@agentstep/agent-sdk 0.4.39 → 0.5.0

package/dist/{chunk-ZFJPOQSY.js → chunk-OZFSKR2W.js}

@@ -5,9 +5,11 @@ import {
 } from "./chunk-23UKWXJH.js";
 import {
   jsonOk,
+  paginatedOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
+  archiveVault,
   createVault,
   deleteEntry,
   deleteVault,
@@ -15,15 +17,16 @@ import {
   getVault,
   listEntries,
   listVaults,
-  setEntry
-} from "./chunk-ZVXIZ2JD.js";
+  setEntry,
+  updateVault
+} from "./chunk-VP527YC5.js";
 import {
   getAgent
-} from "./chunk-ZTH5JRZG.js";
+} from "./chunk-BCIFFAGW.js";
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   badRequest,
   conflict,
@@ -54,14 +57,17 @@ function maskValue(value) {
   return `${value.slice(0, 4)}****${value.slice(-2)}`;
 }
 var CreateVaultSchema = z.object({
-  agent_id: z.string().min(1),
+  agent_id: z.string().min(1).optional(),
   name: z.string().min(1).optional(),
   /** Anthropic-compatible alias for `name`. */
   display_name: z.string().min(1).optional(),
+  metadata: z.record(z.string().max(512)).optional(),
   /** v0.5: required for global admin, ignored for tenant users. */
   tenant_id: z.string().optional()
 }).refine((data) => data.name || data.display_name, {
   message: "Either name or display_name is required"
+}).refine((data) => !data.metadata || Object.keys(data.metadata).length <= 16, {
+  message: "metadata must have at most 16 key-value pairs"
 });
 var PutEntrySchema = z.object({
   value: z.string()
@@ -71,30 +77,37 @@ function handleCreateVault(request) {
     const body = await request.json();
     const parsed = CreateVaultSchema.safeParse(body);
     if (!parsed.success) throw badRequest(parsed.error.message);
-    const agentTenantId = getAgentTenantId(parsed.data.agent_id);
-    if (agentTenantId === void 0) {
-      throw notFound(`agent not found: ${parsed.data.agent_id}`);
-    }
-    assertResourceTenant(auth, agentTenantId, `agent not found: ${parsed.data.agent_id}`);
-    const agent = getAgent(parsed.data.agent_id);
-    if (!agent) throw notFound(`agent not found: ${parsed.data.agent_id}`);
-    const createTenantId = resolveCreateTenant(auth, parsed.data.tenant_id);
-    if (createTenantId !== agentTenantId) {
-      throw badRequest(
-        `vault tenant_id must match agent tenant_id (${agentTenantId})`
-      );
+    let createTenantId;
+    if (parsed.data.agent_id) {
+      const agentTenantId = getAgentTenantId(parsed.data.agent_id);
+      if (agentTenantId === void 0) {
+        throw notFound(`agent not found: ${parsed.data.agent_id}`);
+      }
+      assertResourceTenant(auth, agentTenantId, `agent not found: ${parsed.data.agent_id}`);
+      const agent = getAgent(parsed.data.agent_id);
+      if (!agent) throw notFound(`agent not found: ${parsed.data.agent_id}`);
+      createTenantId = resolveCreateTenant(auth, parsed.data.tenant_id);
+      if (createTenantId !== agentTenantId) {
+        throw badRequest(
+          `vault tenant_id must match agent tenant_id (${agentTenantId})`
+        );
+      }
+      const vaultName2 = parsed.data.name ?? parsed.data.display_name;
+      const existing = listVaults({ agent_id: parsed.data.agent_id, tenantFilter: tenantFilter(auth) });
+      if (existing.some((v) => v.name === vaultName2)) {
+        throw conflict(`Vault "${vaultName2}" already exists for this agent`);
+      }
+    } else {
+      createTenantId = resolveCreateTenant(auth, parsed.data.tenant_id);
     }
     const vaultName = parsed.data.name ?? parsed.data.display_name;
-    const existing = listVaults({ agent_id: parsed.data.agent_id, tenantFilter: tenantFilter(auth) });
-    if (existing.some((v) => v.name === vaultName)) {
-      throw conflict(`Vault "${vaultName}" already exists for this agent`);
-    }
     const vault = createVault({
-      agent_id: parsed.data.agent_id,
+      agent_id: parsed.data.agent_id ?? null,
       name: vaultName,
+      metadata: parsed.data.metadata,
       tenant_id: createTenantId
     });
-    return jsonOk({ ...vault, display_name: vault.name }, 201);
+    return jsonOk(vault, 201);
   });
 }
 function handleListVaults(request) {
@@ -103,12 +116,7 @@ function handleListVaults(request) {
     const agentId = url.searchParams.get("agent_id") ?? void 0;
     const requestedLimit = Number(url.searchParams.get("limit") || "100");
     const data = listVaults({ agent_id: agentId, tenantFilter: tenantFilter(auth) });
-    return jsonOk({
-      data,
-      has_more: data.length === requestedLimit,
-      first_id: data.length > 0 ? data[0].id : null,
-      last_id: data.length > 0 ? data[data.length - 1].id : null
-    });
+    return paginatedOk(data, requestedLimit);
   });
 }
 function handleGetVault(request, id) {
@@ -124,6 +132,35 @@ function handleDeleteVault(request, id) {
     return jsonOk({ id, type: "vault_deleted" });
   });
 }
+var UpdateVaultSchema = z.object({
+  display_name: z.string().min(1).max(255).optional(),
+  metadata: z.record(z.string().max(512)).optional()
+}).refine((data) => !data.metadata || Object.keys(data.metadata).length <= 16, {
+  message: "metadata must have at most 16 key-value pairs"
+});
+function handleUpdateVault(request, id) {
+  return routeWrap(request, async ({ auth }) => {
+    loadVaultForCaller(auth, id);
+    const body = await request.json();
+    const parsed = UpdateVaultSchema.safeParse(body);
+    if (!parsed.success) throw badRequest(parsed.error.message);
+    const vault = updateVault(id, {
+      display_name: parsed.data.display_name,
+      metadata: parsed.data.metadata
+    });
+    if (!vault) throw notFound(`vault not found: ${id}`);
+    return jsonOk(vault);
+  });
+}
+function handleArchiveVault(request, id) {
+  return routeWrap(request, async ({ auth }) => {
+    loadVaultForCaller(auth, id);
+    const ok = archiveVault(id);
+    if (!ok) throw notFound(`vault not found: ${id}`);
+    const vault = getVault(id);
+    return jsonOk(vault);
+  });
+}
 function handleListEntries(request, vaultId) {
   return routeWrap(request, async ({ auth }) => {
     loadVaultForCaller(auth, vaultId);
@@ -165,6 +202,8 @@ export {
   handleListVaults,
   handleGetVault,
   handleDeleteVault,
+  handleUpdateVault,
+  handleArchiveVault,
   handleListEntries,
   handleGetEntry,
   handlePutEntry,

package/dist/{chunk-3IV56JJW.js → chunk-P56WU3UT.js}

@@ -5,9 +5,10 @@ function buildOpencodeArgs(input) {
     args.push("--session", input.backendSessionId);
   }
   if (input.agent.model) {
+    const modelId = input.agent.model.id;
     const cloudPrefixes = ["claude-", "gpt-", "o1-", "o3-", "o4-", "codex-", "chatgpt-", "gemini-"];
-    const isOllama = !input.agent.model.includes("/") && !cloudPrefixes.some((p) => input.agent.model.startsWith(p));
-    const modelArg = isOllama ? `ollama/${input.agent.model}` : input.agent.model;
+    const isOllama = !modelId.includes("/") && !cloudPrefixes.some((p) => modelId.startsWith(p));
+    const modelArg = isOllama ? `ollama/${modelId}` : modelId;
     args.push("--model", modelArg);
   }
   return args;

package/dist/{chunk-NQX7WBA4.js → chunk-PJYCPDV5.js}

@@ -7,32 +7,37 @@ function buildCodexArgs(input) {
     "--skip-git-repo-check"
   ];
   if (input.agent.model) {
-    args.push("--model", input.agent.model);
+    const modelId = input.agent.model.id;
+    args.push("--model", modelId);
     const cloudPrefixes = ["claude-", "gpt-", "o1-", "o3-", "o4-", "codex-", "chatgpt-"];
-    const isOllama = !input.agent.model.includes("/") && !cloudPrefixes.some((p) => input.agent.model.startsWith(p));
+    const isOllama = !modelId.includes("/") && !cloudPrefixes.some((p) => modelId.startsWith(p));
     if (isOllama) {
       args.push("--oss", "--local-provider", "ollama");
     }
   }
   if (input.agent.mcp_servers) {
-    for (const [name, server] of Object.entries(input.agent.mcp_servers)) {
+    for (const server of input.agent.mcp_servers) {
+      const name = server.name;
       if (server.type) {
         args.push("-c", `mcp_servers.${name}.type="${server.type}"`);
       }
       if (server.url) {
         args.push("-c", `mcp_servers.${name}.url="${server.url}"`);
       }
-      if (typeof server.command === "string") {
-        args.push("-c", `mcp_servers.${name}.command="${server.command}"`);
+      const command = server.command;
+      if (typeof command === "string") {
+        args.push("-c", `mcp_servers.${name}.command="${command}"`);
       }
-      if (server.args && server.args.length > 0) {
+      const sArgs = server.args;
+      if (sArgs && sArgs.length > 0) {
         args.push(
           "-c",
-          `mcp_servers.${name}.args=${JSON.stringify(server.args)}`
+          `mcp_servers.${name}.args=${JSON.stringify(sArgs)}`
         );
       }
-      if (server.headers) {
-        for (const [hk, hv] of Object.entries(server.headers)) {
+      const headers = server.headers;
+      if (headers) {
+        for (const [hk, hv] of Object.entries(headers)) {
           args.push("-c", `mcp_servers.${name}.http_headers.${hk}="${hv}"`);
         }
       }

package/dist/{chunk-LMNFIJ6M.js → chunk-PN3AWRMX.js}

@@ -1,60 +1,60 @@
 import {
   runTurn
-} from "./chunk-DAVYI5H4.js";
+} from "./chunk-JLUCJMAQ.js";
 import {
   enqueueTurn
-} from "./chunk-2PPB644A.js";
+} from "./chunk-Z4LFLXRR.js";
 import {
   installOtlpExporter
-} from "./chunk-GVPJL3XS.js";
+} from "./chunk-JP7Y3TKK.js";
 import {
   redactAppendInput
-} from "./chunk-N3QIXC2B.js";
+} from "./chunk-Z6VZYRVN.js";
 import {
   createApiKey,
   listApiKeys
-} from "./chunk-USYY3L7G.js";
+} from "./chunk-T3FQPTOA.js";
 import {
   initSentry
 } from "./chunk-3MQ2FWXS.js";
 import {
   installShutdownHandlers
-} from "./chunk-34EB622U.js";
+} from "./chunk-64IQEPSD.js";
 import {
   runSweep
-} from "./chunk-3FDE3BPB.js";
+} from "./chunk-AB7MPL3H.js";
 import {
   fillWarmPools,
   reconcileDockerOrphanSandboxes,
   reconcileOrphanSandboxes
-} from "./chunk-N76ZVITA.js";
+} from "./chunk-JFOHGHW5.js";
 import {
   appendEvent,
   installPayloadRedactor
-} from "./chunk-MHBLVGRF.js";
+} from "./chunk-5MERXOLJ.js";
 import {
   setSessionSandbox
-} from "./chunk-3NK6YTA5.js";
+} from "./chunk-KUWJJD6O.js";
 import {
   readEnvValue,
   upsertEnvLine
 } from "./chunk-YPXI7Q2M.js";
 import {
   getLastUnprocessedUserMessage
-} from "./chunk-TH7WJLZC.js";
+} from "./chunk-KGBKIJPF.js";
 import {
   getBySession,
   register
 } from "./chunk-EFOIR7R3.js";
 import {
   resolveContainerProvider
-} from "./chunk-WPK4ZPMG.js";
+} from "./chunk-UE6DNLSV.js";
 import {
   getEnvironment
-} from "./chunk-X6IQ57SC.js";
+} from "./chunk-H6OT5GUL.js";
 import {
   getConfig
-} from "./chunk-V7MTIMPB.js";
+} from "./chunk-X6QIWZ33.js";
 import {
   init_clock,
   nowMs
@@ -62,7 +62,7 @@ import {
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   getRuntime
 } from "./chunk-UYTSKFGK.js";

package/dist/{chunk-ZMNQ2YJ6.js → chunk-PNZF7HIU.js}

@@ -1,7 +1,7 @@
 import {
   buildClaudeArgs,
   buildClaudeAuthEnv
-} from "./chunk-S7W3KJYH.js";
+} from "./chunk-GIMDS46L.js";
 import {
   PERMISSION_BRIDGE_DIR,
   PERMISSION_HOOK_SCRIPT_PATH,
@@ -25,7 +25,7 @@ import {
 } from "./chunk-IU457W7Q.js";
 import {
   getConfig
-} from "./chunk-V7MTIMPB.js";
+} from "./chunk-X6QIWZ33.js";
 
 // src/backends/claude/index.ts
 function buildTurn(input) {
@@ -38,7 +38,7 @@ function buildTurn(input) {
   const env = buildClaudeAuthEnv();
   const customTools = agent.tools.filter((t) => t.type === "custom");
   const hasBridgeTools = customTools.length > 0 || agent.threads_enabled;
-  if (hasBridgeTools || agent.mcp_servers && Object.keys(agent.mcp_servers).length > 0) {
+  if (hasBridgeTools || agent.mcp_servers && agent.mcp_servers.length > 0) {
     const mcpIdx = argsBase.indexOf("--mcp-config");
     let existingServers = {};
     if (mcpIdx >= 0 && mcpIdx + 1 < argsBase.length) {

package/dist/{chunk-R5T4LJSK.js → chunk-PZNAQBHQ.js}

@@ -1,11 +1,11 @@
 import {
   init_schema,
   schema_exports
-} from "./chunk-ZMJ4EP4C.js";
+} from "./chunk-ILHIHMO3.js";
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   __esm
 } from "./chunk-2ESYSVXG.js";

package/dist/{chunk-RH4GKU52.js → chunk-QTXAWC5J.js}

@@ -4,13 +4,13 @@ import {
 } from "./chunk-D2XITRN6.js";
 import {
   authenticateAndIntercept
-} from "./chunk-WQARLGBG.js";
+} from "./chunk-GCQDNUS2.js";
 import {
   checkAndBump
 } from "./chunk-HVUWXUUI.js";
 import {
   ensureInitialized
-} from "./chunk-LMNFIJ6M.js";
+} from "./chunk-PN3AWRMX.js";
 import {
   captureException
 } from "./chunk-3MQ2FWXS.js";
@@ -64,8 +64,23 @@ async function routeWrap(request, handler) {
 function jsonOk(body, status = 200) {
   return Response.json(body, { status });
 }
+function paginatedOk(data, requestedLimit) {
+  const hasMore = data.length === requestedLimit;
+  const nextPage = hasMore && data.length > 0 ? Buffer.from(data[data.length - 1].id).toString("base64url") : null;
+  return jsonOk({ data, next_page: nextPage });
+}
+function decodeCursor(page) {
+  if (!page) return void 0;
+  try {
+    return Buffer.from(page, "base64url").toString("utf8");
+  } catch {
+    return void 0;
+  }
+}
 
 export {
   routeWrap,
-  jsonOk
+  jsonOk,
+  paginatedOk,
+  decodeCursor
 };

package/dist/{chunk-2I35VGHX.js → chunk-R3QHLKJG.js}

@@ -1,10 +1,10 @@
 import {
   buildCodexArgs
-} from "./chunk-NQX7WBA4.js";
+} from "./chunk-PJYCPDV5.js";
 import {
   buildCodexAuthEnv,
   validateCodexRuntime
-} from "./chunk-6IYCBW4J.js";
+} from "./chunk-WEC625LQ.js";
 import {
   prepareCodexOnSandbox
 } from "./chunk-M2LUXIXU.js";

package/dist/{chunk-OGJUSGF7.js → chunk-R6EEBWM3.js}

@@ -1,6 +1,6 @@
 import {
   getConfig
-} from "./chunk-V7MTIMPB.js";
+} from "./chunk-X6QIWZ33.js";
 
 // src/backends/opencode/auth.ts
 function buildOpencodeAuthEnv() {

package/dist/{chunk-V66YKIW6.js → chunk-RYJXSXCV.js}

@@ -4,14 +4,14 @@ import {
 import {
   jsonOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
   getProxiedTenantId
-} from "./chunk-E7DD7F7J.js";
+} from "./chunk-5U5LRAFJ.js";
 import {
   getSession,
   updateSessionResources
-} from "./chunk-3NK6YTA5.js";
+} from "./chunk-KUWJJD6O.js";
 import {
   countResources,
   createResource,
@@ -19,11 +19,11 @@ import {
   getResource,
   init_session_resources,
   listResources
-} from "./chunk-5EKQBD2H.js";
+} from "./chunk-FCUXFLNK.js";
 import {
   getDb,
   init_client
-} from "./chunk-6POQAFEC.js";
+} from "./chunk-W3JMIUHV.js";
 import {
   badRequest,
   notFound

package/dist/{chunk-CHDQ3HIR.js → chunk-S7DFMJR5.js}

@@ -1,17 +1,18 @@
 import {
   loadVaultForCaller
-} from "./chunk-ZFJPOQSY.js";
+} from "./chunk-OZFSKR2W.js";
 import {
   jsonOk,
+  paginatedOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 import {
   createCredential,
   deleteCredential,
   getCredential,
   listCredentials,
   updateCredential
-} from "./chunk-L5RW66H5.js";
+} from "./chunk-HVLYE4S5.js";
 import {
   badRequest,
   conflict,
@@ -123,12 +124,7 @@ function handleListCredentials(request, vaultId) {
     const url = new URL(req.url);
     const requestedLimit = Number(url.searchParams.get("limit") || "100");
     const data = listCredentials(vaultId);
-    return jsonOk({
-      data,
-      has_more: data.length === requestedLimit,
-      first_id: data.length > 0 ? data[0].id : null,
-      last_id: data.length > 0 ? data[data.length - 1].id : null
-    });
+    return paginatedOk(data, requestedLimit);
   });
 }
 function handleGetCredential(request, vaultId, credentialId) {

package/dist/{chunk-V2R7RWVY.js → chunk-STJNO6SL.js}

@@ -1,6 +1,6 @@
 import {
   getConfig
-} from "./chunk-V7MTIMPB.js";
+} from "./chunk-X6QIWZ33.js";
 
 // src/backends/gemini/auth.ts
 function buildGeminiAuthEnv() {

package/dist/{chunk-USYY3L7G.js → chunk-T3FQPTOA.js}

@@ -9,10 +9,10 @@ import {
 import {
   getDrizzle,
   init_drizzle
-} from "./chunk-R5T4LJSK.js";
+} from "./chunk-PZNAQBHQ.js";
 import {
   schema_exports
-} from "./chunk-ZMJ4EP4C.js";
+} from "./chunk-ILHIHMO3.js";
 
 // src/db/api_keys.ts
 init_drizzle();

package/dist/{chunk-5IGBMS2U.js → chunk-T3HMVHDG.js}

@@ -1,6 +1,6 @@
 import {
   listEntries
-} from "./chunk-ZVXIZ2JD.js";
+} from "./chunk-VP527YC5.js";
 
 // src/providers/resolve-secrets.ts
 var BLOCKED_ENV_KEYS = /* @__PURE__ */ new Set([

package/dist/{chunk-IAF6VMPO.js → chunk-TPMZO6S2.js}

@@ -11,7 +11,7 @@ function buildFactoryArgs(input) {
     args.push("--session-id", input.backendSessionId);
   }
   if (input.agent.model) {
-    args.push("--model", input.agent.model);
+    args.push("--model", input.agent.model.id);
   }
   return args;
 }

package/dist/{chunk-P26WOAA3.js → chunk-TUEBRYPZ.js}

@@ -1,6 +1,6 @@
 import {
   getConfig
-} from "./chunk-V7MTIMPB.js";
+} from "./chunk-X6QIWZ33.js";
 import {
   ApiError
 } from "./chunk-EZYKRG4W.js";

package/dist/{chunk-HOIDGDU5.js → chunk-TVODT2UR.js}

@@ -4,7 +4,7 @@ import {
 import {
   jsonOk,
   routeWrap
-} from "./chunk-RH4GKU52.js";
+} from "./chunk-QTXAWC5J.js";
 
 // src/handlers/license.ts
 function handleGetLicense(request) {

package/dist/{chunk-Z25I7DRV.js → chunk-V5DH3OAC.js}

@@ -27,21 +27,26 @@ function isOllamaModel(model) {
   return !cloudPrefixes.some((p) => model.startsWith(p));
 }
 function buildOpencodeConfigEnv(agent, ollamaBaseUrl) {
-  if (ollamaBaseUrl === void 0 && isOllamaModel(agent.model)) {
+  if (ollamaBaseUrl === void 0 && isOllamaModel(agent.model.id)) {
     ollamaBaseUrl = "http://localhost:11434/v1";
   }
   const config = {};
-  if (agent.mcp_servers && Object.keys(agent.mcp_servers).length > 0) {
-    config.mcp = mcpConfigToOpencode(agent.mcp_servers);
+  if (agent.mcp_servers && agent.mcp_servers.length > 0) {
+    const mcpRecord = {};
+    for (const s of agent.mcp_servers) {
+      const { name, ...rest } = s;
+      mcpRecord[name] = rest;
+    }
+    config.mcp = mcpConfigToOpencode(mcpRecord);
   }
-  if (isOllamaModel(agent.model) && ollamaBaseUrl) {
+  if (isOllamaModel(agent.model.id) && ollamaBaseUrl) {
     config.provider = {
       ollama: {
         npm: "@ai-sdk/openai-compatible",
         name: "Ollama (local)",
         options: { baseURL: ollamaBaseUrl },
         models: {
-          [agent.model]: { name: agent.model }
+          [agent.model.id]: { name: agent.model.id }
         }
       }
     };

package/dist/{chunk-ZVXIZ2JD.js → chunk-VP527YC5.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-AIBH32FN.js";
 import {
   DEFAULT_TENANT_ID
-} from "./chunk-AR2TM7CR.js";
+} from "./chunk-I26QP3A3.js";
 import {
   init_ids,
   newId
@@ -17,24 +17,32 @@ import {
 import {
   getDrizzle,
   init_drizzle
-} from "./chunk-R5T4LJSK.js";
+} from "./chunk-PZNAQBHQ.js";
 import {
   schema_exports
-} from "./chunk-ZMJ4EP4C.js";
+} from "./chunk-ILHIHMO3.js";
 
 // src/db/vaults.ts
 init_drizzle();
 init_ids();
 init_clock();
-import { eq, and, asc, desc } from "drizzle-orm";
+import { eq, and, asc, desc, isNull } from "drizzle-orm";
 function hydrateVault(row) {
+  let metadata = {};
+  try {
+    metadata = JSON.parse(row.metadata_json || "{}");
+  } catch {
+  }
   return {
+    type: "vault",
     id: row.id,
     agent_id: row.agent_id,
     name: row.name,
     display_name: row.name,
+    metadata,
     created_at: toIso(row.created_at),
-    updated_at: toIso(row.updated_at)
+    updated_at: toIso(row.updated_at),
+    archived_at: row.archived_at ? toIso(row.archived_at) : null
   };
 }
 function createVault(input) {
@@ -43,8 +51,9 @@ function createVault(input) {
   const now = nowMs();
   db.insert(schema_exports.vaults).values({
     id,
-    agent_id: input.agent_id,
+    agent_id: input.agent_id ?? null,
     name: input.name,
+    metadata_json: JSON.stringify(input.metadata ?? {}),
     tenant_id: input.tenant_id ?? DEFAULT_TENANT_ID,
     created_at: now,
     updated_at: now
@@ -69,6 +78,24 @@ function listVaults(opts) {
   const rows = where ? db.select().from(schema_exports.vaults).where(where).orderBy(desc(schema_exports.vaults.created_at)).all() : db.select().from(schema_exports.vaults).orderBy(desc(schema_exports.vaults.created_at)).all();
   return rows.map(hydrateVault);
 }
+function updateVault(id, fields) {
+  const db = getDrizzle();
+  const now = nowMs();
+  const updates = { updated_at: now };
+  if (fields.display_name !== void 0) {
+    updates.name = fields.display_name;
+  }
+  if (fields.metadata !== void 0) {
+    updates.metadata_json = JSON.stringify(fields.metadata);
+  }
+  db.update(schema_exports.vaults).set(updates).where(eq(schema_exports.vaults.id, id)).run();
+  return getVault(id);
+}
+function archiveVault(id) {
+  const db = getDrizzle();
+  const res = db.update(schema_exports.vaults).set({ archived_at: nowMs() }).where(and(eq(schema_exports.vaults.id, id), isNull(schema_exports.vaults.archived_at))).run();
+  return res.changes > 0;
+}
 function deleteVault(id) {
   const db = getDrizzle();
   const res = db.delete(schema_exports.vaults).where(eq(schema_exports.vaults.id, id)).run();
@@ -114,6 +141,8 @@ export {
   createVault,
   getVault,
   listVaults,
+  updateVault,
+  archiveVault,
   deleteVault,
   setEntry,
   getEntry,