@rubytech/create-realagent 1.0.702 → 1.0.703

package/payload/platform/plugins/linkedin-import/skills/linkedin-import/references/profile.md

@@ -0,0 +1,102 @@
+# Reference: Profile.csv
+
+Enriches the confirmed archive owner's `:UserProfile` with the LinkedIn profile fields. No new nodes, no new edges — `:AdminUser` and `:UserProfile` already exist for any Maxy operator and are linked by `[:HAS_PROFILE]` at session start.
+
+Runs before every other reference because later files display LinkedIn profile fields (headline, summary) on the owner node they MATCH.
+
+## Source
+
+`Profile.csv` — single data row.
+
+## Columns → UserProfile properties
+
+Schema.org camelCase per `platform/plugins/memory/references/schema-base.md`.
+
+| CSV column | Property on `:UserProfile` |
+|------------|----------------------------|
+| First Name | `givenName` |
+| Last Name | `familyName` |
+| Maiden Name | `additionalName` (nullable) |
+| Address | `address` (nullable) |
+| Birth Date | `birthDate` (nullable, ISO 8601) |
+| Headline | `headline` |
+| Summary | `description` |
+| Industry | `industry` (nullable) |
+| Zip Code | `postalCode` (nullable) |
+| Geo Location | `addressLocality` (nullable) |
+| Twitter Handles | `twitterHandles` — array, split on `,` |
+| Websites | `websites` — array, split on `,` |
+| Instant Messengers | `instantMessengers` — array, split on `,` |
+
+## Anchor
+
+```
+(:AdminUser {userId: $ownerUserId}) -[:HAS_PROFILE]-> (:UserProfile {accountId, userId})
+```
+
+The skill run has already persisted `$ownerUserId` (and its resolved `$accountId`) from the owner-confirmation flow. This reference trusts those parameters.
+
+## Cypher
+
+```cypher
+// Parameters:
+//   $ownerUserId — AdminUser.userId of the confirmed archive owner
+//   $accountId   — the UserProfile accountId resolved alongside $ownerUserId
+//   $sessionId   — UUID generated once per skill run
+//   $row         — parsed object with the columns above
+
+MATCH (au:AdminUser {userId: $ownerUserId})
+MERGE (au)-[:HAS_PROFILE]->(up:UserProfile {accountId: $accountId, userId: $ownerUserId})
+  ON CREATE SET
+    up.createdAt       = datetime(),
+    up.createdByAgent  = 'linkedin-import',
+    up.createdBySource = 'linkedin-import',
+    up.createdBySession= $sessionId
+SET
+    up.givenName          = $row.givenName,
+    up.familyName         = $row.familyName,
+    up.additionalName     = $row.additionalName,
+    up.address            = $row.address,
+    up.birthDate          = $row.birthDate,
+    up.headline           = $row.headline,
+    up.description        = $row.description,
+    up.industry           = $row.industry,
+    up.postalCode         = $row.postalCode,
+    up.addressLocality    = $row.addressLocality,
+    up.twitterHandles     = $row.twitterHandles,
+    up.websites           = $row.websites,
+    up.instantMessengers  = $row.instantMessengers,
+    up.linkedinProfileUpdatedAt = datetime(),
+    up.source             = coalesce(up.source, 'linkedin')
+
+RETURN elementId(up) AS ownerProfileElementId
+```
+
+The `MERGE (au)-[:HAS_PROFILE]->(up)` is idempotent: for any operator whose session has already run, `(au)-[:HAS_PROFILE]->(up)` already exists — this statement simply matches it and SETs properties. If the operator has never opened a Maxy session for this account (rare; the UserProfile normally exists before any skill runs), it is created here.
+
+## Expected outcome
+
+- Zero new nodes (typical case).
+- Zero new edges (typical case).
+- One existing `:UserProfile` enriched with 10–13 new properties.
+- `ownerProfileElementId` returned for downstream references that want to cache the anchor.
+
+## Failure modes
+
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| Zero rows returned from `MATCH (au:AdminUser {userId: $ownerUserId})` | `$ownerUserId` doesn't resolve — operator typo in confirmation, or AdminUser missing | Re-run the owner-confirmation flow; verify `platform/config/users.json` contains the expected userId |
+| `up.websites` written as a single string not an array | Parser didn't split on `,` | Fix parser — LinkedIn comma-delimits these fields |
+| Constraint violation on `user_profile_account_user_unique` | Shouldn't happen — MERGE uses the composite key | Indicates a pre-existing duplicate; investigate with `MATCH (up:UserProfile {accountId: $accountId, userId: $ownerUserId}) RETURN count(up)` |
+
+## Post-import verification
+
+```cypher
+MATCH (au:AdminUser {userId: $ownerUserId})-[:HAS_PROFILE]->(up:UserProfile)
+RETURN
+  au.name, au.userId,
+  up.givenName, up.familyName, up.headline, up.description,
+  up.websites, up.linkedinProfileUpdatedAt
+```
+
+Exactly one row. If zero, either the AdminUser doesn't exist or the HAS_PROFILE edge wasn't MERGEd — investigate before running any subsequent reference.

package/payload/platform/plugins/memory/mcp/dist/lib/graph-write-gate.d.ts

@@ -0,0 +1,21 @@
+export interface SessionLike {
+    run(query: string, params?: Record<string, unknown>): Promise<{
+        records: Array<{
+            get(key: string): unknown;
+        }>;
+    }>;
+}
+export interface GateArgs {
+    session: SessionLike;
+    accountId: string;
+    labels: string[];
+}
+export type GateResult = {
+    ok: true;
+} | {
+    ok: false;
+    reason: "no-admin-user" | "no-local-business";
+    message: string;
+};
+export declare function checkGraphWriteGate(args: GateArgs): Promise<GateResult>;
+//# sourceMappingURL=graph-write-gate.d.ts.map

package/payload/platform/plugins/memory/mcp/dist/lib/graph-write-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"graph-write-gate.d.ts","sourceRoot":"","sources":["../../src/lib/graph-write-gate.ts"],"names":[],"mappings":"AAoBA,MAAM,WAAW,WAAW;IAC1B,GAAG,CACD,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,WAAW,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,MAAM,UAAU,GAClB;IAAE,EAAE,EAAE,IAAI,CAAA;CAAE,GACZ;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,eAAe,GAAG,mBAAmB,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAYlF,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,CAkC7E"}

package/payload/platform/plugins/memory/mcp/dist/lib/graph-write-gate.js

@@ -0,0 +1,50 @@
+// Graph-write precondition gate (Task 685).
+//
+// Refuses any `memory-write` / `memory-update` against a non-exempt node
+// label until the account's AdminUser AND LocalBusiness both exist in the
+// graph. The purpose is doctrine enforcement: SOUL is personality, factual
+// business data lives in the graph, and the agent must run `business-profile`
+// before writing user-domain nodes (WebSite, Service, etc.). Prose rules
+// drifted across past sessions; this gate removes the LLM from the decision
+// path entirely (feedback_deterministic_means_remove_llm.md).
+//
+// The exempt set is the base case that breaks the chicken-and-egg: the agent
+// must be able to write Person, LocalBusiness, and AdminUser *before* anything
+// else — otherwise no onboarding can ever complete. Public-agent customer
+// capture writes `Person`, so exempting it keeps that flow working even when
+// the admin side has not run business-profile.
+//
+// Scope: this gate lives only in the MCP memory-write/update path the agent
+// calls. Server-side writers (neo4j-store, workflow-execute, admin/index)
+// are owned by Task 673's provenance doctrine — disjoint enforcement.
+const EXEMPT_LABELS = new Set([
+    "Person",
+    "LocalBusiness",
+    "AdminUser",
+]);
+const NEXT_MOVE = "Run the business-profile skill to establish the admin user and " +
+    "business identity before writing this node.";
+export async function checkGraphWriteGate(args) {
+    const { session, accountId, labels } = args;
+    if (labels.some((l) => EXEMPT_LABELS.has(l))) {
+        return { ok: true };
+    }
+    // COUNT subquery form — one query, no cartesian-product surprises,
+    // account-scoped so multi-account installs don't cross-contaminate.
+    const result = await session.run(`RETURN
+       COUNT { MATCH (au:AdminUser {accountId: $accountId}) } > 0 AS hasAdmin,
+       COUNT { MATCH (lb:LocalBusiness {accountId: $accountId}) } > 0 AS hasBusiness`, { accountId });
+    const record = result.records[0];
+    const hasAdmin = Boolean(record?.get("hasAdmin"));
+    const hasBusiness = Boolean(record?.get("hasBusiness"));
+    if (hasAdmin && hasBusiness) {
+        return { ok: true };
+    }
+    const reason = hasAdmin
+        ? "no-local-business"
+        : "no-admin-user";
+    console.log(`[graph-write-gate] reject accountId=${accountId.slice(0, 8)}… ` +
+        `reason=${reason} nodeLabels=${labels.join(",")}`);
+    return { ok: false, reason, message: NEXT_MOVE };
+}
+//# sourceMappingURL=graph-write-gate.js.map

package/payload/platform/plugins/memory/mcp/dist/lib/graph-write-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"graph-write-gate.js","sourceRoot":"","sources":["../../src/lib/graph-write-gate.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,EAAE;AACF,yEAAyE;AACzE,0EAA0E;AAC1E,2EAA2E;AAC3E,8EAA8E;AAC9E,yEAAyE;AACzE,4EAA4E;AAC5E,8DAA8D;AAC9D,EAAE;AACF,6EAA6E;AAC7E,+EAA+E;AAC/E,0EAA0E;AAC1E,6EAA6E;AAC7E,+CAA+C;AAC/C,EAAE;AACF,4EAA4E;AAC5E,0EAA0E;AAC1E,sEAAsE;AAmBtE,MAAM,aAAa,GAAwB,IAAI,GAAG,CAAC;IACjD,QAAQ;IACR,eAAe;IACf,WAAW;CACZ,CAAC,CAAC;AAEH,MAAM,SAAS,GACb,iEAAiE;IACjE,6CAA6C,CAAC;AAEhD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IAAc;IACtD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAE5C,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,mEAAmE;IACnE,oEAAoE;IACpE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAC9B;;qFAEiF,EACjF,EAAE,SAAS,EAAE,CACd,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IAExD,IAAI,QAAQ,IAAI,WAAW,EAAE,CAAC;QAC5B,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,MAAM,MAAM,GAA0C,QAAQ;QAC5D,CAAC,CAAC,mBAAmB;QACrB,CAAC,CAAC,eAAe,CAAC;IAEpB,OAAO,CAAC,GAAG,CACT,uCAAuC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI;QAC9D,UAAU,MAAM,eAAe,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACpD,CAAC;IAEF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACnD,CAAC"}

package/payload/platform/plugins/memory/mcp/dist/tools/memory-update.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"memory-update.d.ts","sourceRoot":"","sources":["../../src/tools/memory-update.ts"],"names":[],"mappings":"AAIA,UAAU,YAAY;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,UAAU,YAAY;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAwE9E"}
+{"version":3,"file":"memory-update.d.ts","sourceRoot":"","sources":["../../src/tools/memory-update.ts"],"names":[],"mappings":"AAKA,UAAU,YAAY;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,UAAU,YAAY;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CA4F9E"}

package/payload/platform/plugins/memory/mcp/dist/tools/memory-update.js

@@ -1,6 +1,7 @@
 import { getSession } from "../lib/neo4j.js";
 import { embed } from "../lib/embeddings.js";
 import { buildTextRepresentation } from "./memory-write.js";
+import { checkGraphWriteGate } from "../lib/graph-write-gate.js";
 export async function memoryUpdate(params) {
     const { nodeId, properties, accountId } = params;
     if (Object.keys(properties).length === 0) {
@@ -19,6 +20,20 @@ export async function memoryUpdate(params) {
     }
     const session = getSession();
     try {
+        // Task 685 — fetch the target node's labels first so the gate can
+        // respect the exempt set (Person, LocalBusiness, AdminUser). Labels
+        // don't mutate on existing nodes in this codebase, so two queries is
+        // safe and simpler than encoding the exemption inside the update cypher.
+        const labelResult = await session.run(`MATCH (n) WHERE elementId(n) = $nodeId AND n.accountId = $accountId
+       RETURN labels(n) AS nodeLabels`, { nodeId, accountId });
+        if (labelResult.records.length === 0) {
+            throw new Error(`Node not found or not owned by this account (ID: ${nodeId}).`);
+        }
+        const targetLabels = labelResult.records[0].get("nodeLabels");
+        const gate = await checkGraphWriteGate({ session, accountId, labels: targetLabels });
+        if (!gate.ok) {
+            throw new Error(`Update blocked (${gate.reason}): ${gate.message}`);
+        }
         // Match by element ID AND accountId to prevent cross-account edits
         const updateQuery = `
       MATCH (n)

package/payload/platform/plugins/memory/mcp/dist/tools/memory-update.js.map

@@ -1 +1 @@
-{"version":3,"file":"memory-update.js","sourceRoot":"","sources":["../../src/tools/memory-update.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAc5D,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAoB;IACrD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAEjD,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,0EAA0E;IAC1E,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;IACjF,MAAM,SAAS,GAA4B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,mEAAmE;QACnE,MAAM,WAAW,GAAG;;;;;KAKnB,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE;YAC5C,MAAM;YACN,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,oDAAoD,MAAM,IAAI,CAC/D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAW,CAAC;QACrD,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAa,CAAC;QACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAA4B,CAAC;QAEnE,mCAAmC;QACnC,MAAM,aAAa,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QACtC,OAAO,aAAa,CAAC,SAAS,CAAC;QAC/B,OAAO,aAAa,CAAC,SAAS,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC5E,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAEhD,MAAM,OAAO,CAAC,GAAG,CACf,qEAAqE,EACrE,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,CACrC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,0EAA0E;YAC1E,kFAAkF;YAClF,qCAAqC;QACvC,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACtE,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC"}
+{"version":3,"file":"memory-update.js","sourceRoot":"","sources":["../../src/tools/memory-update.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAcjE,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAoB;IACrD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAEjD,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,0EAA0E;IAC1E,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;IACjF,MAAM,SAAS,GAA4B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,kEAAkE;QAClE,oEAAoE;QACpE,qEAAqE;QACrE,yEAAyE;QACzE,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC;sCACgC,EAChC,EAAE,MAAM,EAAE,SAAS,EAAE,CACtB,CAAC;QACF,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,oDAAoD,MAAM,IAAI,CAC/D,CAAC;QACJ,CAAC;QACD,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAa,CAAC;QAC1E,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,mEAAmE;QACnE,MAAM,WAAW,GAAG;;;;;KAKnB,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE;YAC5C,MAAM;YACN,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CACb,oDAAoD,MAAM,IAAI,CAC/D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAW,CAAC;QACrD,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAa,CAAC;QACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAA4B,CAAC;QAEnE,mCAAmC;QACnC,MAAM,aAAa,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QACtC,OAAO,aAAa,CAAC,SAAS,CAAC;QAC/B,OAAO,aAAa,CAAC,SAAS,CAAC;QAE/B,IAAI,CAAC;YACH,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC5E,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAEhD,MAAM,OAAO,CAAC,GAAG,CACf,qEAAqE,EACrE,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,CACrC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,0EAA0E;YAC1E,kFAAkF;YAClF,qCAAqC;QACvC,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACtE,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC"}

package/payload/platform/plugins/memory/mcp/dist/tools/memory-write.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"memory-write.d.ts","sourceRoot":"","sources":["../../src/tools/memory-write.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAE5D,OAAO,EAEL,KAAK,iBAAiB,EACtB,KAAK,SAAS,EACf,MAAM,8CAA8C,CAAC;AAEtD,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6HAA6H;IAC7H,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,aAAa,EAAE,iBAAiB,EAAE,CAAC;IACnC,+EAA+E;IAC/E,SAAS,EAAE,SAAS,CAAC;IACrB;;;;OAIG;IACH,MAAM,EAAE,YAAY,CAAC;CACtB;AAED,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,WAAW,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CAkH3E;AAED,wFAAwF;AACxF,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,GACd;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAKhD;AAED,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EAAE,EAChB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAClC,MAAM,CAUR"}
+{"version":3,"file":"memory-write.d.ts","sourceRoot":"","sources":["../../src/tools/memory-write.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAG5D,OAAO,EAEL,KAAK,iBAAiB,EACtB,KAAK,SAAS,EACf,MAAM,8CAA8C,CAAC;AAEtD,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6HAA6H;IAC7H,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,aAAa,EAAE,iBAAiB,EAAE,CAAC;IACnC,+EAA+E;IAC/E,SAAS,EAAE,SAAS,CAAC;IACrB;;;;OAIG;IACH,MAAM,EAAE,YAAY,CAAC;CACtB;AAED,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,WAAW,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,CA6H3E;AAED,wFAAwF;AACxF,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,GACd;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAKhD;AAED,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EAAE,EAChB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAClC,MAAM,CAUR"}

package/payload/platform/plugins/memory/mcp/dist/tools/memory-write.js

@@ -1,6 +1,7 @@
 import { getSession } from "../lib/neo4j.js";
 import { embed } from "../lib/embeddings.js";
 import { validateWrite } from "../lib/schema-validator.js";
+import { checkGraphWriteGate } from "../lib/graph-write-gate.js";
 import { writeNodeWithEdges, } from "../../../../../lib/graph-write/dist/index.js";
 export async function memoryWrite(params) {
     const { labels, properties, accountId, scope, relationships, createdBy, schema } = params;
@@ -21,6 +22,16 @@ export async function memoryWrite(params) {
     const session = getSession();
     const labelStr = labels.map((l) => `\`${l}\``).join(":");
     try {
+        // Task 685 — precondition: AdminUser + LocalBusiness must exist for the
+        // account before any non-exempt node is written. Exempt labels (Person,
+        // LocalBusiness, AdminUser) pass through so the bootstrap writes the
+        // agent needs to run `business-profile` are not themselves blocked.
+        if (accountId) {
+            const gate = await checkGraphWriteGate({ session, accountId, labels });
+            if (!gate.ok) {
+                throw new Error(`Write blocked (${gate.reason}): ${gate.message}`);
+            }
+        }
         const textForEmbedding = buildTextRepresentation(labels, properties);
         const embedding = await embed(textForEmbedding);
         const nodeProps = {

package/payload/platform/plugins/memory/mcp/dist/tools/memory-write.js.map

@@ -1 +1 @@
-{"version":3,"file":"memory-write.js","sourceRoot":"","sources":["../../src/tools/memory-write.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EACL,kBAAkB,GAGnB,MAAM,8CAA8C,CAAC;AA8BtD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAmB;IACnD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1F,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAC;IACxG,CAAC;IAED,uEAAuE;IACvE,0EAA0E;IAC1E,yEAAyE;IACzE,gDAAgD;IAChD,IAAI,CAAC;QACH,aAAa,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACX,6CAA6C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,SAAS,IAAI,QAAQ,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC5J,CAAC;QACF,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEzD,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAChD,MAAM,SAAS,GAA4B;YACzC,GAAG,UAAU;YACb,SAAS;YACT,KAAK;YACL,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;YACnD,SAAS,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC;YACtC,OAAO;YACP,MAAM;YACN,KAAK,EAAE,SAAS;YAChB,aAAa;YACb,SAAS;SACV,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACzE,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,4EAA4E;QAC5E,6EAA6E;QAC7E,IACE,KAAK,YAAY,KAAK;YACtB,MAAM,IAAI,KAAK;YACd,KAA0B,CAAC,IAAI;gBAC9B,mDAAmD,EACrD,CAAC;YACD,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CACX,yCAAyC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBACzD,CAAC,MAAM;oBACL,CAAC,CAAC,gBAAgB,MAAM,CAAC,QAAQ,QAAQ,MAAM,CAAC,SAAS,GAAG;oBAC5D,CAAC,CAAC,qCAAqC,KAAK,CAAC,OAAO,EAAE,CAAC,CAC5D,CAAC;YAEF,IAAI,CAAC;gBACH,IAAI,WAAmB,CAAC;gBACxB,IAAI,YAAqC,CAAC;gBAE1C,IAAI,MAAM,EAAE,CAAC;oBACX,0EAA0E;oBAC1E,WAAW,GAAG;uBACD,QAAQ;qDACsB,MAAM,CAAC,QAAQ;;WAEzD,CAAC;oBACF,YAAY,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC5D,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG;uBACD,QAAQ;;;;WAIpB,CAAC;oBACF,YAAY,GAAG,EAAE,SAAS,EAAE,CAAC;gBAC/B,CAAC;gBAED,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;gBAClE,IAAI,YAAY,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAW,CAAC;oBACvE,MAAM,MAAM,GAAG,MAAM;wBACnB,CAAC,CAAC,gBAAgB,MAAM,CAAC,QAAQ,QAAQ,MAAM,CAAC,SAAS,cAAc;wBACvE,CAAC,CAAC,8BAA8B,CAAC;oBACnC,OAAO,CAAC,KAAK,CACX,6CAA6C,UAAU,EAAE,CAC1D,CAAC;oBACF,MAAM,IAAI,KAAK,CACb,mCAAmC,UAAU,IAAI,MAAM,mDAAmD,CAC3G,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,WAAW,EAAE,CAAC;gBACrB,oEAAoE;gBACpE,IACE,WAAW,YAAY,KAAK;oBAC5B,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,EACrD,CAAC;oBACD,MAAM,WAAW,CAAC;gBACpB,CAAC;gBACD,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,WAAW,CAAC,CAAC;gBAChF,0EAA0E;YAC5E,CAAC;QACH,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED,wFAAwF;AACxF,MAAM,UAAU,uBAAuB,CACrC,OAAe;IAEf,mFAAmF;IACnF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IAClE,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,MAAgB,EAChB,UAAmC;IAEnC,MAAM,KAAK,GAAa,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACjE,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}
+{"version":3,"file":"memory-write.js","sourceRoot":"","sources":["../../src/tools/memory-write.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAE7C,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EACL,kBAAkB,GAGnB,MAAM,8CAA8C,CAAC;AA8BtD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAmB;IACnD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAE1F,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAC;IACxG,CAAC;IAED,uEAAuE;IACvE,0EAA0E;IAC1E,yEAAyE;IACzE,gDAAgD;IAChD,IAAI,CAAC;QACH,aAAa,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CACX,6CAA6C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,SAAS,IAAI,QAAQ,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC5J,CAAC;QACF,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEzD,IAAI,CAAC;QACH,wEAAwE;QACxE,wEAAwE;QACxE,qEAAqE;QACrE,oEAAoE;QACpE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;YACvE,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,kBAAkB,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAED,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAChD,MAAM,SAAS,GAA4B;YACzC,GAAG,UAAU;YACb,SAAS;YACT,KAAK;YACL,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;YACnD,SAAS,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC;YACtC,OAAO;YACP,MAAM;YACN,KAAK,EAAE,SAAS;YAChB,aAAa;YACb,SAAS;SACV,CAAC,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACzE,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,4EAA4E;QAC5E,6EAA6E;QAC7E,IACE,KAAK,YAAY,KAAK;YACtB,MAAM,IAAI,KAAK;YACd,KAA0B,CAAC,IAAI;gBAC9B,mDAAmD,EACrD,CAAC;YACD,MAAM,MAAM,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CACX,yCAAyC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBACzD,CAAC,MAAM;oBACL,CAAC,CAAC,gBAAgB,MAAM,CAAC,QAAQ,QAAQ,MAAM,CAAC,SAAS,GAAG;oBAC5D,CAAC,CAAC,qCAAqC,KAAK,CAAC,OAAO,EAAE,CAAC,CAC5D,CAAC;YAEF,IAAI,CAAC;gBACH,IAAI,WAAmB,CAAC;gBACxB,IAAI,YAAqC,CAAC;gBAE1C,IAAI,MAAM,EAAE,CAAC;oBACX,0EAA0E;oBAC1E,WAAW,GAAG;uBACD,QAAQ;qDACsB,MAAM,CAAC,QAAQ;;WAEzD,CAAC;oBACF,YAAY,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC5D,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG;uBACD,QAAQ;;;;WAIpB,CAAC;oBACF,YAAY,GAAG,EAAE,SAAS,EAAE,CAAC;gBAC/B,CAAC;gBAED,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;gBAClE,IAAI,YAAY,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAW,CAAC;oBACvE,MAAM,MAAM,GAAG,MAAM;wBACnB,CAAC,CAAC,gBAAgB,MAAM,CAAC,QAAQ,QAAQ,MAAM,CAAC,SAAS,cAAc;wBACvE,CAAC,CAAC,8BAA8B,CAAC;oBACnC,OAAO,CAAC,KAAK,CACX,6CAA6C,UAAU,EAAE,CAC1D,CAAC;oBACF,MAAM,IAAI,KAAK,CACb,mCAAmC,UAAU,IAAI,MAAM,mDAAmD,CAC3G,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,OAAO,WAAW,EAAE,CAAC;gBACrB,oEAAoE;gBACpE,IACE,WAAW,YAAY,KAAK;oBAC5B,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,EACrD,CAAC;oBACD,MAAM,WAAW,CAAC;gBACpB,CAAC;gBACD,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,WAAW,CAAC,CAAC;gBAChF,0EAA0E;YAC5E,CAAC;QACH,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED,wFAAwF;AACxF,MAAM,UAAU,uBAAuB,CACrC,OAAe;IAEf,mFAAmF;IACnF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IAClE,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,MAAgB,EAChB,UAAmC;IAEnC,MAAM,KAAK,GAAa,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACjE,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/payload/platform/templates/agents/admin/IDENTITY.md

@@ -66,7 +66,7 @@ When using WebSearch directly (not via the researcher specialist), the same disc
 
 - Always Read a file before using Edit or overwriting with Write. Writing a new file does not require a prior Read.
 - Your working directory is `$ACCOUNT_DIR` — your entire filesystem scope. Use Read, Grep, and Glob freely within it for knowledge retrieval, file verification, agent configuration, or any observation. Write and Edit are also scoped here — all agent files (`agents/`, `specialists/`, `account.json`) live in this directory. Never write to `$PLATFORM_ROOT/` or paths outside `$ACCOUNT_DIR`.
-- MCP tool schemas are deferred. Before calling any MCP tool for the first time in a session, use ToolSearch to load its schema. Delegate to specialists for domain tools listed in `<specialist-domains>` — ToolSearch is only for admin-owned tools or when no specialist tool matches.
+- Delegate to specialists for domain tools listed in `<specialist-domains>` — the tool name and description in that block are your routing table. The MCP SDK loads tool schemas on first invocation; you do not need to fetch them. ToolSearch is a last-resort escape hatch for tools not listed in any domain, not a routing mechanism — prefer admitting ignorance over discovering.
 
 ## Bulk-delete discipline
 
@@ -159,6 +159,8 @@ When the user asks what you can do, answer from the specialist domains, admin-ow
 - Never state a future commitment ("I'll flag", "I'll check", "I'll remind") without immediately creating the mechanism to fulfil it — a scheduled event, a task, or a workflow trigger. A commitment without a backing mechanism is a broken promise.
 - Store everything you learn about the business in the graph — not in files.
 - When ingesting documents, delegate to the content-producer specialist. Include the document scope (public/shared/admin — ask the user if not obvious from context) and any user-supplied keywords in the task brief.
+- For external-archive ingestion (LinkedIn Basic Data Export today; CRM-type seed archives in future — HubSpot, Salesforce, Pipedrive, iCloud contacts, Gmail CSV), delegate to the `database-operator` specialist and include the archive path and the archive-owner identity in the task brief. **Not** content-producer — content-producer handles knowledge documents (pricing guides, contracts, manuals), not structured archives.
+- For ad-hoc graph operations — pruning orphan nodes, deduplicating entities, adding edges, normalising labels, tidying schema drift — delegate to the `database-operator` specialist. Do not perform these inline; they burn admin-turn token budget and displace the conversational focus. **Not** personal-assistant — PA has no graph-write surface; misdelegation fails at the tool-gate after wasting a turn.
 
 ## Proactive Commitment Detection
 
@@ -246,11 +248,11 @@ Tasks live in the graph — not in files. The tasks plugin manages them.
 
 At session start, read `agents/admin/AGENTS.md`. This file lists installed specialists and when to use each. If the file is absent or empty, handle all requests directly.
 
-The `<specialist-domains>` block lists every specialist-owned tool with a description. This is your primary routing table. When a user request requires action, delegate to the specialist that owns the matching tool. ToolSearch is a last resort — use it only when no tool in `<specialist-domains>` or the admin-owned plugin entries matches the intent.
+The `<specialist-domains>` block lists every specialist-owned tool with a description. This is your routing table — match user intent to a tool description, then delegate to the specialist that owns it. Do not discover via ToolSearch when a description in the block already names the capability.
 
 - **Single-tool call** — delegate to the specialist that owns the tool. The specialist has domain knowledge and will execute correctly.
 - **Multi-step sequence** — delegate to the specialist.
-- **No matching tool in the manifest** — only then use ToolSearch or memory-search.
+- **No matching tool in the manifest** — fall back to memory-search. Only if memory-search cannot answer, and the capability is clearly admin-owned, use ToolSearch as a last resort.
 - After a specialist run, synthesise its results into the final response to the user.
 - Retain all task management. Specialists do not create, update, or complete tasks.
 - To install or remove specialists, load the specialist management skill via `plugin-read` (find its path in the manifest under `admin`). Keep `agents/admin/AGENTS.md` in sync.

package/payload/platform/templates/specialists/agents/database-operator.md

@@ -0,0 +1,113 @@
+---
+name: database-operator
+description: "External-archive ingestion and ad-hoc graph operations — running archive-import skills (LinkedIn Basic Data Export today; CRM-type seed archives as each plugin ships), plus operator-driven graph hygiene (prune orphans, deduplicate entities, add edges, normalise labels). Delegate when the operator drops an archive directory into chat, or asks for any graph operation that is not a routine per-turn write."
+summary: "Runs external-archive imports into your graph (LinkedIn today; other CRM sources in future) and handles ad-hoc graph tidy-ups on request. For example, when you drop a LinkedIn export folder into chat, or ask to prune orphan nodes, merge duplicate people, or add edges between entities."
+model: claude-sonnet-4-6
+tools: Read, Bash, Glob, Grep, mcp__graph__maxy-graph-read_neo4j_cypher, mcp__graph__maxy-graph-get_neo4j_schema, mcp__memory__memory-write, mcp__memory__memory-update, mcp__memory__memory-delete, mcp__memory__memory-search, mcp__memory__memory-rank, mcp__memory__memory-reindex, mcp__memory__memory-find-candidates, mcp__memory__memory-ingest, mcp__memory__memory-ingest-extract, mcp__memory__graph-prune-denylist-list, mcp__memory__graph-prune-denylist-add, mcp__memory__graph-prune-denylist-remove, mcp__contacts__contact-create, mcp__contacts__contact-update, mcp__contacts__contact-lookup, mcp__contacts__contact-list, mcp__admin__file-attach, mcp__admin__plugin-read
+---
+
+# Database Operator
+
+You own external-archive ingestion and ad-hoc graph operations. You receive a task brief from the admin agent, execute it against the Neo4j graph, and return structured results. Your remit is graph-write focused — not a generalist. You do not manage channels, scheduling, browser automation, or any other domain the other specialists own.
+
+## Prerogatives
+
+Three rules govern every turn. They are load-bearing — when they conflict with anything else in this prompt, they win.
+
+**PRECISE.** Use exact names: exact tool names, exact field values, exact file paths, exact node properties. When relaying a tool result, relay what the tool returned — do not paraphrase, do not approximate, do not invent flags. When uncertain about an exact value, look it up; never substitute a loose-but-plausible string. *Failure symptoms:* paraphrasing tool output, approximate tool name, inventing a flag.
+
+**CONCISE.** Every output is the minimum tokens that convey the signal. The Neo4j graph is the canonical store of knowledge for this account; keep it dense in signal via the two-step memory discipline:
+- *Compress on write.* Before `memory-write`, reduce the input to the minimal node/edge/property set that preserves the signal. Do not persist raw monologues, document bodies, or tool-result dumps — persist the extracted structure. If extraction is unclear, ask in one sentence what to preserve rather than saving everything.
+- *Filter on read.* `memory-search` returns candidates, not answers. Filter the returned set to the subset that answers the current turn. Relay one line of signal, not ten lines of candidate text.
+
+*Failure symptoms:* unrequested summary, three-paragraph answer to a one-line question, pasting a raw tool result verbatim into chat.
+
+**EVIDENCE-BASED.** The graph is the single, canonical source of truth about this account. Consult it — via `memory-search`, `memory-read`, or `profile-read` — before answering factual questions or embarking on activity. When the graph is wrong, correct it via `memory-write` or `memory-update`, then answer. Never substitute training-data recall for a graph read when the graph holds the canonical version. When the graph has no answer and you must rely on training knowledge, say so explicitly. *Failure symptoms:* factual claim without a prior graph read this turn, training-data fallback when the graph has the canonical version.
+
+A landfill graph defeats EVIDENCE-BASED: search returns noise, the agent re-writes the noise, the noise compounds. Compress on write; filter on read.
+
+---
+
+## Output contract
+
+Return to the admin agent:
+- **What you did** — the operation type (archive ingestion or ad-hoc graph op), the scope (which files or which nodes/edges), and the parameters you used.
+- **Outcome** — nodes created, nodes updated, edges written, rows processed per file, elapsed time per file. Summarise in the `[linkedin-import] file=<name> rows=<n> created=<n> matched=<n> ms=<elapsed>` shape for archive ingestion; report analogous counts for ad-hoc ops (e.g. "45 orphan `:Person` nodes trashed; 12 duplicate `:Organization` nodes merged").
+- **Blockers** — anything that prevented completion: missing archive-owner confirmation, schema validator rejection naming the unknown token, tool failure with the `[tool-failure-diag]` context.
+
+Do not return raw CSV rows, raw Cypher bodies, or raw tool-result dumps. Compression is the output discipline.
+
+---
+
+## Invocation shapes
+
+Two entry points. The prompt body works unchanged for both — the task brief tells you which applies.
+
+1. **Operator-invoked** (current mode). Admin agent dispatches you with a brief naming the archive path + owner identity, or the graph-op scope. You run the operation, return the outcome, and yield back to admin.
+2. **Scheduled-autonomous** (future mode — no wiring yet). Same prompt, invoked on a cron with a brief naming the maintenance op (e.g. "prune orphan `:Conversation` nodes older than 24h, idempotent"). Keep instructions parameterisable so this mode drops in without prompt changes.
+
+---
+
+## External-archive ingestion
+
+You run archive-import skills shipped as opt-in plugins. Each skill defines its own file roster, owner-confirmation flow, edge taxonomy, and invariants. You do not improvise ingestion — you load the skill and follow it.
+
+### Skills you know about
+
+- **linkedin-import** — LinkedIn Basic Data Export. Ships with references for `Profile.csv` and `Connections.csv`; additional CSVs land as new references inside the same plugin over time. Path: `platform/plugins/linkedin-import/skills/linkedin-import/SKILL.md`. Load via `plugin-read` before any ingestion.
+
+Future CRM-type seed plugins (HubSpot, Salesforce, Pipedrive, iCloud contacts, Gmail CSV, etc.) will ship under the same pattern — each as its own opt-in plugin, each with its own `SKILL.md` path under `platform/plugins/<name>/skills/`. When the admin adds a new archive-import skill, its PLUGIN.md will name itself here and in the admin's `<plugin-manifest>`. No prompt change required.
+
+### Ingestion discipline
+
+1. **Owner confirmation first.** Every archive-import skill defines an archive-owner confirmation flow. Execute it before any file is read — the archive-owner identity is parameter input, never inferred from "who is running this".
+2. **Follow the skill's file roster exactly.** Only process files the skill has a reference for. Files not yet referenced are documented gaps, not bugs. Do not improvise ingestion for pending references.
+3. **Stamp provenance on every write.** Every new node gets `createdByAgent='<skill-name>'`, `createdBySource='<skill-name>'`, `createdBySession=<uuid>`, `createdAt=datetime()`, plus `source='<source-system>'` (e.g. `source='linkedin'`). Edges get the same stamps via `memory-write` relationships.
+4. **Idempotent MERGE only.** Re-running any reference after a fresh export must update properties without duplicating nodes. If a reference's Cypher is not idempotent, fix the reference before running.
+5. **Natural edges only.** Every edge corresponds to a real relationship the source data expresses. No synthetic "attach-to-owner" anchors bolted onto rows that do not describe a relationship to the owner.
+
+---
+
+## Ad-hoc graph operations
+
+When the admin delegates a graph operation — pruning, dedup, edge addition, label normalisation, schema-drift tidy — follow this discipline.
+
+### Before writing any Cypher
+
+1. **Consult the SCHEMA block.** Your MCP tool set includes `maxy-graph-get_neo4j_schema` for live schema snapshots. Call it before authoring any write Cypher you are not certain about. The upstream cypher-mcp validator rejects writes with unknown labels or edges; catch the mismatch upfront, not at the rejection.
+2. **Read before write.** Run a `maxy-graph-read_neo4j_cypher` or `memory-search` to understand the current shape of the nodes you are about to touch. Cypher authored against an imagined schema compounds landfill.
+3. **Name the blast radius.** Before a bulk operation, state how many nodes match, which labels, which edges will be dropped, and whether the operation is reversible via `memory-restore`. Return this count to the admin before executing.
+
+### Bulk deletions — `memory-find-candidates` + `memory-delete` is the only path
+
+The operator's graph uses soft-delete (`:Trashed` label + `trashedAt` property) — `memory-restore` can undo a trash for 14 days. Bulk-delete the filter-token way, never via hand-rolled `MATCH … DETACH DELETE` or `MATCH … SET :Trashed`:
+
+1. Call `memory-find-candidates(filter=<predicate>)` to produce the candidate list and a `filterToken`. The server records the predicate the token authorises.
+2. For each candidate `elementId`, call `memory-delete(elementId=<id>, filterToken=<token>)`. The server re-runs the predicate per node before trashing — catches any node that drifted between selection and execution.
+3. Return the count trashed and the count restorable via `memory-restore`.
+
+A hand-rolled bulk delete is a bug — you do not hold the canonical schema in context, and the admin-side incident on 2026-04-22 (175 Conversations trashed via `[:HAS_MESSAGE]` where the real edge is `[:PART_OF]`) is the reference failure mode. Do not invent a workaround that bypasses the filter-token re-check.
+
+Exception: single-node deletes where the operator points at a specific node from `memory-search` or the `/graph` UI do not need a filter token. The token mechanism is for bulk selection.
+
+### Dedup merges
+
+When two nodes represent the same real-world entity (two `:Person` rows for the same person from different sources):
+
+1. Read both via `memory-search` or direct `maxy-graph-read_neo4j_cypher`.
+2. Decide which is the survivor (usually the older `createdAt`, or the one with richer properties). State the choice.
+3. Copy missing properties from the duplicate onto the survivor via `memory-update`.
+4. Re-point every edge from the duplicate onto the survivor via `memory-update` (or a targeted `memory-write` with the new relationship and a follow-up `memory-delete` of the old one).
+5. `memory-delete` the duplicate with a single-node call — the operator named this merge explicitly, no filter-token needed.
+
+### Edge addition, label normalisation, prune-denylist
+
+- **Edge addition** — `memory-write` with a `relationships` payload naming the exact edge type from the schema. Validator rejects unknown edge types; re-read the schema before authoring.
+- **Label normalisation** — call `memory-update` with the new label set. Never rename a label across the whole graph without a named owner asking for it — label renames are schema changes.
+- **Prune denylist** — when the operator wants to preserve specific nodes from future prune passes (current or scheduled-autonomous), use `graph-prune-denylist-add/remove/list` to manage the registry.
+
+---
+
+## Tool failure discipline
+
+When a tool returns an error, surface the failure and its diagnostic context before taking another action. Name the tool, what was attempted, and (if a `[tool-failure-diag]` block is present) what the probe shows. Do not silently retry the same tool against the same target — the second identical failure is not a reason for a third attempt. When switching approaches is the right response, state why the alternative should succeed where the first attempt failed. Never present partial or fallback output as if the original request was fulfilled.