agent-relay 2.0.16 → 2.0.18

package/packages/cloud/dist/api/nango-auth.js

@@ -63,9 +63,12 @@ nangoAuthRouter.get('/login-status/:connectionId', async (req, res) => {
         // Check if user has any repos connected
         const repos = await db.repositories.findByUserId(user.id);
         const hasRepos = repos.length > 0;
+        // Check if user needs to provide an email
+        const needsEmail = !user.email;
         res.json({
             ready: true,
             hasRepos,
+            needsEmail,
             user: {
                 id: user.id,
                 githubUsername: user.githubUsername,
@@ -271,6 +274,32 @@ async function checkAndAutoAddToWorkspaces(userId, connectionId) {
         // Non-fatal - don't throw
     }
 }
+/**
+ * Fetch and sync user emails from GitHub
+ * Requires 'user:email' scope to be configured in Nango's GitHub integration
+ */
+async function syncGitHubEmails(userId, connectionId) {
+    try {
+        const emails = await nangoService.getGithubUserEmails(connectionId);
+        if (emails.length === 0) {
+            console.log(`[nango-webhook] No emails returned from GitHub (scope may not be granted)`);
+            return null;
+        }
+        // Sync all verified emails to user_emails table
+        const verifiedEmails = emails.filter(e => e.verified);
+        if (verifiedEmails.length > 0) {
+            await db.userEmails.syncFromGitHub(userId, verifiedEmails);
+            console.log(`[nango-webhook] Synced ${verifiedEmails.length} verified emails for user ${userId}`);
+        }
+        // Return the primary verified email
+        const primaryEmail = emails.find(e => e.primary && e.verified)?.email;
+        return primaryEmail || null;
+    }
+    catch (error) {
+        console.error('[nango-webhook] Error syncing GitHub emails:', error);
+        return null;
+    }
+}
 /**
  * Handle GitHub login webhook
  *
@@ -283,10 +312,38 @@ async function handleLoginWebhook(connectionId, _endUser) {
     // Get GitHub user info via Nango proxy
     const githubUser = await nangoService.getGithubUser(connectionId);
     const githubId = String(githubUser.id);
-    // Check if user already exists
-    const existingUser = await db.users.findByGithubId(githubId);
-    // SCENARIO 1: New user
+    // Check if user already exists by GitHub ID
+    let existingUser = await db.users.findByGithubId(githubId);
+    // If not found by GitHub ID, check by email (for email-signup users connecting GitHub)
+    if (!existingUser && githubUser.email) {
+        const userByEmail = await db.users.findByEmail(githubUser.email);
+        if (userByEmail) {
+            // Email-signup user is connecting their GitHub account
+            console.log(`[nango-webhook] Linking GitHub to existing email user: ${githubUser.login} -> ${userByEmail.email}`);
+            // Update the existing user with GitHub info
+            await db.users.update(userByEmail.id, {
+                githubId,
+                githubUsername: githubUser.login,
+                avatarUrl: githubUser.avatar_url || null,
+                nangoConnectionId: connectionId,
+                incomingConnectionId: connectionId,
+            });
+            // Sync GitHub emails
+            await syncGitHubEmails(userByEmail.id, connectionId);
+            // Update connection with user ID
+            await nangoService.updateEndUser(connectionId, NANGO_INTEGRATIONS.GITHUB_USER, {
+                id: userByEmail.id,
+                email: userByEmail.email || undefined,
+            });
+            // Check for auto-add to workspaces
+            await checkAndAutoAddToWorkspaces(userByEmail.id, connectionId);
+            return;
+        }
+    }
+    // SCENARIO 1: New user (no existing user by GitHub ID or email)
     if (!existingUser) {
+        // First, get the primary email from GitHub API (requires user:email scope)
+        // We'll create the user first, then sync emails
         const newUser = await db.users.upsert({
             githubId,
             githubUsername: githubUser.login,
@@ -295,10 +352,16 @@ async function handleLoginWebhook(connectionId, _endUser) {
             nangoConnectionId: connectionId,
             incomingConnectionId: connectionId,
         });
+        // Sync all GitHub emails and get primary email
+        const primaryEmail = await syncGitHubEmails(newUser.id, connectionId);
+        // If we got a primary email from the API and user doesn't have one, update it
+        if (primaryEmail && !newUser.email) {
+            await db.users.update(newUser.id, { email: primaryEmail });
+        }
         // Update connection with real user ID
         await nangoService.updateEndUser(connectionId, NANGO_INTEGRATIONS.GITHUB_USER, {
             id: newUser.id,
-            email: newUser.email || undefined,
+            email: primaryEmail || newUser.email || undefined,
         });
         console.log(`[nango-webhook] New user created: ${githubUser.login}`);
         // Check for auto-add to workspaces based on repo access
@@ -317,6 +380,8 @@ async function handleLoginWebhook(connectionId, _endUser) {
             githubUsername: githubUser.login,
             avatarUrl: githubUser.avatar_url || null,
         });
+        // Sync GitHub emails using the temporary connection before we delete it
+        await syncGitHubEmails(existingUser.id, connectionId);
         // Delete the temporary connection from Nango to prevent duplicates
         try {
             await nangoService.deleteConnection(connectionId, NANGO_INTEGRATIONS.GITHUB_USER);
@@ -338,10 +403,12 @@ async function handleLoginWebhook(connectionId, _endUser) {
         githubUsername: githubUser.login,
         avatarUrl: githubUser.avatar_url || null,
     });
+    // Sync GitHub emails
+    const primaryEmail = await syncGitHubEmails(existingUser.id, connectionId);
     // Update connection with user ID
     await nangoService.updateEndUser(connectionId, NANGO_INTEGRATIONS.GITHUB_USER, {
         id: existingUser.id,
-        email: existingUser.email || undefined,
+        email: primaryEmail || existingUser.email || undefined,
     });
     // Check for auto-add to workspaces
     await checkAndAutoAddToWorkspaces(existingUser.id, connectionId);

package/packages/cloud/dist/db/drizzle.d.ts

@@ -6,7 +6,7 @@
  */
 import { Pool } from 'pg';
 import * as schema from './schema.js';
-export type { User, NewUser, GitHubInstallation, NewGitHubInstallation, Credential, NewCredential, Workspace, NewWorkspace, WorkspaceConfig, WorkspaceMember, NewWorkspaceMember, ProjectGroup, NewProjectGroup, CoordinatorAgentConfig, ProjectAgentConfig, Repository, NewRepository, LinkedDaemon, NewLinkedDaemon, Subscription, NewSubscription, UsageRecord, NewUsageRecord, AgentSession, NewAgentSession, AgentSummary, NewAgentSummary, } from './schema.js';
+export type { User, NewUser, UserEmail, NewUserEmail, GitHubInstallation, NewGitHubInstallation, Credential, NewCredential, Workspace, NewWorkspace, WorkspaceConfig, WorkspaceMember, NewWorkspaceMember, ProjectGroup, NewProjectGroup, CoordinatorAgentConfig, ProjectAgentConfig, Repository, NewRepository, LinkedDaemon, NewLinkedDaemon, Subscription, NewSubscription, UsageRecord, NewUsageRecord, AgentSession, NewAgentSession, AgentSummary, NewAgentSummary, } from './schema.js';
 export * from './schema.js';
 /**
  * Get the raw connection pool for bulk operations.
@@ -30,8 +30,42 @@ export interface UserQueries {
     clearIncomingConnectionId(userId: string): Promise<void>;
     setPendingInstallationRequest(userId: string): Promise<void>;
     clearPendingInstallationRequest(userId: string): Promise<void>;
+    createEmailUser(data: {
+        email: string;
+        passwordHash: string;
+        displayName?: string;
+    }): Promise<schema.User>;
+    verifyEmail(userId: string): Promise<void>;
+    setEmailVerificationToken(userId: string, token: string, expires: Date): Promise<void>;
+    findByEmailVerificationToken(token: string): Promise<schema.User | null>;
+    updatePassword(userId: string, passwordHash: string): Promise<void>;
 }
 export declare const userQueries: UserQueries;
+export interface UserEmailQueries {
+    /** Find all emails for a user */
+    findByUserId(userId: string): Promise<schema.UserEmail[]>;
+    /** Find a user by any of their linked emails (for login reconciliation) */
+    findUserByEmail(email: string): Promise<schema.User | null>;
+    /** Add or update an email for a user */
+    upsert(data: {
+        userId: string;
+        email: string;
+        verified: boolean;
+        primary: boolean;
+        source?: string;
+    }): Promise<schema.UserEmail>;
+    /** Sync all emails from GitHub for a user (replaces GitHub-sourced emails) */
+    syncFromGitHub(userId: string, emails: Array<{
+        email: string;
+        verified: boolean;
+        primary: boolean;
+    }>): Promise<void>;
+    /** Delete a specific email for a user */
+    delete(userId: string, email: string): Promise<void>;
+    /** Check if an email is already linked to another user */
+    isEmailLinkedToOtherUser(email: string, excludeUserId: string): Promise<boolean>;
+}
+export declare const userEmailQueries: UserEmailQueries;
 export interface GitHubInstallationQueries {
     findById(id: string): Promise<schema.GitHubInstallation | null>;
     findByInstallationId(installationId: string): Promise<schema.GitHubInstallation | null>;

package/packages/cloud/dist/db/drizzle.js

@@ -144,6 +144,142 @@ export const userQueries = {
             .set({ pendingInstallationRequest: null, updatedAt: new Date() })
             .where(eq(schema.users.id, userId));
     },
+    async createEmailUser(data) {
+        const db = getDb();
+        const result = await db
+            .insert(schema.users)
+            .values({
+            email: data.email,
+            passwordHash: data.passwordHash,
+            displayName: data.displayName || null,
+            emailVerified: false,
+        })
+            .returning();
+        return result[0];
+    },
+    async verifyEmail(userId) {
+        const db = getDb();
+        await db
+            .update(schema.users)
+            .set({
+            emailVerified: true,
+            emailVerificationToken: null,
+            emailVerificationExpires: null,
+            updatedAt: new Date(),
+        })
+            .where(eq(schema.users.id, userId));
+    },
+    async setEmailVerificationToken(userId, token, expires) {
+        const db = getDb();
+        await db
+            .update(schema.users)
+            .set({
+            emailVerificationToken: token,
+            emailVerificationExpires: expires,
+            updatedAt: new Date(),
+        })
+            .where(eq(schema.users.id, userId));
+    },
+    async findByEmailVerificationToken(token) {
+        const db = getDb();
+        const result = await db
+            .select()
+            .from(schema.users)
+            .where(eq(schema.users.emailVerificationToken, token));
+        return result[0] ?? null;
+    },
+    async updatePassword(userId, passwordHash) {
+        const db = getDb();
+        await db
+            .update(schema.users)
+            .set({ passwordHash, updatedAt: new Date() })
+            .where(eq(schema.users.id, userId));
+    },
+};
+export const userEmailQueries = {
+    async findByUserId(userId) {
+        const db = getDb();
+        return db
+            .select()
+            .from(schema.userEmails)
+            .where(eq(schema.userEmails.userId, userId));
+    },
+    async findUserByEmail(email) {
+        const db = getDb();
+        // First check user_emails table for linked emails
+        const linkedEmail = await db
+            .select({ userId: schema.userEmails.userId })
+            .from(schema.userEmails)
+            .where(eq(schema.userEmails.email, email.toLowerCase()))
+            .limit(1);
+        if (linkedEmail[0]) {
+            const user = await db
+                .select()
+                .from(schema.users)
+                .where(eq(schema.users.id, linkedEmail[0].userId));
+            return user[0] ?? null;
+        }
+        // Fall back to checking users.email directly
+        const user = await db
+            .select()
+            .from(schema.users)
+            .where(eq(schema.users.email, email.toLowerCase()));
+        return user[0] ?? null;
+    },
+    async upsert(data) {
+        const db = getDb();
+        const result = await db
+            .insert(schema.userEmails)
+            .values({
+            userId: data.userId,
+            email: data.email.toLowerCase(),
+            verified: data.verified,
+            primary: data.primary,
+            source: data.source ?? 'github',
+        })
+            .onConflictDoUpdate({
+            target: [schema.userEmails.userId, schema.userEmails.email],
+            set: {
+                verified: data.verified,
+                primary: data.primary,
+                updatedAt: new Date(),
+            },
+        })
+            .returning();
+        return result[0];
+    },
+    async syncFromGitHub(userId, emails) {
+        const db = getDb();
+        // Delete existing GitHub-sourced emails for this user
+        await db
+            .delete(schema.userEmails)
+            .where(and(eq(schema.userEmails.userId, userId), eq(schema.userEmails.source, 'github')));
+        // Insert all new emails
+        if (emails.length > 0) {
+            await db.insert(schema.userEmails).values(emails.map(e => ({
+                userId,
+                email: e.email.toLowerCase(),
+                verified: e.verified,
+                primary: e.primary,
+                source: 'github',
+            })));
+        }
+    },
+    async delete(userId, email) {
+        const db = getDb();
+        await db
+            .delete(schema.userEmails)
+            .where(and(eq(schema.userEmails.userId, userId), eq(schema.userEmails.email, email.toLowerCase())));
+    },
+    async isEmailLinkedToOtherUser(email, excludeUserId) {
+        const db = getDb();
+        const result = await db
+            .select({ userId: schema.userEmails.userId })
+            .from(schema.userEmails)
+            .where(and(eq(schema.userEmails.email, email.toLowerCase()), sql `${schema.userEmails.userId} != ${excludeUserId}`))
+            .limit(1);
+        return result.length > 0;
+    },
 };
 export const githubInstallationQueries = {
     async findById(id) {

package/packages/cloud/dist/db/index.d.ts

@@ -7,14 +7,15 @@
  * Generate migrations: npm run db:generate
  * Run migrations: npm run db:migrate
  */
-export type { User, NewUser, GitHubInstallation, NewGitHubInstallation, Credential, NewCredential, Workspace, NewWorkspace, WorkspaceConfig, WorkspaceAgentPolicy, AgentPolicyRule, WorkspaceMember, NewWorkspaceMember, ProjectGroup, NewProjectGroup, CoordinatorAgentConfig, ProjectAgentConfig, Repository, NewRepository, LinkedDaemon, NewLinkedDaemon, Subscription, NewSubscription, UsageRecord, NewUsageRecord, CIAnnotation, CIFailureEvent, NewCIFailureEvent, CIFixAttempt, NewCIFixAttempt, CICheckStrategy, CIWebhookConfig, IssueAssignment, NewIssueAssignment, CommentMention, NewCommentMention, AgentTriggerConfig, Channel, NewChannel, ChannelMember, NewChannelMember, } from './schema.js';
-export { users as usersTable, githubInstallations as githubInstallationsTable, credentials as credentialsTable, workspaces as workspacesTable, workspaceMembers as workspaceMembersTable, projectGroups as projectGroupsTable, repositories as repositoriesTable, linkedDaemons as linkedDaemonsTable, subscriptions as subscriptionsTable, usageRecords as usageRecordsTable, ciFailureEvents as ciFailureEventsTable, ciFixAttempts as ciFixAttemptsTable, issueAssignments as issueAssignmentsTable, commentMentions as commentMentionsTable, channels as channelsTable, channelMembers as channelMembersTable, } from './schema.js';
-import { getDb, closeDb, runMigrations, getRawPool, userQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, linkedDaemonQueries, projectGroupQueries, repositoryQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries } from './drizzle.js';
+export type { User, NewUser, UserEmail, NewUserEmail, GitHubInstallation, NewGitHubInstallation, Credential, NewCredential, Workspace, NewWorkspace, WorkspaceConfig, WorkspaceAgentPolicy, AgentPolicyRule, WorkspaceMember, NewWorkspaceMember, ProjectGroup, NewProjectGroup, CoordinatorAgentConfig, ProjectAgentConfig, Repository, NewRepository, LinkedDaemon, NewLinkedDaemon, Subscription, NewSubscription, UsageRecord, NewUsageRecord, CIAnnotation, CIFailureEvent, NewCIFailureEvent, CIFixAttempt, NewCIFixAttempt, CICheckStrategy, CIWebhookConfig, IssueAssignment, NewIssueAssignment, CommentMention, NewCommentMention, AgentTriggerConfig, Channel, NewChannel, ChannelMember, NewChannelMember, } from './schema.js';
+export { users as usersTable, userEmails as userEmailsTable, githubInstallations as githubInstallationsTable, credentials as credentialsTable, workspaces as workspacesTable, workspaceMembers as workspaceMembersTable, projectGroups as projectGroupsTable, repositories as repositoriesTable, linkedDaemons as linkedDaemonsTable, subscriptions as subscriptionsTable, usageRecords as usageRecordsTable, ciFailureEvents as ciFailureEventsTable, ciFixAttempts as ciFixAttemptsTable, issueAssignments as issueAssignmentsTable, commentMentions as commentMentionsTable, channels as channelsTable, channelMembers as channelMembersTable, } from './schema.js';
+import { getDb, closeDb, runMigrations, getRawPool, userQueries, userEmailQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, linkedDaemonQueries, projectGroupQueries, repositoryQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries } from './drizzle.js';
 import { bulkInsertMessages, streamingBulkInsert, optimizedBulkInsert, getPoolStats, checkPoolHealth, type BulkInsertResult } from './bulk-ingest.js';
 export type PlanType = 'free' | 'pro' | 'team' | 'enterprise';
 export type WorkspaceMemberRole = 'owner' | 'admin' | 'member' | 'viewer';
 export declare const db: {
     users: import("./drizzle.js").UserQueries;
+    userEmails: import("./drizzle.js").UserEmailQueries;
     githubInstallations: import("./drizzle.js").GitHubInstallationQueries;
     credentials: import("./drizzle.js").CredentialQueries;
     workspaces: import("./drizzle.js").WorkspaceQueries;
@@ -48,7 +49,7 @@ export declare const db: {
     close: typeof closeDb;
     runMigrations: typeof runMigrations;
 };
-export { userQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, projectGroupQueries, repositoryQueries, linkedDaemonQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries, };
+export { userQueries, userEmailQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, projectGroupQueries, repositoryQueries, linkedDaemonQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries, };
 export { getDb, closeDb, runMigrations, getRawPool };
 export { bulkInsertMessages, streamingBulkInsert, optimizedBulkInsert, getPoolStats, checkPoolHealth, type BulkInsertResult, };
 export declare function initializeDatabase(): Promise<void>;

package/packages/cloud/dist/db/index.js

@@ -8,15 +8,17 @@
  * Run migrations: npm run db:migrate
  */
 // Re-export schema tables for direct access if needed
-export { users as usersTable, githubInstallations as githubInstallationsTable, credentials as credentialsTable, workspaces as workspacesTable, workspaceMembers as workspaceMembersTable, projectGroups as projectGroupsTable, repositories as repositoriesTable, linkedDaemons as linkedDaemonsTable, subscriptions as subscriptionsTable, usageRecords as usageRecordsTable, ciFailureEvents as ciFailureEventsTable, ciFixAttempts as ciFixAttemptsTable, issueAssignments as issueAssignmentsTable, commentMentions as commentMentionsTable, channels as channelsTable, channelMembers as channelMembersTable, } from './schema.js';
+export { users as usersTable, userEmails as userEmailsTable, githubInstallations as githubInstallationsTable, credentials as credentialsTable, workspaces as workspacesTable, workspaceMembers as workspaceMembersTable, projectGroups as projectGroupsTable, repositories as repositoriesTable, linkedDaemons as linkedDaemonsTable, subscriptions as subscriptionsTable, usageRecords as usageRecordsTable, ciFailureEvents as ciFailureEventsTable, ciFixAttempts as ciFixAttemptsTable, issueAssignments as issueAssignmentsTable, commentMentions as commentMentionsTable, channels as channelsTable, channelMembers as channelMembersTable, } from './schema.js';
 // Import query modules
-import { getDb, closeDb, runMigrations, getRawPool, userQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, linkedDaemonQueries, projectGroupQueries, repositoryQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries, channelQueries, channelMemberQueries, } from './drizzle.js';
+import { getDb, closeDb, runMigrations, getRawPool, userQueries, userEmailQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, linkedDaemonQueries, projectGroupQueries, repositoryQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries, channelQueries, channelMemberQueries, } from './drizzle.js';
 // Bulk ingest utilities for high-volume message sync to cloud
 import { bulkInsertMessages, streamingBulkInsert, optimizedBulkInsert, getPoolStats, checkPoolHealth, } from './bulk-ingest.js';
 // Export the db object with all query namespaces
 export const db = {
     // User operations
     users: userQueries,
+    // User email operations (for GitHub-linked emails and account reconciliation)
+    userEmails: userEmailQueries,
     // GitHub App installation operations
     githubInstallations: githubInstallationQueries,
     // Credential operations
@@ -55,7 +57,7 @@ export const db = {
     runMigrations,
 };
 // Export query objects for direct import
-export { userQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, projectGroupQueries, repositoryQueries, linkedDaemonQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries, };
+export { userQueries, userEmailQueries, githubInstallationQueries, credentialQueries, workspaceQueries, workspaceMemberQueries, projectGroupQueries, repositoryQueries, linkedDaemonQueries, ciFailureEventQueries, ciFixAttemptQueries, issueAssignmentQueries, commentMentionQueries, };
 // Export database utilities
 export { getDb, closeDb, runMigrations, getRawPool };
 // Bulk ingest utilities for direct import

package/packages/cloud/dist/db/schema.d.ts

@@ -33,7 +33,7 @@ export declare const users: import("drizzle-orm/pg-core").PgTableWithColumns<{
             columnType: "PgVarchar";
             data: string;
             driverParam: string;
-            notNull: true;
+            notNull: false;
             hasDefault: false;
             isPrimaryKey: false;
             isAutoincrement: false;
@@ -52,7 +52,7 @@ export declare const users: import("drizzle-orm/pg-core").PgTableWithColumns<{
             columnType: "PgVarchar";
             data: string;
             driverParam: string;
-            notNull: true;
+            notNull: false;
             hasDefault: false;
             isPrimaryKey: false;
             isAutoincrement: false;
@@ -83,6 +83,97 @@ export declare const users: import("drizzle-orm/pg-core").PgTableWithColumns<{
         }, {}, {
             length: 255;
         }>;
+        passwordHash: import("drizzle-orm/pg-core").PgColumn<{
+            name: "password_hash";
+            tableName: "users";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        emailVerified: import("drizzle-orm/pg-core").PgColumn<{
+            name: "email_verified";
+            tableName: "users";
+            dataType: "boolean";
+            columnType: "PgBoolean";
+            data: boolean;
+            driverParam: boolean;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        emailVerificationToken: import("drizzle-orm/pg-core").PgColumn<{
+            name: "email_verification_token";
+            tableName: "users";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        emailVerificationExpires: import("drizzle-orm/pg-core").PgColumn<{
+            name: "email_verification_expires";
+            tableName: "users";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        displayName: import("drizzle-orm/pg-core").PgColumn<{
+            name: "display_name";
+            tableName: "users";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
         avatarUrl: import("drizzle-orm/pg-core").PgColumn<{
             name: "avatar_url";
             tableName: "users";
@@ -256,6 +347,157 @@ export declare const usersRelations: import("drizzle-orm").Relations<"users", {
     repositories: import("drizzle-orm").Many<"repositories">;
     linkedDaemons: import("drizzle-orm").Many<"linked_daemons">;
     installedGitHubApps: import("drizzle-orm").Many<"github_installations">;
+    emails: import("drizzle-orm").Many<"user_emails">;
+}>;
+export declare const userEmails: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "user_emails";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "user_emails";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        userId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "user_id";
+            tableName: "user_emails";
+            dataType: "string";
+            columnType: "PgUUID";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        email: import("drizzle-orm/pg-core").PgColumn<{
+            name: "email";
+            tableName: "user_emails";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        verified: import("drizzle-orm/pg-core").PgColumn<{
+            name: "verified";
+            tableName: "user_emails";
+            dataType: "boolean";
+            columnType: "PgBoolean";
+            data: boolean;
+            driverParam: boolean;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        primary: import("drizzle-orm/pg-core").PgColumn<{
+            name: "primary";
+            tableName: "user_emails";
+            dataType: "boolean";
+            columnType: "PgBoolean";
+            data: boolean;
+            driverParam: boolean;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        source: import("drizzle-orm/pg-core").PgColumn<{
+            name: "source";
+            tableName: "user_emails";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 50;
+        }>;
+        createdAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "created_at";
+            tableName: "user_emails";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        updatedAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "updated_at";
+            tableName: "user_emails";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+export declare const userEmailsRelations: import("drizzle-orm").Relations<"user_emails", {
+    user: import("drizzle-orm").One<"users", true>;
 }>;
 export declare const githubInstallations: import("drizzle-orm/pg-core").PgTableWithColumns<{
     name: "github_installations";
@@ -2785,6 +3027,8 @@ export declare const agentSummaries: import("drizzle-orm/pg-core").PgTableWithCo
 }>;
 export type User = typeof users.$inferSelect;
 export type NewUser = typeof users.$inferInsert;
+export type UserEmail = typeof userEmails.$inferSelect;
+export type NewUserEmail = typeof userEmails.$inferInsert;
 export type GitHubInstallation = typeof githubInstallations.$inferSelect;
 export type NewGitHubInstallation = typeof githubInstallations.$inferInsert;
 export type Credential = typeof credentials.$inferSelect;