@squadbase/vite-server 0.1.3-dev.7 → 0.1.3-dev.8

package/dist/connectors/google-calendar.js

@@ -58,8 +58,8 @@ var parameters = {
   }),
   impersonateEmail: new ParameterDefinition({
     slug: "impersonate-email",
-    name: "User Email Address",
-    description: "The email address of the Google Workspace user whose calendar will be accessed via Domain-wide Delegation (e.g., 'user@example.com'). The service account will act on behalf of this user.",
+    name: "User Email Address(es)",
+    description: "The email address(es) of the Google Workspace user(s) whose calendar will be accessed via Domain-wide Delegation. Multiple addresses can be provided as a comma-separated list (e.g., 'user1@example.com, user2@example.com') to aggregate accessible calendars across users during setup. After setup completes, this value is overwritten with the owner email of the selected calendar.",
     envVarBaseKey: "GOOGLE_CALENDAR_IMPERSONATE_EMAIL",
     type: "text",
     secret: false,
@@ -104,7 +104,7 @@ function buildJwt(clientEmail, privateKey, nowSec, subject) {
   const signature = base64url(sign.sign(privateKey));
   return `${signingInput}.${signature}`;
 }
-function createClient(params, options) {
+function createClient(params) {
   const serviceAccountKeyJsonBase64 = params[parameters.serviceAccountKeyJsonBase64.slug];
   const impersonateEmail = params[parameters.impersonateEmail.slug];
   const defaultCalendarId = params[parameters.calendarId.slug] ?? "primary";
@@ -113,7 +113,7 @@ function createClient(params, options) {
       `google-calendar: missing required parameter: ${parameters.serviceAccountKeyJsonBase64.slug}`
     );
   }
-  if (!impersonateEmail && !options?.subject) {
+  if (!impersonateEmail) {
     throw new Error(
       `google-calendar: missing required parameter: ${parameters.impersonateEmail.slug}`
     );
@@ -135,10 +135,10 @@ function createClient(params, options) {
       "google-calendar: service account key JSON must contain client_email and private_key"
     );
   }
-  const subject = options?.subject ?? impersonateEmail;
+  const subject = impersonateEmail;
   let cachedToken = null;
   let tokenExpiresAt = 0;
-  async function getAccessToken() {
+  async function getAccessToken2() {
     const nowSec = Math.floor(Date.now() / 1e3);
     if (cachedToken && nowSec < tokenExpiresAt - 60) {
       return cachedToken;
@@ -173,7 +173,7 @@ function createClient(params, options) {
   }
   return {
     async request(path2, init) {
-      const accessToken = await getAccessToken();
+      const accessToken = await getAccessToken2();
       const resolvedPath = path2.replace(
         /\{calendarId\}/g,
         defaultCalendarId
@@ -196,18 +196,18 @@ function createClient(params, options) {
       const data = await response.json();
       return data.items ?? [];
     },
-    async listEvents(options2, calendarId) {
+    async listEvents(options, calendarId) {
       const cid = resolveCalendarId(calendarId);
       const searchParams = new URLSearchParams();
-      if (options2?.timeMin) searchParams.set("timeMin", options2.timeMin);
-      if (options2?.timeMax) searchParams.set("timeMax", options2.timeMax);
-      if (options2?.maxResults)
-        searchParams.set("maxResults", String(options2.maxResults));
-      if (options2?.q) searchParams.set("q", options2.q);
-      if (options2?.singleEvents != null)
-        searchParams.set("singleEvents", String(options2.singleEvents));
-      if (options2?.orderBy) searchParams.set("orderBy", options2.orderBy);
-      if (options2?.pageToken) searchParams.set("pageToken", options2.pageToken);
+      if (options?.timeMin) searchParams.set("timeMin", options.timeMin);
+      if (options?.timeMax) searchParams.set("timeMax", options.timeMax);
+      if (options?.maxResults)
+        searchParams.set("maxResults", String(options.maxResults));
+      if (options?.q) searchParams.set("q", options.q);
+      if (options?.singleEvents != null)
+        searchParams.set("singleEvents", String(options.singleEvents));
+      if (options?.orderBy) searchParams.set("orderBy", options.orderBy);
+      if (options?.pageToken) searchParams.set("pageToken", options.pageToken);
       const qs = searchParams.toString();
       const path2 = `/calendars/${encodeURIComponent(cid)}/events${qs ? `?${qs}` : ""}`;
       const response = await this.request(path2, { method: "GET" });
@@ -344,34 +344,222 @@ var AUTH_TYPES = {
   USER_PASSWORD: "user-password"
 };
 
+// ../connectors/src/connectors/google-calendar/tools/list-calendars.ts
+import * as crypto2 from "crypto";
+import { z } from "zod";
+var TOKEN_URL2 = "https://oauth2.googleapis.com/token";
+var BASE_URL2 = "https://www.googleapis.com/calendar/v3";
+var SCOPE2 = "https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/calendar.events.readonly";
+var REQUEST_TIMEOUT_MS = 6e4;
+function base64url2(input) {
+  const buf = typeof input === "string" ? Buffer.from(input) : input;
+  return buf.toString("base64url");
+}
+function buildJwt2(clientEmail, privateKey, nowSec, subject) {
+  const header = base64url2(JSON.stringify({ alg: "RS256", typ: "JWT" }));
+  const payload = base64url2(
+    JSON.stringify({
+      iss: clientEmail,
+      sub: subject,
+      scope: SCOPE2,
+      aud: TOKEN_URL2,
+      iat: nowSec,
+      exp: nowSec + 3600
+    })
+  );
+  const signingInput = `${header}.${payload}`;
+  const sign = crypto2.createSign("RSA-SHA256");
+  sign.update(signingInput);
+  sign.end();
+  const signature = base64url2(sign.sign(privateKey));
+  return `${signingInput}.${signature}`;
+}
+async function getAccessToken(serviceAccount, subject) {
+  const nowSec = Math.floor(Date.now() / 1e3);
+  const jwt = buildJwt2(
+    serviceAccount.client_email,
+    serviceAccount.private_key,
+    nowSec,
+    subject
+  );
+  const response = await fetch(TOKEN_URL2, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
+      assertion: jwt
+    })
+  });
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(
+      `token exchange failed for ${subject} (${response.status}): ${text}`
+    );
+  }
+  const data = await response.json();
+  return data.access_token;
+}
+var inputSchema = z.object({
+  toolUseIntent: z.string().optional().describe(
+    "Brief description of what you intend to accomplish with this tool call"
+  ),
+  connectionId: z.string().describe("ID of the Google Calendar connection to use")
+});
+var outputSchema = z.discriminatedUnion("success", [
+  z.object({
+    success: z.literal(true),
+    calendars: z.array(
+      z.object({
+        impersonateEmail: z.string(),
+        id: z.string(),
+        summary: z.string(),
+        primary: z.boolean().optional(),
+        accessRole: z.string()
+      })
+    ),
+    errors: z.array(
+      z.object({
+        impersonateEmail: z.string(),
+        error: z.string()
+      })
+    )
+  }),
+  z.object({
+    success: z.literal(false),
+    error: z.string()
+  })
+]);
+var listCalendarsTool = new ConnectorTool({
+  name: "listCalendars",
+  description: "List Google Calendars accessible via Domain-wide Delegation by impersonating the Google Workspace user(s) configured on the connection's `impersonate-email` parameter (comma-separated list supported). Use during setup to aggregate calendars across the configured emails.",
+  inputSchema,
+  outputSchema,
+  async execute({ connectionId }, connections) {
+    const connection2 = connections.find((c) => c.id === connectionId);
+    if (!connection2) {
+      return {
+        success: false,
+        error: `Connection ${connectionId} not found`
+      };
+    }
+    const impersonateEmailRaw = parameters.impersonateEmail.getValue(connection2);
+    const emails = impersonateEmailRaw.split(",").map((e) => e.trim()).filter((e) => e.length > 0);
+    if (emails.length === 0) {
+      return {
+        success: false,
+        error: "impersonate-email parameter is empty"
+      };
+    }
+    console.log(
+      `[connector-request] google-calendar/${connection2.name}: listCalendars for ${emails.join(",")}`
+    );
+    let serviceAccount;
+    try {
+      const keyJsonBase64 = parameters.serviceAccountKeyJsonBase64.getValue(connection2);
+      const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
+      serviceAccount = JSON.parse(decoded);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: `failed to decode service account key: ${msg}`
+      };
+    }
+    if (!serviceAccount.client_email || !serviceAccount.private_key) {
+      return {
+        success: false,
+        error: "service account key JSON must contain client_email and private_key"
+      };
+    }
+    const aggregated = [];
+    const errors = [];
+    for (const email of emails) {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+      try {
+        const token = await getAccessToken(serviceAccount, email);
+        const response = await fetch(`${BASE_URL2}/users/me/calendarList`, {
+          method: "GET",
+          headers: { Authorization: `Bearer ${token}` },
+          signal: controller.signal
+        });
+        const data = await response.json();
+        if (!response.ok) {
+          const errorObj = data?.error;
+          errors.push({
+            impersonateEmail: email,
+            error: errorObj?.message ?? `HTTP ${response.status} ${response.statusText}`
+          });
+          continue;
+        }
+        const items = data.items ?? [];
+        for (const c of items) {
+          aggregated.push({
+            impersonateEmail: email,
+            id: c.id,
+            summary: c.summary,
+            primary: c.primary,
+            accessRole: c.accessRole
+          });
+        }
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        errors.push({ impersonateEmail: email, error: msg });
+      } finally {
+        clearTimeout(timeout);
+      }
+    }
+    return {
+      success: true,
+      calendars: aggregated,
+      errors
+    };
+  }
+});
+
 // ../connectors/src/connectors/google-calendar/setup.ts
+var listCalendarsToolName = `google-calendar_${listCalendarsTool.name}`;
 var googleCalendarOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Calendar\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \u30E6\u30FC\u30B6\u30FC\u306B\u300C\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u30A2\u30AF\u30BB\u30B9\u3057\u305F\u3044Google Workspace\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u6559\u3048\u3066\u304F\u3060\u3055\u3044\uFF08\u4F8B: user@example.com\uFF09\u300D\u3068\u4F1D\u3048\u308B
-2. \u30E6\u30FC\u30B6\u30FC\u304C\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u63D0\u4F9B\u3057\u305F\u3089\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
+1. \`${listCalendarsToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E \`impersonate-email\` \u30D1\u30E9\u30E1\u30FC\u30BF\u306B\u8A2D\u5B9A\u3055\u308C\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\uFF08\u30AB\u30F3\u30DE\u533A\u5207\u308A\u5BFE\u5FDC\uFF09\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B
+2. \u8FD4\u5374\u3055\u308C\u305F \`calendars\` \u914D\u5217\uFF08\u5404\u8981\u7D20: \`{ impersonateEmail, id, summary, primary, accessRole }\`\uFF09\u3092\u5143\u306B\u3001\u300C\u4F7F\u7528\u3059\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u9078\u629E\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u300D\u3068\u30E6\u30FC\u30B6\u30FC\u306B\u4F1D\u3048\u305F\u4E0A\u3067\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
+   - \`parameterSlug\`: \`"calendar-id"\`
+   - \`options\`: \u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7\u3002\u5404 option \u306E \`label\` \u306F \`\u30AB\u30EC\u30F3\u30C0\u30FC\u540D (owner: impersonateEmail)\` \u306E\u5F62\u5F0F\u3001\`value\` \u306F\u30AB\u30EC\u30F3\u30C0\u30FCID
+   - \`errors\` \u306B\u5931\u6557\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u304C\u3042\u308B\u5834\u5408\u306F\u3001\u305D\u306E\u65E8\u3092\u77ED\u304F\u4F1D\u3048\u308B
+3. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F\u30AB\u30EC\u30F3\u30C0\u30FC\u306E \`label\` \u304C\u30E1\u30C3\u30BB\u30FC\u30B8\u3068\u3057\u3066\u5C4A\u304F\u3002\u305D\u306E label \u304B\u3089 owner \u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u62BD\u51FA\u3057\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
    - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`value\`: \u30E6\u30FC\u30B6\u30FC\u304C\u63D0\u4F9B\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9
-3. \`updateConnectionContext\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u60C5\u5831\u3092\u8A18\u9332\u3059\u308B:
+   - \`options\`: \`[{ value: <ownerEmail>, label: <ownerEmail> }]\`\uFF08\u9078\u629E\u6E08\u307F\u30AB\u30EC\u30F3\u30C0\u30FC\u306E owner email \u3092\u5358\u4E00\u30AA\u30D7\u30B7\u30E7\u30F3\u3068\u3057\u3066\u6E21\u3059\uFF09
+4. \`updateConnectionContext\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u5BFE\u8C61\u60C5\u5831\u3092\u8A18\u9332\u3059\u308B:
    - \`user\`: \u8A2D\u5B9A\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9
-   - \`note\`: \u300CDomain-wide Delegation\u3067 {email} \u306E\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u30A2\u30AF\u30BB\u30B9\u300D\u306A\u3069\u306E\u8AAC\u660E
+   - \`calendar\`: \u9078\u629E\u3055\u308C\u305F\u30AB\u30EC\u30F3\u30C0\u30FC\u540D
+   - \`calendarId\`: \u9078\u629E\u3055\u308C\u305F\u30AB\u30EC\u30F3\u30C0\u30FCID
+   - \`note\`: \u300CDomain-wide Delegation\u3067 {email} \u306E {calendar} \u306B\u30A2\u30AF\u30BB\u30B9\u300D\u306A\u3069\u306E\u8AAC\u660E
 
 #### \u5236\u7D04
-- **\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30C9\u30E1\u30A4\u30F3\u5168\u4F53\u306E\u59D4\u4EFB\u8A2D\u5B9A\u304C\u5FC5\u8981\u3067\u3059**\u3002\u30A2\u30AF\u30BB\u30B9\u6A29\u9650\u30A8\u30E9\u30FC\u304C\u51FA\u308B\u5834\u5408\u3001Google Workspace\u7BA1\u7406\u8005\u306BDomain-wide Delegation\u306E\u8A2D\u5B9A\u78BA\u8A8D\u3092\u4FC3\u3057\u3066\u304F\u3060\u3055\u3044
+- **\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u30E6\u30FC\u30B6\u30FC\u3078\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u7B49\u306E\u5165\u529B\u3092\u6C42\u3081\u306A\u3044\u3053\u3068**\u3002\u5FC5\u8981\u306A\u5024\u306F\u63A5\u7D9A\u4F5C\u6210\u6642\u306E\u30D1\u30E9\u30E1\u30FC\u30BF\uFF08\`impersonate-email\`\uFF09\u304B\u3089\u53D6\u5F97\u3059\u308B
+- **\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30C9\u30E1\u30A4\u30F3\u5168\u4F53\u306E\u59D4\u4EFB\u8A2D\u5B9A\u304C\u5FC5\u8981\u3067\u3059**\u3002\`${listCalendarsToolName}\` \u306E \`errors\` \u306B\u6A29\u9650\u30A8\u30E9\u30FC\u304C\u51FA\u308B\u5834\u5408\u3001Google Workspace\u7BA1\u7406\u8005\u306BDomain-wide Delegation\u306E\u8A2D\u5B9A\u78BA\u8A8D\u3092\u4FC3\u3057\u3066\u304F\u3060\u3055\u3044
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the Google Calendar connection.
 
-1. Ask the user for the Google Workspace email address whose calendar should be accessed (e.g., user@example.com)
-2. When the user provides an email, call \`updateConnectionParameters\`:
+1. Call \`${listCalendarsToolName}\` to list calendars accessible via the email address(es) configured in the connection's \`impersonate-email\` parameter (comma-separated list supported)
+2. Using the returned \`calendars\` array (each item: \`{ impersonateEmail, id, summary, primary, accessRole }\`), tell the user "Please select a calendar.", then call \`updateConnectionParameters\`:
+   - \`parameterSlug\`: \`"calendar-id"\`
+   - \`options\`: The calendar list. Each option's \`label\` should be \`Calendar Name (owner: impersonateEmail)\`, \`value\` should be the calendar ID
+   - If \`errors\` contains failing email addresses, briefly mention them
+3. The \`label\` of the user's selected calendar will arrive as a message. Extract the owner email from that label and call \`updateConnectionParameters\`:
    - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`value\`: The email provided by the user
-3. Call \`updateConnectionContext\` to record the target user:
+   - \`options\`: \`[{ value: <ownerEmail>, label: <ownerEmail> }]\` (pass the selected calendar's owner email as a single option)
+4. Call \`updateConnectionContext\` to record the target:
    - \`user\`: The configured email address
-   - \`note\`: A description such as "Accessing {email}'s calendar via Domain-wide Delegation"
+   - \`calendar\`: The selected calendar's name
+   - \`calendarId\`: The selected calendar ID
+   - \`note\`: A description such as "Accessing {email}'s {calendar} via Domain-wide Delegation"
 
 #### Constraints
-- **Domain-wide Delegation must be configured on the service account**. If access errors occur, ask the user to verify the Domain-wide Delegation setup with their Google Workspace administrator
+- **Do NOT prompt the user for any input (e.g., email addresses) during setup**. The required values come from the connection parameters (\`impersonate-email\`) filled in at connection creation time
+- **Domain-wide Delegation must be configured on the service account**. If \`${listCalendarsToolName}\` returns permission errors in the \`errors\` field, ask the user to verify the Domain-wide Delegation setup with their Google Workspace administrator
 - Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently`
   },
   dataOverviewInstructions: {
@@ -385,33 +573,33 @@ var googleCalendarOnboarding = new ConnectorOnboarding({
 });
 
 // ../connectors/src/connectors/google-calendar/tools/request.ts
-import { z } from "zod";
-var BASE_URL2 = "https://www.googleapis.com/calendar/v3";
-var REQUEST_TIMEOUT_MS = 6e4;
-var inputSchema = z.object({
-  toolUseIntent: z.string().optional().describe(
+import { z as z2 } from "zod";
+var BASE_URL3 = "https://www.googleapis.com/calendar/v3";
+var REQUEST_TIMEOUT_MS2 = 6e4;
+var inputSchema2 = z2.object({
+  toolUseIntent: z2.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
   ),
-  connectionId: z.string().describe("ID of the Google Calendar connection to use"),
-  method: z.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]).describe("HTTP method"),
-  path: z.string().describe(
+  connectionId: z2.string().describe("ID of the Google Calendar connection to use"),
+  method: z2.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]).describe("HTTP method"),
+  path: z2.string().describe(
     "API path appended to https://www.googleapis.com/calendar/v3 (e.g., '/calendars/{calendarId}/events'). {calendarId} is automatically replaced."
   ),
-  queryParams: z.record(z.string(), z.string()).optional().describe("Query parameters to append to the URL"),
-  body: z.record(z.string(), z.unknown()).optional().describe("Request body (JSON) for POST/PUT/PATCH methods"),
-  subject: z.string().optional().describe(
+  queryParams: z2.record(z2.string(), z2.string()).optional().describe("Query parameters to append to the URL"),
+  body: z2.record(z2.string(), z2.unknown()).optional().describe("Request body (JSON) for POST/PUT/PATCH methods"),
+  subject: z2.string().optional().describe(
     "Override the email address of the user to impersonate via Domain-wide Delegation. If omitted, the connection's configured user email is used."
   )
 });
-var outputSchema = z.discriminatedUnion("success", [
-  z.object({
-    success: z.literal(true),
-    status: z.number(),
-    data: z.record(z.string(), z.unknown())
+var outputSchema2 = z2.discriminatedUnion("success", [
+  z2.object({
+    success: z2.literal(true),
+    status: z2.number(),
+    data: z2.record(z2.string(), z2.unknown())
   }),
-  z.object({
-    success: z.literal(false),
-    error: z.string()
+  z2.object({
+    success: z2.literal(false),
+    error: z2.string()
   })
 ]);
 var requestTool = new ConnectorTool({
@@ -419,8 +607,8 @@ var requestTool = new ConnectorTool({
   description: `Send authenticated requests to the Google Calendar API v3.
 Authentication is handled automatically using a service account.
 {calendarId} in the path is automatically replaced with the connection's default calendar ID.`,
-  inputSchema,
-  outputSchema,
+  inputSchema: inputSchema2,
+  outputSchema: outputSchema2,
   async execute({ connectionId, method, path: path2, queryParams, body, subject }, connections) {
     const connection2 = connections.find((c) => c.id === connectionId);
     if (!connection2) {
@@ -463,13 +651,13 @@ Authentication is handled automatically using a service account.
         };
       }
       const resolvedPath = path2.replace(/\{calendarId\}/g, calendarId);
-      let url = `${BASE_URL2}${resolvedPath.startsWith("/") ? "" : "/"}${resolvedPath}`;
+      let url = `${BASE_URL3}${resolvedPath.startsWith("/") ? "" : "/"}${resolvedPath}`;
       if (queryParams) {
         const searchParams = new URLSearchParams(queryParams);
         url += `?${searchParams.toString()}`;
       }
       const controller = new AbortController();
-      const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+      const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS2);
       try {
         const response = await fetch(url, {
           method,
@@ -507,7 +695,7 @@ Authentication is handled automatically using a service account.
 });
 
 // ../connectors/src/connectors/google-calendar/index.ts
-var tools = { request: requestTool };
+var tools = { request: requestTool, listCalendars: listCalendarsTool };
 var googleCalendarConnector = new ConnectorPlugin({
   slug: "google-calendar",
   authType: AUTH_TYPES.SERVICE_ACCOUNT,
@@ -686,6 +874,79 @@ function resolveEnvVarOptional(entry, key) {
   return process.env[envVarName] || void 0;
 }
 
+// src/connector-client/proxy-fetch.ts
+import { getContext } from "hono/context-storage";
+import { getCookie } from "hono/cookie";
+var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+function createSandboxProxyFetch(connectionId) {
+  return async (input, init) => {
+    const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
+    const sandboxId = process.env.INTERNAL_SQUADBASE_SANDBOX_ID;
+    if (!token || !sandboxId) {
+      throw new Error(
+        "Connection proxy is not configured. Please check your deployment settings."
+      );
+    }
+    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+    return fetch(proxyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${token}`
+      },
+      body: JSON.stringify({
+        url: originalUrl,
+        method: originalMethod,
+        body: originalBody
+      })
+    });
+  };
+}
+function createDeployedAppProxyFetch(connectionId) {
+  const projectId = process.env["SQUADBASE_PROJECT_ID"];
+  if (!projectId) {
+    throw new Error(
+      "Connection proxy is not configured. Please check your deployment settings."
+    );
+  }
+  const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
+  const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  return async (input, init) => {
+    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const c = getContext();
+    const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
+    if (!appSession) {
+      throw new Error(
+        "No authentication method available for connection proxy."
+      );
+    }
+    return fetch(proxyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${appSession}`
+      },
+      body: JSON.stringify({
+        url: originalUrl,
+        method: originalMethod,
+        body: originalBody
+      })
+    });
+  };
+}
+function createProxyFetch(connectionId) {
+  if (process.env.INTERNAL_SQUADBASE_SANDBOX_ID) {
+    return createSandboxProxyFetch(connectionId);
+  }
+  return createDeployedAppProxyFetch(connectionId);
+}
+
 // src/connectors/create-connector-sdk.ts
 function loadConnectionsSync() {
   const filePath = process.env.CONNECTIONS_PATH ?? path.join(process.cwd(), ".squadbase/connections.json");
@@ -719,21 +980,12 @@ function createConnectorSdk(plugin, createClient2) {
         if (val !== void 0) params[param.slug] = val;
       }
     }
-    return createClient2(params);
+    return createClient2(params, createProxyFetch(connectionId));
   };
 }
 
 // src/connectors/entries/google-calendar.ts
-var baseConnection = createConnectorSdk(googleCalendarConnector, createClient);
-var connection = (connectionId, options) => {
-  if (options) {
-    return createConnectorSdk(
-      googleCalendarConnector,
-      (params) => createClient(params, options)
-    )(connectionId);
-  }
-  return baseConnection(connectionId);
-};
+var connection = createConnectorSdk(googleCalendarConnector, createClient);
 export {
   connection
 };

package/dist/connectors/google-sheets-oauth.js

@@ -90,7 +90,7 @@ var parameters = {
     envVarBaseKey: "GOOGLE_SHEETS_OAUTH_SPREADSHEET_URL",
     type: "text",
     secret: false,
-    required: false
+    required: true
   })
 };
 
@@ -394,41 +394,35 @@ Authentication is handled automatically via OAuth proxy.
 var requestToolName = `google-sheets-oauth_${requestTool.name}`;
 var googleSheetsOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
-    ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Sheets\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
+    ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Sheets\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8URL\u306F\u63A5\u7D9A\u30D1\u30E9\u30E1\u30FC\u30BF\u3068\u3057\u3066\u65E2\u306B\u767B\u9332\u6E08\u307F\u3067\u3059\u3002\u30E6\u30FC\u30B6\u30FC\u306B\u805E\u304D\u8FD4\u3055\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
 
-1. \u30E6\u30FC\u30B6\u30FC\u306B\u300C\u4F7F\u7528\u3059\u308BGoogle Sheets\u306EURL\u3092\u8CBC\u308A\u4ED8\u3051\u3066\u304F\u3060\u3055\u3044\uFF08\u4F8B: https://docs.google.com/spreadsheets/d/xxxxx/edit\uFF09\u300D\u3068\u4F1D\u3048\u308B
-2. \u30E6\u30FC\u30B6\u30FC\u304CURL\u3092\u63D0\u4F9B\u3057\u305F\u3089\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
-   - \`parameterSlug\`: \`"spreadsheet-url"\`
-   - \`value\`: \u30E6\u30FC\u30B6\u30FC\u304C\u63D0\u4F9B\u3057\u305FURL\uFF08\u305D\u306E\u307E\u307E\u4FDD\u5B58\u3002ID\u306E\u62BD\u51FA\u306F\u81EA\u52D5\u3067\u884C\u308F\u308C\u307E\u3059\uFF09
-3. \`${requestToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97\u3059\u308B:
+1. \`${requestToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/{spreadsheetId}?fields=spreadsheetId,properties.title,sheets.properties.title"\`
-4. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306B\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306E\u5171\u6709\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B
-5. \`updateConnectionContext\` \u3092\u547C\u3073\u51FA\u3059:
+2. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306B\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306E\u5171\u6709\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B
+3. \`updateConnectionContext\` \u3092\u547C\u3073\u51FA\u3059:
    - \`spreadsheet\`: \u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306E\u30BF\u30A4\u30C8\u30EB
    - \`sheets\`: \u30B7\u30FC\u30C8\u540D\u4E00\u89A7\uFF08\u30AB\u30F3\u30DE\u533A\u5207\u308A\uFF09
    - \`note\`: \u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u5185\u5BB9\u306E\u7C21\u5358\u306A\u8AAC\u660E
 
 #### \u5236\u7D04
 - **\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u30B7\u30FC\u30C8\u306E\u30C7\u30FC\u30BF\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3053\u3068**\u3002\u5B9F\u884C\u3057\u3066\u3088\u3044\u306E\u306F\u4E0A\u8A18\u624B\u9806\u3067\u6307\u5B9A\u3055\u308C\u305F\u30E1\u30BF\u30C7\u30FC\u30BF\u53D6\u5F97\u30EA\u30AF\u30A8\u30B9\u30C8\u306E\u307F
+- \u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8URL\u3092\u30E6\u30FC\u30B6\u30FC\u306B\u805E\u304D\u8FD4\u3055\u306A\u3044\u3053\u3068\uFF08\u767B\u9332\u6E08\u307F\u30D1\u30E9\u30E1\u30FC\u30BF\u3092\u305D\u306E\u307E\u307E\u4F7F\u7528\u3059\u308B\uFF09
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
-    en: `Follow these steps to set up the Google Sheets connection.
+    en: `Follow these steps to set up the Google Sheets connection. The spreadsheet URL is already registered as a connection parameter \u2014 do NOT ask the user for it again.
 
-1. Ask the user to paste the Google Sheets URL (e.g., https://docs.google.com/spreadsheets/d/xxxxx/edit)
-2. When the user provides a URL, call \`updateConnectionParameters\`:
-   - \`parameterSlug\`: \`"spreadsheet-url"\`
-   - \`value\`: The URL provided by the user (save as-is; the spreadsheet ID is extracted automatically)
-3. Call \`${requestToolName}\` to fetch spreadsheet metadata:
+1. Call \`${requestToolName}\` to fetch spreadsheet metadata:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/{spreadsheetId}?fields=spreadsheetId,properties.title,sheets.properties.title"\`
-4. If an error is returned, ask the user to check the spreadsheet sharing settings
-5. Call \`updateConnectionContext\`:
+2. If an error is returned, ask the user to check the spreadsheet sharing settings
+3. Call \`updateConnectionContext\`:
    - \`spreadsheet\`: The spreadsheet title
    - \`sheets\`: Sheet names (comma-separated)
    - \`note\`: Brief description of the setup
 
 #### Constraints
 - **Do NOT read sheet data during setup**. Only the metadata request specified in the steps above is allowed
+- Do NOT ask the user for the spreadsheet URL \u2014 it is already stored as a connection parameter
 - Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently`
   },
   dataOverviewInstructions: {
@@ -607,6 +601,79 @@ function resolveEnvVarOptional(entry, key) {
   return process.env[envVarName] || void 0;
 }
 
+// src/connector-client/proxy-fetch.ts
+import { getContext } from "hono/context-storage";
+import { getCookie } from "hono/cookie";
+var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+function createSandboxProxyFetch(connectionId) {
+  return async (input, init) => {
+    const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
+    const sandboxId = process.env.INTERNAL_SQUADBASE_SANDBOX_ID;
+    if (!token || !sandboxId) {
+      throw new Error(
+        "Connection proxy is not configured. Please check your deployment settings."
+      );
+    }
+    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+    return fetch(proxyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${token}`
+      },
+      body: JSON.stringify({
+        url: originalUrl,
+        method: originalMethod,
+        body: originalBody
+      })
+    });
+  };
+}
+function createDeployedAppProxyFetch(connectionId) {
+  const projectId = process.env["SQUADBASE_PROJECT_ID"];
+  if (!projectId) {
+    throw new Error(
+      "Connection proxy is not configured. Please check your deployment settings."
+    );
+  }
+  const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
+  const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  return async (input, init) => {
+    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const c = getContext();
+    const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
+    if (!appSession) {
+      throw new Error(
+        "No authentication method available for connection proxy."
+      );
+    }
+    return fetch(proxyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${appSession}`
+      },
+      body: JSON.stringify({
+        url: originalUrl,
+        method: originalMethod,
+        body: originalBody
+      })
+    });
+  };
+}
+function createProxyFetch(connectionId) {
+  if (process.env.INTERNAL_SQUADBASE_SANDBOX_ID) {
+    return createSandboxProxyFetch(connectionId);
+  }
+  return createDeployedAppProxyFetch(connectionId);
+}
+
 // src/connectors/create-connector-sdk.ts
 function loadConnectionsSync() {
   const filePath = process.env.CONNECTIONS_PATH ?? path.join(process.cwd(), ".squadbase/connections.json");
@@ -640,7 +707,7 @@ function createConnectorSdk(plugin, createClient2) {
         if (val !== void 0) params[param.slug] = val;
       }
     }
-    return createClient2(params);
+    return createClient2(params, createProxyFetch(connectionId));
   };
 }