doer-agent 0.5.0 → 0.5.2

package/dist/agent-codex-cli.js

@@ -46,9 +46,29 @@ export function buildManagedCodexArgs(args) {
     ];
 }
 export function buildDaemonMcpConfigArgs(args) {
-    const serverName = args.serverName?.trim() || "doer_daemon";
-    const distEntry = path.join(args.agentProjectDir, "dist", "daemon-mcp-server.js");
-    const srcEntry = path.join(args.agentProjectDir, "src", "daemon-mcp-server.ts");
+    return buildWorkspaceMcpConfigArgs({
+        agentProjectDir: args.agentProjectDir,
+        workspaceRoot: args.workspaceRoot,
+        serverName: args.serverName?.trim() || "doer_daemon",
+        distEntryRelativePath: path.join("dist", "daemon-mcp-server.js"),
+        srcEntryRelativePath: path.join("src", "daemon-mcp-server.ts"),
+        workspaceRootEnvName: "DOER_DAEMON_WORKSPACE_ROOT",
+    });
+}
+export function buildDatabaseMcpConfigArgs(args) {
+    return buildWorkspaceMcpConfigArgs({
+        agentProjectDir: args.agentProjectDir,
+        workspaceRoot: args.workspaceRoot,
+        serverName: args.serverName?.trim() || "doer_database",
+        distEntryRelativePath: path.join("dist", "db-mcp-server.js"),
+        srcEntryRelativePath: path.join("src", "db-mcp-server.ts"),
+        workspaceRootEnvName: "DOER_DB_WORKSPACE_ROOT",
+    });
+}
+function buildWorkspaceMcpConfigArgs(args) {
+    const serverName = args.serverName.trim();
+    const distEntry = path.join(args.agentProjectDir, args.distEntryRelativePath);
+    const srcEntry = path.join(args.agentProjectDir, args.srcEntryRelativePath);
     const tsxLoaderPath = path.join(args.agentProjectDir, "node_modules", "tsx", "dist", "loader.mjs");
     const command = process.execPath;
     const commandArgs = existsSync(distEntry)
@@ -60,7 +80,7 @@ export function buildDaemonMcpConfigArgs(args) {
         "--config",
         `mcp_servers.${serverName}.args=${toTomlStringArray(commandArgs)}`,
         "--config",
-        `mcp_servers.${serverName}.env.DOER_DAEMON_WORKSPACE_ROOT=${toTomlStringLiteral(args.workspaceRoot)}`,
+        `mcp_servers.${serverName}.env.${args.workspaceRootEnvName}=${toTomlStringLiteral(args.workspaceRoot)}`,
         "--config",
         `mcp_servers.${serverName}.enabled=true`,
     ];

package/dist/agent-settings-rpc.js

@@ -1,15 +1,25 @@
 import { readFile } from "node:fs/promises";
+import { createConnection as createMysqlConnection } from "mysql2/promise";
 import { StringCodec } from "nats";
-import { normalizeAgentSettingsConfig, normalizeAgentSettingsPatch, readAgentSettingsConfig, resolveAgentSettingsFilePath, toAgentSettingsPublic, writeAgentModelInstructions, writeAgentSettingsConfig, } from "./agent-settings.js";
+import { Client as PostgresClient } from "pg";
+import { normalizeAgentDatabaseConnection, normalizeAgentSettingsConfig, normalizeAgentSettingsPatch, readAgentSettingsConfig, resolveAgentDatabaseConnectionUrl, resolveAgentSettingsFilePath, toAgentSettingsPublic, writeAgentModelInstructions, writeAgentSettingsConfig, } from "./agent-settings.js";
 const settingsRpcCodec = StringCodec();
 function normalizeSettingsRpcRequest(args) {
     const requestId = typeof args.request.requestId === "string" ? args.request.requestId.trim() : "";
     const responseSubject = typeof args.request.responseSubject === "string" ? args.request.responseSubject.trim() : "";
     const requestAgentId = typeof args.request.agentId === "string" ? args.request.agentId.trim() : "";
-    const action = args.request.action === "update" ? "update" : "get";
+    const action = args.request.action === "update"
+        ? "update"
+        : args.request.action === "test_database_connection"
+            ? "test_database_connection"
+            : "get";
     if (!requestId || !responseSubject || !requestAgentId || requestAgentId !== args.agentId) {
         throw new Error("invalid settings rpc request");
     }
+    const connection = args.request.connection === undefined ? null : normalizeAgentDatabaseConnection(args.request.connection);
+    if (action === "test_database_connection" && !connection) {
+        throw new Error("invalid database connection test payload");
+    }
     return {
         requestId,
         responseSubject,
@@ -18,11 +28,69 @@ function normalizeSettingsRpcRequest(args) {
         defaults: args.request.defaults && typeof args.request.defaults === "object" && !Array.isArray(args.request.defaults)
             ? normalizeAgentSettingsConfig(args.request.defaults)
             : null,
+        connection,
     };
 }
 function publishSettingsRpcResponse(args) {
     args.nc.publish(args.responseSubject, settingsRpcCodec.encode(JSON.stringify(args.payload)));
 }
+async function testDatabaseConnection(connection) {
+    const connectionUrl = resolveAgentDatabaseConnectionUrl(connection);
+    if (!connectionUrl) {
+        if (connection.connection.mode === "env") {
+            throw new Error(`Database URL env is missing: ${connection.connection.urlEnv}`);
+        }
+        throw new Error(`Database URL is missing for connection: ${connection.id}`);
+    }
+    const startedAt = Date.now();
+    if (connection.provider === "mysql") {
+        const client = await createMysqlConnection({
+            uri: connectionUrl,
+            connectTimeout: 5_000,
+        });
+        try {
+            const [rows] = await client.query("SELECT DATABASE() AS database_name, VERSION() AS version");
+            const firstRow = Array.isArray(rows)
+                ? rows[0]
+                : undefined;
+            const latencyMs = Date.now() - startedAt;
+            const database = firstRow?.database_name ?? null;
+            const serverVersion = firstRow?.version ?? null;
+            return {
+                ok: true,
+                provider: connection.provider,
+                message: `Connected to MySQL${database ? ` (${database})` : ""} in ${latencyMs}ms`,
+                latencyMs,
+                database,
+                serverVersion,
+            };
+        }
+        finally {
+            await client.end().catch(() => undefined);
+        }
+    }
+    const client = new PostgresClient({
+        connectionString: connectionUrl,
+        connectionTimeoutMillis: 5_000,
+    });
+    await client.connect();
+    try {
+        const result = await client.query("SELECT current_database() AS database_name, version() AS version");
+        const firstRow = result.rows[0] ?? { database_name: null, version: null };
+        const latencyMs = Date.now() - startedAt;
+        return {
+            ok: true,
+            provider: connection.provider,
+            message: `Connected to PostgreSQL${firstRow.database_name ? ` (${firstRow.database_name})` : ""} in ${latencyMs}ms`,
+            latencyMs,
+            database: firstRow.database_name,
+            serverVersion: firstRow.version,
+        };
+    }
+    finally {
+        await client.end().catch(() => undefined);
+    }
+}
 export async function handleSettingsRpcMessage(args) {
     let requestId = "unknown";
     let responseSubject = "";
@@ -31,6 +99,18 @@ export async function handleSettingsRpcMessage(args) {
         const request = normalizeSettingsRpcRequest({ request: payload, agentId: args.agentId });
         requestId = request.requestId;
         responseSubject = request.responseSubject;
+        if (request.action === "test_database_connection") {
+            publishSettingsRpcResponse({
+                nc: args.nc,
+                responseSubject,
+                payload: {
+                    requestId,
+                    ok: true,
+                    testResult: await testDatabaseConnection(request.connection),
+                },
+            });
+            return;
+        }
         const existing = await readAgentSettingsConfig({ workspaceRoot: args.workspaceRoot, defaults: request.defaults });
         const next = request.action === "update" ? normalizeAgentSettingsConfig(request.patch, existing) : existing;
         if (request.action === "update") {

package/dist/agent-settings.js

@@ -34,13 +34,6 @@ export function createDefaultAgentSettingsConfig() {
             oauthLogin: null,
             oauthScope: null,
         },
-        aws: {
-            enabled: true,
-            accessKeyId: null,
-            defaultRegion: null,
-            secretAccessKey: null,
-            sessionToken: null,
-        },
         jira: {
             baseUrl: null,
             email: null,
@@ -63,6 +56,13 @@ export function createDefaultAgentSettingsConfig() {
             enabled: false,
             apiToken: null,
         },
+        env: {
+            variables: [],
+        },
+        databases: {
+            defaultConnectionId: null,
+            connections: [],
+        },
     };
 }
 function normalizeNullableString(value) {
@@ -78,6 +78,137 @@ function normalizeNullableString(value) {
 function normalizeCodexPersonality(value, fallback) {
     return value === "friendly" || value === "pragmatic" ? value : fallback;
 }
+function normalizeDatabaseConnectionId(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim().toLowerCase();
+    if (!trimmed || !/^[a-z0-9][a-z0-9._-]{0,63}$/.test(trimmed)) {
+        return null;
+    }
+    return trimmed;
+}
+function normalizeEnvVarName(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    if (!trimmed || !/^[A-Z_][A-Z0-9_]*$/.test(trimmed)) {
+        return null;
+    }
+    return trimmed;
+}
+function normalizeAgentDatabaseProvider(value) {
+    return value === "mysql" ? "mysql" : "postgres";
+}
+function normalizeAgentDatabaseConnectionSecret(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    const raw = value;
+    const mode = raw.mode === "env" ? "env" : raw.mode === "url" ? "url" : null;
+    if (mode === "env") {
+        const urlEnv = normalizeEnvVarName(raw.urlEnv);
+        return urlEnv ? { mode, urlEnv } : null;
+    }
+    if (mode === "url") {
+        const url = normalizeNullableString(raw.url);
+        return url ? { mode, url } : null;
+    }
+    return null;
+}
+export function normalizeAgentDatabaseConnection(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    const raw = value;
+    const id = normalizeDatabaseConnectionId(raw.id);
+    const connection = normalizeAgentDatabaseConnectionSecret(raw.connection);
+    if (!id || !connection) {
+        return null;
+    }
+    return {
+        id,
+        description: raw.description === null ? null : normalizeNullableString(raw.description),
+        provider: normalizeAgentDatabaseProvider(raw.provider),
+        enabled: typeof raw.enabled === "boolean" ? raw.enabled : true,
+        readOnly: typeof raw.readOnly === "boolean" ? raw.readOnly : true,
+        connection,
+    };
+}
+function normalizeAgentDatabaseSettings(value, fallback) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return fallback;
+    }
+    const raw = value;
+    const connectionsRaw = Array.isArray(raw.connections) ? raw.connections : [];
+    const connections = [];
+    const seenIds = new Set();
+    for (const item of connectionsRaw) {
+        const normalized = normalizeAgentDatabaseConnection(item);
+        if (!normalized || seenIds.has(normalized.id)) {
+            continue;
+        }
+        seenIds.add(normalized.id);
+        connections.push(normalized);
+    }
+    const requestedDefault = raw.defaultConnectionId === null ? null : normalizeDatabaseConnectionId(raw.defaultConnectionId);
+    const defaultConnectionId = requestedDefault && connections.some((connection) => connection.id === requestedDefault)
+        ? requestedDefault
+        : connections.some((connection) => connection.id === fallback.defaultConnectionId)
+            ? fallback.defaultConnectionId
+            : connections[0]?.id ?? null;
+    return {
+        defaultConnectionId,
+        connections,
+    };
+}
+function normalizeAgentEnvironmentVariable(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    const raw = value;
+    const key = normalizeEnvVarName(raw.key);
+    if (!key || typeof raw.value !== "string") {
+        return null;
+    }
+    return {
+        key,
+        value: raw.value.replace(/\r/g, ""),
+    };
+}
+function normalizeAgentEnvironmentSettings(value, fallback) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return fallback;
+    }
+    const raw = value;
+    const variablesRaw = Array.isArray(raw.variables) ? raw.variables : [];
+    const variables = [];
+    const seenKeys = new Set();
+    for (const item of variablesRaw) {
+        const normalized = normalizeAgentEnvironmentVariable(item);
+        if (!normalized || seenKeys.has(normalized.key)) {
+            continue;
+        }
+        seenKeys.add(normalized.key);
+        variables.push(normalized);
+    }
+    return { variables };
+}
+export function getAgentDatabaseConnectionById(config, connectionId) {
+    const normalizedId = normalizeDatabaseConnectionId(connectionId);
+    if (!normalizedId) {
+        return null;
+    }
+    return config.databases.connections.find((connection) => connection.id === normalizedId) ?? null;
+}
+export function resolveAgentDatabaseConnectionUrl(connection) {
+    if (connection.connection.mode === "url") {
+        return connection.connection.url.trim() || null;
+    }
+    const envValue = process.env[connection.connection.urlEnv]?.trim();
+    return envValue || null;
+}
 export function normalizeAgentSettingsConfig(value, fallback) {
     const base = fallback ?? createDefaultAgentSettingsConfig();
     const raw = value && typeof value === "object" && !Array.isArray(value) ? value : {};
@@ -85,11 +216,12 @@ export function normalizeAgentSettingsConfig(value, fallback) {
     const codex = raw.codex && typeof raw.codex === "object" ? raw.codex : {};
     const realtime = raw.realtime && typeof raw.realtime === "object" ? raw.realtime : {};
     const git = raw.git && typeof raw.git === "object" ? raw.git : {};
-    const aws = raw.aws && typeof raw.aws === "object" ? raw.aws : {};
     const jira = raw.jira && typeof raw.jira === "object" ? raw.jira : {};
     const notion = raw.notion && typeof raw.notion === "object" ? raw.notion : {};
     const slack = raw.slack && typeof raw.slack === "object" ? raw.slack : {};
     const figma = raw.figma && typeof raw.figma === "object" ? raw.figma : {};
+    const env = raw.env && typeof raw.env === "object" ? raw.env : null;
+    const databases = raw.databases && typeof raw.databases === "object" ? raw.databases : null;
     return {
         general: {
             personality: normalizeCodexPersonality(general.personality, base.general.personality),
@@ -114,15 +246,6 @@ export function normalizeAgentSettingsConfig(value, fallback) {
             oauthLogin: git.oauthLogin === null ? null : normalizeNullableString(git.oauthLogin) ?? base.git.oauthLogin,
             oauthScope: git.oauthScope === null ? null : normalizeNullableString(git.oauthScope) ?? base.git.oauthScope,
         },
-        aws: {
-            enabled: typeof aws.enabled === "boolean" ? aws.enabled : base.aws.enabled,
-            accessKeyId: aws.accessKeyId === null ? null : normalizeNullableString(aws.accessKeyId) ?? base.aws.accessKeyId,
-            defaultRegion: aws.defaultRegion === null ? null : normalizeNullableString(aws.defaultRegion) ?? base.aws.defaultRegion,
-            secretAccessKey: aws.secretAccessKey === null
-                ? null
-                : normalizeNullableString(aws.secretAccessKey) ?? base.aws.secretAccessKey,
-            sessionToken: aws.sessionToken === null ? null : normalizeNullableString(aws.sessionToken) ?? base.aws.sessionToken,
-        },
         jira: {
             baseUrl: jira.baseUrl === null ? null : normalizeNullableString(jira.baseUrl) ?? base.jira.baseUrl,
             email: jira.email === null ? null : normalizeNullableString(jira.email) ?? base.jira.email,
@@ -145,6 +268,8 @@ export function normalizeAgentSettingsConfig(value, fallback) {
             enabled: typeof figma.enabled === "boolean" ? figma.enabled : base.figma.enabled,
             apiToken: figma.apiToken === null ? null : normalizeNullableString(figma.apiToken) ?? base.figma.apiToken,
         },
+        env: normalizeAgentEnvironmentSettings(env, base.env),
+        databases: normalizeAgentDatabaseSettings(databases, base.databases),
     };
 }
 export async function readAgentSettingsConfig(args) {
@@ -195,8 +320,6 @@ function toMaskedSecret(value) {
 export async function toAgentSettingsPublic(args) {
     const realtimeKey = toMaskedSecret(args.config.realtime.apiKey);
     const gitOauth = toMaskedSecret(args.config.git.oauthToken);
-    const awsSecret = toMaskedSecret(args.config.aws.secretAccessKey);
-    const awsSession = toMaskedSecret(args.config.aws.sessionToken);
     const jiraToken = toMaskedSecret(args.config.jira.apiToken);
     const notionToken = toMaskedSecret(args.config.notion.apiToken);
     const slackToken = toMaskedSecret(args.config.slack.botToken);
@@ -234,17 +357,6 @@ export async function toAgentSettingsPublic(args) {
             oauthLogin: args.config.git.oauthLogin,
             oauthScope: args.config.git.oauthScope,
         },
-        aws: {
-            enabled: args.config.aws.enabled,
-            accessKeyId: args.config.aws.accessKeyId,
-            defaultRegion: args.config.aws.defaultRegion,
-            hasSecretAccessKey: awsSecret.has,
-            secretAccessKeyMasked: awsSecret.masked,
-            secretAccessKeyLength: awsSecret.length,
-            hasSessionToken: awsSession.has,
-            sessionTokenMasked: awsSession.masked,
-            sessionTokenLength: awsSession.length,
-        },
         jira: {
             baseUrl: args.config.jira.baseUrl,
             email: args.config.jira.email,
@@ -275,6 +387,31 @@ export async function toAgentSettingsPublic(args) {
             apiTokenMasked: figmaToken.masked,
             apiTokenLength: figmaToken.length,
         },
+        env: {
+            variables: args.config.env.variables.map((variable) => ({
+                key: variable.key,
+                value: variable.value,
+            })),
+        },
+        databases: {
+            defaultConnectionId: args.config.databases.defaultConnectionId,
+            connections: args.config.databases.connections.map((connection) => ({
+                id: connection.id,
+                description: connection.description,
+                provider: connection.provider,
+                enabled: connection.enabled,
+                readOnly: connection.readOnly,
+                connection: connection.connection.mode === "url"
+                    ? {
+                        mode: "url",
+                        url: connection.connection.url,
+                    }
+                    : {
+                        mode: "env",
+                        urlEnv: connection.connection.urlEnv,
+                    },
+            })),
+        },
     };
 }
 export function normalizeAgentSettingsPatch(value) {
@@ -312,11 +449,6 @@ export function normalizeAgentSettingsPatch(value) {
     move("gitOauthToken", "git", "oauthToken");
     move("gitOauthLogin", "git", "oauthLogin");
     move("gitOauthScope", "git", "oauthScope");
-    move("awsEnabled", "aws", "enabled");
-    move("awsAccessKeyId", "aws", "accessKeyId");
-    move("awsDefaultRegion", "aws", "defaultRegion");
-    move("awsSecretAccessKey", "aws", "secretAccessKey");
-    move("awsSessionToken", "aws", "sessionToken");
     move("jiraBaseUrl", "jira", "baseUrl");
     move("jiraEmail", "jira", "email");
     move("jiraEnabled", "jira", "enabled");
@@ -331,6 +463,7 @@ export function normalizeAgentSettingsPatch(value) {
     move("figmaBaseUrl", "figma", "baseUrl");
     move("figmaEnabled", "figma", "enabled");
     move("figmaApiToken", "figma", "apiToken");
+    move("environmentVariables", "env", "variables");
     return patch;
 }
 export function buildAgentSettingsEnvPatch(config) {
@@ -353,18 +486,6 @@ export function buildAgentSettingsEnvPatch(config) {
         if (config.git.oauthScope)
             envPatch.DOER_GIT_OAUTH_SCOPE = config.git.oauthScope;
     }
-    if (config.aws.enabled) {
-        if (config.aws.accessKeyId)
-            envPatch.AWS_ACCESS_KEY_ID = config.aws.accessKeyId;
-        if (config.aws.defaultRegion)
-            envPatch.AWS_DEFAULT_REGION = config.aws.defaultRegion;
-        if (config.aws.defaultRegion)
-            envPatch.AWS_REGION = config.aws.defaultRegion;
-        if (config.aws.secretAccessKey)
-            envPatch.AWS_SECRET_ACCESS_KEY = config.aws.secretAccessKey;
-        if (config.aws.sessionToken)
-            envPatch.AWS_SESSION_TOKEN = config.aws.sessionToken;
-    }
     if (config.jira.enabled) {
         if (config.jira.baseUrl)
             envPatch.JIRA_BASE_URL = config.jira.baseUrl;
@@ -393,5 +514,8 @@ export function buildAgentSettingsEnvPatch(config) {
         if (config.figma.apiToken)
             envPatch.FIGMA_API_TOKEN = config.figma.apiToken;
     }
+    for (const variable of config.env.variables) {
+        envPatch[variable.key] = variable.value;
+    }
     return envPatch;
 }

package/dist/agent.js

@@ -7,7 +7,7 @@ import { handleFsRpcMessage } from "./agent-fs-rpc.js";
 import { handleGitRpcMessage } from "./agent-git-rpc.js";
 import { subscribeToCodexAuthRpc } from "./agent-codex-auth-rpc.js";
 import { subscribeToDaemonRpc } from "./agent-daemon-rpc.js";
-import { buildDaemonMcpConfigArgs, buildManagedCodexArgs, createLocalCodexCliTools, normalizeCodexModel, normalizeShellRpcCodexAuthBundle, spawnManagedCodexCommand, } from "./agent-codex-cli.js";
+import { buildDaemonMcpConfigArgs, buildDatabaseMcpConfigArgs, buildManagedCodexArgs, createLocalCodexCliTools, normalizeCodexModel, normalizeShellRpcCodexAuthBundle, spawnManagedCodexCommand, } from "./agent-codex-cli.js";
 import { connectBootstrapWithRetry } from "./agent-jetstream.js";
 import { prepareCommandExecution } from "./agent-run-execution.js";
 import { attachManagedRunProcessLifecycle, createPendingRunSessionTracker } from "./agent-run-lifecycle.js";
@@ -274,10 +274,16 @@ async function handleRunRpcMessage(args) {
                         model: request.model,
                         personality: localAgentSettings.general.personality,
                         modelInstructionsFile: customInstructions ? resolveAgentModelInstructionsFilePath(workspaceRoot) : null,
-                        configOverrides: buildDaemonMcpConfigArgs({
-                            agentProjectDir: AGENT_PROJECT_DIR,
-                            workspaceRoot,
-                        }),
+                        configOverrides: [
+                            ...buildDaemonMcpConfigArgs({
+                                agentProjectDir: AGENT_PROJECT_DIR,
+                                workspaceRoot,
+                            }),
+                            ...buildDatabaseMcpConfigArgs({
+                                agentProjectDir: AGENT_PROJECT_DIR,
+                                workspaceRoot,
+                            }),
+                        ],
                     }),
                     cwd: request.cwd,
                     runtimeEnvPatch: request.runtimeEnvPatch,

package/dist/db-mcp-server.js

@@ -0,0 +1,377 @@
+import path from "node:path";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { createPool } from "mysql2/promise";
+import { Pool as PostgresPool } from "pg";
+import * as z from "zod/v4";
+import { getAgentDatabaseConnectionById, readAgentSettingsConfig, resolveAgentDatabaseConnectionUrl, } from "./agent-settings.js";
+const DEFAULT_ROW_LIMIT = 200;
+const MAX_ROW_LIMIT = 1000;
+const DEFAULT_TIMEOUT_MS = 10_000;
+const MAX_TIMEOUT_MS = 30_000;
+const postgresPoolByKey = new Map();
+const mysqlPoolByKey = new Map();
+function parseWorkspaceRoot(argv) {
+    const flagIndex = argv.findIndex((token) => token === "--workspace-root");
+    const flagValue = flagIndex >= 0 ? argv[flagIndex + 1] : "";
+    const envValue = process.env.DOER_DB_WORKSPACE_ROOT?.trim() || process.env.WORKSPACE?.trim() || process.cwd();
+    return path.resolve((flagValue || envValue || process.cwd()).trim());
+}
+function formatJson(value) {
+    return JSON.stringify(value, null, 2);
+}
+function clampNumber(value, fallback, max) {
+    if (!Number.isFinite(value)) {
+        return fallback;
+    }
+    return Math.max(1, Math.min(max, Math.trunc(value)));
+}
+function normalizeSql(sql) {
+    const trimmed = sql.trim().replace(/;+$/g, "").trim();
+    if (!trimmed) {
+        throw new Error("sql is required");
+    }
+    if (trimmed.includes(";")) {
+        throw new Error("Multiple SQL statements are not supported");
+    }
+    return trimmed;
+}
+function requireConnection(args) {
+    const enabledConnections = args.settings.databases.connections.filter((connection) => connection.enabled);
+    const requestedId = args.connectionId?.trim() || args.settings.databases.defaultConnectionId || enabledConnections[0]?.id || "";
+    const connection = getAgentDatabaseConnectionById(args.settings, requestedId);
+    if (!connection || !connection.enabled) {
+        throw new Error(requestedId
+            ? `Database connection not found or disabled: ${requestedId}`
+            : "No enabled database connections are configured");
+    }
+    return connection;
+}
+function requireConnectionUrl(connection) {
+    const url = resolveAgentDatabaseConnectionUrl(connection);
+    if (!url) {
+        if (connection.connection.mode === "env") {
+            throw new Error(`Database URL env is missing: ${connection.connection.urlEnv}`);
+        }
+        throw new Error(`Database URL is missing for connection: ${connection.id}`);
+    }
+    return url;
+}
+function getPostgresPool(connection) {
+    const connectionUrl = requireConnectionUrl(connection);
+    const key = `${connection.provider}:${connection.id}:${connectionUrl}`;
+    const existing = postgresPoolByKey.get(key);
+    if (existing) {
+        return existing;
+    }
+    const pool = new PostgresPool({
+        connectionString: connectionUrl,
+        max: 4,
+    });
+    postgresPoolByKey.set(key, pool);
+    return pool;
+}
+function getMysqlPool(connection) {
+    const connectionUrl = requireConnectionUrl(connection);
+    const key = `${connection.provider}:${connection.id}:${connectionUrl}`;
+    const existing = mysqlPoolByKey.get(key);
+    if (existing) {
+        return existing;
+    }
+    const pool = createPool({
+        uri: connectionUrl,
+        connectionLimit: 4,
+        namedPlaceholders: false,
+        multipleStatements: false,
+    });
+    mysqlPoolByKey.set(key, pool);
+    return pool;
+}
+function serializeRow(row) {
+    return Object.fromEntries(Object.entries(row));
+}
+async function runPostgresSql(args) {
+    const pool = getPostgresPool(args.connection);
+    const client = await pool.connect();
+    const rowLimit = clampNumber(args.rowLimit, DEFAULT_ROW_LIMIT, MAX_ROW_LIMIT);
+    const timeoutMs = clampNumber(args.timeoutMs, DEFAULT_TIMEOUT_MS, MAX_TIMEOUT_MS);
+    let inTransaction = false;
+    try {
+        await client.query("BEGIN");
+        inTransaction = true;
+        await client.query(`SET LOCAL statement_timeout = ${timeoutMs}`);
+        if (args.connection.readOnly) {
+            await client.query("SET TRANSACTION READ ONLY");
+        }
+        const result = await client.query(normalizeSql(args.sql));
+        await client.query("COMMIT");
+        inTransaction = false;
+        return {
+            connectionId: args.connection.id,
+            rowCount: result.rowCount ?? result.rows.length,
+            rows: result.rows.slice(0, rowLimit).map((row) => serializeRow(row)),
+            fields: result.fields.map((field) => field.name),
+            truncated: result.rows.length > rowLimit,
+            readOnly: args.connection.readOnly,
+        };
+    }
+    catch (error) {
+        if (inTransaction) {
+            await client.query("ROLLBACK").catch(() => undefined);
+        }
+        throw error;
+    }
+    finally {
+        client.release();
+    }
+}
+async function runMysqlSql(args) {
+    const pool = getMysqlPool(args.connection);
+    const client = await pool.getConnection();
+    const rowLimit = clampNumber(args.rowLimit, DEFAULT_ROW_LIMIT, MAX_ROW_LIMIT);
+    const timeoutMs = clampNumber(args.timeoutMs, DEFAULT_TIMEOUT_MS, MAX_TIMEOUT_MS);
+    let inTransaction = false;
+    try {
+        await client.query(args.connection.readOnly ? "START TRANSACTION READ ONLY" : "START TRANSACTION");
+        inTransaction = true;
+        const [rows, fields] = await client.query({
+            sql: normalizeSql(args.sql),
+            timeout: timeoutMs,
+        });
+        await client.query("COMMIT");
+        inTransaction = false;
+        if (Array.isArray(rows)) {
+            const rowPackets = rows;
+            const fieldPackets = Array.isArray(fields) ? fields : [];
+            return {
+                connectionId: args.connection.id,
+                rowCount: rowPackets.length,
+                rows: rowPackets.slice(0, rowLimit).map((row) => serializeRow(row)),
+                fields: fieldPackets.map((field) => field.name),
+                truncated: rowPackets.length > rowLimit,
+                readOnly: args.connection.readOnly,
+            };
+        }
+        const result = rows;
+        return {
+            connectionId: args.connection.id,
+            rowCount: typeof result.affectedRows === "number" ? result.affectedRows : 0,
+            rows: [],
+            fields: [],
+            truncated: false,
+            readOnly: args.connection.readOnly,
+        };
+    }
+    catch (error) {
+        if (inTransaction) {
+            await client.query("ROLLBACK").catch(() => undefined);
+        }
+        throw error;
+    }
+    finally {
+        client.release();
+    }
+}
+async function runSql(args) {
+    if (args.connection.provider === "mysql") {
+        return runMysqlSql(args);
+    }
+    return runPostgresSql(args);
+}
+async function listTables(connection, schema) {
+    const normalizedSchema = schema?.trim();
+    if (connection.provider === "mysql") {
+        const pool = getMysqlPool(connection);
+        const [rows] = normalizedSchema
+            ? await pool.query(`
+            SELECT table_schema, table_name
+            FROM information_schema.tables
+            WHERE table_schema = ? AND table_type = 'BASE TABLE'
+            ORDER BY table_schema, table_name
+          `, [normalizedSchema])
+            : await pool.query(`
+            SELECT table_schema, table_name
+            FROM information_schema.tables
+            WHERE table_schema = DATABASE() AND table_type = 'BASE TABLE'
+            ORDER BY table_schema, table_name
+          `);
+        return rows.map((row) => ({
+            schema: String(row.table_schema),
+            name: String(row.table_name),
+        }));
+    }
+    const pool = getPostgresPool(connection);
+    const result = normalizedSchema
+        ? await pool.query(`
+          SELECT table_schema, table_name
+          FROM information_schema.tables
+          WHERE table_schema = $1 AND table_type = 'BASE TABLE'
+          ORDER BY table_schema, table_name
+        `, [normalizedSchema])
+        : await pool.query(`
+          SELECT table_schema, table_name
+          FROM information_schema.tables
+          WHERE table_schema NOT IN ('pg_catalog', 'information_schema')
+            AND table_type = 'BASE TABLE'
+          ORDER BY table_schema, table_name
+        `);
+    return result.rows.map((row) => ({
+        schema: String(row.table_schema),
+        name: String(row.table_name),
+    }));
+}
+async function describeTable(args) {
+    const schema = args.schema.trim();
+    const table = args.table.trim();
+    if (args.connection.provider === "mysql") {
+        const pool = getMysqlPool(args.connection);
+        const [rows] = await pool.query(`
+        SELECT column_name, column_type, is_nullable, column_default
+        FROM information_schema.columns
+        WHERE table_schema = ? AND table_name = ?
+        ORDER BY ordinal_position
+      `, [schema, table]);
+        return rows.map((row) => ({
+            name: String(row.column_name),
+            dataType: String(row.column_type),
+            nullable: String(row.is_nullable) === "YES",
+            defaultValue: row.column_default === null ? null : String(row.column_default),
+        }));
+    }
+    const pool = getPostgresPool(args.connection);
+    const result = await pool.query(`
+      SELECT column_name, data_type, is_nullable, column_default
+      FROM information_schema.columns
+      WHERE table_schema = $1 AND table_name = $2
+      ORDER BY ordinal_position
+    `, [schema, table]);
+    return result.rows.map((row) => ({
+        name: String(row.column_name),
+        dataType: String(row.data_type),
+        nullable: String(row.is_nullable) === "YES",
+        defaultValue: row.column_default === null ? null : String(row.column_default),
+    }));
+}
+async function main() {
+    const workspaceRoot = parseWorkspaceRoot(process.argv.slice(2));
+    const server = new McpServer({
+        name: "doer-database",
+        version: "0.1.0",
+    }, {
+        capabilities: {
+            tools: {},
+        },
+        instructions: "Inspect configured PostgreSQL or MySQL databases and run SQL queries through named connections.",
+    });
+    server.registerTool("db_list_connections", {
+        description: "List configured database connections available to the local agent.",
+        inputSchema: {},
+    }, async () => {
+        const settings = await readAgentSettingsConfig({ workspaceRoot });
+        const connections = settings.databases.connections
+            .filter((connection) => connection.enabled)
+            .map((connection) => ({
+            id: connection.id,
+            description: connection.description,
+            provider: connection.provider,
+            readOnly: connection.readOnly,
+            default: settings.databases.defaultConnectionId === connection.id,
+            configuredVia: connection.connection.mode,
+            urlResolved: Boolean(resolveAgentDatabaseConnectionUrl(connection)),
+        }));
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: formatJson({ connections }),
+                },
+            ],
+            structuredContent: { connections },
+        };
+    });
+    server.registerTool("db_list_tables", {
+        description: "List tables for a configured database connection.",
+        inputSchema: {
+            connectionId: z.string().optional().describe("Database connection id. Defaults to the configured default connection."),
+            schema: z.string().optional().describe("Optional schema or database name to filter by."),
+        },
+    }, async ({ connectionId, schema }) => {
+        const settings = await readAgentSettingsConfig({ workspaceRoot });
+        const connection = requireConnection({ settings, connectionId });
+        const tables = await listTables(connection, schema);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: formatJson({ connectionId: connection.id, provider: connection.provider, tables }),
+                },
+            ],
+            structuredContent: { connectionId: connection.id, provider: connection.provider, tables },
+        };
+    });
+    server.registerTool("db_describe_table", {
+        description: "Describe the columns for a specific table.",
+        inputSchema: {
+            connectionId: z.string().optional().describe("Database connection id. Defaults to the configured default connection."),
+            schema: z.string().min(1).describe("Schema name for PostgreSQL, or database name for MySQL."),
+            table: z.string().min(1).describe("Table name."),
+        },
+    }, async ({ connectionId, schema, table }) => {
+        const settings = await readAgentSettingsConfig({ workspaceRoot });
+        const connection = requireConnection({ settings, connectionId });
+        const columns = await describeTable({
+            connection,
+            schema,
+            table,
+        });
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: formatJson({ connectionId: connection.id, provider: connection.provider, schema: schema.trim(), table: table.trim(), columns }),
+                },
+            ],
+            structuredContent: {
+                connectionId: connection.id,
+                provider: connection.provider,
+                schema: schema.trim(),
+                table: table.trim(),
+                columns,
+            },
+        };
+    });
+    server.registerTool("db_query", {
+        description: "Run a SQL query through a configured database connection.",
+        inputSchema: {
+            connectionId: z.string().optional().describe("Database connection id. Defaults to the configured default connection."),
+            sql: z.string().min(1).describe("A single SQL statement to execute."),
+            rowLimit: z.number().int().min(1).max(MAX_ROW_LIMIT).optional().describe("Maximum number of rows to return."),
+            timeoutMs: z.number().int().min(1).max(MAX_TIMEOUT_MS).optional().describe("Statement timeout in milliseconds."),
+        },
+    }, async ({ connectionId, sql, rowLimit, timeoutMs }) => {
+        const settings = await readAgentSettingsConfig({ workspaceRoot });
+        const connection = requireConnection({ settings, connectionId });
+        const result = await runSql({
+            connection,
+            sql,
+            rowLimit,
+            timeoutMs,
+        });
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: formatJson({ ...result, provider: connection.provider }),
+                },
+            ],
+            structuredContent: { ...result, provider: connection.provider },
+        };
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((error) => {
+    const message = error instanceof Error ? error.stack || error.message : String(error);
+    process.stderr.write(`${message}\n`);
+    process.exit(1);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "doer-agent",
-  "version": "0.5.0",
+  "version": "0.5.2",
   "description": "Reverse-polling agent runtime for doer",
   "type": "module",
   "main": "dist/agent.js",
@@ -26,11 +26,14 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
     "@openai/codex-sdk": "^0.115.0",
+    "mysql2": "^3.22.2",
     "nats": "^2.29.3",
+    "pg": "^8.16.3",
     "tar": "^7.5.13"
   },
   "devDependencies": {
     "@types/node": "^20",
+    "@types/pg": "^8.15.5",
     "tsx": "^4.21.0",
     "typescript": "^5"
   }