npm - tide-commander - Versions diffs - 1.32.2 → 1.35.0 - Mend

tide-commander 1.32.2 → 1.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist/src/packages/server/integrations/gmail/gmail-client.js CHANGED Viewed

@@ -14,6 +14,7 @@ const REDIRECT_PATH = '/api/email/auth/callback';
 // ─── State ───
 let ctx = null;
 let config = {
+    authMethod: 'oauth2',
     clientId: '',
     clientSecret: '',
     pollingIntervalMs: 30000,
@@ -31,25 +32,63 @@ let lastHistoryId;
 export async function init(context) {
     ctx = context;
     loadConfig();
-    if (!config.clientId || !config.clientSecret) {
-        ctx.log.info('Gmail not configured (missing OAuth credentials)');
-        return;
-    }
-    oauth2Client = new google.auth.OAuth2(config.clientId, config.clientSecret, `${ctx.serverConfig.baseUrl}${REDIRECT_PATH}`);
-    // Load refresh token from secrets
-    const refreshToken = ctx.secrets.get('GOOGLE_REFRESH_TOKEN') || config.refreshToken;
-    if (refreshToken) {
-        oauth2Client.setCredentials({ refresh_token: refreshToken });
-        gmail = google.gmail({ version: 'v1', auth: oauth2Client });
+    // Reset state on reinit
+    gmail = null;
+    oauth2Client = null;
+    authenticatedEmail = undefined;
+    lastError = undefined;
+    const authMethod = config.authMethod || 'oauth2';
+    if (authMethod === 'service_account') {
+        // ── Service Account authentication via domain-wide delegation ──
+        if (!config.serviceAccountJson || !config.impersonateEmail) {
+            ctx.log.info('Gmail not configured (missing service account credentials)');
+            return;
+        }
         try {
+            const sa = JSON.parse(config.serviceAccountJson);
+            const jwtClient = new google.auth.JWT({
+                email: sa.client_email,
+                key: sa.private_key,
+                scopes: SCOPES,
+                subject: config.impersonateEmail,
+            });
+            gmail = google.gmail({ version: 'v1', auth: jwtClient });
             const profile = await gmail.users.getProfile({ userId: 'me' });
             authenticatedEmail = profile.data.emailAddress ?? undefined;
             lastHistoryId = profile.data.historyId ?? undefined;
-            ctx.log.info(`Gmail authenticated as ${authenticatedEmail}`);
+            lastError = undefined;
+            ctx.log.info(`Gmail authenticated via service account as ${authenticatedEmail}`);
+            startPolling();
         }
         catch (err) {
-            lastError = `Authentication failed: ${err}`;
-            ctx.log.error('Gmail authentication failed', err);
+            lastError = `Service account authentication failed: ${err}`;
+            ctx.log.error('Gmail service account authentication failed', err);
+        }
+    }
+    else {
+        // ── OAuth2 authentication ──
+        if (!config.clientId || !config.clientSecret) {
+            ctx.log.info('Gmail not configured (missing OAuth credentials)');
+            return;
+        }
+        oauth2Client = new google.auth.OAuth2(config.clientId, config.clientSecret, `${ctx.serverConfig.baseUrl}${REDIRECT_PATH}`);
+        // Load refresh token from secrets
+        const refreshToken = ctx.secrets.get('GOOGLE_REFRESH_TOKEN') || config.refreshToken;
+        if (refreshToken) {
+            oauth2Client.setCredentials({ refresh_token: refreshToken });
+            gmail = google.gmail({ version: 'v1', auth: oauth2Client });
+            try {
+                const profile = await gmail.users.getProfile({ userId: 'me' });
+                authenticatedEmail = profile.data.emailAddress ?? undefined;
+                lastHistoryId = profile.data.historyId ?? undefined;
+                lastError = undefined;
+                ctx.log.info(`Gmail authenticated as ${authenticatedEmail}`);
+                startPolling();
+            }
+            catch (err) {
+                lastError = `Authentication failed: ${err}`;
+                ctx.log.error('Gmail authentication failed', err);
+            }
         }
     }
 }
@@ -59,14 +98,21 @@ function loadConfig() {
     const clientId = ctx.secrets.get('GOOGLE_CLIENT_ID') || '';
     const clientSecret = ctx.secrets.get('GOOGLE_CLIENT_SECRET') || '';
     const refreshToken = ctx.secrets.get('GOOGLE_REFRESH_TOKEN');
+    const serviceAccountJson = ctx.secrets.get('GOOGLE_SERVICE_ACCOUNT_JSON') || undefined;
+    const impersonateEmail = ctx.secrets.get('GOOGLE_IMPERSONATE_EMAIL') || undefined;
     config = {
         ...config,
         clientId,
         clientSecret,
         refreshToken: refreshToken || undefined,
+        serviceAccountJson,
+        impersonateEmail,
     };
 }
 export function updateConfig(updates) {
+    if (updates.authMethod !== undefined) {
+        config.authMethod = updates.authMethod;
+    }
     if (updates.clientId !== undefined) {
         config.clientId = updates.clientId;
         ctx?.secrets.set('GOOGLE_CLIENT_ID', updates.clientId);
@@ -75,6 +121,14 @@ export function updateConfig(updates) {
         config.clientSecret = updates.clientSecret;
         ctx?.secrets.set('GOOGLE_CLIENT_SECRET', updates.clientSecret);
     }
+    if (updates.serviceAccountJson !== undefined) {
+        config.serviceAccountJson = updates.serviceAccountJson;
+        ctx?.secrets.set('GOOGLE_SERVICE_ACCOUNT_JSON', updates.serviceAccountJson);
+    }
+    if (updates.impersonateEmail !== undefined) {
+        config.impersonateEmail = updates.impersonateEmail;
+        ctx?.secrets.set('GOOGLE_IMPERSONATE_EMAIL', updates.impersonateEmail);
+    }
     if (updates.pollingIntervalMs !== undefined) {
         config.pollingIntervalMs = updates.pollingIntervalMs;
     }
@@ -91,8 +145,10 @@ export function shutdown() {
 }
 // ─── Status ───
 export function getStatus() {
+    const oauthConfigured = Boolean(config.clientId && config.clientSecret);
+    const serviceAccountConfigured = Boolean(config.serviceAccountJson && config.impersonateEmail);
     return {
-        configured: Boolean(config.clientId && config.clientSecret),
+        configured: oauthConfigured || serviceAccountConfigured,
         authenticated: Boolean(gmail && authenticatedEmail),
         emailAddress: authenticatedEmail,
         pollingActive: pollingTimer !== null,
@@ -102,7 +158,9 @@ export function getStatus() {
     };
 }
 export function isConfigured() {
-    return Boolean(config.clientId && config.clientSecret);
+    const oauthConfigured = Boolean(config.clientId && config.clientSecret);
+    const serviceAccountConfigured = Boolean(config.serviceAccountJson && config.impersonateEmail);
+    return oauthConfigured || serviceAccountConfigured;
 }
 // ─── OAuth2 ───
 export function getAuthUrl() {
@@ -248,6 +306,7 @@ function parseGmailMessage(msg) {
     const subject = getHeader('Subject');
     const date = msg.internalDate ? parseInt(msg.internalDate, 10) : Date.now();
     const inReplyTo = getHeader('In-Reply-To') || undefined;
+    const rfc822MessageId = getHeader('Message-ID') || getHeader('Message-Id') || undefined;
     // Extract body
     let body = '';
     let bodyHtml = '';
@@ -285,6 +344,7 @@ function parseGmailMessage(msg) {
     return {
         messageId: msg.id || '',
         threadId: msg.threadId || '',
+        rfc822MessageId,
         from,
         to,
         cc,

package/dist/src/packages/server/integrations/gmail/gmail-config.js CHANGED Viewed

@@ -3,12 +3,25 @@
  * ConfigField[] for OAuth credentials, polling interval, and approval defaults.
  */
 export const gmailConfigSchema = [
+    {
+        key: 'authMethod',
+        label: 'Authentication Method',
+        type: 'select',
+        description: 'Choose OAuth2 (browser login) or Service Account (domain-wide delegation)',
+        required: false,
+        defaultValue: 'oauth2',
+        options: [
+            { label: 'OAuth2', value: 'oauth2' },
+            { label: 'Service Account', value: 'service_account' },
+        ],
+        group: 'Authentication',
+    },
     {
         key: 'clientId',
         label: 'Google OAuth Client ID',
         type: 'text',
         description: 'OAuth2 client ID from Google Cloud Console',
-        required: true,
+        required: false,
         secret: true,
         group: 'Authentication',
     },
@@ -17,10 +30,27 @@ export const gmailConfigSchema = [
         label: 'Google OAuth Client Secret',
         type: 'password',
         description: 'OAuth2 client secret from Google Cloud Console',
-        required: true,
+        required: false,
+        secret: true,
+        group: 'Authentication',
+    },
+    {
+        key: 'serviceAccountJson',
+        label: 'Service Account JSON',
+        type: 'textarea',
+        description: 'Full JSON content of the Google service account key file',
+        required: false,
         secret: true,
         group: 'Authentication',
     },
+    {
+        key: 'impersonateEmail',
+        label: 'Impersonate Email',
+        type: 'email',
+        description: 'Email address to impersonate via domain-wide delegation (required for service account)',
+        required: false,
+        group: 'Authentication',
+    },
     {
         key: 'pollingIntervalMs',
         label: 'Polling Interval (ms)',

package/dist/src/packages/server/integrations/gmail/gmail-routes.js CHANGED Viewed

@@ -102,6 +102,11 @@ router.get('/status', (req, res) => {
 // GET /api/email/auth/url — Get OAuth authorization URL
 router.get('/auth/url', (req, res) => {
     try {
+        const currentConfig = gmailClient.getConfig();
+        if (currentConfig.authMethod === 'service_account') {
+            res.status(400).json({ error: 'OAuth flow is not used with service account authentication. Configure service account JSON and impersonate email instead.' });
+            return;
+        }
         const authUrl = gmailClient.getAuthUrl();
         res.json({ url: authUrl });
     }

package/dist/src/packages/server/integrations/gmail/index.js CHANGED Viewed

@@ -12,7 +12,7 @@ let integrationCtx = null;
 export const gmailPlugin = {
     id: 'gmail',
     name: 'Gmail',
-    description: 'Email sending, receiving, and approval checking via Gmail',
+    description: 'Send and receive emails through Gmail. Supports OAuth 2.0 and Service Account authentication.',
     routePrefix: '/email',
     async init(ctx) {
         integrationCtx = ctx;
@@ -39,15 +39,21 @@ export const gmailPlugin = {
     getConfig() {
         if (!integrationCtx) {
             return {
+                authMethod: 'oauth2',
                 clientId: '',
                 clientSecret: '',
+                serviceAccountJson: '',
+                impersonateEmail: '',
                 pollingIntervalMs: 30000,
                 defaultApprovalKeywords: 'approved,aprobado,autorizado,yes,ok',
             };
         }
         return {
+            authMethod: gmailClient.getConfig().authMethod || 'oauth2',
             clientId: integrationCtx.secrets.get('GOOGLE_CLIENT_ID') || '',
             clientSecret: integrationCtx.secrets.get('GOOGLE_CLIENT_SECRET') || '',
+            serviceAccountJson: integrationCtx.secrets.get('GOOGLE_SERVICE_ACCOUNT_JSON') || '',
+            impersonateEmail: integrationCtx.secrets.get('GOOGLE_IMPERSONATE_EMAIL') || '',
             pollingIntervalMs: gmailClient.getConfig().pollingIntervalMs,
             defaultApprovalKeywords: gmailClient.getConfig().defaultApprovalKeywords.join(','),
         };
@@ -56,6 +62,9 @@ export const gmailPlugin = {
         if (!integrationCtx)
             throw new Error('Gmail not initialized');
         const updates = {};
+        if (config.authMethod !== undefined) {
+            updates.authMethod = config.authMethod;
+        }
         if (config.clientId) {
             updates.clientId = config.clientId;
             integrationCtx.secrets.set('GOOGLE_CLIENT_ID', config.clientId);
@@ -64,6 +73,14 @@ export const gmailPlugin = {
             updates.clientSecret = config.clientSecret;
             integrationCtx.secrets.set('GOOGLE_CLIENT_SECRET', config.clientSecret);
         }
+        if (config.serviceAccountJson) {
+            updates.serviceAccountJson = config.serviceAccountJson;
+            integrationCtx.secrets.set('GOOGLE_SERVICE_ACCOUNT_JSON', config.serviceAccountJson);
+        }
+        if (config.impersonateEmail) {
+            updates.impersonateEmail = config.impersonateEmail;
+            integrationCtx.secrets.set('GOOGLE_IMPERSONATE_EMAIL', config.impersonateEmail);
+        }
         if (config.pollingIntervalMs) {
             updates.pollingIntervalMs = config.pollingIntervalMs;
         }
@@ -75,6 +92,11 @@ export const gmailPlugin = {
             updates.defaultApprovalKeywords = keywords;
         }
         gmailClient.updateConfig(updates);
+        // Re-initialize authentication when auth method or credentials change
+        if (config.authMethod !== undefined || config.serviceAccountJson || config.clientId) {
+            gmailClient.shutdown();
+            await gmailClient.init(integrationCtx);
+        }
     },
     getCustomSettingsComponent() {
         return 'gmail-oauth';

package/dist/src/packages/server/integrations/jira/jira-client.js CHANGED Viewed

@@ -118,12 +118,18 @@ export class JiraClient {
     }
     // ─── Search ───
     async searchIssues(jql, opts) {
-        const params = new URLSearchParams({
+        // Use POST /rest/api/3/search which returns full issue fields by default
+        // (the newer /search/jql endpoint only returns IDs unless fields are explicit)
+        const body = {
             jql,
-            maxResults: String(opts?.maxResults ?? 25),
-            startAt: String(opts?.startAt ?? 0),
-        });
-        return (await this.request('GET', `/rest/api/3/search/jql?${params}`));
+            maxResults: opts?.maxResults ?? 25,
+            startAt: opts?.startAt ?? 0,
+            fields: opts?.fields ?? [
+                'summary', 'status', 'priority', 'assignee', 'issuetype',
+                'project', 'created', 'updated', 'labels',
+            ],
+        };
+        return (await this.request('POST', '/rest/api/3/search', body));
     }
     // ─── Service Desk (optional) ───
     async createServiceRequest(serviceDeskId, requestTypeId, params) {

package/dist/src/packages/server/integrations/jira/jira-routes.js CHANGED Viewed

@@ -202,13 +202,30 @@ export function createJiraRoutes(client, ctx) {
         try {
             const jql = req.query.jql;
             if (!jql) {
-                res.status(400).json({ error: 'jql query parameter is required' });
+                res.status(400).json({ error: 'jql query parameter is required. Jira Cloud requires bounded queries - always include a filter like project = X, created >= -30d, or similar.' });
                 return;
             }
             const maxResults = parseInt(req.query.maxResults) || 25;
             const startAt = parseInt(req.query.startAt) || 0;
-            const result = await client.searchIssues(jql, { maxResults, startAt });
-            res.json(result);
+            const fieldsParam = req.query.fields;
+            const fields = fieldsParam ? fieldsParam.split(',').map(f => f.trim()) : undefined;
+            const result = await client.searchIssues(jql, { maxResults, startAt, fields });
+            // Return a clean, agent-friendly response with key fields inline
+            const issues = result.issues.map(issue => ({
+                key: issue.key,
+                id: issue.id,
+                summary: issue.fields.summary,
+                status: issue.fields.status?.name,
+                priority: issue.fields.priority?.name,
+                assignee: issue.fields.assignee?.displayName,
+                issueType: issue.fields.issuetype?.name,
+                project: issue.fields.project?.key,
+                created: issue.fields.created,
+                updated: issue.fields.updated,
+                labels: issue.fields.labels,
+                self: issue.self,
+            }));
+            res.json({ issues, total: result.total, startAt: result.startAt, maxResults: result.maxResults });
         }
         catch (err) {
             const message = err instanceof Error ? err.message : 'Search failed';

package/dist/src/packages/server/integrations/jira/jira-skill.js CHANGED Viewed

@@ -9,105 +9,157 @@ export const jiraSkill = {
     allowedTools: ['Bash(curl:*)'],
     content: `# Jira Service Desk
-You have access to the Jira Service Desk integration. Use these endpoints via curl.
+Manage Jira issues through the proxy API. Auth headers are added automatically by the system.
+All Jira credentials (base URL, email, API token) are handled server-side - never include them in requests.
-## Create a ticket
+## Quick Reference
+**Search recent issues:**
 \`\`\`bash
-curl -s -X POST "{{BASE_URL}}/api/jira/issues" \\
+curl -s "http://localhost:5174/api/jira/search?jql=created%20%3E%3D%20-30d%20ORDER%20BY%20created%20DESC&maxResults=5"
+\`\`\`
+**Get a specific issue:**
+\`\`\`bash
+curl -s http://localhost:5174/api/jira/issues/SD-1234
+\`\`\`
+**Create an issue:**
+\`\`\`bash
+curl -s -X POST http://localhost:5174/api/jira/issues \\
   -H "Content-Type: application/json" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}" \\
-  -d '{
-    "projectKey": "SD",
-    "issueType": "Change Request",
-    "summary": "CC - Release v2.1.0 - 2026-03-20",
-    "description": "Control de Cambios for release v2.1.0. Requested by: John Doe. Systems affected: API, Frontend.",
-    "priority": "Medium",
-    "labels": ["cc", "release"]
-  }'
+  -d '{"summary":"Issue title","description":"Details here"}'
 \`\`\`
-Returns: \`{ "key": "SD-1234", "id": "10042", "self": "https://..." }\`
+If projectKey and issueType are omitted, configured defaults are used.
-## Get a ticket
+---
+## Search (JQL)
 \`\`\`bash
-curl -s "{{BASE_URL}}/api/jira/issues/SD-1234" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}"
+curl -s "http://localhost:5174/api/jira/search?jql=QUERY&maxResults=N&startAt=0"
 \`\`\`
-## Update a ticket
+Returns flat issue objects with key, summary, status, priority, assignee, issueType, project, created, updated, and labels inline - no extra API calls needed.
+Query params: \`jql\` (required), \`maxResults\` (default 25), \`startAt\` (default 0), \`fields\` (comma-separated, optional override)
+**IMPORTANT: Jira Cloud rejects unbounded JQL.** Always include a filter like \`project = X\`, \`created >= -30d\`, or similar.
+### Common JQL Recipes
+\`\`\`
+# Last N issues across all projects
+created >= -30d ORDER BY created DESC
+# Issues by project
+project = SD ORDER BY created DESC
+# Open issues
+project = SD AND status != Done ORDER BY updated DESC
+# Issues assigned to someone
+project = SD AND assignee = "user@email.com" ORDER BY created DESC
+# Search by keyword in summary
+project = SD AND summary ~ "vpn" ORDER BY created DESC
+# Issues with specific label
+project = SD AND labels = "release" ORDER BY created DESC
+# Recently updated
+updated >= -7d ORDER BY updated DESC
+\`\`\`
+Remember to URL-encode the jql value in the query string (spaces as %20, = as %3D, etc.), or use curl --data-urlencode:
 \`\`\`bash
-curl -s -X PATCH "{{BASE_URL}}/api/jira/issues/SD-1234" \\
-  -H "Content-Type: application/json" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}" \\
-  -d '{ "summary": "Updated summary", "priority": "High" }'
+curl -s -G http://localhost:5174/api/jira/search --data-urlencode "jql=project = SD ORDER BY created DESC" --data-urlencode "maxResults=10"
 \`\`\`
-## Add a comment
+## Get Issue
 \`\`\`bash
-curl -s -X POST "{{BASE_URL}}/api/jira/issues/SD-1234/comments" \\
+curl -s http://localhost:5174/api/jira/issues/SD-1234
+\`\`\`
+Returns full Jira issue with all fields including description, comments count, etc.
+## Create Issue
+\`\`\`bash
+curl -s -X POST http://localhost:5174/api/jira/issues \\
   -H "Content-Type: application/json" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}" \\
-  -d '{ "body": "CC document generated and sent for approval." }'
+  -d '{
+    "projectKey": "SD",
+    "issueType": "Task",
+    "summary": "Issue title",
+    "description": "Issue description",
+    "priority": "Medium",
+    "labels": ["tag1", "tag2"]
+  }'
 \`\`\`
-## Transition a ticket (change status)
+\`projectKey\` and \`issueType\` are optional if defaults are configured in the integration settings.
+Returns: \`{ "key": "SD-1234", "id": "10042", "self": "..." }\`
+## Update Issue
-First, list available transitions:
 \`\`\`bash
-curl -s "{{BASE_URL}}/api/jira/issues/SD-1234/transitions" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}"
+curl -s -X PATCH http://localhost:5174/api/jira/issues/SD-1234 \\
+  -H "Content-Type: application/json" \\
+  -d '{"summary": "Updated title", "priority": "High"}'
 \`\`\`
-Then transition:
+## Comments
+**Add a comment:**
 \`\`\`bash
-curl -s -X POST "{{BASE_URL}}/api/jira/issues/SD-1234/transitions" \\
+curl -s -X POST http://localhost:5174/api/jira/issues/SD-1234/comments \\
   -H "Content-Type: application/json" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}" \\
-  -d '{ "transitionId": "31", "comment": "Approved and release completed" }'
+  -d '{"body": "Comment text here"}'
+\`\`\`
+**Get comments:**
+\`\`\`bash
+curl -s http://localhost:5174/api/jira/issues/SD-1234/comments
 \`\`\`
-## Search tickets (JQL)
+## Transitions (Change Status)
+**List available transitions:**
+\`\`\`bash
+curl -s http://localhost:5174/api/jira/issues/SD-1234/transitions
+\`\`\`
+**Apply a transition:**
 \`\`\`bash
-curl -s "{{BASE_URL}}/api/jira/search?jql=project%3DSD%20AND%20labels%3Dcc&maxResults=10" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}"
+curl -s -X POST http://localhost:5174/api/jira/issues/SD-1234/transitions \\
+  -H "Content-Type: application/json" \\
+  -d '{"transitionId": "31", "comment": "Transition reason"}'
 \`\`\`
-## Create a Service Desk request
+## Service Desk Requests
 \`\`\`bash
-curl -s -X POST "{{BASE_URL}}/api/jira/service-desk/1/requests" \\
+curl -s -X POST http://localhost:5174/api/jira/service-desk/1/requests \\
   -H "Content-Type: application/json" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}" \\
-  -d '{
-    "requestTypeId": "10",
-    "summary": "New service request",
-    "description": "Details of the request"
-  }'
+  -d '{"requestTypeId": "10", "summary": "Request title", "description": "Details"}'
 \`\`\`
 ## Custom Fields
-Custom fields can be passed via the \`customFields\` object when creating or updating issues.
-Field mappings (workflow variable to Jira custom field IDs) are configured in the integration settings.
+Pass custom fields via the \`customFields\` object when creating or updating. Field mappings (friendly name to Jira field ID) are configured in integration settings.
 \`\`\`bash
-curl -s -X POST "{{BASE_URL}}/api/jira/issues" \\
+curl -s -X POST http://localhost:5174/api/jira/issues \\
   -H "Content-Type: application/json" \\
-  -H "X-Auth-Token: {{AUTH_TOKEN}}" \\
-  -d '{
-    "projectKey": "SD",
-    "issueType": "Change Request",
-    "summary": "Release v2.1.0",
-    "description": "Details...",
-    "customFields": {
-      "release_name": "v2.1.0",
-      "environment": "production"
-    }
-  }'
+  -d '{"summary": "Release v2.1.0", "customFields": {"release_name": "v2.1.0", "environment": "production"}}'
 \`\`\`
+## Notes
+- Auth headers are added automatically by the system.
+- The proxy handles all Jira authentication - never include Jira credentials in requests.
+- All text is automatically converted to Atlassian Document Format (ADF) by the proxy.
+- Use \`curl -s -G ... --data-urlencode\` for JQL queries with special characters.
 `,
 };

package/dist/src/packages/server/routes/trigger-routes.js CHANGED Viewed

@@ -31,6 +31,11 @@ router.get('/', (_req, res) => {
     const triggers = triggerService.getAllTriggers();
     res.json(triggers);
 });
+// All matchers evaluated against a specific source message (must be before /:id)
+router.get('/matchers/by-source/:sourceType/:sourceId', (req, res) => {
+    const matchers = triggerService.getMatchersBySource(req.params.sourceType, req.params.sourceId);
+    res.json({ matchers });
+});
 // Get single trigger
 router.get('/:id', (req, res) => {
     const trigger = triggerService.getTrigger(req.params.id);
@@ -212,6 +217,23 @@ router.get('/:id/events', (req, res) => {
     const events = triggerService.getTriggerEvents(req.params.id, limit);
     res.json(events);
 });
+// ─── Matcher Execution Debugging ───
+// List all matchers that ran for a specific trigger event
+router.get('/events/:eventId/matchers', (req, res) => {
+    const eventId = parseInt(req.params.eventId);
+    if (isNaN(eventId)) {
+        res.status(400).json({ error: 'Invalid eventId' });
+        return;
+    }
+    const matchers = triggerService.getMatchersByEvent(eventId);
+    res.json({ matchers });
+});
+// Matcher history for a trigger (across all events)
+router.get('/:triggerId/matcher-history', (req, res) => {
+    const limit = parseInt(req.query.limit) || 100;
+    const matchers = triggerService.getMatcherHistoryByTrigger(req.params.triggerId, limit);
+    res.json({ matchers });
+});
 // ─── Helper ───
 function getNestedValue(obj, path) {
     const parts = path.split('.');