kindflow 0.2.0 → 0.4.0

package/daemon.js

@@ -1,11 +1,3018 @@
 import {
-  startDaemon
-} from "./chunk-UGIMNC7O.js";
-import "./chunk-3AMW7NXZ.js";
-import "./chunk-2YT53FBK.js";
-import "./chunk-2UX7Z5TH.js";
-import "./chunk-GZFR7ELC.js";
-import "./chunk-P5P73L35.js";
+  createAgentFromTemplate,
+  deleteAgentDir,
+  generateSlug,
+  listAgentCommands,
+  readAgent,
+  scanAgents,
+  writeAgentConfig
+} from "./chunk-IIHUCTI3.js";
+import {
+  detectMode,
+  resolvePaths
+} from "./chunk-S6UDV4I6.js";
+import {
+  ImapClient,
+  buildConsentUrl,
+  buildXOAuth2Token,
+  exchangeCodeForTokens,
+  refreshAccessToken
+} from "./chunk-3AMW7NXZ.js";
+import {
+  createTelegramClient
+} from "./chunk-2YT53FBK.js";
+import {
+  createIpcHub,
+  createMessage
+} from "./chunk-2UX7Z5TH.js";
+import {
+  createS3Bucket
+} from "./chunk-GZFR7ELC.js";
+import {
+  createDatabaseClient
+} from "./chunk-P5P73L35.js";
+
+// ../daemon/src/config/config-store.ts
+import { join } from "path";
+import { homedir } from "os";
+
+// ../store/src/store.ts
+import initSqlJs from "sql.js";
+import { readFileSync, writeFileSync, mkdirSync } from "fs";
+import { dirname } from "path";
+
+// ../store/src/table.ts
+var buildWhere = (where) => {
+  const keys = Object.keys(where);
+  if (keys.length === 0) return { clause: "", values: [] };
+  const conditions = keys.map((k) => `${k} = ?`);
+  const values = keys.map((k) => where[k]);
+  return { clause: `WHERE ${conditions.join(" AND ")}`, values };
+};
+var rowsToObjects = (columns, values) => values.map((row) => {
+  const obj = {};
+  columns.forEach((col, i) => {
+    obj[col] = row[i];
+  });
+  return obj;
+});
+var buildColumnSql = (col, def) => {
+  let sql = `${col} ${def.type.toUpperCase()}`;
+  if (def.primaryKey) sql += " PRIMARY KEY";
+  if (!def.nullable && !def.primaryKey) sql += " NOT NULL";
+  if (def.default !== void 0) {
+    sql += ` DEFAULT ${typeof def.default === "string" ? `'${def.default}'` : def.default}`;
+  }
+  if (def.check) {
+    sql += ` CHECK(${col} IN (${def.check.map((v) => `'${v}'`).join(", ")}))`;
+  }
+  return sql;
+};
+var createTable = (db, saveFn, name, schema) => {
+  const columns = Object.entries(schema).map(([col, def]) => buildColumnSql(col, def));
+  db.run(`CREATE TABLE IF NOT EXISTS ${name} (${columns.join(", ")})`);
+  return {
+    /** Insert a new row into the table. */
+    insert(row) {
+      const keys = Object.keys(row);
+      const placeholders = keys.map(() => "?").join(", ");
+      const values = keys.map((k) => row[k]);
+      db.run(`INSERT INTO ${name} (${keys.join(", ")}) VALUES (${placeholders})`, values);
+      saveFn();
+    },
+    /** Find rows matching an optional WHERE clause. Returns all rows if no clause given. */
+    findMany(clause) {
+      let result;
+      if (clause) {
+        const { clause: where, values } = buildWhere(clause.where);
+        result = db.exec(`SELECT * FROM ${name} ${where}`, values);
+      } else {
+        result = db.exec(`SELECT * FROM ${name}`);
+      }
+      if (result.length === 0) return [];
+      return rowsToObjects(result[0].columns, result[0].values);
+    },
+    /** Find a single row matching the WHERE clause. Returns undefined if not found. */
+    findOne(clause) {
+      const { clause: where, values } = buildWhere(clause.where);
+      const result = db.exec(`SELECT * FROM ${name} ${where} LIMIT 1`, values);
+      if (result.length === 0 || result[0].values.length === 0) return void 0;
+      return rowsToObjects(result[0].columns, result[0].values)[0];
+    },
+    /** Update rows matching the WHERE clause. Returns the number of modified rows. */
+    update(values, clause) {
+      const setKeys = Object.keys(values);
+      const setClause = setKeys.map((k) => `${k} = ?`).join(", ");
+      const setValues = setKeys.map((k) => values[k]);
+      const { clause: where, values: whereValues } = buildWhere(clause.where);
+      db.run(`UPDATE ${name} SET ${setClause} ${where}`, [...setValues, ...whereValues]);
+      const modified = db.getRowsModified();
+      saveFn();
+      return modified;
+    },
+    /** Delete rows matching the WHERE clause. Returns the number of deleted rows. */
+    deleteRows(clause) {
+      const { clause: where, values } = buildWhere(clause.where);
+      db.run(`DELETE FROM ${name} ${where}`, values);
+      const modified = db.getRowsModified();
+      saveFn();
+      return modified;
+    },
+    /** Return every row in the table. */
+    all() {
+      const result = db.exec(`SELECT * FROM ${name}`);
+      if (result.length === 0) return [];
+      return rowsToObjects(result[0].columns, result[0].values);
+    }
+  };
+};
+
+// ../store/src/store.ts
+var createStore = async (options) => {
+  const SQL = await initSqlJs();
+  let db;
+  try {
+    const buffer = readFileSync(options.path);
+    db = new SQL.Database(buffer);
+  } catch {
+    mkdirSync(dirname(options.path), { recursive: true });
+    db = new SQL.Database();
+  }
+  const save = () => {
+    const data = db.export();
+    writeFileSync(options.path, Buffer.from(data));
+  };
+  const tables = /* @__PURE__ */ new Map();
+  for (const [name, schema] of Object.entries(options.tables)) {
+    tables.set(name, createTable(db, save, name, schema));
+  }
+  save();
+  return {
+    table(name) {
+      const t = tables.get(name);
+      if (!t) throw new Error(`Unknown table: ${name}`);
+      return t;
+    },
+    query(sql, params) {
+      const result = params ? db.exec(sql, params) : db.exec(sql);
+      if (result.length === 0) return [];
+      const { columns, values } = result[0];
+      return values.map((row) => {
+        const obj = {};
+        columns.forEach((col, i) => {
+          obj[col] = row[i];
+        });
+        return obj;
+      });
+    },
+    close() {
+      save();
+      db.close();
+    }
+  };
+};
+
+// ../daemon/src/config/schema.ts
+var configSchema = {
+  /**
+   * Singleton helper process configurations.
+   * The `kind` column is unique — only one helper per kind.
+   */
+  helpers: {
+    id: { type: "text", primaryKey: true },
+    kind: { type: "text" },
+    name: { type: "text" },
+    config: { type: "text" },
+    auto_start: { type: "integer", default: 0 },
+    created_at: { type: "text" },
+    updated_at: { type: "text" }
+  },
+  /**
+   * Global S3 bucket profiles. Shared across all agents.
+   * Credentials are referenced by AWS profile name (stored in ~/.aws/credentials).
+   */
+  s3_profiles: {
+    id: { type: "text", primaryKey: true },
+    name: { type: "text" },
+    bucket: { type: "text" },
+    region: { type: "text" },
+    aws_profile: { type: "text", nullable: true },
+    verified: { type: "integer", default: 0 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Global key-value settings for the daemon (ports, etc.).
+   */
+  settings: {
+    key: { type: "text", primaryKey: true },
+    value: { type: "text" }
+  },
+  /**
+   * Gmail accounts connected via OAuth.
+   * Refresh tokens are AES-256-CBC encrypted.
+   */
+  email_accounts: {
+    id: { type: "text", primaryKey: true },
+    name: { type: "text" },
+    email: { type: "text" },
+    refresh_token: { type: "text" },
+    created_at: { type: "text" },
+    updated_at: { type: "text" }
+  },
+  /**
+   * Routing rules: email account -> target agent.
+   * When a new email arrives on the account, it is forwarded
+   * to the target agent via IPC prompt.
+   */
+  email_connections: {
+    id: { type: "text", primaryKey: true },
+    account_id: { type: "text" },
+    target_agent: { type: "text" },
+    command: { type: "text" },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" },
+    updated_at: { type: "text" }
+  },
+  /**
+   * Global database connection profiles. Shared across all agents.
+   * Passwords are AES-256-CBC encrypted.
+   */
+  database_profiles: {
+    id: { type: "text", primaryKey: true },
+    name: { type: "text" },
+    db_type: { type: "text" },
+    host: { type: "text", nullable: true },
+    port: { type: "integer", nullable: true },
+    database: { type: "text" },
+    username: { type: "text", nullable: true },
+    password: { type: "text", nullable: true },
+    ssl_mode: { type: "text", nullable: true },
+    verified: { type: "integer", default: 0 },
+    created_at: { type: "text" }
+  },
+  /**
+   * OAuth client credentials (one row per provider, e.g. "gmail").
+   * Client secret is AES-256-CBC encrypted.
+   */
+  oauth_credentials: {
+    key: { type: "text", primaryKey: true },
+    client_id: { type: "text" },
+    client_secret: { type: "text" }
+  },
+  /**
+   * Telegram bot profiles. Bot tokens are AES-256-CBC encrypted.
+   * Each bot can be connected to multiple agents via telegram_connections.
+   */
+  telegram_bots: {
+    id: { type: "text", primaryKey: true },
+    name: { type: "text" },
+    token: { type: "text" },
+    bot_username: { type: "text" },
+    polling: { type: "integer", default: 1 },
+    webhook_url: { type: "text", nullable: true },
+    verified: { type: "integer", default: 0 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Routing rules: Telegram bot + chat -> target agent.
+   * When a message arrives on the bot matching the chat_id,
+   * it is forwarded to the target agent via IPC prompt.
+   */
+  telegram_connections: {
+    id: { type: "text", primaryKey: true },
+    bot_id: { type: "text" },
+    target_agent: { type: "text" },
+    chat_id: { type: "text" },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Global HTTP endpoints. Each endpoint exposes a unique URL path
+   * for external systems to trigger agents via POST /api/trigger/:path.
+   */
+  http_endpoints: {
+    id: { type: "text", primaryKey: true },
+    name: { type: "text" },
+    path: { type: "text" },
+    api_key: { type: "text", nullable: true },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Routing rules: HTTP endpoint -> target agent.
+   * When a POST hits the endpoint, the request is forwarded
+   * to the target agent via IPC prompt.
+   */
+  http_connections: {
+    id: { type: "text", primaryKey: true },
+    endpoint_id: { type: "text" },
+    target_agent: { type: "text" },
+    command: { type: "text", nullable: true },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Global cron jobs. Each job fires on a schedule and routes
+   * to one or more agents via cron_connections.
+   */
+  cron_jobs: {
+    id: { type: "text", primaryKey: true },
+    name: { type: "text" },
+    schedule: { type: "text" },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Routing rules: cron job -> target agent.
+   * When a cron job fires, each enabled connection triggers
+   * the target agent with the configured command (or the job
+   * name as a free-form prompt if command is null).
+   */
+  cron_connections: {
+    id: { type: "text", primaryKey: true },
+    cron_job_id: { type: "text" },
+    target_agent: { type: "text" },
+    command: { type: "text", nullable: true },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Routing rules: S3 profile -> target agent.
+   * Passive capability — no command, just a purpose description.
+   * Auto-generates a capability file in the agent directory.
+   */
+  s3_connections: {
+    id: { type: "text", primaryKey: true },
+    profile_id: { type: "text" },
+    target_agent: { type: "text" },
+    purpose: { type: "text" },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" }
+  },
+  /**
+   * Routing rules: database profile -> target agent.
+   * Passive capability — no command, just a purpose description.
+   * Auto-generates a capability file in the agent directory.
+   */
+  database_connections: {
+    id: { type: "text", primaryKey: true },
+    profile_id: { type: "text" },
+    target_agent: { type: "text" },
+    purpose: { type: "text" },
+    enabled: { type: "integer", default: 1 },
+    created_at: { type: "text" }
+  }
+};
+
+// ../daemon/src/config/config-store.ts
+var getDataDir = () => process.env["KINDFLOW_DATA_DIR"] ?? join(homedir(), ".kindflow");
+var helperToRow = (helper) => ({
+  id: helper.id,
+  kind: helper.kind,
+  name: helper.name,
+  config: JSON.stringify(helper.config),
+  auto_start: helper.autoStart ? 1 : 0,
+  created_at: helper.createdAt,
+  updated_at: helper.updatedAt
+});
+var rowToHelper = (row) => ({
+  id: row["id"],
+  kind: row["kind"],
+  name: row["name"],
+  config: JSON.parse(row["config"]),
+  autoStart: row["auto_start"] === 1,
+  createdAt: row["created_at"],
+  updatedAt: row["updated_at"]
+});
+var emailAccountToRow = (account) => ({
+  id: account.id,
+  name: account.name,
+  email: account.email,
+  refresh_token: account.refreshToken,
+  created_at: account.createdAt,
+  updated_at: account.updatedAt
+});
+var rowToEmailAccount = (row) => ({
+  id: row["id"],
+  name: row["name"],
+  email: row["email"],
+  refreshToken: row["refresh_token"],
+  createdAt: row["created_at"],
+  updatedAt: row["updated_at"]
+});
+var emailConnectionToRow = (conn) => ({
+  id: conn.id,
+  account_id: conn.accountId,
+  target_agent: conn.targetAgent,
+  command: conn.command,
+  enabled: conn.enabled ? 1 : 0,
+  created_at: conn.createdAt,
+  updated_at: conn.updatedAt
+});
+var rowToEmailConnection = (row) => ({
+  id: row["id"],
+  accountId: row["account_id"],
+  targetAgent: row["target_agent"],
+  command: row["command"],
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"],
+  updatedAt: row["updated_at"]
+});
+var rowToTelegramBot = (row) => ({
+  id: row["id"],
+  name: row["name"],
+  token: row["token"],
+  botUsername: row["bot_username"],
+  polling: row["polling"] === 1,
+  webhookUrl: row["webhook_url"] || null,
+  verified: row["verified"] === 1,
+  createdAt: row["created_at"]
+});
+var telegramBotToRow = (bot) => ({
+  id: bot.id,
+  name: bot.name,
+  token: bot.token,
+  bot_username: bot.botUsername,
+  polling: bot.polling ? 1 : 0,
+  webhook_url: bot.webhookUrl ?? "",
+  verified: bot.verified ? 1 : 0,
+  created_at: bot.createdAt
+});
+var rowToTelegramConnection = (row) => ({
+  id: row["id"],
+  botId: row["bot_id"],
+  targetAgent: row["target_agent"],
+  chatId: row["chat_id"],
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"]
+});
+var telegramConnectionToRow = (conn) => ({
+  id: conn.id,
+  bot_id: conn.botId,
+  target_agent: conn.targetAgent,
+  chat_id: conn.chatId,
+  enabled: conn.enabled ? 1 : 0,
+  created_at: conn.createdAt
+});
+var rowToHttpEndpoint = (row) => ({
+  id: row["id"],
+  name: row["name"],
+  path: row["path"],
+  apiKey: row["api_key"] || null,
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"]
+});
+var httpEndpointToRow = (endpoint) => ({
+  id: endpoint.id,
+  name: endpoint.name,
+  path: endpoint.path,
+  api_key: endpoint.apiKey ?? "",
+  enabled: endpoint.enabled ? 1 : 0,
+  created_at: endpoint.createdAt
+});
+var rowToHttpConnection = (row) => ({
+  id: row["id"],
+  endpointId: row["endpoint_id"],
+  targetAgent: row["target_agent"],
+  command: row["command"] || null,
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"]
+});
+var httpConnectionToRow = (conn) => ({
+  id: conn.id,
+  endpoint_id: conn.endpointId,
+  target_agent: conn.targetAgent,
+  command: conn.command ?? "",
+  enabled: conn.enabled ? 1 : 0,
+  created_at: conn.createdAt
+});
+var rowToS3Connection = (row) => ({
+  id: row["id"],
+  profileId: row["profile_id"],
+  targetAgent: row["target_agent"],
+  purpose: row["purpose"],
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"]
+});
+var s3ConnectionToRow = (conn) => ({
+  id: conn.id,
+  profile_id: conn.profileId,
+  target_agent: conn.targetAgent,
+  purpose: conn.purpose,
+  enabled: conn.enabled ? 1 : 0,
+  created_at: conn.createdAt
+});
+var rowToDatabaseConnection = (row) => ({
+  id: row["id"],
+  profileId: row["profile_id"],
+  targetAgent: row["target_agent"],
+  purpose: row["purpose"],
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"]
+});
+var databaseConnectionToRow = (conn) => ({
+  id: conn.id,
+  profile_id: conn.profileId,
+  target_agent: conn.targetAgent,
+  purpose: conn.purpose,
+  enabled: conn.enabled ? 1 : 0,
+  created_at: conn.createdAt
+});
+var rowToCronJob = (row) => ({
+  id: row["id"],
+  name: row["name"],
+  schedule: row["schedule"],
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"]
+});
+var cronJobToRow = (job) => ({
+  id: job.id,
+  name: job.name,
+  schedule: job.schedule,
+  enabled: job.enabled ? 1 : 0,
+  created_at: job.createdAt
+});
+var rowToCronConnection = (row) => ({
+  id: row["id"],
+  cronJobId: row["cron_job_id"],
+  targetAgent: row["target_agent"],
+  command: row["command"],
+  enabled: row["enabled"] === 1,
+  createdAt: row["created_at"]
+});
+var cronConnectionToRow = (conn) => ({
+  id: conn.id,
+  cron_job_id: conn.cronJobId,
+  target_agent: conn.targetAgent,
+  command: conn.command ?? "",
+  enabled: conn.enabled ? 1 : 0,
+  created_at: conn.createdAt
+});
+var createConfigStore = async (dataDir) => {
+  const dir = dataDir ?? getDataDir();
+  const dbPath = join(dir, "config.db");
+  const store = await createStore({
+    path: dbPath,
+    tables: configSchema
+  });
+  const helpers = store.table("helpers");
+  const s3Profiles = store.table("s3_profiles");
+  const dbProfiles = store.table("database_profiles");
+  const settings = store.table("settings");
+  const emailAccounts = store.table("email_accounts");
+  const emailConnections = store.table("email_connections");
+  const oauthCredentials = store.table("oauth_credentials");
+  const telegramBots = store.table("telegram_bots");
+  const telegramConnections = store.table("telegram_connections");
+  const httpEndpoints = store.table("http_endpoints");
+  const httpConnectionsTable = store.table("http_connections");
+  const cronJobsTable = store.table("cron_jobs");
+  const cronConnectionsTable = store.table("cron_connections");
+  const s3ConnectionsTable = store.table("s3_connections");
+  const databaseConnectionsTable = store.table("database_connections");
+  const rowToDb = (row) => ({
+    id: row["id"],
+    name: row["name"],
+    type: row["db_type"],
+    host: row["host"] || null,
+    port: row["port"] || null,
+    database: row["database"],
+    username: row["username"] || null,
+    password: row["password"] || null,
+    sslMode: row["ssl_mode"] || null,
+    verified: row["verified"] === 1,
+    createdAt: row["created_at"]
+  });
+  const rowToS3 = (row) => ({
+    id: row["id"],
+    name: row["name"],
+    bucket: row["bucket"],
+    region: row["region"],
+    awsProfile: row["aws_profile"] || null,
+    verified: row["verified"] === 1,
+    createdAt: row["created_at"]
+  });
+  return {
+    getHelpers: () => helpers.all().map(rowToHelper),
+    getHelper: (id) => {
+      const row = helpers.findOne({ where: { id } });
+      return row ? rowToHelper(row) : void 0;
+    },
+    saveHelper: (helper) => {
+      const existing = helpers.findOne({ where: { id: helper.id } });
+      const row = helperToRow(helper);
+      if (existing) {
+        helpers.update(row, { where: { id: helper.id } });
+      } else {
+        helpers.insert(row);
+      }
+    },
+    getS3Profiles: () => s3Profiles.all().map(rowToS3),
+    getS3Profile: (id) => {
+      const row = s3Profiles.findOne({ where: { id } });
+      return row ? rowToS3(row) : void 0;
+    },
+    saveS3Profile: (profile) => {
+      const existing = s3Profiles.findOne({ where: { id: profile.id } });
+      const row = { id: profile.id, name: profile.name, bucket: profile.bucket, region: profile.region, aws_profile: profile.awsProfile ?? "", verified: profile.verified ? 1 : 0, created_at: profile.createdAt };
+      if (existing) {
+        s3Profiles.update(row, { where: { id: profile.id } });
+      } else {
+        s3Profiles.insert(row);
+      }
+    },
+    deleteS3Profile: (id) => s3Profiles.deleteRows({ where: { id } }),
+    getS3Connections: () => s3ConnectionsTable.all().map((row) => rowToS3Connection(row)),
+    getS3ConnectionsForProfile: (profileId) => s3ConnectionsTable.findMany({ where: { profile_id: profileId } }).map((row) => rowToS3Connection(row)),
+    getS3ConnectionsForAgent: (agentId) => s3ConnectionsTable.findMany({ where: { target_agent: agentId } }).map((row) => rowToS3Connection(row)),
+    saveS3Connection: (connection) => {
+      const existing = s3ConnectionsTable.findOne({ where: { id: connection.id } });
+      const row = s3ConnectionToRow(connection);
+      if (existing) {
+        s3ConnectionsTable.update(row, { where: { id: connection.id } });
+      } else {
+        s3ConnectionsTable.insert(row);
+      }
+    },
+    deleteS3Connection: (id) => s3ConnectionsTable.deleteRows({ where: { id } }),
+    getDatabaseProfiles: () => dbProfiles.all().map((row) => rowToDb(row)),
+    getDatabaseProfile: (id) => {
+      const row = dbProfiles.findOne({ where: { id } });
+      return row ? rowToDb(row) : void 0;
+    },
+    saveDatabaseProfile: (profile) => {
+      const existing = dbProfiles.findOne({ where: { id: profile.id } });
+      const row = {
+        id: profile.id,
+        name: profile.name,
+        db_type: profile.type,
+        host: profile.host ?? "",
+        port: profile.port ?? 0,
+        database: profile.database,
+        username: profile.username ?? "",
+        password: profile.password ?? "",
+        ssl_mode: profile.sslMode ?? "",
+        verified: profile.verified ? 1 : 0,
+        created_at: profile.createdAt
+      };
+      if (existing) {
+        dbProfiles.update(row, { where: { id: profile.id } });
+      } else {
+        dbProfiles.insert(row);
+      }
+    },
+    deleteDatabaseProfile: (id) => dbProfiles.deleteRows({ where: { id } }),
+    getDatabaseConnections: () => databaseConnectionsTable.all().map((row) => rowToDatabaseConnection(row)),
+    getDatabaseConnectionsForProfile: (profileId) => databaseConnectionsTable.findMany({ where: { profile_id: profileId } }).map((row) => rowToDatabaseConnection(row)),
+    getDatabaseConnectionsForAgent: (agentId) => databaseConnectionsTable.findMany({ where: { target_agent: agentId } }).map((row) => rowToDatabaseConnection(row)),
+    saveDatabaseConnection: (connection) => {
+      const existing = databaseConnectionsTable.findOne({ where: { id: connection.id } });
+      const row = databaseConnectionToRow(connection);
+      if (existing) {
+        databaseConnectionsTable.update(row, { where: { id: connection.id } });
+      } else {
+        databaseConnectionsTable.insert(row);
+      }
+    },
+    deleteDatabaseConnection: (id) => databaseConnectionsTable.deleteRows({ where: { id } }),
+    getSetting: (key) => {
+      const row = settings.findOne({ where: { key } });
+      return row ? row["value"] : void 0;
+    },
+    setSetting: (key, value) => {
+      const existing = settings.findOne({ where: { key } });
+      if (existing) {
+        settings.update({ key, value }, { where: { key } });
+      } else {
+        settings.insert({ key, value });
+      }
+    },
+    getEmailAccounts: () => emailAccounts.all().map((row) => rowToEmailAccount(row)),
+    getEmailAccount: (id) => {
+      const row = emailAccounts.findOne({ where: { id } });
+      return row ? rowToEmailAccount(row) : void 0;
+    },
+    saveEmailAccount: (account) => {
+      const existing = emailAccounts.findOne({ where: { id: account.id } });
+      const row = emailAccountToRow(account);
+      if (existing) {
+        emailAccounts.update(row, { where: { id: account.id } });
+      } else {
+        emailAccounts.insert(row);
+      }
+    },
+    deleteEmailAccount: (id) => {
+      emailConnections.deleteRows({ where: { account_id: id } });
+      emailAccounts.deleteRows({ where: { id } });
+    },
+    getEmailConnections: () => emailConnections.all().map((row) => rowToEmailConnection(row)),
+    getEmailConnection: (id) => {
+      const row = emailConnections.findOne({ where: { id } });
+      return row ? rowToEmailConnection(row) : void 0;
+    },
+    getEmailConnectionsForAccount: (accountId) => emailConnections.findMany({ where: { account_id: accountId } }).map((row) => rowToEmailConnection(row)),
+    saveEmailConnection: (connection) => {
+      const existing = emailConnections.findOne({ where: { id: connection.id } });
+      const row = emailConnectionToRow(connection);
+      if (existing) {
+        emailConnections.update(row, { where: { id: connection.id } });
+      } else {
+        emailConnections.insert(row);
+      }
+    },
+    deleteEmailConnection: (id) => emailConnections.deleteRows({ where: { id } }),
+    getOAuthCredentials: (provider) => {
+      const row = oauthCredentials.findOne({ where: { key: provider } });
+      if (!row) return void 0;
+      const r = row;
+      return { clientId: r["client_id"], clientSecret: r["client_secret"] };
+    },
+    saveOAuthCredentials: (provider, creds) => {
+      const existing = oauthCredentials.findOne({ where: { key: provider } });
+      const row = { key: provider, client_id: creds.clientId, client_secret: creds.clientSecret };
+      if (existing) {
+        oauthCredentials.update(row, { where: { key: provider } });
+      } else {
+        oauthCredentials.insert(row);
+      }
+    },
+    getTelegramBots: () => telegramBots.all().map((row) => rowToTelegramBot(row)),
+    getTelegramBot: (id) => {
+      const row = telegramBots.findOne({ where: { id } });
+      return row ? rowToTelegramBot(row) : void 0;
+    },
+    saveTelegramBot: (bot) => {
+      const existing = telegramBots.findOne({ where: { id: bot.id } });
+      const row = telegramBotToRow(bot);
+      if (existing) {
+        telegramBots.update(row, { where: { id: bot.id } });
+      } else {
+        telegramBots.insert(row);
+      }
+    },
+    deleteTelegramBot: (id) => {
+      telegramConnections.deleteRows({ where: { bot_id: id } });
+      telegramBots.deleteRows({ where: { id } });
+    },
+    getTelegramConnections: () => telegramConnections.all().map((row) => rowToTelegramConnection(row)),
+    getTelegramConnectionsForBot: (botId) => telegramConnections.findMany({ where: { bot_id: botId } }).map((row) => rowToTelegramConnection(row)),
+    saveTelegramConnection: (connection) => {
+      const existing = telegramConnections.findOne({ where: { id: connection.id } });
+      const row = telegramConnectionToRow(connection);
+      if (existing) {
+        telegramConnections.update(row, { where: { id: connection.id } });
+      } else {
+        telegramConnections.insert(row);
+      }
+    },
+    deleteTelegramConnection: (id) => telegramConnections.deleteRows({ where: { id } }),
+    getHttpEndpoints: () => httpEndpoints.all().map((row) => rowToHttpEndpoint(row)),
+    getHttpEndpoint: (id) => {
+      const row = httpEndpoints.findOne({ where: { id } });
+      return row ? rowToHttpEndpoint(row) : void 0;
+    },
+    getHttpEndpointByPath: (path) => {
+      const row = httpEndpoints.findOne({ where: { path } });
+      return row ? rowToHttpEndpoint(row) : void 0;
+    },
+    saveHttpEndpoint: (endpoint) => {
+      const existing = httpEndpoints.findOne({ where: { id: endpoint.id } });
+      const row = httpEndpointToRow(endpoint);
+      if (existing) {
+        httpEndpoints.update(row, { where: { id: endpoint.id } });
+      } else {
+        httpEndpoints.insert(row);
+      }
+    },
+    deleteHttpEndpoint: (id) => {
+      httpConnectionsTable.deleteRows({ where: { endpoint_id: id } });
+      httpEndpoints.deleteRows({ where: { id } });
+    },
+    getHttpConnections: () => httpConnectionsTable.all().map((row) => rowToHttpConnection(row)),
+    getHttpConnectionsForEndpoint: (endpointId) => httpConnectionsTable.findMany({ where: { endpoint_id: endpointId } }).map((row) => rowToHttpConnection(row)),
+    saveHttpConnection: (connection) => {
+      const existing = httpConnectionsTable.findOne({ where: { id: connection.id } });
+      const row = httpConnectionToRow(connection);
+      if (existing) {
+        httpConnectionsTable.update(row, { where: { id: connection.id } });
+      } else {
+        httpConnectionsTable.insert(row);
+      }
+    },
+    deleteHttpConnection: (id) => httpConnectionsTable.deleteRows({ where: { id } }),
+    getCronJobs: () => cronJobsTable.all().map((row) => rowToCronJob(row)),
+    getCronJob: (id) => {
+      const row = cronJobsTable.findOne({ where: { id } });
+      return row ? rowToCronJob(row) : void 0;
+    },
+    saveCronJob: (job) => {
+      const existing = cronJobsTable.findOne({ where: { id: job.id } });
+      const row = cronJobToRow(job);
+      if (existing) {
+        cronJobsTable.update(row, { where: { id: job.id } });
+      } else {
+        cronJobsTable.insert(row);
+      }
+    },
+    deleteCronJob: (id) => {
+      cronConnectionsTable.deleteRows({ where: { cron_job_id: id } });
+      cronJobsTable.deleteRows({ where: { id } });
+    },
+    getCronConnections: () => cronConnectionsTable.all().map((row) => rowToCronConnection(row)),
+    getCronConnectionsForJob: (cronJobId) => cronConnectionsTable.findMany({ where: { cron_job_id: cronJobId } }).map((row) => rowToCronConnection(row)),
+    saveCronConnection: (connection) => {
+      const existing = cronConnectionsTable.findOne({ where: { id: connection.id } });
+      const row = cronConnectionToRow(connection);
+      if (existing) {
+        cronConnectionsTable.update(row, { where: { id: connection.id } });
+      } else {
+        cronConnectionsTable.insert(row);
+      }
+    },
+    deleteCronConnection: (id) => cronConnectionsTable.deleteRows({ where: { id } }),
+    close: () => store.close()
+  };
+};
+
+// ../daemon/src/process-manager.ts
+import { fork } from "child_process";
+import { resolve, delimiter } from "path";
+var MAX_RESTARTS = 10;
+var BASE_RESTART_DELAY = 1e3;
+var MAX_RESTART_DELAY = 6e4;
+var HEALTH_CHECK_INTERVAL = 3e4;
+var resolveEntryScript = (runnersDir, isDev, type, helperKind) => {
+  const runnerMap = {
+    agent: { dev: "agent-runner/src/entry.ts", cli: "agent-runner.js" },
+    cron: { dev: "cron-runner/src/entry.ts", cli: "cron-runner.js" },
+    "email-imap": { dev: "imap-runner/src/entry.ts", cli: "imap-runner.js" },
+    telegram: { dev: "telegram-runner/src/entry.ts", cli: "telegram-runner.js" }
+  };
+  const key = type === "agent" ? "agent" : helperKind;
+  const entry = key ? runnerMap[key] : void 0;
+  if (!entry) throw new Error(`Unknown helper kind: ${helperKind}`);
+  return resolve(runnersDir, isDev ? entry.dev : entry.cli);
+};
+var createProcessManager = (options) => {
+  const { hubId, runnersDir, isDev, callbacks } = options;
+  const processes = /* @__PURE__ */ new Map();
+  const setStatus = (id, status, pid) => {
+    const record = processes.get(id);
+    if (!record) return;
+    record.info.status = status;
+    if (pid !== void 0) record.info.pid = pid;
+    callbacks?.onStatusChange?.(id, status, pid);
+  };
+  const restartDelay = (restartCount) => Math.min(BASE_RESTART_DELAY * 2 ** restartCount, MAX_RESTART_DELAY);
+  const startHealthCheck = (id) => {
+    const record = processes.get(id);
+    if (!record?.child) return;
+    record.healthInterval = setInterval(() => {
+      if (record.awaitingPong) {
+        console.log(`[process-manager] ${id} failed health check, restarting...`);
+        record.child?.kill("SIGTERM");
+        return;
+      }
+      record.awaitingPong = true;
+      record.child?.send({ type: "ping" });
+    }, HEALTH_CHECK_INTERVAL);
+  };
+  const stopHealthCheck = (id) => {
+    const record = processes.get(id);
+    if (record?.healthInterval) {
+      clearInterval(record.healthInterval);
+      record.healthInterval = void 0;
+    }
+  };
+  const forkProcess = (id, record) => {
+    const helperKind = record.info.type === "helper" ? record.info.helperKind : void 0;
+    const entryScript = resolveEntryScript(runnersDir, isDev, record.info.type, helperKind);
+    setStatus(id, "starting");
+    const execArgv = isDev ? ["--import", "tsx"] : [];
+    const globalNodeModules = isDev ? "" : resolve(runnersDir, "..");
+    const nodePath = [process.env["NODE_PATH"], globalNodeModules].filter(Boolean).join(delimiter);
+    const child = fork(entryScript, [], {
+      execArgv,
+      env: {
+        ...process.env,
+        KINDFLOW_PROCESS_ID: id,
+        KINDFLOW_HUB_ID: hubId,
+        NODE_PATH: nodePath
+      },
+      stdio: ["pipe", "pipe", "pipe", "ipc"]
+    });
+    record.child = child;
+    record.info.pid = child.pid;
+    record.info.lastStartedAt = (/* @__PURE__ */ new Date()).toISOString();
+    child.stdout?.on("data", (data) => {
+      callbacks?.onLog?.(id, "stdout", data.toString());
+    });
+    child.stderr?.on("data", (data) => {
+      callbacks?.onLog?.(id, "stderr", data.toString());
+    });
+    child.on("message", (msg) => {
+      switch (msg.type) {
+        case "ready":
+          setStatus(id, "running", child.pid);
+          startHealthCheck(id);
+          console.log(`[process-manager] ${id} is ready (PID ${child.pid})`);
+          break;
+        case "pong":
+          record.awaitingPong = false;
+          break;
+        case "agent:sdk-message":
+          callbacks?.onSdkMessage?.(id, msg.message);
+          break;
+        case "log":
+          callbacks?.onLog?.(id, "stdout", `[${msg.level}] ${msg.message}`);
+          break;
+      }
+    });
+    child.on("exit", (code) => {
+      stopHealthCheck(id);
+      record.child = void 0;
+      record.info.pid = void 0;
+      record.info.lastStoppedAt = (/* @__PURE__ */ new Date()).toISOString();
+      if (record.info.status === "stopping" || record.info.status === "stopped") {
+        setStatus(id, "stopped");
+        return;
+      }
+      record.info.restartCount++;
+      if (record.info.restartCount > MAX_RESTARTS) {
+        console.log(`[process-manager] ${id} crashed too many times (${MAX_RESTARTS}), giving up`);
+        setStatus(id, "crashed");
+        return;
+      }
+      const delay = restartDelay(record.info.restartCount);
+      console.log(`[process-manager] ${id} exited (code ${code}), restarting in ${delay}ms (attempt ${record.info.restartCount}/${MAX_RESTARTS})`);
+      setTimeout(() => forkProcess(id, record), delay);
+    });
+    child.send({ type: "config", config: record.config });
+  };
+  return {
+    start(id, type, config) {
+      if (processes.has(id)) {
+        console.log(`[process-manager] ${id} already exists, stopping first`);
+        this.stop(id);
+      }
+      const record = {
+        info: {
+          id,
+          type,
+          helperKind: type === "helper" ? config.kind : void 0,
+          status: "stopped",
+          restartCount: 0
+        },
+        config,
+        awaitingPong: false
+      };
+      processes.set(id, record);
+      forkProcess(id, record);
+    },
+    async stop(id) {
+      const record = processes.get(id);
+      if (!record?.child) return;
+      setStatus(id, "stopping");
+      stopHealthCheck(id);
+      record.child.send({ type: "stop" });
+      await new Promise((resolve5) => {
+        const timeout = setTimeout(() => {
+          record.child?.kill("SIGKILL");
+          resolve5();
+        }, 5e3);
+        record.child?.on("exit", () => {
+          clearTimeout(timeout);
+          resolve5();
+        });
+      });
+      setStatus(id, "stopped");
+    },
+    async restart(id) {
+      const record = processes.get(id);
+      if (!record) return;
+      await this.stop(id);
+      record.info.restartCount = 0;
+      forkProcess(id, record);
+    },
+    getAll: () => [...processes.values()].map((r) => ({ ...r.info })),
+    get: (id) => {
+      const record = processes.get(id);
+      return record ? { ...record.info } : void 0;
+    },
+    sendToChild(id, msg) {
+      const record = processes.get(id);
+      record?.child?.send(msg);
+    },
+    async shutdownAll() {
+      console.log(`[process-manager] Shutting down ${processes.size} process(es)...`);
+      const stopPromises = [...processes.keys()].map((id) => this.stop(id));
+      await Promise.all(stopPromises);
+      console.log("[process-manager] All processes stopped");
+    }
+  };
+};
+
+// ../daemon/src/terminal-manager.ts
+import { execSync } from "child_process";
+import * as pty from "node-pty";
+import { listSessions } from "@anthropic-ai/claude-agent-sdk";
+var resolveClaudePath = () => {
+  try {
+    return execSync("which claude", { encoding: "utf-8" }).trim();
+  } catch {
+    return "claude";
+  }
+};
+var createTerminalManager = (options) => {
+  const sessions = /* @__PURE__ */ new Map();
+  const idleTimeout = options.idleTimeoutMs ?? 10 * 60 * 1e3;
+  const resetIdleTimer = (sessionId) => {
+    const session = sessions.get(sessionId);
+    if (!session) return;
+    if (session.idleTimer) clearTimeout(session.idleTimer);
+    session.idleTimer = setTimeout(() => {
+      console.log(`[terminal] Session ${sessionId} idle timeout, closing`);
+      manager.close(sessionId);
+    }, idleTimeout);
+  };
+  const manager = {
+    async open(sessionId, agentId, agentCwd) {
+      const existing = this.getByAgent(agentId);
+      if (existing) this.close(existing.id);
+      const previousSessions = await listSessions({ dir: agentCwd });
+      const hasPreviousSession = previousSessions.length > 0;
+      const claudePath = resolveClaudePath();
+      const shell = process.env["SHELL"] ?? "/bin/bash";
+      const continueFlag = hasPreviousSession ? " '--continue'" : "";
+      const fullCommand = `'${claudePath}' '--permission-mode' 'acceptEdits'${continueFlag}`;
+      console.log(`[terminal] ${hasPreviousSession ? "Resuming" : "Starting new"} session for ${agentId} (cwd: ${agentCwd})`);
+      const ptyProcess = pty.spawn(shell, ["-l", "-c", fullCommand], {
+        name: "xterm-256color",
+        cols: 120,
+        rows: 30,
+        cwd: agentCwd,
+        env: { ...process.env }
+      });
+      const session = {
+        info: {
+          id: sessionId,
+          agentId,
+          status: "running",
+          lastActivity: /* @__PURE__ */ new Date()
+        },
+        ptyProcess,
+        outputBuffer: [],
+        flushed: false
+      };
+      sessions.set(sessionId, session);
+      let helloSent = hasPreviousSession;
+      ptyProcess.onData((data) => {
+        session.info.lastActivity = /* @__PURE__ */ new Date();
+        if (!helloSent && data.includes("accept edits")) {
+          helloSent = true;
+          setTimeout(() => {
+            if (session.info.status === "running") {
+              ptyProcess.write("hello\r");
+            }
+          }, 500);
+        }
+        if (session.flushed) {
+          options.callbacks?.onOutput?.(sessionId, data);
+        } else {
+          session.outputBuffer.push(data);
+        }
+      });
+      ptyProcess.onExit(({ exitCode }) => {
+        console.log(`[terminal] PTY exited for session ${sessionId} (code ${exitCode})`);
+        manager.close(sessionId);
+      });
+      resetIdleTimer(sessionId);
+      console.log(`[terminal] Opened PTY session ${sessionId} for agent ${agentId} (cwd: ${agentCwd})`);
+      return session.info;
+    },
+    flush(sessionId) {
+      const session = sessions.get(sessionId);
+      if (!session || session.flushed) return;
+      session.flushed = true;
+      console.log(`[terminal] Flushing ${session.outputBuffer.length} buffered chunks for session ${sessionId}`);
+      for (const buffered of session.outputBuffer) {
+        options.callbacks?.onOutput?.(sessionId, buffered);
+      }
+      session.outputBuffer = [];
+    },
+    write(sessionId, data) {
+      const session = sessions.get(sessionId);
+      if (!session || session.info.status !== "running") return;
+      if (!session.flushed) this.flush(sessionId);
+      session.info.lastActivity = /* @__PURE__ */ new Date();
+      resetIdleTimer(sessionId);
+      session.ptyProcess.write(data);
+    },
+    resize(sessionId, cols, rows) {
+      const session = sessions.get(sessionId);
+      if (!session || session.info.status !== "running") return;
+      session.ptyProcess.resize(cols, rows);
+    },
+    close(sessionId) {
+      const session = sessions.get(sessionId);
+      if (!session) return;
+      session.info.status = "closed";
+      if (session.idleTimer) clearTimeout(session.idleTimer);
+      try {
+        session.ptyProcess.kill();
+      } catch {
+      }
+      sessions.delete(sessionId);
+      options.callbacks?.onClose?.(sessionId);
+      console.log(`[terminal] Closed session ${sessionId}`);
+    },
+    get(sessionId) {
+      return sessions.get(sessionId)?.info;
+    },
+    getByAgent(agentId) {
+      for (const session of sessions.values()) {
+        if (session.info.agentId === agentId) return session.info;
+      }
+      return void 0;
+    },
+    closeAll() {
+      for (const sessionId of [...sessions.keys()]) {
+        this.close(sessionId);
+      }
+    }
+  };
+  return manager;
+};
+
+// ../daemon/src/web-server.ts
+import { fork as fork2 } from "child_process";
+import { resolve as resolve2 } from "path";
+import { existsSync } from "fs";
+var createWebServer = (options) => {
+  let child = null;
+  const candidates = [
+    resolve2(options.webAppDir, "standalone", "server.js"),
+    resolve2(options.webAppDir, "standalone", "apps", "web", "server.js"),
+    resolve2(options.webAppDir, ".next", "standalone", "server.js"),
+    resolve2(options.webAppDir, ".next", "standalone", "apps", "web", "server.js")
+  ];
+  const standaloneServer = candidates.find((p) => existsSync(p));
+  return {
+    start() {
+      return new Promise((resolvePromise, reject) => {
+        if (!standaloneServer) {
+          reject(new Error(
+            `No standalone server.js found. Run "npm run build --workspace=apps/web" first.
+Looked in:
+  ${candidates.join("\n  ")}`
+          ));
+          return;
+        }
+        child = fork2(standaloneServer, [], {
+          env: {
+            ...process.env,
+            PORT: String(options.port),
+            HOSTNAME: "0.0.0.0"
+          },
+          stdio: ["ignore", "pipe", "pipe", "ipc"]
+        });
+        let started = false;
+        child.stdout?.on("data", (data) => {
+          const line = data.toString();
+          process.stdout.write(`[web] ${line}`);
+          if (!started && (line.includes("Ready") || line.includes("Listening"))) {
+            started = true;
+            resolvePromise();
+          }
+        });
+        child.stderr?.on("data", (data) => {
+          process.stderr.write(`[web] ${data.toString()}`);
+        });
+        child.on("error", (err) => {
+          console.error(`[web] Failed to start: ${err.message}`);
+          if (!started) reject(err);
+        });
+        child.on("exit", (code) => {
+          console.log(`[web] Process exited (code ${code})`);
+          child = null;
+          if (!started) reject(new Error(`Web server exited with code ${code}`));
+        });
+        setTimeout(() => {
+          if (!started) {
+            started = true;
+            console.log("[web] Startup timeout \u2014 assuming ready");
+            resolvePromise();
+          }
+        }, 3e4);
+      });
+    },
+    stop() {
+      if (child) {
+        console.log("[web] Stopping web server...");
+        child.kill("SIGTERM");
+        setTimeout(() => {
+          if (child) {
+            child.kill("SIGKILL");
+            child = null;
+          }
+        }, 5e3);
+      }
+    },
+    isRunning() {
+      return child !== null;
+    }
+  };
+};
+
+// ../daemon/src/api/server.ts
+import { createServer } from "http";
+import { WebSocketServer } from "ws";
+var parsePath = (path) => {
+  const paramNames = [];
+  const regexStr = path.replace(/:([^/]+)/g, (_, name) => {
+    paramNames.push(name);
+    return "([^/]+)";
+  });
+  return { pattern: new RegExp(`^${regexStr}$`), paramNames };
+};
+var readBody = (req) => new Promise((resolve5) => {
+  const chunks = [];
+  req.on("data", (chunk) => chunks.push(chunk));
+  req.on("end", () => {
+    const raw = Buffer.concat(chunks).toString();
+    if (!raw) return resolve5(null);
+    try {
+      resolve5(JSON.parse(raw));
+    } catch {
+      resolve5(null);
+    }
+  });
+});
+var sendJson = (res, statusCode, body) => {
+  const json = JSON.stringify(body);
+  res.writeHead(statusCode, {
+    "Content-Type": "application/json",
+    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization"
+  });
+  res.end(json);
+};
+var createApiServer = () => {
+  const routes = [];
+  const wsClients = /* @__PURE__ */ new Set();
+  let wsCommandHandler = null;
+  const httpServer = createServer(async (req, res) => {
+    if (req.method === "OPTIONS") {
+      res.writeHead(204, {
+        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+        "Access-Control-Allow-Headers": "Content-Type, Authorization"
+      });
+      res.end();
+      return;
+    }
+    const url = req.url ?? "/";
+    const [path] = url.split("?");
+    const method = req.method ?? "GET";
+    for (const route of routes) {
+      if (route.method !== method) continue;
+      const match = path?.match(route.pattern);
+      if (!match) continue;
+      const params = {};
+      route.paramNames.forEach((name, i) => {
+        params[name] = match[i + 1] ?? "";
+      });
+      const body = await readBody(req);
+      try {
+        await route.handler(req, res, params, body);
+      } catch (err) {
+        console.error(`[api] Error handling ${method} ${path}:`, err);
+        sendJson(res, 500, { error: "INTERNAL_ERROR", message: "Internal server error", statusCode: 500 });
+      }
+      return;
+    }
+    sendJson(res, 404, { error: "NOT_FOUND", message: `No route for ${method} ${path}`, statusCode: 404 });
+  });
+  const wss = new WebSocketServer({ server: httpServer });
+  wss.on("error", () => {
+  });
+  wss.on("connection", (ws) => {
+    wsClients.add(ws);
+    ws.on("message", (data) => {
+      try {
+        const command = JSON.parse(data.toString());
+        wsCommandHandler?.(ws, command);
+      } catch {
+      }
+    });
+    ws.on("close", () => {
+      wsClients.delete(ws);
+    });
+  });
+  return {
+    listen(port) {
+      return new Promise((resolve5, reject) => {
+        httpServer.once("error", (err) => {
+          if (err.code === "EADDRINUSE") {
+            reject(new Error(`Port ${port} is already in use. Stop the existing process or use --port to pick another.`));
+          } else {
+            reject(err);
+          }
+        });
+        httpServer.listen(port, () => {
+          console.log(`[api] HTTP + WebSocket server listening on port ${port}`);
+          resolve5();
+        });
+      });
+    },
+    route(method, path, handler) {
+      const { pattern, paramNames } = parsePath(path);
+      routes.push({ method, pattern, paramNames, handler });
+    },
+    onWsCommand(handler) {
+      wsCommandHandler = handler;
+    },
+    broadcast(event) {
+      const data = JSON.stringify(event);
+      for (const ws of wsClients) {
+        if (ws.readyState === ws.OPEN) {
+          ws.send(data);
+        }
+      }
+    },
+    close() {
+      return new Promise((resolve5) => {
+        wss.close();
+        httpServer.close(() => resolve5());
+      });
+    }
+  };
+};
+
+// ../daemon/src/api/routes/agents.ts
+import { randomUUID } from "crypto";
+import { resolve as resolve3 } from "path";
+var cascadeDeleteAgentConnections = (configStore, agentId) => {
+  for (const conn of configStore.getCronConnections()) {
+    if (conn.targetAgent === agentId) configStore.deleteCronConnection(conn.id);
+  }
+  for (const conn of configStore.getHttpConnections()) {
+    if (conn.targetAgent === agentId) configStore.deleteHttpConnection(conn.id);
+  }
+  for (const conn of configStore.getEmailConnections()) {
+    if (conn.targetAgent === agentId) configStore.deleteEmailConnection(conn.id);
+  }
+  for (const conn of configStore.getTelegramConnections()) {
+    if (conn.targetAgent === agentId) configStore.deleteTelegramConnection(conn.id);
+  }
+  for (const conn of configStore.getS3Connections()) {
+    if (conn.targetAgent === agentId) configStore.deleteS3Connection(conn.id);
+  }
+  for (const conn of configStore.getDatabaseConnections()) {
+    if (conn.targetAgent === agentId) configStore.deleteDatabaseConnection(conn.id);
+  }
+};
+var registerAgentRoutes = (server, processManager, terminalManager, agentsDir, templateDir, configStore) => {
+  server.route("GET", "/api/agents", async (_req, res) => {
+    const agents = scanAgents(agentsDir);
+    sendJson(res, 200, { agents });
+  });
+  server.route("GET", "/api/agents/:id", async (_req, res, params) => {
+    const agent = readAgent(agentsDir, params["id"]);
+    if (!agent) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Agent not found", statusCode: 404 });
+      return;
+    }
+    sendJson(res, 200, agent);
+  });
+  server.route("POST", "/api/agents", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.name) {
+      sendJson(res, 400, { error: "BAD_REQUEST", message: "name is required", statusCode: 400 });
+      return;
+    }
+    const slug = generateSlug(input.name);
+    const id = slug || randomUUID().slice(0, 8);
+    const agent = createAgentFromTemplate(agentsDir, templateDir, id, input.name, input.autoStart ?? true);
+    sendJson(res, 201, agent);
+  });
+  server.route("PUT", "/api/agents/:id", async (_req, res, params, body) => {
+    const agent = readAgent(agentsDir, params["id"]);
+    if (!agent) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Agent not found", statusCode: 404 });
+      return;
+    }
+    const updates = body;
+    const updated = { ...agent.config, ...updates };
+    writeAgentConfig(agentsDir, params["id"], updated);
+    const refreshed = readAgent(agentsDir, params["id"]);
+    sendJson(res, 200, refreshed);
+  });
+  server.route("DELETE", "/api/agents/:id", async (_req, res, params, body) => {
+    const id = params["id"];
+    const agent = readAgent(agentsDir, id);
+    if (!agent) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Agent not found", statusCode: 404 });
+      return;
+    }
+    const { confirm } = body ?? {};
+    if (!confirm) {
+      sendJson(res, 200, {
+        confirm: false,
+        willDelete: {
+          agent: agent.config.name,
+          agentDir: agent.dir,
+          process: processManager.get(id)?.status ?? null,
+          terminalSession: terminalManager.getByAgent(id)?.id ?? null
+        }
+      });
+      return;
+    }
+    const session = terminalManager.getByAgent(id);
+    if (session) terminalManager.close(session.id);
+    const proc = processManager.get(id);
+    if (proc && (proc.status === "running" || proc.status === "starting")) {
+      await processManager.stop(id);
+    }
+    cascadeDeleteAgentConnections(configStore, id);
+    deleteAgentDir(agentsDir, id);
+    sendJson(res, 200, { deleted: true });
+  });
+  server.route("POST", "/api/agents/:id/message", async (_req, res, params, body) => {
+    const id = params["id"];
+    const proc = processManager.get(id);
+    if (!proc || proc.status !== "running") {
+      sendJson(res, 400, { error: "NOT_RUNNING", message: "Agent is not running", statusCode: 400 });
+      return;
+    }
+    const { text } = body;
+    if (!text) {
+      sendJson(res, 400, { error: "BAD_REQUEST", message: "text is required", statusCode: 400 });
+      return;
+    }
+    sendJson(res, 200, { sent: true });
+  });
+  server.route("GET", "/api/agents/:id/commands", async (_req, res, params) => {
+    const id = params["id"];
+    const agent = readAgent(agentsDir, id);
+    if (!agent) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Agent not found", statusCode: 404 });
+      return;
+    }
+    const commands = listAgentCommands(agentsDir, id);
+    sendJson(res, 200, { commands });
+  });
+  server.route("POST", "/api/agents/:id/terminal", async (_req, res, params) => {
+    const id = params["id"];
+    const agent = readAgent(agentsDir, id);
+    if (!agent) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Agent not found", statusCode: 404 });
+      return;
+    }
+    const sessionId = randomUUID();
+    const masterCwd = resolve3(agent.dir, "master");
+    await terminalManager.open(sessionId, id, masterCwd);
+    sendJson(res, 200, { sessionId });
+  });
+  server.route("DELETE", "/api/agents/:id/terminal", async (_req, res, params) => {
+    const id = params["id"];
+    const session = terminalManager.getByAgent(id);
+    if (!session) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "No terminal session for this agent", statusCode: 404 });
+      return;
+    }
+    terminalManager.close(session.id);
+    sendJson(res, 200, { closed: true });
+  });
+};
+
+// ../daemon/src/api/routes/processes.ts
+var registerProcessRoutes = (server, processManager, configStore, agentsDir) => {
+  server.route("GET", "/api/processes", async (_req, res) => {
+    sendJson(res, 200, { processes: processManager.getAll() });
+  });
+  server.route("GET", "/api/processes/:id", async (_req, res, params) => {
+    const proc = processManager.get(params["id"]);
+    if (!proc) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Process not found", statusCode: 404 });
+      return;
+    }
+    sendJson(res, 200, proc);
+  });
+  server.route("POST", "/api/processes/:id/start", async (_req, res, params) => {
+    const id = params["id"];
+    const agent = readAgent(agentsDir, id);
+    if (agent) {
+      processManager.start(id, "agent", agent);
+      sendJson(res, 200, { started: true });
+      return;
+    }
+    const helper = configStore.getHelper(id);
+    if (helper) {
+      processManager.start(id, "helper", helper);
+      sendJson(res, 200, { started: true });
+      return;
+    }
+    sendJson(res, 404, { error: "NOT_FOUND", message: "No agent or helper with this ID", statusCode: 404 });
+  });
+  server.route("POST", "/api/processes/:id/stop", async (_req, res, params) => {
+    const proc = processManager.get(params["id"]);
+    if (!proc) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Process not found", statusCode: 404 });
+      return;
+    }
+    await processManager.stop(params["id"]);
+    sendJson(res, 200, { stopped: true });
+  });
+  server.route("POST", "/api/processes/:id/restart", async (_req, res, params) => {
+    const proc = processManager.get(params["id"]);
+    if (!proc) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Process not found", statusCode: 404 });
+      return;
+    }
+    await processManager.restart(params["id"]);
+    sendJson(res, 200, { restarted: true });
+  });
+};
+
+// ../daemon/src/api/routes/s3.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// ../daemon/src/capability-files.ts
+import { mkdirSync as mkdirSync2, writeFileSync as writeFileSync2, unlinkSync, rmSync, existsSync as existsSync2, readdirSync } from "fs";
+import { resolve as resolve4, dirname as dirname2 } from "path";
+var generateCapabilityFile = (agentsDir, agentId, capabilityType, connectionId, content) => {
+  const filePath = resolve4(agentsDir, agentId, "agent", "capabilities", capabilityType, `${connectionId}.md`);
+  mkdirSync2(dirname2(filePath), { recursive: true });
+  writeFileSync2(filePath, content, "utf-8");
+};
+var removeCapabilityFile = (agentsDir, agentId, capabilityType, connectionId) => {
+  const filePath = resolve4(agentsDir, agentId, "agent", "capabilities", capabilityType, `${connectionId}.md`);
+  try {
+    unlinkSync(filePath);
+  } catch {
+  }
+};
+
+// ../daemon/src/api/routes/s3.ts
+var verifyProfile = async (profile) => {
+  const bucket = createS3Bucket({
+    bucket: profile.bucket,
+    region: profile.region,
+    profile: profile.awsProfile ?? void 0
+  });
+  return bucket.verify();
+};
+var buildS3CapabilityContent = (profile, connection) => {
+  const profileName = profile.awsProfile ? `'${profile.awsProfile}'` : "undefined";
+  return [
+    `# S3: ${profile.name}`,
+    `Bucket: ${profile.bucket}`,
+    `Region: ${profile.region}`,
+    profile.awsProfile ? `AWS Profile: ${profile.awsProfile}` : null,
+    "",
+    "## Usage",
+    connection.purpose,
+    "",
+    "## Code",
+    "```ts",
+    "import { createS3Bucket } from 'kindflow/s3';",
+    "const bucket = createS3Bucket({",
+    `  bucket: '${profile.bucket}',`,
+    `  region: '${profile.region}',`,
+    `  profile: ${profileName}`,
+    "});",
+    "```"
+  ].filter((line) => line !== null).join("\n");
+};
+var registerS3Routes = (server, configStore, agentsDir) => {
+  server.route("GET", "/api/s3/profiles", async (_req, res) => {
+    sendJson(res, 200, { profiles: configStore.getS3Profiles() });
+  });
+  server.route("GET", "/api/s3/profiles/:id", async (_req, res, params) => {
+    const profile = configStore.getS3Profile(params["id"]);
+    if (!profile) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "S3 profile not found", statusCode: 404 });
+      return;
+    }
+    sendJson(res, 200, profile);
+  });
+  server.route("POST", "/api/s3/profiles", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.name || !input?.bucket || !input?.region) {
+      sendJson(res, 400, { error: "BAD_REQUEST", message: "name, bucket, and region are required", statusCode: 400 });
+      return;
+    }
+    const profile = {
+      id: input.name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "") || randomUUID2().slice(0, 8),
+      name: input.name,
+      bucket: input.bucket,
+      region: input.region,
+      awsProfile: input.awsProfile ?? null,
+      verified: false,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    const error = await verifyProfile(profile);
+    if (error) {
+      sendJson(res, 400, { error: "VERIFICATION_FAILED", message: error, statusCode: 400 });
+      return;
+    }
+    profile.verified = true;
+    configStore.saveS3Profile(profile);
+    sendJson(res, 201, profile);
+  });
+  server.route("POST", "/api/s3/profiles/:id/verify", async (_req, res, params) => {
+    const profile = configStore.getS3Profile(params["id"]);
+    if (!profile) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "S3 profile not found", statusCode: 404 });
+      return;
+    }
+    const error = await verifyProfile(profile);
+    if (error) {
+      profile.verified = false;
+      configStore.saveS3Profile(profile);
+      sendJson(res, 200, { verified: false, error });
+      return;
+    }
+    profile.verified = true;
+    configStore.saveS3Profile(profile);
+    sendJson(res, 200, { verified: true });
+  });
+  server.route("PUT", "/api/s3/profiles/:id", async (_req, res, params, body) => {
+    const existing = configStore.getS3Profile(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "S3 profile not found", statusCode: 404 });
+      return;
+    }
+    const updates = body;
+    const updated = { ...existing, ...updates, id: existing.id, createdAt: existing.createdAt };
+    if (updates.bucket || updates.region || updates.awsProfile !== void 0) {
+      const error = await verifyProfile(updated);
+      updated.verified = !error;
+    }
+    configStore.saveS3Profile(updated);
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/s3/profiles/:id", async (_req, res, params) => {
+    const existing = configStore.getS3Profile(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "S3 profile not found", statusCode: 404 });
+      return;
+    }
+    const connections = configStore.getS3ConnectionsForProfile(params["id"]);
+    for (const conn of connections) {
+      removeCapabilityFile(agentsDir, conn.targetAgent, "s3", conn.id);
+      configStore.deleteS3Connection(conn.id);
+    }
+    configStore.deleteS3Profile(params["id"]);
+    sendJson(res, 200, { deleted: true });
+  });
+  server.route("GET", "/api/s3/connections", async (_req, res) => {
+    sendJson(res, 200, { connections: configStore.getS3Connections() });
+  });
+  server.route("POST", "/api/s3/connections", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.profileId || !input?.targetAgent || !input?.purpose) {
+      sendJson(res, 400, { error: "VALIDATION", message: "profileId, targetAgent, and purpose are required", statusCode: 400 });
+      return;
+    }
+    const profile = configStore.getS3Profile(input.profileId);
+    if (!profile) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "S3 profile not found", statusCode: 404 });
+      return;
+    }
+    if (!readAgent(agentsDir, input.targetAgent)) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Target agent not found", statusCode: 404 });
+      return;
+    }
+    const connection = {
+      id: randomUUID2(),
+      profileId: input.profileId,
+      targetAgent: input.targetAgent,
+      purpose: input.purpose,
+      enabled: true,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveS3Connection(connection);
+    generateCapabilityFile(agentsDir, connection.targetAgent, "s3", connection.id, buildS3CapabilityContent(profile, connection));
+    sendJson(res, 201, connection);
+  });
+  server.route("PUT", "/api/s3/connections/:id", async (_req, res, params, body) => {
+    const existing = configStore.getS3Connections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      targetAgent: updates.targetAgent ?? existing.targetAgent,
+      purpose: updates.purpose ?? existing.purpose,
+      enabled: updates.enabled ?? existing.enabled
+    };
+    configStore.saveS3Connection(updated);
+    const profile = configStore.getS3Profile(updated.profileId);
+    if (profile) {
+      if (updates.targetAgent && updates.targetAgent !== existing.targetAgent) {
+        removeCapabilityFile(agentsDir, existing.targetAgent, "s3", existing.id);
+      }
+      generateCapabilityFile(agentsDir, updated.targetAgent, "s3", updated.id, buildS3CapabilityContent(profile, updated));
+    }
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/s3/connections/:id", async (_req, res, params) => {
+    const existing = configStore.getS3Connections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    configStore.deleteS3Connection(params["id"]);
+    removeCapabilityFile(agentsDir, existing.targetAgent, "s3", existing.id);
+    sendJson(res, 200, { deleted: true });
+  });
+};
+
+// ../daemon/src/api/routes/email.ts
+import { randomUUID as randomUUID3 } from "crypto";
+
+// ../crypto/src/crypto.ts
+import { randomBytes, createCipheriv, createDecipheriv } from "crypto";
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3 } from "fs";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+var IV_LENGTH = 16;
+var ALGORITHM = "aes-256-cbc";
+var keyPath = () => join2(process.env["KINDFLOW_DATA_DIR"] ?? join2(homedir2(), ".kindflow"), ".encryption-key");
+var getOrCreateKey2 = () => {
+  const path = keyPath();
+  try {
+    return readFileSync2(path, "utf-8").trim();
+  } catch {
+    const key = randomBytes(32).toString("hex");
+    mkdirSync3(join2(path, ".."), { recursive: true });
+    writeFileSync3(path, key, { mode: 384 });
+    return key;
+  }
+};
+var encrypt2 = (text, key) => {
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, Buffer.from(key, "hex"), iv);
+  let encrypted = cipher.update(text, "utf8", "hex");
+  encrypted += cipher.final("hex");
+  return `${iv.toString("hex")}:${encrypted}`;
+};
+var decrypt2 = (text, key) => {
+  if (!text) return "";
+  if (!text.includes(":")) {
+    console.warn("[crypto] decrypt called on value without iv:ciphertext format \u2014 returning raw value.");
+    return text;
+  }
+  const [ivHex, encrypted] = text.split(":");
+  const decipher = createDecipheriv(ALGORITHM, Buffer.from(key, "hex"), Buffer.from(ivHex, "hex"));
+  let decrypted = decipher.update(encrypted, "hex", "utf8");
+  decrypted += decipher.final("utf8");
+  return decrypted;
+};
+
+// ../daemon/src/api/routes/email.ts
+var escapeHtml = (str) => str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+var buildEmailCapabilityContent = (account, connection) => [
+  `# Email: ${account.name}`,
+  `Account: ${account.email}`,
+  `Command: /${connection.command}`,
+  `Connected to agent: ${connection.targetAgent}`
+].join("\n");
+var registerEmailRoutes = (server, processManager, configStore, daemonPort, agentsDir) => {
+  let encryptionKey = null;
+  const getKey = () => {
+    if (!encryptionKey) encryptionKey = getOrCreateKey2();
+    return encryptionKey;
+  };
+  const pendingOAuthStates = /* @__PURE__ */ new Map();
+  const OAUTH_STATE_TTL = 10 * 60 * 1e3;
+  setInterval(() => {
+    const now = Date.now();
+    for (const [state, expiry] of pendingOAuthStates) {
+      if (now > expiry) pendingOAuthStates.delete(state);
+    }
+  }, 5 * 60 * 1e3).unref();
+  const syncImapRunner = () => {
+    const proc = processManager.get("email-imap");
+    const oauthCreds = configStore.getOAuthCredentials("gmail");
+    const accounts = configStore.getEmailAccounts();
+    const connections = configStore.getEmailConnections();
+    if (proc && proc.status === "running") {
+      if (!oauthCreds) return;
+      processManager.sendToChild("email-imap", {
+        type: "email:update-accounts",
+        accounts,
+        oauthCredentials: oauthCreds
+      });
+      processManager.sendToChild("email-imap", {
+        type: "email:update-connections",
+        connections
+      });
+    } else if (accounts.length > 0 && connections.length > 0 && oauthCreds) {
+      const key = getKey();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      processManager.start("email-imap", "helper", {
+        id: "email-imap",
+        kind: "email-imap",
+        name: "Email IMAP Watcher",
+        config: {
+          accounts: accounts.map((a) => ({
+            ...a,
+            refreshToken: decrypt2(a.refreshToken, key)
+          })),
+          connections,
+          oauthCredentials: {
+            clientId: oauthCreds.clientId,
+            clientSecret: decrypt2(oauthCreds.clientSecret, key)
+          }
+        },
+        autoStart: true,
+        createdAt: now,
+        updatedAt: now
+      });
+      console.log(`[email] Auto-started email-imap runner with ${accounts.length} account(s)`);
+    }
+  };
+  server.route("POST", "/api/email/oauth/credentials", async (_req, res, _params, body) => {
+    const { clientId, clientSecret } = body ?? {};
+    if (!clientId || !clientSecret) {
+      sendJson(res, 400, { error: "VALIDATION", message: "clientId and clientSecret are required", statusCode: 400 });
+      return;
+    }
+    const encrypted = {
+      clientId,
+      clientSecret: encrypt2(clientSecret, getKey())
+    };
+    configStore.saveOAuthCredentials("gmail", encrypted);
+    sendJson(res, 200, { saved: true });
+  });
+  server.route("GET", "/api/email/oauth/credentials", async (_req, res) => {
+    const creds = configStore.getOAuthCredentials("gmail");
+    sendJson(res, 200, { configured: !!creds, clientId: creds?.clientId ?? null });
+  });
+  server.route("GET", "/api/email/oauth/start", async (_req, res) => {
+    const creds = configStore.getOAuthCredentials("gmail");
+    if (!creds) {
+      sendJson(res, 400, { error: "NOT_CONFIGURED", message: "OAuth credentials not configured", statusCode: 400 });
+      return;
+    }
+    const redirectUri = `http://localhost:${daemonPort}/api/email/oauth/callback`;
+    const state = randomUUID3();
+    pendingOAuthStates.set(state, Date.now() + OAUTH_STATE_TTL);
+    const url = buildConsentUrl(creds.clientId, redirectUri, state);
+    sendJson(res, 200, { url, state });
+  });
+  server.route("GET", "/api/email/oauth/callback", async (req, res) => {
+    const url = new URL(req.url ?? "/", `http://localhost:${daemonPort}`);
+    const code = url.searchParams.get("code");
+    const state = url.searchParams.get("state");
+    if (!code) {
+      sendJson(res, 400, { error: "MISSING_CODE", message: "Authorization code not found", statusCode: 400 });
+      return;
+    }
+    if (!state || !pendingOAuthStates.has(state)) {
+      sendJson(res, 400, { error: "INVALID_STATE", message: "Invalid or missing OAuth state parameter", statusCode: 400 });
+      return;
+    }
+    const expiry = pendingOAuthStates.get(state);
+    pendingOAuthStates.delete(state);
+    if (Date.now() > expiry) {
+      sendJson(res, 400, { error: "EXPIRED_STATE", message: "OAuth state has expired, please try again", statusCode: 400 });
+      return;
+    }
+    const creds = configStore.getOAuthCredentials("gmail");
+    if (!creds) {
+      sendJson(res, 400, { error: "NOT_CONFIGURED", message: "OAuth credentials not configured", statusCode: 400 });
+      return;
+    }
+    const clientSecret = decrypt2(creds.clientSecret, getKey());
+    const redirectUri = `http://localhost:${daemonPort}/api/email/oauth/callback`;
+    try {
+      const tokens = await exchangeCodeForTokens(code, creds.clientId, clientSecret, redirectUri);
+      const userInfo = await fetch("https://www.googleapis.com/oauth2/v2/userinfo", {
+        headers: { Authorization: `Bearer ${tokens.accessToken}` }
+      });
+      const { email } = await userInfo.json();
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      const account = {
+        id: randomUUID3(),
+        name: email,
+        email,
+        refreshToken: encrypt2(tokens.refreshToken, getKey()),
+        createdAt: now,
+        updatedAt: now
+      };
+      configStore.saveEmailAccount(account);
+      syncImapRunner();
+      const safeEmail = escapeHtml(email);
+      res.writeHead(200, { "Content-Type": "text/html" });
+      res.end(`<html><body><script>window.close();</script><p>Account added: ${safeEmail}. You can close this window.</p></body></html>`);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Unknown error";
+      sendJson(res, 500, { error: "OAUTH_EXCHANGE_FAILED", message, statusCode: 500 });
+    }
+  });
+  server.route("GET", "/api/email/accounts", async (_req, res) => {
+    const accounts = configStore.getEmailAccounts().map((a) => ({
+      ...a,
+      refreshToken: "***"
+    }));
+    sendJson(res, 200, { accounts });
+  });
+  server.route("DELETE", "/api/email/accounts/:id", async (_req, res, params) => {
+    const account = configStore.getEmailAccount(params["id"]);
+    if (!account) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Account not found", statusCode: 404 });
+      return;
+    }
+    const connections = configStore.getEmailConnectionsForAccount(params["id"]);
+    for (const conn of connections) {
+      removeCapabilityFile(agentsDir, conn.targetAgent, "email", conn.id);
+    }
+    configStore.deleteEmailAccount(params["id"]);
+    syncImapRunner();
+    sendJson(res, 200, { deleted: true });
+  });
+  server.route("POST", "/api/email/accounts/:id/test", async (_req, res, params) => {
+    const account = configStore.getEmailAccount(params["id"]);
+    if (!account) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Account not found", statusCode: 404 });
+      return;
+    }
+    const creds = configStore.getOAuthCredentials("gmail");
+    if (!creds) {
+      sendJson(res, 400, { error: "NOT_CONFIGURED", message: "OAuth credentials not configured", statusCode: 400 });
+      return;
+    }
+    try {
+      const refreshToken = decrypt2(account.refreshToken, getKey());
+      const clientSecret = decrypt2(creds.clientSecret, getKey());
+      const { accessToken } = await refreshAccessToken(refreshToken, creds.clientId, clientSecret);
+      const client = new ImapClient();
+      await client.connect();
+      const token = buildXOAuth2Token(account.email, accessToken);
+      await client.authenticate(token);
+      const messageCount = await client.select("INBOX");
+      await client.logout();
+      sendJson(res, 200, { success: true, messageCount });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Connection failed";
+      sendJson(res, 200, { success: false, error: message });
+    }
+  });
+  server.route("GET", "/api/email/connections", async (_req, res) => {
+    sendJson(res, 200, { connections: configStore.getEmailConnections() });
+  });
+  server.route("POST", "/api/email/connections", async (_req, res, _params, body) => {
+    const { accountId, targetAgent, command, enabled } = body ?? {};
+    if (!accountId || !targetAgent || !command) {
+      sendJson(res, 400, { error: "VALIDATION", message: "accountId, targetAgent, and command are required", statusCode: 400 });
+      return;
+    }
+    if (!configStore.getEmailAccount(accountId)) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Account not found", statusCode: 404 });
+      return;
+    }
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const connection = {
+      id: randomUUID3(),
+      accountId,
+      targetAgent,
+      command,
+      enabled: enabled !== false,
+      createdAt: now,
+      updatedAt: now
+    };
+    configStore.saveEmailConnection(connection);
+    const parentAccount = configStore.getEmailAccount(accountId);
+    if (parentAccount) {
+      generateCapabilityFile(agentsDir, connection.targetAgent, "email", connection.id, buildEmailCapabilityContent(parentAccount, connection));
+    }
+    syncImapRunner();
+    sendJson(res, 201, connection);
+  });
+  server.route("PUT", "/api/email/connections/:id", async (_req, res, params, body) => {
+    const existing = configStore.getEmailConnection(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      targetAgent: updates.targetAgent ?? existing.targetAgent,
+      command: updates.command ?? existing.command,
+      enabled: updates.enabled ?? existing.enabled,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveEmailConnection(updated);
+    const parentAccount = configStore.getEmailAccount(updated.accountId);
+    if (parentAccount) {
+      if (updates.targetAgent && updates.targetAgent !== existing.targetAgent) {
+        removeCapabilityFile(agentsDir, existing.targetAgent, "email", existing.id);
+      }
+      generateCapabilityFile(agentsDir, updated.targetAgent, "email", updated.id, buildEmailCapabilityContent(parentAccount, updated));
+    }
+    syncImapRunner();
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/email/connections/:id", async (_req, res, params) => {
+    const existing = configStore.getEmailConnection(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    configStore.deleteEmailConnection(params["id"]);
+    removeCapabilityFile(agentsDir, existing.targetAgent, "email", existing.id);
+    syncImapRunner();
+    sendJson(res, 200, { deleted: true });
+  });
+};
+
+// ../daemon/src/api/routes/database.ts
+import { randomUUID as randomUUID4 } from "crypto";
+var redactPassword = (profile) => ({
+  ...profile,
+  password: profile.password ? "***" : null
+});
+var verifyProfile2 = async (profile, key) => {
+  try {
+    const client = await createDatabaseClient({
+      type: profile.type,
+      host: profile.host ?? void 0,
+      port: profile.port ?? void 0,
+      database: profile.database,
+      username: profile.username ?? void 0,
+      password: profile.password ? decrypt2(profile.password, key) : void 0,
+      sslMode: profile.sslMode ?? void 0
+    });
+    const error = await client.verify();
+    await client.close();
+    return error;
+  } catch (err) {
+    return err instanceof Error ? err.message : String(err);
+  }
+};
+var buildDatabaseCapabilityContent = (profile, connection) => {
+  const lines = [
+    `# Database: ${profile.name}`,
+    `Type: ${profile.type}`
+  ];
+  if (profile.host) lines.push(`Host: ${profile.host}${profile.port ? `:${profile.port}` : ""}`);
+  lines.push(`Database: ${profile.database}`);
+  lines.push("", "## Usage", connection.purpose);
+  lines.push("", "## Code", "```ts");
+  lines.push("import { createDatabaseClient } from 'kindflow/database';");
+  lines.push("const db = await createDatabaseClient({");
+  lines.push(`  type: '${profile.type}',`);
+  if (profile.host) lines.push(`  host: '${profile.host}',`);
+  if (profile.port) lines.push(`  port: ${profile.port},`);
+  lines.push(`  database: '${profile.database}',`);
+  if (profile.username) lines.push(`  username: '...',`);
+  if (profile.password) lines.push(`  password: '...',`);
+  lines.push("});");
+  lines.push("```");
+  return lines.join("\n");
+};
+var registerDatabaseRoutes = (server, configStore, agentsDir) => {
+  let encryptionKey = null;
+  const getKey = () => {
+    if (!encryptionKey) encryptionKey = getOrCreateKey2();
+    return encryptionKey;
+  };
+  server.route("GET", "/api/database/profiles", async (_req, res) => {
+    sendJson(res, 200, { profiles: configStore.getDatabaseProfiles().map(redactPassword) });
+  });
+  server.route("GET", "/api/database/profiles/:id", async (_req, res, params) => {
+    const profile = configStore.getDatabaseProfile(params["id"]);
+    if (!profile) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Database profile not found", statusCode: 404 });
+      return;
+    }
+    sendJson(res, 200, redactPassword(profile));
+  });
+  server.route("POST", "/api/database/profiles", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.name || !input?.type || !input?.database) {
+      sendJson(res, 400, { error: "BAD_REQUEST", message: "name, type, and database are required", statusCode: 400 });
+      return;
+    }
+    const profile = {
+      id: input.name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "") || randomUUID4().slice(0, 8),
+      name: input.name,
+      type: input.type,
+      host: input.host ?? null,
+      port: input.port ?? null,
+      database: input.database,
+      username: input.username ?? null,
+      password: input.password ? encrypt2(input.password, getKey()) : null,
+      sslMode: input.sslMode ?? null,
+      verified: false,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    const error = await verifyProfile2(profile, getKey());
+    if (error) {
+      sendJson(res, 400, { error: "VERIFICATION_FAILED", message: error, statusCode: 400 });
+      return;
+    }
+    profile.verified = true;
+    configStore.saveDatabaseProfile(profile);
+    sendJson(res, 201, redactPassword(profile));
+  });
+  server.route("POST", "/api/database/profiles/:id/verify", async (_req, res, params) => {
+    const profile = configStore.getDatabaseProfile(params["id"]);
+    if (!profile) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Database profile not found", statusCode: 404 });
+      return;
+    }
+    const error = await verifyProfile2(profile, getKey());
+    profile.verified = !error;
+    configStore.saveDatabaseProfile(profile);
+    sendJson(res, 200, { verified: !error, error: error ?? void 0 });
+  });
+  server.route("PUT", "/api/database/profiles/:id", async (_req, res, params, body) => {
+    const existing = configStore.getDatabaseProfile(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Database profile not found", statusCode: 404 });
+      return;
+    }
+    const updates = body;
+    const updatedPassword = updates.password !== void 0 ? updates.password ? encrypt2(updates.password, getKey()) : null : existing.password;
+    const updated = {
+      ...existing,
+      ...updates,
+      id: existing.id,
+      createdAt: existing.createdAt,
+      password: updatedPassword
+    };
+    if (updates.host !== void 0 || updates.port !== void 0 || updates.database !== void 0 || updates.username !== void 0 || updates.password !== void 0 || updates.sslMode !== void 0 || updates.type !== void 0) {
+      const error = await verifyProfile2(updated, getKey());
+      updated.verified = !error;
+    }
+    configStore.saveDatabaseProfile(updated);
+    sendJson(res, 200, redactPassword(updated));
+  });
+  server.route("DELETE", "/api/database/profiles/:id", async (_req, res, params) => {
+    const existing = configStore.getDatabaseProfile(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Database profile not found", statusCode: 404 });
+      return;
+    }
+    const connections = configStore.getDatabaseConnectionsForProfile(params["id"]);
+    for (const conn of connections) {
+      removeCapabilityFile(agentsDir, conn.targetAgent, "database", conn.id);
+      configStore.deleteDatabaseConnection(conn.id);
+    }
+    configStore.deleteDatabaseProfile(params["id"]);
+    sendJson(res, 200, { deleted: true });
+  });
+  server.route("GET", "/api/database/connections", async (_req, res) => {
+    sendJson(res, 200, { connections: configStore.getDatabaseConnections() });
+  });
+  server.route("POST", "/api/database/connections", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.profileId || !input?.targetAgent || !input?.purpose) {
+      sendJson(res, 400, { error: "VALIDATION", message: "profileId, targetAgent, and purpose are required", statusCode: 400 });
+      return;
+    }
+    const profile = configStore.getDatabaseProfile(input.profileId);
+    if (!profile) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Database profile not found", statusCode: 404 });
+      return;
+    }
+    if (!readAgent(agentsDir, input.targetAgent)) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Target agent not found", statusCode: 404 });
+      return;
+    }
+    const connection = {
+      id: randomUUID4(),
+      profileId: input.profileId,
+      targetAgent: input.targetAgent,
+      purpose: input.purpose,
+      enabled: true,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveDatabaseConnection(connection);
+    generateCapabilityFile(agentsDir, connection.targetAgent, "database", connection.id, buildDatabaseCapabilityContent(profile, connection));
+    sendJson(res, 201, connection);
+  });
+  server.route("PUT", "/api/database/connections/:id", async (_req, res, params, body) => {
+    const existing = configStore.getDatabaseConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      targetAgent: updates.targetAgent ?? existing.targetAgent,
+      purpose: updates.purpose ?? existing.purpose,
+      enabled: updates.enabled ?? existing.enabled
+    };
+    configStore.saveDatabaseConnection(updated);
+    const profile = configStore.getDatabaseProfile(updated.profileId);
+    if (profile) {
+      if (updates.targetAgent && updates.targetAgent !== existing.targetAgent) {
+        removeCapabilityFile(agentsDir, existing.targetAgent, "database", existing.id);
+      }
+      generateCapabilityFile(agentsDir, updated.targetAgent, "database", updated.id, buildDatabaseCapabilityContent(profile, updated));
+    }
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/database/connections/:id", async (_req, res, params) => {
+    const existing = configStore.getDatabaseConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    configStore.deleteDatabaseConnection(params["id"]);
+    removeCapabilityFile(agentsDir, existing.targetAgent, "database", existing.id);
+    sendJson(res, 200, { deleted: true });
+  });
+};
+
+// ../daemon/src/api/routes/http.ts
+import { randomUUID as randomUUID5, timingSafeEqual } from "crypto";
+var PATH_SLUG_REGEX = /^[a-z0-9][a-z0-9-]*$/;
+var extractBearerToken = (req) => {
+  const header = req.headers["authorization"];
+  if (!header || !header.startsWith("Bearer ")) return null;
+  return header.slice(7);
+};
+var safeEqual = (a, b) => {
+  const bufA = Buffer.from(a);
+  const bufB = Buffer.from(b);
+  if (bufA.length !== bufB.length) return false;
+  return timingSafeEqual(bufA, bufB);
+};
+var buildHttpCapabilityContent = (endpoint, connection) => [
+  `# HTTP: ${endpoint.name}`,
+  `Path: /api/trigger/${endpoint.path}`,
+  connection.command ? `Command: /${connection.command}` : "Command: (free-form text from request body)",
+  `Connected to agent: ${connection.targetAgent}`
+].join("\n");
+var registerHttpRoutes = (server, processManager, ipcHub, configStore, agentsDir) => {
+  let encryptionKey = null;
+  const getKey = () => {
+    if (!encryptionKey) encryptionKey = getOrCreateKey2();
+    return encryptionKey;
+  };
+  const redactApiKey = (endpoint) => ({
+    ...endpoint,
+    apiKey: endpoint.apiKey ? "***" : null
+  });
+  server.route("POST", "/api/trigger/:path", async (req, res, params, body) => {
+    const pathSlug = params["path"];
+    const endpoint = configStore.getHttpEndpointByPath(pathSlug);
+    if (!endpoint) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Endpoint not found", statusCode: 404 });
+      return;
+    }
+    if (!endpoint.enabled) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Endpoint is disabled", statusCode: 404 });
+      return;
+    }
+    if (endpoint.apiKey) {
+      const token = extractBearerToken(req);
+      const decryptedKey = decrypt2(endpoint.apiKey, getKey());
+      if (!token || !safeEqual(token, decryptedKey)) {
+        sendJson(res, 401, { error: "UNAUTHORIZED", message: "Invalid or missing API key", statusCode: 401 });
+        return;
+      }
+    }
+    const connections = configStore.getHttpConnectionsForEndpoint(endpoint.id).filter((c) => c.enabled);
+    if (connections.length === 0) {
+      sendJson(res, 200, { queued: false, reason: "No enabled connections for this endpoint" });
+      return;
+    }
+    let queued = 0;
+    for (const connection of connections) {
+      const proc = processManager.get(connection.targetAgent);
+      if (!proc || proc.status !== "running") continue;
+      let promptText;
+      if (connection.command) {
+        promptText = `/${connection.command}`;
+      } else {
+        const { text } = body ?? {};
+        if (!text) continue;
+        promptText = text;
+      }
+      const message = createMessage("http-trigger", connection.targetAgent, "prompt", {
+        text: promptText,
+        metadata: {
+          source: "http",
+          endpointId: endpoint.id,
+          endpointName: endpoint.name,
+          endpointPath: endpoint.path,
+          connectionId: connection.id
+        }
+      });
+      ipcHub.sendTo(connection.targetAgent, message);
+      queued++;
+    }
+    if (queued === 0) {
+      sendJson(res, 200, { queued: false, count: 0, reason: "No agents were available to receive the message" });
+      return;
+    }
+    sendJson(res, 202, { queued: true, count: queued });
+  });
+  server.route("GET", "/api/http/endpoints", async (_req, res) => {
+    const endpoints = configStore.getHttpEndpoints().map(redactApiKey);
+    sendJson(res, 200, { endpoints });
+  });
+  server.route("POST", "/api/http/endpoints", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.name || !input?.path) {
+      sendJson(res, 400, { error: "VALIDATION", message: "name and path are required", statusCode: 400 });
+      return;
+    }
+    if (!PATH_SLUG_REGEX.test(input.path)) {
+      sendJson(res, 400, { error: "BAD_REQUEST", message: "path must contain only lowercase letters, numbers, and hyphens", statusCode: 400 });
+      return;
+    }
+    const existing = configStore.getHttpEndpointByPath(input.path);
+    if (existing) {
+      sendJson(res, 409, { error: "CONFLICT", message: `An endpoint with path "${input.path}" already exists`, statusCode: 409 });
+      return;
+    }
+    const rawApiKey = input.generateApiKey ? randomUUID5() : null;
+    const endpoint = {
+      id: randomUUID5(),
+      name: input.name,
+      path: input.path,
+      apiKey: rawApiKey ? encrypt2(rawApiKey, getKey()) : null,
+      enabled: true,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveHttpEndpoint(endpoint);
+    sendJson(res, 201, redactApiKey(endpoint));
+  });
+  server.route("GET", "/api/http/endpoints/:id", async (_req, res, params) => {
+    const endpoint = configStore.getHttpEndpoint(params["id"]);
+    if (!endpoint) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Endpoint not found", statusCode: 404 });
+      return;
+    }
+    sendJson(res, 200, redactApiKey(endpoint));
+  });
+  server.route("PUT", "/api/http/endpoints/:id", async (_req, res, params, body) => {
+    const existing = configStore.getHttpEndpoint(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Endpoint not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    if (updates.path !== void 0 && !PATH_SLUG_REGEX.test(updates.path)) {
+      sendJson(res, 400, { error: "BAD_REQUEST", message: "path must contain only lowercase letters, numbers, and hyphens", statusCode: 400 });
+      return;
+    }
+    if (updates.path && updates.path !== existing.path) {
+      const dup = configStore.getHttpEndpointByPath(updates.path);
+      if (dup) {
+        sendJson(res, 409, { error: "CONFLICT", message: `An endpoint with path "${updates.path}" already exists`, statusCode: 409 });
+        return;
+      }
+    }
+    const rawApiKey = updates.regenerateApiKey ? randomUUID5() : null;
+    const updated = {
+      ...existing,
+      name: updates.name ?? existing.name,
+      path: updates.path ?? existing.path,
+      enabled: updates.enabled ?? existing.enabled,
+      apiKey: rawApiKey ? encrypt2(rawApiKey, getKey()) : existing.apiKey
+    };
+    configStore.saveHttpEndpoint(updated);
+    sendJson(res, 200, redactApiKey(updated));
+  });
+  server.route("DELETE", "/api/http/endpoints/:id", async (_req, res, params) => {
+    const endpoint = configStore.getHttpEndpoint(params["id"]);
+    if (!endpoint) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Endpoint not found", statusCode: 404 });
+      return;
+    }
+    const connections = configStore.getHttpConnectionsForEndpoint(params["id"]);
+    for (const conn of connections) {
+      removeCapabilityFile(agentsDir, conn.targetAgent, "http", conn.id);
+    }
+    configStore.deleteHttpEndpoint(params["id"]);
+    sendJson(res, 200, { deleted: true });
+  });
+  server.route("GET", "/api/http/connections", async (_req, res) => {
+    sendJson(res, 200, { connections: configStore.getHttpConnections() });
+  });
+  server.route("POST", "/api/http/connections", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.endpointId || !input?.targetAgent) {
+      sendJson(res, 400, { error: "VALIDATION", message: "endpointId and targetAgent are required", statusCode: 400 });
+      return;
+    }
+    if (!configStore.getHttpEndpoint(input.endpointId)) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Endpoint not found", statusCode: 404 });
+      return;
+    }
+    const connection = {
+      id: randomUUID5(),
+      endpointId: input.endpointId,
+      targetAgent: input.targetAgent,
+      command: input.command ?? null,
+      enabled: true,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveHttpConnection(connection);
+    const parentEndpoint = configStore.getHttpEndpoint(input.endpointId);
+    if (parentEndpoint) {
+      generateCapabilityFile(agentsDir, connection.targetAgent, "http", connection.id, buildHttpCapabilityContent(parentEndpoint, connection));
+    }
+    sendJson(res, 201, connection);
+  });
+  server.route("PUT", "/api/http/connections/:id", async (_req, res, params, body) => {
+    const existing = configStore.getHttpConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      targetAgent: updates.targetAgent ?? existing.targetAgent,
+      command: updates.command !== void 0 ? updates.command : existing.command,
+      enabled: updates.enabled ?? existing.enabled
+    };
+    configStore.saveHttpConnection(updated);
+    const parentEndpoint = configStore.getHttpEndpoint(updated.endpointId);
+    if (parentEndpoint) {
+      if (updates.targetAgent && updates.targetAgent !== existing.targetAgent) {
+        removeCapabilityFile(agentsDir, existing.targetAgent, "http", existing.id);
+      }
+      generateCapabilityFile(agentsDir, updated.targetAgent, "http", updated.id, buildHttpCapabilityContent(parentEndpoint, updated));
+    }
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/http/connections/:id", async (_req, res, params) => {
+    const existing = configStore.getHttpConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    configStore.deleteHttpConnection(params["id"]);
+    removeCapabilityFile(agentsDir, existing.targetAgent, "http", existing.id);
+    sendJson(res, 200, { deleted: true });
+  });
+};
+
+// ../daemon/src/api/routes/telegram.ts
+import { randomUUID as randomUUID6 } from "crypto";
+var buildTelegramCapabilityContent = (bot, connection) => [
+  `# Telegram: ${bot.name}`,
+  `Bot: @${bot.botUsername}`,
+  `Chat ID: ${connection.chatId}`,
+  `Connected to agent: ${connection.targetAgent}`
+].join("\n");
+var registerTelegramRoutes = (server, processManager, configStore, agentsDir) => {
+  let encryptionKey = null;
+  const getKey = () => {
+    if (!encryptionKey) encryptionKey = getOrCreateKey2();
+    return encryptionKey;
+  };
+  const syncTelegramRunner = () => {
+    const proc = processManager.get("telegram");
+    const bots = configStore.getTelegramBots();
+    const connections = configStore.getTelegramConnections();
+    const decryptedBots = bots.map((b) => ({
+      ...b,
+      token: decrypt2(b.token, getKey())
+    }));
+    if (proc && proc.status === "running") {
+      processManager.sendToChild("telegram", { type: "telegram:update-bots", bots: decryptedBots });
+      processManager.sendToChild("telegram", { type: "telegram:update-connections", connections });
+    } else if (bots.length > 0 && connections.length > 0) {
+      const now = (/* @__PURE__ */ new Date()).toISOString();
+      processManager.start("telegram", "helper", {
+        id: "telegram",
+        kind: "telegram",
+        name: "Telegram Runner",
+        config: { bots: decryptedBots, connections },
+        autoStart: true,
+        createdAt: now,
+        updatedAt: now
+      });
+      console.log(`[telegram] Auto-started telegram-runner with ${bots.length} bot(s)`);
+    }
+  };
+  server.route("GET", "/api/telegram/bots", async (_req, res) => {
+    const bots = configStore.getTelegramBots().map((b) => ({
+      ...b,
+      token: "***"
+    }));
+    sendJson(res, 200, { bots });
+  });
+  server.route("POST", "/api/telegram/bots", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.name || !input?.token) {
+      sendJson(res, 400, { error: "VALIDATION", message: "name and token are required", statusCode: 400 });
+      return;
+    }
+    const client = createTelegramClient({ token: input.token });
+    const result = await client.verify();
+    if (!result.ok) {
+      sendJson(res, 400, { error: "VERIFICATION_FAILED", message: `Token verification failed: ${result.error}`, statusCode: 400 });
+      return;
+    }
+    const bot = {
+      id: randomUUID6(),
+      name: input.name,
+      token: encrypt2(input.token, getKey()),
+      botUsername: result.username,
+      polling: true,
+      webhookUrl: null,
+      verified: true,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveTelegramBot(bot);
+    syncTelegramRunner();
+    sendJson(res, 201, { ...bot, token: "***" });
+  });
+  server.route("GET", "/api/telegram/bots/:id", async (_req, res, params) => {
+    const bot = configStore.getTelegramBot(params["id"]);
+    if (!bot) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Bot not found", statusCode: 404 });
+      return;
+    }
+    sendJson(res, 200, { ...bot, token: "***" });
+  });
+  server.route("PUT", "/api/telegram/bots/:id", async (_req, res, params, body) => {
+    const existing = configStore.getTelegramBot(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Bot not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      name: updates.name ?? existing.name,
+      polling: updates.polling ?? existing.polling,
+      webhookUrl: updates.webhookUrl !== void 0 ? updates.webhookUrl : existing.webhookUrl
+    };
+    configStore.saveTelegramBot(updated);
+    syncTelegramRunner();
+    sendJson(res, 200, { ...updated, token: "***" });
+  });
+  server.route("DELETE", "/api/telegram/bots/:id", async (_req, res, params) => {
+    const bot = configStore.getTelegramBot(params["id"]);
+    if (!bot) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Bot not found", statusCode: 404 });
+      return;
+    }
+    const connections = configStore.getTelegramConnectionsForBot(params["id"]);
+    for (const conn of connections) {
+      removeCapabilityFile(agentsDir, conn.targetAgent, "telegram", conn.id);
+    }
+    configStore.deleteTelegramBot(params["id"]);
+    syncTelegramRunner();
+    sendJson(res, 200, { deleted: true });
+  });
+  server.route("POST", "/api/telegram/bots/:id/verify", async (_req, res, params) => {
+    const bot = configStore.getTelegramBot(params["id"]);
+    if (!bot) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Bot not found", statusCode: 404 });
+      return;
+    }
+    const token = decrypt2(bot.token, getKey());
+    const client = createTelegramClient({ token });
+    const result = await client.verify();
+    if (!result.ok) {
+      bot.verified = false;
+      configStore.saveTelegramBot(bot);
+      sendJson(res, 200, { verified: false, error: result.error });
+      return;
+    }
+    bot.verified = true;
+    bot.botUsername = result.username;
+    configStore.saveTelegramBot(bot);
+    syncTelegramRunner();
+    sendJson(res, 200, { verified: true, username: result.username });
+  });
+  server.route("GET", "/api/telegram/connections", async (_req, res) => {
+    sendJson(res, 200, { connections: configStore.getTelegramConnections() });
+  });
+  server.route("POST", "/api/telegram/connections", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.botId || !input?.targetAgent) {
+      sendJson(res, 400, { error: "VALIDATION", message: "botId and targetAgent are required", statusCode: 400 });
+      return;
+    }
+    if (!configStore.getTelegramBot(input.botId)) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Bot not found", statusCode: 404 });
+      return;
+    }
+    const connection = {
+      id: randomUUID6(),
+      botId: input.botId,
+      targetAgent: input.targetAgent,
+      chatId: input.chatId ?? "*",
+      enabled: input.enabled !== false,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveTelegramConnection(connection);
+    const parentBot = configStore.getTelegramBot(input.botId);
+    if (parentBot) {
+      generateCapabilityFile(agentsDir, connection.targetAgent, "telegram", connection.id, buildTelegramCapabilityContent(parentBot, connection));
+    }
+    syncTelegramRunner();
+    sendJson(res, 201, connection);
+  });
+  server.route("PUT", "/api/telegram/connections/:id", async (_req, res, params, body) => {
+    const existing = configStore.getTelegramConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      targetAgent: updates.targetAgent ?? existing.targetAgent,
+      chatId: updates.chatId ?? existing.chatId,
+      enabled: updates.enabled ?? existing.enabled
+    };
+    configStore.saveTelegramConnection(updated);
+    const parentBot = configStore.getTelegramBot(updated.botId);
+    if (parentBot) {
+      if (updates.targetAgent && updates.targetAgent !== existing.targetAgent) {
+        removeCapabilityFile(agentsDir, existing.targetAgent, "telegram", existing.id);
+      }
+      generateCapabilityFile(agentsDir, updated.targetAgent, "telegram", updated.id, buildTelegramCapabilityContent(parentBot, updated));
+    }
+    syncTelegramRunner();
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/telegram/connections/:id", async (_req, res, params) => {
+    const existing = configStore.getTelegramConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    configStore.deleteTelegramConnection(params["id"]);
+    removeCapabilityFile(agentsDir, existing.targetAgent, "telegram", existing.id);
+    syncTelegramRunner();
+    sendJson(res, 200, { deleted: true });
+  });
+};
+
+// ../daemon/src/api/routes/cron.ts
+import { randomUUID as randomUUID7 } from "crypto";
+var buildCronRunnerConfig = (configStore) => {
+  const jobs = configStore.getCronJobs().filter((j) => j.enabled);
+  const configs = [];
+  for (const job of jobs) {
+    const connections = configStore.getCronConnectionsForJob(job.id).filter((c) => c.enabled);
+    for (const conn of connections) {
+      configs.push({
+        id: `${job.id}-${conn.id}`,
+        name: job.name,
+        schedule: job.schedule,
+        command: conn.command ?? job.name,
+        targetAgent: conn.targetAgent,
+        enabled: true,
+        createdAt: job.createdAt,
+        updatedAt: job.createdAt
+      });
+    }
+  }
+  return configs;
+};
+var syncCronRunner = (processManager, configStore) => {
+  const allJobs = buildCronRunnerConfig(configStore);
+  const cronProcess = processManager.get("cron");
+  if (cronProcess && cronProcess.status === "running") {
+    processManager.sendToChild("cron", { type: "cron:update-jobs", jobs: allJobs });
+  } else if (allJobs.length > 0) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    processManager.start("cron", "helper", {
+      id: "cron",
+      kind: "cron",
+      name: "Cron Runner",
+      config: { cronJobs: allJobs },
+      autoStart: true,
+      createdAt: now,
+      updatedAt: now
+    });
+    console.log(`[cron] Auto-started cron-runner with ${allJobs.length} job(s)`);
+  }
+  console.log(`[cron] Synced ${allJobs.length} cron job config(s)`);
+};
+var buildCronCapabilityContent = (job, connection) => [
+  `# Cron: ${job.name}`,
+  `Schedule: ${job.schedule}`,
+  `Command: /${connection.command ?? job.name}`,
+  `Connected to agent: ${connection.targetAgent}`
+].join("\n");
+var registerCronRoutes = (server, processManager, configStore, agentsDir) => {
+  server.route("GET", "/api/cron/jobs", async (_req, res) => {
+    sendJson(res, 200, { cronJobs: configStore.getCronJobs() });
+  });
+  server.route("POST", "/api/cron/jobs", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.name || !input?.schedule) {
+      sendJson(res, 400, { error: "VALIDATION", message: "name and schedule are required", statusCode: 400 });
+      return;
+    }
+    const job = {
+      id: randomUUID7(),
+      name: input.name,
+      schedule: input.schedule,
+      enabled: true,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveCronJob(job);
+    syncCronRunner(processManager, configStore);
+    sendJson(res, 201, job);
+  });
+  server.route("GET", "/api/cron/jobs/:id", async (_req, res, params) => {
+    const job = configStore.getCronJob(params["id"]);
+    if (!job) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Cron job not found", statusCode: 404 });
+      return;
+    }
+    sendJson(res, 200, job);
+  });
+  server.route("PUT", "/api/cron/jobs/:id", async (_req, res, params, body) => {
+    const existing = configStore.getCronJob(params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Cron job not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      name: updates.name ?? existing.name,
+      schedule: updates.schedule ?? existing.schedule,
+      enabled: updates.enabled ?? existing.enabled
+    };
+    configStore.saveCronJob(updated);
+    syncCronRunner(processManager, configStore);
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/cron/jobs/:id", async (_req, res, params) => {
+    const job = configStore.getCronJob(params["id"]);
+    if (!job) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Cron job not found", statusCode: 404 });
+      return;
+    }
+    const connections = configStore.getCronConnectionsForJob(params["id"]);
+    for (const conn of connections) {
+      removeCapabilityFile(agentsDir, conn.targetAgent, "cron", conn.id);
+    }
+    configStore.deleteCronJob(params["id"]);
+    syncCronRunner(processManager, configStore);
+    sendJson(res, 200, { deleted: true });
+  });
+  server.route("GET", "/api/cron/connections", async (_req, res) => {
+    sendJson(res, 200, { connections: configStore.getCronConnections() });
+  });
+  server.route("POST", "/api/cron/connections", async (_req, res, _params, body) => {
+    const input = body;
+    if (!input?.cronJobId || !input?.targetAgent || !input?.command) {
+      sendJson(res, 400, { error: "VALIDATION", message: "cronJobId, targetAgent, and command are required", statusCode: 400 });
+      return;
+    }
+    if (!configStore.getCronJob(input.cronJobId)) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Cron job not found", statusCode: 404 });
+      return;
+    }
+    const connection = {
+      id: randomUUID7(),
+      cronJobId: input.cronJobId,
+      targetAgent: input.targetAgent,
+      command: input.command,
+      enabled: true,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    configStore.saveCronConnection(connection);
+    const parentJob = configStore.getCronJob(input.cronJobId);
+    if (parentJob) {
+      generateCapabilityFile(agentsDir, connection.targetAgent, "cron", connection.id, buildCronCapabilityContent(parentJob, connection));
+    }
+    syncCronRunner(processManager, configStore);
+    sendJson(res, 201, connection);
+  });
+  server.route("PUT", "/api/cron/connections/:id", async (_req, res, params, body) => {
+    const existing = configStore.getCronConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    const updates = body ?? {};
+    const updated = {
+      ...existing,
+      targetAgent: updates.targetAgent ?? existing.targetAgent,
+      command: updates.command !== void 0 ? updates.command : existing.command,
+      enabled: updates.enabled ?? existing.enabled
+    };
+    configStore.saveCronConnection(updated);
+    const parentJob = configStore.getCronJob(updated.cronJobId);
+    if (parentJob) {
+      if (updates.targetAgent && updates.targetAgent !== existing.targetAgent) {
+        removeCapabilityFile(agentsDir, existing.targetAgent, "cron", existing.id);
+      }
+      generateCapabilityFile(agentsDir, updated.targetAgent, "cron", updated.id, buildCronCapabilityContent(parentJob, updated));
+    }
+    syncCronRunner(processManager, configStore);
+    sendJson(res, 200, updated);
+  });
+  server.route("DELETE", "/api/cron/connections/:id", async (_req, res, params) => {
+    const existing = configStore.getCronConnections().find((c) => c.id === params["id"]);
+    if (!existing) {
+      sendJson(res, 404, { error: "NOT_FOUND", message: "Connection not found", statusCode: 404 });
+      return;
+    }
+    configStore.deleteCronConnection(params["id"]);
+    removeCapabilityFile(agentsDir, existing.targetAgent, "cron", existing.id);
+    syncCronRunner(processManager, configStore);
+    sendJson(res, 200, { deleted: true });
+  });
+};
+
+// ../daemon/src/daemon.ts
+var DEFAULT_PORT = 7777;
+var DEFAULT_WEB_PORT = 7001;
+var HUB_ID = "kindflow-hub";
+var startDaemon = async (options) => {
+  const paths = resolvePaths(options?.paths);
+  console.log("[daemon] Starting Kindflow daemon...");
+  console.log(`[daemon] Agents dir: ${paths.agentsDir}`);
+  console.log(`[daemon] Data dir: ${paths.dataDir}`);
+  console.log(`[daemon] Runners dir: ${paths.runnersDir}`);
+  const configStore = await createConfigStore(paths.dataDir);
+  console.log("[daemon] Config store initialized");
+  const configPort = parseInt(configStore.getSetting("daemon.port") ?? "", 10);
+  const configWebPort = parseInt(configStore.getSetting("web.port") ?? "", 10);
+  const port = options?.port ?? (configPort || DEFAULT_PORT);
+  const webPort = options?.webPort ?? (configWebPort || DEFAULT_WEB_PORT);
+  const apiServer = createApiServer();
+  const ipcHub = createIpcHub({
+    id: HUB_ID,
+    onMessage: (msg) => {
+      if (msg.to !== "*") {
+        ipcHub.sendTo(msg.to, msg);
+      } else {
+        ipcHub.broadcast(msg);
+      }
+    }
+  });
+  await ipcHub.start();
+  console.log("[daemon] IPC hub started");
+  const processManager = createProcessManager({
+    hubId: HUB_ID,
+    runnersDir: paths.runnersDir,
+    isDev: detectMode() === "dev",
+    callbacks: {
+      onStatusChange: (id, status, pid) => {
+        apiServer.broadcast({ type: "process:status", id, status, pid });
+      },
+      onLog: (id, stream, data) => {
+        apiServer.broadcast({ type: "process:log", id, stream, data });
+      },
+      onSdkMessage: (id, message) => {
+        apiServer.broadcast({ type: "process:log", id, stream: "stdout", data: JSON.stringify(message) });
+      }
+    }
+  });
+  console.log("[daemon] Process manager initialized");
+  const terminalManager = createTerminalManager({
+    callbacks: {
+      onOutput: (sessionId, data) => {
+        apiServer.broadcast({ type: "terminal:output", sessionId, data });
+      },
+      onClose: (sessionId) => {
+        apiServer.broadcast({ type: "terminal:closed", sessionId });
+      }
+    }
+  });
+  console.log("[daemon] Terminal manager initialized");
+  registerAgentRoutes(apiServer, processManager, terminalManager, paths.agentsDir, paths.templateDir, configStore);
+  registerProcessRoutes(apiServer, processManager, configStore, paths.agentsDir);
+  registerS3Routes(apiServer, configStore, paths.agentsDir);
+  registerEmailRoutes(apiServer, processManager, configStore, port, paths.agentsDir);
+  registerDatabaseRoutes(apiServer, configStore, paths.agentsDir);
+  registerHttpRoutes(apiServer, processManager, ipcHub, configStore, paths.agentsDir);
+  registerTelegramRoutes(apiServer, processManager, configStore, paths.agentsDir);
+  registerCronRoutes(apiServer, processManager, configStore, paths.agentsDir);
+  apiServer.onWsCommand((_ws, command) => {
+    switch (command.type) {
+      case "terminal:ready":
+        terminalManager.flush(command.sessionId);
+        break;
+      case "terminal:input":
+        terminalManager.write(command.sessionId, command.data);
+        break;
+      case "terminal:resize":
+        terminalManager.resize(command.sessionId, command.cols, command.rows);
+        break;
+    }
+  });
+  await apiServer.listen(port);
+  const allAgents = scanAgents(paths.agentsDir);
+  const agents = allAgents.filter((a) => a.config.autoStart);
+  const helpers = configStore.getHelpers().filter((h) => h.autoStart);
+  for (const agent of agents) {
+    console.log(`[daemon] Auto-starting agent: ${agent.config.name}`);
+    processManager.start(agent.id, "agent", agent);
+  }
+  for (const helper of helpers) {
+    console.log(`[daemon] Auto-starting helper: ${helper.name}`);
+    processManager.start(helper.id, "helper", helper);
+  }
+  console.log(`[daemon] Discovered ${allAgents.length} agent(s), auto-started ${agents.length}`);
+  const emailAccounts = configStore.getEmailAccounts();
+  const oauthCreds = configStore.getOAuthCredentials("gmail");
+  if (emailAccounts.length > 0 && oauthCreds && !processManager.get("email-imap")) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const imapHelper = {
+      id: "email-imap",
+      kind: "email-imap",
+      name: "Email IMAP Watcher",
+      config: {
+        accounts: emailAccounts,
+        connections: configStore.getEmailConnections(),
+        oauthCredentials: oauthCreds
+      },
+      autoStart: true,
+      createdAt: now,
+      updatedAt: now
+    };
+    configStore.saveHelper(imapHelper);
+    console.log(`[daemon] Auto-starting email-imap helper (${emailAccounts.length} account(s))`);
+    processManager.start("email-imap", "helper", imapHelper);
+  }
+  const telegramBots = configStore.getTelegramBots();
+  const telegramConns = configStore.getTelegramConnections();
+  if (telegramBots.length > 0 && telegramConns.length > 0 && !processManager.get("telegram")) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const telegramEncKey = getOrCreateKey2();
+    const decryptedBots = telegramBots.map((b) => ({
+      ...b,
+      token: decrypt2(b.token, telegramEncKey)
+    }));
+    const telegramHelper = {
+      id: "telegram",
+      kind: "telegram",
+      name: "Telegram Bot Runner",
+      config: {
+        bots: decryptedBots,
+        connections: telegramConns
+      },
+      autoStart: true,
+      createdAt: now,
+      updatedAt: now
+    };
+    configStore.saveHelper(telegramHelper);
+    console.log(`[daemon] Auto-starting telegram helper (${telegramBots.length} bot(s), ${telegramConns.length} connection(s))`);
+    processManager.start("telegram", "helper", telegramHelper);
+  }
+  const cronRunnerJobs = buildCronRunnerConfig(configStore);
+  if (cronRunnerJobs.length > 0 && !processManager.get("cron")) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const cronHelper = {
+      id: "cron",
+      kind: "cron",
+      name: "Cron Runner",
+      config: { cronJobs: cronRunnerJobs },
+      autoStart: true,
+      createdAt: now,
+      updatedAt: now
+    };
+    configStore.saveHelper(cronHelper);
+    console.log(`[daemon] Auto-starting cron-runner (${cronRunnerJobs.length} job config(s))`);
+    processManager.start("cron", "helper", cronHelper);
+  }
+  let webServer = null;
+  if (paths.webDir) {
+    webServer = createWebServer({ port: webPort, webAppDir: paths.webDir });
+    try {
+      await webServer.start();
+      console.log(`[daemon] Web UI: http://localhost:${webPort}`);
+    } catch (err) {
+      console.error(`[daemon] Failed to start web UI: ${err instanceof Error ? err.message : err}`);
+    }
+  }
+  console.log(`[daemon] API: http://localhost:${port}`);
+  const shutdown = async () => {
+    console.log("[daemon] Shutting down...");
+    webServer?.stop();
+    terminalManager.closeAll();
+    await processManager.shutdownAll();
+    ipcHub.stop();
+    await apiServer.close();
+    configStore.close();
+    console.log("[daemon] Shutdown complete");
+  };
+  return { configStore, processManager, terminalManager, ipcHub, apiServer, webServer, shutdown };
+};
 export {
   startDaemon
 };