@agenticmail/enterprise 0.5.52 → 0.5.53

package/dist/cli-verify-RTYVUWD7.js

@@ -0,0 +1,98 @@
+import {
+  DomainLock
+} from "./chunk-UPU23ZRG.js";
+import "./chunk-GI5RMYH6.js";
+
+// src/domain-lock/cli-verify.ts
+function getFlag(args, name) {
+  const idx = args.indexOf(name);
+  if (idx !== -1 && args[idx + 1]) return args[idx + 1];
+  return void 0;
+}
+async function runVerifyDomain(args) {
+  const { default: chalk } = await import("chalk");
+  const { default: ora } = await import("ora");
+  console.log("");
+  console.log(chalk.bold("  AgenticMail Enterprise \u2014 Domain Verification"));
+  console.log("");
+  let domain = getFlag(args, "--domain");
+  let dnsChallenge;
+  let dbConnected = false;
+  let db = null;
+  if (!domain) {
+    const dbPath = getFlag(args, "--db");
+    const dbType = getFlag(args, "--db-type") || "sqlite";
+    if (dbPath) {
+      try {
+        const { createAdapter } = await import("./factory-2SRP3B3U.js");
+        db = await createAdapter({ type: dbType, connectionString: dbPath });
+        await db.migrate();
+        const settings = await db.getSettings();
+        domain = settings?.domain;
+        dnsChallenge = settings?.domainDnsChallenge;
+        dbConnected = true;
+      } catch {
+      }
+    }
+  }
+  if (!domain) {
+    const { default: inquirer } = await import("inquirer");
+    const answer = await inquirer.prompt([{
+      type: "input",
+      name: "domain",
+      message: "Domain to verify:",
+      suffix: chalk.dim("  (e.g. agents.agenticmail.io)"),
+      validate: (v) => v.includes(".") || "Enter a valid domain"
+    }]);
+    domain = answer.domain;
+  }
+  const spinner = ora("Checking DNS verification...").start();
+  const lock = new DomainLock();
+  const result = await lock.checkVerification(domain);
+  if (!result.success) {
+    spinner.fail("Verification check failed");
+    console.log("");
+    console.error(chalk.red(`  ${result.error}`));
+    console.log("");
+    if (db) await db.disconnect();
+    process.exit(1);
+  }
+  if (result.verified) {
+    spinner.succeed("Domain verified!");
+    if (dbConnected && db) {
+      try {
+        await db.updateSettings({
+          domainStatus: "verified",
+          domainVerifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      } catch {
+      }
+    }
+    console.log("");
+    console.log(chalk.green.bold(`  ${domain} is verified and protected.`));
+    console.log(chalk.dim("  Your deployment domain is locked. No other instance can claim it."));
+    console.log("");
+  } else {
+    spinner.info("DNS record not found yet");
+    console.log("");
+    console.log(chalk.yellow("  The DNS TXT record has not been detected."));
+    console.log("");
+    console.log(chalk.bold("  Make sure this record exists:"));
+    console.log("");
+    console.log(`  ${chalk.bold("Host:")}   ${chalk.cyan(`_agenticmail-verify.${domain}`)}`);
+    console.log(`  ${chalk.bold("Type:")}   ${chalk.cyan("TXT")}`);
+    if (dnsChallenge) {
+      console.log(`  ${chalk.bold("Value:")}  ${chalk.cyan(dnsChallenge)}`);
+    } else {
+      console.log(`  ${chalk.bold("Value:")}  ${chalk.dim("(check your setup records or dashboard)")}`);
+    }
+    console.log("");
+    console.log(chalk.dim("  DNS changes can take up to 48 hours to propagate."));
+    console.log(chalk.dim("  Run this command again after adding the record."));
+    console.log("");
+  }
+  if (db) await db.disconnect();
+}
+export {
+  runVerifyDomain
+};

package/dist/config-store-44Y6KOVX.js

@@ -0,0 +1,58 @@
+import "./chunk-GI5RMYH6.js";
+
+// src/lib/config-store.ts
+import { scryptSync, randomBytes, createCipheriv, createDecipheriv } from "crypto";
+import { readFileSync, writeFileSync, existsSync } from "fs";
+import { join } from "path";
+var CONFIG_FILE = ".agenticmail.enc";
+var ALGORITHM = "aes-256-gcm";
+var SCRYPT_KEYLEN = 32;
+var SCRYPT_PARAMS = { N: 16384, r: 8, p: 1 };
+function deriveKey(secret, salt) {
+  return scryptSync(secret, salt, SCRYPT_KEYLEN, SCRYPT_PARAMS);
+}
+function getConfigPath() {
+  return join(process.cwd(), CONFIG_FILE);
+}
+async function saveDbConfig(config, secret) {
+  const salt = randomBytes(16);
+  const key = deriveKey(secret, salt);
+  const iv = randomBytes(12);
+  const cipher = createCipheriv(ALGORITHM, key, iv);
+  const plaintext = JSON.stringify(config);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  const payload = {
+    iv: iv.toString("base64"),
+    tag: tag.toString("base64"),
+    salt: salt.toString("base64"),
+    data: encrypted.toString("base64")
+  };
+  writeFileSync(getConfigPath(), JSON.stringify(payload, null, 2), "utf-8");
+}
+async function loadDbConfig(secret) {
+  const path = getConfigPath();
+  if (!existsSync(path)) return null;
+  try {
+    const raw = JSON.parse(readFileSync(path, "utf-8"));
+    const salt = Buffer.from(raw.salt, "base64");
+    const iv = Buffer.from(raw.iv, "base64");
+    const tag = Buffer.from(raw.tag, "base64");
+    const data = Buffer.from(raw.data, "base64");
+    const key = deriveKey(secret, salt);
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(tag);
+    const decrypted = Buffer.concat([decipher.update(data), decipher.final()]);
+    return JSON.parse(decrypted.toString("utf-8"));
+  } catch {
+    return null;
+  }
+}
+function configFileExists() {
+  return existsSync(getConfigPath());
+}
+export {
+  configFileExists,
+  loadDbConfig,
+  saveDbConfig
+};

package/dist/db-adapter-FJZ5BESQ.js

@@ -0,0 +1,7 @@
+import {
+  EngineDatabase
+} from "./chunk-5DDNXWPN.js";
+import "./chunk-GI5RMYH6.js";
+export {
+  EngineDatabase
+};

package/dist/domain-lock-7EMDJXFQ.js

@@ -0,0 +1,7 @@
+import {
+  DomainLock
+} from "./chunk-UPU23ZRG.js";
+import "./chunk-GI5RMYH6.js";
+export {
+  DomainLock
+};

package/dist/dynamodb-CDDPVEXF.js

@@ -0,0 +1,424 @@
+import {
+  DatabaseAdapter
+} from "./chunk-FLRYMSKY.js";
+import "./chunk-GI5RMYH6.js";
+
+// src/db/dynamodb.ts
+import { randomUUID, createHash } from "crypto";
+var ddbLib;
+var ddbDocLib;
+async function getDdb() {
+  if (!ddbLib) {
+    const { resolveDriver } = await import("./resolve-driver-ZLJYEK72.js");
+    const errMsg = "DynamoDB drivers not found. Install: npm install @aws-sdk/client-dynamodb @aws-sdk/lib-dynamodb";
+    ddbLib = await resolveDriver("@aws-sdk/client-dynamodb", errMsg);
+    ddbDocLib = await resolveDriver("@aws-sdk/lib-dynamodb", errMsg);
+  }
+  return { ddbLib, ddbDocLib };
+}
+var TABLE = "agenticmail_enterprise";
+function pk(type) {
+  return `${type}`;
+}
+var DynamoAdapter = class extends DatabaseAdapter {
+  type = "dynamodb";
+  client = null;
+  docClient = null;
+  tableName = TABLE;
+  async connect(config) {
+    const { ddbLib: ddbLib2, ddbDocLib: ddbDocLib2 } = await getDdb();
+    const opts = {};
+    if (config.region) opts.region = config.region;
+    if (config.accessKeyId && config.secretAccessKey) {
+      opts.credentials = { accessKeyId: config.accessKeyId, secretAccessKey: config.secretAccessKey };
+    }
+    if (config.connectionString) {
+      opts.endpoint = config.connectionString;
+    }
+    if (config.options?.tableName) this.tableName = config.options.tableName;
+    this.client = new ddbLib2.DynamoDBClient(opts);
+    this.docClient = ddbDocLib2.DynamoDBDocumentClient.from(this.client);
+  }
+  async disconnect() {
+    if (this.client) this.client.destroy();
+  }
+  isConnected() {
+    return this.client !== null;
+  }
+  async put(item) {
+    const { ddbDocLib: ddbDocLib2 } = await getDdb();
+    await this.docClient.send(new ddbDocLib2.PutCommand({ TableName: this.tableName, Item: item }));
+  }
+  async getItem(pkVal, skVal) {
+    const { ddbDocLib: ddbDocLib2 } = await getDdb();
+    const result = await this.docClient.send(new ddbDocLib2.GetCommand({
+      TableName: this.tableName,
+      Key: { PK: pkVal, SK: skVal }
+    }));
+    return result.Item || null;
+  }
+  async query(pkVal, opts) {
+    const { ddbDocLib: ddbDocLib2 } = await getDdb();
+    const params = {
+      TableName: this.tableName,
+      KeyConditionExpression: "#pk = :pk",
+      ExpressionAttributeNames: { "#pk": opts?.pkField || "PK" },
+      ExpressionAttributeValues: { ":pk": pkVal }
+    };
+    if (opts?.sk?.begins) {
+      params.KeyConditionExpression += " AND begins_with(#sk, :skPrefix)";
+      params.ExpressionAttributeNames["#sk"] = "SK";
+      params.ExpressionAttributeValues[":skPrefix"] = opts.sk.begins;
+    }
+    if (opts?.index) params.IndexName = opts.index;
+    if (opts?.limit) params.Limit = opts.limit;
+    params.ScanIndexForward = false;
+    const result = await this.docClient.send(new ddbDocLib2.QueryCommand(params));
+    return result.Items || [];
+  }
+  async deleteItem(pkVal, skVal) {
+    const { ddbDocLib: ddbDocLib2 } = await getDdb();
+    await this.docClient.send(new ddbDocLib2.DeleteCommand({
+      TableName: this.tableName,
+      Key: { PK: pkVal, SK: skVal }
+    }));
+  }
+  async migrate() {
+    const { ddbLib: ddbLib2 } = await getDdb();
+    try {
+      await this.client.send(new ddbLib2.CreateTableCommand({
+        TableName: this.tableName,
+        KeySchema: [
+          { AttributeName: "PK", KeyType: "HASH" },
+          { AttributeName: "SK", KeyType: "RANGE" }
+        ],
+        AttributeDefinitions: [
+          { AttributeName: "PK", AttributeType: "S" },
+          { AttributeName: "SK", AttributeType: "S" },
+          { AttributeName: "GSI1PK", AttributeType: "S" },
+          { AttributeName: "GSI1SK", AttributeType: "S" }
+        ],
+        GlobalSecondaryIndexes: [
+          {
+            IndexName: "GSI1",
+            KeySchema: [
+              { AttributeName: "GSI1PK", KeyType: "HASH" },
+              { AttributeName: "GSI1SK", KeyType: "RANGE" }
+            ],
+            Projection: { ProjectionType: "ALL" },
+            ProvisionedThroughput: { ReadCapacityUnits: 5, WriteCapacityUnits: 5 }
+          }
+        ],
+        BillingMode: "PAY_PER_REQUEST"
+      }));
+      const waiter = new ddbLib2.DescribeTableCommand({ TableName: this.tableName });
+      for (let i = 0; i < 30; i++) {
+        const desc = await this.client.send(waiter);
+        if (desc.Table?.TableStatus === "ACTIVE") break;
+        await new Promise((r) => setTimeout(r, 1e3));
+      }
+    } catch (err) {
+      if (!err.name?.includes("ResourceInUse") && !err.message?.includes("already exists")) throw err;
+    }
+    const existing = await this.getItem(pk("SETTINGS"), "default");
+    if (!existing) {
+      await this.put({ PK: pk("SETTINGS"), SK: "default", name: "", subdomain: "", plan: "free", primaryColor: "#6366f1", createdAt: (/* @__PURE__ */ new Date()).toISOString(), updatedAt: (/* @__PURE__ */ new Date()).toISOString() });
+    }
+    const retPol = await this.getItem(pk("RETENTION"), "default");
+    if (!retPol) {
+      await this.put({ PK: pk("RETENTION"), SK: "default", enabled: false, retainDays: 365, excludeTags: [], archiveFirst: true });
+    }
+  }
+  // ─── Company ─────────────────────────────────────────────
+  async getSettings() {
+    const r = await this.getItem(pk("SETTINGS"), "default");
+    if (!r) return null;
+    return { id: "default", name: r.name, domain: r.domain, subdomain: r.subdomain, smtpHost: r.smtpHost, smtpPort: r.smtpPort, smtpUser: r.smtpUser, smtpPass: r.smtpPass, dkimPrivateKey: r.dkimPrivateKey, logoUrl: r.logoUrl, primaryColor: r.primaryColor, ssoConfig: r.ssoConfig, toolSecurityConfig: r.toolSecurityConfig || {}, firewallConfig: r.firewallConfig || {}, modelPricingConfig: r.modelPricingConfig || {}, plan: r.plan, deploymentKeyHash: r.deploymentKeyHash, domainRegistrationId: r.domainRegistrationId, domainDnsChallenge: r.domainDnsChallenge, domainVerifiedAt: r.domainVerifiedAt || void 0, domainRegisteredAt: r.domainRegisteredAt || void 0, domainStatus: r.domainStatus || "unregistered", createdAt: new Date(r.createdAt), updatedAt: new Date(r.updatedAt) };
+  }
+  async updateSettings(updates) {
+    const current = await this.getItem(pk("SETTINGS"), "default") || {};
+    const { id, ...rest } = updates;
+    await this.put({ ...current, ...rest, PK: pk("SETTINGS"), SK: "default", updatedAt: (/* @__PURE__ */ new Date()).toISOString() });
+    return this.getSettings();
+  }
+  // ─── Agents ──────────────────────────────────────────────
+  async createAgent(input) {
+    const id = input.id || randomUUID();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const email = input.email || `${input.name.toLowerCase().replace(/\s+/g, "-")}@localhost`;
+    const item = {
+      PK: pk("AGENT"),
+      SK: id,
+      GSI1PK: "AGENT_NAME",
+      GSI1SK: input.name,
+      name: input.name,
+      email,
+      role: input.role || "assistant",
+      status: "active",
+      metadata: input.metadata || {},
+      createdBy: input.createdBy,
+      createdAt: now,
+      updatedAt: now
+    };
+    await this.put(item);
+    return this.itemToAgent(item);
+  }
+  async getAgent(id) {
+    const r = await this.getItem(pk("AGENT"), id);
+    return r ? this.itemToAgent(r) : null;
+  }
+  async getAgentByName(name) {
+    const items = await this.query("AGENT_NAME", { index: "GSI1", pkField: "GSI1PK", sk: { begins: name }, limit: 1 });
+    return items.length > 0 ? this.itemToAgent(items[0]) : null;
+  }
+  async listAgents(opts) {
+    const items = await this.query(pk("AGENT"), { limit: (opts?.limit || 50) + (opts?.offset || 0) });
+    let result = items.map((r) => this.itemToAgent(r));
+    if (opts?.status) result = result.filter((a) => a.status === opts.status);
+    if (opts?.offset) result = result.slice(opts.offset);
+    if (opts?.limit) result = result.slice(0, opts.limit);
+    return result;
+  }
+  async updateAgent(id, updates) {
+    const current = await this.getItem(pk("AGENT"), id);
+    if (!current) throw new Error("Agent not found");
+    const merged = { ...current, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
+    for (const key of ["name", "email", "role", "status", "metadata"]) {
+      if (updates[key] !== void 0) merged[key] = updates[key];
+    }
+    if (updates.name) {
+      merged.GSI1SK = updates.name;
+    }
+    await this.put(merged);
+    return this.itemToAgent(merged);
+  }
+  async archiveAgent(id) {
+    await this.updateAgent(id, { status: "archived" });
+  }
+  async deleteAgent(id) {
+    await this.deleteItem(pk("AGENT"), id);
+  }
+  async countAgents(status) {
+    const items = await this.query(pk("AGENT"));
+    if (status) return items.filter((i) => i.status === status).length;
+    return items.length;
+  }
+  // ─── Users ───────────────────────────────────────────────
+  async createUser(input) {
+    const id = randomUUID();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    let passwordHash = null;
+    if (input.password) {
+      const { default: bcrypt } = await import("bcryptjs");
+      passwordHash = await bcrypt.hash(input.password, 12);
+    }
+    const item = {
+      PK: pk("USER"),
+      SK: id,
+      GSI1PK: "USER_EMAIL",
+      GSI1SK: input.email,
+      email: input.email,
+      name: input.name,
+      role: input.role,
+      passwordHash,
+      ssoProvider: input.ssoProvider || null,
+      ssoSubject: input.ssoSubject || null,
+      createdAt: now,
+      updatedAt: now,
+      lastLoginAt: null
+    };
+    await this.put(item);
+    return this.itemToUser(item);
+  }
+  async getUser(id) {
+    const r = await this.getItem(pk("USER"), id);
+    return r ? this.itemToUser(r) : null;
+  }
+  async getUserByEmail(email) {
+    const items = await this.query("USER_EMAIL", { index: "GSI1", pkField: "GSI1PK", sk: { begins: email }, limit: 1 });
+    return items.length > 0 ? this.itemToUser(items[0]) : null;
+  }
+  async getUserBySso(provider, subject) {
+    const items = await this.query(pk("USER"));
+    const found = items.find((i) => i.ssoProvider === provider && i.ssoSubject === subject);
+    return found ? this.itemToUser(found) : null;
+  }
+  async listUsers(opts) {
+    const items = await this.query(pk("USER"), { limit: (opts?.limit || 50) + (opts?.offset || 0) });
+    let result = items.map((r) => this.itemToUser(r));
+    if (opts?.offset) result = result.slice(opts.offset);
+    if (opts?.limit) result = result.slice(0, opts.limit);
+    return result;
+  }
+  async updateUser(id, updates) {
+    const current = await this.getItem(pk("USER"), id);
+    if (!current) throw new Error("User not found");
+    const merged = { ...current, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
+    for (const key of ["email", "name", "role", "lastLoginAt"]) {
+      if (updates[key] !== void 0) merged[key] = updates[key];
+    }
+    if (updates.email) {
+      merged.GSI1SK = updates.email;
+    }
+    await this.put(merged);
+    return this.itemToUser(merged);
+  }
+  async deleteUser(id) {
+    await this.deleteItem(pk("USER"), id);
+  }
+  // ─── Audit ───────────────────────────────────────────────
+  async logEvent(event) {
+    const id = randomUUID();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    await this.put({
+      PK: pk("AUDIT"),
+      SK: `${now}#${id}`,
+      GSI1PK: `AUDIT_ACTOR#${event.actor}`,
+      GSI1SK: now,
+      id,
+      timestamp: now,
+      actor: event.actor,
+      actorType: event.actorType,
+      action: event.action,
+      resource: event.resource,
+      details: event.details || {},
+      ip: event.ip || null
+    });
+  }
+  async queryAudit(filters) {
+    let items;
+    if (filters.actor) {
+      items = await this.query(`AUDIT_ACTOR#${filters.actor}`, { index: "GSI1", pkField: "GSI1PK" });
+    } else {
+      items = await this.query(pk("AUDIT"));
+    }
+    if (filters.action) items = items.filter((i) => i.action === filters.action);
+    if (filters.resource) items = items.filter((i) => i.resource?.includes(filters.resource));
+    if (filters.from) items = items.filter((i) => new Date(i.timestamp) >= filters.from);
+    if (filters.to) items = items.filter((i) => new Date(i.timestamp) <= filters.to);
+    const total = items.length;
+    if (filters.offset) items = items.slice(filters.offset);
+    if (filters.limit) items = items.slice(0, filters.limit);
+    return {
+      events: items.map((r) => ({ id: r.id || r.SK, timestamp: new Date(r.timestamp), actor: r.actor, actorType: r.actorType, action: r.action, resource: r.resource, details: r.details, ip: r.ip })),
+      total
+    };
+  }
+  // ─── API Keys ────────────────────────────────────────────
+  async createApiKey(input) {
+    const id = randomUUID();
+    const plaintext = `ek_${randomUUID().replace(/-/g, "")}`;
+    const keyHash = createHash("sha256").update(plaintext).digest("hex");
+    const keyPrefix = plaintext.substring(0, 11);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const item = {
+      PK: pk("APIKEY"),
+      SK: id,
+      GSI1PK: "APIKEY_HASH",
+      GSI1SK: keyHash,
+      name: input.name,
+      keyHash,
+      keyPrefix,
+      scopes: input.scopes,
+      createdBy: input.createdBy,
+      createdAt: now,
+      lastUsedAt: null,
+      expiresAt: input.expiresAt?.toISOString() || null,
+      revoked: false
+    };
+    await this.put(item);
+    return { key: this.itemToApiKey(item), plaintext };
+  }
+  async getApiKey(id) {
+    const r = await this.getItem(pk("APIKEY"), id);
+    return r ? this.itemToApiKey(r) : null;
+  }
+  async validateApiKey(plaintext) {
+    const keyHash = createHash("sha256").update(plaintext).digest("hex");
+    const items = await this.query("APIKEY_HASH", { index: "GSI1", pkField: "GSI1PK", sk: { begins: keyHash }, limit: 1 });
+    if (items.length === 0 || items[0].revoked) return null;
+    const key = this.itemToApiKey(items[0]);
+    if (key.expiresAt && /* @__PURE__ */ new Date() > key.expiresAt) return null;
+    items[0].lastUsedAt = (/* @__PURE__ */ new Date()).toISOString();
+    await this.put(items[0]);
+    return key;
+  }
+  async listApiKeys(opts) {
+    const items = await this.query(pk("APIKEY"));
+    let result = items;
+    if (opts?.createdBy) result = result.filter((i) => i.createdBy === opts.createdBy);
+    return result.map((r) => this.itemToApiKey(r));
+  }
+  async revokeApiKey(id) {
+    const current = await this.getItem(pk("APIKEY"), id);
+    if (current) {
+      current.revoked = true;
+      await this.put(current);
+    }
+  }
+  // ─── Rules ───────────────────────────────────────────────
+  async createRule(rule) {
+    const id = randomUUID();
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const item = { PK: pk("RULE"), SK: id, ...rule, createdAt: now, updatedAt: now };
+    await this.put(item);
+    return this.itemToRule(item);
+  }
+  async getRules(agentId) {
+    const items = await this.query(pk("RULE"));
+    let result = items;
+    if (agentId) result = result.filter((i) => !i.agentId || i.agentId === agentId);
+    return result.map((r) => this.itemToRule(r)).sort((a, b) => b.priority - a.priority);
+  }
+  async updateRule(id, updates) {
+    const current = await this.getItem(pk("RULE"), id);
+    if (!current) throw new Error("Rule not found");
+    const { id: _id, createdAt, ...rest } = updates;
+    const merged = { ...current, ...rest, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
+    await this.put(merged);
+    return this.itemToRule(merged);
+  }
+  async deleteRule(id) {
+    await this.deleteItem(pk("RULE"), id);
+  }
+  // ─── Retention ───────────────────────────────────────────
+  async getRetentionPolicy() {
+    const r = await this.getItem(pk("RETENTION"), "default");
+    if (!r) return { enabled: false, retainDays: 365, archiveFirst: true };
+    return { enabled: r.enabled, retainDays: r.retainDays, excludeTags: r.excludeTags || [], archiveFirst: r.archiveFirst };
+  }
+  async setRetentionPolicy(policy) {
+    await this.put({ PK: pk("RETENTION"), SK: "default", ...policy });
+  }
+  // ─── Stats ───────────────────────────────────────────────
+  async getStats() {
+    const [agents, users, audit] = await Promise.all([
+      this.query(pk("AGENT")),
+      this.query(pk("USER")),
+      this.query(pk("AUDIT"))
+    ]);
+    return {
+      totalAgents: agents.length,
+      activeAgents: agents.filter((a) => a.status === "active").length,
+      totalUsers: users.length,
+      totalEmails: 0,
+      totalAuditEvents: audit.length
+    };
+  }
+  // ─── Mappers ─────────────────────────────────────────────
+  itemToAgent(r) {
+    return { id: r.SK || r.id, name: r.name, email: r.email, role: r.role, status: r.status, metadata: r.metadata || {}, createdBy: r.createdBy, createdAt: new Date(r.createdAt), updatedAt: new Date(r.updatedAt) };
+  }
+  itemToUser(r) {
+    return { id: r.SK || r.id, email: r.email, name: r.name, role: r.role, passwordHash: r.passwordHash, ssoProvider: r.ssoProvider, ssoSubject: r.ssoSubject, createdAt: new Date(r.createdAt), updatedAt: new Date(r.updatedAt), lastLoginAt: r.lastLoginAt ? new Date(r.lastLoginAt) : void 0 };
+  }
+  itemToApiKey(r) {
+    return { id: r.SK || r.id, name: r.name, keyHash: r.keyHash, keyPrefix: r.keyPrefix, scopes: r.scopes || [], createdBy: r.createdBy, createdAt: new Date(r.createdAt), lastUsedAt: r.lastUsedAt ? new Date(r.lastUsedAt) : void 0, expiresAt: r.expiresAt ? new Date(r.expiresAt) : void 0, revoked: r.revoked };
+  }
+  itemToRule(r) {
+    return { id: r.SK || r.id, name: r.name, agentId: r.agentId, conditions: r.conditions || {}, actions: r.actions || {}, priority: r.priority || 0, enabled: r.enabled ?? true, createdAt: new Date(r.createdAt), updatedAt: new Date(r.updatedAt) };
+  }
+};
+export {
+  DynamoAdapter
+};

package/dist/factory-2SRP3B3U.js

@@ -0,0 +1,9 @@
+import {
+  createAdapter,
+  getSupportedDatabases
+} from "./chunk-ORN3ILZD.js";
+import "./chunk-GI5RMYH6.js";
+export {
+  createAdapter,
+  getSupportedDatabases
+};

package/dist/firewall-RTIDM4NY.js

@@ -0,0 +1,10 @@
+import {
+  invalidateFirewallCache,
+  ipAccessControl
+} from "./chunk-RO537U6H.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-GI5RMYH6.js";
+export {
+  invalidateFirewallCache,
+  ipAccessControl
+};