@squadbase/vite-server 0.1.7 → 0.1.8-dev.468a970

package/dist/main.js

@@ -2805,22 +2805,22 @@ var require_nacl_fast = __commonJS({
         randombytes = fn;
       };
       (function() {
-        var crypto9 = typeof self !== "undefined" ? self.crypto || self.msCrypto : null;
-        if (crypto9 && crypto9.getRandomValues) {
+        var crypto8 = typeof self !== "undefined" ? self.crypto || self.msCrypto : null;
+        if (crypto8 && crypto8.getRandomValues) {
           var QUOTA = 65536;
           nacl.setPRNG(function(x6, n6) {
             var i6, v7 = new Uint8Array(n6);
             for (i6 = 0; i6 < n6; i6 += QUOTA) {
-              crypto9.getRandomValues(v7.subarray(i6, i6 + Math.min(n6 - i6, QUOTA)));
+              crypto8.getRandomValues(v7.subarray(i6, i6 + Math.min(n6 - i6, QUOTA)));
             }
             for (i6 = 0; i6 < n6; i6++) x6[i6] = v7[i6];
             cleanup(v7);
           });
         } else if (typeof __require !== "undefined") {
-          crypto9 = __require("crypto");
-          if (crypto9 && crypto9.randomBytes) {
+          crypto8 = __require("crypto");
+          if (crypto8 && crypto8.randomBytes) {
             nacl.setPRNG(function(x6, n6) {
-              var i6, v7 = crypto9.randomBytes(n6);
+              var i6, v7 = crypto8.randomBytes(n6);
               for (i6 = 0; i6 < n6; i6++) x6[i6] = v7[i6];
               cleanup(v7);
             });
@@ -4088,13 +4088,13 @@ var require_bcrypt_pbkdf = __commonJS({
 var cpufeatures_default;
 var init_cpufeatures = __esm({
   "../../node_modules/cpu-features/build/Release/cpufeatures.node"() {
-    cpufeatures_default = "./cpufeatures-FL6HDURN.node";
+    cpufeatures_default = "./cpufeatures-ORCDQN2Y.node";
   }
 });
 
-// node-file:/Users/hasegawa/projects/squadbase/squadbase-monorepo/node_modules/cpu-features/build/Release/cpufeatures.node
+// node-file:/home/runner/work/squadbase-monorepo/squadbase-monorepo/node_modules/cpu-features/build/Release/cpufeatures.node
 var require_cpufeatures = __commonJS({
-  "node-file:/Users/hasegawa/projects/squadbase/squadbase-monorepo/node_modules/cpu-features/build/Release/cpufeatures.node"(exports2, module) {
+  "node-file:/home/runner/work/squadbase-monorepo/squadbase-monorepo/node_modules/cpu-features/build/Release/cpufeatures.node"(exports2, module) {
     "use strict";
     init_cpufeatures();
     try {
@@ -4117,7 +4117,7 @@ var require_lib2 = __commonJS({
 var require_constants = __commonJS({
   "../../node_modules/ssh2/lib/protocol/constants.js"(exports2, module) {
     "use strict";
-    var crypto9 = __require("crypto");
+    var crypto8 = __require("crypto");
     var cpuInfo;
     try {
       cpuInfo = require_lib2()();
@@ -4125,21 +4125,21 @@ var require_constants = __commonJS({
     }
     var { bindingAvailable, CIPHER_INFO, MAC_INFO } = require_crypto();
     var eddsaSupported = (() => {
-      if (typeof crypto9.sign === "function" && typeof crypto9.verify === "function") {
+      if (typeof crypto8.sign === "function" && typeof crypto8.verify === "function") {
         const key = "-----BEGIN PRIVATE KEY-----\r\nMC4CAQAwBQYDK2VwBCIEIHKj+sVa9WcD/q2DJUJaf43Kptc8xYuUQA4bOFj9vC8T\r\n-----END PRIVATE KEY-----";
         const data = Buffer.from("a");
         let sig;
         let verified;
         try {
-          sig = crypto9.sign(null, data, key);
-          verified = crypto9.verify(null, data, key, sig);
+          sig = crypto8.sign(null, data, key);
+          verified = crypto8.verify(null, data, key, sig);
         } catch {
         }
         return Buffer.isBuffer(sig) && sig.length === 64 && verified === true;
       }
       return false;
     })();
-    var curve25519Supported = typeof crypto9.diffieHellman === "function" && typeof crypto9.generateKeyPairSync === "function" && typeof crypto9.createPublicKey === "function";
+    var curve25519Supported = typeof crypto8.diffieHellman === "function" && typeof crypto8.generateKeyPairSync === "function" && typeof crypto8.createPublicKey === "function";
     var DEFAULT_KEX = [
       // https://tools.ietf.org/html/rfc5656#section-10.1
       "ecdh-sha2-nistp256",
@@ -4182,7 +4182,7 @@ var require_constants = __commonJS({
       "ssh-dss"
     ]);
     var canUseCipher = (() => {
-      const ciphers = crypto9.getCiphers();
+      const ciphers = crypto8.getCiphers();
       return (name) => ciphers.includes(CIPHER_INFO[name].sslName);
     })();
     var DEFAULT_CIPHER = [
@@ -4220,7 +4220,7 @@ var require_constants = __commonJS({
       "arcfour"
     ].filter(canUseCipher));
     var canUseMAC = (() => {
-      const hashes = crypto9.getHashes();
+      const hashes = crypto8.getHashes();
       return (name) => hashes.includes(MAC_INFO[name].sslName);
     })();
     var DEFAULT_MAC = [
@@ -4826,13 +4826,13 @@ var require_utils = __commonJS({
 var sshcrypto_default;
 var init_sshcrypto = __esm({
   "../../node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node"() {
-    sshcrypto_default = "./sshcrypto-XARBAYLB.node";
+    sshcrypto_default = "./sshcrypto-P3UBA7BP.node";
   }
 });
 
-// node-file:/Users/hasegawa/projects/squadbase/squadbase-monorepo/node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
+// node-file:/home/runner/work/squadbase-monorepo/squadbase-monorepo/node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node
 var require_sshcrypto = __commonJS({
-  "node-file:/Users/hasegawa/projects/squadbase/squadbase-monorepo/node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node"(exports2, module) {
+  "node-file:/home/runner/work/squadbase-monorepo/squadbase-monorepo/node_modules/ssh2/lib/protocol/crypto/build/Release/sshcrypto.node"(exports2, module) {
     "use strict";
     init_sshcrypto();
     try {
@@ -6604,7 +6604,7 @@ var require_keyParser = __commonJS({
       createECDH,
       createHash: createHash4,
       createHmac: createHmac2,
-      createSign: createSign2,
+      createSign,
       createVerify,
       getCiphers,
       sign: sign_,
@@ -6905,7 +6905,7 @@ ${formatted}-----END ${type} KEY-----`;
             return new Error("No private key available");
           if (!algo || typeof algo !== "string")
             algo = this[SYM_HASH_ALGO];
-          const signature = createSign2(algo);
+          const signature = createSign(algo);
           signature.update(data);
           try {
             return signature.sign(pem);
@@ -20414,8 +20414,8 @@ var require_bson = __commonJS({
       return crypto.getRandomValues(nodeJsByteUtils.allocate(byteLength));
     }
     var nodejsRandomBytes = (() => {
-      const { crypto: crypto9 } = globalThis;
-      if (crypto9 != null && typeof crypto9.getRandomValues === "function") {
+      const { crypto: crypto8 } = globalThis;
+      if (crypto8 != null && typeof crypto8.getRandomValues === "function") {
         return nodejsSecureRandomBytes;
       } else {
         return nodejsMathRandomBytes;
@@ -20520,10 +20520,10 @@ var require_bson = __commonJS({
       return webByteUtils.fromNumberArray(Array.from({ length: byteLength }, () => Math.floor(Math.random() * 256)));
     }
     var webRandomBytes = (() => {
-      const { crypto: crypto9 } = globalThis;
-      if (crypto9 != null && typeof crypto9.getRandomValues === "function") {
+      const { crypto: crypto8 } = globalThis;
+      if (crypto8 != null && typeof crypto8.getRandomValues === "function") {
         return (byteLength) => {
-          return crypto9.getRandomValues(webByteUtils.allocate(byteLength));
+          return crypto8.getRandomValues(webByteUtils.allocate(byteLength));
         };
       } else {
         if (isReactNative()) {
@@ -27025,7 +27025,7 @@ var require_utils3 = __commonJS({
     exports2.decorateDecryptionResult = decorateDecryptionResult;
     exports2.addAbortListener = addAbortListener;
     exports2.abortable = abortable;
-    var crypto9 = __require("crypto");
+    var crypto8 = __require("crypto");
     var fs_1 = __require("fs");
     var http2 = __require("http");
     var process2 = __require("process");
@@ -27185,7 +27185,7 @@ var require_utils3 = __commonJS({
       }
     }
     function uuidV4() {
-      const result = crypto9.randomBytes(16);
+      const result = crypto8.randomBytes(16);
       result[6] = result[6] & 15 | 64;
       result[8] = result[8] & 63 | 128;
       return result;
@@ -27737,7 +27737,7 @@ var require_utils3 = __commonJS({
     }
     var randomBytes = (size) => {
       return new Promise((resolve, reject) => {
-        crypto9.randomBytes(size, (error2, buf) => {
+        crypto8.randomBytes(size, (error2, buf) => {
           if (error2)
             return reject(error2);
           resolve(buf);
@@ -39490,12 +39490,12 @@ var init_date_utils = __esm({
 });
 
 // ../../node_modules/@smithy/uuid/dist-es/randomUUID.js
-import crypto4 from "crypto";
+import crypto3 from "crypto";
 var randomUUID;
 var init_randomUUID = __esm({
   "../../node_modules/@smithy/uuid/dist-es/randomUUID.js"() {
     "use strict";
-    randomUUID = crypto4.randomUUID.bind(crypto4);
+    randomUUID = crypto3.randomUUID.bind(crypto3);
   }
 });
 
@@ -61429,10 +61429,10 @@ var require_retry = __commonJS({
 });
 
 // ../../node_modules/gaxios/node_modules/uuid/dist/esm-node/rng.js
-import crypto5 from "crypto";
+import crypto4 from "crypto";
 function rng() {
   if (poolPtr > rnds8Pool.length - 16) {
-    crypto5.randomFillSync(rnds8Pool);
+    crypto4.randomFillSync(rnds8Pool);
     poolPtr = 0;
   }
   return rnds8Pool.slice(poolPtr, poolPtr += 16);
@@ -61643,14 +61643,14 @@ var init_v35 = __esm({
 });
 
 // ../../node_modules/gaxios/node_modules/uuid/dist/esm-node/md5.js
-import crypto6 from "crypto";
+import crypto5 from "crypto";
 function md5(bytes) {
   if (Array.isArray(bytes)) {
     bytes = Buffer.from(bytes);
   } else if (typeof bytes === "string") {
     bytes = Buffer.from(bytes, "utf8");
   }
-  return crypto6.createHash("md5").update(bytes).digest();
+  return crypto5.createHash("md5").update(bytes).digest();
 }
 var md5_default;
 var init_md5 = __esm({
@@ -61673,13 +61673,13 @@ var init_v3 = __esm({
 });
 
 // ../../node_modules/gaxios/node_modules/uuid/dist/esm-node/native.js
-import crypto7 from "crypto";
+import crypto6 from "crypto";
 var native_default;
 var init_native = __esm({
   "../../node_modules/gaxios/node_modules/uuid/dist/esm-node/native.js"() {
     "use strict";
     native_default = {
-      randomUUID: crypto7.randomUUID
+      randomUUID: crypto6.randomUUID
     };
   }
 });
@@ -61714,14 +61714,14 @@ var init_v42 = __esm({
 });
 
 // ../../node_modules/gaxios/node_modules/uuid/dist/esm-node/sha1.js
-import crypto8 from "crypto";
+import crypto7 from "crypto";
 function sha1(bytes) {
   if (Array.isArray(bytes)) {
     bytes = Buffer.from(bytes);
   } else if (typeof bytes === "string") {
     bytes = Buffer.from(bytes, "utf8");
   }
-  return crypto8.createHash("sha1").update(bytes).digest();
+  return crypto7.createHash("sha1").update(bytes).digest();
 }
 var sha1_default;
 var init_sha1 = __esm({
@@ -82405,7 +82405,7 @@ var require_scram = __commonJS({
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.ScramSHA256 = exports2.ScramSHA1 = void 0;
     var saslprep_1 = require_node2();
-    var crypto9 = __require("crypto");
+    var crypto8 = __require("crypto");
     var bson_1 = require_bson2();
     var error_1 = require_error();
     var utils_1 = require_utils3();
@@ -82558,9 +82558,9 @@ var require_scram = __commonJS({
       }
       let md52;
       try {
-        md52 = crypto9.createHash("md5");
+        md52 = crypto8.createHash("md5");
       } catch (err) {
-        if (crypto9.getFips()) {
+        if (crypto8.getFips()) {
           throw new Error("Auth mechanism SCRAM-SHA-1 is not supported in FIPS mode");
         }
         throw err;
@@ -82583,10 +82583,10 @@ var require_scram = __commonJS({
       return Buffer.from(res).toString("base64");
     }
     function H2(method, text) {
-      return crypto9.createHash(method).update(text).digest();
+      return crypto8.createHash(method).update(text).digest();
     }
     function HMAC(method, key, text) {
-      return crypto9.createHmac(method, key).update(text).digest();
+      return crypto8.createHmac(method, key).update(text).digest();
     }
     var _hiCache = {};
     var _hiCacheCount = 0;
@@ -82603,7 +82603,7 @@ var require_scram = __commonJS({
       if (_hiCache[key] != null) {
         return _hiCache[key];
       }
-      const saltedData = crypto9.pbkdf2Sync(data, salt, iterations, hiLengthMap[cryptoMethod], cryptoMethod);
+      const saltedData = crypto8.pbkdf2Sync(data, salt, iterations, hiLengthMap[cryptoMethod], cryptoMethod);
       if (_hiCacheCount >= 200) {
         _hiCachePurge();
       }
@@ -82615,8 +82615,8 @@ var require_scram = __commonJS({
       if (lhs.length !== rhs.length) {
         return false;
       }
-      if (typeof crypto9.timingSafeEqual === "function") {
-        return crypto9.timingSafeEqual(lhs, rhs);
+      if (typeof crypto8.timingSafeEqual === "function") {
+        return crypto8.timingSafeEqual(lhs, rhs);
       }
       let result = 0;
       for (let i6 = 0; i6 < lhs.length; i6++) {
@@ -91267,8 +91267,7 @@ const realtime = await ga.runRealtimeReport({
   }
 });
 
-// ../connectors/src/connectors/google-calendar/tools/list-calendars.ts
-import * as crypto3 from "crypto";
+// ../connectors/src/connectors/google-calendar/tools/request.ts
 import { z as z21 } from "zod";
 
 // ../connectors/src/connectors/google-calendar/parameters.ts
@@ -91276,121 +91275,54 @@ var parameters14 = {
   serviceAccountKeyJsonBase64: new ParameterDefinition({
     slug: "service-account-key-json-base64",
     name: "Google Cloud Service Account JSON",
-    description: "The service account JSON key used to authenticate with Google Cloud Platform. Ensure that the service account has the necessary permissions to access Google Calendar, and that calendars are shared with the service account email.",
+    description: "The service account JSON key. Used for both Domain-wide Delegation (impersonating a Workspace user) and direct service-account access (calendars explicitly shared with the SA email). The authentication path is selected per call by the tool used.",
     envVarBaseKey: "GOOGLE_CALENDAR_SERVICE_ACCOUNT_JSON_BASE64",
     type: "base64EncodedJson",
     secret: true,
     required: true
   })
 };
-var impersonateEmailParameter = new ParameterDefinition({
-  slug: "impersonate-email",
-  name: "User Email Address(es)",
-  description: "The email address(es) of the Google Workspace user(s) whose calendar is accessed via Domain-wide Delegation. Collected during the setup flow.",
-  envVarBaseKey: "GOOGLE_CALENDAR_IMPERSONATE_EMAIL",
-  type: "text",
-  secret: false,
-  required: false
-});
-var calendarIdParameter = new ParameterDefinition({
-  slug: "calendar-id",
-  name: "Default Calendar ID",
-  description: "The default Google Calendar ID to use (e.g., 'primary' or an email address like 'user@example.com'). If not set, 'primary' is used.",
-  envVarBaseKey: "GOOGLE_CALENDAR_CALENDAR_ID",
-  type: "text",
-  secret: false,
-  required: false
-});
-
-// ../connectors/src/connectors/google-calendar/tools/list-calendars.ts
-var TOKEN_URL = "https://oauth2.googleapis.com/token";
+
+// ../connectors/src/connectors/google-calendar/tools/request.ts
 var BASE_URL6 = "https://www.googleapis.com/calendar/v3";
-var SCOPE = "https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/calendar.events.readonly";
 var REQUEST_TIMEOUT_MS11 = 6e4;
-function base64url(input) {
-  const buf = typeof input === "string" ? Buffer.from(input) : input;
-  return buf.toString("base64url");
-}
-function buildJwt(clientEmail, privateKey, nowSec, subject) {
-  const header = base64url(JSON.stringify({ alg: "RS256", typ: "JWT" }));
-  const payload = base64url(
-    JSON.stringify({
-      iss: clientEmail,
-      sub: subject,
-      scope: SCOPE,
-      aud: TOKEN_URL,
-      iat: nowSec,
-      exp: nowSec + 3600
-    })
-  );
-  const signingInput = `${header}.${payload}`;
-  const sign2 = crypto3.createSign("RSA-SHA256");
-  sign2.update(signingInput);
-  sign2.end();
-  const signature = base64url(sign2.sign(privateKey));
-  return `${signingInput}.${signature}`;
-}
-async function getAccessToken(serviceAccount, subject) {
-  const nowSec = Math.floor(Date.now() / 1e3);
-  const jwt = buildJwt(
-    serviceAccount.client_email,
-    serviceAccount.private_key,
-    nowSec,
-    subject
-  );
-  const response = await fetch(TOKEN_URL, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
-      assertion: jwt
-    })
-  });
-  if (!response.ok) {
-    const text = await response.text();
-    throw new Error(
-      `token exchange failed for ${subject} (${response.status}): ${text}`
-    );
-  }
-  const data = await response.json();
-  return data.access_token;
+function decodeServiceAccount(keyJsonBase64) {
+  const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
+  return JSON.parse(decoded);
 }
 var inputSchema21 = z21.object({
   toolUseIntent: z21.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
   ),
-  connectionId: z21.string().describe("ID of the Google Calendar connection to use")
+  connectionId: z21.string().describe("ID of the Google Calendar connection to use"),
+  method: z21.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]).describe("HTTP method"),
+  path: z21.string().describe(
+    "API path appended to https://www.googleapis.com/calendar/v3 (e.g., '/users/me/calendarList', '/calendars/team@example.com/events'). Write the calendar ID directly into the path \u2014 there is no placeholder substitution."
+  ),
+  scopes: z21.array(z21.string()).describe(
+    "OAuth scopes the token must include. This connector currently supports read-only operations only \u2014 pass one of ['https://www.googleapis.com/auth/calendar.readonly'] (calendars + events read), ['https://www.googleapis.com/auth/calendar.events.readonly'] (events read only), or ['https://www.googleapis.com/auth/calendar.freebusy'] (busy/free queries only). Per-endpoint scope reference: https://developers.google.com/calendar/api/auth"
+  ),
+  queryParams: z21.record(z21.string(), z21.string()).optional().describe("Query parameters to append to the URL"),
+  body: z21.record(z21.string(), z21.unknown()).optional().describe("JSON request body for POST/PUT/PATCH")
 });
 var outputSchema21 = z21.discriminatedUnion("success", [
   z21.object({
     success: z21.literal(true),
-    calendars: z21.array(
-      z21.object({
-        impersonateEmail: z21.string(),
-        id: z21.string(),
-        summary: z21.string(),
-        primary: z21.boolean().optional(),
-        accessRole: z21.string()
-      })
-    ),
-    errors: z21.array(
-      z21.object({
-        impersonateEmail: z21.string(),
-        error: z21.string()
-      })
-    )
+    status: z21.number(),
+    data: z21.record(z21.string(), z21.unknown())
   }),
   z21.object({
     success: z21.literal(false),
-    error: z21.string()
+    error: z21.string(),
+    serviceAccountEmail: z21.string().optional()
   })
 ]);
-var listCalendarsTool = new ConnectorTool({
-  name: "listCalendars",
-  description: "List Google Calendars accessible via Domain-wide Delegation by impersonating the Google Workspace user(s) configured on the connection's `impersonate-email` parameter (comma-separated list supported). Use during setup to aggregate calendars across the configured emails.",
+var requestTool5 = new ConnectorTool({
+  name: "request",
+  description: "Call the Google Calendar API as the service account itself (no delegation). Read-only operations only. Only calendars explicitly shared with the service account email are accessible. Pass `scopes` as a read-only Calendar scope (e.g., ['https://www.googleapis.com/auth/calendar.readonly']). Use this tool when the project knowledge records the calendar with `(service-account, ...)` (no `subject`).",
   inputSchema: inputSchema21,
   outputSchema: outputSchema21,
-  async execute({ connectionId }, connections) {
+  async execute({ connectionId, method, path: path6, scopes, queryParams, body }, connections) {
     const connection2 = connections.find((c6) => c6.id === connectionId);
     if (!connection2) {
       return {
@@ -91398,144 +91330,89 @@ var listCalendarsTool = new ConnectorTool({
         error: `Connection ${connectionId} not found`
       };
     }
-    const impersonateEmailRaw = impersonateEmailParameter.getValue(connection2);
-    const emails = impersonateEmailRaw.split(",").map((e6) => e6.trim()).filter((e6) => e6.length > 0);
-    if (emails.length === 0) {
-      return {
-        success: false,
-        error: "impersonate-email parameter is empty"
-      };
-    }
-    console.log(
-      `[connector-request] google-calendar/${connection2.name}: listCalendars for ${emails.join(",")}`
-    );
+    const keyJsonBase64 = parameters14.serviceAccountKeyJsonBase64.getValue(connection2);
     let serviceAccount;
     try {
-      const keyJsonBase64 = parameters14.serviceAccountKeyJsonBase64.getValue(connection2);
-      const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
-      serviceAccount = JSON.parse(decoded);
+      serviceAccount = decodeServiceAccount(keyJsonBase64);
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       return {
         success: false,
-        error: `failed to decode service account key: ${msg}`
+        error: `Failed to decode service account key: ${msg}`
       };
     }
-    if (!serviceAccount.client_email || !serviceAccount.private_key) {
-      return {
-        success: false,
-        error: "service account key JSON must contain client_email and private_key"
-      };
-    }
-    const aggregated = [];
-    const errors2 = [];
-    for (const email of emails) {
+    const serviceAccountEmail = serviceAccount.client_email;
+    console.log(
+      `[connector-request] google-calendar/${connection2.name}: ${method} ${path6} (service account)`
+    );
+    try {
+      const { GoogleAuth } = await import("google-auth-library");
+      const auth = new GoogleAuth({
+        credentials: {
+          client_email: serviceAccount.client_email,
+          private_key: serviceAccount.private_key
+        },
+        scopes
+      });
+      const token = await auth.getAccessToken();
+      if (!token) {
+        return {
+          success: false,
+          error: "Failed to obtain access token",
+          serviceAccountEmail
+        };
+      }
+      let url = `${BASE_URL6}${path6.startsWith("/") ? "" : "/"}${path6}`;
+      if (queryParams) {
+        const searchParams = new URLSearchParams(queryParams);
+        url += `?${searchParams.toString()}`;
+      }
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS11);
       try {
-        const token = await getAccessToken(serviceAccount, email);
-        const response = await fetch(`${BASE_URL6}/users/me/calendarList`, {
-          method: "GET",
-          headers: { Authorization: `Bearer ${token}` },
+        const hasBody = body != null && ["POST", "PUT", "PATCH"].includes(method);
+        const response = await fetch(url, {
+          method,
+          headers: {
+            Authorization: `Bearer ${token}`,
+            "Content-Type": "application/json"
+          },
+          body: hasBody ? JSON.stringify(body) : void 0,
           signal: controller.signal
         });
-        const data = await response.json();
+        const data = await response.json().catch(() => ({}));
         if (!response.ok) {
           const errorObj = data?.error;
-          errors2.push({
-            impersonateEmail: email,
-            error: errorObj?.message ?? `HTTP ${response.status} ${response.statusText}`
-          });
-          continue;
-        }
-        const items = data.items ?? [];
-        for (const c6 of items) {
-          aggregated.push({
-            impersonateEmail: email,
-            id: c6.id,
-            summary: c6.summary,
-            primary: c6.primary,
-            accessRole: c6.accessRole
-          });
+          const errorMessage = errorObj?.message ?? (typeof data?.message === "string" ? data.message : `HTTP ${response.status} ${response.statusText}`);
+          return {
+            success: false,
+            error: errorMessage,
+            serviceAccountEmail
+          };
         }
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        errors2.push({ impersonateEmail: email, error: msg });
+        return { success: true, status: response.status, data };
       } finally {
         clearTimeout(timeout);
       }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: msg,
+        serviceAccountEmail
+      };
     }
-    return {
-      success: true,
-      calendars: aggregated,
-      errors: errors2
-    };
-  }
-});
-
-// ../connectors/src/connectors/google-calendar/setup.ts
-var listCalendarsToolName = `google-calendar-service-account_${listCalendarsTool.name}`;
-var googleCalendarOnboarding = new ConnectorOnboarding({
-  connectionSetupInstructions: {
-    ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Calendar\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002\u63A5\u7D9A\u4F5C\u6210\u6642\u306B\u306F\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8JSON\u306E\u307F\u304C\u8A2D\u5B9A\u6E08\u307F\u3067\u3001\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3084\u30AB\u30EC\u30F3\u30C0\u30FCID\u306F\u3053\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u53D6\u5F97\u3057\u307E\u3059\u3002
-
-1. \`askUserQuestion\` \u3067\u30E6\u30FC\u30B6\u30FC\u306B\u3001\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u304CDomain-wide Delegation\u3067\u4EE3\u7406\u30A2\u30AF\u30BB\u30B9\u3059\u308BGoogle Workspace\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u30D2\u30A2\u30EA\u30F3\u30B0\u3059\u308B:
-   - \`type\`: \`"freeText"\`
-   - \`question\`: \u300C\u30A2\u30AF\u30BB\u30B9\u3057\u305F\u3044\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u6301\u3064\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u3042\u308B\u5834\u5408\u306F\u30AB\u30F3\u30DE\u533A\u5207\u308A\u3067\u5165\u529B\u53EF\uFF09\u300D
-   - \`placeholder\`: \`"user@example.com, admin@example.com"\`
-2. \u30E6\u30FC\u30B6\u30FC\u304B\u3089\u53D7\u3051\u53D6\u3063\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\uFF08\u30AB\u30F3\u30DE\u533A\u5207\u308A\u5BFE\u5FDC\uFF09\u3092 \`updateConnectionParameters\` \u3067\u4FDD\u5B58\u3059\u308B:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <\u5165\u529B\u3055\u308C\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u6587\u5B57\u5217>, label: <\u540C\u3058\u5024> }]\`\uFF081\u4EF6\u306E\u307F\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u81EA\u52D5\u9078\u629E\u3055\u308C\u308B\uFF09
-3. \`${listCalendarsToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3001\u4FDD\u5B58\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B\u3002
-   - \`errors\` \u306B\u30A8\u30E9\u30FC\u304C\u3042\u308A \`calendars\` \u304C\u7A7A\u306E\u5834\u5408\uFF08\u3059\u3079\u3066\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3067\u5931\u6557\uFF09\u3001\u5165\u529B\u3055\u308C\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u304C\u5B58\u5728\u3057\u306A\u3044\u53EF\u80FD\u6027\u304C\u3042\u308B\u3002\`askUserQuestion\` \u3067\u300C{\u5165\u529B\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9} \u306E\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u30A2\u30AF\u30BB\u30B9\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u30A2\u30C9\u30EC\u30B9\u306B\u8AA4\u308A\u304C\u3042\u308B\u53EF\u80FD\u6027\u304C\u3042\u308A\u307E\u3059\u3002\u4F3C\u305F\u30A2\u30C9\u30EC\u30B9\u3067\u306F\u3042\u308A\u307E\u305B\u3093\u304B\uFF1F\u300D\u3068\u805E\u304D\u8FD4\u3057\u3001\u30B9\u30C6\u30C3\u30D72\u304B\u3089\u518D\u5EA6\u5B9F\u884C\u3059\u308B
-4. \u8FD4\u5374\u3055\u308C\u305F \`calendars\` \u914D\u5217\uFF08\u5404\u8981\u7D20: \`{ impersonateEmail, id, summary, primary, accessRole }\`\uFF09\u3092\u5143\u306B\u300C\u4F7F\u7528\u3059\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u9078\u629E\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u300D\u3068\u77ED\u304F\u4F1D\u3048\u305F\u4E0A\u3067\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
-   - \`parameterSlug\`: \`"calendar-id"\`
-   - \`options\`: \u5404 option \u306E \`label\` \u306F \`\u30AB\u30EC\u30F3\u30C0\u30FC\u540D (owner: impersonateEmail)\` \u306E\u5F62\u5F0F\u3001\`value\` \u306F\u30AB\u30EC\u30F3\u30C0\u30FCID
-   - \`errors\` \u306B\u5931\u6557\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u304C\u3042\u308B\u5834\u5408\u306F\u3001\u305D\u306E\u65E8\u3092\u77ED\u304F\u4F1D\u3048\u308B
-5. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F\u30AB\u30EC\u30F3\u30C0\u30FC\u306E \`label\` \u304B\u3089 owner \u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u62BD\u51FA\u3057\u3001\`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3057\u3066 \`impersonate-email\` \u3092\u6700\u7D42\u5024\u3067\u4E0A\u66F8\u304D\u3059\u308B:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <ownerEmail>, label: <ownerEmail> }]\`
-
-#### \u5236\u7D04
-- **\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30C9\u30E1\u30A4\u30F3\u5168\u4F53\u306E\u59D4\u4EFB\u8A2D\u5B9A\u304C\u5FC5\u8981\u3067\u3059**\u3002\`${listCalendarsToolName}\` \u306E \`errors\` \u306B\u6A29\u9650\u30A8\u30E9\u30FC\u304C\u51FA\u308B\u5834\u5408\u3001Google Workspace\u7BA1\u7406\u8005\u306BDomain-wide Delegation\u306E\u8A2D\u5B9A\u78BA\u8A8D\u3092\u4FC3\u3057\u3066\u304F\u3060\u3055\u3044
-- \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
-    en: `Follow these steps to set up the Google Calendar connection. Only the service account JSON is provided at connection creation time \u2014 the target user email and calendar ID are collected during this setup flow.
-
-1. Call \`askUserQuestion\` to ask the user for the Google Workspace user email the service account will impersonate via Domain-wide Delegation:
-   - \`type\`: \`"freeText"\`
-   - \`question\`: "Please enter the email address of the user whose calendar you want to access (comma-separated list allowed for multiple users)"
-   - \`placeholder\`: \`"user@example.com, admin@example.com"\`
-2. Save the email(s) the user provided (comma-separated supported) via \`updateConnectionParameters\`:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <the email string entered>, label: <same value> }]\` (a single option is auto-selected)
-3. Call \`${listCalendarsToolName}\` to list calendars accessible via the saved email(s).
-   - If \`errors\` is non-empty and \`calendars\` is empty (all emails failed), the entered address may not exist. Use \`askUserQuestion\` to ask: "Could not access the calendar for {entered email}. The address may be incorrect \u2014 did you mean a similar address?" Then re-run from step 2 with the new input
-4. Using the returned \`calendars\` array (each item: \`{ impersonateEmail, id, summary, primary, accessRole }\`), briefly say "Please select a calendar." then call \`updateConnectionParameters\`:
-   - \`parameterSlug\`: \`"calendar-id"\`
-   - \`options\`: Each option's \`label\` should be \`Calendar Name (owner: impersonateEmail)\`, \`value\` should be the calendar ID
-   - If \`errors\` contains failing email addresses, briefly mention them
-5. Extract the owner email from the \`label\` of the user's selected calendar, then call \`updateConnectionParameters\` to overwrite \`impersonate-email\` with the final value:
-   - \`parameterSlug\`: \`"impersonate-email"\`
-   - \`options\`: \`[{ value: <ownerEmail>, label: <ownerEmail> }]\`
-
-#### Constraints
-- **Domain-wide Delegation must be configured on the service account**. If \`${listCalendarsToolName}\` returns permission errors in the \`errors\` field, ask the user to verify the Domain-wide Delegation setup with their Google Workspace administrator
-- Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently`
-  },
-  dataOverviewInstructions: {
-    en: `1. Call google-calendar-service-account_request with GET /calendars/{calendarId} to get the default calendar's metadata
-2. Call google-calendar-service-account_request with GET /users/me/calendarList to list all accessible calendars
-3. Call google-calendar-service-account_request with GET /calendars/{calendarId}/events with query params timeMin (RFC3339) and maxResults=10 to sample upcoming events`,
-    ja: `1. google-calendar-service-account_request \u3067 GET /calendars/{calendarId} \u3092\u547C\u3073\u51FA\u3057\u3001\u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97
-2. google-calendar-service-account_request \u3067 GET /users/me/calendarList \u3092\u547C\u3073\u51FA\u3057\u3001\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7\u3092\u53D6\u5F97
-3. google-calendar-service-account_request \u3067 GET /calendars/{calendarId}/events \u3092\u30AF\u30A8\u30EA\u30D1\u30E9\u30E1\u30FC\u30BF timeMin\uFF08RFC3339\u5F62\u5F0F\uFF09\u3068 maxResults=10 \u3067\u547C\u3073\u51FA\u3057\u3001\u76F4\u8FD1\u306E\u30A4\u30D9\u30F3\u30C8\u3092\u30B5\u30F3\u30D7\u30EA\u30F3\u30B0`
   }
 });
 
-// ../connectors/src/connectors/google-calendar/tools/request.ts
+// ../connectors/src/connectors/google-calendar/tools/request-with-delegation.ts
 import { z as z22 } from "zod";
 var BASE_URL7 = "https://www.googleapis.com/calendar/v3";
 var REQUEST_TIMEOUT_MS12 = 6e4;
+function decodeServiceAccount2(keyJsonBase64) {
+  const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
+  return JSON.parse(decoded);
+}
 var inputSchema22 = z22.object({
   toolUseIntent: z22.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
@@ -91543,13 +91420,18 @@ var inputSchema22 = z22.object({
   connectionId: z22.string().describe("ID of the Google Calendar connection to use"),
   method: z22.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]).describe("HTTP method"),
   path: z22.string().describe(
-    "API path appended to https://www.googleapis.com/calendar/v3 (e.g., '/calendars/{calendarId}/events'). {calendarId} is automatically replaced."
+    "API path appended to https://www.googleapis.com/calendar/v3 (e.g., '/users/me/calendarList', '/calendars/alice@example.com/events'). Write the calendar ID directly into the path \u2014 there is no placeholder substitution."
   ),
-  queryParams: z22.record(z22.string(), z22.string()).optional().describe("Query parameters to append to the URL"),
-  body: z22.record(z22.string(), z22.unknown()).optional().describe("Request body (JSON) for POST/PUT/PATCH methods"),
-  subject: z22.string().optional().describe(
-    "Override the email address of the user to impersonate via Domain-wide Delegation. If omitted, the connection's configured user email is used."
-  )
+  subject: z22.string().describe(
+    "Email of the Workspace user to impersonate via Domain-wide Delegation. The token will be issued as this user."
+  ),
+  scopes: z22.array(z22.string()).describe(
+    "OAuth scopes the token must include. This connector currently supports read-only operations only \u2014 pass one of ['https://www.googleapis.com/auth/calendar.readonly'] (calendars + events read), ['https://www.googleapis.com/auth/calendar.events.readonly'] (events read only), or ['https://www.googleapis.com/auth/calendar.freebusy'] (busy/free queries only). Per-endpoint scope reference: https://developers.google.com/calendar/api/auth"
+  ),
+  queryParams: z22.record(z22.string(), z22.string()).optional().describe(
+    "Query parameters to append to the URL (e.g., { timeMin: '2025-01-01T00:00:00Z', maxResults: '10' })"
+  ),
+  body: z22.record(z22.string(), z22.unknown()).optional().describe("JSON request body for POST/PUT/PATCH")
 });
 var outputSchema22 = z22.discriminatedUnion("success", [
   z22.object({
@@ -91559,17 +91441,16 @@ var outputSchema22 = z22.discriminatedUnion("success", [
   }),
   z22.object({
     success: z22.literal(false),
-    error: z22.string()
+    error: z22.string(),
+    serviceAccountEmail: z22.string().optional()
   })
 ]);
-var requestTool5 = new ConnectorTool({
-  name: "request",
-  description: `Send authenticated requests to the Google Calendar API v3.
-Authentication is handled automatically using a service account.
-{calendarId} in the path is automatically replaced with the connection's default calendar ID.`,
+var requestWithDelegationTool = new ConnectorTool({
+  name: "request_with_delegation",
+  description: "Call the Google Calendar API on behalf of the specified Workspace user via Domain-wide Delegation. Read-only operations only. Pass `subject` as the target user email and `scopes` as a read-only Calendar scope (e.g., ['https://www.googleapis.com/auth/calendar.readonly']). Use this tool when the project knowledge records the calendar with `(delegation, subject: <email>, ...)`. Requires DwD to be authorized for the service account in the Workspace admin console.",
   inputSchema: inputSchema22,
   outputSchema: outputSchema22,
-  async execute({ connectionId, method, path: path6, queryParams, body, subject }, connections) {
+  async execute({ connectionId, method, path: path6, subject, scopes, queryParams, body }, connections) {
     const connection2 = connections.find((c6) => c6.id === connectionId);
     if (!connection2) {
       return {
@@ -91577,41 +91458,40 @@ Authentication is handled automatically using a service account.
         error: `Connection ${connectionId} not found`
       };
     }
+    const keyJsonBase64 = parameters14.serviceAccountKeyJsonBase64.getValue(connection2);
+    let serviceAccount;
+    try {
+      serviceAccount = decodeServiceAccount2(keyJsonBase64);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: `Failed to decode service account key: ${msg}`
+      };
+    }
+    const serviceAccountEmail = serviceAccount.client_email;
     console.log(
-      `[connector-request] google-calendar/${connection2.name}: ${method} ${path6}`
+      `[connector-request] google-calendar/${connection2.name}: ${method} ${path6} subject=${subject}`
     );
     try {
       const { GoogleAuth } = await import("google-auth-library");
-      const keyJsonBase64 = parameters14.serviceAccountKeyJsonBase64.getValue(connection2);
-      const impersonateEmail = impersonateEmailParameter.tryGetValue(connection2);
-      const calendarId = calendarIdParameter.tryGetValue(connection2) ?? "primary";
-      const resolvedSubject = subject ?? impersonateEmail;
-      if (!resolvedSubject) {
-        return {
-          success: false,
-          error: `Missing required parameter: ${impersonateEmailParameter.slug}. Configure the user email for this connection.`
-        };
-      }
-      const credentials = JSON.parse(
-        Buffer.from(keyJsonBase64, "base64").toString("utf-8")
-      );
       const auth = new GoogleAuth({
-        credentials,
-        scopes: [
-          "https://www.googleapis.com/auth/calendar.readonly",
-          "https://www.googleapis.com/auth/calendar.events.readonly"
-        ],
-        clientOptions: { subject: resolvedSubject }
+        credentials: {
+          client_email: serviceAccount.client_email,
+          private_key: serviceAccount.private_key
+        },
+        scopes,
+        clientOptions: { subject }
       });
       const token = await auth.getAccessToken();
       if (!token) {
         return {
           success: false,
-          error: "Failed to obtain access token"
+          error: "Failed to obtain access token",
+          serviceAccountEmail
         };
       }
-      const resolvedPath = path6.replace(/\{calendarId\}/g, calendarId);
-      let url = `${BASE_URL7}${resolvedPath.startsWith("/") ? "" : "/"}${resolvedPath}`;
+      let url = `${BASE_URL7}${path6.startsWith("/") ? "" : "/"}${path6}`;
       if (queryParams) {
         const searchParams = new URLSearchParams(queryParams);
         url += `?${searchParams.toString()}`;
@@ -91619,28 +91499,24 @@ Authentication is handled automatically using a service account.
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS12);
       try {
+        const hasBody = body != null && ["POST", "PUT", "PATCH"].includes(method);
         const response = await fetch(url, {
           method,
           headers: {
             Authorization: `Bearer ${token}`,
             "Content-Type": "application/json"
           },
-          body: body && ["POST", "PUT", "PATCH"].includes(method) ? JSON.stringify(body) : void 0,
+          body: hasBody ? JSON.stringify(body) : void 0,
           signal: controller.signal
         });
-        if (method === "DELETE" && response.status === 204) {
-          return {
-            success: true,
-            status: 204,
-            data: { message: "Deleted successfully" }
-          };
-        }
-        const data = await response.json();
+        const data = await response.json().catch(() => ({}));
         if (!response.ok) {
           const errorObj = data?.error;
+          const errorMessage = errorObj?.message ?? (typeof data?.message === "string" ? data.message : `HTTP ${response.status} ${response.statusText}`);
           return {
             success: false,
-            error: errorObj?.message ?? `HTTP ${response.status} ${response.statusText}`
+            error: errorMessage,
+            serviceAccountEmail
           };
         }
         return { success: true, status: response.status, data };
@@ -91649,13 +91525,121 @@ Authentication is handled automatically using a service account.
       }
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
-      return { success: false, error: msg };
+      return {
+        success: false,
+        error: msg,
+        serviceAccountEmail
+      };
     }
   }
 });
 
+// ../connectors/src/connectors/google-calendar/setup.ts
+var requestToolName = `google-calendar-service-account_${requestTool5.name}`;
+var requestWithDelegationToolName = `google-calendar-service-account_${requestWithDelegationTool.name}`;
+var READONLY_SCOPES = '["https://www.googleapis.com/auth/calendar.readonly"]';
+var googleCalendarOnboarding = new ConnectorOnboarding({
+  connectionSetupInstructions: {
+    ja: `Google Calendar \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3044\u307E\u3059\u3002\u30A2\u30AF\u30BB\u30B9\u3057\u305F\u3044\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u30E6\u30FC\u30B6\u30FC\u304B\u3089\u805E\u304D\u3001\u5229\u7528\u53EF\u80FD\u306A\u3082\u306E\u3092\u767A\u898B\u3057\u3066 Project Knowledge \u306B\u8A18\u9332\u3057\u307E\u3059\u3002
+
+1. \`askUserQuestion\` \u3067\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u805E\u304F:
+   - \`type\`: \`"freeText"\`
+   - \`question\`: \u300C\u30A2\u30AF\u30BB\u30B9\u3057\u305F\u3044\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u6240\u6709\u8005\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u53EF\u3001\u30AB\u30F3\u30DE\u533A\u5207\u308A\uFF09\u300D
+   - \`placeholder\`: \`"alice@example.com, bob@example.com"\`
+
+2. \u30E6\u30FC\u30B6\u30FC\u304B\u3089\u53D7\u3051\u53D6\u3063\u305F\u6587\u5B57\u5217\u304B\u3089\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u62BD\u51FA\u3059\u308B\u3002\u4E26\u884C\u3057\u3066\u4E21\u65B9\u306E\u30C4\u30FC\u30EB\u3067\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u767A\u898B\u3059\u308B:
+   a. \`${requestToolName}\` \u3092\u4EE5\u4E0B\u306E\u5F15\u6570\u3067\u547C\u3073\u3001Service Account \u81EA\u8EAB\u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u53D6\u5F97\u3059\u308B\u3002\`success: false\` \u306A\u3089\u305D\u306E\u65E8\u8A18\u9332\u3057\u3066\u6B21\u3078:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+   b. \u5404\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9 \`<email>\` \u306B\u3064\u3044\u3066 \`${requestWithDelegationToolName}\` \u3092\u4EE5\u4E0B\u306E\u5F15\u6570\u3067\u547C\u3073\u3001\u305D\u306E\u30E6\u30FC\u30B6\u30FC\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u53D6\u5F97\u3059\u308B:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`subject\`: \`<email>\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+
+3. \u30B9\u30C6\u30C3\u30D7 2 \u306E\u767A\u898B\u7D50\u679C (a \u3068 b \u306E\u5168\u30AB\u30EC\u30F3\u30C0\u30FC) \u3092\u7D71\u5408\u3057\u3001\`askUserQuestion\` \u3067\u30AB\u30EC\u30F3\u30C0\u30FC\u9078\u629E\u3092\u6C42\u3081\u308B:
+   - 1 \u4EF6\u3082\u898B\u3064\u304B\u3089\u306A\u304B\u3063\u305F\u5834\u5408: \u5931\u6557\u3057\u305F\u30C4\u30FC\u30EB\u306E\u30A8\u30E9\u30FC\u30EC\u30B9\u30DD\u30F3\u30B9\u304B\u3089 \`serviceAccountEmail\` \u3092\u53D6\u308A\u51FA\u3057\u3001\`askUserQuestion\` \u3067\u6B21\u306E\u9078\u629E\u80A2\u3092\u63D0\u793A\u3059\u308B\u3002\`question\` \u306B\u306F\u6B21\u306E\u6848\u5185\u6587\u3092\u542B\u3081\u308B: \u300C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u304C\u898B\u3064\u304B\u308A\u307E\u305B\u3093\u3067\u3057\u305F\u3002\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8 \`<serviceAccountEmail>\` \u3067\u6B21\u306E\u3044\u305A\u308C\u304B\u3092\u884C\u3063\u3066\u304B\u3089\u7D9A\u884C\u3057\u3066\u304F\u3060\u3055\u3044: (1) Workspace \u7BA1\u7406\u8005\u306B Domain-wide Delegation \u306E\u8A2D\u5B9A\u3092\u4F9D\u983C\u3059\u308B\uFF08[\u8A2D\u5B9A\u30AC\u30A4\u30C9](https://support.google.com/a/answer/162106)\uFF09\u3001(2) \u5BFE\u8C61\u30AB\u30EC\u30F3\u30C0\u30FC\u3092 \`<serviceAccountEmail>\` \u306B\u5171\u6709\u8A2D\u5B9A\u3067\u62DB\u5F85\u3059\u308B\uFF08[\u5171\u6709\u624B\u9806](https://support.google.com/calendar/answer/37082)\uFF09\u300D\u3002
+     - \`options\`: \`[{ label: "\u6E96\u5099\u3067\u304D\u305F\u306E\u3067\u30EA\u30C8\u30E9\u30A4", value: "retry" }, { label: "\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u76F4\u3059", value: "restart" }]\`
+     - \u300C\u30EA\u30C8\u30E9\u30A4\u300D: \u76F4\u524D\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u30EA\u30B9\u30C8\u3067\u30B9\u30C6\u30C3\u30D7 2 \u3092\u518D\u5B9F\u884C
+     - \u300C\u5165\u529B\u3057\u76F4\u3059\u300D: \u30B9\u30C6\u30C3\u30D7 1 \u304B\u3089\u518D\u5B9F\u884C
+   - \u5931\u6557\u304C\u3042\u3063\u305F\u5834\u5408: \u305D\u306E\u65E8\u3092 1 \u6587\u3067\u4F1D\u3048\u3066\u304B\u3089\u6B21\u306B\u9032\u3080
+   - \u30AB\u30EC\u30F3\u30C0\u30FC\u9078\u629E:
+     - \`type\`: \`"multiSelect"\`
+     - \`question\`: \u300C\u4F7F\u7528\u3059\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u9078\u629E\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u53EF\uFF09\u300D
+     - \`options\`: \u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u3064\u3044\u3066 \`label\`: \`"<\u30AB\u30EC\u30F3\u30C0\u30FC\u540D> (\u30A2\u30AF\u30BB\u30B9\u7D4C\u8DEF)"\`\u3001\`value\`: \`"<calendarId>"\` \u306E\u5F62\u5F0F\u3067\u69CB\u7BC9\u3002\u30A2\u30AF\u30BB\u30B9\u7D4C\u8DEF\u306F a \u3067\u898B\u3064\u304B\u3063\u305F\u3082\u306E\u306F \`"\u5171\u6709"\`\u3001b \u3067\u898B\u3064\u304B\u3063\u305F\u3082\u306E\u306F \`"DwD: <\u305D\u306E\u3068\u304D\u306E subject>"\` \u306E\u3088\u3046\u306B\u4EBA\u9593\u304C\u5224\u5225\u3067\u304D\u308B\u6587\u5B57\u5217\u306B\u3059\u308B
+
+4. \u30E6\u30FC\u30B6\u30FC\u304C\u9078\u629E\u3057\u305F calendarId \u96C6\u5408\u3092\u3001\u30B9\u30C6\u30C3\u30D7 2 \u306E\u30C7\u30A3\u30B9\u30AB\u30D0\u30EA\u7D50\u679C\u3068\u7A81\u304D\u5408\u308F\u305B\u3066\u7D4C\u8DEF\u3068 subject \u3092\u7279\u5B9A\u3059\u308B\u3002\`finalizeSetup\` \u3092\u547C\u3073\u3001\`projectKnowledge\` \u306E \`#### \u30B9\u30B3\u30FC\u30D7\` \u7BC0\u306B\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u3092 1 \u884C\u305A\u3064\u5217\u6319\u3059\u308B:
+   - DwD \u7D4C\u7531\u3067\u30A2\u30AF\u30BB\u30B9\u3059\u308B\u5834\u5408: \`- calendar: <calendarId> (delegation, subject: <subject>, name: "<\u30AB\u30EC\u30F3\u30C0\u30FC\u540D>")\`
+   - Service Account \u81EA\u8EAB\u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B\u5834\u5408: \`- calendar: <calendarId> (service-account, name: "<\u30AB\u30EC\u30F3\u30C0\u30FC\u540D>")\`
+
+#### \u5236\u7D04
+- \u4E0A\u8A18\u4EE5\u5916\u306E API \u547C\u3073\u51FA\u3057\u3092 setup \u4E2D\u306B\u884C\u308F\u306A\u3044
+- \u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u306E\u9593\u306F 1 \u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057`,
+    en: `Set up the Google Calendar connection. Ask the user which calendars they want to access, discover the available ones, and record them in Project Knowledge.
+
+1. Call \`askUserQuestion\` to collect target user emails:
+   - \`type\`: \`"freeText"\`
+   - \`question\`: "Enter the email addresses of the calendar owners you want to access (comma-separated for multiple)"
+   - \`placeholder\`: \`"alice@example.com, bob@example.com"\`
+
+2. Extract individual emails from the response. Discover calendars using both tools in parallel:
+   a. Call \`${requestToolName}\` to list calendars shared directly with the service account. If \`success: false\`, record the failure and continue:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+   b. For each email \`<email>\`, call \`${requestWithDelegationToolName}\` to list calendars accessible by that user via Domain-wide Delegation:
+      - \`method\`: \`"GET"\`
+      - \`path\`: \`"/users/me/calendarList"\`
+      - \`subject\`: \`<email>\`
+      - \`scopes\`: \`${READONLY_SCOPES}\`
+
+3. Aggregate the discovery results from step 2 and call \`askUserQuestion\` for calendar selection:
+   - If no calendars were found: take \`serviceAccountEmail\` from any failed tool response and call \`askUserQuestion\`. Include this guidance in \`question\`: "No accessible calendars found. With service account \`<serviceAccountEmail>\`, please do one of the following before continuing: (1) Ask your Workspace admin to authorize Domain-wide Delegation ([setup guide](https://support.google.com/a/answer/162106)), or (2) Share the target calendars with \`<serviceAccountEmail>\` ([sharing guide](https://support.google.com/calendar/answer/37082))".
+     - \`options\`: \`[{ label: "Ready \u2014 retry", value: "retry" }, { label: "Re-enter the email addresses", value: "restart" }]\`
+     - On "retry" \u2192 re-run step 2 with the previously entered email list
+     - On "Re-enter" \u2192 re-run step 1
+   - If there were partial failures: briefly mention them and proceed.
+   - Calendar selection:
+     - \`type\`: \`"multiSelect"\`
+     - \`question\`: "Select the calendars to use (multiple allowed)"
+     - \`options\`: For each calendar, \`label\`: \`"<calendar name> (access path)"\`, \`value\`: \`"<calendarId>"\`. Make the access path human-readable: \`"shared"\` for calendars found via 2a, \`"DwD: <the subject used>"\` for calendars found via 2b
+
+4. Cross-reference the selected calendarIds with the step 2 discovery results to recover each calendar's access path and subject. Call \`finalizeSetup\`. Under \`#### \u30B9\u30B3\u30FC\u30D7\` in \`projectKnowledge\`, list each calendar on its own line:
+   - Accessed via Domain-wide Delegation: \`- calendar: <calendarId> (delegation, subject: <subject>, name: "<calendar name>")\`
+   - Shared directly with the service account: \`- calendar: <calendarId> (service-account, name: "<calendar name>")\`
+
+#### Constraints
+- Do not call any other API endpoints during setup
+- Write at most 1 sentence between tool calls`
+  },
+  dataOverviewInstructions: {
+    en: `For each calendar recorded under \`#### \u30B9\u30B3\u30FC\u30D7\`, fetch metadata and a small sample of upcoming events. The annotation on each line tells you which tool to use:
+- \`(delegation, subject: <email>, ...)\` \u2192 \`${requestWithDelegationToolName}\` with \`subject: <email>\`
+- \`(service-account, ...)\` \u2192 \`${requestToolName}\`
+
+Pass \`scopes: ${READONLY_SCOPES}\` for every call.
+
+For each calendar:
+1. \`method=GET\`, \`path=/calendars/<id>\` to fetch metadata.
+2. \`method=GET\`, \`path=/calendars/<id>/events\`, \`queryParams={ timeMin: <RFC3339 now>, maxResults: "10", singleEvents: "true", orderBy: "startTime" }\`.`,
+    ja: `\`#### \u30B9\u30B3\u30FC\u30D7\` \u306E\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u3064\u3044\u3066\u3001\u30E1\u30BF\u30C7\u30FC\u30BF\u3068\u76F4\u8FD1\u306E\u30A4\u30D9\u30F3\u30C8\u3092\u5C11\u91CF\u53D6\u5F97\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u5404\u884C\u306E\u6CE8\u91C8\u3067\u4F7F\u7528\u3059\u308B\u30C4\u30FC\u30EB\u3092\u9078\u3073\u307E\u3059:
+- \`(delegation, subject: <email>, ...)\` \u2192 \`${requestWithDelegationToolName}\` \u3092 \`subject: <email>\` \u4ED8\u304D\u3067\u547C\u3076
+- \`(service-account, ...)\` \u2192 \`${requestToolName}\` \u3092\u547C\u3076
+
+\`scopes\` \u306F\u6BCE\u56DE \`${READONLY_SCOPES}\` \u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002
+
+\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306B\u3064\u3044\u3066:
+1. \`method=GET\`\u3001\`path=/calendars/<id>\` \u3067\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97
+2. \`method=GET\`\u3001\`path=/calendars/<id>/events\`\u3001\`queryParams={ timeMin: <RFC3339 \u306E\u73FE\u5728\u6642\u523B>, maxResults: "10", singleEvents: "true", orderBy: "startTime" }\``
+  }
+});
+
 // ../connectors/src/connectors/google-calendar/index.ts
-var tools14 = { request: requestTool5, listCalendars: listCalendarsTool };
+var tools14 = {
+  request: requestTool5,
+  request_with_delegation: requestWithDelegationTool
+};
 var googleCalendarConnector = new ConnectorPlugin({
   slug: "google-calendar",
   authType: AUTH_TYPES.SERVICE_ACCOUNT,
@@ -91668,58 +91652,45 @@ var googleCalendarConnector = new ConnectorPlugin({
   systemPrompt: {
     en: `### Tools
 
-- \`google-calendar-service-account_request\`: The only way to call the Google Calendar API. Use it to list calendars, get events, and manage calendar data. Authentication is handled automatically using a service account with Domain-wide Delegation \u2014 the service account impersonates the user configured on the connection (\`impersonate-email\` parameter). The {calendarId} placeholder in paths is automatically replaced with the configured default calendar ID. Pass an optional \`subject\` only if you need to override the configured user for a specific request.
+This connector exposes two request tools that correspond to the two ways a Service Account can authenticate against the Google Calendar API:
 
-### Business Logic
+- \`google-calendar-service-account_request_with_delegation\`: Call the Calendar API on behalf of the specified Workspace user via Domain-wide Delegation. Pass \`subject\` as the target user email. Requires DwD to be authorized for the service account in the Workspace admin console.
+- \`google-calendar-service-account_request\`: Call the Calendar API as the service account itself (no delegation). Only calendars explicitly shared with the service account email are accessible.
 
-The business logic type for this connector is "typescript". Use the connector SDK in your handler. Do NOT read credentials from environment variables.
+Both tools require a \`scopes\` argument.
 
-SDK methods (client created via \`connection(connectionId)\` \u2014 the connection's \`impersonate-email\` parameter is used automatically for Domain-wide Delegation):
-- \`client.listCalendars()\` \u2014 list all accessible calendars
-- \`client.listEvents(options?, calendarId?)\` \u2014 list events with optional filters
-- \`client.getEvent(eventId, calendarId?)\` \u2014 get a single event by ID
-- \`client.request(path, init?)\` \u2014 low-level authenticated fetch
+### OAuth Scopes (pass as \`scopes\` argument)
 
-#### Domain-wide Delegation
+This connector is currently read-only. Pass one of:
 
-The target user email is configured on the connection (\`impersonate-email\` parameter), so \`connection()\` automatically uses it. Pass \`subject\` only to override it:
+- \`https://www.googleapis.com/auth/calendar.readonly\` \u2014 read-only on calendars and events
+- \`https://www.googleapis.com/auth/calendar.events.readonly\` \u2014 read-only on events (no calendar metadata)
+- \`https://www.googleapis.com/auth/calendar.freebusy\` \u2014 busy/free time queries only
 
-\`\`\`ts
-const calendar = connection("<connectionId>", { subject: "other-user@example.com" });
-\`\`\`
+For \`request_with_delegation\`, the Workspace admin must have authorized the requested scope for the service account in the Domain-wide Delegation settings, otherwise token issuance will fail with \`unauthorized_client\`.
 
-\`\`\`ts
-import type { Context } from "hono";
-import { connection } from "@squadbase/vite-server/connectors/google-calendar";
+Per-endpoint scope reference: https://developers.google.com/calendar/api/auth
 
-const calendar = connection("<connectionId>");
+### Choosing the right tool
 
-export default async function handler(c: Context) {
-  const now = new Date().toISOString();
-  const { items } = await calendar.listEvents({
-    timeMin: now,
-    maxResults: 10,
-    singleEvents: true,
-    orderBy: "startTime",
-  });
+Read \`#### \u30B9\u30B3\u30FC\u30D7\` in the project knowledge for this connection. Each calendar appears as a \`- calendar: <id> (...)\` line whose annotation tells you which tool to use:
 
-  return c.json(
-    items.map((event) => ({
-      id: event.id,
-      summary: event.summary,
-      start: event.start.dateTime ?? event.start.date,
-      end: event.end.dateTime ?? event.end.date,
-      location: event.location,
-    })),
-  );
-}
-\`\`\`
+- \`(delegation, subject: <email>, name: "...")\` \u2192 use \`request_with_delegation\` and pass \`subject: <email>\`
+- \`(service-account, name: "...")\` \u2192 use \`request\` (no \`subject\`)
+
+### Path conventions
+
+Write the calendar ID directly into the path \u2014 there is no placeholder substitution. Examples:
+
+- \`/users/me/calendarList\` \u2014 list calendars accessible to the authenticated identity
+- \`/calendars/alice@example.com/events\` \u2014 events on alice's primary calendar
+- \`/calendars/c_abc123@group.calendar.google.com/events\` \u2014 events on a secondary calendar
 
 ### Google Calendar API v3 Reference
 
 #### Available Endpoints
 - GET \`/calendars/{calendarId}\` \u2014 Get calendar metadata
-- GET \`/users/me/calendarList\` \u2014 List all calendars accessible by the authenticated user
+- GET \`/users/me/calendarList\` \u2014 List all calendars accessible by the authenticated identity
 - GET \`/calendars/{calendarId}/events\` \u2014 List events on a calendar
 - GET \`/calendars/{calendarId}/events/{eventId}\` \u2014 Get a single event
 
@@ -91731,66 +91702,93 @@ export default async function handler(c: Context) {
 - \`orderBy=startTime\` \u2014 Order by start time (requires singleEvents=true)
 - \`q\` \u2014 Free text search terms
 
-#### Tips
-- Use \`{calendarId}\` placeholder in paths \u2014 it is automatically replaced with the configured default calendar ID
-- Set \`singleEvents=true\` to expand recurring events into individual instances
-- When using \`orderBy=startTime\`, you must also set \`singleEvents=true\`
-- Use RFC3339 format for time parameters (e.g., "2024-01-15T09:00:00Z" or "2024-01-15T09:00:00+09:00")
-- The default calendar ID is "primary" if not configured`,
-    ja: `### \u30C4\u30FC\u30EB
-
-- \`google-calendar-service-account_request\`: Google Calendar API\u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\u3002\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7\u53D6\u5F97\u3001\u30A4\u30D9\u30F3\u30C8\u306E\u53D6\u5F97\u3001\u30AB\u30EC\u30F3\u30C0\u30FC\u30C7\u30FC\u30BF\u306E\u7BA1\u7406\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\uFF0BDomain-wide Delegation\u3067\u8A8D\u8A3C\u304C\u81EA\u52D5\u7684\u306B\u51E6\u7406\u3055\u308C\u3001\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306B\u8A2D\u5B9A\u3055\u308C\u305F\u30E6\u30FC\u30B6\u30FC\uFF08\`impersonate-email\`\u30D1\u30E9\u30E1\u30FC\u30BF\uFF09\u3068\u3057\u3066\u52D5\u4F5C\u3057\u307E\u3059\u3002\u30D1\u30B9\u5185\u306E{calendarId}\u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u306F\u8A2D\u5B9A\u6E08\u307F\u306E\u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FCID\u3067\u81EA\u52D5\u7684\u306B\u7F6E\u63DB\u3055\u308C\u307E\u3059\u3002\u7279\u5B9A\u30EA\u30AF\u30A8\u30B9\u30C8\u3067\u8A2D\u5B9A\u30E6\u30FC\u30B6\u30FC\u3092\u4E0A\u66F8\u304D\u3057\u305F\u3044\u5834\u5408\u306E\u307F\u3001\u30AA\u30D7\u30B7\u30E7\u30F3\u306E\`subject\`\u30D1\u30E9\u30E1\u30FC\u30BF\u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002
-
 ### Business Logic
 
-\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u30CF\u30F3\u30C9\u30E9\u5185\u3067\u306F\u30B3\u30CD\u30AF\u30BFSDK\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u8A8D\u8A3C\u60C5\u5831\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
+The business logic type for this connector is "typescript". Use the connector SDK in your handler. Do NOT read credentials from environment variables.
 
-SDK\u30E1\u30BD\u30C3\u30C9 (\`connection(connectionId)\` \u3067\u4F5C\u6210\u3057\u305F\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8 \u2014 \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\`impersonate-email\`\u30D1\u30E9\u30E1\u30FC\u30BF\u304C\u81EA\u52D5\u7684\u306BDomain-wide Delegation\u306Esubject\u3068\u3057\u3066\u4F7F\u308F\u308C\u307E\u3059):
-- \`client.listCalendars()\` \u2014 \u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7\u53D6\u5F97
-- \`client.listEvents(options?, calendarId?)\` \u2014 \u30D5\u30A3\u30EB\u30BF\u30FC\u4ED8\u304D\u30A4\u30D9\u30F3\u30C8\u4E00\u89A7\u53D6\u5F97
-- \`client.getEvent(eventId, calendarId?)\` \u2014 ID\u306B\u3088\u308B\u5358\u4E00\u30A4\u30D9\u30F3\u30C8\u53D6\u5F97
-- \`client.request(path, init?)\` \u2014 \u4F4E\u30EC\u30D9\u30EB\u306E\u8A8D\u8A3C\u4ED8\u304Dfetch
+SDK methods (client created via \`connection(connectionId)\`):
 
-#### Domain-wide Delegation
+- \`client.requestWithDelegation(path, { subject, scopes, init? })\` \u2014 call the API as the impersonated Workspace user via Domain-wide Delegation
+- \`client.request(path, { scopes, init? })\` \u2014 call the API as the service account itself (only calendars shared with the SA email are accessible)
 
-\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u306F\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\uFF08\`impersonate-email\`\u30D1\u30E9\u30E1\u30FC\u30BF\uFF09\u306B\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u308B\u305F\u3081\u3001\`connection()\`\u306F\u81EA\u52D5\u7684\u306B\u305D\u308C\u3092\u4F7F\u3044\u307E\u3059\u3002\u4E0A\u66F8\u304D\u3057\u305F\u3044\u5834\u5408\u306E\u307F\`subject\`\u3092\u6E21\u3057\u307E\u3059\uFF1A
+Both methods take \`scopes\` \u2014 pass the minimum scope(s) for the endpoint. Both return a standard \`Response\`. Read the body with \`.json()\`. Same path conventions as the tools.
 
-\`\`\`ts
-const calendar = connection("<connectionId>", { subject: "other-user@example.com" });
-\`\`\`
+#### Example
 
 \`\`\`ts
 import type { Context } from "hono";
 import { connection } from "@squadbase/vite-server/connectors/google-calendar";
 
 const calendar = connection("<connectionId>");
+const READ = ["https://www.googleapis.com/auth/calendar.readonly"];
 
 export default async function handler(c: Context) {
   const now = new Date().toISOString();
-  const { items } = await calendar.listEvents({
+  const qs = new URLSearchParams({
     timeMin: now,
-    maxResults: 10,
-    singleEvents: true,
+    maxResults: "10",
+    singleEvents: "true",
     orderBy: "startTime",
   });
 
-  return c.json(
-    items.map((event) => ({
-      id: event.id,
-      summary: event.summary,
-      start: event.start.dateTime ?? event.start.date,
-      end: event.end.dateTime ?? event.end.date,
-      location: event.location,
-    })),
+  // Project knowledge says: alice@example.com is reachable via delegation
+  const aliceRes = await calendar.requestWithDelegation(
+    \`/calendars/alice@example.com/events?\${qs}\`,
+    { subject: "alice@example.com", scopes: READ },
   );
+  const alice = await aliceRes.json();
+
+  // Project knowledge says: team@example.com is shared with the SA
+  const teamRes = await calendar.request(
+    \`/calendars/team@example.com/events?\${qs}\`,
+    { scopes: READ },
+  );
+  const team = await teamRes.json();
+
+  return c.json({ alice: alice.items, team: team.items });
 }
-\`\`\`
+\`\`\``,
+    ja: `### \u30C4\u30FC\u30EB
+
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u30FC\u306F\u3001Service Account \u304C Google Calendar API \u306B\u8A8D\u8A3C\u3059\u308B 2 \u3064\u306E\u65B9\u6CD5\u306B\u5BFE\u5FDC\u3059\u308B 2 \u3064\u306E request \u30C4\u30FC\u30EB\u3092\u516C\u958B\u3057\u307E\u3059:
+
+- \`google-calendar-service-account_request_with_delegation\`: \u6307\u5B9A\u3055\u308C\u305F Workspace \u30E6\u30FC\u30B6\u30FC\u306B\u4EE3\u308F\u3063\u3066 Domain-wide Delegation \u7D4C\u7531\u3067 Calendar API \u3092\u547C\u3073\u51FA\u3057\u307E\u3059\u3002\u4EE3\u7406\u5BFE\u8C61\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092 \`subject\` \u3068\u3057\u3066\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002Workspace \u7BA1\u7406\u30B3\u30F3\u30BD\u30FC\u30EB\u3067 Service Account \u306E DwD \u304C\u627F\u8A8D\u3055\u308C\u3066\u3044\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002
+- \`google-calendar-service-account_request\`: Service Account \u81EA\u8EAB\u3068\u3057\u3066 Calendar API \u3092\u547C\u3073\u51FA\u3057\u307E\u3059\uFF08DwD \u306A\u3057\uFF09\u3002Service Account \u306E\u30E1\u30A2\u30C9\u306B\u660E\u793A\u7684\u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u307F\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u3067\u3059\u3002
+
+\u4E21\u30C4\u30FC\u30EB\u3068\u3082 \`scopes\` \u5F15\u6570\u304C\u5FC5\u9808\u3067\u3059\u3002
+
+### OAuth \u30B9\u30B3\u30FC\u30D7 (\`scopes\` \u5F15\u6570\u3067\u6E21\u3059)
+
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u30FC\u306F\u73FE\u72B6\u8AAD\u307F\u53D6\u308A\u5C02\u7528\u3067\u3059\u3002\u6B21\u306E\u3044\u305A\u308C\u304B\u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044:
+
+- \`https://www.googleapis.com/auth/calendar.readonly\` \u2014 \u30AB\u30EC\u30F3\u30C0\u30FC\u3068\u30A4\u30D9\u30F3\u30C8\u306E\u8AAD\u307F\u53D6\u308A
+- \`https://www.googleapis.com/auth/calendar.events.readonly\` \u2014 \u30A4\u30D9\u30F3\u30C8\u306E\u307F\u8AAD\u307F\u53D6\u308A\uFF08\u30AB\u30EC\u30F3\u30C0\u30FC\u30E1\u30BF\u30C7\u30FC\u30BF\u4E0D\u53EF\uFF09
+- \`https://www.googleapis.com/auth/calendar.freebusy\` \u2014 \u7A7A\u304D\u72B6\u6CC1\u30AF\u30A8\u30EA\u306E\u307F
+
+\`request_with_delegation\` \u306E\u5834\u5408\u3001\u8981\u6C42\u3059\u308B scope \u306F Workspace \u7BA1\u7406\u8005\u304C Domain-wide Delegation \u8A2D\u5B9A\u3067\u5F53\u8A72 Service Account \u306B\u5BFE\u3057\u3066\u627F\u8A8D\u3057\u3066\u3044\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\u627F\u8A8D\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u30C8\u30FC\u30AF\u30F3\u767A\u884C\u304C \`unauthorized_client\` \u3067\u5931\u6557\u3057\u307E\u3059\u3002
+
+\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u5225\u306E\u6B63\u78BA\u306A scope \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9: https://developers.google.com/calendar/api/auth
+
+### \u9069\u5207\u306A\u30C4\u30FC\u30EB\u306E\u9078\u3073\u65B9
+
+\u3053\u306E\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E Project Knowledge \u306E \`#### \u30B9\u30B3\u30FC\u30D7\` \u3092\u8AAD\u3093\u3067\u304F\u3060\u3055\u3044\u3002\u5404\u30AB\u30EC\u30F3\u30C0\u30FC\u306F \`- calendar: <id> (...)\` \u5F62\u5F0F\u306E\u884C\u3068\u3057\u3066\u8A18\u9332\u3055\u308C\u3066\u304A\u308A\u3001\u6CE8\u91C8\u304C\u3069\u3061\u3089\u306E\u30C4\u30FC\u30EB\u3092\u4F7F\u3046\u3079\u304D\u304B\u3092\u793A\u3057\u307E\u3059:
+
+- \`(delegation, subject: <email>, name: "...")\` \u2192 \`request_with_delegation\` \u3092\u4F7F\u3044\u3001\`subject: <email>\` \u3092\u6E21\u3059
+- \`(service-account, name: "...")\` \u2192 \`request\` \u3092\u4F7F\u3046\uFF08\`subject\` \u4E0D\u8981\uFF09
+
+### \u30D1\u30B9\u306E\u66F8\u304D\u65B9
+
+calendar ID \u3092\u30D1\u30B9\u306B\u76F4\u63A5\u66F8\u3044\u3066\u304F\u3060\u3055\u3044\u3002\u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u306E\u7F6E\u63DB\u306F\u3042\u308A\u307E\u305B\u3093\u3002\u4F8B:
+
+- \`/users/me/calendarList\` \u2014 \u8A8D\u8A3C\u3055\u308C\u305F\u8B58\u5225\u5B50\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7
+- \`/calendars/alice@example.com/events\` \u2014 alice \u306E\u30D7\u30E9\u30A4\u30DE\u30EA\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30A4\u30D9\u30F3\u30C8
+- \`/calendars/c_abc123@group.calendar.google.com/events\` \u2014 \u4E8C\u6B21\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30A4\u30D9\u30F3\u30C8
 
 ### Google Calendar API v3 \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
 
 #### \u5229\u7528\u53EF\u80FD\u306A\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8
 - GET \`/calendars/{calendarId}\` \u2014 \u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\u3092\u53D6\u5F97
-- GET \`/users/me/calendarList\` \u2014 \u8A8D\u8A3C\u30E6\u30FC\u30B6\u30FC\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7
+- GET \`/users/me/calendarList\` \u2014 \u8A8D\u8A3C\u3055\u308C\u305F\u8B58\u5225\u5B50\u304C\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u5168\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u4E00\u89A7
 - GET \`/calendars/{calendarId}/events\` \u2014 \u30AB\u30EC\u30F3\u30C0\u30FC\u4E0A\u306E\u30A4\u30D9\u30F3\u30C8\u4E00\u89A7
 - GET \`/calendars/{calendarId}/events/{eventId}\` \u2014 \u5358\u4E00\u30A4\u30D9\u30F3\u30C8\u306E\u53D6\u5F97
 
@@ -91802,12 +91800,52 @@ export default async function handler(c: Context) {
 - \`orderBy=startTime\` \u2014 \u958B\u59CB\u6642\u9593\u9806\u306B\u4E26\u3079\u66FF\u3048\uFF08singleEvents=true\u304C\u5FC5\u8981\uFF09
 - \`q\` \u2014 \u30D5\u30EA\u30FC\u30C6\u30AD\u30B9\u30C8\u691C\u7D22\u8A9E
 
-#### \u30D2\u30F3\u30C8
-- \u30D1\u30B9\u306B \`{calendarId}\` \u30D7\u30EC\u30FC\u30B9\u30DB\u30EB\u30C0\u30FC\u3092\u4F7F\u7528 \u2014 \u8A2D\u5B9A\u6E08\u307F\u306E\u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FCID\u3067\u81EA\u52D5\u7684\u306B\u7F6E\u63DB\u3055\u308C\u307E\u3059
-- \`singleEvents=true\` \u3092\u8A2D\u5B9A\u3059\u308B\u3068\u3001\u7E70\u308A\u8FD4\u3057\u30A4\u30D9\u30F3\u30C8\u304C\u500B\u5225\u306E\u30A4\u30F3\u30B9\u30BF\u30F3\u30B9\u306B\u5C55\u958B\u3055\u308C\u307E\u3059
-- \`orderBy=startTime\` \u3092\u4F7F\u7528\u3059\u308B\u5834\u5408\u3001\`singleEvents=true\` \u3082\u8A2D\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059
-- \u6642\u9593\u30D1\u30E9\u30E1\u30FC\u30BF\u306B\u306FRFC3339\u5F62\u5F0F\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u4F8B: "2024-01-15T09:00:00Z" \u3084 "2024-01-15T09:00:00+09:00"\uFF09
-- \u30C7\u30D5\u30A9\u30EB\u30C8\u30AB\u30EC\u30F3\u30C0\u30FCID\u306F\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408 "primary" \u304C\u4F7F\u7528\u3055\u308C\u307E\u3059`
+### Business Logic
+
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u30CF\u30F3\u30C9\u30E9\u5185\u3067\u306F\u30B3\u30CD\u30AF\u30BFSDK\u3092\u4F7F\u7528\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u8A8D\u8A3C\u60C5\u5831\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
+
+SDK\u30E1\u30BD\u30C3\u30C9 (\`connection(connectionId)\` \u3067\u4F5C\u6210\u3057\u305F\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8):
+
+- \`client.requestWithDelegation(path, { subject, scopes, init? })\` \u2014 DwD \u3067 Workspace \u30E6\u30FC\u30B6\u30FC\u306B\u306A\u308A\u3059\u307E\u3057\u3066 API \u3092\u547C\u3076
+- \`client.request(path, { scopes, init? })\` \u2014 SA \u81EA\u8EAB\u3068\u3057\u3066 API \u3092\u547C\u3076\uFF08SA \u306B\u5171\u6709\u3055\u308C\u305F\u30AB\u30EC\u30F3\u30C0\u30FC\u306E\u307F\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\uFF09
+
+\u4E21\u30E1\u30BD\u30C3\u30C9\u3068\u3082 \`scopes\` \u3092\u53D7\u3051\u53D6\u308A\u307E\u3059\u3002\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u306B\u5FC5\u8981\u306A\u6700\u5C0F scope \u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u6A19\u6E96\u306E \`Response\` \u3092\u8FD4\u3059\u306E\u3067 \`response.json()\` \u3067\u30DC\u30C7\u30A3\u3092\u53D6\u5F97\u3057\u307E\u3059\u3002\u30D1\u30B9\u306E\u66F8\u304D\u65B9\u306F\u30C4\u30FC\u30EB\u3068\u540C\u3058\u3002
+
+#### Example
+
+\`\`\`ts
+import type { Context } from "hono";
+import { connection } from "@squadbase/vite-server/connectors/google-calendar";
+
+const calendar = connection("<connectionId>");
+const READ = ["https://www.googleapis.com/auth/calendar.readonly"];
+
+export default async function handler(c: Context) {
+  const now = new Date().toISOString();
+  const qs = new URLSearchParams({
+    timeMin: now,
+    maxResults: "10",
+    singleEvents: "true",
+    orderBy: "startTime",
+  });
+
+  // Project Knowledge: alice@example.com \u306F delegation \u7D4C\u8DEF\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD
+  const aliceRes = await calendar.requestWithDelegation(
+    \`/calendars/alice@example.com/events?\${qs}\`,
+    { subject: "alice@example.com", scopes: READ },
+  );
+  const alice = await aliceRes.json();
+
+  // Project Knowledge: team@example.com \u306F SA \u306B\u5171\u6709\u3055\u308C\u3066\u3044\u308B
+  const teamRes = await calendar.request(
+    \`/calendars/team@example.com/events?\${qs}\`,
+    { scopes: READ },
+  );
+  const team = await teamRes.json();
+
+  return c.json({ alice: alice.items, team: team.items });
+}
+\`\`\``
   },
   tools: tools14
 });
@@ -91870,7 +91908,7 @@ var outputSchema23 = z23.discriminatedUnion("success", [
     error: z23.string()
   })
 ]);
-var listCalendarsTool2 = new ConnectorTool({
+var listCalendarsTool = new ConnectorTool({
   name: "listCalendars",
   description: "List all Google Calendars accessible with the OAuth credentials. Use during setup to discover available calendars.",
   inputSchema: inputSchema23,
@@ -91931,12 +91969,12 @@ var listCalendarsTool2 = new ConnectorTool({
 });
 
 // ../connectors/src/connectors/google-calendar-oauth/setup.ts
-var listCalendarsToolName2 = `google-calendar-oauth_${listCalendarsTool2.name}`;
+var listCalendarsToolName = `google-calendar-oauth_${listCalendarsTool.name}`;
 var googleCalendarOauthOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Calendar (OAuth) \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \`${listCalendarsToolName2}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001OAuth\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B
+1. \`${listCalendarsToolName}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001OAuth\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u306A\u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B
 2. \u300C\u4F7F\u7528\u3059\u308B\u30AB\u30EC\u30F3\u30C0\u30FC\u3092\u9078\u629E\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u300D\u3068\u30E6\u30FC\u30B6\u30FC\u306B\u4F1D\u3048\u305F\u4E0A\u3067\u3001\`askUserQuestion\` \u3092\u547C\u3073\u51FA\u3059:
    - \`options\`: \u30AB\u30EC\u30F3\u30C0\u30FC\u4E00\u89A7\u3002\u5404 option \u306E \`label\` \u306F \`\u30AB\u30EC\u30F3\u30C0\u30FC\u540D (id: \u30AB\u30EC\u30F3\u30C0\u30FCID)\` \u306E\u5F62\u5F0F\u3001\`value\` \u306F\u30AB\u30EC\u30F3\u30C0\u30FCID
 3. \`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
@@ -91948,7 +91986,7 @@ var googleCalendarOauthOnboarding = new ConnectorOnboarding({
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the Google Calendar (OAuth) connection.
 
-1. Call \`${listCalendarsToolName2}\` to get the list of calendars accessible with the OAuth credentials
+1. Call \`${listCalendarsToolName}\` to get the list of calendars accessible with the OAuth credentials
 2. Tell the user "Please select a calendar.", then call \`askUserQuestion\`:
    - \`options\`: The calendar list. Each option's \`label\` should be \`Calendar Name (id: calendarId)\`, \`value\` should be the calendar ID
 3. Call \`updateConnectionParameters\`:
@@ -92104,7 +92142,7 @@ Authentication is handled automatically via OAuth proxy.
 // ../connectors/src/connectors/google-calendar-oauth/index.ts
 var tools15 = {
   request: requestTool6,
-  listCalendars: listCalendarsTool2
+  listCalendars: listCalendarsTool
 };
 var googleCalendarOauthConnector = new ConnectorPlugin({
   slug: "google-calendar",
@@ -93140,7 +93178,7 @@ Authentication is handled automatically via OAuth proxy.`,
 });
 
 // ../connectors/src/connectors/google-sheets/setup.ts
-var requestToolName = `google-sheets-oauth_${requestTool9.name}`;
+var requestToolName2 = `google-sheets-oauth_${requestTool9.name}`;
 var googleSheetsOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Google Sheets (OAuth) \u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306F\u8AAD\u307F\u66F8\u304D\u53EF\u80FD\u306A\u30B9\u30B3\u30FC\u30D7 (\`spreadsheets\`) \u3067\u63A5\u7D9A\u3055\u308C\u3001OAuth\u8A8D\u8A3C\u3057\u305FGoogle\u30A2\u30AB\u30A6\u30F3\u30C8\u304C\u6A29\u9650\u3092\u6301\u3064\u4EFB\u610F\u306E\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306B\u5BFE\u3057\u3066\u8AAD\u307F\u66F8\u304D\u3067\u304D\u307E\u3059\u3002
@@ -93150,12 +93188,12 @@ var googleSheetsOnboarding = new ConnectorOnboarding({
    - \`question\`: \u300C\u64CD\u4F5C\u3057\u305F\u3044Google Sheets\u306EURL\u3092\u8CBC\u308A\u4ED8\u3051\u3066\u304F\u3060\u3055\u3044\uFF08\u8AAD\u307F\u53D6\u308A\u30FB\u7DE8\u96C6\u3069\u3061\u3089\u3082\u53EF\u80FD\u3067\u3059\uFF09\u300D
    - \`placeholder\`: \`"https://docs.google.com/spreadsheets/d/.../edit"\`
 2. \u53D7\u3051\u53D6\u3063\u305FURL\u304B\u3089\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8ID\u3092\u62BD\u51FA\u3059\u308B\u3002URL\u306E \`/d/\` \u3068 \`/edit\`\uFF08\u307E\u305F\u306F\u672B\u5C3E\uFF09\u306E\u9593\u306B\u3042\u308B\u6587\u5B57\u5217\u304C\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8ID\u3067\u3059\uFF08\u4F8B: \`https://docs.google.com/spreadsheets/d/1AbCxyz.../edit\` \u2192 \`1AbCxyz...\`\uFF09\u3002URL\u3067\u306F\u306A\u304FID\u3060\u3051\u304C\u6E21\u3055\u308C\u305F\u5834\u5408\u306F\u305D\u306E\u307E\u307E\u5229\u7528\u3057\u307E\u3059\u3002
-3. \`${requestToolName}\` \u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u6027\u3092\u78BA\u8A8D\u3059\u308B:
+3. \`${requestToolName2}\` \u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u6027\u3092\u78BA\u8A8D\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/<\u62BD\u51FA\u3057\u305FspreadsheetId>"\`
 4. **\u691C\u8A3C\u5931\u6557\u6642\u306E\u518D\u30D2\u30A2\u30EA\u30F3\u30B0**: \u30B9\u30C6\u30C3\u30D73\u304C \`success: false\` \u3092\u8FD4\u3057\u305F\u5834\u5408\uFF08404/403/\u898B\u3064\u304B\u3089\u306A\u3044\u7B49\uFF09\u3001\u4EE5\u4E0B\u306E\u624B\u9806\u3067\u518D\u8A66\u884C\u3059\u308B:
    a. \u30E6\u30FC\u30B6\u30FC\u306B\u539F\u56E0\u306E\u53EF\u80FD\u6027\u3092\u4F1D\u3048\u308B\uFF08URL\u304C\u9593\u9055\u3063\u3066\u3044\u308B\u3001OAuth\u9023\u643A\u3057\u305FGoogle\u30A2\u30AB\u30A6\u30F3\u30C8\u306B\u30A2\u30AF\u30BB\u30B9\u6A29\u9650\u304C\u306A\u3044\u3001\u30D7\u30E9\u30A4\u30D9\u30FC\u30C8\u30B7\u30FC\u30C8\u3067\u5225\u30A2\u30AB\u30A6\u30F3\u30C8\u3068\u5171\u6709\u3055\u308C\u3066\u3044\u308B \u7B49\uFF09
-   b. \`askUserQuestion\` \u3067\u3082\u3046\u4E00\u5EA6URL\u3092\u805E\u304D\u76F4\u3057\u3001\u518D\u5EA6 \`${requestToolName}\` \u3067\u691C\u8A3C
+   b. \`askUserQuestion\` \u3067\u3082\u3046\u4E00\u5EA6URL\u3092\u805E\u304D\u76F4\u3057\u3001\u518D\u5EA6 \`${requestToolName2}\` \u3067\u691C\u8A3C
    c. \u6210\u529F\u3059\u308B\u307E\u3067\uFF08\u307E\u305F\u306F\u30E6\u30FC\u30B6\u30FC\u304C\u4E2D\u65AD\u3059\u308B\u307E\u3067\uFF09\u3053\u306E\u30EB\u30FC\u30D7\u3092\u7E70\u308A\u8FD4\u3059
 
 #### \u5236\u7D04
@@ -93169,12 +93207,12 @@ var googleSheetsOnboarding = new ConnectorOnboarding({
    - \`question\`: "Please paste the URL of the Google Sheet you want to work with (both read and edit are supported)."
    - \`placeholder\`: \`"https://docs.google.com/spreadsheets/d/.../edit"\`
 2. Extract the spreadsheet ID from the URL. It is the segment between \`/d/\` and \`/edit\` (or the end of the URL), e.g. \`https://docs.google.com/spreadsheets/d/1AbCxyz.../edit\` \u2192 \`1AbCxyz...\`. If the user pasted just the ID, use it as-is.
-3. Verify accessibility by calling \`${requestToolName}\`:
+3. Verify accessibility by calling \`${requestToolName2}\`:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/<extracted spreadsheetId>"\`
 4. **Retry on verification failure**: If step 3 returns \`success: false\` (404/403/not found or any other error):
    a. Tell the user the likely causes (wrong URL, OAuth-connected Google account lacks access, private sheet shared with a different account, etc.)
-   b. Call \`askUserQuestion\` again to re-ask for the URL and re-verify with \`${requestToolName}\`
+   b. Call \`askUserQuestion\` again to re-ask for the URL and re-verify with \`${requestToolName2}\`
    c. Repeat until verification succeeds (or the user aborts)
 
 #### Constraints
@@ -93183,10 +93221,10 @@ var googleSheetsOnboarding = new ConnectorOnboarding({
 - Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently.`
   },
   dataOverviewInstructions: {
-    en: `1. Call ${requestToolName} with GET /<spreadsheetId> to fetch spreadsheet metadata (sheet names, grid properties)
-2. For each sheet of interest, call ${requestToolName} with GET /<spreadsheetId>/values/<SheetName>!A1:Z5 to sample the first rows and understand the column layout`,
-    ja: `1. ${requestToolName} \u3067 GET /<spreadsheetId> \u3092\u547C\u3073\u51FA\u3057\u3001\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\uFF08\u30B7\u30FC\u30C8\u540D\u3001\u30B0\u30EA\u30C3\u30C9\u30D7\u30ED\u30D1\u30C6\u30A3\uFF09\u3092\u53D6\u5F97
-2. \u4E3B\u8981\u306A\u30B7\u30FC\u30C8\u306B\u3064\u3044\u3066 ${requestToolName} \u3067 GET /<spreadsheetId>/values/<\u30B7\u30FC\u30C8\u540D>!A1:Z5 \u3092\u547C\u3073\u51FA\u3057\u3001\u5148\u982D\u6570\u884C\u3092\u30B5\u30F3\u30D7\u30EA\u30F3\u30B0\u3057\u3066\u30AB\u30E9\u30E0\u69CB\u9020\u3092\u628A\u63E1`
+    en: `1. Call ${requestToolName2} with GET /<spreadsheetId> to fetch spreadsheet metadata (sheet names, grid properties)
+2. For each sheet of interest, call ${requestToolName2} with GET /<spreadsheetId>/values/<SheetName>!A1:Z5 to sample the first rows and understand the column layout`,
+    ja: `1. ${requestToolName2} \u3067 GET /<spreadsheetId> \u3092\u547C\u3073\u51FA\u3057\u3001\u30B9\u30D7\u30EC\u30C3\u30C9\u30B7\u30FC\u30C8\u306E\u30E1\u30BF\u30C7\u30FC\u30BF\uFF08\u30B7\u30FC\u30C8\u540D\u3001\u30B0\u30EA\u30C3\u30C9\u30D7\u30ED\u30D1\u30C6\u30A3\uFF09\u3092\u53D6\u5F97
+2. \u4E3B\u8981\u306A\u30B7\u30FC\u30C8\u306B\u3064\u3044\u3066 ${requestToolName2} \u3067 GET /<spreadsheetId>/values/<\u30B7\u30FC\u30C8\u540D>!A1:Z5 \u3092\u547C\u3073\u51FA\u3057\u3001\u5148\u982D\u6570\u884C\u3092\u30B5\u30F3\u30D7\u30EA\u30F3\u30B0\u3057\u3066\u30AB\u30E9\u30E0\u69CB\u9020\u3092\u628A\u63E1`
   }
 });
 
@@ -93802,12 +93840,12 @@ Authentication is handled automatically via OAuth proxy.`,
 });
 
 // ../connectors/src/connectors/hubspot-oauth/setup.ts
-var requestToolName2 = `hubspot-oauth_${requestTool11.name}`;
+var requestToolName3 = `hubspot-oauth_${requestTool11.name}`;
 var hubspotOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067HubSpot\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \`${requestToolName2}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30A2\u30AB\u30A6\u30F3\u30C8\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
+1. \`${requestToolName3}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30A2\u30AB\u30A6\u30F3\u30C8\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/account-info/v3/details"\`
 2. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306BOAuth\u63A5\u7D9A\u306E\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B
@@ -93817,7 +93855,7 @@ var hubspotOnboarding = new ConnectorOnboarding({
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the HubSpot connection.
 
-1. Call \`${requestToolName2}\` to fetch account info:
+1. Call \`${requestToolName3}\` to fetch account info:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/account-info/v3/details"\`
 2. If an error is returned, ask the user to check the OAuth connection settings
@@ -94091,12 +94129,12 @@ Authentication is handled automatically via OAuth proxy.`,
 });
 
 // ../connectors/src/connectors/stripe-oauth/setup.ts
-var requestToolName3 = `stripe-oauth_${requestTool12.name}`;
+var requestToolName4 = `stripe-oauth_${requestTool12.name}`;
 var stripeOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Stripe\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \`${requestToolName3}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30A2\u30AB\u30A6\u30F3\u30C8\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
+1. \`${requestToolName4}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30A2\u30AB\u30A6\u30F3\u30C8\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/v1/accounts"\`
 2. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306BOAuth\u63A5\u7D9A\u306E\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B
@@ -94106,7 +94144,7 @@ var stripeOnboarding = new ConnectorOnboarding({
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the Stripe connection.
 
-1. Call \`${requestToolName3}\` to fetch account info:
+1. Call \`${requestToolName4}\` to fetch account info:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/v1/accounts"\`
 2. If an error is returned, ask the user to check the OAuth connection settings
@@ -94381,12 +94419,12 @@ Use this tool for all Stripe API interactions: querying charges, customers, invo
 });
 
 // ../connectors/src/connectors/stripe-api-key/setup.ts
-var requestToolName4 = `stripe-api-key_${requestTool13.name}`;
+var requestToolName5 = `stripe-api-key_${requestTool13.name}`;
 var stripeApiKeyOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Stripe\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \`${requestToolName4}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30A2\u30AB\u30A6\u30F3\u30C8\u6B8B\u9AD8\u3092\u53D6\u5F97\u3059\u308B:
+1. \`${requestToolName5}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30A2\u30AB\u30A6\u30F3\u30C8\u6B8B\u9AD8\u3092\u53D6\u5F97\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/v1/balance"\`
 2. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306BAPI\u30AD\u30FC\u306E\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B\uFF08Secret API Key\u307E\u305F\u306FRestricted API Key\u304C\u6B63\u3057\u304F\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u308B\u304B\uFF09
@@ -94396,7 +94434,7 @@ var stripeApiKeyOnboarding = new ConnectorOnboarding({
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the Stripe connection.
 
-1. Call \`${requestToolName4}\` to fetch account balance:
+1. Call \`${requestToolName5}\` to fetch account balance:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/v1/balance"\`
 2. If an error is returned, ask the user to check the API key settings (verify that the Secret API Key or Restricted API Key is configured correctly)
@@ -94406,11 +94444,11 @@ var stripeApiKeyOnboarding = new ConnectorOnboarding({
 - Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently`
   },
   dataOverviewInstructions: {
-    en: `1. Call ${requestToolName4} with GET /v1/customers?limit=5 to explore customers structure
-2. Call ${requestToolName4} with GET /v1/charges?limit=5 to explore charges structure
+    en: `1. Call ${requestToolName5} with GET /v1/customers?limit=5 to explore customers structure
+2. Call ${requestToolName5} with GET /v1/charges?limit=5 to explore charges structure
 3. Explore other endpoints (invoices, subscriptions, products) as needed`,
-    ja: `1. ${requestToolName4} \u3067 GET /v1/customers?limit=5 \u3092\u547C\u3073\u51FA\u3057\u3001\u9867\u5BA2\u306E\u69CB\u9020\u3092\u78BA\u8A8D
-2. ${requestToolName4} \u3067 GET /v1/charges?limit=5 \u3092\u547C\u3073\u51FA\u3057\u3001\u8AB2\u91D1\u306E\u69CB\u9020\u3092\u78BA\u8A8D
+    ja: `1. ${requestToolName5} \u3067 GET /v1/customers?limit=5 \u3092\u547C\u3073\u51FA\u3057\u3001\u9867\u5BA2\u306E\u69CB\u9020\u3092\u78BA\u8A8D
+2. ${requestToolName5} \u3067 GET /v1/charges?limit=5 \u3092\u547C\u3073\u51FA\u3057\u3001\u8AB2\u91D1\u306E\u69CB\u9020\u3092\u78BA\u8A8D
 3. \u5FC5\u8981\u306B\u5FDC\u3058\u3066\u4ED6\u306E\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\uFF08\u8ACB\u6C42\u66F8\u3001\u30B5\u30D6\u30B9\u30AF\u30EA\u30D7\u30B7\u30E7\u30F3\u3001\u5546\u54C1\uFF09\u3092\u63A2\u7D22`
   }
 });
@@ -94695,7 +94733,7 @@ Authentication is handled automatically via OAuth proxy.
 });
 
 // ../connectors/src/connectors/airtable-oauth/setup.ts
-var requestToolName5 = `airtable-oauth_${requestTool14.name}`;
+var requestToolName6 = `airtable-oauth_${requestTool14.name}`;
 var airtableOauthOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Airtable OAuth\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
@@ -94705,7 +94743,7 @@ var airtableOauthOnboarding = new ConnectorOnboarding({
 3. \`updateConnectionParameters\` \u3092\u547C\u3073\u51FA\u3059:
    - \`parameterSlug\`: \`"base-id"\`
    - \`value\`: \u62BD\u51FA\u3057\u305F\u30D9\u30FC\u30B9ID
-4. \`${requestToolName5}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30D9\u30FC\u30B9\u306E\u30C6\u30FC\u30D6\u30EB\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B:
+4. \`${requestToolName6}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30D9\u30FC\u30B9\u306E\u30C6\u30FC\u30D6\u30EB\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/meta/bases/{baseId}/tables"\`
 5. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306B\u30D9\u30FC\u30B9\u306E\u5171\u6709\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B
@@ -94720,7 +94758,7 @@ var airtableOauthOnboarding = new ConnectorOnboarding({
 3. Call \`updateConnectionParameters\`:
    - \`parameterSlug\`: \`"base-id"\`
    - \`value\`: The extracted base ID
-4. Call \`${requestToolName5}\` to fetch the base's table list:
+4. Call \`${requestToolName6}\` to fetch the base's table list:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/meta/bases/{baseId}/tables"\`
 5. If an error is returned, ask the user to check the base sharing settings
@@ -97622,12 +97660,12 @@ Authentication is handled automatically via OAuth proxy.`,
 });
 
 // ../connectors/src/connectors/shopify-oauth/setup.ts
-var requestToolName6 = `shopify-oauth_${requestTool22.name}`;
+var requestToolName7 = `shopify-oauth_${requestTool22.name}`;
 var shopifyOauthOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Shopify\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \`${requestToolName6}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30B7\u30E7\u30C3\u30D7\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
+1. \`${requestToolName7}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30B7\u30E7\u30C3\u30D7\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/admin/api/2024-10/shop.json"\`
 2. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306BOAuth\u63A5\u7D9A\u306E\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B
@@ -97637,7 +97675,7 @@ var shopifyOauthOnboarding = new ConnectorOnboarding({
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the Shopify connection.
 
-1. Call \`${requestToolName6}\` to fetch shop info:
+1. Call \`${requestToolName7}\` to fetch shop info:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/admin/api/2024-10/shop.json"\`
 2. If an error is returned, ask the user to check the OAuth connection settings
@@ -99894,12 +99932,12 @@ Pagination uses cursor-based start_cursor and page_size (max 100).`,
 });
 
 // ../connectors/src/connectors/notion-oauth/setup.ts
-var requestToolName7 = `notion-oauth_${requestTool28.name}`;
+var requestToolName8 = `notion-oauth_${requestTool28.name}`;
 var notionOauthOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Notion\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
 
-1. \`${requestToolName7}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30DC\u30C3\u30C8\u30E6\u30FC\u30B6\u30FC\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
+1. \`${requestToolName8}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u3001\u30DC\u30C3\u30C8\u30E6\u30FC\u30B6\u30FC\u60C5\u5831\u3092\u53D6\u5F97\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/users/me"\`
 2. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u30E6\u30FC\u30B6\u30FC\u306BOAuth\u63A5\u7D9A\u306E\u8A2D\u5B9A\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u4F1D\u3048\u308B
@@ -99909,7 +99947,7 @@ var notionOauthOnboarding = new ConnectorOnboarding({
 - \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
     en: `Follow these steps to set up the Notion connection.
 
-1. Call \`${requestToolName7}\` to fetch bot user info:
+1. Call \`${requestToolName8}\` to fetch bot user info:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/users/me"\`
 2. If an error is returned, ask the user to check the OAuth connection settings
@@ -102352,7 +102390,7 @@ export default async function handler(c: Context) {
   tools: tools49
 });
 
-// ../connectors/src/connectors/gmail/tools/request.ts
+// ../connectors/src/connectors/gmail/tools/request-with-delegation.ts
 import { z as z63 } from "zod";
 
 // ../connectors/src/connectors/gmail/parameters.ts
@@ -102360,38 +102398,40 @@ var parameters50 = {
   serviceAccountKeyJsonBase64: new ParameterDefinition({
     slug: "service-account-key-json-base64",
     name: "Google Cloud Service Account JSON",
-    description: "The service account JSON key used to authenticate with Google Cloud Platform. The service account must have domain-wide delegation enabled and be granted the Gmail API scope in Google Workspace admin.",
+    description: "The service account JSON key. Domain-wide Delegation must be authorized in the Google Workspace admin console for the Gmail API scope. The user to impersonate is supplied per call as the `subject` argument.",
     envVarBaseKey: "GMAIL_SERVICE_ACCOUNT_JSON_BASE64",
     type: "base64EncodedJson",
     secret: true,
     required: true
   })
 };
-var delegatedUserEmailParameter = new ParameterDefinition({
-  slug: "delegated-user-email",
-  name: "Delegated User Email",
-  description: "The email address of the Google Workspace user whose Gmail mailbox the service account will access via domain-wide delegation. Collected during the setup flow.",
-  envVarBaseKey: "GMAIL_DELEGATED_USER_EMAIL",
-  type: "text",
-  secret: false,
-  required: false
-});
 
-// ../connectors/src/connectors/gmail/tools/request.ts
+// ../connectors/src/connectors/gmail/tools/request-with-delegation.ts
 var BASE_URL28 = "https://gmail.googleapis.com/gmail/v1/users";
 var REQUEST_TIMEOUT_MS46 = 6e4;
+function decodeServiceAccount3(keyJsonBase64) {
+  const decoded = Buffer.from(keyJsonBase64, "base64").toString("utf-8");
+  return JSON.parse(decoded);
+}
 var inputSchema61 = z63.object({
   toolUseIntent: z63.string().optional().describe(
     "Brief description of what you intend to accomplish with this tool call"
   ),
   connectionId: z63.string().describe("ID of the Gmail service account connection to use"),
-  method: z63.enum(["GET"]).describe("HTTP method (read-only, GET only)"),
+  method: z63.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]).describe("HTTP method"),
   path: z63.string().describe(
-    "API path appended to https://gmail.googleapis.com/gmail/v1/users (e.g., '/me/messages', '/me/messages/{id}', '/me/labels'). Use '/me' as the userId."
+    "API path appended to https://gmail.googleapis.com/gmail/v1/users (e.g., '/me/messages', '/me/messages/{id}', '/me/labels'). Use '/me' as the userId \u2014 the impersonated user."
+  ),
+  subject: z63.string().describe(
+    "Email of the Workspace user to impersonate via Domain-wide Delegation. The token will be issued as this user."
+  ),
+  scopes: z63.array(z63.string()).describe(
+    "OAuth scopes the token must include. This connector currently supports read-only operations only \u2014 pass ['https://www.googleapis.com/auth/gmail.readonly']. Per-endpoint scope reference: https://developers.google.com/gmail/api/auth/scopes"
   ),
   queryParams: z63.record(z63.string(), z63.string()).optional().describe(
     "Query parameters to append to the URL (e.g., { q: 'from:example@gmail.com', maxResults: '10' })"
-  )
+  ),
+  body: z63.record(z63.string(), z63.unknown()).optional().describe("JSON request body for POST/PUT/PATCH")
 });
 var outputSchema61 = z63.discriminatedUnion("success", [
   z63.object({
@@ -102401,17 +102441,16 @@ var outputSchema61 = z63.discriminatedUnion("success", [
   }),
   z63.object({
     success: z63.literal(false),
-    error: z63.string()
+    error: z63.string(),
+    serviceAccountEmail: z63.string().optional()
   })
 ]);
-var requestTool35 = new ConnectorTool({
-  name: "request",
-  description: `Send authenticated GET requests to the Gmail API v1.
-Authentication is handled automatically using a service account with domain-wide delegation.
-All paths are relative to https://gmail.googleapis.com/gmail/v1/users. Use '/me' as the userId prefix (e.g., '/me/messages').`,
+var requestWithDelegationTool2 = new ConnectorTool({
+  name: "request_with_delegation",
+  description: "Call the Gmail API on behalf of the specified Workspace user via Domain-wide Delegation. Read-only operations only. Pass `subject` as the target user email and `scopes` as ['https://www.googleapis.com/auth/gmail.readonly']. Paths are relative to https://gmail.googleapis.com/gmail/v1/users \u2014 use '/me' as the userId prefix (e.g., '/me/messages'). Requires DwD to be authorized for the service account in the Workspace admin console.",
   inputSchema: inputSchema61,
   outputSchema: outputSchema61,
-  async execute({ connectionId, method, path: path6, queryParams }, connections) {
+  async execute({ connectionId, method, path: path6, subject, scopes, queryParams, body }, connections) {
     const connection2 = connections.find((c6) => c6.id === connectionId);
     if (!connection2) {
       return {
@@ -102419,28 +102458,37 @@ All paths are relative to https://gmail.googleapis.com/gmail/v1/users. Use '/me'
         error: `Connection ${connectionId} not found`
       };
     }
+    const keyJsonBase64 = parameters50.serviceAccountKeyJsonBase64.getValue(connection2);
+    let serviceAccount;
+    try {
+      serviceAccount = decodeServiceAccount3(keyJsonBase64);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return {
+        success: false,
+        error: `Failed to decode service account key: ${msg}`
+      };
+    }
+    const serviceAccountEmail = serviceAccount.client_email;
     console.log(
-      `[connector-request] gmail/${connection2.name}: ${method} ${path6}`
+      `[connector-request] gmail/${connection2.name}: ${method} ${path6} subject=${subject}`
     );
     try {
       const { GoogleAuth } = await import("google-auth-library");
-      const keyJsonBase64 = parameters50.serviceAccountKeyJsonBase64.getValue(connection2);
-      const delegatedUserEmail = delegatedUserEmailParameter.getValue(connection2);
-      const credentials = JSON.parse(
-        Buffer.from(keyJsonBase64, "base64").toString("utf-8")
-      );
       const auth = new GoogleAuth({
-        credentials,
-        scopes: ["https://www.googleapis.com/auth/gmail.readonly"],
-        clientOptions: {
-          subject: delegatedUserEmail
-        }
+        credentials: {
+          client_email: serviceAccount.client_email,
+          private_key: serviceAccount.private_key
+        },
+        scopes,
+        clientOptions: { subject }
       });
       const token = await auth.getAccessToken();
       if (!token) {
         return {
           success: false,
-          error: "Failed to obtain access token"
+          error: "Failed to obtain access token",
+          serviceAccountEmail
         };
       }
       let url = `${BASE_URL28}${path6.startsWith("/") ? "" : "/"}${path6}`;
@@ -102451,18 +102499,25 @@ All paths are relative to https://gmail.googleapis.com/gmail/v1/users. Use '/me'
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS46);
       try {
+        const hasBody = body != null && ["POST", "PUT", "PATCH"].includes(method);
         const response = await fetch(url, {
           method,
           headers: {
             Authorization: `Bearer ${token}`,
             "Content-Type": "application/json"
           },
+          body: hasBody ? JSON.stringify(body) : void 0,
           signal: controller.signal
         });
-        const data = await response.json();
+        const data = await response.json().catch(() => ({}));
         if (!response.ok) {
-          const errorMessage = typeof data?.error === "string" ? data.error : typeof data?.message === "string" ? data.message : `HTTP ${response.status} ${response.statusText}`;
-          return { success: false, error: errorMessage };
+          const errorObj = data?.error;
+          const errorMessage = errorObj?.message ?? (typeof data?.message === "string" ? data.message : `HTTP ${response.status} ${response.statusText}`);
+          return {
+            success: false,
+            error: errorMessage,
+            serviceAccountEmail
+          };
         }
         return { success: true, status: response.status, data };
       } finally {
@@ -102470,79 +102525,92 @@ All paths are relative to https://gmail.googleapis.com/gmail/v1/users. Use '/me'
       }
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
-      return { success: false, error: msg };
+      return {
+        success: false,
+        error: msg,
+        serviceAccountEmail
+      };
     }
   }
 });
 
 // ../connectors/src/connectors/gmail/setup.ts
-var requestToolName8 = `gmail-service-account_${requestTool35.name}`;
+var requestWithDelegationToolName2 = `gmail-service-account_${requestWithDelegationTool2.name}`;
+var READONLY_SCOPES2 = '["https://www.googleapis.com/auth/gmail.readonly"]';
 var gmailOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
-    ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Gmail\uFF08\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\uFF09\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002\u63A5\u7D9A\u4F5C\u6210\u6642\u306B\u306F\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8JSON\u306E\u307F\u304C\u8A2D\u5B9A\u6E08\u307F\u3067\u3001\u59D4\u4EFB\u5BFE\u8C61\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u306F\u3053\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u53D6\u5F97\u3057\u307E\u3059\u3002
+    ja: `Gmail\uFF08\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\uFF09\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3044\u307E\u3059\u3002\u30A2\u30AF\u30BB\u30B9\u5BFE\u8C61\u306E Workspace \u30E6\u30FC\u30B6\u30FC\u3092\u30E6\u30FC\u30B6\u30FC\u304B\u3089\u805E\u304D\u3001Project Knowledge \u306B\u8A18\u9332\u3057\u307E\u3059\u3002
 
-1. \`askUserQuestion\` \u3067\u3001\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u304CDomain-wide Delegation\u3067\u4EE3\u7406\u30A2\u30AF\u30BB\u30B9\u3059\u308BGoogle Workspace\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u30D2\u30A2\u30EA\u30F3\u30B0\u3059\u308B:
+1. \`askUserQuestion\` \u3067\u5BFE\u8C61\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u805E\u304F:
    - \`type\`: \`"freeText"\`
-   - \`question\`: \u300CGmail\u3092\u53C2\u7167\u3059\u308BGoogle Workspace\u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\u300D
-   - \`placeholder\`: \`"user@example.com"\`
-2. \u53D7\u3051\u53D6\u3063\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092 \`updateConnectionParameters\` \u3067\u4FDD\u5B58\u3059\u308B:
-   - \`parameterSlug\`: \`"delegated-user-email"\`
-   - \`options\`: \`[{ value: <\u5165\u529B\u3055\u308C\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9>, label: <\u540C\u3058\u5024> }]\`\uFF081\u4EF6\u306E\u307F\u306E\u30AA\u30D7\u30B7\u30E7\u30F3\u306F\u81EA\u52D5\u9078\u629E\u3055\u308C\u308B\uFF09
-3. \`${requestToolName8}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u30E6\u30FC\u30B6\u30FC\u306E\u30D7\u30ED\u30D5\u30A3\u30FC\u30EB\u3092\u53D6\u5F97\u3059\u308B:
+   - \`question\`: \u300CGmail \u3092\u53C2\u7167\u3059\u308B Google Workspace \u30E6\u30FC\u30B6\u30FC\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u3066\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u53EF\u3001\u30AB\u30F3\u30DE\u533A\u5207\u308A\uFF09\u300D
+   - \`placeholder\`: \`"alice@example.com, bob@example.com"\`
+
+2. \u30E6\u30FC\u30B6\u30FC\u304B\u3089\u53D7\u3051\u53D6\u3063\u305F\u6587\u5B57\u5217\u304B\u3089\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u62BD\u51FA\u3059\u308B\u3002\u5404 \`<email>\` \u306B\u3064\u3044\u3066 \`${requestWithDelegationToolName2}\` \u3092\u4EE5\u4E0B\u306E\u5F15\u6570\u3067\u547C\u3073\u3001Domain-wide Delegation \u7D4C\u7531\u3067\u30A2\u30AF\u30BB\u30B9\u53EF\u80FD\u304B\u3092\u78BA\u8A8D\u3059\u308B:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/me/profile"\`
-4. \u30A8\u30E9\u30FC\u304C\u8FD4\u3055\u308C\u305F\u5834\u5408\u3001\u4EE5\u4E0B\u3092\u78BA\u8A8D\u3059\u308B\u3088\u3046\u30E6\u30FC\u30B6\u30FC\u306B\u4F1D\u3048\u308B:
-   - \u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30C9\u30E1\u30A4\u30F3\u5168\u4F53\u306E\u59D4\u4EFB\u304C\u6709\u52B9\u304B
-   - Google Workspace\u7BA1\u7406\u30B3\u30F3\u30BD\u30FC\u30EB\u3067Gmail API\u30B9\u30B3\u30FC\u30D7\u304C\u8A31\u53EF\u3055\u308C\u3066\u3044\u308B\u304B
-   - \u5165\u529B\u3055\u308C\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u304C\u6B63\u3057\u3044\u304B
-5. \`${requestToolName8}\` \u3092\u547C\u3073\u51FA\u3057\u3066\u30E9\u30D9\u30EB\u4E00\u89A7\u3092\u53D6\u5F97\u3059\u308B:
-   - \`method\`: \`"GET"\`
-   - \`path\`: \`"/me/labels"\`
+   - \`subject\`: \`<email>\`
+   - \`scopes\`: \`${READONLY_SCOPES2}\`
+
+3. \u5931\u6557\u3057\u305F\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u304C\u3042\u308C\u3070\u3001\u30A8\u30E9\u30FC\u30EC\u30B9\u30DD\u30F3\u30B9\u306E \`serviceAccountEmail\` \u30D5\u30A3\u30FC\u30EB\u30C9\u304B\u3089\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u53D6\u308A\u51FA\u3057\u3001\`askUserQuestion\` \u3067\u6B21\u306E\u9078\u629E\u80A2\u3092\u63D0\u793A\u3059\u308B\u3002\`question\` \u306B\u306F\u6B21\u306E\u6848\u5185\u6587\u3092\u542B\u3081\u308B: \u300C\u6B21\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u306B\u30A2\u30AF\u30BB\u30B9\u3067\u304D\u307E\u305B\u3093\u3067\u3057\u305F: {\u5931\u6557\u30A2\u30C9\u30EC\u30B9\u4E00\u89A7}\u3002\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8 \`<serviceAccountEmail>\` \u306E Domain-wide Delegation \u304C Workspace \u7BA1\u7406\u30B3\u30F3\u30BD\u30FC\u30EB\u3067\u627F\u8A8D\u3055\u308C\u3066\u3044\u308B\u304B\u78BA\u8A8D\u3057\u3066\u304F\u3060\u3055\u3044\uFF08[\u8A2D\u5B9A\u30AC\u30A4\u30C9](https://support.google.com/a/answer/162106)\uFF09\u300D\u3002
+   - \`options\`: \`[{ label: "DwD \u3092\u627F\u8A8D\u3057\u305F\u306E\u3067\u30EA\u30C8\u30E9\u30A4", value: "retry" }, { label: "\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092\u5165\u529B\u3057\u76F4\u3059", value: "restart" }]\`
+   - \u300C\u30EA\u30C8\u30E9\u30A4\u300D: \u76F4\u524D\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u30EA\u30B9\u30C8\u3067\u30B9\u30C6\u30C3\u30D7 2 \u3092\u518D\u5B9F\u884C
+   - \u300C\u5165\u529B\u3057\u76F4\u3059\u300D: \u30B9\u30C6\u30C3\u30D7 1 \u304B\u3089\u518D\u5B9F\u884C
+
+4. \u5168\u30A2\u30C9\u30EC\u30B9\u304C\u6210\u529F\u3057\u305F\u3089 \`finalizeSetup\` \u3092\u547C\u3076\u3002\`projectKnowledge\` \u306E \`#### \u30B9\u30B3\u30FC\u30D7\` \u7BC0\u306B\u5404\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092 1 \u884C\u305A\u3064\u5217\u6319\u3059\u308B:
+   - \`- subject: alice@example.com\`
+   - \`- subject: bob@example.com\`
 
 #### \u5236\u7D04
-- **\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u30E1\u30C3\u30BB\u30FC\u30B8\u672C\u6587\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3053\u3068**\u3002\u5B9F\u884C\u3057\u3066\u3088\u3044\u306E\u306F\u4E0A\u8A18\u624B\u9806\u3067\u6307\u5B9A\u3055\u308C\u305F\u30D7\u30ED\u30D5\u30A3\u30FC\u30EB\u53D6\u5F97\u3068\u30E9\u30D9\u30EB\u4E00\u89A7\u53D6\u5F97\u306E\u307F
-- \u30C4\u30FC\u30EB\u9593\u306F1\u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u3002\u4E0D\u8981\u306A\u8AAC\u660E\u306F\u7701\u7565\u3057\u3001\u52B9\u7387\u7684\u306B\u9032\u3081\u308B`,
-    en: `Follow these steps to set up the Gmail (Service Account) connection. Only the service account JSON is provided at connection creation time \u2014 the delegated user email is collected during this setup flow.
+- \u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u4E2D\u306B\u30E1\u30C3\u30BB\u30FC\u30B8\u672C\u6587\u3092\u8AAD\u307F\u53D6\u3089\u306A\u3044\u3053\u3068\u3002\u8A31\u53EF\u3055\u308C\u3066\u3044\u308B\u306E\u306F\u30B9\u30C6\u30C3\u30D7 2 \u306E \`/me/profile\` \u78BA\u8A8D\u306E\u307F
+- \u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057\u306E\u9593\u306F 1 \u6587\u3060\u3051\u66F8\u3044\u3066\u5373\u6B21\u306E\u30C4\u30FC\u30EB\u547C\u3073\u51FA\u3057`,
+    en: `Set up the Gmail (Service Account) connection. Ask the user which Workspace users to access, verify each via Domain-wide Delegation, and record them in Project Knowledge.
 
-1. Call \`askUserQuestion\` to ask the user for the Google Workspace user email the service account will impersonate via Domain-wide Delegation:
+1. Call \`askUserQuestion\` to collect target emails:
    - \`type\`: \`"freeText"\`
-   - \`question\`: "Please enter the email address of the Google Workspace user whose Gmail mailbox you want to access"
-   - \`placeholder\`: \`"user@example.com"\`
-2. Save the email via \`updateConnectionParameters\`:
-   - \`parameterSlug\`: \`"delegated-user-email"\`
-   - \`options\`: \`[{ value: <entered email>, label: <same value> }]\` (a single option is auto-selected)
-3. Call \`${requestToolName8}\` to get the user's profile:
+   - \`question\`: "Enter the Google Workspace user email(s) whose Gmail mailbox you want to access (comma-separated for multiple)"
+   - \`placeholder\`: \`"alice@example.com, bob@example.com"\`
+
+2. Extract individual emails from the response. For each \`<email>\`, verify Domain-wide Delegation access by calling \`${requestWithDelegationToolName2}\`:
    - \`method\`: \`"GET"\`
    - \`path\`: \`"/me/profile"\`
-4. If an error is returned, ask the user to verify:
-   - Domain-wide delegation is enabled for the service account
-   - Gmail API scope is authorized in Google Workspace admin console
-   - The entered email address is correct
-5. Call \`${requestToolName8}\` to get the label list:
-   - \`method\`: \`"GET"\`
-   - \`path\`: \`"/me/labels"\`
+   - \`subject\`: \`<email>\`
+   - \`scopes\`: \`${READONLY_SCOPES2}\`
+
+3. For any failed email, take \`serviceAccountEmail\` from the error response and call \`askUserQuestion\`. Include this guidance in \`question\`: "Could not access Gmail for {failed emails}. Verify Domain-wide Delegation for service account \`<serviceAccountEmail>\` in the Workspace admin console ([setup guide](https://support.google.com/a/answer/162106))".
+   - \`options\`: \`[{ label: "Authorized DwD \u2014 retry", value: "retry" }, { label: "Re-enter the email addresses", value: "restart" }]\`
+   - On "retry" \u2192 re-run step 2 with the previously entered email list
+   - On "Re-enter" \u2192 re-run step 1
+
+4. Once every email succeeds, call \`finalizeSetup\`. Under \`#### \u30B9\u30B3\u30FC\u30D7\` in \`projectKnowledge\`, list each email on its own line:
+   - \`- subject: alice@example.com\`
+   - \`- subject: bob@example.com\`
 
 #### Constraints
-- **Do NOT read message bodies during setup**. Only the profile and label list requests specified above are allowed
-- Write only 1 sentence between tool calls, then immediately call the next tool. Skip unnecessary explanations and proceed efficiently`
+- Do NOT read message bodies during setup. Only the \`/me/profile\` verification is permitted
+- Write at most 1 sentence between tool calls`
   },
   dataOverviewInstructions: {
-    en: `1. Call gmail-service-account_request with GET /me/labels to list all labels
-2. Call gmail-service-account_request with GET /me/messages?maxResults=5 to get recent message IDs
-3. Call gmail-service-account_request with GET /me/messages/{id}?format=metadata for each message to see subjects and senders`,
-    ja: `1. gmail-service-account_request \u3067 GET /me/labels \u3092\u547C\u3073\u51FA\u3057\u3001\u5168\u30E9\u30D9\u30EB\u4E00\u89A7\u3092\u53D6\u5F97
-2. gmail-service-account_request \u3067 GET /me/messages?maxResults=5 \u3092\u547C\u3073\u51FA\u3057\u3001\u6700\u65B0\u30E1\u30C3\u30BB\u30FC\u30B8ID\u3092\u53D6\u5F97
-3. \u5404\u30E1\u30C3\u30BB\u30FC\u30B8\u306B\u3064\u3044\u3066 gmail-service-account_request \u3067 GET /me/messages/{id}?format=metadata \u3092\u547C\u3073\u51FA\u3057\u3001\u4EF6\u540D\u3068\u9001\u4FE1\u8005\u3092\u78BA\u8A8D`
+    en: `Pick ONE email from \`#### \u30B9\u30B3\u30FC\u30D7\` (a \`- subject: <email>\` line) and use it as \`subject\` for every call below. Pass \`scopes: ${READONLY_SCOPES2}\` every time.
+
+1. \`method=GET\`, \`path=/me/labels\` to list labels.
+2. \`method=GET\`, \`path=/me/messages?maxResults=5\` to fetch recent message IDs.
+3. For each message id, \`method=GET\`, \`path=/me/messages/{id}?format=metadata\`.`,
+    ja: `\`#### \u30B9\u30B3\u30FC\u30D7\` \u306E \`- subject: <email>\` \u884C\u304B\u3089 1 \u3064\u9078\u3073\u3001\u4EE5\u4E0B\u306E\u30B9\u30C6\u30C3\u30D7\u3067 \`subject\` \u5F15\u6570\u3068\u3057\u3066\u4F7F\u3063\u3066\u304F\u3060\u3055\u3044\u3002\`scopes\` \u306F\u6BCE\u56DE \`${READONLY_SCOPES2}\` \u3092\u6E21\u3057\u307E\u3059\u3002
+
+1. \`method=GET\`\u3001\`path=/me/labels\` \u3067\u30E9\u30D9\u30EB\u4E00\u89A7\u3092\u53D6\u5F97
+2. \`method=GET\`\u3001\`path=/me/messages?maxResults=5\` \u3067\u6700\u8FD1\u306E\u30E1\u30C3\u30BB\u30FC\u30B8 ID \u3092\u53D6\u5F97
+3. \u5404\u30E1\u30C3\u30BB\u30FC\u30B8 ID \u306B\u3064\u3044\u3066 \`method=GET\`\u3001\`path=/me/messages/{id}?format=metadata\``
   }
 });
 
 // ../connectors/src/connectors/gmail/index.ts
-var tools50 = { request: requestTool35 };
+var tools50 = { request_with_delegation: requestWithDelegationTool2 };
 var gmailConnector = new ConnectorPlugin({
   slug: "gmail",
   authType: AUTH_TYPES.SERVICE_ACCOUNT,
   name: "Gmail",
-  description: "Connect to Gmail for email data access using a service account with domain-wide delegation. Read-only access to messages, threads, and labels.",
+  description: "Connect to Gmail for email data access using a service account with domain-wide delegation. Currently read-only (messages, threads, labels).",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/4V3rfaSc1ksFIt2eHBNIwJ/7f3be41a154a6d96dcf229ed0e5858c9/Gmail_icon__2020_.svg.png",
   parameters: parameters50,
   releaseFlag: { dev1: true, dev2: true, prod: true },
@@ -102550,12 +102618,22 @@ var gmailConnector = new ConnectorPlugin({
   systemPrompt: {
     en: `### Tools
 
-- \`gmail-service-account_request\`: The only way to call the Gmail API (read-only). Use it to list messages, get message details, list labels, list threads, and get user profile. Authentication is handled automatically using a service account with domain-wide delegation.
+- \`gmail-service-account_request_with_delegation\`: Call the Gmail API on behalf of the specified Workspace user via Domain-wide Delegation. Pass \`subject\` as the target user email; the token will be issued as that user. The set of users this connection works with is recorded in the project knowledge under "#### \u30B9\u30B3\u30FC\u30D7" as \`- subject: <email>\` lines \u2014 read those and pick a subject before calling. Always pass \`scopes\`.
+
+### OAuth Scopes (pass as \`scopes\` argument)
+
+This connector is currently read-only. Pass:
+
+- \`https://www.googleapis.com/auth/gmail.readonly\` \u2014 read-only access (profile, labels, messages, threads)
+
+The Workspace admin must have authorized this scope for the service account in the Domain-wide Delegation settings, otherwise token issuance will fail with \`unauthorized_client\`.
+
+Per-endpoint scope reference: https://developers.google.com/gmail/api/auth/scopes
 
 ### Gmail API Reference
 
 #### Available Endpoints
-- GET \`/me/profile\` \u2014 Get the delegated user's profile (email address, total messages/threads)
+- GET \`/me/profile\` \u2014 Get the impersonated user's profile (email address, total messages/threads)
 - GET \`/me/labels\` \u2014 List all labels in the mailbox
 - GET \`/me/labels/{id}\` \u2014 Get details for a specific label
 - GET \`/me/messages\` \u2014 List messages (returns IDs only; use format param on individual messages)
@@ -102580,7 +102658,7 @@ var gmailConnector = new ConnectorPlugin({
   - \`raw\` \u2014 Full RFC 2822 formatted message in base64url
 
 #### Tips
-- Always use \`/me\` as the userId \u2014 it refers to the delegated user
+- Always use \`/me\` as the userId in the path \u2014 it refers to the user you passed as \`subject\`
 - List endpoints return only IDs; fetch individual resources for details
 - Use \`format=metadata\` to efficiently get subject/sender without full body
 - Message body content is base64url encoded in \`payload.body.data\` or nested \`payload.parts[].body.data\`
@@ -102591,6 +102669,12 @@ var gmailConnector = new ConnectorPlugin({
 
 The business logic type for this connector is "typescript". Write handler code using the connector SDK shown below. Do NOT access credentials directly from environment variables.
 
+SDK methods (client created via \`connection(connectionId)\`):
+
+- \`client.requestWithDelegation(path, { subject, scopes, init? })\` \u2014 call the Gmail API as the impersonated Workspace user via Domain-wide Delegation. Pass the minimum scopes required by the endpoint.
+
+The method returns a standard \`Response\`. Read the body with \`.json()\`. Same path conventions as the tool.
+
 #### Example
 
 \`\`\`ts
@@ -102598,37 +102682,51 @@ import { connection } from "@squadbase/vite-server/connectors/gmail";
 
 const gmail = connection("<connectionId>");
 
-// Get user profile
-const profile = await gmail.getProfile();
+// Pick the impersonated user from project knowledge ("#### \u30B9\u30B3\u30FC\u30D7").
+const subject = "alice@example.com";
+const READ = ["https://www.googleapis.com/auth/gmail.readonly"];
+
+const profileRes = await gmail.requestWithDelegation("/me/profile", {
+  subject,
+  scopes: READ,
+});
+const profile = await profileRes.json();
 console.log(profile.emailAddress, profile.messagesTotal);
 
-// List recent messages
-const messages = await gmail.listMessages({ maxResults: 10 });
-for (const msg of messages.messages) {
-  const detail = await gmail.getMessage(msg.id, "metadata");
-  const subject = detail.payload.headers.find(h => h.name === "Subject")?.value;
-  console.log(subject, detail.snippet);
+const messagesRes = await gmail.requestWithDelegation(
+  "/me/messages?maxResults=10",
+  { subject, scopes: READ },
+);
+const messages = await messagesRes.json();
+
+for (const msg of messages.messages ?? []) {
+  const detailRes = await gmail.requestWithDelegation(
+    \`/me/messages/\${msg.id}?format=metadata\`,
+    { subject, scopes: READ },
+  );
+  const detail = await detailRes.json();
+  const subjectHeader = detail.payload.headers.find(h => h.name === "Subject")?.value;
+  console.log(subjectHeader, detail.snippet);
 }
+\`\`\``,
+    ja: `### \u30C4\u30FC\u30EB
 
-// Search messages
-const results = await gmail.listMessages({ q: "from:boss@company.com is:unread" });
+- \`gmail-service-account_request_with_delegation\`: \u6307\u5B9A\u3055\u308C\u305F Workspace \u30E6\u30FC\u30B6\u30FC\u306B\u4EE3\u308F\u3063\u3066 Domain-wide Delegation \u7D4C\u7531\u3067 Gmail API \u3092\u547C\u3073\u51FA\u3057\u307E\u3059\u3002\u4EE3\u7406\u5BFE\u8C61\u306E\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3092 \`subject\` \u3068\u3057\u3066\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u30C8\u30FC\u30AF\u30F3\u306F\u305D\u306E\u30E6\u30FC\u30B6\u30FC\u3068\u3057\u3066\u767A\u884C\u3055\u308C\u307E\u3059\u3002\u3053\u306E\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u304C\u5BFE\u8C61\u3068\u3059\u308B\u30E6\u30FC\u30B6\u30FC\u306F Project Knowledge \u306E "#### \u30B9\u30B3\u30FC\u30D7" \u306B \`- subject: <email>\` \u5F62\u5F0F\u3067\u8A18\u9332\u3055\u308C\u3066\u3044\u308B\u305F\u3081\u3001\u547C\u3073\u51FA\u3057\u524D\u306B\u305D\u3053\u3092\u8AAD\u3093\u3067 subject \u3092\u6C7A\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044\u3002\`scopes\` \u3082\u6BCE\u56DE\u6E21\u3057\u3066\u304F\u3060\u3055\u3044\u3002
 
-// List labels
-const labels = await gmail.listLabels();
-labels.labels.forEach(l => console.log(l.name, l.messagesTotal));
+### OAuth \u30B9\u30B3\u30FC\u30D7 (\`scopes\` \u5F15\u6570\u3067\u6E21\u3059)
 
-// Get a thread
-const thread = await gmail.getThread("<threadId>");
-thread.messages.forEach(m => console.log(m.snippet));
-\`\`\``,
-    ja: `### \u30C4\u30FC\u30EB
+\u3053\u306E\u30B3\u30CD\u30AF\u30BF\u30FC\u306F\u73FE\u72B6\u8AAD\u307F\u53D6\u308A\u5C02\u7528\u3067\u3059\u3002\u6B21\u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044:
+
+- \`https://www.googleapis.com/auth/gmail.readonly\` \u2014 \u8AAD\u307F\u53D6\u308A\uFF08\u30D7\u30ED\u30D5\u30A3\u30FC\u30EB\u3001\u30E9\u30D9\u30EB\u3001\u30E1\u30C3\u30BB\u30FC\u30B8\u3001\u30B9\u30EC\u30C3\u30C9\uFF09
 
-- \`gmail-service-account_request\`: Gmail API\u3092\u547C\u3073\u51FA\u3059\u552F\u4E00\u306E\u624B\u6BB5\u3067\u3059\uFF08\u8AAD\u307F\u53D6\u308A\u5C02\u7528\uFF09\u3002\u30E1\u30C3\u30BB\u30FC\u30B8\u4E00\u89A7\u306E\u53D6\u5F97\u3001\u30E1\u30C3\u30BB\u30FC\u30B8\u8A73\u7D30\u306E\u53D6\u5F97\u3001\u30E9\u30D9\u30EB\u4E00\u89A7\u3001\u30B9\u30EC\u30C3\u30C9\u4E00\u89A7\u3001\u30E6\u30FC\u30B6\u30FC\u30D7\u30ED\u30D5\u30A3\u30FC\u30EB\u306E\u53D6\u5F97\u306B\u4F7F\u7528\u3057\u307E\u3059\u3002\u30B5\u30FC\u30D3\u30B9\u30A2\u30AB\u30A6\u30F3\u30C8\u306E\u30C9\u30E1\u30A4\u30F3\u5168\u4F53\u306E\u59D4\u4EFB\u3092\u4F7F\u7528\u3057\u3066\u8A8D\u8A3C\u306F\u81EA\u52D5\u7684\u306B\u51E6\u7406\u3055\u308C\u307E\u3059\u3002
+\u8981\u6C42\u3059\u308B scope \u306F Workspace \u7BA1\u7406\u8005\u304C Domain-wide Delegation \u8A2D\u5B9A\u3067\u5F53\u8A72 Service Account \u306B\u5BFE\u3057\u3066\u627F\u8A8D\u3057\u3066\u3044\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\u627F\u8A8D\u3055\u308C\u3066\u3044\u306A\u3044\u5834\u5408\u30C8\u30FC\u30AF\u30F3\u767A\u884C\u304C \`unauthorized_client\` \u3067\u5931\u6557\u3057\u307E\u3059\u3002
+
+\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u5225\u306E\u6B63\u78BA\u306A scope \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9: https://developers.google.com/gmail/api/auth/scopes
 
 ### Gmail API \u30EA\u30D5\u30A1\u30EC\u30F3\u30B9
 
 #### \u5229\u7528\u53EF\u80FD\u306A\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8
-- GET \`/me/profile\` \u2014 \u59D4\u4EFB\u30E6\u30FC\u30B6\u30FC\u306E\u30D7\u30ED\u30D5\u30A3\u30FC\u30EB\u3092\u53D6\u5F97\uFF08\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3001\u30E1\u30C3\u30BB\u30FC\u30B8/\u30B9\u30EC\u30C3\u30C9\u7DCF\u6570\uFF09
+- GET \`/me/profile\` \u2014 \u4EE3\u7406\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306E\u30D7\u30ED\u30D5\u30A3\u30FC\u30EB\u3092\u53D6\u5F97\uFF08\u30E1\u30FC\u30EB\u30A2\u30C9\u30EC\u30B9\u3001\u30E1\u30C3\u30BB\u30FC\u30B8/\u30B9\u30EC\u30C3\u30C9\u7DCF\u6570\uFF09
 - GET \`/me/labels\` \u2014 \u30E1\u30FC\u30EB\u30DC\u30C3\u30AF\u30B9\u306E\u5168\u30E9\u30D9\u30EB\u3092\u4E00\u89A7
 - GET \`/me/labels/{id}\` \u2014 \u7279\u5B9A\u30E9\u30D9\u30EB\u306E\u8A73\u7D30\u3092\u53D6\u5F97
 - GET \`/me/messages\` \u2014 \u30E1\u30C3\u30BB\u30FC\u30B8\u4E00\u89A7\uFF08ID\u306E\u307F\u8FD4\u5374\u3002\u500B\u5225\u30E1\u30C3\u30BB\u30FC\u30B8\u3067format\u30D1\u30E9\u30E1\u30FC\u30BF\u3092\u4F7F\u7528\uFF09
@@ -102653,7 +102751,7 @@ thread.messages.forEach(m => console.log(m.snippet));
   - \`raw\` \u2014 base64url\u30A8\u30F3\u30B3\u30FC\u30C9\u3055\u308C\u305F\u5B8C\u5168\u306ARFC 2822\u30D5\u30A9\u30FC\u30DE\u30C3\u30C8\u30E1\u30C3\u30BB\u30FC\u30B8
 
 #### \u30D2\u30F3\u30C8
-- userId\u306B\u306F\u5E38\u306B \`/me\` \u3092\u4F7F\u7528 \u2014 \u59D4\u4EFB\u30E6\u30FC\u30B6\u30FC\u3092\u6307\u3057\u307E\u3059
+- \u30D1\u30B9\u306E userId \u306B\u306F\u5E38\u306B \`/me\` \u3092\u4F7F\u7528 \u2014 \`subject\` \u306B\u6E21\u3057\u305F\u30E6\u30FC\u30B6\u30FC\u3092\u6307\u3057\u307E\u3059
 - \u4E00\u89A7\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u306FID\u306E\u307F\u8FD4\u5374\u3057\u307E\u3059\u3002\u8A73\u7D30\u306F\u500B\u5225\u30EA\u30BD\u30FC\u30B9\u3092\u53D6\u5F97\u3057\u3066\u304F\u3060\u3055\u3044
 - \u4EF6\u540D/\u9001\u4FE1\u8005\u3092\u52B9\u7387\u7684\u306B\u53D6\u5F97\u3059\u308B\u306B\u306F \`format=metadata\` \u3092\u4F7F\u7528\u3057\u307E\u3059
 - \u30E1\u30C3\u30BB\u30FC\u30B8\u672C\u6587\u306F \`payload.body.data\` \u307E\u305F\u306F\u30CD\u30B9\u30C8\u3055\u308C\u305F \`payload.parts[].body.data\` \u306Bbase64url\u30A8\u30F3\u30B3\u30FC\u30C9\u3067\u683C\u7D0D\u3055\u308C\u3066\u3044\u307E\u3059
@@ -102664,6 +102762,12 @@ thread.messages.forEach(m => console.log(m.snippet));
 
 \u3053\u306E\u30B3\u30CD\u30AF\u30BF\u306E\u30D3\u30B8\u30CD\u30B9\u30ED\u30B8\u30C3\u30AF\u30BF\u30A4\u30D7\u306F "typescript" \u3067\u3059\u3002\u4EE5\u4E0B\u306B\u793A\u3059\u30B3\u30CD\u30AF\u30BFSDK\u3092\u4F7F\u7528\u3057\u3066\u30CF\u30F3\u30C9\u30E9\u30B3\u30FC\u30C9\u3092\u8A18\u8FF0\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u74B0\u5883\u5909\u6570\u304B\u3089\u76F4\u63A5\u8A8D\u8A3C\u60C5\u5831\u306B\u30A2\u30AF\u30BB\u30B9\u3057\u306A\u3044\u3067\u304F\u3060\u3055\u3044\u3002
 
+SDK\u30E1\u30BD\u30C3\u30C9 (\`connection(connectionId)\` \u3067\u4F5C\u6210\u3057\u305F\u30AF\u30E9\u30A4\u30A2\u30F3\u30C8):
+
+- \`client.requestWithDelegation(path, { subject, scopes, init? })\` \u2014 DwD \u3067 Workspace \u30E6\u30FC\u30B6\u30FC\u306B\u306A\u308A\u3059\u307E\u3057\u3066 Gmail API \u3092\u547C\u3076\u3002\u30A8\u30F3\u30C9\u30DD\u30A4\u30F3\u30C8\u306B\u5FC5\u8981\u306A\u6700\u5C0F scope \u3092\u6E21\u3059\u3002
+
+\u30E1\u30BD\u30C3\u30C9\u306F\u6A19\u6E96\u306E \`Response\` \u3092\u8FD4\u3057\u307E\u3059\u3002\`response.json()\` \u3067\u30DC\u30C7\u30A3\u3092\u53D6\u5F97\u3057\u3066\u304F\u3060\u3055\u3044\u3002\u30D1\u30B9\u306E\u66F8\u304D\u65B9\u306F\u30C4\u30FC\u30EB\u3068\u540C\u3058\u3002
+
 #### Example
 
 \`\`\`ts
@@ -102671,86 +102775,35 @@ import { connection } from "@squadbase/vite-server/connectors/gmail";
 
 const gmail = connection("<connectionId>");
 
-// Get user profile
-const profile = await gmail.getProfile();
-console.log(profile.emailAddress, profile.messagesTotal);
+// \u4EE3\u7406\u5BFE\u8C61\u30E6\u30FC\u30B6\u30FC\u306F Project Knowledge ("#### \u30B9\u30B3\u30FC\u30D7") \u304B\u3089\u9078\u3076
+const subject = "alice@example.com";
+const READ = ["https://www.googleapis.com/auth/gmail.readonly"];
 
-// List recent messages
-const messages = await gmail.listMessages({ maxResults: 10 });
-for (const msg of messages.messages) {
-  const detail = await gmail.getMessage(msg.id, "metadata");
-  const subject = detail.payload.headers.find(h => h.name === "Subject")?.value;
-  console.log(subject, detail.snippet);
-}
-
-// Search messages
-const results = await gmail.listMessages({ q: "from:boss@company.com is:unread" });
+const profileRes = await gmail.requestWithDelegation("/me/profile", {
+  subject,
+  scopes: READ,
+});
+const profile = await profileRes.json();
+console.log(profile.emailAddress, profile.messagesTotal);
 
-// List labels
-const labels = await gmail.listLabels();
-labels.labels.forEach(l => console.log(l.name, l.messagesTotal));
+const messagesRes = await gmail.requestWithDelegation(
+  "/me/messages?maxResults=10",
+  { subject, scopes: READ },
+);
+const messages = await messagesRes.json();
 
-// Get a thread
-const thread = await gmail.getThread("<threadId>");
-thread.messages.forEach(m => console.log(m.snippet));
+for (const msg of messages.messages ?? []) {
+  const detailRes = await gmail.requestWithDelegation(
+    \`/me/messages/\${msg.id}?format=metadata\`,
+    { subject, scopes: READ },
+  );
+  const detail = await detailRes.json();
+  const subjectHeader = detail.payload.headers.find(h => h.name === "Subject")?.value;
+  console.log(subjectHeader, detail.snippet);
+}
 \`\`\``
   },
-  tools: tools50,
-  async checkConnection(params, _config) {
-    const { GoogleAuth } = await import("google-auth-library");
-    const credentials = JSON.parse(
-      Buffer.from(
-        params[parameters50.serviceAccountKeyJsonBase64.slug],
-        "base64"
-      ).toString("utf-8")
-    );
-    const delegatedUserEmail = params[delegatedUserEmailParameter.slug];
-    if (!delegatedUserEmail) {
-      if (!credentials.client_email || !credentials.private_key) {
-        return {
-          success: false,
-          error: "Service account JSON must contain client_email and private_key"
-        };
-      }
-      return { success: true };
-    }
-    const auth = new GoogleAuth({
-      credentials,
-      scopes: ["https://www.googleapis.com/auth/gmail.readonly"],
-      clientOptions: {
-        subject: delegatedUserEmail
-      }
-    });
-    try {
-      const token = await auth.getAccessToken();
-      if (!token) {
-        return {
-          success: false,
-          error: "Failed to obtain access token"
-        };
-      }
-      const res = await fetch(
-        "https://gmail.googleapis.com/gmail/v1/users/me/profile",
-        {
-          method: "GET",
-          headers: { Authorization: `Bearer ${token}` }
-        }
-      );
-      if (!res.ok) {
-        const errorText = await res.text().catch(() => res.statusText);
-        return {
-          success: false,
-          error: `Gmail API failed: HTTP ${res.status} ${errorText}`
-        };
-      }
-      return { success: true };
-    } catch (error2) {
-      return {
-        success: false,
-        error: error2 instanceof Error ? error2.message : String(error2)
-      };
-    }
-  }
+  tools: tools50
 });
 
 // ../connectors/src/connectors/gmail-oauth/tools/request.ts
@@ -102812,7 +102865,7 @@ var outputSchema62 = z64.discriminatedUnion("success", [
     error: z64.string()
   })
 ]);
-var requestTool36 = new ConnectorTool({
+var requestTool35 = new ConnectorTool({
   name: "request",
   description: `Send authenticated GET requests to the Gmail API v1.
 Authentication is handled automatically via OAuth proxy.
@@ -102870,7 +102923,7 @@ All paths are relative to https://gmail.googleapis.com/gmail/v1/users. Use '/me'
 });
 
 // ../connectors/src/connectors/gmail-oauth/setup.ts
-var requestToolName9 = `gmail-oauth_${requestTool36.name}`;
+var requestToolName9 = `gmail-oauth_${requestTool35.name}`;
 var gmailOnboarding2 = new ConnectorOnboarding({
   connectionSetupInstructions: {
     ja: `\u4EE5\u4E0B\u306E\u624B\u9806\u3067Gmail\u30B3\u30CD\u30AF\u30B7\u30E7\u30F3\u306E\u30BB\u30C3\u30C8\u30A2\u30C3\u30D7\u3092\u884C\u3063\u3066\u304F\u3060\u3055\u3044\u3002
@@ -102914,7 +102967,7 @@ var gmailOnboarding2 = new ConnectorOnboarding({
 var parameters51 = {};
 
 // ../connectors/src/connectors/gmail-oauth/index.ts
-var tools51 = { request: requestTool36 };
+var tools51 = { request: requestTool35 };
 var gmailOauthConnector = new ConnectorPlugin({
   slug: "gmail",
   authType: AUTH_TYPES.OAUTH,
@@ -103349,7 +103402,7 @@ var outputSchema64 = z66.discriminatedUnion("success", [
     error: z66.string()
   })
 ]);
-var requestTool37 = new ConnectorTool({
+var requestTool36 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the LinkedIn Marketing API (REST).
 Authentication is handled automatically via OAuth proxy.
@@ -103425,7 +103478,7 @@ Required headers (LinkedIn-Version, X-Restli-Protocol-Version) are set automatic
 
 // ../connectors/src/connectors/linkedin-ads/index.ts
 var tools52 = {
-  request: requestTool37,
+  request: requestTool36,
   listAdAccounts: listAdAccountsTool3
 };
 var linkedinAdsConnector = new ConnectorPlugin({
@@ -103734,7 +103787,7 @@ var outputSchema65 = z67.discriminatedUnion("success", [
     error: z67.string()
   })
 ]);
-var requestTool38 = new ConnectorTool({
+var requestTool37 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Zendesk Support API.
 Authentication is handled automatically using email/token Basic auth.
@@ -103790,7 +103843,7 @@ Zendesk uses cursor-based pagination with page[size] and page[after] parameters.
 });
 
 // ../connectors/src/connectors/zendesk/index.ts
-var tools53 = { request: requestTool38 };
+var tools53 = { request: requestTool37 };
 var zendeskConnector = new ConnectorPlugin({
   slug: "zendesk",
   authType: AUTH_TYPES.API_KEY,
@@ -104034,7 +104087,7 @@ var outputSchema66 = z68.discriminatedUnion("success", [
     error: z68.string()
   })
 ]);
-var requestTool39 = new ConnectorTool({
+var requestTool38 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Zendesk Support API.
 Authentication is handled automatically via OAuth proxy.
@@ -104095,7 +104148,7 @@ Zendesk uses cursor-based pagination with page[size] and page[after] parameters.
 });
 
 // ../connectors/src/connectors/zendesk-oauth/setup.ts
-var requestToolName10 = `zendesk-oauth_${requestTool39.name}`;
+var requestToolName10 = `zendesk-oauth_${requestTool38.name}`;
 var zendeskOauthOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     en: `Follow these steps to set up the Zendesk connection.
@@ -104135,7 +104188,7 @@ var zendeskOauthOnboarding = new ConnectorOnboarding({
 var parameters54 = {};
 
 // ../connectors/src/connectors/zendesk-oauth/index.ts
-var tools54 = { request: requestTool39 };
+var tools54 = { request: requestTool38 };
 var zendeskOauthConnector = new ConnectorPlugin({
   slug: "zendesk",
   authType: AUTH_TYPES.OAUTH,
@@ -104351,7 +104404,7 @@ var outputSchema67 = z69.discriminatedUnion("success", [
     error: z69.string()
   })
 ]);
-var requestTool40 = new ConnectorTool({
+var requestTool39 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Intercom API.
 Authentication is handled automatically using the Access Token (Bearer token).
@@ -104407,7 +104460,7 @@ The Intercom-Version header is set to 2.11 automatically.`,
 });
 
 // ../connectors/src/connectors/intercom/index.ts
-var tools55 = { request: requestTool40 };
+var tools55 = { request: requestTool39 };
 var intercomConnector = new ConnectorPlugin({
   slug: "intercom",
   authType: AUTH_TYPES.API_KEY,
@@ -104672,7 +104725,7 @@ var outputSchema68 = z70.discriminatedUnion("success", [
     error: z70.string()
   })
 ]);
-var requestTool41 = new ConnectorTool({
+var requestTool40 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Intercom API.
 Authentication is handled automatically via OAuth proxy.
@@ -104735,7 +104788,7 @@ Search endpoints (contacts/search, conversations/search) use POST with a query o
 });
 
 // ../connectors/src/connectors/intercom-oauth/setup.ts
-var requestToolName11 = `intercom-oauth_${requestTool41.name}`;
+var requestToolName11 = `intercom-oauth_${requestTool40.name}`;
 var intercomOauthOnboarding = new ConnectorOnboarding({
   connectionSetupInstructions: {
     en: `Follow these steps to set up the Intercom connection.
@@ -104775,7 +104828,7 @@ var intercomOauthOnboarding = new ConnectorOnboarding({
 var parameters56 = {};
 
 // ../connectors/src/connectors/intercom-oauth/index.ts
-var tools56 = { request: requestTool41 };
+var tools56 = { request: requestTool40 };
 var intercomOauthConnector = new ConnectorPlugin({
   slug: "intercom",
   authType: AUTH_TYPES.OAUTH,
@@ -105027,7 +105080,7 @@ var outputSchema69 = z71.discriminatedUnion("success", [
     error: z71.string()
   })
 ]);
-var requestTool42 = new ConnectorTool({
+var requestTool41 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Mixpanel REST API.
 Authentication is handled automatically using Basic auth (Service Account username + secret).
@@ -105121,7 +105174,7 @@ Rate limit: 60 queries/hour, 5 concurrent queries for Query API.`,
 });
 
 // ../connectors/src/connectors/mixpanel/index.ts
-var tools57 = { request: requestTool42 };
+var tools57 = { request: requestTool41 };
 var mixpanelConnector = new ConnectorPlugin({
   slug: "mixpanel",
   authType: AUTH_TYPES.API_KEY,
@@ -105315,7 +105368,7 @@ var outputSchema70 = z72.discriminatedUnion("success", [
     error: z72.string()
   })
 ]);
-var requestTool43 = new ConnectorTool({
+var requestTool42 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Grafana HTTP API.
 Authentication is handled automatically using the configured API Key or Service Account Token via Bearer token.
@@ -105371,7 +105424,7 @@ The path must start with '/' and is appended to the configured Grafana instance
 });
 
 // ../connectors/src/connectors/grafana/index.ts
-var tools58 = { request: requestTool43 };
+var tools58 = { request: requestTool42 };
 var grafanaConnector = new ConnectorPlugin({
   slug: "grafana",
   authType: AUTH_TYPES.API_KEY,
@@ -105559,7 +105612,7 @@ var outputSchema71 = z73.discriminatedUnion("success", [
     error: z73.string()
   })
 ]);
-var requestTool44 = new ConnectorTool({
+var requestTool43 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Backlog REST API (v2).
 Authentication is handled automatically by appending the apiKey query parameter to every request.
@@ -105616,7 +105669,7 @@ Do NOT include the apiKey parameter yourself; it is injected automatically.`,
 });
 
 // ../connectors/src/connectors/backlog/index.ts
-var tools59 = { request: requestTool44 };
+var tools59 = { request: requestTool43 };
 var backlogConnector = new ConnectorPlugin({
   slug: "backlog",
   authType: AUTH_TYPES.API_KEY,
@@ -105826,7 +105879,7 @@ var outputSchema72 = z74.discriminatedUnion("success", [
     error: z74.string()
   })
 ]);
-var requestTool45 = new ConnectorTool({
+var requestTool44 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Gamma REST API.
 Authentication is handled automatically using the API Key (X-API-KEY header).
@@ -106054,7 +106107,7 @@ Gamma does NOT support image uploads. To visualize data, embed raw numbers direc
 });
 
 // ../connectors/src/connectors/gamma/index.ts
-var tools60 = { request: requestTool45, generate: generateTool };
+var tools60 = { request: requestTool44, generate: generateTool };
 var gammaConnector = new ConnectorPlugin({
   slug: "gamma",
   authType: AUTH_TYPES.API_KEY,
@@ -106277,7 +106330,7 @@ var outputSchema74 = z76.discriminatedUnion("success", [
     error: z76.string()
   })
 ]);
-var requestTool46 = new ConnectorTool({
+var requestTool45 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Sentry API.
 Supports GET, POST, PUT, and DELETE methods.
@@ -106334,7 +106387,7 @@ Authentication is handled automatically via Bearer token.
 });
 
 // ../connectors/src/connectors/sentry/index.ts
-var tools61 = { request: requestTool46 };
+var tools61 = { request: requestTool45 };
 var sentryConnector = new ConnectorPlugin({
   slug: "sentry",
   authType: AUTH_TYPES.API_KEY,
@@ -106623,7 +106676,7 @@ function normalizeInstanceUrl(raw) {
   }
   return trimmed;
 }
-var requestTool47 = new ConnectorTool({
+var requestTool46 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the Salesforce REST API.
 Authentication is handled automatically using the OAuth 2.0 Client Credentials Flow (External Client App or Connected App Consumer Key + Secret). An access token is obtained on each request, so the tool user only provides the API path.
@@ -106720,7 +106773,7 @@ Prefer SOQL via the /query endpoint for filtered, joined, or aggregated reads ra
 });
 
 // ../connectors/src/connectors/salesforce/index.ts
-var tools62 = { request: requestTool47 };
+var tools62 = { request: requestTool46 };
 var salesforceConnector = new ConnectorPlugin({
   slug: "salesforce",
   authType: AUTH_TYPES.API_KEY,
@@ -106728,7 +106781,7 @@ var salesforceConnector = new ConnectorPlugin({
   description: "Connect to Salesforce CRM for accounts, contacts, opportunities, leads, cases, and custom objects via SOQL and the REST API.",
   iconUrl: "https://images.ctfassets.net/9ncizv60xc5y/6vZlbrUKhxXIiuvWJlb8YB/bbc5e08b88de46c8ed338a74c7d0abb3/salesforce-icon.png",
   parameters: parameters62,
-  releaseFlag: { dev1: true, dev2: false, prod: false },
+  releaseFlag: { dev1: true, dev2: true, prod: true },
   onboarding: salesforceOnboarding,
   systemPrompt: {
     en: `### Tools
@@ -107007,7 +107060,7 @@ var outputSchema76 = z78.discriminatedUnion("success", [
     error: z78.string()
   })
 ]);
-var requestTool48 = new ConnectorTool({
+var requestTool47 = new ConnectorTool({
   name: "request",
   description: `Send authenticated requests to the InfluxDB HTTP API.
 Authentication is handled automatically using the API token (\`Authorization: Token {token}\`). The instance URL is resolved from the connection.
@@ -107085,7 +107138,7 @@ For read-only data exploration prefer SQL (InfluxDB 3) or InfluxQL queries \u201
 });
 
 // ../connectors/src/connectors/influxdb/index.ts
-var tools63 = { request: requestTool48 };
+var tools63 = { request: requestTool47 };
 var influxdbConnector = new ConnectorPlugin({
   slug: "influxdb",
   authType: AUTH_TYPES.API_KEY,