npm - @ainyc/canonry - Versions diffs - 1.19.2 → 1.19.4 - Mend

@ainyc/canonry 1.19.2 → 1.19.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/assets/assets/index-DpXYVcNu.css +1 -0
package/assets/assets/{index-BIXLW5Li.js → index-GGgJSHS2.js} +98 -98
package/assets/index.html +2 -2
package/dist/{chunk-GX673NKZ.js → chunk-PQLJ22YW.js} +990 -955
package/dist/cli.js +1 -1
package/dist/index.js +1 -1
package/package.json +5 -5
package/assets/assets/index-DdQKI2_i.css +0 -1

package/dist/{chunk-GX673NKZ.js → chunk-PQLJ22YW.js} RENAMED Viewed

@@ -166,981 +166,981 @@ import path6 from "path";
 import { fileURLToPath } from "url";
 import Fastify from "fastify";
-// ../api-routes/src/auth.ts
-import crypto2 from "crypto";
-import { eq } from "drizzle-orm";
-// ../db/src/client.ts
-import { mkdirSync } from "fs";
-import { dirname } from "path";
-import Database from "better-sqlite3";
-import { drizzle } from "drizzle-orm/better-sqlite3";
+// ../contracts/src/config-schema.ts
+import { z as z3 } from "zod";
-// ../db/src/schema.ts
-var schema_exports = {};
-__export(schema_exports, {
-  apiKeys: () => apiKeys,
-  auditLog: () => auditLog,
-  competitors: () => competitors,
-  googleConnections: () => googleConnections,
-  gscCoverageSnapshots: () => gscCoverageSnapshots,
-  gscSearchData: () => gscSearchData,
-  gscUrlInspections: () => gscUrlInspections,
-  keywords: () => keywords,
-  notifications: () => notifications,
-  projects: () => projects,
-  querySnapshots: () => querySnapshots,
-  runs: () => runs,
-  schedules: () => schedules,
-  usageCounters: () => usageCounters
+// ../contracts/src/provider.ts
+import { z } from "zod";
+var providerQuotaPolicySchema = z.object({
+  maxConcurrency: z.number().int().positive(),
+  maxRequestsPerMinute: z.number().int().positive(),
+  maxRequestsPerDay: z.number().int().positive()
 });
-import { index, integer, sqliteTable, text, uniqueIndex } from "drizzle-orm/sqlite-core";
-var projects = sqliteTable("projects", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull().unique(),
-  displayName: text("display_name").notNull(),
-  canonicalDomain: text("canonical_domain").notNull(),
-  ownedDomains: text("owned_domains").notNull().default("[]"),
-  country: text("country").notNull(),
-  language: text("language").notNull(),
-  tags: text("tags").notNull().default("[]"),
-  labels: text("labels").notNull().default("{}"),
-  providers: text("providers").notNull().default("[]"),
-  locations: text("locations").notNull().default("[]"),
-  defaultLocation: text("default_location"),
-  configSource: text("config_source").notNull().default("cli"),
-  configRevision: integer("config_revision").notNull().default(1),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
+var PROVIDER_NAMES = ["gemini", "openai", "claude", "local", "cdp:chatgpt"];
+var providerNameSchema = z.enum(PROVIDER_NAMES);
+var PROVIDER_MODE = {
+  gemini: "api",
+  openai: "api",
+  claude: "api",
+  local: "api",
+  "cdp:chatgpt": "browser"
+};
+function isBrowserProvider(name) {
+  return PROVIDER_MODE[name] === "browser";
+}
+var CDP_TARGETS = ["cdp:chatgpt"];
+function parseProviderName(input) {
+  const lower = input.trim().toLowerCase();
+  return PROVIDER_NAMES.includes(lower) ? lower : void 0;
+}
+function resolveProviderInput(input) {
+  const lower = input.trim().toLowerCase();
+  if (lower === "cdp") {
+    return [...CDP_TARGETS];
+  }
+  const parsed = parseProviderName(lower);
+  return parsed ? [parsed] : [];
+}
+var locationContextSchema = z.object({
+  label: z.string().min(1),
+  city: z.string().min(1),
+  region: z.string().min(1),
+  country: z.string().length(2),
+  timezone: z.string().optional()
 });
-var keywords = sqliteTable("keywords", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  keyword: text("keyword").notNull(),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_keywords_project").on(table.projectId),
-  uniqueIndex("idx_keywords_project_keyword").on(table.projectId, table.keyword)
-]);
-var competitors = sqliteTable("competitors", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  domain: text("domain").notNull(),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_competitors_project").on(table.projectId),
-  uniqueIndex("idx_competitors_project_domain").on(table.projectId, table.domain)
-]);
-var runs = sqliteTable("runs", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  kind: text("kind").notNull().default("answer-visibility"),
-  status: text("status").notNull().default("queued"),
-  trigger: text("trigger").notNull().default("manual"),
-  location: text("location"),
-  startedAt: text("started_at"),
-  finishedAt: text("finished_at"),
-  error: text("error"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_runs_project").on(table.projectId),
-  index("idx_runs_status").on(table.status)
-]);
-var querySnapshots = sqliteTable("query_snapshots", {
-  id: text("id").primaryKey(),
-  runId: text("run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
-  keywordId: text("keyword_id").notNull().references(() => keywords.id, { onDelete: "cascade" }),
-  provider: text("provider").notNull().default("gemini"),
-  model: text("model"),
-  citationState: text("citation_state").notNull(),
-  answerText: text("answer_text"),
-  citedDomains: text("cited_domains").notNull().default("[]"),
-  competitorOverlap: text("competitor_overlap").notNull().default("[]"),
-  location: text("location"),
-  screenshotPath: text("screenshot_path"),
-  rawResponse: text("raw_response"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_snapshots_run").on(table.runId),
-  index("idx_snapshots_keyword").on(table.keywordId)
-]);
-var auditLog = sqliteTable("audit_log", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").references(() => projects.id, { onDelete: "cascade" }),
-  actor: text("actor").notNull(),
-  action: text("action").notNull(),
-  entityType: text("entity_type").notNull(),
-  entityId: text("entity_id"),
-  diff: text("diff"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_audit_log_project").on(table.projectId),
-  index("idx_audit_log_created").on(table.createdAt)
-]);
-var apiKeys = sqliteTable("api_keys", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull(),
-  keyHash: text("key_hash").notNull().unique(),
-  keyPrefix: text("key_prefix").notNull(),
-  scopes: text("scopes").notNull().default('["*"]'),
-  createdAt: text("created_at").notNull(),
-  lastUsedAt: text("last_used_at"),
-  revokedAt: text("revoked_at")
-}, (table) => [
-  index("idx_api_keys_prefix").on(table.keyPrefix)
-]);
-var schedules = sqliteTable("schedules", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  cronExpr: text("cron_expr").notNull(),
-  preset: text("preset"),
-  timezone: text("timezone").notNull().default("UTC"),
-  enabled: integer("enabled").notNull().default(1),
-  providers: text("providers").notNull().default("[]"),
-  lastRunAt: text("last_run_at"),
-  nextRunAt: text("next_run_at"),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  uniqueIndex("idx_schedules_project").on(table.projectId)
-]);
-var notifications = sqliteTable("notifications", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  channel: text("channel").notNull(),
-  config: text("config").notNull(),
-  webhookSecret: text("webhook_secret"),
-  enabled: integer("enabled").notNull().default(1),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  index("idx_notifications_project").on(table.projectId)
-]);
-var googleConnections = sqliteTable("google_connections", {
-  id: text("id").primaryKey(),
-  domain: text("domain").notNull(),
-  connectionType: text("connection_type").notNull(),
-  propertyId: text("property_id"),
-  sitemapUrl: text("sitemap_url"),
-  accessToken: text("access_token"),
-  refreshToken: text("refresh_token"),
-  tokenExpiresAt: text("token_expires_at"),
-  scopes: text("scopes").notNull().default("[]"),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  uniqueIndex("idx_google_conn_domain_type").on(table.domain, table.connectionType)
-]);
-var gscSearchData = sqliteTable("gsc_search_data", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  syncRunId: text("sync_run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
-  date: text("date").notNull(),
-  query: text("query").notNull(),
-  page: text("page").notNull(),
-  country: text("country"),
-  device: text("device"),
-  clicks: integer("clicks").notNull().default(0),
-  impressions: integer("impressions").notNull().default(0),
-  ctr: text("ctr").notNull().default("0"),
-  position: text("position").notNull().default("0"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_gsc_search_project_date").on(table.projectId, table.date),
-  index("idx_gsc_search_query").on(table.query),
-  index("idx_gsc_search_run").on(table.syncRunId)
-]);
-var gscUrlInspections = sqliteTable("gsc_url_inspections", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
-  url: text("url").notNull(),
-  indexingState: text("indexing_state"),
-  verdict: text("verdict"),
-  coverageState: text("coverage_state"),
-  pageFetchState: text("page_fetch_state"),
-  robotsTxtState: text("robots_txt_state"),
-  crawlTime: text("crawl_time"),
-  lastCrawlResult: text("last_crawl_result"),
-  isMobileFriendly: integer("is_mobile_friendly"),
-  richResults: text("rich_results").notNull().default("[]"),
-  referringUrls: text("referring_urls").notNull().default("[]"),
-  inspectedAt: text("inspected_at").notNull(),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_gsc_inspect_project_url").on(table.projectId, table.url),
-  index("idx_gsc_inspect_run").on(table.syncRunId),
-  index("idx_gsc_inspect_url_time").on(table.url, table.inspectedAt)
+// ../contracts/src/notification.ts
+import { z as z2 } from "zod";
+var notificationEventSchema = z2.enum([
+  "citation.lost",
+  "citation.gained",
+  "run.completed",
+  "run.failed"
 ]);
-var gscCoverageSnapshots = sqliteTable("gsc_coverage_snapshots", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
-  date: text("date").notNull(),
-  indexed: integer("indexed").notNull().default(0),
-  notIndexed: integer("not_indexed").notNull().default(0),
-  reasonBreakdown: text("reason_breakdown").notNull().default("{}"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_gsc_coverage_snap_project_date").on(table.projectId, table.date),
-  index("idx_gsc_coverage_snap_run").on(table.syncRunId)
-]);
-var usageCounters = sqliteTable("usage_counters", {
-  id: text("id").primaryKey(),
-  scope: text("scope").notNull(),
-  period: text("period").notNull(),
-  metric: text("metric").notNull(),
-  count: integer("count").notNull().default(0),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  uniqueIndex("idx_usage_scope_period_metric").on(table.scope, table.period, table.metric),
-  index("idx_usage_scope_period").on(table.scope, table.period)
-]);
-// ../db/src/client.ts
-function createClient(databasePath) {
-  mkdirSync(dirname(databasePath), { recursive: true });
-  const sqlite = new Database(databasePath);
-  sqlite.pragma("journal_mode = WAL");
-  sqlite.pragma("foreign_keys = ON");
-  return drizzle(sqlite, { schema: schema_exports });
-}
-// ../db/src/migrate.ts
-import { sql } from "drizzle-orm";
-var MIGRATION_SQL = `
-CREATE TABLE IF NOT EXISTS projects (
-  id                TEXT PRIMARY KEY,
-  name              TEXT NOT NULL UNIQUE,
-  display_name      TEXT NOT NULL,
-  canonical_domain  TEXT NOT NULL,
-  owned_domains     TEXT NOT NULL DEFAULT '[]',
-  country           TEXT NOT NULL,
-  language          TEXT NOT NULL,
-  tags              TEXT NOT NULL DEFAULT '[]',
-  labels            TEXT NOT NULL DEFAULT '{}',
-  providers         TEXT NOT NULL DEFAULT '[]',
-  config_source     TEXT NOT NULL DEFAULT 'cli',
-  config_revision   INTEGER NOT NULL DEFAULT 1,
-  created_at        TEXT NOT NULL,
-  updated_at        TEXT NOT NULL
-);
-CREATE TABLE IF NOT EXISTS keywords (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  keyword     TEXT NOT NULL,
-  created_at  TEXT NOT NULL,
-  UNIQUE(project_id, keyword)
-);
-CREATE TABLE IF NOT EXISTS competitors (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  domain      TEXT NOT NULL,
-  created_at  TEXT NOT NULL,
-  UNIQUE(project_id, domain)
-);
+var notificationDtoSchema = z2.object({
+  id: z2.string(),
+  projectId: z2.string(),
+  channel: z2.literal("webhook"),
+  url: z2.string().url(),
+  events: z2.array(notificationEventSchema),
+  enabled: z2.boolean().default(true),
+  webhookSecret: z2.string().optional(),
+  createdAt: z2.string(),
+  updatedAt: z2.string()
+});
-CREATE TABLE IF NOT EXISTS runs (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  kind        TEXT NOT NULL DEFAULT 'answer-visibility',
-  status      TEXT NOT NULL DEFAULT 'queued',
-  trigger     TEXT NOT NULL DEFAULT 'manual',
-  started_at  TEXT,
-  finished_at TEXT,
-  error       TEXT,
-  created_at  TEXT NOT NULL
-);
+// ../contracts/src/config-schema.ts
+var configMetadataSchema = z3.object({
+  name: z3.string().min(1).max(63).regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, {
+    message: "Name must be a lowercase slug (letters, numbers, hyphens)"
+  }),
+  labels: z3.record(z3.string(), z3.string()).optional().default({})
+});
+var configScheduleSchema = z3.object({
+  preset: z3.string().optional(),
+  cron: z3.string().optional(),
+  timezone: z3.string().optional().default("UTC"),
+  providers: z3.array(providerNameSchema).optional().default([])
+}).refine(
+  (data) => data.preset && !data.cron || !data.preset && data.cron,
+  { message: 'Exactly one of "preset" or "cron" must be provided' }
+).optional();
+var configNotificationSchema = z3.object({
+  channel: z3.literal("webhook"),
+  url: z3.string().url(),
+  events: z3.array(notificationEventSchema).min(1)
+});
+var configGoogleSchema = z3.object({
+  gsc: z3.object({
+    propertyUrl: z3.string()
+  }).optional(),
+  syncSchedule: z3.object({
+    preset: z3.string().optional(),
+    cron: z3.string().optional()
+  }).optional()
+}).optional();
+var configSpecSchema = z3.object({
+  displayName: z3.string().min(1),
+  canonicalDomain: z3.string().min(1),
+  ownedDomains: z3.array(z3.string().min(1)).optional().default([]),
+  country: z3.string().length(2),
+  language: z3.string().min(2),
+  keywords: z3.array(z3.string().min(1)).optional().default([]),
+  competitors: z3.array(z3.string().min(1)).optional().default([]),
+  providers: z3.array(providerNameSchema).optional().default([]),
+  locations: z3.array(locationContextSchema).optional().default([]),
+  defaultLocation: z3.string().optional(),
+  schedule: configScheduleSchema,
+  notifications: z3.array(configNotificationSchema).optional().default([]),
+  google: configGoogleSchema
+});
+var projectConfigSchema = z3.object({
+  apiVersion: z3.literal("canonry/v1"),
+  kind: z3.literal("Project"),
+  metadata: configMetadataSchema,
+  spec: configSpecSchema
+});
-CREATE TABLE IF NOT EXISTS query_snapshots (
-  id                  TEXT PRIMARY KEY,
-  run_id              TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
-  keyword_id          TEXT NOT NULL REFERENCES keywords(id) ON DELETE CASCADE,
-  provider            TEXT NOT NULL DEFAULT 'gemini',
-  citation_state      TEXT NOT NULL,
-  answer_text         TEXT,
-  cited_domains       TEXT NOT NULL DEFAULT '[]',
-  competitor_overlap  TEXT NOT NULL DEFAULT '[]',
-  raw_response        TEXT,
-  created_at          TEXT NOT NULL
-);
+// ../contracts/src/models.ts
+var MODEL_REGISTRY = {
+  gemini: {
+    defaultModel: "gemini-3-flash",
+    validationPattern: /^gemini-/,
+    validationHint: 'model name must start with "gemini-" (e.g. gemini-3-flash)',
+    knownModels: [
+      { id: "gemini-3.1-pro-preview", displayName: "Gemini 3.1 Pro (Preview)", tier: "flagship" },
+      { id: "gemini-3-flash-preview", displayName: "Gemini 3 Flash (Preview)", tier: "standard" },
+      { id: "gemini-3.1-flash-lite-preview", displayName: "Gemini 3.1 Flash-Lite (Preview)", tier: "economy" },
+      { id: "gemini-2.5-flash", displayName: "Gemini 2.5 Flash", tier: "standard" }
+    ]
+  },
+  openai: {
+    defaultModel: "gpt-5.4",
+    validationPattern: /^(gpt-|o\d)/,
+    validationHint: "expected a GPT or o-series model name (e.g. gpt-5.4, o3)",
+    knownModels: [
+      { id: "gpt-5.4", displayName: "GPT-5.4", tier: "flagship" },
+      { id: "gpt-5.4-pro", displayName: "GPT-5.4 Pro", tier: "flagship" },
+      { id: "gpt-5-mini", displayName: "GPT-5 Mini", tier: "fast" },
+      { id: "gpt-5-nano", displayName: "GPT-5 Nano", tier: "economy" },
+      { id: "gpt-5", displayName: "GPT-5", tier: "standard" },
+      { id: "gpt-4.1", displayName: "GPT-4.1", tier: "standard" }
+    ]
+  },
+  claude: {
+    defaultModel: "claude-sonnet-4-6",
+    validationPattern: /^claude-/,
+    validationHint: 'model name must start with "claude-" (e.g. claude-sonnet-4-6)',
+    knownModels: [
+      { id: "claude-opus-4-6", displayName: "Claude Opus 4.6", tier: "flagship" },
+      { id: "claude-sonnet-4-6", displayName: "Claude Sonnet 4.6", tier: "standard" },
+      { id: "claude-haiku-4-5", displayName: "Claude Haiku 4.5", tier: "fast" }
+    ]
+  },
+  local: {
+    defaultModel: "llama3",
+    validationPattern: /./,
+    validationHint: "any model name accepted",
+    knownModels: [
+      { id: "llama3", displayName: "Llama 3", tier: "standard" }
+    ]
+  },
+  "cdp:chatgpt": {
+    defaultModel: "chatgpt-web",
+    validationPattern: /./,
+    validationHint: "model is detected from the ChatGPT web UI",
+    knownModels: [
+      { id: "chatgpt-web", displayName: "ChatGPT (Web UI)", tier: "standard" }
+    ]
+  }
+};
+function getDefaultModel(provider) {
+  return MODEL_REGISTRY[provider].defaultModel;
+}
+function isValidModelName(provider, model) {
+  return MODEL_REGISTRY[provider].validationPattern.test(model);
+}
-CREATE TABLE IF NOT EXISTS audit_log (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT REFERENCES projects(id) ON DELETE CASCADE,
-  actor       TEXT NOT NULL,
-  action      TEXT NOT NULL,
-  entity_type TEXT NOT NULL,
-  entity_id   TEXT,
-  diff        TEXT,
-  created_at  TEXT NOT NULL
-);
+// ../contracts/src/errors.ts
+var AppError = class extends Error {
+  code;
+  statusCode;
+  details;
+  constructor(code, message, statusCode, details) {
+    super(message);
+    this.name = "AppError";
+    this.code = code;
+    this.statusCode = statusCode;
+    this.details = details;
+  }
+  toJSON() {
+    return {
+      error: {
+        code: this.code,
+        message: this.message,
+        ...this.details ? { details: this.details } : {}
+      }
+    };
+  }
+};
+function notFound(entity, id) {
+  return new AppError("NOT_FOUND", `${entity} '${id}' not found`, 404);
+}
+function validationError(message, details) {
+  return new AppError("VALIDATION_ERROR", message, 400, details);
+}
+function authRequired() {
+  return new AppError("AUTH_REQUIRED", "Authentication required", 401);
+}
+function authInvalid() {
+  return new AppError("AUTH_INVALID", "Invalid API key", 401);
+}
+function runInProgress(projectName) {
+  return new AppError("RUN_IN_PROGRESS", `A run is already in progress for '${projectName}'`, 409);
+}
+function unsupportedKind(kind) {
+  return new AppError("UNSUPPORTED_KIND", `Kind '${kind}' is not supported in this version`, 400);
+}
-CREATE TABLE IF NOT EXISTS api_keys (
-  id          TEXT PRIMARY KEY,
-  name        TEXT NOT NULL,
-  key_hash    TEXT NOT NULL UNIQUE,
-  key_prefix  TEXT NOT NULL,
-  scopes      TEXT NOT NULL DEFAULT '["*"]',
-  created_at  TEXT NOT NULL,
-  last_used_at TEXT,
-  revoked_at  TEXT
-);
+// ../contracts/src/google.ts
+import { z as z4 } from "zod";
+var googleConnectionTypeSchema = z4.enum(["gsc", "ga4"]);
+var googleConnectionDtoSchema = z4.object({
+  id: z4.string(),
+  domain: z4.string(),
+  connectionType: googleConnectionTypeSchema,
+  propertyId: z4.string().nullable().optional(),
+  sitemapUrl: z4.string().nullable().optional(),
+  scopes: z4.array(z4.string()).default([]),
+  createdAt: z4.string(),
+  updatedAt: z4.string()
+});
+var gscSearchDataDtoSchema = z4.object({
+  date: z4.string(),
+  query: z4.string(),
+  page: z4.string(),
+  country: z4.string().nullable().optional(),
+  device: z4.string().nullable().optional(),
+  clicks: z4.number(),
+  impressions: z4.number(),
+  ctr: z4.number(),
+  position: z4.number()
+});
+var gscUrlInspectionDtoSchema = z4.object({
+  id: z4.string(),
+  url: z4.string(),
+  indexingState: z4.string().nullable().optional(),
+  verdict: z4.string().nullable().optional(),
+  coverageState: z4.string().nullable().optional(),
+  pageFetchState: z4.string().nullable().optional(),
+  robotsTxtState: z4.string().nullable().optional(),
+  crawlTime: z4.string().nullable().optional(),
+  lastCrawlResult: z4.string().nullable().optional(),
+  isMobileFriendly: z4.boolean().nullable().optional(),
+  richResults: z4.array(z4.string()).default([]),
+  inspectedAt: z4.string()
+});
+var indexTransitionSchema = z4.enum(["stable", "reindexed", "deindexed", "still-missing", "new"]);
+var gscDeindexedRowSchema = z4.object({
+  url: z4.string(),
+  previousState: z4.string().nullable(),
+  currentState: z4.string().nullable(),
+  transitionDate: z4.string()
+});
+var gscReasonGroupSchema = z4.object({
+  reason: z4.string(),
+  count: z4.number(),
+  urls: z4.array(gscUrlInspectionDtoSchema).default([])
+});
+var gscCoverageSummaryDtoSchema = z4.object({
+  summary: z4.object({
+    total: z4.number(),
+    indexed: z4.number(),
+    notIndexed: z4.number(),
+    deindexed: z4.number(),
+    percentage: z4.number()
+  }),
+  lastInspectedAt: z4.string().nullable(),
+  indexed: z4.array(gscUrlInspectionDtoSchema).default([]),
+  notIndexed: z4.array(gscUrlInspectionDtoSchema).default([]),
+  deindexed: z4.array(gscDeindexedRowSchema).default([]),
+  reasonGroups: z4.array(gscReasonGroupSchema).default([])
+});
+var indexingNotificationDtoSchema = z4.object({
+  url: z4.string(),
+  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
+  notifiedAt: z4.string()
+});
+var indexingRequestResultDtoSchema = z4.object({
+  url: z4.string(),
+  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
+  notifiedAt: z4.string(),
+  status: z4.enum(["success", "error"]),
+  error: z4.string().optional()
+});
+var gscCoverageSnapshotDtoSchema = z4.object({
+  date: z4.string(),
+  indexed: z4.number(),
+  notIndexed: z4.number(),
+  reasonBreakdown: z4.record(z4.string(), z4.number()).default({})
+});
-CREATE TABLE IF NOT EXISTS usage_counters (
-  id          TEXT PRIMARY KEY,
-  scope       TEXT NOT NULL,
-  period      TEXT NOT NULL,
-  metric      TEXT NOT NULL,
-  count       INTEGER NOT NULL DEFAULT 0,
-  updated_at  TEXT NOT NULL,
-  UNIQUE(scope, period, metric)
-);
+// ../contracts/src/project.ts
+import { z as z5 } from "zod";
+var configSourceSchema = z5.enum(["cli", "api", "config-file"]);
+var projectDtoSchema = z5.object({
+  id: z5.string(),
+  name: z5.string(),
+  displayName: z5.string().optional(),
+  canonicalDomain: z5.string(),
+  ownedDomains: z5.array(z5.string()).default([]),
+  country: z5.string().length(2),
+  language: z5.string().min(2),
+  tags: z5.array(z5.string()).default([]),
+  labels: z5.record(z5.string(), z5.string()).default({}),
+  locations: z5.array(locationContextSchema).default([]),
+  defaultLocation: z5.string().nullable().optional(),
+  configSource: configSourceSchema.default("cli"),
+  configRevision: z5.number().int().positive().default(1),
+  createdAt: z5.string().optional(),
+  updatedAt: z5.string().optional()
+});
+function normalizeProjectDomain(input) {
+  let domain = input.trim().toLowerCase();
+  try {
+    if (domain.includes("://")) {
+      domain = new URL(domain).hostname.toLowerCase();
+    }
+  } catch {
+  }
+  return domain.replace(/^www\./, "");
+}
+function effectiveDomains(project) {
+  const all = [project.canonicalDomain, ...project.ownedDomains ?? []];
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const d of all) {
+    const trimmed = d.trim();
+    if (!trimmed) continue;
+    const norm = normalizeProjectDomain(trimmed);
+    if (seen.has(norm)) continue;
+    seen.add(norm);
+    result.push(trimmed);
+  }
+  return result;
+}
-CREATE INDEX IF NOT EXISTS idx_keywords_project ON keywords(project_id);
-CREATE INDEX IF NOT EXISTS idx_competitors_project ON competitors(project_id);
-CREATE INDEX IF NOT EXISTS idx_runs_project ON runs(project_id);
-CREATE INDEX IF NOT EXISTS idx_runs_status ON runs(status);
-CREATE INDEX IF NOT EXISTS idx_snapshots_run ON query_snapshots(run_id);
-CREATE INDEX IF NOT EXISTS idx_snapshots_keyword ON query_snapshots(keyword_id);
-CREATE INDEX IF NOT EXISTS idx_audit_log_project ON audit_log(project_id);
-CREATE INDEX IF NOT EXISTS idx_audit_log_created ON audit_log(created_at);
-CREATE TABLE IF NOT EXISTS schedules (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  cron_expr   TEXT NOT NULL,
-  preset      TEXT,
-  timezone    TEXT NOT NULL DEFAULT 'UTC',
-  enabled     INTEGER NOT NULL DEFAULT 1,
-  providers   TEXT NOT NULL DEFAULT '[]',
-  last_run_at TEXT,
-  next_run_at TEXT,
-  created_at  TEXT NOT NULL,
-  updated_at  TEXT NOT NULL,
-  UNIQUE(project_id)
-);
+// ../contracts/src/run.ts
+import { z as z6 } from "zod";
+var runStatusSchema = z6.enum(["queued", "running", "completed", "partial", "failed"]);
+var runKindSchema = z6.enum(["answer-visibility", "site-audit", "gsc-sync", "inspect-sitemap"]);
+var runTriggerSchema = z6.enum(["manual", "scheduled", "config-apply"]);
+var citationStateSchema = z6.enum(["cited", "not-cited"]);
+var computedTransitionSchema = z6.enum(["new", "cited", "lost", "emerging", "not-cited"]);
+var runDtoSchema = z6.object({
+  id: z6.string(),
+  projectId: z6.string(),
+  kind: runKindSchema,
+  status: runStatusSchema,
+  trigger: runTriggerSchema.default("manual"),
+  location: z6.string().nullable().optional(),
+  startedAt: z6.string().nullable().optional(),
+  finishedAt: z6.string().nullable().optional(),
+  error: z6.string().nullable().optional(),
+  createdAt: z6.string()
+});
+var groundingSourceSchema = z6.object({
+  uri: z6.string(),
+  title: z6.string()
+});
+var querySnapshotDtoSchema = z6.object({
+  id: z6.string(),
+  runId: z6.string(),
+  keywordId: z6.string(),
+  keyword: z6.string().optional(),
+  provider: providerNameSchema,
+  citationState: citationStateSchema,
+  transition: computedTransitionSchema.optional(),
+  answerText: z6.string().nullable().optional(),
+  citedDomains: z6.array(z6.string()).default([]),
+  competitorOverlap: z6.array(z6.string()).default([]),
+  groundingSources: z6.array(groundingSourceSchema).default([]),
+  searchQueries: z6.array(z6.string()).default([]),
+  model: z6.string().nullable().optional(),
+  location: z6.string().nullable().optional(),
+  createdAt: z6.string()
+});
+var auditLogEntrySchema = z6.object({
+  id: z6.string(),
+  projectId: z6.string().nullable().optional(),
+  actor: z6.string(),
+  action: z6.string(),
+  entityType: z6.string(),
+  entityId: z6.string().nullable().optional(),
+  diff: z6.unknown().optional(),
+  createdAt: z6.string()
+});
-CREATE TABLE IF NOT EXISTS notifications (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  channel     TEXT NOT NULL,
-  config      TEXT NOT NULL,
-  enabled     INTEGER NOT NULL DEFAULT 1,
-  created_at  TEXT NOT NULL,
-  updated_at  TEXT NOT NULL
-);
+// ../contracts/src/schedule.ts
+import { z as z7 } from "zod";
+var scheduleDtoSchema = z7.object({
+  id: z7.string(),
+  projectId: z7.string(),
+  cronExpr: z7.string(),
+  preset: z7.string().nullable().optional(),
+  timezone: z7.string().default("UTC"),
+  enabled: z7.boolean().default(true),
+  providers: z7.array(providerNameSchema).default([]),
+  lastRunAt: z7.string().nullable().optional(),
+  nextRunAt: z7.string().nullable().optional(),
+  createdAt: z7.string(),
+  updatedAt: z7.string()
+});
-CREATE INDEX IF NOT EXISTS idx_api_keys_prefix ON api_keys(key_prefix);
-CREATE INDEX IF NOT EXISTS idx_usage_scope_period ON usage_counters(scope, period);
-CREATE UNIQUE INDEX IF NOT EXISTS idx_schedules_project ON schedules(project_id);
-CREATE INDEX IF NOT EXISTS idx_notifications_project ON notifications(project_id);
-`;
-var MIGRATIONS = [
-  // v2: Add providers column to projects for multi-provider support
-  `ALTER TABLE projects ADD COLUMN providers TEXT NOT NULL DEFAULT '[]'`,
-  // v3: Add webhook_secret column to notifications for HMAC signing
-  `ALTER TABLE notifications ADD COLUMN webhook_secret TEXT`,
-  // v4: Add owned_domains column to projects for multi-domain citation matching
-  `ALTER TABLE projects ADD COLUMN owned_domains TEXT NOT NULL DEFAULT '[]'`,
-  // v5: Add model column to query_snapshots for per-model scoring
-  `ALTER TABLE query_snapshots ADD COLUMN model TEXT`,
-  // v5b: Backfill model from rawResponse JSON for existing snapshots
-  `UPDATE query_snapshots SET model = json_extract(raw_response, '$.model') WHERE model IS NULL AND raw_response IS NOT NULL AND json_extract(raw_response, '$.model') IS NOT NULL`,
-  // v6: Google Search Console integration — google_connections table (domain-scoped)
-  `CREATE TABLE IF NOT EXISTS google_connections (
-    id              TEXT PRIMARY KEY,
-    domain          TEXT NOT NULL,
-    connection_type TEXT NOT NULL,
-    property_id     TEXT,
-    access_token    TEXT,
-    refresh_token   TEXT,
-    token_expires_at TEXT,
-    scopes          TEXT NOT NULL DEFAULT '[]',
-    created_at      TEXT NOT NULL,
-    updated_at      TEXT NOT NULL
-  )`,
-  `CREATE UNIQUE INDEX IF NOT EXISTS idx_google_conn_domain_type ON google_connections(domain, connection_type)`,
-  // v6: Google Search Console integration — gsc_search_data table
-  `CREATE TABLE IF NOT EXISTS gsc_search_data (
-    id            TEXT PRIMARY KEY,
-    project_id    TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-    sync_run_id   TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
-    date          TEXT NOT NULL,
-    query         TEXT NOT NULL,
-    page          TEXT NOT NULL,
-    country       TEXT,
-    device        TEXT,
-    clicks        INTEGER NOT NULL DEFAULT 0,
-    impressions   INTEGER NOT NULL DEFAULT 0,
-    ctr           TEXT NOT NULL DEFAULT '0',
-    position      TEXT NOT NULL DEFAULT '0',
-    created_at    TEXT NOT NULL
-  )`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_search_project_date ON gsc_search_data(project_id, date)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_search_query ON gsc_search_data(query)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_search_run ON gsc_search_data(sync_run_id)`,
-  // v6: Google Search Console integration — gsc_url_inspections table
-  `CREATE TABLE IF NOT EXISTS gsc_url_inspections (
-    id                TEXT PRIMARY KEY,
-    project_id        TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-    sync_run_id       TEXT REFERENCES runs(id) ON DELETE CASCADE,
-    url               TEXT NOT NULL,
-    indexing_state    TEXT,
-    verdict           TEXT,
-    coverage_state    TEXT,
-    page_fetch_state  TEXT,
-    robots_txt_state  TEXT,
-    crawl_time        TEXT,
-    last_crawl_result TEXT,
-    is_mobile_friendly INTEGER,
-    rich_results      TEXT NOT NULL DEFAULT '[]',
-    referring_urls    TEXT NOT NULL DEFAULT '[]',
-    inspected_at      TEXT NOT NULL,
-    created_at        TEXT NOT NULL
-  )`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_project_url ON gsc_url_inspections(project_id, url)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_run ON gsc_url_inspections(sync_run_id)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_url_time ON gsc_url_inspections(url, inspected_at)`,
-  // v7: GSC coverage snapshots for historical tracking
-  `CREATE TABLE IF NOT EXISTS gsc_coverage_snapshots (
-    id              TEXT PRIMARY KEY,
-    project_id      TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-    sync_run_id     TEXT REFERENCES runs(id) ON DELETE CASCADE,
-    date            TEXT NOT NULL,
-    indexed         INTEGER NOT NULL DEFAULT 0,
-    not_indexed     INTEGER NOT NULL DEFAULT 0,
-    reason_breakdown TEXT NOT NULL DEFAULT '{}',
-    created_at      TEXT NOT NULL
-  )`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_project_date ON gsc_coverage_snapshots(project_id, date)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_run ON gsc_coverage_snapshots(sync_run_id)`,
-  // v8: Location-aware sweeps — project locations + snapshot location tag
-  `ALTER TABLE projects ADD COLUMN locations TEXT NOT NULL DEFAULT '[]'`,
-  `ALTER TABLE projects ADD COLUMN default_location TEXT`,
-  `ALTER TABLE query_snapshots ADD COLUMN location TEXT`,
-  // v9: Add location column to runs for per-location run tracking
-  `ALTER TABLE runs ADD COLUMN location TEXT`,
-  // v10: Add sitemapUrl to google_connections for persistent sitemap storage
-  `ALTER TABLE google_connections ADD COLUMN sitemap_url TEXT`,
-  // v11: CDP browser provider — screenshot path for captured evidence
-  `ALTER TABLE query_snapshots ADD COLUMN screenshot_path TEXT`
+// ../contracts/src/source-categories.ts
+var SOURCE_CATEGORY_RULES = [
+  // Forums
+  { pattern: "reddit.com", category: "forum", label: "Reddit" },
+  { pattern: "quora.com", category: "forum", label: "Quora" },
+  { pattern: "stackexchange.com", category: "forum", label: "Stack Exchange" },
+  { pattern: "stackoverflow.com", category: "forum", label: "Stack Overflow" },
+  { pattern: "discourse.org", category: "forum", label: "Discourse" },
+  // Social
+  { pattern: "linkedin.com", category: "social", label: "LinkedIn" },
+  { pattern: "twitter.com", category: "social", label: "X (Twitter)" },
+  { pattern: "x.com", category: "social", label: "X (Twitter)" },
+  { pattern: "facebook.com", category: "social", label: "Facebook" },
+  { pattern: "instagram.com", category: "social", label: "Instagram" },
+  { pattern: "threads.net", category: "social", label: "Threads" },
+  { pattern: "pinterest.com", category: "social", label: "Pinterest" },
+  { pattern: "tiktok.com", category: "social", label: "TikTok" },
+  // Video
+  { pattern: "youtube.com", category: "video", label: "YouTube" },
+  { pattern: "youtu.be", category: "video", label: "YouTube" },
+  { pattern: "vimeo.com", category: "video", label: "Vimeo" },
+  // News
+  { pattern: "nytimes.com", category: "news", label: "NY Times" },
+  { pattern: "bbc.com", category: "news", label: "BBC" },
+  { pattern: "bbc.co.uk", category: "news", label: "BBC" },
+  { pattern: "cnn.com", category: "news", label: "CNN" },
+  { pattern: "reuters.com", category: "news", label: "Reuters" },
+  { pattern: "apnews.com", category: "news", label: "AP News" },
+  { pattern: "theguardian.com", category: "news", label: "The Guardian" },
+  { pattern: "washingtonpost.com", category: "news", label: "Washington Post" },
+  { pattern: "wsj.com", category: "news", label: "WSJ" },
+  { pattern: "forbes.com", category: "news", label: "Forbes" },
+  { pattern: "techcrunch.com", category: "news", label: "TechCrunch" },
+  { pattern: "theverge.com", category: "news", label: "The Verge" },
+  { pattern: "wired.com", category: "news", label: "Wired" },
+  { pattern: "arstechnica.com", category: "news", label: "Ars Technica" },
+  // Reference
+  { pattern: "wikipedia.org", category: "reference", label: "Wikipedia" },
+  { pattern: "wikimedia.org", category: "reference", label: "Wikimedia" },
+  { pattern: "britannica.com", category: "reference", label: "Britannica" },
+  { pattern: "merriam-webster.com", category: "reference", label: "Merriam-Webster" },
+  // Blog / Content platforms
+  { pattern: "medium.com", category: "blog", label: "Medium" },
+  { pattern: "substack.com", category: "blog", label: "Substack" },
+  { pattern: "dev.to", category: "blog", label: "DEV Community" },
+  { pattern: "hashnode.dev", category: "blog", label: "Hashnode" },
+  { pattern: "wordpress.com", category: "blog", label: "WordPress" },
+  { pattern: "blogger.com", category: "blog", label: "Blogger" },
+  { pattern: "hubspot.com", category: "blog", label: "HubSpot" },
+  // E-commerce
+  { pattern: "amazon.com", category: "ecommerce", label: "Amazon" },
+  { pattern: "amazon.co.uk", category: "ecommerce", label: "Amazon UK" },
+  { pattern: "shopify.com", category: "ecommerce", label: "Shopify" },
+  { pattern: "ebay.com", category: "ecommerce", label: "eBay" },
+  // Academic
+  { pattern: "scholar.google.com", category: "academic", label: "Google Scholar" },
+  { pattern: "arxiv.org", category: "academic", label: "arXiv" },
+  { pattern: "pubmed.ncbi.nlm.nih.gov", category: "academic", label: "PubMed" },
+  { pattern: "researchgate.net", category: "academic", label: "ResearchGate" },
+  { pattern: ".edu", category: "academic", label: "Academic (.edu)" }
 ];
-function migrate(db) {
-  const statements = MIGRATION_SQL.split(";").map((s) => s.trim()).filter((s) => s.length > 0);
-  for (const statement of statements) {
-    db.run(sql.raw(statement));
+var CATEGORY_LABELS = {
+  social: "Social Media",
+  forum: "Forums & Q&A",
+  news: "News & Media",
+  reference: "Reference",
+  blog: "Blogs & Content",
+  ecommerce: "E-commerce",
+  video: "Video",
+  academic: "Academic",
+  other: "Other"
+};
+function categorizeSource(uri) {
+  let domain;
+  try {
+    const url = new URL(uri.startsWith("http") ? uri : `https://${uri}`);
+    domain = url.hostname.replace(/^www\./, "");
+  } catch {
+    domain = uri.replace(/^https?:\/\//, "").replace(/^www\./, "").split("/")[0] ?? uri;
   }
-  for (const migration of MIGRATIONS) {
-    try {
-      db.run(sql.raw(migration));
-    } catch {
+  const domainLower = domain.toLowerCase();
+  for (const rule of SOURCE_CATEGORY_RULES) {
+    if (domainLower === rule.pattern || domainLower.endsWith(`.${rule.pattern}`) || rule.pattern.startsWith(".") && domainLower.endsWith(rule.pattern)) {
+      return { category: rule.category, label: rule.label, domain };
     }
   }
+  return { category: "other", label: CATEGORY_LABELS.other, domain };
+}
+function categoryLabel(category) {
+  return CATEGORY_LABELS[category];
 }
-// ../contracts/src/config-schema.ts
-import { z as z3 } from "zod";
+// ../api-routes/src/auth.ts
+import crypto2 from "crypto";
+import { eq } from "drizzle-orm";
+// ../db/src/client.ts
+import { mkdirSync } from "fs";
+import { dirname } from "path";
+import Database from "better-sqlite3";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+// ../db/src/schema.ts
+var schema_exports = {};
+__export(schema_exports, {
+  apiKeys: () => apiKeys,
+  auditLog: () => auditLog,
+  competitors: () => competitors,
+  googleConnections: () => googleConnections,
+  gscCoverageSnapshots: () => gscCoverageSnapshots,
+  gscSearchData: () => gscSearchData,
+  gscUrlInspections: () => gscUrlInspections,
+  keywords: () => keywords,
+  notifications: () => notifications,
+  projects: () => projects,
+  querySnapshots: () => querySnapshots,
+  runs: () => runs,
+  schedules: () => schedules,
+  usageCounters: () => usageCounters
+});
+import { index, integer, sqliteTable, text, uniqueIndex } from "drizzle-orm/sqlite-core";
+var projects = sqliteTable("projects", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull().unique(),
+  displayName: text("display_name").notNull(),
+  canonicalDomain: text("canonical_domain").notNull(),
+  ownedDomains: text("owned_domains").notNull().default("[]"),
+  country: text("country").notNull(),
+  language: text("language").notNull(),
+  tags: text("tags").notNull().default("[]"),
+  labels: text("labels").notNull().default("{}"),
+  providers: text("providers").notNull().default("[]"),
+  locations: text("locations").notNull().default("[]"),
+  defaultLocation: text("default_location"),
+  configSource: text("config_source").notNull().default("cli"),
+  configRevision: integer("config_revision").notNull().default(1),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+});
+var keywords = sqliteTable("keywords", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  keyword: text("keyword").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_keywords_project").on(table.projectId),
+  uniqueIndex("idx_keywords_project_keyword").on(table.projectId, table.keyword)
+]);
+var competitors = sqliteTable("competitors", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  domain: text("domain").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_competitors_project").on(table.projectId),
+  uniqueIndex("idx_competitors_project_domain").on(table.projectId, table.domain)
+]);
+var runs = sqliteTable("runs", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  kind: text("kind").notNull().default("answer-visibility"),
+  status: text("status").notNull().default("queued"),
+  trigger: text("trigger").notNull().default("manual"),
+  location: text("location"),
+  startedAt: text("started_at"),
+  finishedAt: text("finished_at"),
+  error: text("error"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_runs_project").on(table.projectId),
+  index("idx_runs_status").on(table.status)
+]);
+var querySnapshots = sqliteTable("query_snapshots", {
+  id: text("id").primaryKey(),
+  runId: text("run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
+  keywordId: text("keyword_id").notNull().references(() => keywords.id, { onDelete: "cascade" }),
+  provider: text("provider").notNull().default("gemini"),
+  model: text("model"),
+  citationState: text("citation_state").notNull(),
+  answerText: text("answer_text"),
+  citedDomains: text("cited_domains").notNull().default("[]"),
+  competitorOverlap: text("competitor_overlap").notNull().default("[]"),
+  location: text("location"),
+  screenshotPath: text("screenshot_path"),
+  rawResponse: text("raw_response"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_snapshots_run").on(table.runId),
+  index("idx_snapshots_keyword").on(table.keywordId)
+]);
+var auditLog = sqliteTable("audit_log", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").references(() => projects.id, { onDelete: "cascade" }),
+  actor: text("actor").notNull(),
+  action: text("action").notNull(),
+  entityType: text("entity_type").notNull(),
+  entityId: text("entity_id"),
+  diff: text("diff"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_audit_log_project").on(table.projectId),
+  index("idx_audit_log_created").on(table.createdAt)
+]);
+var apiKeys = sqliteTable("api_keys", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull(),
+  keyHash: text("key_hash").notNull().unique(),
+  keyPrefix: text("key_prefix").notNull(),
+  scopes: text("scopes").notNull().default('["*"]'),
+  createdAt: text("created_at").notNull(),
+  lastUsedAt: text("last_used_at"),
+  revokedAt: text("revoked_at")
+}, (table) => [
+  index("idx_api_keys_prefix").on(table.keyPrefix)
+]);
+var schedules = sqliteTable("schedules", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  cronExpr: text("cron_expr").notNull(),
+  preset: text("preset"),
+  timezone: text("timezone").notNull().default("UTC"),
+  enabled: integer("enabled").notNull().default(1),
+  providers: text("providers").notNull().default("[]"),
+  lastRunAt: text("last_run_at"),
+  nextRunAt: text("next_run_at"),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  uniqueIndex("idx_schedules_project").on(table.projectId)
+]);
+var notifications = sqliteTable("notifications", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  channel: text("channel").notNull(),
+  config: text("config").notNull(),
+  webhookSecret: text("webhook_secret"),
+  enabled: integer("enabled").notNull().default(1),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  index("idx_notifications_project").on(table.projectId)
+]);
+var googleConnections = sqliteTable("google_connections", {
+  id: text("id").primaryKey(),
+  domain: text("domain").notNull(),
+  connectionType: text("connection_type").notNull(),
+  propertyId: text("property_id"),
+  sitemapUrl: text("sitemap_url"),
+  accessToken: text("access_token"),
+  refreshToken: text("refresh_token"),
+  tokenExpiresAt: text("token_expires_at"),
+  scopes: text("scopes").notNull().default("[]"),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  uniqueIndex("idx_google_conn_domain_type").on(table.domain, table.connectionType)
+]);
+var gscSearchData = sqliteTable("gsc_search_data", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  syncRunId: text("sync_run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
+  date: text("date").notNull(),
+  query: text("query").notNull(),
+  page: text("page").notNull(),
+  country: text("country"),
+  device: text("device"),
+  clicks: integer("clicks").notNull().default(0),
+  impressions: integer("impressions").notNull().default(0),
+  ctr: text("ctr").notNull().default("0"),
+  position: text("position").notNull().default("0"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_gsc_search_project_date").on(table.projectId, table.date),
+  index("idx_gsc_search_query").on(table.query),
+  index("idx_gsc_search_run").on(table.syncRunId)
+]);
+var gscUrlInspections = sqliteTable("gsc_url_inspections", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
+  url: text("url").notNull(),
+  indexingState: text("indexing_state"),
+  verdict: text("verdict"),
+  coverageState: text("coverage_state"),
+  pageFetchState: text("page_fetch_state"),
+  robotsTxtState: text("robots_txt_state"),
+  crawlTime: text("crawl_time"),
+  lastCrawlResult: text("last_crawl_result"),
+  isMobileFriendly: integer("is_mobile_friendly"),
+  richResults: text("rich_results").notNull().default("[]"),
+  referringUrls: text("referring_urls").notNull().default("[]"),
+  inspectedAt: text("inspected_at").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_gsc_inspect_project_url").on(table.projectId, table.url),
+  index("idx_gsc_inspect_run").on(table.syncRunId),
+  index("idx_gsc_inspect_url_time").on(table.url, table.inspectedAt)
+]);
+var gscCoverageSnapshots = sqliteTable("gsc_coverage_snapshots", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
+  date: text("date").notNull(),
+  indexed: integer("indexed").notNull().default(0),
+  notIndexed: integer("not_indexed").notNull().default(0),
+  reasonBreakdown: text("reason_breakdown").notNull().default("{}"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_gsc_coverage_snap_project_date").on(table.projectId, table.date),
+  index("idx_gsc_coverage_snap_run").on(table.syncRunId)
+]);
+var usageCounters = sqliteTable("usage_counters", {
+  id: text("id").primaryKey(),
+  scope: text("scope").notNull(),
+  period: text("period").notNull(),
+  metric: text("metric").notNull(),
+  count: integer("count").notNull().default(0),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  uniqueIndex("idx_usage_scope_period_metric").on(table.scope, table.period, table.metric),
+  index("idx_usage_scope_period").on(table.scope, table.period)
+]);
-// ../contracts/src/provider.ts
-import { z } from "zod";
-var providerQuotaPolicySchema = z.object({
-  maxConcurrency: z.number().int().positive(),
-  maxRequestsPerMinute: z.number().int().positive(),
-  maxRequestsPerDay: z.number().int().positive()
-});
-var PROVIDER_NAMES = ["gemini", "openai", "claude", "local", "cdp:chatgpt"];
-var providerNameSchema = z.enum(PROVIDER_NAMES);
-var PROVIDER_MODE = {
-  gemini: "api",
-  openai: "api",
-  claude: "api",
-  local: "api",
-  "cdp:chatgpt": "browser"
-};
-function isBrowserProvider(name) {
-  return PROVIDER_MODE[name] === "browser";
-}
-var CDP_TARGETS = ["cdp:chatgpt"];
-function parseProviderName(input) {
-  const lower = input.trim().toLowerCase();
-  return PROVIDER_NAMES.includes(lower) ? lower : void 0;
-}
-function resolveProviderInput(input) {
-  const lower = input.trim().toLowerCase();
-  if (lower === "cdp") {
-    return [...CDP_TARGETS];
-  }
-  const parsed = parseProviderName(lower);
-  return parsed ? [parsed] : [];
+// ../db/src/client.ts
+function createClient(databasePath) {
+  mkdirSync(dirname(databasePath), { recursive: true });
+  const sqlite = new Database(databasePath);
+  sqlite.pragma("journal_mode = WAL");
+  sqlite.pragma("foreign_keys = ON");
+  return drizzle(sqlite, { schema: schema_exports });
 }
-var locationContextSchema = z.object({
-  label: z.string().min(1),
-  city: z.string().min(1),
-  region: z.string().min(1),
-  country: z.string().length(2),
-  timezone: z.string().optional()
-});
-// ../contracts/src/notification.ts
-import { z as z2 } from "zod";
-var notificationEventSchema = z2.enum([
-  "citation.lost",
-  "citation.gained",
-  "run.completed",
-  "run.failed"
-]);
-var notificationDtoSchema = z2.object({
-  id: z2.string(),
-  projectId: z2.string(),
-  channel: z2.literal("webhook"),
-  url: z2.string().url(),
-  events: z2.array(notificationEventSchema),
-  enabled: z2.boolean().default(true),
-  webhookSecret: z2.string().optional(),
-  createdAt: z2.string(),
-  updatedAt: z2.string()
-});
+// ../db/src/migrate.ts
+import { sql } from "drizzle-orm";
+var MIGRATION_SQL = `
+CREATE TABLE IF NOT EXISTS projects (
+  id                TEXT PRIMARY KEY,
+  name              TEXT NOT NULL UNIQUE,
+  display_name      TEXT NOT NULL,
+  canonical_domain  TEXT NOT NULL,
+  owned_domains     TEXT NOT NULL DEFAULT '[]',
+  country           TEXT NOT NULL,
+  language          TEXT NOT NULL,
+  tags              TEXT NOT NULL DEFAULT '[]',
+  labels            TEXT NOT NULL DEFAULT '{}',
+  providers         TEXT NOT NULL DEFAULT '[]',
+  config_source     TEXT NOT NULL DEFAULT 'cli',
+  config_revision   INTEGER NOT NULL DEFAULT 1,
+  created_at        TEXT NOT NULL,
+  updated_at        TEXT NOT NULL
+);
-// ../contracts/src/config-schema.ts
-var configMetadataSchema = z3.object({
-  name: z3.string().min(1).max(63).regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, {
-    message: "Name must be a lowercase slug (letters, numbers, hyphens)"
-  }),
-  labels: z3.record(z3.string(), z3.string()).optional().default({})
-});
-var configScheduleSchema = z3.object({
-  preset: z3.string().optional(),
-  cron: z3.string().optional(),
-  timezone: z3.string().optional().default("UTC"),
-  providers: z3.array(providerNameSchema).optional().default([])
-}).refine(
-  (data) => data.preset && !data.cron || !data.preset && data.cron,
-  { message: 'Exactly one of "preset" or "cron" must be provided' }
-).optional();
-var configNotificationSchema = z3.object({
-  channel: z3.literal("webhook"),
-  url: z3.string().url(),
-  events: z3.array(notificationEventSchema).min(1)
-});
-var configGoogleSchema = z3.object({
-  gsc: z3.object({
-    propertyUrl: z3.string()
-  }).optional(),
-  syncSchedule: z3.object({
-    preset: z3.string().optional(),
-    cron: z3.string().optional()
-  }).optional()
-}).optional();
-var configSpecSchema = z3.object({
-  displayName: z3.string().min(1),
-  canonicalDomain: z3.string().min(1),
-  ownedDomains: z3.array(z3.string().min(1)).optional().default([]),
-  country: z3.string().length(2),
-  language: z3.string().min(2),
-  keywords: z3.array(z3.string().min(1)).optional().default([]),
-  competitors: z3.array(z3.string().min(1)).optional().default([]),
-  providers: z3.array(providerNameSchema).optional().default([]),
-  locations: z3.array(locationContextSchema).optional().default([]),
-  defaultLocation: z3.string().optional(),
-  schedule: configScheduleSchema,
-  notifications: z3.array(configNotificationSchema).optional().default([]),
-  google: configGoogleSchema
-});
-var projectConfigSchema = z3.object({
-  apiVersion: z3.literal("canonry/v1"),
-  kind: z3.literal("Project"),
-  metadata: configMetadataSchema,
-  spec: configSpecSchema
-});
+CREATE TABLE IF NOT EXISTS keywords (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  keyword     TEXT NOT NULL,
+  created_at  TEXT NOT NULL,
+  UNIQUE(project_id, keyword)
+);
-// ../contracts/src/models.ts
-var MODEL_REGISTRY = {
-  gemini: {
-    defaultModel: "gemini-3-flash",
-    validationPattern: /^gemini-/,
-    validationHint: 'model name must start with "gemini-" (e.g. gemini-3-flash)',
-    knownModels: [
-      { id: "gemini-3.1-pro-preview", displayName: "Gemini 3.1 Pro (Preview)", tier: "flagship" },
-      { id: "gemini-3-flash-preview", displayName: "Gemini 3 Flash (Preview)", tier: "standard" },
-      { id: "gemini-3.1-flash-lite-preview", displayName: "Gemini 3.1 Flash-Lite (Preview)", tier: "economy" },
-      { id: "gemini-2.5-flash", displayName: "Gemini 2.5 Flash", tier: "standard" }
-    ]
-  },
-  openai: {
-    defaultModel: "gpt-5.4",
-    validationPattern: /^(gpt-|o\d)/,
-    validationHint: "expected a GPT or o-series model name (e.g. gpt-5.4, o3)",
-    knownModels: [
-      { id: "gpt-5.4", displayName: "GPT-5.4", tier: "flagship" },
-      { id: "gpt-5.4-pro", displayName: "GPT-5.4 Pro", tier: "flagship" },
-      { id: "gpt-5-mini", displayName: "GPT-5 Mini", tier: "fast" },
-      { id: "gpt-5-nano", displayName: "GPT-5 Nano", tier: "economy" },
-      { id: "gpt-5", displayName: "GPT-5", tier: "standard" },
-      { id: "gpt-4.1", displayName: "GPT-4.1", tier: "standard" }
-    ]
-  },
-  claude: {
-    defaultModel: "claude-sonnet-4-6",
-    validationPattern: /^claude-/,
-    validationHint: 'model name must start with "claude-" (e.g. claude-sonnet-4-6)',
-    knownModels: [
-      { id: "claude-opus-4-6", displayName: "Claude Opus 4.6", tier: "flagship" },
-      { id: "claude-sonnet-4-6", displayName: "Claude Sonnet 4.6", tier: "standard" },
-      { id: "claude-haiku-4-5", displayName: "Claude Haiku 4.5", tier: "fast" }
-    ]
-  },
-  local: {
-    defaultModel: "llama3",
-    validationPattern: /./,
-    validationHint: "any model name accepted",
-    knownModels: [
-      { id: "llama3", displayName: "Llama 3", tier: "standard" }
-    ]
-  },
-  "cdp:chatgpt": {
-    defaultModel: "chatgpt-web",
-    validationPattern: /./,
-    validationHint: "model is detected from the ChatGPT web UI",
-    knownModels: [
-      { id: "chatgpt-web", displayName: "ChatGPT (Web UI)", tier: "standard" }
-    ]
-  }
-};
-function getDefaultModel(provider) {
-  return MODEL_REGISTRY[provider].defaultModel;
-}
-function isValidModelName(provider, model) {
-  return MODEL_REGISTRY[provider].validationPattern.test(model);
-}
+CREATE TABLE IF NOT EXISTS competitors (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  domain      TEXT NOT NULL,
+  created_at  TEXT NOT NULL,
+  UNIQUE(project_id, domain)
+);
+CREATE TABLE IF NOT EXISTS runs (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  kind        TEXT NOT NULL DEFAULT 'answer-visibility',
+  status      TEXT NOT NULL DEFAULT 'queued',
+  trigger     TEXT NOT NULL DEFAULT 'manual',
+  started_at  TEXT,
+  finished_at TEXT,
+  error       TEXT,
+  created_at  TEXT NOT NULL
+);
-// ../contracts/src/errors.ts
-var AppError = class extends Error {
-  code;
-  statusCode;
-  details;
-  constructor(code, message, statusCode, details) {
-    super(message);
-    this.name = "AppError";
-    this.code = code;
-    this.statusCode = statusCode;
-    this.details = details;
-  }
-  toJSON() {
-    return {
-      error: {
-        code: this.code,
-        message: this.message,
-        ...this.details ? { details: this.details } : {}
-      }
-    };
-  }
-};
-function notFound(entity, id) {
-  return new AppError("NOT_FOUND", `${entity} '${id}' not found`, 404);
-}
-function validationError(message, details) {
-  return new AppError("VALIDATION_ERROR", message, 400, details);
-}
-function authRequired() {
-  return new AppError("AUTH_REQUIRED", "Authentication required", 401);
-}
-function authInvalid() {
-  return new AppError("AUTH_INVALID", "Invalid API key", 401);
-}
-function runInProgress(projectName) {
-  return new AppError("RUN_IN_PROGRESS", `A run is already in progress for '${projectName}'`, 409);
-}
-function unsupportedKind(kind) {
-  return new AppError("UNSUPPORTED_KIND", `Kind '${kind}' is not supported in this version`, 400);
-}
+CREATE TABLE IF NOT EXISTS query_snapshots (
+  id                  TEXT PRIMARY KEY,
+  run_id              TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
+  keyword_id          TEXT NOT NULL REFERENCES keywords(id) ON DELETE CASCADE,
+  provider            TEXT NOT NULL DEFAULT 'gemini',
+  citation_state      TEXT NOT NULL,
+  answer_text         TEXT,
+  cited_domains       TEXT NOT NULL DEFAULT '[]',
+  competitor_overlap  TEXT NOT NULL DEFAULT '[]',
+  raw_response        TEXT,
+  created_at          TEXT NOT NULL
+);
-// ../contracts/src/google.ts
-import { z as z4 } from "zod";
-var googleConnectionTypeSchema = z4.enum(["gsc", "ga4"]);
-var googleConnectionDtoSchema = z4.object({
-  id: z4.string(),
-  domain: z4.string(),
-  connectionType: googleConnectionTypeSchema,
-  propertyId: z4.string().nullable().optional(),
-  sitemapUrl: z4.string().nullable().optional(),
-  scopes: z4.array(z4.string()).default([]),
-  createdAt: z4.string(),
-  updatedAt: z4.string()
-});
-var gscSearchDataDtoSchema = z4.object({
-  date: z4.string(),
-  query: z4.string(),
-  page: z4.string(),
-  country: z4.string().nullable().optional(),
-  device: z4.string().nullable().optional(),
-  clicks: z4.number(),
-  impressions: z4.number(),
-  ctr: z4.number(),
-  position: z4.number()
-});
-var gscUrlInspectionDtoSchema = z4.object({
-  id: z4.string(),
-  url: z4.string(),
-  indexingState: z4.string().nullable().optional(),
-  verdict: z4.string().nullable().optional(),
-  coverageState: z4.string().nullable().optional(),
-  pageFetchState: z4.string().nullable().optional(),
-  robotsTxtState: z4.string().nullable().optional(),
-  crawlTime: z4.string().nullable().optional(),
-  lastCrawlResult: z4.string().nullable().optional(),
-  isMobileFriendly: z4.boolean().nullable().optional(),
-  richResults: z4.array(z4.string()).default([]),
-  inspectedAt: z4.string()
-});
-var indexTransitionSchema = z4.enum(["stable", "reindexed", "deindexed", "still-missing", "new"]);
-var gscDeindexedRowSchema = z4.object({
-  url: z4.string(),
-  previousState: z4.string().nullable(),
-  currentState: z4.string().nullable(),
-  transitionDate: z4.string()
-});
-var gscReasonGroupSchema = z4.object({
-  reason: z4.string(),
-  count: z4.number(),
-  urls: z4.array(gscUrlInspectionDtoSchema).default([])
-});
-var gscCoverageSummaryDtoSchema = z4.object({
-  summary: z4.object({
-    total: z4.number(),
-    indexed: z4.number(),
-    notIndexed: z4.number(),
-    deindexed: z4.number(),
-    percentage: z4.number()
-  }),
-  lastInspectedAt: z4.string().nullable(),
-  indexed: z4.array(gscUrlInspectionDtoSchema).default([]),
-  notIndexed: z4.array(gscUrlInspectionDtoSchema).default([]),
-  deindexed: z4.array(gscDeindexedRowSchema).default([]),
-  reasonGroups: z4.array(gscReasonGroupSchema).default([])
-});
-var indexingNotificationDtoSchema = z4.object({
-  url: z4.string(),
-  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
-  notifiedAt: z4.string()
-});
-var indexingRequestResultDtoSchema = z4.object({
-  url: z4.string(),
-  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
-  notifiedAt: z4.string(),
-  status: z4.enum(["success", "error"]),
-  error: z4.string().optional()
-});
-var gscCoverageSnapshotDtoSchema = z4.object({
-  date: z4.string(),
-  indexed: z4.number(),
-  notIndexed: z4.number(),
-  reasonBreakdown: z4.record(z4.string(), z4.number()).default({})
-});
+CREATE TABLE IF NOT EXISTS audit_log (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT REFERENCES projects(id) ON DELETE CASCADE,
+  actor       TEXT NOT NULL,
+  action      TEXT NOT NULL,
+  entity_type TEXT NOT NULL,
+  entity_id   TEXT,
+  diff        TEXT,
+  created_at  TEXT NOT NULL
+);
-// ../contracts/src/project.ts
-import { z as z5 } from "zod";
-var configSourceSchema = z5.enum(["cli", "api", "config-file"]);
-var projectDtoSchema = z5.object({
-  id: z5.string(),
-  name: z5.string(),
-  displayName: z5.string().optional(),
-  canonicalDomain: z5.string(),
-  ownedDomains: z5.array(z5.string()).default([]),
-  country: z5.string().length(2),
-  language: z5.string().min(2),
-  tags: z5.array(z5.string()).default([]),
-  labels: z5.record(z5.string(), z5.string()).default({}),
-  locations: z5.array(locationContextSchema).default([]),
-  defaultLocation: z5.string().nullable().optional(),
-  configSource: configSourceSchema.default("cli"),
-  configRevision: z5.number().int().positive().default(1),
-  createdAt: z5.string().optional(),
-  updatedAt: z5.string().optional()
-});
-function normalizeProjectDomain(input) {
-  let domain = input.trim().toLowerCase();
-  try {
-    if (domain.includes("://")) {
-      domain = new URL(domain).hostname.toLowerCase();
-    }
-  } catch {
-  }
-  return domain.replace(/^www\./, "");
-}
-function effectiveDomains(project) {
-  const all = [project.canonicalDomain, ...project.ownedDomains ?? []];
-  const seen = /* @__PURE__ */ new Set();
-  const result = [];
-  for (const d of all) {
-    const trimmed = d.trim();
-    if (!trimmed) continue;
-    const norm = normalizeProjectDomain(trimmed);
-    if (seen.has(norm)) continue;
-    seen.add(norm);
-    result.push(trimmed);
-  }
-  return result;
-}
+CREATE TABLE IF NOT EXISTS api_keys (
+  id          TEXT PRIMARY KEY,
+  name        TEXT NOT NULL,
+  key_hash    TEXT NOT NULL UNIQUE,
+  key_prefix  TEXT NOT NULL,
+  scopes      TEXT NOT NULL DEFAULT '["*"]',
+  created_at  TEXT NOT NULL,
+  last_used_at TEXT,
+  revoked_at  TEXT
+);
-// ../contracts/src/run.ts
-import { z as z6 } from "zod";
-var runStatusSchema = z6.enum(["queued", "running", "completed", "partial", "failed"]);
-var runKindSchema = z6.enum(["answer-visibility", "site-audit", "gsc-sync", "inspect-sitemap"]);
-var runTriggerSchema = z6.enum(["manual", "scheduled", "config-apply"]);
-var citationStateSchema = z6.enum(["cited", "not-cited"]);
-var computedTransitionSchema = z6.enum(["new", "cited", "lost", "emerging", "not-cited"]);
-var runDtoSchema = z6.object({
-  id: z6.string(),
-  projectId: z6.string(),
-  kind: runKindSchema,
-  status: runStatusSchema,
-  trigger: runTriggerSchema.default("manual"),
-  location: z6.string().nullable().optional(),
-  startedAt: z6.string().nullable().optional(),
-  finishedAt: z6.string().nullable().optional(),
-  error: z6.string().nullable().optional(),
-  createdAt: z6.string()
-});
-var groundingSourceSchema = z6.object({
-  uri: z6.string(),
-  title: z6.string()
-});
-var querySnapshotDtoSchema = z6.object({
-  id: z6.string(),
-  runId: z6.string(),
-  keywordId: z6.string(),
-  keyword: z6.string().optional(),
-  provider: providerNameSchema,
-  citationState: citationStateSchema,
-  transition: computedTransitionSchema.optional(),
-  answerText: z6.string().nullable().optional(),
-  citedDomains: z6.array(z6.string()).default([]),
-  competitorOverlap: z6.array(z6.string()).default([]),
-  groundingSources: z6.array(groundingSourceSchema).default([]),
-  searchQueries: z6.array(z6.string()).default([]),
-  model: z6.string().nullable().optional(),
-  location: z6.string().nullable().optional(),
-  createdAt: z6.string()
-});
-var auditLogEntrySchema = z6.object({
-  id: z6.string(),
-  projectId: z6.string().nullable().optional(),
-  actor: z6.string(),
-  action: z6.string(),
-  entityType: z6.string(),
-  entityId: z6.string().nullable().optional(),
-  diff: z6.unknown().optional(),
-  createdAt: z6.string()
-});
+CREATE TABLE IF NOT EXISTS usage_counters (
+  id          TEXT PRIMARY KEY,
+  scope       TEXT NOT NULL,
+  period      TEXT NOT NULL,
+  metric      TEXT NOT NULL,
+  count       INTEGER NOT NULL DEFAULT 0,
+  updated_at  TEXT NOT NULL,
+  UNIQUE(scope, period, metric)
+);
-// ../contracts/src/schedule.ts
-import { z as z7 } from "zod";
-var scheduleDtoSchema = z7.object({
-  id: z7.string(),
-  projectId: z7.string(),
-  cronExpr: z7.string(),
-  preset: z7.string().nullable().optional(),
-  timezone: z7.string().default("UTC"),
-  enabled: z7.boolean().default(true),
-  providers: z7.array(providerNameSchema).default([]),
-  lastRunAt: z7.string().nullable().optional(),
-  nextRunAt: z7.string().nullable().optional(),
-  createdAt: z7.string(),
-  updatedAt: z7.string()
-});
+CREATE INDEX IF NOT EXISTS idx_keywords_project ON keywords(project_id);
+CREATE INDEX IF NOT EXISTS idx_competitors_project ON competitors(project_id);
+CREATE INDEX IF NOT EXISTS idx_runs_project ON runs(project_id);
+CREATE INDEX IF NOT EXISTS idx_runs_status ON runs(status);
+CREATE INDEX IF NOT EXISTS idx_snapshots_run ON query_snapshots(run_id);
+CREATE INDEX IF NOT EXISTS idx_snapshots_keyword ON query_snapshots(keyword_id);
+CREATE INDEX IF NOT EXISTS idx_audit_log_project ON audit_log(project_id);
+CREATE INDEX IF NOT EXISTS idx_audit_log_created ON audit_log(created_at);
+CREATE TABLE IF NOT EXISTS schedules (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  cron_expr   TEXT NOT NULL,
+  preset      TEXT,
+  timezone    TEXT NOT NULL DEFAULT 'UTC',
+  enabled     INTEGER NOT NULL DEFAULT 1,
+  providers   TEXT NOT NULL DEFAULT '[]',
+  last_run_at TEXT,
+  next_run_at TEXT,
+  created_at  TEXT NOT NULL,
+  updated_at  TEXT NOT NULL,
+  UNIQUE(project_id)
+);
-// ../contracts/src/source-categories.ts
-var SOURCE_CATEGORY_RULES = [
-  // Forums
-  { pattern: "reddit.com", category: "forum", label: "Reddit" },
-  { pattern: "quora.com", category: "forum", label: "Quora" },
-  { pattern: "stackexchange.com", category: "forum", label: "Stack Exchange" },
-  { pattern: "stackoverflow.com", category: "forum", label: "Stack Overflow" },
-  { pattern: "discourse.org", category: "forum", label: "Discourse" },
-  // Social
-  { pattern: "linkedin.com", category: "social", label: "LinkedIn" },
-  { pattern: "twitter.com", category: "social", label: "X (Twitter)" },
-  { pattern: "x.com", category: "social", label: "X (Twitter)" },
-  { pattern: "facebook.com", category: "social", label: "Facebook" },
-  { pattern: "instagram.com", category: "social", label: "Instagram" },
-  { pattern: "threads.net", category: "social", label: "Threads" },
-  { pattern: "pinterest.com", category: "social", label: "Pinterest" },
-  { pattern: "tiktok.com", category: "social", label: "TikTok" },
-  // Video
-  { pattern: "youtube.com", category: "video", label: "YouTube" },
-  { pattern: "youtu.be", category: "video", label: "YouTube" },
-  { pattern: "vimeo.com", category: "video", label: "Vimeo" },
-  // News
-  { pattern: "nytimes.com", category: "news", label: "NY Times" },
-  { pattern: "bbc.com", category: "news", label: "BBC" },
-  { pattern: "bbc.co.uk", category: "news", label: "BBC" },
-  { pattern: "cnn.com", category: "news", label: "CNN" },
-  { pattern: "reuters.com", category: "news", label: "Reuters" },
-  { pattern: "apnews.com", category: "news", label: "AP News" },
-  { pattern: "theguardian.com", category: "news", label: "The Guardian" },
-  { pattern: "washingtonpost.com", category: "news", label: "Washington Post" },
-  { pattern: "wsj.com", category: "news", label: "WSJ" },
-  { pattern: "forbes.com", category: "news", label: "Forbes" },
-  { pattern: "techcrunch.com", category: "news", label: "TechCrunch" },
-  { pattern: "theverge.com", category: "news", label: "The Verge" },
-  { pattern: "wired.com", category: "news", label: "Wired" },
-  { pattern: "arstechnica.com", category: "news", label: "Ars Technica" },
-  // Reference
-  { pattern: "wikipedia.org", category: "reference", label: "Wikipedia" },
-  { pattern: "wikimedia.org", category: "reference", label: "Wikimedia" },
-  { pattern: "britannica.com", category: "reference", label: "Britannica" },
-  { pattern: "merriam-webster.com", category: "reference", label: "Merriam-Webster" },
-  // Blog / Content platforms
-  { pattern: "medium.com", category: "blog", label: "Medium" },
-  { pattern: "substack.com", category: "blog", label: "Substack" },
-  { pattern: "dev.to", category: "blog", label: "DEV Community" },
-  { pattern: "hashnode.dev", category: "blog", label: "Hashnode" },
-  { pattern: "wordpress.com", category: "blog", label: "WordPress" },
-  { pattern: "blogger.com", category: "blog", label: "Blogger" },
-  { pattern: "hubspot.com", category: "blog", label: "HubSpot" },
-  // E-commerce
-  { pattern: "amazon.com", category: "ecommerce", label: "Amazon" },
-  { pattern: "amazon.co.uk", category: "ecommerce", label: "Amazon UK" },
-  { pattern: "shopify.com", category: "ecommerce", label: "Shopify" },
-  { pattern: "ebay.com", category: "ecommerce", label: "eBay" },
-  // Academic
-  { pattern: "scholar.google.com", category: "academic", label: "Google Scholar" },
-  { pattern: "arxiv.org", category: "academic", label: "arXiv" },
-  { pattern: "pubmed.ncbi.nlm.nih.gov", category: "academic", label: "PubMed" },
-  { pattern: "researchgate.net", category: "academic", label: "ResearchGate" },
-  { pattern: ".edu", category: "academic", label: "Academic (.edu)" }
+CREATE TABLE IF NOT EXISTS notifications (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  channel     TEXT NOT NULL,
+  config      TEXT NOT NULL,
+  enabled     INTEGER NOT NULL DEFAULT 1,
+  created_at  TEXT NOT NULL,
+  updated_at  TEXT NOT NULL
+);
+CREATE INDEX IF NOT EXISTS idx_api_keys_prefix ON api_keys(key_prefix);
+CREATE INDEX IF NOT EXISTS idx_usage_scope_period ON usage_counters(scope, period);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_schedules_project ON schedules(project_id);
+CREATE INDEX IF NOT EXISTS idx_notifications_project ON notifications(project_id);
+`;
+var MIGRATIONS = [
+  // v2: Add providers column to projects for multi-provider support
+  `ALTER TABLE projects ADD COLUMN providers TEXT NOT NULL DEFAULT '[]'`,
+  // v3: Add webhook_secret column to notifications for HMAC signing
+  `ALTER TABLE notifications ADD COLUMN webhook_secret TEXT`,
+  // v4: Add owned_domains column to projects for multi-domain citation matching
+  `ALTER TABLE projects ADD COLUMN owned_domains TEXT NOT NULL DEFAULT '[]'`,
+  // v5: Add model column to query_snapshots for per-model scoring
+  `ALTER TABLE query_snapshots ADD COLUMN model TEXT`,
+  // v5b: Backfill model from rawResponse JSON for existing snapshots
+  `UPDATE query_snapshots SET model = json_extract(raw_response, '$.model') WHERE model IS NULL AND raw_response IS NOT NULL AND json_extract(raw_response, '$.model') IS NOT NULL`,
+  // v6: Google Search Console integration — google_connections table (domain-scoped)
+  `CREATE TABLE IF NOT EXISTS google_connections (
+    id              TEXT PRIMARY KEY,
+    domain          TEXT NOT NULL,
+    connection_type TEXT NOT NULL,
+    property_id     TEXT,
+    access_token    TEXT,
+    refresh_token   TEXT,
+    token_expires_at TEXT,
+    scopes          TEXT NOT NULL DEFAULT '[]',
+    created_at      TEXT NOT NULL,
+    updated_at      TEXT NOT NULL
+  )`,
+  `CREATE UNIQUE INDEX IF NOT EXISTS idx_google_conn_domain_type ON google_connections(domain, connection_type)`,
+  // v6: Google Search Console integration — gsc_search_data table
+  `CREATE TABLE IF NOT EXISTS gsc_search_data (
+    id            TEXT PRIMARY KEY,
+    project_id    TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    sync_run_id   TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
+    date          TEXT NOT NULL,
+    query         TEXT NOT NULL,
+    page          TEXT NOT NULL,
+    country       TEXT,
+    device        TEXT,
+    clicks        INTEGER NOT NULL DEFAULT 0,
+    impressions   INTEGER NOT NULL DEFAULT 0,
+    ctr           TEXT NOT NULL DEFAULT '0',
+    position      TEXT NOT NULL DEFAULT '0',
+    created_at    TEXT NOT NULL
+  )`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_search_project_date ON gsc_search_data(project_id, date)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_search_query ON gsc_search_data(query)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_search_run ON gsc_search_data(sync_run_id)`,
+  // v6: Google Search Console integration — gsc_url_inspections table
+  `CREATE TABLE IF NOT EXISTS gsc_url_inspections (
+    id                TEXT PRIMARY KEY,
+    project_id        TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    sync_run_id       TEXT REFERENCES runs(id) ON DELETE CASCADE,
+    url               TEXT NOT NULL,
+    indexing_state    TEXT,
+    verdict           TEXT,
+    coverage_state    TEXT,
+    page_fetch_state  TEXT,
+    robots_txt_state  TEXT,
+    crawl_time        TEXT,
+    last_crawl_result TEXT,
+    is_mobile_friendly INTEGER,
+    rich_results      TEXT NOT NULL DEFAULT '[]',
+    referring_urls    TEXT NOT NULL DEFAULT '[]',
+    inspected_at      TEXT NOT NULL,
+    created_at        TEXT NOT NULL
+  )`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_project_url ON gsc_url_inspections(project_id, url)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_run ON gsc_url_inspections(sync_run_id)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_url_time ON gsc_url_inspections(url, inspected_at)`,
+  // v7: GSC coverage snapshots for historical tracking
+  `CREATE TABLE IF NOT EXISTS gsc_coverage_snapshots (
+    id              TEXT PRIMARY KEY,
+    project_id      TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    sync_run_id     TEXT REFERENCES runs(id) ON DELETE CASCADE,
+    date            TEXT NOT NULL,
+    indexed         INTEGER NOT NULL DEFAULT 0,
+    not_indexed     INTEGER NOT NULL DEFAULT 0,
+    reason_breakdown TEXT NOT NULL DEFAULT '{}',
+    created_at      TEXT NOT NULL
+  )`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_project_date ON gsc_coverage_snapshots(project_id, date)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_run ON gsc_coverage_snapshots(sync_run_id)`,
+  // v8: Location-aware sweeps — project locations + snapshot location tag
+  `ALTER TABLE projects ADD COLUMN locations TEXT NOT NULL DEFAULT '[]'`,
+  `ALTER TABLE projects ADD COLUMN default_location TEXT`,
+  `ALTER TABLE query_snapshots ADD COLUMN location TEXT`,
+  // v9: Add location column to runs for per-location run tracking
+  `ALTER TABLE runs ADD COLUMN location TEXT`,
+  // v10: Add sitemapUrl to google_connections for persistent sitemap storage
+  `ALTER TABLE google_connections ADD COLUMN sitemap_url TEXT`,
+  // v11: CDP browser provider — screenshot path for captured evidence
+  `ALTER TABLE query_snapshots ADD COLUMN screenshot_path TEXT`
 ];
-var CATEGORY_LABELS = {
-  social: "Social Media",
-  forum: "Forums & Q&A",
-  news: "News & Media",
-  reference: "Reference",
-  blog: "Blogs & Content",
-  ecommerce: "E-commerce",
-  video: "Video",
-  academic: "Academic",
-  other: "Other"
-};
-function categorizeSource(uri) {
-  let domain;
-  try {
-    const url = new URL(uri.startsWith("http") ? uri : `https://${uri}`);
-    domain = url.hostname.replace(/^www\./, "");
-  } catch {
-    domain = uri.replace(/^https?:\/\//, "").replace(/^www\./, "").split("/")[0] ?? uri;
+function migrate(db) {
+  const statements = MIGRATION_SQL.split(";").map((s) => s.trim()).filter((s) => s.length > 0);
+  for (const statement of statements) {
+    db.run(sql.raw(statement));
   }
-  const domainLower = domain.toLowerCase();
-  for (const rule of SOURCE_CATEGORY_RULES) {
-    if (domainLower === rule.pattern || domainLower.endsWith(`.${rule.pattern}`) || rule.pattern.startsWith(".") && domainLower.endsWith(rule.pattern)) {
-      return { category: rule.category, label: rule.label, domain };
+  for (const migration of MIGRATIONS) {
+    try {
+      db.run(sql.raw(migration));
+    } catch {
     }
   }
-  return { category: "other", label: CATEGORY_LABELS.other, domain };
-}
-function categoryLabel(category) {
-  return CATEGORY_LABELS[category];
 }
 // ../api-routes/src/auth.ts
@@ -5067,6 +5067,27 @@ async function cdpRoutes(app, opts) {
 // ../api-routes/src/index.ts
 async function apiRoutes(app, opts) {
   app.decorate("db", opts.db);
+  app.setErrorHandler((error, _request, reply) => {
+    if (error instanceof AppError) {
+      return reply.status(error.statusCode).send(error.toJSON());
+    }
+    const httpStatus = error.statusCode ?? error.status ?? 500;
+    if (httpStatus >= 400 && httpStatus < 500) {
+      return reply.status(httpStatus).send({
+        error: {
+          code: httpStatus === 401 ? "AUTH_INVALID" : httpStatus === 403 ? "FORBIDDEN" : httpStatus === 404 ? "NOT_FOUND" : httpStatus === 429 ? "QUOTA_EXCEEDED" : "VALIDATION_ERROR",
+          message: error.message
+        }
+      });
+    }
+    app.log.error(error);
+    return reply.status(500).send({
+      error: {
+        code: "INTERNAL_ERROR",
+        message: "An unexpected error occurred"
+      }
+    });
+  });
   if (!opts.skipAuth) {
     await app.register(authPlugin);
   }
@@ -5118,7 +5139,7 @@ async function apiRoutes(app, opts) {
       onCdpScreenshot: opts.onCdpScreenshot,
       onCdpConfigure: opts.onCdpConfigure
     });
-  }, { prefix: "/api/v1" });
+  }, { prefix: opts.routePrefix ?? "/api/v1" });
 }
 // ../provider-gemini/src/normalize.ts
@@ -7330,7 +7351,7 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
       });
       saveConfig(opts.config);
     }
-    const sitemapUrl = opts.sitemapUrl || `https://${project.canonicalDomain}/sitemap.xml`;
+    const sitemapUrl = opts.sitemapUrl || conn.sitemapUrl || `https://${project.canonicalDomain}/sitemap.xml`;
     console.log(`[Inspect Sitemap] Fetching sitemap from ${sitemapUrl}`);
     const urls = await fetchAndParseSitemap(sitemapUrl);
     console.log(`[Inspect Sitemap] Found ${urls.length} URLs in sitemap`);
@@ -7980,8 +8001,13 @@ async function createServer(opts) {
       return removed;
     }
   };
+  const rawBasePath = process.env.CANONRY_BASE_PATH ?? opts.config.basePath;
+  const normalizedBasePath = rawBasePath ? "/" + rawBasePath.replace(/^\//, "").replace(/\/?$/, "/") : void 0;
+  const basePath = normalizedBasePath === "/" ? void 0 : normalizedBasePath;
+  const apiPrefix = basePath ? `${basePath}api/v1` : "/api/v1";
   await app.register(apiRoutes, {
     db: opts.db,
+    routePrefix: apiPrefix,
     skipAuth: false,
     getGoogleAuthConfig: () => getGoogleAuthConfig(opts.config),
     googleConnectionStore,
@@ -8194,8 +8220,6 @@ async function createServer(opts) {
   const assetsDir = path6.join(dirname2, "..", "assets");
   if (fs5.existsSync(assetsDir)) {
     const indexPath = path6.join(assetsDir, "index.html");
-    const rawBasePath = process.env.CANONRY_BASE_PATH ?? opts.config.basePath;
-    const basePath = rawBasePath ? "/" + rawBasePath.replace(/^\//, "").replace(/\/?$/, "/") : void 0;
     const injectConfig = (html) => {
       const clientConfig = { apiKey: opts.config.apiKey };
       if (basePath) clientConfig.basePath = basePath;
@@ -8206,21 +8230,32 @@ async function createServer(opts) {
     const fastifyStatic = await import("@fastify/static");
     await app.register(fastifyStatic.default, {
       root: assetsDir,
-      prefix: "/",
+      prefix: basePath ?? "/",
       wildcard: false,
       // Don't serve index.html automatically — we handle it with config injection
       serve: true,
       index: false
     });
-    app.get("/", (_request, reply) => {
+    const serveIndex = (_request, reply) => {
       if (fs5.existsSync(indexPath)) {
         const html = fs5.readFileSync(indexPath, "utf-8");
         return reply.type("text/html").send(injectConfig(html));
       }
       return reply.status(404).send({ error: "Dashboard not built" });
-    });
+    };
+    const rootRouteTrailing = basePath ?? "/";
+    app.get(rootRouteTrailing, serveIndex);
+    if (basePath) {
+      const rootRouteBare = basePath.replace(/\/$/, "");
+      if (rootRouteBare) app.get(rootRouteBare, serveIndex);
+    }
     app.setNotFoundHandler((request, reply) => {
-      if (request.url.startsWith("/api/")) {
+      const url = request.url.split("?")[0];
+      const isApiRoute = url.startsWith("/api/") || basePath !== void 0 && url.startsWith(`${basePath}api/`);
+      if (isApiRoute) {
+        return reply.status(404).send({ error: "Not found", path: request.url });
+      }
+      if (basePath && !url.startsWith(basePath)) {
         return reply.status(404).send({ error: "Not found", path: request.url });
       }
       if (fs5.existsSync(indexPath)) {
@@ -8230,11 +8265,11 @@ async function createServer(opts) {
       return reply.status(404).send({ error: "Not found" });
     });
   }
-  app.get("/health", async () => ({
-    status: "ok",
-    service: "canonry",
-    version: PKG_VERSION
-  }));
+  const healthHandler = async () => ({ status: "ok", service: "canonry", version: PKG_VERSION });
+  app.get("/health", healthHandler);
+  if (basePath) {
+    app.get(`${basePath}health`, healthHandler);
+  }
   scheduler.start();
   app.addHook("onClose", async () => {
     scheduler.stop();