@lobu/cli 7.0.0 → 7.2.0

package/dist/connectors/website.ts

@@ -20,6 +20,7 @@ import {
   type SyncResult,
 } from '@lobu/connector-sdk';
 import type { Page } from 'playwright';
+import { validatePublicUrl } from './browser-scraper-utils.ts';
 
 interface PageSection {
   heading: string;
@@ -50,72 +51,6 @@ function shouldSkipCookieBannerText(text: string): boolean {
   return countPatternMatches(normalized, COOKIE_BANNER_PATTERNS) >= 3;
 }
 
-/**
- * Validates a URL is safe for server-side fetching.
- * Blocks private/internal network addresses to prevent SSRF attacks.
- */
-function validatePublicUrl(url: string): void {
-  let parsed: URL;
-  try {
-    parsed = new URL(url);
-  } catch {
-    throw new Error(`Invalid URL: ${url}`);
-  }
-
-  if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {
-    throw new Error(`URL must use http: or https: protocol, got ${parsed.protocol}`);
-  }
-
-  const hostname = parsed.hostname.toLowerCase();
-
-  // Block localhost variants
-  if (hostname === 'localhost' || hostname === '[::1]' || hostname.endsWith('.localhost')) {
-    throw new Error(`URL must not point to localhost: ${hostname}`);
-  }
-
-  // Block private/internal IP ranges
-  // IPv4 patterns: 127.x.x.x, 10.x.x.x, 192.168.x.x, 172.16-31.x.x, 169.254.x.x, 0.x.x.x
-  const ipv4Match = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
-  if (ipv4Match) {
-    const [, a, b] = ipv4Match.map(Number);
-    if (
-      a === 127 || // 127.0.0.0/8 loopback
-      a === 10 || // 10.0.0.0/8 private
-      (a === 172 && b >= 16 && b <= 31) || // 172.16.0.0/12 private
-      (a === 192 && b === 168) || // 192.168.0.0/16 private
-      (a === 169 && b === 254) || // 169.254.0.0/16 link-local
-      a === 0 // 0.0.0.0/8
-    ) {
-      throw new Error(`URL must not point to a private/internal IP address: ${hostname}`);
-    }
-  }
-
-  // Block IPv6 private ranges (bracketed notation in URLs)
-  if (hostname.startsWith('[')) {
-    const ipv6 = hostname.slice(1, -1).toLowerCase();
-    if (
-      ipv6 === '::1' ||
-      ipv6.startsWith('fe80:') || // link-local
-      ipv6.startsWith('fc') || // unique local (fc00::/7)
-      ipv6.startsWith('fd') || // unique local (fc00::/7)
-      ipv6 === '::' || // unspecified
-      ipv6.startsWith('::ffff:') // IPv4-mapped IPv6
-    ) {
-      throw new Error(`URL must not point to a private/internal IPv6 address: ${hostname}`);
-    }
-  }
-
-  // Block common internal hostnames
-  if (
-    hostname.endsWith('.internal') ||
-    hostname.endsWith('.local') ||
-    hostname.endsWith('.corp') ||
-    hostname.endsWith('.lan')
-  ) {
-    throw new Error(`URL must not point to an internal hostname: ${hostname}`);
-  }
-}
-
 export default class WebsiteConnector extends ConnectorRuntime {
   readonly definition: ConnectorDefinition = {
     key: 'website',
@@ -457,7 +392,11 @@ export default class WebsiteConnector extends ConnectorRuntime {
     return result.join('\n');
   }
 
-  private async fetchSitemap(sitemapUrl: string): Promise<string[]> {
+  private async fetchSitemap(sitemapUrl: string, depth = 0): Promise<string[]> {
+    // Sitemap-index recursion bound — caps fan-out from a remote sitemap that
+    // links to a sitemap that links to a sitemap... untrusted XML must not
+    // drive unbounded outbound traffic.
+    if (depth > 2) return [];
     const response = await fetch(sitemapUrl, {
       headers: { 'User-Agent': 'Mozilla/5.0 (compatible; LobuBot/1.0)' },
     });
@@ -493,7 +432,7 @@ export default class WebsiteConnector extends ConnectorRuntime {
       }
       for (const childUrl of childSitemaps.slice(0, 5)) {
         validatePublicUrl(childUrl);
-        const childUrls = await this.fetchSitemap(childUrl);
+        const childUrls = await this.fetchSitemap(childUrl, depth + 1);
         urls.push(...childUrls);
       }
     }

package/dist/connectors/whatsapp.ts

@@ -424,11 +424,7 @@ export default class WhatsAppConnector extends ConnectorRuntime {
         },
       };
     } catch (error) {
-      try {
-        sock.end(undefined);
-      } catch {
-        /* ignore */
-      }
+      safeEnd(sock);
       throw error;
     }
   }
@@ -478,11 +474,7 @@ async function attemptPairing(
       sock.ev.off('connection.update', handler);
       sock.ev.off('creds.update', credsListener);
       ctx.signal.removeEventListener('abort', onAbort);
-      try {
-        sock.end(undefined);
-      } catch {
-        /* ignore */
-      }
+      safeEnd(sock);
       resolve(outcome);
     };
 
@@ -592,11 +584,7 @@ async function drainHistory(
     sock.ev.off('chats.upsert', chatsListener);
     sock.ev.off('messaging-history.set', historyListener);
     sock.ev.off('messages.upsert', messagesListener);
-    try {
-      sock.end(undefined);
-    } catch {
-      /* ignore */
-    }
+    safeEnd(sock);
   };
 
   try {
@@ -829,6 +817,14 @@ function delay(ms: number): Promise<void> {
   return new Promise((r) => setTimeout(r, ms));
 }
 
+function safeEnd(sock: ReturnType<typeof makeWASocket>): void {
+  try {
+    sock.end(undefined);
+  } catch {
+    /* ignore */
+  }
+}
+
 function waitForOpen(sock: ReturnType<typeof makeWASocket>, timeoutMs: number): Promise<boolean> {
   return new Promise((resolve) => {
     let newLogin = false;
@@ -963,12 +959,7 @@ export function toEvent(
   const text = extractText(m.message);
   if (!text) return null;
 
-  const tsRaw =
-    typeof m.messageTimestamp === 'number'
-      ? m.messageTimestamp
-      : ((m.messageTimestamp as { low?: number; toNumber?: () => number } | null)?.toNumber?.() ??
-        (m.messageTimestamp as { low?: number } | null)?.low ??
-        0);
+  const tsRaw = extractTs(m);
   if (!tsRaw) return null;
   const occurredAt = new Date(tsRaw * 1000);
 

package/dist/db/migrations/20260514130000_connection_action_modes.sql

@@ -0,0 +1,103 @@
+-- migrate:up
+
+-- Collapse `connection.config.auto_approve_actions` (string[]) and
+-- `connection.config.require_approval_actions` (string[]) into a single
+-- `action_modes` (Record<string, 'disabled' | 'approval' | 'auto'>) map.
+--
+-- The old two-array model couldn't express "agent must not call this op
+-- at all" — every action the connector defined was always reachable, the
+-- arrays only flipped approval prompts. The new map adds 'disabled' as the
+-- third state and gives every op an explicit user-chosen mode.
+--
+-- Backfill rule, per row, for every op listed in either array:
+--   op in auto_approve_actions      → action_modes[op] = 'auto'
+--   op in require_approval_actions  → action_modes[op] = 'approval'
+-- When an op appears in both, 'approval' wins (it's the stricter signal:
+-- the user explicitly opted in to seeing an approval prompt).
+--
+-- Ops the user never touched are not stored in action_modes; the server
+-- falls back to the connector's per-op `requires_approval` default at read
+-- time, which preserves today's "all on" behavior.
+--
+-- We drop the two old keys in the same statement so the new state is the
+-- only state on disk after migration.
+
+UPDATE public.connections
+SET config = (
+        COALESCE(config, '{}'::jsonb)
+        - 'auto_approve_actions'
+        - 'require_approval_actions'
+    )
+    || jsonb_build_object(
+        'action_modes',
+        COALESCE(
+            (
+                -- 'approval' wins over 'auto' when an op appears in both arrays
+                -- (MIN('approval', 'auto') = 'approval' lexicographically).
+                SELECT jsonb_object_agg(op_key, mode)
+                FROM (
+                    SELECT op_key, MIN(mode) AS mode
+                    FROM (
+                        SELECT op_key, 'approval'::text AS mode
+                        FROM jsonb_array_elements_text(
+                            CASE
+                                WHEN jsonb_typeof(config->'require_approval_actions') = 'array'
+                                    THEN config->'require_approval_actions'
+                                ELSE '[]'::jsonb
+                            END
+                        ) AS op_key
+                        UNION ALL
+                        SELECT op_key, 'auto'::text AS mode
+                        FROM jsonb_array_elements_text(
+                            CASE
+                                WHEN jsonb_typeof(config->'auto_approve_actions') = 'array'
+                                    THEN config->'auto_approve_actions'
+                                ELSE '[]'::jsonb
+                            END
+                        ) AS op_key
+                    ) all_modes
+                    GROUP BY op_key
+                ) collapsed
+            ),
+            '{}'::jsonb
+        )
+    )
+WHERE config IS NOT NULL
+  AND (
+      config ? 'auto_approve_actions'
+      OR config ? 'require_approval_actions'
+  );
+
+-- migrate:down
+
+-- Reverse the collapse: split action_modes back into the two arrays.
+-- 'auto'     → auto_approve_actions
+-- 'approval' → require_approval_actions
+-- 'disabled' has no pre-refactor equivalent and is silently dropped on
+-- downgrade — the agent will see the op again as if no override existed.
+UPDATE public.connections
+SET config = (
+        COALESCE(config, '{}'::jsonb) - 'action_modes'
+    )
+    || jsonb_build_object(
+        'auto_approve_actions',
+        COALESCE(
+            (
+                SELECT jsonb_agg(key)
+                FROM jsonb_each_text(config->'action_modes')
+                WHERE value = 'auto'
+            ),
+            '[]'::jsonb
+        ),
+        'require_approval_actions',
+        COALESCE(
+            (
+                SELECT jsonb_agg(key)
+                FROM jsonb_each_text(config->'action_modes')
+                WHERE value = 'approval'
+            ),
+            '[]'::jsonb
+        )
+    )
+WHERE config IS NOT NULL
+  AND jsonb_typeof(config->'action_modes') = 'object';

package/dist/db/migrations/20260514160000_auth_profiles_mirror_mode.sql

@@ -0,0 +1,32 @@
+-- migrate:up
+-- Relax the device-binding XOR for browser_session profiles to allow
+-- mirror mode, where neither user_data_dir nor cdp_url is set on the
+-- row (the source profile dir lives in auth_data.source_profile_dir).
+-- Keep the mutual exclusion of the two columns so they can't be set
+-- together; application validation enforces "exactly one of mirror /
+-- cdp / legacy" per row.
+
+ALTER TABLE auth_profiles
+  DROP CONSTRAINT IF EXISTS auth_profiles_device_browser_path_xor;
+
+ALTER TABLE auth_profiles
+  ADD CONSTRAINT auth_profiles_device_browser_path_mutex
+  CHECK (
+    device_worker_id IS NULL
+    OR profile_kind <> 'browser_session'
+    OR user_data_dir IS NULL
+    OR cdp_url IS NULL
+  );
+
+-- migrate:down
+ALTER TABLE auth_profiles
+  DROP CONSTRAINT IF EXISTS auth_profiles_device_browser_path_mutex;
+
+ALTER TABLE auth_profiles
+  ADD CONSTRAINT auth_profiles_device_browser_path_xor
+  CHECK (
+    device_worker_id IS NULL
+    OR profile_kind <> 'browser_session'
+    OR ((user_data_dir IS NOT NULL) AND (cdp_url IS NULL))
+    OR ((user_data_dir IS NULL) AND (cdp_url IS NOT NULL))
+  );

package/dist/db/migrations/20260515120000_agents_per_org_pk.sql

@@ -0,0 +1,66 @@
+-- migrate:up
+-- Phase A of moving `agents` from a globally-unique `id` PK to a per-org
+-- composite PK `(organization_id, id)`. The application has always treated
+-- agents as org-scoped (every read/delete/list filters by organization_id),
+-- so the global PK is a latent footgun: two orgs cannot share an agent ID,
+-- and a stale agent in one org silently blocks another org from using the
+-- same name.
+--
+-- This phase is INTENTIONALLY NON-BREAKING. It only:
+--   1. Adds an `organization_id` column to each FK-holding child table
+--      (NULLABLE — backfilled here, set NOT NULL in a later phase once the
+--      app-code refactor lands so every INSERT writes the value).
+--   2. Backfills `organization_id` from agents (no orphan rows in prod).
+--   3. Adds a parallel UNIQUE constraint on `agents (organization_id, id)`
+--      so the schema is ready for the eventual PK swap.
+--   4. Adds composite indexes on each child table so the upcoming
+--      org-scoped query patterns are fast from day one.
+--
+-- The single-column PK on agents and the single-column FKs on child tables
+-- stay in place. App code keeps working unmodified. The PK swap and FK
+-- composite migration ship in a separate PR after the storage interfaces
+-- are plumbed with `organization_id`.
+
+-- ── 1. Add organization_id columns (nullable for now).
+ALTER TABLE agent_grants            ADD COLUMN organization_id text;
+ALTER TABLE agent_connections       ADD COLUMN organization_id text;
+ALTER TABLE agent_users             ADD COLUMN organization_id text;
+ALTER TABLE agent_channel_bindings  ADD COLUMN organization_id text;
+ALTER TABLE grants                  ADD COLUMN organization_id text;
+
+-- ── 2. Backfill from agents.
+UPDATE agent_grants           SET organization_id = a.organization_id FROM agents a WHERE agent_grants.agent_id            = a.id;
+UPDATE agent_connections      SET organization_id = a.organization_id FROM agents a WHERE agent_connections.agent_id       = a.id;
+UPDATE agent_users            SET organization_id = a.organization_id FROM agents a WHERE agent_users.agent_id             = a.id;
+UPDATE agent_channel_bindings SET organization_id = a.organization_id FROM agents a WHERE agent_channel_bindings.agent_id  = a.id;
+UPDATE grants                 SET organization_id = a.organization_id FROM agents a WHERE grants.agent_id                  = a.id;
+
+-- ── 3. Parallel UNIQUE on agents (organization_id, id). The single-column
+--     PK on (id) stays — this is purely additive and signals to readers
+--     that org-scoped uniqueness is the eventual model. The PK swap in a
+--     later migration will drop this UNIQUE and reuse the index for the
+--     new composite PK.
+ALTER TABLE agents
+  ADD CONSTRAINT agents_organization_id_id_key UNIQUE (organization_id, id);
+
+-- ── 4. Composite indexes on child tables for upcoming org-scoped queries.
+CREATE INDEX agent_grants_org_agent_idx           ON agent_grants           (organization_id, agent_id);
+CREATE INDEX agent_connections_org_agent_idx      ON agent_connections      (organization_id, agent_id);
+CREATE INDEX agent_users_org_agent_idx            ON agent_users            (organization_id, agent_id);
+CREATE INDEX agent_channel_bindings_org_agent_idx ON agent_channel_bindings (organization_id, agent_id);
+CREATE INDEX grants_org_agent_idx                 ON grants                 (organization_id, agent_id);
+
+-- migrate:down
+DROP INDEX IF EXISTS grants_org_agent_idx;
+DROP INDEX IF EXISTS agent_channel_bindings_org_agent_idx;
+DROP INDEX IF EXISTS agent_users_org_agent_idx;
+DROP INDEX IF EXISTS agent_connections_org_agent_idx;
+DROP INDEX IF EXISTS agent_grants_org_agent_idx;
+
+ALTER TABLE agents DROP CONSTRAINT IF EXISTS agents_organization_id_id_key;
+
+ALTER TABLE grants                  DROP COLUMN IF EXISTS organization_id;
+ALTER TABLE agent_channel_bindings  DROP COLUMN IF EXISTS organization_id;
+ALTER TABLE agent_users             DROP COLUMN IF EXISTS organization_id;
+ALTER TABLE agent_connections       DROP COLUMN IF EXISTS organization_id;
+ALTER TABLE agent_grants            DROP COLUMN IF EXISTS organization_id;

package/dist/db/migrations/20260515150000_geo_enrichment.sql

@@ -0,0 +1,208 @@
+-- migrate:up
+
+-- =============================================================================
+-- Geo enrichment: reverse-geocode lat/lng → country / admin1 / place at the
+-- gateway, once, for every event with coordinates. Used by `apple.photos`
+-- today; gmaps reviews, github commit metadata, and any future geo-bearing
+-- connector benefit automatically.
+--
+-- Three system-level reference tables (no organization_id — these are
+-- read-only geographic facts shared across all tenants) seeded from
+-- GeoNames (https://www.geonames.org/, CC-BY 4.0):
+--
+--   geo_countries — country_code → name/continent/currency/etc. (~250 rows)
+--   geo_admin1    — state/province codes per country (~4k rows)
+--   geo_places    — populated places (cities/towns/villages/hamlets);
+--                   seeded from GeoNames cities1000.txt (~150k rows for v1).
+--                   Can be upgraded to the full PPL-class subset of
+--                   allCountries (~5M rows) without schema changes —
+--                   nearest-neighbor query is the same shape.
+--
+-- The `geo_lookup(lat, lng)` function returns the enriched row in one
+-- call. Nearest-neighbor uses PostGIS `geography(POINT, 4326)` + GiST so
+-- distance is true geodesic (not L2-on-degrees), and the index keeps it
+-- sub-millisecond at any table size we'd ever load.
+--
+-- Run `scripts/seed-geo-data.sh` after this migration applies to populate
+-- the tables. The TS enrichment hook gracefully no-ops if the tables are
+-- empty or the function is missing, so partially-deployed installs keep
+-- working — events just don't get the enriched fields until seeding runs.
+--
+-- ENVIRONMENTS WITHOUT POSTGIS: the entire migration is wrapped in a DO
+-- block that probes for the extension. If PostGIS isn't installable
+-- (PGlite in tests, restricted hosts), every statement below is skipped
+-- with a NOTICE. The runtime enrichment hook also fails open, so
+-- partially-supported environments keep functioning — they just don't
+-- get geo enrichment.
+-- =============================================================================
+
+DO $migration$
+BEGIN
+    -- Try to install PostGIS. If it's not available on this host (PGlite
+    -- without the postgis extension registered, managed Postgres without
+    -- the extension, etc.), bail out cleanly.
+    BEGIN
+        CREATE EXTENSION IF NOT EXISTS postgis;
+    EXCEPTION
+        WHEN OTHERS THEN
+            RAISE NOTICE
+                'geo-enrichment: PostGIS unavailable (%), skipping geo schema. Runtime enrichment will no-op.',
+                SQLERRM;
+            RETURN;
+    END;
+
+    -- spatial_ref_sys row for SRID 4326 (WGS-84). Real PostGIS installs
+    -- bundle ~8000 standard projections; the pglite-postgis WASM build
+    -- ships an empty table to keep the bundle small. Inserting the one
+    -- row we use makes nearest-neighbour queries work everywhere; the
+    -- ON CONFLICT skips on prod where the row already exists.
+    INSERT INTO spatial_ref_sys (srid, auth_name, auth_srid, srtext, proj4text)
+    VALUES (
+        4326,
+        'EPSG',
+        4326,
+        'GEOGCS["WGS 84",DATUM["WGS_1984",SPHEROID["WGS 84",6378137,298.257223563,AUTHORITY["EPSG","7030"]],AUTHORITY["EPSG","6326"]],PRIMEM["Greenwich",0,AUTHORITY["EPSG","8901"]],UNIT["degree",0.0174532925199433,AUTHORITY["EPSG","9122"]],AUTHORITY["EPSG","4326"]]',
+        '+proj=longlat +datum=WGS84 +no_defs'
+    )
+    ON CONFLICT (srid) DO NOTHING;
+
+    -- Everything below this point assumes PostGIS is loaded. EXECUTE-wrapping
+    -- the DDL keeps the SQL parser from choking on `geography(POINT, 4326)`
+    -- when this whole DO block is parsed before the extension creates the type.
+
+    -- geo_countries — ISO-2 country code → full record. Source: GeoNames
+    -- countryInfo.txt.
+    EXECUTE $ddl$
+        CREATE TABLE IF NOT EXISTS geo_countries (
+            code             text PRIMARY KEY,
+            code3            text,
+            numeric_code     integer,
+            fips             text,
+            name             text NOT NULL,
+            capital          text,
+            area_sq_km       numeric,
+            population       bigint,
+            continent        text,
+            tld              text,
+            currency_code    text,
+            currency_name    text,
+            phone            text,
+            postal_code_fmt  text,
+            postal_code_re   text,
+            languages        text,
+            geonameid        bigint,
+            neighbours       text
+        )
+    $ddl$;
+
+    -- geo_admin1 — first-order administrative subdivisions.
+    -- Code shape: '<ISO2>.<ADMIN1>' (e.g. 'IT.07' = Lazio).
+    EXECUTE $ddl$
+        CREATE TABLE IF NOT EXISTS geo_admin1 (
+            code         text PRIMARY KEY,
+            country_code text NOT NULL,
+            name         text NOT NULL,
+            ascii_name   text NOT NULL,
+            geonameid    bigint
+        )
+    $ddl$;
+
+    EXECUTE 'CREATE INDEX IF NOT EXISTS geo_admin1_country_idx ON geo_admin1 (country_code)';
+
+    -- geo_places — populated places. `location` is a generated geography
+    -- point that the GiST index uses for nearest-neighbour lookup. Stays
+    -- sub-ms even at 5M+ rows.
+    EXECUTE $ddl$
+        CREATE TABLE IF NOT EXISTS geo_places (
+            geonameid    bigint PRIMARY KEY,
+            name         text NOT NULL,
+            ascii_name   text NOT NULL,
+            alt_names    text,
+            latitude     double precision NOT NULL,
+            longitude    double precision NOT NULL,
+            feature_class text,
+            feature_code  text,
+            country_code  text NOT NULL,
+            admin1_code   text,
+            admin2_code   text,
+            population    bigint DEFAULT 0,
+            elevation_m   integer,
+            timezone      text,
+            location      geography(POINT, 4326)
+                GENERATED ALWAYS AS (
+                    ST_SetSRID(ST_MakePoint(longitude, latitude), 4326)::geography
+                ) STORED
+        )
+    $ddl$;
+
+    EXECUTE 'CREATE INDEX IF NOT EXISTS geo_places_location_idx ON geo_places USING GIST (location)';
+    EXECUTE 'CREATE INDEX IF NOT EXISTS geo_places_country_idx  ON geo_places (country_code)';
+
+    -- geo_lookup(lat, lng) — single-call enrichment.
+    -- Returns the nearest populated place plus the country/admin1 join.
+    -- distance_km is included so callers can apply their own threshold
+    -- (e.g., reject results > 500 km away — ocean/desert coordinates that
+    -- would otherwise snap misleadingly to the closest coastal city).
+    EXECUTE $fn$
+        CREATE OR REPLACE FUNCTION geo_lookup(p_lat double precision, p_lng double precision)
+        RETURNS TABLE (
+            place_name    text,
+            place_id      bigint,
+            country_code  text,
+            country_name  text,
+            admin1_code   text,
+            admin1_name   text,
+            timezone      text,
+            population    bigint,
+            distance_km   double precision
+        )
+        LANGUAGE sql
+        STABLE
+        PARALLEL SAFE
+        AS $body$
+            WITH nearest AS (
+                SELECT
+                    p.geonameid,
+                    p.name,
+                    p.country_code,
+                    p.admin1_code,
+                    p.timezone,
+                    p.population,
+                    ST_Distance(
+                        p.location,
+                        ST_SetSRID(ST_MakePoint(p_lng, p_lat), 4326)::geography
+                    ) / 1000.0 AS distance_km
+                FROM geo_places p
+                ORDER BY p.location <-> ST_SetSRID(ST_MakePoint(p_lng, p_lat), 4326)::geography
+                LIMIT 1
+            )
+            SELECT
+                n.name                                              AS place_name,
+                n.geonameid                                         AS place_id,
+                n.country_code                                      AS country_code,
+                c.name                                              AS country_name,
+                CASE
+                    WHEN n.admin1_code IS NULL OR n.admin1_code = '' THEN NULL
+                    ELSE n.country_code || '.' || n.admin1_code
+                END                                                AS admin1_code,
+                a.name                                              AS admin1_name,
+                n.timezone                                          AS timezone,
+                n.population                                        AS population,
+                n.distance_km                                       AS distance_km
+            FROM nearest n
+            LEFT JOIN geo_countries c ON c.code = n.country_code
+            LEFT JOIN geo_admin1 a    ON a.code = n.country_code || '.' || n.admin1_code
+        $body$
+    $fn$;
+END
+$migration$;
+
+-- migrate:down
+
+DROP FUNCTION IF EXISTS geo_lookup(double precision, double precision);
+DROP TABLE IF EXISTS geo_places;
+DROP TABLE IF EXISTS geo_admin1;
+DROP TABLE IF EXISTS geo_countries;
+-- Intentionally do NOT DROP EXTENSION postgis. The extension may be
+-- shared by other tables / future migrations on the same Postgres
+-- instance; rolling back this migration shouldn't take that down.

package/dist/db/migrations/20260515160000_drop_agents_org_id_unique.sql

@@ -0,0 +1,24 @@
+-- migrate:up
+-- Drop the parallel `UNIQUE (organization_id, id)` added in 20260515120000.
+-- It was meant as schema-prep for the eventual PK swap to (organization_id,
+-- id), but it actively broke `ON CONFLICT (id) DO NOTHING/UPDATE` callers.
+--
+-- Why: Postgres' `ON CONFLICT (X)` only suppresses violations of the unique
+-- constraint matching exactly column set X. Adding a second unique constraint
+-- that overlaps with the PK means inserts can fail on the new constraint
+-- before reaching the PK conflict — and ON CONFLICT (id) doesn't catch it.
+-- Surfaced in `__tests__/integration/.../race-mcp` where parallel inserts of
+-- `(org-a, race-mcp-0)` started throwing `agents_organization_id_id_key`
+-- duplicates instead of being silently de-duped by the existing
+-- `ON CONFLICT (id) DO NOTHING` clause.
+--
+-- The PK on `(id)` already enforces global uniqueness, which subsumes
+-- `(organization_id, id)` uniqueness — the new constraint was logically
+-- redundant. Phase C of the per-org PK migration will swap the PK directly
+-- without needing a parallel constraint as a stepping stone.
+
+ALTER TABLE agents DROP CONSTRAINT IF EXISTS agents_organization_id_id_key;
+
+-- migrate:down
+ALTER TABLE agents
+  ADD CONSTRAINT agents_organization_id_id_key UNIQUE (organization_id, id);

package/dist/db/migrations/20260515170000_auth_profiles_default_for_connector.sql

@@ -0,0 +1,23 @@
+-- migrate:up
+-- Admin-managed default app profile per (org, connector_key).
+-- Today getPrimaryAuthProfileForKind picks the most-recently-updated active
+-- oauth_app profile for the connector — admins have no way to designate
+-- which profile members should fall through to. The flag lets the admin
+-- pin a chosen profile; the resolver prefers flagged rows first.
+--
+-- Constrained to oauth_app for now since that's the only kind where
+-- "default for connector" is meaningful (env / interactive / browser_session
+-- are picked by other rules — device binding, capture mode, etc.).
+
+ALTER TABLE auth_profiles
+  ADD COLUMN is_default_for_connector boolean NOT NULL DEFAULT false;
+
+CREATE UNIQUE INDEX auth_profiles_default_for_connector_unique
+  ON auth_profiles (organization_id, connector_key)
+  WHERE is_default_for_connector AND profile_kind = 'oauth_app';
+
+-- migrate:down
+DROP INDEX IF EXISTS auth_profiles_default_for_connector_unique;
+
+ALTER TABLE auth_profiles
+  DROP COLUMN IF EXISTS is_default_for_connector;