opensentinel 3.1.1 → 3.7.0

package/dist/chunk-O7IH7JTI.js

@@ -1,1898 +0,0 @@
-import {
-  textToSpeech
-} from "./chunk-MXAPLSJ5.js";
-import {
-  transcribeAudio
-} from "./chunk-SJSUSJ47.js";
-import {
-  ImapClient,
-  SmtpClient,
-  TOOLS,
-  chat,
-  chatWithTools,
-  executeTool,
-  getAppProfile,
-  init_imap_client,
-  init_smtp_client,
-  prioritizeTools
-} from "./chunk-766ASQWE.js";
-import {
-  decryptField,
-  deleteMemory,
-  exportMemories,
-  getMemoryById,
-  searchMemories,
-  storeMemory,
-  updateMemory
-} from "./chunk-IZJMVV7O.js";
-import {
-  createPublicRecords
-} from "./chunk-SVAPX2XN.js";
-import {
-  resolveEntity
-} from "./chunk-WRAKK6K6.js";
-import {
-  getAuditChainIntegrity,
-  logAudit,
-  queryAuditLogs
-} from "./chunk-OCVQGBJK.js";
-import {
-  apiKeys,
-  conversations,
-  db,
-  graphEntities,
-  graphRelationships,
-  memories,
-  messages,
-  sessions
-} from "./chunk-XKYRH4FM.js";
-import {
-  env
-} from "./chunk-ZLZKF2PM.js";
-import {
-  __require
-} from "./chunk-PLDDJCW6.js";
-
-// src/inputs/api/server.ts
-import { Hono as Hono5 } from "hono";
-import { cors } from "hono/cors";
-import { logger } from "hono/logger";
-import { desc as desc2, eq as eq4 } from "drizzle-orm";
-
-// src/core/security/api-key-manager.ts
-import { eq, and, isNull } from "drizzle-orm";
-import { randomBytes, createHash } from "crypto";
-var KEY_PREFIX = "mb_";
-function hashApiKey(key) {
-  return createHash("sha256").update(key).digest("hex");
-}
-async function validateApiKey(rawKey) {
-  if (!rawKey.startsWith(KEY_PREFIX)) {
-    return { valid: false };
-  }
-  const keyHash = hashApiKey(rawKey);
-  const now = /* @__PURE__ */ new Date();
-  const [key] = await db.select().from(apiKeys).where(
-    and(
-      eq(apiKeys.keyHash, keyHash),
-      isNull(apiKeys.revokedAt)
-    )
-  ).limit(1);
-  if (!key) {
-    return { valid: false };
-  }
-  if (key.expiresAt && key.expiresAt < now) {
-    return { valid: false };
-  }
-  await db.update(apiKeys).set({ lastUsedAt: now }).where(eq(apiKeys.id, key.id));
-  return {
-    valid: true,
-    apiKey: {
-      id: key.id,
-      name: key.name,
-      prefix: key.keyPrefix,
-      permissions: key.permissions || [],
-      createdAt: key.createdAt,
-      lastUsedAt: now,
-      expiresAt: key.expiresAt,
-      isRevoked: false
-    },
-    userId: key.userId
-  };
-}
-function hasPermission(apiKeyPermissions, requiredPermission) {
-  if (apiKeyPermissions.includes("*")) {
-    return true;
-  }
-  return apiKeyPermissions.includes(requiredPermission);
-}
-
-// src/core/security/session-manager.ts
-import { eq as eq2, and as and2, gt, lt } from "drizzle-orm";
-import { randomBytes as randomBytes2, createHash as createHash2 } from "crypto";
-var SESSION_DURATION_MS = 7 * 24 * 60 * 60 * 1e3;
-function hashToken(token) {
-  return createHash2("sha256").update(token).digest("hex");
-}
-async function validateSession(token) {
-  const tokenHash = hashToken(token);
-  const now = /* @__PURE__ */ new Date();
-  const [session] = await db.select().from(sessions).where(and2(eq2(sessions.token, tokenHash), gt(sessions.expiresAt, now))).limit(1);
-  if (!session) {
-    return null;
-  }
-  await db.update(sessions).set({ lastActiveAt: now }).where(eq2(sessions.id, session.id));
-  return {
-    userId: session.userId,
-    sessionId: session.id,
-    expiresAt: session.expiresAt,
-    deviceInfo: session.deviceInfo
-  };
-}
-
-// src/core/security/gateway-utils.ts
-function getGatewayToken() {
-  const token = env.GATEWAY_TOKEN;
-  return token || void 0;
-}
-function timingSafeEqual(a, b) {
-  if (a.length !== b.length) {
-    let result2 = 1;
-    for (let i = 0; i < b.length; i++) {
-      result2 |= b.charCodeAt(i) ^ (a.charCodeAt(i % (a.length || 1)) || 0);
-    }
-    return false;
-  }
-  let result = 0;
-  for (let i = 0; i < a.length; i++) {
-    result |= a.charCodeAt(i) ^ b.charCodeAt(i);
-  }
-  return result === 0;
-}
-
-// src/core/security/auth-middleware.ts
-var PUBLIC_ROUTES = ["/health", "/api/system/status", "/api/pair", "/api/sdk/register"];
-var SDK_PREFIX = "/api/sdk/";
-function authMiddleware() {
-  return async (c, next) => {
-    const path = c.req.path;
-    if (PUBLIC_ROUTES.includes(path)) {
-      return next();
-    }
-    if (path.startsWith(SDK_PREFIX) && path !== "/api/sdk/register") {
-      return next();
-    }
-    const gatewayToken = getGatewayToken();
-    if (!gatewayToken) {
-      c.set("userId", "local");
-      c.set("permissions", ["*"]);
-      c.set("authMethod", "none");
-      return next();
-    }
-    const authHeader = c.req.header("Authorization");
-    if (!authHeader || !authHeader.startsWith("Bearer ")) {
-      return c.json({ error: "Missing or invalid authorization header" }, 401);
-    }
-    const token = authHeader.slice(7);
-    if (timingSafeEqual(token, gatewayToken)) {
-      c.set("userId", "gateway");
-      c.set("permissions", ["*"]);
-      c.set("authMethod", "gateway");
-      logAudit({
-        userId: "gateway",
-        action: "login",
-        resource: "session",
-        details: { method: "gateway_token", path }
-      }).catch(() => {
-      });
-      return next();
-    }
-    const sessionInfo = await validateSession(token);
-    if (sessionInfo) {
-      c.set("userId", sessionInfo.userId);
-      c.set("permissions", ["*"]);
-      c.set("authMethod", "session");
-      logAudit({
-        userId: sessionInfo.userId,
-        action: "login",
-        resource: "session",
-        details: { method: "session", path }
-      }).catch(() => {
-      });
-      return next();
-    }
-    const apiKeyResult = await validateApiKey(token);
-    if (apiKeyResult.valid && apiKeyResult.apiKey && apiKeyResult.userId) {
-      c.set("userId", apiKeyResult.userId);
-      c.set("permissions", apiKeyResult.apiKey.permissions);
-      c.set("authMethod", "api_key");
-      logAudit({
-        userId: apiKeyResult.userId,
-        action: "login",
-        resource: "api_key",
-        details: { method: "api_key", keyId: apiKeyResult.apiKey.id, path }
-      }).catch(() => {
-      });
-      return next();
-    }
-    return c.json({ error: "Invalid or expired credentials" }, 401);
-  };
-}
-function requirePermission(...requiredPermissions) {
-  return async (c, next) => {
-    const permissions = c.get("permissions");
-    if (!permissions) {
-      return c.json({ error: "Not authenticated" }, 401);
-    }
-    if (permissions.includes("*")) {
-      return next();
-    }
-    for (const required of requiredPermissions) {
-      if (!hasPermission(permissions, required)) {
-        return c.json({ error: "Insufficient permissions" }, 403);
-      }
-    }
-    return next();
-  };
-}
-function getAuthUserId(c) {
-  return c.get("userId");
-}
-
-// src/inputs/api/routes/osint.ts
-import { Hono } from "hono";
-import { eq as eq3, sql, desc, ilike, and as and3 } from "drizzle-orm";
-var _publicRecords = null;
-function getPublicRecords() {
-  if (!_publicRecords) _publicRecords = createPublicRecords();
-  return _publicRecords;
-}
-var osint = new Hono();
-osint.use("*", async (c, next) => {
-  if (!env.OSINT_ENABLED) {
-    return c.json({ error: "OSINT features are disabled" }, 403);
-  }
-  await next();
-});
-osint.get("/graph", async (c) => {
-  try {
-    const userId = c.req.query("userId") || "system";
-    const limit = Math.min(parseInt(c.req.query("limit") || "200", 10), 1e3);
-    const entities = await db.select({
-      id: graphEntities.id,
-      name: graphEntities.name,
-      type: graphEntities.type,
-      importance: graphEntities.importance,
-      description: graphEntities.description,
-      attributes: graphEntities.attributes,
-      aliases: graphEntities.aliases
-    }).from(graphEntities).orderBy(desc(graphEntities.importance)).limit(limit);
-    const entityIds = entities.map((e) => e.id);
-    if (entityIds.length === 0) {
-      return c.json({ nodes: [], edges: [] });
-    }
-    const relationships = await db.select({
-      id: graphRelationships.id,
-      source: graphRelationships.sourceEntityId,
-      target: graphRelationships.targetEntityId,
-      type: graphRelationships.type,
-      strength: graphRelationships.strength
-    }).from(graphRelationships).where(
-      and3(
-        sql`${graphRelationships.sourceEntityId} = ANY(${sql`ARRAY[${sql.join(entityIds.map((id) => sql`${id}`), sql`, `)}]::uuid[]`})`,
-        sql`${graphRelationships.targetEntityId} = ANY(${sql`ARRAY[${sql.join(entityIds.map((id) => sql`${id}`), sql`, `)}]::uuid[]`})`
-      )
-    );
-    return c.json({
-      nodes: entities,
-      edges: relationships,
-      stats: {
-        totalEntities: entities.length,
-        totalRelationships: relationships.length,
-        totalSources: new Set(
-          entities.flatMap((e) => {
-            const srcs = e.attributes?.sources;
-            return Array.isArray(srcs) ? srcs.map((s) => s.type || "unknown") : [];
-          })
-        ).size
-      }
-    });
-  } catch (error) {
-    console.error("[OSINT API] /graph error:", error);
-    return c.json({ error: "Failed to fetch graph data" }, 500);
-  }
-});
-osint.get("/entity/:id", async (c) => {
-  try {
-    const id = c.req.param("id");
-    const results = await db.select().from(graphEntities).where(eq3(graphEntities.id, id)).limit(1);
-    if (results.length === 0) {
-      return c.json({ error: "Entity not found" }, 404);
-    }
-    const entity = results[0];
-    const outgoing = await db.select({
-      id: graphRelationships.id,
-      sourceEntityId: graphRelationships.sourceEntityId,
-      targetEntityId: graphRelationships.targetEntityId,
-      type: graphRelationships.type,
-      strength: graphRelationships.strength,
-      context: graphRelationships.context,
-      attributes: graphRelationships.attributes,
-      targetName: graphEntities.name
-    }).from(graphRelationships).innerJoin(graphEntities, eq3(graphRelationships.targetEntityId, graphEntities.id)).where(eq3(graphRelationships.sourceEntityId, id));
-    const incoming = await db.select({
-      id: graphRelationships.id,
-      sourceEntityId: graphRelationships.sourceEntityId,
-      targetEntityId: graphRelationships.targetEntityId,
-      type: graphRelationships.type,
-      strength: graphRelationships.strength,
-      context: graphRelationships.context,
-      attributes: graphRelationships.attributes,
-      sourceName: graphEntities.name
-    }).from(graphRelationships).innerJoin(graphEntities, eq3(graphRelationships.sourceEntityId, graphEntities.id)).where(eq3(graphRelationships.targetEntityId, id));
-    return c.json({
-      entity,
-      relationships: {
-        outgoing,
-        incoming
-      }
-    });
-  } catch (error) {
-    console.error("[OSINT API] /entity/:id error:", error);
-    return c.json({ error: "Failed to fetch entity" }, 500);
-  }
-});
-function normalizeFECName(raw) {
-  if (!raw.includes(",")) return toTitleCase(raw);
-  const [last, ...rest] = raw.split(",").map((s) => s.trim());
-  const first = rest.join(" ").trim();
-  if (!first) return toTitleCase(last);
-  return toTitleCase(`${first} ${last}`);
-}
-function toTitleCase(s) {
-  return s.toLowerCase().replace(/\b\w/g, (c) => c.toUpperCase());
-}
-async function searchExternalAPIs(query) {
-  const pr = getPublicRecords();
-  const newEntityIds = [];
-  const [fecCandidates, fecCommittees, ocCompanies] = await Promise.all([
-    pr.fec.searchCandidates(query).then((r) => r.slice(0, 10)).catch((err) => {
-      console.warn("[OSINT API] FEC candidates search failed:", err.message);
-      return [];
-    }),
-    pr.fec.searchCommittees(query).then((r) => r.slice(0, 10)).catch((err) => {
-      console.warn("[OSINT API] FEC committees search failed:", err.message);
-      return [];
-    }),
-    pr.opencorporates.searchCompanies(query, "us").then((r) => r.slice(0, 10)).catch((err) => {
-      console.warn("[OSINT API] OpenCorporates search failed:", err.message);
-      return [];
-    })
-  ]);
-  const candidates = [];
-  for (const c of fecCandidates) {
-    candidates.push({
-      name: normalizeFECName(c.name),
-      type: "person",
-      source: "fec",
-      identifiers: { fecId: c.candidateId },
-      attributes: {
-        party: c.party,
-        office: c.office,
-        state: c.state,
-        district: c.district,
-        cycles: c.cycles
-      }
-    });
-  }
-  for (const c of fecCommittees) {
-    candidates.push({
-      name: toTitleCase(c.name),
-      type: "committee",
-      source: "fec",
-      identifiers: { fecId: c.committeeId },
-      attributes: {
-        designation: c.designation,
-        committeeType: c.type,
-        party: c.party,
-        state: c.state,
-        treasurerName: c.treasurerName
-      }
-    });
-  }
-  for (const c of ocCompanies) {
-    candidates.push({
-      name: c.name,
-      type: "organization",
-      source: "opencorporates",
-      attributes: {
-        companyNumber: c.companyNumber,
-        jurisdiction: c.jurisdictionCode,
-        status: c.status,
-        companyType: c.companyType,
-        incorporationDate: c.incorporationDate,
-        registeredAddress: c.registeredAddress,
-        openCorporatesUrl: c.openCorporatesUrl
-      }
-    });
-  }
-  for (const candidate of candidates) {
-    try {
-      const resolved = await resolveEntity(candidate);
-      newEntityIds.push(resolved.entityId);
-    } catch (err) {
-      console.warn(`[OSINT API] Entity resolution failed for "${candidate.name}":`, err.message);
-    }
-  }
-  return [...new Set(newEntityIds)];
-}
-osint.get("/search", async (c) => {
-  try {
-    const q = c.req.query("q");
-    const type = c.req.query("type");
-    const limit = Math.min(parseInt(c.req.query("limit") || "25", 10), 100);
-    if (!q) {
-      return c.json({ error: "Query parameter 'q' is required" }, 400);
-    }
-    let query = db.select().from(graphEntities).where(
-      type ? and3(ilike(graphEntities.name, `%${q}%`), eq3(graphEntities.type, type)) : ilike(graphEntities.name, `%${q}%`)
-    ).orderBy(desc(graphEntities.importance)).limit(limit);
-    let results = await query;
-    let externalSearched = false;
-    if (results.length < 3 && q.length >= 2) {
-      try {
-        console.log(`[OSINT API] Local results (${results.length}) < 3 for "${q}", querying external APIs...`);
-        const externalIds = await searchExternalAPIs(q);
-        externalSearched = true;
-        if (externalIds.length > 0) {
-          const nameCondition = type ? and3(ilike(graphEntities.name, `%${q}%`), eq3(graphEntities.type, type)) : ilike(graphEntities.name, `%${q}%`);
-          const idCondition = sql`${graphEntities.id} = ANY(${sql`ARRAY[${sql.join(externalIds.map((id) => sql`${id}`), sql`, `)}]::uuid[]`})`;
-          results = await db.select().from(graphEntities).where(sql`(${nameCondition}) OR (${idCondition})`).orderBy(desc(graphEntities.importance)).limit(limit);
-        }
-      } catch (extErr) {
-        console.warn("[OSINT API] External search failed (graceful):", extErr.message);
-      }
-    }
-    const entityIds = results.map((e) => e.id);
-    let edges = [];
-    if (entityIds.length > 1) {
-      edges = await db.select({
-        id: graphRelationships.id,
-        source: graphRelationships.sourceEntityId,
-        target: graphRelationships.targetEntityId,
-        type: graphRelationships.type,
-        strength: graphRelationships.strength
-      }).from(graphRelationships).where(
-        and3(
-          sql`${graphRelationships.sourceEntityId} = ANY(${sql`ARRAY[${sql.join(entityIds.map((id) => sql`${id}`), sql`, `)}]::uuid[]`})`,
-          sql`${graphRelationships.targetEntityId} = ANY(${sql`ARRAY[${sql.join(entityIds.map((id) => sql`${id}`), sql`, `)}]::uuid[]`})`
-        )
-      );
-    }
-    return c.json({ results, edges, total: results.length, externalSearched });
-  } catch (error) {
-    console.error("[OSINT API] /search error:", error);
-    return c.json({ error: "Search failed" }, 500);
-  }
-});
-osint.post("/enrich", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.entityId) {
-      return c.json({ error: "entityId is required" }, 400);
-    }
-    const entity = await db.select().from(graphEntities).where(eq3(graphEntities.id, body.entityId)).limit(1);
-    if (entity.length === 0) {
-      return c.json({ error: "Entity not found" }, 404);
-    }
-    const { enrichEntity } = await import("./enrichment-pipeline-MNHNW65K.js");
-    const result = await enrichEntity(body.entityId, {
-      sources: body.sources,
-      depth: body.depth ?? 1
-    });
-    return c.json({ success: true, result });
-  } catch (error) {
-    if (error?.code === "MODULE_NOT_FOUND" || error?.message?.includes("Cannot find module")) {
-      return c.json({ error: "Enrichment pipeline is not available" }, 501);
-    }
-    console.error("[OSINT API] /enrich error:", error);
-    return c.json({ error: "Enrichment failed" }, 500);
-  }
-});
-var FINANCIAL_REL_TYPES = ["donated_to", "funded", "awarded_contract", "grant_to", "paid"];
-osint.get("/financial-flow", async (c) => {
-  try {
-    const entityId = c.req.query("entityId");
-    if (!entityId) {
-      return c.json({ error: "Query parameter 'entityId' is required" }, 400);
-    }
-    const rootEntity = await db.select({ id: graphEntities.id, name: graphEntities.name }).from(graphEntities).where(eq3(graphEntities.id, entityId)).limit(1);
-    if (rootEntity.length === 0) {
-      return c.json({ error: "Entity not found" }, 404);
-    }
-    const outgoing = await db.select({
-      id: graphRelationships.id,
-      sourceEntityId: graphRelationships.sourceEntityId,
-      targetEntityId: graphRelationships.targetEntityId,
-      type: graphRelationships.type,
-      strength: graphRelationships.strength,
-      attributes: graphRelationships.attributes
-    }).from(graphRelationships).where(
-      and3(
-        eq3(graphRelationships.sourceEntityId, entityId),
-        sql`${graphRelationships.type} = ANY(${sql`ARRAY[${sql.join(FINANCIAL_REL_TYPES.map((t) => sql`${t}`), sql`, `)}]::text[]`})`
-      )
-    );
-    const incoming = await db.select({
-      id: graphRelationships.id,
-      sourceEntityId: graphRelationships.sourceEntityId,
-      targetEntityId: graphRelationships.targetEntityId,
-      type: graphRelationships.type,
-      strength: graphRelationships.strength,
-      attributes: graphRelationships.attributes
-    }).from(graphRelationships).where(
-      and3(
-        eq3(graphRelationships.targetEntityId, entityId),
-        sql`${graphRelationships.type} = ANY(${sql`ARRAY[${sql.join(FINANCIAL_REL_TYPES.map((t) => sql`${t}`), sql`, `)}]::text[]`})`
-      )
-    );
-    const allRels = [...outgoing, ...incoming];
-    const relatedIds = /* @__PURE__ */ new Set();
-    relatedIds.add(entityId);
-    for (const rel of allRels) {
-      relatedIds.add(rel.sourceEntityId);
-      relatedIds.add(rel.targetEntityId);
-    }
-    const relatedEntities = await db.select({
-      id: graphEntities.id,
-      name: graphEntities.name,
-      type: graphEntities.type
-    }).from(graphEntities).where(sql`${graphEntities.id} = ANY(${sql`ARRAY[${sql.join([...relatedIds].map((id) => sql`${id}`), sql`, `)}]::uuid[]`})`);
-    const entityMap = new Map(relatedEntities.map((e) => [e.id, e]));
-    const nodeValues = /* @__PURE__ */ new Map();
-    for (const rel of allRels) {
-      const attrs = rel.attributes || {};
-      const amount = attrs.amount || rel.strength || 1;
-      nodeValues.set(rel.sourceEntityId, (nodeValues.get(rel.sourceEntityId) || 0) + amount);
-      nodeValues.set(rel.targetEntityId, (nodeValues.get(rel.targetEntityId) || 0) + amount);
-    }
-    const nodes = relatedEntities.map((e) => ({
-      id: e.id,
-      name: e.name,
-      type: e.type,
-      value: nodeValues.get(e.id) || 0
-    }));
-    const links = allRels.filter((rel) => entityMap.has(rel.sourceEntityId) && entityMap.has(rel.targetEntityId)).map((rel) => {
-      const attrs = rel.attributes || {};
-      return {
-        source: rel.sourceEntityId,
-        target: rel.targetEntityId,
-        value: attrs.amount || rel.strength || 1,
-        description: `${rel.type.replace(/_/g, " ")}${attrs.period ? ` (${attrs.period})` : ""}`
-      };
-    });
-    return c.json({ nodes, links });
-  } catch (error) {
-    console.error("[OSINT API] /financial-flow error:", error);
-    return c.json({ error: "Failed to fetch financial flow data" }, 500);
-  }
-});
-osint.get("/duplicates", async (c) => {
-  try {
-    const threshold = parseFloat(c.req.query("threshold") || "0.85");
-    const { findDuplicates } = await import("./entity-resolution-Y3IUWEAT.js");
-    const duplicates = await findDuplicates(threshold);
-    return c.json({ duplicates, total: duplicates.length });
-  } catch (error) {
-    console.error("[OSINT API] /duplicates error:", error);
-    return c.json({ error: "Failed to find duplicates" }, 500);
-  }
-});
-osint.get("/stats", async (c) => {
-  try {
-    const totalEntitiesResult = await db.select({ count: sql`count(*)::int` }).from(graphEntities);
-    const totalEntities = totalEntitiesResult[0]?.count ?? 0;
-    const totalRelsResult = await db.select({ count: sql`count(*)::int` }).from(graphRelationships);
-    const totalRelationships = totalRelsResult[0]?.count ?? 0;
-    const entitiesByType = await db.select({
-      type: graphEntities.type,
-      count: sql`count(*)::int`
-    }).from(graphEntities).groupBy(graphEntities.type).orderBy(desc(sql`count(*)`));
-    const topEntities = await db.select({
-      id: graphEntities.id,
-      name: graphEntities.name,
-      type: graphEntities.type,
-      mentionCount: graphEntities.mentionCount,
-      importance: graphEntities.importance
-    }).from(graphEntities).orderBy(desc(graphEntities.mentionCount)).limit(20);
-    return c.json({
-      totalEntities,
-      totalRelationships,
-      entitiesByType,
-      topEntities
-    });
-  } catch (error) {
-    console.error("[OSINT API] /stats error:", error);
-    return c.json({ error: "Failed to fetch statistics" }, 500);
-  }
-});
-
-// src/inputs/api/routes/email.ts
-import { Hono as Hono2 } from "hono";
-init_imap_client();
-init_smtp_client();
-var email = new Hono2();
-function createImapClient(emailAddress) {
-  if (env.EMAIL_MASTER_USER && env.EMAIL_MASTER_PASSWORD) {
-    return new ImapClient({
-      host: env.EMAIL_LOCAL_IMAP_HOST || "127.0.0.1",
-      port: env.EMAIL_LOCAL_IMAP_PORT || 993,
-      secure: true,
-      user: `${emailAddress}*${env.EMAIL_MASTER_USER}`,
-      password: env.EMAIL_MASTER_PASSWORD,
-      tls: { rejectUnauthorized: false }
-    });
-  } else if (env.EMAIL_USER && env.EMAIL_PASSWORD) {
-    return new ImapClient({
-      host: env.EMAIL_IMAP_HOST || "imap.gmail.com",
-      port: env.EMAIL_IMAP_PORT || 993,
-      secure: env.EMAIL_IMAP_SECURE !== false,
-      user: env.EMAIL_USER,
-      password: env.EMAIL_PASSWORD
-    });
-  }
-  throw new Error("Email not configured");
-}
-function createSmtpClient(fromAddress) {
-  if (env.EMAIL_MASTER_USER) {
-    return new SmtpClient(
-      {
-        host: env.EMAIL_LOCAL_SMTP_HOST || "127.0.0.1",
-        port: env.EMAIL_LOCAL_SMTP_PORT || 25,
-        secure: false,
-        auth: { user: "", pass: "" },
-        tls: { rejectUnauthorized: false }
-      },
-      fromAddress
-    );
-  } else if (env.EMAIL_USER && env.EMAIL_PASSWORD) {
-    return new SmtpClient(
-      {
-        host: env.EMAIL_SMTP_HOST || "smtp.gmail.com",
-        port: env.EMAIL_SMTP_PORT || 587,
-        secure: env.EMAIL_SMTP_SECURE === true,
-        auth: { user: env.EMAIL_USER, pass: env.EMAIL_PASSWORD }
-      },
-      fromAddress
-    );
-  }
-  throw new Error("Email not configured");
-}
-function serializeEmail(email2, includeBody) {
-  const serialized = {
-    id: email2.id,
-    uid: email2.uid,
-    messageId: email2.messageId,
-    subject: email2.subject,
-    from: email2.from,
-    to: email2.to,
-    cc: email2.cc,
-    bcc: email2.bcc,
-    date: email2.date.toISOString(),
-    text: includeBody ? email2.text : email2.snippet,
-    html: includeBody ? email2.html : "",
-    snippet: email2.snippet,
-    attachments: email2.attachments.map((a) => ({
-      filename: a.filename,
-      contentType: a.contentType,
-      size: a.size,
-      contentId: a.contentId,
-      hasContent: !!a.content
-    })),
-    flags: email2.flags,
-    labels: email2.labels,
-    threadId: email2.threadId,
-    inReplyTo: email2.inReplyTo,
-    references: email2.references,
-    headers: Object.fromEntries(email2.headers)
-  };
-  return serialized;
-}
-email.use("*", async (c, next) => {
-  if (!env.EMAIL_MASTER_USER && !env.EMAIL_USER) {
-    return c.json(
-      { error: "Email not configured. Set EMAIL_MASTER_USER or EMAIL_USER in .env" },
-      503
-    );
-  }
-  await next();
-});
-email.get("/folders", async (c) => {
-  const emailAddress = c.req.query("email_address");
-  if (!emailAddress) {
-    return c.json({ error: "Query parameter 'email_address' is required" }, 400);
-  }
-  let imap = null;
-  try {
-    imap = createImapClient(emailAddress);
-    await imap.connect();
-    const folders = await imap.listFolders();
-    return c.json(folders);
-  } catch (error) {
-    console.error("[Email API] /folders error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Failed to list folders" },
-      500
-    );
-  } finally {
-    if (imap) {
-      await imap.disconnect().catch(() => {
-      });
-    }
-  }
-});
-email.get("/inbox", async (c) => {
-  const emailAddress = c.req.query("email_address");
-  if (!emailAddress) {
-    return c.json({ error: "Query parameter 'email_address' is required" }, 400);
-  }
-  const folder = c.req.query("folder") || "INBOX";
-  const limit = c.req.query("limit") || "20";
-  const offset = c.req.query("offset") || "0";
-  const unreadOnly = c.req.query("unread_only") === "true";
-  let imap = null;
-  try {
-    imap = createImapClient(emailAddress);
-    await imap.connect();
-    let emails;
-    if (unreadOnly) {
-      emails = await imap.searchEmails({
-        folder,
-        seen: false,
-        limit: parseInt(limit)
-      });
-    } else {
-      emails = await imap.fetchEmails(folder, {
-        limit: parseInt(limit),
-        offset: parseInt(offset)
-      });
-    }
-    return c.json({
-      emails: emails.map((e) => serializeEmail(e, false)),
-      folder
-    });
-  } catch (error) {
-    console.error("[Email API] /inbox error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Failed to fetch emails" },
-      500
-    );
-  } finally {
-    if (imap) {
-      await imap.disconnect().catch(() => {
-      });
-    }
-  }
-});
-email.get("/message/:uid", async (c) => {
-  const emailAddress = c.req.query("email_address");
-  if (!emailAddress) {
-    return c.json({ error: "Query parameter 'email_address' is required" }, 400);
-  }
-  const uid = parseInt(c.req.param("uid"));
-  const folder = c.req.query("folder") || "INBOX";
-  let imap = null;
-  try {
-    imap = createImapClient(emailAddress);
-    await imap.connect();
-    const emailMsg = await imap.fetchEmail(uid, folder);
-    if (!emailMsg) {
-      return c.json({ error: "Email not found" }, 404);
-    }
-    await imap.markAsRead(uid, folder);
-    return c.json(serializeEmail(emailMsg, true));
-  } catch (error) {
-    console.error("[Email API] /message/:uid error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Failed to fetch email" },
-      500
-    );
-  } finally {
-    if (imap) {
-      await imap.disconnect().catch(() => {
-      });
-    }
-  }
-});
-email.get("/attachment/:uid/:index", async (c) => {
-  const emailAddress = c.req.query("email_address");
-  if (!emailAddress) {
-    return c.json({ error: "Query parameter 'email_address' is required" }, 400);
-  }
-  const uid = parseInt(c.req.param("uid"));
-  const index = parseInt(c.req.param("index"));
-  const folder = c.req.query("folder") || "INBOX";
-  let imap = null;
-  try {
-    imap = createImapClient(emailAddress);
-    await imap.connect();
-    const emailMsg = await imap.fetchEmail(uid, folder);
-    if (!emailMsg) {
-      return c.json({ error: "Email not found" }, 404);
-    }
-    const attachment = emailMsg.attachments[index];
-    if (!attachment) {
-      return c.json({ error: "Attachment not found" }, 404);
-    }
-    if (!attachment.content) {
-      return c.json({ error: "Attachment content not available" }, 404);
-    }
-    return new Response(attachment.content, {
-      headers: {
-        "Content-Type": attachment.contentType || "application/octet-stream",
-        "Content-Disposition": `attachment; filename="${attachment.filename}"`,
-        "Content-Length": String(attachment.size || attachment.content.length)
-      }
-    });
-  } catch (error) {
-    console.error("[Email API] /attachment/:uid/:index error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Failed to fetch attachment" },
-      500
-    );
-  } finally {
-    if (imap) {
-      await imap.disconnect().catch(() => {
-      });
-    }
-  }
-});
-email.post("/send", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.from || !body.to || !body.subject) {
-      return c.json({ error: "Fields 'from', 'to', and 'subject' are required" }, 400);
-    }
-    const smtp = createSmtpClient(body.from);
-    const convertedAttachments = body.attachments?.map((a) => ({
-      filename: a.filename,
-      contentType: a.contentType,
-      size: Buffer.from(a.content, "base64").length,
-      content: Buffer.from(a.content, "base64")
-    }));
-    const result = await smtp.send({
-      to: body.to,
-      cc: body.cc,
-      bcc: body.bcc,
-      subject: body.subject,
-      text: body.text,
-      html: body.html,
-      attachments: convertedAttachments
-    });
-    return c.json(result);
-  } catch (error) {
-    console.error("[Email API] /send error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Failed to send email" },
-      500
-    );
-  }
-});
-email.post("/reply", async (c) => {
-  const body = await c.req.json();
-  if (!body.email_address || !body.email_uid || !body.body) {
-    return c.json(
-      { error: "Fields 'email_address', 'email_uid', and 'body' are required" },
-      400
-    );
-  }
-  const folder = body.folder || "INBOX";
-  let imap = null;
-  try {
-    imap = createImapClient(body.email_address);
-    await imap.connect();
-    const originalEmail = await imap.fetchEmail(body.email_uid, folder);
-    if (!originalEmail) {
-      return c.json({ error: "Original email not found" }, 404);
-    }
-    const smtp = createSmtpClient(body.email_address);
-    const convertedAttachments = body.attachments?.map((a) => ({
-      filename: a.filename,
-      contentType: a.contentType,
-      size: Buffer.from(a.content, "base64").length,
-      content: Buffer.from(a.content, "base64")
-    }));
-    let result;
-    if (body.reply_all) {
-      result = await smtp.replyAll(
-        originalEmail,
-        { text: body.body, html: body.html, attachments: convertedAttachments },
-        body.email_address
-      );
-    } else {
-      result = await smtp.reply(originalEmail, {
-        text: body.body,
-        html: body.html,
-        attachments: convertedAttachments
-      });
-    }
-    return c.json(result);
-  } catch (error) {
-    console.error("[Email API] /reply error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Failed to send reply" },
-      500
-    );
-  } finally {
-    if (imap) {
-      await imap.disconnect().catch(() => {
-      });
-    }
-  }
-});
-email.post("/search", async (c) => {
-  const body = await c.req.json();
-  if (!body.email_address) {
-    return c.json({ error: "Field 'email_address' is required" }, 400);
-  }
-  let imap = null;
-  try {
-    imap = createImapClient(body.email_address);
-    await imap.connect();
-    const searchOptions = {
-      folder: body.folder || "INBOX",
-      from: body.from,
-      to: body.to,
-      subject: body.subject,
-      body: body.body,
-      since: body.since ? new Date(body.since) : void 0,
-      before: body.before ? new Date(body.before) : void 0,
-      seen: body.unread_only ? false : void 0,
-      limit: body.limit
-    };
-    const emails = await imap.searchEmails(searchOptions);
-    return c.json({
-      emails: emails.map((e) => serializeEmail(e, false))
-    });
-  } catch (error) {
-    console.error("[Email API] /search error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Search failed" },
-      500
-    );
-  } finally {
-    if (imap) {
-      await imap.disconnect().catch(() => {
-      });
-    }
-  }
-});
-email.post("/flag", async (c) => {
-  const body = await c.req.json();
-  if (!body.email_address || !body.uid || !body.action) {
-    return c.json(
-      { error: "Fields 'email_address', 'uid', and 'action' are required" },
-      400
-    );
-  }
-  const folder = body.folder || "INBOX";
-  let imap = null;
-  try {
-    imap = createImapClient(body.email_address);
-    await imap.connect();
-    switch (body.action) {
-      case "read":
-        await imap.markAsRead(body.uid, folder);
-        break;
-      case "unread":
-        await imap.markAsUnread(body.uid, folder);
-        break;
-      case "flag":
-        await imap.flagEmail(body.uid, folder);
-        break;
-      case "unflag":
-        await imap.unflagEmail(body.uid, folder);
-        break;
-      case "delete":
-        await imap.deleteEmail(body.uid, folder);
-        break;
-      default:
-        return c.json({ error: `Unknown action: ${body.action}` }, 400);
-    }
-    return c.json({ success: true });
-  } catch (error) {
-    console.error("[Email API] /flag error:", error);
-    return c.json(
-      { error: error instanceof Error ? error.message : "Failed to perform action" },
-      500
-    );
-  } finally {
-    if (imap) {
-      await imap.disconnect().catch(() => {
-      });
-    }
-  }
-});
-
-// src/inputs/api/routes/sdk.ts
-import { Hono as Hono3 } from "hono";
-var registeredApps = /* @__PURE__ */ new Map();
-function generateApiKey() {
-  const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
-  const segments = [8, 4, 4, 4, 12];
-  return "osk_" + segments.map((len) => Array.from({ length: len }, () => chars[Math.floor(Math.random() * chars.length)]).join("")).join("-");
-}
-async function sdkAuth(c, next) {
-  const authHeader = c.req.header("Authorization");
-  if (!authHeader?.startsWith("Bearer osk_")) {
-    return c.json({ error: "Invalid or missing API key. Register at POST /api/sdk/register" }, 401);
-  }
-  const apiKey = authHeader.slice(7);
-  const app2 = Array.from(registeredApps.values()).find((a) => a.apiKey === apiKey);
-  if (!app2) {
-    return c.json({ error: "Unknown API key. Register at POST /api/sdk/register" }, 401);
-  }
-  app2.lastSeen = /* @__PURE__ */ new Date();
-  c.set("sdkApp", app2);
-  await next();
-}
-var sdkRoutes = new Hono3();
-sdkRoutes.post("/register", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.name || !body.type) {
-      return c.json({ error: "name and type are required" }, 400);
-    }
-    const existing = Array.from(registeredApps.values()).find(
-      (a) => a.name === body.name && a.type === body.type
-    );
-    if (existing) {
-      return c.json({
-        id: existing.id,
-        apiKey: existing.apiKey,
-        message: "App already registered"
-      });
-    }
-    const id = crypto.randomUUID();
-    const apiKey = generateApiKey();
-    const app2 = {
-      id,
-      name: body.name,
-      type: body.type,
-      apiKey,
-      callbackUrl: body.callbackUrl,
-      registeredAt: /* @__PURE__ */ new Date(),
-      lastSeen: /* @__PURE__ */ new Date()
-    };
-    registeredApps.set(id, app2);
-    return c.json({
-      id,
-      apiKey,
-      message: "App registered successfully. Use this API key in Authorization: Bearer header.",
-      endpoints: {
-        chat: "POST /api/sdk/chat",
-        notify: "POST /api/sdk/notify",
-        memory_store: "POST /api/sdk/memory",
-        memory_search: "POST /api/sdk/memory/search",
-        tools_list: "GET /api/sdk/tools",
-        tools_execute: "POST /api/sdk/tools/execute",
-        agent_spawn: "POST /api/sdk/agent/spawn",
-        status: "GET /api/sdk/status"
-      }
-    });
-  } catch (error) {
-    return c.json({ error: "Registration failed" }, 500);
-  }
-});
-sdkRoutes.use("/*", sdkAuth);
-sdkRoutes.post("/chat", async (c) => {
-  try {
-    const app2 = c.get("sdkApp");
-    const body = await c.req.json();
-    if (!body.message) {
-      return c.json({ error: "message is required" }, 400);
-    }
-    const messages2 = [];
-    if (body.context) {
-      messages2.push({
-        role: "user",
-        content: `[Context from ${app2.name} (${app2.type})]: ${body.context}`
-      });
-      messages2.push({
-        role: "assistant",
-        content: "Understood, I have the context. How can I help?"
-      });
-    }
-    messages2.push({ role: "user", content: body.message });
-    const toolsUsed = [];
-    const response = body.useTools !== false ? await chatWithTools(messages2, `sdk:${app2.id}`, (tool) => toolsUsed.push(tool), { appType: app2.type }) : await (await import("./brain-7XLLM3KC.js")).chat(messages2, body.systemPrompt);
-    await storeMemory({
-      content: `[${app2.name}] User asked: ${body.message.slice(0, 200)}`,
-      type: "episodic",
-      importance: 5,
-      userId: `sdk:${app2.id}`,
-      source: `sdk:${app2.name}`,
-      provenance: `sdk:${app2.type}`
-    }).catch(() => {
-    });
-    return c.json({
-      content: response.content,
-      toolsUsed,
-      usage: {
-        inputTokens: response.inputTokens,
-        outputTokens: response.outputTokens
-      },
-      app: app2.name
-    });
-  } catch (error) {
-    console.error("SDK chat error:", error);
-    return c.json({ error: "Chat failed" }, 500);
-  }
-});
-sdkRoutes.post("/notify", async (c) => {
-  try {
-    const app2 = c.get("sdkApp");
-    const body = await c.req.json();
-    if (!body.channel || !body.message) {
-      return c.json({ error: "channel and message are required" }, 400);
-    }
-    const sent = [];
-    const prefix = `[${app2.name}] `;
-    const fullMessage = prefix + body.message;
-    const channels = body.channel === "all" ? ["telegram", "discord", "slack"] : [body.channel];
-    for (const ch of channels) {
-      try {
-        switch (ch) {
-          case "telegram": {
-            const { sendTelegramMessage } = await import("../../telegram");
-            await sendTelegramMessage(fullMessage);
-            sent.push("telegram");
-            break;
-          }
-          case "discord": {
-            const { sendDiscordMessage } = await import("./discord-B3HUPGQ6.js");
-            await sendDiscordMessage(fullMessage);
-            sent.push("discord");
-            break;
-          }
-          case "slack": {
-            const { sendSlackMessage } = await import("./slack-IZQWIKOH.js");
-            await sendSlackMessage(fullMessage);
-            sent.push("slack");
-            break;
-          }
-          case "email": {
-            const { sendEmail } = await import("./email-K7LO2IPB.js");
-            await sendEmail({
-              to: body.recipient || "",
-              subject: `${app2.name} Notification`,
-              text: body.message
-            });
-            sent.push("email");
-            break;
-          }
-        }
-      } catch (err) {
-      }
-    }
-    return c.json({ sent, message: `Notification sent via: ${sent.join(", ") || "none (no channels configured)"}` });
-  } catch (error) {
-    return c.json({ error: "Notification failed" }, 500);
-  }
-});
-sdkRoutes.post("/memory", async (c) => {
-  try {
-    const app2 = c.get("sdkApp");
-    const body = await c.req.json();
-    if (!body.content) {
-      return c.json({ error: "content is required" }, 400);
-    }
-    const memory = await storeMemory({
-      content: body.content,
-      type: body.type || "semantic",
-      importance: body.importance || 5,
-      userId: `sdk:${app2.id}`,
-      source: `sdk:${app2.name}`,
-      provenance: `sdk:${app2.type}`
-    });
-    return c.json(memory);
-  } catch (error) {
-    return c.json({ error: "Memory store failed" }, 500);
-  }
-});
-sdkRoutes.post("/memory/search", async (c) => {
-  try {
-    const app2 = c.get("sdkApp");
-    const body = await c.req.json();
-    if (!body.query) {
-      return c.json({ error: "query is required" }, 400);
-    }
-    const userId = body.crossApp ? void 0 : `sdk:${app2.id}`;
-    const results = await searchMemories(body.query, userId, body.limit || 5);
-    return c.json(results);
-  } catch (error) {
-    return c.json({ error: "Memory search failed" }, 500);
-  }
-});
-sdkRoutes.get("/tools", (c) => {
-  const app2 = c.get("sdkApp");
-  const ordered = prioritizeTools(TOOLS, app2.type);
-  const profile = getAppProfile(app2.type);
-  const prioritySet = new Set(profile.priorityTools);
-  const toolList = ordered.map((t) => ({
-    name: t.name,
-    description: t.description,
-    priority: prioritySet.has(t.name)
-  }));
-  return c.json({ tools: toolList, count: toolList.length, appType: app2.type });
-});
-sdkRoutes.post("/tools/execute", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.tool || !body.input) {
-      return c.json({ error: "tool and input are required" }, 400);
-    }
-    const result = await executeTool(body.tool, body.input);
-    return c.json({ tool: body.tool, result });
-  } catch (error) {
-    return c.json({ error: "Tool execution failed" }, 500);
-  }
-});
-sdkRoutes.post("/agent/spawn", async (c) => {
-  try {
-    const app2 = c.get("sdkApp");
-    const body = await c.req.json();
-    if (!body.type || !body.task) {
-      return c.json({ error: "type and task are required" }, 400);
-    }
-    const agentPrompt = `As a ${body.type} agent for ${app2.name}, complete this task: ${body.task}${body.context ? `
-
-Context: ${body.context}` : ""}`;
-    const messages2 = [{ role: "user", content: agentPrompt }];
-    const toolsUsed = [];
-    const response = await chatWithTools(messages2, `sdk:${app2.id}:agent:${body.type}`, (tool) => toolsUsed.push(tool), { appType: app2.type });
-    return c.json({
-      agent: body.type,
-      result: response.content,
-      toolsUsed,
-      usage: {
-        inputTokens: response.inputTokens,
-        outputTokens: response.outputTokens
-      }
-    });
-  } catch (error) {
-    return c.json({ error: "Agent spawn failed" }, 500);
-  }
-});
-sdkRoutes.get("/status", (c) => {
-  const app2 = c.get("sdkApp");
-  const allApps = Array.from(registeredApps.values()).map((a) => ({
-    id: a.id,
-    name: a.name,
-    type: a.type,
-    registeredAt: a.registeredAt,
-    lastSeen: a.lastSeen
-  }));
-  return c.json({
-    opensentinel: {
-      status: "online",
-      version: "2.2.1",
-      uptime: process.uptime()
-    },
-    currentApp: {
-      id: app2.id,
-      name: app2.name,
-      type: app2.type
-    },
-    registeredApps: allApps,
-    tools: TOOLS.length
-  });
-});
-
-// src/inputs/api/routes/admin.ts
-import { Hono as Hono4 } from "hono";
-
-// src/core/security/rate-limiter.ts
-import Redis from "ioredis";
-var redis = new Redis(env.REDIS_URL, {
-  maxRetriesPerRequest: 3,
-  retryDelayOnFailover: 100
-});
-var DEFAULT_LIMITS = {
-  "api/chat": { windowMs: 6e4, maxRequests: 30 },
-  "api/chat/tools": { windowMs: 6e4, maxRequests: 20 },
-  "api/ask": { windowMs: 6e4, maxRequests: 30 },
-  "tool/shell": { windowMs: 6e4, maxRequests: 10 },
-  "tool/browser": { windowMs: 6e4, maxRequests: 10 },
-  "tool/file_write": { windowMs: 6e4, maxRequests: 20 },
-  "agent/spawn": { windowMs: 36e5, maxRequests: 5 },
-  // 5 agents per hour
-  default: { windowMs: 6e4, maxRequests: 60 }
-};
-function getKey(identifier, endpoint) {
-  return `ratelimit:${identifier}:${endpoint}`;
-}
-async function checkRateLimit(identifier, endpoint, customConfig) {
-  const config = customConfig || DEFAULT_LIMITS[endpoint] || DEFAULT_LIMITS.default;
-  const { windowMs, maxRequests } = config;
-  const key = getKey(identifier, endpoint);
-  const now = Date.now();
-  try {
-    const multi = redis.multi();
-    multi.zremrangebyscore(key, 0, now - windowMs);
-    multi.zcard(key);
-    multi.zadd(key, now.toString(), `${now}:${Math.random()}`);
-    multi.pexpire(key, windowMs);
-    const results = await multi.exec();
-    if (!results) {
-      console.warn("[RateLimiter] Redis transaction failed, allowing request");
-      return {
-        allowed: true,
-        remaining: maxRequests,
-        resetAt: new Date(now + windowMs)
-      };
-    }
-    const currentCount = results[1]?.[1] || 0;
-    const resetAt = new Date(now + windowMs);
-    if (currentCount >= maxRequests) {
-      await redis.zrem(key, `${now}:${Math.random()}`);
-      return {
-        allowed: false,
-        remaining: 0,
-        resetAt,
-        retryAfterMs: windowMs - (now - await getWindowStart(key, now, windowMs))
-      };
-    }
-    return {
-      allowed: true,
-      remaining: maxRequests - currentCount - 1,
-      resetAt
-    };
-  } catch (error) {
-    console.error("[RateLimiter] Error checking rate limit:", error);
-    return {
-      allowed: true,
-      remaining: maxRequests,
-      resetAt: new Date(now + windowMs)
-    };
-  }
-}
-async function getWindowStart(key, now, windowMs) {
-  const oldest = await redis.zrange(key, 0, 0, "WITHSCORES");
-  if (oldest.length >= 2) {
-    return parseInt(oldest[1], 10);
-  }
-  return now - windowMs;
-}
-
-// src/inputs/api/routes/admin.ts
-var adminRouter = new Hono4();
-async function requireAdminKey(c, next) {
-  const apiKey = c.req.header("x-api-key");
-  if (!apiKey) {
-    return c.json({ error: "API key required" }, 401);
-  }
-  const rateLimitResult = await checkRateLimit(apiKey, "api/admin");
-  if (!rateLimitResult.allowed) {
-    return c.json(
-      { error: "Rate limit exceeded", retryAfter: rateLimitResult.retryAfterMs },
-      429
-    );
-  }
-  await next();
-}
-adminRouter.use("*", requireAdminKey);
-adminRouter.get("/audit-logs", async (c) => {
-  try {
-    const url = new URL(c.req.url);
-    const options = {};
-    const userId = url.searchParams.get("userId");
-    if (userId) options.userId = userId;
-    const action = url.searchParams.get("action");
-    if (action) options.action = action;
-    const resource = url.searchParams.get("resource");
-    if (resource) options.resource = resource;
-    const startDate = url.searchParams.get("startDate");
-    if (startDate) options.startDate = new Date(startDate);
-    const endDate = url.searchParams.get("endDate");
-    if (endDate) options.endDate = new Date(endDate);
-    const limit = url.searchParams.get("limit");
-    options.limit = limit ? Math.min(parseInt(limit, 10), 500) : 100;
-    const offset = url.searchParams.get("offset");
-    options.offset = offset ? parseInt(offset, 10) : 0;
-    const logs = await queryAuditLogs(options);
-    return c.json({
-      success: true,
-      logs,
-      count: logs.length,
-      limit: options.limit,
-      offset: options.offset
-    });
-  } catch (err) {
-    return c.json({ error: err.message || "Failed to query audit logs" }, 500);
-  }
-});
-adminRouter.get("/audit-logs/integrity", async (c) => {
-  try {
-    const integrity = await getAuditChainIntegrity();
-    return c.json({ success: true, ...integrity });
-  } catch (err) {
-    return c.json({ error: err.message || "Failed to check integrity" }, 500);
-  }
-});
-adminRouter.get("/incidents", async (c) => {
-  try {
-    const url = new URL(c.req.url);
-    const limit = Math.min(parseInt(url.searchParams.get("limit") || "50", 10), 200);
-    const incidents = await queryAuditLogs({
-      action: "error",
-      limit
-    });
-    return c.json({
-      success: true,
-      incidents,
-      count: incidents.length
-    });
-  } catch (err) {
-    return c.json({ error: err.message || "Failed to query incidents" }, 500);
-  }
-});
-var admin_default = adminRouter;
-
-// src/inputs/api/server.ts
-var serveStatic;
-try {
-  serveStatic = __require("hono/bun").serveStatic;
-} catch {
-  serveStatic = () => async (_c, next) => next();
-}
-var app = new Hono5();
-app.use("*", logger());
-app.use("/api/*", cors());
-app.use("/api/*", authMiddleware());
-app.get("/health", (c) => {
-  return c.json({ status: "ok", timestamp: (/* @__PURE__ */ new Date()).toISOString() });
-});
-app.post("/api/chat", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.messages || !Array.isArray(body.messages)) {
-      return c.json({ error: "messages array is required" }, 400);
-    }
-    const response = await chat(body.messages, body.systemPrompt);
-    return c.json({
-      content: response.content,
-      usage: {
-        inputTokens: response.inputTokens,
-        outputTokens: response.outputTokens
-      }
-    });
-  } catch (error) {
-    console.error("Chat API error:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.post("/api/chat/tools", requirePermission("chat:tools"), async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.messages || !Array.isArray(body.messages)) {
-      return c.json({ error: "messages array is required" }, 400);
-    }
-    const toolsUsed = [];
-    const response = await chatWithTools(body.messages, body.userId, (tool) => {
-      toolsUsed.push(tool);
-    });
-    return c.json({
-      content: response.content,
-      toolsUsed,
-      usage: {
-        inputTokens: response.inputTokens,
-        outputTokens: response.outputTokens
-      }
-    });
-  } catch (error) {
-    console.error("Chat with tools API error:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.post("/api/ask", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.message) {
-      return c.json({ error: "message is required" }, 400);
-    }
-    const messages2 = [{ role: "user", content: body.message }];
-    const response = body.useTools ? await chatWithTools(messages2) : await chat(messages2, body.systemPrompt);
-    return c.json({
-      content: response.content,
-      toolsUsed: response.toolsUsed,
-      usage: {
-        inputTokens: response.inputTokens,
-        outputTokens: response.outputTokens
-      }
-    });
-  } catch (error) {
-    console.error("Ask API error:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.get("/api/conversations", async (c) => {
-  try {
-    const convos = await db.select().from(conversations).orderBy(desc2(conversations.updatedAt)).limit(50);
-    return c.json(convos);
-  } catch (error) {
-    console.error("Error fetching conversations:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.get("/api/conversations/:id", async (c) => {
-  try {
-    const id = c.req.param("id");
-    const convo = await db.select().from(conversations).where(eq4(conversations.id, id)).limit(1);
-    if (convo.length === 0) {
-      return c.json({ error: "Conversation not found" }, 404);
-    }
-    const msgs = await db.select().from(messages).where(eq4(messages.conversationId, id)).orderBy(messages.createdAt);
-    const decryptedMsgs = msgs.map((m) => {
-      if (m.encrypted && m.content) {
-        try {
-          return { ...m, content: decryptField(m.content) ?? m.content };
-        } catch {
-          return m;
-        }
-      }
-      return m;
-    });
-    return c.json({ conversation: convo[0], messages: decryptedMsgs });
-  } catch (error) {
-    console.error("Error fetching conversation:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.get("/api/memories", async (c) => {
-  try {
-    const userId = c.req.query("userId");
-    const limit = parseInt(c.req.query("limit") || "50");
-    let query = db.select().from(memories).orderBy(desc2(memories.createdAt)).limit(limit);
-    const mems = await query;
-    return c.json(mems);
-  } catch (error) {
-    console.error("Error fetching memories:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.post("/api/memories/search", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.query) {
-      return c.json({ error: "query is required" }, 400);
-    }
-    const results = await searchMemories(body.query, body.userId, body.limit || 5);
-    return c.json(results);
-  } catch (error) {
-    console.error("Error searching memories:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.post("/api/memories", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.content) {
-      return c.json({ error: "content is required" }, 400);
-    }
-    const memory = await storeMemory({
-      content: body.content,
-      type: body.type || "semantic",
-      importance: body.importance || 5,
-      userId: body.userId,
-      source: "api",
-      provenance: "api:manual"
-    });
-    return c.json(memory);
-  } catch (error) {
-    console.error("Error storing memory:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.get("/api/memories/export", async (c) => {
-  try {
-    const userId = c.req.query("userId");
-    const format = c.req.query("format") || "markdown";
-    const exported = await exportMemories(userId || void 0, format);
-    if (format === "json") {
-      return c.json(JSON.parse(exported));
-    }
-    return c.text(exported);
-  } catch (error) {
-    console.error("Error exporting memories:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.get("/api/memories/:id", async (c) => {
-  try {
-    const id = c.req.param("id");
-    const memory = await getMemoryById(id);
-    if (!memory) {
-      return c.json({ error: "Memory not found" }, 404);
-    }
-    return c.json(memory);
-  } catch (error) {
-    console.error("Error fetching memory:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.put("/api/memories/:id", async (c) => {
-  try {
-    const id = c.req.param("id");
-    const body = await c.req.json();
-    const updated = await updateMemory(id, body);
-    if (!updated) {
-      return c.json({ error: "Memory not found or no changes" }, 404);
-    }
-    return c.json(updated);
-  } catch (error) {
-    console.error("Error updating memory:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.delete("/api/memories/:id", requirePermission("memories:delete"), async (c) => {
-  try {
-    const id = c.req.param("id");
-    const deleted = await deleteMemory(id);
-    if (!deleted) {
-      return c.json({ error: "Memory not found" }, 404);
-    }
-    return c.json({ success: true, id });
-  } catch (error) {
-    console.error("Error deleting memory:", error);
-    return c.json({ error: "Internal server error" }, 500);
-  }
-});
-app.get("/api/autonomy", async (c) => {
-  try {
-    const { autonomyManager } = await import("./autonomy-ZXDBDQUJ.js");
-    const userId = c.req.query("userId");
-    return c.json({
-      level: userId ? autonomyManager.getLevel(userId) : autonomyManager.getDefaultLevel(),
-      stats: autonomyManager.getStats()
-    });
-  } catch (error) {
-    return c.json({ error: "Autonomy system not available" }, 500);
-  }
-});
-app.put("/api/autonomy", async (c) => {
-  try {
-    const { autonomyManager } = await import("./autonomy-ZXDBDQUJ.js");
-    const body = await c.req.json();
-    const level = body.level;
-    if (!["readonly", "supervised", "autonomous"].includes(level)) {
-      return c.json({ error: "Invalid level. Must be: readonly, supervised, or autonomous" }, 400);
-    }
-    if (body.userId) {
-      autonomyManager.setLevel(body.userId, level);
-    } else {
-      autonomyManager.setDefaultLevel(level);
-    }
-    return c.json({ success: true, level });
-  } catch (error) {
-    return c.json({ error: "Autonomy system not available" }, 500);
-  }
-});
-app.get("/metrics", async (c) => {
-  try {
-    const { prometheusExporter } = await import("./prometheus-JNT2BD4L.js");
-    const text = prometheusExporter.toTextFormat();
-    return c.text(text, 200, { "Content-Type": "text/plain; version=0.0.4; charset=utf-8" });
-  } catch (error) {
-    return c.text("# Prometheus metrics not available\n", 500);
-  }
-});
-app.get("/api/metrics/prometheus", async (c) => {
-  try {
-    const { prometheusExporter } = await import("./prometheus-JNT2BD4L.js");
-    const text = prometheusExporter.toTextFormat();
-    return c.text(text, 200, { "Content-Type": "text/plain; version=0.0.4; charset=utf-8" });
-  } catch (error) {
-    return c.text("# Prometheus metrics not available\n", 500);
-  }
-});
-app.post("/api/pair", async (c) => {
-  try {
-    const { pairingManager } = await import("./pairing-IFQYCPNS.js");
-    const body = await c.req.json();
-    if (!body.code) {
-      return c.json({ error: "code is required" }, 400);
-    }
-    const result = pairingManager.pair(body.code, body.deviceInfo || "Unknown device");
-    if (!result.success) {
-      return c.json({ error: result.error }, 401);
-    }
-    return c.json({ token: result.token });
-  } catch (error) {
-    return c.json({ error: "Pairing system not available" }, 500);
-  }
-});
-app.get("/api/providers", async (c) => {
-  try {
-    const { providerRegistry } = await import("./providers-J4LYPHDR.js");
-    return c.json({
-      providers: providerRegistry.listProviders(),
-      default: providerRegistry.getDefaultId()
-    });
-  } catch (error) {
-    return c.json({ error: "Provider system not available" }, 500);
-  }
-});
-app.route("/api/osint", osint);
-app.route("/api/email", email);
-app.route("/api/sdk", sdkRoutes);
-app.route("/api/admin", admin_default);
-app.get("/api/incidents", requirePermission("admin:settings"), async (c) => {
-  try {
-    const { getOpenIncidents } = await import("./incident-response-C5J7Q6DT.js");
-    const severity = c.req.query("severity");
-    const type = c.req.query("type");
-    const incidents = await getOpenIncidents({ severity, type, limit: 50 });
-    return c.json(incidents);
-  } catch (error) {
-    return c.json({ error: "Incident system not available" }, 500);
-  }
-});
-app.get("/api/incidents/:id", requirePermission("admin:settings"), async (c) => {
-  try {
-    const { generateIncidentReport } = await import("./incident-response-C5J7Q6DT.js");
-    const id = c.req.param("id");
-    const report = await generateIncidentReport(id);
-    return c.json(report);
-  } catch (error) {
-    return c.json({ error: "Incident not found" }, 404);
-  }
-});
-app.post("/api/incidents/:id/status", requirePermission("admin:settings"), async (c) => {
-  try {
-    const { updateIncidentStatus } = await import("./incident-response-C5J7Q6DT.js");
-    const id = c.req.param("id");
-    const body = await c.req.json();
-    const userId = getAuthUserId(c);
-    const updated = await updateIncidentStatus(id, body.status, userId, body.notes);
-    return c.json(updated);
-  } catch (error) {
-    return c.json({ error: "Failed to update incident" }, 500);
-  }
-});
-app.post("/api/incidents/:id/resolve", requirePermission("admin:settings"), async (c) => {
-  try {
-    const { resolveIncident } = await import("./incident-response-C5J7Q6DT.js");
-    const id = c.req.param("id");
-    const body = await c.req.json();
-    const userId = getAuthUserId(c);
-    const resolved = await resolveIncident(id, body.notes, userId);
-    return c.json(resolved);
-  } catch (error) {
-    return c.json({ error: "Failed to resolve incident" }, 500);
-  }
-});
-app.get("/api/audit/integrity", requirePermission("admin:settings"), async (c) => {
-  try {
-    const { getAuditChainIntegrity: getAuditChainIntegrity2 } = await import("./audit-logger-OBPR7CRO.js");
-    const integrity = await getAuditChainIntegrity2();
-    return c.json(integrity);
-  } catch (error) {
-    return c.json({ error: "Audit system not available" }, 500);
-  }
-});
-app.post("/api/transcribe", async (c) => {
-  try {
-    const formData = await c.req.formData();
-    const audioFile = formData.get("audio");
-    if (!audioFile || !(audioFile instanceof File)) {
-      return c.json({ error: "audio file is required" }, 400);
-    }
-    const buffer = Buffer.from(await audioFile.arrayBuffer());
-    const text = await transcribeAudio(buffer);
-    if (!text) {
-      return c.json({ error: "Could not transcribe audio" }, 500);
-    }
-    return c.json({ text });
-  } catch (error) {
-    console.error("Transcribe API error:", error);
-    return c.json({ error: "Transcription failed" }, 500);
-  }
-});
-app.post("/api/tts", async (c) => {
-  try {
-    const body = await c.req.json();
-    if (!body.text) {
-      return c.json({ error: "text is required" }, 400);
-    }
-    const audioBuffer = await textToSpeech(body.text);
-    if (!audioBuffer) {
-      return c.json({ error: "Text-to-speech failed" }, 500);
-    }
-    return new Response(new Uint8Array(audioBuffer), {
-      headers: {
-        "Content-Type": "audio/mpeg",
-        "Content-Length": String(audioBuffer.length)
-      }
-    });
-  } catch (error) {
-    console.error("TTS API error:", error);
-    return c.json({ error: "TTS failed" }, 500);
-  }
-});
-app.get("/api/system/status", async (c) => {
-  const authHeader = c.req.header("Authorization");
-  if (authHeader?.startsWith("Bearer ")) {
-    return c.json({
-      status: "online",
-      version: "3.0.0",
-      uptime: process.uptime(),
-      memory: process.memoryUsage()
-    });
-  }
-  return c.json({
-    status: "online",
-    version: "3.0.0"
-  });
-});
-app.get("/api/callbacks/spotify", async (c) => {
-  try {
-    const code = c.req.query("code");
-    const error = c.req.query("error");
-    if (error) {
-      return c.html(`<h1>Spotify Authorization Failed</h1><p>Error: ${error}</p><p>Go back and try again.</p>`);
-    }
-    if (!code) {
-      return c.html(`<h1>Missing Authorization Code</h1><p>No code received from Spotify.</p>`);
-    }
-    const { env: appEnv } = await import("./env-IWXUVTCB.js");
-    if (!appEnv.SPOTIFY_CLIENT_ID || !appEnv.SPOTIFY_CLIENT_SECRET) {
-      return c.html(`<h1>Spotify Not Configured</h1><p>Set SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET in .env</p>`);
-    }
-    const { createSpotifyAuth } = await import("./auth-UOX5K2BE.js");
-    const auth = createSpotifyAuth({
-      clientId: appEnv.SPOTIFY_CLIENT_ID,
-      clientSecret: appEnv.SPOTIFY_CLIENT_SECRET,
-      redirectUri: appEnv.SPOTIFY_REDIRECT_URI || `http://localhost:${appEnv.PORT}/api/callbacks/spotify`
-    });
-    const tokens = await auth.exchangeCode(code);
-    return c.html(`
-      <html><body style="font-family: system-ui; max-width: 600px; margin: 40px auto; padding: 20px;">
-        <h1>Spotify Connected!</h1>
-        <p>Add this to your <code>.env</code> file:</p>
-        <pre style="background: #f0f0f0; padding: 16px; border-radius: 8px; word-break: break-all; white-space: pre-wrap;">SPOTIFY_REFRESH_TOKEN=${tokens.refreshToken}</pre>
-        <p>Then restart OpenSentinel. You can close this page.</p>
-      </body></html>
-    `);
-  } catch (err) {
-    console.error("Spotify callback error:", err);
-    return c.html(`<h1>Spotify Auth Error</h1><p>${err instanceof Error ? err.message : String(err)}</p>`);
-  }
-});
-app.get("/api/spotify/authorize", async (c) => {
-  try {
-    const { env: appEnv } = await import("./env-IWXUVTCB.js");
-    if (!appEnv.SPOTIFY_CLIENT_ID || !appEnv.SPOTIFY_CLIENT_SECRET) {
-      return c.json({ error: "Spotify not configured. Set SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET in .env" }, 400);
-    }
-    const { createSpotifyAuth, DEFAULT_SCOPES } = await import("./auth-UOX5K2BE.js");
-    const auth = createSpotifyAuth({
-      clientId: appEnv.SPOTIFY_CLIENT_ID,
-      clientSecret: appEnv.SPOTIFY_CLIENT_SECRET,
-      redirectUri: appEnv.SPOTIFY_REDIRECT_URI || `http://localhost:${appEnv.PORT}/api/callbacks/spotify`
-    });
-    const url = auth.getAuthorizationUrl(DEFAULT_SCOPES, void 0, true);
-    return c.json({ url });
-  } catch (err) {
-    return c.json({ error: err instanceof Error ? err.message : String(err) }, 500);
-  }
-});
-app.use("/*", serveStatic({ root: "./src/web/dist" }));
-app.get("/*", serveStatic({ path: "./src/web/dist/index.html" }));
-
-export {
-  getGatewayToken,
-  timingSafeEqual,
-  app
-};
-//# sourceMappingURL=chunk-O7IH7JTI.js.map