opensentinel 3.6.1 → 3.7.0

package/dist/{chunk-AD6YEH6U.js → chunk-S2EOIVF4.js}

@@ -1,13 +1,24 @@
 import {
   textToSpeech
-} from "./chunk-45YXODSB.js";
+} from "./chunk-J4JW73TT.js";
 import {
   transcribeAudio
-} from "./chunk-4YJRBMMA.js";
+} from "./chunk-BNZHWAZC.js";
 import {
-  getErrorStats,
-  getRecentErrors
-} from "./chunk-7MZN73J2.js";
+  analyzeEmail,
+  listAnalyses,
+  persistAnalysis
+} from "./chunk-SDLOMKCW.js";
+import {
+  extractTextFromDriveItem,
+  getDefaultDrive,
+  getDriveItem,
+  getSite,
+  listDriveChildren,
+  listDriveRoot,
+  listDrives,
+  listSites
+} from "./chunk-66SAOZPU.js";
 import {
   ImapClient,
   SmtpClient,
@@ -20,46 +31,78 @@ import {
   init_imap_client,
   init_smtp_client,
   prioritizeTools
-} from "./chunk-6JY4HNUH.js";
+} from "./chunk-ZMML6T63.js";
 import {
-  decryptField,
   deleteMemory,
   exportMemories,
   getMemoryById,
   searchMemories,
   storeMemory,
   updateMemory
-} from "./chunk-6UZPE35A.js";
+} from "./chunk-QPY3WRVM.js";
+import {
+  getErrorStats,
+  getRecentErrors
+} from "./chunk-TKBVW7ZJ.js";
+import {
+  deleteConnection,
+  getAccessToken,
+  getConnection,
+  saveConnection
+} from "./chunk-6HGMRR4J.js";
+import {
+  decryptField
+} from "./chunk-DTISLIMB.js";
+import {
+  buildAuthorizeUrl,
+  cleanupExpiredStates,
+  consumeState,
+  exchangeCodeForTokens,
+  generateCodeChallenge,
+  generateCodeVerifier,
+  getM365Config,
+  isM365Configured,
+  persistState
+} from "./chunk-3AWAWRWB.js";
+import {
+  getMe,
+  getMessage,
+  listMessages,
+  stripHtml
+} from "./chunk-PBOCSGNL.js";
+import {
+  createLogger
+} from "./chunk-7BNFELEK.js";
 import {
   brainTelemetry
-} from "./chunk-643M3AP5.js";
+} from "./chunk-WMFYI7XC.js";
 import {
   flushMetrics,
   getMetricAggregates,
   getMetricTimeSeries,
   recordMetric
-} from "./chunk-6LTLIYAQ.js";
+} from "./chunk-YEDEAX6Y.js";
 import {
   costTracker
-} from "./chunk-BMOUYXLX.js";
+} from "./chunk-6ZNCY2GI.js";
 import {
   createPublicRecords
-} from "./chunk-A24GPVLY.js";
+} from "./chunk-V3OKHQUX.js";
 import {
   resolveEntity
-} from "./chunk-AR34B6XR.js";
+} from "./chunk-2I5QHYG6.js";
 import {
   audit,
   getAuditChainIntegrity,
   logAudit,
   queryAuditLogs
-} from "./chunk-KABG5PG3.js";
+} from "./chunk-BBN4VCNK.js";
 import {
   db
-} from "./chunk-S4NJJS5C.js";
+} from "./chunk-5BTVJR7R.js";
 import {
   env
-} from "./chunk-PUNIMPMY.js";
+} from "./chunk-4KIHDIXZ.js";
 import {
   apiKeys,
   conversations,
@@ -68,13 +111,13 @@ import {
   memories,
   messages,
   sessions
-} from "./chunk-NYVBXUGD.js";
+} from "./chunk-ZIBRVA3Y.js";
 import {
   __require
 } from "./chunk-UP2VWCW5.js";
 
 // src/inputs/api/server.ts
-import { Hono as Hono14 } from "hono";
+import { Hono as Hono15 } from "hono";
 import { cors } from "hono/cors";
 import { logger } from "hono/logger";
 import { desc as desc2, eq as eq4 } from "drizzle-orm";
@@ -171,7 +214,17 @@ function timingSafeEqual(a, b) {
 }
 
 // src/core/security/auth-middleware.ts
-var PUBLIC_ROUTES = ["/health", "/api/system/status", "/api/pair", "/api/sdk/register"];
+var PUBLIC_ROUTES = [
+  "/health",
+  "/api/system/status",
+  "/api/pair",
+  "/api/sdk/register",
+  // M365 OAuth endpoints — user is unauthenticated during login + callback.
+  "/api/m365/auth/login",
+  "/api/m365/auth/callback",
+  // Legacy Entra redirect URI (aliased to /api/m365/auth/callback).
+  "/api/callbacks/outlook"
+];
 var SDK_PREFIX = "/api/sdk/";
 function authMiddleware() {
   return async (c, next) => {
@@ -561,7 +614,7 @@ osint.post("/enrich", async (c) => {
       requestId: `osint-enrich-${enrichStart}`,
       data: { toolName: "osint_enrich", entityId: body.entityId, entityName, sources: body.sources, depth: body.depth ?? 1 }
     });
-    const { enrichEntity } = await import("./enrichment-pipeline-CMUVBDC7.js");
+    const { enrichEntity } = await import("./enrichment-pipeline-7FE5R5ZI.js");
     const result = await enrichEntity(body.entityId, body.sources, body.depth ?? 1);
     const enrichLatency = Date.now() - enrichStart;
     brainTelemetry.emitEvent({
@@ -670,7 +723,7 @@ osint.get("/financial-flow", async (c) => {
 osint.get("/duplicates", async (c) => {
   try {
     const threshold = parseFloat(c.req.query("threshold") || "0.85");
-    const { findDuplicates } = await import("./entity-resolution-4X4JU43O.js");
+    const { findDuplicates } = await import("./entity-resolution-7Z6STVXX.js");
     const duplicates = await findDuplicates(threshold);
     return c.json({ duplicates, total: duplicates.length });
   } catch (error) {
@@ -821,6 +874,17 @@ email.use("*", async (c, next) => {
   }
   await next();
 });
+email.get("/accounts", async (c) => {
+  const accounts = [];
+  if (env.EMAIL_USER) accounts.push(env.EMAIL_USER);
+  const extra = process.env.EMAIL_ACCOUNTS;
+  if (extra) {
+    for (const addr of extra.split(",").map((a) => a.trim()).filter(Boolean)) {
+      if (!accounts.includes(addr)) accounts.push(addr);
+    }
+  }
+  return c.json({ accounts });
+});
 email.get("/folders", async (c) => {
   const emailAddress = c.req.query("email_address");
   if (!emailAddress) {
@@ -1211,7 +1275,7 @@ sdkRoutes.post("/chat", async (c) => {
     }
     messages2.push({ role: "user", content: body.message });
     const toolsUsed = [];
-    const response = body.useTools !== false ? await chatWithTools(messages2, `sdk:${app2.id}`, (tool) => toolsUsed.push(tool), { appType: app2.type }) : await (await import("./brain-SLA474EU.js")).chat(messages2, body.systemPrompt);
+    const response = body.useTools !== false ? await chatWithTools(messages2, `sdk:${app2.id}`, (tool) => toolsUsed.push(tool), { appType: app2.type }) : await (await import("./brain-6QTXN4QP.js")).chat(messages2, body.systemPrompt);
     await storeMemory({
       content: `[${app2.name}] User asked: ${body.message.slice(0, 200)}`,
       type: "episodic",
@@ -1257,7 +1321,7 @@ sdkRoutes.post("/notify", async (c) => {
             break;
           }
           case "discord": {
-            const { createDiscordBot } = await import("./discord-NKR3X4AV.js");
+            const { createDiscordBot } = await import("./discord-6UQHCN27.js");
             const discord = createDiscordBot({
               token: env.DISCORD_BOT_TOKEN || "",
               clientId: env.DISCORD_CLIENT_ID || ""
@@ -1269,7 +1333,7 @@ sdkRoutes.post("/notify", async (c) => {
             break;
           }
           case "slack": {
-            const { createSlackBot } = await import("./slack-P2LFUJUQ.js");
+            const { createSlackBot } = await import("./slack-KSS6YK5Z.js");
             const slack = createSlackBot({
               token: env.SLACK_BOT_TOKEN || "",
               signingSecret: env.SLACK_SIGNING_SECRET || ""
@@ -1281,7 +1345,7 @@ sdkRoutes.post("/notify", async (c) => {
             break;
           }
           case "email": {
-            const { SmtpClient: SmtpClient2 } = await import("./email-EAQNULVD.js");
+            const { SmtpClient: SmtpClient2 } = await import("./email-6OIN4SYL.js");
             const smtp = new SmtpClient2({
               host: env.EMAIL_SMTP_HOST || "localhost",
               port: env.EMAIL_SMTP_PORT || 587,
@@ -1591,7 +1655,7 @@ brainRouter.get("/scores", async (c) => {
 brainRouter.get("/agents", async (c) => {
   const userId = c.req.query("userId");
   try {
-    const { getUserAgents, getAllAgents } = await import("./agent-manager-7N7REQZQ.js");
+    const { getUserAgents, getAllAgents } = await import("./agent-manager-JZ4IM7XI.js");
     const agents = userId ? await getUserAgents(userId, void 0, 20) : await getAllAgents(void 0, 50);
     return c.json(agents);
   } catch {
@@ -1610,7 +1674,11 @@ brainRouter.get("/memory-graph", async (c) => {
   const entityId = c.req.query("entityId");
   const limit = parseInt(c.req.query("limit") || "50");
   try {
-    const memories2 = await searchMemories("", void 0, limit);
+    let memories2 = [];
+    try {
+      memories2 = await searchMemories("*", void 0, limit);
+    } catch {
+    }
     const nodes = [];
     const edges = [];
     for (const mem of memories2) {
@@ -1626,8 +1694,8 @@ brainRouter.get("/memory-graph", async (c) => {
     }
     if (entityId) {
       try {
-        const { db: db2 } = await import("./db-LRIOKQBO.js");
-        const { graphEntities: graphEntities2 } = await import("./schema-ALJ67YVG.js");
+        const { db: db2 } = await import("./db-I7MNG6CL.js");
+        const { graphEntities: graphEntities2 } = await import("./schema-ETY7L2VA.js");
         const { eq: eq5 } = await import("drizzle-orm");
         const [entity] = await db2.select().from(graphEntities2).where(eq5(graphEntities2.id, entityId)).limit(1);
         if (entity) {
@@ -1706,13 +1774,13 @@ brainRouter.post("/agents/spawn", async (c) => {
     if (!type || !objective) {
       return c.json({ error: "type and objective are required" }, 400);
     }
-    const { db: db2 } = await import("./db-LRIOKQBO.js");
-    const { users: users2 } = await import("./schema-ALJ67YVG.js");
+    const { db: db2 } = await import("./db-I7MNG6CL.js");
+    const { users: users2 } = await import("./schema-ETY7L2VA.js");
     let systemUser = await db2.select().from(users2).limit(1);
     if (systemUser.length === 0) {
       systemUser = await db2.insert(users2).values({ name: "Dashboard" }).returning();
     }
-    const { spawnAgent } = await import("./agent-manager-7N7REQZQ.js");
+    const { spawnAgent } = await import("./agent-manager-JZ4IM7XI.js");
     const agent = await spawnAgent({
       type,
       objective,
@@ -1725,8 +1793,8 @@ brainRouter.post("/agents/spawn", async (c) => {
 });
 brainRouter.post("/agents/seed", async (c) => {
   try {
-    const { db: db2 } = await import("./db-LRIOKQBO.js");
-    const { subAgents, agentProgress, users: users2 } = await import("./schema-ALJ67YVG.js");
+    const { db: db2 } = await import("./db-I7MNG6CL.js");
+    const { subAgents, agentProgress, users: users2 } = await import("./schema-ETY7L2VA.js");
     let systemUser = await db2.select().from(users2).limit(1);
     if (systemUser.length === 0) {
       systemUser = await db2.insert(users2).values({
@@ -1856,8 +1924,8 @@ brainRouter.post("/agents/seed", async (c) => {
 });
 brainRouter.delete("/agents/history", async (c) => {
   try {
-    const { db: db2 } = await import("./db-LRIOKQBO.js");
-    const { subAgents } = await import("./schema-ALJ67YVG.js");
+    const { db: db2 } = await import("./db-I7MNG6CL.js");
+    const { subAgents } = await import("./schema-ETY7L2VA.js");
     const { inArray } = await import("drizzle-orm");
     await db2.delete(subAgents).where(inArray(subAgents.status, ["completed", "failed", "cancelled"]));
     return c.json({ success: true });
@@ -1876,7 +1944,7 @@ import { Hono as Hono6 } from "hono";
 var schedulerRouter = new Hono6();
 schedulerRouter.get("/jobs", async (c) => {
   try {
-    const { taskQueue, maintenanceQueue } = await import("./scheduler-CA5UNHZV.js");
+    const { taskQueue, maintenanceQueue } = await import("./scheduler-6PLLAQI7.js");
     const [taskJobs, maintenanceJobs] = await Promise.allSettled([
       taskQueue?.getRepeatableJobs?.() ?? Promise.resolve([]),
       maintenanceQueue?.getRepeatableJobs?.() ?? Promise.resolve([])
@@ -1892,7 +1960,7 @@ schedulerRouter.get("/jobs", async (c) => {
 });
 schedulerRouter.get("/stats", async (c) => {
   try {
-    const { getQueueStats } = await import("./scheduler-CA5UNHZV.js");
+    const { getQueueStats } = await import("./scheduler-6PLLAQI7.js");
     const stats = await getQueueStats();
     return c.json(stats);
   } catch (error) {
@@ -1905,7 +1973,7 @@ schedulerRouter.post("/jobs", async (c) => {
     if (!name || !pattern) {
       return c.json({ error: "name and pattern are required" }, 400);
     }
-    const { scheduleRecurring } = await import("./scheduler-CA5UNHZV.js");
+    const { scheduleRecurring } = await import("./scheduler-6PLLAQI7.js");
     await scheduleRecurring(name, task || { type: "custom", name }, pattern);
     return c.json({ success: true }, 201);
   } catch (error) {
@@ -1915,7 +1983,7 @@ schedulerRouter.post("/jobs", async (c) => {
 schedulerRouter.delete("/jobs/:key", async (c) => {
   try {
     const key = decodeURIComponent(c.req.param("key"));
-    const { taskQueue } = await import("./scheduler-CA5UNHZV.js");
+    const { taskQueue } = await import("./scheduler-6PLLAQI7.js");
     await taskQueue.removeRepeatableByKey(key);
     return c.json({ success: true });
   } catch (error) {
@@ -1929,7 +1997,7 @@ schedulerRouter.put("/jobs/:key", async (c) => {
     if (!pattern) {
       return c.json({ error: "pattern is required" }, 400);
     }
-    const { taskQueue, scheduleRecurring } = await import("./scheduler-CA5UNHZV.js");
+    const { taskQueue, scheduleRecurring } = await import("./scheduler-6PLLAQI7.js");
     await taskQueue.removeRepeatableByKey(key);
     const jobName = name || key.split(":::")[0] || "custom-job";
     await scheduleRecurring(jobName, task || { type: "custom", name: jobName }, pattern);
@@ -1945,7 +2013,7 @@ import { Hono as Hono7 } from "hono";
 var alertsRouter = new Hono7();
 alertsRouter.get("/", async (c) => {
   try {
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     await alerting.loadAlertHistoryFromDb?.();
     const active = alerting.getActiveAlerts?.() ?? [];
     const history = alerting.getAlertHistory?.(50) ?? [];
@@ -1958,7 +2026,7 @@ alertsRouter.post("/:id/acknowledge", async (c) => {
   try {
     const id = c.req.param("id");
     const { by } = await c.req.json();
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     alerting.acknowledgeAlert?.(id, by || "web-user");
     return c.json({ success: true });
   } catch {
@@ -1969,7 +2037,7 @@ alertsRouter.post("/:id/resolve", async (c) => {
   try {
     const id = c.req.param("id");
     const { by } = await c.req.json();
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     alerting.resolveAlert?.(id, by || "web-user");
     return c.json({ success: true });
   } catch {
@@ -1978,7 +2046,7 @@ alertsRouter.post("/:id/resolve", async (c) => {
 });
 alertsRouter.get("/rules", async (c) => {
   try {
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     let rules = alerting.getAlertRules?.() ?? [];
     if (rules.length === 0 && alerting.initializeDefaultRules) {
       alerting.initializeDefaultRules();
@@ -1991,7 +2059,7 @@ alertsRouter.get("/rules", async (c) => {
 });
 alertsRouter.delete("/history", async (c) => {
   try {
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     alerting.clearAlertHistory?.();
     return c.json({ success: true });
   } catch {
@@ -2001,7 +2069,7 @@ alertsRouter.delete("/history", async (c) => {
 alertsRouter.post("/rules", async (c) => {
   try {
     const rule = await c.req.json();
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     alerting.addAlertRule?.(rule);
     return c.json({ success: true }, 201);
   } catch {
@@ -2011,7 +2079,7 @@ alertsRouter.post("/rules", async (c) => {
 alertsRouter.delete("/rules/:id", async (c) => {
   try {
     const id = c.req.param("id");
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     const removed = alerting.removeAlertRule?.(id);
     if (!removed) {
       return c.json({ error: "Rule not found" }, 404);
@@ -2025,7 +2093,7 @@ alertsRouter.put("/rules/:id", async (c) => {
   try {
     const id = c.req.param("id");
     const updates = await c.req.json();
-    const alerting = await import("./alerting-4I37GG4U.js");
+    const alerting = await import("./alerting-LK7VVYTX.js");
     const rules = alerting.getAlertRules?.() ?? [];
     const existing = rules.find((r) => r.id === id);
     if (!existing) {
@@ -2046,7 +2114,7 @@ import { v4 as uuidv4 } from "uuid";
 var webhooksRouter = new Hono8();
 webhooksRouter.get("/", async (c) => {
   try {
-    const { WorkflowStore } = await import("./workflow-store-ZYAYE5P6.js");
+    const { WorkflowStore } = await import("./workflow-store-5Y56GUP7.js");
     const store = new WorkflowStore();
     const workflows = await store.getAllWorkflows();
     const results = workflows.map((w) => ({
@@ -2076,7 +2144,7 @@ webhooksRouter.post("/", async (c) => {
     if (!body.name) {
       return c.json({ error: "name is required" }, 400);
     }
-    const { WorkflowStore } = await import("./workflow-store-ZYAYE5P6.js");
+    const { WorkflowStore } = await import("./workflow-store-5Y56GUP7.js");
     const store = new WorkflowStore();
     const now = /* @__PURE__ */ new Date();
     const workflow = await store.createWorkflow({
@@ -2102,7 +2170,7 @@ webhooksRouter.post("/", async (c) => {
 webhooksRouter.put("/:id/toggle", async (c) => {
   try {
     const id = c.req.param("id");
-    const { WorkflowStore } = await import("./workflow-store-ZYAYE5P6.js");
+    const { WorkflowStore } = await import("./workflow-store-5Y56GUP7.js");
     const store = new WorkflowStore();
     const workflow = await store.getWorkflow(id);
     if (!workflow) return c.json({ error: "Workflow not found" }, 404);
@@ -2116,7 +2184,7 @@ webhooksRouter.put("/:id/toggle", async (c) => {
 webhooksRouter.delete("/:id", async (c) => {
   try {
     const id = c.req.param("id");
-    const { WorkflowStore } = await import("./workflow-store-ZYAYE5P6.js");
+    const { WorkflowStore } = await import("./workflow-store-5Y56GUP7.js");
     const store = new WorkflowStore();
     await store.deleteWorkflow(id);
     return c.json({ success: true });
@@ -2128,7 +2196,7 @@ webhooksRouter.put("/:id", async (c) => {
   try {
     const id = c.req.param("id");
     const body = await c.req.json();
-    const { WorkflowStore } = await import("./workflow-store-ZYAYE5P6.js");
+    const { WorkflowStore } = await import("./workflow-store-5Y56GUP7.js");
     const store = new WorkflowStore();
     const workflow = await store.getWorkflow(id);
     if (!workflow) return c.json({ error: "Workflow not found" }, 404);
@@ -2154,7 +2222,7 @@ webhooksRouter.put("/:id", async (c) => {
 });
 webhooksRouter.post("/seed", async (c) => {
   try {
-    const { WorkflowStore } = await import("./workflow-store-ZYAYE5P6.js");
+    const { WorkflowStore } = await import("./workflow-store-5Y56GUP7.js");
     const store = new WorkflowStore();
     const now = /* @__PURE__ */ new Date();
     const defaults = [
@@ -2250,11 +2318,11 @@ import { Hono as Hono9 } from "hono";
 var githubRouter = new Hono9();
 githubRouter.get("/repos", async (c) => {
   try {
-    const { env: env2 } = await import("./env-CHOFICED.js");
+    const { env: env2 } = await import("./env-GN5VHI43.js");
     if (!env2.GITHUB_TOKEN) {
       return c.json({ error: "GITHUB_TOKEN not configured" }, 400);
     }
-    const github = await import("./github-KGNILDWJ.js");
+    const github = await import("./github-DUWSXCNP.js");
     const repos = await github.listRepositories();
     return c.json(repos);
   } catch (error) {
@@ -2263,13 +2331,13 @@ githubRouter.get("/repos", async (c) => {
 });
 githubRouter.get("/issues", async (c) => {
   try {
-    const { env: env2 } = await import("./env-CHOFICED.js");
+    const { env: env2 } = await import("./env-GN5VHI43.js");
     if (!env2.GITHUB_TOKEN) {
       return c.json({ error: "GITHUB_TOKEN not configured" }, 400);
     }
     const repo = c.req.query("repo");
     const state = c.req.query("state") || "open";
-    const github = await import("./github-KGNILDWJ.js");
+    const github = await import("./github-DUWSXCNP.js");
     if (repo) {
       const [owner, name] = repo.split("/");
       const issues2 = await github.listIssues(owner, name, { state });
@@ -2283,13 +2351,13 @@ githubRouter.get("/issues", async (c) => {
 });
 githubRouter.get("/prs", async (c) => {
   try {
-    const { env: env2 } = await import("./env-CHOFICED.js");
+    const { env: env2 } = await import("./env-GN5VHI43.js");
     if (!env2.GITHUB_TOKEN) {
       return c.json({ error: "GITHUB_TOKEN not configured" }, 400);
     }
     const repo = c.req.query("repo");
     const state = c.req.query("state") || "open";
-    const github = await import("./github-KGNILDWJ.js");
+    const github = await import("./github-DUWSXCNP.js");
     if (repo) {
       const [owner, name] = repo.split("/");
       const prs2 = await github.listPullRequests(owner, name, { state });
@@ -2462,7 +2530,7 @@ import { Hono as Hono11 } from "hono";
 var mcpRouter = new Hono11();
 mcpRouter.get("/servers", async (c) => {
   try {
-    const { getMCPRegistry } = await import("./tools-FGPN522P.js");
+    const { getMCPRegistry } = await import("./tools-PJZ6RI4P.js");
     const registry = getMCPRegistry();
     if (!registry) {
       return c.json({ enabled: false, servers: [], connectedCount: 0, totalToolCount: 0 });
@@ -2497,7 +2565,7 @@ mcpRouter.get("/servers", async (c) => {
 });
 mcpRouter.post("/servers/:id/refresh", async (c) => {
   try {
-    const { getMCPRegistry } = await import("./tools-FGPN522P.js");
+    const { getMCPRegistry } = await import("./tools-PJZ6RI4P.js");
     const registry = getMCPRegistry();
     if (!registry) return c.json({ error: "MCP not initialized" }, 500);
     await registry.refreshAllTools();
@@ -2604,7 +2672,7 @@ function updateEnvFile(updates) {
 }
 botsRouter.get("/status", async (c) => {
   try {
-    const { env: env2 } = await import("./env-CHOFICED.js");
+    const { env: env2 } = await import("./env-GN5VHI43.js");
     const bots = [
       {
         id: "telegram",
@@ -2737,12 +2805,434 @@ botsRouter.put("/:id/config", async (c) => {
 });
 var bots_default = botsRouter;
 
-// src/inputs/api/routes/users.ts
+// src/inputs/api/routes/m365.ts
 import { Hono as Hono13 } from "hono";
-var usersRouter = new Hono13();
+import { randomBytes as randomBytes3 } from "crypto";
+
+// src/core/security/rate-limiter-enhanced.ts
+var tokenBuckets = /* @__PURE__ */ new Map();
+var cleanup = setInterval(() => {
+  const now = Date.now();
+  for (const [key, bucket] of tokenBuckets) {
+    if (now - bucket.lastRefill > 5 * 60 * 1e3) {
+      tokenBuckets.delete(key);
+    }
+  }
+}, 5 * 60 * 1e3);
+if (cleanup.unref) cleanup.unref();
+function rateLimit(key, maxTokens, refillRate, tokensToConsume = 1) {
+  const now = Date.now();
+  let bucket = tokenBuckets.get(key);
+  if (!bucket) {
+    bucket = { tokens: maxTokens, lastRefill: now };
+    tokenBuckets.set(key, bucket);
+  }
+  const elapsed = (now - bucket.lastRefill) / 1e3;
+  bucket.tokens = Math.min(maxTokens, bucket.tokens + elapsed * refillRate);
+  bucket.lastRefill = now;
+  if (bucket.tokens >= tokensToConsume) {
+    bucket.tokens -= tokensToConsume;
+    return { success: true, remaining: Math.floor(bucket.tokens) };
+  }
+  const retryAfter = Math.ceil(
+    (tokensToConsume - bucket.tokens) / refillRate
+  );
+  return { success: false, retryAfter, remaining: 0 };
+}
+
+// src/inputs/api/routes/m365.ts
+var log = createLogger("api:m365");
+var m365 = new Hono13();
+function currentUserKey(c) {
+  const id = getAuthUserId(c);
+  return id || "local";
+}
+function configGuard(c) {
+  if (!isM365Configured()) {
+    return c.json(
+      {
+        error: "M365 not configured. Set M365_CLIENT_ID, M365_CLIENT_SECRET (and optionally M365_TENANT_ID, M365_REDIRECT_URI) in .env.",
+        configured: false
+      },
+      503
+    );
+  }
+  return null;
+}
+m365.get("/status", async (c) => {
+  const configured = isM365Configured();
+  const userKey = currentUserKey(c);
+  const conn = configured ? await getConnection(userKey) : null;
+  return c.json({
+    configured,
+    connected: !!conn,
+    userKey,
+    connection: conn ? {
+      email: conn.email,
+      displayName: conn.displayName,
+      microsoftUserId: conn.microsoftUserId,
+      scope: conn.scope,
+      expiresAt: conn.expiresAt.toISOString(),
+      createdAt: conn.createdAt.toISOString(),
+      updatedAt: conn.updatedAt.toISOString()
+    } : null
+  });
+});
+m365.get("/auth/login", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const config = getM365Config();
+  cleanupExpiredStates().catch(() => {
+  });
+  const state = randomBytes3(24).toString("hex");
+  const verifier = generateCodeVerifier();
+  const challenge = generateCodeChallenge(verifier);
+  const userKey = currentUserKey(c);
+  const returnTo = c.req.query("returnTo") || void 0;
+  await persistState({ state, codeVerifier: verifier, userKey, returnTo });
+  const url = buildAuthorizeUrl(config, { state, codeChallenge: challenge });
+  log.info("oauth login initiated", { userKey });
+  if (c.req.query("format") === "json") {
+    return c.json({ url, state });
+  }
+  return c.redirect(url);
+});
+m365.get("/auth/callback", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const config = getM365Config();
+  const error = c.req.query("error");
+  if (error) {
+    return c.html(
+      renderCallbackPage({
+        ok: false,
+        title: "Microsoft sign-in failed",
+        body: `${error}: ${c.req.query("error_description") || ""}`
+      })
+    );
+  }
+  const code = c.req.query("code");
+  const state = c.req.query("state");
+  if (!code || !state) {
+    return c.json({ error: "Missing code or state" }, 400);
+  }
+  const saved = await consumeState(state);
+  if (!saved) {
+    log.warn("callback rejected: unknown or expired state");
+    return c.json({ error: "Invalid or expired state \u2014 start the login flow again." }, 400);
+  }
+  try {
+    const tokens = await exchangeCodeForTokens(config, code, saved.codeVerifier);
+    const me = await getMe(tokens.accessToken);
+    const userKey = saved.userKey || me.mail || me.userPrincipalName || me.id;
+    await saveConnection({
+      userKey,
+      tokens,
+      email: me.mail || me.userPrincipalName,
+      displayName: me.displayName,
+      microsoftUserId: me.id
+    });
+    log.info("oauth callback success", { userKey });
+    if (saved.returnTo) {
+      return c.redirect(saved.returnTo);
+    }
+    return c.html(
+      renderCallbackPage({
+        ok: true,
+        title: "Microsoft 365 connected",
+        body: `Signed in as ${escapeHtml(me.displayName || me.userPrincipalName || me.id)}. You can close this tab.`
+      })
+    );
+  } catch (err) {
+    log.error("oauth callback failed", {
+      error: err instanceof Error ? err.message : String(err)
+    });
+    return c.html(
+      renderCallbackPage({
+        ok: false,
+        title: "Microsoft 365 connection failed",
+        body: err instanceof Error ? err.message : "Unknown error"
+      })
+    );
+  }
+});
+m365.post("/auth/logout", async (c) => {
+  const userKey = currentUserKey(c);
+  await deleteConnection(userKey);
+  return c.json({ success: true });
+});
+m365.get("/profile", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  try {
+    const token = await getAccessToken(userKey);
+    const me = await getMe(token);
+    return c.json(me);
+  } catch (err) {
+    return c.json({ error: err instanceof Error ? err.message : "Failed" }, 401);
+  }
+});
+m365.get("/messages", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  const top = parseInt(c.req.query("top") || "20", 10);
+  const folder = c.req.query("folder") || "inbox";
+  const unreadOnly = c.req.query("unreadOnly") === "true";
+  const search = c.req.query("search") || void 0;
+  try {
+    const token = await getAccessToken(userKey);
+    const result = await listMessages(token, { top, folder, unreadOnly, search });
+    return c.json(result);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : "Failed";
+    const status = msg.includes("No M365 connection") ? 401 : 500;
+    return c.json({ error: msg }, status);
+  }
+});
+m365.post("/analyze-email", async (c) => {
+  const guard = configGuard(c);
+  const userKey = currentUserKey(c);
+  const limit = rateLimit(
+    `m365:analyze:${userKey}`,
+    env.M365_ANALYZE_RATE_LIMIT,
+    env.M365_ANALYZE_RATE_REFILL
+  );
+  if (!limit.success) {
+    return c.json(
+      { error: "Rate limit exceeded", retryAfter: limit.retryAfter },
+      429
+    );
+  }
+  const body = await c.req.json();
+  let input = null;
+  let inputId = body.graphMessageId;
+  if (body.graphMessageId) {
+    if (guard) return guard;
+    try {
+      const token = await getAccessToken(userKey);
+      const msg = await getMessage(token, body.graphMessageId);
+      const bodyText = msg.body?.contentType === "html" ? stripHtml(msg.body.content || "") : msg.body?.content || msg.bodyPreview || "";
+      input = {
+        subject: msg.subject || "(no subject)",
+        sender: msg.from?.emailAddress?.address || "unknown",
+        body: bodyText
+      };
+    } catch (err) {
+      return c.json(
+        { error: err instanceof Error ? err.message : "Failed to load message" },
+        500
+      );
+    }
+  } else {
+    if (!body.subject || !body.sender) {
+      return c.json({ error: "Either graphMessageId or {subject, sender} is required" }, 400);
+    }
+    input = {
+      subject: String(body.subject),
+      sender: String(body.sender),
+      body: body.body ? String(body.body) : void 0
+    };
+  }
+  const result = await analyzeEmail(input);
+  let id;
+  try {
+    id = await persistAnalysis({
+      userKey,
+      input,
+      inputId,
+      inputType: "email",
+      result
+    });
+  } catch (err) {
+    log.warn("persistAnalysis failed \u2014 returning result anyway", {
+      error: err instanceof Error ? err.message : String(err)
+    });
+  }
+  return c.json({ ...result, id });
+});
+m365.get("/analyses", async (c) => {
+  const userKey = currentUserKey(c);
+  const limit = Math.max(1, Math.min(parseInt(c.req.query("limit") || "50", 10), 200));
+  const rows = await listAnalyses(userKey, limit);
+  return c.json({ results: rows });
+});
+m365.get("/sharepoint/sites", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  const search = c.req.query("search") || void 0;
+  const top = parseInt(c.req.query("top") || "50", 10);
+  try {
+    const token = await getAccessToken(userKey);
+    const sites = await listSites(token, { search, top });
+    return c.json({ sites });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : "Failed";
+    const status = msg.includes("No M365 connection") ? 401 : 500;
+    return c.json({ error: msg }, status);
+  }
+});
+m365.get("/sharepoint/sites/:siteId", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  try {
+    const token = await getAccessToken(userKey);
+    const site = await getSite(token, c.req.param("siteId"));
+    return c.json(site);
+  } catch (err) {
+    return c.json({ error: err instanceof Error ? err.message : "Failed" }, 500);
+  }
+});
+m365.get("/sharepoint/sites/:siteId/drives", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  try {
+    const token = await getAccessToken(userKey);
+    const drives = await listDrives(token, c.req.param("siteId"));
+    return c.json({ drives });
+  } catch (err) {
+    return c.json({ error: err instanceof Error ? err.message : "Failed" }, 500);
+  }
+});
+m365.get("/sharepoint/sites/:siteId/files", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  const search = c.req.query("search") || void 0;
+  const top = parseInt(c.req.query("top") || "50", 10);
+  try {
+    const token = await getAccessToken(userKey);
+    const drive = await getDefaultDrive(token, c.req.param("siteId"));
+    const items = await listDriveRoot(token, drive.id, { search, top });
+    return c.json({ drive, items });
+  } catch (err) {
+    return c.json({ error: err instanceof Error ? err.message : "Failed" }, 500);
+  }
+});
+m365.get("/sharepoint/drives/:driveId/children/:itemId", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  const top = parseInt(c.req.query("top") || "50", 10);
+  try {
+    const token = await getAccessToken(userKey);
+    const items = await listDriveChildren(
+      token,
+      c.req.param("driveId"),
+      c.req.param("itemId"),
+      { top }
+    );
+    return c.json({ items });
+  } catch (err) {
+    return c.json({ error: err instanceof Error ? err.message : "Failed" }, 500);
+  }
+});
+m365.get("/sharepoint/drives/:driveId/items/:itemId", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  try {
+    const token = await getAccessToken(userKey);
+    const item = await getDriveItem(token, c.req.param("driveId"), c.req.param("itemId"));
+    return c.json(item);
+  } catch (err) {
+    return c.json({ error: err instanceof Error ? err.message : "Failed" }, 500);
+  }
+});
+m365.post("/sharepoint/analyze", async (c) => {
+  const guard = configGuard(c);
+  if (guard) return guard;
+  const userKey = currentUserKey(c);
+  const rl = rateLimit(
+    `m365:analyze:${userKey}`,
+    env.M365_ANALYZE_RATE_LIMIT,
+    env.M365_ANALYZE_RATE_REFILL
+  );
+  if (!rl.success) {
+    return c.json({ error: "Rate limit exceeded", retryAfter: rl.retryAfter }, 429);
+  }
+  const body = await c.req.json();
+  if (!body.driveId || !body.itemId) {
+    return c.json({ error: "driveId and itemId are required" }, 400);
+  }
+  try {
+    const token = await getAccessToken(userKey);
+    const item = await getDriveItem(token, body.driveId, body.itemId);
+    const extracted = await extractTextFromDriveItem(token, body.driveId, body.itemId, item);
+    if (!extracted.text || extracted.text.trim().length === 0) {
+      return c.json({
+        error: `No text could be extracted (source: ${extracted.extractedFrom})`,
+        extractedFrom: extracted.extractedFrom,
+        byteLength: extracted.byteLength
+      }, 422);
+    }
+    const analysisInput = {
+      subject: item.name || "(unnamed file)",
+      sender: item.parentReference?.path || "sharepoint",
+      body: extracted.text.slice(0, 16e3)
+      // cap to keep LLM bill sane
+    };
+    const result = await analyzeEmail(analysisInput);
+    let id;
+    try {
+      id = await persistAnalysis({
+        userKey,
+        input: analysisInput,
+        inputId: `${body.driveId}:${body.itemId}`,
+        inputType: "file",
+        result
+      });
+    } catch (err) {
+      log.warn("persistAnalysis failed", {
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+    return c.json({
+      ...result,
+      id,
+      file: { name: item.name, size: item.size, webUrl: item.webUrl, mimeType: item.file?.mimeType },
+      extractedFrom: extracted.extractedFrom,
+      byteLength: extracted.byteLength,
+      textLength: extracted.text.length
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : "Failed";
+    return c.json({ error: msg }, 500);
+  }
+});
+function escapeHtml(s) {
+  return s.replace(
+    /[&<>"']/g,
+    (c) => ({ "&": "&amp;", "<": "&lt;", ">": "&gt;", '"': "&quot;", "'": "&#39;" })[c]
+  );
+}
+function renderCallbackPage(opts) {
+  const color = opts.ok ? "#10b981" : "#ef4444";
+  return `<!doctype html><html><head><meta charset="utf-8"><title>${escapeHtml(opts.title)}</title>
+<style>
+body{font-family:system-ui,-apple-system,Segoe UI,Arial,sans-serif;max-width:640px;margin:40px auto;padding:24px;color:#e5e7eb;background:#0b0f17}
+h1{color:${color};margin-top:0}
+.card{background:#111827;border:1px solid #1f2937;border-radius:10px;padding:20px}
+.btn{display:inline-block;margin-top:16px;padding:10px 18px;background:#10b981;color:#fff;text-decoration:none;border-radius:6px;font-weight:600}
+.btn:hover{background:#059669}
+</style></head><body>
+<div class="card">
+<h1>${escapeHtml(opts.title)}</h1>
+<p>${escapeHtml(opts.body)}</p>
+<a class="btn" href="/">Go Back to Dashboard</a>
+</div></body></html>`;
+}
+
+// src/inputs/api/routes/users.ts
+import { Hono as Hono14 } from "hono";
+var usersRouter = new Hono14();
 usersRouter.get("/", async (c) => {
   try {
-    const { searchUsers } = await import("./multi-user-S56GUD6L.js");
+    const { searchUsers } = await import("./multi-user-XAEMB244.js");
     const users2 = await searchUsers({});
     return c.json(users2);
   } catch {
@@ -2755,7 +3245,7 @@ usersRouter.post("/", async (c) => {
     if (!email2) {
       return c.json({ error: "email is required" }, 400);
     }
-    const { createUser } = await import("./multi-user-S56GUD6L.js");
+    const { createUser } = await import("./multi-user-XAEMB244.js");
     const user = await createUser({
       email: email2,
       name: name || "",
@@ -2771,16 +3261,16 @@ usersRouter.put("/:id", async (c) => {
     const id = c.req.param("id");
     const updates = await c.req.json();
     if (updates.status === "suspended") {
-      const { suspendUser } = await import("./multi-user-S56GUD6L.js");
+      const { suspendUser } = await import("./multi-user-XAEMB244.js");
       await suspendUser(id, "Suspended via dashboard");
       return c.json({ success: true });
     }
     if (updates.status === "active") {
-      const { reactivateUser } = await import("./multi-user-S56GUD6L.js");
+      const { reactivateUser } = await import("./multi-user-XAEMB244.js");
       await reactivateUser(id);
       return c.json({ success: true });
     }
-    const { updateUser } = await import("./multi-user-S56GUD6L.js");
+    const { updateUser } = await import("./multi-user-XAEMB244.js");
     await updateUser(id, updates);
     return c.json({ success: true });
   } catch (error) {
@@ -2790,7 +3280,7 @@ usersRouter.put("/:id", async (c) => {
 usersRouter.delete("/:id", async (c) => {
   try {
     const id = c.req.param("id");
-    const { deleteUser } = await import("./multi-user-S56GUD6L.js");
+    const { deleteUser } = await import("./multi-user-XAEMB244.js");
     await deleteUser(id);
     return c.json({ success: true });
   } catch (error) {
@@ -2802,14 +3292,14 @@ var users_default = usersRouter;
 // src/inputs/api/server.ts
 import { tmpdir } from "os";
 import { resolve as resolve2, join } from "path";
-import { randomBytes as randomBytes3 } from "crypto";
+import { randomBytes as randomBytes4 } from "crypto";
 var serveStatic;
 try {
   serveStatic = __require("hono/bun").serveStatic;
 } catch {
   serveStatic = () => async (_c, next) => next();
 }
-var app = new Hono14();
+var app = new Hono15();
 app.use("*", logger());
 app.use("/api/*", cors());
 app.use("/api/*", authMiddleware());
@@ -3077,7 +3567,7 @@ app.post("/api/pair", async (c) => {
 });
 app.get("/api/providers", async (c) => {
   try {
-    const { providerRegistry } = await import("./providers-H6YIC3MG.js");
+    const { providerRegistry } = await import("./providers-2YQ6E3IF.js");
     return c.json({
       providers: providerRegistry.listProviders(),
       default: providerRegistry.getDefaultId()
@@ -3092,7 +3582,7 @@ app.route("/api/sdk", sdkRoutes);
 app.route("/api/admin", admin_default);
 app.get("/api/audit-logs", async (c) => {
   try {
-    const { queryAuditLogs: queryAuditLogs2 } = await import("./audit-logger-AU3TMWKI.js");
+    const { queryAuditLogs: queryAuditLogs2 } = await import("./audit-logger-CI4WZQPD.js");
     const url = new URL(c.req.url);
     const options = {};
     const userId = url.searchParams.get("userId");
@@ -3117,7 +3607,7 @@ app.get("/api/audit-logs", async (c) => {
 });
 app.get("/api/audit-logs/integrity", async (c) => {
   try {
-    const { getAuditChainIntegrity: getAuditChainIntegrity2 } = await import("./audit-logger-AU3TMWKI.js");
+    const { getAuditChainIntegrity: getAuditChainIntegrity2 } = await import("./audit-logger-CI4WZQPD.js");
     const integrity = await getAuditChainIntegrity2();
     return c.json({ success: true, ...integrity });
   } catch (err) {
@@ -3126,7 +3616,7 @@ app.get("/api/audit-logs/integrity", async (c) => {
 });
 app.delete("/api/audit-logs", async (c) => {
   try {
-    const { auditLogs } = await import("./schema-ALJ67YVG.js");
+    const { auditLogs } = await import("./schema-ETY7L2VA.js");
     await db.delete(auditLogs);
     return c.json({ success: true });
   } catch (err) {
@@ -3161,11 +3651,10 @@ app.route("/api/scheduler", scheduler_default);
 app.route("/api/alerts", alerts_default);
 app.route("/api/webhooks", webhooks_default);
 app.route("/api/github", github_default);
-app.route("/api/metrics", metrics_default);
 app.get("/api/metrics/overview", async (c) => {
   try {
-    const { getMetricAggregates: getMetricAggregates2 } = await import("./metrics-VJDWQWU7.js");
-    const { getErrorStats: getErrorStats2 } = await import("./error-tracker-SVQSDQDW.js");
+    const { getMetricAggregates: getMetricAggregates2 } = await import("./metrics-BH3ZLGEV.js");
+    const { getErrorStats: getErrorStats2 } = await import("./error-tracker-64DEH3D7.js");
     const now = /* @__PURE__ */ new Date();
     const dayAgo = new Date(now.getTime() - 24 * 60 * 60 * 1e3);
     const weekAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1e3);
@@ -3195,12 +3684,22 @@ app.get("/api/metrics/overview", async (c) => {
     return c.json({ last24h: {}, last7d: {} });
   }
 });
+app.route("/api/metrics", metrics_default);
 app.route("/api/mcp", mcp_default);
 app.route("/api/bots", bots_default);
+app.route("/api/m365", m365);
+app.get("/api/callbacks/outlook", async (c) => {
+  const search = new URL(c.req.url).search;
+  const forward = new Request(
+    `http://localhost/api/m365/auth/callback${search}`,
+    { method: "GET", headers: c.req.raw.headers }
+  );
+  return app.fetch(forward);
+});
 app.route("/api/users", users_default);
 app.get("/api/incidents", requirePermission("admin:settings"), async (c) => {
   try {
-    const { getOpenIncidents } = await import("./incident-response-ZTIKUWEO.js");
+    const { getOpenIncidents } = await import("./incident-response-E3UGMX5G.js");
     const severity = c.req.query("severity");
     const type = c.req.query("type");
     const incidents = await getOpenIncidents({ severity, type, limit: 50 });
@@ -3211,7 +3710,7 @@ app.get("/api/incidents", requirePermission("admin:settings"), async (c) => {
 });
 app.get("/api/incidents/:id", requirePermission("admin:settings"), async (c) => {
   try {
-    const { generateIncidentReport } = await import("./incident-response-ZTIKUWEO.js");
+    const { generateIncidentReport } = await import("./incident-response-E3UGMX5G.js");
     const id = c.req.param("id");
     const report = await generateIncidentReport(id);
     return c.json(report);
@@ -3221,7 +3720,7 @@ app.get("/api/incidents/:id", requirePermission("admin:settings"), async (c) =>
 });
 app.post("/api/incidents/:id/status", requirePermission("admin:settings"), async (c) => {
   try {
-    const { updateIncidentStatus } = await import("./incident-response-ZTIKUWEO.js");
+    const { updateIncidentStatus } = await import("./incident-response-E3UGMX5G.js");
     const id = c.req.param("id");
     const body = await c.req.json();
     const userId = getAuthUserId(c);
@@ -3233,7 +3732,7 @@ app.post("/api/incidents/:id/status", requirePermission("admin:settings"), async
 });
 app.post("/api/incidents/:id/resolve", requirePermission("admin:settings"), async (c) => {
   try {
-    const { resolveIncident } = await import("./incident-response-ZTIKUWEO.js");
+    const { resolveIncident } = await import("./incident-response-E3UGMX5G.js");
     const id = c.req.param("id");
     const body = await c.req.json();
     const userId = getAuthUserId(c);
@@ -3245,7 +3744,7 @@ app.post("/api/incidents/:id/resolve", requirePermission("admin:settings"), asyn
 });
 app.get("/api/audit/integrity", requirePermission("admin:settings"), async (c) => {
   try {
-    const { getAuditChainIntegrity: getAuditChainIntegrity2 } = await import("./audit-logger-AU3TMWKI.js");
+    const { getAuditChainIntegrity: getAuditChainIntegrity2 } = await import("./audit-logger-CI4WZQPD.js");
     const integrity = await getAuditChainIntegrity2();
     return c.json(integrity);
   } catch (error) {
@@ -3294,7 +3793,7 @@ app.post("/api/tts", async (c) => {
 app.get("/api/system/status", async (c) => {
   return c.json({
     status: "online",
-    version: "3.4.0",
+    version: "3.6.1",
     uptime: process.uptime(),
     memory: process.memoryUsage()
   });
@@ -3309,7 +3808,7 @@ app.get("/api/callbacks/spotify", async (c) => {
     if (!code) {
       return c.html(`<h1>Missing Authorization Code</h1><p>No code received from Spotify.</p>`);
     }
-    const { env: appEnv } = await import("./env-CHOFICED.js");
+    const { env: appEnv } = await import("./env-GN5VHI43.js");
     if (!appEnv.SPOTIFY_CLIENT_ID || !appEnv.SPOTIFY_CLIENT_SECRET) {
       return c.html(`<h1>Spotify Not Configured</h1><p>Set SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET in .env</p>`);
     }
@@ -3335,7 +3834,7 @@ app.get("/api/callbacks/spotify", async (c) => {
 });
 app.get("/api/spotify/authorize", async (c) => {
   try {
-    const { env: appEnv } = await import("./env-CHOFICED.js");
+    const { env: appEnv } = await import("./env-GN5VHI43.js");
     if (!appEnv.SPOTIFY_CLIENT_ID || !appEnv.SPOTIFY_CLIENT_SECRET) {
       return c.json({ error: "Spotify not configured. Set SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET in .env" }, 400);
     }
@@ -3387,7 +3886,7 @@ app.post("/api/files/upload", async (c) => {
       return c.json({ error: "File too large (50MB max)" }, 413);
     }
     const ext = file.name.split(".").pop() || "bin";
-    const id = randomBytes3(8).toString("hex");
+    const id = randomBytes4(8).toString("hex");
     const filename = `sentinel-upload-${id}.${ext}`;
     const filePath = join(tmpdir(), filename);
     const buffer = Buffer.from(await file.arrayBuffer());
@@ -3405,4 +3904,4 @@ export {
   timingSafeEqual,
   app
 };
-//# sourceMappingURL=chunk-AD6YEH6U.js.map
+//# sourceMappingURL=chunk-S2EOIVF4.js.map