npm - @ainyc/canonry - Versions diffs - 1.19.3 → 1.20.0 - Mend

@ainyc/canonry 1.19.3 → 1.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/assets/assets/index-BAlQzE7t.js +246 -0
package/assets/assets/index-D-2VeJdG.css +1 -0
package/assets/index.html +2 -2
package/dist/{chunk-GX673NKZ.js → chunk-V7JJJDPL.js} +1712 -1122
package/dist/cli.js +413 -2
package/dist/index.d.ts +12 -0
package/dist/index.js +1 -1
package/package.json +6 -5
package/assets/assets/index-53IVPMPi.js +0 -246
package/assets/assets/index-DdQKI2_i.css +0 -1

package/dist/{chunk-GX673NKZ.js → chunk-V7JJJDPL.js} RENAMED Viewed

@@ -160,987 +160,1070 @@ function trackEvent(event, properties) {
 // src/server.ts
 import { createRequire as createRequire2 } from "module";
-import crypto18 from "crypto";
+import crypto19 from "crypto";
 import fs5 from "fs";
 import path6 from "path";
 import { fileURLToPath } from "url";
 import Fastify from "fastify";
-// ../api-routes/src/auth.ts
-import crypto2 from "crypto";
-import { eq } from "drizzle-orm";
-// ../db/src/client.ts
-import { mkdirSync } from "fs";
-import { dirname } from "path";
-import Database from "better-sqlite3";
-import { drizzle } from "drizzle-orm/better-sqlite3";
+// ../contracts/src/config-schema.ts
+import { z as z3 } from "zod";
-// ../db/src/schema.ts
-var schema_exports = {};
-__export(schema_exports, {
-  apiKeys: () => apiKeys,
-  auditLog: () => auditLog,
-  competitors: () => competitors,
-  googleConnections: () => googleConnections,
-  gscCoverageSnapshots: () => gscCoverageSnapshots,
-  gscSearchData: () => gscSearchData,
-  gscUrlInspections: () => gscUrlInspections,
-  keywords: () => keywords,
-  notifications: () => notifications,
-  projects: () => projects,
-  querySnapshots: () => querySnapshots,
-  runs: () => runs,
-  schedules: () => schedules,
-  usageCounters: () => usageCounters
+// ../contracts/src/provider.ts
+import { z } from "zod";
+var providerQuotaPolicySchema = z.object({
+  maxConcurrency: z.number().int().positive(),
+  maxRequestsPerMinute: z.number().int().positive(),
+  maxRequestsPerDay: z.number().int().positive()
 });
-import { index, integer, sqliteTable, text, uniqueIndex } from "drizzle-orm/sqlite-core";
-var projects = sqliteTable("projects", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull().unique(),
-  displayName: text("display_name").notNull(),
-  canonicalDomain: text("canonical_domain").notNull(),
-  ownedDomains: text("owned_domains").notNull().default("[]"),
-  country: text("country").notNull(),
-  language: text("language").notNull(),
-  tags: text("tags").notNull().default("[]"),
-  labels: text("labels").notNull().default("{}"),
-  providers: text("providers").notNull().default("[]"),
-  locations: text("locations").notNull().default("[]"),
-  defaultLocation: text("default_location"),
-  configSource: text("config_source").notNull().default("cli"),
-  configRevision: integer("config_revision").notNull().default(1),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
+var PROVIDER_NAMES = ["gemini", "openai", "claude", "local", "cdp:chatgpt"];
+var providerNameSchema = z.enum(PROVIDER_NAMES);
+var PROVIDER_MODE = {
+  gemini: "api",
+  openai: "api",
+  claude: "api",
+  local: "api",
+  "cdp:chatgpt": "browser"
+};
+function isBrowserProvider(name) {
+  return PROVIDER_MODE[name] === "browser";
+}
+var CDP_TARGETS = ["cdp:chatgpt"];
+function parseProviderName(input) {
+  const lower = input.trim().toLowerCase();
+  return PROVIDER_NAMES.includes(lower) ? lower : void 0;
+}
+function resolveProviderInput(input) {
+  const lower = input.trim().toLowerCase();
+  if (lower === "cdp") {
+    return [...CDP_TARGETS];
+  }
+  const parsed = parseProviderName(lower);
+  return parsed ? [parsed] : [];
+}
+var locationContextSchema = z.object({
+  label: z.string().min(1),
+  city: z.string().min(1),
+  region: z.string().min(1),
+  country: z.string().length(2),
+  timezone: z.string().optional()
 });
-var keywords = sqliteTable("keywords", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  keyword: text("keyword").notNull(),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_keywords_project").on(table.projectId),
-  uniqueIndex("idx_keywords_project_keyword").on(table.projectId, table.keyword)
-]);
-var competitors = sqliteTable("competitors", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  domain: text("domain").notNull(),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_competitors_project").on(table.projectId),
-  uniqueIndex("idx_competitors_project_domain").on(table.projectId, table.domain)
-]);
-var runs = sqliteTable("runs", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  kind: text("kind").notNull().default("answer-visibility"),
-  status: text("status").notNull().default("queued"),
-  trigger: text("trigger").notNull().default("manual"),
-  location: text("location"),
-  startedAt: text("started_at"),
-  finishedAt: text("finished_at"),
-  error: text("error"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_runs_project").on(table.projectId),
-  index("idx_runs_status").on(table.status)
-]);
-var querySnapshots = sqliteTable("query_snapshots", {
-  id: text("id").primaryKey(),
-  runId: text("run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
-  keywordId: text("keyword_id").notNull().references(() => keywords.id, { onDelete: "cascade" }),
-  provider: text("provider").notNull().default("gemini"),
-  model: text("model"),
-  citationState: text("citation_state").notNull(),
-  answerText: text("answer_text"),
-  citedDomains: text("cited_domains").notNull().default("[]"),
-  competitorOverlap: text("competitor_overlap").notNull().default("[]"),
-  location: text("location"),
-  screenshotPath: text("screenshot_path"),
-  rawResponse: text("raw_response"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_snapshots_run").on(table.runId),
-  index("idx_snapshots_keyword").on(table.keywordId)
-]);
-var auditLog = sqliteTable("audit_log", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").references(() => projects.id, { onDelete: "cascade" }),
-  actor: text("actor").notNull(),
-  action: text("action").notNull(),
-  entityType: text("entity_type").notNull(),
-  entityId: text("entity_id"),
-  diff: text("diff"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_audit_log_project").on(table.projectId),
-  index("idx_audit_log_created").on(table.createdAt)
-]);
-var apiKeys = sqliteTable("api_keys", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull(),
-  keyHash: text("key_hash").notNull().unique(),
-  keyPrefix: text("key_prefix").notNull(),
-  scopes: text("scopes").notNull().default('["*"]'),
-  createdAt: text("created_at").notNull(),
-  lastUsedAt: text("last_used_at"),
-  revokedAt: text("revoked_at")
-}, (table) => [
-  index("idx_api_keys_prefix").on(table.keyPrefix)
-]);
-var schedules = sqliteTable("schedules", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  cronExpr: text("cron_expr").notNull(),
-  preset: text("preset"),
-  timezone: text("timezone").notNull().default("UTC"),
-  enabled: integer("enabled").notNull().default(1),
-  providers: text("providers").notNull().default("[]"),
-  lastRunAt: text("last_run_at"),
-  nextRunAt: text("next_run_at"),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  uniqueIndex("idx_schedules_project").on(table.projectId)
-]);
-var notifications = sqliteTable("notifications", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  channel: text("channel").notNull(),
-  config: text("config").notNull(),
-  webhookSecret: text("webhook_secret"),
-  enabled: integer("enabled").notNull().default(1),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  index("idx_notifications_project").on(table.projectId)
-]);
-var googleConnections = sqliteTable("google_connections", {
-  id: text("id").primaryKey(),
-  domain: text("domain").notNull(),
-  connectionType: text("connection_type").notNull(),
-  propertyId: text("property_id"),
-  sitemapUrl: text("sitemap_url"),
-  accessToken: text("access_token"),
-  refreshToken: text("refresh_token"),
-  tokenExpiresAt: text("token_expires_at"),
-  scopes: text("scopes").notNull().default("[]"),
-  createdAt: text("created_at").notNull(),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  uniqueIndex("idx_google_conn_domain_type").on(table.domain, table.connectionType)
-]);
-var gscSearchData = sqliteTable("gsc_search_data", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  syncRunId: text("sync_run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
-  date: text("date").notNull(),
-  query: text("query").notNull(),
-  page: text("page").notNull(),
-  country: text("country"),
-  device: text("device"),
-  clicks: integer("clicks").notNull().default(0),
-  impressions: integer("impressions").notNull().default(0),
-  ctr: text("ctr").notNull().default("0"),
-  position: text("position").notNull().default("0"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_gsc_search_project_date").on(table.projectId, table.date),
-  index("idx_gsc_search_query").on(table.query),
-  index("idx_gsc_search_run").on(table.syncRunId)
-]);
-var gscUrlInspections = sqliteTable("gsc_url_inspections", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
-  url: text("url").notNull(),
-  indexingState: text("indexing_state"),
-  verdict: text("verdict"),
-  coverageState: text("coverage_state"),
-  pageFetchState: text("page_fetch_state"),
-  robotsTxtState: text("robots_txt_state"),
-  crawlTime: text("crawl_time"),
-  lastCrawlResult: text("last_crawl_result"),
-  isMobileFriendly: integer("is_mobile_friendly"),
-  richResults: text("rich_results").notNull().default("[]"),
-  referringUrls: text("referring_urls").notNull().default("[]"),
-  inspectedAt: text("inspected_at").notNull(),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_gsc_inspect_project_url").on(table.projectId, table.url),
-  index("idx_gsc_inspect_run").on(table.syncRunId),
-  index("idx_gsc_inspect_url_time").on(table.url, table.inspectedAt)
+// ../contracts/src/notification.ts
+import { z as z2 } from "zod";
+var notificationEventSchema = z2.enum([
+  "citation.lost",
+  "citation.gained",
+  "run.completed",
+  "run.failed"
 ]);
-var gscCoverageSnapshots = sqliteTable("gsc_coverage_snapshots", {
-  id: text("id").primaryKey(),
-  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
-  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
-  date: text("date").notNull(),
-  indexed: integer("indexed").notNull().default(0),
-  notIndexed: integer("not_indexed").notNull().default(0),
-  reasonBreakdown: text("reason_breakdown").notNull().default("{}"),
-  createdAt: text("created_at").notNull()
-}, (table) => [
-  index("idx_gsc_coverage_snap_project_date").on(table.projectId, table.date),
-  index("idx_gsc_coverage_snap_run").on(table.syncRunId)
-]);
-var usageCounters = sqliteTable("usage_counters", {
-  id: text("id").primaryKey(),
-  scope: text("scope").notNull(),
-  period: text("period").notNull(),
-  metric: text("metric").notNull(),
-  count: integer("count").notNull().default(0),
-  updatedAt: text("updated_at").notNull()
-}, (table) => [
-  uniqueIndex("idx_usage_scope_period_metric").on(table.scope, table.period, table.metric),
-  index("idx_usage_scope_period").on(table.scope, table.period)
-]);
-// ../db/src/client.ts
-function createClient(databasePath) {
-  mkdirSync(dirname(databasePath), { recursive: true });
-  const sqlite = new Database(databasePath);
-  sqlite.pragma("journal_mode = WAL");
-  sqlite.pragma("foreign_keys = ON");
-  return drizzle(sqlite, { schema: schema_exports });
-}
-// ../db/src/migrate.ts
-import { sql } from "drizzle-orm";
-var MIGRATION_SQL = `
-CREATE TABLE IF NOT EXISTS projects (
-  id                TEXT PRIMARY KEY,
-  name              TEXT NOT NULL UNIQUE,
-  display_name      TEXT NOT NULL,
-  canonical_domain  TEXT NOT NULL,
-  owned_domains     TEXT NOT NULL DEFAULT '[]',
-  country           TEXT NOT NULL,
-  language          TEXT NOT NULL,
-  tags              TEXT NOT NULL DEFAULT '[]',
-  labels            TEXT NOT NULL DEFAULT '{}',
-  providers         TEXT NOT NULL DEFAULT '[]',
-  config_source     TEXT NOT NULL DEFAULT 'cli',
-  config_revision   INTEGER NOT NULL DEFAULT 1,
-  created_at        TEXT NOT NULL,
-  updated_at        TEXT NOT NULL
-);
-CREATE TABLE IF NOT EXISTS keywords (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  keyword     TEXT NOT NULL,
-  created_at  TEXT NOT NULL,
-  UNIQUE(project_id, keyword)
-);
+var notificationDtoSchema = z2.object({
+  id: z2.string(),
+  projectId: z2.string(),
+  channel: z2.literal("webhook"),
+  url: z2.string().url(),
+  events: z2.array(notificationEventSchema),
+  enabled: z2.boolean().default(true),
+  webhookSecret: z2.string().optional(),
+  createdAt: z2.string(),
+  updatedAt: z2.string()
+});
-CREATE TABLE IF NOT EXISTS competitors (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  domain      TEXT NOT NULL,
-  created_at  TEXT NOT NULL,
-  UNIQUE(project_id, domain)
-);
+// ../contracts/src/config-schema.ts
+var configMetadataSchema = z3.object({
+  name: z3.string().min(1).max(63).regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, {
+    message: "Name must be a lowercase slug (letters, numbers, hyphens)"
+  }),
+  labels: z3.record(z3.string(), z3.string()).optional().default({})
+});
+var configScheduleSchema = z3.object({
+  preset: z3.string().optional(),
+  cron: z3.string().optional(),
+  timezone: z3.string().optional().default("UTC"),
+  providers: z3.array(providerNameSchema).optional().default([])
+}).refine(
+  (data) => data.preset && !data.cron || !data.preset && data.cron,
+  { message: 'Exactly one of "preset" or "cron" must be provided' }
+).optional();
+var configNotificationSchema = z3.object({
+  channel: z3.literal("webhook"),
+  url: z3.string().url(),
+  events: z3.array(notificationEventSchema).min(1)
+});
+var configGoogleSchema = z3.object({
+  gsc: z3.object({
+    propertyUrl: z3.string()
+  }).optional(),
+  syncSchedule: z3.object({
+    preset: z3.string().optional(),
+    cron: z3.string().optional()
+  }).optional()
+}).optional();
+var configSpecSchema = z3.object({
+  displayName: z3.string().min(1),
+  canonicalDomain: z3.string().min(1),
+  ownedDomains: z3.array(z3.string().min(1)).optional().default([]),
+  country: z3.string().length(2),
+  language: z3.string().min(2),
+  keywords: z3.array(z3.string().min(1)).optional().default([]),
+  competitors: z3.array(z3.string().min(1)).optional().default([]),
+  providers: z3.array(providerNameSchema).optional().default([]),
+  locations: z3.array(locationContextSchema).optional().default([]),
+  defaultLocation: z3.string().optional(),
+  schedule: configScheduleSchema,
+  notifications: z3.array(configNotificationSchema).optional().default([]),
+  google: configGoogleSchema
+});
+var projectConfigSchema = z3.object({
+  apiVersion: z3.literal("canonry/v1"),
+  kind: z3.literal("Project"),
+  metadata: configMetadataSchema,
+  spec: configSpecSchema
+});
-CREATE TABLE IF NOT EXISTS runs (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  kind        TEXT NOT NULL DEFAULT 'answer-visibility',
-  status      TEXT NOT NULL DEFAULT 'queued',
-  trigger     TEXT NOT NULL DEFAULT 'manual',
-  started_at  TEXT,
-  finished_at TEXT,
-  error       TEXT,
-  created_at  TEXT NOT NULL
-);
+// ../contracts/src/models.ts
+var MODEL_REGISTRY = {
+  gemini: {
+    defaultModel: "gemini-3-flash",
+    validationPattern: /^gemini-/,
+    validationHint: 'model name must start with "gemini-" (e.g. gemini-3-flash)',
+    knownModels: [
+      { id: "gemini-3.1-pro-preview", displayName: "Gemini 3.1 Pro (Preview)", tier: "flagship" },
+      { id: "gemini-3-flash-preview", displayName: "Gemini 3 Flash (Preview)", tier: "standard" },
+      { id: "gemini-3.1-flash-lite-preview", displayName: "Gemini 3.1 Flash-Lite (Preview)", tier: "economy" },
+      { id: "gemini-2.5-flash", displayName: "Gemini 2.5 Flash", tier: "standard" }
+    ]
+  },
+  openai: {
+    defaultModel: "gpt-5.4",
+    validationPattern: /^(gpt-|o\d)/,
+    validationHint: "expected a GPT or o-series model name (e.g. gpt-5.4, o3)",
+    knownModels: [
+      { id: "gpt-5.4", displayName: "GPT-5.4", tier: "flagship" },
+      { id: "gpt-5.4-pro", displayName: "GPT-5.4 Pro", tier: "flagship" },
+      { id: "gpt-5-mini", displayName: "GPT-5 Mini", tier: "fast" },
+      { id: "gpt-5-nano", displayName: "GPT-5 Nano", tier: "economy" },
+      { id: "gpt-5", displayName: "GPT-5", tier: "standard" },
+      { id: "gpt-4.1", displayName: "GPT-4.1", tier: "standard" }
+    ]
+  },
+  claude: {
+    defaultModel: "claude-sonnet-4-6",
+    validationPattern: /^claude-/,
+    validationHint: 'model name must start with "claude-" (e.g. claude-sonnet-4-6)',
+    knownModels: [
+      { id: "claude-opus-4-6", displayName: "Claude Opus 4.6", tier: "flagship" },
+      { id: "claude-sonnet-4-6", displayName: "Claude Sonnet 4.6", tier: "standard" },
+      { id: "claude-haiku-4-5", displayName: "Claude Haiku 4.5", tier: "fast" }
+    ]
+  },
+  local: {
+    defaultModel: "llama3",
+    validationPattern: /./,
+    validationHint: "any model name accepted",
+    knownModels: [
+      { id: "llama3", displayName: "Llama 3", tier: "standard" }
+    ]
+  },
+  "cdp:chatgpt": {
+    defaultModel: "chatgpt-web",
+    validationPattern: /./,
+    validationHint: "model is detected from the ChatGPT web UI",
+    knownModels: [
+      { id: "chatgpt-web", displayName: "ChatGPT (Web UI)", tier: "standard" }
+    ]
+  }
+};
+function getDefaultModel(provider) {
+  return MODEL_REGISTRY[provider].defaultModel;
+}
+function isValidModelName(provider, model) {
+  return MODEL_REGISTRY[provider].validationPattern.test(model);
+}
-CREATE TABLE IF NOT EXISTS query_snapshots (
-  id                  TEXT PRIMARY KEY,
-  run_id              TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
-  keyword_id          TEXT NOT NULL REFERENCES keywords(id) ON DELETE CASCADE,
-  provider            TEXT NOT NULL DEFAULT 'gemini',
-  citation_state      TEXT NOT NULL,
-  answer_text         TEXT,
-  cited_domains       TEXT NOT NULL DEFAULT '[]',
-  competitor_overlap  TEXT NOT NULL DEFAULT '[]',
-  raw_response        TEXT,
-  created_at          TEXT NOT NULL
-);
+// ../contracts/src/errors.ts
+var AppError = class extends Error {
+  code;
+  statusCode;
+  details;
+  constructor(code, message, statusCode, details) {
+    super(message);
+    this.name = "AppError";
+    this.code = code;
+    this.statusCode = statusCode;
+    this.details = details;
+  }
+  toJSON() {
+    return {
+      error: {
+        code: this.code,
+        message: this.message,
+        ...this.details ? { details: this.details } : {}
+      }
+    };
+  }
+};
+function notFound(entity, id) {
+  return new AppError("NOT_FOUND", `${entity} '${id}' not found`, 404);
+}
+function validationError(message, details) {
+  return new AppError("VALIDATION_ERROR", message, 400, details);
+}
+function authRequired() {
+  return new AppError("AUTH_REQUIRED", "Authentication required", 401);
+}
+function authInvalid() {
+  return new AppError("AUTH_INVALID", "Invalid API key", 401);
+}
+function runInProgress(projectName) {
+  return new AppError("RUN_IN_PROGRESS", `A run is already in progress for '${projectName}'`, 409);
+}
+function unsupportedKind(kind) {
+  return new AppError("UNSUPPORTED_KIND", `Kind '${kind}' is not supported in this version`, 400);
+}
-CREATE TABLE IF NOT EXISTS audit_log (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT REFERENCES projects(id) ON DELETE CASCADE,
-  actor       TEXT NOT NULL,
-  action      TEXT NOT NULL,
-  entity_type TEXT NOT NULL,
-  entity_id   TEXT,
-  diff        TEXT,
-  created_at  TEXT NOT NULL
-);
+// ../contracts/src/google.ts
+import { z as z4 } from "zod";
+var googleConnectionTypeSchema = z4.enum(["gsc", "ga4"]);
+var googleConnectionDtoSchema = z4.object({
+  id: z4.string(),
+  domain: z4.string(),
+  connectionType: googleConnectionTypeSchema,
+  propertyId: z4.string().nullable().optional(),
+  sitemapUrl: z4.string().nullable().optional(),
+  scopes: z4.array(z4.string()).default([]),
+  createdAt: z4.string(),
+  updatedAt: z4.string()
+});
+var gscSearchDataDtoSchema = z4.object({
+  date: z4.string(),
+  query: z4.string(),
+  page: z4.string(),
+  country: z4.string().nullable().optional(),
+  device: z4.string().nullable().optional(),
+  clicks: z4.number(),
+  impressions: z4.number(),
+  ctr: z4.number(),
+  position: z4.number()
+});
+var gscUrlInspectionDtoSchema = z4.object({
+  id: z4.string(),
+  url: z4.string(),
+  indexingState: z4.string().nullable().optional(),
+  verdict: z4.string().nullable().optional(),
+  coverageState: z4.string().nullable().optional(),
+  pageFetchState: z4.string().nullable().optional(),
+  robotsTxtState: z4.string().nullable().optional(),
+  crawlTime: z4.string().nullable().optional(),
+  lastCrawlResult: z4.string().nullable().optional(),
+  isMobileFriendly: z4.boolean().nullable().optional(),
+  richResults: z4.array(z4.string()).default([]),
+  inspectedAt: z4.string()
+});
+var indexTransitionSchema = z4.enum(["stable", "reindexed", "deindexed", "still-missing", "new"]);
+var gscDeindexedRowSchema = z4.object({
+  url: z4.string(),
+  previousState: z4.string().nullable(),
+  currentState: z4.string().nullable(),
+  transitionDate: z4.string()
+});
+var gscReasonGroupSchema = z4.object({
+  reason: z4.string(),
+  count: z4.number(),
+  urls: z4.array(gscUrlInspectionDtoSchema).default([])
+});
+var gscCoverageSummaryDtoSchema = z4.object({
+  summary: z4.object({
+    total: z4.number(),
+    indexed: z4.number(),
+    notIndexed: z4.number(),
+    deindexed: z4.number(),
+    percentage: z4.number()
+  }),
+  lastInspectedAt: z4.string().nullable(),
+  indexed: z4.array(gscUrlInspectionDtoSchema).default([]),
+  notIndexed: z4.array(gscUrlInspectionDtoSchema).default([]),
+  deindexed: z4.array(gscDeindexedRowSchema).default([]),
+  reasonGroups: z4.array(gscReasonGroupSchema).default([])
+});
+var indexingNotificationDtoSchema = z4.object({
+  url: z4.string(),
+  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
+  notifiedAt: z4.string()
+});
+var indexingRequestResultDtoSchema = z4.object({
+  url: z4.string(),
+  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
+  notifiedAt: z4.string(),
+  status: z4.enum(["success", "error"]),
+  error: z4.string().optional()
+});
+var gscCoverageSnapshotDtoSchema = z4.object({
+  date: z4.string(),
+  indexed: z4.number(),
+  notIndexed: z4.number(),
+  reasonBreakdown: z4.record(z4.string(), z4.number()).default({})
+});
-CREATE TABLE IF NOT EXISTS api_keys (
-  id          TEXT PRIMARY KEY,
-  name        TEXT NOT NULL,
-  key_hash    TEXT NOT NULL UNIQUE,
-  key_prefix  TEXT NOT NULL,
-  scopes      TEXT NOT NULL DEFAULT '["*"]',
-  created_at  TEXT NOT NULL,
-  last_used_at TEXT,
-  revoked_at  TEXT
-);
+// ../contracts/src/bing.ts
+import { z as z5 } from "zod";
+var bingConnectionDtoSchema = z5.object({
+  id: z5.string(),
+  domain: z5.string(),
+  siteUrl: z5.string().nullable().optional(),
+  createdAt: z5.string(),
+  updatedAt: z5.string()
+});
+var bingUrlInspectionDtoSchema = z5.object({
+  id: z5.string(),
+  url: z5.string(),
+  httpCode: z5.number().nullable().optional(),
+  inIndex: z5.boolean().nullable().optional(),
+  lastCrawledDate: z5.string().nullable().optional(),
+  inIndexDate: z5.string().nullable().optional(),
+  inspectedAt: z5.string()
+});
+var bingCoverageSummaryDtoSchema = z5.object({
+  summary: z5.object({
+    total: z5.number(),
+    indexed: z5.number(),
+    notIndexed: z5.number(),
+    percentage: z5.number()
+  }),
+  lastInspectedAt: z5.string().nullable(),
+  indexed: z5.array(bingUrlInspectionDtoSchema).default([]),
+  notIndexed: z5.array(bingUrlInspectionDtoSchema).default([])
+});
+var bingKeywordStatsDtoSchema = z5.object({
+  query: z5.string(),
+  impressions: z5.number(),
+  clicks: z5.number(),
+  ctr: z5.number(),
+  averagePosition: z5.number()
+});
+var bingSubmitResultDtoSchema = z5.object({
+  url: z5.string(),
+  status: z5.enum(["success", "error"]),
+  submittedAt: z5.string(),
+  error: z5.string().optional()
+});
-CREATE TABLE IF NOT EXISTS usage_counters (
-  id          TEXT PRIMARY KEY,
-  scope       TEXT NOT NULL,
-  period      TEXT NOT NULL,
-  metric      TEXT NOT NULL,
-  count       INTEGER NOT NULL DEFAULT 0,
-  updated_at  TEXT NOT NULL,
-  UNIQUE(scope, period, metric)
-);
+// ../contracts/src/project.ts
+import { z as z6 } from "zod";
+var configSourceSchema = z6.enum(["cli", "api", "config-file"]);
+var projectDtoSchema = z6.object({
+  id: z6.string(),
+  name: z6.string(),
+  displayName: z6.string().optional(),
+  canonicalDomain: z6.string(),
+  ownedDomains: z6.array(z6.string()).default([]),
+  country: z6.string().length(2),
+  language: z6.string().min(2),
+  tags: z6.array(z6.string()).default([]),
+  labels: z6.record(z6.string(), z6.string()).default({}),
+  locations: z6.array(locationContextSchema).default([]),
+  defaultLocation: z6.string().nullable().optional(),
+  configSource: configSourceSchema.default("cli"),
+  configRevision: z6.number().int().positive().default(1),
+  createdAt: z6.string().optional(),
+  updatedAt: z6.string().optional()
+});
+function normalizeProjectDomain(input) {
+  let domain = input.trim().toLowerCase();
+  try {
+    if (domain.includes("://")) {
+      domain = new URL(domain).hostname.toLowerCase();
+    }
+  } catch {
+  }
+  return domain.replace(/^www\./, "");
+}
+function effectiveDomains(project) {
+  const all = [project.canonicalDomain, ...project.ownedDomains ?? []];
+  const seen = /* @__PURE__ */ new Set();
+  const result = [];
+  for (const d of all) {
+    const trimmed = d.trim();
+    if (!trimmed) continue;
+    const norm = normalizeProjectDomain(trimmed);
+    if (seen.has(norm)) continue;
+    seen.add(norm);
+    result.push(trimmed);
+  }
+  return result;
+}
-CREATE INDEX IF NOT EXISTS idx_keywords_project ON keywords(project_id);
-CREATE INDEX IF NOT EXISTS idx_competitors_project ON competitors(project_id);
-CREATE INDEX IF NOT EXISTS idx_runs_project ON runs(project_id);
-CREATE INDEX IF NOT EXISTS idx_runs_status ON runs(status);
-CREATE INDEX IF NOT EXISTS idx_snapshots_run ON query_snapshots(run_id);
-CREATE INDEX IF NOT EXISTS idx_snapshots_keyword ON query_snapshots(keyword_id);
-CREATE INDEX IF NOT EXISTS idx_audit_log_project ON audit_log(project_id);
-CREATE INDEX IF NOT EXISTS idx_audit_log_created ON audit_log(created_at);
-CREATE TABLE IF NOT EXISTS schedules (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  cron_expr   TEXT NOT NULL,
-  preset      TEXT,
-  timezone    TEXT NOT NULL DEFAULT 'UTC',
-  enabled     INTEGER NOT NULL DEFAULT 1,
-  providers   TEXT NOT NULL DEFAULT '[]',
-  last_run_at TEXT,
-  next_run_at TEXT,
-  created_at  TEXT NOT NULL,
-  updated_at  TEXT NOT NULL,
-  UNIQUE(project_id)
-);
+// ../contracts/src/run.ts
+import { z as z7 } from "zod";
+var runStatusSchema = z7.enum(["queued", "running", "completed", "partial", "failed"]);
+var runKindSchema = z7.enum(["answer-visibility", "site-audit", "gsc-sync", "inspect-sitemap"]);
+var runTriggerSchema = z7.enum(["manual", "scheduled", "config-apply"]);
+var citationStateSchema = z7.enum(["cited", "not-cited"]);
+var computedTransitionSchema = z7.enum(["new", "cited", "lost", "emerging", "not-cited"]);
+var runDtoSchema = z7.object({
+  id: z7.string(),
+  projectId: z7.string(),
+  kind: runKindSchema,
+  status: runStatusSchema,
+  trigger: runTriggerSchema.default("manual"),
+  location: z7.string().nullable().optional(),
+  startedAt: z7.string().nullable().optional(),
+  finishedAt: z7.string().nullable().optional(),
+  error: z7.string().nullable().optional(),
+  createdAt: z7.string()
+});
+var groundingSourceSchema = z7.object({
+  uri: z7.string(),
+  title: z7.string()
+});
+var querySnapshotDtoSchema = z7.object({
+  id: z7.string(),
+  runId: z7.string(),
+  keywordId: z7.string(),
+  keyword: z7.string().optional(),
+  provider: providerNameSchema,
+  citationState: citationStateSchema,
+  transition: computedTransitionSchema.optional(),
+  answerText: z7.string().nullable().optional(),
+  citedDomains: z7.array(z7.string()).default([]),
+  competitorOverlap: z7.array(z7.string()).default([]),
+  groundingSources: z7.array(groundingSourceSchema).default([]),
+  searchQueries: z7.array(z7.string()).default([]),
+  model: z7.string().nullable().optional(),
+  location: z7.string().nullable().optional(),
+  createdAt: z7.string()
+});
+var auditLogEntrySchema = z7.object({
+  id: z7.string(),
+  projectId: z7.string().nullable().optional(),
+  actor: z7.string(),
+  action: z7.string(),
+  entityType: z7.string(),
+  entityId: z7.string().nullable().optional(),
+  diff: z7.unknown().optional(),
+  createdAt: z7.string()
+});
-CREATE TABLE IF NOT EXISTS notifications (
-  id          TEXT PRIMARY KEY,
-  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-  channel     TEXT NOT NULL,
-  config      TEXT NOT NULL,
-  enabled     INTEGER NOT NULL DEFAULT 1,
-  created_at  TEXT NOT NULL,
-  updated_at  TEXT NOT NULL
-);
+// ../contracts/src/schedule.ts
+import { z as z8 } from "zod";
+var scheduleDtoSchema = z8.object({
+  id: z8.string(),
+  projectId: z8.string(),
+  cronExpr: z8.string(),
+  preset: z8.string().nullable().optional(),
+  timezone: z8.string().default("UTC"),
+  enabled: z8.boolean().default(true),
+  providers: z8.array(providerNameSchema).default([]),
+  lastRunAt: z8.string().nullable().optional(),
+  nextRunAt: z8.string().nullable().optional(),
+  createdAt: z8.string(),
+  updatedAt: z8.string()
+});
-CREATE INDEX IF NOT EXISTS idx_api_keys_prefix ON api_keys(key_prefix);
-CREATE INDEX IF NOT EXISTS idx_usage_scope_period ON usage_counters(scope, period);
-CREATE UNIQUE INDEX IF NOT EXISTS idx_schedules_project ON schedules(project_id);
-CREATE INDEX IF NOT EXISTS idx_notifications_project ON notifications(project_id);
-`;
-var MIGRATIONS = [
-  // v2: Add providers column to projects for multi-provider support
-  `ALTER TABLE projects ADD COLUMN providers TEXT NOT NULL DEFAULT '[]'`,
-  // v3: Add webhook_secret column to notifications for HMAC signing
-  `ALTER TABLE notifications ADD COLUMN webhook_secret TEXT`,
-  // v4: Add owned_domains column to projects for multi-domain citation matching
-  `ALTER TABLE projects ADD COLUMN owned_domains TEXT NOT NULL DEFAULT '[]'`,
-  // v5: Add model column to query_snapshots for per-model scoring
-  `ALTER TABLE query_snapshots ADD COLUMN model TEXT`,
-  // v5b: Backfill model from rawResponse JSON for existing snapshots
-  `UPDATE query_snapshots SET model = json_extract(raw_response, '$.model') WHERE model IS NULL AND raw_response IS NOT NULL AND json_extract(raw_response, '$.model') IS NOT NULL`,
-  // v6: Google Search Console integration — google_connections table (domain-scoped)
-  `CREATE TABLE IF NOT EXISTS google_connections (
-    id              TEXT PRIMARY KEY,
-    domain          TEXT NOT NULL,
-    connection_type TEXT NOT NULL,
-    property_id     TEXT,
-    access_token    TEXT,
-    refresh_token   TEXT,
-    token_expires_at TEXT,
-    scopes          TEXT NOT NULL DEFAULT '[]',
-    created_at      TEXT NOT NULL,
-    updated_at      TEXT NOT NULL
-  )`,
-  `CREATE UNIQUE INDEX IF NOT EXISTS idx_google_conn_domain_type ON google_connections(domain, connection_type)`,
-  // v6: Google Search Console integration — gsc_search_data table
-  `CREATE TABLE IF NOT EXISTS gsc_search_data (
-    id            TEXT PRIMARY KEY,
-    project_id    TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-    sync_run_id   TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
-    date          TEXT NOT NULL,
-    query         TEXT NOT NULL,
-    page          TEXT NOT NULL,
-    country       TEXT,
-    device        TEXT,
-    clicks        INTEGER NOT NULL DEFAULT 0,
-    impressions   INTEGER NOT NULL DEFAULT 0,
-    ctr           TEXT NOT NULL DEFAULT '0',
-    position      TEXT NOT NULL DEFAULT '0',
-    created_at    TEXT NOT NULL
-  )`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_search_project_date ON gsc_search_data(project_id, date)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_search_query ON gsc_search_data(query)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_search_run ON gsc_search_data(sync_run_id)`,
-  // v6: Google Search Console integration — gsc_url_inspections table
-  `CREATE TABLE IF NOT EXISTS gsc_url_inspections (
-    id                TEXT PRIMARY KEY,
-    project_id        TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-    sync_run_id       TEXT REFERENCES runs(id) ON DELETE CASCADE,
-    url               TEXT NOT NULL,
-    indexing_state    TEXT,
-    verdict           TEXT,
-    coverage_state    TEXT,
-    page_fetch_state  TEXT,
-    robots_txt_state  TEXT,
-    crawl_time        TEXT,
-    last_crawl_result TEXT,
-    is_mobile_friendly INTEGER,
-    rich_results      TEXT NOT NULL DEFAULT '[]',
-    referring_urls    TEXT NOT NULL DEFAULT '[]',
-    inspected_at      TEXT NOT NULL,
-    created_at        TEXT NOT NULL
-  )`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_project_url ON gsc_url_inspections(project_id, url)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_run ON gsc_url_inspections(sync_run_id)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_url_time ON gsc_url_inspections(url, inspected_at)`,
-  // v7: GSC coverage snapshots for historical tracking
-  `CREATE TABLE IF NOT EXISTS gsc_coverage_snapshots (
-    id              TEXT PRIMARY KEY,
-    project_id      TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
-    sync_run_id     TEXT REFERENCES runs(id) ON DELETE CASCADE,
-    date            TEXT NOT NULL,
-    indexed         INTEGER NOT NULL DEFAULT 0,
-    not_indexed     INTEGER NOT NULL DEFAULT 0,
-    reason_breakdown TEXT NOT NULL DEFAULT '{}',
-    created_at      TEXT NOT NULL
-  )`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_project_date ON gsc_coverage_snapshots(project_id, date)`,
-  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_run ON gsc_coverage_snapshots(sync_run_id)`,
-  // v8: Location-aware sweeps — project locations + snapshot location tag
-  `ALTER TABLE projects ADD COLUMN locations TEXT NOT NULL DEFAULT '[]'`,
-  `ALTER TABLE projects ADD COLUMN default_location TEXT`,
-  `ALTER TABLE query_snapshots ADD COLUMN location TEXT`,
-  // v9: Add location column to runs for per-location run tracking
-  `ALTER TABLE runs ADD COLUMN location TEXT`,
-  // v10: Add sitemapUrl to google_connections for persistent sitemap storage
-  `ALTER TABLE google_connections ADD COLUMN sitemap_url TEXT`,
-  // v11: CDP browser provider — screenshot path for captured evidence
-  `ALTER TABLE query_snapshots ADD COLUMN screenshot_path TEXT`
+// ../contracts/src/source-categories.ts
+var SOURCE_CATEGORY_RULES = [
+  // Forums
+  { pattern: "reddit.com", category: "forum", label: "Reddit" },
+  { pattern: "quora.com", category: "forum", label: "Quora" },
+  { pattern: "stackexchange.com", category: "forum", label: "Stack Exchange" },
+  { pattern: "stackoverflow.com", category: "forum", label: "Stack Overflow" },
+  { pattern: "discourse.org", category: "forum", label: "Discourse" },
+  // Social
+  { pattern: "linkedin.com", category: "social", label: "LinkedIn" },
+  { pattern: "twitter.com", category: "social", label: "X (Twitter)" },
+  { pattern: "x.com", category: "social", label: "X (Twitter)" },
+  { pattern: "facebook.com", category: "social", label: "Facebook" },
+  { pattern: "instagram.com", category: "social", label: "Instagram" },
+  { pattern: "threads.net", category: "social", label: "Threads" },
+  { pattern: "pinterest.com", category: "social", label: "Pinterest" },
+  { pattern: "tiktok.com", category: "social", label: "TikTok" },
+  // Video
+  { pattern: "youtube.com", category: "video", label: "YouTube" },
+  { pattern: "youtu.be", category: "video", label: "YouTube" },
+  { pattern: "vimeo.com", category: "video", label: "Vimeo" },
+  // News
+  { pattern: "nytimes.com", category: "news", label: "NY Times" },
+  { pattern: "bbc.com", category: "news", label: "BBC" },
+  { pattern: "bbc.co.uk", category: "news", label: "BBC" },
+  { pattern: "cnn.com", category: "news", label: "CNN" },
+  { pattern: "reuters.com", category: "news", label: "Reuters" },
+  { pattern: "apnews.com", category: "news", label: "AP News" },
+  { pattern: "theguardian.com", category: "news", label: "The Guardian" },
+  { pattern: "washingtonpost.com", category: "news", label: "Washington Post" },
+  { pattern: "wsj.com", category: "news", label: "WSJ" },
+  { pattern: "forbes.com", category: "news", label: "Forbes" },
+  { pattern: "techcrunch.com", category: "news", label: "TechCrunch" },
+  { pattern: "theverge.com", category: "news", label: "The Verge" },
+  { pattern: "wired.com", category: "news", label: "Wired" },
+  { pattern: "arstechnica.com", category: "news", label: "Ars Technica" },
+  // Reference
+  { pattern: "wikipedia.org", category: "reference", label: "Wikipedia" },
+  { pattern: "wikimedia.org", category: "reference", label: "Wikimedia" },
+  { pattern: "britannica.com", category: "reference", label: "Britannica" },
+  { pattern: "merriam-webster.com", category: "reference", label: "Merriam-Webster" },
+  // Blog / Content platforms
+  { pattern: "medium.com", category: "blog", label: "Medium" },
+  { pattern: "substack.com", category: "blog", label: "Substack" },
+  { pattern: "dev.to", category: "blog", label: "DEV Community" },
+  { pattern: "hashnode.dev", category: "blog", label: "Hashnode" },
+  { pattern: "wordpress.com", category: "blog", label: "WordPress" },
+  { pattern: "blogger.com", category: "blog", label: "Blogger" },
+  { pattern: "hubspot.com", category: "blog", label: "HubSpot" },
+  // E-commerce
+  { pattern: "amazon.com", category: "ecommerce", label: "Amazon" },
+  { pattern: "amazon.co.uk", category: "ecommerce", label: "Amazon UK" },
+  { pattern: "shopify.com", category: "ecommerce", label: "Shopify" },
+  { pattern: "ebay.com", category: "ecommerce", label: "eBay" },
+  // Academic
+  { pattern: "scholar.google.com", category: "academic", label: "Google Scholar" },
+  { pattern: "arxiv.org", category: "academic", label: "arXiv" },
+  { pattern: "pubmed.ncbi.nlm.nih.gov", category: "academic", label: "PubMed" },
+  { pattern: "researchgate.net", category: "academic", label: "ResearchGate" },
+  { pattern: ".edu", category: "academic", label: "Academic (.edu)" }
 ];
-function migrate(db) {
-  const statements = MIGRATION_SQL.split(";").map((s) => s.trim()).filter((s) => s.length > 0);
-  for (const statement of statements) {
-    db.run(sql.raw(statement));
+var CATEGORY_LABELS = {
+  social: "Social Media",
+  forum: "Forums & Q&A",
+  news: "News & Media",
+  reference: "Reference",
+  blog: "Blogs & Content",
+  ecommerce: "E-commerce",
+  video: "Video",
+  academic: "Academic",
+  other: "Other"
+};
+function categorizeSource(uri) {
+  let domain;
+  try {
+    const url = new URL(uri.startsWith("http") ? uri : `https://${uri}`);
+    domain = url.hostname.replace(/^www\./, "");
+  } catch {
+    domain = uri.replace(/^https?:\/\//, "").replace(/^www\./, "").split("/")[0] ?? uri;
   }
-  for (const migration of MIGRATIONS) {
-    try {
-      db.run(sql.raw(migration));
-    } catch {
+  const domainLower = domain.toLowerCase();
+  for (const rule of SOURCE_CATEGORY_RULES) {
+    if (domainLower === rule.pattern || domainLower.endsWith(`.${rule.pattern}`) || rule.pattern.startsWith(".") && domainLower.endsWith(rule.pattern)) {
+      return { category: rule.category, label: rule.label, domain };
     }
   }
+  return { category: "other", label: CATEGORY_LABELS.other, domain };
 }
-// ../contracts/src/config-schema.ts
-import { z as z3 } from "zod";
-// ../contracts/src/provider.ts
-import { z } from "zod";
-var providerQuotaPolicySchema = z.object({
-  maxConcurrency: z.number().int().positive(),
-  maxRequestsPerMinute: z.number().int().positive(),
-  maxRequestsPerDay: z.number().int().positive()
-});
-var PROVIDER_NAMES = ["gemini", "openai", "claude", "local", "cdp:chatgpt"];
-var providerNameSchema = z.enum(PROVIDER_NAMES);
-var PROVIDER_MODE = {
-  gemini: "api",
-  openai: "api",
-  claude: "api",
-  local: "api",
-  "cdp:chatgpt": "browser"
-};
-function isBrowserProvider(name) {
-  return PROVIDER_MODE[name] === "browser";
-}
-var CDP_TARGETS = ["cdp:chatgpt"];
-function parseProviderName(input) {
-  const lower = input.trim().toLowerCase();
-  return PROVIDER_NAMES.includes(lower) ? lower : void 0;
-}
-function resolveProviderInput(input) {
-  const lower = input.trim().toLowerCase();
-  if (lower === "cdp") {
-    return [...CDP_TARGETS];
-  }
-  const parsed = parseProviderName(lower);
-  return parsed ? [parsed] : [];
+function categoryLabel(category) {
+  return CATEGORY_LABELS[category];
 }
-var locationContextSchema = z.object({
-  label: z.string().min(1),
-  city: z.string().min(1),
-  region: z.string().min(1),
-  country: z.string().length(2),
-  timezone: z.string().optional()
-});
-// ../contracts/src/notification.ts
-import { z as z2 } from "zod";
-var notificationEventSchema = z2.enum([
-  "citation.lost",
-  "citation.gained",
-  "run.completed",
-  "run.failed"
-]);
-var notificationDtoSchema = z2.object({
-  id: z2.string(),
-  projectId: z2.string(),
-  channel: z2.literal("webhook"),
-  url: z2.string().url(),
-  events: z2.array(notificationEventSchema),
-  enabled: z2.boolean().default(true),
-  webhookSecret: z2.string().optional(),
-  createdAt: z2.string(),
-  updatedAt: z2.string()
-});
+// ../api-routes/src/auth.ts
+import crypto2 from "crypto";
+import { eq } from "drizzle-orm";
-// ../contracts/src/config-schema.ts
-var configMetadataSchema = z3.object({
-  name: z3.string().min(1).max(63).regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, {
-    message: "Name must be a lowercase slug (letters, numbers, hyphens)"
-  }),
-  labels: z3.record(z3.string(), z3.string()).optional().default({})
+// ../db/src/client.ts
+import { mkdirSync } from "fs";
+import { dirname } from "path";
+import Database from "better-sqlite3";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+// ../db/src/schema.ts
+var schema_exports = {};
+__export(schema_exports, {
+  apiKeys: () => apiKeys,
+  auditLog: () => auditLog,
+  bingConnections: () => bingConnections,
+  bingKeywordStats: () => bingKeywordStats,
+  bingUrlInspections: () => bingUrlInspections,
+  competitors: () => competitors,
+  googleConnections: () => googleConnections,
+  gscCoverageSnapshots: () => gscCoverageSnapshots,
+  gscSearchData: () => gscSearchData,
+  gscUrlInspections: () => gscUrlInspections,
+  keywords: () => keywords,
+  notifications: () => notifications,
+  projects: () => projects,
+  querySnapshots: () => querySnapshots,
+  runs: () => runs,
+  schedules: () => schedules,
+  usageCounters: () => usageCounters
 });
-var configScheduleSchema = z3.object({
-  preset: z3.string().optional(),
-  cron: z3.string().optional(),
-  timezone: z3.string().optional().default("UTC"),
-  providers: z3.array(providerNameSchema).optional().default([])
-}).refine(
-  (data) => data.preset && !data.cron || !data.preset && data.cron,
-  { message: 'Exactly one of "preset" or "cron" must be provided' }
-).optional();
-var configNotificationSchema = z3.object({
-  channel: z3.literal("webhook"),
-  url: z3.string().url(),
-  events: z3.array(notificationEventSchema).min(1)
-});
-var configGoogleSchema = z3.object({
-  gsc: z3.object({
-    propertyUrl: z3.string()
-  }).optional(),
-  syncSchedule: z3.object({
-    preset: z3.string().optional(),
-    cron: z3.string().optional()
-  }).optional()
-}).optional();
-var configSpecSchema = z3.object({
-  displayName: z3.string().min(1),
-  canonicalDomain: z3.string().min(1),
-  ownedDomains: z3.array(z3.string().min(1)).optional().default([]),
-  country: z3.string().length(2),
-  language: z3.string().min(2),
-  keywords: z3.array(z3.string().min(1)).optional().default([]),
-  competitors: z3.array(z3.string().min(1)).optional().default([]),
-  providers: z3.array(providerNameSchema).optional().default([]),
-  locations: z3.array(locationContextSchema).optional().default([]),
-  defaultLocation: z3.string().optional(),
-  schedule: configScheduleSchema,
-  notifications: z3.array(configNotificationSchema).optional().default([]),
-  google: configGoogleSchema
-});
-var projectConfigSchema = z3.object({
-  apiVersion: z3.literal("canonry/v1"),
-  kind: z3.literal("Project"),
-  metadata: configMetadataSchema,
-  spec: configSpecSchema
+import { index, integer, sqliteTable, text, uniqueIndex } from "drizzle-orm/sqlite-core";
+var projects = sqliteTable("projects", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull().unique(),
+  displayName: text("display_name").notNull(),
+  canonicalDomain: text("canonical_domain").notNull(),
+  ownedDomains: text("owned_domains").notNull().default("[]"),
+  country: text("country").notNull(),
+  language: text("language").notNull(),
+  tags: text("tags").notNull().default("[]"),
+  labels: text("labels").notNull().default("{}"),
+  providers: text("providers").notNull().default("[]"),
+  locations: text("locations").notNull().default("[]"),
+  defaultLocation: text("default_location"),
+  configSource: text("config_source").notNull().default("cli"),
+  configRevision: integer("config_revision").notNull().default(1),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
 });
+var keywords = sqliteTable("keywords", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  keyword: text("keyword").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_keywords_project").on(table.projectId),
+  uniqueIndex("idx_keywords_project_keyword").on(table.projectId, table.keyword)
+]);
+var competitors = sqliteTable("competitors", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  domain: text("domain").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_competitors_project").on(table.projectId),
+  uniqueIndex("idx_competitors_project_domain").on(table.projectId, table.domain)
+]);
+var runs = sqliteTable("runs", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  kind: text("kind").notNull().default("answer-visibility"),
+  status: text("status").notNull().default("queued"),
+  trigger: text("trigger").notNull().default("manual"),
+  location: text("location"),
+  startedAt: text("started_at"),
+  finishedAt: text("finished_at"),
+  error: text("error"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_runs_project").on(table.projectId),
+  index("idx_runs_status").on(table.status)
+]);
+var querySnapshots = sqliteTable("query_snapshots", {
+  id: text("id").primaryKey(),
+  runId: text("run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
+  keywordId: text("keyword_id").notNull().references(() => keywords.id, { onDelete: "cascade" }),
+  provider: text("provider").notNull().default("gemini"),
+  model: text("model"),
+  citationState: text("citation_state").notNull(),
+  answerText: text("answer_text"),
+  citedDomains: text("cited_domains").notNull().default("[]"),
+  competitorOverlap: text("competitor_overlap").notNull().default("[]"),
+  location: text("location"),
+  screenshotPath: text("screenshot_path"),
+  rawResponse: text("raw_response"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_snapshots_run").on(table.runId),
+  index("idx_snapshots_keyword").on(table.keywordId)
+]);
+var auditLog = sqliteTable("audit_log", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").references(() => projects.id, { onDelete: "cascade" }),
+  actor: text("actor").notNull(),
+  action: text("action").notNull(),
+  entityType: text("entity_type").notNull(),
+  entityId: text("entity_id"),
+  diff: text("diff"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_audit_log_project").on(table.projectId),
+  index("idx_audit_log_created").on(table.createdAt)
+]);
+var apiKeys = sqliteTable("api_keys", {
+  id: text("id").primaryKey(),
+  name: text("name").notNull(),
+  keyHash: text("key_hash").notNull().unique(),
+  keyPrefix: text("key_prefix").notNull(),
+  scopes: text("scopes").notNull().default('["*"]'),
+  createdAt: text("created_at").notNull(),
+  lastUsedAt: text("last_used_at"),
+  revokedAt: text("revoked_at")
+}, (table) => [
+  index("idx_api_keys_prefix").on(table.keyPrefix)
+]);
+var schedules = sqliteTable("schedules", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  cronExpr: text("cron_expr").notNull(),
+  preset: text("preset"),
+  timezone: text("timezone").notNull().default("UTC"),
+  enabled: integer("enabled").notNull().default(1),
+  providers: text("providers").notNull().default("[]"),
+  lastRunAt: text("last_run_at"),
+  nextRunAt: text("next_run_at"),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  uniqueIndex("idx_schedules_project").on(table.projectId)
+]);
+var notifications = sqliteTable("notifications", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  channel: text("channel").notNull(),
+  config: text("config").notNull(),
+  webhookSecret: text("webhook_secret"),
+  enabled: integer("enabled").notNull().default(1),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  index("idx_notifications_project").on(table.projectId)
+]);
+var googleConnections = sqliteTable("google_connections", {
+  id: text("id").primaryKey(),
+  domain: text("domain").notNull(),
+  connectionType: text("connection_type").notNull(),
+  propertyId: text("property_id"),
+  sitemapUrl: text("sitemap_url"),
+  accessToken: text("access_token"),
+  refreshToken: text("refresh_token"),
+  tokenExpiresAt: text("token_expires_at"),
+  scopes: text("scopes").notNull().default("[]"),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  uniqueIndex("idx_google_conn_domain_type").on(table.domain, table.connectionType)
+]);
+var gscSearchData = sqliteTable("gsc_search_data", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  syncRunId: text("sync_run_id").notNull().references(() => runs.id, { onDelete: "cascade" }),
+  date: text("date").notNull(),
+  query: text("query").notNull(),
+  page: text("page").notNull(),
+  country: text("country"),
+  device: text("device"),
+  clicks: integer("clicks").notNull().default(0),
+  impressions: integer("impressions").notNull().default(0),
+  ctr: text("ctr").notNull().default("0"),
+  position: text("position").notNull().default("0"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_gsc_search_project_date").on(table.projectId, table.date),
+  index("idx_gsc_search_query").on(table.query),
+  index("idx_gsc_search_run").on(table.syncRunId)
+]);
+var gscUrlInspections = sqliteTable("gsc_url_inspections", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
+  url: text("url").notNull(),
+  indexingState: text("indexing_state"),
+  verdict: text("verdict"),
+  coverageState: text("coverage_state"),
+  pageFetchState: text("page_fetch_state"),
+  robotsTxtState: text("robots_txt_state"),
+  crawlTime: text("crawl_time"),
+  lastCrawlResult: text("last_crawl_result"),
+  isMobileFriendly: integer("is_mobile_friendly"),
+  richResults: text("rich_results").notNull().default("[]"),
+  referringUrls: text("referring_urls").notNull().default("[]"),
+  inspectedAt: text("inspected_at").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_gsc_inspect_project_url").on(table.projectId, table.url),
+  index("idx_gsc_inspect_run").on(table.syncRunId),
+  index("idx_gsc_inspect_url_time").on(table.url, table.inspectedAt)
+]);
+var gscCoverageSnapshots = sqliteTable("gsc_coverage_snapshots", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  syncRunId: text("sync_run_id").references(() => runs.id, { onDelete: "cascade" }),
+  date: text("date").notNull(),
+  indexed: integer("indexed").notNull().default(0),
+  notIndexed: integer("not_indexed").notNull().default(0),
+  reasonBreakdown: text("reason_breakdown").notNull().default("{}"),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_gsc_coverage_snap_project_date").on(table.projectId, table.date),
+  index("idx_gsc_coverage_snap_run").on(table.syncRunId)
+]);
+var bingConnections = sqliteTable("bing_connections", {
+  id: text("id").primaryKey(),
+  domain: text("domain").notNull(),
+  siteUrl: text("site_url"),
+  createdAt: text("created_at").notNull(),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  uniqueIndex("idx_bing_conn_domain").on(table.domain)
+]);
+var bingUrlInspections = sqliteTable("bing_url_inspections", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  url: text("url").notNull(),
+  httpCode: integer("http_code"),
+  inIndex: integer("in_index"),
+  lastCrawledDate: text("last_crawled_date"),
+  inIndexDate: text("in_index_date"),
+  inspectedAt: text("inspected_at").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_bing_inspect_project_url").on(table.projectId, table.url),
+  index("idx_bing_inspect_url_time").on(table.url, table.inspectedAt)
+]);
+var bingKeywordStats = sqliteTable("bing_keyword_stats", {
+  id: text("id").primaryKey(),
+  projectId: text("project_id").notNull().references(() => projects.id, { onDelete: "cascade" }),
+  query: text("query").notNull(),
+  impressions: integer("impressions").notNull().default(0),
+  clicks: integer("clicks").notNull().default(0),
+  ctr: text("ctr").notNull().default("0"),
+  averagePosition: text("average_position").notNull().default("0"),
+  syncedAt: text("synced_at").notNull(),
+  createdAt: text("created_at").notNull()
+}, (table) => [
+  index("idx_bing_keyword_project").on(table.projectId),
+  index("idx_bing_keyword_query").on(table.query)
+]);
+var usageCounters = sqliteTable("usage_counters", {
+  id: text("id").primaryKey(),
+  scope: text("scope").notNull(),
+  period: text("period").notNull(),
+  metric: text("metric").notNull(),
+  count: integer("count").notNull().default(0),
+  updatedAt: text("updated_at").notNull()
+}, (table) => [
+  uniqueIndex("idx_usage_scope_period_metric").on(table.scope, table.period, table.metric),
+  index("idx_usage_scope_period").on(table.scope, table.period)
+]);
-// ../contracts/src/models.ts
-var MODEL_REGISTRY = {
-  gemini: {
-    defaultModel: "gemini-3-flash",
-    validationPattern: /^gemini-/,
-    validationHint: 'model name must start with "gemini-" (e.g. gemini-3-flash)',
-    knownModels: [
-      { id: "gemini-3.1-pro-preview", displayName: "Gemini 3.1 Pro (Preview)", tier: "flagship" },
-      { id: "gemini-3-flash-preview", displayName: "Gemini 3 Flash (Preview)", tier: "standard" },
-      { id: "gemini-3.1-flash-lite-preview", displayName: "Gemini 3.1 Flash-Lite (Preview)", tier: "economy" },
-      { id: "gemini-2.5-flash", displayName: "Gemini 2.5 Flash", tier: "standard" }
-    ]
-  },
-  openai: {
-    defaultModel: "gpt-5.4",
-    validationPattern: /^(gpt-|o\d)/,
-    validationHint: "expected a GPT or o-series model name (e.g. gpt-5.4, o3)",
-    knownModels: [
-      { id: "gpt-5.4", displayName: "GPT-5.4", tier: "flagship" },
-      { id: "gpt-5.4-pro", displayName: "GPT-5.4 Pro", tier: "flagship" },
-      { id: "gpt-5-mini", displayName: "GPT-5 Mini", tier: "fast" },
-      { id: "gpt-5-nano", displayName: "GPT-5 Nano", tier: "economy" },
-      { id: "gpt-5", displayName: "GPT-5", tier: "standard" },
-      { id: "gpt-4.1", displayName: "GPT-4.1", tier: "standard" }
-    ]
-  },
-  claude: {
-    defaultModel: "claude-sonnet-4-6",
-    validationPattern: /^claude-/,
-    validationHint: 'model name must start with "claude-" (e.g. claude-sonnet-4-6)',
-    knownModels: [
-      { id: "claude-opus-4-6", displayName: "Claude Opus 4.6", tier: "flagship" },
-      { id: "claude-sonnet-4-6", displayName: "Claude Sonnet 4.6", tier: "standard" },
-      { id: "claude-haiku-4-5", displayName: "Claude Haiku 4.5", tier: "fast" }
-    ]
-  },
-  local: {
-    defaultModel: "llama3",
-    validationPattern: /./,
-    validationHint: "any model name accepted",
-    knownModels: [
-      { id: "llama3", displayName: "Llama 3", tier: "standard" }
-    ]
-  },
-  "cdp:chatgpt": {
-    defaultModel: "chatgpt-web",
-    validationPattern: /./,
-    validationHint: "model is detected from the ChatGPT web UI",
-    knownModels: [
-      { id: "chatgpt-web", displayName: "ChatGPT (Web UI)", tier: "standard" }
-    ]
-  }
-};
-function getDefaultModel(provider) {
-  return MODEL_REGISTRY[provider].defaultModel;
-}
-function isValidModelName(provider, model) {
-  return MODEL_REGISTRY[provider].validationPattern.test(model);
+// ../db/src/client.ts
+function createClient(databasePath) {
+  mkdirSync(dirname(databasePath), { recursive: true });
+  const sqlite = new Database(databasePath);
+  sqlite.pragma("journal_mode = WAL");
+  sqlite.pragma("foreign_keys = ON");
+  return drizzle(sqlite, { schema: schema_exports });
 }
-// ../contracts/src/errors.ts
-var AppError = class extends Error {
-  code;
-  statusCode;
-  details;
-  constructor(code, message, statusCode, details) {
-    super(message);
-    this.name = "AppError";
-    this.code = code;
-    this.statusCode = statusCode;
-    this.details = details;
-  }
-  toJSON() {
-    return {
-      error: {
-        code: this.code,
-        message: this.message,
-        ...this.details ? { details: this.details } : {}
-      }
-    };
-  }
-};
-function notFound(entity, id) {
-  return new AppError("NOT_FOUND", `${entity} '${id}' not found`, 404);
-}
-function validationError(message, details) {
-  return new AppError("VALIDATION_ERROR", message, 400, details);
-}
-function authRequired() {
-  return new AppError("AUTH_REQUIRED", "Authentication required", 401);
-}
-function authInvalid() {
-  return new AppError("AUTH_INVALID", "Invalid API key", 401);
-}
-function runInProgress(projectName) {
-  return new AppError("RUN_IN_PROGRESS", `A run is already in progress for '${projectName}'`, 409);
-}
-function unsupportedKind(kind) {
-  return new AppError("UNSUPPORTED_KIND", `Kind '${kind}' is not supported in this version`, 400);
-}
+// ../db/src/migrate.ts
+import { sql } from "drizzle-orm";
+var MIGRATION_SQL = `
+CREATE TABLE IF NOT EXISTS projects (
+  id                TEXT PRIMARY KEY,
+  name              TEXT NOT NULL UNIQUE,
+  display_name      TEXT NOT NULL,
+  canonical_domain  TEXT NOT NULL,
+  owned_domains     TEXT NOT NULL DEFAULT '[]',
+  country           TEXT NOT NULL,
+  language          TEXT NOT NULL,
+  tags              TEXT NOT NULL DEFAULT '[]',
+  labels            TEXT NOT NULL DEFAULT '{}',
+  providers         TEXT NOT NULL DEFAULT '[]',
+  config_source     TEXT NOT NULL DEFAULT 'cli',
+  config_revision   INTEGER NOT NULL DEFAULT 1,
+  created_at        TEXT NOT NULL,
+  updated_at        TEXT NOT NULL
+);
-// ../contracts/src/google.ts
-import { z as z4 } from "zod";
-var googleConnectionTypeSchema = z4.enum(["gsc", "ga4"]);
-var googleConnectionDtoSchema = z4.object({
-  id: z4.string(),
-  domain: z4.string(),
-  connectionType: googleConnectionTypeSchema,
-  propertyId: z4.string().nullable().optional(),
-  sitemapUrl: z4.string().nullable().optional(),
-  scopes: z4.array(z4.string()).default([]),
-  createdAt: z4.string(),
-  updatedAt: z4.string()
-});
-var gscSearchDataDtoSchema = z4.object({
-  date: z4.string(),
-  query: z4.string(),
-  page: z4.string(),
-  country: z4.string().nullable().optional(),
-  device: z4.string().nullable().optional(),
-  clicks: z4.number(),
-  impressions: z4.number(),
-  ctr: z4.number(),
-  position: z4.number()
-});
-var gscUrlInspectionDtoSchema = z4.object({
-  id: z4.string(),
-  url: z4.string(),
-  indexingState: z4.string().nullable().optional(),
-  verdict: z4.string().nullable().optional(),
-  coverageState: z4.string().nullable().optional(),
-  pageFetchState: z4.string().nullable().optional(),
-  robotsTxtState: z4.string().nullable().optional(),
-  crawlTime: z4.string().nullable().optional(),
-  lastCrawlResult: z4.string().nullable().optional(),
-  isMobileFriendly: z4.boolean().nullable().optional(),
-  richResults: z4.array(z4.string()).default([]),
-  inspectedAt: z4.string()
-});
-var indexTransitionSchema = z4.enum(["stable", "reindexed", "deindexed", "still-missing", "new"]);
-var gscDeindexedRowSchema = z4.object({
-  url: z4.string(),
-  previousState: z4.string().nullable(),
-  currentState: z4.string().nullable(),
-  transitionDate: z4.string()
-});
-var gscReasonGroupSchema = z4.object({
-  reason: z4.string(),
-  count: z4.number(),
-  urls: z4.array(gscUrlInspectionDtoSchema).default([])
-});
-var gscCoverageSummaryDtoSchema = z4.object({
-  summary: z4.object({
-    total: z4.number(),
-    indexed: z4.number(),
-    notIndexed: z4.number(),
-    deindexed: z4.number(),
-    percentage: z4.number()
-  }),
-  lastInspectedAt: z4.string().nullable(),
-  indexed: z4.array(gscUrlInspectionDtoSchema).default([]),
-  notIndexed: z4.array(gscUrlInspectionDtoSchema).default([]),
-  deindexed: z4.array(gscDeindexedRowSchema).default([]),
-  reasonGroups: z4.array(gscReasonGroupSchema).default([])
-});
-var indexingNotificationDtoSchema = z4.object({
-  url: z4.string(),
-  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
-  notifiedAt: z4.string()
-});
-var indexingRequestResultDtoSchema = z4.object({
-  url: z4.string(),
-  type: z4.enum(["URL_UPDATED", "URL_DELETED"]),
-  notifiedAt: z4.string(),
-  status: z4.enum(["success", "error"]),
-  error: z4.string().optional()
-});
-var gscCoverageSnapshotDtoSchema = z4.object({
-  date: z4.string(),
-  indexed: z4.number(),
-  notIndexed: z4.number(),
-  reasonBreakdown: z4.record(z4.string(), z4.number()).default({})
-});
+CREATE TABLE IF NOT EXISTS keywords (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  keyword     TEXT NOT NULL,
+  created_at  TEXT NOT NULL,
+  UNIQUE(project_id, keyword)
+);
+CREATE TABLE IF NOT EXISTS competitors (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  domain      TEXT NOT NULL,
+  created_at  TEXT NOT NULL,
+  UNIQUE(project_id, domain)
+);
+CREATE TABLE IF NOT EXISTS runs (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  kind        TEXT NOT NULL DEFAULT 'answer-visibility',
+  status      TEXT NOT NULL DEFAULT 'queued',
+  trigger     TEXT NOT NULL DEFAULT 'manual',
+  started_at  TEXT,
+  finished_at TEXT,
+  error       TEXT,
+  created_at  TEXT NOT NULL
+);
+CREATE TABLE IF NOT EXISTS query_snapshots (
+  id                  TEXT PRIMARY KEY,
+  run_id              TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
+  keyword_id          TEXT NOT NULL REFERENCES keywords(id) ON DELETE CASCADE,
+  provider            TEXT NOT NULL DEFAULT 'gemini',
+  citation_state      TEXT NOT NULL,
+  answer_text         TEXT,
+  cited_domains       TEXT NOT NULL DEFAULT '[]',
+  competitor_overlap  TEXT NOT NULL DEFAULT '[]',
+  raw_response        TEXT,
+  created_at          TEXT NOT NULL
+);
+CREATE TABLE IF NOT EXISTS audit_log (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT REFERENCES projects(id) ON DELETE CASCADE,
+  actor       TEXT NOT NULL,
+  action      TEXT NOT NULL,
+  entity_type TEXT NOT NULL,
+  entity_id   TEXT,
+  diff        TEXT,
+  created_at  TEXT NOT NULL
+);
+CREATE TABLE IF NOT EXISTS api_keys (
+  id          TEXT PRIMARY KEY,
+  name        TEXT NOT NULL,
+  key_hash    TEXT NOT NULL UNIQUE,
+  key_prefix  TEXT NOT NULL,
+  scopes      TEXT NOT NULL DEFAULT '["*"]',
+  created_at  TEXT NOT NULL,
+  last_used_at TEXT,
+  revoked_at  TEXT
+);
-// ../contracts/src/project.ts
-import { z as z5 } from "zod";
-var configSourceSchema = z5.enum(["cli", "api", "config-file"]);
-var projectDtoSchema = z5.object({
-  id: z5.string(),
-  name: z5.string(),
-  displayName: z5.string().optional(),
-  canonicalDomain: z5.string(),
-  ownedDomains: z5.array(z5.string()).default([]),
-  country: z5.string().length(2),
-  language: z5.string().min(2),
-  tags: z5.array(z5.string()).default([]),
-  labels: z5.record(z5.string(), z5.string()).default({}),
-  locations: z5.array(locationContextSchema).default([]),
-  defaultLocation: z5.string().nullable().optional(),
-  configSource: configSourceSchema.default("cli"),
-  configRevision: z5.number().int().positive().default(1),
-  createdAt: z5.string().optional(),
-  updatedAt: z5.string().optional()
-});
-function normalizeProjectDomain(input) {
-  let domain = input.trim().toLowerCase();
-  try {
-    if (domain.includes("://")) {
-      domain = new URL(domain).hostname.toLowerCase();
-    }
-  } catch {
-  }
-  return domain.replace(/^www\./, "");
-}
-function effectiveDomains(project) {
-  const all = [project.canonicalDomain, ...project.ownedDomains ?? []];
-  const seen = /* @__PURE__ */ new Set();
-  const result = [];
-  for (const d of all) {
-    const trimmed = d.trim();
-    if (!trimmed) continue;
-    const norm = normalizeProjectDomain(trimmed);
-    if (seen.has(norm)) continue;
-    seen.add(norm);
-    result.push(trimmed);
-  }
-  return result;
-}
+CREATE TABLE IF NOT EXISTS usage_counters (
+  id          TEXT PRIMARY KEY,
+  scope       TEXT NOT NULL,
+  period      TEXT NOT NULL,
+  metric      TEXT NOT NULL,
+  count       INTEGER NOT NULL DEFAULT 0,
+  updated_at  TEXT NOT NULL,
+  UNIQUE(scope, period, metric)
+);
-// ../contracts/src/run.ts
-import { z as z6 } from "zod";
-var runStatusSchema = z6.enum(["queued", "running", "completed", "partial", "failed"]);
-var runKindSchema = z6.enum(["answer-visibility", "site-audit", "gsc-sync", "inspect-sitemap"]);
-var runTriggerSchema = z6.enum(["manual", "scheduled", "config-apply"]);
-var citationStateSchema = z6.enum(["cited", "not-cited"]);
-var computedTransitionSchema = z6.enum(["new", "cited", "lost", "emerging", "not-cited"]);
-var runDtoSchema = z6.object({
-  id: z6.string(),
-  projectId: z6.string(),
-  kind: runKindSchema,
-  status: runStatusSchema,
-  trigger: runTriggerSchema.default("manual"),
-  location: z6.string().nullable().optional(),
-  startedAt: z6.string().nullable().optional(),
-  finishedAt: z6.string().nullable().optional(),
-  error: z6.string().nullable().optional(),
-  createdAt: z6.string()
-});
-var groundingSourceSchema = z6.object({
-  uri: z6.string(),
-  title: z6.string()
-});
-var querySnapshotDtoSchema = z6.object({
-  id: z6.string(),
-  runId: z6.string(),
-  keywordId: z6.string(),
-  keyword: z6.string().optional(),
-  provider: providerNameSchema,
-  citationState: citationStateSchema,
-  transition: computedTransitionSchema.optional(),
-  answerText: z6.string().nullable().optional(),
-  citedDomains: z6.array(z6.string()).default([]),
-  competitorOverlap: z6.array(z6.string()).default([]),
-  groundingSources: z6.array(groundingSourceSchema).default([]),
-  searchQueries: z6.array(z6.string()).default([]),
-  model: z6.string().nullable().optional(),
-  location: z6.string().nullable().optional(),
-  createdAt: z6.string()
-});
-var auditLogEntrySchema = z6.object({
-  id: z6.string(),
-  projectId: z6.string().nullable().optional(),
-  actor: z6.string(),
-  action: z6.string(),
-  entityType: z6.string(),
-  entityId: z6.string().nullable().optional(),
-  diff: z6.unknown().optional(),
-  createdAt: z6.string()
-});
+CREATE INDEX IF NOT EXISTS idx_keywords_project ON keywords(project_id);
+CREATE INDEX IF NOT EXISTS idx_competitors_project ON competitors(project_id);
+CREATE INDEX IF NOT EXISTS idx_runs_project ON runs(project_id);
+CREATE INDEX IF NOT EXISTS idx_runs_status ON runs(status);
+CREATE INDEX IF NOT EXISTS idx_snapshots_run ON query_snapshots(run_id);
+CREATE INDEX IF NOT EXISTS idx_snapshots_keyword ON query_snapshots(keyword_id);
+CREATE INDEX IF NOT EXISTS idx_audit_log_project ON audit_log(project_id);
+CREATE INDEX IF NOT EXISTS idx_audit_log_created ON audit_log(created_at);
+CREATE TABLE IF NOT EXISTS schedules (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  cron_expr   TEXT NOT NULL,
+  preset      TEXT,
+  timezone    TEXT NOT NULL DEFAULT 'UTC',
+  enabled     INTEGER NOT NULL DEFAULT 1,
+  providers   TEXT NOT NULL DEFAULT '[]',
+  last_run_at TEXT,
+  next_run_at TEXT,
+  created_at  TEXT NOT NULL,
+  updated_at  TEXT NOT NULL,
+  UNIQUE(project_id)
+);
-// ../contracts/src/schedule.ts
-import { z as z7 } from "zod";
-var scheduleDtoSchema = z7.object({
-  id: z7.string(),
-  projectId: z7.string(),
-  cronExpr: z7.string(),
-  preset: z7.string().nullable().optional(),
-  timezone: z7.string().default("UTC"),
-  enabled: z7.boolean().default(true),
-  providers: z7.array(providerNameSchema).default([]),
-  lastRunAt: z7.string().nullable().optional(),
-  nextRunAt: z7.string().nullable().optional(),
-  createdAt: z7.string(),
-  updatedAt: z7.string()
-});
+CREATE TABLE IF NOT EXISTS notifications (
+  id          TEXT PRIMARY KEY,
+  project_id  TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+  channel     TEXT NOT NULL,
+  config      TEXT NOT NULL,
+  enabled     INTEGER NOT NULL DEFAULT 1,
+  created_at  TEXT NOT NULL,
+  updated_at  TEXT NOT NULL
+);
-// ../contracts/src/source-categories.ts
-var SOURCE_CATEGORY_RULES = [
-  // Forums
-  { pattern: "reddit.com", category: "forum", label: "Reddit" },
-  { pattern: "quora.com", category: "forum", label: "Quora" },
-  { pattern: "stackexchange.com", category: "forum", label: "Stack Exchange" },
-  { pattern: "stackoverflow.com", category: "forum", label: "Stack Overflow" },
-  { pattern: "discourse.org", category: "forum", label: "Discourse" },
-  // Social
-  { pattern: "linkedin.com", category: "social", label: "LinkedIn" },
-  { pattern: "twitter.com", category: "social", label: "X (Twitter)" },
-  { pattern: "x.com", category: "social", label: "X (Twitter)" },
-  { pattern: "facebook.com", category: "social", label: "Facebook" },
-  { pattern: "instagram.com", category: "social", label: "Instagram" },
-  { pattern: "threads.net", category: "social", label: "Threads" },
-  { pattern: "pinterest.com", category: "social", label: "Pinterest" },
-  { pattern: "tiktok.com", category: "social", label: "TikTok" },
-  // Video
-  { pattern: "youtube.com", category: "video", label: "YouTube" },
-  { pattern: "youtu.be", category: "video", label: "YouTube" },
-  { pattern: "vimeo.com", category: "video", label: "Vimeo" },
-  // News
-  { pattern: "nytimes.com", category: "news", label: "NY Times" },
-  { pattern: "bbc.com", category: "news", label: "BBC" },
-  { pattern: "bbc.co.uk", category: "news", label: "BBC" },
-  { pattern: "cnn.com", category: "news", label: "CNN" },
-  { pattern: "reuters.com", category: "news", label: "Reuters" },
-  { pattern: "apnews.com", category: "news", label: "AP News" },
-  { pattern: "theguardian.com", category: "news", label: "The Guardian" },
-  { pattern: "washingtonpost.com", category: "news", label: "Washington Post" },
-  { pattern: "wsj.com", category: "news", label: "WSJ" },
-  { pattern: "forbes.com", category: "news", label: "Forbes" },
-  { pattern: "techcrunch.com", category: "news", label: "TechCrunch" },
-  { pattern: "theverge.com", category: "news", label: "The Verge" },
-  { pattern: "wired.com", category: "news", label: "Wired" },
-  { pattern: "arstechnica.com", category: "news", label: "Ars Technica" },
-  // Reference
-  { pattern: "wikipedia.org", category: "reference", label: "Wikipedia" },
-  { pattern: "wikimedia.org", category: "reference", label: "Wikimedia" },
-  { pattern: "britannica.com", category: "reference", label: "Britannica" },
-  { pattern: "merriam-webster.com", category: "reference", label: "Merriam-Webster" },
-  // Blog / Content platforms
-  { pattern: "medium.com", category: "blog", label: "Medium" },
-  { pattern: "substack.com", category: "blog", label: "Substack" },
-  { pattern: "dev.to", category: "blog", label: "DEV Community" },
-  { pattern: "hashnode.dev", category: "blog", label: "Hashnode" },
-  { pattern: "wordpress.com", category: "blog", label: "WordPress" },
-  { pattern: "blogger.com", category: "blog", label: "Blogger" },
-  { pattern: "hubspot.com", category: "blog", label: "HubSpot" },
-  // E-commerce
-  { pattern: "amazon.com", category: "ecommerce", label: "Amazon" },
-  { pattern: "amazon.co.uk", category: "ecommerce", label: "Amazon UK" },
-  { pattern: "shopify.com", category: "ecommerce", label: "Shopify" },
-  { pattern: "ebay.com", category: "ecommerce", label: "eBay" },
-  // Academic
-  { pattern: "scholar.google.com", category: "academic", label: "Google Scholar" },
-  { pattern: "arxiv.org", category: "academic", label: "arXiv" },
-  { pattern: "pubmed.ncbi.nlm.nih.gov", category: "academic", label: "PubMed" },
-  { pattern: "researchgate.net", category: "academic", label: "ResearchGate" },
-  { pattern: ".edu", category: "academic", label: "Academic (.edu)" }
-];
-var CATEGORY_LABELS = {
-  social: "Social Media",
-  forum: "Forums & Q&A",
-  news: "News & Media",
-  reference: "Reference",
-  blog: "Blogs & Content",
-  ecommerce: "E-commerce",
-  video: "Video",
-  academic: "Academic",
-  other: "Other"
-};
-function categorizeSource(uri) {
-  let domain;
-  try {
-    const url = new URL(uri.startsWith("http") ? uri : `https://${uri}`);
-    domain = url.hostname.replace(/^www\./, "");
-  } catch {
-    domain = uri.replace(/^https?:\/\//, "").replace(/^www\./, "").split("/")[0] ?? uri;
+CREATE INDEX IF NOT EXISTS idx_api_keys_prefix ON api_keys(key_prefix);
+CREATE INDEX IF NOT EXISTS idx_usage_scope_period ON usage_counters(scope, period);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_schedules_project ON schedules(project_id);
+CREATE INDEX IF NOT EXISTS idx_notifications_project ON notifications(project_id);
+`;
+var MIGRATIONS = [
+  // v2: Add providers column to projects for multi-provider support
+  `ALTER TABLE projects ADD COLUMN providers TEXT NOT NULL DEFAULT '[]'`,
+  // v3: Add webhook_secret column to notifications for HMAC signing
+  `ALTER TABLE notifications ADD COLUMN webhook_secret TEXT`,
+  // v4: Add owned_domains column to projects for multi-domain citation matching
+  `ALTER TABLE projects ADD COLUMN owned_domains TEXT NOT NULL DEFAULT '[]'`,
+  // v5: Add model column to query_snapshots for per-model scoring
+  `ALTER TABLE query_snapshots ADD COLUMN model TEXT`,
+  // v5b: Backfill model from rawResponse JSON for existing snapshots
+  `UPDATE query_snapshots SET model = json_extract(raw_response, '$.model') WHERE model IS NULL AND raw_response IS NOT NULL AND json_extract(raw_response, '$.model') IS NOT NULL`,
+  // v6: Google Search Console integration — google_connections table (domain-scoped)
+  `CREATE TABLE IF NOT EXISTS google_connections (
+    id              TEXT PRIMARY KEY,
+    domain          TEXT NOT NULL,
+    connection_type TEXT NOT NULL,
+    property_id     TEXT,
+    access_token    TEXT,
+    refresh_token   TEXT,
+    token_expires_at TEXT,
+    scopes          TEXT NOT NULL DEFAULT '[]',
+    created_at      TEXT NOT NULL,
+    updated_at      TEXT NOT NULL
+  )`,
+  `CREATE UNIQUE INDEX IF NOT EXISTS idx_google_conn_domain_type ON google_connections(domain, connection_type)`,
+  // v6: Google Search Console integration — gsc_search_data table
+  `CREATE TABLE IF NOT EXISTS gsc_search_data (
+    id            TEXT PRIMARY KEY,
+    project_id    TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    sync_run_id   TEXT NOT NULL REFERENCES runs(id) ON DELETE CASCADE,
+    date          TEXT NOT NULL,
+    query         TEXT NOT NULL,
+    page          TEXT NOT NULL,
+    country       TEXT,
+    device        TEXT,
+    clicks        INTEGER NOT NULL DEFAULT 0,
+    impressions   INTEGER NOT NULL DEFAULT 0,
+    ctr           TEXT NOT NULL DEFAULT '0',
+    position      TEXT NOT NULL DEFAULT '0',
+    created_at    TEXT NOT NULL
+  )`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_search_project_date ON gsc_search_data(project_id, date)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_search_query ON gsc_search_data(query)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_search_run ON gsc_search_data(sync_run_id)`,
+  // v6: Google Search Console integration — gsc_url_inspections table
+  `CREATE TABLE IF NOT EXISTS gsc_url_inspections (
+    id                TEXT PRIMARY KEY,
+    project_id        TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    sync_run_id       TEXT REFERENCES runs(id) ON DELETE CASCADE,
+    url               TEXT NOT NULL,
+    indexing_state    TEXT,
+    verdict           TEXT,
+    coverage_state    TEXT,
+    page_fetch_state  TEXT,
+    robots_txt_state  TEXT,
+    crawl_time        TEXT,
+    last_crawl_result TEXT,
+    is_mobile_friendly INTEGER,
+    rich_results      TEXT NOT NULL DEFAULT '[]',
+    referring_urls    TEXT NOT NULL DEFAULT '[]',
+    inspected_at      TEXT NOT NULL,
+    created_at        TEXT NOT NULL
+  )`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_project_url ON gsc_url_inspections(project_id, url)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_run ON gsc_url_inspections(sync_run_id)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_inspect_url_time ON gsc_url_inspections(url, inspected_at)`,
+  // v7: GSC coverage snapshots for historical tracking
+  `CREATE TABLE IF NOT EXISTS gsc_coverage_snapshots (
+    id              TEXT PRIMARY KEY,
+    project_id      TEXT NOT NULL REFERENCES projects(id) ON DELETE CASCADE,
+    sync_run_id     TEXT REFERENCES runs(id) ON DELETE CASCADE,
+    date            TEXT NOT NULL,
+    indexed         INTEGER NOT NULL DEFAULT 0,
+    not_indexed     INTEGER NOT NULL DEFAULT 0,
+    reason_breakdown TEXT NOT NULL DEFAULT '{}',
+    created_at      TEXT NOT NULL
+  )`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_project_date ON gsc_coverage_snapshots(project_id, date)`,
+  `CREATE INDEX IF NOT EXISTS idx_gsc_coverage_snap_run ON gsc_coverage_snapshots(sync_run_id)`,
+  // v8: Location-aware sweeps — project locations + snapshot location tag
+  `ALTER TABLE projects ADD COLUMN locations TEXT NOT NULL DEFAULT '[]'`,
+  `ALTER TABLE projects ADD COLUMN default_location TEXT`,
+  `ALTER TABLE query_snapshots ADD COLUMN location TEXT`,
+  // v9: Add location column to runs for per-location run tracking
+  `ALTER TABLE runs ADD COLUMN location TEXT`,
+  // v10: Add sitemapUrl to google_connections for persistent sitemap storage
+  `ALTER TABLE google_connections ADD COLUMN sitemap_url TEXT`,
+  // v11: CDP browser provider — screenshot path for captured evidence
+  `ALTER TABLE query_snapshots ADD COLUMN screenshot_path TEXT`
+];
+function migrate(db) {
+  const statements = MIGRATION_SQL.split(";").map((s) => s.trim()).filter((s) => s.length > 0);
+  for (const statement of statements) {
+    db.run(sql.raw(statement));
   }
-  const domainLower = domain.toLowerCase();
-  for (const rule of SOURCE_CATEGORY_RULES) {
-    if (domainLower === rule.pattern || domainLower.endsWith(`.${rule.pattern}`) || rule.pattern.startsWith(".") && domainLower.endsWith(rule.pattern)) {
-      return { category: rule.category, label: rule.label, domain };
+  for (const migration of MIGRATIONS) {
+    try {
+      db.run(sql.raw(migration));
+    } catch {
     }
   }
-  return { category: "other", label: CATEGORY_LABELS.other, domain };
-}
-function categoryLabel(category) {
-  return CATEGORY_LABELS[category];
 }
 // ../api-routes/src/auth.ts
@@ -3644,7 +3727,8 @@ function buildOperationId(method, path7) {
 async function settingsRoutes(app, opts) {
   app.get("/settings", async () => ({
     providers: opts.providerSummary ?? [],
-    google: opts.google ?? { configured: false }
+    google: opts.google ?? { configured: false },
+    bing: opts.bing ?? { configured: false }
   }));
   app.put("/settings/providers/:name", async (request, reply) => {
     const providerName = parseProviderName(request.params.name);
@@ -3708,6 +3792,22 @@ async function settingsRoutes(app, opts) {
     }
     return result;
   });
+  app.put("/settings/bing", async (request, reply) => {
+    const { apiKey } = request.body ?? {};
+    if (!apiKey || typeof apiKey !== "string") {
+      return reply.status(400).send({
+        error: { code: "VALIDATION_ERROR", message: "apiKey is required" }
+      });
+    }
+    if (!opts.onBingUpdate) {
+      return reply.status(501).send({ error: "Bing configuration updates are not supported in this deployment" });
+    }
+    const result = opts.onBingUpdate(apiKey);
+    if (!result) {
+      return reply.status(500).send({ error: "Failed to update Bing configuration" });
+    }
+    return result;
+  });
 }
 // ../api-routes/src/telemetry.ts
@@ -4750,89 +4850,480 @@ async function googleRoutes(app, opts) {
     const run = app.db.select().from(runs).where(eq13(runs.id, runId)).get();
     return { sitemaps, primarySitemapUrl: sitemapUrl, run };
   });
-  app.post("/projects/:name/google/gsc/inspect-sitemap", async (request, reply) => {
+  app.post("/projects/:name/google/gsc/inspect-sitemap", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const conn = store.getConnection(project.canonicalDomain, "gsc");
+    if (!conn) {
+      const err = validationError('No GSC connection found for this domain. Run "canonry google connect" first.');
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    if (!conn.propertyId) {
+      const err = validationError("No GSC property configured for this connection");
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const runId = crypto13.randomUUID();
+    app.db.insert(runs).values({
+      id: runId,
+      projectId: project.id,
+      kind: "inspect-sitemap",
+      status: "queued",
+      trigger: "manual",
+      createdAt: now
+    }).run();
+    const { sitemapUrl } = request.body ?? {};
+    if (opts.onInspectSitemapRequested) {
+      opts.onInspectSitemapRequested(runId, project.id, { sitemapUrl: sitemapUrl ?? void 0 });
+    }
+    const run = app.db.select().from(runs).where(eq13(runs.id, runId)).get();
+    return run;
+  });
+  app.put("/projects/:name/google/connections/:type/sitemap", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const { sitemapUrl } = request.body ?? {};
+    if (!sitemapUrl || !sitemapUrl.trim()) {
+      const err = validationError("sitemapUrl is required");
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const conn = store.updateConnection(
+      project.canonicalDomain,
+      request.params.type,
+      { sitemapUrl: sitemapUrl.trim(), updatedAt: (/* @__PURE__ */ new Date()).toISOString() }
+    );
+    if (!conn) {
+      const err = notFound("Google connection", request.params.type);
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    return { sitemapUrl: sitemapUrl.trim() };
+  });
+  app.put("/projects/:name/google/connections/:type/property", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const { propertyId } = request.body ?? {};
+    if (!propertyId) {
+      const err = validationError("propertyId is required");
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const conn = store.updateConnection(
+      project.canonicalDomain,
+      request.params.type,
+      { propertyId, updatedAt: (/* @__PURE__ */ new Date()).toISOString() }
+    );
+    if (!conn) {
+      const err = notFound("Google connection", request.params.type);
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    return { propertyId };
+  });
+  app.post("/projects/:name/google/indexing/request", async (request, reply) => {
+    const { clientId: googleClientId, clientSecret: googleClientSecret } = getAuthConfig();
+    if (!googleClientId || !googleClientSecret) {
+      const err = validationError("Google OAuth is not configured");
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const { accessToken } = await getValidToken(store, project.canonicalDomain, "gsc", googleClientId, googleClientSecret);
+    let urlsToNotify = request.body?.urls ?? [];
+    if (request.body?.allUnindexed) {
+      const allInspections = app.db.select().from(gscUrlInspections).where(eq13(gscUrlInspections.projectId, project.id)).orderBy(desc3(gscUrlInspections.inspectedAt)).all();
+      const latestByUrl = /* @__PURE__ */ new Map();
+      for (const row of allInspections) {
+        if (!latestByUrl.has(row.url)) {
+          latestByUrl.set(row.url, row);
+        }
+      }
+      const unindexedUrls = [];
+      for (const [url, row] of latestByUrl) {
+        if (row.indexingState !== "INDEXING_ALLOWED") {
+          unindexedUrls.push(url);
+        }
+      }
+      if (unindexedUrls.length === 0) {
+        const err = validationError('No unindexed URLs found. Run "canonry google inspect-sitemap" first.');
+        return reply.status(err.statusCode).send(err.toJSON());
+      }
+      urlsToNotify = unindexedUrls;
+    }
+    if (urlsToNotify.length === 0) {
+      const err = validationError("At least one URL is required (or use allUnindexed: true)");
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    if (urlsToNotify.length > INDEXING_API_DAILY_LIMIT) {
+      const err = validationError(`Cannot request indexing for more than ${INDEXING_API_DAILY_LIMIT} URLs per request (got ${urlsToNotify.length})`);
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const projectDomain = normalizeProjectDomain(project.canonicalDomain);
+    const invalidUrls = urlsToNotify.filter((url) => {
+      try {
+        const hostname = new URL(url).hostname.toLowerCase().replace(/^www\./, "");
+        return hostname !== projectDomain;
+      } catch {
+        return true;
+      }
+    });
+    if (invalidUrls.length > 0) {
+      const err = validationError(
+        `URLs must belong to project domain "${project.canonicalDomain}". Invalid: ${invalidUrls.slice(0, 5).join(", ")}`
+      );
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const results = [];
+    for (const url of urlsToNotify) {
+      try {
+        const response = await publishUrlNotification(accessToken, url, "URL_UPDATED");
+        const notifyTime = response.urlNotificationMetadata?.latestUpdate?.notifyTime ?? (/* @__PURE__ */ new Date()).toISOString();
+        results.push({
+          url,
+          type: "URL_UPDATED",
+          notifiedAt: notifyTime,
+          status: "success"
+        });
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        results.push({
+          url,
+          type: "URL_UPDATED",
+          notifiedAt: (/* @__PURE__ */ new Date()).toISOString(),
+          status: "error",
+          error: msg
+        });
+      }
+    }
+    const succeeded = results.filter((r) => r.status === "success").length;
+    const failed = results.filter((r) => r.status === "error").length;
+    return {
+      summary: { total: results.length, succeeded, failed },
+      results
+    };
+  });
+}
+// ../api-routes/src/bing.ts
+import crypto14 from "crypto";
+import { eq as eq14, and as and4, desc as desc4 } from "drizzle-orm";
+// ../integration-bing/src/constants.ts
+var BING_WMT_API_BASE = "https://ssl.bing.com/webmaster/api.svc/json";
+var BING_SUBMIT_URL_BATCH_LIMIT = 500;
+var BING_SUBMIT_URL_DAILY_LIMIT = 1e4;
+// ../integration-bing/src/types.ts
+var BingApiError = class extends Error {
+  status;
+  constructor(message, status) {
+    super(message);
+    this.name = "BingApiError";
+    this.status = status;
+  }
+};
+// ../integration-bing/src/bing-client.ts
+async function bingFetch(apiKey, endpoint, opts) {
+  const method = opts?.method ?? "GET";
+  const separator = endpoint.includes("?") ? "&" : "?";
+  const url = `${BING_WMT_API_BASE}/${endpoint}${separator}apikey=${encodeURIComponent(apiKey)}`;
+  const headers = {
+    "Content-Type": "application/json; charset=utf-8"
+  };
+  const res = await fetch(url, {
+    method,
+    headers,
+    body: opts?.body != null ? JSON.stringify(opts.body) : void 0
+  });
+  if (res.status === 401 || res.status === 403) {
+    throw new BingApiError("Bing API key is invalid or unauthorized", res.status);
+  }
+  if (res.status === 429) {
+    throw new BingApiError("Bing API rate limit exceeded", 429);
+  }
+  if (!res.ok) {
+    const body = await res.text();
+    throw new BingApiError(`Bing API error (${res.status}): ${body}`, res.status);
+  }
+  const text2 = await res.text();
+  if (!text2 || text2.trim() === "") {
+    return void 0;
+  }
+  try {
+    const parsed = JSON.parse(text2);
+    if (parsed && typeof parsed === "object" && "d" in parsed) {
+      return parsed.d;
+    }
+    return parsed;
+  } catch {
+    throw new BingApiError("Bing API returned invalid JSON", 502);
+  }
+}
+async function getSites(apiKey) {
+  const data = await bingFetch(apiKey, "GetUserSites");
+  return data ?? [];
+}
+async function getUrlInfo(apiKey, siteUrl, url) {
+  const encodedSite = encodeURIComponent(siteUrl);
+  const encodedUrl = encodeURIComponent(url);
+  return bingFetch(apiKey, `GetUrlInfo?siteUrl=${encodedSite}&url=${encodedUrl}`);
+}
+async function submitUrl(apiKey, siteUrl, url) {
+  await bingFetch(apiKey, "SubmitUrl", {
+    method: "POST",
+    body: { siteUrl, url }
+  });
+}
+async function submitUrlBatch(apiKey, siteUrl, urls) {
+  for (let i = 0; i < urls.length; i += BING_SUBMIT_URL_BATCH_LIMIT) {
+    const batch = urls.slice(i, i + BING_SUBMIT_URL_BATCH_LIMIT);
+    await bingFetch(apiKey, "SubmitUrlbatch", {
+      method: "POST",
+      body: { siteUrl, urlList: batch }
+    });
+  }
+}
+async function getKeywordStats(apiKey, siteUrl) {
+  const encodedSite = encodeURIComponent(siteUrl);
+  const data = await bingFetch(apiKey, `GetQueryStats?siteUrl=${encodedSite}`);
+  return data ?? [];
+}
+// ../api-routes/src/bing.ts
+async function bingRoutes(app, opts) {
+  function requireConnectionStore(reply) {
+    if (opts.bingConnectionStore) return opts.bingConnectionStore;
+    const err = validationError("Bing connection storage is not configured for this deployment");
+    reply.status(err.statusCode).send(err.toJSON());
+    return null;
+  }
+  function requireConnection(store, domain, reply) {
+    const conn = store.getConnection(domain);
+    if (!conn) {
+      const err = validationError('No Bing connection found for this domain. Run "canonry bing connect <project>" first.');
+      reply.status(err.statusCode).send(err.toJSON());
+      return null;
+    }
+    return conn;
+  }
+  app.post("/projects/:name/bing/connect", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const { apiKey } = request.body ?? {};
+    if (!apiKey || typeof apiKey !== "string") {
+      const err = validationError("apiKey is required");
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const project = resolveProject(app.db, request.params.name);
+    let sites;
+    try {
+      sites = await getSites(apiKey);
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      const err = validationError(`Failed to verify Bing API key: ${msg}`);
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const existing = store.getConnection(project.canonicalDomain);
+    store.upsertConnection({
+      domain: project.canonicalDomain,
+      apiKey,
+      siteUrl: existing?.siteUrl ?? null,
+      createdAt: existing?.createdAt ?? now,
+      updatedAt: now
+    });
+    writeAuditLog(app.db, {
+      projectId: project.id,
+      actor: "api",
+      action: "bing.connected",
+      entityType: "bing_connection",
+      entityId: project.canonicalDomain
+    });
+    return {
+      connected: true,
+      domain: project.canonicalDomain,
+      siteUrl: existing?.siteUrl ?? null,
+      availableSites: sites.map((s) => ({ url: s.Url, verified: s.Verified ?? false }))
+    };
+  });
+  app.delete("/projects/:name/bing/disconnect", async (request, reply) => {
     const store = requireConnectionStore(reply);
     if (!store) return;
     const project = resolveProject(app.db, request.params.name);
-    const conn = store.getConnection(project.canonicalDomain, "gsc");
-    if (!conn) {
-      const err = validationError('No GSC connection found for this domain. Run "canonry google connect" first.');
-      return reply.status(err.statusCode).send(err.toJSON());
-    }
-    if (!conn.propertyId) {
-      const err = validationError("No GSC property configured for this connection");
+    const deleted = store.deleteConnection(project.canonicalDomain);
+    if (!deleted) {
+      const err = notFound("Bing connection", project.canonicalDomain);
       return reply.status(err.statusCode).send(err.toJSON());
     }
-    const now = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto13.randomUUID();
-    app.db.insert(runs).values({
-      id: runId,
+    writeAuditLog(app.db, {
       projectId: project.id,
-      kind: "inspect-sitemap",
-      status: "queued",
-      trigger: "manual",
-      createdAt: now
-    }).run();
-    const { sitemapUrl } = request.body ?? {};
-    if (opts.onInspectSitemapRequested) {
-      opts.onInspectSitemapRequested(runId, project.id, { sitemapUrl: sitemapUrl ?? void 0 });
-    }
-    const run = app.db.select().from(runs).where(eq13(runs.id, runId)).get();
-    return run;
+      actor: "api",
+      action: "bing.disconnected",
+      entityType: "bing_connection",
+      entityId: project.canonicalDomain
+    });
+    return reply.status(204).send();
   });
-  app.put("/projects/:name/google/connections/:type/sitemap", async (request, reply) => {
+  app.get("/projects/:name/bing/status", async (request, reply) => {
     const store = requireConnectionStore(reply);
     if (!store) return;
     const project = resolveProject(app.db, request.params.name);
-    const { sitemapUrl } = request.body ?? {};
-    if (!sitemapUrl || !sitemapUrl.trim()) {
-      const err = validationError("sitemapUrl is required");
+    const conn = store.getConnection(project.canonicalDomain);
+    return {
+      connected: !!conn,
+      domain: project.canonicalDomain,
+      siteUrl: conn?.siteUrl ?? null,
+      createdAt: conn?.createdAt ?? null,
+      updatedAt: conn?.updatedAt ?? null
+    };
+  });
+  app.get("/projects/:name/bing/sites", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const conn = requireConnection(store, project.canonicalDomain, reply);
+    if (!conn) return;
+    const sites = await getSites(conn.apiKey);
+    return { sites: sites.map((s) => ({ url: s.Url, verified: s.Verified ?? false })) };
+  });
+  app.post("/projects/:name/bing/set-site", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const conn = requireConnection(store, project.canonicalDomain, reply);
+    if (!conn) return;
+    const { siteUrl } = request.body ?? {};
+    if (!siteUrl || typeof siteUrl !== "string") {
+      const err = validationError("siteUrl is required");
       return reply.status(err.statusCode).send(err.toJSON());
     }
-    const conn = store.updateConnection(
-      project.canonicalDomain,
-      request.params.type,
-      { sitemapUrl: sitemapUrl.trim(), updatedAt: (/* @__PURE__ */ new Date()).toISOString() }
-    );
-    if (!conn) {
-      const err = notFound("Google connection", request.params.type);
-      return reply.status(err.statusCode).send(err.toJSON());
+    store.updateConnection(project.canonicalDomain, {
+      siteUrl,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    return { siteUrl };
+  });
+  app.get("/projects/:name/bing/coverage", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const conn = requireConnection(store, project.canonicalDomain, reply);
+    if (!conn) return;
+    const allInspections = app.db.select().from(bingUrlInspections).where(eq14(bingUrlInspections.projectId, project.id)).orderBy(desc4(bingUrlInspections.inspectedAt)).all();
+    const latestByUrl = /* @__PURE__ */ new Map();
+    for (const row of allInspections) {
+      if (!latestByUrl.has(row.url)) {
+        latestByUrl.set(row.url, row);
+      }
     }
-    return { sitemapUrl: sitemapUrl.trim() };
+    const indexedUrls = [];
+    const notIndexedUrls = [];
+    let lastInspectedAt = null;
+    for (const [, row] of latestByUrl) {
+      if (row.inIndex === 1) {
+        indexedUrls.push(row);
+      } else {
+        notIndexedUrls.push(row);
+      }
+      if (!lastInspectedAt || row.inspectedAt > lastInspectedAt) {
+        lastInspectedAt = row.inspectedAt;
+      }
+    }
+    const total = latestByUrl.size;
+    const indexed = indexedUrls.length;
+    const notIndexed = notIndexedUrls.length;
+    const formatRow = (r) => ({
+      id: r.id,
+      url: r.url,
+      httpCode: r.httpCode,
+      inIndex: r.inIndex === 1 ? true : r.inIndex === 0 ? false : null,
+      lastCrawledDate: r.lastCrawledDate,
+      inIndexDate: r.inIndexDate,
+      inspectedAt: r.inspectedAt
+    });
+    return {
+      summary: {
+        total,
+        indexed,
+        notIndexed,
+        percentage: total > 0 ? Math.round(indexed / total * 1e3) / 10 : 0
+      },
+      lastInspectedAt,
+      indexed: indexedUrls.map(formatRow),
+      notIndexed: notIndexedUrls.map(formatRow)
+    };
   });
-  app.put("/projects/:name/google/connections/:type/property", async (request, reply) => {
+  app.get("/projects/:name/bing/inspections", async (request, reply) => {
     const store = requireConnectionStore(reply);
     if (!store) return;
     const project = resolveProject(app.db, request.params.name);
-    const { propertyId } = request.body ?? {};
-    if (!propertyId) {
-      const err = validationError("propertyId is required");
+    const { url, limit } = request.query;
+    const whereClause = url ? and4(eq14(bingUrlInspections.projectId, project.id), eq14(bingUrlInspections.url, url)) : eq14(bingUrlInspections.projectId, project.id);
+    const filtered = app.db.select().from(bingUrlInspections).where(whereClause).orderBy(desc4(bingUrlInspections.inspectedAt)).limit(Math.max(1, Math.min(parseInt(limit ?? "100", 10) || 100, 1e3))).all();
+    return filtered.map((r) => ({
+      id: r.id,
+      url: r.url,
+      httpCode: r.httpCode,
+      inIndex: r.inIndex === 1 ? true : r.inIndex === 0 ? false : null,
+      lastCrawledDate: r.lastCrawledDate,
+      inIndexDate: r.inIndexDate,
+      inspectedAt: r.inspectedAt
+    }));
+  });
+  app.post("/projects/:name/bing/inspect-url", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const conn = requireConnection(store, project.canonicalDomain, reply);
+    if (!conn) return;
+    if (!conn.siteUrl) {
+      const err = validationError('No Bing site configured. Run "canonry bing set-site <project> <url>" first.');
       return reply.status(err.statusCode).send(err.toJSON());
     }
-    const conn = store.updateConnection(
-      project.canonicalDomain,
-      request.params.type,
-      { propertyId, updatedAt: (/* @__PURE__ */ new Date()).toISOString() }
-    );
-    if (!conn) {
-      const err = notFound("Google connection", request.params.type);
+    const { url } = request.body ?? {};
+    if (!url) {
+      const err = validationError("url is required");
       return reply.status(err.statusCode).send(err.toJSON());
     }
-    return { propertyId };
+    const result = await getUrlInfo(conn.apiKey, conn.siteUrl, url);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const id = crypto14.randomUUID();
+    app.db.insert(bingUrlInspections).values({
+      id,
+      projectId: project.id,
+      url,
+      httpCode: result.HttpCode ?? null,
+      inIndex: result.InIndex === true ? 1 : result.InIndex === false ? 0 : null,
+      lastCrawledDate: result.LastCrawledDate ?? null,
+      inIndexDate: result.InIndexDate ?? null,
+      inspectedAt: now,
+      createdAt: now
+    }).run();
+    return {
+      id,
+      url,
+      httpCode: result.HttpCode ?? null,
+      inIndex: result.InIndex ?? null,
+      lastCrawledDate: result.LastCrawledDate ?? null,
+      inIndexDate: result.InIndexDate ?? null,
+      inspectedAt: now
+    };
   });
-  app.post("/projects/:name/google/indexing/request", async (request, reply) => {
-    const { clientId: googleClientId, clientSecret: googleClientSecret } = getAuthConfig();
-    if (!googleClientId || !googleClientSecret) {
-      const err = validationError("Google OAuth is not configured");
-      return reply.status(err.statusCode).send(err.toJSON());
-    }
+  app.post("/projects/:name/bing/request-indexing", async (request, reply) => {
     const store = requireConnectionStore(reply);
     if (!store) return;
     const project = resolveProject(app.db, request.params.name);
-    const { accessToken } = await getValidToken(store, project.canonicalDomain, "gsc", googleClientId, googleClientSecret);
-    let urlsToNotify = request.body?.urls ?? [];
+    const conn = requireConnection(store, project.canonicalDomain, reply);
+    if (!conn) return;
+    if (!conn.siteUrl) {
+      const err = validationError('No Bing site configured. Run "canonry bing set-site <project> <url>" first.');
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    let urlsToSubmit = request.body?.urls ?? [];
     if (request.body?.allUnindexed) {
-      const allInspections = app.db.select().from(gscUrlInspections).where(eq13(gscUrlInspections.projectId, project.id)).orderBy(desc3(gscUrlInspections.inspectedAt)).all();
+      const allInspections = app.db.select().from(bingUrlInspections).where(eq14(bingUrlInspections.projectId, project.id)).orderBy(desc4(bingUrlInspections.inspectedAt)).all();
       const latestByUrl = /* @__PURE__ */ new Map();
       for (const row of allInspections) {
         if (!latestByUrl.has(row.url)) {
@@ -4841,59 +5332,50 @@ async function googleRoutes(app, opts) {
       }
       const unindexedUrls = [];
       for (const [url, row] of latestByUrl) {
-        if (row.indexingState !== "INDEXING_ALLOWED") {
+        if (row.inIndex !== 1) {
           unindexedUrls.push(url);
         }
       }
       if (unindexedUrls.length === 0) {
-        const err = validationError('No unindexed URLs found. Run "canonry google inspect-sitemap" first.');
+        const err = validationError('No unindexed URLs found. Run "canonry bing inspect <project> <url>" first.');
         return reply.status(err.statusCode).send(err.toJSON());
       }
-      urlsToNotify = unindexedUrls;
+      urlsToSubmit = unindexedUrls;
     }
-    if (urlsToNotify.length === 0) {
+    if (urlsToSubmit.length === 0) {
       const err = validationError("At least one URL is required (or use allUnindexed: true)");
       return reply.status(err.statusCode).send(err.toJSON());
     }
-    if (urlsToNotify.length > INDEXING_API_DAILY_LIMIT) {
-      const err = validationError(`Cannot request indexing for more than ${INDEXING_API_DAILY_LIMIT} URLs per request (got ${urlsToNotify.length})`);
-      return reply.status(err.statusCode).send(err.toJSON());
-    }
-    const projectDomain = normalizeProjectDomain(project.canonicalDomain);
-    const invalidUrls = urlsToNotify.filter((url) => {
-      try {
-        const hostname = new URL(url).hostname.toLowerCase().replace(/^www\./, "");
-        return hostname !== projectDomain;
-      } catch {
-        return true;
-      }
-    });
-    if (invalidUrls.length > 0) {
-      const err = validationError(
-        `URLs must belong to project domain "${project.canonicalDomain}". Invalid: ${invalidUrls.slice(0, 5).join(", ")}`
-      );
+    if (urlsToSubmit.length > BING_SUBMIT_URL_DAILY_LIMIT) {
+      const err = validationError(`Cannot submit more than ${BING_SUBMIT_URL_DAILY_LIMIT} URLs per day (got ${urlsToSubmit.length})`);
       return reply.status(err.statusCode).send(err.toJSON());
     }
     const results = [];
-    for (const url of urlsToNotify) {
+    if (urlsToSubmit.length > 1) {
+      for (let i = 0; i < urlsToSubmit.length; i += BING_SUBMIT_URL_BATCH_LIMIT) {
+        const batch = urlsToSubmit.slice(i, i + BING_SUBMIT_URL_BATCH_LIMIT);
+        try {
+          await submitUrlBatch(conn.apiKey, conn.siteUrl, batch);
+          const now = (/* @__PURE__ */ new Date()).toISOString();
+          for (const url of batch) {
+            results.push({ url, status: "success", submittedAt: now });
+          }
+        } catch (e) {
+          const msg = e instanceof Error ? e.message : String(e);
+          const now = (/* @__PURE__ */ new Date()).toISOString();
+          for (const url of batch) {
+            results.push({ url, status: "error", submittedAt: now, error: msg });
+          }
+        }
+      }
+    } else {
+      const url = urlsToSubmit[0];
       try {
-        const response = await publishUrlNotification(accessToken, url, "URL_UPDATED");
-        const notifyTime = response.urlNotificationMetadata?.latestUpdate?.notifyTime ?? (/* @__PURE__ */ new Date()).toISOString();
-        results.push({
-          url,
-          type: "URL_UPDATED",
-          notifiedAt: notifyTime,
-          status: "success"
-        });
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        results.push({
-          url,
-          type: "URL_UPDATED",
-          notifiedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          status: "error",
-          error: msg
-        });
+        await submitUrl(conn.apiKey, conn.siteUrl, url);
+        results.push({ url, status: "success", submittedAt: (/* @__PURE__ */ new Date()).toISOString() });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        results.push({ url, status: "error", submittedAt: (/* @__PURE__ */ new Date()).toISOString(), error: msg });
       }
     }
     const succeeded = results.filter((r) => r.status === "success").length;
@@ -4903,20 +5385,39 @@ async function googleRoutes(app, opts) {
       results
     };
   });
+  app.get("/projects/:name/bing/performance", async (request, reply) => {
+    const store = requireConnectionStore(reply);
+    if (!store) return;
+    const project = resolveProject(app.db, request.params.name);
+    const conn = requireConnection(store, project.canonicalDomain, reply);
+    if (!conn) return;
+    if (!conn.siteUrl) {
+      const err = validationError('No Bing site configured. Run "canonry bing set-site <project> <url>" first.');
+      return reply.status(err.statusCode).send(err.toJSON());
+    }
+    const stats = await getKeywordStats(conn.apiKey, conn.siteUrl);
+    return stats.map((s) => ({
+      query: s.Query,
+      impressions: s.Impressions,
+      clicks: s.Clicks,
+      ctr: s.Ctr,
+      averagePosition: s.AverageClickPosition ?? s.AverageImpressionPosition ?? 0
+    }));
+  });
 }
 // ../api-routes/src/cdp.ts
 import fs2 from "fs";
 import path2 from "path";
 import os2 from "os";
-import { eq as eq14, and as and4 } from "drizzle-orm";
+import { eq as eq15, and as and5 } from "drizzle-orm";
 function getScreenshotDir() {
   return path2.join(os2.homedir(), ".canonry", "screenshots");
 }
 async function cdpRoutes(app, opts) {
   app.get("/screenshots/:snapshotId", async (request, reply) => {
     const { snapshotId } = request.params;
-    const snapshot = app.db.select({ screenshotPath: querySnapshots.screenshotPath }).from(querySnapshots).where(eq14(querySnapshots.id, snapshotId)).get();
+    const snapshot = app.db.select({ screenshotPath: querySnapshots.screenshotPath }).from(querySnapshots).where(eq15(querySnapshots.id, snapshotId)).get();
     if (!snapshot?.screenshotPath) {
       return reply.code(404).send({ error: "Screenshot not found" });
     }
@@ -4972,7 +5473,7 @@ async function cdpRoutes(app, opts) {
     async (request, reply) => {
       const project = resolveProject(app.db, request.params.name);
       const { runId } = request.params;
-      const run = app.db.select().from(runs).where(and4(eq14(runs.id, runId), eq14(runs.projectId, project.id))).get();
+      const run = app.db.select().from(runs).where(and5(eq15(runs.id, runId), eq15(runs.projectId, project.id))).get();
       if (!run) return reply.code(404).send({ error: "Run not found" });
       const snapshots = app.db.select({
         id: querySnapshots.id,
@@ -4982,8 +5483,8 @@ async function cdpRoutes(app, opts) {
         citedDomains: querySnapshots.citedDomains,
         screenshotPath: querySnapshots.screenshotPath,
         rawResponse: querySnapshots.rawResponse
-      }).from(querySnapshots).where(eq14(querySnapshots.runId, runId)).all();
-      const keywordRows = app.db.select({ id: keywords.id, keyword: keywords.keyword }).from(keywords).where(eq14(keywords.projectId, project.id)).all();
+      }).from(querySnapshots).where(eq15(querySnapshots.runId, runId)).all();
+      const keywordRows = app.db.select({ id: keywords.id, keyword: keywords.keyword }).from(keywords).where(eq15(keywords.projectId, project.id)).all();
       const keywordMap = new Map(keywordRows.map((k) => [k.id, k.keyword]));
       const byKeyword = /* @__PURE__ */ new Map();
       for (const snap of snapshots) {
@@ -5067,6 +5568,27 @@ async function cdpRoutes(app, opts) {
 // ../api-routes/src/index.ts
 async function apiRoutes(app, opts) {
   app.decorate("db", opts.db);
+  app.setErrorHandler((error, _request, reply) => {
+    if (error instanceof AppError) {
+      return reply.status(error.statusCode).send(error.toJSON());
+    }
+    const httpStatus = error.statusCode ?? error.status ?? 500;
+    if (httpStatus >= 400 && httpStatus < 500) {
+      return reply.status(httpStatus).send({
+        error: {
+          code: httpStatus === 401 ? "AUTH_INVALID" : httpStatus === 403 ? "FORBIDDEN" : httpStatus === 404 ? "NOT_FOUND" : httpStatus === 429 ? "QUOTA_EXCEEDED" : "VALIDATION_ERROR",
+          message: error.message
+        }
+      });
+    }
+    app.log.error(error);
+    return reply.status(500).send({
+      error: {
+        code: "INTERNAL_ERROR",
+        message: "An unexpected error occurred"
+      }
+    });
+  });
   if (!opts.skipAuth) {
     await app.register(authPlugin);
   }
@@ -5095,7 +5617,9 @@ async function apiRoutes(app, opts) {
       providerSummary: opts.providerSummary,
       onProviderUpdate: opts.onProviderUpdate,
       google: opts.googleSettingsSummary,
-      onGoogleUpdate: opts.onGoogleSettingsUpdate
+      onGoogleUpdate: opts.onGoogleSettingsUpdate,
+      bing: opts.bingSettingsSummary,
+      onBingUpdate: opts.onBingSettingsUpdate
     });
     await api.register(scheduleRoutes, {
       onScheduleUpdated: opts.onScheduleUpdated
@@ -5105,6 +5629,9 @@ async function apiRoutes(app, opts) {
       getTelemetryStatus: opts.getTelemetryStatus,
       setTelemetryEnabled: opts.setTelemetryEnabled
     });
+    await api.register(bingRoutes, {
+      bingConnectionStore: opts.bingConnectionStore
+    });
     await api.register(googleRoutes, {
       getGoogleAuthConfig: opts.getGoogleAuthConfig,
       googleConnectionStore: opts.googleConnectionStore,
@@ -5118,7 +5645,7 @@ async function apiRoutes(app, opts) {
       onCdpScreenshot: opts.onCdpScreenshot,
       onCdpConfigure: opts.onCdpConfigure
     });
-  }, { prefix: "/api/v1" });
+  }, { prefix: opts.routePrefix ?? "/api/v1" });
 }
 // ../provider-gemini/src/normalize.ts
@@ -6677,11 +7204,11 @@ function removeGoogleConnection(config, domain, connectionType) {
 }
 // src/job-runner.ts
-import crypto14 from "crypto";
+import crypto15 from "crypto";
 import fs4 from "fs";
 import path5 from "path";
 import os4 from "os";
-import { eq as eq15, inArray as inArray3 } from "drizzle-orm";
+import { eq as eq16, inArray as inArray3 } from "drizzle-orm";
 var JobRunner = class {
   db;
   registry;
@@ -6695,7 +7222,7 @@ var JobRunner = class {
     if (stale.length === 0) return;
     const now = (/* @__PURE__ */ new Date()).toISOString();
     for (const run of stale) {
-      this.db.update(runs).set({ status: "failed", finishedAt: now, error: "Server restarted while run was in progress" }).where(eq15(runs.id, run.id)).run();
+      this.db.update(runs).set({ status: "failed", finishedAt: now, error: "Server restarted while run was in progress" }).where(eq16(runs.id, run.id)).run();
       console.log(`[JobRunner] Recovered stale run ${run.id} (was ${run.status})`);
     }
   }
@@ -6703,8 +7230,8 @@ var JobRunner = class {
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const startTime = Date.now();
     try {
-      this.db.update(runs).set({ status: "running", startedAt: now }).where(eq15(runs.id, runId)).run();
-      const project = this.db.select().from(projects).where(eq15(projects.id, projectId)).get();
+      this.db.update(runs).set({ status: "running", startedAt: now }).where(eq16(runs.id, runId)).run();
+      const project = this.db.select().from(projects).where(eq16(projects.id, projectId)).get();
       if (!project) {
         throw new Error(`Project ${projectId} not found`);
       }
@@ -6725,14 +7252,14 @@ var JobRunner = class {
         throw new Error("No providers configured. Add at least one provider API key.");
       }
       console.log(`[JobRunner] Run ${runId}: dispatching to ${activeProviders.length} providers: ${activeProviders.map((p) => p.adapter.name).join(", ")}`);
-      const projectKeywords = this.db.select().from(keywords).where(eq15(keywords.projectId, projectId)).all();
-      const projectCompetitors = this.db.select().from(competitors).where(eq15(competitors.projectId, projectId)).all();
+      const projectKeywords = this.db.select().from(keywords).where(eq16(keywords.projectId, projectId)).all();
+      const projectCompetitors = this.db.select().from(competitors).where(eq16(competitors.projectId, projectId)).all();
       const competitorDomains = projectCompetitors.map((c) => c.domain);
       const queriesPerProvider = projectKeywords.length;
       const todayPeriod = getCurrentPeriod();
       for (const p of activeProviders) {
         const providerScope = `${projectId}:${p.adapter.name}`;
-        const providerUsage = this.db.select().from(usageCounters).where(eq15(usageCounters.scope, providerScope)).all().filter((r) => r.period === todayPeriod && r.metric === "queries").reduce((sum, r) => sum + r.count, 0);
+        const providerUsage = this.db.select().from(usageCounters).where(eq16(usageCounters.scope, providerScope)).all().filter((r) => r.period === todayPeriod && r.metric === "queries").reduce((sum, r) => sum + r.count, 0);
         const limit = p.config.quotaPolicy.maxRequestsPerDay;
         if (providerUsage + queriesPerProvider > limit) {
           throw new Error(
@@ -6776,7 +7303,7 @@ var JobRunner = class {
             const overlap = computeCompetitorOverlap(normalized, competitorDomains);
             let screenshotRelPath = null;
             if (raw.screenshotPath && fs4.existsSync(raw.screenshotPath)) {
-              const snapshotId = crypto14.randomUUID();
+              const snapshotId = crypto15.randomUUID();
               const screenshotDir = path5.join(os4.homedir(), ".canonry", "screenshots", runId);
               if (!fs4.existsSync(screenshotDir)) fs4.mkdirSync(screenshotDir, { recursive: true });
               const destPath = path5.join(screenshotDir, `${snapshotId}.png`);
@@ -6804,7 +7331,7 @@ var JobRunner = class {
               }).run();
             } else {
               this.db.insert(querySnapshots).values({
-                id: crypto14.randomUUID(),
+                id: crypto15.randomUUID(),
                 runId,
                 keywordId: kw.id,
                 provider: providerName,
@@ -6859,7 +7386,7 @@ var JobRunner = class {
             const overlap = computeCompetitorOverlap(normalized, competitorDomains);
             let screenshotRelPath = null;
             if (raw.screenshotPath && fs4.existsSync(raw.screenshotPath)) {
-              const snapshotId = crypto14.randomUUID();
+              const snapshotId = crypto15.randomUUID();
               const screenshotDir = path5.join(os4.homedir(), ".canonry", "screenshots", runId);
               if (!fs4.existsSync(screenshotDir)) fs4.mkdirSync(screenshotDir, { recursive: true });
               const destPath = path5.join(screenshotDir, `${snapshotId}.png`);
@@ -6887,7 +7414,7 @@ var JobRunner = class {
               }).run();
             } else {
               this.db.insert(querySnapshots).values({
-                id: crypto14.randomUUID(),
+                id: crypto15.randomUUID(),
                 runId,
                 keywordId: kw.id,
                 provider: providerName,
@@ -6919,12 +7446,12 @@ var JobRunner = class {
       const someFailed = providerErrors.size > 0;
       if (allFailed) {
         const errorDetail = JSON.stringify(Object.fromEntries(providerErrors));
-        this.db.update(runs).set({ status: "failed", finishedAt: (/* @__PURE__ */ new Date()).toISOString(), error: errorDetail }).where(eq15(runs.id, runId)).run();
+        this.db.update(runs).set({ status: "failed", finishedAt: (/* @__PURE__ */ new Date()).toISOString(), error: errorDetail }).where(eq16(runs.id, runId)).run();
       } else if (someFailed) {
         const errorDetail = JSON.stringify(Object.fromEntries(providerErrors));
-        this.db.update(runs).set({ status: "partial", finishedAt: (/* @__PURE__ */ new Date()).toISOString(), error: errorDetail }).where(eq15(runs.id, runId)).run();
+        this.db.update(runs).set({ status: "partial", finishedAt: (/* @__PURE__ */ new Date()).toISOString(), error: errorDetail }).where(eq16(runs.id, runId)).run();
       } else {
-        this.db.update(runs).set({ status: "completed", finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq15(runs.id, runId)).run();
+        this.db.update(runs).set({ status: "completed", finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq16(runs.id, runId)).run();
       }
       const finalStatus = allFailed ? "failed" : someFailed ? "partial" : "completed";
       trackEvent("run.completed", {
@@ -6950,7 +7477,7 @@ var JobRunner = class {
         status: "failed",
         finishedAt: (/* @__PURE__ */ new Date()).toISOString(),
         error: errorMessage
-      }).where(eq15(runs.id, runId)).run();
+      }).where(eq16(runs.id, runId)).run();
       trackEvent("run.completed", {
         status: "failed",
         providerCount: 0,
@@ -6986,10 +7513,10 @@ var JobRunner = class {
   incrementUsage(scope, metric, count) {
     const now = /* @__PURE__ */ new Date();
     const period = `${now.getUTCFullYear()}-${String(now.getUTCMonth() + 1).padStart(2, "0")}`;
-    const id = crypto14.randomUUID();
-    const existing = this.db.select().from(usageCounters).where(eq15(usageCounters.scope, scope)).all().find((r) => r.period === period && r.metric === metric);
+    const id = crypto15.randomUUID();
+    const existing = this.db.select().from(usageCounters).where(eq16(usageCounters.scope, scope)).all().find((r) => r.period === period && r.metric === metric);
     if (existing) {
-      this.db.update(usageCounters).set({ count: existing.count + count, updatedAt: now.toISOString() }).where(eq15(usageCounters.id, existing.id)).run();
+      this.db.update(usageCounters).set({ count: existing.count + count, updatedAt: now.toISOString() }).where(eq16(usageCounters.id, existing.id)).run();
     } else {
       this.db.insert(usageCounters).values({
         id,
@@ -7069,8 +7596,8 @@ function computeCompetitorOverlap(normalized, competitorDomains) {
 }
 // src/gsc-sync.ts
-import crypto15 from "crypto";
-import { eq as eq16, and as and5, sql as sql3 } from "drizzle-orm";
+import crypto16 from "crypto";
+import { eq as eq17, and as and6, sql as sql3 } from "drizzle-orm";
 function formatDate(d) {
   return d.toISOString().split("T")[0];
 }
@@ -7081,13 +7608,13 @@ function daysAgo(n) {
 }
 async function executeGscSync(db, runId, projectId, opts) {
   const now = (/* @__PURE__ */ new Date()).toISOString();
-  db.update(runs).set({ status: "running", startedAt: now }).where(eq16(runs.id, runId)).run();
+  db.update(runs).set({ status: "running", startedAt: now }).where(eq17(runs.id, runId)).run();
   try {
     const { clientId: googleClientId, clientSecret: googleClientSecret } = getGoogleAuthConfig(opts.config);
     if (!googleClientId || !googleClientSecret) {
       throw new Error("Google OAuth is not configured in the local Canonry config");
     }
-    const project = db.select().from(projects).where(eq16(projects.id, projectId)).get();
+    const project = db.select().from(projects).where(eq17(projects.id, projectId)).get();
     if (!project) {
       throw new Error(`Project not found: ${projectId}`);
     }
@@ -7121,8 +7648,8 @@ async function executeGscSync(db, runId, projectId, opts) {
     });
     console.log(`[GSC Sync] Received ${rows.length} rows`);
     db.delete(gscSearchData).where(
-      and5(
-        eq16(gscSearchData.projectId, projectId),
+      and6(
+        eq17(gscSearchData.projectId, projectId),
         sql3`${gscSearchData.date} >= ${startDate}`,
         sql3`${gscSearchData.date} <= ${endDate}`
       )
@@ -7134,7 +7661,7 @@ async function executeGscSync(db, runId, projectId, opts) {
       for (const row of batch) {
         const [query, page, country, device, date] = row.keys;
         db.insert(gscSearchData).values({
-          id: crypto15.randomUUID(),
+          id: crypto16.randomUUID(),
           projectId,
           syncRunId: runId,
           date: date ?? "",
@@ -7168,7 +7695,7 @@ async function executeGscSync(db, runId, projectId, opts) {
         const rich = ir.richResultsResult;
         const inspectedAt = (/* @__PURE__ */ new Date()).toISOString();
         db.insert(gscUrlInspections).values({
-          id: crypto15.randomUUID(),
+          id: crypto16.randomUUID(),
           projectId,
           syncRunId: runId,
           url: pageUrl,
@@ -7189,7 +7716,7 @@ async function executeGscSync(db, runId, projectId, opts) {
         console.error(`[GSC Sync] Failed to inspect ${pageUrl}:`, err instanceof Error ? err.message : err);
       }
     }
-    const allInspections = db.select().from(gscUrlInspections).where(eq16(gscUrlInspections.projectId, projectId)).all();
+    const allInspections = db.select().from(gscUrlInspections).where(eq17(gscUrlInspections.projectId, projectId)).all();
     const latestByUrl = /* @__PURE__ */ new Map();
     for (const row of allInspections) {
       const existing = latestByUrl.get(row.url);
@@ -7210,9 +7737,9 @@ async function executeGscSync(db, runId, projectId, opts) {
       }
     }
     const snapshotDate = formatDate(/* @__PURE__ */ new Date());
-    db.delete(gscCoverageSnapshots).where(and5(eq16(gscCoverageSnapshots.projectId, projectId), eq16(gscCoverageSnapshots.date, snapshotDate))).run();
+    db.delete(gscCoverageSnapshots).where(and6(eq17(gscCoverageSnapshots.projectId, projectId), eq17(gscCoverageSnapshots.date, snapshotDate))).run();
     db.insert(gscCoverageSnapshots).values({
-      id: crypto15.randomUUID(),
+      id: crypto16.randomUUID(),
       projectId,
       syncRunId: runId,
       date: snapshotDate,
@@ -7221,19 +7748,19 @@ async function executeGscSync(db, runId, projectId, opts) {
       reasonBreakdown: JSON.stringify(reasonCounts),
       createdAt: (/* @__PURE__ */ new Date()).toISOString()
     }).run();
-    db.update(runs).set({ status: "completed", finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq16(runs.id, runId)).run();
+    db.update(runs).set({ status: "completed", finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq17(runs.id, runId)).run();
     console.log(`[GSC Sync] Completed. ${rows.length} search data rows, ${topPages.length} URL inspections, coverage snapshot: ${snapIndexed} indexed / ${snapNotIndexed} not-indexed.`);
   } catch (err) {
     const errorMsg = err instanceof Error ? err.message : String(err);
-    db.update(runs).set({ status: "failed", error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq16(runs.id, runId)).run();
+    db.update(runs).set({ status: "failed", error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq17(runs.id, runId)).run();
     console.error(`[GSC Sync] Failed:`, errorMsg);
     throw err;
   }
 }
 // src/gsc-inspect-sitemap.ts
-import crypto16 from "crypto";
-import { eq as eq17, and as and6 } from "drizzle-orm";
+import crypto17 from "crypto";
+import { eq as eq18, and as and7 } from "drizzle-orm";
 // src/sitemap-parser.ts
 var LOC_REGEX = /<loc>\s*([^<]+?)\s*<\/loc>/gi;
@@ -7301,13 +7828,13 @@ async function parseSitemapRecursive(url, urls, depth) {
 // src/gsc-inspect-sitemap.ts
 async function executeInspectSitemap(db, runId, projectId, opts) {
   const now = (/* @__PURE__ */ new Date()).toISOString();
-  db.update(runs).set({ status: "running", startedAt: now }).where(eq17(runs.id, runId)).run();
+  db.update(runs).set({ status: "running", startedAt: now }).where(eq18(runs.id, runId)).run();
   try {
     const { clientId: googleClientId, clientSecret: googleClientSecret } = getGoogleAuthConfig(opts.config);
     if (!googleClientId || !googleClientSecret) {
       throw new Error("Google OAuth is not configured in the local Canonry config");
     }
-    const project = db.select().from(projects).where(eq17(projects.id, projectId)).get();
+    const project = db.select().from(projects).where(eq18(projects.id, projectId)).get();
     if (!project) {
       throw new Error(`Project not found: ${projectId}`);
     }
@@ -7330,7 +7857,7 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
       });
       saveConfig(opts.config);
     }
-    const sitemapUrl = opts.sitemapUrl || `https://${project.canonicalDomain}/sitemap.xml`;
+    const sitemapUrl = opts.sitemapUrl || conn.sitemapUrl || `https://${project.canonicalDomain}/sitemap.xml`;
     console.log(`[Inspect Sitemap] Fetching sitemap from ${sitemapUrl}`);
     const urls = await fetchAndParseSitemap(sitemapUrl);
     console.log(`[Inspect Sitemap] Found ${urls.length} URLs in sitemap`);
@@ -7348,7 +7875,7 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
         const rich = ir.richResultsResult;
         const inspectedAt = (/* @__PURE__ */ new Date()).toISOString();
         db.insert(gscUrlInspections).values({
-          id: crypto16.randomUUID(),
+          id: crypto17.randomUUID(),
           projectId,
           syncRunId: runId,
           url: pageUrl,
@@ -7375,7 +7902,7 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
         await new Promise((r) => setTimeout(r, 1e3));
       }
     }
-    const allInspections = db.select().from(gscUrlInspections).where(eq17(gscUrlInspections.projectId, projectId)).all();
+    const allInspections = db.select().from(gscUrlInspections).where(eq18(gscUrlInspections.projectId, projectId)).all();
     const latestByUrl = /* @__PURE__ */ new Map();
     for (const row of allInspections) {
       const existing = latestByUrl.get(row.url);
@@ -7396,9 +7923,9 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
       }
     }
     const snapshotDate = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
-    db.delete(gscCoverageSnapshots).where(and6(eq17(gscCoverageSnapshots.projectId, projectId), eq17(gscCoverageSnapshots.date, snapshotDate))).run();
+    db.delete(gscCoverageSnapshots).where(and7(eq18(gscCoverageSnapshots.projectId, projectId), eq18(gscCoverageSnapshots.date, snapshotDate))).run();
     db.insert(gscCoverageSnapshots).values({
-      id: crypto16.randomUUID(),
+      id: crypto17.randomUUID(),
       projectId,
       syncRunId: runId,
       date: snapshotDate,
@@ -7408,11 +7935,11 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
       createdAt: (/* @__PURE__ */ new Date()).toISOString()
     }).run();
     const status = errors > 0 && inspected > 0 ? "partial" : errors === urls.length ? "failed" : "completed";
-    db.update(runs).set({ status, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq17(runs.id, runId)).run();
+    db.update(runs).set({ status, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq18(runs.id, runId)).run();
     console.log(`[Inspect Sitemap] Done. ${inspected} inspected, ${errors} errors out of ${urls.length} URLs. Coverage: ${snapIndexed} indexed / ${snapNotIndexed} not-indexed.`);
   } catch (err) {
     const errorMsg = err instanceof Error ? err.message : String(err);
-    db.update(runs).set({ status: "failed", error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq17(runs.id, runId)).run();
+    db.update(runs).set({ status: "failed", error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq18(runs.id, runId)).run();
     console.error(`[Inspect Sitemap] Failed:`, errorMsg);
     throw err;
   }
@@ -7471,7 +7998,7 @@ var ProviderRegistry = class {
 // src/scheduler.ts
 import cron from "node-cron";
-import { eq as eq18 } from "drizzle-orm";
+import { eq as eq19 } from "drizzle-orm";
 var Scheduler = class {
   db;
   callbacks;
@@ -7482,7 +8009,7 @@ var Scheduler = class {
   }
   /** Load all enabled schedules from DB and register cron jobs. */
   start() {
-    const allSchedules = this.db.select().from(schedules).where(eq18(schedules.enabled, 1)).all();
+    const allSchedules = this.db.select().from(schedules).where(eq19(schedules.enabled, 1)).all();
     for (const schedule of allSchedules) {
       const missedRunAt = schedule.nextRunAt;
       this.registerCronTask(schedule);
@@ -7507,7 +8034,7 @@ var Scheduler = class {
       this.stopTask(projectId, existing, "Stopped");
       this.tasks.delete(projectId);
     }
-    const schedule = this.db.select().from(schedules).where(eq18(schedules.projectId, projectId)).get();
+    const schedule = this.db.select().from(schedules).where(eq19(schedules.projectId, projectId)).get();
     if (schedule && schedule.enabled === 1) {
       this.registerCronTask(schedule);
     }
@@ -7540,13 +8067,13 @@ var Scheduler = class {
     this.db.update(schedules).set({
       nextRunAt: task.getNextRun()?.toISOString() ?? null,
       updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-    }).where(eq18(schedules.id, scheduleId)).run();
+    }).where(eq19(schedules.id, scheduleId)).run();
     const label = schedule.preset ?? cronExpr;
     console.log(`[Scheduler] Registered "${label}" (${timezone}) for project ${projectId}`);
   }
   triggerRun(scheduleId, projectId) {
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const currentSchedule = this.db.select().from(schedules).where(eq18(schedules.id, scheduleId)).get();
+    const currentSchedule = this.db.select().from(schedules).where(eq19(schedules.id, scheduleId)).get();
     if (!currentSchedule || currentSchedule.enabled !== 1) {
       console.log(`[Scheduler] Schedule ${scheduleId} no longer exists or is disabled, removing task for project ${projectId}`);
       this.remove(projectId);
@@ -7554,7 +8081,7 @@ var Scheduler = class {
     }
     const task = this.tasks.get(projectId);
     const nextRunAt = task?.getNextRun()?.toISOString() ?? null;
-    const project = this.db.select().from(projects).where(eq18(projects.id, projectId)).get();
+    const project = this.db.select().from(projects).where(eq19(projects.id, projectId)).get();
     if (!project) {
       console.error(`[Scheduler] Project ${projectId} not found, skipping scheduled run`);
       this.remove(projectId);
@@ -7571,7 +8098,7 @@ var Scheduler = class {
       this.db.update(schedules).set({
         nextRunAt,
         updatedAt: now
-      }).where(eq18(schedules.id, currentSchedule.id)).run();
+      }).where(eq19(schedules.id, currentSchedule.id)).run();
       return;
     }
     const runId = queueResult.runId;
@@ -7579,7 +8106,7 @@ var Scheduler = class {
       lastRunAt: now,
       nextRunAt,
       updatedAt: now
-    }).where(eq18(schedules.id, currentSchedule.id)).run();
+    }).where(eq19(schedules.id, currentSchedule.id)).run();
     const scheduleProviders = JSON.parse(currentSchedule.providers);
     const providers = scheduleProviders.length > 0 ? scheduleProviders : void 0;
     console.log(`[Scheduler] Triggered scheduled run ${runId} for project ${project.name}`);
@@ -7588,8 +8115,8 @@ var Scheduler = class {
 };
 // src/notifier.ts
-import { eq as eq19, desc as desc4, and as and7, or as or2 } from "drizzle-orm";
-import crypto17 from "crypto";
+import { eq as eq20, desc as desc5, and as and8, or as or2 } from "drizzle-orm";
+import crypto18 from "crypto";
 var Notifier = class {
   db;
   serverUrl;
@@ -7600,18 +8127,18 @@ var Notifier = class {
   /** Called after a run completes (success, partial, or failed). */
   async onRunCompleted(runId, projectId) {
     console.log(`[Notifier] onRunCompleted: runId=${runId} projectId=${projectId}`);
-    const notifs = this.db.select().from(notifications).where(eq19(notifications.projectId, projectId)).all().filter((n) => n.enabled === 1);
+    const notifs = this.db.select().from(notifications).where(eq20(notifications.projectId, projectId)).all().filter((n) => n.enabled === 1);
     if (notifs.length === 0) {
       console.log(`[Notifier] No enabled notifications for project ${projectId} \u2014 skipping`);
       return;
     }
     console.log(`[Notifier] Found ${notifs.length} enabled notification(s) for project ${projectId}`);
-    const run = this.db.select().from(runs).where(eq19(runs.id, runId)).get();
+    const run = this.db.select().from(runs).where(eq20(runs.id, runId)).get();
     if (!run) {
       console.error(`[Notifier] Run ${runId} not found \u2014 skipping notification dispatch`);
       return;
     }
-    const project = this.db.select().from(projects).where(eq19(projects.id, projectId)).get();
+    const project = this.db.select().from(projects).where(eq20(projects.id, projectId)).get();
     if (!project) {
       console.error(`[Notifier] Project ${projectId} not found \u2014 skipping notification dispatch`);
       return;
@@ -7651,11 +8178,11 @@ var Notifier = class {
   }
   computeTransitions(runId, projectId) {
     const recentRuns = this.db.select().from(runs).where(
-      and7(
-        eq19(runs.projectId, projectId),
-        or2(eq19(runs.status, "completed"), eq19(runs.status, "partial"))
+      and8(
+        eq20(runs.projectId, projectId),
+        or2(eq20(runs.status, "completed"), eq20(runs.status, "partial"))
       )
-    ).orderBy(desc4(runs.createdAt)).limit(2).all();
+    ).orderBy(desc5(runs.createdAt)).limit(2).all();
     if (recentRuns.length < 2) return [];
     const currentRunId = recentRuns[0].id;
     const previousRunId = recentRuns[1].id;
@@ -7665,12 +8192,12 @@ var Notifier = class {
       keyword: keywords.keyword,
       provider: querySnapshots.provider,
       citationState: querySnapshots.citationState
-    }).from(querySnapshots).leftJoin(keywords, eq19(querySnapshots.keywordId, keywords.id)).where(eq19(querySnapshots.runId, currentRunId)).all();
+    }).from(querySnapshots).leftJoin(keywords, eq20(querySnapshots.keywordId, keywords.id)).where(eq20(querySnapshots.runId, currentRunId)).all();
     const previousSnapshots = this.db.select({
       keywordId: querySnapshots.keywordId,
       provider: querySnapshots.provider,
       citationState: querySnapshots.citationState
-    }).from(querySnapshots).where(eq19(querySnapshots.runId, previousRunId)).all();
+    }).from(querySnapshots).where(eq20(querySnapshots.runId, previousRunId)).all();
     const prevMap = /* @__PURE__ */ new Map();
     for (const s of previousSnapshots) {
       prevMap.set(`${s.keywordId}:${s.provider}`, s.citationState);
@@ -7727,7 +8254,7 @@ var Notifier = class {
   }
   logDelivery(projectId, notificationId, event, status, error) {
     this.db.insert(auditLog).values({
-      id: crypto17.randomUUID(),
+      id: crypto18.randomUUID(),
       projectId,
       actor: "scheduler",
       action: `notification.${status}`,
@@ -7959,8 +8486,43 @@ async function createServer(opts) {
   const googleSettingsSummary = {
     configured: Boolean(opts.config.google?.clientId && opts.config.google?.clientSecret)
   };
+  const bingSettingsSummary = {
+    configured: Boolean(opts.config.bing?.apiKey)
+  };
+  const bingConnectionStore = {
+    getConnection: (domain) => {
+      return opts.config.bing?.connections?.find((c) => c.domain === domain);
+    },
+    upsertConnection: (connection) => {
+      if (!opts.config.bing) opts.config.bing = {};
+      if (!opts.config.bing.connections) opts.config.bing.connections = [];
+      const idx = opts.config.bing.connections.findIndex((c) => c.domain === connection.domain);
+      if (idx >= 0) {
+        opts.config.bing.connections[idx] = connection;
+      } else {
+        opts.config.bing.connections.push(connection);
+      }
+      saveConfig(opts.config);
+      return connection;
+    },
+    updateConnection: (domain, patch) => {
+      const conn = opts.config.bing?.connections?.find((c) => c.domain === domain);
+      if (!conn) return void 0;
+      Object.assign(conn, patch);
+      saveConfig(opts.config);
+      return conn;
+    },
+    deleteConnection: (domain) => {
+      if (!opts.config.bing?.connections) return false;
+      const idx = opts.config.bing.connections.findIndex((c) => c.domain === domain);
+      if (idx < 0) return false;
+      opts.config.bing.connections.splice(idx, 1);
+      saveConfig(opts.config);
+      return true;
+    }
+  };
   const adapterMap = { gemini: geminiAdapter, openai: openaiAdapter, claude: claudeAdapter, local: localAdapter };
-  const googleStateSecret = process.env.GOOGLE_STATE_SECRET ?? crypto18.randomBytes(32).toString("hex");
+  const googleStateSecret = process.env.GOOGLE_STATE_SECRET ?? crypto19.randomBytes(32).toString("hex");
   const googleConnectionStore = {
     listConnections: (domain) => listGoogleConnections(opts.config, domain),
     getConnection: (domain, connectionType) => getGoogleConnection(opts.config, domain, connectionType),
@@ -7980,8 +8542,13 @@ async function createServer(opts) {
       return removed;
     }
   };
+  const rawBasePath = process.env.CANONRY_BASE_PATH ?? opts.config.basePath;
+  const normalizedBasePath = rawBasePath ? "/" + rawBasePath.replace(/^\//, "").replace(/\/?$/, "/") : void 0;
+  const basePath = normalizedBasePath === "/" ? void 0 : normalizedBasePath;
+  const apiPrefix = basePath ? `${basePath}api/v1` : "/api/v1";
   await app.register(apiRoutes, {
     db: opts.db,
+    routePrefix: apiPrefix,
     skipAuth: false,
     getGoogleAuthConfig: () => getGoogleAuthConfig(opts.config),
     googleConnectionStore,
@@ -8019,6 +8586,8 @@ async function createServer(opts) {
     },
     providerSummary,
     googleSettingsSummary,
+    bingSettingsSummary,
+    bingConnectionStore,
     onRunCreated: (runId, projectId, providers2, location) => {
       jobRunner.executeRun(runId, projectId, providers2, location).catch((err) => {
         app.log.error({ runId, err }, "Job runner failed");
@@ -8074,7 +8643,7 @@ async function createServer(opts) {
         const targetProjectIds = affectedProjectIds.length > 0 ? affectedProjectIds : [null];
         const createdAt = (/* @__PURE__ */ new Date()).toISOString();
         opts.db.insert(auditLog).values(targetProjectIds.map((projectId) => ({
-          id: crypto18.randomUUID(),
+          id: crypto19.randomUUID(),
           projectId,
           actor: "api",
           action: existing ? "provider.updated" : "provider.created",
@@ -8102,6 +8671,18 @@ async function createServer(opts) {
         return null;
       }
     },
+    onBingSettingsUpdate: (apiKey) => {
+      try {
+        if (!opts.config.bing) opts.config.bing = {};
+        opts.config.bing.apiKey = apiKey;
+        saveConfig(opts.config);
+        bingSettingsSummary.configured = true;
+        return { ...bingSettingsSummary };
+      } catch (err) {
+        app.log.error({ err }, "Failed to save Bing API key config");
+        return null;
+      }
+    },
     onScheduleUpdated: (action, projectId) => {
       if (action === "upsert") scheduler.upsert(projectId);
       if (action === "delete") scheduler.remove(projectId);
@@ -8194,8 +8775,6 @@ async function createServer(opts) {
   const assetsDir = path6.join(dirname2, "..", "assets");
   if (fs5.existsSync(assetsDir)) {
     const indexPath = path6.join(assetsDir, "index.html");
-    const rawBasePath = process.env.CANONRY_BASE_PATH ?? opts.config.basePath;
-    const basePath = rawBasePath ? "/" + rawBasePath.replace(/^\//, "").replace(/\/?$/, "/") : void 0;
     const injectConfig = (html) => {
       const clientConfig = { apiKey: opts.config.apiKey };
       if (basePath) clientConfig.basePath = basePath;
@@ -8206,21 +8785,32 @@ async function createServer(opts) {
     const fastifyStatic = await import("@fastify/static");
     await app.register(fastifyStatic.default, {
       root: assetsDir,
-      prefix: "/",
+      prefix: basePath ?? "/",
       wildcard: false,
       // Don't serve index.html automatically — we handle it with config injection
       serve: true,
       index: false
     });
-    app.get("/", (_request, reply) => {
+    const serveIndex = (_request, reply) => {
       if (fs5.existsSync(indexPath)) {
         const html = fs5.readFileSync(indexPath, "utf-8");
         return reply.type("text/html").send(injectConfig(html));
       }
       return reply.status(404).send({ error: "Dashboard not built" });
-    });
+    };
+    const rootRouteTrailing = basePath ?? "/";
+    app.get(rootRouteTrailing, serveIndex);
+    if (basePath) {
+      const rootRouteBare = basePath.replace(/\/$/, "");
+      if (rootRouteBare) app.get(rootRouteBare, serveIndex);
+    }
     app.setNotFoundHandler((request, reply) => {
-      if (request.url.startsWith("/api/")) {
+      const url = request.url.split("?")[0];
+      const isApiRoute = url.startsWith("/api/") || basePath !== void 0 && url.startsWith(`${basePath}api/`);
+      if (isApiRoute) {
+        return reply.status(404).send({ error: "Not found", path: request.url });
+      }
+      if (basePath && !url.startsWith(basePath)) {
         return reply.status(404).send({ error: "Not found", path: request.url });
       }
       if (fs5.existsSync(indexPath)) {
@@ -8230,11 +8820,11 @@ async function createServer(opts) {
       return reply.status(404).send({ error: "Not found" });
     });
   }
-  app.get("/health", async () => ({
-    status: "ok",
-    service: "canonry",
-    version: PKG_VERSION
-  }));
+  const healthHandler = async () => ({ status: "ok", service: "canonry", version: PKG_VERSION });
+  app.get("/health", healthHandler);
+  if (basePath) {
+    app.get(`${basePath}health`, healthHandler);
+  }
   scheduler.start();
   app.addHook("onClose", async () => {
     scheduler.stop();