@elizaos/server 1.6.4-alpha.15 → 1.6.4-alpha.17

package/dist/index.js

@@ -18,358 +18,6 @@ var __toESM = (mod, isNodeMode, target) => {
 var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
-// ../../node_modules/path-to-regexp/dist/index.js
-var require_dist = __commonJS((exports) => {
-  Object.defineProperty(exports, "__esModule", { value: true });
-  exports.PathError = exports.TokenData = undefined;
-  exports.parse = parse;
-  exports.compile = compile;
-  exports.match = match;
-  exports.pathToRegexp = pathToRegexp;
-  exports.stringify = stringify;
-  var DEFAULT_DELIMITER = "/";
-  var NOOP_VALUE = (value) => value;
-  var ID_START = /^[$_\p{ID_Start}]$/u;
-  var ID_CONTINUE = /^[$\u200c\u200d\p{ID_Continue}]$/u;
-  var SIMPLE_TOKENS = {
-    "{": "{",
-    "}": "}",
-    "(": "(",
-    ")": ")",
-    "[": "[",
-    "]": "]",
-    "+": "+",
-    "?": "?",
-    "!": "!"
-  };
-  function escapeText(str) {
-    return str.replace(/[{}()\[\]+?!:*\\]/g, "\\$&");
-  }
-  function escape(str) {
-    return str.replace(/[.+*?^${}()[\]|/\\]/g, "\\$&");
-  }
-
-  class TokenData {
-    constructor(tokens, originalPath) {
-      this.tokens = tokens;
-      this.originalPath = originalPath;
-    }
-  }
-  exports.TokenData = TokenData;
-
-  class PathError extends TypeError {
-    constructor(message, originalPath) {
-      let text = message;
-      if (originalPath)
-        text += `: ${originalPath}`;
-      text += `; visit https://git.new/pathToRegexpError for info`;
-      super(text);
-      this.originalPath = originalPath;
-    }
-  }
-  exports.PathError = PathError;
-  function parse(str, options = {}) {
-    const { encodePath = NOOP_VALUE } = options;
-    const chars = [...str];
-    const tokens = [];
-    let index = 0;
-    let pos = 0;
-    function name() {
-      let value = "";
-      if (ID_START.test(chars[index])) {
-        do {
-          value += chars[index++];
-        } while (ID_CONTINUE.test(chars[index]));
-      } else if (chars[index] === '"') {
-        let quoteStart = index;
-        while (index++ < chars.length) {
-          if (chars[index] === '"') {
-            index++;
-            quoteStart = 0;
-            break;
-          }
-          if (chars[index] === "\\")
-            index++;
-          value += chars[index];
-        }
-        if (quoteStart) {
-          throw new PathError(`Unterminated quote at index ${quoteStart}`, str);
-        }
-      }
-      if (!value) {
-        throw new PathError(`Missing parameter name at index ${index}`, str);
-      }
-      return value;
-    }
-    while (index < chars.length) {
-      const value = chars[index];
-      const type = SIMPLE_TOKENS[value];
-      if (type) {
-        tokens.push({ type, index: index++, value });
-      } else if (value === "\\") {
-        tokens.push({ type: "escape", index: index++, value: chars[index++] });
-      } else if (value === ":") {
-        tokens.push({ type: "param", index: index++, value: name() });
-      } else if (value === "*") {
-        tokens.push({ type: "wildcard", index: index++, value: name() });
-      } else {
-        tokens.push({ type: "char", index: index++, value });
-      }
-    }
-    tokens.push({ type: "end", index, value: "" });
-    function consumeUntil(endType) {
-      const output = [];
-      while (true) {
-        const token = tokens[pos++];
-        if (token.type === endType)
-          break;
-        if (token.type === "char" || token.type === "escape") {
-          let path = token.value;
-          let cur = tokens[pos];
-          while (cur.type === "char" || cur.type === "escape") {
-            path += cur.value;
-            cur = tokens[++pos];
-          }
-          output.push({
-            type: "text",
-            value: encodePath(path)
-          });
-          continue;
-        }
-        if (token.type === "param" || token.type === "wildcard") {
-          output.push({
-            type: token.type,
-            name: token.value
-          });
-          continue;
-        }
-        if (token.type === "{") {
-          output.push({
-            type: "group",
-            tokens: consumeUntil("}")
-          });
-          continue;
-        }
-        throw new PathError(`Unexpected ${token.type} at index ${token.index}, expected ${endType}`, str);
-      }
-      return output;
-    }
-    return new TokenData(consumeUntil("end"), str);
-  }
-  function compile(path, options = {}) {
-    const { encode = encodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
-    const data = typeof path === "object" ? path : parse(path, options);
-    const fn = tokensToFunction(data.tokens, delimiter, encode);
-    return function path(params = {}) {
-      const [path2, ...missing] = fn(params);
-      if (missing.length) {
-        throw new TypeError(`Missing parameters: ${missing.join(", ")}`);
-      }
-      return path2;
-    };
-  }
-  function tokensToFunction(tokens, delimiter, encode) {
-    const encoders = tokens.map((token) => tokenToFunction(token, delimiter, encode));
-    return (data) => {
-      const result = [""];
-      for (const encoder of encoders) {
-        const [value, ...extras] = encoder(data);
-        result[0] += value;
-        result.push(...extras);
-      }
-      return result;
-    };
-  }
-  function tokenToFunction(token, delimiter, encode) {
-    if (token.type === "text")
-      return () => [token.value];
-    if (token.type === "group") {
-      const fn = tokensToFunction(token.tokens, delimiter, encode);
-      return (data) => {
-        const [value, ...missing] = fn(data);
-        if (!missing.length)
-          return [value];
-        return [""];
-      };
-    }
-    const encodeValue = encode || NOOP_VALUE;
-    if (token.type === "wildcard" && encode !== false) {
-      return (data) => {
-        const value = data[token.name];
-        if (value == null)
-          return ["", token.name];
-        if (!Array.isArray(value) || value.length === 0) {
-          throw new TypeError(`Expected "${token.name}" to be a non-empty array`);
-        }
-        return [
-          value.map((value2, index) => {
-            if (typeof value2 !== "string") {
-              throw new TypeError(`Expected "${token.name}/${index}" to be a string`);
-            }
-            return encodeValue(value2);
-          }).join(delimiter)
-        ];
-      };
-    }
-    return (data) => {
-      const value = data[token.name];
-      if (value == null)
-        return ["", token.name];
-      if (typeof value !== "string") {
-        throw new TypeError(`Expected "${token.name}" to be a string`);
-      }
-      return [encodeValue(value)];
-    };
-  }
-  function match(path, options = {}) {
-    const { decode = decodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
-    const { regexp, keys } = pathToRegexp(path, options);
-    const decoders = keys.map((key) => {
-      if (decode === false)
-        return NOOP_VALUE;
-      if (key.type === "param")
-        return decode;
-      return (value) => value.split(delimiter).map(decode);
-    });
-    return function match(input) {
-      const m = regexp.exec(input);
-      if (!m)
-        return false;
-      const path2 = m[0];
-      const params = Object.create(null);
-      for (let i = 1;i < m.length; i++) {
-        if (m[i] === undefined)
-          continue;
-        const key = keys[i - 1];
-        const decoder = decoders[i - 1];
-        params[key.name] = decoder(m[i]);
-      }
-      return { path: path2, params };
-    };
-  }
-  function pathToRegexp(path, options = {}) {
-    const { delimiter = DEFAULT_DELIMITER, end = true, sensitive = false, trailing = true } = options;
-    const keys = [];
-    const flags = sensitive ? "" : "i";
-    const sources = [];
-    for (const input of pathsToArray(path, [])) {
-      const data = typeof input === "object" ? input : parse(input, options);
-      for (const tokens of flatten(data.tokens, 0, [])) {
-        sources.push(toRegExpSource(tokens, delimiter, keys, data.originalPath));
-      }
-    }
-    let pattern = `^(?:${sources.join("|")})`;
-    if (trailing)
-      pattern += `(?:${escape(delimiter)}$)?`;
-    pattern += end ? "$" : `(?=${escape(delimiter)}|$)`;
-    const regexp = new RegExp(pattern, flags);
-    return { regexp, keys };
-  }
-  function pathsToArray(paths, init) {
-    if (Array.isArray(paths)) {
-      for (const p of paths)
-        pathsToArray(p, init);
-    } else {
-      init.push(paths);
-    }
-    return init;
-  }
-  function* flatten(tokens, index, init) {
-    if (index === tokens.length) {
-      return yield init;
-    }
-    const token = tokens[index];
-    if (token.type === "group") {
-      for (const seq of flatten(token.tokens, 0, init.slice())) {
-        yield* flatten(tokens, index + 1, seq);
-      }
-    } else {
-      init.push(token);
-    }
-    yield* flatten(tokens, index + 1, init);
-  }
-  function toRegExpSource(tokens, delimiter, keys, originalPath) {
-    let result = "";
-    let backtrack = "";
-    let isSafeSegmentParam = true;
-    for (const token of tokens) {
-      if (token.type === "text") {
-        result += escape(token.value);
-        backtrack += token.value;
-        isSafeSegmentParam || (isSafeSegmentParam = token.value.includes(delimiter));
-        continue;
-      }
-      if (token.type === "param" || token.type === "wildcard") {
-        if (!isSafeSegmentParam && !backtrack) {
-          throw new PathError(`Missing text before "${token.name}" ${token.type}`, originalPath);
-        }
-        if (token.type === "param") {
-          result += `(${negate(delimiter, isSafeSegmentParam ? "" : backtrack)}+)`;
-        } else {
-          result += `([\\s\\S]+)`;
-        }
-        keys.push(token);
-        backtrack = "";
-        isSafeSegmentParam = false;
-        continue;
-      }
-    }
-    return result;
-  }
-  function negate(delimiter, backtrack) {
-    if (backtrack.length < 2) {
-      if (delimiter.length < 2)
-        return `[^${escape(delimiter + backtrack)}]`;
-      return `(?:(?!${escape(delimiter)})[^${escape(backtrack)}])`;
-    }
-    if (delimiter.length < 2) {
-      return `(?:(?!${escape(backtrack)})[^${escape(delimiter)}])`;
-    }
-    return `(?:(?!${escape(backtrack)}|${escape(delimiter)})[\\s\\S])`;
-  }
-  function stringifyTokens(tokens) {
-    let value = "";
-    let i = 0;
-    function name(value2) {
-      const isSafe = isNameSafe(value2) && isNextNameSafe(tokens[i]);
-      return isSafe ? value2 : JSON.stringify(value2);
-    }
-    while (i < tokens.length) {
-      const token = tokens[i++];
-      if (token.type === "text") {
-        value += escapeText(token.value);
-        continue;
-      }
-      if (token.type === "group") {
-        value += `{${stringifyTokens(token.tokens)}}`;
-        continue;
-      }
-      if (token.type === "param") {
-        value += `:${name(token.name)}`;
-        continue;
-      }
-      if (token.type === "wildcard") {
-        value += `*${name(token.name)}`;
-        continue;
-      }
-      throw new TypeError(`Unknown token type: ${token.type}`);
-    }
-    return value;
-  }
-  function stringify(data) {
-    return stringifyTokens(data.tokens);
-  }
-  function isNameSafe(name) {
-    const [first, ...rest] = name;
-    return ID_START.test(first) && rest.every((char) => ID_CONTINUE.test(char));
-  }
-  function isNextNameSafe(token) {
-    if (token && token.type === "text")
-      return !ID_CONTINUE.test(token.value[0]);
-    return true;
-  }
-});
-
 // ../../node_modules/ip-address/dist/common.js
 var require_common = __commonJS((exports) => {
   Object.defineProperty(exports, "__esModule", { value: true });
@@ -1442,6 +1090,358 @@ var require_ip_address = __commonJS((exports) => {
   exports.v6 = { helpers };
 });
 
+// ../../node_modules/path-to-regexp/dist/index.js
+var require_dist = __commonJS((exports) => {
+  Object.defineProperty(exports, "__esModule", { value: true });
+  exports.PathError = exports.TokenData = undefined;
+  exports.parse = parse;
+  exports.compile = compile;
+  exports.match = match;
+  exports.pathToRegexp = pathToRegexp;
+  exports.stringify = stringify;
+  var DEFAULT_DELIMITER = "/";
+  var NOOP_VALUE = (value) => value;
+  var ID_START = /^[$_\p{ID_Start}]$/u;
+  var ID_CONTINUE = /^[$\u200c\u200d\p{ID_Continue}]$/u;
+  var SIMPLE_TOKENS = {
+    "{": "{",
+    "}": "}",
+    "(": "(",
+    ")": ")",
+    "[": "[",
+    "]": "]",
+    "+": "+",
+    "?": "?",
+    "!": "!"
+  };
+  function escapeText(str) {
+    return str.replace(/[{}()\[\]+?!:*\\]/g, "\\$&");
+  }
+  function escape(str) {
+    return str.replace(/[.+*?^${}()[\]|/\\]/g, "\\$&");
+  }
+
+  class TokenData {
+    constructor(tokens, originalPath) {
+      this.tokens = tokens;
+      this.originalPath = originalPath;
+    }
+  }
+  exports.TokenData = TokenData;
+
+  class PathError extends TypeError {
+    constructor(message, originalPath) {
+      let text = message;
+      if (originalPath)
+        text += `: ${originalPath}`;
+      text += `; visit https://git.new/pathToRegexpError for info`;
+      super(text);
+      this.originalPath = originalPath;
+    }
+  }
+  exports.PathError = PathError;
+  function parse(str, options = {}) {
+    const { encodePath = NOOP_VALUE } = options;
+    const chars = [...str];
+    const tokens = [];
+    let index = 0;
+    let pos = 0;
+    function name() {
+      let value = "";
+      if (ID_START.test(chars[index])) {
+        do {
+          value += chars[index++];
+        } while (ID_CONTINUE.test(chars[index]));
+      } else if (chars[index] === '"') {
+        let quoteStart = index;
+        while (index++ < chars.length) {
+          if (chars[index] === '"') {
+            index++;
+            quoteStart = 0;
+            break;
+          }
+          if (chars[index] === "\\")
+            index++;
+          value += chars[index];
+        }
+        if (quoteStart) {
+          throw new PathError(`Unterminated quote at index ${quoteStart}`, str);
+        }
+      }
+      if (!value) {
+        throw new PathError(`Missing parameter name at index ${index}`, str);
+      }
+      return value;
+    }
+    while (index < chars.length) {
+      const value = chars[index];
+      const type = SIMPLE_TOKENS[value];
+      if (type) {
+        tokens.push({ type, index: index++, value });
+      } else if (value === "\\") {
+        tokens.push({ type: "escape", index: index++, value: chars[index++] });
+      } else if (value === ":") {
+        tokens.push({ type: "param", index: index++, value: name() });
+      } else if (value === "*") {
+        tokens.push({ type: "wildcard", index: index++, value: name() });
+      } else {
+        tokens.push({ type: "char", index: index++, value });
+      }
+    }
+    tokens.push({ type: "end", index, value: "" });
+    function consumeUntil(endType) {
+      const output = [];
+      while (true) {
+        const token = tokens[pos++];
+        if (token.type === endType)
+          break;
+        if (token.type === "char" || token.type === "escape") {
+          let path = token.value;
+          let cur = tokens[pos];
+          while (cur.type === "char" || cur.type === "escape") {
+            path += cur.value;
+            cur = tokens[++pos];
+          }
+          output.push({
+            type: "text",
+            value: encodePath(path)
+          });
+          continue;
+        }
+        if (token.type === "param" || token.type === "wildcard") {
+          output.push({
+            type: token.type,
+            name: token.value
+          });
+          continue;
+        }
+        if (token.type === "{") {
+          output.push({
+            type: "group",
+            tokens: consumeUntil("}")
+          });
+          continue;
+        }
+        throw new PathError(`Unexpected ${token.type} at index ${token.index}, expected ${endType}`, str);
+      }
+      return output;
+    }
+    return new TokenData(consumeUntil("end"), str);
+  }
+  function compile(path, options = {}) {
+    const { encode = encodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
+    const data = typeof path === "object" ? path : parse(path, options);
+    const fn = tokensToFunction(data.tokens, delimiter, encode);
+    return function path(params = {}) {
+      const [path2, ...missing] = fn(params);
+      if (missing.length) {
+        throw new TypeError(`Missing parameters: ${missing.join(", ")}`);
+      }
+      return path2;
+    };
+  }
+  function tokensToFunction(tokens, delimiter, encode) {
+    const encoders = tokens.map((token) => tokenToFunction(token, delimiter, encode));
+    return (data) => {
+      const result = [""];
+      for (const encoder of encoders) {
+        const [value, ...extras] = encoder(data);
+        result[0] += value;
+        result.push(...extras);
+      }
+      return result;
+    };
+  }
+  function tokenToFunction(token, delimiter, encode) {
+    if (token.type === "text")
+      return () => [token.value];
+    if (token.type === "group") {
+      const fn = tokensToFunction(token.tokens, delimiter, encode);
+      return (data) => {
+        const [value, ...missing] = fn(data);
+        if (!missing.length)
+          return [value];
+        return [""];
+      };
+    }
+    const encodeValue = encode || NOOP_VALUE;
+    if (token.type === "wildcard" && encode !== false) {
+      return (data) => {
+        const value = data[token.name];
+        if (value == null)
+          return ["", token.name];
+        if (!Array.isArray(value) || value.length === 0) {
+          throw new TypeError(`Expected "${token.name}" to be a non-empty array`);
+        }
+        return [
+          value.map((value2, index) => {
+            if (typeof value2 !== "string") {
+              throw new TypeError(`Expected "${token.name}/${index}" to be a string`);
+            }
+            return encodeValue(value2);
+          }).join(delimiter)
+        ];
+      };
+    }
+    return (data) => {
+      const value = data[token.name];
+      if (value == null)
+        return ["", token.name];
+      if (typeof value !== "string") {
+        throw new TypeError(`Expected "${token.name}" to be a string`);
+      }
+      return [encodeValue(value)];
+    };
+  }
+  function match(path, options = {}) {
+    const { decode = decodeURIComponent, delimiter = DEFAULT_DELIMITER } = options;
+    const { regexp, keys } = pathToRegexp(path, options);
+    const decoders = keys.map((key) => {
+      if (decode === false)
+        return NOOP_VALUE;
+      if (key.type === "param")
+        return decode;
+      return (value) => value.split(delimiter).map(decode);
+    });
+    return function match(input) {
+      const m = regexp.exec(input);
+      if (!m)
+        return false;
+      const path2 = m[0];
+      const params = Object.create(null);
+      for (let i = 1;i < m.length; i++) {
+        if (m[i] === undefined)
+          continue;
+        const key = keys[i - 1];
+        const decoder = decoders[i - 1];
+        params[key.name] = decoder(m[i]);
+      }
+      return { path: path2, params };
+    };
+  }
+  function pathToRegexp(path, options = {}) {
+    const { delimiter = DEFAULT_DELIMITER, end = true, sensitive = false, trailing = true } = options;
+    const keys = [];
+    const flags = sensitive ? "" : "i";
+    const sources = [];
+    for (const input of pathsToArray(path, [])) {
+      const data = typeof input === "object" ? input : parse(input, options);
+      for (const tokens of flatten(data.tokens, 0, [])) {
+        sources.push(toRegExpSource(tokens, delimiter, keys, data.originalPath));
+      }
+    }
+    let pattern = `^(?:${sources.join("|")})`;
+    if (trailing)
+      pattern += `(?:${escape(delimiter)}$)?`;
+    pattern += end ? "$" : `(?=${escape(delimiter)}|$)`;
+    const regexp = new RegExp(pattern, flags);
+    return { regexp, keys };
+  }
+  function pathsToArray(paths, init) {
+    if (Array.isArray(paths)) {
+      for (const p of paths)
+        pathsToArray(p, init);
+    } else {
+      init.push(paths);
+    }
+    return init;
+  }
+  function* flatten(tokens, index, init) {
+    if (index === tokens.length) {
+      return yield init;
+    }
+    const token = tokens[index];
+    if (token.type === "group") {
+      for (const seq of flatten(token.tokens, 0, init.slice())) {
+        yield* flatten(tokens, index + 1, seq);
+      }
+    } else {
+      init.push(token);
+    }
+    yield* flatten(tokens, index + 1, init);
+  }
+  function toRegExpSource(tokens, delimiter, keys, originalPath) {
+    let result = "";
+    let backtrack = "";
+    let isSafeSegmentParam = true;
+    for (const token of tokens) {
+      if (token.type === "text") {
+        result += escape(token.value);
+        backtrack += token.value;
+        isSafeSegmentParam || (isSafeSegmentParam = token.value.includes(delimiter));
+        continue;
+      }
+      if (token.type === "param" || token.type === "wildcard") {
+        if (!isSafeSegmentParam && !backtrack) {
+          throw new PathError(`Missing text before "${token.name}" ${token.type}`, originalPath);
+        }
+        if (token.type === "param") {
+          result += `(${negate(delimiter, isSafeSegmentParam ? "" : backtrack)}+)`;
+        } else {
+          result += `([\\s\\S]+)`;
+        }
+        keys.push(token);
+        backtrack = "";
+        isSafeSegmentParam = false;
+        continue;
+      }
+    }
+    return result;
+  }
+  function negate(delimiter, backtrack) {
+    if (backtrack.length < 2) {
+      if (delimiter.length < 2)
+        return `[^${escape(delimiter + backtrack)}]`;
+      return `(?:(?!${escape(delimiter)})[^${escape(backtrack)}])`;
+    }
+    if (delimiter.length < 2) {
+      return `(?:(?!${escape(backtrack)})[^${escape(delimiter)}])`;
+    }
+    return `(?:(?!${escape(backtrack)}|${escape(delimiter)})[\\s\\S])`;
+  }
+  function stringifyTokens(tokens) {
+    let value = "";
+    let i = 0;
+    function name(value2) {
+      const isSafe = isNameSafe(value2) && isNextNameSafe(tokens[i]);
+      return isSafe ? value2 : JSON.stringify(value2);
+    }
+    while (i < tokens.length) {
+      const token = tokens[i++];
+      if (token.type === "text") {
+        value += escapeText(token.value);
+        continue;
+      }
+      if (token.type === "group") {
+        value += `{${stringifyTokens(token.tokens)}}`;
+        continue;
+      }
+      if (token.type === "param") {
+        value += `:${name(token.name)}`;
+        continue;
+      }
+      if (token.type === "wildcard") {
+        value += `*${name(token.name)}`;
+        continue;
+      }
+      throw new TypeError(`Unknown token type: ${token.type}`);
+    }
+    return value;
+  }
+  function stringify(data) {
+    return stringifyTokens(data.tokens);
+  }
+  function isNameSafe(name) {
+    const [first, ...rest] = name;
+    return ID_START.test(first) && rest.every((char) => ID_CONTINUE.test(char));
+  }
+  function isNextNameSafe(token) {
+    if (token && token.type === "text")
+      return !ID_CONTINUE.test(token.value[0]);
+    return true;
+  }
+});
+
 // ../../node_modules/dotenv/package.json
 var require_package = __commonJS((exports, module) => {
   module.exports = {
@@ -24384,6 +24384,584 @@ import {
 import cors2 from "cors";
 import express34 from "express";
 
+// ../../node_modules/express-rate-limit/dist/index.mjs
+var import_ip_address = __toESM(require_ip_address(), 1);
+import { isIPv6 } from "node:net";
+import { isIPv6 as isIPv62 } from "node:net";
+import { Buffer as Buffer2 } from "node:buffer";
+import { createHash } from "node:crypto";
+import { isIP } from "node:net";
+function ipKeyGenerator(ip, ipv6Subnet = 56) {
+  if (ipv6Subnet && isIPv6(ip)) {
+    return `${new import_ip_address.Address6(`${ip}/${ipv6Subnet}`).startAddress().correctForm()}/${ipv6Subnet}`;
+  }
+  return ip;
+}
+var MemoryStore = class {
+  constructor(validations2) {
+    this.validations = validations2;
+    this.previous = /* @__PURE__ */ new Map;
+    this.current = /* @__PURE__ */ new Map;
+    this.localKeys = true;
+  }
+  init(options) {
+    this.windowMs = options.windowMs;
+    this.validations?.windowMs(this.windowMs);
+    if (this.interval)
+      clearInterval(this.interval);
+    this.interval = setInterval(() => {
+      this.clearExpired();
+    }, this.windowMs);
+    this.interval.unref?.();
+  }
+  async get(key) {
+    return this.current.get(key) ?? this.previous.get(key);
+  }
+  async increment(key) {
+    const client = this.getClient(key);
+    const now = Date.now();
+    if (client.resetTime.getTime() <= now) {
+      this.resetClient(client, now);
+    }
+    client.totalHits++;
+    return client;
+  }
+  async decrement(key) {
+    const client = this.getClient(key);
+    if (client.totalHits > 0)
+      client.totalHits--;
+  }
+  async resetKey(key) {
+    this.current.delete(key);
+    this.previous.delete(key);
+  }
+  async resetAll() {
+    this.current.clear();
+    this.previous.clear();
+  }
+  shutdown() {
+    clearInterval(this.interval);
+    this.resetAll();
+  }
+  resetClient(client, now = Date.now()) {
+    client.totalHits = 0;
+    client.resetTime.setTime(now + this.windowMs);
+    return client;
+  }
+  getClient(key) {
+    if (this.current.has(key))
+      return this.current.get(key);
+    let client;
+    if (this.previous.has(key)) {
+      client = this.previous.get(key);
+      this.previous.delete(key);
+    } else {
+      client = { totalHits: 0, resetTime: /* @__PURE__ */ new Date };
+      this.resetClient(client);
+    }
+    this.current.set(key, client);
+    return client;
+  }
+  clearExpired() {
+    this.previous = this.current;
+    this.current = /* @__PURE__ */ new Map;
+  }
+};
+var SUPPORTED_DRAFT_VERSIONS = [
+  "draft-6",
+  "draft-7",
+  "draft-8"
+];
+var getResetSeconds = (windowMs, resetTime) => {
+  let resetSeconds;
+  if (resetTime) {
+    const deltaSeconds = Math.ceil((resetTime.getTime() - Date.now()) / 1000);
+    resetSeconds = Math.max(0, deltaSeconds);
+  } else {
+    resetSeconds = Math.ceil(windowMs / 1000);
+  }
+  return resetSeconds;
+};
+var getPartitionKey = (key) => {
+  const hash = createHash("sha256");
+  hash.update(key);
+  const partitionKey = hash.digest("hex").slice(0, 12);
+  return Buffer2.from(partitionKey).toString("base64");
+};
+var setLegacyHeaders = (response, info) => {
+  if (response.headersSent)
+    return;
+  response.setHeader("X-RateLimit-Limit", info.limit.toString());
+  response.setHeader("X-RateLimit-Remaining", info.remaining.toString());
+  if (info.resetTime instanceof Date) {
+    response.setHeader("Date", (/* @__PURE__ */ new Date()).toUTCString());
+    response.setHeader("X-RateLimit-Reset", Math.ceil(info.resetTime.getTime() / 1000).toString());
+  }
+};
+var setDraft6Headers = (response, info, windowMs) => {
+  if (response.headersSent)
+    return;
+  const windowSeconds = Math.ceil(windowMs / 1000);
+  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
+  response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
+  response.setHeader("RateLimit-Limit", info.limit.toString());
+  response.setHeader("RateLimit-Remaining", info.remaining.toString());
+  if (typeof resetSeconds === "number")
+    response.setHeader("RateLimit-Reset", resetSeconds.toString());
+};
+var setDraft7Headers = (response, info, windowMs) => {
+  if (response.headersSent)
+    return;
+  const windowSeconds = Math.ceil(windowMs / 1000);
+  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
+  response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
+  response.setHeader("RateLimit", `limit=${info.limit}, remaining=${info.remaining}, reset=${resetSeconds}`);
+};
+var setDraft8Headers = (response, info, windowMs, name, key) => {
+  if (response.headersSent)
+    return;
+  const windowSeconds = Math.ceil(windowMs / 1000);
+  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
+  const partitionKey = getPartitionKey(key);
+  const header = `r=${info.remaining}; t=${resetSeconds}`;
+  const policy = `q=${info.limit}; w=${windowSeconds}; pk=:${partitionKey}:`;
+  response.append("RateLimit", `"${name}"; ${header}`);
+  response.append("RateLimit-Policy", `"${name}"; ${policy}`);
+};
+var setRetryAfterHeader = (response, info, windowMs) => {
+  if (response.headersSent)
+    return;
+  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
+  response.setHeader("Retry-After", resetSeconds.toString());
+};
+var omitUndefinedProperties = (passedOptions) => {
+  const omittedOptions = {};
+  for (const k of Object.keys(passedOptions)) {
+    const key = k;
+    if (passedOptions[key] !== undefined) {
+      omittedOptions[key] = passedOptions[key];
+    }
+  }
+  return omittedOptions;
+};
+var ValidationError = class extends Error {
+  constructor(code, message) {
+    const url = `https://express-rate-limit.github.io/${code}/`;
+    super(`${message} See ${url} for more information.`);
+    this.name = this.constructor.name;
+    this.code = code;
+    this.help = url;
+  }
+};
+var ChangeWarning = class extends ValidationError {
+};
+var usedStores = /* @__PURE__ */ new Set;
+var singleCountKeys = /* @__PURE__ */ new WeakMap;
+var validations = {
+  enabled: {
+    default: true
+  },
+  disable() {
+    for (const k of Object.keys(this.enabled))
+      this.enabled[k] = false;
+  },
+  ip(ip) {
+    if (ip === undefined) {
+      throw new ValidationError("ERR_ERL_UNDEFINED_IP_ADDRESS", `An undefined 'request.ip' was detected. This might indicate a misconfiguration or the connection being destroyed prematurely.`);
+    }
+    if (!isIP(ip)) {
+      throw new ValidationError("ERR_ERL_INVALID_IP_ADDRESS", `An invalid 'request.ip' (${ip}) was detected. Consider passing a custom 'keyGenerator' function to the rate limiter.`);
+    }
+  },
+  trustProxy(request) {
+    if (request.app.get("trust proxy") === true) {
+      throw new ValidationError("ERR_ERL_PERMISSIVE_TRUST_PROXY", `The Express 'trust proxy' setting is true, which allows anyone to trivially bypass IP-based rate limiting.`);
+    }
+  },
+  xForwardedForHeader(request) {
+    if (request.headers["x-forwarded-for"] && request.app.get("trust proxy") === false) {
+      throw new ValidationError("ERR_ERL_UNEXPECTED_X_FORWARDED_FOR", `The 'X-Forwarded-For' header is set but the Express 'trust proxy' setting is false (default). This could indicate a misconfiguration which would prevent express-rate-limit from accurately identifying users.`);
+    }
+  },
+  forwardedHeader(request) {
+    if (request.headers.forwarded && request.ip === request.socket?.remoteAddress) {
+      throw new ValidationError("ERR_ERL_FORWARDED_HEADER", `The 'Forwarded' header (standardized X-Forwarded-For) is set but currently being ignored. Add a custom keyGenerator to use a value from this header.`);
+    }
+  },
+  positiveHits(hits) {
+    if (typeof hits !== "number" || hits < 1 || hits !== Math.round(hits)) {
+      throw new ValidationError("ERR_ERL_INVALID_HITS", `The totalHits value returned from the store must be a positive integer, got ${hits}`);
+    }
+  },
+  unsharedStore(store) {
+    if (usedStores.has(store)) {
+      const maybeUniquePrefix = store?.localKeys ? "" : " (with a unique prefix)";
+      throw new ValidationError("ERR_ERL_STORE_REUSE", `A Store instance must not be shared across multiple rate limiters. Create a new instance of ${store.constructor.name}${maybeUniquePrefix} for each limiter instead.`);
+    }
+    usedStores.add(store);
+  },
+  singleCount(request, store, key) {
+    let storeKeys = singleCountKeys.get(request);
+    if (!storeKeys) {
+      storeKeys = /* @__PURE__ */ new Map;
+      singleCountKeys.set(request, storeKeys);
+    }
+    const storeKey = store.localKeys ? store : store.constructor.name;
+    let keys = storeKeys.get(storeKey);
+    if (!keys) {
+      keys = [];
+      storeKeys.set(storeKey, keys);
+    }
+    const prefixedKey = `${store.prefix ?? ""}${key}`;
+    if (keys.includes(prefixedKey)) {
+      throw new ValidationError("ERR_ERL_DOUBLE_COUNT", `The hit count for ${key} was incremented more than once for a single request.`);
+    }
+    keys.push(prefixedKey);
+  },
+  limit(limit) {
+    if (limit === 0) {
+      throw new ChangeWarning("WRN_ERL_MAX_ZERO", "Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7");
+    }
+  },
+  draftPolliHeaders(draft_polli_ratelimit_headers) {
+    if (draft_polli_ratelimit_headers) {
+      throw new ChangeWarning("WRN_ERL_DEPRECATED_DRAFT_POLLI_HEADERS", `The draft_polli_ratelimit_headers configuration option is deprecated and has been removed in express-rate-limit v7, please set standardHeaders: 'draft-6' instead.`);
+    }
+  },
+  onLimitReached(onLimitReached) {
+    if (onLimitReached) {
+      throw new ChangeWarning("WRN_ERL_DEPRECATED_ON_LIMIT_REACHED", "The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7.");
+    }
+  },
+  headersDraftVersion(version) {
+    if (typeof version !== "string" || !SUPPORTED_DRAFT_VERSIONS.includes(version)) {
+      const versionString = SUPPORTED_DRAFT_VERSIONS.join(", ");
+      throw new ValidationError("ERR_ERL_HEADERS_UNSUPPORTED_DRAFT_VERSION", `standardHeaders: only the following versions of the IETF draft specification are supported: ${versionString}.`);
+    }
+  },
+  headersResetTime(resetTime) {
+    if (!resetTime) {
+      throw new ValidationError("ERR_ERL_HEADERS_NO_RESET", `standardHeaders:  'draft-7' requires a 'resetTime', but the store did not provide one. The 'windowMs' value will be used instead, which may cause clients to wait longer than necessary.`);
+    }
+  },
+  validationsConfig() {
+    const supportedValidations = Object.keys(this).filter((k) => !["enabled", "disable"].includes(k));
+    supportedValidations.push("default");
+    for (const key of Object.keys(this.enabled)) {
+      if (!supportedValidations.includes(key)) {
+        throw new ValidationError("ERR_ERL_UNKNOWN_VALIDATION", `options.validate.${key} is not recognized. Supported validate options are: ${supportedValidations.join(", ")}.`);
+      }
+    }
+  },
+  creationStack(store) {
+    const { stack } = new Error("express-rate-limit validation check (set options.validate.creationStack=false to disable)");
+    if (stack?.includes("Layer.handle [as handle_request]") || stack?.includes("Layer.handleRequest")) {
+      if (!store.localKeys) {
+        throw new ValidationError("ERR_ERL_CREATED_IN_REQUEST_HANDLER", "express-rate-limit instance should *usually* be created at app initialization, not when responding to a request.");
+      }
+      throw new ValidationError("ERR_ERL_CREATED_IN_REQUEST_HANDLER", "express-rate-limit instance should be created at app initialization, not when responding to a request.");
+    }
+  },
+  ipv6Subnet(ipv6Subnet) {
+    if (ipv6Subnet === false) {
+      return;
+    }
+    if (!Number.isInteger(ipv6Subnet) || ipv6Subnet < 32 || ipv6Subnet > 64) {
+      throw new ValidationError("ERR_ERL_IPV6_SUBNET", `Unexpected ipv6Subnet value: ${ipv6Subnet}. Expected an integer between 32 and 64 (usually 48-64).`);
+    }
+  },
+  ipv6SubnetOrKeyGenerator(options) {
+    if (options.ipv6Subnet !== undefined && options.keyGenerator) {
+      throw new ValidationError("ERR_ERL_IPV6SUBNET_OR_KEYGENERATOR", `Incompatible options: the 'ipv6Subnet' option is ignored when a custom 'keyGenerator' function is also set.`);
+    }
+  },
+  keyGeneratorIpFallback(keyGenerator) {
+    if (!keyGenerator) {
+      return;
+    }
+    const src = keyGenerator.toString();
+    if ((src.includes("req.ip") || src.includes("request.ip")) && !src.includes("ipKeyGenerator")) {
+      throw new ValidationError("ERR_ERL_KEY_GEN_IPV6", "Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits.");
+    }
+  },
+  windowMs(windowMs) {
+    const SET_TIMEOUT_MAX = 2 ** 31 - 1;
+    if (typeof windowMs !== "number" || Number.isNaN(windowMs) || windowMs < 1 || windowMs > SET_TIMEOUT_MAX) {
+      throw new ValidationError("ERR_ERL_WINDOW_MS", `Invalid windowMs value: ${windowMs}${typeof windowMs !== "number" ? ` (${typeof windowMs})` : ""}, must be a number between 1 and ${SET_TIMEOUT_MAX} when using the default MemoryStore`);
+    }
+  }
+};
+var getValidations = (_enabled) => {
+  let enabled;
+  if (typeof _enabled === "boolean") {
+    enabled = {
+      default: _enabled
+    };
+  } else {
+    enabled = {
+      default: true,
+      ..._enabled
+    };
+  }
+  const wrappedValidations = { enabled };
+  for (const [name, validation] of Object.entries(validations)) {
+    if (typeof validation === "function")
+      wrappedValidations[name] = (...args) => {
+        if (!(enabled[name] ?? enabled.default)) {
+          return;
+        }
+        try {
+          validation.apply(wrappedValidations, args);
+        } catch (error) {
+          if (error instanceof ChangeWarning)
+            console.warn(error);
+          else
+            console.error(error);
+        }
+      };
+  }
+  return wrappedValidations;
+};
+var isLegacyStore = (store) => typeof store.incr === "function" && typeof store.increment !== "function";
+var promisifyStore = (passedStore) => {
+  if (!isLegacyStore(passedStore)) {
+    return passedStore;
+  }
+  const legacyStore = passedStore;
+
+  class PromisifiedStore {
+    async increment(key) {
+      return new Promise((resolve, reject) => {
+        legacyStore.incr(key, (error, totalHits, resetTime) => {
+          if (error)
+            reject(error);
+          resolve({ totalHits, resetTime });
+        });
+      });
+    }
+    async decrement(key) {
+      return legacyStore.decrement(key);
+    }
+    async resetKey(key) {
+      return legacyStore.resetKey(key);
+    }
+    async resetAll() {
+      if (typeof legacyStore.resetAll === "function")
+        return legacyStore.resetAll();
+    }
+  }
+  return new PromisifiedStore;
+};
+var getOptionsFromConfig = (config) => {
+  const { validations: validations2, ...directlyPassableEntries } = config;
+  return {
+    ...directlyPassableEntries,
+    validate: validations2.enabled
+  };
+};
+var parseOptions = (passedOptions) => {
+  const notUndefinedOptions = omitUndefinedProperties(passedOptions);
+  const validations2 = getValidations(notUndefinedOptions?.validate ?? true);
+  validations2.validationsConfig();
+  validations2.draftPolliHeaders(notUndefinedOptions.draft_polli_ratelimit_headers);
+  validations2.onLimitReached(notUndefinedOptions.onLimitReached);
+  if (notUndefinedOptions.ipv6Subnet !== undefined && typeof notUndefinedOptions.ipv6Subnet !== "function") {
+    validations2.ipv6Subnet(notUndefinedOptions.ipv6Subnet);
+  }
+  validations2.keyGeneratorIpFallback(notUndefinedOptions.keyGenerator);
+  validations2.ipv6SubnetOrKeyGenerator(notUndefinedOptions);
+  let standardHeaders = notUndefinedOptions.standardHeaders ?? false;
+  if (standardHeaders === true)
+    standardHeaders = "draft-6";
+  const config = {
+    windowMs: 60 * 1000,
+    limit: passedOptions.max ?? 5,
+    message: "Too many requests, please try again later.",
+    statusCode: 429,
+    legacyHeaders: passedOptions.headers ?? true,
+    identifier(request, _response) {
+      let duration = "";
+      const property = config.requestPropertyName;
+      const { limit } = request[property];
+      const seconds = config.windowMs / 1000;
+      const minutes = config.windowMs / (1000 * 60);
+      const hours = config.windowMs / (1000 * 60 * 60);
+      const days = config.windowMs / (1000 * 60 * 60 * 24);
+      if (seconds < 60)
+        duration = `${seconds}sec`;
+      else if (minutes < 60)
+        duration = `${minutes}min`;
+      else if (hours < 24)
+        duration = `${hours}hr${hours > 1 ? "s" : ""}`;
+      else
+        duration = `${days}day${days > 1 ? "s" : ""}`;
+      return `${limit}-in-${duration}`;
+    },
+    requestPropertyName: "rateLimit",
+    skipFailedRequests: false,
+    skipSuccessfulRequests: false,
+    requestWasSuccessful: (_request, response) => response.statusCode < 400,
+    skip: (_request, _response) => false,
+    async keyGenerator(request, response) {
+      validations2.ip(request.ip);
+      validations2.trustProxy(request);
+      validations2.xForwardedForHeader(request);
+      validations2.forwardedHeader(request);
+      const ip = request.ip;
+      let subnet = 56;
+      if (isIPv62(ip)) {
+        subnet = typeof config.ipv6Subnet === "function" ? await config.ipv6Subnet(request, response) : config.ipv6Subnet;
+        if (typeof config.ipv6Subnet === "function")
+          validations2.ipv6Subnet(subnet);
+      }
+      return ipKeyGenerator(ip, subnet);
+    },
+    ipv6Subnet: 56,
+    async handler(request, response, _next, _optionsUsed) {
+      response.status(config.statusCode);
+      const message = typeof config.message === "function" ? await config.message(request, response) : config.message;
+      if (!response.writableEnded)
+        response.send(message);
+    },
+    passOnStoreError: false,
+    ...notUndefinedOptions,
+    standardHeaders,
+    store: promisifyStore(notUndefinedOptions.store ?? new MemoryStore(validations2)),
+    validations: validations2
+  };
+  if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || config.store.resetAll !== undefined && typeof config.store.resetAll !== "function" || config.store.init !== undefined && typeof config.store.init !== "function") {
+    throw new TypeError("An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface.");
+  }
+  return config;
+};
+var handleAsyncErrors = (fn) => async (request, response, next) => {
+  try {
+    await Promise.resolve(fn(request, response, next)).catch(next);
+  } catch (error) {
+    next(error);
+  }
+};
+var rateLimit = (passedOptions) => {
+  const config = parseOptions(passedOptions ?? {});
+  const options = getOptionsFromConfig(config);
+  config.validations.creationStack(config.store);
+  config.validations.unsharedStore(config.store);
+  if (typeof config.store.init === "function")
+    config.store.init(options);
+  const middleware = handleAsyncErrors(async (request, response, next) => {
+    const skip = await config.skip(request, response);
+    if (skip) {
+      next();
+      return;
+    }
+    const augmentedRequest = request;
+    const key = await config.keyGenerator(request, response);
+    let totalHits = 0;
+    let resetTime;
+    try {
+      const incrementResult = await config.store.increment(key);
+      totalHits = incrementResult.totalHits;
+      resetTime = incrementResult.resetTime;
+    } catch (error) {
+      if (config.passOnStoreError) {
+        console.error("express-rate-limit: error from store, allowing request without rate-limiting.", error);
+        next();
+        return;
+      }
+      throw error;
+    }
+    config.validations.positiveHits(totalHits);
+    config.validations.singleCount(request, config.store, key);
+    const retrieveLimit = typeof config.limit === "function" ? config.limit(request, response) : config.limit;
+    const limit = await retrieveLimit;
+    config.validations.limit(limit);
+    const info = {
+      limit,
+      used: totalHits,
+      remaining: Math.max(limit - totalHits, 0),
+      resetTime,
+      key
+    };
+    Object.defineProperty(info, "current", {
+      configurable: false,
+      enumerable: false,
+      value: totalHits
+    });
+    augmentedRequest[config.requestPropertyName] = info;
+    if (config.legacyHeaders && !response.headersSent) {
+      setLegacyHeaders(response, info);
+    }
+    if (config.standardHeaders && !response.headersSent) {
+      switch (config.standardHeaders) {
+        case "draft-6": {
+          setDraft6Headers(response, info, config.windowMs);
+          break;
+        }
+        case "draft-7": {
+          config.validations.headersResetTime(info.resetTime);
+          setDraft7Headers(response, info, config.windowMs);
+          break;
+        }
+        case "draft-8": {
+          const retrieveName = typeof config.identifier === "function" ? config.identifier(request, response) : config.identifier;
+          const name = await retrieveName;
+          config.validations.headersResetTime(info.resetTime);
+          setDraft8Headers(response, info, config.windowMs, name, key);
+          break;
+        }
+        default: {
+          config.validations.headersDraftVersion(config.standardHeaders);
+          break;
+        }
+      }
+    }
+    if (config.skipFailedRequests || config.skipSuccessfulRequests) {
+      let decremented = false;
+      const decrementKey = async () => {
+        if (!decremented) {
+          await config.store.decrement(key);
+          decremented = true;
+        }
+      };
+      if (config.skipFailedRequests) {
+        response.on("finish", async () => {
+          if (!await config.requestWasSuccessful(request, response))
+            await decrementKey();
+        });
+        response.on("close", async () => {
+          if (!response.writableEnded)
+            await decrementKey();
+        });
+        response.on("error", async () => {
+          await decrementKey();
+        });
+      }
+      if (config.skipSuccessfulRequests) {
+        response.on("finish", async () => {
+          if (await config.requestWasSuccessful(request, response))
+            await decrementKey();
+        });
+      }
+    }
+    config.validations.disable();
+    if (totalHits > limit) {
+      if (config.legacyHeaders || config.standardHeaders) {
+        setRetryAfterHeader(response, info, config.windowMs);
+      }
+      config.handler(request, response, next, options);
+      return;
+    }
+    next();
+  });
+  const getThrowFn = () => {
+    throw new Error("The current store does not support the get/getKey method");
+  };
+  middleware.resetKey = config.store.resetKey.bind(config.store);
+  middleware.getKey = typeof config.store.get === "function" ? config.store.get.bind(config.store) : getThrowFn;
+  return middleware;
+};
+var rate_limit_default = rateLimit;
+
 // ../../node_modules/helmet/index.mjs
 var dangerouslyDisableDefaultSrc = Symbol("dangerouslyDisableDefaultSrc");
 var SHOULD_BE_QUOTED = new Set(["none", "self", "strict-dynamic", "report-sample", "inline-speculation-rules", "unsafe-inline", "unsafe-eval", "unsafe-hashes", "wasm-unsafe-eval"]);
@@ -25883,1581 +26461,1019 @@ function createAgentRunsRouter(elizaOS) {
             promptCount: body.promptCount,
             prompts: body.prompts,
             params: body.params,
-            response: body.response
-          }
-        });
-      }
-      for (const e of modelLogs) {
-        const body = e.body;
-        events.push({
-          type: "MODEL_USED",
-          timestamp: new Date(e.createdAt).getTime(),
-          data: {
-            modelType: body.modelType || (typeof e.type === "string" ? e.type.replace("useModel:", "") : undefined),
-            provider: body.provider,
-            executionTime: body.executionTime,
-            actionContext: body.actionContext,
-            params: body.params,
-            response: body.response,
-            usage: body.usage,
-            prompts: body.prompts,
-            prompt: body.prompt,
-            inputTokens: body.inputTokens,
-            outputTokens: body.outputTokens,
-            cost: body.cost
-          }
-        });
-      }
-      for (const e of evaluatorLogs) {
-        const body = e.body;
-        events.push({
-          type: "EVALUATOR_COMPLETED",
-          timestamp: new Date(e.createdAt).getTime(),
-          data: {
-            evaluatorName: body.evaluator,
-            success: true
-          }
-        });
-      }
-      for (const e of embeddingLogs) {
-        const body = e.body;
-        events.push({
-          type: "EMBEDDING_EVENT",
-          timestamp: new Date(e.createdAt).getTime(),
-          data: {
-            status: body.status,
-            memoryId: body.memoryId,
-            durationMs: body.duration
-          }
-        });
-      }
-      events.sort((a, b) => a.timestamp - b.timestamp);
-      const firstRunEvent = started || runEvents[0] || related[0];
-      const summary = {
-        runId,
-        status,
-        startedAt: startedAt || (firstRunEvent ? new Date(firstRunEvent.createdAt).getTime() : undefined),
-        endedAt,
-        durationMs,
-        messageId: firstRunEvent?.body?.messageId,
-        roomId: firstRunEvent?.body?.roomId || roomId,
-        entityId: firstRunEvent?.body?.entityId || agentId,
-        counts
-      };
-      sendSuccess(res, { summary, events });
-    } catch (error) {
-      sendError(res, 500, "RUN_DETAIL_ERROR", "Error retrieving run details", error instanceof Error ? error.message : String(error));
-    }
-  });
-  return router;
-}
-
-// src/api/memory/agents.ts
-import { MemoryType, createUniqueUuid as createUniqueUuid2 } from "@elizaos/core";
-import { validateUuid as validateUuid7, logger as logger6 } from "@elizaos/core";
-import express7 from "express";
-function createAgentMemoryRouter(elizaOS) {
-  const router = express7.Router();
-  router.get("/:agentId/rooms/:roomId/memories", async (req, res) => {
-    const agentId = validateUuid7(req.params.agentId);
-    const channelId = validateUuid7(req.params.roomId);
-    if (!agentId || !channelId) {
-      return sendError(res, 400, "INVALID_ID", "Invalid agent ID or channel ID format");
-    }
-    const runtime = elizaOS.getAgent(agentId);
-    if (!runtime) {
-      return sendError(res, 404, "NOT_FOUND", "Agent not found");
-    }
-    try {
-      const limit = req.query.limit ? Number.parseInt(req.query.limit, 10) : 20;
-      const before = req.query.before ? Number.parseInt(req.query.before, 10) : Date.now();
-      const includeEmbedding = req.query.includeEmbedding === "true";
-      const tableName = req.query.tableName || "messages";
-      const roomId = createUniqueUuid2(runtime, channelId);
-      logger6.info(`[ROOM MEMORIES] Converting channelId ${channelId} to roomId ${roomId} for agent ${agentId}`);
-      const memories = await runtime.getMemories({
-        tableName,
-        roomId,
-        count: limit,
-        end: before
-      });
-      const cleanMemories = includeEmbedding ? memories : memories.map((memory) => ({
-        ...memory,
-        embedding: undefined
-      }));
-      sendSuccess(res, { memories: cleanMemories });
-    } catch (error) {
-      logger6.error("[MEMORIES GET] Error retrieving memories for room:", error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "500", "Failed to retrieve memories", error instanceof Error ? error.message : String(error));
-    }
-  });
-  router.get("/:agentId/memories", async (req, res) => {
-    const agentId = validateUuid7(req.params.agentId);
-    if (!agentId) {
-      return sendError(res, 400, "INVALID_ID", "Invalid agent ID");
-    }
-    const runtime = elizaOS.getAgent(agentId);
-    if (!runtime) {
-      return sendError(res, 404, "NOT_FOUND", "Agent not found");
-    }
-    try {
-      const tableName = req.query.tableName || "messages";
-      const includeEmbedding = req.query.includeEmbedding === "true";
-      let roomIdToUse;
-      if (req.query.channelId) {
-        const channelId = validateUuid7(req.query.channelId);
-        if (!channelId) {
-          return sendError(res, 400, "INVALID_ID", "Invalid channel ID format");
-        }
-        roomIdToUse = createUniqueUuid2(runtime, channelId);
-        logger6.info(`[AGENT MEMORIES] Converting channelId ${channelId} to roomId ${roomIdToUse} for agent ${agentId}`);
-      } else if (req.query.roomId) {
-        const roomId = validateUuid7(req.query.roomId);
-        if (!roomId) {
-          return sendError(res, 400, "INVALID_ID", "Invalid room ID format");
-        }
-        roomIdToUse = roomId;
-      }
-      const memories = await runtime.getMemories({
-        agentId,
-        tableName,
-        roomId: roomIdToUse
-      });
-      const cleanMemories = includeEmbedding ? memories : memories.map((memory) => ({
-        ...memory,
-        embedding: undefined
-      }));
-      sendSuccess(res, { memories: cleanMemories });
-    } catch (error) {
-      logger6.error(`[AGENT MEMORIES] Error retrieving memories for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "MEMORY_ERROR", "Error retrieving agent memories", error instanceof Error ? error.message : String(error));
-    }
-  });
-  router.patch("/:agentId/memories/:memoryId", async (req, res) => {
-    const agentId = validateUuid7(req.params.agentId);
-    const memoryId = validateUuid7(req.params.memoryId);
-    const { id: _idFromData, ...restOfMemoryData } = req.body;
-    if (!agentId || !memoryId) {
-      return sendError(res, 400, "INVALID_ID", "Invalid agent ID or memory ID format");
-    }
-    const runtime = elizaOS.getAgent(agentId);
-    if (!runtime) {
-      return sendError(res, 404, "NOT_FOUND", "Agent not found");
-    }
-    try {
-      const memoryToUpdate = {
-        id: memoryId,
-        ...restOfMemoryData,
-        agentId: restOfMemoryData.agentId ? validateUuid7(restOfMemoryData.agentId) || undefined : agentId,
-        roomId: restOfMemoryData.roomId ? validateUuid7(restOfMemoryData.roomId) || undefined : undefined,
-        entityId: restOfMemoryData.entityId ? validateUuid7(restOfMemoryData.entityId) || undefined : undefined,
-        worldId: restOfMemoryData.worldId ? validateUuid7(restOfMemoryData.worldId) || undefined : undefined,
-        metadata: restOfMemoryData.metadata
-      };
-      Object.keys(memoryToUpdate).forEach((key) => {
-        if (memoryToUpdate[key] === undefined) {
-          delete memoryToUpdate[key];
-        }
-      });
-      await runtime.updateMemory(memoryToUpdate);
-      logger6.success(`[MEMORY UPDATE] Successfully updated memory ${memoryId}`);
-      sendSuccess(res, { id: memoryId, message: "Memory updated successfully" });
-    } catch (error) {
-      logger6.error(`[MEMORY UPDATE] Error updating memory ${memoryId}:`, error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "UPDATE_ERROR", "Failed to update memory", error instanceof Error ? error.message : String(error));
-    }
-  });
-  router.delete("/:agentId/memories", async (req, res) => {
-    try {
-      const agentId = validateUuid7(req.params.agentId);
-      if (!agentId) {
-        return sendError(res, 400, "INVALID_ID", "Invalid agent ID");
-      }
-      const runtime = elizaOS.getAgent(agentId);
-      if (!runtime) {
-        return sendError(res, 404, "NOT_FOUND", "Agent not found");
-      }
-      const deleted = (await runtime.getAllMemories()).length;
-      await runtime.clearAllAgentMemories();
-      sendSuccess(res, { deleted, message: "All agent memories cleared successfully" });
-    } catch (error) {
-      logger6.error("[DELETE ALL AGENT MEMORIES] Error deleting all agent memories:", error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "DELETE_ERROR", "Error deleting all agent memories", error instanceof Error ? error.message : String(error));
-    }
-  });
-  router.delete("/:agentId/memories/all/:roomId", async (req, res) => {
-    try {
-      const agentId = validateUuid7(req.params.agentId);
-      const roomId = validateUuid7(req.params.roomId);
-      if (!agentId) {
-        return sendError(res, 400, "INVALID_ID", "Invalid agent ID");
-      }
-      if (!roomId) {
-        return sendError(res, 400, "INVALID_ID", "Invalid room ID");
-      }
-      const runtime = elizaOS.getAgent(agentId);
-      if (!runtime) {
-        return sendError(res, 404, "NOT_FOUND", "Agent not found");
-      }
-      await runtime.deleteAllMemories(roomId, MemoryType.MESSAGE);
-      await runtime.deleteAllMemories(roomId, MemoryType.DOCUMENT);
-      res.status(204).send();
-    } catch (error) {
-      logger6.error("[DELETE ALL MEMORIES] Error deleting all memories:", error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "DELETE_ERROR", "Error deleting all memories", error instanceof Error ? error.message : String(error));
-    }
-  });
-  router.delete("/:agentId/memories/:memoryId", async (req, res) => {
-    try {
-      const agentId = validateUuid7(req.params.agentId);
-      const memoryId = validateUuid7(req.params.memoryId);
-      if (!agentId || !memoryId) {
-        return sendError(res, 400, "INVALID_ID", "Invalid agent ID or memory ID format");
-      }
-      const runtime = elizaOS.getAgent(agentId);
-      if (!runtime) {
-        return sendError(res, 404, "NOT_FOUND", "Agent not found");
-      }
-      await runtime.deleteMemory(memoryId);
-      sendSuccess(res, { message: "Memory deleted successfully" });
-    } catch (error) {
-      logger6.error(`[DELETE MEMORY] Error deleting memory ${req.params.memoryId}:`, error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "DELETE_ERROR", "Error deleting memory", error instanceof Error ? error.message : String(error));
-    }
-  });
-  return router;
-}
-
-// src/api/memory/rooms.ts
-import { validateUuid as validateUuid8, logger as logger7, createUniqueUuid as createUniqueUuid3, ChannelType } from "@elizaos/core";
-import express8 from "express";
-function createRoomManagementRouter(elizaOS) {
-  const router = express8.Router();
-  router.post("/:agentId/rooms", async (req, res) => {
-    const agentId = validateUuid8(req.params.agentId);
-    if (!agentId) {
-      return sendError(res, 400, "INVALID_ID", "Invalid agent ID format");
-    }
-    const runtime = elizaOS.getAgent(agentId);
-    if (!runtime) {
-      return sendError(res, 404, "NOT_FOUND", "Agent not found");
-    }
-    try {
-      const { name, type = ChannelType.DM, source = "client", worldId, metadata } = req.body;
-      if (!name) {
-        return sendError(res, 400, "MISSING_PARAM", "Room name is required");
-      }
-      const roomId = createUniqueUuid3(runtime, `room-${Date.now()}`);
-      const serverId = req.body.serverId || `server-${Date.now()}`;
-      let resolvedWorldId = worldId;
-      if (!resolvedWorldId) {
-        const worldName = `World for ${name}`;
-        resolvedWorldId = createUniqueUuid3(runtime, `world-${Date.now()}`);
-        await runtime.ensureWorldExists({
-          id: resolvedWorldId,
-          name: worldName,
-          agentId: runtime.agentId,
-          serverId,
-          metadata
-        });
-      }
-      await runtime.ensureRoomExists({
-        id: roomId,
-        name,
-        source,
-        type,
-        channelId: roomId,
-        serverId,
-        worldId: resolvedWorldId,
-        metadata
-      });
-      await runtime.addParticipant(runtime.agentId, roomId);
-      await runtime.ensureParticipantInRoom(runtime.agentId, roomId);
-      await runtime.setParticipantUserState(roomId, runtime.agentId, "FOLLOWED");
-      sendSuccess(res, {
-        id: roomId,
-        name,
-        agentId,
-        createdAt: Date.now(),
-        source,
-        type,
-        worldId: resolvedWorldId,
-        serverId,
-        metadata
-      }, 201);
-    } catch (error) {
-      logger7.error(`[ROOM CREATE] Error creating room for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "CREATE_ERROR", "Failed to create room", error instanceof Error ? error.message : String(error));
-    }
-  });
-  router.get("/:agentId/rooms", async (req, res) => {
-    const agentId = validateUuid8(req.params.agentId);
-    if (!agentId) {
-      return sendError(res, 400, "INVALID_ID", "Invalid agent ID format");
-    }
-    const runtime = elizaOS.getAgent(agentId);
-    if (!runtime) {
-      return sendError(res, 404, "NOT_FOUND", "Agent not found");
-    }
-    try {
-      const worlds = await runtime.getAllWorlds();
-      const participantRoomIds = await runtime.getRoomsForParticipant(agentId);
-      const agentRooms = [];
-      for (const world of worlds) {
-        const worldRooms = await runtime.getRooms(world.id);
-        for (const room of worldRooms) {
-          if (participantRoomIds.includes(room.id)) {
-            agentRooms.push({
-              ...room
-            });
-          }
-        }
-      }
-      sendSuccess(res, { rooms: agentRooms });
-    } catch (error) {
-      logger7.error(`[ROOMS LIST] Error retrieving rooms for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "RETRIEVAL_ERROR", "Failed to retrieve agent rooms", error instanceof Error ? error.message : String(error));
-    }
-  });
-  router.get("/:agentId/rooms/:roomId", async (req, res) => {
-    const agentId = validateUuid8(req.params.agentId);
-    const roomId = validateUuid8(req.params.roomId);
-    if (!agentId || !roomId) {
-      return sendError(res, 400, "INVALID_ID", "Invalid agent ID or room ID format");
-    }
-    const runtime = elizaOS.getAgent(agentId);
-    if (!runtime) {
-      return sendError(res, 404, "NOT_FOUND", "Agent not found");
-    }
-    try {
-      const room = await runtime.getRoom(roomId);
-      if (!room) {
-        return sendError(res, 404, "NOT_FOUND", "Room not found");
-      }
-      let worldName;
-      if (room.worldId) {
-        const world = await runtime.getWorld(room.worldId);
-        worldName = world?.name;
-      }
-      sendSuccess(res, {
-        ...room,
-        ...worldName && { worldName }
-      });
-    } catch (error) {
-      logger7.error(`[ROOM DETAILS] Error retrieving room ${roomId} for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
-      sendError(res, 500, "RETRIEVAL_ERROR", "Failed to retrieve room details", error instanceof Error ? error.message : String(error));
-    }
-  });
-  return router;
-}
-
-// src/api/agents/index.ts
-function agentsRouter(elizaOS, serverInstance) {
-  const router = express9.Router();
-  router.use("/", createAgentCrudRouter(elizaOS, serverInstance));
-  router.use("/", createAgentLifecycleRouter(elizaOS, serverInstance));
-  router.use("/", createAgentWorldsRouter(elizaOS));
-  router.use("/", createAgentPanelsRouter(elizaOS));
-  router.use("/", createAgentLogsRouter(elizaOS));
-  router.use("/", createAgentRunsRouter(elizaOS));
-  router.use("/", createAgentMemoryRouter(elizaOS));
-  router.use("/", createRoomManagementRouter(elizaOS));
-  return router;
-}
-
-// src/api/messaging/index.ts
-import express15 from "express";
-
-// src/api/messaging/core.ts
-import { logger as logger8, validateUuid as validateUuid9 } from "@elizaos/core";
-import express10 from "express";
-
-// src/bus.ts
-class InternalMessageBus extends EventTarget {
-  _maxListeners = 50;
-  handlers = new Map;
-  emit(event, data) {
-    return this.dispatchEvent(new CustomEvent(event, { detail: data }));
-  }
-  on(event, handler) {
-    if (!this.handlers.has(event)) {
-      this.handlers.set(event, new Map);
-    }
-    const eventHandlers = this.handlers.get(event);
-    if (eventHandlers.has(handler)) {
-      return this;
-    }
-    const wrappedHandler = (e) => {
-      if (e instanceof CustomEvent) {
-        handler(e.detail);
-      } else {
-        handler(undefined);
-      }
-    };
-    eventHandlers.set(handler, wrappedHandler);
-    this.addEventListener(event, wrappedHandler);
-    return this;
-  }
-  off(event, handler) {
-    const eventHandlers = this.handlers.get(event);
-    const wrappedHandler = eventHandlers?.get(handler);
-    if (wrappedHandler) {
-      this.removeEventListener(event, wrappedHandler);
-      eventHandlers?.delete(handler);
-      if (eventHandlers && eventHandlers.size === 0) {
-        this.handlers.delete(event);
-      }
-    }
-  }
-  getMaxListeners() {
-    return this._maxListeners;
-  }
-  setMaxListeners(n) {
-    this._maxListeners = n;
-  }
-  removeAllListeners(event) {
-    if (event) {
-      const eventHandlers = this.handlers.get(event);
-      if (eventHandlers) {
-        for (const [_handler, wrappedHandler] of eventHandlers) {
-          this.removeEventListener(event, wrappedHandler);
-        }
-        this.handlers.delete(event);
-      }
-    } else {
-      for (const [eventName, eventHandlers] of this.handlers) {
-        for (const [_handler, wrappedHandler] of eventHandlers) {
-          this.removeEventListener(eventName, wrappedHandler);
-        }
-      }
-      this.handlers.clear();
-    }
-  }
-}
-var internalMessageBus = new InternalMessageBus;
-internalMessageBus.setMaxListeners(50);
-var bus_default = internalMessageBus;
-
-// src/utils/media-transformer.ts
-import path from "node:path";
-import { getGeneratedDir, getUploadsAgentsDir, getUploadsChannelsDir } from "@elizaos/core";
-var ID_PATTERN = /^([^/\\]+)[/\\]([^/\\]+)$/;
-var PATH_CONFIGS = [
-  {
-    getPath: getGeneratedDir,
-    apiPrefix: "/media/generated/",
-    pattern: ID_PATTERN
-  },
-  {
-    getPath: getUploadsAgentsDir,
-    apiPrefix: "/media/uploads/agents/",
-    pattern: ID_PATTERN
-  },
-  {
-    getPath: getUploadsChannelsDir,
-    apiPrefix: "/media/uploads/channels/",
-    pattern: ID_PATTERN
-  }
-];
-var isExternalUrl = (p) => /^(?:https?:|blob:|data:|file:|ipfs:|s3:|gs:)/i.test(p);
-function transformPathToApiUrl(filePath) {
-  if (!filePath || isExternalUrl(filePath) || filePath.startsWith("/media/") || !path.isAbsolute(filePath)) {
-    return filePath;
-  }
-  const normalizedPath = filePath.replace(/\\/g, "/");
-  for (const config of PATH_CONFIGS) {
-    const configPathRaw = config.getPath().replace(/\\/g, "/");
-    const configPath = configPathRaw.endsWith("/") ? configPathRaw : `${configPathRaw}/`;
-    if (normalizedPath === configPathRaw || normalizedPath.startsWith(configPath)) {
-      const relative = normalizedPath === configPathRaw ? "" : normalizedPath.slice(configPath.length);
-      if (relative) {
-        const match = relative.match(config.pattern);
-        if (match) {
-          const [, id, filename] = match;
-          return `${config.apiPrefix}${encodeURIComponent(id)}${"/"}${encodeURIComponent(filename)}`;
-        }
+            response: body.response
+          }
+        });
       }
-    }
-  }
-  return filePath;
-}
-function attachmentsToApiUrls(attachments) {
-  if (!attachments)
-    return attachments;
-  if (Array.isArray(attachments)) {
-    return attachments.map((attachment) => {
-      if (typeof attachment === "string") {
-        return transformPathToApiUrl(attachment);
+      for (const e of modelLogs) {
+        const body = e.body;
+        events.push({
+          type: "MODEL_USED",
+          timestamp: new Date(e.createdAt).getTime(),
+          data: {
+            modelType: body.modelType || (typeof e.type === "string" ? e.type.replace("useModel:", "") : undefined),
+            provider: body.provider,
+            executionTime: body.executionTime,
+            actionContext: body.actionContext,
+            params: body.params,
+            response: body.response,
+            usage: body.usage,
+            prompts: body.prompts,
+            prompt: body.prompt,
+            inputTokens: body.inputTokens,
+            outputTokens: body.outputTokens,
+            cost: body.cost
+          }
+        });
       }
-      if (attachment?.url) {
-        return { ...attachment, url: transformPathToApiUrl(attachment.url) };
+      for (const e of evaluatorLogs) {
+        const body = e.body;
+        events.push({
+          type: "EVALUATOR_COMPLETED",
+          timestamp: new Date(e.createdAt).getTime(),
+          data: {
+            evaluatorName: body.evaluator,
+            success: true
+          }
+        });
       }
-      return attachment;
-    });
-  }
-  if (typeof attachments === "string") {
-    return transformPathToApiUrl(attachments);
-  }
-  if (attachments?.url) {
-    return { ...attachments, url: transformPathToApiUrl(attachments.url) };
-  }
-  return attachments;
-}
-function transformMessageAttachments(message) {
-  if (!message || typeof message !== "object") {
-    return message;
-  }
-  if (message.content && typeof message.content === "object" && "attachments" in message.content) {
-    const content = message.content;
-    if (content.attachments) {
-      content.attachments = attachmentsToApiUrls(content.attachments);
+      for (const e of embeddingLogs) {
+        const body = e.body;
+        events.push({
+          type: "EMBEDDING_EVENT",
+          timestamp: new Date(e.createdAt).getTime(),
+          data: {
+            status: body.status,
+            memoryId: body.memoryId,
+            durationMs: body.duration
+          }
+        });
+      }
+      events.sort((a, b) => a.timestamp - b.timestamp);
+      const firstRunEvent = started || runEvents[0] || related[0];
+      const summary = {
+        runId,
+        status,
+        startedAt: startedAt || (firstRunEvent ? new Date(firstRunEvent.createdAt).getTime() : undefined),
+        endedAt,
+        durationMs,
+        messageId: firstRunEvent?.body?.messageId,
+        roomId: firstRunEvent?.body?.roomId || roomId,
+        entityId: firstRunEvent?.body?.entityId || agentId,
+        counts
+      };
+      sendSuccess(res, { summary, events });
+    } catch (error) {
+      sendError(res, 500, "RUN_DETAIL_ERROR", "Error retrieving run details", error instanceof Error ? error.message : String(error));
     }
-  }
-  if (message.metadata?.attachments) {
-    message.metadata.attachments = attachmentsToApiUrls(message.metadata.attachments);
-  }
-  return message;
+  });
+  return router;
 }
 
-// src/api/messaging/core.ts
-var DEFAULT_SERVER_ID = "00000000-0000-0000-0000-000000000000";
-function createMessagingCoreRouter(serverInstance) {
-  const router = express10.Router();
-  router.post("/submit", async (req, res) => {
-    const {
-      channel_id,
-      server_id,
-      author_id,
-      content,
-      in_reply_to_message_id,
-      source_type,
-      raw_message,
-      metadata
-    } = req.body;
-    const isValidServerId = server_id === DEFAULT_SERVER_ID || validateUuid9(server_id);
-    if (!validateUuid9(channel_id) || !validateUuid9(author_id) || !content || !isValidServerId || !source_type || !raw_message) {
-      return res.status(400).json({
-        success: false,
-        error: "Missing required fields: channel_id, server_id, author_id, content, source_type, raw_message"
-      });
+// src/api/memory/agents.ts
+import { MemoryType, createUniqueUuid as createUniqueUuid2 } from "@elizaos/core";
+import { validateUuid as validateUuid7, logger as logger6 } from "@elizaos/core";
+import express7 from "express";
+function createAgentMemoryRouter(elizaOS) {
+  const router = express7.Router();
+  router.get("/:agentId/rooms/:roomId/memories", async (req, res) => {
+    const agentId = validateUuid7(req.params.agentId);
+    const channelId = validateUuid7(req.params.roomId);
+    if (!agentId || !channelId) {
+      return sendError(res, 400, "INVALID_ID", "Invalid agent ID or channel ID format");
     }
-    if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
-      return res.status(400).json({
-        success: false,
-        error: "Invalid in_reply_to_message_id format"
-      });
+    const runtime = elizaOS.getAgent(agentId);
+    if (!runtime) {
+      return sendError(res, 404, "NOT_FOUND", "Agent not found");
     }
     try {
-      const newRootMessageData = {
-        channelId: validateUuid9(channel_id),
-        authorId: validateUuid9(author_id),
-        content,
-        rawMessage: raw_message,
-        sourceType: source_type || "agent_response",
-        inReplyToRootMessageId: in_reply_to_message_id ? validateUuid9(in_reply_to_message_id) || undefined : undefined,
-        metadata
-      };
-      const createdMessage = await serverInstance.createMessage(newRootMessageData);
-      const transformedAttachments = attachmentsToApiUrls(metadata?.attachments ?? raw_message?.attachments);
-      if (serverInstance.socketIO) {
-        serverInstance.socketIO.to(channel_id).emit("messageBroadcast", {
-          senderId: author_id,
-          senderName: metadata?.agentName || "Agent",
-          text: content,
-          roomId: channel_id,
-          serverId: server_id,
-          createdAt: new Date(createdMessage.createdAt).getTime(),
-          source: createdMessage.sourceType,
-          id: createdMessage.id,
-          thought: raw_message?.thought,
-          actions: raw_message?.actions,
-          attachments: transformedAttachments
-        });
-      }
-      res.status(201).json({ success: true, data: createdMessage });
+      const limit = req.query.limit ? Number.parseInt(req.query.limit, 10) : 20;
+      const before = req.query.before ? Number.parseInt(req.query.before, 10) : Date.now();
+      const includeEmbedding = req.query.includeEmbedding === "true";
+      const tableName = req.query.tableName || "messages";
+      const roomId = createUniqueUuid2(runtime, channelId);
+      logger6.info(`[ROOM MEMORIES] Converting channelId ${channelId} to roomId ${roomId} for agent ${agentId}`);
+      const memories = await runtime.getMemories({
+        tableName,
+        roomId,
+        count: limit,
+        end: before
+      });
+      const cleanMemories = includeEmbedding ? memories : memories.map((memory) => ({
+        ...memory,
+        embedding: undefined
+      }));
+      sendSuccess(res, { memories: cleanMemories });
     } catch (error) {
-      logger8.error("[Messages Router /submit] Error submitting agent message:", error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to submit agent message" });
+      logger6.error("[MEMORIES GET] Error retrieving memories for room:", error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "500", "Failed to retrieve memories", error instanceof Error ? error.message : String(error));
     }
   });
-  router.post("/action", async (req, res) => {
-    const {
-      messageId,
-      channel_id,
-      server_id,
-      author_id,
-      content,
-      in_reply_to_message_id,
-      source_type,
-      raw_message,
-      metadata
-    } = req.body;
-    const isValidServerId = server_id === DEFAULT_SERVER_ID || validateUuid9(server_id);
-    if (!validateUuid9(channel_id) || !validateUuid9(author_id) || !content || !isValidServerId || !source_type || !raw_message) {
-      return res.status(400).json({
-        success: false,
-        error: "Missing required fields: channel_id, server_id, author_id, content, source_type, raw_message"
-      });
-    }
-    if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
-      return res.status(400).json({ success: false, error: "Invalid in_reply_to_message_id format" });
+  router.get("/:agentId/memories", async (req, res) => {
+    const agentId = validateUuid7(req.params.agentId);
+    if (!agentId) {
+      return sendError(res, 400, "INVALID_ID", "Invalid agent ID");
     }
-    if (messageId && !validateUuid9(messageId)) {
-      return res.status(400).json({ success: false, error: "Invalid messageId format" });
+    const runtime = elizaOS.getAgent(agentId);
+    if (!runtime) {
+      return sendError(res, 404, "NOT_FOUND", "Agent not found");
     }
     try {
-      const baseData = {
-        messageId,
-        channelId: validateUuid9(channel_id),
-        authorId: validateUuid9(author_id),
-        content,
-        rawMessage: raw_message,
-        sourceType: source_type || "agent_response",
-        inReplyToRootMessageId: in_reply_to_message_id ? validateUuid9(in_reply_to_message_id) || undefined : undefined,
-        metadata
-      };
-      const savedMessage = await serverInstance.createMessage(baseData);
-      const transformedAttachments = attachmentsToApiUrls(metadata?.attachments ?? raw_message?.attachments);
-      if (serverInstance.socketIO) {
-        serverInstance.socketIO.to(channel_id).emit("messageBroadcast", {
-          senderId: author_id,
-          senderName: metadata?.agentName || "Agent",
-          text: savedMessage.content,
-          roomId: channel_id,
-          serverId: server_id,
-          createdAt: new Date(savedMessage.createdAt).getTime(),
-          source: savedMessage.sourceType,
-          id: savedMessage.id,
-          thought: raw_message?.thought,
-          actions: raw_message?.actions,
-          attachments: transformedAttachments,
-          updatedAt: new Date(savedMessage.updatedAt).getTime(),
-          rawMessage: raw_message
-        });
+      const tableName = req.query.tableName || "messages";
+      const includeEmbedding = req.query.includeEmbedding === "true";
+      let roomIdToUse;
+      if (req.query.channelId) {
+        const channelId = validateUuid7(req.query.channelId);
+        if (!channelId) {
+          return sendError(res, 400, "INVALID_ID", "Invalid channel ID format");
+        }
+        roomIdToUse = createUniqueUuid2(runtime, channelId);
+        logger6.info(`[AGENT MEMORIES] Converting channelId ${channelId} to roomId ${roomIdToUse} for agent ${agentId}`);
+      } else if (req.query.roomId) {
+        const roomId = validateUuid7(req.query.roomId);
+        if (!roomId) {
+          return sendError(res, 400, "INVALID_ID", "Invalid room ID format");
+        }
+        roomIdToUse = roomId;
       }
-      return res.status(201).json({ success: true, data: savedMessage });
+      const memories = await runtime.getMemories({
+        agentId,
+        tableName,
+        roomId: roomIdToUse
+      });
+      const cleanMemories = includeEmbedding ? memories : memories.map((memory) => ({
+        ...memory,
+        embedding: undefined
+      }));
+      sendSuccess(res, { memories: cleanMemories });
     } catch (error) {
-      logger8.error("[POST /actions] Error creating action:", error instanceof Error ? error.message : String(error));
-      return res.status(500).json({ success: false, error: "Failed to create action" });
+      logger6.error(`[AGENT MEMORIES] Error retrieving memories for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "MEMORY_ERROR", "Error retrieving agent memories", error instanceof Error ? error.message : String(error));
     }
   });
-  router.patch("/action/:id", async (req, res) => {
-    const { id } = req.params;
-    if (!validateUuid9(id)) {
-      return res.status(400).json({ success: false, error: "Invalid message id" });
-    }
-    const {
-      content,
-      raw_message,
-      source_type,
-      in_reply_to_message_id,
-      metadata,
-      author_id,
-      server_id
-    } = req.body ?? {};
-    if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
-      return res.status(400).json({ success: false, error: "Invalid in_reply_to_message_id format" });
-    }
-    if (author_id && !validateUuid9(author_id)) {
-      return res.status(400).json({ success: false, error: "Invalid author_id format" });
+  router.patch("/:agentId/memories/:memoryId", async (req, res) => {
+    const agentId = validateUuid7(req.params.agentId);
+    const memoryId = validateUuid7(req.params.memoryId);
+    const { id: _idFromData, ...restOfMemoryData } = req.body;
+    if (!agentId || !memoryId) {
+      return sendError(res, 400, "INVALID_ID", "Invalid agent ID or memory ID format");
     }
-    if (server_id && !(server_id === DEFAULT_SERVER_ID || validateUuid9(server_id))) {
-      return res.status(400).json({ success: false, error: "Invalid server_id format" });
+    const runtime = elizaOS.getAgent(agentId);
+    if (!runtime) {
+      return sendError(res, 404, "NOT_FOUND", "Agent not found");
     }
     try {
-      const updated = await serverInstance.updateMessage(id, {
-        content,
-        rawMessage: raw_message,
-        sourceType: source_type,
-        inReplyToRootMessageId: in_reply_to_message_id ? validateUuid9(in_reply_to_message_id) || undefined : undefined,
-        metadata
+      const memoryToUpdate = {
+        id: memoryId,
+        ...restOfMemoryData,
+        agentId: restOfMemoryData.agentId ? validateUuid7(restOfMemoryData.agentId) || undefined : agentId,
+        roomId: restOfMemoryData.roomId ? validateUuid7(restOfMemoryData.roomId) || undefined : undefined,
+        entityId: restOfMemoryData.entityId ? validateUuid7(restOfMemoryData.entityId) || undefined : undefined,
+        worldId: restOfMemoryData.worldId ? validateUuid7(restOfMemoryData.worldId) || undefined : undefined,
+        metadata: restOfMemoryData.metadata
+      };
+      Object.keys(memoryToUpdate).forEach((key) => {
+        if (memoryToUpdate[key] === undefined) {
+          delete memoryToUpdate[key];
+        }
       });
-      if (!updated) {
-        return res.status(404).json({ success: false, error: "Message not found" });
-      }
-      const transformedAttachments = attachmentsToApiUrls(metadata?.attachments ?? raw_message?.attachments);
-      if (serverInstance.socketIO) {
-        serverInstance.socketIO.to(updated.channelId).emit("messageBroadcast", {
-          senderId: author_id || updated.authorId,
-          senderName: metadata?.agentName || "Agent",
-          text: updated.content,
-          roomId: updated.channelId,
-          serverId: server_id,
-          createdAt: new Date(updated.createdAt).getTime(),
-          source: updated.sourceType,
-          id: updated.id,
-          thought: raw_message?.thought,
-          actions: raw_message?.actions,
-          attachments: transformedAttachments,
-          updatedAt: new Date(updated.updatedAt).getTime(),
-          rawMessage: raw_message
-        });
-      }
-      return res.status(200).json({ success: true, data: updated });
+      await runtime.updateMemory(memoryToUpdate);
+      logger6.success(`[MEMORY UPDATE] Successfully updated memory ${memoryId}`);
+      sendSuccess(res, { id: memoryId, message: "Memory updated successfully" });
     } catch (error) {
-      logger8.error("[PATCH /action/:id] Error updating action:", error instanceof Error ? error.message : String(error));
-      return res.status(500).json({ success: false, error: "Failed to update action" });
+      logger6.error(`[MEMORY UPDATE] Error updating memory ${memoryId}:`, error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "UPDATE_ERROR", "Failed to update memory", error instanceof Error ? error.message : String(error));
     }
   });
-  router.post("/ingest-external", async (req, res) => {
-    const messagePayload = req.body;
-    if (!messagePayload.channel_id || !messagePayload.server_id || !messagePayload.author_id || !messagePayload.content) {
-      return res.status(400).json({ success: false, error: "Invalid external message payload" });
-    }
+  router.delete("/:agentId/memories", async (req, res) => {
     try {
-      const messageToCreate = {
-        channelId: messagePayload.channel_id,
-        authorId: messagePayload.author_id,
-        content: messagePayload.content,
-        rawMessage: messagePayload.raw_message,
-        sourceId: messagePayload.source_id,
-        sourceType: messagePayload.source_type,
-        inReplyToRootMessageId: messagePayload.in_reply_to_message_id ? validateUuid9(messagePayload.in_reply_to_message_id) || undefined : undefined,
-        metadata: messagePayload.metadata
-      };
-      const createdRootMessage = await serverInstance.createMessage(messageToCreate);
-      const messageForBus = {
-        id: createdRootMessage.id,
-        channel_id: createdRootMessage.channelId,
-        server_id: messagePayload.server_id,
-        author_id: createdRootMessage.authorId,
-        author_display_name: messagePayload.author_display_name,
-        content: createdRootMessage.content,
-        raw_message: createdRootMessage.rawMessage,
-        source_id: createdRootMessage.sourceId,
-        source_type: createdRootMessage.sourceType,
-        in_reply_to_message_id: createdRootMessage.inReplyToRootMessageId,
-        created_at: new Date(createdRootMessage.createdAt).getTime(),
-        metadata: createdRootMessage.metadata
-      };
-      bus_default.emit("new_message", messageForBus);
-      logger8.info("[Messages Router /ingest-external] Published to internal message bus:", createdRootMessage.id);
-      if (serverInstance.socketIO) {
-        serverInstance.socketIO.to(messageForBus.channel_id).emit("messageBroadcast", {
-          senderId: messageForBus.author_id,
-          senderName: messageForBus.author_display_name || "User",
-          text: messageForBus.content,
-          roomId: messageForBus.channel_id,
-          serverId: messageForBus.server_id,
-          createdAt: messageForBus.created_at,
-          source: messageForBus.source_type,
-          id: messageForBus.id
-        });
+      const agentId = validateUuid7(req.params.agentId);
+      if (!agentId) {
+        return sendError(res, 400, "INVALID_ID", "Invalid agent ID");
       }
-      res.status(202).json({
-        success: true,
-        message: "Message ingested and published to bus",
-        data: { messageId: createdRootMessage.id }
-      });
+      const runtime = elizaOS.getAgent(agentId);
+      if (!runtime) {
+        return sendError(res, 404, "NOT_FOUND", "Agent not found");
+      }
+      const deleted = (await runtime.getAllMemories()).length;
+      await runtime.clearAllAgentMemories();
+      sendSuccess(res, { deleted, message: "All agent memories cleared successfully" });
     } catch (error) {
-      logger8.error("[Messages Router /ingest-external] Error ingesting external message:", error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to ingest message" });
+      logger6.error("[DELETE ALL AGENT MEMORIES] Error deleting all agent memories:", error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "DELETE_ERROR", "Error deleting all agent memories", error instanceof Error ? error.message : String(error));
     }
   });
-  return router;
-}
-
-// src/api/messaging/servers.ts
-import { logger as logger9, validateUuid as validateUuid10 } from "@elizaos/core";
-import express11 from "express";
-var DEFAULT_SERVER_ID2 = "00000000-0000-0000-0000-000000000000";
-function createServersRouter(serverInstance) {
-  const router = express11.Router();
-  router.get("/central-servers", async (_req, res) => {
+  router.delete("/:agentId/memories/all/:roomId", async (req, res) => {
     try {
-      const servers = await serverInstance.getServers();
-      res.json({ success: true, data: { servers } });
+      const agentId = validateUuid7(req.params.agentId);
+      const roomId = validateUuid7(req.params.roomId);
+      if (!agentId) {
+        return sendError(res, 400, "INVALID_ID", "Invalid agent ID");
+      }
+      if (!roomId) {
+        return sendError(res, 400, "INVALID_ID", "Invalid room ID");
+      }
+      const runtime = elizaOS.getAgent(agentId);
+      if (!runtime) {
+        return sendError(res, 404, "NOT_FOUND", "Agent not found");
+      }
+      await runtime.deleteAllMemories(roomId, MemoryType.MESSAGE);
+      await runtime.deleteAllMemories(roomId, MemoryType.DOCUMENT);
+      res.status(204).send();
     } catch (error) {
-      logger9.error("[Messages Router /central-servers] Error fetching servers:", error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to fetch servers" });
+      logger6.error("[DELETE ALL MEMORIES] Error deleting all memories:", error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "DELETE_ERROR", "Error deleting all memories", error instanceof Error ? error.message : String(error));
     }
   });
-  router.post("/servers", async (req, res) => {
-    const { name, sourceType, sourceId, metadata } = req.body;
-    if (!name || !sourceType) {
-      return res.status(400).json({
-        success: false,
-        error: "Missing required fields: name, sourceType"
-      });
-    }
+  router.delete("/:agentId/memories/:memoryId", async (req, res) => {
     try {
-      const server = await serverInstance.createServer({
-        name,
-        sourceType,
-        sourceId,
-        metadata
-      });
-      res.status(201).json({ success: true, data: { server } });
+      const agentId = validateUuid7(req.params.agentId);
+      const memoryId = validateUuid7(req.params.memoryId);
+      if (!agentId || !memoryId) {
+        return sendError(res, 400, "INVALID_ID", "Invalid agent ID or memory ID format");
+      }
+      const runtime = elizaOS.getAgent(agentId);
+      if (!runtime) {
+        return sendError(res, 404, "NOT_FOUND", "Agent not found");
+      }
+      await runtime.deleteMemory(memoryId);
+      sendSuccess(res, { message: "Memory deleted successfully" });
     } catch (error) {
-      logger9.error("[Messages Router /servers] Error creating server:", error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to create server" });
+      logger6.error(`[DELETE MEMORY] Error deleting memory ${req.params.memoryId}:`, error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "DELETE_ERROR", "Error deleting memory", error instanceof Error ? error.message : String(error));
     }
   });
-  router.post("/servers/:serverId/agents", async (req, res) => {
-    const serverId = req.params.serverId === DEFAULT_SERVER_ID2 ? DEFAULT_SERVER_ID2 : validateUuid10(req.params.serverId);
-    const { agentId } = req.body;
-    if (!serverId || !validateUuid10(agentId)) {
-      return res.status(400).json({
-        success: false,
-        error: "Invalid serverId or agentId format"
-      });
-    }
-    try {
-      await serverInstance.addAgentToServer(serverId, agentId);
-      const messageForBus = {
-        type: "agent_added_to_server",
-        serverId,
-        agentId
-      };
-      bus_default.emit("server_agent_update", messageForBus);
-      res.status(201).json({
-        success: true,
-        data: {
-          serverId,
-          agentId,
-          message: "Agent added to server successfully"
-        }
-      });
-    } catch (error) {
-      logger9.error(`[MessagesRouter] Error adding agent ${agentId} to server ${serverId}:`, error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to add agent to server" });
+  return router;
+}
+
+// src/api/memory/rooms.ts
+import { validateUuid as validateUuid8, logger as logger7, createUniqueUuid as createUniqueUuid3, ChannelType } from "@elizaos/core";
+import express8 from "express";
+function createRoomManagementRouter(elizaOS) {
+  const router = express8.Router();
+  router.post("/:agentId/rooms", async (req, res) => {
+    const agentId = validateUuid8(req.params.agentId);
+    if (!agentId) {
+      return sendError(res, 400, "INVALID_ID", "Invalid agent ID format");
     }
-  });
-  router.delete("/servers/:serverId/agents/:agentId", async (req, res) => {
-    const serverId = req.params.serverId === DEFAULT_SERVER_ID2 ? DEFAULT_SERVER_ID2 : validateUuid10(req.params.serverId);
-    const agentId = validateUuid10(req.params.agentId);
-    if (!serverId || !agentId) {
-      return res.status(400).json({
-        success: false,
-        error: "Invalid serverId or agentId format"
-      });
+    const runtime = elizaOS.getAgent(agentId);
+    if (!runtime) {
+      return sendError(res, 404, "NOT_FOUND", "Agent not found");
     }
     try {
-      await serverInstance.removeAgentFromServer(serverId, agentId);
-      const messageForBus = {
-        type: "agent_removed_from_server",
-        serverId,
-        agentId
-      };
-      bus_default.emit("server_agent_update", messageForBus);
-      res.status(200).json({
-        success: true,
-        data: {
+      const { name, type = ChannelType.DM, source = "client", worldId, metadata } = req.body;
+      if (!name) {
+        return sendError(res, 400, "MISSING_PARAM", "Room name is required");
+      }
+      const roomId = createUniqueUuid3(runtime, `room-${Date.now()}`);
+      const serverId = req.body.serverId || `server-${Date.now()}`;
+      let resolvedWorldId = worldId;
+      if (!resolvedWorldId) {
+        const worldName = `World for ${name}`;
+        resolvedWorldId = createUniqueUuid3(runtime, `world-${Date.now()}`);
+        await runtime.ensureWorldExists({
+          id: resolvedWorldId,
+          name: worldName,
+          agentId: runtime.agentId,
           serverId,
-          agentId,
-          message: "Agent removed from server successfully"
-        }
+          metadata
+        });
+      }
+      await runtime.ensureRoomExists({
+        id: roomId,
+        name,
+        source,
+        type,
+        channelId: roomId,
+        serverId,
+        worldId: resolvedWorldId,
+        metadata
       });
+      await runtime.addParticipant(runtime.agentId, roomId);
+      await runtime.ensureParticipantInRoom(runtime.agentId, roomId);
+      await runtime.setParticipantUserState(roomId, runtime.agentId, "FOLLOWED");
+      sendSuccess(res, {
+        id: roomId,
+        name,
+        agentId,
+        createdAt: Date.now(),
+        source,
+        type,
+        worldId: resolvedWorldId,
+        serverId,
+        metadata
+      }, 201);
     } catch (error) {
-      logger9.error(`[MessagesRouter] Error removing agent ${agentId} from server ${serverId}:`, error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to remove agent from server" });
+      logger7.error(`[ROOM CREATE] Error creating room for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "CREATE_ERROR", "Failed to create room", error instanceof Error ? error.message : String(error));
     }
   });
-  router.get("/servers/:serverId/agents", async (req, res) => {
-    const serverId = req.params.serverId === DEFAULT_SERVER_ID2 ? DEFAULT_SERVER_ID2 : validateUuid10(req.params.serverId);
-    if (!serverId) {
-      return res.status(400).json({
-        success: false,
-        error: "Invalid serverId format"
-      });
+  router.get("/:agentId/rooms", async (req, res) => {
+    const agentId = validateUuid8(req.params.agentId);
+    if (!agentId) {
+      return sendError(res, 400, "INVALID_ID", "Invalid agent ID format");
+    }
+    const runtime = elizaOS.getAgent(agentId);
+    if (!runtime) {
+      return sendError(res, 404, "NOT_FOUND", "Agent not found");
     }
     try {
-      const agents = await serverInstance.getAgentsForServer(serverId);
-      res.json({
-        success: true,
-        data: {
-          serverId,
-          agents
+      const worlds = await runtime.getAllWorlds();
+      const participantRoomIds = await runtime.getRoomsForParticipant(agentId);
+      const agentRooms = [];
+      for (const world of worlds) {
+        const worldRooms = await runtime.getRooms(world.id);
+        for (const room of worldRooms) {
+          if (participantRoomIds.includes(room.id)) {
+            agentRooms.push({
+              ...room
+            });
+          }
         }
-      });
+      }
+      sendSuccess(res, { rooms: agentRooms });
     } catch (error) {
-      logger9.error(`[MessagesRouter] Error fetching agents for server ${serverId}:`, error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to fetch server agents" });
+      logger7.error(`[ROOMS LIST] Error retrieving rooms for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "RETRIEVAL_ERROR", "Failed to retrieve agent rooms", error instanceof Error ? error.message : String(error));
     }
   });
-  router.get("/agents/:agentId/servers", async (req, res) => {
-    const agentId = validateUuid10(req.params.agentId);
-    if (!agentId) {
-      return res.status(400).json({
-        success: false,
-        error: "Invalid agentId format"
-      });
+  router.get("/:agentId/rooms/:roomId", async (req, res) => {
+    const agentId = validateUuid8(req.params.agentId);
+    const roomId = validateUuid8(req.params.roomId);
+    if (!agentId || !roomId) {
+      return sendError(res, 400, "INVALID_ID", "Invalid agent ID or room ID format");
+    }
+    const runtime = elizaOS.getAgent(agentId);
+    if (!runtime) {
+      return sendError(res, 404, "NOT_FOUND", "Agent not found");
     }
     try {
-      const servers = await serverInstance.getServersForAgent(agentId);
-      res.json({
-        success: true,
-        data: {
-          agentId,
-          servers
-        }
+      const room = await runtime.getRoom(roomId);
+      if (!room) {
+        return sendError(res, 404, "NOT_FOUND", "Room not found");
+      }
+      let worldName;
+      if (room.worldId) {
+        const world = await runtime.getWorld(room.worldId);
+        worldName = world?.name;
+      }
+      sendSuccess(res, {
+        ...room,
+        ...worldName && { worldName }
       });
     } catch (error) {
-      logger9.error(`[MessagesRouter] Error fetching servers for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
-      res.status(500).json({ success: false, error: "Failed to fetch agent servers" });
+      logger7.error(`[ROOM DETAILS] Error retrieving room ${roomId} for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
+      sendError(res, 500, "RETRIEVAL_ERROR", "Failed to retrieve room details", error instanceof Error ? error.message : String(error));
     }
   });
   return router;
 }
 
-// src/api/messaging/channels.ts
-import {
-  composePromptFromState,
-  ModelType,
-  ChannelType as ChannelType2,
-  logger as logger15,
-  validateUuid as validateUuid13,
-  getUploadsChannelsDir as getUploadsChannelsDir2
-} from "@elizaos/core";
-import express12 from "express";
+// src/api/agents/index.ts
+function agentsRouter(elizaOS, serverInstance) {
+  const router = express9.Router();
+  router.use("/", createAgentCrudRouter(elizaOS, serverInstance));
+  router.use("/", createAgentLifecycleRouter(elizaOS, serverInstance));
+  router.use("/", createAgentWorldsRouter(elizaOS));
+  router.use("/", createAgentPanelsRouter(elizaOS));
+  router.use("/", createAgentLogsRouter(elizaOS));
+  router.use("/", createAgentRunsRouter(elizaOS));
+  router.use("/", createAgentMemoryRouter(elizaOS));
+  router.use("/", createRoomManagementRouter(elizaOS));
+  return router;
+}
 
-// src/middleware/auth.ts
-import { logger as logger10 } from "@elizaos/core";
-function apiKeyAuthMiddleware(req, res, next) {
-  const serverAuthToken = process.env.ELIZA_SERVER_AUTH_TOKEN;
-  if (!serverAuthToken) {
-    return next();
-  }
-  if (req.method === "OPTIONS") {
-    return next();
-  }
-  const apiKey = req.headers?.["x-api-key"];
-  if (!apiKey || apiKey !== serverAuthToken) {
-    logger10.warn(`Unauthorized access attempt: Missing or invalid X-API-KEY from ${req.ip}`);
-    return res.status(401).send("Unauthorized: Invalid or missing X-API-KEY");
+// src/api/messaging/index.ts
+import express15 from "express";
+
+// src/api/messaging/core.ts
+import { logger as logger8, validateUuid as validateUuid9 } from "@elizaos/core";
+import express10 from "express";
+
+// src/bus.ts
+class InternalMessageBus extends EventTarget {
+  _maxListeners = 50;
+  handlers = new Map;
+  emit(event, data) {
+    return this.dispatchEvent(new CustomEvent(event, { detail: data }));
   }
-  next();
-}
-// src/middleware/security.ts
-import { logger as logger11 } from "@elizaos/core";
-var securityMiddleware = () => {
-  return (req, res, next) => {
-    res.setHeader("X-Content-Type-Options", "nosniff");
-    res.setHeader("X-Frame-Options", "SAMEORIGIN");
-    res.setHeader("X-XSS-Protection", "1; mode=block");
-    res.setHeader("Referrer-Policy", "no-referrer");
-    res.removeHeader("X-Powered-By");
-    res.removeHeader("Server");
-    const userAgent = req.get("User-Agent");
-    const forwarded = req.get("X-Forwarded-For");
-    const realIp = req.get("X-Real-IP");
-    const clientIp = forwarded || realIp || req.ip;
-    if (userAgent && (userAgent.includes("..") || userAgent.includes("<script"))) {
-      logger11.warn(`[SECURITY] Suspicious User-Agent from ${clientIp}: ${userAgent}`);
+  on(event, handler) {
+    if (!this.handlers.has(event)) {
+      this.handlers.set(event, new Map);
     }
-    const url = req.originalUrl || req.url;
-    const queryString = JSON.stringify(req.query);
-    const suspiciousIndicators = [
-      { pattern: "..", name: "Path traversal" },
-      { pattern: "<script", name: "XSS attempt" },
-      { pattern: "javascript:", name: "JavaScript injection" }
-    ];
-    const sqlKeywords = ["union", "select", "drop", "delete", "insert", "update"];
-    let hasSqlPattern = false;
-    const lowerUrl = url.toLowerCase();
-    const lowerQuery = queryString.toLowerCase();
-    for (let i = 0;i < sqlKeywords.length - 1; i++) {
-      const keyword1 = sqlKeywords[i];
-      for (let j = i + 1;j < sqlKeywords.length; j++) {
-        const keyword2 = sqlKeywords[j];
-        if (lowerUrl.includes(keyword1) && lowerUrl.includes(keyword2) || lowerQuery.includes(keyword1) && lowerQuery.includes(keyword2)) {
-          hasSqlPattern = true;
-          break;
-        }
-      }
-      if (hasSqlPattern)
-        break;
+    const eventHandlers = this.handlers.get(event);
+    if (eventHandlers.has(handler)) {
+      return this;
     }
-    for (const indicator of suspiciousIndicators) {
-      if (url.includes(indicator.pattern) || queryString.includes(indicator.pattern)) {
-        logger11.warn(`[SECURITY] ${indicator.name} detected from ${clientIp}: ${url}`);
-        break;
+    const wrappedHandler = (e) => {
+      if (e instanceof CustomEvent) {
+        handler(e.detail);
+      } else {
+        handler(undefined);
       }
-    }
-    if (hasSqlPattern) {
-      logger11.warn(`[SECURITY] SQL injection pattern detected from ${clientIp}: ${url}`);
-    }
-    next();
-  };
-};
-// ../../node_modules/express-rate-limit/dist/index.mjs
-var import_ip_address = __toESM(require_ip_address(), 1);
-import { isIPv6 } from "node:net";
-import { isIPv6 as isIPv62 } from "node:net";
-import { Buffer as Buffer2 } from "node:buffer";
-import { createHash } from "node:crypto";
-import { isIP } from "node:net";
-function ipKeyGenerator(ip, ipv6Subnet = 56) {
-  if (ipv6Subnet && isIPv6(ip)) {
-    return `${new import_ip_address.Address6(`${ip}/${ipv6Subnet}`).startAddress().correctForm()}/${ipv6Subnet}`;
-  }
-  return ip;
-}
-var MemoryStore = class {
-  constructor(validations2) {
-    this.validations = validations2;
-    this.previous = /* @__PURE__ */ new Map;
-    this.current = /* @__PURE__ */ new Map;
-    this.localKeys = true;
-  }
-  init(options) {
-    this.windowMs = options.windowMs;
-    this.validations?.windowMs(this.windowMs);
-    if (this.interval)
-      clearInterval(this.interval);
-    this.interval = setInterval(() => {
-      this.clearExpired();
-    }, this.windowMs);
-    this.interval.unref?.();
-  }
-  async get(key) {
-    return this.current.get(key) ?? this.previous.get(key);
+    };
+    eventHandlers.set(handler, wrappedHandler);
+    this.addEventListener(event, wrappedHandler);
+    return this;
   }
-  async increment(key) {
-    const client = this.getClient(key);
-    const now = Date.now();
-    if (client.resetTime.getTime() <= now) {
-      this.resetClient(client, now);
+  off(event, handler) {
+    const eventHandlers = this.handlers.get(event);
+    const wrappedHandler = eventHandlers?.get(handler);
+    if (wrappedHandler) {
+      this.removeEventListener(event, wrappedHandler);
+      eventHandlers?.delete(handler);
+      if (eventHandlers && eventHandlers.size === 0) {
+        this.handlers.delete(event);
+      }
     }
-    client.totalHits++;
-    return client;
-  }
-  async decrement(key) {
-    const client = this.getClient(key);
-    if (client.totalHits > 0)
-      client.totalHits--;
-  }
-  async resetKey(key) {
-    this.current.delete(key);
-    this.previous.delete(key);
-  }
-  async resetAll() {
-    this.current.clear();
-    this.previous.clear();
   }
-  shutdown() {
-    clearInterval(this.interval);
-    this.resetAll();
+  getMaxListeners() {
+    return this._maxListeners;
   }
-  resetClient(client, now = Date.now()) {
-    client.totalHits = 0;
-    client.resetTime.setTime(now + this.windowMs);
-    return client;
+  setMaxListeners(n) {
+    this._maxListeners = n;
   }
-  getClient(key) {
-    if (this.current.has(key))
-      return this.current.get(key);
-    let client;
-    if (this.previous.has(key)) {
-      client = this.previous.get(key);
-      this.previous.delete(key);
+  removeAllListeners(event) {
+    if (event) {
+      const eventHandlers = this.handlers.get(event);
+      if (eventHandlers) {
+        for (const [_handler, wrappedHandler] of eventHandlers) {
+          this.removeEventListener(event, wrappedHandler);
+        }
+        this.handlers.delete(event);
+      }
     } else {
-      client = { totalHits: 0, resetTime: /* @__PURE__ */ new Date };
-      this.resetClient(client);
+      for (const [eventName, eventHandlers] of this.handlers) {
+        for (const [_handler, wrappedHandler] of eventHandlers) {
+          this.removeEventListener(eventName, wrappedHandler);
+        }
+      }
+      this.handlers.clear();
     }
-    this.current.set(key, client);
-    return client;
   }
-  clearExpired() {
-    this.previous = this.current;
-    this.current = /* @__PURE__ */ new Map;
+}
+var internalMessageBus = new InternalMessageBus;
+internalMessageBus.setMaxListeners(50);
+var bus_default = internalMessageBus;
+
+// src/utils/media-transformer.ts
+import path from "node:path";
+import { getGeneratedDir, getUploadsAgentsDir, getUploadsChannelsDir } from "@elizaos/core";
+var ID_PATTERN = /^([^/\\]+)[/\\]([^/\\]+)$/;
+var PATH_CONFIGS = [
+  {
+    getPath: getGeneratedDir,
+    apiPrefix: "/media/generated/",
+    pattern: ID_PATTERN
+  },
+  {
+    getPath: getUploadsAgentsDir,
+    apiPrefix: "/media/uploads/agents/",
+    pattern: ID_PATTERN
+  },
+  {
+    getPath: getUploadsChannelsDir,
+    apiPrefix: "/media/uploads/channels/",
+    pattern: ID_PATTERN
   }
-};
-var SUPPORTED_DRAFT_VERSIONS = [
-  "draft-6",
-  "draft-7",
-  "draft-8"
 ];
-var getResetSeconds = (windowMs, resetTime) => {
-  let resetSeconds;
-  if (resetTime) {
-    const deltaSeconds = Math.ceil((resetTime.getTime() - Date.now()) / 1000);
-    resetSeconds = Math.max(0, deltaSeconds);
-  } else {
-    resetSeconds = Math.ceil(windowMs / 1000);
-  }
-  return resetSeconds;
-};
-var getPartitionKey = (key) => {
-  const hash = createHash("sha256");
-  hash.update(key);
-  const partitionKey = hash.digest("hex").slice(0, 12);
-  return Buffer2.from(partitionKey).toString("base64");
-};
-var setLegacyHeaders = (response, info) => {
-  if (response.headersSent)
-    return;
-  response.setHeader("X-RateLimit-Limit", info.limit.toString());
-  response.setHeader("X-RateLimit-Remaining", info.remaining.toString());
-  if (info.resetTime instanceof Date) {
-    response.setHeader("Date", (/* @__PURE__ */ new Date()).toUTCString());
-    response.setHeader("X-RateLimit-Reset", Math.ceil(info.resetTime.getTime() / 1000).toString());
+var isExternalUrl = (p) => /^(?:https?:|blob:|data:|file:|ipfs:|s3:|gs:)/i.test(p);
+function transformPathToApiUrl(filePath) {
+  if (!filePath || isExternalUrl(filePath) || filePath.startsWith("/media/") || !path.isAbsolute(filePath)) {
+    return filePath;
   }
-};
-var setDraft6Headers = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
-  const windowSeconds = Math.ceil(windowMs / 1000);
-  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
-  response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
-  response.setHeader("RateLimit-Limit", info.limit.toString());
-  response.setHeader("RateLimit-Remaining", info.remaining.toString());
-  if (typeof resetSeconds === "number")
-    response.setHeader("RateLimit-Reset", resetSeconds.toString());
-};
-var setDraft7Headers = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
-  const windowSeconds = Math.ceil(windowMs / 1000);
-  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
-  response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
-  response.setHeader("RateLimit", `limit=${info.limit}, remaining=${info.remaining}, reset=${resetSeconds}`);
-};
-var setDraft8Headers = (response, info, windowMs, name, key) => {
-  if (response.headersSent)
-    return;
-  const windowSeconds = Math.ceil(windowMs / 1000);
-  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
-  const partitionKey = getPartitionKey(key);
-  const header = `r=${info.remaining}; t=${resetSeconds}`;
-  const policy = `q=${info.limit}; w=${windowSeconds}; pk=:${partitionKey}:`;
-  response.append("RateLimit", `"${name}"; ${header}`);
-  response.append("RateLimit-Policy", `"${name}"; ${policy}`);
-};
-var setRetryAfterHeader = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
-  const resetSeconds = getResetSeconds(windowMs, info.resetTime);
-  response.setHeader("Retry-After", resetSeconds.toString());
-};
-var omitUndefinedProperties = (passedOptions) => {
-  const omittedOptions = {};
-  for (const k of Object.keys(passedOptions)) {
-    const key = k;
-    if (passedOptions[key] !== undefined) {
-      omittedOptions[key] = passedOptions[key];
+  const normalizedPath = filePath.replace(/\\/g, "/");
+  for (const config of PATH_CONFIGS) {
+    const configPathRaw = config.getPath().replace(/\\/g, "/");
+    const configPath = configPathRaw.endsWith("/") ? configPathRaw : `${configPathRaw}/`;
+    if (normalizedPath === configPathRaw || normalizedPath.startsWith(configPath)) {
+      const relative = normalizedPath === configPathRaw ? "" : normalizedPath.slice(configPath.length);
+      if (relative) {
+        const match = relative.match(config.pattern);
+        if (match) {
+          const [, id, filename] = match;
+          return `${config.apiPrefix}${encodeURIComponent(id)}${"/"}${encodeURIComponent(filename)}`;
+        }
+      }
     }
   }
-  return omittedOptions;
-};
-var ValidationError = class extends Error {
-  constructor(code, message) {
-    const url = `https://express-rate-limit.github.io/${code}/`;
-    super(`${message} See ${url} for more information.`);
-    this.name = this.constructor.name;
-    this.code = code;
-    this.help = url;
+  return filePath;
+}
+function attachmentsToApiUrls(attachments) {
+  if (!attachments)
+    return attachments;
+  if (Array.isArray(attachments)) {
+    return attachments.map((attachment) => {
+      if (typeof attachment === "string") {
+        return transformPathToApiUrl(attachment);
+      }
+      if (attachment?.url) {
+        return { ...attachment, url: transformPathToApiUrl(attachment.url) };
+      }
+      return attachment;
+    });
+  }
+  if (typeof attachments === "string") {
+    return transformPathToApiUrl(attachments);
+  }
+  if (attachments?.url) {
+    return { ...attachments, url: transformPathToApiUrl(attachments.url) };
+  }
+  return attachments;
+}
+function transformMessageAttachments(message) {
+  if (!message || typeof message !== "object") {
+    return message;
   }
-};
-var ChangeWarning = class extends ValidationError {
-};
-var usedStores = /* @__PURE__ */ new Set;
-var singleCountKeys = /* @__PURE__ */ new WeakMap;
-var validations = {
-  enabled: {
-    default: true
-  },
-  disable() {
-    for (const k of Object.keys(this.enabled))
-      this.enabled[k] = false;
-  },
-  ip(ip) {
-    if (ip === undefined) {
-      throw new ValidationError("ERR_ERL_UNDEFINED_IP_ADDRESS", `An undefined 'request.ip' was detected. This might indicate a misconfiguration or the connection being destroyed prematurely.`);
-    }
-    if (!isIP(ip)) {
-      throw new ValidationError("ERR_ERL_INVALID_IP_ADDRESS", `An invalid 'request.ip' (${ip}) was detected. Consider passing a custom 'keyGenerator' function to the rate limiter.`);
-    }
-  },
-  trustProxy(request) {
-    if (request.app.get("trust proxy") === true) {
-      throw new ValidationError("ERR_ERL_PERMISSIVE_TRUST_PROXY", `The Express 'trust proxy' setting is true, which allows anyone to trivially bypass IP-based rate limiting.`);
-    }
-  },
-  xForwardedForHeader(request) {
-    if (request.headers["x-forwarded-for"] && request.app.get("trust proxy") === false) {
-      throw new ValidationError("ERR_ERL_UNEXPECTED_X_FORWARDED_FOR", `The 'X-Forwarded-For' header is set but the Express 'trust proxy' setting is false (default). This could indicate a misconfiguration which would prevent express-rate-limit from accurately identifying users.`);
+  if (message.content && typeof message.content === "object" && "attachments" in message.content) {
+    const content = message.content;
+    if (content.attachments) {
+      content.attachments = attachmentsToApiUrls(content.attachments);
     }
-  },
-  forwardedHeader(request) {
-    if (request.headers.forwarded && request.ip === request.socket?.remoteAddress) {
-      throw new ValidationError("ERR_ERL_FORWARDED_HEADER", `The 'Forwarded' header (standardized X-Forwarded-For) is set but currently being ignored. Add a custom keyGenerator to use a value from this header.`);
+  }
+  if (message.metadata?.attachments) {
+    message.metadata.attachments = attachmentsToApiUrls(message.metadata.attachments);
+  }
+  return message;
+}
+
+// src/api/messaging/core.ts
+function createMessagingCoreRouter(serverInstance) {
+  const router = express10.Router();
+  router.post("/submit", async (req, res) => {
+    const {
+      channel_id,
+      server_id,
+      author_id,
+      content,
+      in_reply_to_message_id,
+      source_type,
+      raw_message,
+      metadata
+    } = req.body;
+    const isValidServerId = server_id === serverInstance.serverId;
+    if (!validateUuid9(channel_id) || !validateUuid9(author_id) || !content || !isValidServerId || !source_type || !raw_message) {
+      return res.status(400).json({
+        success: false,
+        error: "Missing required fields: channel_id, server_id, author_id, content, source_type, raw_message"
+      });
     }
-  },
-  positiveHits(hits) {
-    if (typeof hits !== "number" || hits < 1 || hits !== Math.round(hits)) {
-      throw new ValidationError("ERR_ERL_INVALID_HITS", `The totalHits value returned from the store must be a positive integer, got ${hits}`);
+    if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
+      return res.status(400).json({
+        success: false,
+        error: "Invalid in_reply_to_message_id format"
+      });
     }
-  },
-  unsharedStore(store) {
-    if (usedStores.has(store)) {
-      const maybeUniquePrefix = store?.localKeys ? "" : " (with a unique prefix)";
-      throw new ValidationError("ERR_ERL_STORE_REUSE", `A Store instance must not be shared across multiple rate limiters. Create a new instance of ${store.constructor.name}${maybeUniquePrefix} for each limiter instead.`);
+    try {
+      const newRootMessageData = {
+        channelId: validateUuid9(channel_id),
+        authorId: validateUuid9(author_id),
+        content,
+        rawMessage: raw_message,
+        sourceType: source_type || "agent_response",
+        inReplyToRootMessageId: in_reply_to_message_id ? validateUuid9(in_reply_to_message_id) || undefined : undefined,
+        metadata
+      };
+      const createdMessage = await serverInstance.createMessage(newRootMessageData);
+      const transformedAttachments = attachmentsToApiUrls(metadata?.attachments ?? raw_message?.attachments);
+      if (serverInstance.socketIO) {
+        serverInstance.socketIO.to(channel_id).emit("messageBroadcast", {
+          senderId: author_id,
+          senderName: metadata?.agentName || "Agent",
+          text: content,
+          roomId: channel_id,
+          serverId: server_id,
+          createdAt: new Date(createdMessage.createdAt).getTime(),
+          source: createdMessage.sourceType,
+          id: createdMessage.id,
+          thought: raw_message?.thought,
+          actions: raw_message?.actions,
+          attachments: transformedAttachments
+        });
+      }
+      res.status(201).json({ success: true, data: createdMessage });
+    } catch (error) {
+      logger8.error("[Messages Router /submit] Error submitting agent message:", error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to submit agent message" });
     }
-    usedStores.add(store);
-  },
-  singleCount(request, store, key) {
-    let storeKeys = singleCountKeys.get(request);
-    if (!storeKeys) {
-      storeKeys = /* @__PURE__ */ new Map;
-      singleCountKeys.set(request, storeKeys);
+  });
+  router.post("/action", async (req, res) => {
+    const {
+      messageId,
+      channel_id,
+      server_id,
+      author_id,
+      content,
+      in_reply_to_message_id,
+      source_type,
+      raw_message,
+      metadata
+    } = req.body;
+    const isValidServerId = server_id === serverInstance.serverId;
+    if (!validateUuid9(channel_id) || !validateUuid9(author_id) || !content || !isValidServerId || !source_type || !raw_message) {
+      return res.status(400).json({
+        success: false,
+        error: "Missing required fields: channel_id, server_id, author_id, content, source_type, raw_message"
+      });
     }
-    const storeKey = store.localKeys ? store : store.constructor.name;
-    let keys = storeKeys.get(storeKey);
-    if (!keys) {
-      keys = [];
-      storeKeys.set(storeKey, keys);
+    if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
+      return res.status(400).json({ success: false, error: "Invalid in_reply_to_message_id format" });
     }
-    const prefixedKey = `${store.prefix ?? ""}${key}`;
-    if (keys.includes(prefixedKey)) {
-      throw new ValidationError("ERR_ERL_DOUBLE_COUNT", `The hit count for ${key} was incremented more than once for a single request.`);
+    if (messageId && !validateUuid9(messageId)) {
+      return res.status(400).json({ success: false, error: "Invalid messageId format" });
     }
-    keys.push(prefixedKey);
-  },
-  limit(limit) {
-    if (limit === 0) {
-      throw new ChangeWarning("WRN_ERL_MAX_ZERO", "Setting limit or max to 0 disables rate limiting in express-rate-limit v6 and older, but will cause all requests to be blocked in v7");
+    try {
+      const baseData = {
+        messageId,
+        channelId: validateUuid9(channel_id),
+        authorId: validateUuid9(author_id),
+        content,
+        rawMessage: raw_message,
+        sourceType: source_type || "agent_response",
+        inReplyToRootMessageId: in_reply_to_message_id ? validateUuid9(in_reply_to_message_id) || undefined : undefined,
+        metadata
+      };
+      const savedMessage = await serverInstance.createMessage(baseData);
+      const transformedAttachments = attachmentsToApiUrls(metadata?.attachments ?? raw_message?.attachments);
+      if (serverInstance.socketIO) {
+        serverInstance.socketIO.to(channel_id).emit("messageBroadcast", {
+          senderId: author_id,
+          senderName: metadata?.agentName || "Agent",
+          text: savedMessage.content,
+          roomId: channel_id,
+          serverId: server_id,
+          createdAt: new Date(savedMessage.createdAt).getTime(),
+          source: savedMessage.sourceType,
+          id: savedMessage.id,
+          thought: raw_message?.thought,
+          actions: raw_message?.actions,
+          attachments: transformedAttachments,
+          updatedAt: new Date(savedMessage.updatedAt).getTime(),
+          rawMessage: raw_message
+        });
+      }
+      return res.status(201).json({ success: true, data: savedMessage });
+    } catch (error) {
+      logger8.error("[POST /actions] Error creating action:", error instanceof Error ? error.message : String(error));
+      return res.status(500).json({ success: false, error: "Failed to create action" });
     }
-  },
-  draftPolliHeaders(draft_polli_ratelimit_headers) {
-    if (draft_polli_ratelimit_headers) {
-      throw new ChangeWarning("WRN_ERL_DEPRECATED_DRAFT_POLLI_HEADERS", `The draft_polli_ratelimit_headers configuration option is deprecated and has been removed in express-rate-limit v7, please set standardHeaders: 'draft-6' instead.`);
+  });
+  router.patch("/action/:id", async (req, res) => {
+    const { id } = req.params;
+    if (!validateUuid9(id)) {
+      return res.status(400).json({ success: false, error: "Invalid message id" });
     }
-  },
-  onLimitReached(onLimitReached) {
-    if (onLimitReached) {
-      throw new ChangeWarning("WRN_ERL_DEPRECATED_ON_LIMIT_REACHED", "The onLimitReached configuration option is deprecated and has been removed in express-rate-limit v7.");
+    const {
+      content,
+      raw_message,
+      source_type,
+      in_reply_to_message_id,
+      metadata,
+      author_id,
+      server_id
+    } = req.body ?? {};
+    if (in_reply_to_message_id && !validateUuid9(in_reply_to_message_id)) {
+      return res.status(400).json({ success: false, error: "Invalid in_reply_to_message_id format" });
     }
-  },
-  headersDraftVersion(version) {
-    if (typeof version !== "string" || !SUPPORTED_DRAFT_VERSIONS.includes(version)) {
-      const versionString = SUPPORTED_DRAFT_VERSIONS.join(", ");
-      throw new ValidationError("ERR_ERL_HEADERS_UNSUPPORTED_DRAFT_VERSION", `standardHeaders: only the following versions of the IETF draft specification are supported: ${versionString}.`);
+    if (author_id && !validateUuid9(author_id)) {
+      return res.status(400).json({ success: false, error: "Invalid author_id format" });
     }
-  },
-  headersResetTime(resetTime) {
-    if (!resetTime) {
-      throw new ValidationError("ERR_ERL_HEADERS_NO_RESET", `standardHeaders:  'draft-7' requires a 'resetTime', but the store did not provide one. The 'windowMs' value will be used instead, which may cause clients to wait longer than necessary.`);
+    if (server_id && server_id !== serverInstance.serverId) {
+      return res.status(403).json({ success: false, error: "Forbidden: server_id does not match current server" });
     }
-  },
-  validationsConfig() {
-    const supportedValidations = Object.keys(this).filter((k) => !["enabled", "disable"].includes(k));
-    supportedValidations.push("default");
-    for (const key of Object.keys(this.enabled)) {
-      if (!supportedValidations.includes(key)) {
-        throw new ValidationError("ERR_ERL_UNKNOWN_VALIDATION", `options.validate.${key} is not recognized. Supported validate options are: ${supportedValidations.join(", ")}.`);
+    try {
+      const updated = await serverInstance.updateMessage(id, {
+        content,
+        rawMessage: raw_message,
+        sourceType: source_type,
+        inReplyToRootMessageId: in_reply_to_message_id ? validateUuid9(in_reply_to_message_id) || undefined : undefined,
+        metadata
+      });
+      if (!updated) {
+        return res.status(404).json({ success: false, error: "Message not found" });
       }
-    }
-  },
-  creationStack(store) {
-    const { stack } = new Error("express-rate-limit validation check (set options.validate.creationStack=false to disable)");
-    if (stack?.includes("Layer.handle [as handle_request]") || stack?.includes("Layer.handleRequest")) {
-      if (!store.localKeys) {
-        throw new ValidationError("ERR_ERL_CREATED_IN_REQUEST_HANDLER", "express-rate-limit instance should *usually* be created at app initialization, not when responding to a request.");
+      const transformedAttachments = attachmentsToApiUrls(metadata?.attachments ?? raw_message?.attachments);
+      if (serverInstance.socketIO) {
+        serverInstance.socketIO.to(updated.channelId).emit("messageBroadcast", {
+          senderId: author_id || updated.authorId,
+          senderName: metadata?.agentName || "Agent",
+          text: updated.content,
+          roomId: updated.channelId,
+          serverId: server_id,
+          createdAt: new Date(updated.createdAt).getTime(),
+          source: updated.sourceType,
+          id: updated.id,
+          thought: raw_message?.thought,
+          actions: raw_message?.actions,
+          attachments: transformedAttachments,
+          updatedAt: new Date(updated.updatedAt).getTime(),
+          rawMessage: raw_message
+        });
       }
-      throw new ValidationError("ERR_ERL_CREATED_IN_REQUEST_HANDLER", "express-rate-limit instance should be created at app initialization, not when responding to a request.");
-    }
-  },
-  ipv6Subnet(ipv6Subnet) {
-    if (ipv6Subnet === false) {
-      return;
-    }
-    if (!Number.isInteger(ipv6Subnet) || ipv6Subnet < 32 || ipv6Subnet > 64) {
-      throw new ValidationError("ERR_ERL_IPV6_SUBNET", `Unexpected ipv6Subnet value: ${ipv6Subnet}. Expected an integer between 32 and 64 (usually 48-64).`);
-    }
-  },
-  ipv6SubnetOrKeyGenerator(options) {
-    if (options.ipv6Subnet !== undefined && options.keyGenerator) {
-      throw new ValidationError("ERR_ERL_IPV6SUBNET_OR_KEYGENERATOR", `Incompatible options: the 'ipv6Subnet' option is ignored when a custom 'keyGenerator' function is also set.`);
-    }
-  },
-  keyGeneratorIpFallback(keyGenerator) {
-    if (!keyGenerator) {
-      return;
-    }
-    const src = keyGenerator.toString();
-    if ((src.includes("req.ip") || src.includes("request.ip")) && !src.includes("ipKeyGenerator")) {
-      throw new ValidationError("ERR_ERL_KEY_GEN_IPV6", "Custom keyGenerator appears to use request IP without calling the ipKeyGenerator helper function for IPv6 addresses. This could allow IPv6 users to bypass limits.");
+      return res.status(200).json({ success: true, data: updated });
+    } catch (error) {
+      logger8.error("[PATCH /action/:id] Error updating action:", error instanceof Error ? error.message : String(error));
+      return res.status(500).json({ success: false, error: "Failed to update action" });
     }
-  },
-  windowMs(windowMs) {
-    const SET_TIMEOUT_MAX = 2 ** 31 - 1;
-    if (typeof windowMs !== "number" || Number.isNaN(windowMs) || windowMs < 1 || windowMs > SET_TIMEOUT_MAX) {
-      throw new ValidationError("ERR_ERL_WINDOW_MS", `Invalid windowMs value: ${windowMs}${typeof windowMs !== "number" ? ` (${typeof windowMs})` : ""}, must be a number between 1 and ${SET_TIMEOUT_MAX} when using the default MemoryStore`);
+  });
+  router.post("/ingest-external", async (req, res) => {
+    const messagePayload = req.body;
+    if (!messagePayload.channel_id || !messagePayload.server_id || !messagePayload.author_id || !messagePayload.content) {
+      return res.status(400).json({ success: false, error: "Invalid external message payload" });
     }
-  }
-};
-var getValidations = (_enabled) => {
-  let enabled;
-  if (typeof _enabled === "boolean") {
-    enabled = {
-      default: _enabled
-    };
-  } else {
-    enabled = {
-      default: true,
-      ..._enabled
-    };
-  }
-  const wrappedValidations = { enabled };
-  for (const [name, validation] of Object.entries(validations)) {
-    if (typeof validation === "function")
-      wrappedValidations[name] = (...args) => {
-        if (!(enabled[name] ?? enabled.default)) {
-          return;
-        }
-        try {
-          validation.apply(wrappedValidations, args);
-        } catch (error) {
-          if (error instanceof ChangeWarning)
-            console.warn(error);
-          else
-            console.error(error);
-        }
+    try {
+      const messageToCreate = {
+        channelId: messagePayload.channel_id,
+        authorId: messagePayload.author_id,
+        content: messagePayload.content,
+        rawMessage: messagePayload.raw_message,
+        sourceId: messagePayload.source_id,
+        sourceType: messagePayload.source_type,
+        inReplyToRootMessageId: messagePayload.in_reply_to_message_id ? validateUuid9(messagePayload.in_reply_to_message_id) || undefined : undefined,
+        metadata: messagePayload.metadata
       };
-  }
-  return wrappedValidations;
-};
-var isLegacyStore = (store) => typeof store.incr === "function" && typeof store.increment !== "function";
-var promisifyStore = (passedStore) => {
-  if (!isLegacyStore(passedStore)) {
-    return passedStore;
-  }
-  const legacyStore = passedStore;
-
-  class PromisifiedStore {
-    async increment(key) {
-      return new Promise((resolve, reject) => {
-        legacyStore.incr(key, (error, totalHits, resetTime) => {
-          if (error)
-            reject(error);
-          resolve({ totalHits, resetTime });
+      const createdRootMessage = await serverInstance.createMessage(messageToCreate);
+      const messageForBus = {
+        id: createdRootMessage.id,
+        channel_id: createdRootMessage.channelId,
+        server_id: messagePayload.server_id,
+        author_id: createdRootMessage.authorId,
+        author_display_name: messagePayload.author_display_name,
+        content: createdRootMessage.content,
+        raw_message: createdRootMessage.rawMessage,
+        source_id: createdRootMessage.sourceId,
+        source_type: createdRootMessage.sourceType,
+        in_reply_to_message_id: createdRootMessage.inReplyToRootMessageId,
+        created_at: new Date(createdRootMessage.createdAt).getTime(),
+        metadata: createdRootMessage.metadata
+      };
+      bus_default.emit("new_message", messageForBus);
+      logger8.info("[Messages Router /ingest-external] Published to internal message bus:", createdRootMessage.id);
+      if (serverInstance.socketIO) {
+        serverInstance.socketIO.to(messageForBus.channel_id).emit("messageBroadcast", {
+          senderId: messageForBus.author_id,
+          senderName: messageForBus.author_display_name || "User",
+          text: messageForBus.content,
+          roomId: messageForBus.channel_id,
+          serverId: messageForBus.server_id,
+          createdAt: messageForBus.created_at,
+          source: messageForBus.source_type,
+          id: messageForBus.id
         });
+      }
+      res.status(202).json({
+        success: true,
+        message: "Message ingested and published to bus",
+        data: { messageId: createdRootMessage.id }
       });
+    } catch (error) {
+      logger8.error("[Messages Router /ingest-external] Error ingesting external message:", error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to ingest message" });
     }
-    async decrement(key) {
-      return legacyStore.decrement(key);
-    }
-    async resetKey(key) {
-      return legacyStore.resetKey(key);
-    }
-    async resetAll() {
-      if (typeof legacyStore.resetAll === "function")
-        return legacyStore.resetAll();
-    }
-  }
-  return new PromisifiedStore;
-};
-var getOptionsFromConfig = (config) => {
-  const { validations: validations2, ...directlyPassableEntries } = config;
-  return {
-    ...directlyPassableEntries,
-    validate: validations2.enabled
-  };
-};
-var parseOptions = (passedOptions) => {
-  const notUndefinedOptions = omitUndefinedProperties(passedOptions);
-  const validations2 = getValidations(notUndefinedOptions?.validate ?? true);
-  validations2.validationsConfig();
-  validations2.draftPolliHeaders(notUndefinedOptions.draft_polli_ratelimit_headers);
-  validations2.onLimitReached(notUndefinedOptions.onLimitReached);
-  if (notUndefinedOptions.ipv6Subnet !== undefined && typeof notUndefinedOptions.ipv6Subnet !== "function") {
-    validations2.ipv6Subnet(notUndefinedOptions.ipv6Subnet);
-  }
-  validations2.keyGeneratorIpFallback(notUndefinedOptions.keyGenerator);
-  validations2.ipv6SubnetOrKeyGenerator(notUndefinedOptions);
-  let standardHeaders = notUndefinedOptions.standardHeaders ?? false;
-  if (standardHeaders === true)
-    standardHeaders = "draft-6";
-  const config = {
-    windowMs: 60 * 1000,
-    limit: passedOptions.max ?? 5,
-    message: "Too many requests, please try again later.",
-    statusCode: 429,
-    legacyHeaders: passedOptions.headers ?? true,
-    identifier(request, _response) {
-      let duration = "";
-      const property = config.requestPropertyName;
-      const { limit } = request[property];
-      const seconds = config.windowMs / 1000;
-      const minutes = config.windowMs / (1000 * 60);
-      const hours = config.windowMs / (1000 * 60 * 60);
-      const days = config.windowMs / (1000 * 60 * 60 * 24);
-      if (seconds < 60)
-        duration = `${seconds}sec`;
-      else if (minutes < 60)
-        duration = `${minutes}min`;
-      else if (hours < 24)
-        duration = `${hours}hr${hours > 1 ? "s" : ""}`;
-      else
-        duration = `${days}day${days > 1 ? "s" : ""}`;
-      return `${limit}-in-${duration}`;
-    },
-    requestPropertyName: "rateLimit",
-    skipFailedRequests: false,
-    skipSuccessfulRequests: false,
-    requestWasSuccessful: (_request, response) => response.statusCode < 400,
-    skip: (_request, _response) => false,
-    async keyGenerator(request, response) {
-      validations2.ip(request.ip);
-      validations2.trustProxy(request);
-      validations2.xForwardedForHeader(request);
-      validations2.forwardedHeader(request);
-      const ip = request.ip;
-      let subnet = 56;
-      if (isIPv62(ip)) {
-        subnet = typeof config.ipv6Subnet === "function" ? await config.ipv6Subnet(request, response) : config.ipv6Subnet;
-        if (typeof config.ipv6Subnet === "function")
-          validations2.ipv6Subnet(subnet);
-      }
-      return ipKeyGenerator(ip, subnet);
-    },
-    ipv6Subnet: 56,
-    async handler(request, response, _next, _optionsUsed) {
-      response.status(config.statusCode);
-      const message = typeof config.message === "function" ? await config.message(request, response) : config.message;
-      if (!response.writableEnded)
-        response.send(message);
-    },
-    passOnStoreError: false,
-    ...notUndefinedOptions,
-    standardHeaders,
-    store: promisifyStore(notUndefinedOptions.store ?? new MemoryStore(validations2)),
-    validations: validations2
-  };
-  if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || config.store.resetAll !== undefined && typeof config.store.resetAll !== "function" || config.store.init !== undefined && typeof config.store.init !== "function") {
-    throw new TypeError("An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface.");
-  }
-  return config;
-};
-var handleAsyncErrors = (fn) => async (request, response, next) => {
-  try {
-    await Promise.resolve(fn(request, response, next)).catch(next);
-  } catch (error) {
-    next(error);
-  }
-};
-var rateLimit = (passedOptions) => {
-  const config = parseOptions(passedOptions ?? {});
-  const options = getOptionsFromConfig(config);
-  config.validations.creationStack(config.store);
-  config.validations.unsharedStore(config.store);
-  if (typeof config.store.init === "function")
-    config.store.init(options);
-  const middleware = handleAsyncErrors(async (request, response, next) => {
-    const skip = await config.skip(request, response);
-    if (skip) {
-      next();
-      return;
+  });
+  return router;
+}
+
+// src/api/messaging/servers.ts
+import { logger as logger9, validateUuid as validateUuid10 } from "@elizaos/core";
+import express11 from "express";
+function createServersRouter(serverInstance) {
+  const router = express11.Router();
+  router.get("/central-servers", async (_req, res) => {
+    try {
+      const servers = await serverInstance.getServers();
+      res.json({ success: true, data: { servers } });
+    } catch (error) {
+      logger9.error("[Messages Router /central-servers] Error fetching servers:", error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to fetch servers" });
+    }
+  });
+  router.post("/servers", async (req, res) => {
+    const { name, sourceType, sourceId, metadata } = req.body;
+    if (!name || !sourceType) {
+      return res.status(400).json({
+        success: false,
+        error: "Missing required fields: name, sourceType"
+      });
     }
-    const augmentedRequest = request;
-    const key = await config.keyGenerator(request, response);
-    let totalHits = 0;
-    let resetTime;
     try {
-      const incrementResult = await config.store.increment(key);
-      totalHits = incrementResult.totalHits;
-      resetTime = incrementResult.resetTime;
+      const server = await serverInstance.createServer({
+        name,
+        sourceType,
+        sourceId,
+        metadata
+      });
+      res.status(201).json({ success: true, data: { server } });
     } catch (error) {
-      if (config.passOnStoreError) {
-        console.error("express-rate-limit: error from store, allowing request without rate-limiting.", error);
-        next();
-        return;
-      }
-      throw error;
+      logger9.error("[Messages Router /servers] Error creating server:", error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to create server" });
     }
-    config.validations.positiveHits(totalHits);
-    config.validations.singleCount(request, config.store, key);
-    const retrieveLimit = typeof config.limit === "function" ? config.limit(request, response) : config.limit;
-    const limit = await retrieveLimit;
-    config.validations.limit(limit);
-    const info = {
-      limit,
-      used: totalHits,
-      remaining: Math.max(limit - totalHits, 0),
-      resetTime,
-      key
-    };
-    Object.defineProperty(info, "current", {
-      configurable: false,
-      enumerable: false,
-      value: totalHits
-    });
-    augmentedRequest[config.requestPropertyName] = info;
-    if (config.legacyHeaders && !response.headersSent) {
-      setLegacyHeaders(response, info);
+  });
+  router.post("/servers/:serverId/agents", async (req, res) => {
+    const serverId = validateUuid10(req.params.serverId);
+    const { agentId } = req.body;
+    if (!serverId || !validateUuid10(agentId)) {
+      return res.status(400).json({
+        success: false,
+        error: "Invalid serverId or agentId format"
+      });
     }
-    if (config.standardHeaders && !response.headersSent) {
-      switch (config.standardHeaders) {
-        case "draft-6": {
-          setDraft6Headers(response, info, config.windowMs);
-          break;
+    if (serverId !== serverInstance.serverId) {
+      return res.status(403).json({
+        success: false,
+        error: "Cannot modify agents for a different server"
+      });
+    }
+    try {
+      await serverInstance.addAgentToServer(serverId, agentId);
+      const messageForBus = {
+        type: "agent_added_to_server",
+        serverId,
+        agentId
+      };
+      bus_default.emit("server_agent_update", messageForBus);
+      res.status(201).json({
+        success: true,
+        data: {
+          serverId,
+          agentId,
+          message: "Agent added to server successfully"
         }
-        case "draft-7": {
-          config.validations.headersResetTime(info.resetTime);
-          setDraft7Headers(response, info, config.windowMs);
-          break;
+      });
+    } catch (error) {
+      logger9.error(`[MessagesRouter] Error adding agent ${agentId} to server ${serverId}:`, error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to add agent to server" });
+    }
+  });
+  router.delete("/servers/:serverId/agents/:agentId", async (req, res) => {
+    const serverId = validateUuid10(req.params.serverId);
+    const agentId = validateUuid10(req.params.agentId);
+    if (!serverId || !agentId) {
+      return res.status(400).json({
+        success: false,
+        error: "Invalid serverId or agentId format"
+      });
+    }
+    if (serverId !== serverInstance.serverId) {
+      return res.status(403).json({
+        success: false,
+        error: "Cannot modify agents for a different server"
+      });
+    }
+    try {
+      await serverInstance.removeAgentFromServer(serverId, agentId);
+      const messageForBus = {
+        type: "agent_removed_from_server",
+        serverId,
+        agentId
+      };
+      bus_default.emit("server_agent_update", messageForBus);
+      res.status(200).json({
+        success: true,
+        data: {
+          serverId,
+          agentId,
+          message: "Agent removed from server successfully"
         }
-        case "draft-8": {
-          const retrieveName = typeof config.identifier === "function" ? config.identifier(request, response) : config.identifier;
-          const name = await retrieveName;
-          config.validations.headersResetTime(info.resetTime);
-          setDraft8Headers(response, info, config.windowMs, name, key);
-          break;
+      });
+    } catch (error) {
+      logger9.error(`[MessagesRouter] Error removing agent ${agentId} from server ${serverId}:`, error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to remove agent from server" });
+    }
+  });
+  router.get("/servers/:serverId/agents", async (req, res) => {
+    const serverId = validateUuid10(req.params.serverId);
+    if (!serverId) {
+      return res.status(400).json({
+        success: false,
+        error: "Invalid serverId format"
+      });
+    }
+    if (serverId !== serverInstance.serverId) {
+      return res.status(403).json({
+        success: false,
+        error: "Cannot access agents for a different server"
+      });
+    }
+    try {
+      const agents = await serverInstance.getAgentsForServer(serverId);
+      res.json({
+        success: true,
+        data: {
+          serverId,
+          agents
         }
-        default: {
-          config.validations.headersDraftVersion(config.standardHeaders);
-          break;
+      });
+    } catch (error) {
+      logger9.error(`[MessagesRouter] Error fetching agents for server ${serverId}:`, error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to fetch server agents" });
+    }
+  });
+  router.get("/agents/:agentId/servers", async (req, res) => {
+    const agentId = validateUuid10(req.params.agentId);
+    if (!agentId) {
+      return res.status(400).json({
+        success: false,
+        error: "Invalid agentId format"
+      });
+    }
+    try {
+      const servers = await serverInstance.getServersForAgent(agentId);
+      res.json({
+        success: true,
+        data: {
+          agentId,
+          servers
         }
-      }
+      });
+    } catch (error) {
+      logger9.error(`[MessagesRouter] Error fetching servers for agent ${agentId}:`, error instanceof Error ? error.message : String(error));
+      res.status(500).json({ success: false, error: "Failed to fetch agent servers" });
     }
-    if (config.skipFailedRequests || config.skipSuccessfulRequests) {
-      let decremented = false;
-      const decrementKey = async () => {
-        if (!decremented) {
-          await config.store.decrement(key);
-          decremented = true;
+  });
+  return router;
+}
+
+// src/api/messaging/channels.ts
+import {
+  composePromptFromState,
+  ModelType,
+  ChannelType as ChannelType2,
+  logger as logger15,
+  validateUuid as validateUuid13,
+  getUploadsChannelsDir as getUploadsChannelsDir2
+} from "@elizaos/core";
+import express12 from "express";
+
+// src/middleware/auth.ts
+import { logger as logger10 } from "@elizaos/core";
+function apiKeyAuthMiddleware(req, res, next) {
+  const serverAuthToken = process.env.ELIZA_SERVER_AUTH_TOKEN;
+  if (!serverAuthToken) {
+    return next();
+  }
+  if (req.method === "OPTIONS") {
+    return next();
+  }
+  const apiKey = req.headers?.["x-api-key"];
+  if (!apiKey || apiKey !== serverAuthToken) {
+    logger10.warn(`Unauthorized access attempt: Missing or invalid X-API-KEY from ${req.ip}`);
+    return res.status(401).send("Unauthorized: Invalid or missing X-API-KEY");
+  }
+  next();
+}
+// src/middleware/security.ts
+import { logger as logger11 } from "@elizaos/core";
+var securityMiddleware = () => {
+  return (req, res, next) => {
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("X-Frame-Options", "SAMEORIGIN");
+    res.setHeader("X-XSS-Protection", "1; mode=block");
+    res.setHeader("Referrer-Policy", "no-referrer");
+    res.removeHeader("X-Powered-By");
+    res.removeHeader("Server");
+    const userAgent = req.get("User-Agent");
+    const forwarded = req.get("X-Forwarded-For");
+    const realIp = req.get("X-Real-IP");
+    const clientIp = forwarded || realIp || req.ip;
+    if (userAgent && (userAgent.includes("..") || userAgent.includes("<script"))) {
+      logger11.warn(`[SECURITY] Suspicious User-Agent from ${clientIp}: ${userAgent}`);
+    }
+    const url = req.originalUrl || req.url;
+    const queryString = JSON.stringify(req.query);
+    const suspiciousIndicators = [
+      { pattern: "..", name: "Path traversal" },
+      { pattern: "<script", name: "XSS attempt" },
+      { pattern: "javascript:", name: "JavaScript injection" }
+    ];
+    const sqlKeywords = ["union", "select", "drop", "delete", "insert", "update"];
+    let hasSqlPattern = false;
+    const lowerUrl = url.toLowerCase();
+    const lowerQuery = queryString.toLowerCase();
+    for (let i = 0;i < sqlKeywords.length - 1; i++) {
+      const keyword1 = sqlKeywords[i];
+      for (let j = i + 1;j < sqlKeywords.length; j++) {
+        const keyword2 = sqlKeywords[j];
+        if (lowerUrl.includes(keyword1) && lowerUrl.includes(keyword2) || lowerQuery.includes(keyword1) && lowerQuery.includes(keyword2)) {
+          hasSqlPattern = true;
+          break;
         }
-      };
-      if (config.skipFailedRequests) {
-        response.on("finish", async () => {
-          if (!await config.requestWasSuccessful(request, response))
-            await decrementKey();
-        });
-        response.on("close", async () => {
-          if (!response.writableEnded)
-            await decrementKey();
-        });
-        response.on("error", async () => {
-          await decrementKey();
-        });
-      }
-      if (config.skipSuccessfulRequests) {
-        response.on("finish", async () => {
-          if (await config.requestWasSuccessful(request, response))
-            await decrementKey();
-        });
       }
+      if (hasSqlPattern)
+        break;
     }
-    config.validations.disable();
-    if (totalHits > limit) {
-      if (config.legacyHeaders || config.standardHeaders) {
-        setRetryAfterHeader(response, info, config.windowMs);
+    for (const indicator of suspiciousIndicators) {
+      if (url.includes(indicator.pattern) || queryString.includes(indicator.pattern)) {
+        logger11.warn(`[SECURITY] ${indicator.name} detected from ${clientIp}: ${url}`);
+        break;
       }
-      config.handler(request, response, next, options);
-      return;
+    }
+    if (hasSqlPattern) {
+      logger11.warn(`[SECURITY] SQL injection pattern detected from ${clientIp}: ${url}`);
     }
     next();
-  });
-  const getThrowFn = () => {
-    throw new Error("The current store does not support the get/getKey method");
   };
-  middleware.resetKey = config.store.resetKey.bind(config.store);
-  middleware.getKey = typeof config.store.get === "function" ? config.store.get.bind(config.store) : getThrowFn;
-  return middleware;
 };
-var rate_limit_default = rateLimit;
-
 // src/middleware/rate-limit.ts
 import { logger as logger13 } from "@elizaos/core";
 
@@ -27603,7 +27619,6 @@ var ALLOWED_MEDIA_MIME_TYPES = [
 import multer from "multer";
 import fs from "fs";
 import path2 from "path";
-var DEFAULT_SERVER_ID3 = "00000000-0000-0000-0000-000000000000";
 var channelStorage = multer.memoryStorage();
 var channelUploadMiddleware = multer({
   storage: channelStorage,
@@ -27647,13 +27662,19 @@ function createChannelsRouter(elizaOS, serverInstance) {
       metadata,
       source_type
     } = req.body;
-    const isValidServerId = server_id === DEFAULT_SERVER_ID3 || validateUuid13(server_id);
-    if (!channelIdParam || !validateUuid13(author_id) || !content || !isValidServerId) {
+    const isValidServerId = server_id === serverInstance.serverId;
+    if (!channelIdParam || !validateUuid13(author_id) || !content || !validateUuid13(server_id)) {
       return res.status(400).json({
         success: false,
         error: "Missing required fields: channelId, server_id, author_id, content"
       });
     }
+    if (!isValidServerId) {
+      return res.status(403).json({
+        success: false,
+        error: "Forbidden: server_id does not match current server"
+      });
+    }
     try {
       logger15.info(`[Messages Router] Checking if channel ${channelIdParam} exists before creating message`);
       let channelExists = false;
@@ -27799,7 +27820,7 @@ function createChannelsRouter(elizaOS, serverInstance) {
     }
   });
   router.get("/central-servers/:serverId/channels", async (req, res) => {
-    const serverId = req.params.serverId === DEFAULT_SERVER_ID3 ? DEFAULT_SERVER_ID3 : validateUuid13(req.params.serverId);
+    const serverId = validateUuid13(req.params.serverId);
     if (!serverId) {
       return res.status(400).json({ success: false, error: "Invalid serverId" });
     }
@@ -27858,7 +27879,7 @@ function createChannelsRouter(elizaOS, serverInstance) {
   router.get("/dm-channel", async (req, res) => {
     const targetUserId = validateUuid13(req.query.targetUserId);
     const currentUserId = validateUuid13(req.query.currentUserId);
-    const providedDmServerId = req.query.dmServerId === DEFAULT_SERVER_ID3 ? DEFAULT_SERVER_ID3 : validateUuid13(req.query.dmServerId);
+    const providedDmServerId = validateUuid13(req.query.dmServerId);
     if (!targetUserId || !currentUserId) {
       res.status(400).json({ success: false, error: "Missing targetUserId or currentUserId" });
       return;
@@ -27867,15 +27888,15 @@ function createChannelsRouter(elizaOS, serverInstance) {
       res.status(400).json({ success: false, error: "Cannot create DM channel with oneself" });
       return;
     }
-    let dmServerIdToUse = DEFAULT_SERVER_ID3;
+    let dmServerIdToUse = serverInstance.serverId;
     try {
       if (providedDmServerId) {
         const existingServer = await serverInstance.getServerById(providedDmServerId);
         if (existingServer) {
           dmServerIdToUse = providedDmServerId;
         } else {
-          logger15.warn(`Provided dmServerId ${providedDmServerId} not found, using default DM server logic.`);
-          dmServerIdToUse = DEFAULT_SERVER_ID3;
+          logger15.warn(`Provided dmServerId ${providedDmServerId} not found, using current server ID.`);
+          dmServerIdToUse = serverInstance.serverId;
         }
       }
       const channel = await serverInstance.findOrCreateCentralDmChannel(currentUserId, targetUserId, dmServerIdToUse);
@@ -27898,13 +27919,25 @@ function createChannelsRouter(elizaOS, serverInstance) {
       server_id,
       metadata
     } = req.body;
-    const isValidServerId = server_id === DEFAULT_SERVER_ID3 || validateUuid13(server_id);
-    if (!name || !isValidServerId || !Array.isArray(participantCentralUserIds) || participantCentralUserIds.some((id) => !validateUuid13(id))) {
+    if (!validateUuid13(server_id)) {
+      return res.status(400).json({
+        success: false,
+        error: "Invalid server_id format"
+      });
+    }
+    const isValidServerId = server_id === serverInstance.serverId;
+    if (!name || !Array.isArray(participantCentralUserIds) || participantCentralUserIds.some((id) => !validateUuid13(id))) {
       return res.status(400).json({
         success: false,
         error: 'Invalid payload. Required: name, server_id (UUID or "0"), participantCentralUserIds (array of UUIDs). Optional: type, metadata.'
       });
     }
+    if (!isValidServerId) {
+      return res.status(403).json({
+        success: false,
+        error: "Forbidden: server_id does not match current server"
+      });
+    }
     try {
       const channelData = {
         messageServerId: server_id,
@@ -28542,7 +28575,6 @@ var DEFAULT_MAX_DURATION_MINUTES = safeParseInt(process.env.SESSION_MAX_DURATION
 var DEFAULT_WARNING_THRESHOLD_MINUTES = safeParseInt(process.env.SESSION_WARNING_THRESHOLD_MINUTES, 5, 1, 60);
 var CLEANUP_INTERVAL_MS = safeParseInt(process.env.SESSION_CLEANUP_INTERVAL_MINUTES, 5, 1, 60) * 60 * 1000;
 var sessions = new Map;
-var DEFAULT_SERVER_ID4 = "00000000-0000-0000-0000-000000000000";
 var agentTimeoutConfigs = new Map;
 var activeCleanupIntervals = new Set;
 var processHandlersRegistered = false;
@@ -28778,7 +28810,7 @@ function createSessionsRouter(elizaOS, serverInstance) {
         id: channelId,
         name: `session-${sessionId}`,
         type: ChannelType3.DM,
-        messageServerId: DEFAULT_SERVER_ID4,
+        messageServerId: serverInstance.serverId,
         metadata: {
           sessionId,
           agentId: body.agentId,
@@ -29208,7 +29240,7 @@ var JobValidation = {
 };
 
 // src/api/messaging/jobs.ts
-var DEFAULT_SERVER_ID5 = "00000000-0000-0000-0000-000000000000";
+var DEFAULT_SERVER_ID = "00000000-0000-0000-0000-000000000000";
 var JOB_CLEANUP_INTERVAL_MS = 60000;
 var ABSOLUTE_MAX_LISTENER_TIMEOUT_MS = 5 * 60 * 1000;
 var MAX_JOBS_IN_MEMORY = 1e4;
@@ -29411,7 +29443,7 @@ function createJobsRouter(elizaOS, serverInstance) {
           id: channelId,
           name: `job-${jobId}`,
           type: ChannelType4.DM,
-          messageServerId: DEFAULT_SERVER_ID5,
+          messageServerId: DEFAULT_SERVER_ID,
           metadata: {
             jobId,
             agentId,
@@ -29448,7 +29480,7 @@ function createJobsRouter(elizaOS, serverInstance) {
         bus_default.emit("new_message", {
           id: userMessage.id,
           channel_id: channelId,
-          server_id: DEFAULT_SERVER_ID5,
+          server_id: DEFAULT_SERVER_ID,
           author_id: userId,
           content: body.content,
           created_at: new Date(userMessage.createdAt).getTime(),
@@ -30624,7 +30656,7 @@ import express31 from "express";
 // package.json
 var package_default = {
   name: "@elizaos/server",
-  version: "1.6.4-alpha.15",
+  version: "1.6.4-alpha.17",
   description: "ElizaOS Server - Core server infrastructure for ElizaOS agents",
   publishConfig: {
     access: "public",
@@ -30744,8 +30776,6 @@ import {
   ChannelType as ChannelType7,
   EventType
 } from "@elizaos/core";
-var DEFAULT_SERVER_ID6 = "00000000-0000-0000-0000-000000000000";
-
 class SocketIORouter {
   elizaOS;
   connections;
@@ -30844,8 +30874,8 @@ class SocketIORouter {
     }
     socket.join(channelId);
     logger29.info(`[SocketIO] Socket ${socket.id} joined Socket.IO channel: ${channelId}`);
-    if (entityId && (serverId || DEFAULT_SERVER_ID6)) {
-      const finalServerId = serverId || DEFAULT_SERVER_ID6;
+    if (entityId && (serverId || this.serverInstance.serverId)) {
+      const finalServerId = serverId || this.serverInstance.serverId;
       const isDm = metadata?.isDm || metadata?.channelType === ChannelType7.DM;
       logger29.info(`[SocketIO] Emitting ENTITY_JOINED event for entityId: ${entityId}, serverId: ${finalServerId}, isDm: ${isDm}`);
       const runtime = this.elizaOS.getAgents()[0];
@@ -30867,7 +30897,7 @@ class SocketIORouter {
         logger29.warn(`[SocketIO] No runtime available to emit ENTITY_JOINED event`);
       }
     } else {
-      logger29.debug(`[SocketIO] Missing entityId (${entityId}) or serverId (${serverId || DEFAULT_SERVER_ID6}) - not emitting ENTITY_JOINED event`);
+      logger29.debug(`[SocketIO] Missing entityId (${entityId}) or serverId (${serverId || this.serverInstance.serverId}) - not emitting ENTITY_JOINED event`);
     }
     const successMessage = `Socket ${socket.id} successfully joined channel ${channelId}.`;
     const responsePayload = {
@@ -30885,7 +30915,7 @@ class SocketIORouter {
     const { senderId, senderName, message, serverId, source, metadata, attachments } = payload;
     logger29.info(`[SocketIO ${socket.id}] Received SEND_MESSAGE for central submission: channel ${channelId} from ${senderName || senderId}`);
     logger29.info(`[SocketIO ${socket.id}] Full payload for debugging:`, JSON.stringify(payload, null, 2));
-    const isValidServerId = serverId === DEFAULT_SERVER_ID6 || validateUuid23(serverId);
+    const isValidServerId = serverId === this.serverInstance.serverId || validateUuid23(serverId);
     if (!validateUuid23(channelId) || !isValidServerId || !validateUuid23(senderId) || !message) {
       this.sendErrorResponse(socket, `For SEND_MESSAGE: channelId, serverId (server_id), senderId (author_id), and message are required.`);
       return;
@@ -31313,16 +31343,27 @@ import {
   validateUuid as validateUuid25
 } from "@elizaos/core";
 var globalElizaOS = null;
+var globalAgentServer = null;
 function setGlobalElizaOS(elizaOS) {
   globalElizaOS = elizaOS;
   logger31.info("[MessageBusService] Global ElizaOS instance set");
 }
+function setGlobalAgentServer(agentServer) {
+  globalAgentServer = agentServer;
+  logger31.info("[MessageBusService] Global AgentServer instance set");
+}
 function getGlobalElizaOS() {
   if (!globalElizaOS) {
     throw new Error("ElizaOS not initialized. Call setGlobalElizaOS() before using MessageBusService.");
   }
   return globalElizaOS;
 }
+function getGlobalAgentServer() {
+  if (!globalAgentServer) {
+    throw new Error("AgentServer not initialized. Call setGlobalAgentServer() before using MessageBusService.");
+  }
+  return globalAgentServer;
+}
 
 class MessageBusService extends Service {
   static serviceType = "message-bus-service";
@@ -31332,8 +31373,10 @@ class MessageBusService extends Service {
   boundHandleMessageDeleted;
   boundHandleChannelCleared;
   subscribedServers = new Set;
+  serverInstance;
   constructor(runtime) {
     super(runtime);
+    this.serverInstance = getGlobalAgentServer();
     this.boundHandleIncomingMessage = (data) => {
       this.handleIncomingMessage(data).catch((error) => {
         logger31.error(`[${this.runtime.character.name}] Error handling incoming message:`, error instanceof Error ? error.message : String(error));
@@ -31366,9 +31409,8 @@ class MessageBusService extends Service {
     try {
       const serverApiUrl = this.getCentralMessageServerUrl();
       this.validChannelIds.clear();
-      const DEFAULT_SERVER_ID7 = "00000000-0000-0000-0000-000000000000";
       const serversToCheck = new Set(this.subscribedServers);
-      serversToCheck.add(DEFAULT_SERVER_ID7);
+      serversToCheck.add(this.serverInstance.serverId);
       for (const serverId of serversToCheck) {
         try {
           const channelsUrl = new URL(`/api/messaging/central-servers/${encodeURIComponent(serverId)}/channels`, serverApiUrl);
@@ -31444,20 +31486,17 @@ class MessageBusService extends Service {
         const data = await response.json();
         if (data.success && data.data?.servers) {
           this.subscribedServers = new Set(data.data.servers);
-          const DEFAULT_SERVER_ID7 = "00000000-0000-0000-0000-000000000000";
-          this.subscribedServers.add(DEFAULT_SERVER_ID7);
-          logger31.info(`[${this.runtime.character.name}] MessageBusService: Agent is subscribed to ${this.subscribedServers.size} servers (including default server)`);
+          this.subscribedServers.add(this.serverInstance.serverId);
+          logger31.info(`[${this.runtime.character.name}] MessageBusService: Agent is subscribed to ${this.subscribedServers.size} servers (including server ${this.serverInstance.serverId})`);
         }
       } else {
-        const DEFAULT_SERVER_ID7 = "00000000-0000-0000-0000-000000000000";
-        this.subscribedServers.add(DEFAULT_SERVER_ID7);
-        logger31.warn(`[${this.runtime.character.name}] MessageBusService: Failed to fetch agent servers, but added default server`);
+        this.subscribedServers.add(this.serverInstance.serverId);
+        logger31.warn(`[${this.runtime.character.name}] MessageBusService: Failed to fetch agent servers, but added server ${this.serverInstance.serverId}`);
       }
     } catch (error) {
       logger31.error(`[${this.runtime.character.name}] MessageBusService: Error fetching agent servers:`, error instanceof Error ? error.message : String(error));
-      const DEFAULT_SERVER_ID7 = "00000000-0000-0000-0000-000000000000";
-      this.subscribedServers.add(DEFAULT_SERVER_ID7);
-      logger31.info(`[${this.runtime.character.name}] MessageBusService: Added default server after error`);
+      this.subscribedServers.add(this.serverInstance.serverId);
+      logger31.info(`[${this.runtime.character.name}] MessageBusService: Added server ${this.serverInstance.serverId} after error`);
     }
   }
   async handleServerAgentUpdate(data) {
@@ -48493,8 +48532,632 @@ function _init2(options = {}, getDefaultIntegrationsImpl) {
   return client;
 }
 // src/index.ts
-import sqlPlugin, { createDatabaseAdapter, DatabaseMigrationService } from "@elizaos/plugin-sql";
+import sqlPlugin, {
+  createDatabaseAdapter,
+  DatabaseMigrationService,
+  installRLSFunctions,
+  getOrCreateRlsOwner,
+  setOwnerContext,
+  assignAgentToOwner,
+  applyRLSToNewTables,
+  uninstallRLS
+} from "@elizaos/plugin-sql";
 import { encryptedCharacter, stringToUuid as stringToUuid2 } from "@elizaos/core";
+
+// ../../node_modules/drizzle-orm/entity.js
+var entityKind = Symbol.for("drizzle:entityKind");
+var hasOwnEntityKind = Symbol.for("drizzle:hasOwnEntityKind");
+function is(value, type) {
+  if (!value || typeof value !== "object") {
+    return false;
+  }
+  if (value instanceof type) {
+    return true;
+  }
+  if (!Object.prototype.hasOwnProperty.call(type, entityKind)) {
+    throw new Error(`Class "${type.name ?? "<unknown>"}" doesn't look like a Drizzle entity. If this is incorrect and the class is provided by Drizzle, please report this as a bug.`);
+  }
+  let cls = Object.getPrototypeOf(value).constructor;
+  if (cls) {
+    while (cls) {
+      if (entityKind in cls && cls[entityKind] === type[entityKind]) {
+        return true;
+      }
+      cls = Object.getPrototypeOf(cls);
+    }
+  }
+  return false;
+}
+
+// ../../node_modules/drizzle-orm/column.js
+class Column {
+  constructor(table, config3) {
+    this.table = table;
+    this.config = config3;
+    this.name = config3.name;
+    this.keyAsName = config3.keyAsName;
+    this.notNull = config3.notNull;
+    this.default = config3.default;
+    this.defaultFn = config3.defaultFn;
+    this.onUpdateFn = config3.onUpdateFn;
+    this.hasDefault = config3.hasDefault;
+    this.primary = config3.primaryKey;
+    this.isUnique = config3.isUnique;
+    this.uniqueName = config3.uniqueName;
+    this.uniqueType = config3.uniqueType;
+    this.dataType = config3.dataType;
+    this.columnType = config3.columnType;
+    this.generated = config3.generated;
+    this.generatedIdentity = config3.generatedIdentity;
+  }
+  static [entityKind] = "Column";
+  name;
+  keyAsName;
+  primary;
+  notNull;
+  default;
+  defaultFn;
+  onUpdateFn;
+  hasDefault;
+  isUnique;
+  uniqueName;
+  uniqueType;
+  dataType;
+  columnType;
+  enumValues = undefined;
+  generated = undefined;
+  generatedIdentity = undefined;
+  config;
+  mapFromDriverValue(value) {
+    return value;
+  }
+  mapToDriverValue(value) {
+    return value;
+  }
+  shouldDisableInsert() {
+    return this.config.generated !== undefined && this.config.generated.type !== "byDefault";
+  }
+}
+
+// ../../node_modules/drizzle-orm/table.utils.js
+var TableName = Symbol.for("drizzle:Name");
+
+// ../../node_modules/drizzle-orm/tracing-utils.js
+function iife(fn, ...args) {
+  return fn(...args);
+}
+
+// ../../node_modules/drizzle-orm/pg-core/unique-constraint.js
+function uniqueKeyName(table, columns) {
+  return `${table[TableName]}_${columns.join("_")}_unique`;
+}
+
+// ../../node_modules/drizzle-orm/pg-core/columns/common.js
+class PgColumn extends Column {
+  constructor(table, config3) {
+    if (!config3.uniqueName) {
+      config3.uniqueName = uniqueKeyName(table, [config3.name]);
+    }
+    super(table, config3);
+    this.table = table;
+  }
+  static [entityKind] = "PgColumn";
+}
+
+class ExtraConfigColumn extends PgColumn {
+  static [entityKind] = "ExtraConfigColumn";
+  getSQLType() {
+    return this.getSQLType();
+  }
+  indexConfig = {
+    order: this.config.order ?? "asc",
+    nulls: this.config.nulls ?? "last",
+    opClass: this.config.opClass
+  };
+  defaultConfig = {
+    order: "asc",
+    nulls: "last",
+    opClass: undefined
+  };
+  asc() {
+    this.indexConfig.order = "asc";
+    return this;
+  }
+  desc() {
+    this.indexConfig.order = "desc";
+    return this;
+  }
+  nullsFirst() {
+    this.indexConfig.nulls = "first";
+    return this;
+  }
+  nullsLast() {
+    this.indexConfig.nulls = "last";
+    return this;
+  }
+  op(opClass) {
+    this.indexConfig.opClass = opClass;
+    return this;
+  }
+}
+
+// ../../node_modules/drizzle-orm/pg-core/columns/enum.js
+class PgEnumObjectColumn extends PgColumn {
+  static [entityKind] = "PgEnumObjectColumn";
+  enum;
+  enumValues = this.config.enum.enumValues;
+  constructor(table, config3) {
+    super(table, config3);
+    this.enum = config3.enum;
+  }
+  getSQLType() {
+    return this.enum.enumName;
+  }
+}
+var isPgEnumSym = Symbol.for("drizzle:isPgEnum");
+function isPgEnum(obj) {
+  return !!obj && typeof obj === "function" && isPgEnumSym in obj && obj[isPgEnumSym] === true;
+}
+class PgEnumColumn extends PgColumn {
+  static [entityKind] = "PgEnumColumn";
+  enum = this.config.enum;
+  enumValues = this.config.enum.enumValues;
+  constructor(table, config3) {
+    super(table, config3);
+    this.enum = config3.enum;
+  }
+  getSQLType() {
+    return this.enum.enumName;
+  }
+}
+
+// ../../node_modules/drizzle-orm/subquery.js
+class Subquery {
+  static [entityKind] = "Subquery";
+  constructor(sql, fields, alias, isWith = false, usedTables = []) {
+    this._ = {
+      brand: "Subquery",
+      sql,
+      selectedFields: fields,
+      alias,
+      isWith,
+      usedTables
+    };
+  }
+}
+
+// ../../node_modules/drizzle-orm/version.js
+var version = "0.44.7";
+
+// ../../node_modules/drizzle-orm/tracing.js
+var otel;
+var rawTracer;
+var tracer = {
+  startActiveSpan(name, fn) {
+    if (!otel) {
+      return fn();
+    }
+    if (!rawTracer) {
+      rawTracer = otel.trace.getTracer("drizzle-orm", version);
+    }
+    return iife((otel2, rawTracer2) => rawTracer2.startActiveSpan(name, (span) => {
+      try {
+        return fn(span);
+      } catch (e) {
+        span.setStatus({
+          code: otel2.SpanStatusCode.ERROR,
+          message: e instanceof Error ? e.message : "Unknown error"
+        });
+        throw e;
+      } finally {
+        span.end();
+      }
+    }), otel, rawTracer);
+  }
+};
+
+// ../../node_modules/drizzle-orm/view-common.js
+var ViewBaseConfig = Symbol.for("drizzle:ViewBaseConfig");
+
+// ../../node_modules/drizzle-orm/table.js
+var Schema = Symbol.for("drizzle:Schema");
+var Columns = Symbol.for("drizzle:Columns");
+var ExtraConfigColumns = Symbol.for("drizzle:ExtraConfigColumns");
+var OriginalName = Symbol.for("drizzle:OriginalName");
+var BaseName = Symbol.for("drizzle:BaseName");
+var IsAlias = Symbol.for("drizzle:IsAlias");
+var ExtraConfigBuilder = Symbol.for("drizzle:ExtraConfigBuilder");
+var IsDrizzleTable = Symbol.for("drizzle:IsDrizzleTable");
+
+class Table {
+  static [entityKind] = "Table";
+  static Symbol = {
+    Name: TableName,
+    Schema,
+    OriginalName,
+    Columns,
+    ExtraConfigColumns,
+    BaseName,
+    IsAlias,
+    ExtraConfigBuilder
+  };
+  [TableName];
+  [OriginalName];
+  [Schema];
+  [Columns];
+  [ExtraConfigColumns];
+  [BaseName];
+  [IsAlias] = false;
+  [IsDrizzleTable] = true;
+  [ExtraConfigBuilder] = undefined;
+  constructor(name, schema, baseName) {
+    this[TableName] = this[OriginalName] = name;
+    this[Schema] = schema;
+    this[BaseName] = baseName;
+  }
+}
+
+// ../../node_modules/drizzle-orm/sql/sql.js
+function isSQLWrapper(value) {
+  return value !== null && value !== undefined && typeof value.getSQL === "function";
+}
+function mergeQueries(queries) {
+  const result = { sql: "", params: [] };
+  for (const query of queries) {
+    result.sql += query.sql;
+    result.params.push(...query.params);
+    if (query.typings?.length) {
+      if (!result.typings) {
+        result.typings = [];
+      }
+      result.typings.push(...query.typings);
+    }
+  }
+  return result;
+}
+
+class StringChunk {
+  static [entityKind] = "StringChunk";
+  value;
+  constructor(value) {
+    this.value = Array.isArray(value) ? value : [value];
+  }
+  getSQL() {
+    return new SQL([this]);
+  }
+}
+
+class SQL {
+  constructor(queryChunks) {
+    this.queryChunks = queryChunks;
+    for (const chunk of queryChunks) {
+      if (is(chunk, Table)) {
+        const schemaName = chunk[Table.Symbol.Schema];
+        this.usedTables.push(schemaName === undefined ? chunk[Table.Symbol.Name] : schemaName + "." + chunk[Table.Symbol.Name]);
+      }
+    }
+  }
+  static [entityKind] = "SQL";
+  decoder = noopDecoder;
+  shouldInlineParams = false;
+  usedTables = [];
+  append(query) {
+    this.queryChunks.push(...query.queryChunks);
+    return this;
+  }
+  toQuery(config3) {
+    return tracer.startActiveSpan("drizzle.buildSQL", (span) => {
+      const query = this.buildQueryFromSourceParams(this.queryChunks, config3);
+      span?.setAttributes({
+        "drizzle.query.text": query.sql,
+        "drizzle.query.params": JSON.stringify(query.params)
+      });
+      return query;
+    });
+  }
+  buildQueryFromSourceParams(chunks, _config) {
+    const config3 = Object.assign({}, _config, {
+      inlineParams: _config.inlineParams || this.shouldInlineParams,
+      paramStartIndex: _config.paramStartIndex || { value: 0 }
+    });
+    const {
+      casing,
+      escapeName,
+      escapeParam,
+      prepareTyping,
+      inlineParams,
+      paramStartIndex
+    } = config3;
+    return mergeQueries(chunks.map((chunk) => {
+      if (is(chunk, StringChunk)) {
+        return { sql: chunk.value.join(""), params: [] };
+      }
+      if (is(chunk, Name)) {
+        return { sql: escapeName(chunk.value), params: [] };
+      }
+      if (chunk === undefined) {
+        return { sql: "", params: [] };
+      }
+      if (Array.isArray(chunk)) {
+        const result = [new StringChunk("(")];
+        for (const [i, p] of chunk.entries()) {
+          result.push(p);
+          if (i < chunk.length - 1) {
+            result.push(new StringChunk(", "));
+          }
+        }
+        result.push(new StringChunk(")"));
+        return this.buildQueryFromSourceParams(result, config3);
+      }
+      if (is(chunk, SQL)) {
+        return this.buildQueryFromSourceParams(chunk.queryChunks, {
+          ...config3,
+          inlineParams: inlineParams || chunk.shouldInlineParams
+        });
+      }
+      if (is(chunk, Table)) {
+        const schemaName = chunk[Table.Symbol.Schema];
+        const tableName = chunk[Table.Symbol.Name];
+        return {
+          sql: schemaName === undefined || chunk[IsAlias] ? escapeName(tableName) : escapeName(schemaName) + "." + escapeName(tableName),
+          params: []
+        };
+      }
+      if (is(chunk, Column)) {
+        const columnName = casing.getColumnCasing(chunk);
+        if (_config.invokeSource === "indexes") {
+          return { sql: escapeName(columnName), params: [] };
+        }
+        const schemaName = chunk.table[Table.Symbol.Schema];
+        return {
+          sql: chunk.table[IsAlias] || schemaName === undefined ? escapeName(chunk.table[Table.Symbol.Name]) + "." + escapeName(columnName) : escapeName(schemaName) + "." + escapeName(chunk.table[Table.Symbol.Name]) + "." + escapeName(columnName),
+          params: []
+        };
+      }
+      if (is(chunk, View)) {
+        const schemaName = chunk[ViewBaseConfig].schema;
+        const viewName = chunk[ViewBaseConfig].name;
+        return {
+          sql: schemaName === undefined || chunk[ViewBaseConfig].isAlias ? escapeName(viewName) : escapeName(schemaName) + "." + escapeName(viewName),
+          params: []
+        };
+      }
+      if (is(chunk, Param)) {
+        if (is(chunk.value, Placeholder)) {
+          return { sql: escapeParam(paramStartIndex.value++, chunk), params: [chunk], typings: ["none"] };
+        }
+        const mappedValue = chunk.value === null ? null : chunk.encoder.mapToDriverValue(chunk.value);
+        if (is(mappedValue, SQL)) {
+          return this.buildQueryFromSourceParams([mappedValue], config3);
+        }
+        if (inlineParams) {
+          return { sql: this.mapInlineParam(mappedValue, config3), params: [] };
+        }
+        let typings = ["none"];
+        if (prepareTyping) {
+          typings = [prepareTyping(chunk.encoder)];
+        }
+        return { sql: escapeParam(paramStartIndex.value++, mappedValue), params: [mappedValue], typings };
+      }
+      if (is(chunk, Placeholder)) {
+        return { sql: escapeParam(paramStartIndex.value++, chunk), params: [chunk], typings: ["none"] };
+      }
+      if (is(chunk, SQL.Aliased) && chunk.fieldAlias !== undefined) {
+        return { sql: escapeName(chunk.fieldAlias), params: [] };
+      }
+      if (is(chunk, Subquery)) {
+        if (chunk._.isWith) {
+          return { sql: escapeName(chunk._.alias), params: [] };
+        }
+        return this.buildQueryFromSourceParams([
+          new StringChunk("("),
+          chunk._.sql,
+          new StringChunk(") "),
+          new Name(chunk._.alias)
+        ], config3);
+      }
+      if (isPgEnum(chunk)) {
+        if (chunk.schema) {
+          return { sql: escapeName(chunk.schema) + "." + escapeName(chunk.enumName), params: [] };
+        }
+        return { sql: escapeName(chunk.enumName), params: [] };
+      }
+      if (isSQLWrapper(chunk)) {
+        if (chunk.shouldOmitSQLParens?.()) {
+          return this.buildQueryFromSourceParams([chunk.getSQL()], config3);
+        }
+        return this.buildQueryFromSourceParams([
+          new StringChunk("("),
+          chunk.getSQL(),
+          new StringChunk(")")
+        ], config3);
+      }
+      if (inlineParams) {
+        return { sql: this.mapInlineParam(chunk, config3), params: [] };
+      }
+      return { sql: escapeParam(paramStartIndex.value++, chunk), params: [chunk], typings: ["none"] };
+    }));
+  }
+  mapInlineParam(chunk, { escapeString }) {
+    if (chunk === null) {
+      return "null";
+    }
+    if (typeof chunk === "number" || typeof chunk === "boolean") {
+      return chunk.toString();
+    }
+    if (typeof chunk === "string") {
+      return escapeString(chunk);
+    }
+    if (typeof chunk === "object") {
+      const mappedValueAsString = chunk.toString();
+      if (mappedValueAsString === "[object Object]") {
+        return escapeString(JSON.stringify(chunk));
+      }
+      return escapeString(mappedValueAsString);
+    }
+    throw new Error("Unexpected param value: " + chunk);
+  }
+  getSQL() {
+    return this;
+  }
+  as(alias) {
+    if (alias === undefined) {
+      return this;
+    }
+    return new SQL.Aliased(this, alias);
+  }
+  mapWith(decoder) {
+    this.decoder = typeof decoder === "function" ? { mapFromDriverValue: decoder } : decoder;
+    return this;
+  }
+  inlineParams() {
+    this.shouldInlineParams = true;
+    return this;
+  }
+  if(condition) {
+    return condition ? this : undefined;
+  }
+}
+
+class Name {
+  constructor(value) {
+    this.value = value;
+  }
+  static [entityKind] = "Name";
+  brand;
+  getSQL() {
+    return new SQL([this]);
+  }
+}
+var noopDecoder = {
+  mapFromDriverValue: (value) => value
+};
+var noopEncoder = {
+  mapToDriverValue: (value) => value
+};
+var noopMapper = {
+  ...noopDecoder,
+  ...noopEncoder
+};
+
+class Param {
+  constructor(value, encoder = noopEncoder) {
+    this.value = value;
+    this.encoder = encoder;
+  }
+  static [entityKind] = "Param";
+  brand;
+  getSQL() {
+    return new SQL([this]);
+  }
+}
+function sql(strings, ...params) {
+  const queryChunks = [];
+  if (params.length > 0 || strings.length > 0 && strings[0] !== "") {
+    queryChunks.push(new StringChunk(strings[0]));
+  }
+  for (const [paramIndex, param2] of params.entries()) {
+    queryChunks.push(param2, new StringChunk(strings[paramIndex + 1]));
+  }
+  return new SQL(queryChunks);
+}
+((sql2) => {
+  function empty() {
+    return new SQL([]);
+  }
+  sql2.empty = empty;
+  function fromList(list) {
+    return new SQL(list);
+  }
+  sql2.fromList = fromList;
+  function raw(str) {
+    return new SQL([new StringChunk(str)]);
+  }
+  sql2.raw = raw;
+  function join4(chunks, separator) {
+    const result = [];
+    for (const [i, chunk] of chunks.entries()) {
+      if (i > 0 && separator !== undefined) {
+        result.push(separator);
+      }
+      result.push(chunk);
+    }
+    return new SQL(result);
+  }
+  sql2.join = join4;
+  function identifier(value) {
+    return new Name(value);
+  }
+  sql2.identifier = identifier;
+  function placeholder2(name2) {
+    return new Placeholder(name2);
+  }
+  sql2.placeholder = placeholder2;
+  function param2(value, encoder) {
+    return new Param(value, encoder);
+  }
+  sql2.param = param2;
+})(sql || (sql = {}));
+((SQL2) => {
+
+  class Aliased {
+    constructor(sql2, fieldAlias) {
+      this.sql = sql2;
+      this.fieldAlias = fieldAlias;
+    }
+    static [entityKind] = "SQL.Aliased";
+    isSelectionField = false;
+    getSQL() {
+      return this.sql;
+    }
+    clone() {
+      return new Aliased(this.sql, this.fieldAlias);
+    }
+  }
+  SQL2.Aliased = Aliased;
+})(SQL || (SQL = {}));
+
+class Placeholder {
+  constructor(name2) {
+    this.name = name2;
+  }
+  static [entityKind] = "Placeholder";
+  getSQL() {
+    return new SQL([this]);
+  }
+}
+var IsDrizzleView = Symbol.for("drizzle:IsDrizzleView");
+
+class View {
+  static [entityKind] = "View";
+  [ViewBaseConfig];
+  [IsDrizzleView] = true;
+  constructor({ name: name2, schema, selectedFields, query }) {
+    this[ViewBaseConfig] = {
+      name: name2,
+      originalName: name2,
+      schema,
+      selectedFields,
+      query,
+      isExisting: !query,
+      isAlias: false
+    };
+  }
+  getSQL() {
+    return new SQL([this]);
+  }
+}
+Column.prototype.getSQL = function() {
+  return new SQL([this]);
+};
+Table.prototype.getSQL = function() {
+  return new SQL([this]);
+};
+Subquery.prototype.getSQL = function() {
+  return new SQL([this]);
+};
+
+// src/index.ts
 import { existsSync as existsSync4 } from "node:fs";
 var import_dotenv2 = __toESM(require_main(), 1);
 import { ElizaOS as ElizaOS4 } from "@elizaos/core";
@@ -48535,7 +49198,7 @@ function resolvePgliteDir(dir, fallbackDir) {
   return resolved;
 }
 var __dirname3 = dirname3(fileURLToPath2(import.meta.url));
-var DEFAULT_SERVER_ID7 = "00000000-0000-0000-0000-000000000000";
+var DEFAULT_SERVER_ID2 = "00000000-0000-0000-0000-000000000000";
 function isWebUIEnabled() {
   const isProduction = false;
   const uiEnabledEnv = process.env.ELIZA_UI_ENABLE;
@@ -48554,6 +49217,8 @@ class AgentServer {
   clientPath;
   elizaOS;
   database;
+  rlsOwnerId;
+  serverId = DEFAULT_SERVER_ID2;
   loadCharacterTryPath;
   jsonToCharacter;
   async startAgents(agents, options) {
@@ -48585,6 +49250,9 @@ class AgentServer {
               });
               logger33.info(`Persisted agent ${runtime.character.name} (${runtime.agentId}) to database`);
             }
+            if (this.rlsOwnerId) {
+              await assignAgentToOwner(this.database, runtime.agentId, this.rlsOwnerId);
+            }
           } catch (error2) {
             logger33.error({ error: error2 }, `Failed to persist agent ${runtime.agentId} to database`);
           }
@@ -48657,6 +49325,43 @@ class AgentServer {
         logger33.error({ error: migrationError }, "[INIT] Failed to run database migrations:");
         throw new Error(`Database migration failed: ${migrationError instanceof Error ? migrationError.message : String(migrationError)}`);
       }
+      const rlsEnabled = process.env.ENABLE_RLS_ISOLATION === "true";
+      const rlsOwnerIdString = process.env.RLS_OWNER_ID;
+      if (rlsEnabled) {
+        if (!config3?.postgresUrl) {
+          logger33.error("[RLS] ENABLE_RLS_ISOLATION requires PostgreSQL (not compatible with PGLite)");
+          throw new Error("RLS isolation requires PostgreSQL database");
+        }
+        if (!rlsOwnerIdString) {
+          logger33.error("[RLS] ENABLE_RLS_ISOLATION requires RLS_OWNER_ID environment variable");
+          throw new Error("RLS_OWNER_ID environment variable is required when RLS is enabled");
+        }
+        const owner_id = stringToUuid2(rlsOwnerIdString);
+        logger33.info("[INIT] Initializing RLS multi-tenant isolation...");
+        logger33.info(`[RLS] Tenant ID: ${owner_id.slice(0, 8)}… (from RLS_OWNER_ID="${rlsOwnerIdString}")`);
+        logger33.warn("[RLS] Ensure your PostgreSQL user is NOT a superuser!");
+        logger33.warn("[RLS] Superusers bypass ALL RLS policies, defeating isolation.");
+        try {
+          await installRLSFunctions(this.database);
+          await getOrCreateRlsOwner(this.database, owner_id);
+          this.rlsOwnerId = owner_id;
+          await setOwnerContext(this.database, owner_id);
+          await applyRLSToNewTables(this.database);
+          logger33.success("[INIT] RLS multi-tenant isolation initialized successfully");
+        } catch (rlsError) {
+          logger33.error({ error: rlsError }, "[INIT] Failed to initialize RLS:");
+          throw new Error(`RLS initialization failed: ${rlsError instanceof Error ? rlsError.message : String(rlsError)}`);
+        }
+      } else if (config3?.postgresUrl) {
+        logger33.info("[INIT] RLS multi-tenant isolation disabled (legacy mode)");
+        try {
+          logger33.info("[INIT] Cleaning up RLS policies and functions...");
+          await uninstallRLS(this.database);
+          logger33.success("[INIT] RLS cleanup completed");
+        } catch (cleanupError) {
+          logger33.debug("[INIT] RLS cleanup skipped (RLS not installed or already cleaned)");
+        }
+      }
       await new Promise((resolve2) => setTimeout(resolve2, 500));
       logger33.info("[INIT] Ensuring default server exists...");
       await this.ensureDefaultServer();
@@ -48667,6 +49372,7 @@ class AgentServer {
       this.elizaOS = new ElizaOS3;
       this.elizaOS.enableEditableMode();
       setGlobalElizaOS(this.elizaOS);
+      setGlobalAgentServer(this);
       logger33.success("[INIT] ElizaOS initialized");
       await this.initializeServer(config3);
       await new Promise((resolve2) => setTimeout(resolve2, 250));
@@ -48679,36 +49385,42 @@ class AgentServer {
   }
   async ensureDefaultServer() {
     try {
-      logger33.info("[AgentServer] Checking for default server...");
+      const rlsEnabled = process.env.ENABLE_RLS_ISOLATION === "true";
+      this.serverId = rlsEnabled && this.rlsOwnerId ? this.rlsOwnerId : "00000000-0000-0000-0000-000000000000";
+      const serverName = rlsEnabled && this.rlsOwnerId ? `Server ${this.rlsOwnerId.substring(0, 8)}` : "Default Server";
+      logger33.info(`[AgentServer] Checking for server ${this.serverId}...`);
       const servers = await this.database.getMessageServers();
       logger33.debug(`[AgentServer] Found ${servers.length} existing servers`);
       servers.forEach((s) => {
         logger33.debug(`[AgentServer] Existing server: ID=${s.id}, Name=${s.name}`);
       });
-      const defaultServer = servers.find((s) => s.id === "00000000-0000-0000-0000-000000000000");
+      const defaultServer = servers.find((s) => s.id === this.serverId);
       if (!defaultServer) {
-        logger33.info("[AgentServer] Creating default server with UUID 00000000-0000-0000-0000-000000000000...");
+        logger33.info(`[AgentServer] Creating server with UUID ${this.serverId}...`);
         try {
-          await this.database.db.execute(`
+          const db = this.database.db;
+          await db.execute(sql`
             INSERT INTO message_servers (id, name, source_type, created_at, updated_at)
-            VALUES ('00000000-0000-0000-0000-000000000000', 'Default Server', 'eliza_default', NOW(), NOW())
+            VALUES (${this.serverId}, ${serverName}, ${"eliza_default"}, NOW(), NOW())
             ON CONFLICT (id) DO NOTHING
           `);
-          logger33.success("[AgentServer] Default server created via raw SQL");
-          const checkResult = await this.database.db.execute("SELECT id, name FROM message_servers WHERE id = '00000000-0000-0000-0000-000000000000'");
-          logger33.debug("[AgentServer] Raw SQL check result:", checkResult);
+          logger33.success("[AgentServer] Server created via parameterized query");
+          const checkResult = await db.execute(sql`
+            SELECT id, name FROM message_servers WHERE id = ${this.serverId}
+          `);
+          logger33.debug("[AgentServer] Parameterized query check result:", checkResult);
         } catch (sqlError) {
           logger33.error("[AgentServer] Raw SQL insert failed:", sqlError);
           try {
             const server = await this.database.createMessageServer({
-              id: "00000000-0000-0000-0000-000000000000",
-              name: "Default Server",
+              id: this.serverId,
+              name: serverName,
               sourceType: "eliza_default"
             });
-            logger33.success("[AgentServer] Default server created via ORM with ID:", server.id);
+            logger33.success("[AgentServer] Server created via ORM with ID:", server.id);
           } catch (ormError) {
             logger33.error("[AgentServer] Both SQL and ORM creation failed:", ormError);
-            throw new Error(`Failed to create default server: ${ormError.message}`);
+            throw new Error(`Failed to create server: ${ormError.message}`);
           }
         }
         const verifyServers = await this.database.getMessageServers();
@@ -48716,14 +49428,14 @@ class AgentServer {
         verifyServers.forEach((s) => {
           logger33.debug(`[AgentServer] Server after creation: ID=${s.id}, Name=${s.name}`);
         });
-        const verifyDefault = verifyServers.find((s) => s.id === "00000000-0000-0000-0000-000000000000");
+        const verifyDefault = verifyServers.find((s) => s.id === this.serverId);
         if (!verifyDefault) {
-          throw new Error(`Failed to create or verify default server with ID ${DEFAULT_SERVER_ID7}`);
+          throw new Error(`Failed to create or verify server with ID ${this.serverId}`);
         } else {
-          logger33.success("[AgentServer] Default server creation verified successfully");
+          logger33.success("[AgentServer] Server creation verified successfully");
         }
       } else {
-        logger33.info("[AgentServer] Default server already exists with ID:", defaultServer.id);
+        logger33.info("[AgentServer] Server already exists with ID:", defaultServer.id);
       }
     } catch (error2) {
       logger33.error({ error: error2 }, "[AgentServer] Error ensuring default server:");
@@ -48819,6 +49531,38 @@ class AgentServer {
       this.app.use(express34.json({
         limit: process.env.EXPRESS_MAX_PAYLOAD || "2mb"
       }));
+      const healthCheckRateLimiter = rate_limit_default({
+        windowMs: 60 * 1000,
+        max: 100,
+        message: "Too many health check requests from this IP, please try again later.",
+        standardHeaders: true,
+        legacyHeaders: false,
+        skip: (req) => {
+          const ip = req.ip || "";
+          return ip === "127.0.0.1" || ip === "::1" || ip.startsWith("10.") || ip.startsWith("172.") || ip.startsWith("192.168.");
+        }
+      });
+      this.app.get("/healthz", healthCheckRateLimiter, (_req, res) => {
+        res.json({
+          status: "ok",
+          timestamp: new Date().toISOString()
+        });
+      });
+      this.app.get("/health", healthCheckRateLimiter, (_req, res) => {
+        const agents = this.elizaOS?.getAgents() || [];
+        const isHealthy = agents.length > 0;
+        const healthcheck = {
+          status: isHealthy ? "OK" : "DEGRADED",
+          version: process.env.APP_VERSION || "unknown",
+          timestamp: new Date().toISOString(),
+          dependencies: {
+            agents: isHealthy ? "healthy" : "no_agents"
+          },
+          agentCount: agents.length
+        };
+        res.status(isHealthy ? 200 : 503).json(healthcheck);
+      });
+      logger33.info("Public health check endpoints enabled: /healthz and /health (rate limited: 100 req/min)");
       const serverAuthToken = process.env.ELIZA_SERVER_AUTH_TOKEN;
       if (serverAuthToken) {
         logger33.info("Server authentication enabled. Requires X-API-KEY header for /api routes.");
@@ -49030,8 +49774,8 @@ class AgentServer {
                 const nvmPath = path8.join(os3.homedir(), ".nvm/versions/node");
                 if (existsSync4(nvmPath)) {
                   const versions = fs6.readdirSync(nvmPath);
-                  for (const version of versions) {
-                    const cliPath = path8.join(nvmPath, version, "lib/node_modules/@elizaos/server/dist/client");
+                  for (const version2 of versions) {
+                    const cliPath = path8.join(nvmPath, version2, "lib/node_modules/@elizaos/server/dist/client");
                     if (existsSync4(path8.join(cliPath, "index.html"))) {
                       return cliPath;
                     }
@@ -49213,8 +49957,8 @@ class AgentServer {
         }
       }
       logger33.success(`Successfully registered agent ${runtime.character.name} (${runtime.agentId}) with core services.`);
-      await this.addAgentToServer(DEFAULT_SERVER_ID7, runtime.agentId);
-      logger33.info(`[AgentServer] Auto-associated agent ${runtime.character.name} with server ID: ${DEFAULT_SERVER_ID7}`);
+      await this.addAgentToServer(this.serverId, runtime.agentId);
+      logger33.info(`[AgentServer] Auto-associated agent ${runtime.character.name} with server ID: ${this.serverId}`);
     } catch (error2) {
       logger33.error({ error: error2 }, "Failed to register agent:");
       throw error2;