@ainyc/canonry 1.48.2 → 1.48.4

package/README.md

@@ -2,7 +2,7 @@
 
 [![npm version](https://img.shields.io/npm/v/@ainyc/canonry)](https://www.npmjs.com/package/@ainyc/canonry) [![License: FSL-1.1-ALv2](https://img.shields.io/badge/License-FSL--1.1--ALv2-blue.svg)](https://fsl.software/) [![Node.js >= 22.14](https://img.shields.io/badge/node-%3E%3D22.14-brightgreen)](https://nodejs.org)
 
-Canonry is an agent-first AEO platform powered by [OpenClaw](https://openclaw.ai). It tracks how ChatGPT, Gemini, Claude, and Perplexity cite your site, detects regressions, diagnoses causes, coordinates fixes, and reports results.
+Canonry is an agent-first AEO platform — CLI- and API-native, with a bundled AI agent. It tracks how ChatGPT, Gemini, Claude, and Perplexity cite your site, detects regressions, diagnoses causes, coordinates fixes, and reports results.
 
 AEO (Answer Engine Optimization) is about making sure your content shows up accurately in AI-generated answers. As search shifts from links to synthesized responses, you need something that can monitor, analyze, and act across these engines continuously.
 
@@ -15,7 +15,7 @@ npm install -g @ainyc/canonry
 canonry agent setup
 ```
 
-One command. It installs [OpenClaw](https://openclaw.ai), configures the agent's LLM, sets up monitoring providers, and seeds the workspace. Interactive prompts guide you through everything, or pass flags for fully automated setup:
+One command. It installs the agent runtime, configures the agent's LLM, sets up monitoring providers, and seeds the workspace. Interactive prompts guide you through everything, or pass flags for fully automated setup:
 
 ```bash
 canonry agent setup --gemini-key <key> --agent-key <key> --format json
@@ -42,7 +42,7 @@ canonry serve
 
 ## What the Agent Does
 
-The Canonry agent ("Aero") is an [OpenClaw](https://openclaw.ai)-powered operator:
+The Canonry agent ("Aero") is an autonomous operator:
 
 - **Monitors** visibility sweeps across providers on schedule, tracking citation changes over time
 - **Analyzes** regressions, emerging opportunities, and correlates visibility shifts with site changes
@@ -53,7 +53,7 @@ Every action the agent takes goes through the same CLI and API available to ever
 
 ## Features
 
-- **Agent-operated.** The OpenClaw agent monitors, analyzes, and acts autonomously. Humans supervise via the dashboard.
+- **Agent-operated.** The bundled agent monitors, analyzes, and acts autonomously. Humans supervise via the dashboard.
 - **Multi-provider.** Query Gemini, OpenAI, Claude, Perplexity, and local LLMs from a single platform.
 - **Config-as-code.** Kubernetes-style YAML files. Version control your monitoring, let agents apply changes declaratively.
 - **Self-hosted.** Runs locally with SQLite. No cloud account required.
@@ -148,9 +148,9 @@ Integration setup guides: [Google Search Console](docs/google-search-console-set
 
 ## Skills
 
-The agent learns how to operate canonry through bundled [OpenClaw skills](https://clawhub.dev) that cover CLI commands, provider setup, analysis workflows, and troubleshooting. Skills are seeded into the agent workspace during `canonry agent setup`.
+The agent learns how to operate canonry through bundled skills that cover CLI commands, provider setup, analysis workflows, and troubleshooting. Skills are seeded into the agent workspace during `canonry agent setup`.
 
-**Claude Code** also picks up the skill automatically from `.claude/skills/canonry-setup/` when you open this repo. **ClawHub** hosts the same skill at [clawhub.dev](https://clawhub.dev) for any MCP-equipped agent.
+**Claude Code** also picks up the skill automatically from `.claude/skills/canonry-setup/` when you open this repo.
 
 ## Deployment
 

package/assets/agent-workspace/skills/aero/references/memory-patterns.md

@@ -2,7 +2,7 @@
 
 ## Per-Client State Template
 
-Store in OpenClaw agent memory after each significant event:
+Store in agent memory after each significant event:
 
 ```
 Client: <business name>

package/assets/agent-workspace/skills/canonry-setup/SKILL.md

@@ -3,7 +3,7 @@ name: canonry
 description: "Agent-first AEO monitoring and operating platform."
 metadata:
   {
-    "openclaw":
+    "agent":
       {
         "emoji": "📡",
         "requires": { "bins": ["canonry"] },

package/assets/agent-workspace/skills/canonry-setup/references/canonry-cli.md

@@ -296,10 +296,10 @@ canonry export <project> --include-results > project.yaml
 canonry sitemap inspect <project>
 ```
 
-## Agent (OpenClaw Integration)
+## Agent
 
 `canonry agent setup` is the single entry point for configuring the agent. It handles everything:
-canonry initialization, OpenClaw installation, profile setup, LLM credential configuration,
+canonry initialization, agent runtime installation, profile setup, LLM credential configuration,
 and workspace seeding. If canonry is not yet configured, it runs the interactive init flow first
 (prompting for monitoring provider keys and agent LLM credentials).
 
@@ -313,7 +313,7 @@ canonry agent setup --agent-provider openrouter --agent-key <key> --agent-model
 GEMINI_API_KEY=<key> canonry agent setup --agent-key <key> --format json
 
 # Lifecycle
-canonry agent start                              # start OpenClaw gateway as background process
+canonry agent start                              # start agent gateway as background process
 canonry agent stop                               # stop the gateway process
 canonry agent status                             # check if gateway is running
 canonry agent status --format json               # JSON output
@@ -336,9 +336,9 @@ canonry agent detach <project>                   # remove agent webhook from pro
 canonry agent detach <project> --format json     # JSON output
 ```
 
-**Setup flow:** init canonry (if needed) → install OpenClaw (if needed) → configure profile → configure gateway → set agent LLM credentials → seed workspace with skills.
+**Setup flow:** init canonry (if needed) → install agent runtime (if needed) → configure profile → configure gateway → set agent LLM credentials → seed workspace with skills.
 
-**Agent LLM credentials** are stored in `~/.openclaw-aero/.env` (e.g. `ANTHROPIC_API_KEY=...`) and loaded into the gateway process at start time. The model is set via `openclaw models set`.
+**Agent LLM credentials** are stored in the agent env file (e.g. `ANTHROPIC_API_KEY=...`) and loaded into the gateway process at start time. The model is set via the agent CLI.
 
 **Re-running is safe:** setup is idempotent — it skips steps that are already configured.
 

package/dist/{chunk-YPTVJRJY.js → chunk-IPOVH342.js}

@@ -6,6 +6,8 @@ import {
   bingUrlInspections,
   competitors,
   createLogger,
+  dropLegacyCredentialColumns,
+  extractLegacyCredentials,
   gaAiReferrals,
   gaSocialReferrals,
   gaTrafficSnapshots,
@@ -23,7 +25,7 @@ import {
   runs,
   schedules,
   usageCounters
-} from "./chunk-JTKHPNGL.js";
+} from "./chunk-ZZ57GRV6.js";
 
 // src/config.ts
 import fs from "fs";
@@ -338,7 +340,7 @@ import crypto23 from "crypto";
 import fs7 from "fs";
 import path8 from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { eq as eq24, sql as sql6 } from "drizzle-orm";
+import { eq as eq24 } from "drizzle-orm";
 import Fastify from "fastify";
 
 // ../contracts/src/config-schema.ts
@@ -15959,68 +15961,46 @@ function serializeSessionCookie(opts) {
   }
   return parts.join("; ");
 }
-function migrateDbCredentialsToConfig(db, config) {
-  try {
-    const googleColCheck = db.all(sql6.raw(
-      `SELECT COUNT(*) as c FROM pragma_table_info('google_connections') WHERE name = 'access_token'`
-    ));
-    if (googleColCheck[0]?.c) {
-      const rows = db.all(sql6.raw(
-        `SELECT domain, connection_type, property_id, sitemap_url, access_token, refresh_token, token_expires_at, scopes, created_at, updated_at FROM google_connections WHERE refresh_token IS NOT NULL AND refresh_token != ''`
-      ));
-      let migrated = 0;
-      for (const row of rows) {
-        const connType = row.connection_type;
-        const existing = getGoogleConnection(config, row.domain, connType);
-        if (existing?.refreshToken) continue;
-        upsertGoogleConnection(config, {
-          domain: row.domain,
-          connectionType: connType,
-          propertyId: row.property_id ?? null,
-          sitemapUrl: row.sitemap_url ?? null,
-          accessToken: row.access_token ?? void 0,
-          refreshToken: row.refresh_token ?? null,
-          tokenExpiresAt: row.token_expires_at ?? null,
-          scopes: parseJsonColumn(row.scopes, []),
-          createdAt: row.created_at,
-          updatedAt: row.updated_at
-        });
-        migrated++;
-      }
-      if (migrated > 0) {
-        saveConfigPatch({ google: config.google });
-        log9.info("credentials.migrated", { type: "google", count: migrated });
-      }
-    }
-    const gaColCheck = db.all(sql6.raw(
-      `SELECT COUNT(*) as c FROM pragma_table_info('ga_connections') WHERE name = 'private_key'`
-    ));
-    if (gaColCheck[0]?.c) {
-      const rows = db.all(sql6.raw(
-        `SELECT id, project_id, property_id, client_email, private_key, created_at, updated_at FROM ga_connections WHERE private_key IS NOT NULL AND private_key != ''`
-      ));
-      let migrated = 0;
-      for (const row of rows) {
-        const project = db.select({ name: projects.name }).from(projects).where(eq24(projects.id, row.project_id)).get();
-        if (!project) continue;
-        const existing = getGa4Connection(config, project.name);
-        if (existing?.privateKey) continue;
-        upsertGa4Connection(config, {
-          projectName: project.name,
-          propertyId: row.property_id,
-          clientEmail: row.client_email,
-          privateKey: row.private_key,
-          createdAt: row.created_at,
-          updatedAt: row.updated_at
-        });
-        migrated++;
-      }
-      if (migrated > 0) {
-        saveConfigPatch({ ga4: config.ga4 });
-        log9.info("credentials.migrated", { type: "ga4", count: migrated });
-      }
-    }
-  } catch {
+function applyLegacyCredentials(rows, config) {
+  let migratedGoogle = 0;
+  for (const row of rows.google) {
+    const existing = getGoogleConnection(config, row.domain, row.connectionType);
+    if (existing?.refreshToken) continue;
+    upsertGoogleConnection(config, {
+      domain: row.domain,
+      connectionType: row.connectionType,
+      propertyId: row.propertyId,
+      sitemapUrl: row.sitemapUrl,
+      accessToken: row.accessToken ?? void 0,
+      refreshToken: row.refreshToken,
+      tokenExpiresAt: row.tokenExpiresAt,
+      scopes: row.scopes,
+      createdAt: row.createdAt,
+      updatedAt: row.updatedAt
+    });
+    migratedGoogle++;
+  }
+  if (migratedGoogle > 0) {
+    saveConfigPatch({ google: config.google });
+    log9.info("credentials.migrated", { type: "google", count: migratedGoogle });
+  }
+  let migratedGa4 = 0;
+  for (const row of rows.ga4) {
+    const existing = getGa4Connection(config, row.projectName);
+    if (existing?.privateKey) continue;
+    upsertGa4Connection(config, {
+      projectName: row.projectName,
+      propertyId: row.propertyId,
+      clientEmail: row.clientEmail,
+      privateKey: row.privateKey,
+      createdAt: row.createdAt,
+      updatedAt: row.updatedAt
+    });
+    migratedGa4++;
+  }
+  if (migratedGa4 > 0) {
+    saveConfigPatch({ ga4: config.ga4 });
+    log9.info("credentials.migrated", { type: "ga4", count: migratedGa4 });
   }
 }
 async function createServer(opts) {
@@ -16047,7 +16027,15 @@ async function createServer(opts) {
       quota: opts.config.geminiQuota
     };
   }
-  migrateDbCredentialsToConfig(opts.db, opts.config);
+  try {
+    const legacyRows = extractLegacyCredentials(opts.db);
+    applyLegacyCredentials(legacyRows, opts.config);
+    dropLegacyCredentialColumns(opts.db);
+  } catch (err) {
+    log9.warn("credentials.migration.failed", {
+      error: err instanceof Error ? err.message : String(err)
+    });
+  }
   log9.info("providers.configured", { providers: Object.keys(providers).filter((k) => {
     const p = providers[k];
     return p?.apiKey || p?.baseUrl || p?.vertexProject;

package/dist/{chunk-JTKHPNGL.js → chunk-ZZ57GRV6.js}

@@ -854,6 +854,12 @@ var MIGRATIONS = [
   `CREATE INDEX IF NOT EXISTS idx_snapshots_created_at ON query_snapshots(created_at)`
   // v36: Transaction handling and SQL injection review: verified all strings use SQLite ? binding via Drizzle.
   // No changes required for parameterization.
+  // v37: The legacy credential columns (private_key on ga_connections; access_token,
+  // refresh_token, token_expires_at on google_connections) are removed by the
+  // extractLegacyCredentials / dropLegacyCredentialColumns pair below. Callers
+  // read the rows, persist them to config.yaml, and only then drop the columns
+  // so a failed config write doesn't permanently lose credentials. Keeping the
+  // DROPs as raw SQL here would race with that read.
 ];
 function isDuplicateColumnError(err) {
   if (!(err instanceof Error)) return false;
@@ -861,6 +867,83 @@ function isDuplicateColumnError(err) {
   if (err.cause instanceof Error && err.cause.message.includes("duplicate column name")) return true;
   return false;
 }
+function columnExists(db, table, column) {
+  const rows = db.all(sql.raw(
+    `SELECT COUNT(*) as c FROM pragma_table_info('${table}') WHERE name = '${column}'`
+  ));
+  return (rows[0]?.c ?? 0) > 0;
+}
+function dropColumnIfExists(db, table, column) {
+  try {
+    db.run(sql.raw(`ALTER TABLE ${table} DROP COLUMN ${column}`));
+  } catch (err) {
+    if (!(err instanceof Error)) throw err;
+    const msg = err.message;
+    const causeMsg = err.cause instanceof Error ? err.cause.message : "";
+    const expected = `no such column: "${column}"`;
+    const expectedAlt = `no such column: ${column}`;
+    if (msg.includes(expected) || msg.includes(expectedAlt)) return;
+    if (causeMsg.includes(expected) || causeMsg.includes(expectedAlt)) return;
+    throw err;
+  }
+}
+function extractLegacyCredentials(db) {
+  const out = { google: [], ga4: [] };
+  if (columnExists(db, "google_connections", "access_token")) {
+    const rows = db.all(sql.raw(
+      `SELECT domain, connection_type, property_id, sitemap_url, access_token, refresh_token, token_expires_at, scopes, created_at, updated_at
+       FROM google_connections
+       WHERE refresh_token IS NOT NULL AND refresh_token != ''`
+    ));
+    for (const row of rows) {
+      out.google.push({
+        domain: row.domain,
+        connectionType: row.connection_type,
+        propertyId: row.property_id,
+        sitemapUrl: row.sitemap_url,
+        accessToken: row.access_token,
+        refreshToken: row.refresh_token,
+        tokenExpiresAt: row.token_expires_at,
+        scopes: parseJsonColumn(row.scopes, []),
+        createdAt: row.created_at,
+        updatedAt: row.updated_at
+      });
+    }
+  }
+  if (columnExists(db, "ga_connections", "private_key")) {
+    const rows = db.all(sql.raw(
+      `SELECT p.name AS project_name, ga.property_id, ga.client_email, ga.private_key, ga.created_at, ga.updated_at
+       FROM ga_connections ga
+       INNER JOIN projects p ON p.id = ga.project_id
+       WHERE ga.private_key IS NOT NULL AND ga.private_key != ''`
+    ));
+    for (const row of rows) {
+      out.ga4.push({
+        projectName: row.project_name,
+        propertyId: row.property_id,
+        clientEmail: row.client_email,
+        privateKey: row.private_key,
+        createdAt: row.created_at,
+        updatedAt: row.updated_at
+      });
+    }
+  }
+  return out;
+}
+function dropLegacyCredentialColumns(db) {
+  if (columnExists(db, "google_connections", "access_token")) {
+    dropColumnIfExists(db, "google_connections", "access_token");
+  }
+  if (columnExists(db, "google_connections", "refresh_token")) {
+    dropColumnIfExists(db, "google_connections", "refresh_token");
+  }
+  if (columnExists(db, "google_connections", "token_expires_at")) {
+    dropColumnIfExists(db, "google_connections", "token_expires_at");
+  }
+  if (columnExists(db, "ga_connections", "private_key")) {
+    dropColumnIfExists(db, "ga_connections", "private_key");
+  }
+}
 function migrate(db) {
   const statements = MIGRATION_SQL.split(";").map((s) => s.trim()).filter((s) => s.length > 0);
   for (const statement of statements) {
@@ -1308,6 +1391,8 @@ export {
   healthSnapshots,
   createClient,
   parseJsonColumn,
+  extractLegacyCredentials,
+  dropLegacyCredentialColumns,
   migrate,
   createLogger,
   IntelligenceService

package/dist/cli.js

@@ -47,7 +47,7 @@ import {
   trackEvent,
   usageError,
   writeAgentEnv
-} from "./chunk-YPTVJRJY.js";
+} from "./chunk-IPOVH342.js";
 import {
   apiKeys,
   competitors,
@@ -57,7 +57,7 @@ import {
   projects,
   querySnapshots,
   runs
-} from "./chunk-JTKHPNGL.js";
+} from "./chunk-ZZ57GRV6.js";
 
 // src/cli.ts
 import { pathToFileURL } from "url";
@@ -304,7 +304,7 @@ async function backfillAnswerVisibilityCommand(opts) {
   console.log(`  Errors:   ${providerErrors}`);
 }
 async function backfillInsightsCommand(project, opts) {
-  const { IntelligenceService } = await import("./intelligence-service-Q4WX46MJ.js");
+  const { IntelligenceService } = await import("./intelligence-service-MZ7SXEGE.js");
   const config = loadConfig();
   const db = createClient(config.database);
   migrate(db);

package/dist/index.js

@@ -1,8 +1,8 @@
 import {
   createServer,
   loadConfig
-} from "./chunk-YPTVJRJY.js";
-import "./chunk-JTKHPNGL.js";
+} from "./chunk-IPOVH342.js";
+import "./chunk-ZZ57GRV6.js";
 export {
   createServer,
   loadConfig

package/dist/{intelligence-service-Q4WX46MJ.js → intelligence-service-MZ7SXEGE.js}

@@ -1,6 +1,6 @@
 import {
   IntelligenceService
-} from "./chunk-JTKHPNGL.js";
+} from "./chunk-ZZ57GRV6.js";
 export {
   IntelligenceService
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ainyc/canonry",
-  "version": "1.48.2",
+  "version": "1.48.4",
   "type": "module",
   "description": "The ultimate open-source AEO monitoring tool - track how answer engines cite your domain",
   "license": "FSL-1.1-ALv2",
@@ -58,16 +58,16 @@
     "@ainyc/canonry-contracts": "0.0.0",
     "@ainyc/canonry-config": "0.0.0",
     "@ainyc/canonry-db": "0.0.0",
-    "@ainyc/canonry-intelligence": "0.0.0",
     "@ainyc/canonry-integration-bing": "0.0.0",
     "@ainyc/canonry-integration-wordpress": "0.0.0",
-    "@ainyc/canonry-integration-google": "0.0.0",
     "@ainyc/canonry-provider-cdp": "0.0.0",
+    "@ainyc/canonry-intelligence": "0.0.0",
     "@ainyc/canonry-provider-claude": "0.0.0",
-    "@ainyc/canonry-provider-gemini": "0.0.0",
     "@ainyc/canonry-provider-local": "0.0.0",
     "@ainyc/canonry-provider-openai": "0.0.0",
-    "@ainyc/canonry-provider-perplexity": "0.0.0"
+    "@ainyc/canonry-integration-google": "0.0.0",
+    "@ainyc/canonry-provider-perplexity": "0.0.0",
+    "@ainyc/canonry-provider-gemini": "0.0.0"
   },
   "scripts": {
     "build": "tsx scripts/copy-agent-assets.ts && tsup && tsx build-web.ts",