@squadbase/vite-server 0.1.3-dev.9 → 0.1.4-dev.0

package/dist/connectors/google-ads.js

@@ -42,29 +42,8 @@ var ParameterDefinition = class {
   }
 };
 
-// ../connectors/src/connectors/google-ads/sdk/index.ts
-import * as crypto from "crypto";
-
 // ../connectors/src/connectors/google-ads/parameters.ts
 var parameters = {
-  serviceAccountKeyJsonBase64: new ParameterDefinition({
-    slug: "service-account-key-json-base64",
-    name: "Google Cloud Service Account JSON",
-    description: "The service account JSON key used to authenticate with Google Cloud Platform. Ensure that the service account has the necessary permissions to access Google Ads.",
-    envVarBaseKey: "GOOGLE_ADS_SERVICE_ACCOUNT_JSON_BASE64",
-    type: "base64EncodedJson",
-    secret: true,
-    required: true
-  }),
-  developerToken: new ParameterDefinition({
-    slug: "developer-token",
-    name: "Google Ads Developer Token",
-    description: "The developer token for accessing the Google Ads API. Required for all API requests.",
-    envVarBaseKey: "GOOGLE_ADS_DEVELOPER_TOKEN",
-    type: "text",
-    secret: true,
-    required: true
-  }),
   customerId: new ParameterDefinition({
     slug: "customer-id",
     name: "Google Ads Customer ID",
@@ -74,176 +53,88 @@ var parameters = {
     secret: false,
     required: false
   }),
-  loginCustomerId: new ParameterDefinition({
-    slug: "login-customer-id",
-    name: "Login Customer ID (MCC)",
-    description: "The manager account (MCC) customer ID used for login. Required when accessing client accounts through a manager account. If not set, the customer ID is used.",
-    envVarBaseKey: "GOOGLE_ADS_LOGIN_CUSTOMER_ID",
+  developerToken: new ParameterDefinition({
+    slug: "developer-token",
+    name: "Google Ads Developer Token",
+    description: "The developer token for accessing the Google Ads API. Required for all API requests.",
+    envVarBaseKey: "GOOGLE_ADS_DEVELOPER_TOKEN",
     type: "text",
-    secret: false,
-    required: false
+    secret: true,
+    required: true
   })
 };
 
 // ../connectors/src/connectors/google-ads/sdk/index.ts
-var TOKEN_URL = "https://oauth2.googleapis.com/token";
 var BASE_URL = "https://googleads.googleapis.com/v18/";
-var SCOPE = "https://www.googleapis.com/auth/adwords";
-function base64url(input) {
-  const buf = typeof input === "string" ? Buffer.from(input) : input;
-  return buf.toString("base64url");
-}
-function buildJwt(clientEmail, privateKey, nowSec) {
-  const header = base64url(JSON.stringify({ alg: "RS256", typ: "JWT" }));
-  const payload = base64url(
-    JSON.stringify({
-      iss: clientEmail,
-      scope: SCOPE,
-      aud: TOKEN_URL,
-      iat: nowSec,
-      exp: nowSec + 3600
-    })
-  );
-  const signingInput = `${header}.${payload}`;
-  const sign = crypto.createSign("RSA-SHA256");
-  sign.update(signingInput);
-  sign.end();
-  const signature = base64url(sign.sign(privateKey));
-  return `${signingInput}.${signature}`;
-}
-function createClient(params) {
-  const serviceAccountKeyJsonBase64 = params[parameters.serviceAccountKeyJsonBase64.slug];
-  const developerToken = params[parameters.developerToken.slug];
+function createClient(params, fetchFn = fetch) {
   const rawCustomerId = params[parameters.customerId.slug];
   const defaultCustomerId = rawCustomerId?.replace(/-/g, "") ?? "";
-  const rawLoginCustomerId = params[parameters.loginCustomerId.slug];
-  const loginCustomerId = rawLoginCustomerId?.replace(/-/g, "") ?? "";
-  if (!serviceAccountKeyJsonBase64 || !developerToken) {
-    const required = [
-      parameters.serviceAccountKeyJsonBase64.slug,
-      parameters.developerToken.slug
-    ];
-    const missing = required.filter((s) => !params[s]);
-    throw new Error(
-      `google-ads: missing required parameters: ${missing.join(", ")}`
-    );
-  }
-  let serviceAccountKey;
-  try {
-    const decoded = Buffer.from(
-      serviceAccountKeyJsonBase64,
-      "base64"
-    ).toString("utf-8");
-    serviceAccountKey = JSON.parse(decoded);
-  } catch {
+  const developerToken = params[parameters.developerToken.slug];
+  if (!developerToken) {
     throw new Error(
-      "google-ads: failed to decode service account key JSON from base64"
+      `google-ads: missing required parameter: ${parameters.developerToken.slug}`
     );
   }
-  if (!serviceAccountKey.client_email || !serviceAccountKey.private_key) {
-    throw new Error(
-      "google-ads: service account key JSON must contain client_email and private_key"
-    );
+  function resolveCustomerId(override) {
+    const id = override?.replace(/-/g, "") ?? defaultCustomerId;
+    if (!id) {
+      throw new Error(
+        "google-ads: customerId is required. Either configure a default or pass it explicitly."
+      );
+    }
+    return id;
   }
-  let cachedToken = null;
-  let tokenExpiresAt = 0;
-  async function getAccessToken() {
-    const nowSec = Math.floor(Date.now() / 1e3);
-    if (cachedToken && nowSec < tokenExpiresAt - 60) {
-      return cachedToken;
+  function request(path2, init) {
+    const resolvedPath = defaultCustomerId ? path2.replace(/\{customerId\}/g, defaultCustomerId) : path2;
+    const url = `${BASE_URL}${resolvedPath}`;
+    const headers = new Headers(init?.headers);
+    headers.set("developer-token", developerToken);
+    if (defaultCustomerId) {
+      headers.set("login-customer-id", defaultCustomerId);
     }
-    const jwt = buildJwt(
-      serviceAccountKey.client_email,
-      serviceAccountKey.private_key,
-      nowSec
-    );
-    const response = await fetch(TOKEN_URL, {
+    return fetchFn(url, { ...init, headers });
+  }
+  async function search(query, customerId) {
+    const cid = resolveCustomerId(customerId);
+    const url = `${BASE_URL}customers/${cid}/googleAds:searchStream`;
+    const headers = new Headers();
+    headers.set("Content-Type", "application/json");
+    headers.set("developer-token", developerToken);
+    headers.set("login-customer-id", cid);
+    const response = await fetchFn(url, {
       method: "POST",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      body: new URLSearchParams({
-        grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
-        assertion: jwt
-      })
+      headers,
+      body: JSON.stringify({ query })
     });
     if (!response.ok) {
-      const text = await response.text();
+      const body = await response.text();
       throw new Error(
-        `google-ads: token exchange failed (${response.status}): ${text}`
+        `google-ads: search failed (${response.status}): ${body}`
       );
     }
     const data = await response.json();
-    cachedToken = data.access_token;
-    tokenExpiresAt = nowSec + data.expires_in;
-    return cachedToken;
+    return data.flatMap((chunk) => chunk.results ?? []);
   }
-  function resolveCustomerId(override) {
-    const id = override?.replace(/-/g, "") ?? defaultCustomerId;
-    if (!id) {
+  async function listAccessibleCustomers() {
+    const url = `${BASE_URL}customers:listAccessibleCustomers`;
+    const headers = new Headers();
+    headers.set("developer-token", developerToken);
+    const response = await fetchFn(url, { method: "GET", headers });
+    if (!response.ok) {
+      const body = await response.text();
       throw new Error(
-        "google-ads: customerId is required. Either configure a default or pass it explicitly."
+        `google-ads: listAccessibleCustomers failed (${response.status}): ${body}`
       );
     }
-    return id;
-  }
-  function getLoginCustomerId() {
-    return loginCustomerId || defaultCustomerId;
+    const data = await response.json();
+    return (data.resourceNames ?? []).map(
+      (rn) => rn.replace(/^customers\//, "")
+    );
   }
   return {
-    async request(path2, init) {
-      const accessToken = await getAccessToken();
-      const resolvedPath = defaultCustomerId ? path2.replace(/\{customerId\}/g, defaultCustomerId) : path2;
-      const url = `${BASE_URL}${resolvedPath}`;
-      const headers = new Headers(init?.headers);
-      headers.set("Authorization", `Bearer ${accessToken}`);
-      headers.set("developer-token", developerToken);
-      const lid = getLoginCustomerId();
-      if (lid) {
-        headers.set("login-customer-id", lid);
-      }
-      return fetch(url, { ...init, headers });
-    },
-    async search(query, customerId) {
-      const cid = resolveCustomerId(customerId);
-      const accessToken = await getAccessToken();
-      const url = `${BASE_URL}customers/${cid}/googleAds:searchStream`;
-      const headers = new Headers();
-      headers.set("Content-Type", "application/json");
-      headers.set("Authorization", `Bearer ${accessToken}`);
-      headers.set("developer-token", developerToken);
-      const lid = loginCustomerId || cid;
-      headers.set("login-customer-id", lid);
-      const response = await fetch(url, {
-        method: "POST",
-        headers,
-        body: JSON.stringify({ query })
-      });
-      if (!response.ok) {
-        const body = await response.text();
-        throw new Error(
-          `google-ads: search failed (${response.status}): ${body}`
-        );
-      }
-      const data = await response.json();
-      return data.flatMap((chunk) => chunk.results ?? []);
-    },
-    async listAccessibleCustomers() {
-      const accessToken = await getAccessToken();
-      const url = `${BASE_URL}customers:listAccessibleCustomers`;
-      const headers = new Headers();
-      headers.set("Authorization", `Bearer ${accessToken}`);
-      headers.set("developer-token", developerToken);
-      const response = await fetch(url, { method: "GET", headers });
-      if (!response.ok) {
-        const body = await response.text();
-        throw new Error(
-          `google-ads: listAccessibleCustomers failed (${response.status}): ${body}`
-        );
-      }
-      const data = await response.json();
-      return (data.resourceNames ?? []).map(
-        (rn) => rn.replace(/^customers\//, "")
-      );
-    }
+    request,
+    search,
+    listAccessibleCustomers
   };
 }
 
@@ -329,21 +220,58 @@ var ConnectorPlugin = class _ConnectorPlugin {
    * Filters connections by connectorKey internally.
    * Returns tools keyed as `${connectorKey}_${toolName}`.
    */
-  createTools(connections, config) {
+  createTools(connections, config, opts) {
     const myConnections = connections.filter(
       (c) => _ConnectorPlugin.deriveKey(c.connector.slug, c.connector.authType) === this.connectorKey
     );
     const result = {};
     for (const t of Object.values(this.tools)) {
-      result[`${this.connectorKey}_${t.name}`] = t.createTool(
-        myConnections,
-        config
-      );
+      const tool = t.createTool(myConnections, config);
+      const originalToModelOutput = tool.toModelOutput;
+      result[`${this.connectorKey}_${t.name}`] = {
+        ...tool,
+        toModelOutput: async (options) => {
+          if (!originalToModelOutput) {
+            return opts.truncateOutput(options.output);
+          }
+          const modelOutput = await originalToModelOutput(options);
+          if (modelOutput.type === "text" || modelOutput.type === "json") {
+            return opts.truncateOutput(modelOutput.value);
+          }
+          return modelOutput;
+        }
+      };
     }
     return result;
   }
   static deriveKey(slug, authType) {
-    return authType ? `${slug}-${authType}` : slug;
+    if (authType) return `${slug}-${authType}`;
+    const LEGACY_NULL_AUTH_TYPE_MAP = {
+      // user-password
+      "postgresql": "user-password",
+      "mysql": "user-password",
+      "clickhouse": "user-password",
+      "kintone": "user-password",
+      "squadbase-db": "user-password",
+      // service-account
+      "snowflake": "service-account",
+      "bigquery": "service-account",
+      "google-analytics": "service-account",
+      "google-calendar": "service-account",
+      "aws-athena": "service-account",
+      "redshift": "service-account",
+      // api-key
+      "databricks": "api-key",
+      "dbt": "api-key",
+      "airtable": "api-key",
+      "openai": "api-key",
+      "gemini": "api-key",
+      "anthropic": "api-key",
+      "wix-store": "api-key"
+    };
+    const fallbackAuthType = LEGACY_NULL_AUTH_TYPE_MAP[slug];
+    if (fallbackAuthType) return `${slug}-${fallbackAuthType}`;
+    return slug;
   }
 };
 
@@ -357,50 +285,68 @@ var AUTH_TYPES = {
   USER_PASSWORD: "user-password"
 };
 
-// ../connectors/src/connectors/google-ads/setup.ts
-var googleAdsOnboarding = new ConnectorOnboarding({
-  dataOverviewInstructions: {
-    en: `1. Call google-ads_request with POST customers/{customerId}/googleAds:searchStream to explore available campaign data using GAQL: SELECT campaign.id, campaign.name, campaign.status FROM campaign LIMIT 10
-2. Explore ad group and keyword data as needed to understand the data structure`,
-    ja: `1. google-ads_request \u3067 POST customers/{customerId}/googleAds:searchStream \u3092\u547C\u3073\u51FA\u3057\u3001GAQL\u3067\u30AD\u30E3\u30F3\u30DA\u30FC\u30F3\u30C7\u30FC\u30BF\u3092\u63A2\u7D22: SELECT campaign.id, campaign.name, campaign.status FROM campaign LIMIT 10
-2. \u5FC5\u8981\u306B\u5FDC\u3058\u3066\u5E83\u544A\u30B0\u30EB\u30FC\u30D7\u3084\u30AD\u30FC\u30EF\u30FC\u30C9\u30C7\u30FC\u30BF\u3092\u63A2\u7D22\u3057\u3001\u30C7\u30FC\u30BF\u69CB\u9020\u3092\u628A\u63E1`
-  }
-});
-
-// ../connectors/src/connectors/google-ads/tools/request.ts
+// ../connectors/src/connectors/google-ads/tools/list-customers.ts
 import { z } from "zod";
 var BASE_URL2 = "https://googleads.googleapis.com/v18/";
 var REQUEST_TIMEOUT_MS = 6e4;
+var cachedToken = null;
+async function getProxyToken(config) {
+  if (cachedToken && cachedToken.expiresAt > Date.now() + 6e4) {
+    return cachedToken.token;
+  }
+  const url = `${config.appApiBaseUrl}/v0/database/${config.projectId}/environment/${config.environmentId}/oauth-request-proxy-token`;
+  const res = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": config.appApiKey,
+      "project-id": config.projectId
+    },
+    body: JSON.stringify({
+      sandboxId: config.sandboxId,
+      issuedBy: "coding-agent"
+    })
+  });
+  if (!res.ok) {
+    const errorText = await res.text().catch(() => res.statusText);
+    throw new Error(
+      `Failed to get proxy token: HTTP ${res.status} ${errorText}`
+    );
+  }
+  const data = await res.json();
+  cachedToken = {
+    token: data.token,
+    expiresAt: new Date(data.expiresAt).getTime()
+  };
+  return data.token;
+}
 var inputSchema = z.object({
   toolUseIntent: z.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
   ),
-  connectionId: z.string().describe("ID of the Google Ads connection to use"),
-  method: z.enum(["GET", "POST"]).describe("HTTP method"),
-  path: z.string().describe(
-    "API path appended to https://googleads.googleapis.com/v18/ (e.g., 'customers/{customerId}/googleAds:searchStream'). {customerId} is automatically replaced."
-  ),
-  body: z.record(z.string(), z.unknown()).optional().describe("POST request body (JSON)")
+  connectionId: z.string().describe("ID of the Google Ads OAuth connection to use")
 });
 var outputSchema = z.discriminatedUnion("success", [
   z.object({
     success: z.literal(true),
-    status: z.number(),
-    data: z.unknown()
+    customers: z.array(
+      z.object({
+        customerId: z.string(),
+        descriptiveName: z.string()
+      })
+    )
   }),
   z.object({
     success: z.literal(false),
     error: z.string()
   })
 ]);
-var requestTool = new ConnectorTool({
-  name: "request",
-  description: `Send authenticated requests to the Google Ads API v18.
-Authentication is handled automatically using a service account.
-{customerId} in the path is automatically replaced with the connection's customer ID (hyphens removed).`,
+var listCustomersTool = new ConnectorTool({
+  name: "listCustomers",
+  description: "List Google Ads customer accounts accessible with the current OAuth credentials.",
   inputSchema,
   outputSchema,
-  async execute({ connectionId, method, path: path2, body }, connections) {
+  async execute({ connectionId }, connections, config) {
     const connection2 = connections.find((c) => c.id === connectionId);
     if (!connection2) {
       return {
@@ -409,57 +355,82 @@ Authentication is handled automatically using a service account.
       };
     }
     console.log(
-      `[connector-request] google-ads/${connection2.name}: ${method} ${path2}`
+      `[connector-request] google-ads/${connection2.name}: listCustomers`
     );
     try {
-      const { GoogleAuth } = await import("google-auth-library");
-      const keyJsonBase64 = parameters.serviceAccountKeyJsonBase64.getValue(connection2);
       const developerToken = parameters.developerToken.getValue(connection2);
-      const rawCustomerId = parameters.customerId.tryGetValue(connection2);
-      const customerId = rawCustomerId?.replace(/-/g, "") ?? "";
-      const rawLoginCustomerId = parameters.loginCustomerId.tryGetValue(connection2);
-      const loginCustomerId = rawLoginCustomerId?.replace(/-/g, "") ?? "";
-      const credentials = JSON.parse(
-        Buffer.from(keyJsonBase64, "base64").toString("utf-8")
-      );
-      const auth = new GoogleAuth({
-        credentials,
-        scopes: ["https://www.googleapis.com/auth/adwords"]
-      });
-      const token = await auth.getAccessToken();
-      if (!token) {
-        return {
-          success: false,
-          error: "Failed to obtain access token"
-        };
-      }
-      const resolvedPath = customerId ? path2.replace(/\{customerId\}/g, customerId) : path2;
-      const url = `${BASE_URL2}${resolvedPath}`;
+      const token = await getProxyToken(config.oauthProxy);
+      const proxyUrl = `https://${config.oauthProxy.sandboxId}.${config.oauthProxy.previewBaseDomain}/_sqcore/connections/${connectionId}/request`;
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
       try {
-        const lid = loginCustomerId || customerId;
-        const response = await fetch(url, {
-          method,
+        const response = await fetch(proxyUrl, {
+          method: "POST",
           headers: {
-            Authorization: `Bearer ${token}`,
             "Content-Type": "application/json",
-            "developer-token": developerToken,
-            ...lid ? { "login-customer-id": lid } : {}
+            Authorization: `Bearer ${token}`
           },
-          body: method === "POST" && body ? JSON.stringify(body) : void 0,
+          body: JSON.stringify({
+            url: `${BASE_URL2}customers:listAccessibleCustomers`,
+            method: "GET",
+            headers: {
+              "developer-token": developerToken
+            }
+          }),
           signal: controller.signal
         });
         const data = await response.json();
         if (!response.ok) {
-          const dataObj = data;
-          const errorObj = dataObj?.error;
-          return {
-            success: false,
-            error: errorObj?.message ?? `HTTP ${response.status} ${response.statusText}`
-          };
+          const errorMessage = typeof data?.error === "string" ? data.error : typeof data?.message === "string" ? data.message : `HTTP ${response.status} ${response.statusText}`;
+          return { success: false, error: errorMessage };
         }
-        return { success: true, status: response.status, data };
+        const customerIds = (data.resourceNames ?? []).map(
+          (rn) => rn.replace(/^customers\//, "")
+        );
+        const customers = [];
+        for (const cid of customerIds) {
+          try {
+            const detailResponse = await fetch(proxyUrl, {
+              method: "POST",
+              headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${token}`
+              },
+              body: JSON.stringify({
+                url: `${BASE_URL2}customers/${cid}/googleAds:searchStream`,
+                method: "POST",
+                headers: {
+                  "Content-Type": "application/json",
+                  "developer-token": developerToken,
+                  "login-customer-id": cid
+                },
+                body: JSON.stringify({
+                  query: "SELECT customer.id, customer.descriptive_name FROM customer LIMIT 1"
+                })
+              }),
+              signal: controller.signal
+            });
+            if (detailResponse.ok) {
+              const detailData = await detailResponse.json();
+              const customer = detailData?.[0]?.results?.[0]?.customer;
+              customers.push({
+                customerId: cid,
+                descriptiveName: customer?.descriptiveName ?? cid
+              });
+            } else {
+              customers.push({
+                customerId: cid,
+                descriptiveName: cid
+              });
+            }
+          } catch {
+            customers.push({
+              customerId: cid,
+              descriptiveName: cid
+            });
+          }
+        }
+        return { success: true, customers };
       } finally {
         clearTimeout(timeout);
       }
@@ -470,37 +441,122 @@ Authentication is handled automatically using a service account.
   }
 });
 
-// ../connectors/src/connectors/google-ads/tools/list-customers.ts
+// ../connectors/src/connectors/google-ads/setup.ts
+var listCustomersToolName = `google-ads-oauth_${listCustomersTool.name}`;
+var googleAdsOnboarding = new ConnectorOnboarding({
+  connectionSetupInstructions: {
+    ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Ads (OAuth) \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
+
+1. \u30E6\u30FC\u30B6\u30FC\u306B\u300CGoogle Ads API \u306E Developer Token \u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\uFF08Google Ads \u7BA1\u7406\u753B\u9762 > \u30C4\u30FC\u30EB\u3068\u8A2D\u5B9A > API \u30BB\u30F3\u30BF\u30FC\u3067\u53D6\u5F97\u3067\u304D\u307E\u3059\uFF09\u300D\u3068\u4F1D\u3048\u308B
+2. \`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
+   - \`parameterSlug\`: \`"developer-token"\`
+   - \`value\`: \u30E6\u30FC\u30B6\u30FC\u304C\u63D0\u4F9B\u3057\u305F Developer Token
+3. \`${listCustomersToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001OAuth\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306AGoogle Ads\u30AB\u30B9\u30BF\u30DE\u30FC\u30A2\u30AB\u30A6\u30F3\u30C8\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B
+4. \`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
+   - \`parameterSlug\`: \`"customer-id"\`
+   - \`options\`: \u30AB\u30B9\u30BF\u30DE\u30FC\u4E00\u89A7\u3002\u5404 option \u306E \`label\` \u306F \`\u30A2\u30AB\u30A6\u30F3\u30C8\u540D (id: \u30AB\u30B9\u30BF\u30DE\u30FCID)\` \u306E\u5F62\u5F0F\u3001\`value\` \u306F\u30AB\u30B9\u30BF\u30DE\u30FCID
+5. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F\u30AB\u30B9\u30BF\u30DE\u30FC\u306E \`label\` \u304C\u30E1\u30C3\u30BB\u30FC\u30B8\u3068\u3057\u3066\u5C4A\u304F\u306E\u3067\u3001\u6B21\u306E\u30B9\u30C6\u30C3\u30D7\u306B\u9032\u3080
+6. \`updateConnectionContext\` \u3092\u547C\u3073\u51FA\u3059:
+   - \`customer\`: \u9078\u629E\u3055\u308C\u305F\u30AB\u30B9\u30BF\u30DE\u30FC\u306E\u8868\u793A\u540D
+   - \`customerId\`: \u9078\u629E\u3055\u308C\u305F\u30AB\u30B9\u30BF\u30DE\u30FCID
+   - \`note\`: \u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u5185\u5BB9\u306E\u7C21\u5358\u306A\u8AAC\u660E
+
+#### \u5236\u7D04
+- **\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u30EC\u30DD\u30FC\u30C8\u30C7\u30FC\u30BF\u3092\u53D6\u5F97\u3057\u306A\u3044\u3053\u3068**\u3002\u5B9F\u884C\u3057\u3066\u3088\u3044\u306E\u306F\u4E0A\u8A18\u624B\u9806\u3067\u6307\u5B9A\u3055\u308C\u305F\u30E1\u30BF\u30C7\u30FC\u30BF\u53D6\u5F97\u306E\u307F
+- \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
+    en: `Follow these steps to set up the Google Ads (OAuth) connection.
+
+1. Ask the user to provide their Google Ads API Developer Token (available in Google Ads UI > Tools & Settings > API Center)
+2. Call \`updateConnectionParameters\`:
+   - \`parameterSlug\`: \`"developer-token"\`
+   - \`value\`: The Developer Token provided by the user
+3. Call \`${listCustomersToolName}\` to get the list of Google Ads customer accounts accessible with the OAuth credentials
+4. Call \`updateConnectionParameters\`:
+   - \`parameterSlug\`: \`"customer-id"\`
+   - \`options\`: The customer list. Each option's \`label\` should be \`Account Name (id: customerId)\`, \`value\` should be the customer ID
+5. The \`label\` of the user's selected customer will arrive as a message. Proceed to the next step
+6. Call \`updateConnectionContext\`:
+   - \`customer\`: The selected customer's display name
+   - \`customerId\`: The selected customer ID
+   - \`note\`: Brief description of the setup
+
+#### Constraints
+- **Do NOT fetch report data during setup**. Only the metadata requests specified in the steps above are allowed
+- Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently`
+  },
+  dataOverviewInstructions: {
+    en: `1. Call google-ads-oauth_request with POST customers/{customerId}/googleAds:searchStream to explore available campaign data using GAQL: SELECT campaign.id, campaign.name, campaign.status FROM campaign LIMIT 10
+2. Explore ad group and keyword data as needed to understand the data structure`,
+    ja: `1. google-ads-oauth_request \u3067 POST customers/{customerId}/googleAds:searchStream \u3092\u547C\u3073\u51FA\u3057\u3001GAQL\u3067\u30AD\u30E3\u30F3\u30DA\u30FC\u30F3\u30C7\u30FC\u30BF\u3092\u63A2\u7D22: SELECT campaign.id, campaign.name, campaign.status FROM campaign LIMIT 10
+2. \u5FC5\u8981\u306B\u5FDC\u3058\u3066\u5E83\u544A\u30B0\u30EB\u30FC\u30D7\u3084\u30AD\u30FC\u30EF\u30FC\u30C9\u30C7\u30FC\u30BF\u3092\u63A2\u7D22\u3057\u3001\u30C7\u30FC\u30BF\u69CB\u9020\u3092\u628A\u63E1`
+  }
+});
+
+// ../connectors/src/connectors/google-ads/tools/request.ts
 import { z as z2 } from "zod";
 var BASE_URL3 = "https://googleads.googleapis.com/v18/";
 var REQUEST_TIMEOUT_MS2 = 6e4;
+var cachedToken2 = null;
+async function getProxyToken2(config) {
+  if (cachedToken2 && cachedToken2.expiresAt > Date.now() + 6e4) {
+    return cachedToken2.token;
+  }
+  const url = `${config.appApiBaseUrl}/v0/database/${config.projectId}/environment/${config.environmentId}/oauth-request-proxy-token`;
+  const res = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": config.appApiKey,
+      "project-id": config.projectId
+    },
+    body: JSON.stringify({
+      sandboxId: config.sandboxId,
+      issuedBy: "coding-agent"
+    })
+  });
+  if (!res.ok) {
+    const errorText = await res.text().catch(() => res.statusText);
+    throw new Error(
+      `Failed to get proxy token: HTTP ${res.status} ${errorText}`
+    );
+  }
+  const data = await res.json();
+  cachedToken2 = {
+    token: data.token,
+    expiresAt: new Date(data.expiresAt).getTime()
+  };
+  return data.token;
+}
 var inputSchema2 = z2.object({
   toolUseIntent: z2.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
   ),
-  connectionId: z2.string().describe("ID of the Google Ads connection to use")
+  connectionId: z2.string().describe("ID of the Google Ads OAuth connection to use"),
+  method: z2.enum(["GET", "POST"]).describe("HTTP method"),
+  path: z2.string().describe(
+    "API path appended to https://googleads.googleapis.com/v18/ (e.g., 'customers/{customerId}/googleAds:searchStream'). {customerId} is automatically replaced."
+  ),
+  body: z2.record(z2.string(), z2.unknown()).optional().describe("POST request body (JSON)")
 });
 var outputSchema2 = z2.discriminatedUnion("success", [
   z2.object({
     success: z2.literal(true),
-    customers: z2.array(
-      z2.object({
-        customerId: z2.string(),
-        descriptiveName: z2.string()
-      })
-    )
+    status: z2.number(),
+    data: z2.unknown()
   }),
   z2.object({
     success: z2.literal(false),
     error: z2.string()
   })
 ]);
-var listCustomersTool = new ConnectorTool({
-  name: "listCustomers",
-  description: "List Google Ads customer accounts accessible with the service account credentials.",
+var requestTool = new ConnectorTool({
+  name: "request",
+  description: `Send authenticated requests to the Google Ads API v18.
+Authentication is handled automatically via OAuth proxy.
+{customerId} in the path is automatically replaced with the connection's customer ID (hyphens removed).`,
   inputSchema: inputSchema2,
   outputSchema: outputSchema2,
-  async execute({ connectionId }, connections) {
+  async execute({ connectionId, method, path: path2, body }, connections, config) {
     const connection2 = connections.find((c) => c.id === connectionId);
     if (!connection2) {
       return {
@@ -509,90 +565,44 @@ var listCustomersTool = new ConnectorTool({
       };
     }
     console.log(
-      `[connector-request] google-ads/${connection2.name}: listCustomers`
+      `[connector-request] google-ads/${connection2.name}: ${method} ${path2}`
     );
     try {
-      const { GoogleAuth } = await import("google-auth-library");
-      const keyJsonBase64 = parameters.serviceAccountKeyJsonBase64.getValue(connection2);
-      const developerToken = parameters.developerToken.getValue(connection2);
-      const credentials = JSON.parse(
-        Buffer.from(keyJsonBase64, "base64").toString("utf-8")
-      );
-      const auth = new GoogleAuth({
-        credentials,
-        scopes: ["https://www.googleapis.com/auth/adwords"]
-      });
-      const token = await auth.getAccessToken();
-      if (!token) {
-        return {
-          success: false,
-          error: "Failed to obtain access token"
-        };
-      }
+      const rawCustomerId = parameters.customerId.tryGetValue(connection2);
+      const customerId = rawCustomerId?.replace(/-/g, "") ?? "";
+      const resolvedPath = customerId ? path2.replace(/\{customerId\}/g, customerId) : path2;
+      const url = `${BASE_URL3}${resolvedPath}`;
+      const token = await getProxyToken2(config.oauthProxy);
+      const proxyUrl = `https://${config.oauthProxy.sandboxId}.${config.oauthProxy.previewBaseDomain}/_sqcore/connections/${connectionId}/request`;
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS2);
       try {
-        const listResponse = await fetch(
-          `${BASE_URL3}customers:listAccessibleCustomers`,
-          {
-            method: "GET",
+        const developerToken = parameters.developerToken.getValue(connection2);
+        const response = await fetch(proxyUrl, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${token}`
+          },
+          body: JSON.stringify({
+            url,
+            method,
             headers: {
-              Authorization: `Bearer ${token}`,
-              "developer-token": developerToken
+              "Content-Type": "application/json",
+              "developer-token": developerToken,
+              ...customerId ? { "login-customer-id": customerId } : {}
             },
-            signal: controller.signal
-          }
-        );
-        const listData = await listResponse.json();
-        if (!listResponse.ok) {
-          return {
-            success: false,
-            error: listData.error?.message ?? `HTTP ${listResponse.status} ${listResponse.statusText}`
-          };
-        }
-        const customerIds = (listData.resourceNames ?? []).map(
-          (rn) => rn.replace(/^customers\//, "")
-        );
-        const customers = [];
-        for (const cid of customerIds) {
-          try {
-            const detailResponse = await fetch(
-              `${BASE_URL3}customers/${cid}/googleAds:searchStream`,
-              {
-                method: "POST",
-                headers: {
-                  Authorization: `Bearer ${token}`,
-                  "Content-Type": "application/json",
-                  "developer-token": developerToken,
-                  "login-customer-id": cid
-                },
-                body: JSON.stringify({
-                  query: "SELECT customer.id, customer.descriptive_name FROM customer LIMIT 1"
-                }),
-                signal: controller.signal
-              }
-            );
-            if (detailResponse.ok) {
-              const detailData = await detailResponse.json();
-              const customer = detailData?.[0]?.results?.[0]?.customer;
-              customers.push({
-                customerId: cid,
-                descriptiveName: customer?.descriptiveName ?? cid
-              });
-            } else {
-              customers.push({
-                customerId: cid,
-                descriptiveName: cid
-              });
-            }
-          } catch {
-            customers.push({
-              customerId: cid,
-              descriptiveName: cid
-            });
-          }
+            ...method === "POST" && body ? { body: JSON.stringify(body) } : {}
+          }),
+          signal: controller.signal
+        });
+        const data = await response.json();
+        if (!response.ok) {
+          const dataObj = data;
+          const errorMessage = typeof dataObj?.error === "string" ? dataObj.error : typeof dataObj?.message === "string" ? dataObj.message : `HTTP ${response.status} ${response.statusText}`;
+          return { success: false, error: errorMessage };
         }
-        return { success: true, customers };
+        return { success: true, status: response.status, data };
       } finally {
         clearTimeout(timeout);
       }
@@ -610,18 +620,28 @@ var tools = {
 };
 var googleAdsConnector = new ConnectorPlugin({
   slug: "google-ads",
-  authType: AUTH_TYPES.SERVICE_ACCOUNT,
+  authType: AUTH_TYPES.OAUTH,
   name: "Google Ads",
-  description: "Connect to Google Ads for advertising campaign data and reporting using a service account.",
+  description: "Connect to Google Ads for advertising campaign data and reporting using OAuth.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/1NGvmgvCxX7Tn11EST2N3N/a745fe7c63d360ed40a27ddaad3af168/google-ads.svg",
   parameters,
   releaseFlag: { dev1: true, dev2: false, prod: false },
   onboarding: googleAdsOnboarding,
+  proxyPolicy: {
+    allowlist: [
+      {
+        host: "googleads.googleapis.com",
+        methods: ["GET", "POST"]
+      }
+    ]
+  },
   systemPrompt: {
-    en: `### Tools
+    en: `### Tools (setup-time only)
+
+- \`google-ads-oauth_request\`: Send authenticated requests to the Google Ads API during setup / data overview. Use it for GAQL queries via searchStream. The {customerId} placeholder in paths is automatically replaced (hyphens removed). Authentication and developer token are configured automatically.
+- \`google-ads-oauth_listCustomers\`: List accessible Google Ads customer accounts. Use this during setup to discover available accounts.
 
-- \`google-ads_request\`: Send authenticated requests to the Google Ads API. Use it for GAQL queries via searchStream. The {customerId} placeholder in paths is automatically replaced (hyphens removed). Authentication via service account and developer token are configured automatically.
-- \`google-ads_listCustomers\`: List accessible Google Ads customer accounts. Use this during setup to discover available accounts.
+> **Important**: These tools are only available at setup time. Inside server-logic handlers, use the SDK (\`connection(id).search\`, etc.) \u2014 the SDK's fetch is already wired through the OAuth proxy. **Do NOT** hand-roll HTTP calls to \`_sqcore/connections/*/request\` from a handler.
 
 ### Google Ads API Reference
 
@@ -653,7 +673,14 @@ segments.date, segments.device, segments.ad_network_type
 
 ### Business Logic
 
-The business logic type for this connector is "typescript". Write handler code using the connector SDK shown below. Do NOT access credentials directly from environment variables.
+The business logic type for this connector is "typescript". Write handler code using the connector SDK shown below. Do NOT access credentials directly from environment variables and do NOT read \`INTERNAL_SQUADBASE_*\` env vars \u2014 the SDK takes care of OAuth.
+
+SDK surface (client created via \`connection(connectionId)\`):
+- \`client.request(path, init?)\` \u2014 low-level authenticated fetch. \`{customerId}\` placeholders in the path are auto-replaced with the configured customer id.
+- \`client.search(query, customerId?)\` \u2014 execute a GAQL query via searchStream and get rows back.
+- \`client.listAccessibleCustomers()\` \u2014 return the list of customer IDs the OAuth user can access.
+
+If a handler test fails with \`Connection proxy is not configured\`, retry \u2014 the sandbox is still initializing. Do NOT abandon the SDK and construct OAuth proxy URLs manually.
 
 #### Example
 
@@ -671,10 +698,12 @@ rows.forEach(row => console.log(row));
 // List accessible customer accounts
 const customerIds = await ads.listAccessibleCustomers();
 \`\`\``,
-    ja: `### \u30C4\u30FC\u30EB
+    ja: `### \u30C4\u30FC\u30EB\uFF08\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u6642\u306E\u307F\uFF09
 
-- \`google-ads_request\`: Google Ads API\u3078\u8A8D\u8A3C\u6E08\u307F\u30EA\u30AF\u30A8\u30B9\u30C8\u3092\u9001\u4FE1\u3057\u307E\u3059\u3002searchStream\u3092\u4F7F\u3063\u305FGAQL\u30AF\u30A8\u30EA\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u30D1\u30B9\u5185\u306E{customerId}\u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u306F\u81EA\u52D5\u7684\u306B\u7F6E\u63DB\u3055\u308C\u307E\u3059\uFF08\u30CF\u30A4\u30D5\u30F3\u306F\u9664\u53BB\uFF09\u3002\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306B\u3088\u308B\u8A8D\u8A3C\u3068\u30C7\u30D9\u30ED\u30C3\u30D1\u30FC\u30C8\u30FC\u30AF\u30F3\u306F\u81EA\u52D5\u8A2D\u5B9A\u3055\u308C\u307E\u3059\u3002
-- \`google-ads_listCustomers\`: \u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306AGoogle Ads\u9867\u5BA2\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u4E00\u89A7\u3092\u53D6\u5F97\u3057\u307E\u3059\u3002\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u6642\u306B\u5229\u7528\u53EF\u80FD\u306A\u30A2\u30AB\u30A6\u30F3\u30C8\u3092\u78BA\u8A8D\u3059\u308B\u305F\u3081\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002
+- \`google-ads-oauth_request\`: \u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3084\u30C7\u30FC\u30BF\u6982\u8981\u628A\u63E1\u6642\u306B Google Ads API \u3078\u8A8D\u8A3C\u6E08\u307F\u30EA\u30AF\u30A8\u30B9\u30C8\u3092\u9001\u4FE1\u3057\u307E\u3059\u3002searchStream \u3092\u4F7F\u3063\u305F GAQL \u30AF\u30A8\u30EA\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u30D1\u30B9\u5185\u306E {customerId} \u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u306F\u81EA\u52D5\u7684\u306B\u7F6E\u63DB\u3055\u308C\u307E\u3059\uFF08\u30CF\u30A4\u30D5\u30F3\u306F\u9664\u53BB\uFF09\u3002\u8A8D\u8A3C\u3068\u30C7\u30D9\u30ED\u30C3\u30D1\u30FC\u30C8\u30FC\u30AF\u30F3\u306F\u81EA\u52D5\u8A2D\u5B9A\u3055\u308C\u307E\u3059\u3002
+- \`google-ads-oauth_listCustomers\`: \u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A Google Ads \u9867\u5BA2\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u4E00\u89A7\u3092\u53D6\u5F97\u3057\u307E\u3059\u3002\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u6642\u306B\u5229\u7528\u53EF\u80FD\u306A\u30A2\u30AB\u30A6\u30F3\u30C8\u3092\u78BA\u8A8D\u3059\u308B\u305F\u3081\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002
+
+> **\u91CD\u8981**: \u3053\u308C\u3089\u306E\u30C4\u30FC\u30EB\u306F\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u6642\u306E\u307F\u5229\u7528\u53EF\u80FD\u3067\u3059\u3002\u30B5\u30FC\u30D0\u30FC\u30ED\u30B8\u30C3\u30AF\u306E\u30CF\u30F3\u30C9\u30E9\u5185\u3067\u306F\u5FC5\u305A SDK\uFF08\`connection(id).search\` \u306A\u3069\uFF09\u3092\u4F7F\u3063\u3066\u304F\u3060\u3055\u3044\u3002SDK \u306E fetch \u306F OAuth \u30D7\u30ED\u30AD\u30B7\u7D4C\u7531\u3067\u65E2\u306B\u914D\u7DDA\u3055\u308C\u3066\u3044\u307E\u3059\u3002\u30CF\u30F3\u30C9\u30E9\u304B\u3089 \`_sqcore/connections/*/request\` \u3092\u624B\u66F8\u304D\u3067\u547C\u3073\u51FA\u3055\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
 
 ### Google Ads API \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
 
@@ -706,7 +735,14 @@ segments.date, segments.device, segments.ad_network_type
 
 ### Business Logic
 
-\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u4EE5\u4E0B\u306B\u793A\u3059\u30B3\u30CD\u30AF\u30BFSDK\u3092\u4F7F\u7528\u3057\u3066\u30CF\u30F3\u30C9\u30E9\u30B3\u30FC\u30C9\u3092\u8A18\u8FF0\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u76F4\u63A5\u8A8D\u8A3C\u60C5\u5831\u306B\u30A2\u30AF\u30BB\u30B9\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u4EE5\u4E0B\u306B\u793A\u3059\u30B3\u30CD\u30AF\u30BF SDK \u3092\u4F7F\u7528\u3057\u3066\u30CF\u30F3\u30C9\u30E9\u30B3\u30FC\u30C9\u3092\u8A18\u8FF0\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u76F4\u63A5\u8A8D\u8A3C\u60C5\u5831\u306B\u30A2\u30AF\u30BB\u30B9\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002\`INTERNAL_SQUADBASE_*\` \u306E\u74B0\u5883\u5909\u6570\u3092\u4F7F\u3063\u3066\u624B\u52D5\u3067 OAuth \u30D7\u30ED\u30AD\u30B7\u3092\u53E9\u304F\u3053\u3068\u3082\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044 \u2014 SDK \u304C OAuth \u3092\u51E6\u7406\u3057\u307E\u3059\u3002
+
+SDK\uFF08\`connection(connectionId)\` \u3067\u4F5C\u6210\u3057\u305F\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8\uFF09:
+- \`client.request(path, init?)\` \u2014 \u4F4E\u30EC\u30D9\u30EB\u306E\u8A8D\u8A3C\u4ED8\u304D fetch\u3002\u30D1\u30B9\u5185\u306E \`{customerId}\` \u306F\u81EA\u52D5\u7684\u306B\u8A2D\u5B9A\u6E08\u307F\u30AB\u30B9\u30BF\u30DE\u30FC ID \u306B\u7F6E\u63DB\u3055\u308C\u307E\u3059\u3002
+- \`client.search(query, customerId?)\` \u2014 GAQL \u30AF\u30A8\u30EA\u3092 searchStream \u3067\u5B9F\u884C\u3057\u3001\u884C\u3092\u53D6\u5F97\u3002
+- \`client.listAccessibleCustomers()\` \u2014 OAuth \u30E6\u30FC\u30B6\u30FC\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30B9\u30BF\u30DE\u30FC ID \u4E00\u89A7\u3092\u53D6\u5F97\u3002
+
+\u30CF\u30F3\u30C9\u30E9\u306E\u30C6\u30B9\u30C8\u304C \`Connection proxy is not configured\` \u3067\u5931\u6557\u3059\u308B\u5834\u5408\u306F\u518D\u8A66\u884C\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u901A\u5E38\u306F\u30B5\u30F3\u30C9\u30DC\u30C3\u30AF\u30B9\u306E\u521D\u671F\u5316\u4E2D\u306B\u8D77\u304D\u307E\u3059\u3002SDK \u3092\u8AE6\u3081\u3066 OAuth \u30D7\u30ED\u30AD\u30B7\u306E URL \u3092\u81EA\u5206\u3067\u7D44\u307F\u7ACB\u3066\u308B\u3053\u3068\u306F **\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044**\u3002
 
 #### Example
 
@@ -725,7 +761,49 @@ rows.forEach(row => console.log(row));
 const customerIds = await ads.listAccessibleCustomers();
 \`\`\``
   },
-  tools
+  tools,
+  async checkConnection(params, config) {
+    const { proxyFetch } = config;
+    const rawCustomerId = params[parameters.customerId.slug];
+    const customerId = rawCustomerId?.replace(/-/g, "");
+    if (!customerId) {
+      return { success: true };
+    }
+    const developerToken = params[parameters.developerToken.slug];
+    if (!developerToken) {
+      return {
+        success: false,
+        error: "Developer token is required"
+      };
+    }
+    const url = `https://googleads.googleapis.com/v18/customers/${customerId}/googleAds:searchStream`;
+    try {
+      const res = await proxyFetch(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "developer-token": developerToken,
+          "login-customer-id": customerId
+        },
+        body: JSON.stringify({
+          query: "SELECT customer.id FROM customer LIMIT 1"
+        })
+      });
+      if (!res.ok) {
+        const errorText = await res.text().catch(() => res.statusText);
+        return {
+          success: false,
+          error: `Google Ads API failed: HTTP ${res.status} ${errorText}`
+        };
+      }
+      return { success: true };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : String(error)
+      };
+    }
+  }
 });
 
 // src/connectors/create-connector-sdk.ts