@relayrail/server 0.1.0

package/dist/index.js

@@ -0,0 +1,2213 @@
+#!/usr/bin/env node
+
+// src/server.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+
+// ../database/dist/index.js
+import { createClient } from "@supabase/supabase-js";
+function createServiceClient(url, serviceRoleKey) {
+  return createClient(url, serviceRoleKey, {
+    auth: {
+      autoRefreshToken: false,
+      persistSession: false
+    }
+  });
+}
+
+// ../shared/src/index.ts
+var TIER_LIMITS = {
+  free: {
+    emailsPerMonth: 100,
+    smsPerMonth: 0,
+    maxAgents: 1,
+    historyDays: 7,
+    smsEnabled: false
+  },
+  pro: {
+    emailsPerMonth: 1e3,
+    smsPerMonth: 100,
+    maxAgents: 5,
+    historyDays: 30,
+    smsEnabled: true
+  },
+  team: {
+    emailsPerMonth: 1e4,
+    smsPerMonth: 1e3,
+    maxAgents: 25,
+    historyDays: 90,
+    smsEnabled: true
+  }
+};
+function getTierLimits(tier) {
+  return TIER_LIMITS[tier] || TIER_LIMITS.free;
+}
+var API_KEY_PREFIX = "rr_";
+var REQUEST_ID_LENGTH = 8;
+var DEFAULT_TIMEOUT_MINUTES = 60;
+var MAX_TIMEOUT_MINUTES = 1440;
+var SMS_OVERAGE_CENTS = 2;
+var EMAIL_OVERAGE_CENTS = 1;
+function sanitizeBaseUrl(url) {
+  return url.replace(/\/+$/, "");
+}
+function joinUrl(base, ...parts) {
+  const cleanBase = sanitizeBaseUrl(base);
+  const cleanParts = parts.map((p) => p.replace(/^\/+|\/+$/g, ""));
+  return [cleanBase, ...cleanParts].join("/");
+}
+function buildUrl(base, path, params) {
+  const url = joinUrl(base, path);
+  if (!params || Object.keys(params).length === 0) {
+    return url;
+  }
+  const queryString = Object.entries(params).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");
+  return `${url}?${queryString}`;
+}
+function checkEmailQuota(tier, emailsSent, allowOverage, baseUrl) {
+  const limits = getTierLimits(tier);
+  const limit = limits.emailsPerMonth;
+  const remaining = Math.max(0, limit - emailsSent);
+  const withinIncluded = emailsSent < limit;
+  const isOverage = !withinIncluded;
+  const allowed = withinIncluded || isOverage && allowOverage;
+  const result = {
+    allowed,
+    withinIncluded,
+    isOverage,
+    current: emailsSent,
+    limit,
+    remaining,
+    tier
+  };
+  if (isOverage) {
+    result.overageRate = EMAIL_OVERAGE_CENTS / 100;
+    if (allowOverage) {
+      result.message = `Email sent as overage. You will be charged $${(EMAIL_OVERAGE_CENTS / 100).toFixed(2)} for this message.`;
+    } else {
+      result.message = `Email limit reached (${emailsSent}/${limit}). Overage charges are disabled in your settings.`;
+      const cleanBase = sanitizeBaseUrl(baseUrl);
+      result.enableOverageUrl = `${cleanBase}/settings?section=billing`;
+      result.upgradeUrl = `${cleanBase}/pricing?upgrade=true&reason=email_limit`;
+    }
+  }
+  return result;
+}
+function checkSmsQuota(tier, smsSent, allowOverage, baseUrl) {
+  const limits = getTierLimits(tier);
+  const limit = limits.smsPerMonth;
+  if (tier === "free" || !limits.smsEnabled) {
+    const cleanBase = sanitizeBaseUrl(baseUrl);
+    return {
+      allowed: false,
+      withinIncluded: false,
+      isOverage: false,
+      current: smsSent,
+      limit: 0,
+      remaining: 0,
+      tier,
+      message: "SMS is not available on the Free tier. Upgrade to Pro for 100 SMS/month.",
+      upgradeUrl: `${cleanBase}/pricing?upgrade=true&reason=sms_required`
+    };
+  }
+  const remaining = Math.max(0, limit - smsSent);
+  const withinIncluded = smsSent < limit;
+  const isOverage = !withinIncluded;
+  const allowed = withinIncluded || isOverage && allowOverage;
+  const result = {
+    allowed,
+    withinIncluded,
+    isOverage,
+    current: smsSent,
+    limit,
+    remaining,
+    tier
+  };
+  if (isOverage) {
+    result.overageRate = SMS_OVERAGE_CENTS / 100;
+    if (allowOverage) {
+      result.message = `SMS sent as overage. You will be charged $${(SMS_OVERAGE_CENTS / 100).toFixed(2)} for this message.`;
+    } else {
+      result.message = `SMS limit reached (${smsSent}/${limit}). Overage charges are disabled in your settings.`;
+      const cleanBase = sanitizeBaseUrl(baseUrl);
+      result.enableOverageUrl = `${cleanBase}/settings?section=billing`;
+      result.upgradeUrl = `${cleanBase}/pricing?upgrade=true&reason=sms_limit`;
+    }
+  }
+  return result;
+}
+
+// src/auth.ts
+import { createHash } from "crypto";
+function hashApiKey(apiKey) {
+  return createHash("sha256").update(apiKey).digest("hex");
+}
+function getApiKeyPrefix(apiKey) {
+  if (!apiKey.startsWith(API_KEY_PREFIX)) {
+    return "";
+  }
+  return apiKey.substring(0, API_KEY_PREFIX.length + 8);
+}
+async function authenticateApiKey(supabase, apiKey) {
+  if (!apiKey || !apiKey.startsWith(API_KEY_PREFIX)) {
+    return {
+      success: false,
+      error: "Invalid API key format",
+      authError: {
+        code: "INVALID_FORMAT",
+        message: "Invalid API key format",
+        hint: `API keys must start with "${API_KEY_PREFIX}". Use the register_agent tool to get a valid API key, or check your Claude Desktop configuration.`
+      }
+    };
+  }
+  const expectedMinLength = 35;
+  if (apiKey.length < expectedMinLength) {
+    return {
+      success: false,
+      error: "API key appears truncated",
+      authError: {
+        code: "KEY_TRUNCATED",
+        message: "API key appears truncated",
+        hint: `Expected at least ${expectedMinLength} characters, but received ${apiKey.length}. Make sure you copied the complete API key. It should look like: rr_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
+      }
+    };
+  }
+  const prefix = getApiKeyPrefix(apiKey);
+  const hash = hashApiKey(apiKey);
+  const agentQuery = supabase.from("agents").select("*").eq("api_key_prefix", prefix);
+  const agentResult = await agentQuery;
+  if (agentResult.error || !agentResult.data || agentResult.data.length === 0) {
+    return {
+      success: false,
+      error: "API key not found",
+      authError: {
+        code: "KEY_NOT_FOUND",
+        message: "API key not found",
+        hint: "This API key does not exist in our system. It may have been deleted, or was never created. Use the register_agent tool to create a new API key."
+      }
+    };
+  }
+  const agent = agentResult.data.find((a) => a.api_key_hash === hash);
+  if (!agent) {
+    return {
+      success: false,
+      error: "API key verification failed",
+      authError: {
+        code: "HASH_MISMATCH",
+        message: "API key verification failed",
+        hint: 'The API key prefix was recognized, but the full key verification failed. This usually means the key was corrupted or truncated. Please check that you copied the complete API key, including all characters after "rr_".'
+      }
+    };
+  }
+  if (!agent.is_active) {
+    return {
+      success: false,
+      error: "API key is deactivated",
+      authError: {
+        code: "KEY_INACTIVE",
+        message: "API key is deactivated",
+        hint: "This API key has been deactivated. Visit your RelayRail dashboard to reactivate this agent or create a new one."
+      }
+    };
+  }
+  const userQuery = supabase.from("users").select("*").eq("id", agent.user_id);
+  const userResult = await userQuery;
+  if (userResult.error || !userResult.data || userResult.data.length === 0) {
+    return {
+      success: false,
+      error: "User account not found",
+      authError: {
+        code: "USER_NOT_FOUND",
+        message: "User account not found",
+        hint: "The API key is valid, but the associated user account was not found. This may indicate a data synchronization issue. Please contact support or try creating a new account."
+      }
+    };
+  }
+  const user = userResult.data[0];
+  const updateData = { last_seen_at: (/* @__PURE__ */ new Date()).toISOString() };
+  const updateQuery = supabase.from("agents").update(updateData).eq("id", agent.id);
+  await updateQuery;
+  return {
+    success: true,
+    agent,
+    user
+  };
+}
+function generateApiKey() {
+  const randomBytes = new Uint8Array(24);
+  crypto.getRandomValues(randomBytes);
+  const keyPortion = Buffer.from(randomBytes).toString("base64url");
+  const key = `${API_KEY_PREFIX}${keyPortion}`;
+  const prefix = getApiKeyPrefix(key);
+  const hash = hashApiKey(key);
+  return { key, prefix, hash };
+}
+
+// src/tools/request-id.ts
+import { nanoid } from "nanoid";
+function generateRequestId() {
+  return nanoid(REQUEST_ID_LENGTH);
+}
+function generateResponseToken() {
+  return nanoid(32);
+}
+
+// src/tools/request-approval.ts
+function createUserContext(user) {
+  return {
+    email: user.email,
+    tier: user.tier,
+    preferred_channel: user.notification_preferences?.preferred_channel || "email"
+  };
+}
+async function requestApproval(params, context) {
+  const { supabase, agent, user, router } = context;
+  const {
+    message,
+    options,
+    context: requestContext,
+    timeout_minutes = DEFAULT_TIMEOUT_MINUTES,
+    severity = "info"
+  } = params;
+  const requestId = generateRequestId();
+  const responseToken = generateResponseToken();
+  const expiresAt = new Date(Date.now() + timeout_minutes * 60 * 1e3);
+  const requestData = {
+    id: requestId,
+    agent_id: agent.id,
+    type: "approval",
+    status: "pending",
+    payload: {
+      message,
+      options,
+      context: requestContext,
+      timeout_minutes,
+      severity
+    },
+    response_token: responseToken,
+    expires_at: expiresAt.toISOString()
+  };
+  const insertResult = await supabase.from("requests").insert(requestData);
+  if (insertResult.error) {
+    throw new Error(`Failed to create request: ${insertResult.error.message}`);
+  }
+  if (router) {
+    const routeResult = await router.routeApproval(
+      {
+        requestId,
+        responseToken,
+        message,
+        options,
+        expiresAt: expiresAt.toISOString(),
+        severity
+      },
+      user,
+      agent
+    );
+    if (routeResult.quotaError) {
+      await supabase.from("requests").update({ status: "expired" }).eq("id", requestId);
+      return {
+        request_id: requestId,
+        status: "blocked",
+        expires_at: expiresAt.toISOString(),
+        user: createUserContext(user),
+        quota_error: routeResult.quotaError
+      };
+    }
+    if (!routeResult.success) {
+      console.warn(`[RelayRail] Failed to send approval notification:`, routeResult.error);
+    }
+    return {
+      request_id: requestId,
+      status: "pending",
+      expires_at: expiresAt.toISOString(),
+      user: createUserContext(user),
+      quota: routeResult.quota
+    };
+  }
+  console.log(`[RelayRail] Approval request created:`, {
+    requestId,
+    user: user.email,
+    agent: agent.name
+  });
+  return {
+    request_id: requestId,
+    status: "pending",
+    expires_at: expiresAt.toISOString(),
+    user: createUserContext(user)
+  };
+}
+
+// src/tools/send-notification.ts
+function createUserContext2(user) {
+  return {
+    email: user.email,
+    tier: user.tier,
+    preferred_channel: user.notification_preferences?.preferred_channel || "email"
+  };
+}
+async function sendNotification(params, context) {
+  const { supabase, agent, user, router } = context;
+  const {
+    message,
+    context: notificationContext,
+    severity = "info"
+  } = params;
+  const requestId = generateRequestId();
+  const preferredChannel = user.notification_preferences?.preferred_channel || "email";
+  const requestData = {
+    id: requestId,
+    agent_id: agent.id,
+    type: "notification",
+    status: "pending",
+    payload: {
+      message,
+      context: notificationContext,
+      severity
+    },
+    // No response token needed for notifications
+    response_token: null,
+    expires_at: null
+    // Notifications don't expire
+  };
+  const insertResult = await supabase.from("requests").insert(requestData);
+  if (insertResult.error) {
+    throw new Error(`Failed to create notification: ${insertResult.error.message}`);
+  }
+  let channel = preferredChannel;
+  if (router) {
+    const routeResult = await router.routeNotification(
+      {
+        requestId,
+        message,
+        severity
+      },
+      user,
+      agent
+    );
+    channel = routeResult.channel;
+    if (routeResult.quotaError) {
+      await supabase.from("requests").update({ status: "expired" }).eq("id", requestId);
+      return {
+        request_id: requestId,
+        status: "blocked",
+        channel,
+        user: createUserContext2(user),
+        quota_error: routeResult.quotaError
+      };
+    }
+    if (!routeResult.success) {
+      console.warn(`[RelayRail] Failed to send notification:`, routeResult.error);
+      return {
+        request_id: requestId,
+        status: "failed",
+        channel,
+        user: createUserContext2(user)
+      };
+    }
+    return {
+      request_id: requestId,
+      status: "pending",
+      channel,
+      user: createUserContext2(user),
+      quota: routeResult.quota
+    };
+  }
+  console.log(`[RelayRail] Notification sent:`, {
+    requestId,
+    channel,
+    user: user.email,
+    agent: agent.name,
+    severity
+  });
+  return {
+    request_id: requestId,
+    status: "pending",
+    channel,
+    user: createUserContext2(user)
+  };
+}
+
+// src/tools/await-response.ts
+var DEFAULT_TIMEOUT_SECONDS = 30;
+var POLL_INTERVAL_MS = 1e3;
+async function awaitResponse(params, context) {
+  const { supabase, agent } = context;
+  const {
+    request_id,
+    timeout_seconds = DEFAULT_TIMEOUT_SECONDS
+  } = params;
+  const startTime = Date.now();
+  const timeoutMs = timeout_seconds * 1e3;
+  while (Date.now() - startTime < timeoutMs) {
+    const requestResult = await supabase.from("requests").select("*").eq("id", request_id).eq("agent_id", agent.id);
+    const result = requestResult;
+    if (result.error || !result.data || result.data.length === 0) {
+      return {
+        request_id,
+        status: "pending",
+        timed_out: false
+      };
+    }
+    const request = result.data[0];
+    if (request.status !== "pending") {
+      return {
+        request_id,
+        status: request.status,
+        response: request.response,
+        timed_out: false
+      };
+    }
+    if (request.expires_at && new Date(request.expires_at) < /* @__PURE__ */ new Date()) {
+      await supabase.from("requests").update({ status: "expired" }).eq("id", request_id);
+      return {
+        request_id,
+        status: "expired",
+        timed_out: false
+      };
+    }
+    await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
+  }
+  return {
+    request_id,
+    status: "pending",
+    timed_out: true
+  };
+}
+
+// src/tools/get-pending-commands.ts
+var DEFAULT_LIMIT = 10;
+async function getPendingCommands(params, context) {
+  const { supabase, agent } = context;
+  const { limit = DEFAULT_LIMIT } = params;
+  const requestResult = await supabase.from("requests").select("*, messages(*)").eq("agent_id", agent.id).eq("type", "command").eq("status", "pending").order("created_at", { ascending: false }).limit(limit);
+  const result = requestResult;
+  if (result.error || !result.data) {
+    return { commands: [] };
+  }
+  const commands = result.data.map((request) => ({
+    request_id: request.id,
+    message: request.payload.message,
+    received_at: request.created_at,
+    channel: request.messages?.[0]?.channel || "email"
+  }));
+  if (commands.length > 0) {
+    const commandIds = commands.map((c) => c.request_id);
+    await supabase.from("requests").update({ status: "delivered" }).in("id", commandIds);
+  }
+  return { commands };
+}
+
+// src/tools/register-agent.ts
+async function registerAgent(params, context) {
+  const { supabase, baseUrl } = context;
+  const { name, user_email, auto_create = true } = params;
+  const cleanBaseUrl = sanitizeBaseUrl(baseUrl);
+  if (!name || name.trim().length === 0) {
+    return {
+      success: false,
+      error: "Agent name is required"
+    };
+  }
+  if (!user_email || !user_email.includes("@")) {
+    return {
+      success: false,
+      error: "Valid user email is required"
+    };
+  }
+  const normalizedEmail = user_email.toLowerCase().trim();
+  const userQuery = supabase.from("users").select("*").eq("email", normalizedEmail);
+  const userResult = await userQuery;
+  if (userResult.error) {
+    return {
+      success: false,
+      error: `Database error: ${userResult.error.message}`
+    };
+  }
+  let user;
+  let accountCreated = false;
+  if (!userResult.data || userResult.data.length === 0) {
+    if (!auto_create) {
+      const signupUrl = buildUrl(cleanBaseUrl, "signup", { email: normalizedEmail });
+      const docsUrl = buildUrl(cleanBaseUrl, "docs/troubleshooting");
+      return {
+        success: false,
+        error: `No account found for "${normalizedEmail}".`,
+        signup_url: signupUrl,
+        instructions: `To use RelayRail, you need an account:
+
+1. SIGN UP: Visit ${signupUrl}
+2. VERIFY: Check your email and click the verification link
+3. RETURN: Run register_agent again with the same email
+
+If you already signed up:
+- Check for typos in the email address
+- Make sure you completed email verification
+- Allow up to 60 seconds for account creation to complete
+
+Need help? Visit ${docsUrl}`
+      };
+    }
+    const newUserId = crypto.randomUUID();
+    const createUserResult = await supabase.from("users").insert({
+      id: newUserId,
+      email: normalizedEmail,
+      tier: "free",
+      notification_preferences: { preferred_channel: "email" },
+      email_verified: false
+    }).select("*").single();
+    if (createUserResult.error) {
+      if (createUserResult.error.message.includes("duplicate") || createUserResult.error.message.includes("unique")) {
+        const retryQuery = supabase.from("users").select("*").eq("email", normalizedEmail).single();
+        const retryResult = await retryQuery;
+        if (retryResult.error || !retryResult.data) {
+          return {
+            success: false,
+            error: `Failed to create or find account: ${createUserResult.error.message}`
+          };
+        }
+        user = retryResult.data;
+      } else {
+        return {
+          success: false,
+          error: `Failed to create account: ${createUserResult.error.message}`
+        };
+      }
+    } else {
+      user = createUserResult.data;
+      accountCreated = true;
+    }
+  } else {
+    user = userResult.data[0];
+  }
+  const { key, prefix, hash } = generateApiKey();
+  const agentData = {
+    user_id: user.id,
+    name: name.trim(),
+    api_key_hash: hash,
+    api_key_prefix: prefix,
+    is_active: true,
+    metadata: {
+      registered_via: "mcp_tool",
+      registered_at: (/* @__PURE__ */ new Date()).toISOString(),
+      auto_created_account: accountCreated
+    }
+  };
+  const insertResult = await supabase.from("agents").insert(agentData).select("id").single();
+  if (insertResult.error) {
+    return {
+      success: false,
+      error: `Failed to create agent: ${insertResult.error.message}`
+    };
+  }
+  const agentId = insertResult.data.id;
+  const usageResult = await supabase.rpc("get_or_create_usage", {
+    p_user_id: user.id
+  });
+  const usage = usageResult.data;
+  const tier = user.tier;
+  const limits = getTierLimits(tier);
+  const emailsUsed = usage?.emails_sent ?? 0;
+  const smsUsed = usage?.sms_sent ?? 0;
+  const channelsAvailable = ["email"];
+  if (tier !== "free" && limits.smsEnabled && user.phone) {
+    channelsAvailable.push("sms");
+  }
+  const accountStatus = {
+    email: user.email,
+    tier,
+    email_verified: user.email_verified ?? false,
+    channels_available: channelsAvailable,
+    quota: {
+      email: {
+        used: emailsUsed,
+        limit: limits.emailsPerMonth,
+        remaining: Math.max(0, limits.emailsPerMonth - emailsUsed)
+      }
+    }
+  };
+  if (tier !== "free") {
+    accountStatus.quota.sms = {
+      used: smsUsed,
+      limit: limits.smsPerMonth,
+      remaining: Math.max(0, limits.smsPerMonth - smsUsed)
+    };
+  }
+  const nextSteps = [];
+  if (accountCreated) {
+    nextSteps.push(`New account created for ${normalizedEmail} on Free tier.`);
+  }
+  nextSteps.push(`Save your API key: ${key}`);
+  nextSteps.push(`Try: send_notification({message: "Hello from RelayRail!"})`);
+  if (tier === "free") {
+    nextSteps.push(`Upgrade to Pro for SMS and 1000 emails/month: ${cleanBaseUrl}/pricing`);
+  }
+  if (!user.email_verified) {
+    nextSteps.push(`Verify your email for full features: Check inbox for verification link.`);
+  }
+  const channelInfo = channelsAvailable.includes("sms") ? "email and SMS" : "email only (upgrade to Pro for SMS)";
+  const quotaInfo = tier === "free" ? `${limits.emailsPerMonth} emails/month` : `${limits.emailsPerMonth} emails + ${limits.smsPerMonth} SMS/month`;
+  return {
+    success: true,
+    api_key: key,
+    agent_id: agentId,
+    account_status: accountStatus,
+    account_created: accountCreated,
+    next_steps: nextSteps,
+    instructions: `Agent "${name}" registered successfully!
+
+ACCOUNT: ${user.email} (${tier} tier)
+CHANNELS: ${channelInfo}
+QUOTA: ${quotaInfo}
+
+IMPORTANT: Save this API key - it will NOT be shown again:
+  ${key}
+
+QUICK START:
+  send_notification({message: "Test from RelayRail"})
+
+MCP CONFIG:
+{
+  "mcpServers": {
+    "relayrail": {
+      "command": "npx",
+      "args": ["@relayrail/server", "start"],
+      "env": { "RELAYRAIL_API_KEY": "${key}" }
+    }
+  }
+}
+
+AVAILABLE TOOLS:
+- send_notification: Send one-way messages
+- request_approval: Ask user to approve/reject
+- await_response: Wait for user reply
+- get_pending_commands: Get commands from user
+- get_account_status: Check quota and channels`
+  };
+}
+
+// src/tools/get-account-status.ts
+async function getAccountStatus(context) {
+  const { supabase, agent, user } = context;
+  const usageResult = await supabase.rpc("get_or_create_usage", {
+    p_user_id: user.id
+  });
+  const usage = usageResult.data;
+  const tier = user.tier;
+  const limits = getTierLimits(tier);
+  const emailsUsed = usage?.emails_sent ?? 0;
+  const smsUsed = usage?.sms_sent ?? 0;
+  const channels = ["email"];
+  if (tier !== "free" && limits.smsEnabled && user.phone) {
+    channels.push("sms");
+  }
+  const tips = [];
+  if (tier === "free") {
+    tips.push("Upgrade to Pro for SMS notifications and 1000 emails/month.");
+  }
+  if (!user.phone && tier !== "free") {
+    tips.push("Add a phone number in settings to enable SMS notifications.");
+  }
+  const preferredChannel = user.notification_preferences?.preferred_channel || "email";
+  if (preferredChannel === "sms" && !channels.includes("sms")) {
+    tips.push("Your preferred channel is SMS but it's not available. Messages will be sent via email.");
+  }
+  const emailRemaining = Math.max(0, limits.emailsPerMonth - emailsUsed);
+  if (emailRemaining < 20) {
+    tips.push(`Low email quota: ${emailRemaining} remaining this month.`);
+  }
+  if (tips.length === 0) {
+    tips.push("Your account is ready to send notifications!");
+  }
+  return {
+    email: user.email,
+    tier,
+    email_verified: user.email_verified ?? false,
+    phone_configured: !!user.phone,
+    channels_available: channels,
+    preferred_channel: preferredChannel,
+    quota: {
+      email: {
+        used: emailsUsed,
+        limit: limits.emailsPerMonth,
+        remaining: emailRemaining,
+        overage_enabled: user.allow_email_overage ?? true
+      },
+      sms: {
+        used: smsUsed,
+        limit: limits.smsPerMonth,
+        remaining: Math.max(0, limits.smsPerMonth - smsUsed),
+        overage_enabled: user.allow_sms_overage ?? true,
+        available: limits.smsEnabled && !!user.phone
+      }
+    },
+    agent: {
+      id: agent.id,
+      name: agent.name,
+      created_at: agent.created_at
+    },
+    tips
+  };
+}
+
+// src/services/email.ts
+import { Resend } from "resend";
+import { encode } from "html-entities";
+function escapeHtml(text) {
+  return encode(text);
+}
+function sanitizeUrl(url) {
+  try {
+    const parsed = new URL(url);
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+      return "#";
+    }
+    return url;
+  } catch {
+    return "#";
+  }
+}
+var EmailService = class {
+  resend;
+  config;
+  supabase;
+  constructor(config, supabase) {
+    this.config = config;
+    this.supabase = supabase;
+    this.resend = new Resend(config.resendApiKey);
+  }
+  /**
+   * Send an approval request email
+   */
+  async sendApprovalEmail(params) {
+    const {
+      to,
+      requestId,
+      responseToken,
+      message,
+      options,
+      agentName,
+      expiresAt,
+      severity = "info"
+    } = params;
+    const responseUrl = sanitizeUrl(`${this.config.baseUrl}/respond/${encodeURIComponent(requestId)}?token=${encodeURIComponent(responseToken)}`);
+    const expiresDate = new Date(expiresAt).toLocaleString();
+    const safeMessage = escapeHtml(message);
+    const safeAgentName = escapeHtml(agentName);
+    const safeRequestId = escapeHtml(requestId);
+    const severityColors = {
+      info: "#3B82F6",
+      warning: "#F59E0B",
+      critical: "#EF4444"
+    };
+    const severityColor = severityColors[severity];
+    const optionsHtml = options?.length ? `
+        <p style="margin: 16px 0 8px 0; color: #6B7280;">Quick responses:</p>
+        <div style="display: flex; gap: 8px; flex-wrap: wrap;">
+          ${options.map((opt) => {
+      const safeOpt = escapeHtml(opt);
+      const optUrl = sanitizeUrl(`${responseUrl}&choice=${encodeURIComponent(opt)}`);
+      return `
+            <a href="${optUrl}"
+               style="display: inline-block; padding: 8px 16px; background: #F3F4F6; color: #374151; text-decoration: none; border-radius: 6px; font-size: 14px;">
+              ${safeOpt}
+            </a>
+          `;
+    }).join("")}
+        </div>
+      ` : "";
+    const html = `
+      <!DOCTYPE html>
+      <html>
+      <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      </head>
+      <body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #F9FAFB; padding: 40px 20px;">
+        <div style="max-width: 600px; margin: 0 auto; background: white; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1);">
+          <div style="padding: 24px; border-bottom: 1px solid #E5E7EB;">
+            <div style="display: flex; align-items: center; gap: 12px;">
+              <span style="display: inline-block; padding: 4px 8px; background: ${severityColor}20; color: ${severityColor}; border-radius: 4px; font-size: 12px; font-weight: 600; text-transform: uppercase;">
+                ${severity}
+              </span>
+              <span style="color: #6B7280; font-size: 14px;">from ${safeAgentName}</span>
+            </div>
+          </div>
+
+          <div style="padding: 24px;">
+            <h1 style="margin: 0 0 16px 0; font-size: 20px; color: #111827;">Approval Required</h1>
+            <p style="margin: 0 0 24px 0; color: #374151; line-height: 1.6; white-space: pre-wrap;">${safeMessage}</p>
+
+            <a href="${responseUrl}" style="display: inline-block; padding: 12px 24px; background: #2563EB; color: white; text-decoration: none; border-radius: 6px; font-weight: 500;">
+              Respond Now
+            </a>
+
+            ${optionsHtml}
+          </div>
+
+          <div style="padding: 16px 24px; background: #F9FAFB; border-top: 1px solid #E5E7EB; border-radius: 0 0 8px 8px;">
+            <p style="margin: 0; color: #9CA3AF; font-size: 12px;">
+              Request ID: ${safeRequestId} \u2022 Expires: ${escapeHtml(expiresDate)}
+            </p>
+          </div>
+        </div>
+
+        <p style="text-align: center; margin-top: 24px; color: #9CA3AF; font-size: 12px;">
+          Sent by <a href="${sanitizeUrl(this.config.baseUrl)}" style="color: #6B7280;">RelayRail</a>
+        </p>
+      </body>
+      </html>
+    `;
+    try {
+      const emailOptions = {
+        from: `${this.config.fromName} <${this.config.fromEmail}>`,
+        to: [to],
+        subject: `[${severity.toUpperCase()}] Approval needed: ${message.substring(0, 50)}${message.length > 50 ? "..." : ""}`,
+        html
+      };
+      if (this.config.inboundDomain) {
+        const replyToAddress = `request-${requestId}@${this.config.inboundDomain}`;
+        emailOptions.replyTo = replyToAddress;
+      }
+      const result = await this.resend.emails.send(emailOptions);
+      await this.logMessage({
+        request_id: requestId,
+        channel: "email",
+        direction: "outbound",
+        external_id: result.data?.id || null,
+        status: result.data?.id ? "sent" : "failed",
+        content: { to, subject: "Approval Request", type: "approval" },
+        error_message: result.error?.message || null
+      });
+      if (result.error) {
+        return { success: false, error: result.error.message };
+      }
+      return { success: true, messageId: result.data?.id };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+      await this.logMessage({
+        request_id: requestId,
+        channel: "email",
+        direction: "outbound",
+        external_id: null,
+        status: "failed",
+        content: { to, subject: "Approval Request", type: "approval" },
+        error_message: errorMessage
+      });
+      return { success: false, error: errorMessage };
+    }
+  }
+  /**
+   * Send a notification email
+   */
+  async sendNotificationEmail(params) {
+    const { to, requestId, message, agentName, severity = "info" } = params;
+    const safeMessage = escapeHtml(message);
+    const safeAgentName = escapeHtml(agentName);
+    const safeRequestId = escapeHtml(requestId);
+    const severityColors = {
+      info: "#3B82F6",
+      warning: "#F59E0B",
+      critical: "#EF4444"
+    };
+    const severityColor = severityColors[severity];
+    const html = `
+      <!DOCTYPE html>
+      <html>
+      <head>
+        <meta charset="utf-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+      </head>
+      <body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #F9FAFB; padding: 40px 20px;">
+        <div style="max-width: 600px; margin: 0 auto; background: white; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1);">
+          <div style="padding: 24px; border-bottom: 1px solid #E5E7EB;">
+            <div style="display: flex; align-items: center; gap: 12px;">
+              <span style="display: inline-block; padding: 4px 8px; background: ${severityColor}20; color: ${severityColor}; border-radius: 4px; font-size: 12px; font-weight: 600; text-transform: uppercase;">
+                ${severity}
+              </span>
+              <span style="color: #6B7280; font-size: 14px;">from ${safeAgentName}</span>
+            </div>
+          </div>
+
+          <div style="padding: 24px;">
+            <h1 style="margin: 0 0 16px 0; font-size: 20px; color: #111827;">Notification</h1>
+            <p style="margin: 0; color: #374151; line-height: 1.6; white-space: pre-wrap;">${safeMessage}</p>
+          </div>
+
+          <div style="padding: 16px 24px; background: #F9FAFB; border-top: 1px solid #E5E7EB; border-radius: 0 0 8px 8px;">
+            <p style="margin: 0; color: #9CA3AF; font-size: 12px;">
+              Request ID: ${safeRequestId}
+            </p>
+          </div>
+        </div>
+
+        <p style="text-align: center; margin-top: 24px; color: #9CA3AF; font-size: 12px;">
+          Sent by <a href="${sanitizeUrl(this.config.baseUrl)}" style="color: #6B7280;">RelayRail</a>
+        </p>
+      </body>
+      </html>
+    `;
+    try {
+      const result = await this.resend.emails.send({
+        from: `${this.config.fromName} <${this.config.fromEmail}>`,
+        to: [to],
+        subject: `[${severity.toUpperCase()}] ${agentName}: ${message.substring(0, 50)}${message.length > 50 ? "..." : ""}`,
+        html
+      });
+      await this.logMessage({
+        request_id: requestId,
+        channel: "email",
+        direction: "outbound",
+        external_id: result.data?.id || null,
+        status: result.data?.id ? "sent" : "failed",
+        content: { to, subject: "Notification", type: "notification" },
+        error_message: result.error?.message || null
+      });
+      if (result.data?.id) {
+        await this.supabase.from("requests").update({ status: "delivered" }).eq("id", requestId);
+      }
+      if (result.error) {
+        return { success: false, error: result.error.message };
+      }
+      return { success: true, messageId: result.data?.id };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+      await this.logMessage({
+        request_id: requestId,
+        channel: "email",
+        direction: "outbound",
+        external_id: null,
+        status: "failed",
+        content: { to, subject: "Notification", type: "notification" },
+        error_message: errorMessage
+      });
+      return { success: false, error: errorMessage };
+    }
+  }
+  /**
+   * Log a message to the database
+   */
+  async logMessage(data) {
+    try {
+      await this.supabase.from("messages").insert(data);
+    } catch (error) {
+      console.error("[RelayRail] Failed to log message:", error);
+    }
+  }
+};
+
+// src/services/sms.ts
+import { Telnyx } from "telnyx";
+var SmsService = class {
+  client;
+  config;
+  supabase;
+  constructor(config, supabase) {
+    this.config = config;
+    this.supabase = supabase;
+    this.client = new Telnyx({ apiKey: config.apiKey });
+  }
+  /**
+   * Send an approval request via SMS
+   */
+  async sendApprovalSms(params) {
+    const {
+      to,
+      requestId,
+      responseToken,
+      message,
+      options,
+      agentName,
+      expiresAt,
+      severity = "info"
+    } = params;
+    const responseUrl = `${this.config.baseUrl}/respond/${requestId}?token=${responseToken}`;
+    const expiresDate = new Date(expiresAt).toLocaleString();
+    const severityPrefix = severity === "critical" ? "!" : severity === "warning" ? "?" : "";
+    let body = `${severityPrefix}[${agentName}] Approval needed:
+
+${message}
+
+Respond: ${responseUrl}`;
+    if (options?.length) {
+      body += `
+
+Reply with: ${options.join(" / ")}`;
+    }
+    body += `
+
+Expires: ${expiresDate}`;
+    if (body.length > 1500) {
+      body = body.substring(0, 1450) + "...\n\nTap link to respond: " + responseUrl;
+    }
+    const normalizedTo = this.normalizePhoneNumber(to);
+    console.log(`[RelayRail SMS] Sending approval SMS:`, {
+      requestId,
+      from: this.config.fromNumber,
+      to: normalizedTo,
+      bodyLength: body.length
+    });
+    try {
+      const result = await this.client.messages.send({
+        from: this.config.fromNumber,
+        to: normalizedTo,
+        text: body
+      });
+      const messageId = result.data?.id;
+      console.log(`[RelayRail SMS] Telnyx response:`, {
+        requestId,
+        messageId,
+        status: result.data?.to?.[0]?.status
+      });
+      await this.logMessage({
+        request_id: requestId,
+        channel: "sms",
+        direction: "outbound",
+        external_id: messageId || null,
+        status: messageId ? "sent" : "pending",
+        content: { to: normalizedTo, type: "approval", messageLength: body.length },
+        error_message: null
+      });
+      return { success: true, messageId };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+      console.error(`[RelayRail SMS] Failed to send:`, {
+        requestId,
+        error: errorMessage,
+        stack: error instanceof Error ? error.stack : void 0
+      });
+      await this.logMessage({
+        request_id: requestId,
+        channel: "sms",
+        direction: "outbound",
+        external_id: null,
+        status: "failed",
+        content: { to: normalizedTo, type: "approval" },
+        error_message: errorMessage
+      });
+      return { success: false, error: errorMessage };
+    }
+  }
+  /**
+   * Send a notification via SMS
+   */
+  async sendNotificationSms(params) {
+    const { to, requestId, message, agentName, severity = "info" } = params;
+    const severityPrefix = severity === "critical" ? "!" : severity === "warning" ? "?" : "";
+    let body = `${severityPrefix}[${agentName}] ${message}`;
+    if (body.length > 1500) {
+      body = body.substring(0, 1500) + "...";
+    }
+    try {
+      const result = await this.client.messages.send({
+        from: this.config.fromNumber,
+        to: this.normalizePhoneNumber(to),
+        text: body
+      });
+      const messageId = result.data?.id;
+      await this.logMessage({
+        request_id: requestId,
+        channel: "sms",
+        direction: "outbound",
+        external_id: messageId || null,
+        status: messageId ? "sent" : "pending",
+        content: { to, type: "notification", messageLength: body.length },
+        error_message: null
+      });
+      await this.supabase.from("requests").update({ status: "delivered" }).eq("id", requestId);
+      return { success: true, messageId };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+      await this.logMessage({
+        request_id: requestId,
+        channel: "sms",
+        direction: "outbound",
+        external_id: null,
+        status: "failed",
+        content: { to, type: "notification" },
+        error_message: errorMessage
+      });
+      return { success: false, error: errorMessage };
+    }
+  }
+  /**
+   * Normalize phone number to E.164 format
+   */
+  normalizePhoneNumber(phone) {
+    let normalized = phone.replace(/[^\d+]/g, "");
+    if (!normalized.startsWith("+") && normalized.length === 10) {
+      normalized = "+1" + normalized;
+    }
+    if (!normalized.startsWith("+")) {
+      normalized = "+" + normalized;
+    }
+    return normalized;
+  }
+  /**
+   * Log a message to the database
+   */
+  async logMessage(data) {
+    try {
+      await this.supabase.from("messages").insert(data);
+    } catch (error) {
+      console.error("[RelayRail] Failed to log message:", error);
+    }
+  }
+};
+
+// src/services/usage.ts
+var UsageService = class {
+  supabase;
+  baseUrl;
+  constructor(supabase, baseUrl) {
+    this.supabase = supabase;
+    this.baseUrl = baseUrl;
+  }
+  /**
+   * Get current usage for a user
+   */
+  async getUsage(userId) {
+    const result = await this.supabase.rpc("get_or_create_usage", {
+      p_user_id: userId
+    });
+    if (result.error) {
+      console.error("Failed to get usage:", result.error);
+      return null;
+    }
+    return result.data;
+  }
+  /**
+   * Check email quota for a user
+   */
+  checkEmailQuota(user, currentUsage) {
+    return checkEmailQuota(
+      user.tier,
+      currentUsage,
+      user.allow_email_overage ?? true,
+      this.baseUrl
+    );
+  }
+  /**
+   * Check SMS quota for a user
+   */
+  checkSmsQuota(user, currentUsage) {
+    return checkSmsQuota(
+      user.tier,
+      currentUsage,
+      user.allow_sms_overage ?? true,
+      this.baseUrl
+    );
+  }
+  /**
+   * Increment email usage with overage tracking
+   * Returns whether the send was allowed and if it was an overage
+   */
+  async incrementEmailUsage(userId, allowOverage) {
+    const result = await this.supabase.rpc("increment_email_usage_with_overage", {
+      p_user_id: userId,
+      p_allow_overage: allowOverage
+    });
+    if (result.error) {
+      console.error("Failed to increment email usage:", result.error);
+      return { count: 0, isOverage: false, blocked: true };
+    }
+    const data = result.data;
+    if (!data || data.length === 0) {
+      return { count: 0, isOverage: false, blocked: true };
+    }
+    const row = data[0];
+    return {
+      count: row.new_count,
+      isOverage: row.is_overage,
+      blocked: row.was_blocked
+    };
+  }
+  /**
+   * Increment SMS usage with overage tracking
+   * Returns whether the send was allowed and if it was an overage
+   */
+  async incrementSmsUsage(userId, allowOverage) {
+    const result = await this.supabase.rpc("increment_sms_usage_with_overage", {
+      p_user_id: userId,
+      p_allow_overage: allowOverage
+    });
+    if (result.error) {
+      console.error("Failed to increment SMS usage:", result.error);
+      return { count: 0, isOverage: false, blocked: true };
+    }
+    const data = result.data;
+    if (!data || data.length === 0) {
+      return { count: 0, isOverage: false, blocked: true };
+    }
+    const row = data[0];
+    return {
+      count: row.new_count,
+      isOverage: row.is_overage,
+      blocked: row.was_blocked
+    };
+  }
+  /**
+   * Record an overage charge for billing
+   */
+  async recordOverageCharge(userId, channel, requestId) {
+    const amountCents = channel === "email" ? EMAIL_OVERAGE_CENTS : SMS_OVERAGE_CENTS;
+    const result = await this.supabase.rpc("record_overage_charge", {
+      p_user_id: userId,
+      p_channel: channel,
+      p_amount_cents: amountCents,
+      p_request_id: requestId ?? null
+    });
+    if (result.error) {
+      console.error("Failed to record overage charge:", result.error);
+      return null;
+    }
+    return result.data;
+  }
+  /**
+   * Get email limit for a user's tier
+   */
+  async getEmailLimit(userId) {
+    const result = await this.supabase.rpc("get_email_limit", {
+      p_user_id: userId
+    });
+    if (result.error) {
+      console.error("Failed to get email limit:", result.error);
+      return 100;
+    }
+    return result.data;
+  }
+  /**
+   * Get SMS limit for a user's tier
+   */
+  async getSmsLimit(userId) {
+    const result = await this.supabase.rpc("get_sms_limit", {
+      p_user_id: userId
+    });
+    if (result.error) {
+      console.error("Failed to get SMS limit:", result.error);
+      return 0;
+    }
+    return result.data;
+  }
+};
+
+// src/services/router.ts
+var RequestRouter = class {
+  emailService;
+  smsService;
+  usageService;
+  smsEnabled;
+  baseUrl;
+  constructor(config, supabase) {
+    this.emailService = new EmailService(config.email, supabase);
+    this.usageService = new UsageService(supabase, config.baseUrl);
+    this.baseUrl = config.baseUrl;
+    this.smsEnabled = !!config.sms?.apiKey;
+    if (config.sms) {
+      this.smsService = new SmsService(config.sms, supabase);
+    }
+  }
+  /**
+   * Route an approval request to the user
+   */
+  async routeApproval(params, user, agent) {
+    const preferredChannel = user.notification_preferences?.preferred_channel || "email";
+    const { channel, fallbackReason } = this.selectChannel(preferredChannel, user);
+    console.log(`[RelayRail Router] Routing approval:`, {
+      requestId: params.requestId,
+      preferredChannel,
+      selectedChannel: channel,
+      fallbackReason,
+      userPhone: user.phone ? `${user.phone.slice(0, 4)}...` : "none",
+      userTier: user.tier,
+      smsEnabled: this.smsEnabled,
+      hasSmsService: !!this.smsService
+    });
+    const usage = await this.usageService.getUsage(user.id);
+    const currentUsage = channel === "sms" ? usage?.sms_sent ?? 0 : usage?.emails_sent ?? 0;
+    const quotaCheck = channel === "sms" ? this.usageService.checkSmsQuota(user, currentUsage) : this.usageService.checkEmailQuota(user, currentUsage);
+    if (!quotaCheck.allowed) {
+      return this.createQuotaErrorResult(channel, quotaCheck, user);
+    }
+    const allowOverage = channel === "sms" ? user.allow_sms_overage ?? true : user.allow_email_overage ?? true;
+    const usageResult = channel === "sms" ? await this.usageService.incrementSmsUsage(user.id, allowOverage) : await this.usageService.incrementEmailUsage(user.id, allowOverage);
+    if (usageResult.blocked) {
+      return this.createQuotaErrorResult(channel, quotaCheck, user);
+    }
+    if (usageResult.isOverage) {
+      await this.usageService.recordOverageCharge(user.id, channel, params.requestId);
+    }
+    let sendResult;
+    if (channel === "sms" && this.smsService && user.phone) {
+      sendResult = await this.smsService.sendApprovalSms({
+        to: user.phone,
+        requestId: params.requestId,
+        responseToken: params.responseToken,
+        message: params.message,
+        options: params.options,
+        agentName: agent.name,
+        expiresAt: params.expiresAt,
+        severity: params.severity
+      });
+    } else {
+      sendResult = await this.emailService.sendApprovalEmail({
+        to: user.email,
+        requestId: params.requestId,
+        responseToken: params.responseToken,
+        message: params.message,
+        options: params.options,
+        agentName: agent.name,
+        expiresAt: params.expiresAt,
+        severity: params.severity
+      });
+    }
+    return {
+      success: sendResult.success,
+      channel,
+      channel_requested: preferredChannel,
+      fallback_reason: fallbackReason,
+      messageId: sendResult.messageId,
+      error: sendResult.error,
+      quota: this.createQuotaInfo(usageResult, quotaCheck, channel)
+    };
+  }
+  /**
+   * Route a notification to the user
+   */
+  async routeNotification(params, user, agent) {
+    const preferredChannel = user.notification_preferences?.preferred_channel || "email";
+    const { channel, fallbackReason } = this.selectChannel(preferredChannel, user);
+    const usage = await this.usageService.getUsage(user.id);
+    const currentUsage = channel === "sms" ? usage?.sms_sent ?? 0 : usage?.emails_sent ?? 0;
+    const quotaCheck = channel === "sms" ? this.usageService.checkSmsQuota(user, currentUsage) : this.usageService.checkEmailQuota(user, currentUsage);
+    if (!quotaCheck.allowed) {
+      return this.createQuotaErrorResult(channel, quotaCheck, user);
+    }
+    const allowOverage = channel === "sms" ? user.allow_sms_overage ?? true : user.allow_email_overage ?? true;
+    const usageResult = channel === "sms" ? await this.usageService.incrementSmsUsage(user.id, allowOverage) : await this.usageService.incrementEmailUsage(user.id, allowOverage);
+    if (usageResult.blocked) {
+      return this.createQuotaErrorResult(channel, quotaCheck, user);
+    }
+    if (usageResult.isOverage) {
+      await this.usageService.recordOverageCharge(user.id, channel, params.requestId);
+    }
+    let sendResult;
+    if (channel === "sms" && this.smsService && user.phone) {
+      sendResult = await this.smsService.sendNotificationSms({
+        to: user.phone,
+        requestId: params.requestId,
+        message: params.message,
+        agentName: agent.name,
+        severity: params.severity
+      });
+    } else {
+      sendResult = await this.emailService.sendNotificationEmail({
+        to: user.email,
+        requestId: params.requestId,
+        message: params.message,
+        agentName: agent.name,
+        severity: params.severity
+      });
+    }
+    return {
+      success: sendResult.success,
+      channel,
+      channel_requested: preferredChannel,
+      fallback_reason: fallbackReason,
+      messageId: sendResult.messageId,
+      error: sendResult.error,
+      quota: this.createQuotaInfo(usageResult, quotaCheck, channel)
+    };
+  }
+  /**
+   * Select the best available channel with fallback logic
+   * Returns the channel to use and a reason if fallback occurred
+   */
+  selectChannel(preferred, user) {
+    const tier = user.tier;
+    const smsAvailable = tier !== "free" && !!user.phone && this.smsEnabled && !!this.smsService;
+    if (preferred === "sms") {
+      if (smsAvailable) {
+        return { channel: "sms" };
+      }
+      let reason;
+      if (tier === "free") {
+        reason = "SMS requires Pro tier. Sent via email instead.";
+      } else if (!user.phone) {
+        reason = "No phone number configured. Sent via email instead.";
+      } else if (!this.smsEnabled || !this.smsService) {
+        reason = "SMS service not configured. Sent via email instead.";
+      } else {
+        reason = "SMS not available. Sent via email instead.";
+      }
+      return { channel: "email", fallbackReason: reason };
+    }
+    return { channel: "email" };
+  }
+  /**
+   * Create quota info object for successful sends
+   */
+  createQuotaInfo(usageResult, quotaCheck, channel) {
+    const overageRate = channel === "sms" ? SMS_OVERAGE_CENTS / 100 : EMAIL_OVERAGE_CENTS / 100;
+    const info = {
+      used: usageResult.count,
+      limit: quotaCheck.limit,
+      remaining: Math.max(0, quotaCheck.limit - usageResult.count)
+    };
+    if (usageResult.isOverage) {
+      info.overage = true;
+      info.overage_rate = overageRate;
+      info.message = `${channel.toUpperCase()} sent as overage. You will be charged $${overageRate.toFixed(2)} for this message.`;
+    }
+    return info;
+  }
+  /**
+   * Create quota error result when send is blocked
+   */
+  createQuotaErrorResult(channel, quotaCheck, user) {
+    const tier = user.tier;
+    const allowOverage = channel === "sms" ? user.allow_sms_overage ?? true : user.allow_email_overage ?? true;
+    let message;
+    if (tier === "free" && channel === "sms") {
+      message = "SMS is not available on the Free tier. Upgrade to Pro for 100 SMS/month.";
+    } else if (!allowOverage) {
+      message = `${channel.toUpperCase()} limit reached (${quotaCheck.current}/${quotaCheck.limit}). Overage charges are disabled in your settings.`;
+    } else {
+      message = quotaCheck.message || `${channel.toUpperCase()} limit reached.`;
+    }
+    return {
+      success: false,
+      channel,
+      error: message,
+      quotaError: {
+        exceeded: true,
+        current: quotaCheck.current,
+        limit: quotaCheck.limit,
+        tier,
+        overage_disabled: !allowOverage,
+        message,
+        enable_overage_url: !allowOverage ? `${sanitizeBaseUrl(this.baseUrl)}/settings?section=billing` : void 0,
+        upgradeUrl: `${sanitizeBaseUrl(this.baseUrl)}/pricing?upgrade=true&reason=${channel}_limit`
+      }
+    };
+  }
+};
+function createRouter(config, supabase) {
+  return new RequestRouter(config, supabase);
+}
+
+// src/server.ts
+var VERSION = "0.1.0";
+var RelayRailServer = class {
+  server;
+  supabase;
+  config;
+  context = null;
+  router = null;
+  constructor(config) {
+    this.config = config;
+    this.supabase = createServiceClient(config.supabaseUrl, config.supabaseServiceRoleKey);
+    const hasEmail = !!config.resendApiKey;
+    const hasSms = !!(config.telnyxApiKey && config.telnyxPhoneNumber);
+    if (hasEmail || hasSms) {
+      this.router = createRouter(
+        {
+          baseUrl: config.baseUrl,
+          email: {
+            resendApiKey: config.resendApiKey || "",
+            fromEmail: "notifications@mail.relayrail.dev",
+            fromName: "RelayRail",
+            baseUrl: config.baseUrl,
+            inboundDomain: "in.relayrail.dev"
+          },
+          sms: hasSms ? {
+            apiKey: config.telnyxApiKey,
+            fromNumber: config.telnyxPhoneNumber,
+            baseUrl: config.baseUrl
+          } : void 0
+        },
+        this.supabase
+      );
+    }
+    this.server = new McpServer({
+      name: "relayrail",
+      version: VERSION
+    });
+    this.registerTools();
+  }
+  /**
+   * Register all MCP tools
+   */
+  registerTools() {
+    this.server.tool(
+      "request_approval",
+      "Request explicit approval from the user before proceeding with an action. The user will receive a notification and can approve or reject.",
+      {
+        message: z.string().describe("The message explaining what approval is being requested"),
+        options: z.array(z.string()).optional().describe("Optional list of response options for the user"),
+        context: z.record(z.unknown()).optional().describe("Additional context data to include"),
+        timeout_minutes: z.number().min(1).max(MAX_TIMEOUT_MINUTES).optional().describe(`Timeout in minutes (default: ${DEFAULT_TIMEOUT_MINUTES}, max: ${MAX_TIMEOUT_MINUTES})`),
+        severity: z.enum(["info", "warning", "critical"]).optional().describe("Severity level of the request")
+      },
+      async (params) => {
+        if (!this.context) {
+          return {
+            content: [{ type: "text", text: JSON.stringify({ error: "Not authenticated" }) }]
+          };
+        }
+        try {
+          const result = await requestApproval(
+            params,
+            {
+              supabase: this.supabase,
+              agent: this.context.agent,
+              user: this.context.user,
+              baseUrl: this.config.baseUrl,
+              router: this.router ?? void 0
+            }
+          );
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify(result)
+            }]
+          };
+        } catch (error) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                error: error instanceof Error ? error.message : "Unknown error"
+              })
+            }]
+          };
+        }
+      }
+    );
+    this.server.tool(
+      "send_notification",
+      "Send a one-way notification to the user. No response is expected.",
+      {
+        message: z.string().describe("The notification message to send"),
+        context: z.record(z.unknown()).optional().describe("Additional context data to include"),
+        severity: z.enum(["info", "warning", "critical"]).optional().describe("Severity level")
+      },
+      async (params) => {
+        if (!this.context) {
+          return {
+            content: [{ type: "text", text: JSON.stringify({ error: "Not authenticated" }) }]
+          };
+        }
+        try {
+          const result = await sendNotification(
+            params,
+            {
+              supabase: this.supabase,
+              agent: this.context.agent,
+              user: this.context.user,
+              router: this.router ?? void 0
+            }
+          );
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify(result)
+            }]
+          };
+        } catch (error) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                error: error instanceof Error ? error.message : "Unknown error"
+              })
+            }]
+          };
+        }
+      }
+    );
+    this.server.tool(
+      "await_response",
+      "Wait for a user response to a previously sent approval request.",
+      {
+        request_id: z.string().describe("The request ID to wait for"),
+        timeout_seconds: z.number().min(1).max(300).optional().describe("How long to wait for a response (default: 30, max: 300)")
+      },
+      async (params) => {
+        if (!this.context) {
+          return {
+            content: [{ type: "text", text: JSON.stringify({ error: "Not authenticated" }) }]
+          };
+        }
+        try {
+          const result = await awaitResponse(
+            params,
+            {
+              supabase: this.supabase,
+              agent: this.context.agent
+            }
+          );
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify(result)
+            }]
+          };
+        } catch (error) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                error: error instanceof Error ? error.message : "Unknown error"
+              })
+            }]
+          };
+        }
+      }
+    );
+    this.server.tool(
+      "get_pending_commands",
+      "Retrieve pending commands sent by the user via SMS or email.",
+      {
+        limit: z.number().min(1).max(100).optional().describe("Maximum number of commands to return (default: 10)")
+      },
+      async (params) => {
+        if (!this.context) {
+          return {
+            content: [{ type: "text", text: JSON.stringify({ error: "Not authenticated" }) }]
+          };
+        }
+        try {
+          const result = await getPendingCommands(
+            params,
+            {
+              supabase: this.supabase,
+              agent: this.context.agent
+            }
+          );
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify(result)
+            }]
+          };
+        } catch (error) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                error: error instanceof Error ? error.message : "Unknown error"
+              })
+            }]
+          };
+        }
+      }
+    );
+    this.server.tool(
+      "register_agent",
+      "Register this agent instance with RelayRail to enable human-in-the-loop communication. Use this tool first if you do not have an API key.",
+      {
+        name: z.string().min(1).max(100).describe("A descriptive name for this agent instance"),
+        user_email: z.string().email().describe("Email address of the user who will own this agent")
+      },
+      async (params) => {
+        try {
+          const result = await registerAgent(
+            params,
+            {
+              supabase: this.supabase,
+              baseUrl: this.config.baseUrl
+            }
+          );
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify(result)
+            }]
+          };
+        } catch (error) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                success: false,
+                error: error instanceof Error ? error.message : "Unknown error"
+              })
+            }]
+          };
+        }
+      }
+    );
+    this.server.tool(
+      "get_account_status",
+      "Check your current account status including tier, available channels, quota usage, and helpful tips.",
+      {},
+      async () => {
+        if (!this.context) {
+          return {
+            content: [{ type: "text", text: JSON.stringify({ error: "Not authenticated. Use register_agent first to get an API key." }) }]
+          };
+        }
+        try {
+          const result = await getAccountStatus({
+            supabase: this.supabase,
+            agent: this.context.agent,
+            user: this.context.user
+          });
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify(result)
+            }]
+          };
+        } catch (error) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                error: error instanceof Error ? error.message : "Unknown error"
+              })
+            }]
+          };
+        }
+      }
+    );
+  }
+  /**
+   * Authenticate with an API key and set the context
+   */
+  async authenticate(apiKey) {
+    const result = await authenticateApiKey(this.supabase, apiKey);
+    if (result.success && result.agent && result.user) {
+      this.context = {
+        agent: result.agent,
+        user: result.user
+      };
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get the current authentication context
+   */
+  getContext() {
+    return this.context;
+  }
+  /**
+   * Get the underlying MCP server instance
+   */
+  getMcpServer() {
+    return this.server;
+  }
+  /**
+   * Get the Supabase client
+   */
+  getSupabase() {
+    return this.supabase;
+  }
+  /**
+   * Get the server configuration
+   */
+  getConfig() {
+    return this.config;
+  }
+  /**
+   * Start the server with stdio transport
+   */
+  async start() {
+    const transport = new StdioServerTransport();
+    await this.server.connect(transport);
+  }
+};
+function createServer(config) {
+  return new RelayRailServer(config);
+}
+
+// src/transports/http.ts
+var MCP_ERRORS = {
+  PARSE_ERROR: -32700,
+  INVALID_REQUEST: -32600,
+  METHOD_NOT_FOUND: -32601,
+  INVALID_PARAMS: -32602,
+  INTERNAL_ERROR: -32603,
+  NOT_AUTHENTICATED: -32e3,
+  RATE_LIMITED: -32001
+};
+var HTTPTransport = class {
+  supabase;
+  config;
+  router = null;
+  sessions = /* @__PURE__ */ new Map();
+  sessionTTL = 24 * 60 * 60 * 1e3;
+  // 24 hours
+  constructor(transportConfig) {
+    this.supabase = transportConfig.supabase;
+    this.config = transportConfig.serverConfig;
+    this.router = transportConfig.router ?? null;
+    if (!this.router) {
+      const hasEmail = !!this.config.resendApiKey;
+      const hasSms = !!(this.config.telnyxApiKey && this.config.telnyxPhoneNumber);
+      if (hasEmail || hasSms) {
+        this.router = createRouter(
+          {
+            baseUrl: this.config.baseUrl,
+            email: {
+              resendApiKey: this.config.resendApiKey || "",
+              fromEmail: "notifications@mail.relayrail.dev",
+              fromName: "RelayRail",
+              baseUrl: this.config.baseUrl,
+              inboundDomain: "in.relayrail.dev"
+            },
+            sms: hasSms ? {
+              apiKey: this.config.telnyxApiKey,
+              fromNumber: this.config.telnyxPhoneNumber,
+              baseUrl: this.config.baseUrl
+            } : void 0
+          },
+          this.supabase
+        );
+      }
+    }
+    setInterval(() => this.cleanupSessions(), 60 * 60 * 1e3);
+  }
+  /**
+   * Handle an incoming HTTP request
+   */
+  async handleRequest(body, apiKey, sessionId) {
+    if (Array.isArray(body)) {
+      const responses = await Promise.all(
+        body.map((req) => this.handleSingleRequest(req, apiKey, sessionId))
+      );
+      return {
+        response: responses.map((r) => r.response),
+        newSessionId: responses[0]?.newSessionId
+      };
+    }
+    return this.handleSingleRequest(body, apiKey, sessionId);
+  }
+  /**
+   * Handle a single MCP request
+   */
+  async handleSingleRequest(request, apiKey, sessionId) {
+    const { id, method, params } = request;
+    if (request.jsonrpc !== "2.0") {
+      return {
+        response: this.errorResponse(id, MCP_ERRORS.INVALID_REQUEST, "Invalid JSON-RPC version")
+      };
+    }
+    switch (method) {
+      case "initialize":
+        return { response: this.handleInitialize(id) };
+      case "tools/list":
+        return { response: this.handleListTools(id) };
+      case "tools/call":
+        return this.handleToolCall(id, params, apiKey, sessionId);
+      case "ping":
+        return { response: this.successResponse(id, { pong: true }) };
+      default:
+        return {
+          response: this.errorResponse(id, MCP_ERRORS.METHOD_NOT_FOUND, `Unknown method: ${method}`)
+        };
+    }
+  }
+  /**
+   * Handle initialize request
+   */
+  handleInitialize(id) {
+    return this.successResponse(id, {
+      protocolVersion: "2024-11-05",
+      capabilities: {
+        tools: {}
+      },
+      serverInfo: {
+        name: "relayrail",
+        version: VERSION
+      }
+    });
+  }
+  /**
+   * Handle tools/list request
+   */
+  handleListTools(id) {
+    const tools = [
+      {
+        name: "register_agent",
+        description: "Register this agent instance with RelayRail to enable human-in-the-loop communication. Use this tool first if you do not have an API key.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            name: {
+              type: "string",
+              description: "A descriptive name for this agent instance"
+            },
+            user_email: {
+              type: "string",
+              description: "Email address of the user who will own this agent"
+            }
+          },
+          required: ["name", "user_email"]
+        }
+      },
+      {
+        name: "request_approval",
+        description: "Request explicit approval from the user before proceeding with an action. The user will receive a notification and can approve or reject.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            message: {
+              type: "string",
+              description: "The message explaining what approval is being requested"
+            },
+            options: {
+              type: "array",
+              items: { type: "string" },
+              description: "Optional list of response options for the user"
+            },
+            context: {
+              type: "object",
+              description: "Additional context data to include"
+            },
+            timeout_minutes: {
+              type: "number",
+              description: "Timeout in minutes (default: 60, max: 1440)"
+            },
+            severity: {
+              type: "string",
+              enum: ["info", "warning", "critical"],
+              description: "Severity level of the request"
+            }
+          },
+          required: ["message"]
+        }
+      },
+      {
+        name: "send_notification",
+        description: "Send a one-way notification to the user. No response is expected.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            message: {
+              type: "string",
+              description: "The notification message to send"
+            },
+            context: {
+              type: "object",
+              description: "Additional context data to include"
+            },
+            severity: {
+              type: "string",
+              enum: ["info", "warning", "critical"],
+              description: "Severity level"
+            }
+          },
+          required: ["message"]
+        }
+      },
+      {
+        name: "await_response",
+        description: "Wait for a user response to a previously sent approval request.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            request_id: {
+              type: "string",
+              description: "The request ID to wait for"
+            },
+            timeout_seconds: {
+              type: "number",
+              description: "How long to wait for a response (default: 30, max: 300)"
+            }
+          },
+          required: ["request_id"]
+        }
+      },
+      {
+        name: "get_pending_commands",
+        description: "Retrieve pending commands sent by the user via SMS or email.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            limit: {
+              type: "number",
+              description: "Maximum number of commands to return (default: 10)"
+            }
+          }
+        }
+      }
+    ];
+    return this.successResponse(id, { tools });
+  }
+  /**
+   * Handle tools/call request
+   */
+  async handleToolCall(id, params, apiKey, sessionId) {
+    const { name, arguments: args } = params;
+    if (name === "register_agent") {
+      try {
+        const result = await registerAgent(
+          args,
+          {
+            supabase: this.supabase,
+            baseUrl: this.config.baseUrl
+          }
+        );
+        return { response: this.successResponse(id, { content: [{ type: "text", text: JSON.stringify(result) }] }) };
+      } catch (error) {
+        return {
+          response: this.successResponse(id, {
+            content: [
+              {
+                type: "text",
+                text: JSON.stringify({
+                  success: false,
+                  error: error instanceof Error ? error.message : "Unknown error"
+                })
+              }
+            ]
+          })
+        };
+      }
+    }
+    let context = null;
+    let newSessionId;
+    if (sessionId) {
+      const session = this.sessions.get(sessionId);
+      if (session && session.expiresAt > Date.now()) {
+        context = session.context;
+      }
+    }
+    if (!context && apiKey) {
+      const authResult = await authenticateApiKey(this.supabase, apiKey);
+      if (authResult.success && authResult.agent && authResult.user) {
+        context = {
+          agent: authResult.agent,
+          user: authResult.user
+        };
+        newSessionId = crypto.randomUUID();
+        this.sessions.set(newSessionId, {
+          context,
+          expiresAt: Date.now() + this.sessionTTL
+        });
+      }
+    }
+    if (!context) {
+      return {
+        response: this.errorResponse(
+          id,
+          MCP_ERRORS.NOT_AUTHENTICATED,
+          "Authentication required. Provide API key via Authorization header or use register_agent tool first."
+        )
+      };
+    }
+    try {
+      let result;
+      switch (name) {
+        case "request_approval":
+          result = await requestApproval(args, {
+            supabase: this.supabase,
+            agent: context.agent,
+            user: context.user,
+            baseUrl: this.config.baseUrl,
+            router: this.router ?? void 0
+          });
+          break;
+        case "send_notification":
+          result = await sendNotification(args, {
+            supabase: this.supabase,
+            agent: context.agent,
+            user: context.user,
+            router: this.router ?? void 0
+          });
+          break;
+        case "await_response":
+          result = await awaitResponse(args, {
+            supabase: this.supabase,
+            agent: context.agent
+          });
+          break;
+        case "get_pending_commands":
+          result = await getPendingCommands(args, {
+            supabase: this.supabase,
+            agent: context.agent
+          });
+          break;
+        default:
+          return {
+            response: this.errorResponse(id, MCP_ERRORS.METHOD_NOT_FOUND, `Unknown tool: ${name}`),
+            newSessionId
+          };
+      }
+      return {
+        response: this.successResponse(id, {
+          content: [{ type: "text", text: JSON.stringify(result) }]
+        }),
+        newSessionId
+      };
+    } catch (error) {
+      return {
+        response: this.successResponse(id, {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                error: error instanceof Error ? error.message : "Unknown error"
+              })
+            }
+          ]
+        }),
+        newSessionId
+      };
+    }
+  }
+  /**
+   * Create a success response
+   */
+  successResponse(id, result) {
+    return {
+      jsonrpc: "2.0",
+      id,
+      result
+    };
+  }
+  /**
+   * Create an error response
+   */
+  errorResponse(id, code, message, data) {
+    return {
+      jsonrpc: "2.0",
+      id,
+      error: {
+        code,
+        message,
+        ...data ? { data } : {}
+      }
+    };
+  }
+  /**
+   * Clean up expired sessions
+   */
+  cleanupSessions() {
+    const now = Date.now();
+    for (const [sessionId, session] of this.sessions) {
+      if (session.expiresAt < now) {
+        this.sessions.delete(sessionId);
+      }
+    }
+  }
+};
+function createHTTPTransport(config) {
+  return new HTTPTransport(config);
+}
+export {
+  HTTPTransport,
+  MCP_ERRORS,
+  RelayRailServer,
+  VERSION,
+  authenticateApiKey,
+  createHTTPTransport,
+  createServer,
+  generateApiKey,
+  getApiKeyPrefix,
+  hashApiKey
+};