npm - @mgsoftwarebv/mg-dashboard-mcp - Versions diffs - 3.14.0 → 5.0.1 - Mend

@mgsoftwarebv/mg-dashboard-mcp 3.14.0 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -296,16 +296,21 @@ var TRIGGER_TOOLS = [
   },
   {
     name: "trigger-runs",
-    description: "List recent task runs for a Trigger.dev project. Returns run ID, task name, status, duration, and timestamps.",
+    description: "List recent task runs for a Trigger.dev project. Returns run ID, task name, status, duration, and timestamps.\n\nCommon shortcuts: `failedOnly: true` returns only FAILED/CRASHED/SYSTEM_FAILURE/INTERRUPTED/TIMED_OUT. `sinceMinutes: 60` filters to runs created in the last hour (combines with status/taskIdentifier).",
     inputSchema: {
       type: "object",
       properties: {
         project: { type: "string", description: 'Project slug from trigger-list (e.g. "mg-dashboard-bHfS")' },
         status: {
           type: "string",
-          description: "Comma-separated status filter: QUEUED,EXECUTING,COMPLETED,FAILED,CRASHED,CANCELED,SYSTEM_FAILURE"
+          description: "Comma-separated status filter: QUEUED,EXECUTING,COMPLETED,FAILED,CRASHED,CANCELED,SYSTEM_FAILURE. Ignored when failedOnly is true."
+        },
+        failedOnly: {
+          type: "boolean",
+          description: "Shortcut: only return FAILED + CRASHED + SYSTEM_FAILURE + INTERRUPTED + TIMED_OUT runs. Overrides `status` when true."
         },
         taskIdentifier: { type: "string", description: 'Filter by task identifier (e.g. "hello-world")' },
+        sinceMinutes: { type: "number", description: "Only runs created in the last N minutes (uses Trigger filter[from]). Max 10080 (= 1 week)." },
         limit: { type: "number", description: "Max runs to return (default 20, max 100)" }
       },
       required: ["project"]
@@ -489,8 +494,18 @@ ${lines.join("\n")}` }] };
       const instance = await discoverInstance(project, conn, proxy, sshExec2);
       const limit = Math.min(Math.max(Number(args2.limit) || 20, 1), 100);
       const queryParts = [`page%5Bsize%5D=${limit}`];
-      if (args2.status) queryParts.push(`filter%5Bstatus%5D=${String(args2.status)}`);
-      if (args2.taskIdentifier) queryParts.push(`filter%5BtaskIdentifier%5D=${String(args2.taskIdentifier)}`);
+      const failedOnly = args2.failedOnly === true;
+      const statusArg = failedOnly ? "FAILED,CRASHED,SYSTEM_FAILURE,INTERRUPTED,TIMED_OUT" : args2.status ? String(args2.status) : "";
+      if (statusArg) queryParts.push(`filter%5Bstatus%5D=${encodeURIComponent(statusArg)}`);
+      if (args2.taskIdentifier) {
+        queryParts.push(`filter%5BtaskIdentifier%5D=${encodeURIComponent(String(args2.taskIdentifier))}`);
+      }
+      const sinceMinutes = Number(args2.sinceMinutes);
+      if (Number.isFinite(sinceMinutes) && sinceMinutes > 0) {
+        const capped = Math.min(sinceMinutes, 10080);
+        const fromMs = Date.now() - capped * 6e4;
+        queryParts.push(`filter%5Bfrom%5D=${fromMs}`);
+      }
       const rawJson = await triggerApi(
         conn,
         proxy,
@@ -638,582 +653,6 @@ ${rawJson.substring(0, 500)}`
   }
 }
-// src/agent-tools.ts
-function clamp(val, min, max) {
-  return Math.max(min, Math.min(max, val));
-}
-function sanitizeString(val, maxLen) {
-  return String(val ?? "").slice(0, maxLen);
-}
-var AGENT_TOOLS = [
-  {
-    name: "web-search",
-    description: "Search the web using DuckDuckGo. Returns a list of results with title, URL, and snippet. Use this to find companies, websites, directories, etc.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        query: { type: "string", description: 'Search query (e.g. "logistiek bedrijf MKB nederland")' },
-        max_results: { type: "number", description: "Max results to return (default: 15, max: 30)" }
-      },
-      required: ["query"]
-    }
-  },
-  {
-    name: "web-fetch",
-    description: "Fetch a web page and return its text content (HTML tags stripped). Automatically extracts emails and phone numbers found on the page. Returns at most 15000 characters of cleaned text.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: { type: "string", description: 'Full URL to fetch (e.g. "https://example.nl/contact")' },
-        extract_links: { type: "boolean", description: "Also extract all links from the page (default: false)" }
-      },
-      required: ["url"]
-    }
-  },
-  {
-    name: "web-find-contacts",
-    description: "POWERFUL contact finder. Crawls a company website (homepage + contact/about/team pages), extracts ALL emails, phone numbers, and LinkedIn URLs via regex + mailto/tel parsing. Also searches Google for the company email as fallback. Returns structured contact data. USE THIS for every lead instead of manually browsing contact pages.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        url: {
-          type: "string",
-          description: 'Company website URL or domain (e.g. "https://example.nl" or "example.nl")'
-        },
-        company_name: {
-          type: "string",
-          description: "Company name (improves Google search accuracy)"
-        },
-        include_search: {
-          type: "boolean",
-          description: "Also search Google for emails (default: true)"
-        }
-      },
-      required: ["url"]
-    }
-  }
-];
-var AGENT_TOOL_NAMES = new Set(AGENT_TOOLS.map((t) => t.name));
-var AGENT_TOOL_MODULE_MAP = {
-  "web-search": "agent_reporting",
-  "web-fetch": "agent_reporting",
-  "web-find-contacts": "agent_reporting"
-};
-var WEB_USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36";
-async function webSearch(query, maxResults) {
-  const url = `https://html.duckduckgo.com/html/?q=${encodeURIComponent(query)}`;
-  const response = await fetch(url, {
-    headers: {
-      "User-Agent": WEB_USER_AGENT,
-      "Accept": "text/html",
-      "Accept-Language": "nl,en;q=0.9"
-    },
-    redirect: "follow"
-  });
-  if (!response.ok) throw new Error(`Search failed: HTTP ${response.status}`);
-  const html = await response.text();
-  const results = [];
-  const resultBlocks = html.split(/class="result\s/);
-  for (let i = 1; i < resultBlocks.length && results.length < maxResults; i++) {
-    const block = resultBlocks[i];
-    const titleMatch = block.match(/class="result__a"[^>]*>([^<]+)</);
-    const hrefMatch = block.match(/class="result__a"\s+href="([^"]+)"/);
-    const snippetMatch = block.match(/class="result__snippet"[^>]*>([\s\S]*?)<\/a>/);
-    if (!hrefMatch) continue;
-    let href = hrefMatch[1];
-    if (href.includes("uddg=")) {
-      const uddg = new URL(href, "https://duckduckgo.com").searchParams.get("uddg");
-      if (uddg) href = uddg;
-    }
-    if (!href.startsWith("http")) continue;
-    const title = titleMatch ? titleMatch[1].replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&#x27;/g, "'").replace(/&quot;/g, '"').trim() : href;
-    const snippet = snippetMatch ? snippetMatch[1].replace(/<[^>]+>/g, "").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&#x27;/g, "'").replace(/&quot;/g, '"').replace(/\s+/g, " ").trim() : "";
-    results.push({ title, url: href, snippet });
-  }
-  return results;
-}
-var EMAIL_REGEX = /[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}/g;
-var PHONE_NL_REGEX = /(?:\+31|0)[\s\-.]?\(?\d{1,3}\)?[\s\-.]?\d{3,4}[\s\-.]?\d{2,4}/g;
-var LINKEDIN_REGEX = /https?:\/\/(?:www\.)?linkedin\.com\/(?:in|company)\/[a-zA-Z0-9\-_%]+\/?/gi;
-var NOISE_EMAIL_PATTERNS = [
-  /noreply@/i,
-  /no-reply@/i,
-  /mailer-daemon@/i,
-  /postmaster@/i,
-  /@example\./i,
-  /test@/i,
-  /@wix\.com$/i,
-  /@sentry\.io$/i,
-  /@wordpress\./i,
-  /@gravatar\.com$/i,
-  /@schema\.org$/i,
-  /@w3\.org$/i,
-  /@facebook\.com$/i,
-  /@google\.com$/i,
-  /@twitter\.com$/i,
-  /@github\.com$/i,
-  /@cloudflare\./i,
-  /@vercel\./i,
-  /@netlify\./i,
-  /@cookiebot\./i,
-  /@hotjar\./i,
-  /@hubspot\./i,
-  /@mailchimp\./i,
-  /@googleusercontent/i,
-  /@gstatic/i,
-  /@youtube/i,
-  /@recaptcha/i,
-  /@privacy/i,
-  /@cookie/i,
-  /@gdpr/i,
-  /@dynamicweb\./i,
-  /@placeholder\./i,
-  /@yourcompany\./i,
-  /@company\./i,
-  /smith@/i,
-  /doe@/i,
-  /demo@/i,
-  /sample@/i,
-  /naam@/i,
-  /voorbeeld/i,
-  /your-?email/i,
-  /email@/i,
-  /@domein\./i,
-  /@bedrijf\./i,
-  /@domain\./i,
-  /@sentry/i,
-  /@wixpress/i,
-  /@lieferkassen/i,
-  /john@/i,
-  /jane@/i
-];
-var CONTACT_PATH_KEYWORDS = [
-  "contact",
-  "about",
-  "over-ons",
-  "over",
-  "team",
-  "medewerker",
-  "impressum",
-  "imprint",
-  "wie-zijn",
-  "ons-team",
-  "werknemers",
-  "organisatie",
-  "zakelijk",
-  "bedrijfsinfo",
-  "neem-contact",
-  "footer"
-];
-var CONTACT_PATHS_TO_TRY = [
-  "/contact",
-  "/over-ons",
-  "/about",
-  "/about-us",
-  "/team",
-  "/contact-us",
-  "/over",
-  "/wie-zijn-wij",
-  "/ons-team",
-  "/zakelijk/over-ons",
-  "/medewerkers",
-  "/organisatie",
-  "/bedrijfsinformatie",
-  "/impressum"
-];
-function decodeUnicodeEscapes(text) {
-  return text.replace(
-    /\\u([0-9a-fA-F]{4})/g,
-    (_, hex) => String.fromCharCode(parseInt(hex, 16))
-  );
-}
-function decodeHtmlEntities(text) {
-  return text.replace(/&#(\d+);/g, (_, num) => String.fromCharCode(parseInt(num))).replace(
-    /&#x([0-9a-fA-F]+);/g,
-    (_, hex) => String.fromCharCode(parseInt(hex, 16))
-  );
-}
-function extractEmailsFromHtml(html) {
-  const emails = /* @__PURE__ */ new Set();
-  const decoded = decodeHtmlEntities(decodeUnicodeEscapes(html));
-  const mailtoRegex = /mailto:([a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,})/gi;
-  let m;
-  for (const src of [html, decoded]) {
-    while ((m = mailtoRegex.exec(src)) !== null) emails.add(m[1].toLowerCase());
-  }
-  const noStyles = decoded.replace(/<style[\s\S]*?<\/style>/gi, "");
-  const textEmails = noStyles.match(EMAIL_REGEX) || [];
-  for (const e of textEmails) {
-    const lower = e.toLowerCase();
-    if (!/\.(png|jpg|jpeg|gif|svg|webp|css|js|woff|ttf|eot|ico)$/i.test(lower)) {
-      emails.add(lower);
-    }
-  }
-  return [...emails].filter((e) => !NOISE_EMAIL_PATTERNS.some((p) => p.test(e)));
-}
-function extractPhonesFromHtml(html) {
-  const phones = /* @__PURE__ */ new Set();
-  const decoded = decodeHtmlEntities(decodeUnicodeEscapes(html));
-  const telRegex = /href="tel:([^"]+)"/gi;
-  let m;
-  for (const src of [html, decoded]) {
-    while ((m = telRegex.exec(src)) !== null) {
-      const clean = m[1].replace(/[\s\-().]/g, "");
-      if (clean.length >= 10 && clean.length <= 14) phones.add(m[1].trim());
-    }
-  }
-  const stripped = decoded.replace(/<script[\s\S]*?<\/script>/gi, "").replace(/<style[\s\S]*?<\/style>/gi, "").replace(/<[^>]+>/g, " ");
-  const textPhones = stripped.match(PHONE_NL_REGEX) || [];
-  for (const p of textPhones) {
-    const clean = p.replace(/[\s\-().]/g, "");
-    if (clean.length >= 10 && clean.length <= 14) phones.add(p.trim());
-  }
-  return [...phones].slice(0, 10);
-}
-function extractLinkedInFromHtml(html) {
-  const links = /* @__PURE__ */ new Set();
-  const matches = html.match(LINKEDIN_REGEX) || [];
-  for (const l of matches) links.add(l.replace(/\/$/, ""));
-  return [...links];
-}
-function discoverContactPages(html, baseUrl) {
-  let base;
-  try {
-    base = new URL(baseUrl);
-  } catch {
-    return [];
-  }
-  const pages = /* @__PURE__ */ new Set();
-  for (const path of CONTACT_PATHS_TO_TRY) {
-    pages.add(`${base.origin}${path}`);
-  }
-  const linkRegex = /<a\s[^>]*href="([^"#]*)"[^>]*>/gi;
-  let m;
-  while ((m = linkRegex.exec(html)) !== null) {
-    try {
-      const url = new URL(m[1], baseUrl);
-      if (url.hostname !== base.hostname) continue;
-      const path = url.pathname.toLowerCase();
-      if (CONTACT_PATH_KEYWORDS.some((kw) => path.includes(kw))) {
-        pages.add(url.origin + url.pathname);
-      }
-    } catch {
-    }
-  }
-  pages.delete(base.origin + base.pathname);
-  return [...pages].slice(0, 10);
-}
-function guessCommonEmails(domain) {
-  const d = domain.replace(/^www\./, "");
-  return [`info@${d}`, `contact@${d}`, `hello@${d}`, `administratie@${d}`, `verkoop@${d}`];
-}
-var BOT_CHALLENGE_INDICATORS = [
-  "sgcaptcha",
-  "challenge-platform",
-  "cf-browser-verification",
-  "Just a moment",
-  "Checking your browser",
-  "Enable JavaScript and cookies",
-  "Attention Required",
-  "DDoS protection by"
-];
-function isBotChallengePage(html) {
-  if (html.length > 2e3) return false;
-  const lower = html.toLowerCase();
-  return BOT_CHALLENGE_INDICATORS.some((ind) => lower.includes(ind.toLowerCase()));
-}
-async function fetchRawHtml(url, timeoutMs = 1e4) {
-  const controller = new AbortController();
-  const timer = setTimeout(() => controller.abort(), timeoutMs);
-  try {
-    const res = await fetch(url, {
-      headers: {
-        "User-Agent": WEB_USER_AGENT,
-        "Accept": "text/html,application/xhtml+xml",
-        "Accept-Language": "nl,en;q=0.9"
-      },
-      redirect: "follow",
-      signal: controller.signal
-    });
-    const ct = res.headers.get("content-type") || "";
-    if (!ct.includes("text/html") && !ct.includes("text/plain") && !ct.includes("xhtml")) return null;
-    if (!res.ok && res.status !== 403) return null;
-    const html = await res.text();
-    if (isBotChallengePage(html)) return null;
-    return html;
-  } catch {
-    return null;
-  } finally {
-    clearTimeout(timer);
-  }
-}
-async function fetchWaybackHtml(url, timeoutMs = 15e3) {
-  const cleanUrl = url.replace(/^https?:\/\//, "");
-  const wbUrl = `https://web.archive.org/web/2024/${cleanUrl}`;
-  const controller = new AbortController();
-  const timer = setTimeout(() => controller.abort(), timeoutMs);
-  try {
-    const res = await fetch(wbUrl, {
-      headers: { "User-Agent": WEB_USER_AGENT },
-      redirect: "follow",
-      signal: controller.signal
-    });
-    if (!res.ok) return null;
-    const html = await res.text();
-    if (html.length < 500) return null;
-    return html;
-  } catch {
-    return null;
-  } finally {
-    clearTimeout(timer);
-  }
-}
-async function webFetch(url, extractLinks) {
-  const controller = new AbortController();
-  const timeout = setTimeout(() => controller.abort(), 15e3);
-  try {
-    const response = await fetch(url, {
-      headers: {
-        "User-Agent": WEB_USER_AGENT,
-        "Accept": "text/html,application/xhtml+xml",
-        "Accept-Language": "nl,en;q=0.9"
-      },
-      redirect: "follow",
-      signal: controller.signal
-    });
-    if (!response.ok) throw new Error(`Fetch failed: HTTP ${response.status}`);
-    const contentType = response.headers.get("content-type") || "";
-    if (!contentType.includes("text/html") && !contentType.includes("text/plain") && !contentType.includes("application/xhtml")) {
-      throw new Error(`Unsupported content type: ${contentType}. Only HTML/text pages supported.`);
-    }
-    const html = await response.text();
-    const links = [];
-    if (extractLinks) {
-      const linkRegex = /<a\s[^>]*href="([^"]*)"[^>]*>([\s\S]*?)<\/a>/gi;
-      let match;
-      while ((match = linkRegex.exec(html)) !== null) {
-        const href = match[1];
-        const text2 = match[2].replace(/<[^>]+>/g, "").trim();
-        if (href && href.startsWith("http")) {
-          links.push({ href, text: text2.slice(0, 100) });
-        }
-      }
-    }
-    let text = html.replace(/<script[\s\S]*?<\/script>/gi, "").replace(/<style[\s\S]*?<\/style>/gi, "").replace(/<noscript[\s\S]*?<\/noscript>/gi, "").replace(/<nav[\s\S]*?<\/nav>/gi, " [NAV] ").replace(/<header[\s\S]*?<\/header>/gi, " [HEADER] ").replace(/<footer[\s\S]*?<\/footer>/gi, " [FOOTER] ").replace(/<(br|hr)\s*\/?>/gi, "\n").replace(/<\/(p|div|h[1-6]|li|tr|section|article)>/gi, "\n").replace(/<[^>]+>/g, " ").replace(/&nbsp;/g, " ").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&#x27;/g, "'").replace(/&quot;/g, '"').replace(/[ \t]+/g, " ").replace(/\n\s*\n/g, "\n").trim();
-    const MAX_TEXT = 15e3;
-    if (text.length > MAX_TEXT) {
-      text = text.slice(0, MAX_TEXT) + "\n\n[... truncated at 15000 chars ...]";
-    }
-    return { text, rawHtml: html, links };
-  } finally {
-    clearTimeout(timeout);
-  }
-}
-async function handleAgentTool(name, args2) {
-  switch (name) {
-    case "web-search": {
-      const query = sanitizeString(args2.query, 500);
-      if (!query) throw new Error("query is required");
-      const maxResults = clamp(Number(args2.max_results) || 15, 1, 30);
-      const results = await webSearch(query, maxResults);
-      if (results.length === 0) {
-        return { content: [{ type: "text", text: `No search results found for: "${query}"` }] };
-      }
-      const formatted = results.map(
-        (r, i) => `${i + 1}. ${r.title}
-   URL: ${r.url}
-   ${r.snippet}`
-      ).join("\n\n");
-      return {
-        content: [{
-          type: "text",
-          text: `Search results for "${query}" (${results.length} results):
-${formatted}`
-        }]
-      };
-    }
-    case "web-fetch": {
-      const url = sanitizeString(args2.url, 2e3);
-      if (!url) throw new Error("url is required");
-      if (!/^https?:\/\//i.test(url)) throw new Error("url must start with http:// or https://");
-      const extractLinks = Boolean(args2.extract_links);
-      const result = await webFetch(url, extractLinks);
-      let text = `Content from ${url} (${result.text.length} chars):
-${result.text}`;
-      if (extractLinks && result.links.length > 0) {
-        const linkList = result.links.slice(0, 50).map(
-          (l) => `  ${l.text ? l.text + ": " : ""}${l.href}`
-        ).join("\n");
-        text += `
---- Links (${result.links.length} found, showing max 50) ---
-${linkList}`;
-      }
-      const pageEmails = extractEmailsFromHtml(result.rawHtml);
-      const pagePhones = extractPhonesFromHtml(result.rawHtml);
-      const pageLinkedIn = extractLinkedInFromHtml(result.rawHtml);
-      if (pageEmails.length > 0 || pagePhones.length > 0 || pageLinkedIn.length > 0) {
-        text += "\n\n--- Auto-extracted Contact Info ---";
-        if (pageEmails.length > 0) text += `
-Emails: ${pageEmails.join(", ")}`;
-        if (pagePhones.length > 0) text += `
-Phones: ${pagePhones.join(", ")}`;
-        if (pageLinkedIn.length > 0) text += `
-LinkedIn: ${pageLinkedIn.join(", ")}`;
-      }
-      return { content: [{ type: "text", text }] };
-    }
-    case "web-find-contacts": {
-      const inputUrl = sanitizeString(args2.url, 2e3);
-      if (!inputUrl) throw new Error("url is required");
-      const companyName = sanitizeString(args2.company_name, 500);
-      const includeSearch = args2.include_search !== false;
-      const fullUrl = inputUrl.startsWith("http") ? inputUrl : `https://${inputUrl}`;
-      let baseUrl;
-      try {
-        baseUrl = new URL(fullUrl);
-      } catch {
-        throw new Error(`Invalid URL: ${inputUrl}`);
-      }
-      const domain = baseUrl.hostname.replace(/^www\./, "");
-      const urlsToTry = [fullUrl];
-      if (!fullUrl.includes("www.")) urlsToTry.push(fullUrl.replace("://", "://www."));
-      if (fullUrl.startsWith("https")) {
-        urlsToTry.push(fullUrl.replace("https", "http"));
-        if (!fullUrl.includes("www.")) urlsToTry.push(fullUrl.replace("https://", "http://www."));
-      }
-      let html = null;
-      let usedWayback = false;
-      for (const tryUrl of urlsToTry) {
-        html = await fetchRawHtml(tryUrl, 12e3);
-        if (html) break;
-      }
-      if (!html) {
-        html = await fetchWaybackHtml(`https://${domain}`, 15e3);
-        if (html) usedWayback = true;
-      }
-      if (!html) throw new Error(`Could not fetch ${fullUrl} (site may be down or blocking)`);
-      const contactPages = usedWayback ? [] : discoverContactPages(html, fullUrl);
-      const pagePromises = contactPages.map(async (pageUrl) => {
-        const pageHtml = await fetchRawHtml(pageUrl, 8e3);
-        return { url: pageUrl, html: pageHtml };
-      });
-      const pageResults = await Promise.allSettled(pagePromises);
-      const successPages = [usedWayback ? `(wayback) ${domain}` : fullUrl];
-      const allHtmls = [html];
-      for (const result of pageResults) {
-        if (result.status === "fulfilled" && result.value.html) {
-          allHtmls.push(result.value.html);
-          successPages.push(result.value.url);
-        }
-      }
-      if (usedWayback) {
-        const waybackContactPaths = ["/contact", "/over-ons", "/about", "/team"];
-        const wbPromises = waybackContactPaths.map(async (path) => {
-          const wbHtml = await fetchWaybackHtml(`https://${domain}${path}`, 12e3);
-          return { path, html: wbHtml };
-        });
-        const wbResults = await Promise.allSettled(wbPromises);
-        for (const wr of wbResults) {
-          if (wr.status === "fulfilled" && wr.value.html) {
-            allHtmls.push(wr.value.html);
-            successPages.push(`(wayback) ${domain}${wr.value.path}`);
-          }
-        }
-      }
-      const allEmails = /* @__PURE__ */ new Set();
-      const allPhones = /* @__PURE__ */ new Set();
-      const allLinkedIn = /* @__PURE__ */ new Set();
-      for (const pageHtml of allHtmls) {
-        for (const e of extractEmailsFromHtml(pageHtml)) allEmails.add(e);
-        for (const p of extractPhonesFromHtml(pageHtml)) allPhones.add(p);
-        for (const l of extractLinkedInFromHtml(pageHtml)) allLinkedIn.add(l);
-      }
-      let searchNote = "";
-      if (includeSearch) {
-        try {
-          const queries = companyName ? [`"${companyName}" "${domain}" email`, `"@${domain}" email`] : [`"${domain}" email contact`, `"@${domain}" email`, `site:${domain} "@"`];
-          let totalSearchResults = 0;
-          for (const searchQuery of queries) {
-            const searchResults = await webSearch(searchQuery, 8);
-            totalSearchResults += searchResults.length;
-            for (const r of searchResults) {
-              const combined = `${r.title} ${r.snippet}`;
-              const decoded = decodeHtmlEntities(decodeUnicodeEscapes(combined));
-              const snippetEmails = decoded.match(EMAIL_REGEX) || [];
-              for (const e of snippetEmails) {
-                const lower = e.toLowerCase();
-                const domainBase = domain.split(".")[0] ?? domain;
-                if (lower.includes(domainBase) && !NOISE_EMAIL_PATTERNS.some((p) => p.test(lower))) {
-                  allEmails.add(lower);
-                }
-              }
-              const snippetPhones = decoded.match(PHONE_NL_REGEX) || [];
-              for (const p of snippetPhones) {
-                const clean = p.replace(/[\s\-().]/g, "");
-                if (clean.length >= 10 && clean.length <= 14) allPhones.add(p.trim());
-              }
-              const snippetLi = decoded.match(LINKEDIN_REGEX) || [];
-              for (const l of snippetLi) allLinkedIn.add(l.replace(/\/$/, ""));
-            }
-            if (allEmails.size > 0) break;
-          }
-          searchNote = ` + ${totalSearchResults} search results`;
-        } catch {
-          searchNote = " (search failed)";
-        }
-      }
-      const foundEmails = [...allEmails];
-      const generalPatterns = /^(info|contact|hello|admin|office|receptie|secretariaat|verkoop|administratie|support|service|boekingen|reserveringen)@/i;
-      const generalEmails = foundEmails.filter((e) => generalPatterns.test(e));
-      const personalEmails = foundEmails.filter((e) => !generalPatterns.test(e));
-      const guessed = guessCommonEmails(domain);
-      const newGuesses = guessed.filter((g) => !allEmails.has(g));
-      const lines = [
-        `=== CONTACT SCAN: ${domain} ===`,
-        `Pages scanned: ${successPages.length}${searchNote}`,
-        ""
-      ];
-      if (foundEmails.length > 0) {
-        lines.push(`EMAILS FOUND (${foundEmails.length}):`);
-        if (generalEmails.length > 0) {
-          lines.push("  General:");
-          for (const e of generalEmails) lines.push(`    * ${e}`);
-        }
-        if (personalEmails.length > 0) {
-          lines.push("  Personal/Department:");
-          for (const e of personalEmails) lines.push(`    * ${e}`);
-        }
-      } else {
-        lines.push("EMAILS FOUND: None on website");
-        lines.push("SUGGESTED EMAILS (common patterns, verify before use):");
-        for (const e of newGuesses) lines.push(`    ? ${e}`);
-      }
-      lines.push("");
-      if ([...allPhones].length > 0) {
-        lines.push(`PHONE NUMBERS (${allPhones.size}):`);
-        for (const p of allPhones) lines.push(`    ${p}`);
-      } else {
-        lines.push("PHONE NUMBERS: None found");
-      }
-      lines.push("");
-      if ([...allLinkedIn].length > 0) {
-        lines.push(`LINKEDIN (${allLinkedIn.size}):`);
-        for (const l of allLinkedIn) lines.push(`    ${l}`);
-      }
-      lines.push("", "PAGES CHECKED:");
-      for (const p of successPages) lines.push(`  [OK] ${p}`);
-      const failedPages = contactPages.filter((p) => !successPages.includes(p));
-      for (const p of failedPages) lines.push(`  [--] ${p}`);
-      return { content: [{ type: "text", text: lines.join("\n") }] };
-    }
-    default:
-      return { content: [{ type: "text", text: `Unknown tool: ${name}` }] };
-  }
-}
 // src/vercel-tools.ts
 var VERCEL_API = "https://api.vercel.com";
 var VERCEL_TOOLS = [
@@ -1245,6 +684,41 @@ var VERCEL_TOOLS = [
       required: ["project"]
     }
   },
+  {
+    name: "vercel-domains",
+    description: 'Manage domains attached to a Vercel project. Use `action` to pick the operation:\n- "list" (default): list all domains attached to the project, including verification status and any redirect.\n- "add": attach a new domain to the project. Returns DNS records to set if the domain is not yet verified.\n- "verify": re-check verification status and surface required CNAME / A / TXT records if misconfigured.\n- "remove": detach a domain from the project.\nPick the project via vercel-projects first.',
+    inputSchema: {
+      type: "object",
+      properties: {
+        action: {
+          type: "string",
+          enum: ["list", "add", "remove", "verify"],
+          description: "Which operation to perform (default: list)."
+        },
+        project: {
+          type: "string",
+          description: "Vercel project ID or name (from vercel-projects)."
+        },
+        domain: {
+          type: "string",
+          description: 'Domain name (required for action="add", "remove", or "verify").'
+        },
+        gitBranch: {
+          type: "string",
+          description: 'Optional git branch this domain should deploy from (action="add" only).'
+        },
+        redirect: {
+          type: "string",
+          description: 'Optional redirect target domain (action="add" only).'
+        },
+        redirectStatusCode: {
+          type: "number",
+          description: 'Optional redirect status code, e.g. 301 / 302 / 307 / 308 (action="add" only).'
+        }
+      },
+      required: ["project"]
+    }
+  },
   {
     name: "vercel-logs",
     description: 'Unified log inspector for Vercel. Use `kind` to pick the source:\n- "build" (default): build / deployment console events (stdout, stderr, command, exit). Requires deploymentId.\n- "runtime": runtime / function logs after a successful build. Requires project + deploymentId.\n- "webhooks": our own vercel_webhook_logs table (Telegram / push delivery history). No deployment needed.\nPick deployments via vercel-deployments first.',
@@ -1274,7 +748,7 @@ var VERCEL_TOOLS = [
         },
         sinceMinutes: {
           type: "number",
-          description: 'Time window in minutes (kind="runtime" only, default 60, max 7 days).'
+          description: `Time window in minutes (kind="runtime" only, max 7 days). When omitted, the tool auto-detects the deployment's created timestamp and queries from there with a 5-minute buffer \u2014 so you don't miss logs by picking a too-small window.`
         },
         limit: {
           type: "number",
@@ -1288,11 +762,14 @@ var VERCEL_TOOL_NAMES = new Set(VERCEL_TOOLS.map((t) => t.name));
 var VERCEL_TOOL_MODULE_MAP = {
   "vercel-projects": "ci_cd",
   "vercel-deployments": "ci_cd",
-  "vercel-logs": "ci_cd"
+  "vercel-logs": "ci_cd",
+  "vercel-domains": "ci_cd"
 };
-async function vercelFetch(token, path) {
+async function vercelFetch(token, path, init) {
   const res = await fetch(`${VERCEL_API}${path}`, {
-    headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json" }
+    method: init?.method ?? "GET",
+    headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json" },
+    body: init?.body !== void 0 ? JSON.stringify(init.body) : void 0
   });
   const body = await res.text();
   let parsed = null;
@@ -1376,6 +853,14 @@ async function getDeploymentBuildEvents(token, deploymentId, limit) {
   }
   return { events, error: null };
 }
+async function getDeploymentCreatedMs(token, deploymentId) {
+  const res = await vercelFetch(
+    token,
+    `/v13/deployments/${encodeURIComponent(deploymentId)}`
+  );
+  if (res.error || !res.data) return null;
+  return res.data.createdAt ?? res.data.created ?? null;
+}
 async function getRuntimeLogs(token, projectIdOrName, deploymentId, limit, sinceMs) {
   const params = new URLSearchParams({
     limit: String(Math.min(Math.max(limit, 1), 1e3))
@@ -1416,6 +901,47 @@ async function getRuntimeLogs(token, projectIdOrName, deploymentId, limit, since
   }
   return { logs, error: null };
 }
+async function listProjectDomains(token, projectId) {
+  const res = await vercelFetch(
+    token,
+    `/v9/projects/${encodeURIComponent(projectId)}/domains?limit=100`
+  );
+  if (res.error) return { domains: [], error: res.error };
+  return { domains: res.data?.domains ?? [], error: null };
+}
+async function addProjectDomain(token, projectId, body) {
+  const res = await vercelFetch(
+    token,
+    `/v10/projects/${encodeURIComponent(projectId)}/domains`,
+    { method: "POST", body }
+  );
+  if (res.error) return { domain: null, error: res.error };
+  return { domain: res.data, error: null };
+}
+async function removeProjectDomain(token, projectId, domain) {
+  const res = await vercelFetch(
+    token,
+    `/v9/projects/${encodeURIComponent(projectId)}/domains/${encodeURIComponent(domain)}`,
+    { method: "DELETE" }
+  );
+  return { error: res.error };
+}
+async function getProjectDomain(token, projectId, domain) {
+  const res = await vercelFetch(
+    token,
+    `/v9/projects/${encodeURIComponent(projectId)}/domains/${encodeURIComponent(domain)}`
+  );
+  if (res.error) return { domain: null, error: res.error };
+  return { domain: res.data, error: null };
+}
+async function getDomainConfig(token, domain) {
+  const res = await vercelFetch(
+    token,
+    `/v6/domains/${encodeURIComponent(domain)}/config`
+  );
+  if (res.error) return { config: null, error: res.error };
+  return { config: res.data, error: null };
+}
 async function getVercelToken(deps) {
   const { data, error } = await deps.supabase.from("app_setting").select("vercel_token_encrypted").maybeSingle();
   if (error) throw new Error(`Could not read app_setting: ${error.message}`);
@@ -1511,6 +1037,42 @@ function formatWebhookHistory(rows) {
 ${"-".repeat(header.length)}
 ${lines.join("\n")}`;
 }
+function formatDomainsTable(domains) {
+  if (domains.length === 0) return "No domains attached to this project";
+  const lines = domains.map((d) => {
+    const verified = d.verified ? "yes" : "no";
+    const branch = d.gitBranch ?? "";
+    const redirect = d.redirect ? `${d.redirect}${d.redirectStatusCode ? ` (${d.redirectStatusCode})` : ""}` : "";
+    return `${d.name.padEnd(45)}  ${verified.padEnd(9)}  ${branch.padEnd(20)}  ${redirect.padEnd(35)}  ${formatTimestamp(d.createdAt)}`;
+  });
+  const header = `${"DOMAIN".padEnd(45)}  ${"VERIFIED".padEnd(9)}  ${"GIT BRANCH".padEnd(20)}  ${"REDIRECT".padEnd(35)}  CREATED`;
+  return `${header}
+${"-".repeat(header.length)}
+${lines.join("\n")}`;
+}
+function formatDomainStatus(domain, config) {
+  const lines = [];
+  lines.push(`Domain: ${domain.name}`);
+  lines.push(`Verified: ${domain.verified ? "yes" : "no"}`);
+  if (config) {
+    lines.push(`Misconfigured: ${config.misconfigured ? "yes" : "no"}`);
+    if (config.configuredBy) lines.push(`Configured by: ${config.configuredBy}`);
+  }
+  if (domain.gitBranch) lines.push(`Git branch: ${domain.gitBranch}`);
+  if (domain.redirect) {
+    lines.push(
+      `Redirect: ${domain.redirect}${domain.redirectStatusCode ? ` (${domain.redirectStatusCode})` : ""}`
+    );
+  }
+  if (domain.verification && domain.verification.length > 0) {
+    lines.push("");
+    lines.push("Required DNS records to verify ownership:");
+    for (const v of domain.verification) {
+      lines.push(`  ${v.type.padEnd(6)} ${v.domain.padEnd(45)} ${v.value}${v.reason ? `  // ${v.reason}` : ""}`);
+    }
+  }
+  return lines.join("\n");
+}
 async function handleVercelTool(name, args2, deps) {
   switch (name) {
     case "vercel-projects": {
@@ -1561,9 +1123,33 @@ async function handleVercelTool(name, args2, deps) {
         const projectInput = String(args2.project);
         const deploymentId = String(args2.deploymentId);
         const limit = Math.min(Math.max(Number(args2.limit) || 200, 1), 1e3);
-        const sinceMinutes = Math.min(Math.max(Number(args2.sinceMinutes) || 60, 1), 7 * 24 * 60);
-        const sinceMs = Date.now() - sinceMinutes * 6e4;
-        const projectId = await resolveProjectId(token, projectInput);
+        const sinceMinutesRaw = Number(args2.sinceMinutes);
+        const sinceExplicit = Number.isFinite(sinceMinutesRaw) && sinceMinutesRaw > 0;
+        const [projectId, deploymentCreatedMs] = await Promise.all([
+          resolveProjectId(token, projectInput),
+          sinceExplicit ? Promise.resolve(null) : getDeploymentCreatedMs(token, deploymentId)
+        ]);
+        const maxWindowMin = 7 * 24 * 60;
+        let sinceMs;
+        let windowNote = "";
+        if (sinceExplicit) {
+          const capped = Math.min(sinceMinutesRaw, maxWindowMin);
+          sinceMs = Date.now() - capped * 6e4;
+          windowNote = `window: last ${capped} min (caller-specified)`;
+        } else if (deploymentCreatedMs) {
+          const bufferMs = 5 * 6e4;
+          sinceMs = deploymentCreatedMs - bufferMs;
+          const ageMin = Math.max(1, Math.round((Date.now() - sinceMs) / 6e4));
+          if (ageMin > maxWindowMin) {
+            sinceMs = Date.now() - maxWindowMin * 6e4;
+            windowNote = `window: capped to ${maxWindowMin} min (deployment is older than 7 days)`;
+          } else {
+            windowNote = `window: auto ${ageMin} min from deployment createdAt - 5 min buffer`;
+          }
+        } else {
+          sinceMs = Date.now() - 60 * 6e4;
+          windowNote = "window: last 60 min (deployment metadata unavailable, used fallback)";
+        }
         const { logs, error } = await getRuntimeLogs(
           token,
           projectId,
@@ -1575,7 +1161,10 @@ async function handleVercelTool(name, args2, deps) {
           const hint = error.includes("404") || error.includes("400") ? '\n\nThis endpoint requires both project ID and deployment ID and may not be available on every Vercel plan. Use kind="webhooks" or the supabase MCP (vercel_deployment_log table) for archived runtime logs.' : "";
           return { content: [{ type: "text", text: `Error: ${error}${hint}` }] };
         }
-        return { content: [{ type: "text", text: formatRuntimeLogs(logs) }] };
+        const text = `${formatRuntimeLogs(logs)}
+[${windowNote}]`;
+        return { content: [{ type: "text", text }] };
       }
       if (kind === "webhooks") {
         const limit = Math.min(Math.max(Number(args2.limit) || 25, 1), 200);
@@ -1596,6 +1185,67 @@ async function handleVercelTool(name, args2, deps) {
         ]
       };
     }
+    case "vercel-domains": {
+      const action = (args2.action ? String(args2.action) : "list").toLowerCase();
+      if (!args2.project) {
+        return { content: [{ type: "text", text: 'Error: vercel-domains requires "project".' }] };
+      }
+      const token = await getVercelToken(deps);
+      const projectInput = String(args2.project);
+      const projectId = await resolveProjectId(token, projectInput);
+      if (action === "list") {
+        const { domains, error } = await listProjectDomains(token, projectId);
+        if (error) return { content: [{ type: "text", text: `Error: ${error}` }] };
+        return { content: [{ type: "text", text: formatDomainsTable(domains) }] };
+      }
+      if (action === "add") {
+        if (!args2.domain) {
+          return { content: [{ type: "text", text: 'Error: action="add" requires "domain".' }] };
+        }
+        const body = { name: String(args2.domain) };
+        if (args2.gitBranch) body.gitBranch = String(args2.gitBranch);
+        if (args2.redirect) body.redirect = String(args2.redirect);
+        if (args2.redirectStatusCode) body.redirectStatusCode = Number(args2.redirectStatusCode);
+        const { domain, error } = await addProjectDomain(token, projectId, body);
+        if (error) return { content: [{ type: "text", text: `Error: ${error}` }] };
+        if (!domain) {
+          return { content: [{ type: "text", text: `Domain ${body.name} added (no detail returned).` }] };
+        }
+        const { config } = await getDomainConfig(token, domain.name);
+        const status = formatDomainStatus(domain, config);
+        const headline = domain.verified ? `Domain ${domain.name} added and verified.` : `Domain ${domain.name} added. DNS verification still pending.`;
+        return { content: [{ type: "text", text: `${headline}
+${status}` }] };
+      }
+      if (action === "verify") {
+        if (!args2.domain) {
+          return { content: [{ type: "text", text: 'Error: action="verify" requires "domain".' }] };
+        }
+        const domainName = String(args2.domain);
+        const { domain, error } = await getProjectDomain(token, projectId, domainName);
+        if (error) return { content: [{ type: "text", text: `Error: ${error}` }] };
+        if (!domain) {
+          return { content: [{ type: "text", text: `Domain ${domainName} not found on this project.` }] };
+        }
+        const { config } = await getDomainConfig(token, domainName);
+        return { content: [{ type: "text", text: formatDomainStatus(domain, config) }] };
+      }
+      if (action === "remove") {
+        if (!args2.domain) {
+          return { content: [{ type: "text", text: 'Error: action="remove" requires "domain".' }] };
+        }
+        const domainName = String(args2.domain);
+        const { error } = await removeProjectDomain(token, projectId, domainName);
+        if (error) return { content: [{ type: "text", text: `Error: ${error}` }] };
+        return { content: [{ type: "text", text: `Domain ${domainName} removed from project.` }] };
+      }
+      return {
+        content: [
+          { type: "text", text: `Error: unknown action "${action}". Use list, add, verify, or remove.` }
+        ]
+      };
+    }
     default:
       return { content: [{ type: "text", text: `Unknown vercel tool: ${name}` }] };
   }
@@ -1711,8 +1361,7 @@ var MODULE_KEYS = [
   "wiki",
   "ci_cd",
   "domains",
-  "settings",
-  "agent_reporting"
+  "settings"
 ];
 var FULL_PERMISSIONS = {
   modules: Object.fromEntries(MODULE_KEYS.map((k) => [k, true])),
@@ -1763,7 +1412,6 @@ var TOOL_MODULE_MAP = {
   "wait-for": "ssh_servers",
   "db-discover": "ssh_servers",
   "db-tables": "ssh_servers",
-  "db-describe": "ssh_servers",
   "db-query": "ssh_servers",
   "cache-purge": "ssh_servers",
   "env-list": "ci_cd",
@@ -1775,7 +1423,6 @@ var TOOL_MODULE_MAP = {
   "dns-update": "domains",
   "dns-delete": "domains",
   ...TRIGGER_TOOL_MODULE_MAP,
-  ...AGENT_TOOL_MODULE_MAP,
   ...VERCEL_TOOL_MODULE_MAP
 };
 var authContext = null;
@@ -3724,6 +3371,42 @@ var BLOCKED_SQL_PATTERNS = [
   /\bALTER\s+TABLE\s+\w+\s+DROP\b/i,
   /\bDELETE\s+FROM\s+\w+\s*$/i
 ];
+function buildDescribeSql(target, engine) {
+  if (target === "*" || target === "") {
+    if (engine === "postgres") {
+      return "SELECT schemaname, tablename FROM pg_tables WHERE schemaname NOT IN ('pg_catalog','information_schema') ORDER BY schemaname, tablename";
+    }
+    if (engine === "mssql") {
+      return "SELECT TABLE_SCHEMA, TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE='BASE TABLE' ORDER BY TABLE_SCHEMA, TABLE_NAME";
+    }
+    return "SHOW TABLES";
+  }
+  const safe = target.replace(/[^a-zA-Z0-9_]/g, "");
+  if (!safe) throw new Error(`Invalid describe target: ${target}`);
+  if (engine === "postgres") {
+    return `SELECT column_name, data_type, is_nullable, column_default FROM information_schema.columns WHERE table_name='${safe}' ORDER BY ordinal_position;
+SELECT indexname, indexdef FROM pg_indexes WHERE tablename='${safe}'`;
+  }
+  if (engine === "mssql") {
+    return `EXEC sp_help '${safe}'`;
+  }
+  return `DESCRIBE \`${safe}\`; SHOW INDEX FROM \`${safe}\``;
+}
+function formatDbQueryFooter(output, appliedLimit, maxRows, explainMode) {
+  if (explainMode) {
+    return "\n\n[explain] Plan returned, no rows executed.";
+  }
+  if (!appliedLimit) return "";
+  const rows = output.split("\n").filter((l) => l.trim() && !/^\s*[-+|]/.test(l)).length;
+  if (rows > maxRows) {
+    return `
+[truncated] auto-LIMIT ${maxRows} hit \u2014 more rows available. Refine WHERE / ORDER BY or raise maxRows (max 10000).`;
+  }
+  return `
+[ok] returned ${rows} row(s), under auto-LIMIT ${maxRows}.`;
+}
 function assertSafeSql(query) {
   const trimmed = query.trim();
   for (const pattern of BLOCKED_SQL_PATTERNS) {
@@ -3795,6 +3478,36 @@ function requireMijnhostApiKey() {
   }
   return mijnhostApiKey;
 }
+function formatDnsDiff(domain, before, after, change) {
+  const fmt = (r) => `${r.type.padEnd(6)} ${r.name.padEnd(30)} ttl=${String(r.ttl).padEnd(5)} ${r.value}`;
+  const lines = [];
+  lines.push(`[dryRun] ${change.verb.toUpperCase()} on ${domain} \u2014 no changes applied.`);
+  lines.push(`Records before: ${before.length}  \u2192  after: ${after.length}`);
+  if (change.removed?.length) {
+    lines.push("", "REMOVED:");
+    for (const r of change.removed) lines.push(`  - ${fmt(r)}`);
+  }
+  if (change.added?.length) {
+    lines.push("", "ADDED:");
+    for (const r of change.added) lines.push(`  + ${fmt(r)}`);
+  }
+  const sensitive = [
+    ...change.added ?? [],
+    ...change.removed ?? []
+  ].filter((r) => {
+    if (r.type === "MX") return true;
+    if (r.type === "TXT") {
+      const v = r.value.toLowerCase();
+      return v.includes("v=spf1") || v.includes("v=dmarc1") || v.includes("_domainkey") || r.name.toLowerCase().includes("_domainkey");
+    }
+    return false;
+  });
+  if (sensitive.length > 0) {
+    lines.push("", "! WARNING: touches mail-auth records (MX / SPF / DMARC / DKIM). Double-check before re-running without dryRun.");
+  }
+  lines.push("", "Re-run without `dryRun: true` to apply.");
+  return lines.join("\n");
+}
 async function mijnhostFetch(path, options = {}) {
   const key = requireMijnhostApiKey();
   const res = await fetch(`${MIJNHOST_BASE_URL}${path}`, {
@@ -4035,35 +3748,25 @@ var TOOLS = [
       required: ["serverId", "sitePath"]
     }
   },
-  {
-    name: "db-describe",
-    description: "Show the structure of a database table (columns, types, keys, defaults). Credentials are auto-discovered from site config files.",
-    inputSchema: {
-      type: "object",
-      properties: {
-        serverId: { type: "string", description: "UUID of the SSH server" },
-        sitePath: { type: "string", description: "Site root path (e.g. /var/www/example.com)" },
-        table: { type: "string", description: "Table name" }
-      },
-      required: ["serverId", "sitePath", "table"]
-    }
-  },
   {
     name: "db-query",
-    description: 'Execute a SQL query against any database. Two routing modes:\n- MySQL via `/var/www` autodiscover (default): pass `sitePath` (and `engine: "mysql"` implicitly). Credentials are read from wp-config.php, parameters.php, .env. Same behaviour as before.\n- Direct via Docker container: pass `containerName` (the container running the DB server). Engine defaults to `postgres`; pass `engine: "mysql"` or `"mssql"` to override. The query is piped via stdin so quotes / `$` / `;` are never re-interpreted.\n\nPostgres example: `{ serverId, containerName: "supabase-db", engine: "postgres", dbName: "main", dbUser: "postgres", query: "SELECT 1" }`. Defaults: dbUser=postgres, dbName=postgres.\nMSSQL example: `{ serverId, containerName: "mssql-1", engine: "mssql", dbUser: "sa", dbPass: "...", query: "SELECT 1" }`.\n\nDestructive operations (DROP, TRUNCATE, etc.) are blocked.',
+    description: 'Execute a SQL query against any database. Two routing modes:\n- MySQL via `/var/www` autodiscover (default): pass `sitePath` (and `engine: "mysql"` implicitly). Credentials are read from wp-config.php, parameters.php, .env. Same behaviour as before.\n- Direct via Docker container: pass `containerName` (the container running the DB server). Engine defaults to `postgres`; pass `engine: "mysql"` or `"mssql"` to override. The query is piped via stdin so quotes / `$` / `;` are never re-interpreted.\n\nPostgres example: `{ serverId, containerName: "supabase-db", engine: "postgres", dbName: "main", dbUser: "postgres", query: "SELECT 1" }`. Defaults: dbUser=postgres, dbName=postgres.\nMSSQL example: `{ serverId, containerName: "mssql-1", engine: "mssql", dbUser: "sa", dbPass: "...", query: "SELECT 1" }`.\n\nResult safety: `maxRows` (default 1000, max 10000) auto-injects a `LIMIT` for SELECT queries that don\'t have one, so unbounded scans never blow up the token budget. The footer reports whether the cap was applied. Pass `maxRows: 0` to disable.\n\nDiagnostics: `explain: true` prepends EXPLAIN (postgres / mysql) or runs `SET SHOWPLAN_TEXT ON` (mssql) so you can inspect the query plan without rewriting the query.\n\nSchema introspection: pass `describe: "tablename"` to get columns + indexes (replaces the old db-describe tool, works for mysql, postgres, and mssql). Pass `describe: "*"` to list all tables in the current database. When `describe` is set, `query` is ignored.\n\nDestructive operations (DROP, TRUNCATE, etc.) are blocked.',
     inputSchema: {
       type: "object",
       properties: {
         serverId: { type: "string", description: "UUID of the SSH server" },
-        query: { type: "string", description: "SQL query to execute" },
+        query: { type: "string", description: "SQL query to execute (ignored when describe is set)" },
+        describe: { type: "string", description: 'Schema introspection shortcut. Pass a table name for columns + indexes, or "*" to list all tables. Works for mysql / postgres / mssql.' },
         sitePath: { type: "string", description: "Site root path (e.g. /var/www/example.com). Used only with engine=mysql autodiscover." },
         containerName: { type: "string", description: 'Docker container running the DB server (e.g. "supabase-db", "trigger-postgres"). Activates direct-query mode.' },
         engine: { type: "string", enum: ["mysql", "postgres", "mssql"], description: 'DB engine. Defaults to "mysql" with sitePath, "postgres" with containerName.' },
         dbName: { type: "string", description: 'Database name (containerName mode). Defaults: postgres \u2192 "postgres", mysql \u2192 server default, mssql \u2192 server default.' },
         dbUser: { type: "string", description: 'Database user (containerName mode). Defaults: postgres \u2192 "postgres", mysql \u2192 "root", mssql \u2192 "sa".' },
-        dbPass: { type: "string", description: "Database password (containerName mode). Required for mssql; optional for mysql; postgres uses trust auth by default." }
+        dbPass: { type: "string", description: "Database password (containerName mode). Required for mssql; optional for mysql; postgres uses trust auth by default." },
+        maxRows: { type: "number", description: "Auto-inject LIMIT for unbounded SELECTs. Default 1000, max 10000, set 0 to disable." },
+        explain: { type: "boolean", description: "Prepend EXPLAIN (postgres/mysql) or SHOWPLAN (mssql) instead of executing. Useful for slow-query diagnosis." }
       },
-      required: ["serverId", "query"]
+      required: ["serverId"]
     }
   },
   {
@@ -4118,8 +3821,15 @@ var TOOLS = [
   // ----- Domains (mijn.host) -----
   {
     name: "domain-list",
-    description: "List all domains from the mijn.host account. Returns domain name, status, renewal date, and tags. Requires MIJNHOST_API_KEY.",
-    inputSchema: { type: "object", properties: {}, required: [] }
+    description: "List all domains from the mijn.host account. Returns domain name, status, renewal date (= expiration), and tags. Requires MIJNHOST_API_KEY.\n\nPass `details: true` to also fetch DNS zone summary per domain in parallel: NS records, MX target, and presence of SPF/DMARC. Useful as a single-call overview instead of N follow-up dns-list calls. Skipped for inactive/expired domains.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        details: { type: "boolean", description: "Inline DNS zone summary (NS, MX, SPF/DMARC presence) per domain. Adds N parallel API calls \u2014 use sparingly on large accounts." },
+        concurrency: { type: "number", description: "Max concurrent DNS lookups when details=true (default 8, max 20)." }
+      },
+      required: []
+    }
   },
   {
     name: "dns-list",
@@ -4134,7 +3844,7 @@ var TOOLS = [
   },
   {
     name: "dns-create",
-    description: "Add a new DNS record to a domain. Uses PATCH to add without replacing existing records.",
+    description: "Add a new DNS record to a domain. Uses PATCH to add without replacing existing records.\n\nPass `dryRun: true` to preview the proposed change (full before/after diff) without calling the mijn.host PUT \u2014 recommended before touching MX, SPF, DKIM, or DMARC records.",
     inputSchema: {
       type: "object",
       properties: {
@@ -4142,14 +3852,15 @@ var TOOLS = [
         type: { type: "string", description: "Record type: A, AAAA, CNAME, MX, TXT, NS, SRV, CAA, or TLSA" },
         name: { type: "string", description: "Record name (e.g. @ or subdomain)" },
         value: { type: "string", description: "Record value (e.g. IP address, hostname)" },
-        ttl: { type: "number", description: "TTL in seconds (min 60, default 3600)" }
+        ttl: { type: "number", description: "TTL in seconds (min 60, default 3600)" },
+        dryRun: { type: "boolean", description: "Preview the change (returns proposed diff) without applying." }
       },
       required: ["domain", "type", "name", "value"]
     }
   },
   {
     name: "dns-update",
-    description: "Update an existing DNS record. Identifies the record by type+name+oldValue, then replaces it with new values via PATCH.",
+    description: "Update an existing DNS record. Identifies the record by type+name+oldValue, then replaces it with new values via PATCH.\n\nPass `dryRun: true` to preview the change without applying \u2014 strongly recommended for MX/SPF/DKIM/DMARC.",
     inputSchema: {
       type: "object",
       properties: {
@@ -4158,33 +3869,33 @@ var TOOLS = [
         name: { type: "string", description: "Record name" },
         oldValue: { type: "string", description: "Current value of the record to update" },
         newValue: { type: "string", description: "New value for the record" },
-        ttl: { type: "number", description: "New TTL in seconds (min 60)" }
+        ttl: { type: "number", description: "New TTL in seconds (min 60)" },
+        dryRun: { type: "boolean", description: "Preview the change (returns proposed diff) without applying." }
       },
       required: ["domain", "type", "name", "oldValue", "newValue"]
     }
   },
   {
     name: "dns-delete",
-    description: "Delete a DNS record by type, name, and value. Fetches all records, removes the matching one, then replaces the full set.",
+    description: "Delete a DNS record by type, name, and value. Fetches all records, removes the matching one, then replaces the full set.\n\nPass `dryRun: true` to preview the deletion without applying.",
     inputSchema: {
       type: "object",
       properties: {
         domain: { type: "string", description: "Domain name (e.g. example.com)" },
         type: { type: "string", description: "Record type to delete" },
         name: { type: "string", description: "Record name to delete" },
-        value: { type: "string", description: "Record value to delete (must match exactly)" }
+        value: { type: "string", description: "Record value to delete (must match exactly)" },
+        dryRun: { type: "boolean", description: "Preview the deletion (returns proposed diff) without applying." }
       },
       required: ["domain", "type", "name", "value"]
     }
   },
   // ----- Trigger.dev -----
   ...TRIGGER_TOOLS,
-  // ----- Agent Reporting -----
-  ...AGENT_TOOLS,
   // ----- Vercel -----
   ...VERCEL_TOOLS
 ];
-var MCP_VERSION = "3.14.0";
+var MCP_VERSION = "5.0.1";
 async function handleListTools() {
   if (!authContext) return { tools: TOOLS };
   const accessible = TOOLS.filter((tool) => {
@@ -5148,29 +4859,46 @@ ${trail.join("\n")}` }] };
         const output = await execSiteMysql(conn, String(a.sitePath), sql, proxy);
         return { content: [{ type: "text", text: output || "No tables found" }] };
       }
-      case "db-describe": {
-        const table = String(a.table).replace(/[^a-zA-Z0-9_]/g, "");
-        const { conn, proxy } = await getServerConnection(String(a.serverId));
-        const output = await execSiteMysql(
-          conn,
-          String(a.sitePath),
-          `DESCRIBE \`${table}\`; SHOW INDEX FROM \`${table}\``,
-          proxy
-        );
-        return { content: [{ type: "text", text: output }] };
-      }
       case "db-query": {
-        const query = String(a.query).trim();
-        if (!query) return { content: [{ type: "text", text: "Error: query is required" }] };
-        assertSafeSql(query);
         const containerName = typeof a.containerName === "string" && a.containerName ? a.containerName.replace(/[^a-zA-Z0-9._-]/g, "") : "";
         const explicitEngine = a.engine === "mysql" || a.engine === "postgres" || a.engine === "mssql" ? a.engine : null;
         const engine = explicitEngine || (containerName ? "postgres" : "mysql");
+        const describeArg = typeof a.describe === "string" ? a.describe.trim() : "";
+        const explainMode = a.explain === true;
+        const maxRowsRaw = a.maxRows === void 0 ? 1e3 : Number(a.maxRows);
+        const maxRows = Math.min(Math.max(Number.isFinite(maxRowsRaw) ? maxRowsRaw : 0, 0), 1e4);
+        let rawQuery;
+        if (describeArg) {
+          rawQuery = buildDescribeSql(describeArg, engine);
+        } else {
+          rawQuery = String(a.query ?? "").trim();
+          if (!rawQuery) return { content: [{ type: "text", text: "Error: query (or describe) is required" }] };
+        }
+        assertSafeSql(rawQuery);
+        let query = rawQuery.replace(/;\s*$/, "");
+        let appliedLimit = false;
+        if (explainMode && !describeArg) {
+          if (engine === "mssql") {
+            query = `SET SHOWPLAN_TEXT ON;
+${query}`;
+          } else {
+            query = `EXPLAIN ${query}`;
+          }
+        } else if (maxRows > 0 && !describeArg) {
+          const isSelect = /^\s*(with\b[\s\S]+?\bselect\b|select\b)/i.test(query);
+          const alreadyLimited = /\blimit\s+\d+\b/i.test(query) || /\btop\s*\(?\s*\d+/i.test(query);
+          if (isSelect && !alreadyLimited && engine !== "mssql") {
+            query = `${query}
+LIMIT ${maxRows + 1}`;
+            appliedLimit = true;
+          }
+        }
         if (!containerName && engine === "mysql") {
           if (!a.sitePath) return { content: [{ type: "text", text: "Error: sitePath is required for mysql autodiscover (or pass containerName + engine for direct DB queries)" }] };
           const { conn: conn2, proxy: proxy2 } = await getServerConnection(String(a.serverId));
           const output2 = await execSiteMysql(conn2, String(a.sitePath), query, proxy2);
-          return { content: [{ type: "text", text: output2 || "Query executed successfully (no output)" }] };
+          const footer2 = formatDbQueryFooter(output2, appliedLimit, maxRows, explainMode);
+          return { content: [{ type: "text", text: (output2 || "Query executed successfully (no output)") + footer2 }] };
         }
         if (!containerName) {
           return { content: [{ type: "text", text: `Error: engine=${engine} requires containerName (the docker container running the DB server, e.g. "supabase-db" or "trigger-postgres")` }] };
@@ -5209,7 +4937,8 @@ GO
         if (result.exitCode !== 0 && !result.stdout) {
           return { content: [{ type: "text", text: `Error (exit ${result.exitCode}, ${engine}): ${output}` }] };
         }
-        return { content: [{ type: "text", text: output }] };
+        const footer = formatDbQueryFooter(output, appliedLimit, maxRows, explainMode);
+        return { content: [{ type: "text", text: output + footer }] };
       }
       // ----- Env Config -----
       case "env-list": {
@@ -5398,13 +5127,68 @@ echo -e "$R"
         if (!domains.length) {
           return { content: [{ type: "text", text: "No domains found" }] };
         }
+        const details = a.details === true;
+        if (!details) {
+          const lines2 = domains.map((d) => {
+            const tags = d.tags?.length ? ` [${d.tags.join(", ")}]` : "";
+            return `${d.domain}  status=${d.status}  renewal=${d.renewal_date}${tags}`;
+          });
+          return { content: [{ type: "text", text: `${domains.length} domain(s):
+${lines2.join("\n")}` }] };
+        }
+        const concurrency = Math.min(Math.max(Number(a.concurrency) || 8, 1), 20);
+        const summaries = /* @__PURE__ */ new Map();
+        const skipStatuses = /* @__PURE__ */ new Set(["expired", "redemptionperiod", "pendingdelete", "inactive"]);
+        const activeDomains = domains.filter((d) => !skipStatuses.has((d.status || "").toLowerCase()));
+        async function fetchSummary(domain) {
+          try {
+            const r = await mijnhostFetch(
+              `/domains/${encodeURIComponent(domain)}/dns`
+            );
+            const recs = r.data.records || [];
+            const ns = recs.filter((x) => x.type === "NS").map((x) => x.value).sort();
+            const mx = recs.filter((x) => x.type === "MX").map((x) => x.value).sort();
+            const hasSpf = recs.some((x) => x.type === "TXT" && x.value.toLowerCase().includes("v=spf1"));
+            const hasDmarc = recs.some(
+              (x) => x.type === "TXT" && (x.name.toLowerCase().startsWith("_dmarc") || x.value.toLowerCase().includes("v=dmarc1"))
+            );
+            return { ns, mx, hasSpf, hasDmarc };
+          } catch (err) {
+            return { ns: [], mx: [], hasSpf: false, hasDmarc: false, error: err instanceof Error ? err.message : String(err) };
+          }
+        }
+        const queue = [...activeDomains];
+        async function worker() {
+          while (queue.length > 0) {
+            const d = queue.shift();
+            if (!d) return;
+            summaries.set(d.domain, await fetchSummary(d.domain));
+          }
+        }
+        await Promise.all(Array.from({ length: Math.min(concurrency, queue.length) }, worker));
         const lines = domains.map((d) => {
           const tags = d.tags?.length ? ` [${d.tags.join(", ")}]` : "";
-          return `${d.domain}  status=${d.status}  renewal=${d.renewal_date}${tags}`;
+          const head = `${d.domain}  status=${d.status}  expires=${d.renewal_date}${tags}`;
+          const s = summaries.get(d.domain);
+          if (!s) return head;
+          if (s.error) return `${head}
+    dns: error: ${s.error}`;
+          const ns = s.ns.length ? s.ns.join(", ") : "(none)";
+          const mx = s.mx.length ? s.mx.join(", ") : "(none)";
+          const mail = `mx=${mx}  spf=${s.hasSpf ? "yes" : "NO"}  dmarc=${s.hasDmarc ? "yes" : "NO"}`;
+          return `${head}
+    ns: ${ns}
+    ${mail}`;
         });
-        return { content: [{ type: "text", text: `${domains.length} domain(s):
+        return {
+          content: [{
+            type: "text",
+            text: `${domains.length} domain(s) (${activeDomains.length} with DNS lookup):
-${lines.join("\n")}` }] };
+${lines.join("\n")}`
+          }]
+        };
       }
       case "dns-list": {
         const domain = String(a.domain);
@@ -5433,13 +5217,22 @@ ${lines.join("\n")}` }] };
         const dnsName = String(a.name);
         const value = String(a.value);
         const ttl = Number(a.ttl) || 3600;
+        const dryRun = a.dryRun === true;
         if (!domain || !type || !dnsName || !value) {
           throw new Error("domain, type, name, and value are required");
         }
         const current = await mijnhostFetch(
           `/domains/${encodeURIComponent(domain)}/dns`
         );
-        const records = [...current.data.records, { type, name: dnsName, value, ttl }];
+        const newRecord = { type, name: dnsName, value, ttl };
+        const records = [...current.data.records, newRecord];
+        if (dryRun) {
+          const diff = formatDnsDiff(domain, current.data.records, records, {
+            verb: "create",
+            added: [newRecord]
+          });
+          return { content: [{ type: "text", text: diff }] };
+        }
         await mijnhostFetch(`/domains/${encodeURIComponent(domain)}/dns`, {
           method: "PUT",
           body: JSON.stringify({ records })
@@ -5453,6 +5246,7 @@ ${lines.join("\n")}` }] };
         const oldValue = String(a.oldValue);
         const newValue = String(a.newValue);
         const ttl = Number(a.ttl) || void 0;
+        const dryRun = a.dryRun === true;
         if (!domain || !type || !dnsName || !oldValue || !newValue) {
           throw new Error("domain, type, name, oldValue, and newValue are required");
         }
@@ -5467,12 +5261,22 @@ ${lines.join("\n")}` }] };
         }
         const updated = [...current.data.records];
         const existingTtl = updated[idx].ttl;
-        updated[idx] = {
+        const before = updated[idx];
+        const after = {
           type,
           name: dnsName,
           value: newValue,
           ttl: ttl ?? existingTtl
         };
+        updated[idx] = after;
+        if (dryRun) {
+          const diff = formatDnsDiff(domain, current.data.records, updated, {
+            verb: "update",
+            removed: [before],
+            added: [after]
+          });
+          return { content: [{ type: "text", text: diff }] };
+        }
         await mijnhostFetch(`/domains/${encodeURIComponent(domain)}/dns`, {
           method: "PUT",
           body: JSON.stringify({ records: updated })
@@ -5484,6 +5288,7 @@ ${lines.join("\n")}` }] };
         const type = String(a.type).toUpperCase();
         const dnsName = String(a.name);
         const value = String(a.value);
+        const dryRun = a.dryRun === true;
         if (!domain || !type || !dnsName || !value) {
           throw new Error("domain, type, name, and value are required");
         }
@@ -5491,12 +5296,22 @@ ${lines.join("\n")}` }] };
           `/domains/${encodeURIComponent(domain)}/dns`
         );
         const before = current.data.records.length;
+        const removed = current.data.records.filter(
+          (r) => r.type === type && r.name === dnsName && r.value === value
+        );
         const remaining = current.data.records.filter(
           (r) => !(r.type === type && r.name === dnsName && r.value === value)
         );
         if (remaining.length === before) {
           throw new Error(`No matching DNS record found: ${type} ${dnsName} = ${value}`);
         }
+        if (dryRun) {
+          const diff = formatDnsDiff(domain, current.data.records, remaining, {
+            verb: "delete",
+            removed
+          });
+          return { content: [{ type: "text", text: diff }] };
+        }
         await mijnhostFetch(`/domains/${encodeURIComponent(domain)}/dns`, {
           method: "PUT",
           body: JSON.stringify({ records: remaining })
@@ -5507,9 +5322,6 @@ ${lines.join("\n")}` }] };
         if (TRIGGER_TOOL_NAMES.has(name)) {
           return handleTriggerTool(name, a, { sshExec, getServerConnection });
         }
-        if (AGENT_TOOL_NAMES.has(name)) {
-          return handleAgentTool(name, a);
-        }
         if (VERCEL_TOOL_NAMES.has(name)) {
           return handleVercelTool(name, a, { supabase, decrypt });
         }
@@ -5547,50 +5359,8 @@ async function main() {
   if (httpMode) {
     console.error(`API key validated. Starting Streamable HTTP transport on port ${httpPort}...`);
     const transports = /* @__PURE__ */ new Map();
-    const REST_TOOL_MAP = {
-      "/api/web-search": "web-search",
-      "/api/web-fetch": "web-fetch"
-    };
     const httpServer = createServer(async (req, res) => {
       const url = new URL(req.url ?? "/", `http://localhost:${httpPort}`);
-      const restToolName = REST_TOOL_MAP[url.pathname];
-      if (restToolName && req.method === "POST") {
-        if (!authContext) {
-          res.writeHead(401, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ error: "Not authenticated" }));
-          return;
-        }
-        const requiredModule = TOOL_MODULE_MAP[restToolName];
-        if (requiredModule && authContext.permissions.modules[requiredModule] !== true) {
-          res.writeHead(403, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ error: `Access denied: no permission for "${requiredModule}" module` }));
-          return;
-        }
-        const chunks = [];
-        for await (const chunk of req) chunks.push(chunk);
-        let toolArgs;
-        try {
-          toolArgs = JSON.parse(Buffer.concat(chunks).toString());
-        } catch {
-          res.writeHead(400, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ error: "Invalid JSON" }));
-          return;
-        }
-        try {
-          const result = await handleAgentTool(restToolName, toolArgs);
-          res.writeHead(200, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ ok: true, result }));
-        } catch (err) {
-          res.writeHead(500, { "Content-Type": "application/json" });
-          res.end(JSON.stringify({ error: err instanceof Error ? err.message : String(err) }));
-        }
-        return;
-      }
-      if (url.pathname === "/api/tools" && req.method === "GET") {
-        res.writeHead(200, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ tools: Object.keys(REST_TOOL_MAP) }));
-        return;
-      }
       if (url.pathname !== "/mcp") {
         res.writeHead(404, { "Content-Type": "text/plain" });
         res.end("Not found");