npm - @nordsym/apiclaw - Versions diffs - 1.5.16 → 1.5.18 - Mend

@nordsym/apiclaw 1.5.16 → 1.5.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

package/convex/http.js +196 -0
package/convex/http.js.map +1 -1
package/convex/http.ts +201 -0
package/convex/http.ts.bak +934 -0
package/dist/analytics.d.ts +0 -4
package/dist/analytics.d.ts.map +1 -1
package/dist/analytics.js +0 -1
package/dist/analytics.js.map +1 -1
package/dist/bin.js +1 -1
package/dist/cli/commands/mcp-install.d.ts.map +1 -1
package/dist/cli/commands/mcp-install.js +8 -87
package/dist/cli/commands/mcp-install.js.map +1 -1
package/dist/cli/index.js +0 -7
package/dist/credentials.d.ts.map +1 -1
package/dist/credentials.js +0 -128
package/dist/credentials.js.map +1 -1
package/dist/discovery.d.ts.map +1 -1
package/dist/discovery.js +82 -191
package/dist/discovery.js.map +1 -1
package/dist/http-api.d.ts.map +1 -1
package/dist/http-api.js +33 -17
package/dist/http-api.js.map +1 -1
package/dist/proxy.js +1 -1
package/dist/proxy.js.map +1 -1
package/landing/next-env.d.ts +0 -1
package/landing/src/app/api/auth/magic-link/route.ts +1 -1
package/landing/src/app/auth/verify/page.tsx +0 -6
package/landing/src/app/dashboard/verify/page.tsx +0 -6
package/landing/src/app/join/page.tsx +0 -6
package/landing/src/app/layout.tsx +2 -2
package/landing/src/app/login/page.tsx +1 -1
package/landing/src/app/mou/[partnerId]/page.tsx +0 -6
package/landing/src/app/page.tsx +18 -39
package/landing/src/app/providers/dashboard/[apiId]/actions/[actionId]/edit/page.tsx +0 -6
package/landing/src/app/providers/dashboard/[apiId]/actions/new/page.tsx +0 -5
package/landing/src/app/providers/dashboard/[apiId]/actions/page.tsx +0 -5
package/landing/src/app/providers/dashboard/[apiId]/direct-call/page.tsx +1 -6
package/landing/src/app/providers/dashboard/[apiId]/page.tsx +0 -5
package/landing/src/app/providers/dashboard/[apiId]/test/page.tsx +0 -5
package/landing/src/app/providers/dashboard/layout.tsx +6 -6
package/landing/src/app/providers/dashboard/login/page.tsx +1 -1
package/landing/src/app/providers/dashboard/page.tsx +1 -1
package/landing/src/app/providers/dashboard/verify/page.tsx +0 -6
package/landing/src/app/providers/layout.tsx +1 -1
package/landing/src/app/upgrade/page.tsx +0 -6
package/landing/src/app/workspace/page.tsx +0 -6
package/landing/src/components/HeroTabs.tsx +2 -2
package/landing/src/components/{Workspace.tsx → ProviderDashboard.tsx} +2 -2
package/landing/src/components/VideoDemo.tsx +10 -21
package/landing/src/lib/mock-data.ts +1 -1
package/landing/src/lib/stats.json +1 -1
package/package.json +4 -6
package/src/analytics.ts +0 -5
package/src/bin.ts +1 -1
package/src/cli/commands/mcp-install.ts +8 -90
package/src/cli/index.ts +0 -8
package/src/credentials.ts +0 -136
package/src/discovery.ts +82 -191
package/src/http-api.ts +34 -18
package/src/proxy.ts +1 -1
package/APILAYER_STATUS_2026-03-24.md +0 -38
package/CHANGELOG-WHITELIST-V2.md +0 -269
package/HIVR-WHITELIST-STATUS.md +0 -205
package/HIVR-WHITELIST.md +0 -148
package/TERMINOLOGY-AUDIT.md +0 -99
package/TERMINOLOGY-FIXED.md +0 -74
package/VIDEO-DEMO-GUIDE.md +0 -82
package/WHITELIST-ARCHITECTURE.md +0 -379
package/api/discover.ts +0 -71
package/api/health.ts +0 -20
package/direct-test.mjs +0 -51
package/dist/access-control.d.ts +0 -45
package/dist/access-control.d.ts.map +0 -1
package/dist/access-control.js +0 -142
package/dist/access-control.js.map +0 -1
package/dist/chain-types.d.ts +0 -187
package/dist/chain-types.d.ts.map +0 -1
package/dist/chain-types.js +0 -33
package/dist/chain-types.js.map +0 -1
package/dist/convex/adminActivate.js +0 -46
package/dist/convex/adminStats.js +0 -41
package/dist/convex/agents.js +0 -498
package/dist/convex/analytics.js +0 -165
package/dist/convex/billing.js +0 -654
package/dist/convex/capabilities.js +0 -144
package/dist/convex/chains.js +0 -1041
package/dist/convex/credits.js +0 -185
package/dist/convex/crons.js +0 -16
package/dist/convex/directCall.js +0 -626
package/dist/convex/earnProgress.js +0 -648
package/dist/convex/email.js +0 -299
package/dist/convex/feedback.js +0 -226
package/dist/convex/http.js +0 -909
package/dist/convex/logs.js +0 -486
package/dist/convex/mou.js +0 -81
package/dist/convex/providerKeys.js +0 -256
package/dist/convex/providers.js +0 -755
package/dist/convex/purchases.js +0 -156
package/dist/convex/ratelimit.js +0 -90
package/dist/convex/schema.js +0 -709
package/dist/convex/searchLogs.js +0 -128
package/dist/convex/spendAlerts.js +0 -379
package/dist/convex/stripeActions.js +0 -410
package/dist/convex/teams.js +0 -214
package/dist/convex/telemetry.js +0 -73
package/dist/convex/usage.js +0 -228
package/dist/convex/waitlist.js +0 -48
package/dist/convex/webhooks.js +0 -409
package/dist/convex/workspaces.js +0 -879
package/dist/hivr-whitelist.d.ts +0 -18
package/dist/hivr-whitelist.d.ts.map +0 -1
package/dist/hivr-whitelist.js +0 -95
package/dist/hivr-whitelist.js.map +0 -1
package/dist/http-server-minimal.d.ts +0 -7
package/dist/http-server-minimal.d.ts.map +0 -1
package/dist/http-server-minimal.js +0 -126
package/dist/http-server-minimal.js.map +0 -1
package/dist/product-whitelist.d.ts +0 -37
package/dist/product-whitelist.d.ts.map +0 -1
package/dist/product-whitelist.js +0 -203
package/dist/product-whitelist.js.map +0 -1
package/dist/src/analytics.js +0 -129
package/dist/src/bin.js +0 -17
package/dist/src/capability-router.js +0 -240
package/dist/src/chainExecutor.js +0 -451
package/dist/src/chainResolver.js +0 -518
package/dist/src/cli/commands/doctor.js +0 -324
package/dist/src/cli/commands/mcp-install.js +0 -255
package/dist/src/cli/commands/restore.js +0 -259
package/dist/src/cli/commands/setup.js +0 -205
package/dist/src/cli/commands/uninstall.js +0 -188
package/dist/src/cli/index.js +0 -111
package/dist/src/cli.js +0 -302
package/dist/src/confirmation.js +0 -240
package/dist/src/credentials.js +0 -357
package/dist/src/credits.js +0 -260
package/dist/src/crypto.js +0 -66
package/dist/src/discovery.js +0 -504
package/dist/src/enterprise/env.js +0 -123
package/dist/src/enterprise/script-generator.js +0 -460
package/dist/src/execute-dynamic.js +0 -473
package/dist/src/execute.js +0 -1727
package/dist/src/index.js +0 -2062
package/dist/src/metered.js +0 -80
package/dist/src/open-apis.js +0 -276
package/dist/src/proxy.js +0 -28
package/dist/src/session.js +0 -86
package/dist/src/stripe.js +0 -407
package/dist/src/telemetry.js +0 -49
package/dist/src/types.js +0 -2
package/dist/src/utils/backup.js +0 -181
package/dist/src/utils/config.js +0 -220
package/dist/src/utils/os.js +0 -105
package/dist/src/utils/paths.js +0 -159
package/landing/pages/api/discover.ts +0 -43
package/landing/pages/api/health.ts +0 -20
package/scripts/test-whitelist-v2.sh +0 -128
package/src/access-control.ts +0 -174
package/src/hivr-whitelist.ts +0 -110
package/src/http-server-minimal.ts +0 -154
package/src/product-whitelist.ts +0 -246
package/test-actual-handlers.ts +0 -92
package/test-apilayer-all-14.ts +0 -249
package/test-apilayer-fixed.ts +0 -248
package/test-direct-endpoints.ts +0 -174
package/test-exact-endpoints.ts +0 -144
package/test-final.ts +0 -83
package/test-full-routing.ts +0 -100
package/test-handlers-correct.ts +0 -217
package/test-numverify-key.ts +0 -41
package/test-via-handlers.ts +0 -92
package/test-worldnews.mjs +0 -26

package/src/access-control.ts DELETED Viewed

@@ -1,174 +0,0 @@
-/**
- * Access Control System
- * Controls which products/agents can access which providers
- *
- * Rules format:
- * - Wildcard: "hivr:*" = all Hivr agents
- * - Specific: "hivr:bytebee" = only ByteBee
- * - Product-level: "nordsym:*" = all NordSym agents
- *
- * Provider wildcards:
- * - "*" = all providers
- * - "brave_*" = all Brave providers
- * - Specific: ["brave_search", "groq"]
- */
-interface AccessRule {
-  agentPattern: string;
-  allowedProviders: string[];
-  description?: string;
-}
-// Default access rules
-// These can be moved to Convex table for dynamic updates
-const DEFAULT_RULES: AccessRule[] = [
-  {
-    agentPattern: 'hivr:*',
-    allowedProviders: ['*'], // Hivr gets everything
-    description: 'All Hivr bees get full access',
-  },
-  {
-    agentPattern: 'nordsym:*',
-    allowedProviders: ['brave_search', 'groq', 'replicate'],
-    description: 'NordSym team gets selected providers',
-  },
-  // Add more rules as needed
-];
-// Cache for compiled rules
-let compiledRules: {
-  pattern: RegExp;
-  providers: string[];
-}[] | null = null;
-/**
- * Compile agentPattern to RegExp
- */
-function compilePattern(pattern: string): RegExp {
-  // Convert wildcard pattern to regex
-  // "hivr:*" → /^hivr:.+$/
-  // "hivr:byte*" → /^hivr:byte.+$/
-  const escaped = pattern
-    .replace(/[.+^${}()|[\]\\]/g, '\\$&') // Escape regex chars
-    .replace(/\*/g, '.+'); // Replace * with .+
-  return new RegExp(`^${escaped}$`, 'i');
-}
-/**
- * Compile all rules (cache for performance)
- */
-function compileRules(): void {
-  compiledRules = DEFAULT_RULES.map(rule => ({
-    pattern: compilePattern(rule.agentPattern),
-    providers: rule.allowedProviders,
-  }));
-}
-/**
- * Check if provider matches pattern
- */
-function matchesProvider(provider: string, pattern: string): boolean {
-  if (pattern === '*') return true;
-  if (pattern.endsWith('*')) {
-    const prefix = pattern.slice(0, -1);
-    return provider.startsWith(prefix);
-  }
-  return provider === pattern;
-}
-/**
- * Check if agentId is allowed to access provider
- */
-export function canAccessProvider(agentId: string, provider: string): boolean {
-  if (!compiledRules) {
-    compileRules();
-  }
-  const normalized = agentId.toLowerCase().trim();
-  const normalizedProvider = provider.toLowerCase().trim();
-  // Find matching rule
-  for (const rule of compiledRules!) {
-    if (rule.pattern.test(normalized)) {
-      // Check if provider is allowed
-      for (const providerPattern of rule.providers) {
-        if (matchesProvider(normalizedProvider, providerPattern)) {
-          return true;
-        }
-      }
-      // Rule matched but provider not in allowlist
-      return false;
-    }
-  }
-  // No rule matched = deny by default
-  console.warn(`[Access Control] No rule for ${normalized}`);
-  return false;
-}
-/**
- * Get allowed providers for agentId
- */
-export function getAllowedProviders(agentId: string): string[] {
-  if (!compiledRules) {
-    compileRules();
-  }
-  const normalized = agentId.toLowerCase().trim();
-  // Find matching rule
-  for (const rule of compiledRules!) {
-    if (rule.pattern.test(normalized)) {
-      return rule.providers;
-    }
-  }
-  return [];
-}
-/**
- * Add new access rule (runtime)
- */
-export function addAccessRule(rule: AccessRule): void {
-  DEFAULT_RULES.push(rule);
-  compiledRules = null; // Force recompile
-  console.log(`[Access Control] Added rule for ${rule.agentPattern}`);
-}
-/**
- * Get all access rules (for debugging/admin)
- */
-export function getAccessRules(): AccessRule[] {
-  return [...DEFAULT_RULES];
-}
-/**
- * Check if agentId + provider combination is allowed
- * Combines whitelist check + access control
- */
-export async function isAllowed(
-  agentId: string | undefined,
-  provider: string
-): Promise<{ allowed: boolean; reason?: string }> {
-  if (!agentId) {
-    return { allowed: false, reason: 'No agentId provided' };
-  }
-  // First check: Is agent whitelisted?
-  const { isAuthorized } = await import('./product-whitelist.js');
-  const whitelisted = await isAuthorized(agentId);
-  if (!whitelisted) {
-    return { allowed: false, reason: 'Agent not whitelisted' };
-  }
-  // Second check: Does agent have access to this provider?
-  const hasAccess = canAccessProvider(agentId, provider);
-  if (!hasAccess) {
-    return { allowed: false, reason: 'Provider not in access list' };
-  }
-  return { allowed: true };
-}

package/src/hivr-whitelist.ts DELETED Viewed

@@ -1,110 +0,0 @@
-/**
- * Hivr Bees Auto-Whitelist
- * Dynamically fetches active agents from Hivr's Convex deployment
- * Falls back to static whitelist if Convex is unreachable
- */
-// Hivr PROD Convex deployment
-const HIVR_CONVEX_URL = "https://sensible-quail-275.convex.cloud";
-// Fallback static whitelist (in case Convex is down)
-const STATIC_WHITELIST = [
-  'bytebee',
-  'analyzerbee',
-  'buildbee',
-  'buzzwriter',
-  'hivemind',
-  'hivesage',
-  'symbot',
-  'hivrqueen',
-  'marketmaven',
-  'reconbee',
-  'sprintbee',
-  'quillbee',
-];
-// Cache whitelist for 5 minutes
-let cachedWhitelist: string[] | null = null;
-let cacheExpiry: number = 0;
-/**
- * Fetch all active agents from Hivr Convex
- */
-async function fetchHivrAgents(): Promise<string[]> {
-  try {
-    // Call Convex HTTP API directly
-    const response = await fetch(`${HIVR_CONVEX_URL}/api/query`, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify({
-        path: 'agents:list',
-        args: {},
-      }),
-    });
-    if (!response.ok) {
-      console.warn('[Hivr Whitelist] Convex HTTP API error, using static whitelist');
-      return STATIC_WHITELIST;
-    }
-    const agents = await response.json() as any[];
-    if (!agents || !Array.isArray(agents)) {
-      console.warn('[Hivr Whitelist] Invalid response from Hivr Convex, using static whitelist');
-      return STATIC_WHITELIST;
-    }
-    // Extract handles (Hivr uses 'handle', not 'agentId')
-    const handles = agents
-      .map((a: any) => a.handle?.toLowerCase().trim())
-      .filter((h: string | undefined) => h && h.length > 0);
-    console.log(`[Hivr Whitelist] Fetched ${handles.length} agents from Hivr`);
-    return handles;
-  } catch (error) {
-    console.error('[Hivr Whitelist] Failed to fetch from Hivr Convex:', error);
-    return STATIC_WHITELIST;
-  }
-}
-/**
- * Get current whitelist (cached or fresh)
- */
-export async function getWhitelist(): Promise<string[]> {
-  const now = Date.now();
-  // Return cached if still valid
-  if (cachedWhitelist && now < cacheExpiry) {
-    return cachedWhitelist;
-  }
-  // Fetch fresh whitelist
-  cachedWhitelist = await fetchHivrAgents();
-  cacheExpiry = now + (5 * 60 * 1000); // 5 minutes
-  return cachedWhitelist;
-}
-/**
- * Check if agent is authorized
- */
-export async function isAuthorized(agentId: string | undefined): Promise<boolean> {
-  if (!agentId) return false;
-  const whitelist = await getWhitelist();
-  const normalized = agentId.toLowerCase().trim();
-  return whitelist.includes(normalized);
-}
-/**
- * Force refresh whitelist (call after adding new bee)
- */
-export function invalidateCache(): void {
-  cachedWhitelist = null;
-  cacheExpiry = 0;
-  console.log('[Hivr Whitelist] Cache invalidated');
-}

package/src/http-server-minimal.ts DELETED Viewed

@@ -1,154 +0,0 @@
-#!/usr/bin/env node
-/**
- * Minimal HTTP API Server for APIClaw
- * Bypasses chain executor imports
- */
-import { createServer } from 'http';
-import { URL } from 'url';
-const PORT = parseInt(process.env.PORT || '3001');
-// Import whitelist directly
-import { isAuthorized, getProduct } from './product-whitelist.js';
-interface APIRequest {
-  provider: string;
-  action: string;
-  params: Record<string, any>;
-  agentId: string;
-}
-function sendJSON(res: any, status: number, data: any): void {
-  res.writeHead(status, {
-    'Content-Type': 'application/json',
-    'Access-Control-Allow-Origin': '*',
-  });
-  res.end(JSON.stringify(data));
-}
-async function parseBody<T>(req: any): Promise<T> {
-  return new Promise((resolve, reject) => {
-    let body = '';
-    req.on('data', (chunk: any) => body += chunk.toString());
-    req.on('end', () => {
-      try {
-        resolve(JSON.parse(body));
-      } catch (e) {
-        reject(new Error('Invalid JSON'));
-      }
-    });
-  });
-}
-const server = createServer(async (req, res) => {
-  const url = new URL(req.url || '/', `http://${req.headers.host}`);
-  console.log(`[APIClaw] ${req.method} ${url.pathname}`);
-  // CORS
-  if (req.method === 'OPTIONS') {
-    res.writeHead(204, {
-      'Access-Control-Allow-Origin': '*',
-      'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-      'Access-Control-Allow-Headers': 'Content-Type',
-    });
-    res.end();
-    return;
-  }
-  // Health check
-  if (url.pathname === '/health') {
-    sendJSON(res, 200, {
-      status: 'ok',
-      service: 'apiclaw-http-api',
-      version: '2.0.0',
-      whitelist: 'multi-product',
-    });
-    return;
-  }
-  // Discovery endpoint
-  if (url.pathname === '/api/discover' && req.method === 'GET') {
-    const query = url.searchParams.get('query');
-    const agentId = url.searchParams.get('agentId');
-    if (!query) {
-      sendJSON(res, 400, { error: 'Missing query parameter' });
-      return;
-    }
-    const authorized = await isAuthorized(agentId || undefined);
-    if (!authorized) {
-      sendJSON(res, 403, {
-        error: 'Unauthorized',
-        message: 'This endpoint is restricted. Contact admin@nordsym.com',
-      });
-      return;
-    }
-    const product = agentId ? getProduct(agentId) : null;
-    sendJSON(res, 200, {
-      success: true,
-      query,
-      agentId,
-      product,
-      message: 'Whitelist v2.0 active - discovery endpoint placeholder',
-    });
-    return;
-  }
-  // Call API endpoint
-  if (url.pathname === '/api/call_api' && req.method === 'POST') {
-    try {
-      const body = await parseBody<APIRequest>(req);
-      const { provider, action, params, agentId } = body;
-      if (!provider || !action || !agentId) {
-        sendJSON(res, 400, {
-          error: 'Missing required fields',
-          required: ['provider', 'action', 'agentId', 'params'],
-        });
-        return;
-      }
-      const authorized = await isAuthorized(agentId);
-      if (!authorized) {
-        sendJSON(res, 403, {
-          error: 'Unauthorized',
-          message: 'Agent not whitelisted',
-        });
-        return;
-      }
-      const product = getProduct(agentId);
-      sendJSON(res, 200, {
-        success: true,
-        agentId,
-        provider,
-        action,
-        product,
-        message: 'Whitelist v2.0 active - execution placeholder',
-      });
-    } catch (e: any) {
-      sendJSON(res, 400, { error: e.message });
-    }
-    return;
-  }
-  // 404
-  sendJSON(res, 404, { error: 'Not found' });
-});
-server.listen(PORT, () => {
-  console.log(`\n🦞 APIClaw HTTP API (Whitelist v2.0)`);
-  console.log(`   Running on http://localhost:${PORT}`);
-  console.log(`   GET  /health`);
-  console.log(`   GET  /api/discover?query=...&agentId=...`);
-  console.log(`   POST /api/call_api\n`);
-});

package/src/product-whitelist.ts DELETED Viewed

@@ -1,246 +0,0 @@
-/**
- * Multi-Product Whitelist System
- * Supports multiple products (Hivr, NordSym, partners) with namespaced agentIds
- *
- * Format: product:agentId
- * Examples: hivr:bytebee, nordsym:mollebot, partner_x:agent1
- */
-interface ProductSource {
-  name: string;
-  convexUrl: string;
-  queryPath: string;
-  agentIdField: string;
-  authToken?: string;
-}
-// Product sources configuration
-const PRODUCT_SOURCES: ProductSource[] = [
-  {
-    name: 'hivr',
-    convexUrl: 'https://sensible-quail-275.convex.cloud',
-    queryPath: 'agents:list',
-    agentIdField: 'handle', // ✅ Fixed: Hivr agents use 'handle', not 'agentId'
-  },
-  // Add more products here as needed
-  // {
-  //   name: 'nordsym',
-  //   convexUrl: 'https://nordsym-deployment.convex.cloud',
-  //   queryPath: 'team:listAgents',
-  //   agentIdField: 'memberId',
-  // },
-];
-// Fallback static whitelist (emergency only)
-const STATIC_WHITELIST = [
-  'hivr:bytebee',
-  'hivr:analyzerbee',
-  'hivr:buildbee',
-  'hivr:buzzwriter',
-  'hivr:hivemind',
-  'hivr:hivesage',
-  'hivr:symbot',
-  'hivr:hivrqueen',
-  'hivr:marketmaven',
-  'hivr:reconbee',
-  'hivr:sprintbee',
-  'hivr:quillbee',
-];
-// Cache per product (5 minutes TTL)
-interface ProductCache {
-  agents: string[];
-  expiresAt: number;
-}
-const cache = new Map<string, ProductCache>();
-const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
-/**
- * Fetch agents from a single product source
- */
-async function fetchFromProduct(source: ProductSource): Promise<string[]> {
-  try {
-    const headers: Record<string, string> = {
-      'Content-Type': 'application/json',
-    };
-    if (source.authToken) {
-      headers['Authorization'] = `Bearer ${source.authToken}`;
-    }
-    const response = await fetch(`${source.convexUrl}/api/query`, {
-      method: 'POST',
-      headers,
-      body: JSON.stringify({
-        path: source.queryPath,
-        args: {},
-      }),
-    });
-    if (!response.ok) {
-      console.warn(`[Whitelist] ${source.name}: HTTP ${response.status}`);
-      return [];
-    }
-    const result = await response.json() as any;
-    // Convex HTTP API returns { status: "success", value: [...] }
-    const data = result.value || result;
-    if (!Array.isArray(data)) {
-      console.warn(`[Whitelist] ${source.name}: Invalid response format`, typeof data);
-      return [];
-    }
-    // Extract agentIds and add namespace
-    const agents = data
-      .map((item: any) => {
-        const agentId = item[source.agentIdField];
-        if (!agentId) return null;
-        return `${source.name}:${String(agentId).toLowerCase().trim()}`;
-      })
-      .filter((id): id is string => id !== null && id.length > 0);
-    console.log(`[Whitelist] ${source.name}: Fetched ${agents.length} agents`);
-    return agents;
-  } catch (error) {
-    console.error(`[Whitelist] ${source.name}: Fetch failed`, error);
-    return [];
-  }
-}
-/**
- * Fetch and merge agents from all product sources
- */
-async function fetchAllProducts(): Promise<string[]> {
-  const results = await Promise.allSettled(
-    PRODUCT_SOURCES.map(source => fetchFromProduct(source))
-  );
-  const allAgents: string[] = [];
-  for (const result of results) {
-    if (result.status === 'fulfilled') {
-      allAgents.push(...result.value);
-    }
-  }
-  // If no products returned data, use static fallback
-  if (allAgents.length === 0) {
-    console.warn('[Whitelist] All sources failed, using static fallback');
-    return STATIC_WHITELIST;
-  }
-  return allAgents;
-}
-/**
- * Get current whitelist (cached or fresh)
- */
-export async function getWhitelist(): Promise<string[]> {
-  const now = Date.now();
-  // Check if any cache entry is still valid
-  const validCaches: string[] = [];
-  for (const [product, cached] of cache.entries()) {
-    if (now < cached.expiresAt) {
-      validCaches.push(...cached.agents);
-    }
-  }
-  // If all caches valid, return merged
-  if (validCaches.length > 0 && cache.size === PRODUCT_SOURCES.length) {
-    return validCaches;
-  }
-  // Fetch fresh data
-  const agents = await fetchAllProducts();
-  // Update cache per product
-  const agentsByProduct = new Map<string, string[]>();
-  for (const agent of agents) {
-    const [product] = agent.split(':');
-    if (!agentsByProduct.has(product)) {
-      agentsByProduct.set(product, []);
-    }
-    agentsByProduct.get(product)!.push(agent);
-  }
-  for (const [product, productAgents] of agentsByProduct.entries()) {
-    cache.set(product, {
-      agents: productAgents,
-      expiresAt: now + CACHE_TTL,
-    });
-  }
-  return agents;
-}
-/**
- * Check if agentId is authorized
- * Supports both namespaced (product:agent) and legacy (agent) formats
- */
-export async function isAuthorized(agentId: string | undefined): Promise<boolean> {
-  if (!agentId) return false;
-  const normalized = agentId.toLowerCase().trim();
-  const whitelist = await getWhitelist();
-  // Check exact match (namespaced)
-  if (whitelist.includes(normalized)) {
-    return true;
-  }
-  // Legacy support: check if agentId matches any product's agent (without namespace)
-  // e.g., "bytebee" matches "hivr:bytebee"
-  if (!normalized.includes(':')) {
-    const legacyMatch = whitelist.some(entry => {
-      const [, agent] = entry.split(':');
-      return agent === normalized;
-    });
-    if (legacyMatch) {
-      console.log(`[Whitelist] Legacy match for ${normalized}`);
-      return true;
-    }
-  }
-  return false;
-}
-/**
- * Extract product name from agentId
- */
-export function getProduct(agentId: string): string | null {
-  const [product] = agentId.split(':');
-  return product || null;
-}
-/**
- * Force refresh whitelist (call after adding new agent)
- */
-export function invalidateCache(product?: string): void {
-  if (product) {
-    cache.delete(product);
-    console.log(`[Whitelist] Cache invalidated for ${product}`);
-  } else {
-    cache.clear();
-    console.log('[Whitelist] All caches invalidated');
-  }
-}
-/**
- * Add new product source dynamically
- */
-export function addProductSource(source: ProductSource): void {
-  const existing = PRODUCT_SOURCES.find(s => s.name === source.name);
-  if (existing) {
-    console.warn(`[Whitelist] Product ${source.name} already exists, updating`);
-    Object.assign(existing, source);
-  } else {
-    PRODUCT_SOURCES.push(source);
-    console.log(`[Whitelist] Added product source: ${source.name}`);
-  }
-  invalidateCache(source.name);
-}