activecampaign.ts +0 -14
package/src/agent-tools/tools/integrations/adobe-sign.ts +0 -14
package/src/agent-tools/tools/integrations/adp.ts +0 -14
package/src/agent-tools/tools/integrations/airtable.ts +0 -14
package/src/agent-tools/tools/integrations/apollo.ts +0 -14
package/src/agent-tools/tools/integrations/asana.ts +0 -14
package/src/agent-tools/tools/integrations/auth0.ts +0 -14
package/src/agent-tools/tools/integrations/aws.ts +0 -14
package/src/agent-tools/tools/integrations/azure-devops.ts +0 -14
package/src/agent-tools/tools/integrations/bamboohr.ts +0 -14
package/src/agent-tools/tools/integrations/basecamp.ts +0 -14
package/src/agent-tools/tools/integrations/bigcommerce.ts +0 -14
package/src/agent-tools/tools/integrations/bitbucket.ts +0 -14
package/src/agent-tools/tools/integrations/box.ts +0 -14
package/src/agent-tools/tools/integrations/brex.ts +0 -14
package/src/agent-tools/tools/integrations/buffer.ts +0 -14
package/src/agent-tools/tools/integrations/calendly.ts +0 -14
package/src/agent-tools/tools/integrations/canva.ts +0 -14
package/src/agent-tools/tools/integrations/chargebee.ts +0 -14
package/src/agent-tools/tools/integrations/circleci.ts +0 -14
package/src/agent-tools/tools/integrations/clickup.ts +0 -14
package/src/agent-tools/tools/integrations/close.ts +0 -14
package/src/agent-tools/tools/integrations/cloudflare.ts +0 -14
package/src/agent-tools/tools/integrations/confluence.ts +0 -14
package/src/agent-tools/tools/integrations/contentful.ts +0 -14
package/src/agent-tools/tools/integrations/copper.ts +0 -14
package/src/agent-tools/tools/integrations/crisp.ts +0 -14
package/src/agent-tools/tools/integrations/crowdstrike.ts +0 -14
package/src/agent-tools/tools/integrations/datadog.ts +0 -14
package/src/agent-tools/tools/integrations/digitalocean.ts +0 -14
package/src/agent-tools/tools/integrations/discord.ts +0 -14
package/src/agent-tools/tools/integrations/docker.ts +0 -14
package/src/agent-tools/tools/integrations/docusign.ts +0 -14
package/src/agent-tools/tools/integrations/drift.ts +0 -14
package/src/agent-tools/tools/integrations/dropbox.ts +0 -14
package/src/agent-tools/tools/integrations/figma.ts +0 -14
package/src/agent-tools/tools/integrations/firebase.ts +0 -14
package/src/agent-tools/tools/integrations/flyio.ts +0 -14
package/src/agent-tools/tools/integrations/freshbooks.ts +0 -14
package/src/agent-tools/tools/integrations/freshdesk.ts +0 -14
package/src/agent-tools/tools/integrations/freshsales.ts +0 -14
package/src/agent-tools/tools/integrations/freshservice.ts +0 -14
package/src/agent-tools/tools/integrations/front.ts +0 -14
package/src/agent-tools/tools/integrations/github-actions.ts +0 -14
package/src/agent-tools/tools/integrations/github.ts +0 -14
package/src/agent-tools/tools/integrations/gitlab.ts +0 -14
package/src/agent-tools/tools/integrations/gong.ts +0 -14
package/src/agent-tools/tools/integrations/google-ads.ts +0 -14
package/src/agent-tools/tools/integrations/google-analytics.ts +0 -14
package/src/agent-tools/tools/integrations/google-cloud.ts +0 -14
package/src/agent-tools/tools/integrations/gotomeeting.ts +0 -14
package/src/agent-tools/tools/integrations/grafana.ts +0 -14
package/src/agent-tools/tools/integrations/greenhouse.ts +0 -14
package/src/agent-tools/tools/integrations/gusto.ts +0 -14
package/src/agent-tools/tools/integrations/hashicorp-vault.ts +0 -14
package/src/agent-tools/tools/integrations/heroku.ts +0 -14
package/src/agent-tools/tools/integrations/hibob.ts +0 -14
package/src/agent-tools/tools/integrations/hootsuite.ts +0 -14
package/src/agent-tools/tools/integrations/hubspot.ts +0 -14
package/src/agent-tools/tools/integrations/huggingface.ts +0 -14
package/src/agent-tools/tools/integrations/index.ts +0 -474
package/src/agent-tools/tools/integrations/intercom.ts +0 -14
package/src/agent-tools/tools/integrations/jira.ts +0 -14
package/src/agent-tools/tools/integrations/klaviyo.ts +0 -14
package/src/agent-tools/tools/integrations/kubernetes.ts +0 -14
package/src/agent-tools/tools/integrations/lattice.ts +0 -14
package/src/agent-tools/tools/integrations/launchdarkly.ts +0 -14
package/src/agent-tools/tools/integrations/lever.ts +0 -14
package/src/agent-tools/tools/integrations/linear.ts +0 -14
package/src/agent-tools/tools/integrations/linkedin.ts +0 -14
package/src/agent-tools/tools/integrations/livechat.ts +0 -14
package/src/agent-tools/tools/integrations/loom.ts +0 -14
package/src/agent-tools/tools/integrations/mailchimp.ts +0 -14
package/src/agent-tools/tools/integrations/mailgun.ts +0 -14
package/src/agent-tools/tools/integrations/miro.ts +0 -14
package/src/agent-tools/tools/integrations/mixpanel.ts +0 -14
package/src/agent-tools/tools/integrations/monday.ts +0 -14
package/src/agent-tools/tools/integrations/mongodb-atlas.ts +0 -14
package/src/agent-tools/tools/integrations/neon.ts +0 -14
package/src/agent-tools/tools/integrations/netlify.ts +0 -14
package/src/agent-tools/tools/integrations/netsuite.ts +0 -14
package/src/agent-tools/tools/integrations/newrelic.ts +0 -14
package/src/agent-tools/tools/integrations/notion.ts +0 -14
package/src/agent-tools/tools/integrations/okta.ts +0 -14
package/src/agent-tools/tools/integrations/openai.ts +0 -14
package/src/agent-tools/tools/integrations/opsgenie.ts +0 -14
package/src/agent-tools/tools/integrations/outreach.ts +0 -14
package/src/agent-tools/tools/integrations/paddle.ts +0 -14
package/src/agent-tools/tools/integrations/pagerduty.ts +0 -14
package/src/agent-tools/tools/integrations/pandadoc.ts +0 -14
package/src/agent-tools/tools/integrations/paypal.ts +0 -14
package/src/agent-tools/tools/integrations/personio.ts +0 -14
package/src/agent-tools/tools/integrations/pinecone.ts +0 -14
package/src/agent-tools/tools/integrations/pipedrive.ts +0 -14
package/src/agent-tools/tools/integrations/plaid.ts +0 -14
package/src/agent-tools/tools/integrations/postmark.ts +0 -14
package/src/agent-tools/tools/integrations/power-automate.ts +0 -14
package/src/agent-tools/tools/integrations/quickbooks.ts +0 -14
package/src/agent-tools/tools/integrations/recurly.ts +0 -14
package/src/agent-tools/tools/integrations/reddit.ts +0 -14
package/src/agent-tools/tools/integrations/render.ts +0 -14
package/src/agent-tools/tools/integrations/ringcentral.ts +0 -14
package/src/agent-tools/tools/integrations/rippling.ts +0 -14
package/src/agent-tools/tools/integrations/salesforce.ts +0 -14
package/src/agent-tools/tools/integrations/salesloft.ts +0 -14
package/src/agent-tools/tools/integrations/sanity.ts +0 -14
package/src/agent-tools/tools/integrations/sap.ts +0 -14
package/src/agent-tools/tools/integrations/segment.ts +0 -14
package/src/agent-tools/tools/integrations/sendgrid.ts +0 -14
package/src/agent-tools/tools/integrations/sentry.ts +0 -14
package/src/agent-tools/tools/integrations/servicenow.ts +0 -14
package/src/agent-tools/tools/integrations/shopify.ts +0 -14
package/src/agent-tools/tools/integrations/shortcut.ts +0 -14
package/src/agent-tools/tools/integrations/slack.ts +0 -14
package/src/agent-tools/tools/integrations/smartsheet.ts +0 -14
package/src/agent-tools/tools/integrations/snowflake.ts +0 -14
package/src/agent-tools/tools/integrations/snyk.ts +0 -14
package/src/agent-tools/tools/integrations/splunk.ts +0 -14
package/src/agent-tools/tools/integrations/square.ts +0 -14
package/src/agent-tools/tools/integrations/statuspage.ts +0 -14
package/src/agent-tools/tools/integrations/stripe.ts +0 -14
package/src/agent-tools/tools/integrations/supabase.ts +0 -14
package/src/agent-tools/tools/integrations/teamwork.ts +0 -14
package/src/agent-tools/tools/integrations/telegram.ts +0 -14
package/src/agent-tools/tools/integrations/terraform.ts +0 -14
package/src/agent-tools/tools/integrations/todoist.ts +0 -14
package/src/agent-tools/tools/integrations/trello.ts +0 -14
package/src/agent-tools/tools/integrations/twilio.ts +0 -14
package/src/agent-tools/tools/integrations/twitter.ts +0 -14
package/src/agent-tools/tools/integrations/vercel.ts +0 -14
package/src/agent-tools/tools/integrations/weaviate.ts +0 -14
package/src/agent-tools/tools/integrations/webex.ts +0 -14
package/src/agent-tools/tools/integrations/webflow.ts +0 -14
package/src/agent-tools/tools/integrations/whatsapp.ts +0 -14
package/src/agent-tools/tools/integrations/whereby.ts +0 -14
package/src/agent-tools/tools/integrations/woocommerce.ts +0 -14
package/src/agent-tools/tools/integrations/wordpress.ts +0 -14
package/src/agent-tools/tools/integrations/workday.ts +0 -14
package/src/agent-tools/tools/integrations/wrike.ts +0 -14
package/src/agent-tools/tools/integrations/xero.ts +0 -14
package/src/agent-tools/tools/integrations/youtube.ts +0 -14
package/src/agent-tools/tools/integrations/zendesk.ts +0 -14
package/src/agent-tools/tools/integrations/zoho-crm.ts +0 -14
package/src/agent-tools/tools/integrations/zoom.ts +0 -14
package/src/agent-tools/tools/integrations/zuora.ts +0 -14
package/src/agent-tools/tools/knowledge-search.ts +0 -318
package/src/agent-tools/tools/local/coding.ts +0 -626
package/src/agent-tools/tools/local/dependency-manager.ts +0 -647
package/src/agent-tools/tools/local/file-edit.ts +0 -31
package/src/agent-tools/tools/local/file-list.ts +0 -39
package/src/agent-tools/tools/local/file-ops.ts +0 -48
package/src/agent-tools/tools/local/file-read.ts +0 -39
package/src/agent-tools/tools/local/file-search.ts +0 -46
package/src/agent-tools/tools/local/file-write.ts +0 -28
package/src/agent-tools/tools/local/filesystem.ts +0 -5
package/src/agent-tools/tools/local/index.ts +0 -55
package/src/agent-tools/tools/local/resolve-path.ts +0 -18
package/src/agent-tools/tools/local/shell.ts +0 -277
package/src/agent-tools/tools/local/system-info.ts +0 -29
package/src/agent-tools/tools/management.ts +0 -425
package/src/agent-tools/tools/mcp-bridge.ts +0 -142
package/src/agent-tools/tools/mcp-server-tools.ts +0 -91
package/src/agent-tools/tools/meeting-lifecycle.ts +0 -438
package/src/agent-tools/tools/memory.ts +0 -509
package/src/agent-tools/tools/messaging/index.ts +0 -6
package/src/agent-tools/tools/messaging/telegram.ts +0 -167
package/src/agent-tools/tools/messaging/whatsapp.ts +0 -651
package/src/agent-tools/tools/microsoft/contacts.ts +0 -176
package/src/agent-tools/tools/microsoft/excel-vba.ts +0 -331
package/src/agent-tools/tools/microsoft/excel.ts +0 -261
package/src/agent-tools/tools/microsoft/graph-api.ts +0 -161
package/src/agent-tools/tools/microsoft/index.ts +0 -95
package/src/agent-tools/tools/microsoft/onedrive.ts +0 -429
package/src/agent-tools/tools/microsoft/onenote.ts +0 -186
package/src/agent-tools/tools/microsoft/outlook-calendar.ts +0 -286
package/src/agent-tools/tools/microsoft/outlook-mail.ts +0 -723
package/src/agent-tools/tools/microsoft/planner.ts +0 -200
package/src/agent-tools/tools/microsoft/powerbi.ts +0 -266
package/src/agent-tools/tools/microsoft/powerpoint.ts +0 -186
package/src/agent-tools/tools/microsoft/sharepoint.ts +0 -328
package/src/agent-tools/tools/microsoft/teams.ts +0 -463
package/src/agent-tools/tools/microsoft/todo.ts +0 -181
package/src/agent-tools/tools/oauth-token-provider.ts +0 -101
package/src/agent-tools/tools/read.ts +0 -160
package/src/agent-tools/tools/visual-memory/capture.ts +0 -217
package/src/agent-tools/tools/visual-memory/diff.ts +0 -283
package/src/agent-tools/tools/visual-memory/index.ts +0 -698
package/src/agent-tools/tools/visual-memory/phash.ts +0 -120
package/src/agent-tools/tools/visual-memory/similarity.ts +0 -354
package/src/agent-tools/tools/visual-memory/storage.ts +0 -534
package/src/agent-tools/tools/visual-memory/types.ts +0 -100
package/src/agent-tools/tools/web-fetch-utils.ts +0 -202
package/src/agent-tools/tools/web-fetch.ts +0 -464
package/src/agent-tools/tools/web-search.ts +0 -480
package/src/agent-tools/tools/web-shared.ts +0 -232
package/src/agent-tools/tools/write.ts +0 -68
package/src/agent-tools/types.ts +0 -214
package/src/agenticmail/index.ts +0 -34
package/src/agenticmail/manager.ts +0 -253
package/src/agenticmail/providers/google.ts +0 -391
package/src/agenticmail/providers/imap.ts +0 -454
package/src/agenticmail/providers/index.ts +0 -28
package/src/agenticmail/providers/microsoft.ts +0 -260
package/src/agenticmail/types.ts +0 -173
package/src/auth/routes.ts +0 -1589
package/src/browser/bridge-auth-registry.ts +0 -34
package/src/browser/bridge-server.ts +0 -93
package/src/browser/cdp.helpers.ts +0 -180
package/src/browser/cdp.ts +0 -466
package/src/browser/chrome.executables.ts +0 -625
package/src/browser/chrome.profile-decoration.ts +0 -198
package/src/browser/chrome.ts +0 -349
package/src/browser/client-actions-core.ts +0 -259
package/src/browser/client-actions-observe.ts +0 -184
package/src/browser/client-actions-state.ts +0 -284
package/src/browser/client-actions-types.ts +0 -16
package/src/browser/client-actions-url.ts +0 -11
package/src/browser/client-actions.ts +0 -4
package/src/browser/client-fetch.ts +0 -253
package/src/browser/client.ts +0 -337
package/src/browser/config.ts +0 -301
package/src/browser/constants.ts +0 -8
package/src/browser/control-auth.ts +0 -94
package/src/browser/control-service.ts +0 -81
package/src/browser/csrf.ts +0 -87
package/src/browser/enterprise-compat.ts +0 -562
package/src/browser/extension-relay.ts +0 -834
package/src/browser/http-auth.ts +0 -63
package/src/browser/navigation-guard.ts +0 -50
package/src/browser/paths.ts +0 -49
package/src/browser/playwright.d.ts +0 -12
package/src/browser/profiles-service.ts +0 -187
package/src/browser/profiles.ts +0 -114
package/src/browser/proxy-files.ts +0 -41
package/src/browser/pw-ai-module.ts +0 -52
package/src/browser/pw-ai-state.ts +0 -9
package/src/browser/pw-ai.ts +0 -65
package/src/browser/pw-role-snapshot.ts +0 -434
package/src/browser/pw-session.ts +0 -810
package/src/browser/pw-tools-core.activity.ts +0 -68
package/src/browser/pw-tools-core.downloads.ts +0 -281
package/src/browser/pw-tools-core.interactions.ts +0 -646
package/src/browser/pw-tools-core.responses.ts +0 -124
package/src/browser/pw-tools-core.shared.ts +0 -70
package/src/browser/pw-tools-core.snapshot.ts +0 -213
package/src/browser/pw-tools-core.state.ts +0 -209
package/src/browser/pw-tools-core.storage.ts +0 -128
package/src/browser/pw-tools-core.trace.ts +0 -37
package/src/browser/pw-tools-core.ts +0 -8
package/src/browser/resolved-config-refresh.ts +0 -59
package/src/browser/routes/agent.act.shared.ts +0 -52
package/src/browser/routes/agent.act.ts +0 -575
package/src/browser/routes/agent.debug.ts +0 -149
package/src/browser/routes/agent.shared.ts +0 -143
package/src/browser/routes/agent.snapshot.ts +0 -333
package/src/browser/routes/agent.storage.ts +0 -451
package/src/browser/routes/agent.ts +0 -13
package/src/browser/routes/basic.ts +0 -202
package/src/browser/routes/dispatcher.ts +0 -126
package/src/browser/routes/index.ts +0 -11
package/src/browser/routes/path-output.ts +0 -1
package/src/browser/routes/tabs.ts +0 -217
package/src/browser/routes/types.ts +0 -26
package/src/browser/routes/utils.ts +0 -73
package/src/browser/screenshot.ts +0 -54
package/src/browser/server-context.ts +0 -688
package/src/browser/server-context.types.ts +0 -65
package/src/browser/server-lifecycle.ts +0 -48
package/src/browser/server-middleware.ts +0 -37
package/src/browser/server.ts +0 -110
package/src/browser/target-id.ts +0 -30
package/src/browser/trash.ts +0 -21
package/src/cli-agent.ts +0 -2452
package/src/cli-reset-password.ts +0 -138
package/src/cli-serve.ts +0 -314
package/src/cli.ts +0 -103
package/src/dashboard/HELP-TOOLTIPS-GUIDE.md +0 -45
package/src/dashboard/app.js +0 -579
package/src/dashboard/assets/brand-logos.js +0 -350
package/src/dashboard/assets/icons/emoji-icons.js +0 -893
package/src/dashboard/assets/logo.png +0 -0
package/src/dashboard/assets/provider-logos.js +0 -139
package/src/dashboard/components/error-boundary.js +0 -21
package/src/dashboard/components/help-button.js +0 -65
package/src/dashboard/components/icons.js +0 -64
package/src/dashboard/components/knowledge-link.js +0 -79
package/src/dashboard/components/modal.js +0 -125
package/src/dashboard/components/org-switcher.js +0 -156
package/src/dashboard/components/persona-fields.js +0 -460
package/src/dashboard/components/settings-help.js +0 -193
package/src/dashboard/components/tag-input.js +0 -96
package/src/dashboard/components/timezones.js +0 -352
package/src/dashboard/components/transport-encryption.js +0 -288
package/src/dashboard/components/utils.js +0 -205
package/src/dashboard/data/countries.js +0 -255
package/src/dashboard/docs/activity.html +0 -253
package/src/dashboard/docs/agent-activity.html +0 -199
package/src/dashboard/docs/agent-autonomy.html +0 -161
package/src/dashboard/docs/agent-budget.html +0 -190
package/src/dashboard/docs/agent-channels.html +0 -189
package/src/dashboard/docs/agent-communication.html +0 -171
package/src/dashboard/docs/agent-configuration.html +0 -194
package/src/dashboard/docs/agent-deployment.html +0 -323
package/src/dashboard/docs/agent-email.html +0 -184
package/src/dashboard/docs/agent-guardrails.html +0 -206
package/src/dashboard/docs/agent-manager.html +0 -226
package/src/dashboard/docs/agent-memory.html +0 -215
package/src/dashboard/docs/agent-overview.html +0 -226
package/src/dashboard/docs/agent-permissions.html +0 -305
package/src/dashboard/docs/agent-personal.html +0 -155
package/src/dashboard/docs/agent-security.html +0 -188
package/src/dashboard/docs/agent-skills.html +0 -224
package/src/dashboard/docs/agent-tool-security.html +0 -205
package/src/dashboard/docs/agent-tools.html +0 -238
package/src/dashboard/docs/agent-whatsapp.html +0 -210
package/src/dashboard/docs/agent-workforce.html +0 -199
package/src/dashboard/docs/agents.html +0 -258
package/src/dashboard/docs/approvals.html +0 -200
package/src/dashboard/docs/audit.html +0 -206
package/src/dashboard/docs/browser-providers.html +0 -313
package/src/dashboard/docs/cluster.html +0 -285
package/src/dashboard/docs/community-skills.html +0 -253
package/src/dashboard/docs/compliance.html +0 -221
package/src/dashboard/docs/dashboard.html +0 -84
package/src/dashboard/docs/database-access.html +0 -322
package/src/dashboard/docs/dlp.html +0 -268
package/src/dashboard/docs/docs-style.css +0 -26
package/src/dashboard/docs/domain-status.html +0 -294
package/src/dashboard/docs/guardrails.html +0 -265
package/src/dashboard/docs/journal.html +0 -197
package/src/dashboard/docs/knowledge-contributions.html +0 -286
package/src/dashboard/docs/knowledge.html +0 -268
package/src/dashboard/docs/memory-transfer.html +0 -311
package/src/dashboard/docs/messages.html +0 -217
package/src/dashboard/docs/multi-tenant.html +0 -311
package/src/dashboard/docs/org-chart.html +0 -239
package/src/dashboard/docs/organizations.html +0 -182
package/src/dashboard/docs/roles.html +0 -195
package/src/dashboard/docs/settings-network.html +0 -321
package/src/dashboard/docs/settings-security.html +0 -347
package/src/dashboard/docs/settings-tool-security.html +0 -176
package/src/dashboard/docs/settings.html +0 -280
package/src/dashboard/docs/skill-connections.html +0 -270
package/src/dashboard/docs/skills.html +0 -206
package/src/dashboard/docs/task-pipeline.html +0 -261
package/src/dashboard/docs/transport-encryption.html +0 -359
package/src/dashboard/docs/users.html +0 -225
package/src/dashboard/docs/vault.html +0 -260
package/src/dashboard/docs/workforce.html +0 -245
package/src/dashboard/index.html +0 -444
package/src/dashboard/pages/activity.js +0 -379
package/src/dashboard/pages/agent-detail/activity.js +0 -277
package/src/dashboard/pages/agent-detail/autonomy.js +0 -244
package/src/dashboard/pages/agent-detail/budget.js +0 -269
package/src/dashboard/pages/agent-detail/channels.js +0 -494
package/src/dashboard/pages/agent-detail/communication.js +0 -296
package/src/dashboard/pages/agent-detail/configuration.js +0 -882
package/src/dashboard/pages/agent-detail/deployment.js +0 -958
package/src/dashboard/pages/agent-detail/email.js +0 -674
package/src/dashboard/pages/agent-detail/guardrails.js +0 -521
package/src/dashboard/pages/agent-detail/index.js +0 -261
package/src/dashboard/pages/agent-detail/manager.js +0 -357
package/src/dashboard/pages/agent-detail/meeting-browser.js +0 -933
package/src/dashboard/pages/agent-detail/memory.js +0 -368
package/src/dashboard/pages/agent-detail/overview.js +0 -844
package/src/dashboard/pages/agent-detail/permissions.js +0 -1163
package/src/dashboard/pages/agent-detail/personal-details.js +0 -404
package/src/dashboard/pages/agent-detail/security.js +0 -409
package/src/dashboard/pages/agent-detail/shared.js +0 -85
package/src/dashboard/pages/agent-detail/skills-section.js +0 -183
package/src/dashboard/pages/agent-detail/tool-security.js +0 -380
package/src/dashboard/pages/agent-detail/tools.js +0 -322
package/src/dashboard/pages/agent-detail/whatsapp.js +0 -824
package/src/dashboard/pages/agent-detail/workforce.js +0 -683
package/src/dashboard/pages/agents.js +0 -1242
package/src/dashboard/pages/approvals.js +0 -100
package/src/dashboard/pages/audit.js +0 -198
package/src/dashboard/pages/cluster.js +0 -512
package/src/dashboard/pages/community-skills.js +0 -1219
package/src/dashboard/pages/compliance.js +0 -475
package/src/dashboard/pages/dashboard.js +0 -180
package/src/dashboard/pages/database-access.js +0 -812
package/src/dashboard/pages/dlp.js +0 -293
package/src/dashboard/pages/domain-status.js +0 -951
package/src/dashboard/pages/guardrails.js +0 -1035
package/src/dashboard/pages/journal.js +0 -172
package/src/dashboard/pages/knowledge-contributions.js +0 -1682
package/src/dashboard/pages/knowledge-import.js +0 -455
package/src/dashboard/pages/knowledge.js +0 -582
package/src/dashboard/pages/login.js +0 -1056
package/src/dashboard/pages/memory-transfer.js +0 -631
package/src/dashboard/pages/messages.js +0 -303
package/src/dashboard/pages/org-chart.js +0 -349
package/src/dashboard/pages/organizations.js +0 -1081
package/src/dashboard/pages/roles.js +0 -780
package/src/dashboard/pages/settings.js +0 -3790
package/src/dashboard/pages/skill-connections.js +0 -982
package/src/dashboard/pages/skills.js +0 -879
package/src/dashboard/pages/task-pipeline.js +0 -684
package/src/dashboard/pages/users.js +0 -867
package/src/dashboard/pages/vault.js +0 -791
package/src/dashboard/pages/workforce.js +0 -851
package/src/dashboard/vendor/react-dom.development.js +0 -29924
package/src/dashboard/vendor/react-dom.production.min.js +0 -267
package/src/dashboard/vendor/react.development.js +0 -3343
package/src/dashboard/vendor/react.production.min.js +0 -31
package/src/database-access/agent-tools.ts +0 -193
package/src/database-access/connection-manager.ts +0 -1341
package/src/database-access/index.ts +0 -21
package/src/database-access/query-sanitizer.ts +0 -220
package/src/database-access/routes.ts +0 -226
package/src/database-access/types.ts +0 -226
package/src/db/adapter.ts +0 -510
package/src/db/dynamodb.ts +0 -454
package/src/db/factory.ts +0 -129
package/src/db/mongodb.ts +0 -360
package/src/db/mysql.ts +0 -531
package/src/db/postgres.ts +0 -863
package/src/db/proxy.ts +0 -39
package/src/db/resolve-driver.ts +0 -29
package/src/db/sql-schema.ts +0 -124
package/src/db/sqlite.ts +0 -493
package/src/db/turso.ts +0 -470
package/src/deploy/fly.ts +0 -368
package/src/deploy/managed.ts +0 -235
package/src/domain-lock/cli-recover.ts +0 -591
package/src/domain-lock/cli-verify.ts +0 -190
package/src/domain-lock/index.ts +0 -220
package/src/engine/activity-routes.ts +0 -154
package/src/engine/activity.ts +0 -568
package/src/engine/agent-autonomy.ts +0 -974
package/src/engine/agent-config.ts +0 -646
package/src/engine/agent-heartbeat.ts +0 -720
package/src/engine/agent-hierarchy.ts +0 -1064
package/src/engine/agent-memory.ts +0 -806
package/src/engine/agent-notify.ts +0 -50
package/src/engine/agent-routes.ts +0 -2583
package/src/engine/agent-status.ts +0 -311
package/src/engine/ambient-memory.ts +0 -401
package/src/engine/approvals.ts +0 -615
package/src/engine/assets/thinking-hum.mp3 +0 -0
package/src/engine/catalog-routes.ts +0 -232
package/src/engine/chat-poller.ts +0 -913
package/src/engine/chat-webhook-routes.ts +0 -304
package/src/engine/cli-build-skill.ts +0 -285
package/src/engine/cli-submit-skill.ts +0 -200
package/src/engine/cli-validate.ts +0 -188
package/src/engine/cluster.ts +0 -278
package/src/engine/communication-routes.ts +0 -139
package/src/engine/communication.ts +0 -765
package/src/engine/community-registry.ts +0 -1529
package/src/engine/community-routes.ts +0 -260
package/src/engine/compliance-routes.ts +0 -133
package/src/engine/compliance.ts +0 -1679
package/src/engine/config-bus.ts +0 -103
package/src/engine/db-adapter.ts +0 -1156
package/src/engine/db-schema.ts +0 -1945
package/src/engine/deploy-schema-routes.ts +0 -176
package/src/engine/deployer.ts +0 -957
package/src/engine/dlp-routes.ts +0 -101
package/src/engine/dlp.ts +0 -410
package/src/engine/email-poller.ts +0 -855
package/src/engine/emoji.ts +0 -106
package/src/engine/guardrail-routes.ts +0 -125
package/src/engine/guardrails.ts +0 -465
package/src/engine/index.ts +0 -255
package/src/engine/journal-routes.ts +0 -56
package/src/engine/journal.ts +0 -249
package/src/engine/knowledge-contribution-routes.ts +0 -633
package/src/engine/knowledge-contribution.ts +0 -1386
package/src/engine/knowledge-import/chunker.ts +0 -241
package/src/engine/knowledge-import/import-manager.ts +0 -416
package/src/engine/knowledge-import/index.ts +0 -27
package/src/engine/knowledge-import/processors/clean.ts +0 -149
package/src/engine/knowledge-import/processors/extract-gdrive.ts +0 -102
package/src/engine/knowledge-import/processors/extract-github.ts +0 -74
package/src/engine/knowledge-import/processors/extract-sharepoint.ts +0 -69
package/src/engine/knowledge-import/processors/extract-web.ts +0 -275
package/src/engine/knowledge-import/processors/index.ts +0 -18
package/src/engine/knowledge-import/processors/pipeline.ts +0 -171
package/src/engine/knowledge-import/processors/types.ts +0 -78
package/src/engine/knowledge-import/processors/validate.ts +0 -150
package/src/engine/knowledge-import/provider-file-upload.ts +0 -95
package/src/engine/knowledge-import/provider-github.ts +0 -144
package/src/engine/knowledge-import/provider-google-sites.ts +0 -323
package/src/engine/knowledge-import/provider-sharepoint.ts +0 -276
package/src/engine/knowledge-import/provider-url.ts +0 -218
package/src/engine/knowledge-import/routes.ts +0 -94
package/src/engine/knowledge-import/types.ts +0 -92
package/src/engine/knowledge-routes.ts +0 -231
package/src/engine/knowledge.ts +0 -587
package/src/engine/lifecycle.ts +0 -1420
package/src/engine/mcp-process-manager.ts +0 -573
package/src/engine/meeting-monitor.ts +0 -483
package/src/engine/meeting-voice-intelligence.ts +0 -340
package/src/engine/memory-routes.ts +0 -142
package/src/engine/memory-transfer-routes.ts +0 -339
package/src/engine/messaging-history.ts +0 -177
package/src/engine/messaging-poller.ts +0 -786
package/src/engine/model-fallback.ts +0 -141
package/src/engine/oauth-connect-routes.ts +0 -603
package/src/engine/oauth-connect.ts +0 -304
package/src/engine/onboarding-routes.ts +0 -148
package/src/engine/onboarding.ts +0 -574
package/src/engine/org-approval-routes.ts +0 -146
package/src/engine/org-integration-routes.ts +0 -399
package/src/engine/org-integrations.ts +0 -608
package/src/engine/org-policies.ts +0 -502
package/src/engine/policy-import-routes.ts +0 -125
package/src/engine/policy-import.ts +0 -1186
package/src/engine/policy-routes.ts +0 -163
package/src/engine/routes.ts +0 -1236
package/src/engine/screen-unlock.ts +0 -136
package/src/engine/session-router.ts +0 -212
package/src/engine/skill-updater-routes.ts +0 -132
package/src/engine/skill-updater.ts +0 -480
package/src/engine/skill-validator.ts +0 -331
package/src/engine/skills/agent-management.ts +0 -119
package/src/engine/skills/agent-memory.ts +0 -19
package/src/engine/skills/agenticmail.ts +0 -116
package/src/engine/skills/core-tools.ts +0 -25
package/src/engine/skills/database-access.ts +0 -78
package/src/engine/skills/enterprise-code-sandbox.ts +0 -113
package/src/engine/skills/enterprise-database.ts +0 -123
package/src/engine/skills/enterprise-diff.ts +0 -95
package/src/engine/skills/enterprise-documents.ts +0 -162
package/src/engine/skills/enterprise-http.ts +0 -99
package/src/engine/skills/enterprise-security-scan.ts +0 -125
package/src/engine/skills/enterprise-spreadsheet.ts +0 -171
package/src/engine/skills/gws-admin.ts +0 -18
package/src/engine/skills/gws-calendar.ts +0 -21
package/src/engine/skills/gws-chat.ts +0 -29
package/src/engine/skills/gws-contacts.ts +0 -20
package/src/engine/skills/gws-docs.ts +0 -18
package/src/engine/skills/gws-drive.ts +0 -23
package/src/engine/skills/gws-forms.ts +0 -23
package/src/engine/skills/gws-gmail.ts +0 -30
package/src/engine/skills/gws-groups.ts +0 -17
package/src/engine/skills/gws-keep.ts +0 -17
package/src/engine/skills/gws-maps.ts +0 -25
package/src/engine/skills/gws-meet.ts +0 -23
package/src/engine/skills/gws-sheets.ts +0 -22
package/src/engine/skills/gws-sites.ts +0 -16
package/src/engine/skills/gws-slides.ts +0 -27
package/src/engine/skills/gws-tasks.ts +0 -22
package/src/engine/skills/gws-vault.ts +0 -17
package/src/engine/skills/index.ts +0 -159
package/src/engine/skills/knowledge-search.ts +0 -18
package/src/engine/skills/local-system.ts +0 -61
package/src/engine/skills/m365-admin.ts +0 -18
package/src/engine/skills/m365-bookings.ts +0 -17
package/src/engine/skills/m365-copilot.ts +0 -17
package/src/engine/skills/m365-excel.ts +0 -60
package/src/engine/skills/m365-forms.ts +0 -17
package/src/engine/skills/m365-onedrive.ts +0 -60
package/src/engine/skills/m365-onenote.ts +0 -17
package/src/engine/skills/m365-outlook.ts +0 -27
package/src/engine/skills/m365-planner.ts +0 -18
package/src/engine/skills/m365-power-automate.ts +0 -18
package/src/engine/skills/m365-power-bi.ts +0 -19
package/src/engine/skills/m365-powerpoint.ts +0 -33
package/src/engine/skills/m365-sharepoint.ts +0 -20
package/src/engine/skills/m365-teams.ts +0 -21
package/src/engine/skills/m365-todo.ts +0 -17
package/src/engine/skills/m365-whiteboard.ts +0 -16
package/src/engine/skills/m365-word.ts +0 -42
package/src/engine/skills/mcp-bridge.ts +0 -45
package/src/engine/skills/meeting-lifecycle.ts +0 -20
package/src/engine/skills/messaging.ts +0 -46
package/src/engine/skills/visual-memory.ts +0 -25
package/src/engine/skills.ts +0 -688
package/src/engine/soul-library.ts +0 -142
package/src/engine/soul-templates.json +0 -1525
package/src/engine/storage-manager.ts +0 -252
package/src/engine/storage-routes.ts +0 -113
package/src/engine/storage.ts +0 -528
package/src/engine/task-poller.ts +0 -394
package/src/engine/task-queue-after-spawn.ts +0 -66
package/src/engine/task-queue-before-spawn.ts +0 -113
package/src/engine/task-queue-routes.ts +0 -161
package/src/engine/task-queue.ts +0 -664
package/src/engine/tenant.ts +0 -409
package/src/engine/tool-catalog.ts +0 -354
package/src/engine/vault-routes.ts +0 -134
package/src/engine/vault.ts +0 -601
package/src/engine/workforce-routes.ts +0 -331
package/src/engine/workforce.ts +0 -1161
package/src/index.ts +0 -77
package/src/lib/cidr.ts +0 -122
package/src/lib/config-store.ts +0 -86
package/src/lib/resilience.ts +0 -326
package/src/lib/text-search.ts +0 -358
package/src/mcp/adapters/activecampaign.adapter.ts +0 -391
package/src/mcp/adapters/adobe-sign.adapter.ts +0 -469
package/src/mcp/adapters/adp.adapter.ts +0 -358
package/src/mcp/adapters/airtable.adapter.ts +0 -273
package/src/mcp/adapters/apollo.adapter.ts +0 -420
package/src/mcp/adapters/asana.adapter.ts +0 -315
package/src/mcp/adapters/auth0.adapter.ts +0 -386
package/src/mcp/adapters/aws.adapter.ts +0 -345
package/src/mcp/adapters/azure-devops.adapter.ts +0 -389
package/src/mcp/adapters/bamboohr.adapter.ts +0 -376
package/src/mcp/adapters/basecamp.adapter.ts +0 -366
package/src/mcp/adapters/bigcommerce.adapter.ts +0 -429
package/src/mcp/adapters/bitbucket.adapter.ts +0 -260
package/src/mcp/adapters/box.adapter.ts +0 -350
package/src/mcp/adapters/brex.adapter.ts +0 -367
package/src/mcp/adapters/buffer.adapter.ts +0 -303
package/src/mcp/adapters/calendly.adapter.ts +0 -262
package/src/mcp/adapters/canva.adapter.ts +0 -256
package/src/mcp/adapters/chargebee.adapter.ts +0 -448
package/src/mcp/adapters/circleci.adapter.ts +0 -216
package/src/mcp/adapters/clickup.adapter.ts +0 -335
package/src/mcp/adapters/close.adapter.ts +0 -390
package/src/mcp/adapters/cloudflare.adapter.ts +0 -378
package/src/mcp/adapters/confluence.adapter.ts +0 -301
package/src/mcp/adapters/contentful.adapter.ts +0 -355
package/src/mcp/adapters/copper.adapter.ts +0 -468
package/src/mcp/adapters/crisp.adapter.ts +0 -415
package/src/mcp/adapters/crowdstrike.adapter.ts +0 -413
package/src/mcp/adapters/datadog.adapter.ts +0 -373
package/src/mcp/adapters/digitalocean.adapter.ts +0 -336
package/src/mcp/adapters/discord.adapter.ts +0 -248
package/src/mcp/adapters/docker.adapter.ts +0 -238
package/src/mcp/adapters/docusign.adapter.ts +0 -431
package/src/mcp/adapters/drift.adapter.ts +0 -386
package/src/mcp/adapters/dropbox.adapter.ts +0 -315
package/src/mcp/adapters/figma.adapter.ts +0 -302
package/src/mcp/adapters/firebase.adapter.ts +0 -446
package/src/mcp/adapters/flyio.adapter.ts +0 -302
package/src/mcp/adapters/freshbooks.adapter.ts +0 -474
package/src/mcp/adapters/freshdesk.adapter.ts +0 -441
package/src/mcp/adapters/freshsales.adapter.ts +0 -457
package/src/mcp/adapters/freshservice.adapter.ts +0 -481
package/src/mcp/adapters/front.adapter.ts +0 -357
package/src/mcp/adapters/github-actions.adapter.ts +0 -329
package/src/mcp/adapters/github.adapter.ts +0 -387
package/src/mcp/adapters/gitlab.adapter.ts +0 -368
package/src/mcp/adapters/gong.adapter.ts +0 -386
package/src/mcp/adapters/google-ads.adapter.ts +0 -363
package/src/mcp/adapters/google-analytics.adapter.ts +0 -316
package/src/mcp/adapters/google-cloud.adapter.ts +0 -312
package/src/mcp/adapters/gotomeeting.adapter.ts +0 -255
package/src/mcp/adapters/grafana.adapter.ts +0 -361
package/src/mcp/adapters/greenhouse.adapter.ts +0 -354
package/src/mcp/adapters/gusto.adapter.ts +0 -329
package/src/mcp/adapters/hashicorp-vault.adapter.ts +0 -355
package/src/mcp/adapters/heroku.adapter.ts +0 -291
package/src/mcp/adapters/hibob.adapter.ts +0 -334
package/src/mcp/adapters/hootsuite.adapter.ts +0 -322
package/src/mcp/adapters/hubspot.adapter.ts +0 -400
package/src/mcp/adapters/huggingface.adapter.ts +0 -349
package/src/mcp/adapters/index.ts +0 -524
package/src/mcp/adapters/intercom.adapter.ts +0 -269
package/src/mcp/adapters/jira.adapter.ts +0 -482
package/src/mcp/adapters/klaviyo.adapter.ts +0 -353
package/src/mcp/adapters/kubernetes.adapter.ts +0 -431
package/src/mcp/adapters/lattice.adapter.ts +0 -339
package/src/mcp/adapters/launchdarkly.adapter.ts +0 -368
package/src/mcp/adapters/lever.adapter.ts +0 -347
package/src/mcp/adapters/linear.adapter.ts +0 -300
package/src/mcp/adapters/linkedin.adapter.ts +0 -331
package/src/mcp/adapters/livechat.adapter.ts +0 -259
package/src/mcp/adapters/loom.adapter.ts +0 -230
package/src/mcp/adapters/mailchimp.adapter.ts +0 -394
package/src/mcp/adapters/mailgun.adapter.ts +0 -425
package/src/mcp/adapters/miro.adapter.ts +0 -274
package/src/mcp/adapters/mixpanel.adapter.ts +0 -324
package/src/mcp/adapters/monday.adapter.ts +0 -308
package/src/mcp/adapters/mongodb-atlas.adapter.ts +0 -345
package/src/mcp/adapters/neon.adapter.ts +0 -312
package/src/mcp/adapters/netlify.adapter.ts +0 -324
package/src/mcp/adapters/netsuite.adapter.ts +0 -411
package/src/mcp/adapters/newrelic.adapter.ts +0 -339
package/src/mcp/adapters/notion.adapter.ts +0 -338
package/src/mcp/adapters/okta.adapter.ts +0 -394
package/src/mcp/adapters/openai.adapter.ts +0 -315
package/src/mcp/adapters/opsgenie.adapter.ts +0 -375
package/src/mcp/adapters/outreach.adapter.ts +0 -372
package/src/mcp/adapters/paddle.adapter.ts +0 -467
package/src/mcp/adapters/pagerduty.adapter.ts +0 -412
package/src/mcp/adapters/pandadoc.adapter.ts +0 -389
package/src/mcp/adapters/paypal.adapter.ts +0 -465
package/src/mcp/adapters/personio.adapter.ts +0 -401
package/src/mcp/adapters/pinecone.adapter.ts +0 -340
package/src/mcp/adapters/pipedrive.adapter.ts +0 -324
package/src/mcp/adapters/plaid.adapter.ts +0 -444
package/src/mcp/adapters/postmark.adapter.ts +0 -387
package/src/mcp/adapters/power-automate.adapter.ts +0 -388
package/src/mcp/adapters/quickbooks.adapter.ts +0 -431
package/src/mcp/adapters/recurly.adapter.ts +0 -433
package/src/mcp/adapters/reddit.adapter.ts +0 -371
package/src/mcp/adapters/render.adapter.ts +0 -332
package/src/mcp/adapters/ringcentral.adapter.ts +0 -281
package/src/mcp/adapters/rippling.adapter.ts +0 -287
package/src/mcp/adapters/salesforce.adapter.ts +0 -321
package/src/mcp/adapters/salesloft.adapter.ts +0 -413
package/src/mcp/adapters/sanity.adapter.ts +0 -363
package/src/mcp/adapters/sap.adapter.ts +0 -483
package/src/mcp/adapters/segment.adapter.ts +0 -260
package/src/mcp/adapters/sendgrid.adapter.ts +0 -265
package/src/mcp/adapters/sentry.adapter.ts +0 -331
package/src/mcp/adapters/servicenow.adapter.ts +0 -468
package/src/mcp/adapters/shopify.adapter.ts +0 -451
package/src/mcp/adapters/shortcut.adapter.ts +0 -290
package/src/mcp/adapters/slack.adapter.ts +0 -380
package/src/mcp/adapters/smartsheet.adapter.ts +0 -326
package/src/mcp/adapters/snowflake.adapter.ts +0 -347
package/src/mcp/adapters/snyk.adapter.ts +0 -394
package/src/mcp/adapters/splunk.adapter.ts +0 -403
package/src/mcp/adapters/square.adapter.ts +0 -467
package/src/mcp/adapters/statuspage.adapter.ts +0 -401
package/src/mcp/adapters/stripe.adapter.ts +0 -380
package/src/mcp/adapters/supabase.adapter.ts +0 -334
package/src/mcp/adapters/teamwork.adapter.ts +0 -404
package/src/mcp/adapters/telegram.adapter.ts +0 -299
package/src/mcp/adapters/terraform.adapter.ts +0 -300
package/src/mcp/adapters/todoist.adapter.ts +0 -239
package/src/mcp/adapters/trello.adapter.ts +0 -316
package/src/mcp/adapters/twilio.adapter.ts +0 -233
package/src/mcp/adapters/twitter.adapter.ts +0 -348
package/src/mcp/adapters/vercel.adapter.ts +0 -219
package/src/mcp/adapters/weaviate.adapter.ts +0 -371
package/src/mcp/adapters/webex.adapter.ts +0 -237
package/src/mcp/adapters/webflow.adapter.ts +0 -287
package/src/mcp/adapters/whatsapp.adapter.ts +0 -273
package/src/mcp/adapters/whereby.adapter.ts +0 -240
package/src/mcp/adapters/woocommerce.adapter.ts +0 -454
package/src/mcp/adapters/wordpress.adapter.ts +0 -455
package/src/mcp/adapters/workday.adapter.ts +0 -354
package/src/mcp/adapters/wrike.adapter.ts +0 -349
package/src/mcp/adapters/xero.adapter.ts +0 -472
package/src/mcp/adapters/youtube.adapter.ts +0 -401
package/src/mcp/adapters/zendesk.adapter.ts +0 -399
package/src/mcp/adapters/zoho-crm.adapter.ts +0 -410
package/src/mcp/adapters/zoom.adapter.ts +0 -241
package/src/mcp/adapters/zuora.adapter.ts +0 -476
package/src/mcp/framework/api-executor.ts +0 -192
package/src/mcp/framework/aws-sigv4.ts +0 -216
package/src/mcp/framework/credential-resolver.ts +0 -128
package/src/mcp/framework/oauth-token-manager.ts +0 -22
package/src/mcp/framework/skill-mcp-framework.ts +0 -226
package/src/mcp/framework/types.ts +0 -130
package/src/mcp/index.ts +0 -124
package/src/mcp/integration-catalog.ts +0 -178
package/src/middleware/dns-rebinding.ts +0 -44
package/src/middleware/egress-filter.ts +0 -104
package/src/middleware/firewall.ts +0 -192
package/src/middleware/geo-ip.ts +0 -156
package/src/middleware/index.ts +0 -390
package/src/middleware/network-config.ts +0 -90
package/src/middleware/proxy-config.ts +0 -71
package/src/middleware/request-limits.ts +0 -59
package/src/middleware/transport-encryption.ts +0 -398
package/src/registry/cli.ts +0 -63
package/src/registry/server.ts +0 -504
package/src/runtime/agent-loop.ts +0 -779
package/src/runtime/compaction.ts +0 -638
package/src/runtime/email-channel.ts +0 -120
package/src/runtime/environment.ts +0 -300
package/src/runtime/followup.ts +0 -211
package/src/runtime/gateway.ts +0 -260
package/src/runtime/hooks.ts +0 -564
package/src/runtime/index.ts +0 -1110
package/src/runtime/llm-client.ts +0 -1056
package/src/runtime/model-router.ts +0 -97
package/src/runtime/providers.ts +0 -228
package/src/runtime/session-manager.ts +0 -345
package/src/runtime/subagent.ts +0 -153
package/src/runtime/tool-executor.ts +0 -208
package/src/runtime/types.ts +0 -255
package/src/security/brute-force.ts +0 -423
package/src/security/config.ts +0 -159
package/src/security/csp.ts +0 -407
package/src/security/external-content.ts +0 -299
package/src/security/index.ts +0 -557
package/src/security/input-sanitizer.ts +0 -452
package/src/security/output-filter.ts +0 -575
package/src/security/port-scanner.ts +0 -342
package/src/security/prompt-guard.ts +0 -387
package/src/security/sql-guard.ts +0 -338
package/src/security/threat-logger.ts +0 -484
package/src/server.ts +0 -828
package/src/setup/company.ts +0 -183
package/src/setup/database.ts +0 -153
package/src/setup/deployment.ts +0 -561
package/src/setup/domain.ts +0 -112
package/src/setup/index.ts +0 -171
package/src/setup/provision.ts +0 -532
package/src/setup/registration.ts +0 -302
package/src/system-prompts/catchup.ts +0 -48
package/src/system-prompts/google/calendar.ts +0 -37
package/src/system-prompts/google/chat.ts +0 -92
package/src/system-prompts/google/contacts.ts +0 -25
package/src/system-prompts/google/docs.ts +0 -29
package/src/system-prompts/google/drive.ts +0 -34
package/src/system-prompts/google/forms.ts +0 -25
package/src/system-prompts/google/gmail.ts +0 -50
package/src/system-prompts/google/index.ts +0 -23
package/src/system-prompts/google/maps.ts +0 -20
package/src/system-prompts/google/meet.ts +0 -130
package/src/system-prompts/google/sheets.ts +0 -32
package/src/system-prompts/google/slides.ts +0 -26
package/src/system-prompts/google/tasks.ts +0 -27
package/src/system-prompts/index.ts +0 -88
package/src/system-prompts/microsoft/contacts.ts +0 -34
package/src/system-prompts/microsoft/excel.ts +0 -52
package/src/system-prompts/microsoft/index.ts +0 -31
package/src/system-prompts/microsoft/onedrive.ts +0 -41
package/src/system-prompts/microsoft/onenote.ts +0 -36
package/src/system-prompts/microsoft/outlook-calendar.ts +0 -37
package/src/system-prompts/microsoft/outlook-mail.ts +0 -46
package/src/system-prompts/microsoft/planner.ts +0 -37
package/src/system-prompts/microsoft/powerbi.ts +0 -38
package/src/system-prompts/microsoft/powerpoint.ts +0 -35
package/src/system-prompts/microsoft/sharepoint.ts +0 -44
package/src/system-prompts/microsoft/teams.ts +0 -49
package/src/system-prompts/microsoft/todo.ts +0 -37
package/src/system-prompts/shared-blocks.ts +0 -87
package/src/system-prompts/task.ts +0 -21
package/src/system-prompts/triage.ts +0 -34
package/src/types/hono-env.ts +0 -18
package/src/types/optional-deps.d.ts +0 -10

package/src/database-access/connection-manager.ts DELETED Viewed

@@ -1,1341 +0,0 @@
-/**
- * Database Connection Manager
- *
- * Manages connection pools for all supported database types.
- * Handles: connection lifecycle, pooling, health checks, SSH tunnels.
- *
- * All credentials are loaded from the SecureVault — never stored in memory
- * longer than needed for connection establishment.
- */
-import type {
-  DatabaseType,
-  DatabaseConnectionConfig,
-  AgentDatabaseAccess,
-  DatabaseQuery,
-  QueryResult,
-  ConnectionPoolStats,
-  DatabasePermission,
-} from './types.js';
-import { sanitizeQuery, sanitizeForLogging, type SanitizeResult } from './query-sanitizer.js';
-import crypto from 'crypto';
-// ─── Driver Interfaces ───────────────────────────────────────────────────────
-interface DatabaseDriver {
-  connect(config: DatabaseConnectionConfig, credentials: ConnectionCredentials): Promise<DatabaseConnection>;
-}
-interface DatabaseConnection {
-  query(sql: string, params?: any[]): Promise<{ rows: any[]; fields?: { name: string; type: string }[]; affectedRows?: number }>;
-  close(): Promise<void>;
-  ping(): Promise<boolean>;
-}
-interface ConnectionCredentials {
-  password?: string;
-  connectionString?: string;
-  sshPrivateKey?: string;
-}
-// ─── Connection Pool Entry ───────────────────────────────────────────────────
-interface PoolEntry {
-  connection: DatabaseConnection;
-  connectionId: string;
-  createdAt: number;
-  lastUsedAt: number;
-  inUse: boolean;
-  queryCount: number;
-}
-// ─── Rate Limiter ────────────────────────────────────────────────────────────
-class RateLimiter {
-  private windows = new Map<string, { count: number; resetAt: number }>();
-  check(key: string, maxPerMinute: number): boolean {
-    const now = Date.now();
-    const window = this.windows.get(key);
-    if (!window || window.resetAt <= now) {
-      this.windows.set(key, { count: 1, resetAt: now + 60_000 });
-      return true;
-    }
-    if (window.count >= maxPerMinute) return false;
-    window.count++;
-    return true;
-  }
-}
-// ─── Audit Logger ────────────────────────────────────────────────────────────
-interface AuditLogDeps {
-  engineDb?: { execute(sql: string, params?: any[]): Promise<any> };
-}
-// ─── Connection Manager ──────────────────────────────────────────────────────
-export class DatabaseConnectionManager {
-  private pools = new Map<string, PoolEntry[]>();
-  private configs = new Map<string, DatabaseConnectionConfig>();
-  private agentAccess = new Map<string, AgentDatabaseAccess[]>(); // agentId → accesses
-  private drivers = new Map<DatabaseType, DatabaseDriver>();
-  private rateLimiter = new RateLimiter();
-  private stats = new Map<string, { queries: number; errors: number; totalTimeMs: number; lastActivity: number }>();
-  private engineDb?: { run?(sql: string, params?: any[]): Promise<any>; execute?(sql: string, params?: any[]): Promise<any>; all?(sql: string, params?: any[]): Promise<any[]>; get?(sql: string, params?: any[]): Promise<any> };
-  private vault?: {
-    storeSecret(orgId: string, name: string, category: string, plaintext: string, metadata?: Record<string, any>): Promise<any>;
-    getSecret(id: string): Promise<{ entry: any; decrypted: string } | null>;
-    getSecretByName(orgId: string, name: string, category?: string): Promise<{ plaintext: string } | null>;
-    deleteSecret(id: string): Promise<void>;
-    findByName(name: string): any;
-  };
-  constructor(deps?: { engineDb?: any; vault?: any }) {
-    this.engineDb = deps?.engineDb;
-    this.vault = deps?.vault;
-    this.registerBuiltinDrivers();
-  }
-  // ─── Initialization ──────────────────────────────────────────────────────
-  async setDb(db: any): Promise<void> {
-    this.engineDb = db;
-    await this.init();
-  }
-  /** Normalize DB execute — adapters may have run() or execute() */
-  private async dbRun(sql: string, params?: any[]): Promise<any> {
-    if (!this.engineDb) throw new Error('No database');
-    const fn = this.engineDb.run || this.engineDb.execute;
-    if (!fn) throw new Error('DB adapter has no run/execute method');
-    return fn.call(this.engineDb, sql, params);
-  }
-  private async dbAll(sql: string, params?: any[]): Promise<any[]> {
-    if (!this.engineDb) return [];
-    if (this.engineDb.all) return this.engineDb.all(sql, params) as Promise<any[]>;
-    if ((this.engineDb as any).query) {
-      const result = await (this.engineDb as any).query(sql, params);
-      return Array.isArray(result) ? result : (result?.rows || []);
-    }
-    // Fallback: execute returns rows for some adapters
-    const result = await this.dbRun(sql, params);
-    return Array.isArray(result) ? result : (result?.rows || []);
-  }
-  private async _dbGet(sql: string, params?: any[]): Promise<any> {
-    if (!this.engineDb) return null;
-    if (this.engineDb.get) return this.engineDb.get(sql, params);
-    const rows = await this.dbAll(sql, params);
-    return rows?.[0] || null;
-  }
-  async init(): Promise<void> {
-    try {
-      await this.ensureTable();
-      await this.loadConnections();
-      await this.loadAgentAccess();
-      console.log(`[db-access] Initialized: ${this.configs.size} connections, ${this.agentAccess.size} agent mappings`);
-    } catch (err: any) {
-      console.error(`[db-access] Init failed: ${err.message}`);
-    }
-  }
-  private async ensureTable(): Promise<void> {
-    if (!this.engineDb) return;
-    // Detect dialect: try Postgres-style NOW() first, fall back to SQLite datetime('now')
-    let isPostgres = false;
-    try {
-      await this.dbRun(`SELECT NOW()`);
-      isPostgres = true;
-    } catch {
-      isPostgres = false;
-    }
-    const now = isPostgres ? 'NOW()' : "(datetime('now'))";
-    const jsonType = isPostgres ? 'JSONB' : 'TEXT';
-    const boolType = isPostgres ? 'BOOLEAN' : 'INTEGER';
-    const boolFalse = isPostgres ? 'FALSE' : '0';
-    const boolTrue = isPostgres ? 'TRUE' : '1';
-    try {
-      await this.dbRun(`
-        CREATE TABLE IF NOT EXISTS database_connections (
-          id TEXT PRIMARY KEY,
-          org_id TEXT NOT NULL,
-          name TEXT NOT NULL,
-          type TEXT NOT NULL,
-          config ${jsonType} NOT NULL DEFAULT '{}',
-          status TEXT NOT NULL DEFAULT 'inactive',
-          last_tested_at TEXT,
-          last_error TEXT,
-          created_at TEXT NOT NULL DEFAULT ${now},
-          updated_at TEXT NOT NULL DEFAULT ${now}
-        )
-      `);
-      await this.dbRun(`
-        CREATE TABLE IF NOT EXISTS agent_database_access (
-          id TEXT PRIMARY KEY,
-          org_id TEXT NOT NULL,
-          agent_id TEXT NOT NULL,
-          connection_id TEXT NOT NULL REFERENCES database_connections(id) ON DELETE CASCADE,
-          permissions TEXT NOT NULL DEFAULT '["read"]',
-          query_limits ${jsonType},
-          schema_access ${jsonType},
-          log_all_queries ${boolType} NOT NULL DEFAULT ${boolFalse},
-          require_approval ${boolType} NOT NULL DEFAULT ${boolFalse},
-          enabled ${boolType} NOT NULL DEFAULT ${boolTrue},
-          created_at TEXT NOT NULL DEFAULT ${now},
-          updated_at TEXT NOT NULL DEFAULT ${now},
-          UNIQUE(agent_id, connection_id)
-        )
-      `);
-      await this.dbRun(`
-        CREATE TABLE IF NOT EXISTS database_audit_log (
-          id TEXT PRIMARY KEY,
-          org_id TEXT NOT NULL,
-          agent_id TEXT NOT NULL,
-          agent_name TEXT,
-          connection_id TEXT NOT NULL,
-          connection_name TEXT,
-          operation TEXT NOT NULL,
-          query TEXT NOT NULL,
-          param_count INTEGER NOT NULL DEFAULT 0,
-          rows_affected INTEGER NOT NULL DEFAULT 0,
-          execution_time_ms INTEGER NOT NULL DEFAULT 0,
-          success ${boolType} NOT NULL DEFAULT ${boolTrue},
-          error TEXT,
-          timestamp TEXT NOT NULL DEFAULT ${now}
-        )
-      `);
-      // Index for audit log queries
-      await this.dbRun(`CREATE INDEX IF NOT EXISTS idx_db_audit_agent ON database_audit_log(agent_id, timestamp)`).catch(() => {});
-      await this.dbRun(`CREATE INDEX IF NOT EXISTS idx_db_audit_conn ON database_audit_log(connection_id, timestamp)`).catch(() => {});
-    } catch (err: any) {
-      console.error(`[db-access] Table creation failed:`, err.message);
-    }
-  }
-  private async loadConnections(): Promise<void> {
-    if (!this.engineDb) { console.warn('[db-access] No engineDb, skipping loadConnections'); return; }
-    try {
-      const rows = await this.dbAll('SELECT * FROM database_connections');
-      // Loaded connections from DB
-      for (const row of (rows || [])) {
-        const config = this.rowToConfig(row);
-        this.configs.set(config.id, config);
-      }
-    } catch (err: any) {
-      console.warn(`[db-access] Failed to load connections: ${err.message}`);
-    }
-  }
-  private async loadAgentAccess(): Promise<void> {
-    if (!this.engineDb) return;
-    try {
-      const rows = await this.dbAll('SELECT * FROM agent_database_access WHERE enabled IS NOT FALSE');
-      for (const row of (rows || [])) {
-        const access = this.rowToAccess(row);
-        const list = this.agentAccess.get(access.agentId) || [];
-        list.push(access);
-        this.agentAccess.set(access.agentId, list);
-      }
-    } catch (err: any) {
-      console.warn(`[db-access] Failed to load agent access: ${err.message}`);
-    }
-  }
-  // ─── CRUD: Connections ─────────────────────────────────────────────────────
-  async createConnection(config: Omit<DatabaseConnectionConfig, 'id' | 'createdAt' | 'updatedAt'>, credentials?: { password?: string; connectionString?: string }): Promise<DatabaseConnectionConfig> {
-    const id = crypto.randomUUID();
-    const now = new Date().toISOString();
-    const full: DatabaseConnectionConfig = { ...config, id, createdAt: now, updatedAt: now };
-    // Store credentials in vault
-    if (credentials?.password && this.vault) {
-      await this.vault.storeSecret(config.orgId, `db:${id}:password`, 'database_credential', credentials.password);
-    }
-    if (credentials?.connectionString && this.vault) {
-      await this.vault.storeSecret(config.orgId, `db:${id}:connection_string`, 'database_credential', credentials.connectionString);
-    }
-    // Store config (without credentials) in DB
-    if (this.engineDb) {
-      await this.dbRun(
-        `INSERT INTO database_connections (id, org_id, name, type, config, status, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
-        [id, full.orgId, full.name, full.type, JSON.stringify(this.configToStorable(full)), full.status, now, now]
-      );
-    }
-    this.configs.set(id, full);
-    console.log(`[db-access] Connection created: ${full.name} (${full.type})`);
-    return full;
-  }
-  async updateConnection(id: string, updates: Partial<DatabaseConnectionConfig>, credentials?: { password?: string; connectionString?: string }): Promise<DatabaseConnectionConfig | null> {
-    const existing = this.configs.get(id);
-    if (!existing) return null;
-    const updated = { ...existing, ...updates, id, updatedAt: new Date().toISOString() };
-    if (this.vault) {
-      if (credentials?.password) {
-        const old = this.vault.findByName(`db:${id}:password`);
-        if (old) try { await this.vault.deleteSecret(old.id); } catch {}
-        await this.vault.storeSecret(existing.orgId, `db:${id}:password`, 'database_credential', credentials.password);
-      }
-      if (credentials?.connectionString) {
-        const old = this.vault.findByName(`db:${id}:connection_string`);
-        if (old) try { await this.vault.deleteSecret(old.id); } catch {}
-        await this.vault.storeSecret(existing.orgId, `db:${id}:connection_string`, 'database_credential', credentials.connectionString);
-      }
-    }
-    if (this.engineDb) {
-      await this.dbRun(
-        `UPDATE database_connections SET name = ?, type = ?, config = ?, status = ?, updated_at = ? WHERE id = ?`,
-        [updated.name, updated.type, JSON.stringify(this.configToStorable(updated)), updated.status, updated.updatedAt, id]
-      );
-    }
-    this.configs.set(id, updated);
-    // Close existing pool connections on config change
-    await this.closePool(id);
-    return updated;
-  }
-  async deleteConnection(id: string): Promise<boolean> {
-    const config = this.configs.get(id);
-    if (!config) return false;
-    await this.closePool(id);
-    // Remove vault secrets
-    if (this.vault) {
-      try {
-        for (const suffix of ['password', 'connection_string', 'ssh_key']) {
-          const entry = this.vault.findByName(`db:${id}:${suffix}`);
-          if (entry) await this.vault.deleteSecret(entry.id);
-        }
-      } catch { /* non-fatal */ }
-    }
-    if (this.engineDb) {
-      await this.dbRun('DELETE FROM agent_database_access WHERE connection_id = ?', [id]);
-      await this.dbRun('DELETE FROM database_connections WHERE id = ?', [id]);
-    }
-    this.configs.delete(id);
-    // Remove from all agent access lists
-    for (const [agentId, list] of this.agentAccess) {
-      const filtered = list.filter(a => a.connectionId !== id);
-      if (filtered.length === 0) this.agentAccess.delete(agentId);
-      else this.agentAccess.set(agentId, filtered);
-    }
-    console.log(`[db-access] Connection deleted: ${config.name}`);
-    return true;
-  }
-  getConnection(id: string): DatabaseConnectionConfig | undefined {
-    return this.configs.get(id);
-  }
-  /** Get a human-readable summary of an agent's database connections for system prompts */
-  getAgentConnectionSummary(agentId: string): string[] {
-    const accesses = this.getAgentAccess(agentId).filter(a => a.enabled);
-    return accesses.map(a => {
-      const config = this.configs.get(a.connectionId);
-      if (!config) return '';
-      const perms = a.permissions?.join(', ') || 'read';
-      return `"${config.name}" (${config.type}) — permissions: ${perms}`;
-    }).filter(Boolean);
-  }
-  listConnections(orgId: string): DatabaseConnectionConfig[] {
-    return [...this.configs.values()].filter(c => c.orgId === orgId);
-  }
-  // ─── CRUD: Agent Access ────────────────────────────────────────────────────
-  async grantAccess(access: Omit<AgentDatabaseAccess, 'id' | 'createdAt' | 'updatedAt'>): Promise<AgentDatabaseAccess> {
-    const id = crypto.randomUUID();
-    const now = new Date().toISOString();
-    const full: AgentDatabaseAccess = { ...access, id, createdAt: now, updatedAt: now };
-    if (this.engineDb) {
-      await this.dbRun(
-        `INSERT INTO agent_database_access (id, org_id, agent_id, connection_id, permissions, query_limits, schema_access, log_all_queries, require_approval, enabled, created_at, updated_at)
-         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
-        [
-          id, full.orgId, full.agentId, full.connectionId,
-          JSON.stringify(full.permissions), JSON.stringify(full.queryLimits || null),
-          JSON.stringify(full.schemaAccess || null), full.logAllQueries,
-          full.requireApproval, full.enabled, now, now,
-        ]
-      );
-    }
-    const list = this.agentAccess.get(full.agentId) || [];
-    list.push(full);
-    this.agentAccess.set(full.agentId, list);
-    return full;
-  }
-  async revokeAccess(agentId: string, connectionId: string): Promise<boolean> {
-    if (this.engineDb) {
-      await this.dbRun(
-        'DELETE FROM agent_database_access WHERE agent_id = ? AND connection_id = ?',
-        [agentId, connectionId]
-      );
-    }
-    const list = this.agentAccess.get(agentId) || [];
-    const filtered = list.filter(a => a.connectionId !== connectionId);
-    if (filtered.length === 0) this.agentAccess.delete(agentId);
-    else this.agentAccess.set(agentId, filtered);
-    return true;
-  }
-  async updateAccess(agentId: string, connectionId: string, updates: Partial<AgentDatabaseAccess>): Promise<AgentDatabaseAccess | null> {
-    const list = this.agentAccess.get(agentId) || [];
-    const idx = list.findIndex(a => a.connectionId === connectionId);
-    if (idx === -1) return null;
-    const updated = { ...list[idx], ...updates, updatedAt: new Date().toISOString() };
-    list[idx] = updated;
-    this.agentAccess.set(agentId, list);
-    if (this.engineDb) {
-      await this.dbRun(
-        `UPDATE agent_database_access SET permissions = ?, query_limits = ?, schema_access = ?, log_all_queries = ?, require_approval = ?, enabled = ?, updated_at = ? WHERE agent_id = ? AND connection_id = ?`,
-        [
-          JSON.stringify(updated.permissions), JSON.stringify(updated.queryLimits || null),
-          JSON.stringify(updated.schemaAccess || null), updated.logAllQueries,
-          updated.requireApproval, updated.enabled, updated.updatedAt,
-          agentId, connectionId,
-        ]
-      );
-    }
-    return updated;
-  }
-  getAgentAccess(agentId: string): AgentDatabaseAccess[] {
-    return this.agentAccess.get(agentId) || [];
-  }
-  getConnectionAgents(connectionId: string): AgentDatabaseAccess[] {
-    const result: AgentDatabaseAccess[] = [];
-    for (const list of this.agentAccess.values()) {
-      for (const a of list) {
-        if (a.connectionId === connectionId) result.push(a);
-      }
-    }
-    return result;
-  }
-  // ─── Query Execution ──────────────────────────────────────────────────────
-  async executeQuery(query: DatabaseQuery): Promise<QueryResult> {
-    const startMs = Date.now();
-    const queryId = crypto.randomUUID();
-    // 1. Validate agent has access to this connection
-    const access = this.getAgentAccess(query.agentId).find(a => a.connectionId === query.connectionId && a.enabled);
-    if (!access) {
-      return { success: false, error: 'Agent does not have access to this database', executionTimeMs: 0, queryId };
-    }
-    const config = this.configs.get(query.connectionId);
-    if (!config || config.status !== 'active') {
-      return { success: false, error: 'Database connection is not active', executionTimeMs: 0, queryId };
-    }
-    // 2. Rate limit check
-    const rateLimit = access.queryLimits?.maxQueriesPerMinute ?? 60;
-    const rateKey = `${query.agentId}:${query.connectionId}`;
-    if (!this.rateLimiter.check(rateKey, rateLimit)) {
-      return { success: false, error: `Rate limit exceeded (${rateLimit}/min)`, executionTimeMs: 0, queryId };
-    }
-    // 3. Sanitize SQL query
-    if (!query.sql) {
-      return { success: false, error: 'No SQL query provided', executionTimeMs: 0, queryId };
-    }
-    const sanitizeResult = sanitizeQuery(query.sql, access.permissions, config, access);
-    if (!sanitizeResult.allowed) {
-      await this.logAudit(query, config, access, 'read', 0, false, sanitizeResult.reason || 'Query blocked', startMs, queryId);
-      return { success: false, error: sanitizeResult.reason, executionTimeMs: Date.now() - startMs, queryId };
-    }
-    const finalSql = sanitizeResult.sanitizedQuery || query.sql;
-    // 4. Check concurrent query limit
-    const _maxConcurrent = access.queryLimits?.maxConcurrentQueries ?? config.queryLimits?.maxConcurrentQueries ?? 5;
-    // (In production, track active queries per connection — simplified here)
-    // 5. Execute with timeout
-    const timeout = access.queryLimits?.queryTimeoutMs ?? config.queryLimits?.queryTimeoutMs ?? 30_000;
-    try {
-      const conn = await this.getPooledConnection(query.connectionId);
-      const result = await Promise.race([
-        conn.query(finalSql, query.params),
-        new Promise<never>((_, reject) => setTimeout(() => reject(new Error('Query timeout')), timeout)),
-      ]);
-      const execMs = Date.now() - startMs;
-      const rows = result.rows || [];
-      const affectedRows = result.affectedRows ?? rows.length;
-      // Check row limits
-      const maxRows = sanitizeResult.operation === 'read'
-        ? (access.queryLimits?.maxRowsRead ?? config.queryLimits?.maxRowsRead ?? 10000)
-        : sanitizeResult.operation === 'write'
-          ? (access.queryLimits?.maxRowsWrite ?? config.queryLimits?.maxRowsWrite ?? 1000)
-          : (access.queryLimits?.maxRowsDelete ?? config.queryLimits?.maxRowsDelete ?? 100);
-      const truncated = rows.length > maxRows;
-      const limitedRows = truncated ? rows.slice(0, maxRows) : rows;
-      // Update stats
-      this.updateStats(query.connectionId, execMs, false);
-      // Audit log
-      const shouldLog = access.logAllQueries || sanitizeResult.operation !== 'read';
-      if (shouldLog) {
-        await this.logAudit(query, config, access, sanitizeResult.operation, affectedRows, true, undefined, startMs, queryId);
-      }
-      return {
-        success: true,
-        rows: limitedRows,
-        rowCount: limitedRows.length,
-        affectedRows,
-        fields: result.fields,
-        executionTimeMs: execMs,
-        truncated,
-        queryId,
-      };
-    } catch (err: any) {
-      const execMs = Date.now() - startMs;
-      this.updateStats(query.connectionId, execMs, true);
-      await this.logAudit(query, config, access, sanitizeResult.operation, 0, false, err.message, startMs, queryId);
-      return { success: false, error: err.message, executionTimeMs: execMs, queryId };
-    }
-  }
-  // ─── Connection Testing ────────────────────────────────────────────────────
-  async testConnection(connectionId: string): Promise<{ success: boolean; latencyMs: number; error?: string; version?: string }> {
-    const config = this.configs.get(connectionId);
-    if (!config) return { success: false, latencyMs: 0, error: 'Connection not found' };
-    const startMs = Date.now();
-    try {
-      const conn = await this.getPooledConnection(connectionId);
-      const alive = await conn.ping();
-      const latencyMs = Date.now() - startMs;
-      // Update status
-      await this.updateConnection(connectionId, {
-        status: alive ? 'active' : 'error',
-        lastTestedAt: new Date().toISOString(),
-        lastError: alive ? undefined : 'Ping failed',
-      });
-      return { success: alive, latencyMs, error: alive ? undefined : 'Ping failed — connection may have been closed or timed out. Try reconnecting.' };
-    } catch (err: any) {
-      // On connection failure, close stale pool and retry once with fresh connection
-      try {
-        await this.closePool(connectionId);
-        const conn = await this.getPooledConnection(connectionId);
-        const alive = await conn.ping();
-        const latencyMs = Date.now() - startMs;
-        await this.updateConnection(connectionId, { status: alive ? 'active' : 'error', lastTestedAt: new Date().toISOString(), lastError: alive ? undefined : 'Ping failed on retry' });
-        return { success: alive, latencyMs, error: alive ? undefined : 'Ping failed on retry' };
-      } catch (retryErr: any) {
-        // Both attempts failed
-      }
-      const msg = (err instanceof AggregateError ? (err.errors?.map?.((x: any) => x.message).join('; ') || 'Multiple connection failures') : (err.message || String(err))) || 'Unknown connection error';
-      await this.updateConnection(connectionId, {
-        status: 'error',
-        lastTestedAt: new Date().toISOString(),
-        lastError: msg,
-      });
-      return { success: false, latencyMs: Date.now() - startMs, error: msg };
-    }
-  }
-  /**
-   * Test connection parameters without saving — creates a temporary connection,
-   * pings it, and immediately destroys it.
-   */
-  async testConnectionParams(params: {
-    type: string; host?: string; port?: number; database?: string;
-    username?: string; password?: string; connectionString?: string; ssl?: boolean;
-  }): Promise<{ success: boolean; latencyMs: number; error?: string }> {
-    const startMs = Date.now();
-    const driver = this.drivers.get(params.type as any);
-    if (!driver) return { success: false, latencyMs: 0, error: `No driver for database type: ${params.type}` };
-    let connection: any;
-    try {
-      connection = await driver.connect(
-        { type: params.type as any, host: params.host, port: params.port, database: params.database, ssl: params.ssl } as any,
-        { password: params.password, connectionString: params.connectionString },
-      );
-      const alive = await connection.ping();
-      const latencyMs = Date.now() - startMs;
-      return { success: alive, latencyMs, error: alive ? undefined : 'Ping failed — database responded but health check did not pass' };
-    } catch (err: any) {
-      return { success: false, latencyMs: Date.now() - startMs, error: err.message || String(err) || 'Connection failed' };
-    } finally {
-      try { if (connection?.close) await connection.close(); } catch {}
-    }
-  }
-  // ─── Pool Management ───────────────────────────────────────────────────────
-  private async getPooledConnection(connectionId: string): Promise<DatabaseConnection> {
-    const pool = this.pools.get(connectionId) || [];
-    // Find idle connection
-    const idle = pool.find(p => !p.inUse);
-    if (idle) {
-      idle.inUse = true;
-      idle.lastUsedAt = Date.now();
-      return this.wrapPooledConnection(idle);
-    }
-    // Create new connection
-    const config = this.configs.get(connectionId);
-    if (!config) throw new Error('Connection not found');
-    const maxPool = config.pool?.max ?? 10;
-    if (pool.length >= maxPool) throw new Error('Connection pool exhausted');
-    const driver = this.drivers.get(config.type);
-    if (!driver) throw new Error(`No driver for database type: ${config.type}`);
-    // Load credentials from vault
-    const credentials = await this.loadCredentials(config);
-    const connection = await driver.connect(config, credentials);
-    const entry: PoolEntry = {
-      connection,
-      connectionId,
-      createdAt: Date.now(),
-      lastUsedAt: Date.now(),
-      inUse: true,
-      queryCount: 0,
-    };
-    pool.push(entry);
-    this.pools.set(connectionId, pool);
-    return this.wrapPooledConnection(entry);
-  }
-  private wrapPooledConnection(entry: PoolEntry): DatabaseConnection {
-    return {
-      query: async (sql, params) => {
-        entry.queryCount++;
-        return entry.connection.query(sql, params);
-      },
-      close: async () => { entry.inUse = false; }, // Return to pool, don't actually close
-      ping: () => entry.connection.ping(),
-    };
-  }
-  private async closePool(connectionId: string): Promise<void> {
-    const pool = this.pools.get(connectionId) || [];
-    for (const entry of pool) {
-      try { await entry.connection.close(); } catch { /* ignore */ }
-    }
-    this.pools.delete(connectionId);
-  }
-  private async loadCredentials(config: DatabaseConnectionConfig): Promise<ConnectionCredentials> {
-    const creds: ConnectionCredentials = {};
-    if (this.vault) {
-      try {
-        const pw = await this.vault.getSecretByName(config.orgId, `db:${config.id}:password`, 'database_credential');
-        if (pw) creds.password = pw.plaintext;
-      } catch { /* no password stored */ }
-      try {
-        const cs = await this.vault.getSecretByName(config.orgId, `db:${config.id}:connection_string`, 'database_credential');
-        if (cs) creds.connectionString = cs.plaintext;
-      } catch { /* no connection string stored */ }
-      if (config.sshTunnel?.enabled) {
-        try {
-          const ssh = await this.vault.getSecretByName(config.orgId, `db:${config.id}:ssh_key`, 'database_credential');
-          if (ssh) creds.sshPrivateKey = ssh.plaintext;
-        } catch { /* no SSH key stored */ }
-      }
-    }
-    return creds;
-  }
-  // ─── Stats ─────────────────────────────────────────────────────────────────
-  getPoolStats(connectionId: string): ConnectionPoolStats {
-    const pool = this.pools.get(connectionId) || [];
-    const s = this.stats.get(connectionId) || { queries: 0, errors: 0, totalTimeMs: 0, lastActivity: 0 };
-    return {
-      connectionId,
-      totalConnections: pool.length,
-      activeConnections: pool.filter(p => p.inUse).length,
-      idleConnections: pool.filter(p => !p.inUse).length,
-      waitingRequests: 0,
-      queriesExecuted: s.queries,
-      averageQueryTimeMs: s.queries > 0 ? Math.round(s.totalTimeMs / s.queries) : 0,
-      errorCount: s.errors,
-      lastActivityAt: s.lastActivity ? new Date(s.lastActivity).toISOString() : '',
-    };
-  }
-  private updateStats(connectionId: string, timeMs: number, isError: boolean): void {
-    const s = this.stats.get(connectionId) || { queries: 0, errors: 0, totalTimeMs: 0, lastActivity: 0 };
-    s.queries++;
-    s.totalTimeMs += timeMs;
-    if (isError) s.errors++;
-    s.lastActivity = Date.now();
-    this.stats.set(connectionId, s);
-  }
-  // ─── Audit Logging ─────────────────────────────────────────────────────────
-  private async logAudit(
-    query: DatabaseQuery,
-    config: DatabaseConnectionConfig,
-    _access: AgentDatabaseAccess,
-    operation: string,
-    rowsAffected: number,
-    success: boolean,
-    error: string | undefined,
-    startMs: number,
-    queryId: string,
-  ): Promise<void> {
-    if (!this.engineDb) return;
-    try {
-      await this.dbRun(
-        `INSERT INTO database_audit_log (id, org_id, agent_id, connection_id, connection_name, operation, query, param_count, rows_affected, execution_time_ms, success, error, timestamp)
-         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
-        [
-          queryId, config.orgId, query.agentId, query.connectionId, config.name,
-          operation, sanitizeForLogging(query.sql || ''), (query.params || []).length,
-          rowsAffected, Date.now() - startMs, success, error || null,
-          new Date().toISOString(),
-        ]
-      );
-    } catch (err: any) {
-      console.warn(`[db-access] Audit log failed: ${err.message}`);
-    }
-  }
-  async getAuditLog(opts: { orgId: string; agentId?: string; connectionId?: string; limit?: number; offset?: number }): Promise<any[]> {
-    if (!this.engineDb) return [];
-    const conditions = ['org_id = ?'];
-    const params: any[] = [opts.orgId];
-    if (opts.agentId) { conditions.push('agent_id = ?'); params.push(opts.agentId); }
-    if (opts.connectionId) { conditions.push('connection_id = ?'); params.push(opts.connectionId); }
-    params.push(opts.limit ?? 100, opts.offset ?? 0);
-    return this.dbAll(
-      `SELECT * FROM database_audit_log WHERE ${conditions.join(' AND ')} ORDER BY timestamp DESC LIMIT ? OFFSET ?`,
-      params
-    );
-  }
-  // ─── Driver Registration ───────────────────────────────────────────────────
-  registerDriver(type: DatabaseType, driver: DatabaseDriver): void {
-    this.drivers.set(type, driver);
-  }
-  // ─── Auto-Install Helper ──────────────────────────────────────────────────
-  private _installCache = new Set<string>();
-  /**
-   * Auto-install a npm package if not already installed.
-   * Caches install attempts to avoid repeated installs in the same process.
-   */
-  /**
-   * Load a package using createRequire (works in bundled builds where dynamic import() fails).
-   * Falls back through multiple strategies: createRequire at cwd, createRequire at node_modules, direct import.
-   */
-  private _requirePkg(pkg: string): any {
-    // Strategy 1: createRequire from cwd (works for npm-installed packages in bundled code)
-    try {
-      const { createRequire } = require('node:module');
-      const req = createRequire(require('node:path').join(process.cwd(), 'node_modules', '.package.json'));
-      return req(pkg);
-    } catch {}
-    // Strategy 2: createRequire from process.cwd package.json
-    try {
-      const { createRequire } = require('node:module');
-      const req = createRequire(require('node:path').join(process.cwd(), 'package.json'));
-      return req(pkg);
-    } catch {}
-    // Strategy 3: resolve absolute path manually
-    try {
-      const absPath = require('node:path').join(process.cwd(), 'node_modules', pkg);
-      return require(absPath);
-    } catch {}
-    // Strategy 4: plain require (may work in non-bundled contexts)
-    try {
-      return require(pkg);
-    } catch {}
-    return null;
-  }
-  private async ensurePackage(pkg: string): Promise<any> {
-    // Try loading first (multiple strategies for bundled builds)
-    const existing = this._requirePkg(pkg);
-    if (existing) return existing;
-    // Also try dynamic import as last resort for ESM packages
-    try {
-      return await import(pkg);
-    } catch {}
-    // Package not installed — auto-install it
-    if (this._installCache.has(pkg)) {
-      throw new Error(`Package "${pkg}" could not be loaded after auto-install. Please install manually: npm install ${pkg}`);
-    }
-    this._installCache.add(pkg);
-    console.log(`[database-access] Auto-installing "${pkg}"...`);
-    const { execSync } = await import('child_process');
-    try {
-      execSync(`npm install --no-save ${pkg}`, {
-        stdio: 'pipe',
-        timeout: 120_000,
-        cwd: process.cwd(),
-      });
-      console.log(`[database-access] Successfully installed "${pkg}"`);
-    } catch (installErr: any) {
-      const msg = installErr.stderr?.toString?.().slice(0, 200) || installErr.message;
-      throw new Error(`Failed to auto-install "${pkg}": ${msg}. Please install manually: npm install ${pkg}`);
-    }
-    // Try all loading strategies again after install
-    const loaded = this._requirePkg(pkg);
-    if (loaded) return loaded;
-    // Final attempt with dynamic import
-    try {
-      return await import(pkg);
-    } catch {}
-    throw new Error(`Package "${pkg}" installed but could not be loaded. Try restarting the server, or install manually: npm install ${pkg}`);
-  }
-  /**
-   * Connect with a timeout wrapper — all drivers get a 15s connect timeout.
-   */
-  private async connectWithTimeout<T>(fn: () => Promise<T>, timeoutMs = 15_000, label = 'Connection'): Promise<T> {
-    return new Promise<T>((resolve, reject) => {
-      const timer = setTimeout(() => reject(new Error(`${label} timed out after ${timeoutMs}ms — check your host/port and ensure the database is reachable`)), timeoutMs);
-      fn().then(
-        (v) => { clearTimeout(timer); resolve(v); },
-        (e) => { clearTimeout(timer); reject(e); },
-      );
-    });
-  }
-  /**
-   * Detect SSL requirement from connection string or cloud provider type.
-   * Cloud-hosted databases almost always require SSL.
-   */
-  private needsSsl(config: any, credentials?: any): boolean | Record<string, any> {
-    if (config.ssl === true) return true;
-    if (config.ssl === false) return false;
-    // Auto-enable SSL for cloud providers
-    const cloudTypes: string[] = ['supabase', 'neon', 'planetscale', 'cockroachdb', 'turso', 'upstash'];
-    if (cloudTypes.includes(config.type)) return true;
-    // Detect from connection string
-    const connStr = credentials?.connectionString || '';
-    if (connStr.includes('sslmode=require') || connStr.includes('ssl=true')) return true;
-    // Supabase/Neon/etc URLs contain their domain
-    if (/supabase|neon\.tech|cockroachlabs|planetscale|turso\.io|railway\.app|render\.com|aiven\.io|timescale\.com/i.test(connStr)) return true;
-    if (/supabase|neon\.tech|cockroachlabs|planetscale|turso\.io|railway|render|aiven|timescale/i.test(config.host || '')) return true;
-    return false;
-  }
-  /**
-   * Parse a connection string to extract host/port/database/username when fields are missing.
-   */
-  private parseConnectionString(connStr: string, _type: string): { host?: string; port?: number; database?: string; username?: string } {
-    try {
-      // Handle postgres://, mysql://, mongodb://, redis://, libsql:// etc
-      const cleaned = connStr.replace(/^(postgres|postgresql|mysql|mongodb\+srv|mongodb|redis|rediss|libsql)/, 'http');
-      const url = new URL(cleaned);
-      return {
-        host: url.hostname || undefined,
-        port: url.port ? parseInt(url.port) : undefined,
-        database: url.pathname?.replace(/^\//, '') || undefined,
-        username: url.username || undefined,
-      };
-    } catch {
-      return {};
-    }
-  }
-  private registerBuiltinDrivers(): void {
-    const self = this;
-    // ── PostgreSQL / CockroachDB / Supabase / Neon ─────────────────────────
-    const pgDriver: DatabaseDriver = {
-      async connect(config, credentials) {
-        const pgMod = await self.ensurePackage('postgres');
-        const pgFn = pgMod.default || pgMod;
-        // Build connection string from parts if not provided
-        let connStr = credentials.connectionString;
-        if (!connStr) {
-          const user = encodeURIComponent(config.username || 'postgres');
-          const pass = encodeURIComponent(credentials.password || '');
-          const host = config.host || 'localhost';
-          const port = config.port || 5432;
-          const db = config.database || 'postgres';
-          connStr = `postgresql://${user}:${pass}@${host}:${port}/${db}`;
-        }
-        const ssl = self.needsSsl(config, credentials);
-        const sql: any = await self.connectWithTimeout(() => {
-          const s = pgFn(connStr, {
-            max: config.pool?.max ?? 10,
-            idle_timeout: (config.pool?.idleTimeoutMs ?? 30_000) / 1000,
-            connect_timeout: 10,
-            ssl: ssl ? (config.sslRejectUnauthorized === false ? 'prefer' as any : 'require' as any) : false,
-          });
-          // Force a connection attempt so errors surface now
-          return s`SELECT 1`.then(() => s);
-        }, 15_000, 'PostgreSQL');
-        return {
-          async query(q: string, params?: any[]) {
-            const result = params?.length ? await sql.unsafe(q, params) : await sql.unsafe(q);
-            return {
-              rows: [...result],
-              affectedRows: result.count,
-              fields: result.columns?.map((c: any) => ({ name: c.name, type: String(c.type) })),
-            };
-          },
-          async close() { try { await sql.end({ timeout: 5 }); } catch {} },
-          async ping() {
-            try { await sql`SELECT 1`; return true; }
-            catch (e: any) {
-              const msg = e instanceof AggregateError ? (e.errors?.map?.((x: any) => x.message).join('; ') || 'Multiple connection failures') : (e.message || String(e));
-              throw new Error('PostgreSQL ping failed: ' + msg);
-            }
-          },
-        };
-      },
-    };
-    this.drivers.set('postgresql', pgDriver);
-    this.drivers.set('cockroachdb', pgDriver);
-    this.drivers.set('supabase', pgDriver);
-    this.drivers.set('neon', pgDriver);
-    // ── MySQL / MariaDB / PlanetScale ──────────────────────────────────────
-    const mysqlDriver: DatabaseDriver = {
-      async connect(config, credentials) {
-        const mysql2 = await self.ensurePackage('mysql2/promise');
-        // Parse connection string for missing fields
-        const parsed = credentials.connectionString ? self.parseConnectionString(credentials.connectionString, config.type) : {};
-        const ssl = self.needsSsl(config, credentials);
-        const pool = await self.connectWithTimeout(async () => {
-          const p = mysql2.createPool({
-            host: config.host || parsed.host || 'localhost',
-            port: config.port || parsed.port || 3306,
-            user: config.username || parsed.username,
-            password: credentials.password || (credentials.connectionString ? (() => { try { const u = new URL(credentials.connectionString.replace(/^mysql/, 'http')); return decodeURIComponent(u.password); } catch { return undefined; } })() : undefined),
-            database: config.database || parsed.database,
-            connectionLimit: config.pool?.max ?? 10,
-            connectTimeout: 10_000,
-            ssl: ssl ? { rejectUnauthorized: config.sslRejectUnauthorized !== false } : undefined,
-            uri: credentials.connectionString || undefined,
-          });
-          // Validate connection
-          await p.execute('SELECT 1');
-          return p;
-        }, 15_000, 'MySQL');
-        return {
-          async query(q: string, params?: any[]) {
-            const [rows, fields] = await pool.execute(q, params);
-            const resultRows = Array.isArray(rows) ? rows : [];
-            return {
-              rows: resultRows as any[],
-              affectedRows: (rows as any).affectedRows,
-              fields: (fields as any[])?.map((f: any) => ({ name: f.name, type: String(f.type) })),
-            };
-          },
-          async close() { try { await pool.end(); } catch {} },
-          async ping() { try { await pool.execute('SELECT 1'); return true; } catch (e: any) { throw new Error('MySQL ping failed: ' + (e.message || e)); } },
-        };
-      },
-    };
-    this.drivers.set('mysql', mysqlDriver);
-    this.drivers.set('mariadb', mysqlDriver);
-    this.drivers.set('planetscale', mysqlDriver);
-    // ── SQLite ─────────────────────────────────────────────────────────────
-    this.drivers.set('sqlite', {
-      async connect(config, credentials) {
-        const sqliteMod = await self.ensurePackage('better-sqlite3');
-        const Database = sqliteMod.default || sqliteMod;
-        const dbPath = credentials.connectionString || config.database || ':memory:';
-        const db = new Database(dbPath, { readonly: false });
-        // Enable WAL mode for better concurrency
-        try { db.pragma('journal_mode = WAL'); } catch {}
-        return {
-          async query(q: string, params?: any[]) {
-            const trimmed = q.trim().toUpperCase();
-            if (trimmed.startsWith('SELECT') || trimmed.startsWith('WITH') || trimmed.startsWith('PRAGMA') || trimmed.startsWith('EXPLAIN')) {
-              const stmt = db.prepare(q);
-              const rows = params?.length ? stmt.all(...params) : stmt.all();
-              return { rows, fields: rows.length > 0 ? Object.keys(rows[0]).map(k => ({ name: k, type: 'unknown' })) : [] };
-            } else {
-              const stmt = db.prepare(q);
-              const result = params?.length ? stmt.run(...params) : stmt.run();
-              return { rows: [], affectedRows: result.changes };
-            }
-          },
-          async close() { try { db.close(); } catch {} },
-          async ping() { try { db.prepare('SELECT 1').get(); return true; } catch (e: any) { throw new Error('SQLite ping failed: ' + (e.message || e)); } },
-        };
-      },
-    });
-    // ── Turso / LibSQL ─────────────────────────────────────────────────────
-    this.drivers.set('turso', {
-      async connect(config, credentials) {
-        const libsql = await self.ensurePackage('@libsql/client');
-        const { createClient } = libsql;
-        const url = credentials.connectionString || `libsql://${config.host}`;
-        const client = createClient({ url, authToken: credentials.password });
-        // Validate
-        await self.connectWithTimeout(() => client.execute('SELECT 1'), 15_000, 'Turso');
-        return {
-          async query(q: string, params?: any[]) {
-            const result = await client.execute({ sql: q, args: params || [] });
-            return {
-              rows: result.rows as any[],
-              affectedRows: result.rowsAffected,
-              fields: result.columns?.map((c: any) => ({ name: String(c), type: 'unknown' })),
-            };
-          },
-          async close() { try { client.close(); } catch {} },
-          async ping() { try { await client.execute('SELECT 1'); return true; } catch (e: any) { throw new Error('Turso ping failed: ' + (e.message || e)); } },
-        };
-      },
-    });
-    // ── MongoDB ────────────────────────────────────────────────────────────
-    this.drivers.set('mongodb', {
-      async connect(config, credentials) {
-        const mongoMod = await self.ensurePackage('mongodb');
-        const { MongoClient } = mongoMod;
-        const uri = credentials.connectionString || (() => {
-          const user = encodeURIComponent(config.username || '');
-          const pass = encodeURIComponent(credentials.password || '');
-          const host = config.host || 'localhost';
-          const port = config.port || 27017;
-          const db = config.database || 'admin';
-          const auth = user ? `${user}:${pass}@` : '';
-          return `mongodb://${auth}${host}:${port}/${db}`;
-        })();
-        const ssl = self.needsSsl(config, credentials);
-        // mongodb+srv:// always uses TLS
-        const useTls = ssl || uri.startsWith('mongodb+srv://');
-        const client = new MongoClient(uri, {
-          maxPoolSize: config.pool?.max ?? 10,
-          serverSelectionTimeoutMS: 10_000,
-          connectTimeoutMS: 10_000,
-          tls: useTls || undefined,
-        });
-        await self.connectWithTimeout(() => client.connect(), 15_000, 'MongoDB');
-        const db = client.db(config.database || self.parseConnectionString(uri, 'mongodb').database);
-        return {
-          async query(q: string, _params?: any[]) {
-            try {
-              const cmd = JSON.parse(q);
-              const collection = db.collection(cmd.collection);
-              switch (cmd.operation) {
-                case 'find': {
-                  const cursor = collection.find(cmd.filter || {});
-                  if (cmd.projection) cursor.project(cmd.projection);
-                  if (cmd.sort) cursor.sort(cmd.sort);
-                  if (cmd.skip) cursor.skip(cmd.skip);
-                  cursor.limit(cmd.limit || 100);
-                  return { rows: await cursor.toArray() };
-                }
-                case 'findOne': {
-                  const doc = await collection.findOne(cmd.filter || {}, { projection: cmd.projection });
-                  return { rows: doc ? [doc] : [] };
-                }
-                case 'insertOne': {
-                  const r = await collection.insertOne(cmd.document);
-                  return { rows: [{ insertedId: r.insertedId }], affectedRows: 1 };
-                }
-                case 'insertMany': {
-                  const r = await collection.insertMany(cmd.documents);
-                  return { rows: [{ insertedCount: r.insertedCount }], affectedRows: r.insertedCount };
-                }
-                case 'updateOne': case 'updateMany': {
-                  const fn = cmd.operation === 'updateOne' ? collection.updateOne.bind(collection) : collection.updateMany.bind(collection);
-                  const r = await fn(cmd.filter || {}, cmd.update, { upsert: cmd.upsert });
-                  return { rows: [{ matchedCount: r.matchedCount, modifiedCount: r.modifiedCount, upsertedId: r.upsertedId }], affectedRows: r.modifiedCount };
-                }
-                case 'deleteOne': case 'deleteMany': {
-                  const fn = cmd.operation === 'deleteOne' ? collection.deleteOne.bind(collection) : collection.deleteMany.bind(collection);
-                  const r = await fn(cmd.filter || {});
-                  return { rows: [], affectedRows: r.deletedCount };
-                }
-                case 'aggregate': return { rows: await collection.aggregate(cmd.pipeline || []).toArray() };
-                case 'count': case 'countDocuments': return { rows: [{ count: await collection.countDocuments(cmd.filter || {}) }] };
-                case 'distinct': return { rows: [{ values: await collection.distinct(cmd.field, cmd.filter || {}) }] };
-                case 'listCollections': {
-                  const cols = await db.listCollections().toArray();
-                  return { rows: cols.map((c: any) => ({ name: c.name, type: c.type })) };
-                }
-                default: throw new Error(`Unknown operation: ${cmd.operation}. Supported: find, findOne, insertOne, insertMany, updateOne, updateMany, deleteOne, deleteMany, aggregate, count, distinct, listCollections`);
-              }
-            } catch (err: any) {
-              throw new Error(`MongoDB query error: ${err.message}`);
-            }
-          },
-          async close() { try { await client.close(); } catch {} },
-          async ping() { try { await db.command({ ping: 1 }); return true; } catch (e: any) { throw new Error('MongoDB ping failed: ' + (e.message || e)); } },
-        };
-      },
-    });
-    // ── Redis (self-hosted or cloud with standard Redis protocol) ──────────
-    this.drivers.set('redis', {
-      async connect(config, credentials) {
-        const host = config.host || 'localhost';
-        const port = config.port || 6379;
-        const ssl = self.needsSsl(config, credentials);
-        const connStr = credentials.connectionString || '';
-        // Detect if connection string uses rediss:// (TLS)
-        const useTls = ssl || connStr.startsWith('rediss://');
-        // Parse auth from connection string if present
-        let password = credentials.password;
-        let username = config.username;
-        if (connStr) {
-          try {
-            const _parsed = self.parseConnectionString(connStr, 'redis');
-            if (!password) {
-              // redis://user:pass@host:port or redis://:pass@host:port
-              const url = new URL(connStr.replace(/^redis(s?)/, 'http'));
-              password = url.password || password;
-              username = url.username || username;
-            }
-          } catch {}
-        }
-        // Use TLS or plain net socket
-        let socket: any;
-        const connectHost = connStr ? (self.parseConnectionString(connStr, 'redis').host || host) : host;
-        const connectPort = connStr ? (self.parseConnectionString(connStr, 'redis').port || port) : port;
-        await self.connectWithTimeout(async () => {
-          if (useTls) {
-            const tls = await import('tls');
-            socket = tls.connect({ host: connectHost, port: connectPort, rejectUnauthorized: config.sslRejectUnauthorized !== false });
-            await new Promise<void>((resolve, reject) => {
-              socket.on('secureConnect', resolve);
-              socket.on('error', reject);
-            });
-          } else {
-            const net = await import('net');
-            socket = new net.Socket();
-            await new Promise<void>((resolve, reject) => {
-              socket.connect(connectPort, connectHost, () => resolve());
-              socket.on('error', reject);
-            });
-          }
-          // AUTH if needed — support Redis 6+ ACL: AUTH username password
-          if (password) {
-            const authCmd = username && username !== 'default' ? `AUTH ${username} ${password}` : `AUTH ${password}`;
-            await sendRedisCommand(socket, authCmd);
-          }
-        }, 15_000, 'Redis');
-        function sendRedisCommand(sock: any, cmd: string): Promise<string> {
-          return new Promise((resolve, reject) => {
-            let data = '';
-            const onData = (chunk: Buffer) => { data += chunk.toString(); if (data.includes('\r\n')) { sock.off('data', onData); resolve(data); } };
-            sock.on('data', onData);
-            sock.write(cmd + '\r\n');
-            setTimeout(() => { sock.off('data', onData); reject(new Error('Redis command timed out after 10s')); }, 10_000);
-          });
-        }
-        return {
-          async query(q: string) {
-            const result = await sendRedisCommand(socket, q);
-            return { rows: [{ result: result.trim() }] };
-          },
-          async close() { try { socket.destroy(); } catch {} },
-          async ping() { try { const r = await sendRedisCommand(socket, 'PING'); if (!r.includes('PONG')) throw new Error('No PONG response'); return true; } catch (e: any) { throw new Error('Redis ping failed: ' + (e.message || e)); } },
-        };
-      },
-    });
-    // ── Upstash Redis (REST API — zero dependencies) ──────────────────────
-    this.drivers.set('upstash', {
-      async connect(config, credentials) {
-        // Upstash REST: https://<endpoint>.upstash.io with Bearer token
-        // Connection string format: https://<token>@<endpoint>.upstash.io or just the URL
-        let baseUrl = '';
-        let token = credentials.password || '';
-        if (credentials.connectionString) {
-          const cs = credentials.connectionString;
-          // Handle https://token@host format
-          if (cs.startsWith('https://') && cs.includes('@')) {
-            try {
-              const url = new URL(cs);
-              token = token || url.username || url.password;
-              baseUrl = `https://${url.host}`;
-            } catch {
-              baseUrl = cs;
-            }
-          } else if (cs.startsWith('https://')) {
-            baseUrl = cs.replace(/\/$/, '');
-          } else if (cs.startsWith('rediss://')) {
-            // Upstash also provides redis:// URLs — extract host for REST
-            try {
-              const url = new URL(cs.replace('rediss://', 'https://'));
-              token = token || url.password;
-              baseUrl = `https://${url.hostname}`;
-            } catch {
-              baseUrl = `https://${config.host}`;
-            }
-          } else {
-            baseUrl = `https://${cs}`;
-          }
-        } else {
-          baseUrl = `https://${config.host}`;
-        }
-        if (!baseUrl) throw new Error('Upstash requires a REST URL or hostname. Find it in your Upstash console under REST API.');
-        if (!token) throw new Error('Upstash requires an auth token. Find it in your Upstash console under REST API.');
-        async function upstashRequest(command: string[]): Promise<any> {
-          const ctrl = new AbortController();
-          const timer = setTimeout(() => ctrl.abort(), 10_000);
-          try {
-            const resp = await fetch(baseUrl, {
-              method: 'POST',
-              headers: { 'Authorization': `Bearer ${token}`, 'Content-Type': 'application/json' },
-              body: JSON.stringify(command),
-              signal: ctrl.signal,
-            });
-            if (!resp.ok) {
-              const body = await resp.text().catch(() => '');
-              throw new Error(`Upstash HTTP ${resp.status}: ${body.slice(0, 200)}`);
-            }
-            return resp.json();
-          } finally {
-            clearTimeout(timer);
-          }
-        }
-        // Validate connection
-        await self.connectWithTimeout(async () => {
-          const r = await upstashRequest(['PING']);
-          if (r.result !== 'PONG') throw new Error('Upstash PING failed — check your token and endpoint URL');
-        }, 15_000, 'Upstash');
-        return {
-          async query(q: string) {
-            const parts = q.trim().split(/\s+/);
-            const result = await upstashRequest(parts);
-            const val = result.result ?? result;
-            return { rows: [{ result: typeof val === 'string' ? val : JSON.stringify(val) }] };
-          },
-          async close() { /* stateless REST — nothing to close */ },
-          async ping() { try { const r = await upstashRequest(['PING']); if (r.result !== 'PONG') throw new Error('No PONG response'); return true; } catch (e: any) { throw new Error('Upstash ping failed: ' + (e.message || e)); } },
-        };
-      },
-    });
-  }
-  // ─── Row Mapping ───────────────────────────────────────────────────────────
-  private rowToConfig(row: any): DatabaseConnectionConfig {
-    const config = typeof row.config === 'string' ? JSON.parse(row.config) : (row.config || {});
-    return {
-      id: row.id,
-      orgId: row.org_id,
-      name: row.name,
-      type: row.type,
-      ...config,
-      status: row.status,
-      lastTestedAt: row.last_tested_at,
-      lastError: row.last_error,
-      createdAt: row.created_at,
-      updatedAt: row.updated_at,
-    };
-  }
-  private rowToAccess(row: any): AgentDatabaseAccess {
-    return {
-      id: row.id,
-      orgId: row.org_id,
-      agentId: row.agent_id,
-      connectionId: row.connection_id,
-      permissions: typeof row.permissions === 'string' ? JSON.parse(row.permissions) : (row.permissions || ['read']),
-      queryLimits: typeof row.query_limits === 'string' ? JSON.parse(row.query_limits) : row.query_limits,
-      schemaAccess: typeof row.schema_access === 'string' ? JSON.parse(row.schema_access) : row.schema_access,
-      logAllQueries: !!row.log_all_queries,
-      requireApproval: !!row.require_approval,
-      enabled: !!row.enabled,
-      createdAt: row.created_at,
-      updatedAt: row.updated_at,
-    };
-  }
-  private configToStorable(config: DatabaseConnectionConfig): Record<string, any> {
-    // Strip fields stored in their own columns
-    const { id, orgId, name, type, status, lastTestedAt, lastError, createdAt, updatedAt, ...rest } = config;
-    return rest;
-  }
-  // ─── Cleanup ───────────────────────────────────────────────────────────────
-  async shutdown(): Promise<void> {
-    for (const [connId] of this.pools) {
-      await this.closePool(connId);
-    }
-    console.log('[db-access] All connection pools closed');
-  }
-}