npm - @agentlensai/server - Versions diffs - 0.3.0 → 0.6.0 - Mend

@agentlensai/server 0.3.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/dist/db/embedding-store.d.ts +74 -0
package/dist/db/embedding-store.d.ts.map +1 -0
package/dist/db/embedding-store.js +177 -0
package/dist/db/embedding-store.js.map +1 -0
package/dist/db/health-snapshot-store.d.ts +33 -0
package/dist/db/health-snapshot-store.d.ts.map +1 -0
package/dist/db/health-snapshot-store.js +112 -0
package/dist/db/health-snapshot-store.js.map +1 -0
package/dist/db/lesson-store.d.ts +57 -0
package/dist/db/lesson-store.d.ts.map +1 -0
package/dist/db/lesson-store.js +217 -0
package/dist/db/lesson-store.js.map +1 -0
package/dist/db/migrate.d.ts.map +1 -1
package/dist/db/migrate.js +256 -8
package/dist/db/migrate.js.map +1 -1
package/dist/db/schema.sqlite.d.ts +822 -47
package/dist/db/schema.sqlite.d.ts.map +1 -1
package/dist/db/schema.sqlite.js +79 -4
package/dist/db/schema.sqlite.js.map +1 -1
package/dist/db/session-summary-store.d.ts +45 -0
package/dist/db/session-summary-store.d.ts.map +1 -0
package/dist/db/session-summary-store.js +112 -0
package/dist/db/session-summary-store.js.map +1 -0
package/dist/db/sqlite-store.d.ts +19 -12
package/dist/db/sqlite-store.d.ts.map +1 -1
package/dist/db/sqlite-store.js +145 -44
package/dist/db/sqlite-store.js.map +1 -1
package/dist/db/tenant-scoped-store.d.ts +61 -0
package/dist/db/tenant-scoped-store.d.ts.map +1 -0
package/dist/db/tenant-scoped-store.js +94 -0
package/dist/db/tenant-scoped-store.js.map +1 -0
package/dist/index.d.ts +18 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +78 -5
package/dist/index.js.map +1 -1
package/dist/lib/alert-engine.d.ts +11 -0
package/dist/lib/alert-engine.d.ts.map +1 -1
package/dist/lib/alert-engine.js +65 -24
package/dist/lib/alert-engine.js.map +1 -1
package/dist/lib/analysis/cost-analysis.d.ts +20 -0
package/dist/lib/analysis/cost-analysis.d.ts.map +1 -0
package/dist/lib/analysis/cost-analysis.js +161 -0
package/dist/lib/analysis/cost-analysis.js.map +1 -0
package/dist/lib/analysis/error-patterns.d.ts +26 -0
package/dist/lib/analysis/error-patterns.d.ts.map +1 -0
package/dist/lib/analysis/error-patterns.js +158 -0
package/dist/lib/analysis/error-patterns.js.map +1 -0
package/dist/lib/analysis/index.d.ts +23 -0
package/dist/lib/analysis/index.d.ts.map +1 -0
package/dist/lib/analysis/index.js +144 -0
package/dist/lib/analysis/index.js.map +1 -0
package/dist/lib/analysis/performance-trends.d.ts +19 -0
package/dist/lib/analysis/performance-trends.d.ts.map +1 -0
package/dist/lib/analysis/performance-trends.js +121 -0
package/dist/lib/analysis/performance-trends.js.map +1 -0
package/dist/lib/analysis/tool-sequences.d.ts +19 -0
package/dist/lib/analysis/tool-sequences.d.ts.map +1 -0
package/dist/lib/analysis/tool-sequences.js +148 -0
package/dist/lib/analysis/tool-sequences.js.map +1 -0
package/dist/lib/context/index.d.ts +5 -0
package/dist/lib/context/index.d.ts.map +1 -0
package/dist/lib/context/index.js +5 -0
package/dist/lib/context/index.js.map +1 -0
package/dist/lib/context/retrieval.d.ts +60 -0
package/dist/lib/context/retrieval.d.ts.map +1 -0
package/dist/lib/context/retrieval.js +233 -0
package/dist/lib/context/retrieval.js.map +1 -0
package/dist/lib/embeddings/index.d.ts +31 -0
package/dist/lib/embeddings/index.d.ts.map +1 -0
package/dist/lib/embeddings/index.js +31 -0
package/dist/lib/embeddings/index.js.map +1 -0
package/dist/lib/embeddings/local.d.ts +15 -0
package/dist/lib/embeddings/local.d.ts.map +1 -0
package/dist/lib/embeddings/local.js +65 -0
package/dist/lib/embeddings/local.js.map +1 -0
package/dist/lib/embeddings/math.d.ts +13 -0
package/dist/lib/embeddings/math.d.ts.map +1 -0
package/dist/lib/embeddings/math.js +35 -0
package/dist/lib/embeddings/math.js.map +1 -0
package/dist/lib/embeddings/openai.d.ts +15 -0
package/dist/lib/embeddings/openai.d.ts.map +1 -0
package/dist/lib/embeddings/openai.js +58 -0
package/dist/lib/embeddings/openai.js.map +1 -0
package/dist/lib/embeddings/summarizer.d.ts +26 -0
package/dist/lib/embeddings/summarizer.d.ts.map +1 -0
package/dist/lib/embeddings/summarizer.js +181 -0
package/dist/lib/embeddings/summarizer.js.map +1 -0
package/dist/lib/embeddings/types.d.ts +17 -0
package/dist/lib/embeddings/types.d.ts.map +1 -0
package/dist/lib/embeddings/types.js +5 -0
package/dist/lib/embeddings/types.js.map +1 -0
package/dist/lib/embeddings/worker.d.ts +56 -0
package/dist/lib/embeddings/worker.d.ts.map +1 -0
package/dist/lib/embeddings/worker.js +109 -0
package/dist/lib/embeddings/worker.js.map +1 -0
package/dist/lib/health/computer.d.ts +28 -0
package/dist/lib/health/computer.d.ts.map +1 -0
package/dist/lib/health/computer.js +270 -0
package/dist/lib/health/computer.js.map +1 -0
package/dist/lib/optimization/classifier.d.ts +34 -0
package/dist/lib/optimization/classifier.d.ts.map +1 -0
package/dist/lib/optimization/classifier.js +108 -0
package/dist/lib/optimization/classifier.js.map +1 -0
package/dist/lib/optimization/engine.d.ts +24 -0
package/dist/lib/optimization/engine.d.ts.map +1 -0
package/dist/lib/optimization/engine.js +202 -0
package/dist/lib/optimization/engine.js.map +1 -0
package/dist/lib/optimization/index.d.ts +10 -0
package/dist/lib/optimization/index.d.ts.map +1 -0
package/dist/lib/optimization/index.js +9 -0
package/dist/lib/optimization/index.js.map +1 -0
package/dist/lib/sse.d.ts +1 -0
package/dist/lib/sse.d.ts.map +1 -1
package/dist/lib/sse.js +8 -1
package/dist/lib/sse.js.map +1 -1
package/dist/middleware/auth.d.ts +1 -0
package/dist/middleware/auth.d.ts.map +1 -1
package/dist/middleware/auth.js +2 -1
package/dist/middleware/auth.js.map +1 -1
package/dist/routes/agents.d.ts.map +1 -1
package/dist/routes/agents.js +6 -3
package/dist/routes/agents.js.map +1 -1
package/dist/routes/alerts.d.ts.map +1 -1
package/dist/routes/alerts.js +15 -7
package/dist/routes/alerts.js.map +1 -1
package/dist/routes/analytics.d.ts.map +1 -1
package/dist/routes/analytics.js +16 -2
package/dist/routes/analytics.js.map +1 -1
package/dist/routes/api-keys.d.ts.map +1 -1
package/dist/routes/api-keys.js +30 -5
package/dist/routes/api-keys.js.map +1 -1
package/dist/routes/context.d.ts +23 -0
package/dist/routes/context.d.ts.map +1 -0
package/dist/routes/context.js +52 -0
package/dist/routes/context.js.map +1 -0
package/dist/routes/events.d.ts +6 -1
package/dist/routes/events.d.ts.map +1 -1
package/dist/routes/events.js +61 -6
package/dist/routes/events.js.map +1 -1
package/dist/routes/health.d.ts +21 -0
package/dist/routes/health.d.ts.map +1 -0
package/dist/routes/health.js +142 -0
package/dist/routes/health.js.map +1 -0
package/dist/routes/ingest.d.ts +6 -0
package/dist/routes/ingest.d.ts.map +1 -1
package/dist/routes/ingest.js +23 -4
package/dist/routes/ingest.js.map +1 -1
package/dist/routes/lessons.d.ts +19 -0
package/dist/routes/lessons.d.ts.map +1 -0
package/dist/routes/lessons.js +164 -0
package/dist/routes/lessons.js.map +1 -0
package/dist/routes/optimize.d.ts +15 -0
package/dist/routes/optimize.d.ts.map +1 -0
package/dist/routes/optimize.js +55 -0
package/dist/routes/optimize.js.map +1 -0
package/dist/routes/recall.d.ts +22 -0
package/dist/routes/recall.d.ts.map +1 -0
package/dist/routes/recall.js +91 -0
package/dist/routes/recall.js.map +1 -0
package/dist/routes/reflect.d.ts +15 -0
package/dist/routes/reflect.d.ts.map +1 -0
package/dist/routes/reflect.js +54 -0
package/dist/routes/reflect.js.map +1 -0
package/dist/routes/sessions.d.ts.map +1 -1
package/dist/routes/sessions.js +8 -6
package/dist/routes/sessions.js.map +1 -1
package/dist/routes/stats.d.ts.map +1 -1
package/dist/routes/stats.js +3 -1
package/dist/routes/stats.js.map +1 -1
package/dist/routes/stream.d.ts +9 -2
package/dist/routes/stream.d.ts.map +1 -1
package/dist/routes/stream.js +55 -2
package/dist/routes/stream.js.map +1 -1
package/dist/routes/tenant-helper.d.ts +20 -0
package/dist/routes/tenant-helper.d.ts.map +1 -0
package/dist/routes/tenant-helper.js +35 -0
package/dist/routes/tenant-helper.js.map +1 -0
package/package.json +11 -11
package/LICENSE +0 -21
package/dist/__tests__/agents-stats.test.d.ts +0 -5
package/dist/__tests__/agents-stats.test.d.ts.map +0 -1
package/dist/__tests__/agents-stats.test.js +0 -134
package/dist/__tests__/agents-stats.test.js.map +0 -1
package/dist/__tests__/alerts.test.d.ts +0 -5
package/dist/__tests__/alerts.test.d.ts.map +0 -1
package/dist/__tests__/alerts.test.js +0 -245
package/dist/__tests__/alerts.test.js.map +0 -1
package/dist/__tests__/analytics.test.d.ts +0 -5
package/dist/__tests__/analytics.test.d.ts.map +0 -1
package/dist/__tests__/analytics.test.js +0 -218
package/dist/__tests__/analytics.test.js.map +0 -1
package/dist/__tests__/api-keys.test.d.ts +0 -5
package/dist/__tests__/api-keys.test.d.ts.map +0 -1
package/dist/__tests__/api-keys.test.js +0 -118
package/dist/__tests__/api-keys.test.js.map +0 -1
package/dist/__tests__/auth-no-db.test.d.ts +0 -2
package/dist/__tests__/auth-no-db.test.d.ts.map +0 -1
package/dist/__tests__/auth-no-db.test.js +0 -43
package/dist/__tests__/auth-no-db.test.js.map +0 -1
package/dist/__tests__/auth.test.d.ts +0 -5
package/dist/__tests__/auth.test.d.ts.map +0 -1
package/dist/__tests__/auth.test.js +0 -86
package/dist/__tests__/auth.test.js.map +0 -1
package/dist/__tests__/config.test.d.ts +0 -2
package/dist/__tests__/config.test.d.ts.map +0 -1
package/dist/__tests__/config.test.js +0 -37
package/dist/__tests__/config.test.js.map +0 -1
package/dist/__tests__/events-ingest.test.d.ts +0 -5
package/dist/__tests__/events-ingest.test.d.ts.map +0 -1
package/dist/__tests__/events-ingest.test.js +0 -248
package/dist/__tests__/events-ingest.test.js.map +0 -1
package/dist/__tests__/events-query.test.d.ts +0 -5
package/dist/__tests__/events-query.test.d.ts.map +0 -1
package/dist/__tests__/events-query.test.js +0 -205
package/dist/__tests__/events-query.test.js.map +0 -1
package/dist/__tests__/health.test.d.ts +0 -5
package/dist/__tests__/health.test.d.ts.map +0 -1
package/dist/__tests__/health.test.js +0 -40
package/dist/__tests__/health.test.js.map +0 -1
package/dist/__tests__/ingest.test.d.ts +0 -8
package/dist/__tests__/ingest.test.d.ts.map +0 -1
package/dist/__tests__/ingest.test.js +0 -469
package/dist/__tests__/ingest.test.js.map +0 -1
package/dist/__tests__/llm-tracking.test.d.ts +0 -10
package/dist/__tests__/llm-tracking.test.d.ts.map +0 -1
package/dist/__tests__/llm-tracking.test.js +0 -602
package/dist/__tests__/llm-tracking.test.js.map +0 -1
package/dist/__tests__/sessions.test.d.ts +0 -5
package/dist/__tests__/sessions.test.d.ts.map +0 -1
package/dist/__tests__/sessions.test.js +0 -176
package/dist/__tests__/sessions.test.js.map +0 -1
package/dist/__tests__/stream.test.d.ts +0 -5
package/dist/__tests__/stream.test.d.ts.map +0 -1
package/dist/__tests__/stream.test.js +0 -352
package/dist/__tests__/stream.test.js.map +0 -1
package/dist/__tests__/test-helpers.d.ts +0 -24
package/dist/__tests__/test-helpers.d.ts.map +0 -1
package/dist/__tests__/test-helpers.js +0 -45
package/dist/__tests__/test-helpers.js.map +0 -1
package/dist/db/__tests__/init.test.d.ts +0 -2
package/dist/db/__tests__/init.test.d.ts.map +0 -1
package/dist/db/__tests__/init.test.js +0 -73
package/dist/db/__tests__/init.test.js.map +0 -1
package/dist/db/__tests__/sqlite-store-read.test.d.ts +0 -2
package/dist/db/__tests__/sqlite-store-read.test.d.ts.map +0 -1
package/dist/db/__tests__/sqlite-store-read.test.js +0 -749
package/dist/db/__tests__/sqlite-store-read.test.js.map +0 -1
package/dist/db/__tests__/sqlite-store-write.test.d.ts +0 -2
package/dist/db/__tests__/sqlite-store-write.test.d.ts.map +0 -1
package/dist/db/__tests__/sqlite-store-write.test.js +0 -418
package/dist/db/__tests__/sqlite-store-write.test.js.map +0 -1
package/dist/lib/__tests__/alert-engine.test.d.ts +0 -5
package/dist/lib/__tests__/alert-engine.test.d.ts.map +0 -1
package/dist/lib/__tests__/alert-engine.test.js +0 -211
package/dist/lib/__tests__/alert-engine.test.js.map +0 -1
package/dist/lib/__tests__/retention.test.d.ts +0 -2
package/dist/lib/__tests__/retention.test.d.ts.map +0 -1
package/dist/lib/__tests__/retention.test.js +0 -238
package/dist/lib/__tests__/retention.test.js.map +0 -1

package/dist/db/sqlite-store.js CHANGED Viewed

@@ -34,6 +34,16 @@ export class SqliteEventStore {
     constructor(db) {
         this.db = db;
     }
+    /**
+     * Defense-in-depth: warn when a query method is called without tenantId.
+     * This helps catch missing tenant scoping in call chains.
+     */
+    warnIfNoTenant(method, tenantId) {
+        if (tenantId === undefined) {
+            console.warn(`[SqliteEventStore] ${method}() called without tenantId — query is unscoped. ` +
+                `Ensure tenant isolation is applied upstream (via TenantScopedStore).`);
+        }
+    }
     // ─── Events — Write ────────────────────────────────────────
     async insertEvents(eventList) {
         if (eventList.length === 0)
@@ -42,6 +52,7 @@ export class SqliteEventStore {
         this.db.transaction((tx) => {
             // CRITICAL 3: Validate hash chain before inserting
             const firstEvent = eventList[0];
+            const tenantId = firstEvent.tenantId ?? 'default';
             // Check if the first event already exists (idempotent re-insert)
             const existingFirst = tx
                 .select({ id: events.id })
@@ -53,7 +64,7 @@ export class SqliteEventStore {
                 const lastStoredEvent = tx
                     .select({ hash: events.hash })
                     .from(events)
-                    .where(eq(events.sessionId, firstEvent.sessionId))
+                    .where(and(eq(events.sessionId, firstEvent.sessionId), eq(events.tenantId, tenantId)))
                     .orderBy(desc(events.timestamp), desc(events.id))
                     .limit(1)
                     .get();
@@ -103,17 +114,18 @@ export class SqliteEventStore {
                     metadata: JSON.stringify(event.metadata),
                     prevHash: event.prevHash,
                     hash: event.hash,
+                    tenantId,
                 })
                     .onConflictDoNothing({ target: events.id })
                     .run();
                 // Handle session management
-                this._handleSessionUpdate(tx, event);
+                this._handleSessionUpdate(tx, event, tenantId);
                 // Handle agent auto-creation
-                this._handleAgentUpsert(tx, event);
+                this._handleAgentUpsert(tx, event, tenantId);
             }
         });
     }
-    _handleSessionUpdate(tx, event) {
+    _handleSessionUpdate(tx, event, tenantId) {
         if (event.eventType === 'session_started') {
             // Create new session
             const payload = event.payload;
@@ -132,9 +144,10 @@ export class SqliteEventStore {
                 errorCount: 0,
                 totalCostUsd: 0,
                 tags: JSON.stringify(tags),
+                tenantId,
             })
                 .onConflictDoUpdate({
-                target: sessions.id,
+                target: [sessions.id, sessions.tenantId],
                 set: {
                     agentName: agentName ?? sql `coalesce(${sessions.agentName}, NULL)`,
                     status: 'active',
@@ -157,8 +170,9 @@ export class SqliteEventStore {
             errorCount: 0,
             totalCostUsd: 0,
             tags: '[]',
+            tenantId,
         })
-            .onConflictDoNothing({ target: sessions.id })
+            .onConflictDoNothing({ target: [sessions.id, sessions.tenantId] })
             .run();
         // Build incremental updates
         const isToolCall = event.eventType === 'tool_call';
@@ -186,7 +200,7 @@ export class SqliteEventStore {
                     ? sql `${sessions.errorCount} + 1`
                     : sessions.errorCount,
             })
-                .where(eq(sessions.id, event.sessionId))
+                .where(and(eq(sessions.id, event.sessionId), eq(sessions.tenantId, tenantId)))
                 .run();
             return;
         }
@@ -215,11 +229,12 @@ export class SqliteEventStore {
                 ? sql `${sessions.totalOutputTokens} + ${llmOutputTokens}`
                 : sessions.totalOutputTokens,
         })
-            .where(eq(sessions.id, event.sessionId))
+            .where(and(eq(sessions.id, event.sessionId), eq(sessions.tenantId, tenantId)))
             .run();
     }
-    _handleAgentUpsert(tx, event) {
+    _handleAgentUpsert(tx, event, tenantId) {
         // CRITICAL 4: Use INSERT ... ON CONFLICT DO UPDATE for agents
+        // Agents are scoped per tenant — use composite key (id + tenant_id)
         const payload = event.payload;
         const agentName = payload.agentName ?? event.agentId;
         tx.insert(agents)
@@ -229,9 +244,10 @@ export class SqliteEventStore {
             firstSeenAt: event.timestamp,
             lastSeenAt: event.timestamp,
             sessionCount: event.eventType === 'session_started' ? 1 : 0,
+            tenantId,
         })
             .onConflictDoUpdate({
-            target: agents.id,
+            target: [agents.id, agents.tenantId],
             set: {
                 lastSeenAt: event.timestamp,
                 sessionCount: event.eventType === 'session_started'
@@ -243,10 +259,11 @@ export class SqliteEventStore {
     }
     // ─── Sessions — Write ──────────────────────────────────────
     async upsertSession(session) {
+        const tenantId = session.tenantId ?? 'default';
         const existing = this.db
             .select()
             .from(sessions)
-            .where(eq(sessions.id, session.id))
+            .where(and(eq(sessions.id, session.id), eq(sessions.tenantId, tenantId)))
             .get();
         if (existing) {
             const updates = {};
@@ -280,7 +297,7 @@ export class SqliteEventStore {
                 this.db
                     .update(sessions)
                     .set(updates)
-                    .where(eq(sessions.id, session.id))
+                    .where(and(eq(sessions.id, session.id), eq(sessions.tenantId, tenantId)))
                     .run();
             }
         }
@@ -302,16 +319,18 @@ export class SqliteEventStore {
                 totalInputTokens: session.totalInputTokens ?? 0,
                 totalOutputTokens: session.totalOutputTokens ?? 0,
                 tags: JSON.stringify(session.tags ?? []),
+                tenantId,
             })
                 .run();
         }
     }
     // ─── Agents — Write ────────────────────────────────────────
     async upsertAgent(agent) {
+        const tenantId = agent.tenantId ?? 'default';
         const existing = this.db
             .select()
             .from(agents)
-            .where(eq(agents.id, agent.id))
+            .where(and(eq(agents.id, agent.id), eq(agents.tenantId, tenantId)))
             .get();
         if (existing) {
             const updates = {};
@@ -327,7 +346,7 @@ export class SqliteEventStore {
                 this.db
                     .update(agents)
                     .set(updates)
-                    .where(eq(agents.id, agent.id))
+                    .where(and(eq(agents.id, agent.id), eq(agents.tenantId, tenantId)))
                     .run();
             }
         }
@@ -342,6 +361,7 @@ export class SqliteEventStore {
                 firstSeenAt: agent.firstSeenAt ?? now,
                 lastSeenAt: agent.lastSeenAt ?? now,
                 sessionCount: agent.sessionCount ?? 0,
+                tenantId,
             })
                 .run();
         }
@@ -367,28 +387,38 @@ export class SqliteEventStore {
             hasMore: offset + rows.length < total,
         };
     }
-    async getEvent(id) {
+    async getEvent(id, tenantId) {
+        this.warnIfNoTenant('getEvent', tenantId);
+        const conditions = [eq(events.id, id)];
+        if (tenantId)
+            conditions.push(eq(events.tenantId, tenantId));
         const row = this.db
             .select()
             .from(events)
-            .where(eq(events.id, id))
+            .where(and(...conditions))
             .get();
         return row ? this._mapEventRow(row) : null;
     }
-    async getSessionTimeline(sessionId) {
+    async getSessionTimeline(sessionId, tenantId) {
+        const conditions = [eq(events.sessionId, sessionId)];
+        if (tenantId)
+            conditions.push(eq(events.tenantId, tenantId));
         const rows = this.db
             .select()
             .from(events)
-            .where(eq(events.sessionId, sessionId))
+            .where(and(...conditions))
             .orderBy(asc(events.timestamp))
             .all();
         return rows.map(this._mapEventRow);
     }
-    async getLastEventHash(sessionId) {
+    async getLastEventHash(sessionId, tenantId) {
+        const conditions = [eq(events.sessionId, sessionId)];
+        if (tenantId)
+            conditions.push(eq(events.tenantId, tenantId));
         const row = this.db
             .select({ hash: events.hash })
             .from(events)
-            .where(eq(events.sessionId, sessionId))
+            .where(and(...conditions))
             .orderBy(desc(events.timestamp), desc(events.id))
             .limit(1)
             .get();
@@ -405,6 +435,7 @@ export class SqliteEventStore {
     }
     // ─── Sessions — Read ───────────────────────────────────────
     async querySessions(query) {
+        this.warnIfNoTenant('querySessions', query.tenantId);
         const limit = Math.min(query.limit ?? 50, 500);
         const offset = query.offset ?? 0;
         const conditions = this._buildSessionConditions(query);
@@ -426,33 +457,43 @@ export class SqliteEventStore {
             total: totalResult?.count ?? 0,
         };
     }
-    async getSession(id) {
+    async getSession(id, tenantId) {
+        const conditions = [eq(sessions.id, id)];
+        if (tenantId)
+            conditions.push(eq(sessions.tenantId, tenantId));
         const row = this.db
             .select()
             .from(sessions)
-            .where(eq(sessions.id, id))
+            .where(and(...conditions))
             .get();
         return row ? this._mapSessionRow(row) : null;
     }
     // ─── Agents — Read ─────────────────────────────────────────
-    async listAgents() {
+    async listAgents(tenantId) {
+        this.warnIfNoTenant('listAgents', tenantId);
+        const conditions = tenantId ? [eq(agents.tenantId, tenantId)] : [];
         const rows = this.db
             .select()
             .from(agents)
+            .where(conditions.length > 0 ? and(...conditions) : undefined)
             .orderBy(desc(agents.lastSeenAt))
             .all();
         return rows.map(this._mapAgentRow);
     }
-    async getAgent(id) {
+    async getAgent(id, tenantId) {
+        const conditions = [eq(agents.id, id)];
+        if (tenantId)
+            conditions.push(eq(agents.tenantId, tenantId));
         const row = this.db
             .select()
             .from(agents)
-            .where(eq(agents.id, id))
+            .where(and(...conditions))
             .get();
         return row ? this._mapAgentRow(row) : null;
     }
     // ─── Analytics ─────────────────────────────────────────────
     async getAnalytics(params) {
+        this.warnIfNoTenant('getAnalytics', params.tenantId);
         // HIGH 5: Build the time-bucket format string for SQLite strftime
         const formatStr = params.granularity === 'hour'
             ? '%Y-%m-%dT%H:00:00Z'
@@ -482,6 +523,7 @@ export class SqliteEventStore {
           WHERE timestamp >= ${params.from}
             AND timestamp <= ${params.to}
             ${params.agentId ? sql `AND agent_id = ${params.agentId}` : sql ``}
+            ${params.tenantId ? sql `AND tenant_id = ${params.tenantId}` : sql ``}
           GROUP BY bucket
           ORDER BY bucket ASC
         `);
@@ -499,6 +541,7 @@ export class SqliteEventStore {
         WHERE timestamp >= ${params.from}
           AND timestamp <= ${params.to}
           ${params.agentId ? sql `AND agent_id = ${params.agentId}` : sql ``}
+          ${params.tenantId ? sql `AND tenant_id = ${params.tenantId}` : sql ``}
       `);
         return {
             buckets: bucketRows.map((row) => ({
@@ -536,11 +579,12 @@ export class SqliteEventStore {
             notifyChannels: JSON.stringify(rule.notifyChannels),
             createdAt: rule.createdAt,
             updatedAt: rule.updatedAt,
+            tenantId: rule.tenantId ?? 'default',
         })
             .run();
     }
     // HIGH 8: Check affected row count and throw NotFoundError when zero
-    async updateAlertRule(id, updates) {
+    async updateAlertRule(id, updates, tenantId) {
         const setValues = {};
         if (updates.name !== undefined)
             setValues.name = updates.name;
@@ -558,12 +602,15 @@ export class SqliteEventStore {
             setValues.notifyChannels = JSON.stringify(updates.notifyChannels);
         if (updates.updatedAt !== undefined)
             setValues.updatedAt = updates.updatedAt;
+        const whereConditions = [eq(alertRules.id, id)];
+        if (tenantId)
+            whereConditions.push(eq(alertRules.tenantId, tenantId));
         if (Object.keys(setValues).length === 0) {
             // Even with no actual updates, verify the rule exists
             const existing = this.db
                 .select({ id: alertRules.id })
                 .from(alertRules)
-                .where(eq(alertRules.id, id))
+                .where(and(...whereConditions))
                 .get();
             if (!existing) {
                 throw new NotFoundError(`Alert rule not found: ${id}`);
@@ -573,27 +620,39 @@ export class SqliteEventStore {
         const result = this.db
             .update(alertRules)
             .set(setValues)
-            .where(eq(alertRules.id, id))
+            .where(and(...whereConditions))
             .run();
         if (result.changes === 0) {
             throw new NotFoundError(`Alert rule not found: ${id}`);
         }
     }
-    async deleteAlertRule(id) {
-        const result = this.db.delete(alertRules).where(eq(alertRules.id, id)).run();
+    async deleteAlertRule(id, tenantId) {
+        const whereConditions = [eq(alertRules.id, id)];
+        if (tenantId)
+            whereConditions.push(eq(alertRules.tenantId, tenantId));
+        const result = this.db.delete(alertRules).where(and(...whereConditions)).run();
         if (result.changes === 0) {
             throw new NotFoundError(`Alert rule not found: ${id}`);
         }
     }
-    async listAlertRules() {
-        const rows = this.db.select().from(alertRules).all();
+    async listAlertRules(tenantId) {
+        this.warnIfNoTenant('listAlertRules', tenantId);
+        const conditions = tenantId ? [eq(alertRules.tenantId, tenantId)] : [];
+        const rows = this.db
+            .select()
+            .from(alertRules)
+            .where(conditions.length > 0 ? and(...conditions) : undefined)
+            .all();
         return rows.map(this._mapAlertRuleRow);
     }
-    async getAlertRule(id) {
+    async getAlertRule(id, tenantId) {
+        const conditions = [eq(alertRules.id, id)];
+        if (tenantId)
+            conditions.push(eq(alertRules.tenantId, tenantId));
         const row = this.db
             .select()
             .from(alertRules)
-            .where(eq(alertRules.id, id))
+            .where(and(...conditions))
             .get();
         return row ? this._mapAlertRuleRow(row) : null;
     }
@@ -609,6 +668,7 @@ export class SqliteEventStore {
             currentValue: entry.currentValue,
             threshold: entry.threshold,
             message: entry.message,
+            tenantId: entry.tenantId ?? 'default',
         })
             .run();
     }
@@ -619,6 +679,9 @@ export class SqliteEventStore {
         if (opts?.ruleId) {
             conditions.push(eq(alertHistory.ruleId, opts.ruleId));
         }
+        if (opts?.tenantId) {
+            conditions.push(eq(alertHistory.tenantId, opts.tenantId));
+        }
         const rows = this.db
             .select()
             .from(alertHistory)
@@ -641,54 +704,82 @@ export class SqliteEventStore {
                 currentValue: row.currentValue,
                 threshold: row.threshold,
                 message: row.message,
+                tenantId: row.tenantId,
             })),
             total: totalResult?.count ?? 0,
         };
     }
     // ─── Maintenance ───────────────────────────────────────────
-    async applyRetention(olderThan) {
+    async applyRetention(olderThan, tenantId) {
+        // Build conditions — always filter by timestamp, optionally by tenant
+        const countConditions = [lte(events.timestamp, olderThan)];
+        if (tenantId)
+            countConditions.push(eq(events.tenantId, tenantId));
         // Count events to be deleted
         const countResult = this.db
             .select({ count: drizzleCount() })
             .from(events)
-            .where(lte(events.timestamp, olderThan))
+            .where(and(...countConditions))
             .get();
         const deletedCount = countResult?.count ?? 0;
         if (deletedCount === 0)
             return { deletedCount: 0 };
         this.db.transaction((tx) => {
-            // Delete old events
-            tx.delete(events).where(lte(events.timestamp, olderThan)).run();
-            // Clean up sessions with no remaining events
-            tx.run(sql `
-        DELETE FROM sessions
-        WHERE id NOT IN (SELECT DISTINCT session_id FROM events)
-      `);
+            if (tenantId) {
+                // Tenant-scoped retention: only delete this tenant's old events
+                tx.delete(events)
+                    .where(and(lte(events.timestamp, olderThan), eq(events.tenantId, tenantId)))
+                    .run();
+                // Clean up this tenant's sessions that have no remaining events
+                tx.run(sql `
+          DELETE FROM sessions
+          WHERE tenant_id = ${tenantId}
+            AND id NOT IN (
+              SELECT DISTINCT session_id FROM events WHERE tenant_id = ${tenantId}
+            )
+        `);
+            }
+            else {
+                // Global retention (system-level, not exposed through TenantScopedStore)
+                tx.delete(events).where(lte(events.timestamp, olderThan)).run();
+                tx.run(sql `
+          DELETE FROM sessions
+          WHERE id NOT IN (SELECT DISTINCT session_id FROM events)
+        `);
+            }
         });
         return { deletedCount };
     }
-    async getStats() {
+    async getStats(tenantId) {
+        const eventConditions = tenantId ? [eq(events.tenantId, tenantId)] : [];
+        const sessionConditions = tenantId ? [eq(sessions.tenantId, tenantId)] : [];
+        const agentConditions = tenantId ? [eq(agents.tenantId, tenantId)] : [];
         const eventCount = this.db
             .select({ count: drizzleCount() })
             .from(events)
+            .where(eventConditions.length > 0 ? and(...eventConditions) : undefined)
             .get()?.count ?? 0;
         const sessionCount = this.db
             .select({ count: drizzleCount() })
             .from(sessions)
+            .where(sessionConditions.length > 0 ? and(...sessionConditions) : undefined)
             .get()?.count ?? 0;
         const agentCount = this.db
             .select({ count: drizzleCount() })
             .from(agents)
+            .where(agentConditions.length > 0 ? and(...agentConditions) : undefined)
             .get()?.count ?? 0;
         const oldest = this.db
             .select({ timestamp: events.timestamp })
             .from(events)
+            .where(eventConditions.length > 0 ? and(...eventConditions) : undefined)
             .orderBy(asc(events.timestamp))
             .limit(1)
             .get();
         const newest = this.db
             .select({ timestamp: events.timestamp })
             .from(events)
+            .where(eventConditions.length > 0 ? and(...eventConditions) : undefined)
             .orderBy(desc(events.timestamp))
             .limit(1)
             .get();
@@ -709,6 +800,9 @@ export class SqliteEventStore {
     // ─── Private Helpers ───────────────────────────────────────
     _buildEventConditions(query) {
         const conditions = [];
+        if (query.tenantId) {
+            conditions.push(eq(events.tenantId, query.tenantId));
+        }
         if (query.sessionId) {
             conditions.push(eq(events.sessionId, query.sessionId));
         }
@@ -750,6 +844,9 @@ export class SqliteEventStore {
     // HIGH 4: Use json_each() for exact tag matching with OR semantics
     _buildSessionConditions(query) {
         const conditions = [];
+        if (query.tenantId) {
+            conditions.push(eq(sessions.tenantId, query.tenantId));
+        }
         if (query.agentId) {
             conditions.push(eq(sessions.agentId, query.agentId));
         }
@@ -796,6 +893,7 @@ export class SqliteEventStore {
             metadata: safeJsonParse(row.metadata, {}),
             prevHash: row.prevHash,
             hash: row.hash,
+            tenantId: row.tenantId,
         };
     }
     _mapSessionRow(row) {
@@ -814,6 +912,7 @@ export class SqliteEventStore {
             totalInputTokens: row.totalInputTokens,
             totalOutputTokens: row.totalOutputTokens,
             tags: safeJsonParse(row.tags, []),
+            tenantId: row.tenantId,
         };
     }
     _mapAgentRow(row) {
@@ -824,6 +923,7 @@ export class SqliteEventStore {
             firstSeenAt: row.firstSeenAt,
             lastSeenAt: row.lastSeenAt,
             sessionCount: row.sessionCount,
+            tenantId: row.tenantId,
         };
     }
     _mapAlertRuleRow(row) {
@@ -838,6 +938,7 @@ export class SqliteEventStore {
             notifyChannels: safeJsonParse(row.notifyChannels, []),
             createdAt: row.createdAt,
             updatedAt: row.updatedAt,
+            tenantId: row.tenantId,
         };
     }
 }