@tangle-network/agent-integrations 0.37.0 → 0.39.0

package/dist/{chunk-YV3O5SO2.js → chunk-6MUBOVI4.js}

@@ -12,7 +12,7 @@ import {
   TangleIdentityUnreachableError,
   createTangleIdentityClient,
   tangleIdentity
-} from "./chunk-ZDK7Y4QG.js";
+} from "./chunk-OMLQCESJ.js";
 import {
   __export
 } from "./chunk-PZ5AY32C.js";
@@ -196,6 +196,7 @@ __export(adapters_exports, {
   gitlabConnector: () => gitlabConnector,
   glideConnector: () => glideConnector,
   gmail: () => gmail,
+  googleAnalyticsConnector: () => googleAnalyticsConnector,
   googleBigqueryConnector: () => googleBigqueryConnector,
   googleCalendar: () => googleCalendar,
   googleCloudStorageConnector: () => googleCloudStorageConnector,
@@ -204,6 +205,7 @@ __export(adapters_exports, {
   googleDrive: () => googleDrive,
   googleForms: () => googleForms,
   googleGeminiConnector: () => googleGeminiConnector,
+  googleMeetConnector: () => googleMeetConnector,
   googleMyBusinessConnector: () => googleMyBusinessConnector,
   googleSearchConnector: () => googleSearchConnector,
   googleSearchConsoleConnector: () => googleSearchConsoleConnector,
@@ -319,12 +321,8 @@ __export(adapters_exports, {
   microsoftDynamicsCrmConnector: () => microsoftDynamicsCrmConnector,
   microsoftExcel365Connector: () => microsoftExcel365Connector,
   microsoftGraph: () => microsoftGraph,
-  microsoftOnedriveConnector: () => microsoftOnedriveConnector,
   microsoftOnenoteConnector: () => microsoftOnenoteConnector,
-  microsoftOutlookCalendarConnector: () => microsoftOutlookCalendarConnector,
-  microsoftOutlookConnector: () => microsoftOutlookConnector,
   microsoftPowerBiConnector: () => microsoftPowerBiConnector,
-  microsoftSharepointConnector: () => microsoftSharepointConnector,
   microsoftTeams: () => microsoftTeams,
   microsoftTodoConnector: () => microsoftTodoConnector,
   millionverifierConnector: () => millionverifierConnector,
@@ -342,8 +340,8 @@ __export(adapters_exports, {
   niftyConnector: () => niftyConnector,
   ninjapipeConnector: () => ninjapipeConnector,
   nocodbConnector: () => nocodbConnector,
+  notion: () => notion,
   notionConnector: () => notionConnector,
-  notionDatabase: () => notionDatabase,
   ntfyConnector: () => ntfyConnector,
   odooConnector: () => odooConnector,
   omniCoConnector: () => omniCoConnector,
@@ -3134,91 +3132,253 @@ function microsoftCalendar(opts) {
               attendees: {
                 type: "array",
                 items: { type: "string", description: "attendee email" }
-              }
+              },
+              // Optional rich create fields (ported from microsoft-outlook-calendar
+              // create.event). All additive — the freebusy pre-flight and
+              // alternative-slot behavior below is unchanged when these are absent.
+              calendarId: {
+                type: "string",
+                description: "Target calendar id; defaults to the user's primary calendar (/me/events) when omitted."
+              },
+              location: {
+                type: "object",
+                description: 'Graph location resource, e.g. { displayName: "Room 1" }.'
+              },
+              recurrence: {
+                type: "object",
+                description: "Graph patternedRecurrence resource ({ pattern, range })."
+              },
+              isOnlineMeeting: { type: "boolean", description: "Provision an online meeting (Teams) for the event." },
+              onlineMeetingProvider: {
+                type: "string",
+                description: "Online meeting provider, e.g. 'teamsForBusiness'."
+              },
+              reminderMinutesBeforeStart: {
+                type: "integer",
+                description: "Minutes before start to fire the reminder."
+              },
+              isAllDay: { type: "boolean", description: "Mark the event as all-day (start/end must be midnight-aligned)." },
+              categories: {
+                type: "array",
+                items: { type: "string", description: "Outlook category name" }
+              },
+              importance: { type: "string", description: "Event importance: 'low' | 'normal' | 'high'." }
             },
             required: ["start", "end", "summary"]
           }
+        },
+        {
+          name: "delete_event",
+          class: "mutation",
+          description: "Delete an event by id from the connected Outlook calendar. Graph returns 204 on success; a re-delete of a missing event surfaces as 404 mapped to an idempotent tombstone. Honors If-Match against the event etag when the caller supplies expectedEtag.",
+          cas: "native-idempotency",
+          externalEffect: true,
+          parameters: {
+            type: "object",
+            properties: {
+              eventId: { type: "string", description: "Graph event id to delete." }
+            },
+            required: ["eventId"]
+          }
+        },
+        {
+          name: "list_events",
+          class: "read",
+          description: "List actual event objects on a calendar with OData paging/filtering ($top, $skip, $filter, $select, $orderby, $search). Targets the user's primary calendar (/me/events) unless calendarId is supplied. Distinct from list_availability, which returns busy windows.",
+          parameters: {
+            type: "object",
+            properties: {
+              calendarId: { type: "string", description: "Calendar id; defaults to the user's primary calendar when omitted." },
+              $top: { type: "integer", description: "Max events to return (OData page size)." },
+              $skip: { type: "integer", description: "Number of events to skip (OData paging offset)." },
+              $filter: { type: "string", description: "OData $filter expression." },
+              $select: { type: "string", description: "Comma-separated event fields to project." },
+              $orderby: { type: "string", description: "OData $orderby expression." },
+              $search: { type: "string", description: "OData $search query." }
+            }
+          }
         }
       ]
     },
     async executeRead(inv) {
-      if (inv.capabilityName !== "list_availability") {
-        throw new Error(`microsoft-calendar: unknown read capability ${inv.capabilityName}`);
-      }
-      const userPrincipal = readMetaString2(inv.source.metadata, "userPrincipal");
-      const { timeMin, timeMax } = inv.args;
       const accessToken = await ensureFreshAccessToken5(inv.source.credentials, clientId, clientSecret);
-      const busy = await getScheduleBusy({ accessToken, userPrincipal, timeMin, timeMax });
-      return {
-        data: { busy },
-        fetchedAt: Date.now()
-      };
+      if (inv.capabilityName === "list_availability") {
+        const userPrincipal = readMetaString2(inv.source.metadata, "userPrincipal");
+        const { timeMin, timeMax } = inv.args;
+        const busy = await getScheduleBusy({ accessToken, userPrincipal, timeMin, timeMax });
+        return {
+          data: { busy },
+          fetchedAt: Date.now()
+        };
+      }
+      if (inv.capabilityName === "list_events") {
+        const {
+          calendarId,
+          $top,
+          $skip,
+          $filter,
+          $select,
+          $orderby,
+          $search
+        } = inv.args;
+        const base = calendarId ? `https://graph.microsoft.com/v1.0/me/calendars/${encodeURIComponent(calendarId)}/events` : "https://graph.microsoft.com/v1.0/me/events";
+        const qs = new URLSearchParams();
+        if ($top !== void 0) qs.set("$top", String($top));
+        if ($skip !== void 0) qs.set("$skip", String($skip));
+        if ($filter) qs.set("$filter", $filter);
+        if ($select) qs.set("$select", $select);
+        if ($orderby) qs.set("$orderby", $orderby);
+        if ($search) qs.set("$search", $search);
+        const query = qs.toString();
+        const url = query ? `${base}?${query}` : base;
+        const res = await fetch(url, {
+          headers: { authorization: `Bearer ${accessToken}` },
+          signal: AbortSignal.timeout(15e3)
+        });
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(`Microsoft Graph rejected token (${res.status})`, inv.source.id);
+        }
+        if (!res.ok) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`microsoft-calendar list_events ${res.status}: ${text.slice(0, 200)}`);
+        }
+        const json = await res.json();
+        return {
+          data: { events: json.value ?? [], nextLink: json["@odata.nextLink"] },
+          fetchedAt: Date.now()
+        };
+      }
+      throw new Error(`microsoft-calendar: unknown read capability ${inv.capabilityName}`);
     },
     async executeMutation(inv) {
-      if (inv.capabilityName !== "book_slot") {
-        throw new Error(`microsoft-calendar: unknown mutation capability ${inv.capabilityName}`);
-      }
-      const userPrincipal = readMetaString2(inv.source.metadata, "userPrincipal");
-      const { start, end, summary, description, attendees } = inv.args;
       const accessToken = await ensureFreshAccessToken5(inv.source.credentials, clientId, clientSecret);
-      const busy = await getScheduleBusy({ accessToken, userPrincipal, timeMin: start, timeMax: end });
-      if (busy.length > 0) {
-        const startMs = Date.parse(start);
-        const endMs = Date.parse(end);
-        const durMs = endMs - startMs;
-        const alternatives = await findNextFreeSlots2({
-          accessToken,
-          userPrincipal,
-          searchFromMs: endMs,
-          durationMs: durMs,
-          wanted: 3
+      if (inv.capabilityName === "book_slot") {
+        const userPrincipal = readMetaString2(inv.source.metadata, "userPrincipal");
+        const {
+          start,
+          end,
+          summary,
+          description,
+          attendees,
+          calendarId,
+          location,
+          recurrence,
+          isOnlineMeeting,
+          onlineMeetingProvider,
+          reminderMinutesBeforeStart,
+          isAllDay,
+          categories,
+          importance
+        } = inv.args;
+        const busy = await getScheduleBusy({ accessToken, userPrincipal, timeMin: start, timeMax: end });
+        if (busy.length > 0) {
+          const startMs = Date.parse(start);
+          const endMs = Date.parse(end);
+          const durMs = endMs - startMs;
+          const alternatives = await findNextFreeSlots2({
+            accessToken,
+            userPrincipal,
+            searchFromMs: endMs,
+            durationMs: durMs,
+            wanted: 3
+          });
+          throw new ResourceContention(
+            `requested slot ${start}\u2013${end} is no longer free`,
+            alternatives,
+            { busy }
+          );
+        }
+        const event = {
+          subject: summary,
+          body: description ? { contentType: "text", content: description } : void 0,
+          start: { dateTime: start, timeZone: "UTC" },
+          end: { dateTime: end, timeZone: "UTC" },
+          attendees: attendees?.map((email) => ({
+            emailAddress: { address: email },
+            type: "required"
+          }))
+        };
+        if (location !== void 0) event.location = location;
+        if (recurrence !== void 0) event.recurrence = recurrence;
+        if (isOnlineMeeting !== void 0) event.isOnlineMeeting = isOnlineMeeting;
+        if (onlineMeetingProvider !== void 0) event.onlineMeetingProvider = onlineMeetingProvider;
+        if (reminderMinutesBeforeStart !== void 0) event.reminderMinutesBeforeStart = reminderMinutesBeforeStart;
+        if (isAllDay !== void 0) event.isAllDay = isAllDay;
+        if (categories !== void 0) event.categories = categories;
+        if (importance !== void 0) event.importance = importance;
+        const url = calendarId ? `https://graph.microsoft.com/v1.0/me/calendars/${encodeURIComponent(calendarId)}/events` : "https://graph.microsoft.com/v1.0/me/events";
+        const res = await fetch(url, {
+          method: "POST",
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+            "content-type": "application/json"
+          },
+          body: JSON.stringify(event),
+          signal: AbortSignal.timeout(15e3)
         });
-        throw new ResourceContention(
-          `requested slot ${start}\u2013${end} is no longer free`,
-          alternatives,
-          { busy }
-        );
-      }
-      const event = {
-        subject: summary,
-        body: description ? { contentType: "text", content: description } : void 0,
-        start: { dateTime: start, timeZone: "UTC" },
-        end: { dateTime: end, timeZone: "UTC" },
-        attendees: attendees?.map((email) => ({
-          emailAddress: { address: email },
-          type: "required"
-        }))
-      };
-      const res = await fetch("https://graph.microsoft.com/v1.0/me/events", {
-        method: "POST",
-        headers: {
-          authorization: `Bearer ${accessToken}`,
-          "content-type": "application/json"
-        },
-        body: JSON.stringify(event),
-        signal: AbortSignal.timeout(15e3)
-      });
-      if (res.status === 401 || res.status === 403) {
-        throw new CredentialsExpired(`Microsoft Graph rejected token (${res.status})`, inv.source.id);
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(`Microsoft Graph rejected token (${res.status})`, inv.source.id);
+        }
+        if (res.status === 412 || res.status === 409) {
+          throw new ResourceContention(
+            `Microsoft Graph reported conflict on book_slot (${res.status})`,
+            []
+          );
+        }
+        if (!res.ok) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`microsoft-calendar book_slot ${res.status}: ${text.slice(0, 200)}`);
+        }
+        const created = await res.json();
+        return {
+          status: "committed",
+          data: { eventId: created.id, webLink: created.webLink },
+          etagAfter: created["@odata.etag"],
+          committedAt: Date.now(),
+          idempotentReplay: false
+        };
       }
-      if (res.status === 412 || res.status === 409) {
-        throw new ResourceContention(
-          `Microsoft Graph reported conflict on book_slot (${res.status})`,
-          []
+      if (inv.capabilityName === "delete_event") {
+        const { eventId } = inv.args;
+        const headers = { authorization: `Bearer ${accessToken}` };
+        if (inv.expectedEtag) headers["if-match"] = inv.expectedEtag;
+        const res = await fetch(
+          `https://graph.microsoft.com/v1.0/me/events/${encodeURIComponent(eventId)}`,
+          {
+            method: "DELETE",
+            headers,
+            signal: AbortSignal.timeout(15e3)
+          }
         );
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(`Microsoft Graph rejected token (${res.status})`, inv.source.id);
+        }
+        if (res.status === 412 || res.status === 409) {
+          throw new ResourceContention(
+            `Microsoft Graph reported conflict on delete_event (${res.status})`,
+            []
+          );
+        }
+        if (res.status === 404) {
+          return {
+            status: "committed",
+            data: { eventId, deleted: true, alreadyMissing: true },
+            committedAt: Date.now(),
+            idempotentReplay: true
+          };
+        }
+        if (!res.ok) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`microsoft-calendar delete_event ${res.status}: ${text.slice(0, 200)}`);
+        }
+        return {
+          status: "committed",
+          data: { eventId, deleted: true },
+          committedAt: Date.now(),
+          idempotentReplay: false
+        };
       }
-      if (!res.ok) {
-        const text = await res.text().catch(() => "");
-        throw new Error(`microsoft-calendar book_slot ${res.status}: ${text.slice(0, 200)}`);
-      }
-      const created = await res.json();
-      return {
-        status: "committed",
-        data: { eventId: created.id, webLink: created.webLink },
-        etagAfter: created["@odata.etag"],
-        committedAt: Date.now(),
-        idempotentReplay: false
-      };
+      throw new Error(`microsoft-calendar: unknown mutation capability ${inv.capabilityName}`);
     },
     async exchangeOAuth(input) {
       if (!clientId || !clientSecret) {
@@ -4438,518 +4598,6 @@ async function uploadFile2(inv, accessToken, timeoutMs) {
   };
 }
 
-// src/connectors/adapters/notion-database.ts
-var AUTH_URL8 = "https://api.notion.com/v1/oauth/authorize";
-var TOKEN_URL8 = "https://api.notion.com/v1/oauth/token";
-var API5 = "https://api.notion.com/v1";
-var NOTION_VERSION = "2022-06-28";
-function notionDatabase(opts) {
-  const { clientId, clientSecret } = opts;
-  const adapter = {
-    manifest: {
-      kind: "notion-database",
-      displayName: "Notion (database)",
-      description: "Query a Notion database, create new pages, and update existing ones with optimistic concurrency via last_edited_time.",
-      auth: {
-        kind: "oauth2",
-        authorizationUrl: AUTH_URL8,
-        tokenUrl: TOKEN_URL8,
-        // Notion does not use OAuth scopes — the workspace owner picks
-        // which pages/databases the integration sees during install. We
-        // declare an empty scope list so the consent screen renders cleanly.
-        scopes: [],
-        clientIdEnv: "NOTION_OAUTH_CLIENT_ID",
-        clientSecretEnv: "NOTION_OAUTH_CLIENT_SECRET",
-        extraAuthParams: { owner: "user" }
-      },
-      category: "doc",
-      defaultConsistencyModel: "authoritative",
-      capabilities: [
-        {
-          name: "query_database",
-          class: "read",
-          description: "Query the connected Notion database with an optional filter object (Notion query DSL).",
-          parameters: {
-            type: "object",
-            properties: {
-              filter: { type: "object", description: "Notion API filter object \u2014 passed through verbatim." },
-              pageSize: { type: "integer", minimum: 1, maximum: 100, default: 50 },
-              startCursor: { type: "string" }
-            }
-          }
-        },
-        {
-          name: "create_page",
-          class: "mutation",
-          description: "Create a new page inside the connected database.",
-          cas: "native-idempotency",
-          externalEffect: true,
-          parameters: {
-            type: "object",
-            properties: {
-              properties: {
-                type: "object",
-                description: "Notion property map keyed by property name."
-              }
-            },
-            required: ["properties"]
-          }
-        },
-        {
-          name: "update_page",
-          class: "mutation",
-          description: "Update properties on an existing page. If `expectedLastEditedTime` is supplied and stale, the update is rejected with conflict.",
-          cas: "etag-if-match",
-          externalEffect: true,
-          parameters: {
-            type: "object",
-            properties: {
-              pageId: { type: "string" },
-              properties: { type: "object" },
-              expectedLastEditedTime: {
-                type: "string",
-                description: "RFC3339 timestamp the agent observed on its last read. Drift triggers ResourceContention."
-              }
-            },
-            required: ["pageId", "properties"]
-          }
-        },
-        {
-          name: "pages.archive",
-          class: "mutation",
-          description: "Archive (soft-delete) a Notion page. Restorable via update_page with archived:false.",
-          cas: "native-idempotency",
-          externalEffect: true,
-          parameters: {
-            type: "object",
-            properties: { pageId: { type: "string" } },
-            required: ["pageId"]
-          }
-        },
-        {
-          name: "databases.create",
-          class: "mutation",
-          description: "Create a new Notion database underneath a parent page.",
-          cas: "native-idempotency",
-          externalEffect: true,
-          parameters: {
-            type: "object",
-            properties: {
-              parentPageId: { type: "string", description: "Parent page id under which to create the database." },
-              title: {
-                type: "array",
-                description: "Notion rich_text array used as the database title."
-              },
-              properties: {
-                type: "object",
-                description: "Schema map \u2014 property name \u2192 Notion property schema."
-              }
-            },
-            required: ["parentPageId", "title", "properties"]
-          }
-        },
-        {
-          name: "databases.update",
-          class: "mutation",
-          description: "Update a database title and/or schema.",
-          cas: "native-idempotency",
-          externalEffect: true,
-          parameters: {
-            type: "object",
-            properties: {
-              databaseId: { type: "string" },
-              title: { type: "array", description: "Optional new rich_text title." },
-              properties: { type: "object", description: "Optional partial schema update." }
-            },
-            required: ["databaseId"]
-          }
-        },
-        {
-          name: "blocks.append",
-          class: "mutation",
-          description: "Append child blocks to a page or block.",
-          cas: "native-idempotency",
-          externalEffect: true,
-          parameters: {
-            type: "object",
-            properties: {
-              blockId: { type: "string", description: "Parent page or block id." },
-              children: { type: "array", description: "Block descriptor array per Notion schema." }
-            },
-            required: ["blockId", "children"]
-          }
-        }
-      ]
-    },
-    async executeRead(inv) {
-      if (inv.capabilityName !== "query_database") {
-        throw new Error(`notion-database: unknown read capability ${inv.capabilityName}`);
-      }
-      const accessToken = readToken(inv.source.credentials);
-      const databaseId = readMetaString3(inv.source.metadata, "databaseId");
-      const { filter, pageSize, startCursor } = inv.args;
-      const body = {
-        page_size: Math.min(Math.max(1, pageSize ?? 50), 100)
-      };
-      if (filter) body.filter = filter;
-      if (startCursor) body.start_cursor = startCursor;
-      const res = await fetch(`${API5}/databases/${encodeURIComponent(databaseId)}/query`, {
-        method: "POST",
-        headers: notionHeaders(accessToken),
-        body: JSON.stringify(body),
-        signal: AbortSignal.timeout(1e4)
-      });
-      if (res.status === 401) {
-        throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-      }
-      if (!res.ok) {
-        const text = await res.text().catch(() => "");
-        throw new Error(`notion-database query_database ${res.status}: ${text.slice(0, 200)}`);
-      }
-      const json = await res.json();
-      return {
-        data: {
-          results: json.results ?? [],
-          hasMore: json.has_more ?? false,
-          nextCursor: json.next_cursor ?? null
-        },
-        fetchedAt: Date.now()
-      };
-    },
-    async executeMutation(inv) {
-      const accessToken = readToken(inv.source.credentials);
-      if (inv.capabilityName === "create_page") return createPage(inv, accessToken);
-      if (inv.capabilityName === "update_page") return updatePage(inv, accessToken);
-      if (inv.capabilityName === "pages.archive") return archivePage(inv, accessToken);
-      if (inv.capabilityName === "databases.create") return createDatabase(inv, accessToken);
-      if (inv.capabilityName === "databases.update") return updateDatabase(inv, accessToken);
-      if (inv.capabilityName === "blocks.append") return appendBlocks(inv, accessToken);
-      throw new Error(`notion-database: unknown mutation capability ${inv.capabilityName}`);
-    },
-    async exchangeOAuth(input) {
-      if (!clientId || !clientSecret) {
-        throw new Error("Notion OAuth client not configured (NOTION_OAUTH_CLIENT_ID / _SECRET)");
-      }
-      const body = new URLSearchParams({
-        grant_type: "authorization_code",
-        code: input.code,
-        redirect_uri: input.redirectUri,
-        code_verifier: input.codeVerifier
-      });
-      const res = await fetch(TOKEN_URL8, {
-        method: "POST",
-        headers: {
-          authorization: `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString("base64")}`,
-          "content-type": "application/x-www-form-urlencoded",
-          accept: "application/json",
-          "Notion-Version": NOTION_VERSION
-        },
-        body
-      });
-      if (!res.ok) {
-        const text = await res.text().catch(() => "");
-        throw new Error(`Notion OAuth token exchange failed: ${res.status} \u2014 ${text.slice(0, 200)}`);
-      }
-      const json = await res.json();
-      return {
-        credentials: {
-          kind: "oauth2",
-          accessToken: json.access_token,
-          refreshToken: json.refresh_token
-        },
-        scopes: [],
-        metadata: {
-          botId: json.bot_id,
-          workspaceId: json.workspace_id,
-          workspaceName: json.workspace_name,
-          // Operator picks the database in a follow-up step; default empty.
-          databaseId: ""
-        }
-      };
-    },
-    async refreshToken(creds) {
-      if (creds.kind !== "oauth2" || !creds.refreshToken) {
-        if (creds.kind === "oauth2" && creds.accessToken && !creds.expiresAt) {
-          return creds;
-        }
-        throw new Error("notion-database.refreshToken: missing refresh token");
-      }
-      const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL8,
-        clientId,
-        clientSecret,
-        refreshToken: creds.refreshToken
-      });
-      return {
-        kind: "oauth2",
-        accessToken: refreshed.accessToken,
-        refreshToken: refreshed.refreshToken ?? creds.refreshToken,
-        expiresAt: refreshed.expiresIn ? Date.now() + refreshed.expiresIn * 1e3 : void 0
-      };
-    },
-    async test(source) {
-      try {
-        const accessToken = readToken(source.credentials);
-        const res = await fetch(`${API5}/users/me`, {
-          headers: notionHeaders(accessToken),
-          signal: AbortSignal.timeout(8e3)
-        });
-        if (res.status === 401) return { ok: false, reason: "Notion rejected token (401) \u2014 reconnect required" };
-        if (!res.ok) return { ok: false, reason: `Notion returned ${res.status}` };
-        return { ok: true };
-      } catch (err) {
-        return { ok: false, reason: err instanceof Error ? err.message : String(err) };
-      }
-    }
-  };
-  return adapter;
-}
-async function createPage(inv, accessToken) {
-  const databaseId = readMetaString3(inv.source.metadata, "databaseId");
-  const { properties } = inv.args;
-  const res = await fetch(`${API5}/pages`, {
-    method: "POST",
-    headers: {
-      ...notionHeaders(accessToken),
-      "Idempotency-Key": inv.idempotencyKey
-    },
-    body: JSON.stringify({
-      parent: { database_id: databaseId },
-      properties
-    }),
-    signal: AbortSignal.timeout(15e3)
-  });
-  if (res.status === 401) {
-    throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-  }
-  if (res.status === 409) {
-    throw new ResourceContention("Notion idempotency-key conflict \u2014 different args under same key");
-  }
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`notion-database create_page ${res.status}: ${text.slice(0, 200)}`);
-  }
-  const created = await res.json();
-  return {
-    status: "committed",
-    data: { pageId: created.id, url: created.url, lastEditedTime: created.last_edited_time },
-    etagAfter: created.last_edited_time,
-    committedAt: Date.now(),
-    idempotentReplay: false
-  };
-}
-async function updatePage(inv, accessToken) {
-  const { pageId, properties, expectedLastEditedTime } = inv.args;
-  if (expectedLastEditedTime) {
-    const headRes = await fetch(`${API5}/pages/${encodeURIComponent(pageId)}`, {
-      headers: notionHeaders(accessToken),
-      signal: AbortSignal.timeout(1e4)
-    });
-    if (headRes.status === 401) {
-      throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-    }
-    if (!headRes.ok) {
-      const text = await headRes.text().catch(() => "");
-      throw new Error(`notion-database update_page (preflight) ${headRes.status}: ${text.slice(0, 200)}`);
-    }
-    const page = await headRes.json();
-    if (page.last_edited_time && page.last_edited_time !== expectedLastEditedTime) {
-      throw new ResourceContention(
-        `Notion page ${pageId} was modified since the agent last read it`,
-        [],
-        { last_edited_time: page.last_edited_time, properties: page.properties }
-      );
-    }
-  }
-  const res = await fetch(`${API5}/pages/${encodeURIComponent(pageId)}`, {
-    method: "PATCH",
-    headers: notionHeaders(accessToken),
-    body: JSON.stringify({ properties }),
-    signal: AbortSignal.timeout(15e3)
-  });
-  if (res.status === 401) {
-    throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-  }
-  if (res.status === 409 || res.status === 412) {
-    throw new ResourceContention(`Notion update_page conflict (${res.status})`);
-  }
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`notion-database update_page ${res.status}: ${text.slice(0, 200)}`);
-  }
-  const updated = await res.json();
-  return {
-    status: "committed",
-    data: { pageId: updated.id, url: updated.url, lastEditedTime: updated.last_edited_time },
-    etagAfter: updated.last_edited_time,
-    committedAt: Date.now(),
-    idempotentReplay: false
-  };
-}
-async function archivePage(inv, accessToken) {
-  const { pageId } = inv.args;
-  if (typeof pageId !== "string" || pageId.length === 0) {
-    throw new Error("notion-database pages.archive: pageId is required");
-  }
-  const res = await fetch(`${API5}/pages/${encodeURIComponent(pageId)}`, {
-    method: "PATCH",
-    headers: {
-      ...notionHeaders(accessToken),
-      "Idempotency-Key": inv.idempotencyKey
-    },
-    body: JSON.stringify({ archived: true }),
-    signal: AbortSignal.timeout(15e3)
-  });
-  if (res.status === 401) {
-    throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-  }
-  if (res.status === 409) {
-    throw new ResourceContention("Notion idempotency-key conflict \u2014 different args under same key");
-  }
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`notion-database pages.archive ${res.status}: ${text.slice(0, 200)}`);
-  }
-  const archived = await res.json();
-  return {
-    status: "committed",
-    data: { pageId: archived.id, archived: archived.archived ?? true, lastEditedTime: archived.last_edited_time },
-    etagAfter: archived.last_edited_time,
-    committedAt: Date.now(),
-    idempotentReplay: false
-  };
-}
-async function createDatabase(inv, accessToken) {
-  const { parentPageId, title, properties } = inv.args;
-  if (typeof parentPageId !== "string" || parentPageId.length === 0) {
-    throw new Error("notion-database databases.create: parentPageId is required");
-  }
-  if (!title) throw new Error("notion-database databases.create: title is required");
-  if (!properties) throw new Error("notion-database databases.create: properties is required");
-  const res = await fetch(`${API5}/databases`, {
-    method: "POST",
-    headers: {
-      ...notionHeaders(accessToken),
-      "Idempotency-Key": inv.idempotencyKey
-    },
-    body: JSON.stringify({
-      parent: { type: "page_id", page_id: parentPageId },
-      title,
-      properties
-    }),
-    signal: AbortSignal.timeout(15e3)
-  });
-  if (res.status === 401) {
-    throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-  }
-  if (res.status === 409) {
-    throw new ResourceContention("Notion idempotency-key conflict \u2014 different args under same key");
-  }
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`notion-database databases.create ${res.status}: ${text.slice(0, 200)}`);
-  }
-  const created = await res.json();
-  return {
-    status: "committed",
-    data: { databaseId: created.id, url: created.url, lastEditedTime: created.last_edited_time },
-    etagAfter: created.last_edited_time,
-    committedAt: Date.now(),
-    idempotentReplay: false
-  };
-}
-async function updateDatabase(inv, accessToken) {
-  const { databaseId, title, properties } = inv.args;
-  if (typeof databaseId !== "string" || databaseId.length === 0) {
-    throw new Error("notion-database databases.update: databaseId is required");
-  }
-  const body = {};
-  if (title !== void 0) body.title = title;
-  if (properties !== void 0) body.properties = properties;
-  const res = await fetch(`${API5}/databases/${encodeURIComponent(databaseId)}`, {
-    method: "PATCH",
-    headers: {
-      ...notionHeaders(accessToken),
-      "Idempotency-Key": inv.idempotencyKey
-    },
-    body: JSON.stringify(body),
-    signal: AbortSignal.timeout(15e3)
-  });
-  if (res.status === 401) {
-    throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-  }
-  if (res.status === 409) {
-    throw new ResourceContention("Notion idempotency-key conflict \u2014 different args under same key");
-  }
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`notion-database databases.update ${res.status}: ${text.slice(0, 200)}`);
-  }
-  const updated = await res.json();
-  return {
-    status: "committed",
-    data: { databaseId: updated.id, url: updated.url, lastEditedTime: updated.last_edited_time },
-    etagAfter: updated.last_edited_time,
-    committedAt: Date.now(),
-    idempotentReplay: false
-  };
-}
-async function appendBlocks(inv, accessToken) {
-  const { blockId, children } = inv.args;
-  if (typeof blockId !== "string" || blockId.length === 0) {
-    throw new Error("notion-database blocks.append: blockId is required");
-  }
-  if (!Array.isArray(children)) {
-    throw new Error("notion-database blocks.append: children must be an array");
-  }
-  const res = await fetch(`${API5}/blocks/${encodeURIComponent(blockId)}/children`, {
-    method: "PATCH",
-    headers: {
-      ...notionHeaders(accessToken),
-      "Idempotency-Key": inv.idempotencyKey
-    },
-    body: JSON.stringify({ children }),
-    signal: AbortSignal.timeout(15e3)
-  });
-  if (res.status === 401) {
-    throw new CredentialsExpired("Notion rejected token (401)", inv.source.id);
-  }
-  if (res.status === 409) {
-    throw new ResourceContention("Notion idempotency-key conflict \u2014 different args under same key");
-  }
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`notion-database blocks.append ${res.status}: ${text.slice(0, 200)}`);
-  }
-  const json = await res.json();
-  return {
-    status: "committed",
-    data: { results: json.results ?? [] },
-    committedAt: Date.now(),
-    idempotentReplay: false
-  };
-}
-function notionHeaders(accessToken) {
-  return {
-    authorization: `Bearer ${accessToken}`,
-    "Notion-Version": NOTION_VERSION,
-    "content-type": "application/json"
-  };
-}
-function readToken(creds) {
-  if (creds.kind !== "oauth2" || typeof creds.accessToken !== "string") {
-    throw new Error("notion-database: expected oauth2 credentials");
-  }
-  return creds.accessToken;
-}
-function readMetaString3(meta, key) {
-  const v = meta[key];
-  if (typeof v !== "string" || v.length === 0) {
-    throw new Error(`notion-database DataSource.metadata.${key} is missing`);
-  }
-  return v;
-}
-
 // src/connectors/adapters/docuseal.ts
 import { createHmac, timingSafeEqual } from "crypto";
 var DEFAULT_BASE = "https://api.docuseal.com";
@@ -5249,7 +4897,7 @@ async function voidSubmission(inv, apiKey, baseUrl, timeoutMs) {
 }
 
 // src/connectors/adapters/twilio-sms.ts
-var API6 = "https://api.twilio.com/2010-04-01";
+var API5 = "https://api.twilio.com/2010-04-01";
 var LOOKUP_API = "https://lookups.twilio.com/v1";
 var twilioSmsConnector = {
   manifest: {
@@ -5406,7 +5054,7 @@ var twilioSmsConnector = {
       params.set("PageSize", String(Math.min(Math.max(1, limit ?? 20), 100)));
       if (to) params.set("To", to);
       if (from) params.set("From", from);
-      const url = `${API6}/Accounts/${encodeURIComponent(auth.accountSid)}/Messages.json?${params.toString()}`;
+      const url = `${API5}/Accounts/${encodeURIComponent(auth.accountSid)}/Messages.json?${params.toString()}`;
       const res = await fetch(url, {
         headers: { authorization: basicAuth(auth) },
         signal: AbortSignal.timeout(1e4)
@@ -5427,7 +5075,7 @@ var twilioSmsConnector = {
       const params = new URLSearchParams();
       params.set("PageSize", String(Math.min(Math.max(1, limit ?? 50), 100)));
       if (phoneNumber) params.set("PhoneNumber", phoneNumber);
-      const url = `${API6}/Accounts/${encodeURIComponent(auth.accountSid)}/IncomingPhoneNumbers.json?${params.toString()}`;
+      const url = `${API5}/Accounts/${encodeURIComponent(auth.accountSid)}/IncomingPhoneNumbers.json?${params.toString()}`;
       const res = await fetch(url, {
         headers: { authorization: basicAuth(auth) },
         signal: AbortSignal.timeout(1e4)
@@ -5449,13 +5097,13 @@ var twilioSmsConnector = {
     const auth = parseAuth(inv.source.credentials);
     if (inv.capabilityName === "send_sms") {
       const { to, body, from } = inv.args;
-      const fromNumber = from ?? readMetaString4(inv.source.metadata, "fromNumber");
+      const fromNumber = from ?? readMetaString3(inv.source.metadata, "fromNumber");
       const formBody = new URLSearchParams({ To: to, From: fromNumber, Body: body });
       return await postMessages(inv, auth, formBody, "send_sms");
     }
     if (inv.capabilityName === "send_mms") {
       const { to, body, from, mediaUrl } = inv.args;
-      const fromNumber = from ?? readMetaString4(inv.source.metadata, "fromNumber");
+      const fromNumber = from ?? readMetaString3(inv.source.metadata, "fromNumber");
       const formBody = new URLSearchParams();
       formBody.set("To", to);
       formBody.set("From", fromNumber);
@@ -5467,7 +5115,7 @@ var twilioSmsConnector = {
     if (inv.capabilityName === "send_whatsapp") {
       const { to, body, from } = inv.args;
       const ensureWhatsapp = (n) => n.startsWith("whatsapp:") ? n : `whatsapp:${n}`;
-      const fromRaw = from ?? readMetaStringOptional(inv.source.metadata, "whatsappFromNumber") ?? readMetaString4(inv.source.metadata, "fromNumber");
+      const fromRaw = from ?? readMetaStringOptional(inv.source.metadata, "whatsappFromNumber") ?? readMetaString3(inv.source.metadata, "fromNumber");
       const formBody = new URLSearchParams({
         To: ensureWhatsapp(to),
         From: ensureWhatsapp(fromRaw),
@@ -5477,7 +5125,7 @@ var twilioSmsConnector = {
     }
     if (inv.capabilityName === "redact_message") {
       const { messageSid } = inv.args;
-      const url = `${API6}/Accounts/${encodeURIComponent(auth.accountSid)}/Messages/${encodeURIComponent(messageSid)}.json`;
+      const url = `${API5}/Accounts/${encodeURIComponent(auth.accountSid)}/Messages/${encodeURIComponent(messageSid)}.json`;
       const formBody = new URLSearchParams({ Body: "" });
       const res = await fetch(url, {
         method: "POST",
@@ -5510,7 +5158,7 @@ var twilioSmsConnector = {
   async test(source) {
     try {
       const auth = parseAuth(source.credentials);
-      const res = await fetch(`${API6}/Accounts/${encodeURIComponent(auth.accountSid)}.json`, {
+      const res = await fetch(`${API5}/Accounts/${encodeURIComponent(auth.accountSid)}.json`, {
         headers: { authorization: basicAuth(auth) },
         signal: AbortSignal.timeout(8e3)
       });
@@ -5546,7 +5194,7 @@ function parseAuth(creds) {
 function basicAuth(auth) {
   return `Basic ${Buffer.from(`${auth.username}:${auth.password}`).toString("base64")}`;
 }
-function readMetaString4(meta, key) {
+function readMetaString3(meta, key) {
   const v = meta[key];
   if (typeof v !== "string" || v.length === 0) {
     throw new Error(`twilio-sms DataSource.metadata.${key} is missing`);
@@ -5558,7 +5206,7 @@ function readMetaStringOptional(meta, key) {
   return typeof v === "string" && v.length > 0 ? v : void 0;
 }
 async function postMessages(inv, auth, formBody, label) {
-  const url = `${API6}/Accounts/${encodeURIComponent(auth.accountSid)}/Messages.json`;
+  const url = `${API5}/Accounts/${encodeURIComponent(auth.accountSid)}/Messages.json`;
   const res = await fetch(url, {
     method: "POST",
     headers: {
@@ -5587,7 +5235,7 @@ async function postMessages(inv, auth, formBody, label) {
 }
 
 // src/connectors/adapters/phony.ts
-var API7 = "https://api.ph0ny.com";
+var API6 = "https://api.ph0ny.com";
 var E164 = /^\+[1-9]\d{7,14}$/;
 var phonyConnector = {
   manifest: {
@@ -5857,7 +5505,7 @@ var phonyConnector = {
       const json = await getJson(
         inv,
         token,
-        `${API7}/v1/agents?${params.toString()}`,
+        `${API6}/v1/agents?${params.toString()}`,
         "list_agents"
       );
       return {
@@ -5870,7 +5518,7 @@ var phonyConnector = {
       const json = await getJson(
         inv,
         token,
-        `${API7}/v1/outbound/${encodeURIComponent(id)}`,
+        `${API6}/v1/outbound/${encodeURIComponent(id)}`,
         "get_call"
       );
       return { data: { call: json.call ?? null }, fetchedAt: Date.now() };
@@ -5883,7 +5531,7 @@ var phonyConnector = {
       const json = await getJson(
         inv,
         token,
-        `${API7}/v1/outbound?${params.toString()}`,
+        `${API6}/v1/outbound?${params.toString()}`,
         "list_calls"
       );
       return { data: { calls: json.calls ?? [] }, fetchedAt: Date.now() };
@@ -5894,7 +5542,7 @@ var phonyConnector = {
       if (limit !== void 0) payload.limit = limit;
       if (threshold !== void 0) payload.threshold = threshold;
       if (includeMetadata !== void 0) payload.includeMetadata = includeMetadata;
-      const res = await fetch(`${API7}/v1/collections/${encodeURIComponent(collectionId)}/search`, {
+      const res = await fetch(`${API6}/v1/collections/${encodeURIComponent(collectionId)}/search`, {
         method: "POST",
         headers: {
           authorization: `Bearer ${token}`,
@@ -5935,7 +5583,7 @@ var phonyConnector = {
       if (args.callerProfile !== void 0) payload.callerProfile = args.callerProfile;
       if (args.voiceCloneId !== void 0) payload.voiceCloneId = args.voiceCloneId;
       if (args.dryRun !== void 0) payload.dryRun = args.dryRun;
-      const res = await fetch(`${API7}/v1/outbound/start`, {
+      const res = await fetch(`${API6}/v1/outbound/start`, {
         method: "POST",
         headers: {
           authorization: `Bearer ${token}`,
@@ -5965,7 +5613,7 @@ var phonyConnector = {
     }
     if (inv.capabilityName === "create_agent") {
       const payload = pick(inv.args, AGENT_FIELDS);
-      const json = await postJson(inv, token, `${API7}/v1/agents`, payload, "create_agent");
+      const json = await postJson(inv, token, `${API6}/v1/agents`, payload, "create_agent");
       return {
         status: "committed",
         data: { agent: json },
@@ -5981,7 +5629,7 @@ var phonyConnector = {
       const json = await postJson(
         inv,
         token,
-        `${API7}/v1/agents/provision`,
+        `${API6}/v1/agents/provision`,
         payload,
         "provision_agent"
       );
@@ -6001,7 +5649,7 @@ var phonyConnector = {
       const payload = { name };
       if (description !== void 0) payload.description = description;
       if (metadata !== void 0) payload.metadata = metadata;
-      const json = await postJson(inv, token, `${API7}/v1/collections`, payload, "kb_create_collection");
+      const json = await postJson(inv, token, `${API6}/v1/collections`, payload, "kb_create_collection");
       return {
         status: "committed",
         data: { collection: json },
@@ -6015,7 +5663,7 @@ var phonyConnector = {
       const json = await postJson(
         inv,
         token,
-        `${API7}/v1/collections/${encodeURIComponent(collectionId)}/ingest`,
+        `${API6}/v1/collections/${encodeURIComponent(collectionId)}/ingest`,
         payload,
         "kb_ingest"
       );
@@ -6035,7 +5683,7 @@ var phonyConnector = {
   async test(source) {
     try {
       const token = bearerToken(source.credentials);
-      const res = await fetch(`${API7}/v1/outbound?limit=1`, {
+      const res = await fetch(`${API6}/v1/outbound?limit=1`, {
         headers: { authorization: `Bearer ${token}` },
         signal: AbortSignal.timeout(8e3)
       });
@@ -6180,9 +5828,9 @@ var INGEST_FIELDS = [
 
 // src/connectors/adapters/whatsapp-business.ts
 var SCOPES5 = ["whatsapp_business_messaging", "whatsapp_business_management", "business_management"];
-var AUTH_URL9 = "https://www.facebook.com/v21.0/dialog/oauth";
-var TOKEN_URL9 = "https://graph.facebook.com/v21.0/oauth/access_token";
-var API8 = "https://graph.facebook.com/v21.0";
+var AUTH_URL8 = "https://www.facebook.com/v21.0/dialog/oauth";
+var TOKEN_URL8 = "https://graph.facebook.com/v21.0/oauth/access_token";
+var API7 = "https://graph.facebook.com/v21.0";
 function whatsappBusiness(opts) {
   const { clientId, clientSecret } = opts;
   const adapter = {
@@ -6192,8 +5840,8 @@ function whatsappBusiness(opts) {
       description: "Send text and template messages from a verified WhatsApp Business number, and read your approved message templates. Advisory surface \u2014 WhatsApp sends are append-only.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL9,
-        tokenUrl: TOKEN_URL9,
+        authorizationUrl: AUTH_URL8,
+        tokenUrl: TOKEN_URL8,
         scopes: SCOPES5,
         clientIdEnv: "WHATSAPP_BUSINESS_OAUTH_CLIENT_ID",
         clientSecretEnv: "WHATSAPP_BUSINESS_OAUTH_CLIENT_SECRET"
@@ -6330,12 +5978,12 @@ function whatsappBusiness(opts) {
     async executeRead(inv) {
       const accessToken = readAccessToken(inv.source.credentials);
       if (inv.capabilityName === "list_message_templates") {
-        const wabaId = readMetaString5(inv.source.metadata, "wabaId");
+        const wabaId = readMetaString4(inv.source.metadata, "wabaId");
         const { limit, status } = inv.args;
         const params = new URLSearchParams();
         params.set("limit", String(Math.min(Math.max(1, limit ?? 50), 200)));
         if (status) params.set("status", status);
-        const url = `${API8}/${encodeURIComponent(wabaId)}/message_templates?${params.toString()}`;
+        const url = `${API7}/${encodeURIComponent(wabaId)}/message_templates?${params.toString()}`;
         const json = await graphGet(url, accessToken, inv.source.id);
         const data = json.data ?? [];
         return {
@@ -6352,11 +6000,11 @@ function whatsappBusiness(opts) {
         };
       }
       if (inv.capabilityName === "get_business_phone_number") {
-        const phoneNumberId = readMetaString5(inv.source.metadata, "phoneNumberId");
+        const phoneNumberId = readMetaString4(inv.source.metadata, "phoneNumberId");
         const params = new URLSearchParams({
           fields: "display_phone_number,verified_name,quality_rating,code_verification_status,platform_type"
         });
-        const url = `${API8}/${encodeURIComponent(phoneNumberId)}?${params.toString()}`;
+        const url = `${API7}/${encodeURIComponent(phoneNumberId)}?${params.toString()}`;
         const json = await graphGet(url, accessToken, inv.source.id);
         return {
           data: {
@@ -6382,8 +6030,8 @@ function whatsappBusiness(opts) {
       if (inv.capabilityName === "templates.delete") {
         return deleteTemplate(inv, accessToken);
       }
-      const phoneNumberId = readMetaString5(inv.source.metadata, "phoneNumberId");
-      const url = `${API8}/${encodeURIComponent(phoneNumberId)}/messages`;
+      const phoneNumberId = readMetaString4(inv.source.metadata, "phoneNumberId");
+      const url = `${API7}/${encodeURIComponent(phoneNumberId)}/messages`;
       let body;
       if (inv.capabilityName === "send_text_message") {
         const { to, body: text, previewUrl } = inv.args;
@@ -6464,7 +6112,7 @@ function whatsappBusiness(opts) {
         throw new Error("WhatsApp Business OAuth client not configured (WHATSAPP_BUSINESS_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL9,
+        tokenUrl: TOKEN_URL8,
         clientId,
         clientSecret,
         code: input.code,
@@ -6488,7 +6136,7 @@ function whatsappBusiness(opts) {
       try {
         const accessToken = readAccessToken(source.credentials);
         const phoneNumberId = typeof source.metadata.phoneNumberId === "string" ? source.metadata.phoneNumberId : void 0;
-        const probeUrl = phoneNumberId ? `${API8}/${encodeURIComponent(phoneNumberId)}?fields=display_phone_number` : `${API8}/me?fields=id`;
+        const probeUrl = phoneNumberId ? `${API7}/${encodeURIComponent(phoneNumberId)}?fields=display_phone_number` : `${API7}/me?fields=id`;
         const res = await fetch(probeUrl, {
           headers: { authorization: `Bearer ${accessToken}` },
           signal: AbortSignal.timeout(8e3)
@@ -6512,7 +6160,7 @@ function readAccessToken(creds) {
   }
   return creds.accessToken;
 }
-function readMetaString5(meta, key) {
+function readMetaString4(meta, key) {
   const v = meta[key];
   if (typeof v !== "string" || v.length === 0) {
     throw new Error(`whatsapp-business DataSource.metadata.${key} is missing \u2014 set it at connect-time from the Embedded Signup callback`);
@@ -6541,7 +6189,7 @@ function decodeBase64(value) {
   return bytes;
 }
 async function uploadMedia(inv, accessToken) {
-  const phoneNumberId = readMetaString5(inv.source.metadata, "phoneNumberId");
+  const phoneNumberId = readMetaString4(inv.source.metadata, "phoneNumberId");
   const { dataBase64, mimeType, filename } = inv.args;
   if (typeof dataBase64 !== "string" || dataBase64.length === 0) {
     throw new Error("whatsapp-business media.upload: dataBase64 is required");
@@ -6554,7 +6202,7 @@ async function uploadMedia(inv, accessToken) {
   form.set("messaging_product", "whatsapp");
   form.set("type", mimeType);
   form.set("file", new Blob([bytes], { type: mimeType }), filename ?? "upload");
-  const url = `${API8}/${encodeURIComponent(phoneNumberId)}/media`;
+  const url = `${API7}/${encodeURIComponent(phoneNumberId)}/media`;
   const res = await fetch(url, {
     method: "POST",
     headers: { authorization: `Bearer ${accessToken}` },
@@ -6577,7 +6225,7 @@ async function uploadMedia(inv, accessToken) {
   };
 }
 async function createTemplate(inv, accessToken) {
-  const wabaId = readMetaString5(inv.source.metadata, "wabaId");
+  const wabaId = readMetaString4(inv.source.metadata, "wabaId");
   const { name, language, category, components } = inv.args;
   if (typeof name !== "string" || name.length === 0) {
     throw new Error("whatsapp-business templates.create: name is required");
@@ -6591,7 +6239,7 @@ async function createTemplate(inv, accessToken) {
   if (!Array.isArray(components)) {
     throw new Error("whatsapp-business templates.create: components must be an array");
   }
-  const url = `${API8}/${encodeURIComponent(wabaId)}/message_templates`;
+  const url = `${API7}/${encodeURIComponent(wabaId)}/message_templates`;
   const res = await fetch(url, {
     method: "POST",
     headers: {
@@ -6617,7 +6265,7 @@ async function createTemplate(inv, accessToken) {
   };
 }
 async function deleteTemplate(inv, accessToken) {
-  const wabaId = readMetaString5(inv.source.metadata, "wabaId");
+  const wabaId = readMetaString4(inv.source.metadata, "wabaId");
   const { name, hsmId } = inv.args;
   if (typeof name !== "string" || name.length === 0) {
     throw new Error("whatsapp-business templates.delete: name is required");
@@ -6625,7 +6273,7 @@ async function deleteTemplate(inv, accessToken) {
   const params = new URLSearchParams();
   params.set("name", name);
   if (typeof hsmId === "string" && hsmId.length > 0) params.set("hsm_id", hsmId);
-  const url = `${API8}/${encodeURIComponent(wabaId)}/message_templates?${params.toString()}`;
+  const url = `${API7}/${encodeURIComponent(wabaId)}/message_templates?${params.toString()}`;
   const res = await fetch(url, {
     method: "DELETE",
     headers: { authorization: `Bearer ${accessToken}` },
@@ -6648,7 +6296,7 @@ async function deleteTemplate(inv, accessToken) {
 }
 
 // src/connectors/adapters/stripe-pack.ts
-var API9 = "https://api.stripe.com/v1";
+var API8 = "https://api.stripe.com/v1";
 var stripePackConnector = {
   manifest: {
     kind: "stripe-pack",
@@ -6848,7 +6496,7 @@ var stripePackConnector = {
       throw new Error(`stripe-pack: unknown read capability ${inv.capabilityName}`);
     }
     const { email } = inv.args;
-    const url = `${API9}/customers/search?query=${encodeURIComponent(`email:'${email.toLowerCase()}'`)}&limit=1`;
+    const url = `${API8}/customers/search?query=${encodeURIComponent(`email:'${email.toLowerCase()}'`)}&limit=1`;
     const res = await fetch(url, {
       headers: { authorization: `Bearer ${apiKey}` },
       signal: AbortSignal.timeout(1e4)
@@ -6881,7 +6529,7 @@ var stripePackConnector = {
   async test(source) {
     try {
       const apiKey = readApiKey(source.credentials);
-      const res = await fetch(`${API9}/account`, {
+      const res = await fetch(`${API8}/account`, {
         headers: { authorization: `Bearer ${apiKey}` },
         signal: AbortSignal.timeout(8e3)
       });
@@ -6907,7 +6555,7 @@ async function createInvoice(inv, apiKey) {
       quantity: String(it.quantity ?? 1)
     });
     if (it.description) body.set("description", it.description);
-    const res = await fetch(`${API9}/invoiceitems`, {
+    const res = await fetch(`${API8}/invoiceitems`, {
       method: "POST",
       headers: {
         authorization: `Bearer ${apiKey}`,
@@ -6932,7 +6580,7 @@ async function createInvoice(inv, apiKey) {
     collection_method: "send_invoice",
     days_until_due: "14"
   });
-  const invRes = await fetch(`${API9}/invoices`, {
+  const invRes = await fetch(`${API8}/invoices`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${apiKey}`,
@@ -6970,7 +6618,7 @@ async function createCheckoutSession(inv, apiKey) {
     body.set(`line_items[${i}][price]`, it.price);
     body.set(`line_items[${i}][quantity]`, String(it.quantity ?? 1));
   });
-  const res = await fetch(`${API9}/checkout/sessions`, {
+  const res = await fetch(`${API8}/checkout/sessions`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${apiKey}`,
@@ -7001,7 +6649,7 @@ async function listSubscriptions(inv, apiKey) {
   const params = new URLSearchParams({ customer: customerId, limit: String(limit ?? 10) });
   if (status && status !== "all") params.set("status", status);
   else params.set("status", "all");
-  const res = await fetch(`${API9}/subscriptions?${params.toString()}`, {
+  const res = await fetch(`${API8}/subscriptions?${params.toString()}`, {
     headers: { authorization: `Bearer ${apiKey}` },
     signal: AbortSignal.timeout(1e4)
   });
@@ -7036,7 +6684,7 @@ async function cancelSubscription(inv, apiKey) {
   let res;
   if (atPeriodEnd) {
     const body = new URLSearchParams({ cancel_at_period_end: "true" });
-    res = await fetch(`${API9}/subscriptions/${encodeURIComponent(subscriptionId)}`, {
+    res = await fetch(`${API8}/subscriptions/${encodeURIComponent(subscriptionId)}`, {
       method: "POST",
       headers: {
         authorization: `Bearer ${apiKey}`,
@@ -7047,7 +6695,7 @@ async function cancelSubscription(inv, apiKey) {
       signal: AbortSignal.timeout(15e3)
     });
   } else {
-    res = await fetch(`${API9}/subscriptions/${encodeURIComponent(subscriptionId)}`, {
+    res = await fetch(`${API8}/subscriptions/${encodeURIComponent(subscriptionId)}`, {
       method: "DELETE",
       headers: {
         authorization: `Bearer ${apiKey}`,
@@ -7082,7 +6730,7 @@ async function cancelSubscription(inv, apiKey) {
 async function createBillingPortalSession(inv, apiKey) {
   const { customerId, returnUrl } = inv.args;
   const body = new URLSearchParams({ customer: customerId, return_url: returnUrl });
-  const res = await fetch(`${API9}/billing_portal/sessions`, {
+  const res = await fetch(`${API8}/billing_portal/sessions`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${apiKey}`,
@@ -7130,7 +6778,7 @@ async function createPaymentIntent(inv, apiKey) {
       body.set(`metadata[${k}]`, String(v));
     }
   }
-  const res = await fetch(`${API9}/payment_intents`, {
+  const res = await fetch(`${API8}/payment_intents`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${apiKey}`,
@@ -7178,7 +6826,7 @@ async function createRefund(inv, apiKey) {
   if (args.charge) body.set("charge", args.charge);
   if (typeof args.amount === "number") body.set("amount", String(args.amount));
   if (args.reason) body.set("reason", args.reason);
-  const res = await fetch(`${API9}/refunds`, {
+  const res = await fetch(`${API8}/refunds`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${apiKey}`,
@@ -7226,7 +6874,7 @@ async function createCustomer(inv, apiKey) {
       body.set(`metadata[${k}]`, String(v));
     }
   }
-  const res = await fetch(`${API9}/customers`, {
+  const res = await fetch(`${API8}/customers`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${apiKey}`,
@@ -7302,7 +6950,7 @@ var webhookConnector = {
     ]
   },
   async executeRead(inv) {
-    const url = readMetaString6(inv.source.metadata, "url");
+    const url = readMetaString5(inv.source.metadata, "url");
     const params = inv.args && typeof inv.args === "object" ? inv.args : {};
     const u = new URL(url);
     for (const [k, v] of Object.entries(params)) {
@@ -7324,7 +6972,7 @@ var webhookConnector = {
     };
   },
   async executeMutation(inv) {
-    const url = readMetaString6(inv.source.metadata, "url");
+    const url = readMetaString5(inv.source.metadata, "url");
     const body = JSON.stringify(inv.args ?? {});
     const res = await fetch(url, {
       method: "POST",
@@ -7354,7 +7002,7 @@ var webhookConnector = {
   },
   async test(source) {
     try {
-      const url = readMetaString6(source.metadata, "url");
+      const url = readMetaString5(source.metadata, "url");
       const res = await fetch(url, {
         method: "HEAD",
         headers: signHeaders(source.credentials, "", `health-${Date.now()}`),
@@ -7367,7 +7015,7 @@ var webhookConnector = {
     }
   }
 };
-function readMetaString6(meta, key) {
+function readMetaString5(meta, key) {
   const v = meta[key];
   if (typeof v !== "string" || v.length === 0) {
     throw new Error(`webhook DataSource.metadata.${key} is missing`);
@@ -37415,8 +37063,8 @@ var SCOPES7 = [
   "request_signature",
   "signature_request_access"
 ];
-var AUTH_URL10 = "https://app.hellosign.com/oauth/authorize";
-var TOKEN_URL10 = "https://app.hellosign.com/oauth/token";
+var AUTH_URL9 = "https://app.hellosign.com/oauth/authorize";
+var TOKEN_URL9 = "https://app.hellosign.com/oauth/token";
 var DEFAULT_API_BASE = "https://api.hellosign.com/v3";
 function hellosign(opts) {
   const { clientId, clientSecret } = opts;
@@ -37429,11 +37077,15 @@ function hellosign(opts) {
       description: "Send documents for e-signature via Dropbox Sign templates, poll signature-request status, cancel in-flight requests, and react to push events when signers complete.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL10,
-        tokenUrl: TOKEN_URL10,
+        authorizationUrl: AUTH_URL9,
+        tokenUrl: TOKEN_URL9,
         scopes: SCOPES7,
         clientIdEnv: "HELLOSIGN_OAUTH_CLIENT_ID",
-        clientSecretEnv: "HELLOSIGN_OAUTH_CLIENT_SECRET"
+        clientSecretEnv: "HELLOSIGN_OAUTH_CLIENT_SECRET",
+        // Dropbox Sign rejects a per-request `scope` param ("Custom scopes
+        // are not supported yet") — scopes are pinned in the API app
+        // settings, so the authorization URL must omit scope.
+        sendScopeParam: false
       },
       category: "doc",
       defaultConsistencyModel: "authoritative",
@@ -37583,7 +37235,7 @@ function hellosign(opts) {
         throw new Error("Dropbox Sign OAuth client not configured (HELLOSIGN_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL10,
+        tokenUrl: TOKEN_URL9,
         clientId,
         clientSecret,
         code: input.code,
@@ -37606,7 +37258,7 @@ function hellosign(opts) {
         throw new Error("hellosign.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL10,
+        tokenUrl: TOKEN_URL9,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -37897,7 +37549,7 @@ async function ensureFreshAccessToken7(creds, clientId, clientSecret, inv) {
     throw new CredentialsExpired("Dropbox Sign access token expired and no refresh token", inv?.source.id ?? "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL10,
+    tokenUrl: TOKEN_URL9,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -37916,12 +37568,12 @@ async function ensureFreshAccessToken7(creds, clientId, clientSecret, inv) {
 
 // src/connectors/adapters/pandadoc.ts
 var SCOPES8 = ["read", "read+write"];
-var AUTH_URL11 = "https://app.pandadoc.com/oauth2/authorize";
-var TOKEN_URL11 = "https://api.pandadoc.com/oauth2/access_token";
-var API10 = "https://api.pandadoc.com/public/v1";
+var AUTH_URL10 = "https://app.pandadoc.com/oauth2/authorize";
+var TOKEN_URL10 = "https://api.pandadoc.com/oauth2/access_token";
+var API9 = "https://api.pandadoc.com/public/v1";
 function pandadoc(opts) {
   const { clientId, clientSecret } = opts;
-  const baseUrl = (opts.baseUrl ?? API10).replace(/\/$/, "");
+  const baseUrl = (opts.baseUrl ?? API9).replace(/\/$/, "");
   const timeoutMs = opts.timeoutMs ?? 3e4;
   const adapter = {
     manifest: {
@@ -37930,8 +37582,8 @@ function pandadoc(opts) {
       description: "Draft contracts and proposals from PandaDoc templates, send them for signature, poll signing status, and cancel in-flight documents.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL11,
-        tokenUrl: TOKEN_URL11,
+        authorizationUrl: AUTH_URL10,
+        tokenUrl: TOKEN_URL10,
         scopes: SCOPES8,
         clientIdEnv: "PANDADOC_OAUTH_CLIENT_ID",
         clientSecretEnv: "PANDADOC_OAUTH_CLIENT_SECRET"
@@ -38079,7 +37731,7 @@ function pandadoc(opts) {
         throw new Error("PandaDoc OAuth client not configured (PANDADOC_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL11,
+        tokenUrl: TOKEN_URL10,
         clientId,
         clientSecret,
         code: input.code,
@@ -38102,7 +37754,7 @@ function pandadoc(opts) {
         throw new Error("pandadoc.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL11,
+        tokenUrl: TOKEN_URL10,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -38410,7 +38062,7 @@ async function ensureFreshAccessTokenFromCreds(creds, clientId, clientSecret, on
     throw new CredentialsExpired("PandaDoc access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL11,
+    tokenUrl: TOKEN_URL10,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -38434,9 +38086,9 @@ var SCOPES9 = [
   "https://www.googleapis.com/auth/documents",
   "https://www.googleapis.com/auth/drive.file"
 ];
-var AUTH_URL12 = "https://accounts.google.com/o/oauth2/v2/auth";
-var TOKEN_URL12 = "https://oauth2.googleapis.com/token";
-var API11 = "https://docs.googleapis.com/v1";
+var AUTH_URL11 = "https://accounts.google.com/o/oauth2/v2/auth";
+var TOKEN_URL11 = "https://oauth2.googleapis.com/token";
+var API10 = "https://docs.googleapis.com/v1";
 var DRIVE_API = "https://www.googleapis.com/drive/v3";
 var EXPORT_MIME = {
   pdf: "application/pdf",
@@ -38460,8 +38112,8 @@ function googleDocs(opts) {
       description: "Read and draft into the user's Google Docs. Fetch a document's plaintext body, create a new doc from a title + initial body, and append text with optional revision-id CAS guarding concurrent edits.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL12,
-        tokenUrl: TOKEN_URL12,
+        authorizationUrl: AUTH_URL11,
+        tokenUrl: TOKEN_URL11,
         scopes: SCOPES9,
         clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
         clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET",
@@ -38575,7 +38227,7 @@ function googleDocs(opts) {
         throw new Error("Google OAuth client not configured (GOOGLE_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL12,
+        tokenUrl: TOKEN_URL11,
         clientId,
         clientSecret,
         code: input.code,
@@ -38598,7 +38250,7 @@ function googleDocs(opts) {
         throw new Error("google-docs.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL12,
+        tokenUrl: TOKEN_URL11,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -38652,7 +38304,7 @@ function findAppendIndex(doc) {
 }
 async function getDocument2(inv, accessToken, timeoutMs) {
   const { documentId } = inv.args ?? {};
-  const res = await fetch(`${API11}/documents/${encodeURIComponent(documentId)}`, {
+  const res = await fetch(`${API10}/documents/${encodeURIComponent(documentId)}`, {
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
   });
@@ -38686,7 +38338,7 @@ async function createDocument2(inv, accessToken, timeoutMs) {
   if (!title || typeof title !== "string") {
     throw new Error("google-docs create_document: title is required");
   }
-  const createRes = await fetch(`${API11}/documents`, {
+  const createRes = await fetch(`${API10}/documents`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -38706,7 +38358,7 @@ async function createDocument2(inv, accessToken, timeoutMs) {
   let revisionId = created.revisionId;
   if (typeof body === "string" && body.length > 0) {
     const insertRes = await fetch(
-      `${API11}/documents/${encodeURIComponent(created.documentId)}:batchUpdate`,
+      `${API10}/documents/${encodeURIComponent(created.documentId)}:batchUpdate`,
       {
         method: "POST",
         headers: {
@@ -38749,7 +38401,7 @@ async function appendText(inv, accessToken, timeoutMs) {
   if (!text) {
     throw new Error("google-docs append_text: text is required");
   }
-  const docRes = await fetch(`${API11}/documents/${encodeURIComponent(documentId)}?fields=documentId,revisionId,body(content(endIndex))`, {
+  const docRes = await fetch(`${API10}/documents/${encodeURIComponent(documentId)}?fields=documentId,revisionId,body(content(endIndex))`, {
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
   });
@@ -38779,7 +38431,7 @@ async function appendText(inv, accessToken, timeoutMs) {
     body.writeControl = { requiredRevisionId };
   }
   const res = await fetch(
-    `${API11}/documents/${encodeURIComponent(documentId)}:batchUpdate`,
+    `${API10}/documents/${encodeURIComponent(documentId)}:batchUpdate`,
     {
       method: "POST",
       headers: {
@@ -38900,7 +38552,7 @@ async function ensureFreshAccessToken9(creds, clientId, clientSecret) {
     throw new CredentialsExpired("Google Docs access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL12,
+    tokenUrl: TOKEN_URL11,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -38918,9 +38570,9 @@ var SCOPES10 = [
   "https://www.googleapis.com/auth/forms.responses.readonly",
   SCOPE_WRITE3
 ];
-var AUTH_URL13 = "https://accounts.google.com/o/oauth2/v2/auth";
-var TOKEN_URL13 = "https://oauth2.googleapis.com/token";
-var API12 = "https://forms.googleapis.com/v1";
+var AUTH_URL12 = "https://accounts.google.com/o/oauth2/v2/auth";
+var TOKEN_URL12 = "https://oauth2.googleapis.com/token";
+var API11 = "https://forms.googleapis.com/v1";
 function googleForms(opts) {
   const { clientId, clientSecret } = opts;
   const timeoutMs = opts.timeoutMs ?? 3e4;
@@ -38931,8 +38583,8 @@ function googleForms(opts) {
       description: "Read a Google Form's schema and paginate its responses for KB ingest, lead routing, or analytics. Returns answers keyed by questionId with the original item tree available for question\u2192title joins.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL13,
-        tokenUrl: TOKEN_URL13,
+        authorizationUrl: AUTH_URL12,
+        tokenUrl: TOKEN_URL12,
         scopes: SCOPES10,
         clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
         clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET",
@@ -39076,7 +38728,7 @@ function googleForms(opts) {
         throw new Error("Google OAuth client not configured (GOOGLE_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL13,
+        tokenUrl: TOKEN_URL12,
         clientId,
         clientSecret,
         code: input.code,
@@ -39099,7 +38751,7 @@ function googleForms(opts) {
         throw new Error("google-forms.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL13,
+        tokenUrl: TOKEN_URL12,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -39145,7 +38797,7 @@ function flattenAnswers(answers) {
 async function getForm(inv, accessToken, timeoutMs) {
   const { formId } = inv.args ?? {};
   if (!formId) throw new Error("google-forms get_form: formId is required");
-  const res = await fetch(`${API12}/forms/${encodeURIComponent(formId)}`, {
+  const res = await fetch(`${API11}/forms/${encodeURIComponent(formId)}`, {
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
   });
@@ -39180,7 +38832,7 @@ async function listResponses(inv, accessToken, timeoutMs) {
   if (pageToken) params.set("pageToken", pageToken);
   if (filter) params.set("filter", filter);
   const qs = params.toString();
-  const url = `${API12}/forms/${encodeURIComponent(formId)}/responses${qs ? `?${qs}` : ""}`;
+  const url = `${API11}/forms/${encodeURIComponent(formId)}/responses${qs ? `?${qs}` : ""}`;
   const res = await fetch(url, {
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
@@ -39217,7 +38869,7 @@ async function getResponse(inv, accessToken, timeoutMs) {
   if (!formId) throw new Error("google-forms get_response: formId is required");
   if (!responseId) throw new Error("google-forms get_response: responseId is required");
   const res = await fetch(
-    `${API12}/forms/${encodeURIComponent(formId)}/responses/${encodeURIComponent(responseId)}`,
+    `${API11}/forms/${encodeURIComponent(formId)}/responses/${encodeURIComponent(responseId)}`,
     {
       headers: { authorization: `Bearer ${accessToken}` },
       signal: AbortSignal.timeout(timeoutMs)
@@ -39251,7 +38903,7 @@ async function createForm(inv, accessToken, timeoutMs) {
   if (!title) throw new Error("google-forms create_form: title is required");
   const info = { title };
   if (documentTitle) info.documentTitle = documentTitle;
-  const res = await fetch(`${API12}/forms`, {
+  const res = await fetch(`${API11}/forms`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -39290,7 +38942,7 @@ async function batchUpdate(inv, accessToken, timeoutMs) {
   const body = { requests };
   if (typeof includeFormInResponse === "boolean") body.includeFormInResponse = includeFormInResponse;
   if (writeControl) body.writeControl = writeControl;
-  const res = await fetch(`${API12}/forms/${encodeURIComponent(formId)}:batchUpdate`, {
+  const res = await fetch(`${API11}/forms/${encodeURIComponent(formId)}:batchUpdate`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -39330,7 +38982,7 @@ async function ensureFreshAccessToken10(creds, clientId, clientSecret) {
     throw new CredentialsExpired("Google Forms access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL13,
+    tokenUrl: TOKEN_URL12,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -39351,8 +39003,8 @@ var SCOPES11 = [
   // offline_access is required on v2.0 to receive a refresh_token.
   "offline_access"
 ];
-var AUTH_URL14 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-var TOKEN_URL14 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+var AUTH_URL13 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+var TOKEN_URL13 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
 var GRAPH = "https://graph.microsoft.com/v1.0";
 function microsoftGraph(opts) {
   const { clientId, clientSecret } = opts;
@@ -39363,8 +39015,8 @@ function microsoftGraph(opts) {
       description: "Query the Microsoft 365 directory \u2014 look up users by email, list organizations, enumerate groups, and resolve group membership. Read-only identity surface shared across the Outlook, Teams, SharePoint, and OneDrive adapters.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL14,
-        tokenUrl: TOKEN_URL14,
+        authorizationUrl: AUTH_URL13,
+        tokenUrl: TOKEN_URL13,
         scopes: SCOPES11,
         clientIdEnv: "MS_OAUTH_CLIENT_ID",
         clientSecretEnv: "MS_OAUTH_CLIENT_SECRET"
@@ -39549,7 +39201,7 @@ function microsoftGraph(opts) {
         throw new Error("Microsoft OAuth client not configured (MS_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL14,
+        tokenUrl: TOKEN_URL13,
         clientId,
         clientSecret,
         code: input.code,
@@ -39572,7 +39224,7 @@ function microsoftGraph(opts) {
         throw new Error("microsoft-graph.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL14,
+        tokenUrl: TOKEN_URL13,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -39614,7 +39266,7 @@ async function ensureFreshAccessToken11(creds, clientId, clientSecret) {
     throw new CredentialsExpired("Microsoft Graph access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL14,
+    tokenUrl: TOKEN_URL13,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -39651,9 +39303,9 @@ var SCOPE_READ2 = "https://graph.microsoft.com/Mail.Read";
 var SCOPE_SEND2 = "https://graph.microsoft.com/Mail.Send";
 var SCOPE_RW = "https://graph.microsoft.com/Mail.ReadWrite";
 var SCOPE_OFFLINE = "offline_access";
-var AUTH_URL15 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-var TOKEN_URL15 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
-var API13 = "https://graph.microsoft.com/v1.0";
+var AUTH_URL14 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+var TOKEN_URL14 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+var API12 = "https://graph.microsoft.com/v1.0";
 function outlookMail(opts) {
   const { clientId, clientSecret } = opts;
   const timeoutMs = opts.timeoutMs ?? 3e4;
@@ -39665,8 +39317,8 @@ function outlookMail(opts) {
       description: "Read inbox messages from a Microsoft 365 / Outlook mailbox, fetch a single message with body + attachment manifest, reply on a conversation, and subscribe to a folder for new mail webhooks.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL15,
-        tokenUrl: TOKEN_URL15,
+        authorizationUrl: AUTH_URL14,
+        tokenUrl: TOKEN_URL14,
         scopes,
         clientIdEnv: "MS_OAUTH_CLIENT_ID",
         clientSecretEnv: "MS_OAUTH_CLIENT_SECRET"
@@ -39750,6 +39402,19 @@ function outlookMail(opts) {
                 type: "boolean",
                 default: false,
                 description: "When true, set Graph body.contentType=HTML and send body as HTML; otherwise text. Graph does NOT auto-derive a plain alternative \u2014 set html only when the body is HTML."
+              },
+              attachments: {
+                type: "array",
+                description: "Optional file attachments. Each item is { name, contentType?, contentBytes } where contentBytes is base64-encoded file data. Sent as Graph #microsoft.graph.fileAttachment entries.",
+                items: {
+                  type: "object",
+                  properties: {
+                    name: { type: "string" },
+                    contentType: { type: "string" },
+                    contentBytes: { type: "string", description: "Base64-encoded attachment bytes." }
+                  },
+                  required: ["name", "contentBytes"]
+                }
               }
             },
             required: ["to", "subject", "body"]
@@ -39780,6 +39445,19 @@ function outlookMail(opts) {
                 type: "boolean",
                 default: false,
                 description: "When true, set Graph body.contentType=HTML; otherwise text."
+              },
+              attachments: {
+                type: "array",
+                description: "Optional file attachments. Each item is { name, contentType?, contentBytes } where contentBytes is base64-encoded file data. Stored as Graph #microsoft.graph.fileAttachment entries on the draft.",
+                items: {
+                  type: "object",
+                  properties: {
+                    name: { type: "string" },
+                    contentType: { type: "string" },
+                    contentBytes: { type: "string", description: "Base64-encoded attachment bytes." }
+                  },
+                  required: ["name", "contentBytes"]
+                }
               }
             },
             required: ["to", "subject", "body"]
@@ -39802,6 +39480,94 @@ function outlookMail(opts) {
             },
             required: ["notificationUrl"]
           }
+        },
+        {
+          name: "forward_message",
+          class: "mutation",
+          description: "Forward an existing message to one or more recipients with an optional comment. Graph POST /me/messages/{id}/forward.",
+          cas: "native-idempotency",
+          externalEffect: true,
+          requiredScopes: [SCOPE_SEND2],
+          parameters: {
+            type: "object",
+            properties: {
+              messageId: { type: "string", description: "Graph message id to forward." },
+              to: {
+                oneOf: [
+                  { type: "string" },
+                  { type: "array", items: { type: "string" } }
+                ],
+                description: "Recipient address(es). String OR array of strings."
+              },
+              comment: { type: "string", description: "Optional comment prepended to the forwarded body." }
+            },
+            required: ["messageId", "to"]
+          }
+        },
+        {
+          name: "move_message",
+          class: "mutation",
+          description: "Move a message to a destination mail folder by id (or well-known name like inbox/archive). Graph POST /me/messages/{id}/move; returns the relocated message (new id).",
+          cas: "native-idempotency",
+          externalEffect: true,
+          requiredScopes: [SCOPE_RW],
+          parameters: {
+            type: "object",
+            properties: {
+              messageId: { type: "string", description: "Graph message id to move." },
+              destinationId: { type: "string", description: "Destination folder id or well-known name (inbox, archive, deleteditems, ...)." }
+            },
+            required: ["messageId", "destinationId"]
+          }
+        },
+        {
+          name: "set_labels",
+          class: "mutation",
+          description: "Set the full set of Outlook categories (labels) on a message. Graph PATCH /me/messages/{id} replaces the categories array, so supply the complete desired set (the caller computes adds/removes against the current set).",
+          cas: "optimistic-read-verify",
+          externalEffect: false,
+          requiredScopes: [SCOPE_RW],
+          parameters: {
+            type: "object",
+            properties: {
+              messageId: { type: "string", description: "Graph message id to tag." },
+              categories: {
+                type: "array",
+                items: { type: "string" },
+                description: "Full desired category set. Graph replaces (not merges) the categories array."
+              }
+            },
+            required: ["messageId", "categories"]
+          }
+        },
+        {
+          name: "send_draft",
+          class: "mutation",
+          description: "Send a previously created draft message by id. Graph POST /me/messages/{id}/send. Pairs with create_draft.",
+          cas: "native-idempotency",
+          externalEffect: true,
+          requiredScopes: [SCOPE_SEND2],
+          parameters: {
+            type: "object",
+            properties: {
+              messageId: { type: "string", description: "Graph draft message id to send." }
+            },
+            required: ["messageId"]
+          }
+        },
+        {
+          name: "download_attachment",
+          class: "read",
+          description: "Read an attachment record for a message including base64 contentBytes for file attachments. Graph GET /me/messages/{messageId}/attachments/{attachmentId}. Fills the attachment-bytes gap that read_message defers.",
+          requiredScopes: [SCOPE_READ2],
+          parameters: {
+            type: "object",
+            properties: {
+              messageId: { type: "string", description: "Graph message id owning the attachment." },
+              attachmentId: { type: "string", description: "Graph attachment id (from read_message attachments[].id)." }
+            },
+            required: ["messageId", "attachmentId"]
+          }
         }
       ]
     },
@@ -39809,6 +39575,7 @@ function outlookMail(opts) {
       const accessToken = await ensureFreshAccessToken12(inv.source.credentials, clientId, clientSecret, inv.onCredentialsRotated);
       if (inv.capabilityName === "list_messages") return listMessages2(inv, accessToken, timeoutMs);
       if (inv.capabilityName === "read_message") return readMessage2(inv, accessToken, timeoutMs);
+      if (inv.capabilityName === "download_attachment") return downloadAttachment(inv, accessToken, timeoutMs);
       throw new Error(`outlook-mail: unknown read capability ${inv.capabilityName}`);
     },
     async executeMutation(inv) {
@@ -39817,6 +39584,10 @@ function outlookMail(opts) {
       if (inv.capabilityName === "send_message") return sendMessage(inv, accessToken, timeoutMs);
       if (inv.capabilityName === "create_draft") return createDraft(inv, accessToken, timeoutMs);
       if (inv.capabilityName === "subscribe_folder") return subscribeFolder(inv, accessToken, timeoutMs);
+      if (inv.capabilityName === "forward_message") return forwardMessage(inv, accessToken, timeoutMs);
+      if (inv.capabilityName === "move_message") return moveMessage(inv, accessToken, timeoutMs);
+      if (inv.capabilityName === "set_labels") return setLabels(inv, accessToken, timeoutMs);
+      if (inv.capabilityName === "send_draft") return sendDraft(inv, accessToken, timeoutMs);
       throw new Error(`outlook-mail: unknown mutation capability ${inv.capabilityName}`);
     },
     async exchangeOAuth(input) {
@@ -39824,7 +39595,7 @@ function outlookMail(opts) {
         throw new Error("Outlook Mail OAuth client not configured (MS_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL15,
+        tokenUrl: TOKEN_URL14,
         clientId,
         clientSecret,
         code: input.code,
@@ -39847,7 +39618,7 @@ function outlookMail(opts) {
         throw new Error("outlook-mail.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL15,
+        tokenUrl: TOKEN_URL14,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -39862,7 +39633,7 @@ function outlookMail(opts) {
     async test(source) {
       try {
         const accessToken = await ensureFreshAccessToken12(source.credentials, clientId, clientSecret);
-        const res = await fetch(`${API13}/me?$select=id,userPrincipalName`, {
+        const res = await fetch(`${API12}/me?$select=id,userPrincipalName`, {
           headers: { authorization: `Bearer ${accessToken}` },
           signal: AbortSignal.timeout(8e3)
         });
@@ -39890,7 +39661,7 @@ async function listMessages2(inv, accessToken, timeoutMs) {
   if (args.skipToken) params.set("$skiptoken", args.skipToken);
   const headers = { authorization: `Bearer ${accessToken}` };
   if (args.query) headers["ConsistencyLevel"] = "eventual";
-  const res = await fetch(`${API13}/me/mailFolders/${folder}/messages?${params.toString()}`, {
+  const res = await fetch(`${API12}/me/mailFolders/${folder}/messages?${params.toString()}`, {
     headers,
     signal: AbortSignal.timeout(timeoutMs)
   });
@@ -39924,7 +39695,7 @@ function toMessageSummary2(m) {
 }
 async function readMessage2(inv, accessToken, timeoutMs) {
   const { id } = inv.args;
-  const url = `${API13}/me/messages/${encodeURIComponent(id)}?$expand=attachments($select=id,name,contentType,size,isInline)`;
+  const url = `${API12}/me/messages/${encodeURIComponent(id)}?$expand=attachments($select=id,name,contentType,size,isInline)`;
   const res = await fetch(url, {
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
@@ -39967,7 +39738,7 @@ async function readMessage2(inv, accessToken, timeoutMs) {
 async function sendReply2(inv, accessToken, timeoutMs) {
   const { messageId, body, bodyType, replyAll, comment } = inv.args;
   const action = replyAll ? "createReplyAll" : "createReply";
-  const draftRes = await fetch(`${API13}/me/messages/${encodeURIComponent(messageId)}/${action}`, {
+  const draftRes = await fetch(`${API12}/me/messages/${encodeURIComponent(messageId)}/${action}`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -39990,7 +39761,7 @@ async function sendReply2(inv, accessToken, timeoutMs) {
       { name: "X-Tangle-Idempotency-Key", value: inv.idempotencyKey }
     ]
   };
-  const patchRes = await fetch(`${API13}/me/messages/${encodeURIComponent(draft.id)}`, {
+  const patchRes = await fetch(`${API12}/me/messages/${encodeURIComponent(draft.id)}`, {
     method: "PATCH",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -40006,7 +39777,7 @@ async function sendReply2(inv, accessToken, timeoutMs) {
     const text = await patchRes.text().catch(() => "");
     throw new Error(`outlook-mail send_reply patch ${patchRes.status}: ${text.slice(0, 200)}`);
   }
-  const sendRes = await fetch(`${API13}/me/messages/${encodeURIComponent(draft.id)}/send`, {
+  const sendRes = await fetch(`${API12}/me/messages/${encodeURIComponent(draft.id)}/send`, {
     method: "POST",
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
@@ -40053,12 +39824,25 @@ function buildMessagePayload(args, idempotencyKey, cap) {
   if (args.bcc?.length) {
     payload.bccRecipients = args.bcc.map((address) => ({ emailAddress: { address } }));
   }
+  if (args.attachments?.length) {
+    payload.attachments = args.attachments.map((a) => {
+      if (!a?.name) throw new Error(`outlook-mail ${cap}: attachment \`name\` is required`);
+      if (!a?.contentBytes) throw new Error(`outlook-mail ${cap}: attachment \`contentBytes\` (base64) is required`);
+      const att = {
+        "@odata.type": "#microsoft.graph.fileAttachment",
+        name: a.name,
+        contentBytes: a.contentBytes
+      };
+      if (a.contentType) att.contentType = a.contentType;
+      return att;
+    });
+  }
   return payload;
 }
 async function sendMessage(inv, accessToken, timeoutMs) {
   const args = inv.args ?? {};
   const message = buildMessagePayload(args, inv.idempotencyKey, "send_message");
-  const res = await fetch(`${API13}/me/sendMail`, {
+  const res = await fetch(`${API12}/me/sendMail`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -40088,7 +39872,7 @@ async function sendMessage(inv, accessToken, timeoutMs) {
 async function createDraft(inv, accessToken, timeoutMs) {
   const args = inv.args ?? {};
   const message = buildMessagePayload(args, inv.idempotencyKey, "create_draft");
-  const res = await fetch(`${API13}/me/messages`, {
+  const res = await fetch(`${API12}/me/messages`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -40129,7 +39913,7 @@ async function subscribeFolder(inv, accessToken, timeoutMs) {
     expirationDateTime,
     clientState: clientState ?? inv.idempotencyKey
   };
-  const res = await fetch(`${API13}/subscriptions`, {
+  const res = await fetch(`${API12}/subscriptions`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -40158,6 +39942,162 @@ async function subscribeFolder(inv, accessToken, timeoutMs) {
     idempotentReplay: false
   };
 }
+async function forwardMessage(inv, accessToken, timeoutMs) {
+  const { messageId, to, comment } = inv.args;
+  if (!messageId) throw new Error("outlook-mail forward_message: `messageId` is required");
+  if (!to || Array.isArray(to) && to.length === 0) {
+    throw new Error("outlook-mail forward_message: `to` is required");
+  }
+  const toList = Array.isArray(to) ? to : [to];
+  const toRecipients = toList.map((address) => ({ emailAddress: { address } }));
+  const fwdBody = {
+    toRecipients
+  };
+  if (comment !== void 0) fwdBody.comment = comment;
+  const res = await fetch(`${API12}/me/messages/${encodeURIComponent(messageId)}/forward`, {
+    method: "POST",
+    headers: {
+      authorization: `Bearer ${accessToken}`,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify(fwdBody),
+    signal: AbortSignal.timeout(timeoutMs)
+  });
+  if (res.status === 401 || res.status === 403) {
+    throw new CredentialsExpired(`Outlook Mail rejected token (${res.status})`, inv.source.id);
+  }
+  if (!res.ok && res.status !== 202) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`outlook-mail forward_message ${res.status}: ${text.slice(0, 200)}`);
+  }
+  return {
+    status: "committed",
+    data: { forwarded: true, messageId, to: toList },
+    committedAt: Date.now(),
+    idempotentReplay: false
+  };
+}
+async function moveMessage(inv, accessToken, timeoutMs) {
+  const { messageId, destinationId } = inv.args;
+  if (!messageId) throw new Error("outlook-mail move_message: `messageId` is required");
+  if (!destinationId) throw new Error("outlook-mail move_message: `destinationId` is required");
+  const res = await fetch(`${API12}/me/messages/${encodeURIComponent(messageId)}/move`, {
+    method: "POST",
+    headers: {
+      authorization: `Bearer ${accessToken}`,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({ destinationId }),
+    signal: AbortSignal.timeout(timeoutMs)
+  });
+  if (res.status === 401 || res.status === 403) {
+    throw new CredentialsExpired(`Outlook Mail rejected token (${res.status})`, inv.source.id);
+  }
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`outlook-mail move_message ${res.status}: ${text.slice(0, 200)}`);
+  }
+  const json = await res.json().catch(() => ({}));
+  return {
+    status: "committed",
+    data: {
+      moved: true,
+      messageId: json.id ?? messageId,
+      parentFolderId: json.parentFolderId ?? destinationId,
+      destinationId
+    },
+    committedAt: Date.now(),
+    idempotentReplay: false
+  };
+}
+async function setLabels(inv, accessToken, timeoutMs) {
+  const { messageId, categories } = inv.args;
+  if (!messageId) throw new Error("outlook-mail set_labels: `messageId` is required");
+  if (!Array.isArray(categories)) {
+    throw new Error("outlook-mail set_labels: `categories` must be an array (the full desired set)");
+  }
+  const res = await fetch(`${API12}/me/messages/${encodeURIComponent(messageId)}`, {
+    method: "PATCH",
+    headers: {
+      authorization: `Bearer ${accessToken}`,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({ categories }),
+    signal: AbortSignal.timeout(timeoutMs)
+  });
+  if (res.status === 401 || res.status === 403) {
+    throw new CredentialsExpired(`Outlook Mail rejected token (${res.status})`, inv.source.id);
+  }
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`outlook-mail set_labels ${res.status}: ${text.slice(0, 200)}`);
+  }
+  const json = await res.json().catch(() => ({}));
+  return {
+    status: "committed",
+    data: {
+      messageId: json.id ?? messageId,
+      categories: json.categories ?? categories
+    },
+    committedAt: Date.now(),
+    idempotentReplay: false
+  };
+}
+async function sendDraft(inv, accessToken, timeoutMs) {
+  const { messageId } = inv.args;
+  if (!messageId) throw new Error("outlook-mail send_draft: `messageId` is required");
+  const res = await fetch(`${API12}/me/messages/${encodeURIComponent(messageId)}/send`, {
+    method: "POST",
+    headers: { authorization: `Bearer ${accessToken}` },
+    signal: AbortSignal.timeout(timeoutMs)
+  });
+  if (res.status === 401 || res.status === 403) {
+    throw new CredentialsExpired(`Outlook Mail rejected token (${res.status})`, inv.source.id);
+  }
+  if (!res.ok && res.status !== 202) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`outlook-mail send_draft ${res.status}: ${text.slice(0, 200)}`);
+  }
+  return {
+    status: "committed",
+    data: { sent: true, messageId },
+    committedAt: Date.now(),
+    idempotentReplay: false
+  };
+}
+async function downloadAttachment(inv, accessToken, timeoutMs) {
+  const { messageId, attachmentId } = inv.args;
+  const url = `${API12}/me/messages/${encodeURIComponent(messageId)}/attachments/${encodeURIComponent(attachmentId)}`;
+  const res = await fetch(url, {
+    headers: { authorization: `Bearer ${accessToken}` },
+    signal: AbortSignal.timeout(timeoutMs)
+  });
+  if (res.status === 401 || res.status === 403) {
+    throw new CredentialsExpired(`Outlook Mail rejected token (${res.status})`, inv.source.id);
+  }
+  if (res.status === 404) {
+    throw new Error(`outlook-mail download_attachment: attachment ${attachmentId} on message ${messageId} not found`);
+  }
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`outlook-mail download_attachment ${res.status}: ${text.slice(0, 200)}`);
+  }
+  const a = await res.json();
+  return {
+    data: {
+      id: a.id ?? attachmentId,
+      name: a.name ?? "",
+      contentType: a.contentType ?? "application/octet-stream",
+      size: a.size ?? 0,
+      isInline: a.isInline ?? false,
+      attachmentType: a["@odata.type"],
+      // Base64 bytes for file attachments; null for item/reference attachments
+      // which carry no inline contentBytes.
+      contentBytes: a.contentBytes ?? null
+    },
+    fetchedAt: Date.now()
+  };
+}
 async function ensureFreshAccessToken12(creds, clientId, clientSecret, onCredentialsRotated) {
   if (creds.kind !== "oauth2") {
     throw new Error("outlook-mail: expected oauth2 credentials");
@@ -40169,7 +40109,7 @@ async function ensureFreshAccessToken12(creds, clientId, clientSecret, onCredent
     throw new CredentialsExpired("Outlook Mail access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL15,
+    tokenUrl: TOKEN_URL14,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -40197,8 +40137,8 @@ var SCOPES12 = [
   // offline_access is required on v2.0 to receive a refresh_token.
   "offline_access"
 ];
-var AUTH_URL16 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-var TOKEN_URL16 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+var AUTH_URL15 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+var TOKEN_URL15 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
 var GRAPH2 = "https://graph.microsoft.com/v1.0";
 function microsoftTeams(opts) {
   const { clientId, clientSecret } = opts;
@@ -40209,8 +40149,8 @@ function microsoftTeams(opts) {
       description: "Post messages from the agent into Microsoft Teams channels and 1:1/group chats, list teams and channels, and look up users by email. Advisory surface \u2014 Teams posts are informational, not transactional.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL16,
-        tokenUrl: TOKEN_URL16,
+        authorizationUrl: AUTH_URL15,
+        tokenUrl: TOKEN_URL15,
         scopes: SCOPES12,
         clientIdEnv: "MS_OAUTH_CLIENT_ID",
         clientSecretEnv: "MS_OAUTH_CLIENT_SECRET"
@@ -40396,7 +40336,7 @@ function microsoftTeams(opts) {
         throw new Error("Microsoft OAuth client not configured (MS_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL16,
+        tokenUrl: TOKEN_URL15,
         clientId,
         clientSecret,
         code: input.code,
@@ -40419,7 +40359,7 @@ function microsoftTeams(opts) {
         throw new Error("microsoft-teams.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL16,
+        tokenUrl: TOKEN_URL15,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -40461,7 +40401,7 @@ async function ensureFreshAccessToken13(creds, clientId, clientSecret) {
     throw new CredentialsExpired("Microsoft Teams access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL16,
+    tokenUrl: TOKEN_URL15,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -40513,9 +40453,9 @@ function escapeOData2(value) {
 var SCOPE_READ3 = "https://graph.microsoft.com/Files.Read";
 var SCOPE_WRITE4 = "https://graph.microsoft.com/Files.ReadWrite";
 var SCOPE_OFFLINE2 = "offline_access";
-var AUTH_URL17 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-var TOKEN_URL17 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
-var API14 = "https://graph.microsoft.com/v1.0";
+var AUTH_URL16 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+var TOKEN_URL16 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+var API13 = "https://graph.microsoft.com/v1.0";
 function oneDrive(opts) {
   const { clientId, clientSecret } = opts;
   const timeoutMs = opts.timeoutMs ?? 3e4;
@@ -40527,8 +40467,8 @@ function oneDrive(opts) {
       description: "Read and watch files in the user's OneDrive. List a folder, fetch a document's contents (Word/Excel/PowerPoint/PDF/images), and subscribe to folder change notifications via Graph subscriptions.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL17,
-        tokenUrl: TOKEN_URL17,
+        authorizationUrl: AUTH_URL16,
+        tokenUrl: TOKEN_URL16,
         scopes,
         clientIdEnv: "MS_OAUTH_CLIENT_ID",
         clientSecretEnv: "MS_OAUTH_CLIENT_SECRET"
@@ -40705,7 +40645,7 @@ function oneDrive(opts) {
         throw new Error("OneDrive OAuth client not configured (MS_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL17,
+        tokenUrl: TOKEN_URL16,
         clientId,
         clientSecret,
         code: input.code,
@@ -40728,7 +40668,7 @@ function oneDrive(opts) {
         throw new Error("onedrive.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL17,
+        tokenUrl: TOKEN_URL16,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -40743,7 +40683,7 @@ function oneDrive(opts) {
     async test(source) {
       try {
         const accessToken = await ensureFreshAccessToken14(source.credentials, clientId, clientSecret);
-        const res = await fetch(`${API14}/me/drive?$select=id`, {
+        const res = await fetch(`${API13}/me/drive?$select=id`, {
           headers: { authorization: `Bearer ${accessToken}` },
           signal: AbortSignal.timeout(8e3)
         });
@@ -40772,7 +40712,7 @@ async function listFiles2(inv, accessToken, timeoutMs) {
   if (args.query) headers["ConsistencyLevel"] = "eventual";
   const path = args.folderId ? `/me/drive/items/${encodeURIComponent(args.folderId)}/children` : "/me/drive/root/children";
   const useSearchEndpoint = !!args.query && !args.folderId;
-  const url = useSearchEndpoint ? `${API14}/me/drive/root/search(q=${encodeURIComponent(`'${args.query.replace(/'/g, "''")}'`)})?${stripSearch(params).toString()}` : `${API14}${path}?${params.toString()}`;
+  const url = useSearchEndpoint ? `${API13}/me/drive/root/search(q=${encodeURIComponent(`'${args.query.replace(/'/g, "''")}'`)})?${stripSearch(params).toString()}` : `${API13}${path}?${params.toString()}`;
   const res = await fetch(url, {
     headers,
     signal: AbortSignal.timeout(timeoutMs)
@@ -40802,7 +40742,7 @@ function stripSearch(params) {
 async function readFile2(inv, accessToken, timeoutMs) {
   const { fileId } = inv.args ?? {};
   if (!fileId) throw new Error("onedrive read_file: fileId is required");
-  const metaUrl = `${API14}/me/drive/items/${encodeURIComponent(fileId)}?$select=id,name,eTag,lastModifiedDateTime,size,file,folder`;
+  const metaUrl = `${API13}/me/drive/items/${encodeURIComponent(fileId)}?$select=id,name,eTag,lastModifiedDateTime,size,file,folder`;
   const metaRes = await fetch(metaUrl, {
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
@@ -40823,7 +40763,7 @@ async function readFile2(inv, accessToken, timeoutMs) {
   }
   const mimeType = meta.file?.mimeType ?? "application/octet-stream";
   const fetchedAt = Date.now();
-  const contentRes = await fetch(`${API14}/me/drive/items/${encodeURIComponent(fileId)}/content`, {
+  const contentRes = await fetch(`${API13}/me/drive/items/${encodeURIComponent(fileId)}/content`, {
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
   });
@@ -40876,7 +40816,7 @@ async function watchFolder2(inv, accessToken, timeoutMs) {
     expirationDateTime,
     clientState: clientState ?? inv.idempotencyKey
   };
-  const res = await fetch(`${API14}/subscriptions`, {
+  const res = await fetch(`${API13}/subscriptions`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -40916,7 +40856,7 @@ async function uploadFile3(inv, accessToken, timeoutMs) {
   }
   const body = encoding === "base64" ? Buffer.from(fileContent, "base64") : Buffer.from(fileContent, "utf-8");
   const parentSegment = folderId === "root" ? "/me/drive/root" : `/me/drive/items/${encodeURIComponent(folderId)}`;
-  const url = `${API14}${parentSegment}:/${encodeURIComponent(fileName)}:/content`;
+  const url = `${API13}${parentSegment}:/${encodeURIComponent(fileName)}:/content`;
   const res = await fetch(url, {
     method: "PUT",
     headers: {
@@ -40952,7 +40892,7 @@ async function uploadFile3(inv, accessToken, timeoutMs) {
 async function deleteItem(inv, accessToken, timeoutMs) {
   const { itemId } = inv.args ?? {};
   if (!itemId) throw new Error("onedrive files.delete: itemId is required");
-  const res = await fetch(`${API14}${itemPath(itemId)}`, {
+  const res = await fetch(`${API13}${itemPath(itemId)}`, {
     method: "DELETE",
     headers: { authorization: `Bearer ${accessToken}` },
     signal: AbortSignal.timeout(timeoutMs)
@@ -40990,7 +40930,7 @@ async function moveItem(inv, accessToken, timeoutMs) {
     body.parentReference = newParentId === "root" ? { path: "/drive/root" } : { id: newParentId };
   }
   if (newName) body.name = newName;
-  const res = await fetch(`${API14}${itemPath(itemId)}`, {
+  const res = await fetch(`${API13}${itemPath(itemId)}`, {
     method: "PATCH",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -41030,7 +40970,7 @@ async function shareItem(inv, accessToken, timeoutMs) {
   };
   if (password) body.password = password;
   if (expirationDateTime) body.expirationDateTime = expirationDateTime;
-  const res = await fetch(`${API14}${itemPath(itemId)}/createLink`, {
+  const res = await fetch(`${API13}${itemPath(itemId)}/createLink`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -41069,7 +41009,7 @@ async function createFolder2(inv, accessToken, timeoutMs) {
     folder: {},
     "@microsoft.graph.conflictBehavior": conflictBehavior ?? "fail"
   };
-  const res = await fetch(`${API14}${parentSegment}`, {
+  const res = await fetch(`${API13}${parentSegment}`, {
     method: "POST",
     headers: {
       authorization: `Bearer ${accessToken}`,
@@ -41111,7 +41051,7 @@ async function ensureFreshAccessToken14(creds, clientId, clientSecret, onCredent
     throw new CredentialsExpired("OneDrive access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL17,
+    tokenUrl: TOKEN_URL16,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -41130,13 +41070,13 @@ async function ensureFreshAccessToken14(creds, clientId, clientSecret, onCredent
 
 // src/connectors/adapters/sharepoint.ts
 var SCOPES13 = [
-  "https://graph.microsoft.com/Sites.Read.All",
+  "https://graph.microsoft.com/Sites.ReadWrite.All",
   "https://graph.microsoft.com/Files.ReadWrite.All",
   // offline_access is required on v2.0 to receive a refresh_token.
   "offline_access"
 ];
-var AUTH_URL18 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
-var TOKEN_URL18 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+var AUTH_URL17 = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+var TOKEN_URL17 = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
 var GRAPH3 = "https://graph.microsoft.com/v1.0";
 var MAX_INLINE_BYTES = 4 * 1024 * 1024;
 function sharepoint(opts) {
@@ -41148,8 +41088,8 @@ function sharepoint(opts) {
       description: "Let your agent discover SharePoint sites, list/search their document libraries, read small file contents, upload files, and create folders. Etag-CAS available on every DriveItem for follow-up patch/delete flows.",
       auth: {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL18,
-        tokenUrl: TOKEN_URL18,
+        authorizationUrl: AUTH_URL17,
+        tokenUrl: TOKEN_URL17,
         scopes: SCOPES13,
         clientIdEnv: "MS_OAUTH_CLIENT_ID",
         clientSecretEnv: "MS_OAUTH_CLIENT_SECRET"
@@ -41352,6 +41292,136 @@ function sharepoint(opts) {
             },
             required: ["siteId", "listId", "fields"]
           }
+        },
+        {
+          name: "get_site_info",
+          class: "read",
+          description: "Read the metadata for a SharePoint site by site id (id, name, displayName, webUrl, description).",
+          parameters: {
+            type: "object",
+            properties: {
+              siteId: { type: "string", description: 'Graph site id (composite "host,site-id,web-id").' }
+            },
+            required: ["siteId"]
+          }
+        },
+        {
+          name: "lists.items.find",
+          class: "read",
+          description: "List items in a SharePoint list, optionally filtered with $filter and shaped with $expand (e.g. fields($select=...)).",
+          parameters: {
+            type: "object",
+            properties: {
+              siteId: { type: "string", description: "Graph site id." },
+              listId: { type: "string", description: "SharePoint list id (or list display name resolved by the caller)." },
+              filter: { type: "string", description: "Optional OData $filter expression." },
+              expand: { type: "string", description: "Optional OData $expand, e.g. fields($select=Title,Status)." },
+              top: { type: "integer", minimum: 1, maximum: 200, default: 50 }
+            },
+            required: ["siteId", "listId"]
+          }
+        },
+        {
+          name: "copy_item",
+          class: "mutation",
+          description: "Copy a file or folder DriveItem. Graph copy is asynchronous \u2014 it returns 202 Accepted with a Location monitor URL rather than the new DriveItem. Supply either a cross-drive parentReference (driveId + id) or a same-site target parent id via targetParentId; optionally rename via name.",
+          cas: "native-idempotency",
+          externalEffect: true,
+          parameters: {
+            type: "object",
+            properties: {
+              siteId: { type: "string", description: "Graph site id." },
+              itemId: { type: "string", description: "DriveItem id of the file or folder to copy." },
+              parentReference: {
+                type: "object",
+                description: "Cross-drive destination reference (driveId + id). Provide this OR targetParentId.",
+                additionalProperties: true
+              },
+              targetParentId: {
+                type: "string",
+                description: "Same-site destination parent folder DriveItem id. Provide this OR parentReference."
+              },
+              name: { type: "string", description: "Optional new name for the copied item." }
+            },
+            required: ["siteId", "itemId"]
+          }
+        },
+        {
+          name: "lists.create",
+          class: "mutation",
+          description: "Create a SharePoint list on the site. displayName is required; columns and list (e.g. { template }) are optional.",
+          cas: "native-idempotency",
+          externalEffect: true,
+          parameters: {
+            type: "object",
+            properties: {
+              siteId: { type: "string", description: "Graph site id." },
+              displayName: { type: "string", description: "Display name of the new list." },
+              columns: {
+                type: "array",
+                description: "Optional column definitions for the list.",
+                items: { type: "object", additionalProperties: true }
+              },
+              list: {
+                type: "object",
+                description: 'Optional list facet, e.g. { template: "genericList" }.',
+                additionalProperties: true
+              }
+            },
+            required: ["siteId", "displayName"]
+          }
+        },
+        {
+          name: "lists.items.update",
+          class: "mutation",
+          description: "Patch the fields on an existing list item. Supports etag-CAS via If-Match \u2014 pass the item's etag to guard against concurrent writes; a mismatch surfaces as ResourceContention.",
+          cas: "etag-if-match",
+          externalEffect: true,
+          parameters: {
+            type: "object",
+            properties: {
+              siteId: { type: "string", description: "Graph site id." },
+              listId: { type: "string", description: "SharePoint list id." },
+              itemId: { type: "string", description: "List item id to update." },
+              fields: {
+                type: "object",
+                description: "Map of column internal-name \u2192 new value.",
+                additionalProperties: true
+              }
+            },
+            required: ["siteId", "listId", "itemId", "fields"]
+          }
+        },
+        {
+          name: "lists.items.delete",
+          class: "mutation",
+          description: "Delete a list item by id. Graph returns 204 on success. (siteId, listId, itemId) is the natural idempotency tuple \u2014 a re-delete of a missing item surfaces as 404 mapped to a tombstone result.",
+          cas: "native-idempotency",
+          externalEffect: true,
+          parameters: {
+            type: "object",
+            properties: {
+              siteId: { type: "string", description: "Graph site id." },
+              listId: { type: "string", description: "SharePoint list id." },
+              itemId: { type: "string", description: "List item id to delete." }
+            },
+            required: ["siteId", "listId", "itemId"]
+          }
+        },
+        {
+          name: "pages.publish",
+          class: "mutation",
+          description: "Publish a SharePoint site page by page id.",
+          cas: "native-idempotency",
+          externalEffect: true,
+          parameters: {
+            type: "object",
+            properties: {
+              siteId: { type: "string", description: "Graph site id." },
+              pageId: { type: "string", description: "Site page id to publish." }
+            },
+            required: ["siteId", "pageId"]
+          }
         }
       ]
     },
@@ -41501,6 +41571,41 @@ function sharepoint(opts) {
           fetchedAt: Date.now()
         };
       }
+      if (inv.capabilityName === "get_site_info") {
+        const { siteId } = inv.args;
+        const url = `${GRAPH3}/sites/${encodeURIComponent(siteId)}?$select=id,name,displayName,webUrl,description`;
+        const site = await graphGet4(url, accessToken, inv.source.id);
+        return {
+          data: {
+            id: site.id,
+            name: site.displayName ?? site.name,
+            webUrl: site.webUrl,
+            description: site.description
+          },
+          fetchedAt: Date.now()
+        };
+      }
+      if (inv.capabilityName === "lists.items.find") {
+        const { siteId, listId, filter, expand, top } = inv.args;
+        const t = clamp(top ?? 50, 1, 200);
+        const params = new URLSearchParams();
+        params.set("$top", String(t));
+        if (typeof filter === "string" && filter.length > 0) params.set("$filter", filter);
+        if (typeof expand === "string" && expand.length > 0) params.set("$expand", expand);
+        const url = `${GRAPH3}/sites/${encodeURIComponent(siteId)}/lists/${encodeURIComponent(listId)}/items?${params.toString()}`;
+        const json = await graphGet4(url, accessToken, inv.source.id);
+        const items = (json.value ?? []).map((it) => ({
+          id: it.id,
+          webUrl: it.webUrl,
+          etag: it.eTag,
+          lastModifiedAt: it.lastModifiedDateTime,
+          fields: it.fields
+        }));
+        return {
+          data: { items, nextLink: json["@odata.nextLink"] },
+          fetchedAt: Date.now()
+        };
+      }
       throw new Error(`sharepoint: unknown read capability ${inv.capabilityName}`);
     },
     async executeMutation(inv) {
@@ -41810,6 +41915,211 @@ function sharepoint(opts) {
           idempotentReplay: false
         };
       }
+      if (inv.capabilityName === "copy_item") {
+        const { siteId, itemId, parentReference, targetParentId, name } = inv.args;
+        const ref = parentReference && Object.keys(parentReference).length > 0 ? parentReference : typeof targetParentId === "string" && targetParentId.length > 0 ? { id: targetParentId } : void 0;
+        if (!ref) {
+          throw new Error(
+            "sharepoint copy_item: provide either parentReference (cross-drive) or targetParentId (same-site)"
+          );
+        }
+        const url = `${GRAPH3}/sites/${encodeURIComponent(siteId)}/drive/items/${encodeURIComponent(itemId)}/copy`;
+        const body = { parentReference: ref };
+        if (typeof name === "string" && name.length > 0) body.name = name;
+        const res = await fetch(url, {
+          method: "POST",
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+            "content-type": "application/json",
+            accept: "application/json"
+          },
+          body: JSON.stringify(body),
+          signal: AbortSignal.timeout(15e3)
+        });
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(
+            `Microsoft Graph rejected token (${res.status})`,
+            inv.source.id
+          );
+        }
+        if (res.status === 409 || res.status === 412) {
+          throw new ResourceContention(
+            `Microsoft Graph reported conflict on copy_item (${res.status})`,
+            []
+          );
+        }
+        if (!res.ok && res.status !== 202) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`sharepoint copy_item ${res.status}: ${text.slice(0, 200)}`);
+        }
+        const monitorUrl = res.headers.get("location") ?? void 0;
+        return {
+          status: "committed",
+          data: { id: itemId, accepted: true, async: true, monitorUrl },
+          committedAt: Date.now(),
+          idempotentReplay: false
+        };
+      }
+      if (inv.capabilityName === "lists.create") {
+        const { siteId, displayName, columns, list } = inv.args;
+        const url = `${GRAPH3}/sites/${encodeURIComponent(siteId)}/lists`;
+        const body = { displayName };
+        if (Array.isArray(columns)) body.columns = columns;
+        if (list && typeof list === "object") body.list = list;
+        const res = await fetch(url, {
+          method: "POST",
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+            "content-type": "application/json",
+            accept: "application/json"
+          },
+          body: JSON.stringify(body),
+          signal: AbortSignal.timeout(15e3)
+        });
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(
+            `Microsoft Graph rejected token (${res.status})`,
+            inv.source.id
+          );
+        }
+        if (res.status === 409 || res.status === 412) {
+          throw new ResourceContention(
+            `Microsoft Graph reported conflict on lists.create (${res.status})`,
+            []
+          );
+        }
+        if (!res.ok) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`sharepoint lists.create ${res.status}: ${text.slice(0, 200)}`);
+        }
+        const created = await res.json();
+        return {
+          status: "committed",
+          data: {
+            id: created.id,
+            displayName: created.displayName ?? created.name,
+            webUrl: created.webUrl
+          },
+          etagAfter: created["@odata.etag"] ?? created.eTag,
+          committedAt: Date.now(),
+          idempotentReplay: false
+        };
+      }
+      if (inv.capabilityName === "lists.items.update") {
+        const { siteId, listId, itemId, fields } = inv.args;
+        const url = `${GRAPH3}/sites/${encodeURIComponent(siteId)}/lists/${encodeURIComponent(listId)}/items/${encodeURIComponent(itemId)}/fields`;
+        const headers = {
+          authorization: `Bearer ${accessToken}`,
+          "content-type": "application/json",
+          accept: "application/json"
+        };
+        if (typeof inv.expectedEtag === "string" && inv.expectedEtag.length > 0) {
+          headers["if-match"] = inv.expectedEtag;
+        }
+        const res = await fetch(url, {
+          method: "PATCH",
+          headers,
+          body: JSON.stringify(fields),
+          signal: AbortSignal.timeout(15e3)
+        });
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(
+            `Microsoft Graph rejected token (${res.status})`,
+            inv.source.id
+          );
+        }
+        if (res.status === 409 || res.status === 412) {
+          throw new ResourceContention(
+            `Microsoft Graph reported conflict on lists.items.update (${res.status})`,
+            []
+          );
+        }
+        if (!res.ok) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`sharepoint lists.items.update ${res.status}: ${text.slice(0, 200)}`);
+        }
+        const updated = await res.json();
+        return {
+          status: "committed",
+          data: { id: itemId, fields: updated },
+          etagAfter: updated["@odata.etag"] ?? updated.eTag,
+          committedAt: Date.now(),
+          idempotentReplay: false
+        };
+      }
+      if (inv.capabilityName === "lists.items.delete") {
+        const { siteId, listId, itemId } = inv.args;
+        const url = `${GRAPH3}/sites/${encodeURIComponent(siteId)}/lists/${encodeURIComponent(listId)}/items/${encodeURIComponent(itemId)}`;
+        const res = await fetch(url, {
+          method: "DELETE",
+          headers: { authorization: `Bearer ${accessToken}` },
+          signal: AbortSignal.timeout(15e3)
+        });
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(
+            `Microsoft Graph rejected token (${res.status})`,
+            inv.source.id
+          );
+        }
+        if (res.status === 412 || res.status === 409) {
+          throw new ResourceContention(
+            `Microsoft Graph reported conflict on lists.items.delete (${res.status})`,
+            []
+          );
+        }
+        if (res.status === 404) {
+          return {
+            status: "committed",
+            data: { id: itemId, deleted: true, alreadyMissing: true },
+            committedAt: Date.now(),
+            idempotentReplay: true
+          };
+        }
+        if (!res.ok) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`sharepoint lists.items.delete ${res.status}: ${text.slice(0, 200)}`);
+        }
+        return {
+          status: "committed",
+          data: { id: itemId, deleted: true },
+          committedAt: Date.now(),
+          idempotentReplay: false
+        };
+      }
+      if (inv.capabilityName === "pages.publish") {
+        const { siteId, pageId } = inv.args;
+        const url = `${GRAPH3}/sites/${encodeURIComponent(siteId)}/pages/${encodeURIComponent(pageId)}/microsoft.graph.sitePage/publish`;
+        const res = await fetch(url, {
+          method: "POST",
+          headers: {
+            authorization: `Bearer ${accessToken}`,
+            accept: "application/json"
+          },
+          signal: AbortSignal.timeout(15e3)
+        });
+        if (res.status === 401 || res.status === 403) {
+          throw new CredentialsExpired(
+            `Microsoft Graph rejected token (${res.status})`,
+            inv.source.id
+          );
+        }
+        if (res.status === 409 || res.status === 412) {
+          throw new ResourceContention(
+            `Microsoft Graph reported conflict on pages.publish (${res.status})`,
+            []
+          );
+        }
+        if (!res.ok) {
+          const text = await res.text().catch(() => "");
+          throw new Error(`sharepoint pages.publish ${res.status}: ${text.slice(0, 200)}`);
+        }
+        return {
+          status: "committed",
+          data: { id: pageId, published: true },
+          committedAt: Date.now(),
+          idempotentReplay: false
+        };
+      }
       throw new Error(`sharepoint: unknown mutation capability ${inv.capabilityName}`);
     },
     async exchangeOAuth(input) {
@@ -41817,7 +42127,7 @@ function sharepoint(opts) {
         throw new Error("Microsoft OAuth client not configured (MS_OAUTH_CLIENT_ID / _SECRET)");
       }
       const tokens = await exchangeAuthorizationCode({
-        tokenUrl: TOKEN_URL18,
+        tokenUrl: TOKEN_URL17,
         clientId,
         clientSecret,
         code: input.code,
@@ -41840,7 +42150,7 @@ function sharepoint(opts) {
         throw new Error("sharepoint.refreshToken: missing refresh token");
       }
       const refreshed = await refreshAccessToken({
-        tokenUrl: TOKEN_URL18,
+        tokenUrl: TOKEN_URL17,
         clientId,
         clientSecret,
         refreshToken: creds.refreshToken
@@ -41889,7 +42199,7 @@ async function ensureFreshAccessToken15(creds, clientId, clientSecret) {
     throw new CredentialsExpired("SharePoint access token expired and no refresh token", "");
   }
   const refreshed = await refreshAccessToken({
-    tokenUrl: TOKEN_URL18,
+    tokenUrl: TOKEN_URL17,
     clientId,
     clientSecret,
     refreshToken: creds.refreshToken
@@ -71097,6 +71407,609 @@ var googleSearchConsoleConnector = declarativeRestConnector({
   ]
 });
 
+// src/connectors/adapters/google-analytics.ts
+var googleAnalyticsConnector = declarativeRestConnector({
+  kind: "google-analytics",
+  displayName: "Google Analytics",
+  description: "Run reports, pivot reports, realtime reports, and batch reports against connected GA4 properties. Read-only: GA4 ingest happens through gtag / Measurement Protocol, not the management API.",
+  auth: {
+    kind: "oauth2",
+    authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+    tokenUrl: "https://oauth2.googleapis.com/token",
+    scopes: ["https://www.googleapis.com/auth/analytics.readonly"],
+    clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
+    clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET",
+    extraAuthParams: { access_type: "offline", prompt: "consent", include_granted_scopes: "true" }
+  },
+  category: "database",
+  defaultConsistencyModel: "cache",
+  baseUrl: "https://analyticsdata.googleapis.com",
+  // accountSummaries.list lives on the Admin API host and is the cheapest
+  // probe that confirms the token can reach GA4 at all. Absolute URL routes
+  // around the single-baseUrl constraint of the declarative-rest runtime.
+  test: {
+    method: "GET",
+    path: "https://analyticsadmin.googleapis.com/v1beta/accountSummaries",
+    query: { pageSize: 1 }
+  },
+  capabilities: [
+    {
+      name: "accountSummaries.list",
+      class: "read",
+      description: "List GA4 account summaries reachable by the connected identity. Each summary nests its properties so the agent can discover propertyId values without a second round-trip (GET analyticsadmin.googleapis.com/v1beta/accountSummaries).",
+      parameters: {
+        type: "object",
+        properties: {
+          pageSize: { type: "integer", minimum: 1, maximum: 200, description: "Max account summaries per page; server caps at 200." },
+          pageToken: { type: "string", description: "Continuation token returned by a prior call." }
+        }
+      },
+      request: {
+        method: "GET",
+        path: "https://analyticsadmin.googleapis.com/v1beta/accountSummaries",
+        query: { pageSize: "{pageSize}", pageToken: "{pageToken}" }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    },
+    {
+      name: "properties.get",
+      class: "read",
+      description: "Fetch GA4 property settings (display name, timezone, currency, industry) by numeric property id (GET analyticsadmin.googleapis.com/v1beta/properties/{propertyId}).",
+      parameters: {
+        type: "object",
+        properties: {
+          propertyId: { type: "string", description: 'Numeric GA4 property id, e.g. "123456789".' }
+        },
+        required: ["propertyId"]
+      },
+      request: {
+        method: "GET",
+        path: "https://analyticsadmin.googleapis.com/v1beta/properties/{propertyId}"
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    },
+    {
+      name: "properties.metadata.get",
+      class: "read",
+      description: "List every dimension and metric available on a GA4 property, including custom dimensions/metrics defined by the customer. Use this before runReport to discover valid dimension/metric names (GET /v1beta/properties/{propertyId}/metadata).",
+      parameters: {
+        type: "object",
+        properties: {
+          propertyId: { type: "string", description: "Numeric GA4 property id." }
+        },
+        required: ["propertyId"]
+      },
+      request: {
+        method: "GET",
+        path: "/v1beta/properties/{propertyId}/metadata"
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    },
+    {
+      name: "properties.runReport",
+      class: "read",
+      description: 'Run a core report against a GA4 property. Pass dimensions, metrics, dateRanges (e.g. {startDate:"7daysAgo",endDate:"today"}), optional filters, ordering, and a row limit. Returns the rows, totals, and metadata GA4 emits in the standard runReport response (POST /v1beta/properties/{propertyId}:runReport).',
+      parameters: {
+        type: "object",
+        properties: {
+          propertyId: { type: "string", description: "Numeric GA4 property id." },
+          dimensions: {
+            type: "array",
+            description: 'Dimension specs, e.g. [{ "name": "country" }, { "name": "deviceCategory" }].',
+            items: {
+              type: "object",
+              properties: {
+                name: { type: "string" },
+                dimensionExpression: { type: "object", description: "Composite/lower-case/concatenate expression (optional)." }
+              },
+              required: ["name"]
+            }
+          },
+          metrics: {
+            type: "array",
+            description: 'Metric specs, e.g. [{ "name": "activeUsers" }, { "name": "sessions" }].',
+            items: {
+              type: "object",
+              properties: {
+                name: { type: "string" },
+                expression: { type: "string", description: "Derived metric expression (optional)." },
+                invisible: { type: "boolean" }
+              },
+              required: ["name"]
+            }
+          },
+          dateRanges: {
+            type: "array",
+            description: 'One or two date ranges; GA4 accepts ISO dates ("2026-05-01"), "today", "yesterday", or "NdaysAgo".',
+            items: {
+              type: "object",
+              properties: {
+                startDate: { type: "string" },
+                endDate: { type: "string" },
+                name: { type: "string", description: "Optional label included in the response row keys when comparing two ranges." }
+              },
+              required: ["startDate", "endDate"]
+            }
+          },
+          dimensionFilter: { type: "object", description: "GA4 FilterExpression (and/or/not) applied to dimensions." },
+          metricFilter: { type: "object", description: "GA4 FilterExpression applied to metrics after aggregation." },
+          orderBys: { type: "array", items: { type: "object" } },
+          limit: { type: "integer", minimum: 1, maximum: 25e4, description: "Max rows per page; GA4 caps at 250000." },
+          offset: { type: "integer", minimum: 0 },
+          keepEmptyRows: { type: "boolean" },
+          returnPropertyQuota: { type: "boolean", description: "Include per-property quota consumption in the response \u2014 useful for back-pressure decisions." },
+          currencyCode: { type: "string", description: "ISO-4217 currency, overrides the property default for monetary metrics." },
+          cohortSpec: { type: "object", description: "CohortSpec for cohort analysis (optional)." }
+        },
+        required: ["propertyId", "metrics", "dateRanges"]
+      },
+      request: {
+        method: "POST",
+        path: "/v1beta/properties/{propertyId}:runReport",
+        body: {
+          dimensions: "{dimensions}",
+          metrics: "{metrics}",
+          dateRanges: "{dateRanges}",
+          dimensionFilter: "{dimensionFilter}",
+          metricFilter: "{metricFilter}",
+          orderBys: "{orderBys}",
+          limit: "{limit}",
+          offset: "{offset}",
+          keepEmptyRows: "{keepEmptyRows}",
+          returnPropertyQuota: "{returnPropertyQuota}",
+          currencyCode: "{currencyCode}",
+          cohortSpec: "{cohortSpec}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    },
+    {
+      name: "properties.batchRunReports",
+      class: "read",
+      description: "Run up to 5 reports against the same GA4 property in a single request \u2014 cheaper than 5 round-trips and counted as fewer quota tokens (POST /v1beta/properties/{propertyId}:batchRunReports).",
+      parameters: {
+        type: "object",
+        properties: {
+          propertyId: { type: "string", description: "Numeric GA4 property id." },
+          requests: {
+            type: "array",
+            description: "Up to 5 report requests; each takes the same shape as runReport (dimensions/metrics/dateRanges/etc.).",
+            items: { type: "object" },
+            maxItems: 5
+          }
+        },
+        required: ["propertyId", "requests"]
+      },
+      request: {
+        method: "POST",
+        path: "/v1beta/properties/{propertyId}:batchRunReports",
+        body: { requests: "{requests}" }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    },
+    {
+      name: "properties.runPivotReport",
+      class: "read",
+      description: "Run a pivot report \u2014 like runReport but with one or more pivot specifications that rotate dimensions into columns (POST /v1beta/properties/{propertyId}:runPivotReport).",
+      parameters: {
+        type: "object",
+        properties: {
+          propertyId: { type: "string", description: "Numeric GA4 property id." },
+          dimensions: { type: "array", items: { type: "object" } },
+          metrics: { type: "array", items: { type: "object" } },
+          dateRanges: { type: "array", items: { type: "object" } },
+          pivots: {
+            type: "array",
+            description: "Pivot specifications \u2014 each names the dimensions to pivot, an order, a limit, and optional offset.",
+            items: {
+              type: "object",
+              properties: {
+                fieldNames: { type: "array", items: { type: "string" } },
+                orderBys: { type: "array", items: { type: "object" } },
+                offset: { type: "string", description: "String-encoded long." },
+                limit: { type: "string", description: "String-encoded long." },
+                metricAggregations: { type: "array", items: { type: "string" } }
+              },
+              required: ["fieldNames"]
+            }
+          },
+          dimensionFilter: { type: "object" },
+          metricFilter: { type: "object" },
+          currencyCode: { type: "string" },
+          cohortSpec: { type: "object" },
+          keepEmptyRows: { type: "boolean" },
+          returnPropertyQuota: { type: "boolean" }
+        },
+        required: ["propertyId", "metrics", "dateRanges", "pivots"]
+      },
+      request: {
+        method: "POST",
+        path: "/v1beta/properties/{propertyId}:runPivotReport",
+        body: {
+          dimensions: "{dimensions}",
+          metrics: "{metrics}",
+          dateRanges: "{dateRanges}",
+          pivots: "{pivots}",
+          dimensionFilter: "{dimensionFilter}",
+          metricFilter: "{metricFilter}",
+          currencyCode: "{currencyCode}",
+          cohortSpec: "{cohortSpec}",
+          keepEmptyRows: "{keepEmptyRows}",
+          returnPropertyQuota: "{returnPropertyQuota}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    },
+    {
+      name: "properties.runRealtimeReport",
+      class: "read",
+      description: "Run a realtime report \u2014 surfaces events that happened in the last 30 minutes. No dateRanges; the realtime window is implicit (POST /v1beta/properties/{propertyId}:runRealtimeReport).",
+      parameters: {
+        type: "object",
+        properties: {
+          propertyId: { type: "string", description: "Numeric GA4 property id." },
+          dimensions: { type: "array", items: { type: "object" } },
+          metrics: { type: "array", items: { type: "object" } },
+          dimensionFilter: { type: "object" },
+          metricFilter: { type: "object" },
+          limit: { type: "integer", minimum: 1, maximum: 25e4 },
+          metricAggregations: { type: "array", items: { type: "string" } },
+          orderBys: { type: "array", items: { type: "object" } },
+          returnPropertyQuota: { type: "boolean" },
+          minuteRanges: {
+            type: "array",
+            description: 'Optional minute-window specifications, e.g. [{ "name": "last5", "startMinutesAgo": 5, "endMinutesAgo": 0 }]. Defaults to the last 30 minutes.',
+            items: {
+              type: "object",
+              properties: {
+                name: { type: "string" },
+                startMinutesAgo: { type: "integer", minimum: 0, maximum: 29 },
+                endMinutesAgo: { type: "integer", minimum: 0, maximum: 29 }
+              }
+            }
+          }
+        },
+        required: ["propertyId", "metrics"]
+      },
+      request: {
+        method: "POST",
+        path: "/v1beta/properties/{propertyId}:runRealtimeReport",
+        body: {
+          dimensions: "{dimensions}",
+          metrics: "{metrics}",
+          dimensionFilter: "{dimensionFilter}",
+          metricFilter: "{metricFilter}",
+          limit: "{limit}",
+          metricAggregations: "{metricAggregations}",
+          orderBys: "{orderBys}",
+          returnPropertyQuota: "{returnPropertyQuota}",
+          minuteRanges: "{minuteRanges}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    },
+    {
+      name: "properties.checkCompatibility",
+      class: "read",
+      description: "Check whether a given dimension/metric combination is compatible before issuing a full runReport \u2014 GA4 rejects incompatible combos (e.g. cohort dimensions with non-cohort metrics) with a hard error (POST /v1beta/properties/{propertyId}:checkCompatibility).",
+      parameters: {
+        type: "object",
+        properties: {
+          propertyId: { type: "string", description: "Numeric GA4 property id." },
+          dimensions: { type: "array", items: { type: "object" } },
+          metrics: { type: "array", items: { type: "object" } },
+          dimensionFilter: { type: "object" },
+          metricFilter: { type: "object" },
+          compatibilityFilter: {
+            type: "string",
+            enum: ["COMPATIBILITY_UNSPECIFIED", "COMPATIBLE", "INCOMPATIBLE"],
+            description: "Restrict the response to compatible or incompatible entries only."
+          }
+        },
+        required: ["propertyId"]
+      },
+      request: {
+        method: "POST",
+        path: "/v1beta/properties/{propertyId}:checkCompatibility",
+        body: {
+          dimensions: "{dimensions}",
+          metrics: "{metrics}",
+          dimensionFilter: "{dimensionFilter}",
+          metricFilter: "{metricFilter}",
+          compatibilityFilter: "{compatibilityFilter}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/analytics.readonly"]
+    }
+  ]
+});
+
+// src/connectors/adapters/google-meet.ts
+var googleMeetConnector = declarativeRestConnector({
+  kind: "google-meet",
+  displayName: "Google Meet",
+  description: "Create Google Meet spaces, fetch post-meeting conference records, and read participants, recordings, and transcripts via the Google Meet REST API v2.",
+  auth: {
+    kind: "oauth2",
+    authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+    tokenUrl: "https://oauth2.googleapis.com/token",
+    scopes: [
+      "https://www.googleapis.com/auth/meetings.space.created",
+      "https://www.googleapis.com/auth/meetings.space.readonly",
+      "https://www.googleapis.com/auth/meetings.space.settings",
+      "https://www.googleapis.com/auth/drive.readonly"
+    ],
+    clientIdEnv: "GOOGLE_OAUTH_CLIENT_ID",
+    clientSecretEnv: "GOOGLE_OAUTH_CLIENT_SECRET",
+    extraAuthParams: {
+      access_type: "offline",
+      prompt: "consent",
+      include_granted_scopes: "true"
+    }
+  },
+  category: "calendar",
+  defaultConsistencyModel: "authoritative",
+  baseUrl: "https://meet.googleapis.com",
+  // /v2/spaces/{name} requires a real space id; the cheapest token-validity
+  // probe Meet exposes is creating a throwaway space, which has a side effect
+  // we don't want in a connection test. Skip the in-band test — the adapter
+  // contract treats a missing `test` as ok and connection issuance still
+  // catches the auth handshake at exchange time.
+  capabilities: [
+    {
+      name: "spaces.create",
+      class: "mutation",
+      description: "Create a Meet space and return its meet.google.com URL. The space lives until the calling user deletes it or it expires per Google retention rules.",
+      parameters: {
+        type: "object",
+        properties: {
+          config: {
+            type: "object",
+            description: "Optional SpaceConfig: accessType (OPEN | TRUSTED | RESTRICTED), entryPointAccess (ALL | CREATOR_APP_ONLY), moderation, attendanceReport, artifactConfig, chatRestriction, presentRestriction, defaultJoinAsViewerType."
+          }
+        }
+      },
+      request: {
+        method: "POST",
+        path: "/v2/spaces",
+        body: {
+          config: "{config}"
+        }
+      },
+      // Meet's spaces.create is a pure side-effect; no upstream idempotency
+      // key on this endpoint, so a retry produces a second space. Mark
+      // accordingly so the MutationGuard layer enforces idempotency.
+      cas: "none",
+      externalEffect: true,
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.created"]
+    },
+    {
+      name: "spaces.get",
+      class: "read",
+      description: 'Read a Meet space by resource name (e.g. "spaces/abc-defg-hij") or by short meeting code.',
+      parameters: {
+        type: "object",
+        properties: {
+          name: {
+            type: "string",
+            description: 'Resource name like "spaces/{space_id}" or "spaces/{meeting_code}".'
+          }
+        },
+        required: ["name"]
+      },
+      request: {
+        method: "GET",
+        path: "/v2/{name}"
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    },
+    {
+      name: "spaces.update",
+      class: "mutation",
+      description: "Patch a Meet space (accessType, entryPointAccess, moderation toggles, artifactConfig, chat/present restrictions). Caller supplies updateMask to specify mutated fields.",
+      parameters: {
+        type: "object",
+        properties: {
+          name: { type: "string", description: 'Resource name like "spaces/{space_id}".' },
+          updateMask: {
+            type: "string",
+            description: 'Comma-separated FieldMask of mutated fields, e.g. "config.accessType,config.moderation".'
+          },
+          config: { type: "object", description: "New SpaceConfig values." }
+        },
+        required: ["name"]
+      },
+      request: {
+        method: "PATCH",
+        path: "/v2/{name}",
+        query: {
+          updateMask: "{updateMask}"
+        },
+        body: {
+          config: "{config}"
+        }
+      },
+      cas: "native-idempotency",
+      externalEffect: true,
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.settings"]
+    },
+    {
+      name: "spaces.endActiveConference",
+      class: "mutation",
+      description: "Terminate the currently active conference inside a Meet space. No-op (HTTP 200) if no conference is active.",
+      parameters: {
+        type: "object",
+        properties: {
+          name: { type: "string", description: 'Resource name like "spaces/{space_id}".' }
+        },
+        required: ["name"]
+      },
+      request: {
+        method: "POST",
+        path: "/v2/{name}:endActiveConference",
+        body: {}
+      },
+      cas: "native-idempotency",
+      externalEffect: true,
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.created"]
+    },
+    {
+      name: "conferenceRecords.list",
+      class: "read",
+      description: "List conference records for meetings the calling user attended or hosted. Supports server-side filtering by space.name and end_time.",
+      parameters: {
+        type: "object",
+        properties: {
+          pageSize: { type: "integer", minimum: 1, maximum: 100 },
+          pageToken: { type: "string" },
+          filter: {
+            type: "string",
+            description: `EBNF filter, e.g. 'space.name="spaces/abc"' or 'end_time>="2024-01-01T00:00:00Z"'.`
+          }
+        }
+      },
+      request: {
+        method: "GET",
+        path: "/v2/conferenceRecords",
+        query: {
+          pageSize: "{pageSize}",
+          pageToken: "{pageToken}",
+          filter: "{filter}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    },
+    {
+      name: "conferenceRecords.get",
+      class: "read",
+      description: 'Read a conference record by resource name (e.g. "conferenceRecords/abc123").',
+      parameters: {
+        type: "object",
+        properties: {
+          name: { type: "string", description: 'Resource name like "conferenceRecords/{conference_record_id}".' }
+        },
+        required: ["name"]
+      },
+      request: {
+        method: "GET",
+        path: "/v2/{name}"
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    },
+    {
+      name: "conferenceRecords.participants.list",
+      class: "read",
+      description: "List participants for a finished conference, including anonymous and phone-dial-in attendees.",
+      parameters: {
+        type: "object",
+        properties: {
+          parent: { type: "string", description: "Parent conferenceRecords/{conference_record_id}." },
+          pageSize: { type: "integer", minimum: 1, maximum: 250 },
+          pageToken: { type: "string" },
+          filter: { type: "string", description: `EBNF filter, e.g. 'earliest_start_time<="2024-01-01T00:00:00Z"'.` }
+        },
+        required: ["parent"]
+      },
+      request: {
+        method: "GET",
+        path: "/v2/{parent}/participants",
+        query: {
+          pageSize: "{pageSize}",
+          pageToken: "{pageToken}",
+          filter: "{filter}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    },
+    {
+      name: "conferenceRecords.recordings.list",
+      class: "read",
+      description: "List recordings for a conference record. Each entry includes the Drive file id and DriveFileExportUri for downstream Drive fetches.",
+      parameters: {
+        type: "object",
+        properties: {
+          parent: { type: "string", description: "Parent conferenceRecords/{conference_record_id}." },
+          pageSize: { type: "integer", minimum: 1, maximum: 100 },
+          pageToken: { type: "string" }
+        },
+        required: ["parent"]
+      },
+      request: {
+        method: "GET",
+        path: "/v2/{parent}/recordings",
+        query: {
+          pageSize: "{pageSize}",
+          pageToken: "{pageToken}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    },
+    {
+      name: "conferenceRecords.recordings.get",
+      class: "read",
+      description: "Read a single recording by resource name.",
+      parameters: {
+        type: "object",
+        properties: {
+          name: {
+            type: "string",
+            description: 'Resource name like "conferenceRecords/{conference_record_id}/recordings/{recording_id}".'
+          }
+        },
+        required: ["name"]
+      },
+      request: {
+        method: "GET",
+        path: "/v2/{name}"
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    },
+    {
+      name: "conferenceRecords.transcripts.list",
+      class: "read",
+      description: "List transcripts (auto-generated captions exports) for a conference record.",
+      parameters: {
+        type: "object",
+        properties: {
+          parent: { type: "string", description: "Parent conferenceRecords/{conference_record_id}." },
+          pageSize: { type: "integer", minimum: 1, maximum: 100 },
+          pageToken: { type: "string" }
+        },
+        required: ["parent"]
+      },
+      request: {
+        method: "GET",
+        path: "/v2/{parent}/transcripts",
+        query: {
+          pageSize: "{pageSize}",
+          pageToken: "{pageToken}"
+        }
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    },
+    {
+      name: "conferenceRecords.transcripts.get",
+      class: "read",
+      description: "Read a transcript by resource name; payload links to the Drive Doc holding the transcript text.",
+      parameters: {
+        type: "object",
+        properties: {
+          name: {
+            type: "string",
+            description: 'Resource name like "conferenceRecords/{conference_record_id}/transcripts/{transcript_id}".'
+          }
+        },
+        required: ["name"]
+      },
+      request: {
+        method: "GET",
+        path: "/v2/{name}"
+      },
+      requiredScopes: ["https://www.googleapis.com/auth/meetings.space.readonly"]
+    }
+  ]
+});
+
 // src/connectors/adapters/youtube-data.ts
 var youtubeDataConnector = declarativeRestConnector({
   kind: "youtube",
@@ -86860,123 +87773,6 @@ var microsoftPowerBiConnector = declarativeRestConnector({
   ]
 });
 
-// src/connectors/adapters/microsoft-outlook-calendar.ts
-var microsoftOutlookCalendarConnector = declarativeRestConnector({
-  kind: "microsoft-outlook-calendar",
-  displayName: "Microsoft Outlook Calendar",
-  description: "Create, list, and delete Outlook/Microsoft 365 calendar events via Microsoft Graph.",
-  auth: {
-    kind: "oauth2",
-    authorizationUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
-    tokenUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-    scopes: ["offline_access", "Calendars.ReadWrite", "User.Read"],
-    clientIdEnv: "MS_OAUTH_CLIENT_ID",
-    clientSecretEnv: "MS_OAUTH_CLIENT_SECRET"
-  },
-  category: "calendar",
-  defaultConsistencyModel: "authoritative",
-  baseUrl: "https://graph.microsoft.com/v1.0",
-  test: { method: "GET", path: "/me" },
-  capabilities: [
-    {
-      name: "create.event",
-      class: "mutation",
-      description: "Create a calendar event on the signed-in user's primary calendar, or on a specific calendarId when supplied.",
-      parameters: {
-        type: "object",
-        properties: {
-          calendarId: { type: "string" },
-          subject: { type: "string" },
-          body: { type: "object" },
-          start: { type: "object" },
-          end: { type: "object" },
-          location: { type: "object" },
-          attendees: { type: "array", items: { type: "object" } },
-          isOnlineMeeting: { type: "boolean" },
-          onlineMeetingProvider: { type: "string" },
-          showAs: { type: "string" },
-          sensitivity: { type: "string" },
-          importance: { type: "string" },
-          categories: { type: "array", items: { type: "string" } },
-          reminderMinutesBeforeStart: { type: "integer" },
-          isAllDay: { type: "boolean" },
-          recurrence: { type: "object" },
-          transactionId: { type: "string" }
-        },
-        required: ["subject", "start", "end"]
-      },
-      request: {
-        method: "POST",
-        path: "/me/calendars/{calendarId}/events",
-        body: {
-          subject: "{subject}",
-          body: "{body}",
-          start: "{start}",
-          end: "{end}",
-          location: "{location}",
-          attendees: "{attendees}",
-          isOnlineMeeting: "{isOnlineMeeting}",
-          onlineMeetingProvider: "{onlineMeetingProvider}",
-          showAs: "{showAs}",
-          sensitivity: "{sensitivity}",
-          importance: "{importance}",
-          categories: "{categories}",
-          reminderMinutesBeforeStart: "{reminderMinutesBeforeStart}",
-          isAllDay: "{isAllDay}",
-          recurrence: "{recurrence}",
-          transactionId: "{transactionId}"
-        }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Calendars.ReadWrite"]
-    },
-    {
-      name: "delete.event",
-      class: "mutation",
-      description: "Delete a calendar event by id from the signed-in user mailbox.",
-      parameters: {
-        type: "object",
-        properties: { eventId: { type: "string" } },
-        required: ["eventId"]
-      },
-      request: { method: "DELETE", path: "/me/events/{eventId}" },
-      cas: "native-idempotency",
-      externalEffect: true,
-      requiredScopes: ["Calendars.ReadWrite"]
-    },
-    {
-      name: "list.events",
-      class: "read",
-      description: "List events on a calendar with OData paging/filtering ($top, $skip, $filter, $select, $orderby, $search). Targets the user's primary calendar unless calendarId is supplied.",
-      parameters: {
-        type: "object",
-        properties: {
-          calendarId: { type: "string" },
-          $top: { type: "integer" },
-          $skip: { type: "integer" },
-          $filter: { type: "string" },
-          $select: { type: "string" },
-          $orderby: { type: "string" },
-          $search: { type: "string" }
-        }
-      },
-      request: {
-        method: "GET",
-        path: "/me/calendars/{calendarId}/events",
-        query: {
-          $top: "{$top}",
-          $skip: "{$skip}",
-          $filter: "{$filter}",
-          $select: "{$select}",
-          $orderby: "{$orderby}",
-          $search: "{$search}"
-        }
-      },
-      requiredScopes: ["Calendars.ReadWrite"]
-    }
-  ]
-});
-
 // src/connectors/adapters/microsoft-onenote.ts
 var microsoftOnenoteConnector = declarativeRestConnector({
   kind: "microsoft-onenote",
@@ -87196,299 +87992,6 @@ var microsoftOnenoteConnector = declarativeRestConnector({
   ]
 });
 
-// src/connectors/adapters/microsoft-outlook.ts
-var microsoftOutlookConnector = declarativeRestConnector({
-  kind: "microsoft-outlook",
-  displayName: "Microsoft Outlook",
-  description: "Send, draft, reply to, forward, search, label, and organize email in the signed-in user's Outlook mailbox via Microsoft Graph.",
-  auth: {
-    kind: "oauth2",
-    authorizationUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
-    tokenUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-    scopes: [
-      "offline_access",
-      "User.Read",
-      "Mail.ReadWrite",
-      "Mail.Send",
-      "MailboxSettings.Read"
-    ],
-    clientIdEnv: "MS_OAUTH_CLIENT_ID",
-    clientSecretEnv: "MS_OAUTH_CLIENT_SECRET"
-  },
-  category: "comms",
-  defaultConsistencyModel: "authoritative",
-  baseUrl: "https://graph.microsoft.com/v1.0",
-  test: { method: "GET", path: "/me" },
-  capabilities: [
-    {
-      name: "email.send",
-      class: "mutation",
-      description: "Send an email immediately from the signed-in user's mailbox. Optionally saves the sent message to the Sent Items folder.",
-      parameters: {
-        type: "object",
-        properties: {
-          subject: { type: "string" },
-          body: { type: "object" },
-          toRecipients: { type: "array", items: { type: "object" } },
-          ccRecipients: { type: "array", items: { type: "object" } },
-          bccRecipients: { type: "array", items: { type: "object" } },
-          attachments: { type: "array", items: { type: "object" } },
-          saveToSentItems: { type: "boolean" }
-        },
-        required: ["subject", "body", "toRecipients"]
-      },
-      request: {
-        method: "POST",
-        path: "/me/sendMail",
-        body: {
-          message: {
-            subject: "{subject}",
-            body: "{body}",
-            toRecipients: "{toRecipients}",
-            ccRecipients: "{ccRecipients}",
-            bccRecipients: "{bccRecipients}",
-            attachments: "{attachments}"
-          },
-          saveToSentItems: "{saveToSentItems}"
-        }
-      },
-      cas: "none",
-      externalEffect: true,
-      requiredScopes: ["Mail.Send"]
-    },
-    {
-      name: "email.draft.create",
-      class: "mutation",
-      description: "Create a draft email in the signed-in user mailbox without sending it.",
-      parameters: {
-        type: "object",
-        properties: {
-          subject: { type: "string" },
-          body: { type: "object" },
-          toRecipients: { type: "array", items: { type: "object" } },
-          ccRecipients: { type: "array", items: { type: "object" } },
-          bccRecipients: { type: "array", items: { type: "object" } },
-          importance: { type: "string" },
-          categories: { type: "array", items: { type: "string" } }
-        },
-        required: ["subject", "body"]
-      },
-      request: {
-        method: "POST",
-        path: "/me/messages",
-        body: {
-          subject: "{subject}",
-          body: "{body}",
-          toRecipients: "{toRecipients}",
-          ccRecipients: "{ccRecipients}",
-          bccRecipients: "{bccRecipients}",
-          importance: "{importance}",
-          categories: "{categories}"
-        }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Mail.ReadWrite"]
-    },
-    {
-      name: "email.draft.send",
-      class: "mutation",
-      description: "Send a previously created draft message by id.",
-      parameters: {
-        type: "object",
-        properties: { messageId: { type: "string" } },
-        required: ["messageId"]
-      },
-      request: { method: "POST", path: "/me/messages/{messageId}/send" },
-      cas: "none",
-      externalEffect: true,
-      requiredScopes: ["Mail.Send"]
-    },
-    {
-      name: "email.reply",
-      class: "mutation",
-      description: "Reply to an existing message. When comment is provided alone, Graph generates the reply body; when message is provided, it overrides recipients/body.",
-      parameters: {
-        type: "object",
-        properties: {
-          messageId: { type: "string" },
-          comment: { type: "string" },
-          message: { type: "object" }
-        },
-        required: ["messageId"]
-      },
-      request: {
-        method: "POST",
-        path: "/me/messages/{messageId}/reply",
-        body: { comment: "{comment}", message: "{message}" }
-      },
-      cas: "none",
-      externalEffect: true,
-      requiredScopes: ["Mail.Send"]
-    },
-    {
-      name: "email.forward",
-      class: "mutation",
-      description: "Forward an existing message to one or more recipients with an optional comment.",
-      parameters: {
-        type: "object",
-        properties: {
-          messageId: { type: "string" },
-          toRecipients: { type: "array", items: { type: "object" } },
-          comment: { type: "string" }
-        },
-        required: ["messageId", "toRecipients"]
-      },
-      request: {
-        method: "POST",
-        path: "/me/messages/{messageId}/forward",
-        body: { toRecipients: "{toRecipients}", comment: "{comment}" }
-      },
-      cas: "none",
-      externalEffect: true,
-      requiredScopes: ["Mail.Send"]
-    },
-    {
-      name: "email.move",
-      class: "mutation",
-      description: "Move a message to a destination mail folder by id (or well-known name like inbox/archive).",
-      parameters: {
-        type: "object",
-        properties: {
-          messageId: { type: "string" },
-          destinationId: { type: "string" }
-        },
-        required: ["messageId", "destinationId"]
-      },
-      request: {
-        method: "POST",
-        path: "/me/messages/{messageId}/move",
-        body: { destinationId: "{destinationId}" }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Mail.ReadWrite"]
-    },
-    {
-      name: "email.label.add",
-      class: "mutation",
-      description: "Tag a message with one or more Outlook categories (labels). Pass the desired full set; Graph replaces the categories array.",
-      parameters: {
-        type: "object",
-        properties: {
-          messageId: { type: "string" },
-          categories: { type: "array", items: { type: "string" } }
-        },
-        required: ["messageId", "categories"]
-      },
-      request: {
-        method: "PATCH",
-        path: "/me/messages/{messageId}",
-        body: { categories: "{categories}" }
-      },
-      cas: "optimistic-read-verify",
-      requiredScopes: ["Mail.ReadWrite"]
-    },
-    {
-      name: "email.label.remove",
-      class: "mutation",
-      description: "Remove labels from a message by writing the surviving categories array. Caller computes the remaining set and supplies it explicitly.",
-      parameters: {
-        type: "object",
-        properties: {
-          messageId: { type: "string" },
-          categories: { type: "array", items: { type: "string" } }
-        },
-        required: ["messageId", "categories"]
-      },
-      request: {
-        method: "PATCH",
-        path: "/me/messages/{messageId}",
-        body: { categories: "{categories}" }
-      },
-      cas: "optimistic-read-verify",
-      externalEffect: true,
-      requiredScopes: ["Mail.ReadWrite"]
-    },
-    {
-      name: "email.find",
-      class: "read",
-      description: "Search messages in a folder using OData $search/$filter with $top, $select, $orderby. Folder defaults to the well-known inbox if omitted.",
-      parameters: {
-        type: "object",
-        properties: {
-          mailFolderId: { type: "string" },
-          $search: { type: "string" },
-          $filter: { type: "string" },
-          $select: { type: "string" },
-          $top: { type: "integer" },
-          $orderby: { type: "string" }
-        }
-      },
-      request: {
-        method: "GET",
-        path: "/me/mailFolders/{mailFolderId}/messages",
-        query: {
-          $search: "{$search}",
-          $filter: "{$filter}",
-          $select: "{$select}",
-          $top: "{$top}",
-          $orderby: "{$orderby}"
-        }
-      },
-      requiredScopes: ["Mail.ReadWrite"]
-    },
-    {
-      name: "email.attachment.download",
-      class: "read",
-      description: "Read an attachment record (metadata plus base64 contentBytes for file attachments) for a message by attachment id.",
-      parameters: {
-        type: "object",
-        properties: {
-          messageId: { type: "string" },
-          attachmentId: { type: "string" }
-        },
-        required: ["messageId", "attachmentId"]
-      },
-      request: {
-        method: "GET",
-        path: "/me/messages/{messageId}/attachments/{attachmentId}"
-      },
-      requiredScopes: ["Mail.ReadWrite"]
-    },
-    {
-      name: "email.approval.request",
-      class: "mutation",
-      description: "Send an approval-request email by composing a structured message body and sending it through /me/sendMail. The body should encode the approval prompt and reply-handling instructions.",
-      parameters: {
-        type: "object",
-        properties: {
-          subject: { type: "string" },
-          body: { type: "object" },
-          toRecipients: { type: "array", items: { type: "object" } },
-          ccRecipients: { type: "array", items: { type: "object" } },
-          saveToSentItems: { type: "boolean" }
-        },
-        required: ["subject", "body", "toRecipients"]
-      },
-      request: {
-        method: "POST",
-        path: "/me/sendMail",
-        body: {
-          message: {
-            subject: "{subject}",
-            body: "{body}",
-            toRecipients: "{toRecipients}",
-            ccRecipients: "{ccRecipients}"
-          },
-          saveToSentItems: "{saveToSentItems}"
-        }
-      },
-      cas: "none",
-      externalEffect: true,
-      requiredScopes: ["Mail.Send"]
-    }
-  ]
-});
-
 // src/connectors/adapters/microsoft-excel-365.ts
 var microsoftExcel365Connector = declarativeRestConnector({
   kind: "microsoft-excel-365",
@@ -88362,348 +88865,6 @@ var microsoftTodoConnector = declarativeRestConnector({
   ]
 });
 
-// src/connectors/adapters/microsoft-sharepoint.ts
-var microsoftSharepointConnector = declarativeRestConnector({
-  kind: "microsoft-sharepoint",
-  displayName: "Microsoft SharePoint",
-  description: "Read SharePoint site metadata, list items, and files; create folders, lists, list items, and pages via Microsoft Graph.",
-  auth: {
-    kind: "oauth2",
-    authorizationUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
-    tokenUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-    scopes: [
-      "offline_access",
-      "Sites.ReadWrite.All",
-      "Files.ReadWrite.All"
-    ],
-    clientIdEnv: "MICROSOFT_SHAREPOINT_OAUTH_CLIENT_ID",
-    clientSecretEnv: "MICROSOFT_SHAREPOINT_OAUTH_CLIENT_SECRET"
-  },
-  category: "storage",
-  defaultConsistencyModel: "authoritative",
-  baseUrl: "https://graph.microsoft.com/v1.0",
-  test: { method: "GET", path: "/sites/root" },
-  capabilities: [
-    // ---------- Sites ----------
-    {
-      name: "find.site",
-      class: "read",
-      description: "Search SharePoint sites by display name or keyword (Graph $search).",
-      parameters: {
-        type: "object",
-        properties: {
-          search: { type: "string" },
-          $top: { type: "integer" }
-        },
-        required: ["search"]
-      },
-      request: {
-        method: "GET",
-        path: "/sites",
-        query: { search: "{search}", $top: "{$top}" }
-      },
-      requiredScopes: ["Sites.ReadWrite.All"]
-    },
-    {
-      name: "get.site.information",
-      class: "read",
-      description: "Read the metadata for a SharePoint site by site id.",
-      parameters: {
-        type: "object",
-        properties: { siteId: { type: "string" } },
-        required: ["siteId"]
-      },
-      request: { method: "GET", path: "/sites/{siteId}" },
-      requiredScopes: ["Sites.ReadWrite.All"]
-    },
-    // ---------- Folders / files ----------
-    {
-      name: "create.folder",
-      class: "mutation",
-      description: "Create a folder inside a site drive. Parent is identified by its drive item id (use the drive root id for top-level folders).",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          parentItemId: { type: "string" },
-          name: { type: "string" },
-          conflictBehavior: { type: "string" }
-        },
-        required: ["siteId", "parentItemId", "name"]
-      },
-      request: {
-        method: "POST",
-        path: "/sites/{siteId}/drive/items/{parentItemId}/children",
-        body: {
-          name: "{name}",
-          folder: {},
-          "@microsoft.graph.conflictBehavior": "{conflictBehavior}"
-        }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Files.ReadWrite.All", "Sites.ReadWrite.All"]
-    },
-    {
-      name: "get.folder.contents",
-      class: "read",
-      description: "List the children of a folder in a site drive.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          itemId: { type: "string" },
-          $top: { type: "integer" },
-          $select: { type: "string" }
-        },
-        required: ["siteId", "itemId"]
-      },
-      request: {
-        method: "GET",
-        path: "/sites/{siteId}/drive/items/{itemId}/children",
-        query: { $top: "{$top}", $select: "{$select}" }
-      },
-      requiredScopes: ["Files.ReadWrite.All", "Sites.ReadWrite.All"]
-    },
-    {
-      name: "find.file",
-      class: "read",
-      description: "Search drive items inside a site drive by name or content (Graph drive search).",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          query: { type: "string" },
-          $top: { type: "integer" }
-        },
-        required: ["siteId", "query"]
-      },
-      request: {
-        method: "GET",
-        path: "/sites/{siteId}/drive/root/search(q='{query}')",
-        query: { $top: "{$top}" }
-      },
-      requiredScopes: ["Files.ReadWrite.All", "Sites.ReadWrite.All"]
-    },
-    {
-      name: "upload.file",
-      class: "mutation",
-      description: "Upload (or replace) a small file at the given drive path. The body must be the JSON-encoded contents the agent provides as `content` (base64-encoded for binary payloads). For files larger than 4 MiB the caller should use the upload-session flow instead.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          parentItemId: { type: "string" },
-          fileName: { type: "string" },
-          content: { type: "string" },
-          conflictBehavior: { type: "string" }
-        },
-        required: ["siteId", "parentItemId", "fileName", "content"]
-      },
-      request: {
-        method: "PUT",
-        path: "/sites/{siteId}/drive/items/{parentItemId}:/{fileName}:/content",
-        body: "{content}"
-      },
-      cas: "optimistic-read-verify",
-      requiredScopes: ["Files.ReadWrite.All", "Sites.ReadWrite.All"]
-    },
-    {
-      name: "copy.item",
-      class: "mutation",
-      description: "Copy a drive item into another drive. The destination is identified by a parentReference (driveId + id) and an optional new name.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          itemId: { type: "string" },
-          parentReference: { type: "object" },
-          name: { type: "string" }
-        },
-        required: ["siteId", "itemId", "parentReference"]
-      },
-      request: {
-        method: "POST",
-        path: "/sites/{siteId}/drive/items/{itemId}/copy",
-        body: { parentReference: "{parentReference}", name: "{name}" }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Files.ReadWrite.All", "Sites.ReadWrite.All"]
-    },
-    {
-      name: "copy.item.within.site",
-      class: "mutation",
-      description: "Copy a drive item to another folder inside the same site drive. The destination parent is identified by the target folder id.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          itemId: { type: "string" },
-          targetParentId: { type: "string" },
-          name: { type: "string" }
-        },
-        required: ["siteId", "itemId", "targetParentId"]
-      },
-      request: {
-        method: "POST",
-        path: "/sites/{siteId}/drive/items/{itemId}/copy",
-        body: { parentReference: { id: "{targetParentId}" }, name: "{name}" }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Files.ReadWrite.All", "Sites.ReadWrite.All"]
-    },
-    {
-      name: "move.file",
-      class: "mutation",
-      description: "Move (re-parent or rename) a drive item by patching its parentReference and/or name.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          itemId: { type: "string" },
-          parentReference: { type: "object" },
-          name: { type: "string" }
-        },
-        required: ["siteId", "itemId", "parentReference"]
-      },
-      request: {
-        method: "PATCH",
-        path: "/sites/{siteId}/drive/items/{itemId}",
-        body: { parentReference: "{parentReference}", name: "{name}" }
-      },
-      cas: "etag-if-match",
-      requiredScopes: ["Files.ReadWrite.All", "Sites.ReadWrite.All"]
-    },
-    // ---------- Lists & list items ----------
-    {
-      name: "create.list",
-      class: "mutation",
-      description: "Create a SharePoint list on the site. `displayName` is required; `columns` and `list.template` are optional.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          displayName: { type: "string" },
-          columns: { type: "array", items: { type: "object" } },
-          list: { type: "object" }
-        },
-        required: ["siteId", "displayName"]
-      },
-      request: {
-        method: "POST",
-        path: "/sites/{siteId}/lists",
-        body: { displayName: "{displayName}", columns: "{columns}", list: "{list}" }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Sites.ReadWrite.All"]
-    },
-    {
-      name: "create.list.item",
-      class: "mutation",
-      description: "Create a new list item. `fields` is the column -> value map.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          listId: { type: "string" },
-          fields: { type: "object" }
-        },
-        required: ["siteId", "listId", "fields"]
-      },
-      request: {
-        method: "POST",
-        path: "/sites/{siteId}/lists/{listId}/items",
-        body: { fields: "{fields}" }
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Sites.ReadWrite.All"]
-    },
-    {
-      name: "update.list.item",
-      class: "mutation",
-      description: "Patch the fields on an existing list item.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          listId: { type: "string" },
-          itemId: { type: "string" },
-          fields: { type: "object" }
-        },
-        required: ["siteId", "listId", "itemId", "fields"]
-      },
-      request: {
-        method: "PATCH",
-        path: "/sites/{siteId}/lists/{listId}/items/{itemId}/fields",
-        body: "{fields}"
-      },
-      cas: "etag-if-match",
-      requiredScopes: ["Sites.ReadWrite.All"]
-    },
-    {
-      name: "delete.list.item",
-      class: "mutation",
-      description: "Delete a list item by id.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          listId: { type: "string" },
-          itemId: { type: "string" }
-        },
-        required: ["siteId", "listId", "itemId"]
-      },
-      request: {
-        method: "DELETE",
-        path: "/sites/{siteId}/lists/{listId}/items/{itemId}"
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Sites.ReadWrite.All"]
-    },
-    {
-      name: "find.list.item",
-      class: "read",
-      description: "List items in a SharePoint list, optionally filtered with $filter / $expand=fields($select=...).",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          listId: { type: "string" },
-          $filter: { type: "string" },
-          $expand: { type: "string" },
-          $top: { type: "integer" }
-        },
-        required: ["siteId", "listId"]
-      },
-      request: {
-        method: "GET",
-        path: "/sites/{siteId}/lists/{listId}/items",
-        query: { $filter: "{$filter}", $expand: "{$expand}", $top: "{$top}" }
-      },
-      requiredScopes: ["Sites.ReadWrite.All"]
-    },
-    // ---------- Pages ----------
-    {
-      name: "publish.page",
-      class: "mutation",
-      description: "Publish a SharePoint site page by page id.",
-      parameters: {
-        type: "object",
-        properties: {
-          siteId: { type: "string" },
-          pageId: { type: "string" }
-        },
-        required: ["siteId", "pageId"]
-      },
-      request: {
-        method: "POST",
-        path: "/sites/{siteId}/pages/{pageId}/microsoft.graph.sitePage/publish"
-      },
-      cas: "native-idempotency",
-      requiredScopes: ["Sites.ReadWrite.All"]
-    }
-  ]
-});
-
 // src/connectors/adapters/millionverifier.ts
 var millionverifierConnector = declarativeRestConnector({
   kind: "millionverifier",
@@ -92605,82 +92766,6 @@ var mindStudioConnector = declarativeRestConnector({
   ]
 });
 
-// src/connectors/adapters/microsoft-onedrive.ts
-var microsoftOnedriveConnector = declarativeRestConnector({
-  kind: "microsoft-onedrive",
-  displayName: "Microsoft OneDrive",
-  description: "Upload, download, list files and folders in Microsoft OneDrive.",
-  auth: {
-    kind: "oauth2",
-    authorizationUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
-    tokenUrl: "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-    scopes: ["Files.ReadWrite"],
-    clientIdEnv: "MICROSOFT_ONEDRIVE_OAUTH_CLIENT_ID",
-    clientSecretEnv: "MICROSOFT_ONEDRIVE_OAUTH_CLIENT_SECRET"
-  },
-  category: "storage",
-  defaultConsistencyModel: "authoritative",
-  baseUrl: "https://graph.microsoft.com/v1.0/me/drive",
-  test: { method: "GET", path: "/root" },
-  capabilities: [
-    {
-      name: "files.list",
-      class: "read",
-      description: "List files in OneDrive.",
-      parameters: {
-        type: "object",
-        properties: {
-          folderId: { type: "string", description: "Folder ID to list files from (optional, defaults to root)" }
-        },
-        required: []
-      },
-      request: { method: "GET", path: "/items/{folderId}/children", query: { $select: "id,name,size,webUrl,folder,file" } }
-    },
-    {
-      name: "folders.list",
-      class: "read",
-      description: "List folders in OneDrive.",
-      parameters: {
-        type: "object",
-        properties: {
-          parentId: { type: "string", description: "Parent folder ID (optional, defaults to root)" }
-        },
-        required: []
-      },
-      request: { method: "GET", path: "/items/{parentId}/children", query: { $filter: "folder ne null", $select: "id,name,webUrl" } }
-    },
-    {
-      name: "files.download",
-      class: "read",
-      description: "Download a file from OneDrive.",
-      parameters: {
-        type: "object",
-        properties: {
-          fileId: { type: "string" }
-        },
-        required: ["fileId"]
-      },
-      request: { method: "GET", path: "/items/{fileId}/content" }
-    },
-    {
-      name: "files.upload",
-      class: "mutation",
-      description: "Upload a file to OneDrive.",
-      parameters: {
-        type: "object",
-        properties: {
-          folderId: { type: "string", description: "Destination folder ID (optional, defaults to root)" },
-          fileName: { type: "string", description: "Name of the file to upload" },
-          fileContent: { type: "string", description: "File content (base64-encoded or raw)" }
-        },
-        required: ["fileName", "fileContent"]
-      },
-      request: { method: "PUT", path: "/items/{folderId}:/{fileName}:/content", body: "{fileContent}" },
-      cas: "native-idempotency"
-    }
-  ]
-});
-
 // src/connectors/adapters/mongodb.ts
 var mongodbConnector = declarativeRestConnector({
   kind: "mongodb",
@@ -93842,21 +93927,31 @@ var nocodbConnector = declarativeRestConnector({
 });
 
 // src/connectors/adapters/notion.ts
-var notionConnector = declarativeRestConnector({
+var TOKEN_URL18 = "https://api.notion.com/v1/oauth/token";
+var NOTION_VERSION = "2022-06-28";
+var NOTION_SPEC = {
   kind: "notion",
   displayName: "Notion",
   description: "Query and manipulate Notion databases, pages, and blocks.",
   auth: {
     kind: "oauth2",
-    authorizationUrl: "https://api.notion.com/oauth/authorize",
+    authorizationUrl: "https://api.notion.com/v1/oauth/authorize",
     tokenUrl: "https://api.notion.com/v1/oauth/token",
-    scopes: ["read", "write"],
+    // Notion does not use OAuth scopes — the workspace owner picks which
+    // pages/databases the integration sees during install. We declare an
+    // empty scope list so the consent screen renders cleanly.
+    scopes: [],
     clientIdEnv: "NOTION_OAUTH_CLIENT_ID",
-    clientSecretEnv: "NOTION_OAUTH_CLIENT_SECRET"
+    clientSecretEnv: "NOTION_OAUTH_CLIENT_SECRET",
+    extraAuthParams: { owner: "user" }
   },
   category: "doc",
   defaultConsistencyModel: "authoritative",
   baseUrl: "https://api.notion.com/v1",
+  // Notion rejects any request without a Notion-Version header (400
+  // invalid_request). The declarative executor merges defaultHeaders into
+  // every read/mutation, so the whole surface carries it.
+  defaultHeaders: { "Notion-Version": NOTION_VERSION },
   test: { method: "GET", path: "/users/me" },
   capabilities: [
     {
@@ -94087,9 +94182,168 @@ var notionConnector = declarativeRestConnector({
       },
       cas: "native-idempotency",
       externalEffect: true
+    },
+    {
+      name: "databases.create",
+      class: "mutation",
+      description: "Create a new Notion database underneath a parent page.",
+      parameters: {
+        type: "object",
+        properties: {
+          parentPageId: { type: "string", description: "Parent page id under which to create the database." },
+          title: {
+            type: "array",
+            description: "Notion rich_text array used as the database title."
+          },
+          properties: {
+            type: "object",
+            description: "Schema map \u2014 property name \u2192 Notion property schema."
+          }
+        },
+        required: ["parentPageId", "title", "properties"]
+      },
+      request: {
+        method: "POST",
+        path: "/databases",
+        body: {
+          parent: { type: "page_id", page_id: "{parentPageId}" },
+          title: "{title}",
+          properties: "{properties}"
+        }
+      },
+      cas: "native-idempotency",
+      externalEffect: true
+    },
+    {
+      name: "databases.update",
+      class: "mutation",
+      description: "Update a database title and/or schema.",
+      parameters: {
+        type: "object",
+        properties: {
+          databaseId: { type: "string" },
+          title: { type: "array", description: "Optional new rich_text title." },
+          properties: { type: "object", description: "Optional partial schema update." }
+        },
+        required: ["databaseId"]
+      },
+      request: {
+        method: "PATCH",
+        path: "/databases/{databaseId}",
+        body: { title: "{title}", properties: "{properties}" }
+      },
+      cas: "native-idempotency",
+      externalEffect: true
     }
   ]
-});
+};
+async function databasesUpdate(inv) {
+  const { title, properties } = inv.args;
+  const body = {};
+  if (title !== void 0) body.title = "{title}";
+  if (properties !== void 0) body.properties = "{properties}";
+  const response = await executeRestRequest(
+    NOTION_SPEC,
+    { method: "PATCH", path: "/databases/{databaseId}", body },
+    inv
+  );
+  return {
+    status: "committed",
+    data: response.data,
+    etagAfter: response.etag,
+    committedAt: Date.now(),
+    idempotentReplay: false
+  };
+}
+function withNotionOverrides(base) {
+  return {
+    ...base,
+    async executeMutation(inv) {
+      if (inv.capabilityName === "databases.update") return databasesUpdate(inv);
+      return base.executeMutation(inv);
+    }
+  };
+}
+var notionConnector = withNotionOverrides(declarativeRestConnector(NOTION_SPEC));
+function notion(opts) {
+  const { clientId, clientSecret } = opts;
+  return {
+    ...withNotionOverrides(declarativeRestConnector(NOTION_SPEC)),
+    /**
+     * Notion's token endpoint follows RFC 6749 with one twist — it REQUIRES
+     * HTTP Basic auth (client_id:client_secret) and does NOT accept the client
+     * credentials in the form body, so we POST inline rather than via the
+     * generic `exchangeAuthorizationCode` helper. The workspace_id/bot_id come
+     * back in the response and we stash them in `metadata` so the agent can
+     * address resources by workspace where useful.
+     */
+    async exchangeOAuth(input) {
+      if (!clientId || !clientSecret) {
+        throw new Error("Notion OAuth client not configured (NOTION_OAUTH_CLIENT_ID / _SECRET)");
+      }
+      const body = new URLSearchParams({
+        grant_type: "authorization_code",
+        code: input.code,
+        redirect_uri: input.redirectUri,
+        code_verifier: input.codeVerifier
+      });
+      const res = await fetch(TOKEN_URL18, {
+        method: "POST",
+        headers: {
+          authorization: `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString("base64")}`,
+          "content-type": "application/x-www-form-urlencoded",
+          accept: "application/json",
+          "Notion-Version": NOTION_VERSION
+        },
+        body,
+        signal: AbortSignal.timeout(15e3)
+      });
+      if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        throw new Error(`Notion OAuth token exchange failed: ${res.status} \u2014 ${text.slice(0, 200)}`);
+      }
+      const json = await res.json();
+      return {
+        credentials: {
+          kind: "oauth2",
+          accessToken: json.access_token,
+          refreshToken: json.refresh_token
+        },
+        scopes: [],
+        metadata: {
+          botId: json.bot_id,
+          workspaceId: json.workspace_id,
+          workspaceName: json.workspace_name,
+          // Operator picks the database in a follow-up step; default empty.
+          databaseId: ""
+        }
+      };
+    },
+    /** Notion's standard tokens don't expire and don't ship a refresh_token.
+     *  If we have neither expiresAt nor refreshToken, treat the existing
+     *  access token as durable and return it unchanged. */
+    async refreshToken(creds) {
+      if (creds.kind !== "oauth2" || !creds.refreshToken) {
+        if (creds.kind === "oauth2" && creds.accessToken && !creds.expiresAt) {
+          return creds;
+        }
+        throw new Error("notion.refreshToken: missing refresh token");
+      }
+      const refreshed = await refreshAccessToken({
+        tokenUrl: TOKEN_URL18,
+        clientId,
+        clientSecret,
+        refreshToken: creds.refreshToken
+      });
+      return {
+        kind: "oauth2",
+        accessToken: refreshed.accessToken,
+        refreshToken: refreshed.refreshToken ?? creds.refreshToken,
+        expiresAt: refreshed.expiresIn ? Date.now() + refreshed.expiresIn * 1e3 : void 0
+      };
+    }
+  };
+}
 
 // src/connectors/adapters/ntfy.ts
 var ntfyConnector = declarativeRestConnector({
@@ -111280,7 +111534,7 @@ var twinLabsConnector = declarativeRestConnector({
 });
 
 // src/connectors/adapters/twitter.ts
-var AUTH_URL19 = "https://twitter.com/i/oauth2/authorize";
+var AUTH_URL18 = "https://twitter.com/i/oauth2/authorize";
 var TOKEN_URL19 = "https://api.twitter.com/2/oauth2/token";
 var SCOPES14 = ["tweet.read", "tweet.write", "users.read", "like.write", "offline.access"];
 var TWITTER_SPEC = {
@@ -111293,7 +111547,7 @@ var TWITTER_SPEC = {
     options: [
       {
         kind: "oauth2",
-        authorizationUrl: AUTH_URL19,
+        authorizationUrl: AUTH_URL18,
         tokenUrl: TOKEN_URL19,
         scopes: SCOPES14,
         clientIdEnv: "TWITTER_OAUTH_CLIENT_ID",
@@ -118452,7 +118706,6 @@ export {
   microsoftCalendar,
   hubspot,
   slack,
-  notionDatabase,
   docuseal,
   twilioSmsConnector,
   phonyConnector,
@@ -118689,6 +118942,8 @@ export {
   ghostcmsConnector,
   gistlyConnector,
   googleSearchConsoleConnector,
+  googleAnalyticsConnector,
+  googleMeetConnector,
   youtubeDataConnector,
   googleCloudStorageConnector,
   googleBigqueryConnector,
@@ -118766,12 +119021,9 @@ export {
   microsoftDynamics365BusinessCentralConnector,
   microsoft365PlannerConnector,
   microsoftPowerBiConnector,
-  microsoftOutlookCalendarConnector,
   microsoftOnenoteConnector,
-  microsoftOutlookConnector,
   microsoftExcel365Connector,
   microsoftTodoConnector,
-  microsoftSharepointConnector,
   millionverifierConnector,
   mindeeConnector,
   mixmaxConnector,
@@ -118802,12 +119054,12 @@ export {
   mollieConnector,
   metabaseConnector,
   mindStudioConnector,
-  microsoftOnedriveConnector,
   mongodbConnector,
   niftyConnector,
   ninjapipeConnector,
   nocodbConnector,
   notionConnector,
+  notion,
   ntfyConnector,
   odooConnector,
   omniCoConnector,
@@ -118936,4 +119188,4 @@ export {
   pipedreamConnector,
   adapters_exports
 };
-//# sourceMappingURL=chunk-YV3O5SO2.js.map
+//# sourceMappingURL=chunk-6MUBOVI4.js.map