@agenticmail/enterprise 0.5.75 → 0.5.76

package/dist/cli.js

@@ -48,7 +48,7 @@ Skill Development:
     break;
   case "setup":
   default:
-    import("./setup-FRTQSRNC.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-OLC7UNFL.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/index.js

@@ -35,7 +35,7 @@ import {
   executeTool,
   runAgentLoop,
   toolsToDefinitions
-} from "./chunk-3ZYTG6YH.js";
+} from "./chunk-SXSA3OQS.js";
 import "./chunk-TYW5XTOW.js";
 import {
   ValidationError,
@@ -50,11 +50,11 @@ import {
   requireRole,
   securityHeaders,
   validate
-} from "./chunk-72VXEHUE.js";
+} from "./chunk-R5JPVOVE.js";
 import {
   provision,
   runSetupWizard
-} from "./chunk-PVSNZHZK.js";
+} from "./chunk-QZHWUMPS.js";
 import {
   ENGINE_TABLES,
   ENGINE_TABLES_POSTGRES,

package/dist/runtime-IQ3PYZN5.js

@@ -0,0 +1,47 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-SXSA3OQS.js";
+import "./chunk-TYW5XTOW.js";
+import "./chunk-JLSQOQ5L.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-67KZYSLU.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/server-5DCT62CG.js

@@ -0,0 +1,12 @@
+import {
+  createServer
+} from "./chunk-R5JPVOVE.js";
+import "./chunk-3SMTCIR4.js";
+import "./chunk-JLSQOQ5L.js";
+import "./chunk-RO537U6H.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-67KZYSLU.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-OLC7UNFL.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-QZHWUMPS.js";
+import "./chunk-QDXUZP7Y.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.75",
+  "version": "0.5.76",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/agent-tools/index.ts

@@ -105,6 +105,11 @@ export { createMemoryTool } from './tools/memory.js';
 export { createAgenticMailTools } from './tools/agenticmail.js';
 export type { AgenticMailManagerRef, AgenticMailToolsConfig } from './tools/agenticmail.js';
 
+// --- Tool creators (Google Workspace) ---
+export { createAllGoogleTools, createGoogleCalendarTools, createGoogleDriveTools, createGoogleSheetsTools, createGoogleDocsTools, createGoogleContactsTools } from './tools/google/index.js';
+export { createTokenProvider } from './tools/oauth-token-provider.js';
+export type { TokenProvider, OAuthTokens, TokenProviderConfig } from './tools/oauth-token-provider.js';
+
 // --- Tool creators (enterprise) ---
 export { createDatabaseTools } from './tools/enterprise-database.js';
 export { createSpreadsheetTools } from './tools/enterprise-spreadsheet.js';
@@ -166,11 +171,28 @@ import { createDiffTools } from './tools/enterprise-diff.js';
 import { createVisionTools } from './tools/enterprise-vision.js';
 import { createAgenticMailTools } from './tools/agenticmail.js';
 import type { AgenticMailManagerRef } from './tools/agenticmail.js';
+import { createAllGoogleTools } from './tools/google/index.js';
+import { createTokenProvider } from './tools/oauth-token-provider.js';
+import type { OAuthTokens, TokenProvider } from './tools/oauth-token-provider.js';
 
 /** Extended options that includes AgenticMail manager */
 export interface AllToolsOptions extends ToolCreationOptions {
   /** AgenticMail manager for org email access */
   agenticmailManager?: AgenticMailManagerRef;
+  /** OAuth token provider for Google/Microsoft API tools */
+  oauthTokenProvider?: TokenProvider;
+  /** Raw email config for auto-creating token provider */
+  emailConfig?: {
+    oauthProvider?: string;
+    oauthAccessToken?: string;
+    oauthRefreshToken?: string;
+    oauthTokenExpiry?: string;
+    oauthClientId?: string;
+    oauthClientSecret?: string;
+    email?: string;
+  };
+  /** Callback to persist updated tokens after refresh */
+  onTokenRefresh?: (tokens: Partial<OAuthTokens>) => void;
 }
 
 /**
@@ -247,10 +269,46 @@ export function createAllTools(options?: AllToolsOptions): AnyAgentTool[] {
     );
   }
 
+  // Google Workspace / Microsoft Graph tools (if OAuth configured)
+  var workspaceTools: AnyAgentTool[] = [];
+  var tp = options?.oauthTokenProvider;
+  if (!tp && options?.emailConfig?.oauthAccessToken) {
+    // Auto-create token provider from email config
+    var ec = options.emailConfig;
+    tp = createTokenProvider({
+      getTokens: function() {
+        return {
+          accessToken: ec.oauthAccessToken!,
+          refreshToken: ec.oauthRefreshToken,
+          expiresAt: ec.oauthTokenExpiry,
+          provider: (ec.oauthProvider === 'microsoft' ? 'microsoft' : 'google') as any,
+          clientId: ec.oauthClientId || '',
+          clientSecret: ec.oauthClientSecret || '',
+        };
+      },
+      saveTokens: function(newTokens) {
+        if (newTokens.accessToken) ec.oauthAccessToken = newTokens.accessToken;
+        if (newTokens.refreshToken) ec.oauthRefreshToken = newTokens.refreshToken;
+        if (newTokens.expiresAt) ec.oauthTokenExpiry = newTokens.expiresAt;
+        if (options?.onTokenRefresh) options.onTokenRefresh(newTokens);
+      },
+      getEmail: function() { return ec.email; },
+    });
+  }
+  if (tp) {
+    var provider = tp.getProvider();
+    if (provider === 'google') {
+      workspaceTools = createAllGoogleTools({ tokenProvider: tp }, options);
+    }
+    // TODO: Microsoft Graph tools
+    // if (provider === 'microsoft') { workspaceTools = createAllMicrosoftTools({ tokenProvider: tp }, options); }
+  }
+
   var enabledTools = rawTools
     .filter(function(t): t is AnyAgentTool { return t !== null; })
     .concat(enterpriseTools)
-    .concat(agenticmailTools);
+    .concat(agenticmailTools)
+    .concat(workspaceTools);
 
   // Wrap with middleware if configured
   if (options?.middleware) {

package/src/agent-tools/tools/google/calendar.ts

@@ -0,0 +1,230 @@
+/**
+ * Google Calendar Tools
+ *
+ * CRUD for events, free/busy lookup, and calendar listing via Google Calendar API v3.
+ */
+
+import type { AnyAgentTool, ToolCreationOptions } from '../../types.js';
+import { jsonResult, errorResult } from '../../common.js';
+import type { GoogleToolsConfig } from './index.js';
+
+const BASE = 'https://www.googleapis.com/calendar/v3';
+
+async function gapi(token: string, path: string, opts?: { method?: string; body?: any; query?: Record<string, string> }): Promise<any> {
+  const method = opts?.method || 'GET';
+  const url = new URL(BASE + path);
+  if (opts?.query) for (const [k, v] of Object.entries(opts.query)) { if (v) url.searchParams.set(k, v); }
+  const res = await fetch(url.toString(), {
+    method,
+    headers: {
+      Authorization: `Bearer ${token}`,
+      'Content-Type': 'application/json',
+    },
+    body: opts?.body ? JSON.stringify(opts.body) : undefined,
+  });
+  if (!res.ok) {
+    const err = await res.text();
+    throw new Error(`Google Calendar API ${res.status}: ${err}`);
+  }
+  if (res.status === 204) return {};
+  return res.json();
+}
+
+export function createGoogleCalendarTools(config: GoogleToolsConfig, _options?: ToolCreationOptions): AnyAgentTool[] {
+  const tp = config.tokenProvider;
+  return [
+    {
+      name: 'google_calendar_list',
+      description: 'List all calendars the agent has access to.',
+      category: 'utility' as const,
+      parameters: { type: 'object' as const, properties: {}, required: [] },
+      async execute(_id: string) {
+        try {
+          const token = await tp.getAccessToken();
+          const data = await gapi(token, '/users/me/calendarList');
+          const cals = (data.items || []).map((c: any) => ({
+            id: c.id, summary: c.summary, description: c.description,
+            primary: c.primary || false, timeZone: c.timeZone, accessRole: c.accessRole,
+          }));
+          return jsonResult({ calendars: cals, count: cals.length });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_calendar_events',
+      description: 'List upcoming events from a calendar. Defaults to primary calendar.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          calendarId: { type: 'string', description: 'Calendar ID (default: "primary")' },
+          timeMin: { type: 'string', description: 'Start of range (ISO 8601, default: now)' },
+          timeMax: { type: 'string', description: 'End of range (ISO 8601)' },
+          maxResults: { type: 'number', description: 'Max events to return (default: 25, max: 250)' },
+          query: { type: 'string', description: 'Free-text search filter' },
+        },
+        required: [],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const calId = params.calendarId || 'primary';
+          const query: Record<string, string> = {
+            singleEvents: 'true',
+            orderBy: 'startTime',
+            maxResults: String(Math.min(params.maxResults || 25, 250)),
+            timeMin: params.timeMin || new Date().toISOString(),
+          };
+          if (params.timeMax) query.timeMax = params.timeMax;
+          if (params.query) query.q = params.query;
+          const data = await gapi(token, `/calendars/${encodeURIComponent(calId)}/events`, { query });
+          const events = (data.items || []).map((e: any) => ({
+            id: e.id, summary: e.summary, description: e.description,
+            start: e.start?.dateTime || e.start?.date,
+            end: e.end?.dateTime || e.end?.date,
+            location: e.location,
+            attendees: (e.attendees || []).map((a: any) => ({ email: a.email, name: a.displayName, status: a.responseStatus })),
+            status: e.status, htmlLink: e.htmlLink,
+            organizer: e.organizer?.email,
+            recurring: !!e.recurringEventId,
+          }));
+          return jsonResult({ events, count: events.length, calendarId: calId });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_calendar_create_event',
+      description: 'Create a new calendar event. Supports attendees, location, reminders, and recurrence.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          calendarId: { type: 'string', description: 'Calendar ID (default: "primary")' },
+          summary: { type: 'string', description: 'Event title (required)' },
+          description: { type: 'string', description: 'Event description/body' },
+          start: { type: 'string', description: 'Start time (ISO 8601, required)' },
+          end: { type: 'string', description: 'End time (ISO 8601, required)' },
+          location: { type: 'string', description: 'Event location' },
+          attendees: { type: 'string', description: 'Comma-separated email addresses' },
+          timeZone: { type: 'string', description: 'Timezone (e.g. "America/New_York")' },
+          allDay: { type: 'string', description: 'If "true", creates all-day event (start/end should be YYYY-MM-DD)' },
+          recurrence: { type: 'string', description: 'RRULE string (e.g. "RRULE:FREQ=WEEKLY;COUNT=10")' },
+          sendUpdates: { type: 'string', description: '"all" to email attendees, "none" to skip (default: "all")' },
+        },
+        required: ['summary', 'start', 'end'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const calId = params.calendarId || 'primary';
+          const isAllDay = params.allDay === 'true';
+          const event: any = {
+            summary: params.summary,
+            description: params.description,
+            location: params.location,
+            start: isAllDay ? { date: params.start } : { dateTime: params.start, timeZone: params.timeZone },
+            end: isAllDay ? { date: params.end } : { dateTime: params.end, timeZone: params.timeZone },
+          };
+          if (params.attendees) {
+            event.attendees = params.attendees.split(',').map((e: string) => ({ email: e.trim() }));
+          }
+          if (params.recurrence) event.recurrence = [params.recurrence];
+          const query: Record<string, string> = {};
+          if (params.sendUpdates) query.sendUpdates = params.sendUpdates;
+          const result = await gapi(token, `/calendars/${encodeURIComponent(calId)}/events`, { method: 'POST', body: event, query });
+          return jsonResult({ created: true, eventId: result.id, htmlLink: result.htmlLink, summary: result.summary, start: result.start?.dateTime || result.start?.date });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_calendar_update_event',
+      description: 'Update an existing calendar event.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          calendarId: { type: 'string', description: 'Calendar ID (default: "primary")' },
+          eventId: { type: 'string', description: 'Event ID to update (required)' },
+          summary: { type: 'string', description: 'New title' },
+          description: { type: 'string', description: 'New description' },
+          start: { type: 'string', description: 'New start time (ISO 8601)' },
+          end: { type: 'string', description: 'New end time (ISO 8601)' },
+          location: { type: 'string', description: 'New location' },
+          attendees: { type: 'string', description: 'Comma-separated email addresses (replaces existing)' },
+          sendUpdates: { type: 'string', description: '"all" to email attendees, "none" to skip' },
+        },
+        required: ['eventId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const calId = params.calendarId || 'primary';
+          const patch: any = {};
+          if (params.summary) patch.summary = params.summary;
+          if (params.description) patch.description = params.description;
+          if (params.location) patch.location = params.location;
+          if (params.start) patch.start = { dateTime: params.start };
+          if (params.end) patch.end = { dateTime: params.end };
+          if (params.attendees) patch.attendees = params.attendees.split(',').map((e: string) => ({ email: e.trim() }));
+          const query: Record<string, string> = {};
+          if (params.sendUpdates) query.sendUpdates = params.sendUpdates;
+          const result = await gapi(token, `/calendars/${encodeURIComponent(calId)}/events/${params.eventId}`, { method: 'PATCH', body: patch, query });
+          return jsonResult({ updated: true, eventId: result.id, summary: result.summary });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_calendar_delete_event',
+      description: 'Delete a calendar event.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          calendarId: { type: 'string', description: 'Calendar ID (default: "primary")' },
+          eventId: { type: 'string', description: 'Event ID to delete (required)' },
+          sendUpdates: { type: 'string', description: '"all" to notify attendees, "none" to skip' },
+        },
+        required: ['eventId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const calId = params.calendarId || 'primary';
+          const query: Record<string, string> = {};
+          if (params.sendUpdates) query.sendUpdates = params.sendUpdates;
+          await gapi(token, `/calendars/${encodeURIComponent(calId)}/events/${params.eventId}`, { method: 'DELETE', query });
+          return jsonResult({ deleted: true, eventId: params.eventId });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_calendar_freebusy',
+      description: 'Check free/busy status for one or more calendars in a time range. Useful for scheduling meetings.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          timeMin: { type: 'string', description: 'Start of range (ISO 8601, required)' },
+          timeMax: { type: 'string', description: 'End of range (ISO 8601, required)' },
+          calendars: { type: 'string', description: 'Comma-separated calendar IDs (default: "primary")' },
+        },
+        required: ['timeMin', 'timeMax'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const calIds = (params.calendars || 'primary').split(',').map((c: string) => ({ id: c.trim() }));
+          const data = await gapi(token, '/freeBusy', {
+            method: 'POST',
+            body: { timeMin: params.timeMin, timeMax: params.timeMax, items: calIds },
+          });
+          const result: Record<string, any> = {};
+          for (const [calId, info] of Object.entries(data.calendars || {})) {
+            result[calId] = { busy: (info as any).busy || [], errors: (info as any).errors };
+          }
+          return jsonResult({ freeBusy: result, timeMin: params.timeMin, timeMax: params.timeMax });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+  ];
+}

package/src/agent-tools/tools/google/contacts.ts

@@ -0,0 +1,209 @@
+/**
+ * Google Contacts (People API) Tools
+ *
+ * Search, list, create, and update contacts via Google People API v1.
+ */
+
+import type { AnyAgentTool, ToolCreationOptions } from '../../types.js';
+import { jsonResult, errorResult } from '../../common.js';
+import type { GoogleToolsConfig } from './index.js';
+
+const BASE = 'https://people.googleapis.com/v1';
+
+async function papi(token: string, path: string, opts?: { method?: string; body?: any; query?: Record<string, string> }): Promise<any> {
+  const url = new URL(BASE + path);
+  if (opts?.query) for (const [k, v] of Object.entries(opts.query)) { if (v) url.searchParams.set(k, v); }
+  const res = await fetch(url.toString(), {
+    method: opts?.method || 'GET',
+    headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
+    body: opts?.body ? JSON.stringify(opts.body) : undefined,
+  });
+  if (!res.ok) { const err = await res.text(); throw new Error(`People API ${res.status}: ${err}`); }
+  return res.json();
+}
+
+function mapPerson(p: any) {
+  return {
+    resourceName: p.resourceName,
+    name: p.names?.[0]?.displayName,
+    firstName: p.names?.[0]?.givenName,
+    lastName: p.names?.[0]?.familyName,
+    emails: (p.emailAddresses || []).map((e: any) => ({ value: e.value, type: e.type })),
+    phones: (p.phoneNumbers || []).map((ph: any) => ({ value: ph.value, type: ph.type })),
+    organization: p.organizations?.[0]?.name,
+    jobTitle: p.organizations?.[0]?.title,
+    department: p.organizations?.[0]?.department,
+    addresses: (p.addresses || []).map((a: any) => ({ formatted: a.formattedValue, type: a.type })),
+    birthday: p.birthdays?.[0]?.date ? `${p.birthdays[0].date.year || '????'}-${String(p.birthdays[0].date.month).padStart(2, '0')}-${String(p.birthdays[0].date.day).padStart(2, '0')}` : undefined,
+    notes: p.biographies?.[0]?.value,
+  };
+}
+
+const PERSON_FIELDS = 'names,emailAddresses,phoneNumbers,organizations,addresses,birthdays,biographies';
+
+export function createGoogleContactsTools(config: GoogleToolsConfig, _options?: ToolCreationOptions): AnyAgentTool[] {
+  const tp = config.tokenProvider;
+  return [
+    {
+      name: 'google_contacts_list',
+      description: 'List contacts from the agent\'s Google directory. Returns names, emails, phones, organizations.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          maxResults: { type: 'number', description: 'Max contacts to return (default: 50, max: 200)' },
+          sortOrder: { type: 'string', description: '"FIRST_NAME_ASCENDING" or "LAST_NAME_ASCENDING"' },
+        },
+        required: [],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const data = await papi(token, '/people/me/connections', {
+            query: {
+              personFields: PERSON_FIELDS,
+              pageSize: String(Math.min(params.maxResults || 50, 200)),
+              sortOrder: params.sortOrder || 'FIRST_NAME_ASCENDING',
+            },
+          });
+          const contacts = (data.connections || []).map(mapPerson);
+          return jsonResult({ contacts, count: contacts.length, totalPeople: data.totalPeople });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_contacts_search',
+      description: 'Search contacts by name, email, or phone number.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          query: { type: 'string', description: 'Search term (required)' },
+          maxResults: { type: 'number', description: 'Max results (default: 20)' },
+        },
+        required: ['query'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const data = await papi(token, '/people:searchContacts', {
+            query: {
+              query: params.query,
+              readMask: PERSON_FIELDS,
+              pageSize: String(Math.min(params.maxResults || 20, 30)),
+            },
+          });
+          const contacts = (data.results || []).map((r: any) => mapPerson(r.person));
+          return jsonResult({ contacts, count: contacts.length, query: params.query });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_contacts_search_directory',
+      description: 'Search the organization\'s Google Workspace directory (all employees). Requires domain-wide access.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          query: { type: 'string', description: 'Search term (required)' },
+          maxResults: { type: 'number', description: 'Max results (default: 20)' },
+        },
+        required: ['query'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const data = await papi(token, '/people:searchDirectoryPeople', {
+            query: {
+              query: params.query,
+              readMask: PERSON_FIELDS,
+              pageSize: String(Math.min(params.maxResults || 20, 50)),
+              sources: 'DIRECTORY_SOURCE_TYPE_DOMAIN_PROFILE',
+            },
+          });
+          const people = (data.people || []).map(mapPerson);
+          return jsonResult({ people, count: people.length, query: params.query });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_contacts_create',
+      description: 'Create a new contact in the agent\'s Google Contacts.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          firstName: { type: 'string', description: 'First name (required)' },
+          lastName: { type: 'string', description: 'Last name' },
+          email: { type: 'string', description: 'Email address' },
+          phone: { type: 'string', description: 'Phone number' },
+          organization: { type: 'string', description: 'Company/organization name' },
+          jobTitle: { type: 'string', description: 'Job title' },
+          notes: { type: 'string', description: 'Notes about this contact' },
+        },
+        required: ['firstName'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const person: any = { names: [{ givenName: params.firstName, familyName: params.lastName }] };
+          if (params.email) person.emailAddresses = [{ value: params.email, type: 'work' }];
+          if (params.phone) person.phoneNumbers = [{ value: params.phone, type: 'work' }];
+          if (params.organization || params.jobTitle) {
+            person.organizations = [{ name: params.organization, title: params.jobTitle }];
+          }
+          if (params.notes) person.biographies = [{ value: params.notes, contentType: 'TEXT_PLAIN' }];
+          const result = await papi(token, '/people:createContact', {
+            method: 'POST', body: person,
+            query: { personFields: PERSON_FIELDS },
+          });
+          return jsonResult({ created: true, contact: mapPerson(result) });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+    {
+      name: 'google_contacts_update',
+      description: 'Update an existing contact.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          resourceName: { type: 'string', description: 'Contact resource name, e.g. "people/c1234567890" (required)' },
+          firstName: { type: 'string', description: 'New first name' },
+          lastName: { type: 'string', description: 'New last name' },
+          email: { type: 'string', description: 'New email' },
+          phone: { type: 'string', description: 'New phone' },
+          organization: { type: 'string', description: 'New organization' },
+          jobTitle: { type: 'string', description: 'New job title' },
+        },
+        required: ['resourceName'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          // Get current etag
+          const current = await papi(token, `/${params.resourceName}`, {
+            query: { personFields: PERSON_FIELDS },
+          });
+          const person: any = { etag: current.etag };
+          const updateFields: string[] = [];
+          if (params.firstName || params.lastName) {
+            person.names = [{ givenName: params.firstName || current.names?.[0]?.givenName, familyName: params.lastName || current.names?.[0]?.familyName }];
+            updateFields.push('names');
+          }
+          if (params.email) { person.emailAddresses = [{ value: params.email, type: 'work' }]; updateFields.push('emailAddresses'); }
+          if (params.phone) { person.phoneNumbers = [{ value: params.phone, type: 'work' }]; updateFields.push('phoneNumbers'); }
+          if (params.organization || params.jobTitle) {
+            person.organizations = [{ name: params.organization || current.organizations?.[0]?.name, title: params.jobTitle || current.organizations?.[0]?.title }];
+            updateFields.push('organizations');
+          }
+          const result = await papi(token, `/${params.resourceName}:updateContact`, {
+            method: 'PATCH', body: person,
+            query: { updatePersonFields: updateFields.join(','), personFields: PERSON_FIELDS },
+          });
+          return jsonResult({ updated: true, contact: mapPerson(result) });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+  ];
+}