@ainyc/canonry 4.57.0 → 4.59.0

package/dist/{chunk-HL6JZUEW.js → chunk-NOQ4ZE3E.js}

@@ -1,12 +1,14 @@
 import {
   ApiClient,
+  CliError,
+  PACKAGE_VERSION,
   canonryMcpTools,
   configExists,
   getConfigPath,
   loadConfig,
   loadConfigRaw,
   saveConfigPatch
-} from "./chunk-6X5TF73A.js";
+} from "./chunk-TFBPLY77.js";
 import {
   DEFAULT_RUN_HISTORY_LIMIT,
   IntelligenceService,
@@ -62,6 +64,11 @@ import {
   gaTrafficSnapshots,
   gaTrafficSummaries,
   gaTrafficWindowSummaries,
+  gbpDailyMetrics,
+  gbpKeywordImpressions,
+  gbpLocations,
+  gbpLodgingSnapshots,
+  gbpPlaceActions,
   groupInsights,
   groupRunsByCreatedAt,
   gscCoverageSnapshots,
@@ -87,7 +94,7 @@ import {
   smoothedRunDelta,
   trafficSources,
   usageCounters
-} from "./chunk-4KWPOVIT.js";
+} from "./chunk-JW6TQFU7.js";
 import {
   AGENT_MEMORY_VALUE_MAX_BYTES,
   AGENT_PROVIDER_IDS,
@@ -101,6 +108,7 @@ import {
   CheckScopes,
   CheckStatuses,
   CitationStates,
+  CodingAgents,
   DEFAULT_DISCOVERY_PROMOTE_BUCKETS,
   DEFAULT_DISCOVERY_PROMOTE_COMPETITOR_TYPES,
   DISCOVERY_PROMOTE_COMPETITOR_CAP,
@@ -115,7 +123,9 @@ import {
   RunKinds,
   RunStatuses,
   RunTriggers,
+  SKILL_MANIFEST_FILENAME,
   SchedulableRunKinds,
+  SkillsClients,
   TrafficEventConfidences,
   TrafficEventKinds,
   TrafficEvidenceKinds,
@@ -158,7 +168,9 @@ import {
   citationStateSchema,
   citationStateToCited,
   citationVisibilityResponseSchema,
+  classifySkillFile,
   clusterByCosine,
+  coerceSkillManifest,
   competitorBatchRequestSchema,
   competitorDtoSchema,
   contentActionLabel,
@@ -199,6 +211,18 @@ import {
   ga4SocialReferralHistoryEntrySchema,
   ga4StatusDtoSchema,
   ga4SyncResponseDtoSchema,
+  gbpAccountListResponseSchema,
+  gbpDailyMetricListResponseSchema,
+  gbpDiscoverRequestSchema,
+  gbpKeywordImpressionListResponseSchema,
+  gbpLocationDtoSchema,
+  gbpLocationListResponseSchema,
+  gbpLocationSelectionRequestSchema,
+  gbpLodgingListResponseSchema,
+  gbpPlaceActionListResponseSchema,
+  gbpSummaryDtoSchema,
+  gbpSyncRequestSchema,
+  gbpSyncResponseSchema,
   getProviderLocationHandling,
   googleConnectionDtoSchema,
   gscCoverageSnapshotDtoSchema,
@@ -214,6 +238,7 @@ import {
   internalError,
   isAgentProviderId,
   isBrowserProvider,
+  isRetryableHttpError,
   keywordDtoSchema,
   keywordGenerateRequestSchema,
   latestProjectRunDtoSchema,
@@ -236,6 +261,7 @@ import {
   providerError,
   queryDtoSchema,
   queryGenerateRequestSchema,
+  quotaExceeded,
   recommendationExplainRequestSchema,
   recommendationExplanationDtoSchema,
   registrableDomain,
@@ -258,6 +284,7 @@ import {
   scheduleUpsertRequestSchema,
   serializeRunError,
   settingsDtoSchema,
+  skillsClientSchema,
   snapshotDiffResponseSchema,
   snapshotListResponseSchema,
   snapshotReportSchema,
@@ -277,6 +304,7 @@ import {
   validationError,
   visibilityStateFromAnswerMentioned,
   windowCutoff,
+  withRetry,
   wordpressAuditPageDtoSchema,
   wordpressBulkMetaResultDtoSchema,
   wordpressDiffDtoSchema,
@@ -289,7 +317,7 @@ import {
   wordpressSchemaDeployResultDtoSchema,
   wordpressSchemaStatusResultDtoSchema,
   wordpressStatusDtoSchema
-} from "./chunk-WFVUZVJD.js";
+} from "./chunk-LPPW7O26.js";
 
 // src/telemetry.ts
 import crypto from "crypto";
@@ -577,11 +605,11 @@ function checkLatestVersionForServer(opts) {
 
 // src/server.ts
 import { createRequire as createRequire4 } from "module";
-import crypto36 from "crypto";
-import fs15 from "fs";
-import path15 from "path";
-import { fileURLToPath as fileURLToPath2 } from "url";
-import { eq as eq43 } from "drizzle-orm";
+import crypto40 from "crypto";
+import fs16 from "fs";
+import path16 from "path";
+import { fileURLToPath as fileURLToPath3 } from "url";
+import { eq as eq44 } from "drizzle-orm";
 import Fastify from "fastify";
 
 // ../api-routes/src/index.ts
@@ -2029,7 +2057,7 @@ async function deliverWebhook(target, payload, webhookSecret) {
   const body = JSON.stringify(payload);
   const isHttps = target.url.protocol === "https:";
   const port = target.url.port ? Number(target.url.port) : isHttps ? 443 : 80;
-  const path16 = `${target.url.pathname}${target.url.search}`;
+  const path17 = `${target.url.pathname}${target.url.search}`;
   const headers = {
     "Content-Length": String(Buffer.byteLength(body)),
     "Content-Type": "application/json",
@@ -2045,7 +2073,7 @@ async function deliverWebhook(target, payload, webhookSecret) {
       headers,
       hostname: target.address,
       method: "POST",
-      path: path16,
+      path: path17,
       port,
       timeout: REQUEST_TIMEOUT_MS
     };
@@ -3392,9 +3420,9 @@ function buildGaTrafficByPage(db, projectId) {
   }).from(gaTrafficSnapshots).where(eq12(gaTrafficSnapshots.projectId, projectId)).all();
   const map = /* @__PURE__ */ new Map();
   for (const row of rows) {
-    const path16 = extractPath(row.landingPage);
-    if (!path16) continue;
-    map.set(path16, (map.get(path16) ?? 0) + (row.sessions ?? 0));
+    const path17 = extractPath(row.landingPage);
+    if (!path17) continue;
+    map.set(path17, (map.get(path17) ?? 0) + (row.sessions ?? 0));
   }
   return map;
 }
@@ -3589,13 +3617,13 @@ function normalizeDomain(domain) {
 function extractPath(url) {
   if (!url) return "";
   const trimmed = url.trim();
-  let path16;
+  let path17;
   try {
-    path16 = new URL(trimmed).pathname;
+    path17 = new URL(trimmed).pathname;
   } catch {
-    path16 = trimmed;
+    path17 = trimmed;
   }
-  const stripped = path16.replace(/\/+$/, "");
+  const stripped = path17.replace(/\/+$/, "");
   return stripped || "/";
 }
 
@@ -3867,9 +3895,9 @@ function inferAdSource(params) {
 function formatLandingPageHtml(raw) {
   const value = raw ?? "";
   const queryIdx = value.indexOf("?");
-  const path16 = queryIdx === -1 ? value : value.slice(0, queryIdx);
+  const path17 = queryIdx === -1 ? value : value.slice(0, queryIdx);
   const query = queryIdx === -1 ? "" : value.slice(queryIdx + 1);
-  const pathHtml = `<span class="page-path">${escapeHtml(path16 || "/")}</span>`;
+  const pathHtml = `<span class="page-path">${escapeHtml(path17 || "/")}</span>`;
   if (!query) return pathHtml;
   let summary = "";
   try {
@@ -5227,7 +5255,7 @@ function renderLineChart(points, color, title, height = 200) {
     y: padY + usableH - p.y / max * usableH,
     raw: p
   }));
-  const path16 = xy.map((p, i) => `${i === 0 ? "M" : "L"} ${p.x.toFixed(1)} ${p.y.toFixed(1)}`).join(" ");
+  const path17 = xy.map((p, i) => `${i === 0 ? "M" : "L"} ${p.x.toFixed(1)} ${p.y.toFixed(1)}`).join(" ");
   const dots = xy.map((p) => `<circle cx="${p.x.toFixed(1)}" cy="${p.y.toFixed(1)}" r="3" fill="${color}" />`).join("");
   const xLabels = xy.map((p, i) => {
     if (points.length > 8 && i % Math.ceil(points.length / 6) !== 0 && i !== points.length - 1) return "";
@@ -5239,7 +5267,7 @@ function renderLineChart(points, color, title, height = 200) {
       <line x1="${padX}" y1="${padY + usableH}" x2="${padX + usableW}" y2="${padY + usableH}" stroke="${COLORS.border}" stroke-width="1" />
       <text x="${padX - 6}" y="${(padY + 4).toFixed(1)}" fill="${COLORS.textFaint}" font-size="9" text-anchor="end">${formatNumber(max)}</text>
       <text x="${padX - 6}" y="${(padY + usableH).toFixed(1)}" fill="${COLORS.textFaint}" font-size="9" text-anchor="end">0</text>
-      <path d="${path16}" stroke="${color}" stroke-width="2" fill="none" />
+      <path d="${path17}" stroke="${color}" stroke-width="2" fill="none" />
       ${dots}
       ${xLabels}
     </svg>
@@ -8332,6 +8360,15 @@ var SCHEMA_TABLE = {
   GA4SocialReferralHistoryEntry: ga4SocialReferralHistoryEntrySchema,
   GA4StatusDto: ga4StatusDtoSchema,
   GA4SyncResponseDto: ga4SyncResponseDtoSchema,
+  GbpAccountListResponse: gbpAccountListResponseSchema,
+  GbpDailyMetricListResponse: gbpDailyMetricListResponseSchema,
+  GbpKeywordImpressionListResponse: gbpKeywordImpressionListResponseSchema,
+  GbpLocationDto: gbpLocationDtoSchema,
+  GbpLocationListResponse: gbpLocationListResponseSchema,
+  GbpLodgingListResponse: gbpLodgingListResponseSchema,
+  GbpPlaceActionListResponse: gbpPlaceActionListResponseSchema,
+  GbpSummaryDto: gbpSummaryDtoSchema,
+  GbpSyncResponse: gbpSyncResponseSchema,
   GoogleConnectionDto: googleConnectionDtoSchema,
   GscCoverageSnapshotDto: gscCoverageSnapshotDtoSchema,
   GscCoverageSummaryDto: gscCoverageSummaryDtoSchema,
@@ -8435,7 +8472,7 @@ var booleanSchema = { type: "boolean" };
 var integerSchema = { type: "integer" };
 var objectSchema = { type: "object", additionalProperties: true };
 var stringArraySchema = { type: "array", items: stringSchema };
-var googleConnectionTypeSchema = { type: "string", enum: ["gsc", "ga4"] };
+var googleConnectionTypeSchema = { type: "string", enum: ["gsc", "ga4", "gbp"] };
 var locationSchema = {
   type: "object",
   required: ["label", "city", "region", "country"],
@@ -10051,6 +10088,196 @@ var routeCatalog = [
       404: errorResponse("Project or connection not found.")
     }
   },
+  {
+    method: "post",
+    path: "/api/v1/projects/{name}/gbp/locations/discover",
+    summary: "Discover Google Business Profile locations and persist selection state",
+    tags: ["gbp"],
+    parameters: [nameParameter],
+    requestBody: {
+      content: {
+        "application/json": {
+          schema: {
+            type: "object",
+            properties: {
+              selectAllNew: booleanSchema,
+              accountName: stringSchema,
+              switchAccount: booleanSchema
+            }
+          }
+        }
+      }
+    },
+    responses: {
+      200: jsonResponse("List of discovered locations and selection summary returned.", "GbpLocationListResponse"),
+      400: errorResponse("Invalid discover request, unknown account, account-switch not opted into, or scope/API problem."),
+      404: errorResponse("Project not found."),
+      429: errorResponse("GBP API quota exceeded (access form may not be approved).")
+    }
+  },
+  {
+    method: "get",
+    path: "/api/v1/projects/{name}/gbp/accounts",
+    summary: "List Google Business Profile accounts the connected user can access",
+    tags: ["gbp"],
+    parameters: [nameParameter],
+    responses: {
+      200: jsonResponse("Accounts the OAuth user manages or owns.", "GbpAccountListResponse"),
+      400: errorResponse("No GBP connection or scope/API problem."),
+      404: errorResponse("Project not found."),
+      429: errorResponse("GBP API quota exceeded (access form may not be approved).")
+    }
+  },
+  {
+    method: "get",
+    path: "/api/v1/projects/{name}/gbp/locations",
+    summary: "List Google Business Profile locations + selection state",
+    tags: ["gbp"],
+    parameters: [
+      nameParameter,
+      { in: "query", name: "selected", required: false, description: "Filter to selected=true or selected=false", schema: { type: "string", enum: ["true", "false"] } }
+    ],
+    responses: {
+      200: jsonResponse("List of locations returned.", "GbpLocationListResponse"),
+      404: errorResponse("Project not found.")
+    }
+  },
+  {
+    method: "put",
+    path: "/api/v1/projects/{name}/gbp/locations/{locationName}/selection",
+    summary: "Toggle a Google Business Profile location's sync selection",
+    tags: ["gbp"],
+    parameters: [
+      nameParameter,
+      { in: "path", name: "locationName", required: true, schema: stringSchema, description: 'URL-encoded "locations/{n}" resource name' }
+    ],
+    requestBody: {
+      required: true,
+      content: {
+        "application/json": {
+          schema: {
+            type: "object",
+            required: ["selected"],
+            properties: { selected: booleanSchema }
+          }
+        }
+      }
+    },
+    responses: {
+      200: jsonResponse("Updated location returned.", "GbpLocationDto"),
+      400: errorResponse("Invalid selection request."),
+      404: errorResponse("Project or location not found.")
+    }
+  },
+  {
+    method: "delete",
+    path: "/api/v1/projects/{name}/gbp/connection",
+    summary: "Disconnect Google Business Profile and remove discovered locations",
+    tags: ["gbp"],
+    parameters: [nameParameter],
+    responses: {
+      204: { description: "Disconnected." },
+      404: errorResponse("Project not found.")
+    }
+  },
+  {
+    method: "post",
+    path: "/api/v1/projects/{name}/gbp/sync",
+    summary: "Trigger a Google Business Profile performance sync (daily metrics + monthly keywords)",
+    tags: ["gbp"],
+    parameters: [nameParameter],
+    requestBody: {
+      content: {
+        "application/json": {
+          schema: {
+            type: "object",
+            properties: {
+              locationNames: stringArraySchema,
+              daysOfMetrics: integerSchema,
+              monthsOfKeywords: integerSchema
+            }
+          }
+        }
+      }
+    },
+    responses: {
+      200: jsonResponse("Sync run queued.", "GbpSyncResponse"),
+      400: errorResponse("Invalid sync request or no GBP connection."),
+      404: errorResponse("Project not found.")
+    }
+  },
+  {
+    method: "get",
+    path: "/api/v1/projects/{name}/gbp/metrics",
+    summary: "List stored Google Business Profile daily performance metrics",
+    tags: ["gbp"],
+    parameters: [
+      nameParameter,
+      { in: "query", name: "locationName", required: false, description: "Filter to one location resource name", schema: stringSchema },
+      { in: "query", name: "metric", required: false, description: "Filter to one DailyMetric", schema: stringSchema }
+    ],
+    responses: {
+      200: jsonResponse("Daily metrics returned.", "GbpDailyMetricListResponse"),
+      404: errorResponse("Project not found.")
+    }
+  },
+  {
+    method: "get",
+    path: "/api/v1/projects/{name}/gbp/keywords",
+    summary: "List stored Google Business Profile monthly keyword impressions",
+    tags: ["gbp"],
+    parameters: [
+      nameParameter,
+      { in: "query", name: "locationName", required: false, description: "Filter to one location resource name", schema: stringSchema },
+      { in: "query", name: "month", required: false, description: "Filter to one YYYY-MM month", schema: stringSchema }
+    ],
+    responses: {
+      200: jsonResponse("Keyword impressions returned.", "GbpKeywordImpressionListResponse"),
+      404: errorResponse("Project not found.")
+    }
+  },
+  {
+    method: "get",
+    path: "/api/v1/projects/{name}/gbp/place-actions",
+    summary: "List stored Google Business Profile place action links (booking CTAs)",
+    tags: ["gbp"],
+    parameters: [
+      nameParameter,
+      { in: "query", name: "locationName", required: false, description: "Filter to one location resource name", schema: stringSchema }
+    ],
+    responses: {
+      200: jsonResponse("Place actions returned.", "GbpPlaceActionListResponse"),
+      404: errorResponse("Project not found.")
+    }
+  },
+  {
+    method: "get",
+    path: "/api/v1/projects/{name}/gbp/lodging",
+    summary: "List latest Google Business Profile lodging snapshots per location",
+    tags: ["gbp"],
+    parameters: [
+      nameParameter,
+      { in: "query", name: "locationName", required: false, description: "Filter to one location resource name", schema: stringSchema }
+    ],
+    responses: {
+      200: jsonResponse("Lodging snapshots returned.", "GbpLodgingListResponse"),
+      404: errorResponse("Project not found.")
+    }
+  },
+  {
+    method: "get",
+    path: "/api/v1/projects/{name}/gbp/summary",
+    summary: "Composite Google Business Profile local-AEO summary (all derived metrics)",
+    tags: ["gbp"],
+    parameters: [
+      nameParameter,
+      { in: "query", name: "locationName", required: false, description: "Scope to one location (omit = aggregate across selected)", schema: stringSchema }
+    ],
+    responses: {
+      200: jsonResponse("Summary returned.", "GbpSummaryDto"),
+      404: errorResponse("Project not found.")
+    }
+  },
   {
     method: "post",
     path: "/api/v1/projects/{name}/bing/connect",
@@ -11928,8 +12155,8 @@ async function openApiRoutes(app, opts = {}) {
     return reply.type("application/json").send(buildOpenApiDocument(opts));
   });
 }
-function buildOperationId(method, path16) {
-  const parts = path16.split("/").filter(Boolean).map((part) => {
+function buildOperationId(method, path17) {
+  const parts = path17.split("/").filter(Boolean).map((part) => {
     if (part.startsWith("{") && part.endsWith("}")) {
       return `by-${part.slice(1, -1)}`;
     }
@@ -12368,8 +12595,89 @@ function formatNotification(row) {
 }
 
 // ../api-routes/src/google.ts
-import crypto15 from "crypto";
-import { eq as eq19, and as and13, desc as desc9, sql as sql7 } from "drizzle-orm";
+import crypto16 from "crypto";
+import { eq as eq19, and as and13, desc as desc9, sql as sql7, inArray as inArray9 } from "drizzle-orm";
+
+// ../api-routes/src/gbp-summary.ts
+function computeMetricTotals(rows) {
+  const totals = {};
+  for (const row of rows) {
+    totals[row.metric] = (totals[row.metric] ?? 0) + row.value;
+  }
+  return totals;
+}
+function shiftDate(date, days) {
+  const [y, m, d] = date.split("-").map(Number);
+  const dt = new Date(Date.UTC(y, m - 1, d));
+  dt.setUTCDate(dt.getUTCDate() + days);
+  const yy = dt.getUTCFullYear();
+  const mm = String(dt.getUTCMonth() + 1).padStart(2, "0");
+  const dd = String(dt.getUTCDate()).padStart(2, "0");
+  return `${yy}-${mm}-${dd}`;
+}
+function roundPct(numerator, denominator) {
+  if (denominator === 0) return 0;
+  return Math.round(numerator / denominator * 100);
+}
+function computeWindowDelta(rows, referenceDate) {
+  const recentLow = shiftDate(referenceDate, -7);
+  const priorLow = shiftDate(referenceDate, -14);
+  const recent7d = {};
+  const prior7d = {};
+  for (const row of rows) {
+    if (row.date > recentLow && row.date <= referenceDate) {
+      recent7d[row.metric] = (recent7d[row.metric] ?? 0) + row.value;
+    } else if (row.date > priorLow && row.date <= recentLow) {
+      prior7d[row.metric] = (prior7d[row.metric] ?? 0) + row.value;
+    }
+  }
+  const deltaPct = {};
+  const metrics = /* @__PURE__ */ new Set([...Object.keys(recent7d), ...Object.keys(prior7d)]);
+  for (const metric of metrics) {
+    const recent = recent7d[metric] ?? 0;
+    const prior = prior7d[metric] ?? 0;
+    recent7d[metric] = recent;
+    prior7d[metric] = prior;
+    deltaPct[metric] = prior === 0 ? null : Math.round((recent - prior) / prior * 100);
+  }
+  return { recent7d, prior7d, deltaPct };
+}
+function computeKeywordCoverage(rows) {
+  const total = rows.length;
+  const thresholdedCount = rows.filter((r) => r.valueCount === null).length;
+  return { total, thresholdedCount, thresholdedPct: roundPct(thresholdedCount, total) };
+}
+function summarizePlaceActions(rows) {
+  return {
+    total: rows.length,
+    hasReservationCta: rows.some((r) => r.placeActionType === "RESERVATION"),
+    hasBookingCta: rows.some((r) => r.placeActionType === "BOOK"),
+    hasDirectMerchantCta: rows.some((r) => r.providerType === "MERCHANT")
+  };
+}
+function summarizeLodging(rows) {
+  const populatedLodgingCount = rows.filter((r) => r.populatedGroupCount > 0).length;
+  return {
+    lodgingLocationCount: rows.length,
+    populatedLodgingCount,
+    emptyLodgingCount: rows.length - populatedLodgingCount
+  };
+}
+function buildGbpSummary(input) {
+  const window = computeWindowDelta(input.dailyMetrics, input.referenceDate);
+  return {
+    scope: { locationName: input.locationName, locationCount: input.locationCount },
+    performance: {
+      totals: computeMetricTotals(input.dailyMetrics),
+      recent7d: window.recent7d,
+      prior7d: window.prior7d,
+      deltaPct: window.deltaPct
+    },
+    keywords: computeKeywordCoverage(input.keywords),
+    placeActions: summarizePlaceActions(input.placeActions),
+    lodging: summarizeLodging(input.lodging)
+  };
+}
 
 // ../integration-google/src/constants.ts
 var GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth";
@@ -12923,27 +13231,34 @@ function isRetryableGa4Error(err) {
   return false;
 }
 async function withGa4Retry(fn, errLabel) {
-  let lastError;
-  for (let attempt = 0; attempt <= GA4_MAX_RETRIES; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      lastError = err;
-      if (attempt >= GA4_MAX_RETRIES || !isRetryableGa4Error(err)) throw err;
+  return withRetry(fn, {
+    maxRetries: GA4_MAX_RETRIES,
+    baseDelayMs: GA4_INITIAL_RETRY_DELAY_MS,
+    // Retry loop predates jittered backoff; preserve the deterministic
+    // schedule operators have been seeing in production until we have a
+    // reason to introduce variance.
+    jitter: false,
+    isRetryable: isRetryableGa4Error,
+    // Honor `Retry-After` when the server supplies it; fall back to the
+    // computed exponential delay otherwise.
+    computeDelayMs: (_attempt, err, defaultMs) => {
+      const ga4Err = err;
+      if (ga4Err?.retryAfterSeconds !== void 0) {
+        return Math.max(0, ga4Err.retryAfterSeconds * 1e3);
+      }
+      return defaultMs;
+    },
+    onRetry: ({ attempt, err, delayMs }) => {
       const ga4Err = err;
-      const computedDelayMs = GA4_INITIAL_RETRY_DELAY_MS * Math.pow(2, attempt);
-      const delayMs = ga4Err.retryAfterSeconds !== void 0 ? Math.max(0, ga4Err.retryAfterSeconds * 1e3) : computedDelayMs;
       ga4Log("info", `${errLabel}.retry`, {
         attempt: attempt + 1,
         maxAttempts: GA4_MAX_RETRIES + 1,
-        status: ga4Err.status,
+        status: ga4Err?.status,
         delayMs,
-        usedRetryAfter: ga4Err.retryAfterSeconds !== void 0
+        usedRetryAfter: ga4Err?.retryAfterSeconds !== void 0
       });
-      await new Promise((resolve) => setTimeout(resolve, delayMs));
     }
-  }
-  throw lastError;
+  });
 }
 async function runReport(accessToken, propertyId, request) {
   validatePropertyId(propertyId);
@@ -13430,9 +13745,307 @@ async function fetchSocialReferrals(accessToken, propertyId, days) {
   return rows;
 }
 
+// ../integration-google-business-profile/src/constants.ts
+var GBP_SCOPE = "https://www.googleapis.com/auth/business.manage";
+var GBP_ACCOUNT_MANAGEMENT_BASE = "https://mybusinessaccountmanagement.googleapis.com/v1";
+var GBP_BUSINESS_INFO_BASE = "https://mybusinessbusinessinformation.googleapis.com/v1";
+var GBP_PERFORMANCE_BASE = "https://businessprofileperformance.googleapis.com/v1";
+var GBP_LODGING_BASE = "https://mybusinesslodging.googleapis.com/v1";
+var GBP_DAILY_METRICS = [
+  "BUSINESS_IMPRESSIONS_DESKTOP_MAPS",
+  "BUSINESS_IMPRESSIONS_DESKTOP_SEARCH",
+  "BUSINESS_IMPRESSIONS_MOBILE_MAPS",
+  "BUSINESS_IMPRESSIONS_MOBILE_SEARCH",
+  "BUSINESS_CONVERSATIONS",
+  "BUSINESS_DIRECTION_REQUESTS",
+  "CALL_CLICKS",
+  "WEBSITE_CLICKS",
+  "BUSINESS_BOOKINGS",
+  "BUSINESS_FOOD_ORDERS",
+  "BUSINESS_FOOD_MENU_CLICKS"
+];
+var GBP_REQUEST_TIMEOUT_MS = 3e4;
+var GBP_DEFAULT_PAGE_SIZE = 100;
+var GBP_MAX_PAGES = 200;
+var GBP_LOCATIONS_DEFAULT_READ_MASK = [
+  "name",
+  "title",
+  "storefrontAddress",
+  "websiteUri",
+  "categories.primaryCategory.displayName"
+].join(",");
+
+// ../integration-google-business-profile/src/types.ts
+var GbpApiError = class extends Error {
+  status;
+  reason;
+  body;
+  quotaLimitValue;
+  constructor(message, status, reason, body, quotaLimitValue = null) {
+    super(message);
+    this.name = "GbpApiError";
+    this.status = status;
+    this.reason = reason;
+    this.body = body;
+    this.quotaLimitValue = quotaLimitValue;
+  }
+};
+
+// ../integration-google-business-profile/src/http.ts
+function extractReason(body) {
+  if (!body || typeof body !== "object") return null;
+  const payload = body;
+  const details = payload.error?.details;
+  if (!Array.isArray(details)) return null;
+  for (const detail of details) {
+    if (detail && typeof detail.reason === "string") return detail.reason;
+  }
+  return null;
+}
+function extractQuotaLimitValue(body) {
+  if (!body || typeof body !== "object") return null;
+  const payload = body;
+  const details = payload.error?.details;
+  if (!Array.isArray(details)) return null;
+  for (const detail of details) {
+    const raw = detail?.metadata?.quota_limit_value;
+    if (typeof raw === "string") {
+      const parsed = Number(raw);
+      if (Number.isFinite(parsed)) return parsed;
+    }
+  }
+  return null;
+}
+function isRetryable(err) {
+  if (!(err instanceof GbpApiError)) return false;
+  if (err.status === 429) {
+    return err.quotaLimitValue !== 0;
+  }
+  if (err.status === 503) return true;
+  return false;
+}
+async function gbpFetchOnce(url, accessToken, opts) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), GBP_REQUEST_TIMEOUT_MS);
+  try {
+    const headers = {
+      authorization: `Bearer ${accessToken}`,
+      accept: "application/json"
+    };
+    if (opts.quotaProject) headers["x-goog-user-project"] = opts.quotaProject;
+    const res = await fetch(url, { method: "GET", headers, signal: controller.signal });
+    const text = await res.text();
+    let body;
+    try {
+      body = text ? JSON.parse(text) : void 0;
+    } catch {
+      body = text;
+    }
+    if (!res.ok) {
+      const payload = body;
+      const message = typeof payload === "object" && payload?.error?.message ? payload.error.message : typeof payload === "string" ? payload : `HTTP ${res.status}`;
+      throw new GbpApiError(message, res.status, extractReason(body), body, extractQuotaLimitValue(body));
+    }
+    return body;
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+async function gbpFetchGet(url, accessToken, opts = {}) {
+  return withRetry(() => gbpFetchOnce(url, accessToken, opts), {
+    maxRetries: opts.retry?.maxRetries ?? 5,
+    baseDelayMs: opts.retry?.baseDelayMs ?? 1e3,
+    jitter: true,
+    isRetryable,
+    sleep: opts.retry?.sleep
+  });
+}
+
+// ../integration-google-business-profile/src/accounts-client.ts
+async function listAccounts(accessToken, opts = {}) {
+  const collected = [];
+  let pageToken;
+  let page = 0;
+  do {
+    const url = new URL(`${GBP_ACCOUNT_MANAGEMENT_BASE}/accounts`);
+    url.searchParams.set("pageSize", String(GBP_DEFAULT_PAGE_SIZE));
+    if (pageToken) url.searchParams.set("pageToken", pageToken);
+    const res = await gbpFetchGet(url.toString(), accessToken, opts);
+    if (res.accounts) collected.push(...res.accounts);
+    pageToken = res.nextPageToken;
+    page++;
+  } while (pageToken && page < GBP_MAX_PAGES);
+  return collected;
+}
+
+// ../integration-google-business-profile/src/locations-client.ts
+async function listLocations(accessToken, accountName, opts = {}) {
+  const readMask = opts.readMask ?? GBP_LOCATIONS_DEFAULT_READ_MASK;
+  const collected = [];
+  let pageToken;
+  let page = 0;
+  do {
+    const url = new URL(`${GBP_BUSINESS_INFO_BASE}/${accountName}/locations`);
+    url.searchParams.set("readMask", readMask);
+    url.searchParams.set("pageSize", String(GBP_DEFAULT_PAGE_SIZE));
+    if (pageToken) url.searchParams.set("pageToken", pageToken);
+    const res = await gbpFetchGet(url.toString(), accessToken, opts);
+    if (res.locations) collected.push(...res.locations);
+    pageToken = res.nextPageToken;
+    page++;
+  } while (pageToken && page < GBP_MAX_PAGES);
+  return collected;
+}
+function formatStorefrontAddress(loc) {
+  const addr = loc.storefrontAddress;
+  if (!addr) return null;
+  const parts = [
+    ...addr.addressLines ?? [],
+    addr.locality,
+    addr.administrativeArea,
+    addr.postalCode,
+    addr.regionCode
+  ].filter((p) => Boolean(p));
+  return parts.length ? parts.join(", ") : null;
+}
+
+// ../integration-google-business-profile/src/performance-client.ts
+function pad2(n) {
+  return String(n).padStart(2, "0");
+}
+function formatGoogleDate(d) {
+  return `${d.year}-${pad2(d.month)}-${pad2(d.day)}`;
+}
+async function fetchDailyMetrics(accessToken, locationName, opts) {
+  const params = new URLSearchParams();
+  for (const m of opts.metrics) params.append("dailyMetrics", m);
+  params.set("dailyRange.startDate.year", String(opts.startDate.getUTCFullYear()));
+  params.set("dailyRange.startDate.month", String(opts.startDate.getUTCMonth() + 1));
+  params.set("dailyRange.startDate.day", String(opts.startDate.getUTCDate()));
+  params.set("dailyRange.endDate.year", String(opts.endDate.getUTCFullYear()));
+  params.set("dailyRange.endDate.month", String(opts.endDate.getUTCMonth() + 1));
+  params.set("dailyRange.endDate.day", String(opts.endDate.getUTCDate()));
+  const url = `${GBP_PERFORMANCE_BASE}/${locationName}:fetchMultiDailyMetricsTimeSeries?${params.toString()}`;
+  const res = await gbpFetchGet(url, accessToken, opts);
+  const rows = [];
+  const series = res.multiDailyMetricTimeSeries?.[0]?.dailyMetricTimeSeries ?? [];
+  for (const s of series) {
+    for (const dv of s.timeSeries?.datedValues ?? []) {
+      rows.push({
+        metric: s.dailyMetric,
+        date: formatGoogleDate(dv.date),
+        // Omitted value = zero traffic that day.
+        value: dv.value !== void 0 ? Number(dv.value) : 0
+      });
+    }
+  }
+  return rows;
+}
+async function listMonthlyKeywords(accessToken, locationName, opts) {
+  const collected = [];
+  let pageToken;
+  let page = 0;
+  do {
+    const params = new URLSearchParams();
+    params.set("monthlyRange.startMonth.year", String(opts.startMonth.year));
+    params.set("monthlyRange.startMonth.month", String(opts.startMonth.month));
+    params.set("monthlyRange.endMonth.year", String(opts.endMonth.year));
+    params.set("monthlyRange.endMonth.month", String(opts.endMonth.month));
+    params.set("pageSize", String(GBP_DEFAULT_PAGE_SIZE));
+    if (pageToken) params.set("pageToken", pageToken);
+    const url = `${GBP_PERFORMANCE_BASE}/${locationName}/searchkeywords/impressions/monthly?${params.toString()}`;
+    const res = await gbpFetchGet(url, accessToken, opts);
+    for (const c of res.searchKeywordsCounts ?? []) {
+      const value = c.insightsValue?.value;
+      const threshold = c.insightsValue?.threshold;
+      collected.push({
+        keyword: c.searchKeyword,
+        valueCount: value !== void 0 ? Number(value) : null,
+        valueThreshold: value === void 0 && threshold !== void 0 ? Number(threshold) : null
+      });
+    }
+    pageToken = res.nextPageToken;
+    page++;
+  } while (pageToken && page < GBP_MAX_PAGES);
+  return collected;
+}
+
+// ../integration-google-business-profile/src/place-actions-client.ts
+async function listPlaceActionLinks(accessToken, locationName, opts = {}) {
+  const collected = [];
+  let pageToken;
+  let page = 0;
+  do {
+    const url = new URL(`${GBP_BUSINESS_INFO_BASE}/${locationName}/placeActionLinks`);
+    url.searchParams.set("pageSize", String(GBP_DEFAULT_PAGE_SIZE));
+    if (pageToken) url.searchParams.set("pageToken", pageToken);
+    const res = await gbpFetchGet(url.toString(), accessToken, opts);
+    for (const link of res.placeActionLinks ?? []) {
+      collected.push({
+        placeActionLinkName: link.name,
+        placeActionType: link.placeActionType,
+        uri: link.uri ?? null,
+        isPreferred: link.isPreferred ?? false,
+        providerType: link.providerType ?? null
+      });
+    }
+    pageToken = res.nextPageToken;
+    page++;
+  } while (pageToken && page < GBP_MAX_PAGES);
+  return collected;
+}
+
+// ../integration-google-business-profile/src/lodging-client.ts
+import crypto15 from "crypto";
+async function getLodging(accessToken, locationName, opts = {}) {
+  const url = `${GBP_LODGING_BASE}/${locationName}/lodging?readMask=*`;
+  try {
+    return await gbpFetchGet(url, accessToken, opts);
+  } catch (err) {
+    if (err instanceof GbpApiError && err.status === 400) {
+      return null;
+    }
+    throw err;
+  }
+}
+function countPopulatedGroups(lodging) {
+  let count = 0;
+  for (const [key, value] of Object.entries(lodging)) {
+    if (key === "name" || key === "metadata") continue;
+    if (isPopulated(value)) count++;
+  }
+  return count;
+}
+function isPopulated(value) {
+  if (value === null || value === void 0) return false;
+  if (Array.isArray(value)) return value.length > 0;
+  if (typeof value === "object") return Object.keys(value).length > 0;
+  return true;
+}
+function hashLodging(lodging) {
+  return crypto15.createHash("sha256").update(stableStringify(lodging)).digest("hex");
+}
+function stableStringify(value) {
+  if (value === null || typeof value !== "object") return JSON.stringify(value);
+  if (Array.isArray(value)) return `[${value.map(stableStringify).join(",")}]`;
+  const obj = value;
+  const keys = Object.keys(obj).sort();
+  return `{${keys.map((k) => `${JSON.stringify(k)}:${stableStringify(obj[k])}`).join(",")}}`;
+}
+
 // ../api-routes/src/google.ts
+function scopesForConnectionType(type) {
+  switch (type) {
+    case "gsc":
+      return [GSC_SCOPE, INDEXING_SCOPE];
+    case "ga4":
+      return [GA4_SCOPE];
+    case "gbp":
+      return [GBP_SCOPE];
+  }
+}
 function signState(payload, secret) {
-  return crypto15.createHmac("sha256", secret).update(payload).digest("hex");
+  return crypto16.createHmac("sha256", secret).update(payload).digest("hex");
 }
 function buildSignedState(data, secret) {
   const payload = JSON.stringify(data);
@@ -13443,7 +14056,7 @@ function verifySignedState(encoded, secret) {
   try {
     const { payload, sig } = JSON.parse(Buffer.from(encoded, "base64url").toString());
     const expected = signState(payload, secret);
-    if (!crypto15.timingSafeEqual(Buffer.from(sig, "hex"), Buffer.from(expected, "hex"))) return null;
+    if (!crypto16.timingSafeEqual(Buffer.from(sig, "hex"), Buffer.from(expected, "hex"))) return null;
     return JSON.parse(payload);
   } catch {
     return null;
@@ -13524,8 +14137,8 @@ async function googleRoutes(app, opts) {
       throw validationError("Google OAuth is not configured. Set Google OAuth credentials in the local Canonry config.");
     }
     const { type, propertyId, publicUrl } = request.body ?? {};
-    if (!type || type !== "gsc" && type !== "ga4") {
-      throw validationError('type must be "gsc" or "ga4"');
+    if (!type || type !== "gsc" && type !== "ga4" && type !== "gbp") {
+      throw validationError('type must be "gsc", "ga4", or "gbp"');
     }
     const project = resolveProject(app.db, request.params.name);
     let redirectUri;
@@ -13538,7 +14151,7 @@ async function googleRoutes(app, opts) {
       const host = request.headers.host ?? "localhost:4100";
       redirectUri = `${proto}://${host}${opts.routePrefix ?? "/api/v1"}/projects/${encodeURIComponent(request.params.name)}/google/callback`;
     }
-    const scopes = type === "gsc" ? [GSC_SCOPE, INDEXING_SCOPE] : [GA4_SCOPE];
+    const scopes = scopesForConnectionType(type);
     const stateEncoded = buildSignedState(
       {
         projectId: project.id,
@@ -13713,7 +14326,7 @@ async function googleRoutes(app, opts) {
       throw validationError('No GSC connection found for this domain. Run "canonry google connect" first.');
     }
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto15.randomUUID();
+    const runId = crypto16.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -13806,7 +14419,7 @@ async function googleRoutes(app, opts) {
     const mob = ir.mobileUsabilityResult;
     const rich = ir.richResultsResult;
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const id = crypto15.randomUUID();
+    const id = crypto16.randomUUID();
     app.db.insert(gscUrlInspections).values({
       id,
       projectId: project.id,
@@ -14041,7 +14654,7 @@ async function googleRoutes(app, opts) {
       updatedAt: (/* @__PURE__ */ new Date()).toISOString()
     });
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto15.randomUUID();
+    const runId = crypto16.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -14067,7 +14680,7 @@ async function googleRoutes(app, opts) {
       throw validationError("No GSC property configured for this connection");
     }
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto15.randomUUID();
+    const runId = crypto16.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -14194,10 +14807,385 @@ async function googleRoutes(app, opts) {
       results
     };
   });
+  function gbpErrorToAppError(err, context) {
+    if (err.reason === "ACCESS_TOKEN_SCOPE_INSUFFICIENT") {
+      return validationError(
+        `${context}: OAuth token is missing the business.manage scope. Reconnect with "canonry gbp connect".`
+      );
+    }
+    if (err.reason === "RATE_LIMIT_EXCEEDED" || /quota/i.test(err.message)) {
+      if (err.quotaLimitValue === 0) {
+        return quotaExceeded(
+          "Google Business Profile API (0 QPM \u2014 access form pending approval). See https://support.google.com/business/contact/api_default"
+        );
+      }
+      return quotaExceeded(
+        `Google Business Profile API rate limit exceeded${err.quotaLimitValue ? ` (${err.quotaLimitValue} QPM cap)` : ""}. Retries exhausted; try again shortly.`
+      );
+    }
+    if (err.reason === "API_DISABLED" || err.reason === "CONSUMER_INVALID") {
+      return providerError(
+        `${context}: required Business Profile API is not enabled on the configured GCP project.`,
+        { reason: err.reason, body: err.body }
+      );
+    }
+    if (err.status === 401) return authRequired();
+    return providerError(`${context}: ${err.message}`, { reason: err.reason ?? void 0, status: err.status });
+  }
+  function rowToDto3(row) {
+    return {
+      id: row.id,
+      projectId: row.projectId,
+      accountName: row.accountName,
+      locationName: row.locationName,
+      displayName: row.displayName,
+      primaryCategoryDisplayName: row.primaryCategoryDisplayName ?? null,
+      storefrontAddress: row.storefrontAddress ?? null,
+      websiteUri: row.websiteUri ?? null,
+      selected: Boolean(row.selected),
+      syncedAt: row.syncedAt ?? null,
+      createdAt: row.createdAt,
+      updatedAt: row.updatedAt
+    };
+  }
+  function listSelectionResponse(projectId) {
+    const rows = app.db.select().from(gbpLocations).where(eq19(gbpLocations.projectId, projectId)).all();
+    const dtos = rows.map(rowToDto3);
+    return {
+      locations: dtos,
+      totalDiscovered: dtos.length,
+      totalSelected: dtos.filter((d) => d.selected).length
+    };
+  }
+  function clearGbpProjectData(tx, projectId) {
+    tx.delete(gbpDailyMetrics).where(eq19(gbpDailyMetrics.projectId, projectId)).run();
+    tx.delete(gbpKeywordImpressions).where(eq19(gbpKeywordImpressions.projectId, projectId)).run();
+    tx.delete(gbpPlaceActions).where(eq19(gbpPlaceActions.projectId, projectId)).run();
+    tx.delete(gbpLodgingSnapshots).where(eq19(gbpLodgingSnapshots.projectId, projectId)).run();
+    tx.delete(gbpLocations).where(eq19(gbpLocations.projectId, projectId)).run();
+  }
+  function currentProjectAccount(projectId) {
+    const row = app.db.select({ accountName: gbpLocations.accountName }).from(gbpLocations).where(eq19(gbpLocations.projectId, projectId)).limit(1).get();
+    return row?.accountName ?? null;
+  }
+  app.post("/projects/:name/gbp/locations/discover", async (request) => {
+    const { clientId: googleClientId, clientSecret: googleClientSecret } = getAuthConfig();
+    if (!googleClientId || !googleClientSecret) {
+      throw validationError("Google OAuth is not configured");
+    }
+    const project = resolveProject(app.db, request.params.name);
+    const store = requireConnectionStore();
+    const parsed = gbpDiscoverRequestSchema.safeParse(request.body ?? {});
+    if (!parsed.success) {
+      throw validationError(parsed.error.issues[0]?.message ?? "Invalid discover request");
+    }
+    const { selectAllNew, accountName: requestedAccount, switchAccount } = parsed.data;
+    const { accessToken } = await getValidToken(
+      store,
+      project.canonicalDomain,
+      "gbp",
+      googleClientId,
+      googleClientSecret
+    );
+    const fetchAccounts = async () => {
+      try {
+        return await listAccounts(accessToken);
+      } catch (err) {
+        if (err instanceof GbpApiError) throw gbpErrorToAppError(err, "list accounts");
+        throw err;
+      }
+    };
+    const conn = store.getConnection(project.canonicalDomain, "gbp");
+    const current = currentProjectAccount(project.id);
+    let accountName;
+    if (requestedAccount) {
+      const accounts = await fetchAccounts();
+      if (!accounts.some((a) => a.name === requestedAccount)) {
+        throw validationError(`GBP account "${requestedAccount}" is not accessible to this connection. Run "canonry gbp accounts <project>" to list available accounts.`);
+      }
+      accountName = requestedAccount;
+    } else {
+      const remembered = current ?? conn?.gbpAccountName ?? null;
+      if (remembered) {
+        accountName = remembered;
+      } else {
+        const accounts = await fetchAccounts();
+        if (accounts.length === 0) {
+          throw validationError("No GBP accounts are visible to this OAuth user. Confirm the user has manager/owner access on the target Business Profile.");
+        }
+        accountName = accounts[0].name;
+      }
+    }
+    const switching = current !== null && current !== accountName;
+    if (switching && !switchAccount) {
+      throw validationError(`This project currently tracks GBP account "${current}". Re-pointing it at "${accountName}" would replace its locations and all synced data. Pass switchAccount=true (CLI: --switch-account) to confirm, or run "canonry gbp disconnect <project>" first.`);
+    }
+    let remoteLocations;
+    try {
+      remoteLocations = await listLocations(accessToken, accountName);
+    } catch (err) {
+      if (err instanceof GbpApiError) throw gbpErrorToAppError(err, "list locations");
+      throw err;
+    }
+    store.updateConnection(project.canonicalDomain, "gbp", {
+      gbpAccountName: accountName,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    app.db.transaction((tx) => {
+      if (switching) clearGbpProjectData(tx, project.id);
+      for (const remote of remoteLocations) {
+        const existing = tx.select().from(gbpLocations).where(and13(eq19(gbpLocations.projectId, project.id), eq19(gbpLocations.locationName, remote.name))).get();
+        if (existing) {
+          tx.update(gbpLocations).set({
+            accountName,
+            displayName: remote.title ?? existing.displayName,
+            primaryCategoryDisplayName: remote.categories?.primaryCategory?.displayName ?? null,
+            storefrontAddress: formatStorefrontAddress(remote),
+            websiteUri: remote.websiteUri ?? null,
+            updatedAt: now
+          }).where(eq19(gbpLocations.id, existing.id)).run();
+        } else {
+          tx.insert(gbpLocations).values({
+            id: crypto16.randomUUID(),
+            projectId: project.id,
+            accountName,
+            locationName: remote.name,
+            displayName: remote.title ?? remote.name,
+            primaryCategoryDisplayName: remote.categories?.primaryCategory?.displayName ?? null,
+            storefrontAddress: formatStorefrontAddress(remote),
+            websiteUri: remote.websiteUri ?? null,
+            selected: selectAllNew,
+            createdAt: now,
+            updatedAt: now
+          }).run();
+        }
+      }
+      writeAuditLog(tx, {
+        projectId: project.id,
+        actor: "api",
+        action: switching ? "gbp.account.switched" : "gbp.locations.discovered",
+        entityType: "gbp_locations",
+        diff: { account: accountName, switchedFrom: switching ? current : null, count: remoteLocations.length, selectAllNew }
+      });
+    });
+    return listSelectionResponse(project.id);
+  });
+  app.get("/projects/:name/gbp/accounts", async (request) => {
+    const { clientId: googleClientId, clientSecret: googleClientSecret } = getAuthConfig();
+    if (!googleClientId || !googleClientSecret) {
+      throw validationError("Google OAuth is not configured");
+    }
+    const project = resolveProject(app.db, request.params.name);
+    const store = requireConnectionStore();
+    const conn = store.getConnection(project.canonicalDomain, "gbp");
+    if (!conn) {
+      throw validationError('No GBP connection found for this project. Run "canonry gbp connect" first.');
+    }
+    const { accessToken } = await getValidToken(
+      store,
+      project.canonicalDomain,
+      "gbp",
+      googleClientId,
+      googleClientSecret
+    );
+    let accounts;
+    try {
+      accounts = await listAccounts(accessToken);
+    } catch (err) {
+      if (err instanceof GbpApiError) throw gbpErrorToAppError(err, "list accounts");
+      throw err;
+    }
+    const response = {
+      accounts: accounts.map((a) => ({
+        name: a.name,
+        accountName: a.accountName ?? null,
+        type: a.type ?? null,
+        role: a.role ?? null
+      })),
+      total: accounts.length
+    };
+    return response;
+  });
+  app.get("/projects/:name/gbp/locations", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const response = listSelectionResponse(project.id);
+    const filter = request.query.selected;
+    if (filter === "true" || filter === "false") {
+      const want = filter === "true";
+      response.locations = response.locations.filter((l) => l.selected === want);
+    }
+    return response;
+  });
+  app.put("/projects/:name/gbp/locations/:locationName/selection", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const locationName = decodeURIComponent(request.params.locationName);
+    const parsed = gbpLocationSelectionRequestSchema.safeParse(request.body ?? {});
+    if (!parsed.success) {
+      throw validationError(parsed.error.issues[0]?.message ?? "Invalid selection request");
+    }
+    const { selected } = parsed.data;
+    const existing = app.db.select().from(gbpLocations).where(and13(eq19(gbpLocations.projectId, project.id), eq19(gbpLocations.locationName, locationName))).get();
+    if (!existing) throw notFound("GBP location", locationName);
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    app.db.transaction((tx) => {
+      tx.update(gbpLocations).set({ selected, updatedAt: now }).where(eq19(gbpLocations.id, existing.id)).run();
+      writeAuditLog(tx, {
+        projectId: project.id,
+        actor: "api",
+        action: selected ? "gbp.location.selected" : "gbp.location.deselected",
+        entityType: "gbp_location",
+        entityId: locationName
+      });
+    });
+    const refreshed = app.db.select().from(gbpLocations).where(eq19(gbpLocations.id, existing.id)).get();
+    return rowToDto3(refreshed);
+  });
+  app.delete("/projects/:name/gbp/connection", async (request, reply) => {
+    const project = resolveProject(app.db, request.params.name);
+    const store = requireConnectionStore();
+    app.db.transaction((tx) => {
+      clearGbpProjectData(tx, project.id);
+      writeAuditLog(tx, {
+        projectId: project.id,
+        actor: "api",
+        action: "gbp.disconnected",
+        entityType: "gbp_connection"
+      });
+    });
+    store.deleteConnection(project.canonicalDomain, "gbp");
+    return reply.status(204).send();
+  });
+  app.post("/projects/:name/gbp/sync", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const store = requireConnectionStore();
+    const conn = store.getConnection(project.canonicalDomain, "gbp");
+    if (!conn) {
+      throw validationError('No GBP connection found for this project. Run "canonry gbp connect" first.');
+    }
+    const parsed = gbpSyncRequestSchema.safeParse(request.body ?? {});
+    if (!parsed.success) {
+      throw validationError(parsed.error.issues[0]?.message ?? "Invalid sync request");
+    }
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const runId = crypto16.randomUUID();
+    app.db.insert(runs).values({
+      id: runId,
+      projectId: project.id,
+      kind: "gbp-sync",
+      status: "queued",
+      trigger: "manual",
+      createdAt: now
+    }).run();
+    opts.onGbpSyncRequested?.(runId, project.id, parsed.data);
+    return { runId, status: "running" };
+  });
+  app.get("/projects/:name/gbp/metrics", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const conditions = [eq19(gbpDailyMetrics.projectId, project.id)];
+    if (request.query.locationName) conditions.push(eq19(gbpDailyMetrics.locationName, request.query.locationName));
+    if (request.query.metric) conditions.push(eq19(gbpDailyMetrics.metric, request.query.metric));
+    const rows = app.db.select().from(gbpDailyMetrics).where(and13(...conditions)).orderBy(desc9(gbpDailyMetrics.date)).all();
+    return {
+      metrics: rows.map((r) => ({ locationName: r.locationName, date: r.date, metric: r.metric, value: r.value })),
+      total: rows.length
+    };
+  });
+  app.get("/projects/:name/gbp/keywords", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const conditions = [eq19(gbpKeywordImpressions.projectId, project.id)];
+    if (request.query.locationName) conditions.push(eq19(gbpKeywordImpressions.locationName, request.query.locationName));
+    const rows = app.db.select().from(gbpKeywordImpressions).where(and13(...conditions)).all();
+    rows.sort((a, b) => (b.valueCount ?? -1) - (a.valueCount ?? -1));
+    const thresholded = rows.filter((r) => r.valueThreshold !== null).length;
+    return {
+      keywords: rows.map((r) => ({
+        locationName: r.locationName,
+        periodStart: r.periodStart,
+        periodEnd: r.periodEnd,
+        keyword: r.keyword,
+        valueCount: r.valueCount ?? null,
+        valueThreshold: r.valueThreshold ?? null
+      })),
+      total: rows.length,
+      thresholdedPct: rows.length ? Math.round(thresholded / rows.length * 100) : 0
+    };
+  });
+  app.get("/projects/:name/gbp/place-actions", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const conditions = [eq19(gbpPlaceActions.projectId, project.id)];
+    if (request.query.locationName) conditions.push(eq19(gbpPlaceActions.locationName, request.query.locationName));
+    const rows = app.db.select().from(gbpPlaceActions).where(and13(...conditions)).all();
+    return {
+      placeActions: rows.map((r) => ({
+        locationName: r.locationName,
+        placeActionLinkName: r.placeActionLinkName,
+        placeActionType: r.placeActionType,
+        uri: r.uri ?? null,
+        isPreferred: Boolean(r.isPreferred),
+        providerType: r.providerType ?? null
+      })),
+      total: rows.length
+    };
+  });
+  app.get("/projects/:name/gbp/lodging", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const conditions = [eq19(gbpLodgingSnapshots.projectId, project.id)];
+    if (request.query.locationName) conditions.push(eq19(gbpLodgingSnapshots.locationName, request.query.locationName));
+    const rows = app.db.select().from(gbpLodgingSnapshots).where(and13(...conditions)).orderBy(desc9(gbpLodgingSnapshots.syncedAt)).all();
+    const latestByLocation = /* @__PURE__ */ new Map();
+    for (const row of rows) {
+      if (!latestByLocation.has(row.locationName)) latestByLocation.set(row.locationName, row);
+    }
+    const lodging = [...latestByLocation.values()].map((r) => ({
+      locationName: r.locationName,
+      populatedGroupCount: r.populatedGroupCount,
+      syncedAt: r.syncedAt,
+      attributes: r.attributes
+    }));
+    return { lodging, total: lodging.length };
+  });
+  app.get("/projects/:name/gbp/summary", async (request) => {
+    const project = resolveProject(app.db, request.params.name);
+    const locationName = request.query.locationName ?? null;
+    const locationNames = locationName ? [locationName] : app.db.select({ n: gbpLocations.locationName }).from(gbpLocations).where(and13(eq19(gbpLocations.projectId, project.id), eq19(gbpLocations.selected, true))).all().map((r) => r.n);
+    const today = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+    if (locationNames.length === 0) {
+      return buildGbpSummary({
+        locationName,
+        locationCount: 0,
+        referenceDate: today,
+        dailyMetrics: [],
+        keywords: [],
+        placeActions: [],
+        lodging: []
+      });
+    }
+    const metricRows = app.db.select().from(gbpDailyMetrics).where(and13(eq19(gbpDailyMetrics.projectId, project.id), inArray9(gbpDailyMetrics.locationName, locationNames))).all();
+    const keywordRows = app.db.select().from(gbpKeywordImpressions).where(and13(eq19(gbpKeywordImpressions.projectId, project.id), inArray9(gbpKeywordImpressions.locationName, locationNames))).all();
+    const placeActionRows = app.db.select().from(gbpPlaceActions).where(and13(eq19(gbpPlaceActions.projectId, project.id), inArray9(gbpPlaceActions.locationName, locationNames))).all();
+    const lodgingRows = app.db.select().from(gbpLodgingSnapshots).where(and13(eq19(gbpLodgingSnapshots.projectId, project.id), inArray9(gbpLodgingSnapshots.locationName, locationNames))).orderBy(desc9(gbpLodgingSnapshots.syncedAt)).all();
+    const latestLodgingByLocation = /* @__PURE__ */ new Map();
+    for (const row of lodgingRows) {
+      if (!latestLodgingByLocation.has(row.locationName)) {
+        latestLodgingByLocation.set(row.locationName, { locationName: row.locationName, populatedGroupCount: row.populatedGroupCount });
+      }
+    }
+    const referenceDate = metricRows.reduce((max, r) => r.date > max ? r.date : max, "") || today;
+    return buildGbpSummary({
+      locationName,
+      locationCount: locationNames.length,
+      referenceDate,
+      dailyMetrics: metricRows.map((r) => ({ metric: r.metric, date: r.date, value: r.value })),
+      keywords: keywordRows.map((r) => ({ valueCount: r.valueCount ?? null, valueThreshold: r.valueThreshold ?? null })),
+      placeActions: placeActionRows.map((r) => ({ placeActionType: r.placeActionType, providerType: r.providerType ?? null })),
+      lodging: [...latestLodgingByLocation.values()]
+    });
+  });
 }
 
 // ../api-routes/src/bing.ts
-import crypto16 from "crypto";
+import crypto17 from "crypto";
 import { eq as eq20, and as and14, desc as desc10 } from "drizzle-orm";
 
 // ../integration-bing/src/constants.ts
@@ -14583,7 +15571,7 @@ async function bingRoutes(app, opts) {
       const snapshotDate = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
       const now = (/* @__PURE__ */ new Date()).toISOString();
       app.db.insert(bingCoverageSnapshots).values({
-        id: crypto16.randomUUID(),
+        id: crypto17.randomUUID(),
         projectId: project.id,
         syncRunId: snapshotRunId,
         date: snapshotDate,
@@ -14654,7 +15642,7 @@ async function bingRoutes(app, opts) {
       throw validationError("url is required");
     }
     const startedAt = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto16.randomUUID();
+    const runId = crypto17.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -14675,7 +15663,7 @@ async function bingRoutes(app, opts) {
         discoveryDate: result.DiscoveryDate ?? null
       });
       const now = (/* @__PURE__ */ new Date()).toISOString();
-      const id = crypto16.randomUUID();
+      const id = crypto17.randomUUID();
       const httpCode = result.HttpStatus ?? result.HttpCode ?? null;
       const lastCrawledDate = parseBingDate(result.LastCrawledDate);
       const inIndexDate = parseBingDate(result.InIndexDate);
@@ -14745,7 +15733,7 @@ async function bingRoutes(app, opts) {
       throw validationError('No Bing site configured. Run "canonry bing set-site <project> <url>" first.');
     }
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto16.randomUUID();
+    const runId = crypto17.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -15029,7 +16017,7 @@ async function cdpRoutes(app, opts) {
 }
 
 // ../api-routes/src/ga.ts
-import crypto17 from "crypto";
+import crypto18 from "crypto";
 import { eq as eq22, desc as desc11, and as and16, sql as sql8 } from "drizzle-orm";
 function gaLog(level, action, ctx) {
   const entry = { ts: (/* @__PURE__ */ new Date()).toISOString(), level, module: "GA4Routes", action, ...ctx };
@@ -15285,7 +16273,7 @@ async function ga4Routes(app, opts) {
     const syncAi = !only || only === "ai";
     const syncSocial = !only || only === "social";
     const startedAt = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto17.randomUUID();
+    const runId = crypto18.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -15333,7 +16321,7 @@ async function ga4Routes(app, opts) {
           ).run();
           for (const row of rows) {
             tx.insert(gaTrafficSnapshots).values({
-              id: crypto17.randomUUID(),
+              id: crypto18.randomUUID(),
               projectId: project.id,
               date: row.date,
               landingPage: row.landingPage,
@@ -15357,7 +16345,7 @@ async function ga4Routes(app, opts) {
           ).run();
           for (const row of aiReferrals) {
             tx.insert(gaAiReferrals).values({
-              id: crypto17.randomUUID(),
+              id: crypto18.randomUUID(),
               projectId: project.id,
               date: row.date,
               source: row.source,
@@ -15383,7 +16371,7 @@ async function ga4Routes(app, opts) {
           ).run();
           for (const row of socialReferrals) {
             tx.insert(gaSocialReferrals).values({
-              id: crypto17.randomUUID(),
+              id: crypto18.randomUUID(),
               projectId: project.id,
               date: row.date,
               source: row.source,
@@ -15399,7 +16387,7 @@ async function ga4Routes(app, opts) {
         if (syncSummary) {
           tx.delete(gaTrafficSummaries).where(eq22(gaTrafficSummaries.projectId, project.id)).run();
           tx.insert(gaTrafficSummaries).values({
-            id: crypto17.randomUUID(),
+            id: crypto18.randomUUID(),
             projectId: project.id,
             periodStart: summary.periodStart,
             periodEnd: summary.periodEnd,
@@ -15412,7 +16400,7 @@ async function ga4Routes(app, opts) {
           tx.delete(gaTrafficWindowSummaries).where(eq22(gaTrafficWindowSummaries.projectId, project.id)).run();
           for (const ws of windowSummaries) {
             tx.insert(gaTrafficWindowSummaries).values({
-              id: crypto17.randomUUID(),
+              id: crypto18.randomUUID(),
               projectId: project.id,
               windowKey: ws.windowKey,
               periodStart: ws.periodStart,
@@ -15698,7 +16686,7 @@ async function ga4Routes(app, opts) {
     requireGa4Connection(opts, project.name, project.canonicalDomain);
     const today = /* @__PURE__ */ new Date();
     const fmt = (d) => d.toISOString().split("T")[0];
-    const daysAgo2 = (n) => {
+    const daysAgo3 = (n) => {
       const d = new Date(today);
       d.setDate(d.getDate() - n);
       return fmt(d);
@@ -15708,17 +16696,17 @@ async function ga4Routes(app, opts) {
       sql8`${gaSocialReferrals.date} >= ${from}`,
       sql8`${gaSocialReferrals.date} < ${to}`
     )).get();
-    const current7d = sumSocial(daysAgo2(7), fmt(today));
-    const prev7d = sumSocial(daysAgo2(14), daysAgo2(7));
-    const current30d = sumSocial(daysAgo2(30), fmt(today));
-    const prev30d = sumSocial(daysAgo2(60), daysAgo2(30));
+    const current7d = sumSocial(daysAgo3(7), fmt(today));
+    const prev7d = sumSocial(daysAgo3(14), daysAgo3(7));
+    const current30d = sumSocial(daysAgo3(30), fmt(today));
+    const prev30d = sumSocial(daysAgo3(60), daysAgo3(30));
     const pct = (cur, prev) => prev === 0 ? null : Math.round((cur - prev) / prev * 100);
     const sourceCurrent = app.db.select({
       source: gaSocialReferrals.source,
       sessions: sql8`SUM(${gaSocialReferrals.sessions})`
     }).from(gaSocialReferrals).where(and16(
       eq22(gaSocialReferrals.projectId, project.id),
-      sql8`${gaSocialReferrals.date} >= ${daysAgo2(7)}`,
+      sql8`${gaSocialReferrals.date} >= ${daysAgo3(7)}`,
       sql8`${gaSocialReferrals.date} < ${fmt(today)}`
     )).groupBy(gaSocialReferrals.source).all();
     const sourcePrev = app.db.select({
@@ -15726,8 +16714,8 @@ async function ga4Routes(app, opts) {
       sessions: sql8`SUM(${gaSocialReferrals.sessions})`
     }).from(gaSocialReferrals).where(and16(
       eq22(gaSocialReferrals.projectId, project.id),
-      sql8`${gaSocialReferrals.date} >= ${daysAgo2(14)}`,
-      sql8`${gaSocialReferrals.date} < ${daysAgo2(7)}`
+      sql8`${gaSocialReferrals.date} >= ${daysAgo3(14)}`,
+      sql8`${gaSocialReferrals.date} < ${daysAgo3(7)}`
     )).groupBy(gaSocialReferrals.source).all();
     const prevMap = new Map(sourcePrev.map((r) => [r.source, r.sessions]));
     let biggestMover = null;
@@ -15760,7 +16748,7 @@ async function ga4Routes(app, opts) {
     requireGa4Connection(opts, project.name, project.canonicalDomain);
     const today = /* @__PURE__ */ new Date();
     const fmt = (d) => d.toISOString().split("T")[0];
-    const daysAgo2 = (n) => {
+    const daysAgo3 = (n) => {
       const d = new Date(today);
       d.setDate(d.getDate() - n);
       return fmt(d);
@@ -15778,22 +16766,22 @@ async function ga4Routes(app, opts) {
     const sumSocial = (from, to) => app.db.select({ sessions: sql8`COALESCE(SUM(${gaSocialReferrals.sessions}), 0)` }).from(gaSocialReferrals).where(and16(eq22(gaSocialReferrals.projectId, project.id), sql8`${gaSocialReferrals.date} >= ${from}`, sql8`${gaSocialReferrals.date} < ${to}`)).get();
     const todayStr = fmt(today);
     const buildTrend = (sum) => {
-      const c7 = sum(daysAgo2(7), todayStr)?.sessions ?? 0;
-      const p7 = sum(daysAgo2(14), daysAgo2(7))?.sessions ?? 0;
-      const c30 = sum(daysAgo2(30), todayStr)?.sessions ?? 0;
-      const p30 = sum(daysAgo2(60), daysAgo2(30))?.sessions ?? 0;
+      const c7 = sum(daysAgo3(7), todayStr)?.sessions ?? 0;
+      const p7 = sum(daysAgo3(14), daysAgo3(7))?.sessions ?? 0;
+      const c30 = sum(daysAgo3(30), todayStr)?.sessions ?? 0;
+      const p30 = sum(daysAgo3(60), daysAgo3(30))?.sessions ?? 0;
       return { sessions7d: c7, sessionsPrev7d: p7, trend7dPct: pct(c7, p7), sessions30d: c30, sessionsPrev30d: p30, trend30dPct: pct(c30, p30) };
     };
     const aiSourceCurrent = app.db.select({ source: gaAiReferrals.source, sessions: sql8`COALESCE(SUM(${gaAiReferrals.sessions}), 0)` }).from(gaAiReferrals).where(and16(
       eq22(gaAiReferrals.projectId, project.id),
-      sql8`${gaAiReferrals.date} >= ${daysAgo2(7)}`,
+      sql8`${gaAiReferrals.date} >= ${daysAgo3(7)}`,
       sql8`${gaAiReferrals.date} < ${todayStr}`,
       eq22(gaAiReferrals.sourceDimension, "session")
     )).groupBy(gaAiReferrals.source).all();
     const aiSourcePrev = app.db.select({ source: gaAiReferrals.source, sessions: sql8`COALESCE(SUM(${gaAiReferrals.sessions}), 0)` }).from(gaAiReferrals).where(and16(
       eq22(gaAiReferrals.projectId, project.id),
-      sql8`${gaAiReferrals.date} >= ${daysAgo2(14)}`,
-      sql8`${gaAiReferrals.date} < ${daysAgo2(7)}`,
+      sql8`${gaAiReferrals.date} >= ${daysAgo3(14)}`,
+      sql8`${gaAiReferrals.date} < ${daysAgo3(7)}`,
       eq22(gaAiReferrals.sourceDimension, "session")
     )).groupBy(gaAiReferrals.source).all();
     const findBiggestMover = (current, prev) => {
@@ -15810,8 +16798,8 @@ async function ga4Routes(app, opts) {
       }
       return mover;
     };
-    const socialSourceCurrent = app.db.select({ source: gaSocialReferrals.source, sessions: sql8`SUM(${gaSocialReferrals.sessions})` }).from(gaSocialReferrals).where(and16(eq22(gaSocialReferrals.projectId, project.id), sql8`${gaSocialReferrals.date} >= ${daysAgo2(7)}`, sql8`${gaSocialReferrals.date} < ${todayStr}`)).groupBy(gaSocialReferrals.source).all();
-    const socialSourcePrev = app.db.select({ source: gaSocialReferrals.source, sessions: sql8`SUM(${gaSocialReferrals.sessions})` }).from(gaSocialReferrals).where(and16(eq22(gaSocialReferrals.projectId, project.id), sql8`${gaSocialReferrals.date} >= ${daysAgo2(14)}`, sql8`${gaSocialReferrals.date} < ${daysAgo2(7)}`)).groupBy(gaSocialReferrals.source).all();
+    const socialSourceCurrent = app.db.select({ source: gaSocialReferrals.source, sessions: sql8`SUM(${gaSocialReferrals.sessions})` }).from(gaSocialReferrals).where(and16(eq22(gaSocialReferrals.projectId, project.id), sql8`${gaSocialReferrals.date} >= ${daysAgo3(7)}`, sql8`${gaSocialReferrals.date} < ${todayStr}`)).groupBy(gaSocialReferrals.source).all();
+    const socialSourcePrev = app.db.select({ source: gaSocialReferrals.source, sessions: sql8`SUM(${gaSocialReferrals.sessions})` }).from(gaSocialReferrals).where(and16(eq22(gaSocialReferrals.projectId, project.id), sql8`${gaSocialReferrals.date} >= ${daysAgo3(14)}`, sql8`${gaSocialReferrals.date} < ${daysAgo3(7)}`)).groupBy(gaSocialReferrals.source).all();
     return {
       total: buildTrend(sumTotal),
       organic: buildTrend(sumOrganic),
@@ -15983,7 +16971,7 @@ function parseSchemaPageEntry(entry) {
 }
 
 // ../integration-wordpress/src/wordpress-client.ts
-import crypto18 from "crypto";
+import crypto19 from "crypto";
 function validateUsername(username) {
   if (!username || typeof username !== "string" || username.trim().length === 0) {
     throw new WordpressApiError("AUTH_INVALID", "Username is required and must be a non-empty string", 400);
@@ -16065,10 +17053,10 @@ function buildAuthErrorMessage(res, responseText) {
   }
   return "WordPress credentials are invalid or lack permission for this action";
 }
-async function fetchJson(connection, siteUrl, path16, init) {
+async function fetchJson(connection, siteUrl, path17, init) {
   if (siteUrl.startsWith("http:")) {
   }
-  const res = await fetch(`${normalizeSiteUrl(siteUrl)}${path16}`, {
+  const res = await fetch(`${normalizeSiteUrl(siteUrl)}${path17}`, {
     ...init,
     headers: {
       "Authorization": `Basic ${encodeBasicAuth(connection.username, connection.appPassword)}`,
@@ -16196,7 +17184,7 @@ function buildSnippet(content) {
   return `${text.slice(0, 157)}...`;
 }
 function contentHash(content) {
-  return crypto18.createHash("sha256").update(content).digest("hex");
+  return crypto19.createHash("sha256").update(content).digest("hex");
 }
 function buildAmbiguousSlugMessage(slug, pages) {
   const candidates = pages.map((page) => {
@@ -17485,7 +18473,7 @@ async function wordpressRoutes(app, opts) {
 }
 
 // ../api-routes/src/backlinks.ts
-import crypto19 from "crypto";
+import crypto20 from "crypto";
 import { and as and18, asc as asc2, desc as desc12, eq as eq23, sql as sql9 } from "drizzle-orm";
 
 // ../integration-commoncrawl/src/constants.ts
@@ -18065,7 +19053,7 @@ async function backlinksRoutes(app, opts) {
       const refreshed = app.db.select().from(ccReleaseSyncs).where(eq23(ccReleaseSyncs.id, existing.id)).get();
       return reply.status(200).send(mapSyncRow(refreshed));
     }
-    const id = crypto19.randomUUID();
+    const id = crypto20.randomUUID();
     app.db.insert(ccReleaseSyncs).values({
       id,
       release,
@@ -18122,7 +19110,7 @@ async function backlinksRoutes(app, opts) {
       throw validationError("Invalid release id");
     }
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const runId = crypto19.randomUUID();
+    const runId = crypto20.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -18195,12 +19183,12 @@ async function backlinksRoutes(app, opts) {
 }
 
 // ../api-routes/src/traffic.ts
-import crypto21 from "crypto";
+import crypto22 from "crypto";
 import { Agent as UndiciAgent } from "undici";
 import { and as and19, desc as desc13, eq as eq24, gte as gte3, lte as lte2, sql as sql10 } from "drizzle-orm";
 
 // ../integration-cloud-run/src/auth.ts
-import crypto20 from "crypto";
+import crypto21 from "crypto";
 var GOOGLE_TOKEN_URL3 = "https://oauth2.googleapis.com/token";
 var CLOUD_LOGGING_READ_SCOPE = "https://www.googleapis.com/auth/logging.read";
 var TOKEN_REQUEST_TIMEOUT_MS = 3e4;
@@ -18229,7 +19217,7 @@ function createServiceAccountJwt2(clientEmail, privateKey, scope) {
   const headerB64 = encode(header);
   const payloadB64 = encode(payload);
   const signingInput = `${headerB64}.${payloadB64}`;
-  const sign = crypto20.createSign("RSA-SHA256");
+  const sign = crypto21.createSign("RSA-SHA256");
   sign.update(signingInput);
   const signature = sign.sign(privateKey, "base64url");
   return `${signingInput}.${signature}`;
@@ -21103,8 +22091,8 @@ var ASSET_PATH_PREFIXES = [
   "/img/",
   "/static/"
 ];
-function normalizeTrafficPathPattern(path16) {
-  const cleanPath = path16.trim() || "/";
+function normalizeTrafficPathPattern(path17) {
+  const cleanPath = path17.trim() || "/";
   const pathOnly = cleanPath.split("?")[0] || "/";
   const segments = pathOnly.split("/").map((segment) => {
     if (!segment) return segment;
@@ -21153,8 +22141,8 @@ function resolveAiReferralLandingPath(event, evidenceType) {
   }
   return normalizeTrafficPathPattern(event.path);
 }
-function isLikelySubresourcePath(path16) {
-  const cleanPath = path16.split("?")[0] || "/";
+function isLikelySubresourcePath(path17) {
+  const cleanPath = path17.split("?")[0] || "/";
   return ASSET_PATH_PREFIXES.some((prefix) => cleanPath.startsWith(prefix)) || ASSET_EXTENSION_PATTERN.test(cleanPath);
 }
 function actorKey(event) {
@@ -21387,11 +22375,11 @@ function buildEventId2(event) {
 function normalizeWordpressTrafficEvent(event) {
   if (!event.observed_at) return null;
   if (typeof event.id !== "number" || !Number.isFinite(event.id)) return null;
-  const path16 = event.path?.trim();
-  if (!path16) return null;
+  const path17 = event.path?.trim();
+  if (!path17) return null;
   const queryString = trimOrNull(event.query_string);
   const host = trimOrNull(event.host);
-  const requestUrl = host ? `https://${host}${path16}${queryString ? `?${queryString}` : ""}` : `${path16}${queryString ? `?${queryString}` : ""}`;
+  const requestUrl = host ? `https://${host}${path17}${queryString ? `?${queryString}` : ""}` : `${path17}${queryString ? `?${queryString}` : ""}`;
   return {
     sourceType: TrafficSourceTypes.wordpress,
     evidenceKind: TrafficEvidenceKinds["raw-request"],
@@ -21401,7 +22389,7 @@ function normalizeWordpressTrafficEvent(event) {
     method: trimOrNull(event.method),
     requestUrl,
     host,
-    path: path16,
+    path: path17,
     queryString,
     status: typeof event.status === "number" && Number.isFinite(event.status) ? event.status : null,
     userAgent: trimOrNull(event.user_agent),
@@ -21572,15 +22560,15 @@ function stringLabels(input) {
   );
 }
 function normalizeVercelLogRow(row) {
-  const path16 = row.requestPath;
-  if (!path16) return null;
+  const path17 = row.requestPath;
+  if (!path17) return null;
   const observedAt = row.timestamp;
   if (!observedAt) return null;
   const requestId = row.requestId;
   if (!requestId) return null;
   const host = emptyToNull(row.domain);
   const queryString = serializeSearchParams(row.requestSearchParams);
-  const requestUrl = host ? `https://${host}${path16}${queryString ? `?${queryString}` : ""}` : null;
+  const requestUrl = host ? `https://${host}${path17}${queryString ? `?${queryString}` : ""}` : null;
   return {
     sourceType: TrafficSourceTypes.vercel,
     evidenceKind: TrafficEvidenceKinds["raw-request"],
@@ -21590,7 +22578,7 @@ function normalizeVercelLogRow(row) {
     method: row.requestMethod ?? null,
     requestUrl,
     host,
-    path: path16,
+    path: path17,
     queryString,
     status: resolveStatus(row),
     userAgent: emptyToNull(row.clientUserAgent),
@@ -22095,7 +23083,7 @@ async function runBackfillTask(options) {
           }
         })();
         tx.insert(rawEventSamples).values({
-          id: crypto21.randomUUID(),
+          id: crypto22.randomUUID(),
           projectId: project.id,
           sourceId: sourceRow.id,
           ts: sample.observedAt,
@@ -22220,7 +23208,7 @@ async function trafficRoutes(app, opts) {
       }).where(eq24(trafficSources.id, activeSource.id)).run();
       sourceRow = app.db.select().from(trafficSources).where(eq24(trafficSources.id, activeSource.id)).get();
     } else {
-      const newId = crypto21.randomUUID();
+      const newId = crypto22.randomUUID();
       app.db.insert(trafficSources).values({
         id: newId,
         projectId: project.id,
@@ -22301,7 +23289,7 @@ async function trafficRoutes(app, opts) {
       }).where(eq24(trafficSources.id, activeSource.id)).run();
       sourceRow = app.db.select().from(trafficSources).where(eq24(trafficSources.id, activeSource.id)).get();
     } else {
-      const newId = crypto21.randomUUID();
+      const newId = crypto22.randomUUID();
       app.db.insert(trafficSources).values({
         id: newId,
         projectId: project.id,
@@ -22384,7 +23372,7 @@ async function trafficRoutes(app, opts) {
       }).where(eq24(trafficSources.id, activeSource.id)).run();
       sourceRow = app.db.select().from(trafficSources).where(eq24(trafficSources.id, activeSource.id)).get();
     } else {
-      const newId = crypto21.randomUUID();
+      const newId = crypto22.randomUUID();
       app.db.insert(trafficSources).values({
         id: newId,
         projectId: project.id,
@@ -22432,7 +23420,7 @@ async function trafficRoutes(app, opts) {
     const windowEnd = /* @__PURE__ */ new Date();
     const startedAt = windowEnd.toISOString();
     const syncStartedAtMs = windowEnd.getTime();
-    const runId = crypto21.randomUUID();
+    const runId = crypto22.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -22761,7 +23749,7 @@ async function trafficRoutes(app, opts) {
           }
         })();
         tx.insert(rawEventSamples).values({
-          id: crypto21.randomUUID(),
+          id: crypto22.randomUUID(),
           projectId: project.id,
           sourceId: sourceRow.id,
           ts: sample.observedAt,
@@ -22986,7 +23974,7 @@ async function trafficRoutes(app, opts) {
       };
     }
     const startedAt = windowEnd.toISOString();
-    const runId = crypto21.randomUUID();
+    const runId = crypto22.randomUUID();
     app.db.insert(runs).values({
       id: runId,
       projectId: project.id,
@@ -23266,6 +24254,7 @@ async function trafficRoutes(app, opts) {
 }
 
 // ../api-routes/src/doctor/checks/agent.ts
+import crypto23 from "crypto";
 import fs6 from "fs";
 import path7 from "path";
 var REQUIRED_SKILLS = ["canonry", "aero"];
@@ -23324,6 +24313,90 @@ var skillsInstalledCheck = {
     };
   }
 };
+var skillsCurrentCheck = {
+  id: "agent.skills.current",
+  category: CheckCategories.agent,
+  scope: CheckScopes.global,
+  title: "Agent skills up to date (~/.claude/skills/)",
+  run: (ctx) => {
+    const bundled = ctx.bundledSkills;
+    if (!bundled || bundled.length === 0) {
+      return {
+        status: CheckStatuses.skipped,
+        code: "agent.skills.bundle-unavailable",
+        summary: "Bundled skill snapshot is not available in this deployment \u2014 cannot assess skill drift.",
+        remediation: null
+      };
+    }
+    const home = process.env.HOME;
+    if (!home) {
+      return {
+        status: CheckStatuses.skipped,
+        code: "agent.skills.no-home",
+        summary: "Cannot determine $HOME \u2014 skip skills staleness check.",
+        remediation: null
+      };
+    }
+    const skillsBase = path7.join(home, ".claude", "skills");
+    const bundledVersion = bundled[0].version;
+    const skills = bundled.map((snap) => {
+      const skillDir = path7.join(skillsBase, snap.name);
+      if (!isInstalled(skillDir)) {
+        return { name: snap.name, installed: false, installedVersion: null, missing: [], stale: [], edited: [], behind: false };
+      }
+      const manifest = readInstalledManifest(skillDir);
+      const missing = [];
+      const stale = [];
+      const edited = [];
+      for (const [rel, bundledHash] of Object.entries(snap.files)) {
+        const installedHash = hashInstalledFile(path7.join(skillDir, rel));
+        const state = classifySkillFile({ bundledHash, installedHash, manifestHash: manifest?.files[rel] });
+        if (state === "missing") missing.push(rel);
+        else if (state === "stale") stale.push(rel);
+        else if (state === "edited") edited.push(rel);
+      }
+      return {
+        name: snap.name,
+        installed: true,
+        installedVersion: manifest?.version ?? null,
+        missing,
+        stale,
+        edited,
+        behind: missing.length > 0 || stale.length > 0
+      };
+    });
+    const details = { checkedPath: skillsBase, bundledVersion, skills };
+    const installedSkills = skills.filter((s) => s.installed);
+    if (installedSkills.length === 0) {
+      return {
+        status: CheckStatuses.skipped,
+        code: "agent.skills.none-installed",
+        summary: "No agent skills are installed under ~/.claude/skills/ \u2014 see agent.skills.installed.",
+        remediation: null,
+        details
+      };
+    }
+    const behind = installedSkills.filter((s) => s.behind);
+    if (behind.length === 0) {
+      return {
+        status: CheckStatuses.ok,
+        code: "agent.skills.current",
+        summary: `Installed agent skills are up to date with the bundled version (v${bundledVersion}).`,
+        remediation: null,
+        details
+      };
+    }
+    const newFiles = behind.reduce((n, s) => n + s.missing.length, 0);
+    const updatedFiles = behind.reduce((n, s) => n + s.stale.length, 0);
+    return {
+      status: CheckStatuses.warn,
+      code: "agent.skills.behind",
+      summary: `${behind.map((s) => s.name).join(", ")} ${behind.length === 1 ? "is" : "are"} behind the bundled skill version (v${bundledVersion}): ${newFiles} new file(s), ${updatedFiles} updated file(s) not yet installed.`,
+      remediation: "Run `canonry skills install --user` to additively refresh \u2014 new and upstream-updated files are copied; your local edits are preserved.",
+      details
+    };
+  }
+};
 function isInstalled(dir) {
   try {
     if (!fs6.existsSync(dir)) return false;
@@ -23332,7 +24405,21 @@ function isInstalled(dir) {
     return false;
   }
 }
-var AGENT_CHECKS = [skillsInstalledCheck];
+function hashInstalledFile(filePath) {
+  try {
+    return crypto23.createHash("sha256").update(fs6.readFileSync(filePath)).digest("hex");
+  } catch {
+    return void 0;
+  }
+}
+function readInstalledManifest(skillDir) {
+  try {
+    return coerceSkillManifest(JSON.parse(fs6.readFileSync(path7.join(skillDir, SKILL_MANIFEST_FILENAME), "utf-8")));
+  } catch {
+    return null;
+  }
+}
+var AGENT_CHECKS = [skillsInstalledCheck, skillsCurrentCheck];
 
 // ../api-routes/src/doctor/checks/bing-auth.ts
 var BING_AUTH_CHECKS = [
@@ -23962,8 +25049,8 @@ var dbFilePresentCheck = {
   scope: CheckScopes.global,
   title: "Database file present",
   run: (ctx) => {
-    const path16 = ctx.runtimeStatePaths?.databasePath;
-    if (!path16) {
+    const path17 = ctx.runtimeStatePaths?.databasePath;
+    if (!path17) {
       return {
         status: CheckStatuses.skipped,
         code: "db.file.path-not-wired",
@@ -23971,21 +25058,21 @@ var dbFilePresentCheck = {
         remediation: null
       };
     }
-    if (!fs7.existsSync(path16)) {
+    if (!fs7.existsSync(path17)) {
       return {
         status: CheckStatuses.fail,
         code: "db.file.missing",
-        summary: `Database file at \`${path16}\` has been deleted while the daemon is running.`,
+        summary: `Database file at \`${path17}\` has been deleted while the daemon is running.`,
         remediation: "Restart `canonry serve` so a fresh database is created and migrations re-run. Until you do, the daemon will keep serving stale data from a deleted-but-open file handle and writes will be lost.",
-        details: { path: path16 }
+        details: { path: path17 }
       };
     }
     return {
       status: CheckStatuses.ok,
       code: "db.file.present",
-      summary: `Database file present at \`${path16}\`.`,
+      summary: `Database file present at \`${path17}\`.`,
       remediation: null,
-      details: { path: path16 }
+      details: { path: path17 }
     };
   }
 };
@@ -23995,8 +25082,8 @@ var configFilePresentCheck = {
   scope: CheckScopes.global,
   title: "Config file present",
   run: (ctx) => {
-    const path16 = ctx.runtimeStatePaths?.configPath;
-    if (!path16) {
+    const path17 = ctx.runtimeStatePaths?.configPath;
+    if (!path17) {
       return {
         status: CheckStatuses.skipped,
         code: "config.file.path-not-wired",
@@ -24004,21 +25091,21 @@ var configFilePresentCheck = {
         remediation: null
       };
     }
-    if (!fs7.existsSync(path16)) {
+    if (!fs7.existsSync(path17)) {
       return {
         status: CheckStatuses.fail,
         code: "config.file.missing",
-        summary: `Config file at \`${path16}\` has been deleted while the daemon is running.`,
+        summary: `Config file at \`${path17}\` has been deleted while the daemon is running.`,
         remediation: "Restart `canonry serve` after the file is restored (provider keys, OAuth tokens, and integration credentials live in this file; the in-memory copy is read-only until restart).",
-        details: { path: path16 }
+        details: { path: path17 }
       };
     }
     return {
       status: CheckStatuses.ok,
       code: "config.file.present",
-      summary: `Config file present at \`${path16}\`.`,
+      summary: `Config file present at \`${path17}\`.`,
       remediation: null,
-      details: { path: path16 }
+      details: { path: path17 }
     };
   }
 };
@@ -24498,7 +25585,8 @@ async function doctorRoutes(app, opts) {
       redirectUri,
       providerSummary: opts.providerSummary,
       trafficSourceValidators: opts.trafficSourceValidators,
-      runtimeStatePaths: opts.runtimeStatePaths
+      runtimeStatePaths: opts.runtimeStatePaths,
+      bundledSkills: opts.bundledSkills
     };
     return runChecks(ctx, ALL_CHECKS, { checkIds });
   });
@@ -24521,15 +25609,16 @@ async function doctorRoutes(app, opts) {
       redirectUri,
       providerSummary: opts.providerSummary,
       trafficSourceValidators: opts.trafficSourceValidators,
-      runtimeStatePaths: opts.runtimeStatePaths
+      runtimeStatePaths: opts.runtimeStatePaths,
+      bundledSkills: opts.bundledSkills
     };
     return runChecks(ctx, ALL_CHECKS, { checkIds });
   });
 }
 
 // ../api-routes/src/discovery/routes.ts
-import crypto22 from "crypto";
-import { and as and21, desc as desc14, eq as eq26, gte as gte5, inArray as inArray9 } from "drizzle-orm";
+import crypto24 from "crypto";
+import { and as and21, desc as desc14, eq as eq26, gte as gte5, inArray as inArray10 } from "drizzle-orm";
 var MAX_INFLIGHT_DISCOVERY_AGE_MS = 2 * 60 * 60 * 1e3;
 async function discoveryRoutes(app, opts) {
   app.post("/projects/:name/discover/run", async (request, reply) => {
@@ -24564,7 +25653,7 @@ async function discoveryRoutes(app, opts) {
       const existing = tx.select({ id: discoverySessions.id, runId: discoverySessions.runId }).from(discoverySessions).where(and21(
         eq26(discoverySessions.projectId, project.id),
         eq26(discoverySessions.icpDescription, icpDescription),
-        inArray9(discoverySessions.status, [
+        inArray10(discoverySessions.status, [
           DiscoverySessionStatuses.queued,
           DiscoverySessionStatuses.seeding,
           DiscoverySessionStatuses.probing
@@ -24574,8 +25663,8 @@ async function discoveryRoutes(app, opts) {
       if (existing && existing.runId) {
         return { reused: true, sessionId: existing.id, runId: existing.runId };
       }
-      const sessionId = crypto22.randomUUID();
-      const runId = crypto22.randomUUID();
+      const sessionId = crypto24.randomUUID();
+      const runId = crypto24.randomUUID();
       tx.insert(discoverySessions).values({
         id: sessionId,
         projectId: project.id,
@@ -24757,7 +25846,7 @@ async function discoveryRoutes(app, opts) {
       app.db.transaction((tx) => {
         for (const query of promotedQueries) {
           tx.insert(queries).values({
-            id: crypto22.randomUUID(),
+            id: crypto24.randomUUID(),
             projectId: project.id,
             query,
             provenance,
@@ -24766,7 +25855,7 @@ async function discoveryRoutes(app, opts) {
         }
         for (const domain of promotedCompetitors) {
           tx.insert(competitors).values({
-            id: crypto22.randomUUID(),
+            id: crypto24.randomUUID(),
             projectId: project.id,
             domain,
             provenance,
@@ -24840,7 +25929,7 @@ function selectEligibleCompetitors(competitorMap, competitorTypes) {
 }
 
 // ../api-routes/src/discovery/orchestrate.ts
-import crypto23 from "crypto";
+import crypto25 from "crypto";
 import { eq as eq27 } from "drizzle-orm";
 var DEFAULT_DEDUP_THRESHOLD = 0.85;
 var DEFAULT_MAX_PROBES = 100;
@@ -24929,7 +26018,7 @@ async function executeDiscovery(opts) {
     probeRows.push({ citedDomains: probe.citedDomains, bucket });
     buckets[bucket]++;
     opts.db.insert(discoveryProbes).values({
-      id: crypto23.randomUUID(),
+      id: crypto25.randomUUID(),
       sessionId: opts.sessionId,
       projectId: opts.project.id,
       query,
@@ -25102,7 +26191,8 @@ async function apiRoutes(app, opts) {
       publicUrl: opts.publicUrl,
       routePrefix: opts.routePrefix,
       onGscSyncRequested: opts.onGscSyncRequested,
-      onInspectSitemapRequested: opts.onInspectSitemapRequested
+      onInspectSitemapRequested: opts.onInspectSitemapRequested,
+      onGbpSyncRequested: opts.onGbpSyncRequested
     });
     await api.register(wordpressRoutes, {
       wordpressConnectionStore: opts.wordpressConnectionStore,
@@ -25151,7 +26241,8 @@ async function apiRoutes(app, opts) {
       publicUrl: opts.publicUrl,
       providerSummary: opts.providerSummary,
       trafficSourceValidators: buildTrafficSourceValidators(opts),
-      runtimeStatePaths: opts.runtimeStatePaths
+      runtimeStatePaths: opts.runtimeStatePaths,
+      bundledSkills: opts.bundledSkills
     });
     if (opts.registerAuthenticatedRoutes) {
       await opts.registerAuthenticatedRoutes(api);
@@ -25295,45 +26386,28 @@ function buildTrafficSourceValidators(opts) {
 }
 
 // src/server.ts
-import os6 from "os";
+import os7 from "os";
 
 // ../provider-gemini/src/normalize.ts
 import { GoogleGenAI } from "@google/genai";
 
 // ../provider-gemini/src/utils.ts
-function isRetryableError(err) {
-  if (err != null && typeof err === "object" && "status" in err) {
-    const status = err.status;
-    if (typeof status === "number") {
-      return status >= 500 || status === 429;
-    }
-  }
-  if (err instanceof Error) {
-    const msg = err.message.toLowerCase();
-    if (msg.includes("fetch failed") || msg.includes("econnreset") || msg.includes("etimedout") || msg.includes("enotfound") || msg.includes("econnrefused") || msg.includes("network error")) {
-      return true;
-    }
-  }
-  return true;
-}
-async function withRetry(fn, options = {}) {
-  const { maxRetries = 3, initialDelay = 1e3 } = options;
-  let lastError;
-  for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      lastError = err;
-      if (attempt < maxRetries && isRetryableError(err)) {
-        const delay = initialDelay * Math.pow(2, attempt);
-        console.warn(`[provider] Attempt ${attempt + 1} failed, retrying in ${delay}ms...`, err instanceof Error ? err.message : String(err));
-        await new Promise((resolve) => setTimeout(resolve, delay));
-      } else {
-        throw err;
-      }
+async function withRetry2(fn, options = {}) {
+  return withRetry(fn, {
+    maxRetries: options.maxRetries ?? 3,
+    baseDelayMs: options.initialDelay ?? 1e3,
+    // Jitter off preserves the historical deterministic backoff that every
+    // provider has shipped to date (1000, 2000, 4000ms). Enable per-caller
+    // if you need it.
+    jitter: false,
+    isRetryable: isRetryableHttpError,
+    onRetry: ({ attempt, err, delayMs }) => {
+      console.warn(
+        `[provider] Attempt ${attempt + 1} failed, retrying in ${delayMs}ms...`,
+        err instanceof Error ? err.message : String(err)
+      );
     }
-  }
-  throw lastError;
+  });
 }
 
 // ../provider-gemini/src/normalize.ts
@@ -25385,7 +26459,7 @@ async function healthcheck(config) {
   try {
     const model = resolveModel(config);
     const client = createClient2(config);
-    const result = await withRetry(
+    const result = await withRetry2(
       () => client.models.generateContent({
         model,
         contents: 'Say "ok"'
@@ -25413,7 +26487,7 @@ async function executeTrackedQuery(input) {
   const prompt = buildPrompt(input.query, input.location);
   const client = createClient2(input.config);
   try {
-    const result = await withRetry(
+    const result = await withRetry2(
       () => client.models.generateContent({
         model,
         contents: prompt,
@@ -25577,7 +26651,7 @@ function extractDomainFromUri(uri) {
 async function generateText(prompt, config) {
   const model = resolveModel(config);
   const client = createClient2(config);
-  const result = await withRetry(
+  const result = await withRetry2(
     () => client.models.generateContent({
       model,
       contents: prompt
@@ -25744,39 +26818,22 @@ var geminiAdapter = {
 import OpenAI from "openai";
 
 // ../provider-openai/src/utils.ts
-function isRetryableError2(err) {
-  if (err != null && typeof err === "object" && "status" in err) {
-    const status = err.status;
-    if (typeof status === "number") {
-      return status >= 500 || status === 429;
-    }
-  }
-  if (err instanceof Error) {
-    const msg = err.message.toLowerCase();
-    if (msg.includes("fetch failed") || msg.includes("econnreset") || msg.includes("etimedout") || msg.includes("enotfound") || msg.includes("econnrefused") || msg.includes("network error")) {
-      return true;
-    }
-  }
-  return true;
-}
-async function withRetry2(fn, options = {}) {
-  const { maxRetries = 3, initialDelay = 1e3 } = options;
-  let lastError;
-  for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      lastError = err;
-      if (attempt < maxRetries && isRetryableError2(err)) {
-        const delay = initialDelay * Math.pow(2, attempt);
-        console.warn(`[provider] Attempt ${attempt + 1} failed, retrying in ${delay}ms...`, err instanceof Error ? err.message : String(err));
-        await new Promise((resolve) => setTimeout(resolve, delay));
-      } else {
-        throw err;
-      }
+async function withRetry3(fn, options = {}) {
+  return withRetry(fn, {
+    maxRetries: options.maxRetries ?? 3,
+    baseDelayMs: options.initialDelay ?? 1e3,
+    // Jitter off preserves the historical deterministic backoff that every
+    // provider has shipped to date (1000, 2000, 4000ms). Enable per-caller
+    // if you need it.
+    jitter: false,
+    isRetryable: isRetryableHttpError,
+    onRetry: ({ attempt, err, delayMs }) => {
+      console.warn(
+        `[provider] Attempt ${attempt + 1} failed, retrying in ${delayMs}ms...`,
+        err instanceof Error ? err.message : String(err)
+      );
     }
-  }
-  throw lastError;
+  });
 }
 
 // ../provider-openai/src/normalize.ts
@@ -25797,7 +26854,7 @@ async function healthcheck2(config) {
   if (!validation.ok) return validation;
   try {
     const client = new OpenAI({ apiKey: config.apiKey });
-    const response = await withRetry2(
+    const response = await withRetry3(
       () => client.responses.create({
         model: config.model ?? DEFAULT_MODEL2,
         input: 'Say "ok"'
@@ -25833,7 +26890,7 @@ async function executeTrackedQuery2(input) {
     };
   }
   try {
-    const response = await withRetry2(
+    const response = await withRetry3(
       () => client.responses.create({
         model,
         tools: [webSearchTool],
@@ -25995,7 +27052,7 @@ function extractDomainFromUri2(uri) {
 async function generateText2(prompt, config) {
   const model = config.model ?? DEFAULT_MODEL2;
   const client = new OpenAI({ apiKey: config.apiKey });
-  const response = await withRetry2(
+  const response = await withRetry3(
     () => client.responses.create({
       model,
       input: prompt
@@ -26098,39 +27155,22 @@ var openaiAdapter = {
 import Anthropic from "@anthropic-ai/sdk";
 
 // ../provider-claude/src/utils.ts
-function isRetryableError3(err) {
-  if (err != null && typeof err === "object" && "status" in err) {
-    const status = err.status;
-    if (typeof status === "number") {
-      return status >= 500 || status === 429;
-    }
-  }
-  if (err instanceof Error) {
-    const msg = err.message.toLowerCase();
-    if (msg.includes("fetch failed") || msg.includes("econnreset") || msg.includes("etimedout") || msg.includes("enotfound") || msg.includes("econnrefused") || msg.includes("network error")) {
-      return true;
-    }
-  }
-  return true;
-}
-async function withRetry3(fn, options = {}) {
-  const { maxRetries = 3, initialDelay = 1e3 } = options;
-  let lastError;
-  for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      lastError = err;
-      if (attempt < maxRetries && isRetryableError3(err)) {
-        const delay = initialDelay * Math.pow(2, attempt);
-        console.warn(`[provider] Attempt ${attempt + 1} failed, retrying in ${delay}ms...`, err instanceof Error ? err.message : String(err));
-        await new Promise((resolve) => setTimeout(resolve, delay));
-      } else {
-        throw err;
-      }
+async function withRetry4(fn, options = {}) {
+  return withRetry(fn, {
+    maxRetries: options.maxRetries ?? 3,
+    baseDelayMs: options.initialDelay ?? 1e3,
+    // Jitter off preserves the historical deterministic backoff that every
+    // provider has shipped to date (1000, 2000, 4000ms). Enable per-caller
+    // if you need it.
+    jitter: false,
+    isRetryable: isRetryableHttpError,
+    onRetry: ({ attempt, err, delayMs }) => {
+      console.warn(
+        `[provider] Attempt ${attempt + 1} failed, retrying in ${delayMs}ms...`,
+        err instanceof Error ? err.message : String(err)
+      );
     }
-  }
-  throw lastError;
+  });
 }
 
 // ../provider-claude/src/normalize.ts
@@ -26164,7 +27204,7 @@ async function healthcheck3(config) {
   try {
     const model = resolveModel2(config);
     const client = new Anthropic({ apiKey: config.apiKey });
-    const response = await withRetry3(
+    const response = await withRetry4(
       () => client.messages.create({
         model,
         max_tokens: 32,
@@ -26205,7 +27245,7 @@ async function executeTrackedQuery3(input) {
     };
   }
   try {
-    const response = await withRetry3(
+    const response = await withRetry4(
       () => client.messages.create({
         model,
         max_tokens: 4096,
@@ -26374,7 +27414,7 @@ function extractDomainFromUri3(uri) {
 async function generateText3(prompt, config) {
   const model = resolveModel2(config);
   const client = new Anthropic({ apiKey: config.apiKey });
-  const response = await withRetry3(
+  const response = await withRetry4(
     () => client.messages.create({
       model,
       max_tokens: 2048,
@@ -26475,39 +27515,22 @@ var claudeAdapter = {
 import OpenAI2 from "openai";
 
 // ../provider-local/src/utils.ts
-function isRetryableError4(err) {
-  if (err != null && typeof err === "object" && "status" in err) {
-    const status = err.status;
-    if (typeof status === "number") {
-      return status >= 500 || status === 429;
-    }
-  }
-  if (err instanceof Error) {
-    const msg = err.message.toLowerCase();
-    if (msg.includes("fetch failed") || msg.includes("econnreset") || msg.includes("etimedout") || msg.includes("enotfound") || msg.includes("econnrefused") || msg.includes("network error")) {
-      return true;
-    }
-  }
-  return true;
-}
-async function withRetry4(fn, options = {}) {
-  const { maxRetries = 3, initialDelay = 1e3 } = options;
-  let lastError;
-  for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      lastError = err;
-      if (attempt < maxRetries && isRetryableError4(err)) {
-        const delay = initialDelay * Math.pow(2, attempt);
-        console.warn(`[provider] Attempt ${attempt + 1} failed, retrying in ${delay}ms...`, err instanceof Error ? err.message : String(err));
-        await new Promise((resolve) => setTimeout(resolve, delay));
-      } else {
-        throw err;
-      }
+async function withRetry5(fn, options = {}) {
+  return withRetry(fn, {
+    maxRetries: options.maxRetries ?? 3,
+    baseDelayMs: options.initialDelay ?? 1e3,
+    // Jitter off preserves the historical deterministic backoff that every
+    // provider has shipped to date (1000, 2000, 4000ms). Enable per-caller
+    // if you need it.
+    jitter: false,
+    isRetryable: isRetryableHttpError,
+    onRetry: ({ attempt, err, delayMs }) => {
+      console.warn(
+        `[provider] Attempt ${attempt + 1} failed, retrying in ${delayMs}ms...`,
+        err instanceof Error ? err.message : String(err)
+      );
     }
-  }
-  throw lastError;
+  });
 }
 
 // ../provider-local/src/normalize.ts
@@ -26531,7 +27554,7 @@ async function healthcheck4(config) {
       baseURL: config.baseUrl,
       apiKey: config.apiKey || "not-needed"
     });
-    const models = await withRetry4(async () => {
+    const models = await withRetry5(async () => {
       const list = await client.models.list();
       const items = [];
       for await (const m of list) {
@@ -26562,7 +27585,7 @@ async function executeTrackedQuery4(input) {
     apiKey: input.config.apiKey || "not-needed"
   });
   try {
-    const response = await withRetry4(
+    const response = await withRetry5(
       () => client.chat.completions.create({
         model,
         messages: [
@@ -26623,7 +27646,7 @@ async function generateText4(prompt, config) {
     baseURL: config.baseUrl,
     apiKey: config.apiKey || "not-needed"
   });
-  const response = await withRetry4(
+  const response = await withRetry5(
     () => client.chat.completions.create({
       model,
       messages: [{ role: "user", content: prompt }]
@@ -27301,39 +28324,22 @@ var cdpChatgptAdapter = {
 import OpenAI3 from "openai";
 
 // ../provider-perplexity/src/utils.ts
-function isRetryableError5(err) {
-  if (err != null && typeof err === "object" && "status" in err) {
-    const status = err.status;
-    if (typeof status === "number") {
-      return status >= 500 || status === 429;
-    }
-  }
-  if (err instanceof Error) {
-    const msg = err.message.toLowerCase();
-    if (msg.includes("fetch failed") || msg.includes("econnreset") || msg.includes("etimedout") || msg.includes("enotfound") || msg.includes("econnrefused") || msg.includes("network error")) {
-      return true;
-    }
-  }
-  return true;
-}
-async function withRetry5(fn, options = {}) {
-  const { maxRetries = 3, initialDelay = 1e3 } = options;
-  let lastError;
-  for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    try {
-      return await fn();
-    } catch (err) {
-      lastError = err;
-      if (attempt < maxRetries && isRetryableError5(err)) {
-        const delay = initialDelay * Math.pow(2, attempt);
-        console.warn(`[provider] Attempt ${attempt + 1} failed, retrying in ${delay}ms...`, err instanceof Error ? err.message : String(err));
-        await new Promise((resolve) => setTimeout(resolve, delay));
-      } else {
-        throw err;
-      }
+async function withRetry6(fn, options = {}) {
+  return withRetry(fn, {
+    maxRetries: options.maxRetries ?? 3,
+    baseDelayMs: options.initialDelay ?? 1e3,
+    // Jitter off preserves the historical deterministic backoff that every
+    // provider has shipped to date (1000, 2000, 4000ms). Enable per-caller
+    // if you need it.
+    jitter: false,
+    isRetryable: isRetryableHttpError,
+    onRetry: ({ attempt, err, delayMs }) => {
+      console.warn(
+        `[provider] Attempt ${attempt + 1} failed, retrying in ${delayMs}ms...`,
+        err instanceof Error ? err.message : String(err)
+      );
     }
-  }
-  throw lastError;
+  });
 }
 
 // ../provider-perplexity/src/normalize.ts
@@ -27355,7 +28361,7 @@ async function healthcheck5(config) {
   if (!validation.ok) return validation;
   try {
     const client = new OpenAI3({ apiKey: config.apiKey, baseURL: BASE_URL });
-    const response = await withRetry5(
+    const response = await withRetry6(
       () => client.chat.completions.create({
         model: config.model ?? DEFAULT_MODEL5,
         messages: [{ role: "user", content: 'Say "ok"' }]
@@ -27382,7 +28388,7 @@ async function executeTrackedQuery5(input) {
   const client = new OpenAI3({ apiKey: input.config.apiKey, baseURL: BASE_URL });
   const prompt = buildPrompt4(input.query, input.location);
   try {
-    const response = await withRetry5(
+    const response = await withRetry6(
       () => client.chat.completions.create({
         model,
         messages: [{ role: "user", content: prompt }]
@@ -27543,7 +28549,7 @@ function extractDomainFromUri4(uri) {
 async function generateText5(prompt, config) {
   const model = config.model ?? DEFAULT_MODEL5;
   const client = new OpenAI3({ apiKey: config.apiKey, baseURL: BASE_URL });
-  const response = await withRetry5(
+  const response = await withRetry6(
     () => client.chat.completions.create({
       model,
       messages: [{ role: "user", content: prompt }]
@@ -27894,14 +28900,14 @@ function removeWordpressConnection(config, projectName) {
 }
 
 // src/job-runner.ts
-import crypto25 from "crypto";
+import crypto27 from "crypto";
 import fs10 from "fs";
 import path10 from "path";
 import os5 from "os";
-import { and as and22, eq as eq28, inArray as inArray10, sql as sql12 } from "drizzle-orm";
+import { and as and22, eq as eq28, inArray as inArray11, sql as sql12 } from "drizzle-orm";
 
 // src/run-telemetry.ts
-import crypto24 from "crypto";
+import crypto26 from "crypto";
 function extractRegistrableHost(input) {
   if (!input) return null;
   const trimmed = input.trim();
@@ -27921,7 +28927,7 @@ function extractRegistrableHost(input) {
 function hashDomain(input) {
   const host = extractRegistrableHost(input);
   if (!host) return null;
-  return crypto24.createHash("sha256").update(host).digest("hex");
+  return crypto26.createHash("sha256").update(host).digest("hex");
 }
 function buildRunCompletedProps(input) {
   const totalMs = input.phases?.total_ms ?? Date.now() - input.startTime;
@@ -28083,7 +29089,7 @@ var JobRunner = class {
     this.registry = registry;
   }
   recoverStaleRuns() {
-    const stale = this.db.select({ id: runs.id, status: runs.status }).from(runs).where(inArray10(runs.status, ["running", "queued"])).all();
+    const stale = this.db.select({ id: runs.id, status: runs.status }).from(runs).where(inArray11(runs.status, ["running", "queued"])).all();
     if (stale.length === 0) return;
     const now = (/* @__PURE__ */ new Date()).toISOString();
     for (const run of stale) {
@@ -28146,7 +29152,7 @@ var JobRunner = class {
       }
       log.info("run.dispatch", { runId, providerCount: activeProviders.length, providers: activeProviders.map((p) => p.adapter.name) });
       const scopedQueryNames = existingRun.queries;
-      projectQueries = scopedQueryNames ? this.db.select().from(queries).where(and22(eq28(queries.projectId, projectId), inArray10(queries.query, scopedQueryNames))).all() : this.db.select().from(queries).where(eq28(queries.projectId, projectId)).all();
+      projectQueries = scopedQueryNames ? this.db.select().from(queries).where(and22(eq28(queries.projectId, projectId), inArray11(queries.query, scopedQueryNames))).all() : this.db.select().from(queries).where(eq28(queries.projectId, projectId)).all();
       const projectCompetitors = this.db.select().from(competitors).where(eq28(competitors.projectId, projectId)).all();
       const competitorDomains = projectCompetitors.map((c) => c.domain);
       const allDomains = effectiveDomains({
@@ -28230,7 +29236,7 @@ var JobRunner = class {
             );
             let screenshotRelPath = null;
             if (raw.screenshotPath && fs10.existsSync(raw.screenshotPath)) {
-              const snapshotId = crypto25.randomUUID();
+              const snapshotId = crypto27.randomUUID();
               const screenshotDir = path10.join(os5.homedir(), ".canonry", "screenshots", runId);
               if (!fs10.existsSync(screenshotDir)) fs10.mkdirSync(screenshotDir, { recursive: true });
               const destPath = path10.join(screenshotDir, `${snapshotId}.png`);
@@ -28261,7 +29267,7 @@ var JobRunner = class {
               }).run();
             } else {
               this.db.insert(querySnapshots).values({
-                id: crypto25.randomUUID(),
+                id: crypto27.randomUUID(),
                 runId,
                 queryId: q.id,
                 queryText: q.query,
@@ -28411,7 +29417,7 @@ var JobRunner = class {
     const now = (/* @__PURE__ */ new Date()).toISOString();
     const period = now.slice(0, 10);
     this.db.insert(usageCounters).values({
-      id: crypto25.randomUUID(),
+      id: crypto27.randomUUID(),
       scope,
       period,
       metric,
@@ -28488,7 +29494,7 @@ function buildPhases(input) {
 }
 
 // src/gsc-sync.ts
-import crypto26 from "crypto";
+import crypto28 from "crypto";
 import { eq as eq29, and as and23, sql as sql13 } from "drizzle-orm";
 var log2 = createLogger("GscSync");
 function formatDate3(d) {
@@ -28554,7 +29560,7 @@ async function executeGscSync(db, runId, projectId, opts) {
       for (const row of batch) {
         const [query, page, country, device, date] = row.keys;
         db.insert(gscSearchData).values({
-          id: crypto26.randomUUID(),
+          id: crypto28.randomUUID(),
           projectId,
           syncRunId: runId,
           date: date ?? "",
@@ -28588,7 +29594,7 @@ async function executeGscSync(db, runId, projectId, opts) {
         const rich = ir.richResultsResult;
         const inspectedAt = (/* @__PURE__ */ new Date()).toISOString();
         db.insert(gscUrlInspections).values({
-          id: crypto26.randomUUID(),
+          id: crypto28.randomUUID(),
           projectId,
           syncRunId: runId,
           url: pageUrl,
@@ -28632,7 +29638,7 @@ async function executeGscSync(db, runId, projectId, opts) {
     const snapshotDate = formatDate3(/* @__PURE__ */ new Date());
     db.delete(gscCoverageSnapshots).where(and23(eq29(gscCoverageSnapshots.projectId, projectId), eq29(gscCoverageSnapshots.date, snapshotDate))).run();
     db.insert(gscCoverageSnapshots).values({
-      id: crypto26.randomUUID(),
+      id: crypto28.randomUUID(),
       projectId,
       syncRunId: runId,
       date: snapshotDate,
@@ -28651,12 +29657,184 @@ async function executeGscSync(db, runId, projectId, opts) {
   }
 }
 
+// src/gbp-sync.ts
+import crypto29 from "crypto";
+import { eq as eq30, and as and24, desc as desc15 } from "drizzle-orm";
+var log3 = createLogger("GbpSync");
+var LOCATION_CONCURRENCY = 4;
+var DEFAULT_DAYS_OF_METRICS = 30;
+var DEFAULT_MONTHS_OF_KEYWORDS = 12;
+function daysAgo2(n) {
+  const d = /* @__PURE__ */ new Date();
+  d.setUTCDate(d.getUTCDate() - n);
+  return d;
+}
+function monthMinus(n) {
+  const d = /* @__PURE__ */ new Date();
+  d.setUTCMonth(d.getUTCMonth() - n);
+  return { year: d.getUTCFullYear(), month: d.getUTCMonth() + 1 };
+}
+async function executeGbpSync(db, runId, projectId, opts) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  db.update(runs).set({ status: "running", startedAt: now }).where(eq30(runs.id, runId)).run();
+  try {
+    const { clientId, clientSecret } = getGoogleAuthConfig(opts.config);
+    if (!clientId || !clientSecret) {
+      throw new Error("Google OAuth is not configured in the local Canonry config");
+    }
+    const project = db.select().from(projects).where(eq30(projects.id, projectId)).get();
+    if (!project) throw new Error(`Project not found: ${projectId}`);
+    const conn = getGoogleConnection(opts.config, project.canonicalDomain, "gbp");
+    if (!conn || !conn.refreshToken) {
+      throw new Error('No GBP connection found or connection is incomplete. Run "canonry gbp connect" first.');
+    }
+    let accessToken = conn.accessToken;
+    const expiresAt = conn.tokenExpiresAt ? new Date(conn.tokenExpiresAt).getTime() : 0;
+    if (Date.now() > expiresAt - 5 * 60 * 1e3) {
+      const tokens = await refreshAccessToken(clientId, clientSecret, conn.refreshToken);
+      accessToken = tokens.access_token;
+      patchGoogleConnection(opts.config, project.canonicalDomain, "gbp", {
+        accessToken: tokens.access_token,
+        tokenExpiresAt: new Date(Date.now() + tokens.expires_in * 1e3).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      });
+      saveConfigPatch(opts.config);
+    }
+    let locationRows = db.select().from(gbpLocations).where(and24(eq30(gbpLocations.projectId, projectId), eq30(gbpLocations.selected, true))).all();
+    if (opts.locationNames?.length) {
+      const wanted = new Set(opts.locationNames);
+      locationRows = locationRows.filter((l) => wanted.has(l.locationName));
+    }
+    if (locationRows.length === 0) {
+      throw new Error("No selected GBP locations to sync. Discover and select locations first.");
+    }
+    const daysOfMetrics = opts.daysOfMetrics ?? DEFAULT_DAYS_OF_METRICS;
+    const monthsOfKeywords = opts.monthsOfKeywords ?? DEFAULT_MONTHS_OF_KEYWORDS;
+    const metricsStart = daysAgo2(daysOfMetrics);
+    const metricsEnd = daysAgo2(1);
+    const keywordsStart = monthMinus(monthsOfKeywords);
+    const keywordsEnd = monthMinus(0);
+    log3.info("sync.start", { runId, projectId, locations: locationRows.length, daysOfMetrics, monthsOfKeywords });
+    const errors = /* @__PURE__ */ new Map();
+    let okCount = 0;
+    for (let i = 0; i < locationRows.length; i += LOCATION_CONCURRENCY) {
+      const batch = locationRows.slice(i, i + LOCATION_CONCURRENCY);
+      await Promise.all(batch.map(async (loc) => {
+        try {
+          const [metricRows, keywordRows, placeActionRows, lodging] = await Promise.all([
+            fetchDailyMetrics(accessToken, loc.locationName, {
+              metrics: GBP_DAILY_METRICS,
+              startDate: metricsStart,
+              endDate: metricsEnd
+            }),
+            listMonthlyKeywords(accessToken, loc.locationName, {
+              startMonth: keywordsStart,
+              endMonth: keywordsEnd
+            }),
+            listPlaceActionLinks(accessToken, loc.locationName),
+            // null when the location is not a lodging-category property.
+            getLodging(accessToken, loc.locationName)
+          ]);
+          const lodgingHash = lodging ? hashLodging(lodging) : null;
+          const latestLodging = lodging ? db.select().from(gbpLodgingSnapshots).where(and24(eq30(gbpLodgingSnapshots.projectId, projectId), eq30(gbpLodgingSnapshots.locationName, loc.locationName))).orderBy(desc15(gbpLodgingSnapshots.syncedAt)).limit(1).get() : void 0;
+          const lodgingChanged = lodging !== null && latestLodging?.contentHash !== lodgingHash;
+          const insertNow = (/* @__PURE__ */ new Date()).toISOString();
+          db.transaction((tx) => {
+            tx.delete(gbpDailyMetrics).where(and24(eq30(gbpDailyMetrics.projectId, projectId), eq30(gbpDailyMetrics.locationName, loc.locationName))).run();
+            for (const row of metricRows) {
+              tx.insert(gbpDailyMetrics).values({
+                id: crypto29.randomUUID(),
+                projectId,
+                locationName: loc.locationName,
+                date: row.date,
+                metric: row.metric,
+                value: row.value,
+                syncRunId: runId
+              }).run();
+            }
+            tx.delete(gbpKeywordImpressions).where(and24(eq30(gbpKeywordImpressions.projectId, projectId), eq30(gbpKeywordImpressions.locationName, loc.locationName))).run();
+            for (const row of keywordRows) {
+              tx.insert(gbpKeywordImpressions).values({
+                id: crypto29.randomUUID(),
+                projectId,
+                locationName: loc.locationName,
+                periodStart: monthKey(keywordsStart),
+                periodEnd: monthKey(keywordsEnd),
+                keyword: row.keyword,
+                valueCount: row.valueCount,
+                valueThreshold: row.valueThreshold,
+                syncRunId: runId
+              }).run();
+            }
+            tx.delete(gbpPlaceActions).where(and24(eq30(gbpPlaceActions.projectId, projectId), eq30(gbpPlaceActions.locationName, loc.locationName))).run();
+            for (const row of placeActionRows) {
+              tx.insert(gbpPlaceActions).values({
+                id: crypto29.randomUUID(),
+                projectId,
+                locationName: loc.locationName,
+                placeActionLinkName: row.placeActionLinkName,
+                placeActionType: row.placeActionType,
+                uri: row.uri,
+                isPreferred: row.isPreferred,
+                providerType: row.providerType,
+                syncRunId: runId
+              }).run();
+            }
+            if (lodging !== null && lodgingChanged) {
+              tx.insert(gbpLodgingSnapshots).values({
+                id: crypto29.randomUUID(),
+                projectId,
+                locationName: loc.locationName,
+                contentHash: lodgingHash,
+                attributes: lodging,
+                populatedGroupCount: countPopulatedGroups(lodging),
+                syncedAt: insertNow,
+                syncRunId: runId
+              }).run();
+            }
+            tx.update(gbpLocations).set({ syncedAt: insertNow, updatedAt: insertNow }).where(eq30(gbpLocations.id, loc.id)).run();
+          });
+          okCount++;
+        } catch (err) {
+          errors.set(loc.locationName, err instanceof Error ? err.message : String(err));
+          log3.error("location.failed", { runId, location: loc.locationName, error: err instanceof Error ? err.message : String(err) });
+        }
+      }));
+    }
+    const finishedAt = (/* @__PURE__ */ new Date()).toISOString();
+    if (errors.size === 0) {
+      db.update(runs).set({ status: "completed", finishedAt }).where(eq30(runs.id, runId)).run();
+    } else if (okCount > 0) {
+      db.update(runs).set({
+        status: "partial",
+        error: serializeRunError(buildRunErrorFromMessages(errors)),
+        finishedAt
+      }).where(eq30(runs.id, runId)).run();
+    } else {
+      db.update(runs).set({
+        status: "failed",
+        error: serializeRunError(buildRunErrorFromMessages(errors)),
+        finishedAt
+      }).where(eq30(runs.id, runId)).run();
+    }
+    log3.info("sync.done", { runId, projectId, ok: okCount, failed: errors.size });
+  } catch (err) {
+    const errorMsg = err instanceof Error ? err.message : String(err);
+    db.update(runs).set({ status: "failed", error: serializeRunError({ message: errorMsg }), finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq30(runs.id, runId)).run();
+    log3.error("sync.failed", { runId, projectId, error: errorMsg });
+    throw err;
+  }
+}
+function monthKey(m) {
+  return `${m.year}-${String(m.month).padStart(2, "0")}`;
+}
+
 // src/gsc-inspect-sitemap.ts
-import crypto27 from "crypto";
-import { eq as eq30, and as and24 } from "drizzle-orm";
+import crypto30 from "crypto";
+import { eq as eq31, and as and25 } from "drizzle-orm";
 
 // src/sitemap-parser.ts
-var log3 = createLogger("SitemapParser");
+var log4 = createLogger("SitemapParser");
 var LOC_REGEX = /<loc>([^<]+)<\/loc>/gi;
 var SITEMAP_TAG_REGEX = /<sitemap>[\s\S]*?<\/sitemap>/gi;
 var PRIVATE_IP_PATTERNS = [
@@ -28719,7 +29897,7 @@ async function parseSitemapRecursive(url, urls, visited, depth, isChild) {
     res = await fetch(url);
   } catch (err) {
     if (!isChild) throw err;
-    log3.warn("child-sitemap.fetch-failed", {
+    log4.warn("child-sitemap.fetch-failed", {
       url,
       error: err instanceof Error ? err.message : String(err)
     });
@@ -28729,7 +29907,7 @@ async function parseSitemapRecursive(url, urls, visited, depth, isChild) {
     if (!isChild) {
       throw new Error(`Failed to fetch sitemap at ${url}: ${res.status} ${res.statusText}`);
     }
-    log3.warn("child-sitemap.http-error", { url, status: res.status, statusText: res.statusText });
+    log4.warn("child-sitemap.http-error", { url, status: res.status, statusText: res.statusText });
     return;
   }
   let xml;
@@ -28737,7 +29915,7 @@ async function parseSitemapRecursive(url, urls, visited, depth, isChild) {
     xml = await readSitemapBody(res);
   } catch (err) {
     if (!isChild) throw err;
-    log3.warn("child-sitemap.parse-failed", {
+    log4.warn("child-sitemap.parse-failed", {
       url,
       error: err instanceof Error ? err.message : String(err)
     });
@@ -28773,16 +29951,16 @@ async function parseSitemapRecursive(url, urls, visited, depth, isChild) {
 }
 
 // src/gsc-inspect-sitemap.ts
-var log4 = createLogger("InspectSitemap");
+var log5 = createLogger("InspectSitemap");
 async function executeInspectSitemap(db, runId, projectId, opts) {
   const now = (/* @__PURE__ */ new Date()).toISOString();
-  db.update(runs).set({ status: "running", startedAt: now }).where(eq30(runs.id, runId)).run();
+  db.update(runs).set({ status: "running", startedAt: now }).where(eq31(runs.id, runId)).run();
   try {
     const { clientId: googleClientId, clientSecret: googleClientSecret } = getGoogleAuthConfig(opts.config);
     if (!googleClientId || !googleClientSecret) {
       throw new Error("Google OAuth is not configured in the local Canonry config");
     }
-    const project = db.select().from(projects).where(eq30(projects.id, projectId)).get();
+    const project = db.select().from(projects).where(eq31(projects.id, projectId)).get();
     if (!project) {
       throw new Error(`Project not found: ${projectId}`);
     }
@@ -28806,9 +29984,9 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
       saveConfigPatch(opts.config);
     }
     const sitemapUrl = opts.sitemapUrl || conn.sitemapUrl || `https://${project.canonicalDomain}/sitemap.xml`;
-    log4.info("sitemap.fetch", { runId, projectId, sitemapUrl });
+    log5.info("sitemap.fetch", { runId, projectId, sitemapUrl });
     const urls = await fetchAndParseSitemap(sitemapUrl);
-    log4.info("sitemap.parsed", { runId, projectId, urlCount: urls.length, sitemapUrl });
+    log5.info("sitemap.parsed", { runId, projectId, urlCount: urls.length, sitemapUrl });
     if (urls.length === 0) {
       throw new Error("No URLs found in sitemap");
     }
@@ -28823,7 +30001,7 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
         const rich = ir.richResultsResult;
         const inspectedAt = (/* @__PURE__ */ new Date()).toISOString();
         db.insert(gscUrlInspections).values({
-          id: crypto27.randomUUID(),
+          id: crypto30.randomUUID(),
           projectId,
           syncRunId: runId,
           url: pageUrl,
@@ -28841,16 +30019,16 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
           createdAt: inspectedAt
         }).run();
         inspected++;
-        log4.info("inspect.url-done", { runId, projectId, url: pageUrl, progress: `${inspected}/${urls.length}` });
+        log5.info("inspect.url-done", { runId, projectId, url: pageUrl, progress: `${inspected}/${urls.length}` });
       } catch (err) {
         errors++;
-        log4.error("inspect.url-failed", { runId, projectId, url: pageUrl, error: err instanceof Error ? err.message : String(err) });
+        log5.error("inspect.url-failed", { runId, projectId, url: pageUrl, error: err instanceof Error ? err.message : String(err) });
       }
       if (inspected + errors < urls.length) {
         await new Promise((r) => setTimeout(r, 1e3));
       }
     }
-    const allInspections = db.select().from(gscUrlInspections).where(eq30(gscUrlInspections.projectId, projectId)).all();
+    const allInspections = db.select().from(gscUrlInspections).where(eq31(gscUrlInspections.projectId, projectId)).all();
     const latestByUrl = /* @__PURE__ */ new Map();
     for (const row of allInspections) {
       const existing = latestByUrl.get(row.url);
@@ -28871,9 +30049,9 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
       }
     }
     const snapshotDate = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
-    db.delete(gscCoverageSnapshots).where(and24(eq30(gscCoverageSnapshots.projectId, projectId), eq30(gscCoverageSnapshots.date, snapshotDate))).run();
+    db.delete(gscCoverageSnapshots).where(and25(eq31(gscCoverageSnapshots.projectId, projectId), eq31(gscCoverageSnapshots.date, snapshotDate))).run();
     db.insert(gscCoverageSnapshots).values({
-      id: crypto27.randomUUID(),
+      id: crypto30.randomUUID(),
       projectId,
       syncRunId: runId,
       date: snapshotDate,
@@ -28883,20 +30061,20 @@ async function executeInspectSitemap(db, runId, projectId, opts) {
       createdAt: (/* @__PURE__ */ new Date()).toISOString()
     }).run();
     const status = errors > 0 && inspected > 0 ? "partial" : errors === urls.length ? "failed" : "completed";
-    db.update(runs).set({ status, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq30(runs.id, runId)).run();
-    log4.info("inspect.completed", { runId, projectId, inspected, errors, total: urls.length, indexed: snapIndexed, notIndexed: snapNotIndexed });
+    db.update(runs).set({ status, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq31(runs.id, runId)).run();
+    log5.info("inspect.completed", { runId, projectId, inspected, errors, total: urls.length, indexed: snapIndexed, notIndexed: snapNotIndexed });
   } catch (err) {
     const errorMsg = err instanceof Error ? err.message : String(err);
-    db.update(runs).set({ status: "failed", error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq30(runs.id, runId)).run();
-    log4.error("inspect.failed", { runId, projectId, error: errorMsg });
+    db.update(runs).set({ status: "failed", error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq31(runs.id, runId)).run();
+    log5.error("inspect.failed", { runId, projectId, error: errorMsg });
     throw err;
   }
 }
 
 // src/bing-inspect-sitemap.ts
-import crypto28 from "crypto";
-import { eq as eq31, desc as desc15 } from "drizzle-orm";
-var log5 = createLogger("BingInspectSitemap");
+import crypto31 from "crypto";
+import { eq as eq32, desc as desc16 } from "drizzle-orm";
+var log6 = createLogger("BingInspectSitemap");
 function parseBingDate2(value) {
   if (!value) return null;
   const match = /\/Date\((-?\d+)(?:[-+]\d+)?\)\//.exec(value);
@@ -28913,9 +30091,9 @@ function isBlockingIssueType2(issueType) {
 }
 async function executeBingInspectSitemap(db, runId, projectId, opts) {
   const startedAt = (/* @__PURE__ */ new Date()).toISOString();
-  db.update(runs).set({ status: RunStatuses.running, startedAt }).where(eq31(runs.id, runId)).run();
+  db.update(runs).set({ status: RunStatuses.running, startedAt }).where(eq32(runs.id, runId)).run();
   try {
-    const project = db.select().from(projects).where(eq31(projects.id, projectId)).get();
+    const project = db.select().from(projects).where(eq32(projects.id, projectId)).get();
     if (!project) {
       throw new Error(`Project not found: ${projectId}`);
     }
@@ -28927,16 +30105,16 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
       throw new Error('No Bing site configured. Run "canonry bing set-site <project> <url>" first.');
     }
     const sitemapUrl = opts.sitemapUrl ?? `https://${project.canonicalDomain}/sitemap.xml`;
-    log5.info("sitemap.fetch", { runId, projectId, sitemapUrl });
+    log6.info("sitemap.fetch", { runId, projectId, sitemapUrl });
     const sitemapUrls = await fetchAndParseSitemap(sitemapUrl);
-    log5.info("sitemap.parsed", { runId, projectId, urlCount: sitemapUrls.length, sitemapUrl });
+    log6.info("sitemap.parsed", { runId, projectId, urlCount: sitemapUrls.length, sitemapUrl });
     if (sitemapUrls.length === 0) {
       throw new Error("No URLs found in sitemap");
     }
-    const trackedRows = db.select({ url: bingUrlInspections.url }).from(bingUrlInspections).where(eq31(bingUrlInspections.projectId, projectId)).all();
+    const trackedRows = db.select({ url: bingUrlInspections.url }).from(bingUrlInspections).where(eq32(bingUrlInspections.projectId, projectId)).all();
     const trackedUrls = new Set(trackedRows.map((r) => r.url));
     const discovered = sitemapUrls.filter((u) => !trackedUrls.has(u));
-    log5.info("sitemap.diff", {
+    log6.info("sitemap.diff", {
       runId,
       projectId,
       sitemapTotal: sitemapUrls.length,
@@ -28951,9 +30129,9 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
           blockedUrls.add(issue.Url);
         }
       }
-      log5.info("crawl-issues.loaded", { runId, projectId, blockedCount: blockedUrls.size });
+      log6.info("crawl-issues.loaded", { runId, projectId, blockedCount: blockedUrls.size });
     } catch (err) {
-      log5.warn("crawl-issues.lookup-failed", {
+      log6.warn("crawl-issues.lookup-failed", {
         runId,
         projectId,
         error: err instanceof Error ? err.message : String(err)
@@ -28982,7 +30160,7 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
           derivedInIndex = false;
         }
         db.insert(bingUrlInspections).values({
-          id: crypto28.randomUUID(),
+          id: crypto31.randomUUID(),
           projectId,
           url: pageUrl,
           httpCode,
@@ -28997,7 +30175,7 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
           discoveryDate
         }).run();
         inspected++;
-        log5.info("inspect.url-done", {
+        log6.info("inspect.url-done", {
           runId,
           projectId,
           url: pageUrl,
@@ -29005,7 +30183,7 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
         });
       } catch (err) {
         errors++;
-        log5.error("inspect.url-failed", {
+        log6.error("inspect.url-failed", {
           runId,
           projectId,
           url: pageUrl,
@@ -29016,7 +30194,7 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
         await new Promise((r) => setTimeout(r, 1e3));
       }
     }
-    const allInspections = db.select().from(bingUrlInspections).where(eq31(bingUrlInspections.projectId, projectId)).orderBy(desc15(bingUrlInspections.inspectedAt)).all();
+    const allInspections = db.select().from(bingUrlInspections).where(eq32(bingUrlInspections.projectId, projectId)).orderBy(desc16(bingUrlInspections.inspectedAt)).all();
     const latestByUrl = /* @__PURE__ */ new Map();
     const definitiveByUrl = /* @__PURE__ */ new Map();
     for (const row of allInspections) {
@@ -29040,7 +30218,7 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
     const snapshotDate = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
     const snapNow = (/* @__PURE__ */ new Date()).toISOString();
     db.insert(bingCoverageSnapshots).values({
-      id: crypto28.randomUUID(),
+      id: crypto31.randomUUID(),
       projectId,
       syncRunId: runId,
       date: snapshotDate,
@@ -29059,8 +30237,8 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
       }
     }).run();
     const status = errors === sitemapUrls.length ? RunStatuses.failed : errors > 0 ? RunStatuses.partial : RunStatuses.completed;
-    db.update(runs).set({ status, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq31(runs.id, runId)).run();
-    log5.info("inspect.completed", {
+    db.update(runs).set({ status, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq32(runs.id, runId)).run();
+    log6.info("inspect.completed", {
       runId,
       projectId,
       inspected,
@@ -29073,16 +30251,16 @@ async function executeBingInspectSitemap(db, runId, projectId, opts) {
     });
   } catch (err) {
     const errorMsg = err instanceof Error ? err.message : String(err);
-    db.update(runs).set({ status: RunStatuses.failed, error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq31(runs.id, runId)).run();
-    log5.error("inspect.failed", { runId, projectId, error: errorMsg });
+    db.update(runs).set({ status: RunStatuses.failed, error: errorMsg, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq32(runs.id, runId)).run();
+    log6.error("inspect.failed", { runId, projectId, error: errorMsg });
     throw err;
   }
 }
 
 // src/coverage-refresh.ts
-import crypto29 from "crypto";
-import { and as and25, desc as desc16, eq as eq32, inArray as inArray11 } from "drizzle-orm";
-var log6 = createLogger("CoverageRefresh");
+import crypto32 from "crypto";
+import { and as and26, desc as desc17, eq as eq33, inArray as inArray12 } from "drizzle-orm";
+var log7 = createLogger("CoverageRefresh");
 var COVERAGE_REFRESH_MIN_INTERVAL_MS = 60 * 60 * 1e3;
 var ACTIVE_OR_DONE_STATUSES = [
   RunStatuses.queued,
@@ -29092,27 +30270,27 @@ var ACTIVE_OR_DONE_STATUSES = [
 ];
 var defaultDeps = { executeInspectSitemap };
 async function maybeRefreshGscCoverage(db, config, projectId, deps = defaultDeps, nowMs = Date.now()) {
-  const project = db.select({ canonicalDomain: projects.canonicalDomain }).from(projects).where(eq32(projects.id, projectId)).get();
+  const project = db.select({ canonicalDomain: projects.canonicalDomain }).from(projects).where(eq33(projects.id, projectId)).get();
   if (!project) return null;
   const { clientId, clientSecret } = getGoogleAuthConfig(config);
   if (!clientId || !clientSecret) return null;
   const conn = getGoogleConnection(config, project.canonicalDomain, "gsc");
   if (!conn?.refreshToken || !conn.propertyId) return null;
   const recent = db.select({ createdAt: runs.createdAt }).from(runs).where(
-    and25(
-      eq32(runs.projectId, projectId),
-      eq32(runs.kind, RunKinds["inspect-sitemap"]),
-      inArray11(runs.status, ACTIVE_OR_DONE_STATUSES)
+    and26(
+      eq33(runs.projectId, projectId),
+      eq33(runs.kind, RunKinds["inspect-sitemap"]),
+      inArray12(runs.status, ACTIVE_OR_DONE_STATUSES)
     )
-  ).orderBy(desc16(runs.createdAt)).limit(1).get();
+  ).orderBy(desc17(runs.createdAt)).limit(1).get();
   if (recent) {
     const ageMs = nowMs - Date.parse(recent.createdAt);
     if (Number.isFinite(ageMs) && ageMs < COVERAGE_REFRESH_MIN_INTERVAL_MS) {
-      log6.info("skip.recent", { projectId, ageMs });
+      log7.info("skip.recent", { projectId, ageMs });
       return null;
     }
   }
-  const runId = crypto29.randomUUID();
+  const runId = crypto32.randomUUID();
   db.insert(runs).values({
     id: runId,
     projectId,
@@ -29121,11 +30299,11 @@ async function maybeRefreshGscCoverage(db, config, projectId, deps = defaultDeps
     trigger: RunTriggers.scheduled,
     createdAt: new Date(nowMs).toISOString()
   }).run();
-  log6.info("refresh.start", { projectId, runId });
+  log7.info("refresh.start", { projectId, runId });
   try {
     await deps.executeInspectSitemap(db, runId, projectId, { config });
   } catch (err) {
-    log6.error("refresh.failed", {
+    log7.error("refresh.failed", {
       projectId,
       runId,
       error: err instanceof Error ? err.message : String(err)
@@ -29135,10 +30313,10 @@ async function maybeRefreshGscCoverage(db, config, projectId, deps = defaultDeps
 }
 
 // src/commoncrawl-sync.ts
-import crypto30 from "crypto";
+import crypto33 from "crypto";
 import path11 from "path";
-import { and as and26, eq as eq33, sql as sql14 } from "drizzle-orm";
-var log7 = createLogger("CommonCrawlSync");
+import { and as and27, eq as eq34, sql as sql14 } from "drizzle-orm";
+var log8 = createLogger("CommonCrawlSync");
 var INSERT_CHUNK_SIZE = 1e4;
 function defaultDeps2() {
   return {
@@ -29163,7 +30341,7 @@ async function executeReleaseSync(db, syncId, opts) {
       phaseDetail: "downloading vertices + edges",
       updatedAt: downloadStartedAt,
       error: null
-    }).where(eq33(ccReleaseSyncs.id, syncId)).run();
+    }).where(eq34(ccReleaseSyncs.id, syncId)).run();
     const paths = ccReleasePaths(release);
     const releaseCacheDir = path11.join(deps.cacheDir, release);
     const vertexPath = path11.join(releaseCacheDir, paths.vertexFilename);
@@ -29186,7 +30364,7 @@ async function executeReleaseSync(db, syncId, opts) {
       vertexSha256: vertex.sha256,
       edgesSha256: edges.sha256,
       updatedAt: downloadFinishedAt
-    }).where(eq33(ccReleaseSyncs.id, syncId)).run();
+    }).where(eq34(ccReleaseSyncs.id, syncId)).run();
     const allProjects = db.select().from(projects).all();
     const targets = Array.from(new Set(allProjects.map((p) => p.canonicalDomain)));
     let rows = [];
@@ -29202,15 +30380,15 @@ async function executeReleaseSync(db, syncId, opts) {
     }
     const queriedAt = deps.now().toISOString();
     db.transaction((tx) => {
-      tx.delete(backlinkDomains).where(eq33(backlinkDomains.releaseSyncId, syncId)).run();
-      tx.delete(backlinkSummaries).where(eq33(backlinkSummaries.releaseSyncId, syncId)).run();
+      tx.delete(backlinkDomains).where(eq34(backlinkDomains.releaseSyncId, syncId)).run();
+      tx.delete(backlinkSummaries).where(eq34(backlinkSummaries.releaseSyncId, syncId)).run();
       const expanded = [];
       for (const r of rows) {
         const projectIds = projectsByDomain.get(r.targetDomain);
         if (!projectIds) continue;
         for (const projectId of projectIds) {
           expanded.push({
-            id: crypto30.randomUUID(),
+            id: crypto33.randomUUID(),
             projectId,
             releaseSyncId: syncId,
             release,
@@ -29230,7 +30408,7 @@ async function executeReleaseSync(db, syncId, opts) {
         const projectRows = rowsByProject.get(p.id) ?? [];
         const summary = computeSummary(projectRows);
         tx.insert(backlinkSummaries).values({
-          id: crypto30.randomUUID(),
+          id: crypto33.randomUUID(),
           projectId: p.id,
           releaseSyncId: syncId,
           release,
@@ -29262,8 +30440,8 @@ async function executeReleaseSync(db, syncId, opts) {
       domainsDiscovered: rows.length,
       updatedAt: finishedAt,
       error: null
-    }).where(eq33(ccReleaseSyncs.id, syncId)).run();
-    log7.info("sync.completed", {
+    }).where(eq34(ccReleaseSyncs.id, syncId)).run();
+    log8.info("sync.completed", {
       syncId,
       release,
       projectsProcessed: allProjects.length,
@@ -29275,7 +30453,7 @@ async function executeReleaseSync(db, syncId, opts) {
         try {
           deps.enqueueAutoExtract({ projectId: p.id, release });
         } catch (err) {
-          log7.error("auto-extract.enqueue-failed", {
+          log8.error("auto-extract.enqueue-failed", {
             syncId,
             release,
             projectId: p.id,
@@ -29292,8 +30470,8 @@ async function executeReleaseSync(db, syncId, opts) {
       error: errorMsg,
       phaseDetail: null,
       updatedAt: finishedAt
-    }).where(eq33(ccReleaseSyncs.id, syncId)).run();
-    log7.error("sync.failed", { syncId, release, error: errorMsg });
+    }).where(eq34(ccReleaseSyncs.id, syncId)).run();
+    log8.error("sync.failed", { syncId, release, error: errorMsg });
     throw err;
   }
 }
@@ -29326,10 +30504,10 @@ function computeSummary(rows) {
 }
 
 // src/backlink-extract.ts
-import crypto31 from "crypto";
+import crypto34 from "crypto";
 import fs11 from "fs";
-import { and as and27, desc as desc17, eq as eq34 } from "drizzle-orm";
-var log8 = createLogger("BacklinkExtract");
+import { and as and28, desc as desc18, eq as eq35 } from "drizzle-orm";
+var log9 = createLogger("BacklinkExtract");
 function defaultDeps3() {
   return {
     queryBacklinks,
@@ -29340,13 +30518,13 @@ function defaultDeps3() {
 async function executeBacklinkExtract(db, runId, projectId, opts = {}) {
   const deps = { ...defaultDeps3(), ...opts.deps };
   const startedAt = deps.now().toISOString();
-  db.update(runs).set({ status: RunStatuses.running, startedAt }).where(eq34(runs.id, runId)).run();
+  db.update(runs).set({ status: RunStatuses.running, startedAt }).where(eq35(runs.id, runId)).run();
   try {
-    const project = db.select().from(projects).where(eq34(projects.id, projectId)).get();
+    const project = db.select().from(projects).where(eq35(projects.id, projectId)).get();
     if (!project) {
       throw new Error(`Project not found: ${projectId}`);
     }
-    const sync = opts.release ? db.select().from(ccReleaseSyncs).where(eq34(ccReleaseSyncs.release, opts.release)).get() : db.select().from(ccReleaseSyncs).where(eq34(ccReleaseSyncs.status, CcReleaseSyncStatuses.ready)).orderBy(desc17(ccReleaseSyncs.createdAt)).limit(1).get();
+    const sync = opts.release ? db.select().from(ccReleaseSyncs).where(eq35(ccReleaseSyncs.release, opts.release)).get() : db.select().from(ccReleaseSyncs).where(eq35(ccReleaseSyncs.status, CcReleaseSyncStatuses.ready)).orderBy(desc18(ccReleaseSyncs.createdAt)).limit(1).get();
     if (!sync) {
       throw new Error("No ready release sync available \u2014 run `canonry backlinks sync` first");
     }
@@ -29374,11 +30552,11 @@ async function executeBacklinkExtract(db, runId, projectId, opts = {}) {
     const targetDomain = project.canonicalDomain;
     db.transaction((tx) => {
       tx.delete(backlinkDomains).where(
-        and27(eq34(backlinkDomains.projectId, projectId), eq34(backlinkDomains.release, release))
+        and28(eq35(backlinkDomains.projectId, projectId), eq35(backlinkDomains.release, release))
       ).run();
       if (rows.length > 0) {
         const values = rows.map((r) => ({
-          id: crypto31.randomUUID(),
+          id: crypto34.randomUUID(),
           projectId,
           releaseSyncId: syncId,
           release,
@@ -29391,7 +30569,7 @@ async function executeBacklinkExtract(db, runId, projectId, opts = {}) {
       }
       const summary = computeSummary2(rows);
       tx.insert(backlinkSummaries).values({
-        id: crypto31.randomUUID(),
+        id: crypto34.randomUUID(),
         projectId,
         releaseSyncId: syncId,
         release,
@@ -29414,8 +30592,8 @@ async function executeBacklinkExtract(db, runId, projectId, opts = {}) {
       }).run();
     });
     const finishedAt = deps.now().toISOString();
-    db.update(runs).set({ status: RunStatuses.completed, finishedAt }).where(eq34(runs.id, runId)).run();
-    log8.info("extract.completed", { runId, projectId, release, rows: rows.length });
+    db.update(runs).set({ status: RunStatuses.completed, finishedAt }).where(eq35(runs.id, runId)).run();
+    log9.info("extract.completed", { runId, projectId, release, rows: rows.length });
   } catch (err) {
     const errorMsg = err instanceof Error ? err.message : String(err);
     const finishedAt = deps.now().toISOString();
@@ -29423,8 +30601,8 @@ async function executeBacklinkExtract(db, runId, projectId, opts = {}) {
       status: RunStatuses.failed,
       error: errorMsg,
       finishedAt
-    }).where(eq34(runs.id, runId)).run();
-    log8.error("extract.failed", { runId, projectId, error: errorMsg });
+    }).where(eq35(runs.id, runId)).run();
+    log9.error("extract.failed", { runId, projectId, error: errorMsg });
     throw err;
   }
 }
@@ -29444,18 +30622,18 @@ function computeSummary2(rows) {
 }
 
 // src/discovery-run.ts
-import crypto32 from "crypto";
-import { and as and28, eq as eq35 } from "drizzle-orm";
-var log9 = createLogger("DiscoveryRun");
+import crypto35 from "crypto";
+import { and as and29, eq as eq36 } from "drizzle-orm";
+var log10 = createLogger("DiscoveryRun");
 var DEFAULT_SEED_COUNT = 30;
 var QUERIES_PER_INTENT_BUCKET = 6;
 async function executeDiscoveryRun(opts) {
   const startedAt = (/* @__PURE__ */ new Date()).toISOString();
-  opts.db.update(runs).set({ status: RunStatuses.running, startedAt }).where(eq35(runs.id, opts.runId)).run();
+  opts.db.update(runs).set({ status: RunStatuses.running, startedAt }).where(eq36(runs.id, opts.runId)).run();
   try {
-    const projectRow = opts.db.select().from(projects).where(eq35(projects.id, opts.projectId)).get();
+    const projectRow = opts.db.select().from(projects).where(eq36(projects.id, opts.projectId)).get();
     if (!projectRow) throw new Error(`Project ${opts.projectId} not found`);
-    const projectCompetitors = opts.db.select({ domain: competitors.domain }).from(competitors).where(eq35(competitors.projectId, opts.projectId)).all().map((r) => r.domain.toLowerCase());
+    const projectCompetitors = opts.db.select({ domain: competitors.domain }).from(competitors).where(eq36(competitors.projectId, opts.projectId)).all().map((r) => r.domain.toLowerCase());
     const canonicalDomains = effectiveDomains({
       canonicalDomain: projectRow.canonicalDomain,
       ownedDomains: projectRow.ownedDomains
@@ -29485,8 +30663,8 @@ async function executeDiscoveryRun(opts) {
       seedProvider: result.seedProvider,
       result
     });
-    opts.db.update(runs).set({ status: RunStatuses.completed, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq35(runs.id, opts.runId)).run();
-    log9.info("discovery.completed", {
+    opts.db.update(runs).set({ status: RunStatuses.completed, finishedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq36(runs.id, opts.runId)).run();
+    log10.info("discovery.completed", {
       runId: opts.runId,
       sessionId: opts.sessionId,
       buckets: result.buckets,
@@ -29494,13 +30672,13 @@ async function executeDiscoveryRun(opts) {
     });
   } catch (err) {
     const errorMsg = err instanceof Error ? err.message : String(err);
-    log9.error("discovery.failed", { runId: opts.runId, sessionId: opts.sessionId, error: errorMsg });
+    log10.error("discovery.failed", { runId: opts.runId, sessionId: opts.sessionId, error: errorMsg });
     markSessionFailed(opts.db, opts.sessionId, errorMsg);
     opts.db.update(runs).set({
       status: RunStatuses.failed,
       finishedAt: (/* @__PURE__ */ new Date()).toISOString(),
       error: errorMsg
-    }).where(eq35(runs.id, opts.runId)).run();
+    }).where(eq36(runs.id, opts.runId)).run();
   }
 }
 function buildDefaultDeps(registry) {
@@ -29705,13 +30883,13 @@ function writeDiscoveryInsight(db, input) {
     totalProbes
   });
   db.transaction((tx) => {
-    tx.update(insights).set({ dismissed: true }).where(and28(
-      eq35(insights.projectId, input.projectId),
-      eq35(insights.type, "discovery.basket-divergence"),
-      eq35(insights.dismissed, false)
+    tx.update(insights).set({ dismissed: true }).where(and29(
+      eq36(insights.projectId, input.projectId),
+      eq36(insights.type, "discovery.basket-divergence"),
+      eq36(insights.dismissed, false)
     )).run();
     tx.insert(insights).values({
-      id: crypto32.randomUUID(),
+      id: crypto35.randomUUID(),
       projectId: input.projectId,
       runId: input.runId,
       type: "discovery.basket-divergence",
@@ -29747,7 +30925,7 @@ function buildDiscoveryInsightTitle(input) {
 }
 
 // src/commands/backfill.ts
-import { and as and29, eq as eq36, inArray as inArray12, isNull, sql as sql15 } from "drizzle-orm";
+import { and as and30, eq as eq37, inArray as inArray13, isNull, sql as sql15 } from "drizzle-orm";
 var SNAPSHOT_BATCH_SIZE = 500;
 async function backfillAnswerVisibilityCommand(opts) {
   const config = loadConfig();
@@ -29755,7 +30933,7 @@ async function backfillAnswerVisibilityCommand(opts) {
   migrate(db);
   const projectFilter = opts?.project?.trim();
   const isDryRun = opts?.dryRun === true;
-  const scopedProjects = projectFilter ? db.select().from(projects).where(eq36(projects.name, projectFilter)).all() : db.select().from(projects).all();
+  const scopedProjects = projectFilter ? db.select().from(projects).where(eq37(projects.name, projectFilter)).all() : db.select().from(projects).all();
   let examined = 0;
   let updated = 0;
   let wouldUpdate = 0;
@@ -29763,10 +30941,10 @@ async function backfillAnswerVisibilityCommand(opts) {
   let reparsed = 0;
   let providerErrors = 0;
   if (scopedProjects.length > 0) {
-    const runRows = projectFilter ? db.select({ id: runs.id, projectId: runs.projectId }).from(runs).where(and29(
-      eq36(runs.kind, RunKinds["answer-visibility"]),
-      inArray12(runs.projectId, scopedProjects.map((project) => project.id))
-    )).all() : db.select({ id: runs.id, projectId: runs.projectId }).from(runs).where(eq36(runs.kind, RunKinds["answer-visibility"])).all();
+    const runRows = projectFilter ? db.select({ id: runs.id, projectId: runs.projectId }).from(runs).where(and30(
+      eq37(runs.kind, RunKinds["answer-visibility"]),
+      inArray13(runs.projectId, scopedProjects.map((project) => project.id))
+    )).all() : db.select({ id: runs.id, projectId: runs.projectId }).from(runs).where(eq37(runs.kind, RunKinds["answer-visibility"])).all();
     const runIdsByProject = /* @__PURE__ */ new Map();
     for (const run of runRows) {
       const existing = runIdsByProject.get(run.projectId);
@@ -29774,7 +30952,7 @@ async function backfillAnswerVisibilityCommand(opts) {
       else runIdsByProject.set(run.projectId, [run.id]);
     }
     for (const project of scopedProjects) {
-      const competitorDomains = db.select({ domain: competitors.domain }).from(competitors).where(eq36(competitors.projectId, project.id)).all().map((row) => row.domain);
+      const competitorDomains = db.select({ domain: competitors.domain }).from(competitors).where(eq37(competitors.projectId, project.id)).all().map((row) => row.domain);
       const runIds = runIdsByProject.get(project.id) ?? [];
       if (runIds.length === 0) continue;
       const projectDomains = effectiveDomains({
@@ -29797,7 +30975,7 @@ async function backfillAnswerVisibilityCommand(opts) {
           competitorOverlap: querySnapshots.competitorOverlap,
           recommendedCompetitors: querySnapshots.recommendedCompetitors,
           rawResponse: querySnapshots.rawResponse
-        }).from(querySnapshots).where(inArray12(querySnapshots.runId, batchRunIds)).all();
+        }).from(querySnapshots).where(inArray13(querySnapshots.runId, batchRunIds)).all();
         const pendingUpdates = [];
         for (const snapshot of snapshotRows) {
           examined++;
@@ -29862,7 +31040,7 @@ async function backfillAnswerVisibilityCommand(opts) {
           } else {
             db.transaction((tx) => {
               for (const update of pendingUpdates) {
-                tx.update(querySnapshots).set(update.patch).where(eq36(querySnapshots.id, update.id)).run();
+                tx.update(querySnapshots).set(update.patch).where(eq37(querySnapshots.id, update.id)).run();
               }
             });
             updated += pendingUpdates.length;
@@ -29911,13 +31089,13 @@ No DB writes performed. Re-run without --dry-run to apply.`);
 function backfillNormalizedPaths(db, opts) {
   const baseConditions = [];
   if (opts?.projectId) {
-    baseConditions.push(eq36(gaTrafficSnapshots.projectId, opts.projectId));
+    baseConditions.push(eq37(gaTrafficSnapshots.projectId, opts.projectId));
   }
   const rows = db.select({
     id: gaTrafficSnapshots.id,
     landingPage: gaTrafficSnapshots.landingPage,
     landingPageNormalized: gaTrafficSnapshots.landingPageNormalized
-  }).from(gaTrafficSnapshots).where(baseConditions.length > 0 ? and29(...baseConditions) : void 0).all();
+  }).from(gaTrafficSnapshots).where(baseConditions.length > 0 ? and30(...baseConditions) : void 0).all();
   let updated = 0;
   let unchanged = 0;
   if (rows.length > 0) {
@@ -29932,7 +31110,7 @@ function backfillNormalizedPaths(db, opts) {
           unchanged++;
           continue;
         }
-        tx.update(gaTrafficSnapshots).set({ landingPageNormalized: next }).where(eq36(gaTrafficSnapshots.id, row.id)).run();
+        tx.update(gaTrafficSnapshots).set({ landingPageNormalized: next }).where(eq37(gaTrafficSnapshots.id, row.id)).run();
         updated++;
       }
     });
@@ -29946,7 +31124,7 @@ async function backfillNormalizedPathsCommand(opts) {
   const projectFilter = opts?.project?.trim();
   let projectId;
   if (projectFilter) {
-    const project = db.select({ id: projects.id }).from(projects).where(eq36(projects.name, projectFilter)).get();
+    const project = db.select({ id: projects.id }).from(projects).where(eq37(projects.name, projectFilter)).get();
     if (!project) {
       const result2 = {
         project: projectFilter,
@@ -29983,13 +31161,13 @@ async function backfillNormalizedPathsCommand(opts) {
 function backfillAiReferralPaths(db, opts) {
   const baseConditions = [];
   if (opts?.projectId) {
-    baseConditions.push(eq36(gaAiReferrals.projectId, opts.projectId));
+    baseConditions.push(eq37(gaAiReferrals.projectId, opts.projectId));
   }
   const rows = db.select({
     id: gaAiReferrals.id,
     landingPage: gaAiReferrals.landingPage,
     landingPageNormalized: gaAiReferrals.landingPageNormalized
-  }).from(gaAiReferrals).where(baseConditions.length > 0 ? and29(...baseConditions) : void 0).all();
+  }).from(gaAiReferrals).where(baseConditions.length > 0 ? and30(...baseConditions) : void 0).all();
   let updated = 0;
   let unchanged = 0;
   if (rows.length > 0) {
@@ -30004,7 +31182,7 @@ function backfillAiReferralPaths(db, opts) {
           unchanged++;
           continue;
         }
-        tx.update(gaAiReferrals).set({ landingPageNormalized: next }).where(eq36(gaAiReferrals.id, row.id)).run();
+        tx.update(gaAiReferrals).set({ landingPageNormalized: next }).where(eq37(gaAiReferrals.id, row.id)).run();
         updated++;
       }
     });
@@ -30018,7 +31196,7 @@ async function backfillAiReferralPathsCommand(opts) {
   const projectFilter = opts?.project?.trim();
   let projectId;
   if (projectFilter) {
-    const project = db.select({ id: projects.id }).from(projects).where(eq36(projects.name, projectFilter)).get();
+    const project = db.select({ id: projects.id }).from(projects).where(eq37(projects.name, projectFilter)).get();
     if (!project) {
       const result2 = {
         project: projectFilter,
@@ -30054,10 +31232,10 @@ async function backfillAiReferralPathsCommand(opts) {
 }
 function backfillProjectAnswerMentions(db, projectId, opts) {
   const isDryRun = opts?.dryRun === true;
-  const project = db.select().from(projects).where(eq36(projects.id, projectId)).get();
+  const project = db.select().from(projects).where(eq37(projects.id, projectId)).get();
   if (!project) return { examined: 0, updated: 0, mentioned: 0 };
-  const competitorDomains = db.select({ domain: competitors.domain }).from(competitors).where(eq36(competitors.projectId, projectId)).all().map((row) => row.domain);
-  const runRows = db.select({ id: runs.id }).from(runs).where(and29(eq36(runs.kind, RunKinds["answer-visibility"]), eq36(runs.projectId, projectId))).all();
+  const competitorDomains = db.select({ domain: competitors.domain }).from(competitors).where(eq37(competitors.projectId, projectId)).all().map((row) => row.domain);
+  const runRows = db.select({ id: runs.id }).from(runs).where(and30(eq37(runs.kind, RunKinds["answer-visibility"]), eq37(runs.projectId, projectId))).all();
   const runIds = runRows.map((r) => r.id);
   let examined = 0;
   let updated = 0;
@@ -30085,7 +31263,7 @@ function backfillProjectAnswerMentions(db, projectId, opts) {
       competitorOverlap: querySnapshots.competitorOverlap,
       recommendedCompetitors: querySnapshots.recommendedCompetitors,
       rawResponse: querySnapshots.rawResponse
-    }).from(querySnapshots).where(inArray12(querySnapshots.runId, batchRunIds)).all();
+    }).from(querySnapshots).where(inArray13(querySnapshots.runId, batchRunIds)).all();
     const pendingUpdates = [];
     for (const snapshot of snapshotRows) {
       examined++;
@@ -30129,7 +31307,7 @@ function backfillProjectAnswerMentions(db, projectId, opts) {
       } else {
         db.transaction((tx) => {
           for (const update of pendingUpdates) {
-            tx.update(querySnapshots).set(update.patch).where(eq36(querySnapshots.id, update.id)).run();
+            tx.update(querySnapshots).set(update.patch).where(eq37(querySnapshots.id, update.id)).run();
           }
         });
         updated += pendingUpdates.length;
@@ -30144,7 +31322,7 @@ async function backfillAnswerMentionsCommand(opts) {
   migrate(db);
   const projectFilter = opts?.project?.trim();
   const isDryRun = opts?.dryRun === true;
-  const scopedProjects = projectFilter ? db.select().from(projects).where(eq36(projects.name, projectFilter)).all() : db.select().from(projects).all();
+  const scopedProjects = projectFilter ? db.select().from(projects).where(eq37(projects.name, projectFilter)).all() : db.select().from(projects).all();
   let examined = 0;
   let updated = 0;
   let wouldUpdate = 0;
@@ -30204,7 +31382,7 @@ function readStoredGroundingSources(rawResponse) {
   return result;
 }
 async function backfillInsightsCommand(project, opts) {
-  const { IntelligenceService: IntelligenceService2 } = await import("./intelligence-service-NY3MAVPB.js");
+  const { IntelligenceService: IntelligenceService2 } = await import("./intelligence-service-V4SWVKEQ.js");
   const config = loadConfig();
   const db = createClient(config.database);
   migrate(db);
@@ -30363,7 +31541,7 @@ async function backfillSnapshotAttributionCommand(opts) {
   const config = loadConfig();
   const db = createClient(config.database);
   migrate(db);
-  const project = db.select().from(projects).where(eq36(projects.name, opts.project)).get();
+  const project = db.select().from(projects).where(eq37(projects.name, opts.project)).get();
   if (!project) {
     throw new Error(`Project "${opts.project}" not found`);
   }
@@ -30374,17 +31552,17 @@ async function backfillSnapshotAttributionCommand(opts) {
     process.stderr.write(`Recovering orphan snapshot attribution for "${project.name}"${mode}...
 `);
   }
-  const events = db.select({ createdAt: auditLog.createdAt, action: auditLog.action, diff: auditLog.diff }).from(auditLog).where(and29(
-    eq36(auditLog.projectId, project.id),
-    inArray12(auditLog.action, ["keywords.appended", "keywords.deleted", "queries.appended", "queries.deleted", "queries.replaced"])
+  const events = db.select({ createdAt: auditLog.createdAt, action: auditLog.action, diff: auditLog.diff }).from(auditLog).where(and30(
+    eq37(auditLog.projectId, project.id),
+    inArray13(auditLog.action, ["keywords.appended", "keywords.deleted", "queries.appended", "queries.deleted", "queries.replaced"])
   )).orderBy(auditLog.createdAt).all();
   const history = replayQueryAuditLog(events);
   const orphanRuns = db.select({
     runId: runs.id,
     createdAt: runs.createdAt,
     location: runs.location
-  }).from(runs).innerJoin(querySnapshots, eq36(querySnapshots.runId, runs.id)).where(and29(
-    eq36(runs.projectId, project.id),
+  }).from(runs).innerJoin(querySnapshots, eq37(querySnapshots.runId, runs.id)).where(and30(
+    eq37(runs.projectId, project.id),
     isNull(querySnapshots.queryId),
     isNull(querySnapshots.queryText)
   )).groupBy(runs.id).orderBy(runs.createdAt).all();
@@ -30406,8 +31584,8 @@ async function backfillSnapshotAttributionCommand(opts) {
       provider: querySnapshots.provider,
       createdAt: querySnapshots.createdAt,
       answerText: querySnapshots.answerText
-    }).from(querySnapshots).where(and29(
-      eq36(querySnapshots.runId, run.runId),
+    }).from(querySnapshots).where(and30(
+      eq37(querySnapshots.runId, run.runId),
       isNull(querySnapshots.queryId),
       isNull(querySnapshots.queryText)
     )).orderBy(querySnapshots.provider, querySnapshots.createdAt).all();
@@ -30473,7 +31651,7 @@ async function backfillSnapshotAttributionCommand(opts) {
   if (!isDryRun && updates.length > 0) {
     db.transaction((tx) => {
       for (const u of updates) {
-        tx.update(querySnapshots).set({ queryText: u.queryText }).where(eq36(querySnapshots.id, u.id)).run();
+        tx.update(querySnapshots).set({ queryText: u.queryText }).where(eq37(querySnapshots.id, u.id)).run();
       }
     });
   }
@@ -30547,7 +31725,7 @@ async function backfillTrafficClassificationCommand(opts) {
   const projectFilter = opts?.project?.trim();
   const isDryRun = opts?.dryRun === true;
   const isJson = opts?.format === "json";
-  const scopedProjects = projectFilter ? db.select().from(projects).where(eq36(projects.name, projectFilter)).all() : db.select().from(projects).all();
+  const scopedProjects = projectFilter ? db.select().from(projects).where(eq37(projects.name, projectFilter)).all() : db.select().from(projects).all();
   if (scopedProjects.length === 0) {
     if (projectFilter && !isJson) {
       process.stderr.write(`No project named "${projectFilter}".
@@ -30572,9 +31750,9 @@ async function backfillTrafficClassificationCommand(opts) {
     dryRun: isDryRun,
     byBot: {}
   };
-  const unknownCountRow = db.select({ n: sql15`count(*)` }).from(rawEventSamples).where(and29(
-    eq36(rawEventSamples.eventType, "unknown"),
-    inArray12(rawEventSamples.projectId, projectIds)
+  const unknownCountRow = db.select({ n: sql15`count(*)` }).from(rawEventSamples).where(and30(
+    eq37(rawEventSamples.eventType, "unknown"),
+    inArray13(rawEventSamples.projectId, projectIds)
   )).get();
   result.unknownBefore = Number(unknownCountRow?.n ?? 0);
   const unknownSamples = db.select({
@@ -30585,9 +31763,9 @@ async function backfillTrafficClassificationCommand(opts) {
     userAgent: rawEventSamples.userAgent,
     pathNormalized: rawEventSamples.pathNormalized,
     status: rawEventSamples.status
-  }).from(rawEventSamples).where(and29(
-    eq36(rawEventSamples.eventType, "unknown"),
-    inArray12(rawEventSamples.projectId, projectIds)
+  }).from(rawEventSamples).where(and30(
+    eq37(rawEventSamples.eventType, "unknown"),
+    inArray13(rawEventSamples.projectId, projectIds)
   )).all();
   result.examined = unknownSamples.length;
   if (unknownSamples.length === 0) {
@@ -30625,7 +31803,7 @@ async function backfillTrafficClassificationCommand(opts) {
     result.reclassified++;
     result.byBot[classified.botId] = (result.byBot[classified.botId] ?? 0) + 1;
     if (isDryRun) continue;
-    db.update(rawEventSamples).set({ eventType: userFetch ? TrafficEventKinds["ai-user-fetch"] : TrafficEventKinds.crawler }).where(eq36(rawEventSamples.id, snap.id)).run();
+    db.update(rawEventSamples).set({ eventType: userFetch ? TrafficEventKinds["ai-user-fetch"] : TrafficEventKinds.crawler }).where(eq37(rawEventSamples.id, snap.id)).run();
     const tsHour = new Date(snap.ts);
     tsHour.setUTCMinutes(0, 0, 0);
     if (userFetch) {
@@ -30689,9 +31867,9 @@ async function backfillTrafficClassificationCommand(opts) {
     }
   }
   if (!isDryRun) {
-    const afterRow = db.select({ n: sql15`count(*)` }).from(rawEventSamples).where(and29(
-      eq36(rawEventSamples.eventType, "unknown"),
-      inArray12(rawEventSamples.projectId, projectIds)
+    const afterRow = db.select({ n: sql15`count(*)` }).from(rawEventSamples).where(and30(
+      eq37(rawEventSamples.eventType, "unknown"),
+      inArray13(rawEventSamples.projectId, projectIds)
     )).get();
     result.unknownAfter = Number(afterRow?.n ?? 0);
   } else {
@@ -30724,6 +31902,333 @@ No DB writes performed. Re-run without --dry-run to apply.`);
   }
 }
 
+// src/commands/skills.ts
+import crypto36 from "crypto";
+import fs12 from "fs";
+import os6 from "os";
+import path12 from "path";
+import { fileURLToPath } from "url";
+var BUNDLED_SKILL_NAMES = ["canonry", "aero"];
+function resolveBundledSkillsRoot(pkgDir) {
+  const here = pkgDir ?? path12.dirname(fileURLToPath(import.meta.url));
+  const candidates = [
+    path12.join(here, "../assets/agent-workspace/skills"),
+    path12.join(here, "../../assets/agent-workspace/skills"),
+    path12.join(here, "../../../../skills")
+  ];
+  for (const candidate of candidates) {
+    if (BUNDLED_SKILL_NAMES.every((name) => fs12.existsSync(path12.join(candidate, name, "SKILL.md")))) {
+      return candidate;
+    }
+  }
+  throw new CliError({
+    code: "INTERNAL_ERROR",
+    message: `Bundled skills not found. Searched:
+  ${candidates.join("\n  ")}`,
+    exitCode: 2
+  });
+}
+function parseDescription(content) {
+  const fmMatch = /^---\n([\s\S]*?)\n---/.exec(content);
+  if (!fmMatch) return "";
+  const descMatch = /^description:\s*(\S.*)$/m.exec(fmMatch[1]);
+  if (!descMatch) return "";
+  return descMatch[1].replace(/^["']|["']$/g, "").trim();
+}
+function getBundledSkills(pkgDir) {
+  const root = resolveBundledSkillsRoot(pkgDir);
+  return BUNDLED_SKILL_NAMES.map((name) => {
+    const skillDir = path12.join(root, name);
+    const skillFile = path12.join(skillDir, "SKILL.md");
+    const content = fs12.readFileSync(skillFile, "utf-8");
+    return { name, description: parseDescription(content), bundledPath: skillDir };
+  });
+}
+function walkRelative(dir, prefix = "") {
+  const out = [];
+  for (const entry of fs12.readdirSync(dir, { withFileTypes: true })) {
+    const rel = prefix ? path12.join(prefix, entry.name) : entry.name;
+    const full = path12.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      out.push(...walkRelative(full, rel));
+    } else if (entry.isFile()) {
+      out.push(rel);
+    }
+  }
+  return out.sort();
+}
+function sha256File(filePath) {
+  return crypto36.createHash("sha256").update(fs12.readFileSync(filePath)).digest("hex");
+}
+function readSkillManifest(skillDir) {
+  try {
+    return coerceSkillManifest(JSON.parse(fs12.readFileSync(path12.join(skillDir, SKILL_MANIFEST_FILENAME), "utf-8")));
+  } catch {
+    return null;
+  }
+}
+function writeSkillManifest(skillDir, manifest) {
+  fs12.writeFileSync(path12.join(skillDir, SKILL_MANIFEST_FILENAME), `${JSON.stringify(manifest, null, 2)}
+`, "utf-8");
+}
+function reconcileSkillTree(srcDir, destDir, manifest, force) {
+  const result = { added: [], updated: [], unchanged: [], conflicts: [], bundledHashes: /* @__PURE__ */ new Map() };
+  for (const rel of walkRelative(srcDir)) {
+    const srcPath = path12.join(srcDir, rel);
+    const destPath = path12.join(destDir, rel);
+    const bundledHash = sha256File(srcPath);
+    result.bundledHashes.set(rel, bundledHash);
+    const installedHash = fs12.existsSync(destPath) ? sha256File(destPath) : void 0;
+    const state = classifySkillFile({ bundledHash, installedHash, manifestHash: manifest?.files[rel] });
+    switch (state) {
+      case "missing":
+        fs12.mkdirSync(path12.dirname(destPath), { recursive: true });
+        fs12.copyFileSync(srcPath, destPath);
+        result.added.push(rel);
+        break;
+      case "unchanged":
+        result.unchanged.push(rel);
+        break;
+      case "stale":
+        fs12.copyFileSync(srcPath, destPath);
+        result.updated.push(rel);
+        break;
+      case "edited":
+        if (force) {
+          fs12.copyFileSync(srcPath, destPath);
+          result.updated.push(rel);
+        } else {
+          result.conflicts.push(rel);
+        }
+        break;
+    }
+  }
+  return result;
+}
+function buildManifest(skillName, recon, prior) {
+  const conflicts = new Set(recon.conflicts);
+  const files = {};
+  for (const [rel, bundledHash] of recon.bundledHashes) {
+    files[rel] = conflicts.has(rel) ? prior?.files[rel] ?? bundledHash : bundledHash;
+  }
+  return { skill: skillName, version: PACKAGE_VERSION, files };
+}
+function describeChanges(recon) {
+  const parts = [];
+  if (recon.added.length > 0) parts.push(`${recon.added.length} added`);
+  if (recon.updated.length > 0) parts.push(`${recon.updated.length} refreshed`);
+  return parts.length > 0 ? parts.join(", ") : "no changes";
+}
+function buildClaudeMessage(name, status, recon) {
+  const rel = `.claude/skills/${name}`;
+  let message = status === "installed" ? `Installed ${rel}` : status === "updated" ? `Updated ${rel} (${describeChanges(recon)})` : `Already installed: ${rel}`;
+  if (recon.conflicts.length > 0) {
+    message += ` \u2014 ${recon.conflicts.length} file(s) differ from the bundle (local edits kept; pass --force to overwrite)`;
+  }
+  return message;
+}
+function installClaudeSkill(skill, targetDir, force) {
+  const targetPath = path12.join(targetDir, ".claude", "skills", skill.name);
+  const existedBefore = fs12.existsSync(path12.join(targetPath, "SKILL.md"));
+  const priorManifest = readSkillManifest(targetPath);
+  fs12.mkdirSync(targetPath, { recursive: true });
+  const recon = reconcileSkillTree(skill.bundledPath, targetPath, priorManifest, force);
+  writeSkillManifest(targetPath, buildManifest(skill.name, recon, priorManifest));
+  const changed = recon.added.length + recon.updated.length;
+  const status = !existedBefore ? "installed" : changed > 0 ? "updated" : "already-installed";
+  return {
+    skill: skill.name,
+    client: CodingAgents.claude,
+    targetPath,
+    status,
+    message: buildClaudeMessage(skill.name, status, recon),
+    added: recon.added,
+    updated: recon.updated,
+    unchanged: recon.unchanged,
+    conflicts: recon.conflicts
+  };
+}
+function installCodexSymlink(skill, targetDir, force) {
+  const codexPath = path12.join(targetDir, ".codex", "skills", skill.name);
+  const claudePath = path12.join(targetDir, ".claude", "skills", skill.name);
+  const linkTarget = path12.relative(path12.dirname(codexPath), claudePath);
+  fs12.mkdirSync(path12.dirname(codexPath), { recursive: true });
+  let stat;
+  try {
+    stat = fs12.lstatSync(codexPath);
+  } catch {
+    stat = void 0;
+  }
+  if (stat?.isSymbolicLink()) {
+    const existing = fs12.readlinkSync(codexPath);
+    if (existing === linkTarget) {
+      return {
+        skill: skill.name,
+        client: CodingAgents.codex,
+        targetPath: codexPath,
+        status: "already-linked",
+        message: `Already linked: .codex/skills/${skill.name}`
+      };
+    }
+    if (!force) {
+      throw new CliError({
+        code: "VALIDATION_ERROR",
+        message: `.codex/skills/${skill.name} is a symlink pointing elsewhere (${existing}). Pass --force to relink.`,
+        details: { skill: skill.name, targetPath: codexPath, existingTarget: existing },
+        exitCode: 1
+      });
+    }
+    fs12.unlinkSync(codexPath);
+    fs12.symlinkSync(linkTarget, codexPath);
+    return {
+      skill: skill.name,
+      client: CodingAgents.codex,
+      targetPath: codexPath,
+      status: "relinked",
+      message: `Relinked .codex/skills/${skill.name} \u2192 ${linkTarget}`
+    };
+  }
+  if (stat) {
+    if (!force) {
+      throw new CliError({
+        code: "VALIDATION_ERROR",
+        message: `.codex/skills/${skill.name} exists but is not a symlink. Pass --force to replace.`,
+        details: { skill: skill.name, targetPath: codexPath },
+        exitCode: 1
+      });
+    }
+    fs12.rmSync(codexPath, { recursive: true, force: true });
+  }
+  fs12.symlinkSync(linkTarget, codexPath);
+  return {
+    skill: skill.name,
+    client: CodingAgents.codex,
+    targetPath: codexPath,
+    status: stat ? "relinked" : "linked",
+    message: stat ? `Replaced and linked .codex/skills/${skill.name} \u2192 ${linkTarget}` : `Linked .codex/skills/${skill.name} \u2192 ${linkTarget}`
+  };
+}
+function buildSummaryMessage(results) {
+  const counts = {};
+  for (const r of results) counts[r.status] = (counts[r.status] ?? 0) + 1;
+  const parts = Object.entries(counts).map(([status, n]) => `${n} ${status}`);
+  let message = `Skills install summary: ${parts.join(", ")}.`;
+  const totalConflicts = results.reduce((sum, r) => sum + (r.conflicts?.length ?? 0), 0);
+  if (totalConflicts > 0) {
+    message += ` ${totalConflicts} file(s) differ from the bundle and were kept \u2014 pass --force to overwrite local edits.`;
+  }
+  return message;
+}
+function getBundledSkillSnapshots(pkgDir) {
+  return getBundledSkills(pkgDir).map((skill) => {
+    const files = {};
+    for (const rel of walkRelative(skill.bundledPath)) {
+      files[rel] = sha256File(path12.join(skill.bundledPath, rel));
+    }
+    return { name: skill.name, version: PACKAGE_VERSION, files };
+  });
+}
+async function installSkills(opts = {}) {
+  const targetDir = opts.user ? os6.homedir() : path12.resolve(opts.dir ?? process.cwd());
+  const client = opts.client ?? SkillsClients.all;
+  const force = opts.force ?? false;
+  const allSkills = getBundledSkills();
+  const requestedNames = opts.skills && opts.skills.length > 0 ? opts.skills : allSkills.map((s) => s.name);
+  const knownNames = new Set(allSkills.map((s) => s.name));
+  const unknown = requestedNames.filter((n) => !knownNames.has(n));
+  if (unknown.length > 0) {
+    throw new CliError({
+      code: "VALIDATION_ERROR",
+      message: `Unknown skill(s): ${unknown.join(", ")}. Available: ${[...knownNames].join(", ")}`,
+      details: { unknownSkills: unknown, availableSkills: [...knownNames] },
+      exitCode: 1
+    });
+  }
+  const skillsToInstall = allSkills.filter((s) => requestedNames.includes(s.name));
+  fs12.mkdirSync(targetDir, { recursive: true });
+  const results = [];
+  for (const skill of skillsToInstall) {
+    results.push(installClaudeSkill(skill, targetDir, force));
+    if (client !== SkillsClients.claude) {
+      results.push(installCodexSymlink(skill, targetDir, force));
+    }
+  }
+  return {
+    targetDir,
+    results,
+    message: buildSummaryMessage(results)
+  };
+}
+async function listSkills(opts = {}) {
+  const skills = getBundledSkills();
+  if (opts.format === "json") {
+    console.log(JSON.stringify({
+      skills: skills.map((s) => ({
+        name: s.name,
+        description: s.description,
+        claudePath: `.claude/skills/${s.name}`,
+        codexPath: `.codex/skills/${s.name}`
+      }))
+    }, null, 2));
+    return;
+  }
+  console.log("Bundled canonry skills:\n");
+  for (const skill of skills) {
+    console.log(`  ${skill.name}`);
+    if (skill.description) console.log(`    ${skill.description}`);
+    console.log(`    Claude: .claude/skills/${skill.name}/`);
+    console.log(`    Codex:  .codex/skills/${skill.name} (symlink \u2192 ../../.claude/skills/${skill.name})`);
+    console.log();
+  }
+}
+function emitInstallSummary(summary, format) {
+  if (format === "json") {
+    console.log(JSON.stringify(summary, null, 2));
+    return;
+  }
+  for (const r of summary.results) console.log(r.message);
+  console.log(`
+Target: ${summary.targetDir}`);
+  console.log(summary.message);
+}
+function getMissingUserSkillsNudge(home) {
+  if (!home) return null;
+  const skillsBase = path12.join(home, ".claude", "skills");
+  const installed = [];
+  const missing = [];
+  for (const name of BUNDLED_SKILL_NAMES) {
+    const skillFile = path12.join(skillsBase, name, "SKILL.md");
+    if (existsSafe(skillFile)) installed.push(name);
+    else missing.push(name);
+  }
+  if (missing.length === 0) return null;
+  const fix = missing.length === BUNDLED_SKILL_NAMES.length ? "canonry skills install --user" : `canonry skills install ${missing.join(" ")} --user`;
+  return {
+    message: `Tip: ${missing.join(" + ")} skill${missing.length === 1 ? "" : "s"} not installed in ~/.claude/skills/. Run \`${fix}\` so Claude/Codex sessions on this host auto-load the canonry reference docs.`,
+    missing,
+    installed
+  };
+}
+function existsSafe(p) {
+  try {
+    return fs12.existsSync(p);
+  } catch {
+    return false;
+  }
+}
+function parseSkillsClient(value) {
+  if (!value) return SkillsClients.all;
+  const parsed = skillsClientSchema.safeParse(value);
+  if (parsed.success) return parsed.data;
+  const allowed = skillsClientSchema.options;
+  throw new CliError({
+    code: "VALIDATION_ERROR",
+    message: `Invalid --client value "${value}". Must be one of: ${allowed.join(", ")}`,
+    details: { flag: "client", value, allowed },
+    exitCode: 1
+  });
+}
+
 // src/provider-registry.ts
 var ProviderRegistry = class {
   providers = /* @__PURE__ */ new Map();
@@ -30777,8 +32282,8 @@ var ProviderRegistry = class {
 
 // src/scheduler.ts
 import cron from "node-cron";
-import { and as and30, eq as eq37 } from "drizzle-orm";
-var log10 = createLogger("Scheduler");
+import { and as and31, eq as eq38 } from "drizzle-orm";
+var log11 = createLogger("Scheduler");
 function taskKey(projectId, kind) {
   return `${projectId}::${kind}`;
 }
@@ -30792,16 +32297,16 @@ var Scheduler = class {
   }
   /** Load all enabled schedules from DB and register cron jobs. */
   start() {
-    const allSchedules = this.db.select().from(schedules).where(eq37(schedules.enabled, true)).all();
+    const allSchedules = this.db.select().from(schedules).where(eq38(schedules.enabled, true)).all();
     for (const schedule of allSchedules) {
       const missedRunAt = schedule.nextRunAt;
       this.registerCronTask(schedule);
       if (missedRunAt && new Date(missedRunAt) < /* @__PURE__ */ new Date()) {
-        log10.info("run.catch-up", { projectId: schedule.projectId, kind: schedule.kind, missedRunAt });
+        log11.info("run.catch-up", { projectId: schedule.projectId, kind: schedule.kind, missedRunAt });
         this.triggerRun(schedule.id, schedule.projectId, schedule.kind);
       }
     }
-    log10.info("started", { scheduleCount: allSchedules.length });
+    log11.info("started", { scheduleCount: allSchedules.length });
   }
   /** Stop all cron tasks for graceful shutdown. */
   stop() {
@@ -30822,7 +32327,7 @@ var Scheduler = class {
       this.stopTask(key, existing, "Stopped");
       this.tasks.delete(key);
     }
-    const schedule = this.db.select().from(schedules).where(and30(eq37(schedules.projectId, projectId), eq37(schedules.kind, kind))).get();
+    const schedule = this.db.select().from(schedules).where(and31(eq38(schedules.projectId, projectId), eq38(schedules.kind, kind))).get();
     if (schedule && schedule.enabled) {
       this.registerCronTask(schedule);
     }
@@ -30845,13 +32350,13 @@ var Scheduler = class {
   stopTask(key, task, verb) {
     void task.stop();
     void task.destroy();
-    log10.info(`task.${verb.toLowerCase()}`, { key });
+    log11.info(`task.${verb.toLowerCase()}`, { key });
   }
   registerCronTask(schedule) {
     const { id: scheduleId, projectId, cronExpr, timezone } = schedule;
     const kind = schedule.kind;
     if (!cron.validate(cronExpr)) {
-      log10.error("cron.invalid", { projectId, kind, cronExpr });
+      log11.error("cron.invalid", { projectId, kind, cronExpr });
       return;
     }
     const task = cron.schedule(cronExpr, () => {
@@ -30863,43 +32368,43 @@ var Scheduler = class {
     this.db.update(schedules).set({
       nextRunAt: task.getNextRun()?.toISOString() ?? null,
       updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-    }).where(eq37(schedules.id, scheduleId)).run();
+    }).where(eq38(schedules.id, scheduleId)).run();
     const label = schedule.preset ?? cronExpr;
-    log10.info("cron.registered", { projectId, kind, schedule: label, timezone });
+    log11.info("cron.registered", { projectId, kind, schedule: label, timezone });
   }
   triggerRun(scheduleId, projectId, kind) {
     try {
       const now = (/* @__PURE__ */ new Date()).toISOString();
-      const currentSchedule = this.db.select().from(schedules).where(eq37(schedules.id, scheduleId)).get();
+      const currentSchedule = this.db.select().from(schedules).where(eq38(schedules.id, scheduleId)).get();
       if (!currentSchedule || !currentSchedule.enabled) {
-        log10.warn("schedule.stale", { scheduleId, projectId, kind, msg: "schedule no longer exists or is disabled" });
+        log11.warn("schedule.stale", { scheduleId, projectId, kind, msg: "schedule no longer exists or is disabled" });
         this.remove(projectId, kind);
         return;
       }
       const task = this.tasks.get(taskKey(projectId, kind));
       const nextRunAt = task?.getNextRun()?.toISOString() ?? null;
-      const project = this.db.select().from(projects).where(eq37(projects.id, projectId)).get();
+      const project = this.db.select().from(projects).where(eq38(projects.id, projectId)).get();
       if (!project) {
-        log10.error("project.not-found", { projectId, kind, msg: "skipping scheduled run" });
+        log11.error("project.not-found", { projectId, kind, msg: "skipping scheduled run" });
         this.remove(projectId, kind);
         return;
       }
       if (kind === SchedulableRunKinds["traffic-sync"]) {
         const sourceId = currentSchedule.sourceId;
         if (!sourceId) {
-          log10.warn("traffic-sync.missing-source", { scheduleId, projectId });
+          log11.warn("traffic-sync.missing-source", { scheduleId, projectId });
           return;
         }
         if (!this.callbacks.onTrafficSyncRequested) {
-          log10.warn("traffic-sync.no-callback", { scheduleId, projectId, msg: "host did not register onTrafficSyncRequested" });
+          log11.warn("traffic-sync.no-callback", { scheduleId, projectId, msg: "host did not register onTrafficSyncRequested" });
           return;
         }
         this.db.update(schedules).set({
           lastRunAt: now,
           nextRunAt,
           updatedAt: now
-        }).where(eq37(schedules.id, currentSchedule.id)).run();
-        log10.info("traffic-sync.triggered", { projectName: project.name, sourceId });
+        }).where(eq38(schedules.id, currentSchedule.id)).run();
+        log11.info("traffic-sync.triggered", { projectName: project.name, sourceId });
         this.callbacks.onTrafficSyncRequested(project.name, sourceId);
         return;
       }
@@ -30908,7 +32413,7 @@ var Scheduler = class {
       if (project.defaultLocation) {
         const loc = projectLocations.find((l) => l.label === project.defaultLocation);
         if (!loc) {
-          log10.warn("default-location.stale", { scheduleId, projectId, label: project.defaultLocation });
+          log11.warn("default-location.stale", { scheduleId, projectId, label: project.defaultLocation });
           return;
         }
         resolvedLocation = loc;
@@ -30922,11 +32427,11 @@ var Scheduler = class {
         location: locationLabel
       });
       if (queueResult.conflict) {
-        log10.info("run.skipped-active", { projectName: project.name, activeRunId: queueResult.activeRunId });
+        log11.info("run.skipped-active", { projectName: project.name, activeRunId: queueResult.activeRunId });
         this.db.update(schedules).set({
           nextRunAt,
           updatedAt: now
-        }).where(eq37(schedules.id, currentSchedule.id)).run();
+        }).where(eq38(schedules.id, currentSchedule.id)).run();
         return;
       }
       const runId = queueResult.runId;
@@ -30934,21 +32439,21 @@ var Scheduler = class {
         lastRunAt: now,
         nextRunAt,
         updatedAt: now
-      }).where(eq37(schedules.id, currentSchedule.id)).run();
+      }).where(eq38(schedules.id, currentSchedule.id)).run();
       const scheduleProviders = currentSchedule.providers;
       const providers = scheduleProviders.length > 0 ? scheduleProviders : void 0;
-      log10.info("run.triggered", { runId, projectName: project.name, providers: providers ?? "all" });
+      log11.info("run.triggered", { runId, projectName: project.name, providers: providers ?? "all" });
       this.callbacks.onRunCreated(runId, projectId, providers, resolvedLocation);
     } catch (err) {
-      log10.error("trigger.error", { scheduleId, projectId, kind, error: err instanceof Error ? err.message : String(err) });
+      log11.error("trigger.error", { scheduleId, projectId, kind, error: err instanceof Error ? err.message : String(err) });
     }
   }
 };
 
 // src/notifier.ts
-import { eq as eq38, desc as desc18, and as and31, inArray as inArray13, or as or5 } from "drizzle-orm";
-import crypto33 from "crypto";
-var log11 = createLogger("Notifier");
+import { eq as eq39, desc as desc19, and as and32, inArray as inArray14, or as or5 } from "drizzle-orm";
+import crypto37 from "crypto";
+var log12 = createLogger("Notifier");
 var Notifier = class {
   db;
   serverUrl;
@@ -30958,26 +32463,26 @@ var Notifier = class {
   }
   /** Called after a run completes (success, partial, or failed). */
   async onRunCompleted(runId, projectId) {
-    log11.info("run.completed", { runId, projectId });
-    const notifs = this.db.select().from(notifications).where(eq38(notifications.projectId, projectId)).all().filter((n) => n.enabled);
+    log12.info("run.completed", { runId, projectId });
+    const notifs = this.db.select().from(notifications).where(eq39(notifications.projectId, projectId)).all().filter((n) => n.enabled);
     if (notifs.length === 0) {
-      log11.info("notifications.none-enabled", { projectId });
+      log12.info("notifications.none-enabled", { projectId });
       return;
     }
-    log11.info("notifications.found", { projectId, count: notifs.length });
-    const run = this.db.select().from(runs).where(eq38(runs.id, runId)).get();
+    log12.info("notifications.found", { projectId, count: notifs.length });
+    const run = this.db.select().from(runs).where(eq39(runs.id, runId)).get();
     if (!run) {
-      log11.error("run.not-found", { runId, msg: "skipping notification dispatch" });
+      log12.error("run.not-found", { runId, msg: "skipping notification dispatch" });
       return;
     }
-    const project = this.db.select().from(projects).where(eq38(projects.id, projectId)).get();
+    const project = this.db.select().from(projects).where(eq39(projects.id, projectId)).get();
     if (!project) {
-      log11.error("project.not-found", { projectId, msg: "skipping notification dispatch" });
+      log12.error("project.not-found", { projectId, msg: "skipping notification dispatch" });
       return;
     }
     const transitions = this.computeTransitions(runId, projectId);
     const events = [];
-    log11.info("run.status", { runId: run.id, status: run.status, projectId });
+    log12.info("run.status", { runId: run.id, status: run.status, projectId });
     if (run.status === "completed" || run.status === "partial") {
       events.push("run.completed");
     }
@@ -30993,7 +32498,7 @@ var Notifier = class {
       if (!config.url) continue;
       const subscribedEvents = config.events;
       const matchingEvents = events.filter((e) => subscribedEvents.includes(e));
-      log11.info("notification.match", { notificationId: notif.id, subscribedEvents, matchedEvents: matchingEvents });
+      log12.info("notification.match", { notificationId: notif.id, subscribedEvents, matchedEvents: matchingEvents });
       if (matchingEvents.length === 0) continue;
       for (const event of matchingEvents) {
         const relevantTransitions = event === "citation.lost" ? lostTransitions : event === "citation.gained" ? gainedTransitions : transitions;
@@ -31017,11 +32522,11 @@ var Notifier = class {
     if (criticalInsights.length > 0) insightEvents.push("insight.critical");
     if (highInsights.length > 0) insightEvents.push("insight.high");
     if (insightEvents.length === 0) return;
-    const notifs = this.db.select().from(notifications).where(eq38(notifications.projectId, projectId)).all().filter((n) => n.enabled);
+    const notifs = this.db.select().from(notifications).where(eq39(notifications.projectId, projectId)).all().filter((n) => n.enabled);
     if (notifs.length === 0) return;
-    const run = this.db.select().from(runs).where(eq38(runs.id, runId)).get();
+    const run = this.db.select().from(runs).where(eq39(runs.id, runId)).get();
     if (!run) return;
-    const project = this.db.select().from(projects).where(eq38(projects.id, projectId)).get();
+    const project = this.db.select().from(projects).where(eq39(projects.id, projectId)).get();
     if (!project) return;
     for (const notif of notifs) {
       const config = notif.config;
@@ -31051,12 +32556,12 @@ var Notifier = class {
     }
   }
   computeTransitions(runId, projectId) {
-    const thisRun = this.db.select().from(runs).where(eq38(runs.id, runId)).get();
+    const thisRun = this.db.select().from(runs).where(eq39(runs.id, runId)).get();
     if (!thisRun) return [];
-    const groupSiblings = this.db.select().from(runs).where(and31(
-      eq38(runs.projectId, projectId),
-      eq38(runs.kind, thisRun.kind),
-      eq38(runs.createdAt, thisRun.createdAt)
+    const groupSiblings = this.db.select().from(runs).where(and32(
+      eq39(runs.projectId, projectId),
+      eq39(runs.kind, thisRun.kind),
+      eq39(runs.createdAt, thisRun.createdAt)
     )).all();
     const stillPending = groupSiblings.some((r) => r.status === "queued" || r.status === "running");
     if (stillPending) return [];
@@ -31072,19 +32577,19 @@ var Notifier = class {
       return candidate.id > best.id ? candidate : best;
     });
     if (winner.id !== runId) return [];
-    const projectLocations = this.db.select({ locations: projects.locations }).from(projects).where(eq38(projects.id, projectId)).get();
+    const projectLocations = this.db.select({ locations: projects.locations }).from(projects).where(eq39(projects.id, projectId)).get();
     const locationCount = Math.max(
       1,
       (projectLocations?.locations ?? []).length
     );
     const RECENT_FETCH_LIMIT = Math.max(8, locationCount * 4);
     const recentRuns = this.db.select().from(runs).where(
-      and31(
-        eq38(runs.projectId, projectId),
-        eq38(runs.kind, thisRun.kind),
-        or5(eq38(runs.status, "completed"), eq38(runs.status, "partial"))
+      and32(
+        eq39(runs.projectId, projectId),
+        eq39(runs.kind, thisRun.kind),
+        or5(eq39(runs.status, "completed"), eq39(runs.status, "partial"))
       )
-    ).orderBy(desc18(runs.createdAt), desc18(runs.id)).limit(RECENT_FETCH_LIMIT).all();
+    ).orderBy(desc19(runs.createdAt), desc19(runs.id)).limit(RECENT_FETCH_LIMIT).all();
     const groups = groupRunsByCreatedAt(recentRuns);
     const currentGroupIdx = groups.findIndex((g) => g[0]?.createdAt === thisRun.createdAt);
     if (currentGroupIdx < 0) return [];
@@ -31099,13 +32604,13 @@ var Notifier = class {
       provider: querySnapshots.provider,
       location: querySnapshots.location,
       citationState: querySnapshots.citationState
-    }).from(querySnapshots).leftJoin(queries, eq38(querySnapshots.queryId, queries.id)).where(inArray13(querySnapshots.runId, currentRunIds)).all();
+    }).from(querySnapshots).leftJoin(queries, eq39(querySnapshots.queryId, queries.id)).where(inArray14(querySnapshots.runId, currentRunIds)).all();
     const previousSnapshots = this.db.select({
       queryId: querySnapshots.queryId,
       provider: querySnapshots.provider,
       location: querySnapshots.location,
       citationState: querySnapshots.citationState
-    }).from(querySnapshots).where(inArray13(querySnapshots.runId, previousRunIds)).all();
+    }).from(querySnapshots).where(inArray14(querySnapshots.runId, previousRunIds)).all();
     const prevMap = /* @__PURE__ */ new Map();
     for (const s of previousSnapshots) {
       if (s.queryId == null) continue;
@@ -31132,23 +32637,23 @@ var Notifier = class {
     const targetLabel = redactNotificationUrl(url).urlDisplay;
     const targetCheck = await resolveWebhookTarget(url);
     if (!targetCheck.ok) {
-      log11.error("webhook.ssrf-blocked", { url: targetLabel, reason: targetCheck.message });
+      log12.error("webhook.ssrf-blocked", { url: targetLabel, reason: targetCheck.message });
       this.logDelivery(projectId, notificationId, payload.event, "failed", `SSRF: ${targetCheck.message}`);
       return;
     }
-    log11.info("webhook.send", { event: payload.event, url: targetLabel });
+    log12.info("webhook.send", { event: payload.event, url: targetLabel });
     const maxRetries = 3;
     const delays = [1e3, 4e3, 16e3];
     for (let attempt = 0; attempt < maxRetries; attempt++) {
       try {
         const response = await deliverWebhook(targetCheck.target, payload, webhookSecret);
         if (response.status >= 200 && response.status < 300) {
-          log11.info("webhook.delivered", { event: payload.event, url: targetLabel, httpStatus: response.status });
+          log12.info("webhook.delivered", { event: payload.event, url: targetLabel, httpStatus: response.status });
           this.logDelivery(projectId, notificationId, payload.event, "sent", null);
           return;
         }
         const errorDetail = response.error ?? `HTTP ${response.status}`;
-        log11.warn("webhook.attempt-failed", { event: payload.event, url: targetLabel, attempt: attempt + 1, maxRetries, httpStatus: response.status, error: errorDetail });
+        log12.warn("webhook.attempt-failed", { event: payload.event, url: targetLabel, attempt: attempt + 1, maxRetries, httpStatus: response.status, error: errorDetail });
         if (attempt === maxRetries - 1) {
           this.logDelivery(projectId, notificationId, payload.event, "failed", errorDetail);
         }
@@ -31156,7 +32661,7 @@ var Notifier = class {
         const errorDetail = err instanceof Error ? err.message : String(err);
         if (attempt === maxRetries - 1) {
           this.logDelivery(projectId, notificationId, payload.event, "failed", errorDetail);
-          log11.error("webhook.exhausted", { event: payload.event, url: targetLabel, maxRetries, error: errorDetail });
+          log12.error("webhook.exhausted", { event: payload.event, url: targetLabel, maxRetries, error: errorDetail });
         }
       }
       if (attempt < maxRetries - 1) {
@@ -31166,7 +32671,7 @@ var Notifier = class {
   }
   logDelivery(projectId, notificationId, event, status, error) {
     this.db.insert(auditLog).values({
-      id: crypto33.randomUUID(),
+      id: crypto37.randomUUID(),
       projectId,
       actor: "scheduler",
       action: `notification.${status}`,
@@ -31179,8 +32684,8 @@ var Notifier = class {
 };
 
 // src/run-coordinator.ts
-import { eq as eq39 } from "drizzle-orm";
-var log12 = createLogger("RunCoordinator");
+import { eq as eq40 } from "drizzle-orm";
+var log13 = createLogger("RunCoordinator");
 var RunCoordinator = class {
   constructor(db, notifier, intelligenceService, onInsightsGenerated, onAeroEvent) {
     this.db = db;
@@ -31190,10 +32695,10 @@ var RunCoordinator = class {
     this.onAeroEvent = onAeroEvent;
   }
   async onRunCompleted(runId, projectId) {
-    const runRow = this.db.select().from(runs).where(eq39(runs.id, runId)).get();
+    const runRow = this.db.select().from(runs).where(eq40(runs.id, runId)).get();
     const kind = runRow?.kind ?? RunKinds["answer-visibility"];
     if (runRow?.trigger === RunTriggers.probe) {
-      log12.info("probe.skip-side-effects", { runId, projectId, kind });
+      log13.info("probe.skip-side-effects", { runId, projectId, kind });
       return;
     }
     let insightCount = 0;
@@ -31210,18 +32715,18 @@ var RunCoordinator = class {
             try {
               await this.onInsightsGenerated(runId, projectId, result);
             } catch (err) {
-              log12.error("insight-webhook.failed", { runId, error: err instanceof Error ? err.message : String(err) });
+              log13.error("insight-webhook.failed", { runId, error: err instanceof Error ? err.message : String(err) });
             }
           }
         }
       } catch (err) {
-        log12.error("intelligence.failed", { runId, error: err instanceof Error ? err.message : String(err) });
+        log13.error("intelligence.failed", { runId, error: err instanceof Error ? err.message : String(err) });
       }
     }
     try {
       await this.notifier.onRunCompleted(runId, projectId);
     } catch (err) {
-      log12.error("notifier.failed", { runId, error: err instanceof Error ? err.message : String(err) });
+      log13.error("notifier.failed", { runId, error: err instanceof Error ? err.message : String(err) });
     }
     if (this.onAeroEvent) {
       try {
@@ -31234,7 +32739,7 @@ var RunCoordinator = class {
         };
         await this.onAeroEvent(ctx);
       } catch (err) {
-        log12.error("aero.failed", { runId, error: err instanceof Error ? err.message : String(err) });
+        log13.error("aero.failed", { runId, error: err instanceof Error ? err.message : String(err) });
       }
     }
   }
@@ -31249,7 +32754,7 @@ var RunCoordinator = class {
    * so the Aero queue is never starved of a follow-up.
    */
   buildDiscoveryAeroContext(runId, projectId, status, error) {
-    const session = this.db.select().from(discoverySessions).where(eq39(discoverySessions.runId, runId)).get();
+    const session = this.db.select().from(discoverySessions).where(eq40(discoverySessions.runId, runId)).get();
     const competitorMap = session ? session.competitorMap : [];
     return {
       kind: RunKinds["aeo-discover-probe"],
@@ -31271,12 +32776,12 @@ var RunCoordinator = class {
 };
 
 // src/agent/session-registry.ts
-import crypto35 from "crypto";
-import { eq as eq41 } from "drizzle-orm";
+import crypto39 from "crypto";
+import { eq as eq42 } from "drizzle-orm";
 
 // src/agent/session.ts
-import fs14 from "fs";
-import path14 from "path";
+import fs15 from "fs";
+import path15 from "path";
 import { Agent } from "@mariozechner/pi-agent-core";
 import { registerBuiltInApiProviders } from "@mariozechner/pi-ai";
 
@@ -31416,26 +32921,26 @@ function buildAgentProvidersResponse(config) {
 }
 
 // src/agent/skill-paths.ts
-import fs12 from "fs";
-import path12 from "path";
-import { fileURLToPath } from "url";
+import fs13 from "fs";
+import path13 from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
 function resolveAeroSkillDir(pkgDir) {
-  const here = pkgDir ?? path12.dirname(fileURLToPath(import.meta.url));
+  const here = pkgDir ?? path13.dirname(fileURLToPath2(import.meta.url));
   const candidates = [
-    path12.join(here, "../assets/agent-workspace/skills/aero"),
-    path12.join(here, "../../assets/agent-workspace/skills/aero"),
-    path12.join(here, "../../../../skills/aero")
+    path13.join(here, "../assets/agent-workspace/skills/aero"),
+    path13.join(here, "../../assets/agent-workspace/skills/aero"),
+    path13.join(here, "../../../../skills/aero")
   ];
   for (const candidate of candidates) {
-    if (fs12.existsSync(path12.join(candidate, "SKILL.md"))) return candidate;
+    if (fs13.existsSync(path13.join(candidate, "SKILL.md"))) return candidate;
   }
   throw new Error(`Aero skill not found. Searched:
   ${candidates.join("\n  ")}`);
 }
 
 // src/agent/skill-tools.ts
-import fs13 from "fs";
-import path13 from "path";
+import fs14 from "fs";
+import path14 from "path";
 import { Type } from "@sinclair/typebox";
 var MAX_DOC_CHARS = 2e4;
 function textResult(details) {
@@ -31444,7 +32949,7 @@ function textResult(details) {
     details
   };
 }
-function parseDescription(body) {
+function parseDescription2(body) {
   if (!body.startsWith("---")) return "(no description)";
   const end = body.indexOf("\n---", 3);
   if (end === -1) return "(no description)";
@@ -31456,16 +32961,16 @@ function parseDescription(body) {
   return "(no description)";
 }
 function scanSkillDocs(skillDir) {
-  const refsDir = path13.join(skillDir ?? resolveAeroSkillDir(), "references");
-  if (!fs13.existsSync(refsDir)) return [];
+  const refsDir = path14.join(skillDir ?? resolveAeroSkillDir(), "references");
+  if (!fs14.existsSync(refsDir)) return [];
   const entries = [];
-  for (const file of fs13.readdirSync(refsDir)) {
+  for (const file of fs14.readdirSync(refsDir)) {
     if (!file.endsWith(".md")) continue;
-    const filePath = path13.join(refsDir, file);
-    const body = fs13.readFileSync(filePath, "utf-8");
+    const filePath = path14.join(refsDir, file);
+    const body = fs14.readFileSync(filePath, "utf-8");
     entries.push({
       slug: file.replace(/\.md$/, ""),
-      description: parseDescription(body),
+      description: parseDescription2(body),
       bytes: Buffer.byteLength(body, "utf-8")
     });
   }
@@ -31505,8 +33010,8 @@ function buildReadSkillDocTool() {
           availableSlugs: docs.map((d) => d.slug)
         });
       }
-      const filePath = path13.join(skillDir, "references", `${match.slug}.md`);
-      const content = fs13.readFileSync(filePath, "utf-8");
+      const filePath = path14.join(skillDir, "references", `${match.slug}.md`);
+      const content = fs14.readFileSync(filePath, "utf-8");
       if (content.length > MAX_DOC_CHARS) {
         return textResult({
           slug: match.slug,
@@ -31600,10 +33105,10 @@ function ensureBuiltinsRegistered() {
 }
 function loadAeroSystemPrompt(pkgDir) {
   const skillDir = resolveAeroSkillDir(pkgDir);
-  const skillBody = fs14.readFileSync(path14.join(skillDir, "SKILL.md"), "utf-8");
-  const soulPath = path14.join(skillDir, "soul.md");
-  if (!fs14.existsSync(soulPath)) return skillBody;
-  const soulBody = fs14.readFileSync(soulPath, "utf-8");
+  const skillBody = fs15.readFileSync(path15.join(skillDir, "SKILL.md"), "utf-8");
+  const soulPath = path15.join(skillDir, "soul.md");
+  if (!fs15.existsSync(soulPath)) return skillBody;
+  const soulBody = fs15.readFileSync(soulPath, "utf-8");
   return `${soulBody.trimEnd()}
 
 ---
@@ -31660,8 +33165,8 @@ function resolveSessionProviderAndModel(config, opts) {
 }
 
 // src/agent/memory-store.ts
-import crypto34 from "crypto";
-import { and as and32, desc as desc19, eq as eq40, like as like2, sql as sql16 } from "drizzle-orm";
+import crypto38 from "crypto";
+import { and as and33, desc as desc20, eq as eq41, like as like2, sql as sql16 } from "drizzle-orm";
 var COMPACTION_KEY_PREFIX = "compaction:";
 var COMPACTION_NOTES_PER_SESSION = 3;
 function rowToDto2(row) {
@@ -31675,7 +33180,7 @@ function rowToDto2(row) {
   };
 }
 function listMemoryEntries(db, projectId, opts = {}) {
-  const query = db.select().from(agentMemory).where(eq40(agentMemory.projectId, projectId)).orderBy(desc19(agentMemory.updatedAt));
+  const query = db.select().from(agentMemory).where(eq41(agentMemory.projectId, projectId)).orderBy(desc20(agentMemory.updatedAt));
   const rows = opts.limit === void 0 ? query.all() : query.limit(opts.limit).all();
   return rows.map(rowToDto2);
 }
@@ -31689,7 +33194,7 @@ function upsertMemoryEntry(db, args) {
     throw new Error(`memory key prefix "${COMPACTION_KEY_PREFIX}" is reserved for compaction notes`);
   }
   const now = (/* @__PURE__ */ new Date()).toISOString();
-  const id = crypto34.randomUUID();
+  const id = crypto38.randomUUID();
   db.insert(agentMemory).values({
     id,
     projectId: args.projectId,
@@ -31706,12 +33211,12 @@ function upsertMemoryEntry(db, args) {
       updatedAt: now
     }
   }).run();
-  const row = db.select().from(agentMemory).where(and32(eq40(agentMemory.projectId, args.projectId), eq40(agentMemory.key, args.key))).get();
+  const row = db.select().from(agentMemory).where(and33(eq41(agentMemory.projectId, args.projectId), eq41(agentMemory.key, args.key))).get();
   if (!row) throw new Error("memory upsert produced no row");
   return rowToDto2(row);
 }
 function deleteMemoryEntry(db, projectId, key) {
-  const result = db.delete(agentMemory).where(and32(eq40(agentMemory.projectId, projectId), eq40(agentMemory.key, key))).run();
+  const result = db.delete(agentMemory).where(and33(eq41(agentMemory.projectId, projectId), eq41(agentMemory.key, key))).run();
   const changes = result.changes ?? 0;
   return changes > 0;
 }
@@ -31726,7 +33231,7 @@ function writeCompactionNote(db, args) {
   }
   const now = (/* @__PURE__ */ new Date()).toISOString();
   const key = `${COMPACTION_KEY_PREFIX}${args.sessionId}:${now}`;
-  const id = crypto34.randomUUID();
+  const id = crypto38.randomUUID();
   let inserted;
   db.transaction((tx) => {
     tx.insert(agentMemory).values({
@@ -31740,16 +33245,16 @@ function writeCompactionNote(db, args) {
     }).run();
     const sessionPrefix = `${COMPACTION_KEY_PREFIX}${args.sessionId}:`;
     const existing = tx.select({ id: agentMemory.id, updatedAt: agentMemory.updatedAt }).from(agentMemory).where(
-      and32(
-        eq40(agentMemory.projectId, args.projectId),
+      and33(
+        eq41(agentMemory.projectId, args.projectId),
         like2(agentMemory.key, `${sessionPrefix}%`)
       )
-    ).orderBy(desc19(agentMemory.updatedAt)).all();
+    ).orderBy(desc20(agentMemory.updatedAt)).all();
     const stale = existing.slice(COMPACTION_NOTES_PER_SESSION).map((r) => r.id);
     if (stale.length > 0) {
       tx.delete(agentMemory).where(sql16`${agentMemory.id} IN (${sql16.join(stale.map((s) => sql16`${s}`), sql16`, `)})`).run();
     }
-    const row = tx.select().from(agentMemory).where(and32(eq40(agentMemory.projectId, args.projectId), eq40(agentMemory.key, key))).get();
+    const row = tx.select().from(agentMemory).where(and33(eq41(agentMemory.projectId, args.projectId), eq41(agentMemory.key, key))).get();
     if (row) inserted = rowToDto2(row);
   });
   if (!inserted) throw new Error("compaction note write produced no row");
@@ -31882,7 +33387,7 @@ async function compactMessages(args) {
 }
 
 // src/agent/session-registry.ts
-var log13 = createLogger("SessionRegistry");
+var log14 = createLogger("SessionRegistry");
 var MAX_HYDRATE_NOTES = 20;
 var MAX_HYDRATE_BYTES = 32 * 1024;
 function escapeMemoryFragment(value) {
@@ -31931,7 +33436,7 @@ var SessionRegistry = class {
           modelProvider: effectiveProvider,
           modelId: effectiveModelId,
           updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-        }).where(eq41(agentSessions.projectId, projectId)).run();
+        }).where(eq42(agentSessions.projectId, projectId)).run();
       }
       const agent2 = createAeroSession({
         projectName,
@@ -32109,13 +33614,13 @@ ${lines.join("\n")}
       agent.state.messages = result.messages;
       agent.state.systemPrompt = this.buildHydratedSystemPrompt(projectId, row.systemPrompt);
       this.save(projectName);
-      log13.info("compaction.completed", {
+      log14.info("compaction.completed", {
         projectName,
         removedCount: result.removedCount,
         summaryBytes: Buffer.byteLength(result.summary, "utf8")
       });
     } catch (err) {
-      log13.error("compaction.failed", {
+      log14.error("compaction.failed", {
         projectName,
         error: err instanceof Error ? err.message : String(err)
       });
@@ -32145,7 +33650,7 @@ ${lines.join("\n")}
       modelProvider: nextProvider,
       modelId: nextModelId,
       updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-    }).where(eq41(agentSessions.projectId, projectId)).run();
+    }).where(eq42(agentSessions.projectId, projectId)).run();
   }
   /** Persist a session's transcript back to the DB. Call after any run settles. */
   save(projectName) {
@@ -32212,7 +33717,7 @@ ${lines.join("\n")}
       await agent.prompt(msgs);
       this.save(projectName);
     } catch (err) {
-      log13.error("drain.failed", {
+      log14.error("drain.failed", {
         projectName,
         error: err instanceof Error ? err.message : String(err)
       });
@@ -32307,17 +33812,17 @@ ${lines.join("\n")}
     return id;
   }
   tryResolveProjectId(projectName) {
-    const row = this.opts.db.select({ id: projects.id }).from(projects).where(eq41(projects.name, projectName)).get();
+    const row = this.opts.db.select({ id: projects.id }).from(projects).where(eq42(projects.name, projectName)).get();
     return row?.id;
   }
   loadRow(projectId) {
-    const row = this.opts.db.select().from(agentSessions).where(eq41(agentSessions.projectId, projectId)).get();
+    const row = this.opts.db.select().from(agentSessions).where(eq42(agentSessions.projectId, projectId)).get();
     return row ?? null;
   }
   insertRow(params) {
     const now = (/* @__PURE__ */ new Date()).toISOString();
     this.opts.db.insert(agentSessions).values({
-      id: crypto35.randomUUID(),
+      id: crypto39.randomUUID(),
       projectId: params.projectId,
       systemPrompt: params.systemPrompt,
       modelProvider: params.provider ?? params.modelProvider ?? AgentProviderIds.claude,
@@ -32330,14 +33835,14 @@ ${lines.join("\n")}
   }
   updateRow(projectId, patch) {
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    this.opts.db.update(agentSessions).set({ ...patch, updatedAt: now }).where(eq41(agentSessions.projectId, projectId)).run();
+    this.opts.db.update(agentSessions).set({ ...patch, updatedAt: now }).where(eq42(agentSessions.projectId, projectId)).run();
   }
 };
 
 // src/agent/agent-routes.ts
-import { eq as eq42 } from "drizzle-orm";
+import { eq as eq43 } from "drizzle-orm";
 function resolveProject2(db, name) {
-  const row = db.select({ id: projects.id, name: projects.name }).from(projects).where(eq42(projects.name, name)).get();
+  const row = db.select({ id: projects.id, name: projects.name }).from(projects).where(eq43(projects.name, name)).get();
   if (!row) throw notFound("project", name);
   return row;
 }
@@ -32346,7 +33851,7 @@ function registerAgentRoutes(app, opts) {
     "/projects/:name/agent/transcript",
     async (request) => {
       const project = resolveProject2(opts.db, request.params.name);
-      const row = opts.db.select().from(agentSessions).where(eq42(agentSessions.projectId, project.id)).get();
+      const row = opts.db.select().from(agentSessions).where(eq43(agentSessions.projectId, project.id)).get();
       if (!row) {
         return { messages: [], modelProvider: null, modelId: null, updatedAt: null };
       }
@@ -32370,7 +33875,7 @@ function registerAgentRoutes(app, opts) {
     async (request) => {
       const project = resolveProject2(opts.db, request.params.name);
       opts.sessionRegistry.reset(project.name);
-      opts.db.update(agentSessions).set({ messages: "[]", followUpQueue: "[]", updatedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq42(agentSessions.projectId, project.id)).run();
+      opts.db.update(agentSessions).set({ messages: "[]", followUpQueue: "[]", updatedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq43(agentSessions.projectId, project.id)).run();
       return { status: "reset" };
     }
   );
@@ -32629,13 +34134,13 @@ function extractHostname(domain) {
 function fetchWithPinnedAddress(target) {
   return new Promise((resolve) => {
     const port = target.url.port ? Number(target.url.port) : 443;
-    const path16 = target.url.pathname + target.url.search;
+    const path17 = target.url.pathname + target.url.search;
     const req = https2.request(
       {
         hostname: target.address,
         family: target.family,
         port,
-        path: path16,
+        path: path17,
         method: "GET",
         timeout: FETCH_TIMEOUT_MS2,
         servername: target.url.hostname,
@@ -32727,7 +34232,7 @@ function formatAuditFactorScore(factor) {
 }
 
 // src/snapshot-service.ts
-var log14 = createLogger("Snapshot");
+var log15 = createLogger("Snapshot");
 var ANALYSIS_PROVIDER_PRIORITY = ["openai", "claude", "gemini", "perplexity", "local"];
 var SNAPSHOT_QUERY_COUNT = 6;
 var ProviderExecutionGate2 = class {
@@ -32870,7 +34375,7 @@ var SnapshotService = class {
       return mapAuditReport(report);
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
-      log14.warn("audit.failed", { homepageUrl, error: message });
+      log15.warn("audit.failed", { homepageUrl, error: message });
       return {
         url: homepageUrl,
         finalUrl: homepageUrl,
@@ -32900,7 +34405,7 @@ var SnapshotService = class {
           queries: parsedQueries
         };
       } catch (err) {
-        log14.warn("profile.generation-failed", {
+        log15.warn("profile.generation-failed", {
           domain: ctx.domain,
           provider: ctx.analysisProvider.adapter.name,
           error: err instanceof Error ? err.message : String(err)
@@ -33042,7 +34547,7 @@ var SnapshotService = class {
         recommendedActions: uniqueStrings(parsed.recommendedActions ?? []).slice(0, 4)
       };
     } catch (err) {
-      log14.warn("response.analysis-failed", {
+      log15.warn("response.analysis-failed", {
         provider: ctx.analysisProvider.adapter.name,
         error: err instanceof Error ? err.message : String(err)
       });
@@ -33327,7 +34832,7 @@ function clipText(value, length) {
 // src/server.ts
 var _require3 = createRequire4(import.meta.url);
 var { version: PKG_VERSION2 } = _require3("../package.json");
-var log15 = createLogger("Server");
+var log16 = createLogger("Server");
 var DEFAULT_QUOTA = {
   maxConcurrency: 2,
   maxRequestsPerMinute: 10,
@@ -33357,14 +34862,14 @@ function summarizeProviderConfig(provider, config) {
   };
 }
 function hashApiKey(key) {
-  return crypto36.createHash("sha256").update(key).digest("hex");
+  return crypto40.createHash("sha256").update(key).digest("hex");
 }
 var DASHBOARD_SCRYPT_KEYLEN = 64;
 var DASHBOARD_SCRYPT_COST = 1 << 15;
 var DASHBOARD_SCRYPT_MAXMEM = 64 * 1024 * 1024;
 function hashDashboardPassword(password) {
-  const salt = crypto36.randomBytes(16);
-  const derived = crypto36.scryptSync(password, salt, DASHBOARD_SCRYPT_KEYLEN, {
+  const salt = crypto40.randomBytes(16);
+  const derived = crypto40.scryptSync(password, salt, DASHBOARD_SCRYPT_KEYLEN, {
     N: DASHBOARD_SCRYPT_COST,
     maxmem: DASHBOARD_SCRYPT_MAXMEM
   });
@@ -33385,18 +34890,18 @@ function verifyDashboardPassword(password, storedHash) {
     } catch {
       return { ok: false, needsRehash: false };
     }
-    const derived = crypto36.scryptSync(password, salt, expected.length, {
+    const derived = crypto40.scryptSync(password, salt, expected.length, {
       N: DASHBOARD_SCRYPT_COST,
       maxmem: DASHBOARD_SCRYPT_MAXMEM
     });
     if (derived.length !== expected.length) return { ok: false, needsRehash: false };
-    return { ok: crypto36.timingSafeEqual(derived, expected), needsRehash: false };
+    return { ok: crypto40.timingSafeEqual(derived, expected), needsRehash: false };
   }
   if (/^[a-f0-9]{64}$/i.test(storedHash)) {
     const candidate = Buffer.from(hashApiKey(password), "hex");
     const expected = Buffer.from(storedHash, "hex");
     if (candidate.length !== expected.length) return { ok: false, needsRehash: false };
-    const ok = crypto36.timingSafeEqual(candidate, expected);
+    const ok = crypto40.timingSafeEqual(candidate, expected);
     return { ok, needsRehash: ok };
   }
   return { ok: false, needsRehash: false };
@@ -33455,7 +34960,7 @@ function applyLegacyCredentials(rows, config) {
   }
   if (migratedGoogle > 0) {
     saveConfigPatch({ google: config.google });
-    log15.info("credentials.migrated", { type: "google", count: migratedGoogle });
+    log16.info("credentials.migrated", { type: "google", count: migratedGoogle });
   }
   let migratedGa4 = 0;
   for (const row of rows.ga4) {
@@ -33473,7 +34978,7 @@ function applyLegacyCredentials(rows, config) {
   }
   if (migratedGa4 > 0) {
     saveConfigPatch({ ga4: config.ga4 });
-    log15.info("credentials.migrated", { type: "ga4", count: migratedGa4 });
+    log16.info("credentials.migrated", { type: "ga4", count: migratedGa4 });
   }
 }
 async function createServer(opts) {
@@ -33505,11 +35010,11 @@ async function createServer(opts) {
     applyLegacyCredentials(legacyRows, opts.config);
     dropLegacyCredentialColumns(opts.db);
   } catch (err) {
-    log15.warn("credentials.migration.failed", {
+    log16.warn("credentials.migration.failed", {
       error: err instanceof Error ? err.message : String(err)
     });
   }
-  log15.info("providers.configured", { providers: Object.keys(providers).filter((k) => {
+  log16.info("providers.configured", { providers: Object.keys(providers).filter((k) => {
     const p = providers[k];
     return p?.apiKey || p?.baseUrl || p?.vertexProject;
   }) });
@@ -33558,7 +35063,7 @@ async function createServer(opts) {
     intelligenceService,
     (runId, projectId, result) => notifier.dispatchInsightWebhooks(runId, projectId, result),
     async (ctx) => {
-      const project = opts.db.select({ name: projects.name }).from(projects).where(eq43(projects.id, ctx.projectId)).get();
+      const project = opts.db.select({ name: projects.name }).from(projects).where(eq44(projects.id, ctx.projectId)).get();
       if (!project) return;
       let content;
       if (ctx.kind === RunKinds["aeo-discover-probe"]) {
@@ -33581,8 +35086,8 @@ async function createServer(opts) {
   );
   jobRunner.onRunCompleted = (runId, projectId) => runCoordinator.onRunCompleted(runId, projectId);
   const snapshotService = new SnapshotService(registry);
-  const orphanedOpenClawDir = path15.join(os6.homedir(), ".openclaw-aero");
-  if (fs15.existsSync(orphanedOpenClawDir)) {
+  const orphanedOpenClawDir = path16.join(os7.homedir(), ".openclaw-aero");
+  if (fs16.existsSync(orphanedOpenClawDir)) {
     app.log.warn(
       { path: orphanedOpenClawDir },
       "OpenClaw gateway is no longer used. Remove ~/.openclaw-aero/ manually to reclaim the directory."
@@ -33715,7 +35220,7 @@ async function createServer(opts) {
       return removed;
     }
   };
-  const googleStateSecret = process.env.GOOGLE_STATE_SECRET ?? crypto36.randomBytes(32).toString("hex");
+  const googleStateSecret = process.env.GOOGLE_STATE_SECRET ?? crypto40.randomBytes(32).toString("hex");
   const googleConnectionStore = {
     listConnections: (domain) => listGoogleConnections(opts.config, domain),
     getConnection: (domain, connectionType) => getGoogleConnection(opts.config, domain, connectionType),
@@ -33761,11 +35266,11 @@ async function createServer(opts) {
   const apiPrefix = basePath ? `${basePath}api/v1` : "/api/v1";
   if (opts.config.apiKey) {
     const keyHash = hashApiKey(opts.config.apiKey);
-    const existing = opts.db.select().from(apiKeys).where(eq43(apiKeys.keyHash, keyHash)).get();
+    const existing = opts.db.select().from(apiKeys).where(eq44(apiKeys.keyHash, keyHash)).get();
     if (!existing) {
       const prefix = opts.config.apiKey.slice(0, 12);
       opts.db.insert(apiKeys).values({
-        id: `key_${crypto36.randomBytes(8).toString("hex")}`,
+        id: `key_${crypto40.randomBytes(8).toString("hex")}`,
         name: "default",
         keyHash,
         keyPrefix: prefix,
@@ -33789,7 +35294,7 @@ async function createServer(opts) {
   };
   const createSession = (apiKeyId) => {
     pruneExpiredSessions();
-    const sessionId = crypto36.randomBytes(32).toString("hex");
+    const sessionId = crypto40.randomBytes(32).toString("hex");
     sessions.set(sessionId, {
       apiKeyId,
       expiresAt: Date.now() + SESSION_TTL_MS
@@ -33813,7 +35318,7 @@ async function createServer(opts) {
   };
   const getDefaultApiKey = () => {
     if (!opts.config.apiKey) return void 0;
-    return opts.db.select().from(apiKeys).where(eq43(apiKeys.keyHash, hashApiKey(opts.config.apiKey))).get();
+    return opts.db.select().from(apiKeys).where(eq44(apiKeys.keyHash, hashApiKey(opts.config.apiKey))).get();
   };
   const createPasswordSession = (reply) => {
     const key = getDefaultApiKey();
@@ -33875,12 +35380,12 @@ async function createServer(opts) {
       return reply.send({ authenticated: true });
     }
     if (apiKey) {
-      const key = opts.db.select().from(apiKeys).where(eq43(apiKeys.keyHash, hashApiKey(apiKey))).get();
+      const key = opts.db.select().from(apiKeys).where(eq44(apiKeys.keyHash, hashApiKey(apiKey))).get();
       if (!key || key.revokedAt) {
         const err2 = authInvalid();
         return reply.status(err2.statusCode).send(err2.toJSON());
       }
-      opts.db.update(apiKeys).set({ lastUsedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq43(apiKeys.id, key.id)).run();
+      opts.db.update(apiKeys).set({ lastUsedAt: (/* @__PURE__ */ new Date()).toISOString() }).where(eq44(apiKeys.id, key.id)).run();
       const sessionId = createSession(key.id);
       reply.header("set-cookie", serializeSessionCookie({
         name: SESSION_COOKIE_NAME,
@@ -33951,9 +35456,20 @@ async function createServer(opts) {
       const configPath = getConfigPath();
       return {
         databasePath: opts.config.database,
-        configPath: fs15.existsSync(configPath) ? configPath : null
+        configPath: fs16.existsSync(configPath) ? configPath : null
       };
     })(),
+    // Snapshot the bundled skill trees (version + file hashes) so the
+    // `agent.skills.current` doctor check can flag a `~/.claude/skills/` install
+    // that has drifted behind this build. Best-effort: if the bundled assets
+    // can't be resolved the check simply skips rather than failing boot.
+    bundledSkills: (() => {
+      try {
+        return getBundledSkillSnapshots();
+      } catch {
+        return void 0;
+      }
+    })(),
     // Local canonry serve runs on the operator's machine, where pointing a
     // webhook at localhost (Discord test container, Pipedream-mock dev server,
     // etc.) is a legitimate workflow. Default to allowing it for the local
@@ -33995,6 +35511,19 @@ async function createServer(opts) {
         app.log.error({ runId, err }, "Inspect sitemap failed");
       });
     },
+    onGbpSyncRequested: (runId, projectId, syncOpts) => {
+      const { clientId: googleClientId, clientSecret: googleClientSecret } = getGoogleAuthConfig(opts.config);
+      if (!googleClientId || !googleClientSecret) {
+        app.log.error("GBP sync requested but Google OAuth credentials are not configured in the local config");
+        return;
+      }
+      executeGbpSync(opts.db, runId, projectId, {
+        ...syncOpts,
+        config: opts.config
+      }).catch((err) => {
+        app.log.error({ runId, err }, "GBP sync failed");
+      });
+    },
     getBacklinksStatus: () => ({
       duckdbInstalled: isDuckdbInstalled(),
       duckdbVersion: readInstalledVersion() ?? void 0,
@@ -34016,7 +35545,7 @@ async function createServer(opts) {
         deps: {
           enqueueAutoExtract: ({ projectId, release: r }) => {
             const now = (/* @__PURE__ */ new Date()).toISOString();
-            const runId = crypto36.randomUUID();
+            const runId = crypto40.randomUUID();
             opts.db.insert(runs).values({
               id: runId,
               projectId,
@@ -34099,7 +35628,7 @@ async function createServer(opts) {
         ...inspectOpts,
         config: opts.config
       }).then(() => {
-        const finished = opts.db.select({ status: runs.status }).from(runs).where(eq43(runs.id, runId)).get();
+        const finished = opts.db.select({ status: runs.status }).from(runs).where(eq44(runs.id, runId)).get();
         if (finished?.status === RunStatuses.completed || finished?.status === RunStatuses.partial) {
           return maybeRefreshGscCoverage(opts.db, opts.config, projectId);
         }
@@ -34186,7 +35715,7 @@ async function createServer(opts) {
         const targetProjectIds = affectedProjectIds.length > 0 ? affectedProjectIds : [null];
         const createdAt = (/* @__PURE__ */ new Date()).toISOString();
         opts.db.insert(auditLog).values(targetProjectIds.map((projectId) => ({
-          id: crypto36.randomUUID(),
+          id: crypto40.randomUUID(),
           projectId,
           actor: "api",
           action: existing ? "provider.updated" : "provider.created",
@@ -34330,10 +35859,10 @@ async function createServer(opts) {
       return snapshotService.createReport(input);
     }
   });
-  const dirname = path15.dirname(fileURLToPath2(import.meta.url));
-  const assetsDir = path15.join(dirname, "..", "assets");
-  if (fs15.existsSync(assetsDir)) {
-    const indexPath = path15.join(assetsDir, "index.html");
+  const dirname = path16.dirname(fileURLToPath3(import.meta.url));
+  const assetsDir = path16.join(dirname, "..", "assets");
+  if (fs16.existsSync(assetsDir)) {
+    const indexPath = path16.join(assetsDir, "index.html");
     const injectConfig = (html) => {
       const clientConfig = {};
       if (basePath) clientConfig.basePath = basePath;
@@ -34365,8 +35894,8 @@ async function createServer(opts) {
       }
     });
     const serveIndex = (_request, reply) => {
-      if (fs15.existsSync(indexPath)) {
-        const html = fs15.readFileSync(indexPath, "utf-8");
+      if (fs16.existsSync(indexPath)) {
+        const html = fs16.readFileSync(indexPath, "utf-8");
         return reply.header("Cache-Control", "no-cache, must-revalidate").type("text/html").send(injectConfig(html));
       }
       return reply.status(404).send({ error: "Dashboard not built" });
@@ -34386,8 +35915,8 @@ async function createServer(opts) {
       if (basePath && !url.startsWith(basePath)) {
         return reply.status(404).send({ error: "Not found", path: request.url });
       }
-      if (fs15.existsSync(indexPath)) {
-        const html = fs15.readFileSync(indexPath, "utf-8");
+      if (fs16.existsSync(indexPath)) {
+        const html = fs16.readFileSync(indexPath, "utf-8");
         return reply.header("Cache-Control", "no-cache, must-revalidate").type("text/html").send(injectConfig(html));
       }
       return reply.status(404).send({ error: "Not found" });
@@ -34479,6 +36008,11 @@ export {
   backfillTrafficClassificationCommand,
   renderReportHtml,
   setGoogleAuthConfig,
+  installSkills,
+  listSkills,
+  emitInstallSummary,
+  getMissingUserSkillsNudge,
+  parseSkillsClient,
   formatAuditFactorScore,
   checkLatestVersionForCli,
   listAgentProviders,