{"id":44907466,"url":"https://github.com/agenticmail/enterprise","last_synced_at":"2026-05-16T06:19:55.079Z","repository":{"id":342204100,"uuid":"1160350359","full_name":"agenticmail/enterprise","owner":"agenticmail","description":"Enterprise AI Agent Platform — Identity, Email, Compliance, Microsoft 365 \u0026 Google Workspace integration, SOC 2 reporting, DLP, multi-tenant workforce management","archived":false,"fork":false,"pushed_at":"2026-03-05T07:39:57.000Z","size":6253,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-05T11:37:04.325Z","etag":null,"topics":["ai-agents","ai-platform","compliance","dlp","email","enterprise","google-meet","google-workspace","microsoft-365","multi-tenant","nodejs","oauth","saml","soc2","task-management","telegram-bot","typescript","voice-ai","workforce-management"],"latest_commit_sha":null,"homepage":"https://agenticmail.io","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/agenticmail.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://agenticmail.io"]}},"created_at":"2026-02-17T20:50:25.000Z","updated_at":"2026-03-05T07:40:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/agenticmail/enterprise","commit_stats":null,"previous_names":["agenticmail/enterprise"],"tags_count":82,"template":false,"template_full_name":null,"purl":"pkg:github/agenticmail/enterprise","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fenterprise","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fenterprise/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fenterprise/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fenterprise/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/agenticmail","download_url":"https://codeload.github.com/agenticmail/enterprise/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/agenticmail%2Fenterprise/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30362777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"ssl_error","status_checked_at":"2026-03-10T21:40:59.357Z","response_time":106,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-platform","compliance","dlp","email","enterprise","google-meet","google-workspace","microsoft-365","multi-tenant","nodejs","oauth","saml","soc2","task-management","telegram-bot","typescript","voice-ai","workforce-management"],"created_at":"2026-02-17T23:07:27.862Z","updated_at":"2026-05-16T06:19:55.071Z","avatar_url":"https://github.com/agenticmail.png","language":"TypeScript","funding_links":["https://agenticmail.io"],"categories":[],"sub_categories":[],"readme":"# @agenticmail/enterprise\n\n**The Complete AI Agent Workforce Platform**\n\nDeploy, manage, and govern AI agents as first-class employees — each with their own email, phone number, calendar, browser, tools, memory, and identity. Enterprise-grade security, compliance, and multi-tenant isolation built in.\n\n```bash\nnpx @agenticmail/enterprise\n```\n\nOne command. Interactive setup wizard. Full platform in under 2 minutes.\n\n---\n\n## Getting Started (5 Minutes)\n\n### ☁️ Option A: Deploy on AgenticMail Cloud (Recommended)\n\n**Get a free `yourcompany.agenticmail.io` subdomain — live in under 2 minutes.**\n\n```bash\nnpx @agenticmail/enterprise\n```\n\nThe wizard will ask you to:\n\n1. **Select deploy target** → Choose **\"AgenticMail Cloud\"**\n2. **Pick your subdomain** → e.g., `acme` → your dashboard is at `https://acme.agenticmail.io`\n3. **Create admin account** → Name, email, password\n4. **Done** → Dashboard opens. Create your first agent.\n\n```\n$ npx @agenticmail/enterprise\n\n  Deploy target: AgenticMail Cloud (free)\n  Subdomain: acme.agenticmail.io\n  ✓ Database provisioned\n  ✓ Schema migrated (32 tables)\n  ✓ Admin account created\n\n  Dashboard: https://acme.agenticmail.io\n  ✓ Live! Create your first agent →\n```\n\n**No servers to manage. No Docker. No ports to open. No infra.** Everything runs on our infrastructure — you just configure from the dashboard.\n\n---\n\n### Option B: Self-Hosted\n\nSame wizard, different deploy target:\n\n```bash\nnpx @agenticmail/enterprise\n```\n\nThe wizard walks you through:\n\n1. **Database** — Pick SQLite (zero config) or paste a Postgres URL. We auto-detect Supabase/Neon and optimize connection pooling automatically.\n2. **Admin Account** — Name, email, password\n3. **Deploy Target** — Cloudflare Tunnel (free, no ports to open), Docker, Railway, Fly.io, or local\n4. **Dashboard** — Opens automatically. Everything is managed from the UI.\n\n#### Database Options\n\n| Option | Best For | Setup |\n|--------|----------|-------|\n| **SQLite** | Trying it out, local dev | Zero config — built-in |\n| **[Supabase](https://supabase.com) (Free)** | Production, cloud | Create free project → copy connection string |\n| **Any Postgres** | Enterprise, existing infra | Paste your connection string |\n| **MySQL, MongoDB, etc.** | Special requirements | 10 backends supported — see [Database Backends](#database-backends) |\n\n\u003e **Supabase users:** The wizard auto-optimizes your connection string — switches to transaction mode, adds PgBouncer params, and generates a direct URL for migrations. Zero manual config.\n\n### What You Get\n\nOnce setup completes, open the dashboard and you'll see:\n\n- **Setup Checklist** — guided steps to configure email, create agents, etc.\n- **Create Agent** — pick from 51 personality templates or build your own\n- **Full Admin Dashboard** — 28 pages covering every aspect of agent management\n\nEverything is managed from the dashboard — agent creation, permissions, email setup, channel connections, DLP rules, workforce schedules, compliance reports. No code needed.\n\n### Create Your First Agent\n\n1. Click **\"Create Agent\"** in the dashboard\n2. Choose a soul template (e.g., \"Executive Assistant\", \"Sales Rep\", \"Developer\")\n3. Add your LLM API key in **Settings → API Keys** (or in the agent's config)\n4. Configure permissions — set what tools the agent can use, package managers it can access, sudo privileges, etc.\n5. Start the agent — it gets its own email, tools, and identity\n\n### What's Next?\n\n- **Connect Gmail** — Give your agent real email access via OAuth (Agent Detail → Email tab)\n- **Add Telegram/WhatsApp** — Connect messaging channels (Agent Detail → Channels tab)\n- **Set up DLP** — Apply pre-built rule packs to protect sensitive data (DLP page → Rule Packs)\n- **Configure Shifts** — Set work hours and on-call schedules (Workforce page)\n- **Set Dependency Policy** — Control what packages agents can install, allow sudo, set computer password (Agent Detail → Permissions tab)\n\n---\n\n## Table of Contents\n\n- [Why AgenticMail Enterprise](#why-agenticmail-enterprise)\n- [Quick Start](#quick-start)\n- [Architecture](#architecture)\n- [Dashboard](#dashboard)\n- [Agent Runtime](#agent-runtime)\n- [Agent Tools](#agent-tools)\n- [Google Workspace Integration](#google-workspace-integration)\n- [145 SaaS Integration Adapters](#145-saas-integration-adapters)\n- [Enterprise Skills](#enterprise-skills)\n- [Polymarket Trading Suite](#polymarket-trading-suite)\n- [Database Backends](#database-backends)\n- [Security \u0026 Compliance](#security--compliance)\n- [Data Loss Prevention (DLP)](#data-loss-prevention-dlp)\n- [Multi-Tenant \u0026 Organizations](#multi-tenant--organizations)\n- [Workforce Management](#workforce-management)\n- [Knowledge Base \u0026 RAG](#knowledge-base--rag)\n- [Communication \u0026 Task Pipeline](#communication--task-pipeline)\n- [Agent Autonomy System](#agent-autonomy-system)\n- [Meeting \u0026 Voice Intelligence](#meeting--voice-intelligence)\n- [Multimodal Support](#multimodal-support)\n- [Deployment](#deployment)\n- [CLI Commands](#cli-commands)\n- [Environment Variables](#environment-variables)\n- [Community Skills Marketplace](#community-skills-marketplace)\n- [API Reference](#api-reference)\n- [License](#license)\n\n---\n\n## Why AgenticMail Enterprise\n\nMost AI agent platforms give you a chatbot. We give you a **workforce**.\n\n- **Real Identity** — Each agent gets a real email address, phone number (Google Voice), Google Workspace access, and digital presence\n- **Real Autonomy** — Agents clock in/out, check email, respond to messages, **join Google Meet calls and speak like humans**, and work independently\n- **Real Governance** — DLP scanning, guardrails, approval workflows, compliance reporting, action journaling with rollback\n- **Real Scale** — Multi-tenant isolation, org-scoped everything, role-based access control, budget gates\n- **Real Integration** — 145 SaaS adapters, 13 Google Workspace tools, full browser automation, shell access, filesystem tools\n\n### By the Numbers\n\n| Metric | Count |\n|--------|-------|\n| Source files | 770+ |\n| Engine modules | 82 |\n| Dashboard pages | 28 + 23 agent detail tabs |\n| Documentation pages | 49 |\n| Database backends | 10 |\n| SaaS integration adapters | 145 |\n| Enterprise skill definitions | 52 |\n| Google Workspace tools | 13 services |\n| Microsoft 365 tools | 13 services, 90+ tools |\n| Agent tools | 270+ (smart tiered loading) |\n| Soul templates | 51 (14 categories) |\n| DLP rule packs | 7 (53 pre-built rules) |\n| Compliance report types | 5 (SOC 2, GDPR, SOX, Incident, Access Review) |\n\n---\n\n## Quick Start\n\n### Option A: Interactive Wizard (Recommended)\n\n```bash\nnpx @agenticmail/enterprise\n```\n\nThe wizard walks you through:\n1. **Database** — Pick from 10 backends with smart auto-configuration (auto-detects Supabase/Neon pooler mode, generates direct URLs for migrations, adds `?pgbouncer=true` automatically)\n2. **Admin Account** — Name, email, password, company name\n3. **Email Delivery** — Optional SMTP/OAuth setup\n4. **Custom Domain** — Optional: point your own domain via Cloudflare tunnel\n5. **First Agent** — Create your first AI agent with a soul template\n\n### Option B: Programmatic\n\n```typescript\nimport { createServer, createAdapter, smartDbConfig } from '@agenticmail/enterprise';\n\nconst db = await createAdapter(smartDbConfig(process.env.DATABASE_URL));\nawait db.migrate();\n\nconst server = createServer({\n  port: 3000,\n  db,\n  jwtSecret: process.env.JWT_SECRET,\n  runtime: {\n    enabled: true,\n    apiKeys: { anthropic: process.env.ANTHROPIC_API_KEY },\n  },\n});\n\nawait server.start();\n```\n\n### Option C: Standalone Agent\n\nRun an agent as its own process (recommended for production):\n\n```bash\nnode dist/cli.js agent --env-file=.env.fola\n```\n\nEach agent runs independently with its own port, connects to the shared database, and registers with the main server for health checks and lifecycle management.\n\n---\n\n## Architecture\n\n```\n┌──────────────────────────────────────────────────────────────┐\n│                     Admin Dashboard (28 pages)                │\n│         React · Dark/Light themes · Real-time updates         │\n│   Agents · Workforce · DLP · Compliance · Vault · Knowledge   │\n│   Activity · Journal · Guardrails · Task Pipeline · Audit     │\n├──────────────────────────────────────────────────────────────┤\n│                      Hono API Server                          │\n│   Auth · Admin · Engine (82 modules) · Middleware (9 layers)  │\n├──────────────────────────────────────────────────────────────┤\n│                    Engine Core                                │\n│  Lifecycle · Permissions · DLP · Guardrails · Compliance      │\n│  Journal · Approvals · Policies · Knowledge · Memory          │\n│  Communication · Workforce · Vault · Storage · Autonomy       │\n│  Onboarding · Soul Library · Tool Catalog · OAuth Connect     │\n│  Meeting Monitor · Voice Intelligence · Activity Tracking     │\n├──────────────────────────────────────────────────────────────┤\n│                   Agent Runtime                               │\n│  LLM Client (multi-provider) · Session Manager               │\n│  Tool Executor (270+ tools) · Sub-Agent Spawning              │\n│  Budget Gates · Model Fallback · Streaming                    │\n├──────────────────────────────────────────────────────────────┤\n│              Messaging \u0026 Channels                             │\n│  Email (Gmail/Outlook) · Telegram · WhatsApp                  │\n│  Google Chat · Browser Automation · Voice/Meetings            │\n├──────────────────────────────────────────────────────────────┤\n│            Integration Layer                                  │\n│  145 SaaS Adapters · 13 Google Workspace Services             │\n│  MCP Framework · OAuth Connect · Dependency Manager           │\n├──────────────────────────────────────────────────────────────┤\n│               Database Adapter Layer                          │\n│  Postgres · MySQL · SQLite · MongoDB · DynamoDB · Turso       │\n│  Supabase · Neon · PlanetScale · CockroachDB                  │\n│  Smart pooler detection · Auto-optimized connections          │\n└──────────────────────────────────────────────────────────────┘\n```\n\n### Middleware Stack\n\n| Layer | Purpose |\n|-------|---------|\n| Request ID | UUID per request for distributed tracing |\n| Transport Encryption | Optional AES-GCM encryption for all API responses |\n| Security Headers | CSP, HSTS, X-Frame-Options, X-Content-Type-Options |\n| CORS | Configurable origins |\n| Rate Limiting | Per-IP, configurable RPM (default: 120) |\n| IP Firewall | CIDR-based access control |\n| Audit Logging | Every mutating action logged with actor, org, timestamp |\n| RBAC | Role-based access (owner, admin, member, viewer) |\n| Org Scoping | Automatic data isolation for multi-tenant deployments |\n\n---\n\n## Dashboard\n\n28 full pages + 23 agent detail tabs, served directly from the enterprise server:\n\n### Platform Pages\n\n| Page | Description |\n|------|-------------|\n| **Dashboard** | Setup checklist, quick stats, getting started guide |\n| **Agents** | Create, configure, start/stop, monitor all agents |\n| **Users** | User management, roles, org assignment, impersonation |\n| **Organizations** | Client org management, billing, access control |\n| **Org Chart** | Visual organizational hierarchy |\n| **Workforce** | Shifts, schedules, on-call, capacity, clock records |\n| **Task Pipeline** | Visual task flow, node-based pipeline editor |\n| **Messages** | Agent-to-agent communication hub |\n| **Knowledge** | Document upload, chunking, RAG search |\n| **Knowledge Contributions** | Agent-contributed knowledge review |\n| **Knowledge Import** | Bulk import from external sources |\n| **Skills** | Enterprise skill management and assignment |\n| **Community Skills** | Marketplace: browse, install, configure, update |\n| **Skill Connections** | OAuth and credential management for skills |\n| **DLP** | Rules, rule packs (7 enterprise packs), violations, scanning |\n| **Guardrails** | Intervention rules, anomaly detection, agent safety |\n| **Compliance** | SOC 2, GDPR, SOX, Incident, Access Review reports |\n| **Journal** | Action journal with detail modal and rollback |\n| **Audit Log** | Complete audit trail with org filtering |\n| **Activity** | Real-time tool calls, conversations, cost tracking |\n| **Approvals** | Human-in-the-loop approval queue |\n| **Vault** | Encrypted credential storage, API keys, OAuth tokens |\n| **Database Access** | Agent database connection management |\n| **Memory Transfer** | Cross-agent memory sharing |\n| **Roles** | Custom agent role template management (51 built-in) |\n| **Settings** | Company, security, SSO, 2FA, branding, email config |\n| **Domain Status** | Cloudflare tunnel, DNS, deployment health |\n| **Login** | Setup wizard (first run) / login with 2FA support |\n\n### Agent Detail Tabs (per agent)\n\n| Tab | Description |\n|-----|-------------|\n| Overview | Status, health, metrics, quick actions |\n| Personal Details | Name, email, phone, avatar, identity |\n| Configuration | Model, temperature, system prompt, soul |\n| Permissions | Tool-level allow/deny, preset profiles |\n| Skills | Assigned skills with risk levels |\n| Tools | Available tools with security policies |\n| Tool Security | Per-tool DLP and guardrail overrides |\n| Email | Gmail OAuth, signature, email config |\n| Channels | Telegram, WhatsApp, Google Chat setup |\n| WhatsApp | WhatsApp Business integration |\n| Communication | Agent messaging preferences |\n| Memory | Long-term memory viewer/editor |\n| Autonomy | Clock, daily catchup, goals, knowledge schedules |\n| Budget | Token limits, cost caps, alerts |\n| Workforce | Shift assignments, availability |\n| Guardrails | Agent-specific intervention rules |\n| Activity | Agent-specific activity feed |\n| Security | API keys, access controls |\n| Deployment | Runtime config, health endpoint |\n| Manager | Supervisor/manager assignment |\n| Meeting Browser | Meeting attendance and voice config |\n| Personal Details | Birthday, timezone, language |\n\n### Features\n\n- **Dark/Light themes** with CSS custom properties\n- **Dynamic brand color** from company settings\n- **Org switcher** on every page for multi-tenant filtering\n- **Real-time SSE streaming** for live updates\n- **49 built-in documentation pages** accessible from the dashboard\n- **Transport encryption** — Optional AES-GCM encryption for all API traffic\n\n---\n\n## Agent Runtime\n\nFull standalone agent execution — agents run as independent processes with their own port, tools, memory, and messaging channels.\n\n### Runtime Features\n\n| Feature | Description |\n|---------|-------------|\n| **Multi-Provider LLM** | Anthropic, OpenAI, xAI (Grok), Google — with automatic model fallback |\n| **Session Manager** | Incremental message persistence, crash recovery, session resume |\n| **Tool Executor** | 270+ tools with permission checking and DLP scanning |\n| **Sub-Agent Spawning** | Spawn child agents for parallel work |\n| **Budget Gates** | Cost check before every LLM call, hard limits with alerts |\n| **Streaming** | SSE streaming for real-time dashboard updates |\n| **Multimodal** | Process images, videos, documents from Telegram/WhatsApp |\n| **Dependency Manager** | Auto-detect, install, and clean up system dependencies |\n| **Email Channel** | Bi-directional Gmail/Outlook with OAuth |\n| **Messaging** | Telegram long-polling, WhatsApp webhook |\n| **Browser** | Full Playwright-based web automation |\n| **Voice** | ElevenLabs TTS, meeting voice intelligence |\n| **Memory** | DB-backed long-term memory with semantic search |\n| **Heartbeat** | Configurable periodic checks (email, calendar, health) |\n| **Autonomy** | Clock in/out, morning triage, daily catchup, goal tracking |\n\n### Standalone Agent Mode\n\n```bash\n# .env.fola\nDATABASE_URL=postgresql://...  # Shared DB (auto-optimized for pooler)\nAGENT_ID=3eecd57d-03ae-440d-8945-5b35f43a8d90\nPORT=3102\nANTHROPIC_API_KEY=sk-ant-...\n\n# Start\nnode dist/cli.js agent --env-file=.env.fola\n```\n\nThe agent automatically:\n- Connects to the shared database (with smart pooler detection)\n- Loads its configuration, permissions, and soul from DB\n- Starts messaging channels (Telegram, WhatsApp, email)\n- Begins autonomy features (clock in, morning triage)\n- Registers health endpoint for dashboard monitoring\n\n---\n\n## Agent Tools\n\n270+ tools organized by category, with **intelligent tiered loading** to minimize token costs:\n\n### Smart Tool Loading\n\nTools are loaded on-demand using a 3-tier system — agents don't pay for 270 tool definitions on every message:\n\n| Tier | When Loaded | Example |\n|------|-------------|---------|\n| **Tier 1 — Essential** | Always loaded (~20 tools, ~3K tokens) | File I/O, memory, management, search |\n| **Tier 2 — Contextual** | Auto-loaded by channel + conversation signals | Gmail when user says \"email\", Teams when on Teams |\n| **Tier 3 — Specialist** | On-demand via `request_tools` | Slides, Forms, Power BI, security scanning |\n\nA simple \"Thank you\" on Telegram loads ~50 tools (~8K tokens) instead of 270 (~33K tokens) — **75% token savings**. The agent can always request more tools mid-conversation, and conversation signals auto-promote relevant tools (mention \"calendar\" → calendar tools load automatically).\n\n### Core Tools\n\n| Tool | Description |\n|------|-------------|\n| `bash` / `shell` | Shell command execution |\n| `browser` | Full Playwright web automation (screenshots, navigation, interaction) |\n| `edit` | Precise file editing with search/replace |\n| `read` / `write` | File I/O |\n| `glob` / `grep` | File discovery and text search |\n| `web_fetch` | HTTP requests with content extraction |\n| `web_search` | Web search (Brave API) |\n\n### Google Workspace Tools\n\n| Tool | Description |\n|------|-------------|\n| `gmail_search` / `gmail_read` / `gmail_send` / `gmail_reply` | Full Gmail access |\n| `gmail_forward` / `gmail_trash` / `gmail_modify` / `gmail_labels` | Gmail management |\n| `gmail_drafts` / `gmail_thread` / `gmail_attachment` / `gmail_profile` | Advanced Gmail |\n| `gmail_get_signature` / `gmail_set_signature` | Signature management |\n| `calendar_list` / `calendar_create` / `calendar_update` / `calendar_delete` | Calendar CRUD |\n| `calendar_find_free` / `calendar_rsvp` | Scheduling |\n| `drive_list` / `drive_search` / `drive_read` / `drive_upload` | Google Drive |\n| `drive_create_folder` / `drive_share` / `drive_export` | Drive management |\n| `contacts_list` / `contacts_search` / `contacts_create` | Google Contacts |\n| `google_chat_send_message` / `google_chat_list_spaces` | Google Chat |\n| `google_docs_*` / `google_sheets_*` / `google_slides_*` | Document editing |\n| `google_forms_*` / `google_tasks_*` | Forms and Tasks |\n| `google_meetings_*` | Meet integration |\n\n### Microsoft 365 Tools\n\n| Tool | Description |\n|------|-------------|\n| `outlook_mail_*` (20 tools) | Read, send, reply, forward, search, drafts, rules, categories, auto-reply, thread |\n| `outlook_calendar_*` (7 tools) | Events, create with Teams link, respond to invites, free/busy |\n| `teams_*` (15 tools) | Channel messages, chats, file sharing, members, presence, status |\n| `onedrive_*` (12 tools) | Files, search, share, move, copy, versions, permissions |\n| `excel_*` (16 tools) | Read/write ranges, tables, charts, formulas, sessions, named ranges, formatting |\n| `sharepoint_*` (10 tools) | Sites, document libraries, lists, search, upload |\n| `onenote_*` (6 tools) | Notebooks, sections, pages, create, update |\n| `planner_*` (6 tools) | Plans, buckets, tasks with ETag concurrency |\n| `todo_*` (6 tools) | Task lists, create, update, complete |\n| `powerpoint_*` (5 tools) | Info, export PDF, thumbnails, templates, embed URLs |\n| `powerbi_*` (8 tools) | Workspaces, reports, dashboards, datasets, DAX queries, refresh |\n| `ms_contacts_*` (5 tools) | Contacts CRUD, people/directory search |\n\nMicrosoft tools auto-detect via OAuth provider — if the agent has Microsoft OAuth configured, all Graph API tools become available. Includes production-grade retry with exponential backoff, 429 rate-limit handling, auto-pagination, and JSON batch support.\n\n### Enterprise Tools\n\n| Tool | Description |\n|------|-------------|\n| `enterprise-code-sandbox` | Isolated code execution |\n| `enterprise-database` | Database queries |\n| `enterprise-documents` | Document processing |\n| `enterprise-http` | Advanced HTTP client |\n| `enterprise-security-scan` | Vulnerability scanning |\n| `enterprise-spreadsheet` | Spreadsheet operations |\n| `knowledge-search` | RAG search across knowledge bases |\n\n### Agent Management Tools\n\n| Tool | Description |\n|------|-------------|\n| `management_escalate` | Escalate to supervisor |\n| `management_delegate` | Delegate task to another agent |\n| `management_status_update` | Report status to manager |\n\n### Messaging Tools\n\n| Tool | Description |\n|------|-------------|\n| `msg_telegram` / `msg_whatsapp` | Send messages via channels |\n| `telegram_download_file` | Download media from Telegram |\n\n### Dependency Management\n\n| Tool | Description |\n|------|-------------|\n| `check_dependency` | Check if system tool is installed |\n| `install_dependency` | Auto-install missing dependencies |\n| `list_dependencies` | List all agent-installed packages |\n| `cleanup_dependencies` | Remove session-installed packages |\n\n---\n\n## Google Workspace Integration\n\nDeep, native integration with 13 Google Workspace services:\n\n| Service | Tools | OAuth Scopes |\n|---------|-------|-------------|\n| **Gmail** | 16 tools | `gmail.modify`, `gmail.send` |\n| **Calendar** | 6 tools | `calendar`, `calendar.events` |\n| **Drive** | 7 tools | `drive` |\n| **Docs** | CRUD + formatting | `documents` |\n| **Sheets** | CRUD + formulas | `spreadsheets` |\n| **Slides** | CRUD + layout | `presentations` |\n| **Forms** | Create + responses | `forms` |\n| **Tasks** | List + manage | `tasks` |\n| **Contacts** | Search + manage | `contacts` |\n| **Chat** | Send + spaces | `chat.messages`, `chat.spaces` |\n| **Meet** | Schedule + join | `calendar` |\n| **Maps** | Places API | API key |\n| **Meeting Voice** | TTS + transcription | ElevenLabs + virtual audio |\n\nAgents can:\n- Read and respond to emails\n- Create and manage calendar events\n- Upload and share Drive files\n- Edit Google Docs, Sheets, and Slides\n- Join Google Meet calls with voice (ElevenLabs TTS + virtual audio device)\n\n---\n\n## Microsoft 365 Integration\n\nDeep, native integration with 13 Microsoft services via Microsoft Graph API:\n\n| Service | Tools | Key Features |\n|---------|-------|-------------|\n| **Outlook Mail** | 20 tools | Full CRUD, threads, rules, categories, auto-reply, drafts, attachments |\n| **Outlook Calendar** | 7 tools | Events, Teams meeting links, free/busy, invite responses |\n| **Teams** | 15 tools | Channels, chats, file sharing, members, presence, status messages |\n| **OneDrive** | 12 tools | Files, search, share, move, copy, versions, permissions |\n| **Excel** | 16 tools | Ranges, tables, charts, formulas, sessions, named ranges, formatting |\n| **SharePoint** | 10 tools | Sites, document libraries, lists, content search |\n| **OneNote** | 6 tools | Notebooks, sections, pages CRUD |\n| **Planner** | 6 tools | Team task management with concurrency control |\n| **To Do** | 6 tools | Personal task lists with reminders |\n| **PowerPoint** | 5 tools | Export, thumbnails, templates, embedding |\n| **Power BI** | 8 tools | Reports, dashboards, DAX queries, dataset refresh |\n| **Contacts** | 5 tools | Contact CRUD, people/directory search |\n\n**Auto-detected via OAuth provider** — connect Microsoft OAuth in the dashboard and all tools become available. Each service has its own dedicated system prompt with tool usage guidance.\n\n**Production-grade Graph API client:**\n- Retry with exponential backoff (3 attempts)\n- 429 rate-limit handling with `Retry-After` header\n- Auto-pagination via `@odata.nextLink` (up to 500 items)\n- JSON batch support (up to 20 requests per batch)\n- Beta endpoint support for preview APIs\n\n---\n\n## 145 SaaS Integration Adapters\n\nPre-built MCP adapters for connecting agents to any SaaS tool:\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eFull adapter list (145)\u003c/b\u003e\u003c/summary\u003e\n\nActiveCampaign · Adobe Sign · ADP · Airtable · Apollo · Asana · Auth0 · AWS · Azure DevOps · BambooHR · Basecamp · BigCommerce · Bitbucket · Box · Brex · Buffer · Calendly · Canva · Chargebee · CircleCI · ClickUp · Close · Cloudflare · Confluence · Contentful · Copper · Crisp · CrowdStrike · Datadog · DigitalOcean · Discord · Docker · DocuSign · Drift · Dropbox · Figma · Firebase · Fly.io · FreshBooks · Freshdesk · Freshsales · Freshservice · Front · GitHub · GitHub Actions · GitLab · Gong · Google Ads · Google Analytics · Google Cloud · Google Drive · GoToMeeting · Grafana · Greenhouse · Gusto · HashiCorp Vault · Heroku · HiBob · Hootsuite · HubSpot · Hugging Face · Intercom · Jira · Klaviyo · Kubernetes · Lattice · LaunchDarkly · Lever · Linear · LinkedIn · LiveChat · Loom · Mailchimp · Mailgun · Microsoft Teams · Miro · Mixpanel · Monday · MongoDB Atlas · Neon · Netlify · NetSuite · New Relic · Notion · Okta · OpenAI · OpsGenie · Outreach · Paddle · PagerDuty · PandaDoc · PayPal · Personio · Pinecone · Pipedrive · Plaid · Postmark · Power Automate · QuickBooks · Recurly · Reddit · Render · RingCentral · Rippling · Salesforce · SalesLoft · Sanity · SAP · Segment · SendGrid · Sentry · ServiceNow · Shopify · Shortcut · Slack · Smartsheet · Snowflake · Snyk · Splunk · Square · Statuspage · Stripe · Supabase · Teamwork · Telegram · Terraform · Todoist · Trello · Twilio · Twitter/X · Vercel · Weaviate · Webex · Webflow · WhatsApp · Whereby · WooCommerce · WordPress · Workday · Wrike · Xero · YouTube · Zendesk · Zoho CRM · Zoom · Zuora\n\n\u003c/details\u003e\n\nEach adapter provides:\n- Tool definitions with parameter schemas\n- API executor with credential resolution from Vault\n- OAuth flow configuration\n- Rate limit handling and pagination\n\n---\n\n## Enterprise Skills\n\n59 pre-built skill definitions:\n\n### Google Workspace Suite (14)\nGmail · Calendar · Drive · Docs · Sheets · Slides · Forms · Meet · Chat · Keep · Sites · Groups · Admin · Vault\n\n### Microsoft 365 Suite (13 services, 90+ tools)\nOutlook Mail (20 tools) · Outlook Calendar (7) · Teams (15) · OneDrive (12) · Excel (16) · SharePoint (10) · OneNote (6) · Planner (6) · To Do (6) · PowerPoint (5) · Power BI (8) · Contacts (5) · Each with dedicated system prompts and Graph API integration with retry, rate-limit handling, pagination, and batch support.\n\n### Polymarket Trading Suite (10 skills, 126 tools)\nInstitutional-grade prediction market trading on [Polymarket](https://polymarket.com). Full details in the [Polymarket Trading Suite](#polymarket-trading-suite) section below.\n- **polymarket** (63 tools) — Trading infrastructure, orders, wallet, risk controls, learning system\n- **polymarket-quant** (14) — Kelly criterion, Black-Scholes, Bayesian, Monte Carlo, RSI/MACD/Bollinger, VaR\n- **polymarket-onchain** (6) — Whale tracking, orderbook depth, on-chain flow, wallet profiling, liquidity mapping\n- **polymarket-optimizer** (6) — Daily scorecard, momentum scanner, quick edge, position heatmap, profit lock, capital recycler\n- **polymarket-social** (5) — Twitter/Reddit/Telegram sentiment, Polymarket comments, social velocity\n- **polymarket-feeds** (5) — Event calendar, official sources (SCOTUS/SEC/Fed/ESPN), odds aggregation, breaking news\n- **polymarket-analytics** (5) — Market correlation, arbitrage scanning, regime detection, smart money index\n- **polymarket-execution** (4) — Sniper orders, TWAP/VWAP scale-in, hedging, automated exit strategies\n- **polymarket-counterintel** (3) — Manipulation detection, resolution risk scoring, counterparty analysis\n- **polymarket-portfolio** (3) — Portfolio optimization, drawdown monitoring, P\u0026L attribution\n\n### Enterprise Custom Suite (16+)\nCalendar · Code Sandbox · Database · Diff · Documents · Finance · HTTP · Knowledge Search · Logs · Notifications · Security Scan · Spreadsheet · Translation · Vision · Web Research · Workflow\n\n### Soul Templates (51)\n\n14 categories of agent personality templates:\n\n| Category | Examples |\n|----------|---------|\n| Engineering | Full-Stack Developer, DevOps Engineer, QA Engineer |\n| Data | Data Analyst, ML Engineer, BI Analyst |\n| Support | Customer Support, IT Help Desk, Onboarding Specialist |\n| Marketing | Content Creator, SEO Specialist, Social Media Manager |\n| Sales | Sales Rep, Account Executive, BDR |\n| Finance | Financial Analyst, Accountant, Revenue Operations |\n| HR | Recruiter, HR Coordinator, People Operations |\n| Legal | Legal Assistant, Compliance Officer |\n| Operations | Project Manager, Executive Assistant, Office Manager |\n| Security | Security Analyst, GRC Specialist |\n| Design | UX Designer, Brand Designer |\n| Product | Product Manager, Technical Writer |\n| Research | Research Analyst, Competitive Intelligence |\n| Custom | Build your own from scratch |\n\nCustom role templates can be created and managed via the **Roles** dashboard page.\n\n---\n\n## Polymarket Trading Suite\n\nInstitutional-grade autonomous prediction market trading on [Polymarket](https://polymarket.com) (Polygon/USDC). Deploy AI agents that research, analyze, execute, and learn from trades — with full risk management, multi-layer monitoring, and a 23-tab real-time dashboard.\n\n**126 tools across 10 skill modules. 23 dashboard tabs. 17+ database tables. 75+ API routes. 12 watcher types. 3 trading modes.**\n\n### Trading Modes\n\n| Mode | Behavior |\n|------|----------|\n| **Approval** (default) | All trades queue to \"Pending Trades\" for human review. Manager approves/rejects from the dashboard. |\n| **Autonomous** | Auto-executes trades that pass all risk checks: size \u003c max, count \u003c daily limit, positive Kelly edge, no circuit breaker. All trades logged and auditable. |\n| **Paper** | Simulated trading. Records predictions, tracks P\u0026L as if real money. Useful for testing strategies. |\n\n### Dashboard (23 Tabs)\n\nThe Polymarket dashboard is a full trading terminal with real-time data:\n\n| Group | Tabs |\n|-------|------|\n| **Trading** | Overview, Wallet, Pending Orders, Trades, Paper, Goals |\n| **Automation** | Monitors, Signals |\n| **Journal** | Journal, Strategies, Lessons |\n| **Orders** | Orders, Hedges, Exit Rules |\n| **Intelligence** | On-Chain, Social, Events, Alerts |\n| **Analytics** | Analytics, Drawdown, Attribution, Calibration |\n| **Settings** | Proxy |\n\n**Key dashboard features:**\n- **Live Position Chart** — Real-time streaming prices from Polymarket CLOB, updated every 3 seconds, multi-line chart showing % change from entry for each open position\n- **Daily Scorecard** — Realized + unrealized P\u0026L, win rate, target progress, available capital, open positions\n- **Buy/Sell Modals** — Search markets, review orderbook depth, confirm trades with risk checks\n- **SSE Real-Time Updates** — Dashboard auto-refreshes on new trades, signals, alerts, and position changes\n- **Wallet Management** — Balance, transactions, transfers, token swaps, conditional token redemption, whitelisted addresses, security PIN\n\n### Monitoring \u0026 Automation\n\nTwo independent monitoring layers run 24/7, even with no active agent session:\n\n#### Watchers (AI-Powered, 12 Types)\n\nServer-side every 15 seconds. AI analyzes raw data with configurable LLM (Grok, GPT-4o-mini, etc.):\n\n| Watcher Type | What It Detects |\n|-------------|-----------------|\n| **price_level** | Price crosses a target threshold (above/below) |\n| **price_change** | Percentage price movement (e.g., 10% move) |\n| **news_intelligence** | Breaking news impact on markets (AI-analyzed) |\n| **geopolitical** | War, elections, sanctions, regime changes (AI-analyzed) |\n| **sentiment_shift** | Twitter/Reddit consensus shifts |\n| **volume_surge** | Unusual trading activity spikes |\n| **crypto_price** | Cryptocurrency price tracking for crypto-exposed markets |\n| **resolution_watch** | Market resolution detection |\n| **portfolio_drift** | Category exposure exceeds threshold |\n| **cross_signal** | Correlation between multiple market signals |\n| **arbitrage_scan** | YES+NO != $1.00 or multi-outcome inconsistencies |\n| **market_scan** | Bulk market scanning by category or keyword |\n\n**Auto-trade capability:** Watchers can auto-execute trades when critical signals fire:\n```json\n{ \"auto_action\": { \"action\": \"SELL\", \"token_id\": \"...\", \"size\": 10, \"market_question\": \"...\" } }\n```\n\n#### Alerts (Simple Price Triggers)\n\nPrice-level triggers with optional auto-trade execution:\n\n| Pattern | How It Works |\n|---------|-------------|\n| **Stop-loss** | Alert at max loss threshold → auto-SELL |\n| **Take-profit** | Alert at profit target (e.g., entry $0.52, target $0.676) → auto-SELL |\n| **Dip buy** | Alert when price drops below target → auto-BUY |\n| **News-driven** | Watcher detects bad/good news → auto-exit/enter |\n\n#### Automatic Exit System (3-Layer OCO)\n\nEvery BUY is auto-protected with three layers — no manual setup required:\n\n1. **Bracket Take-Profit** — Auto-sells at +15% above buy price\n2. **Bracket Stop-Loss** — Auto-sells at -10% below buy price\n3. **Trailing Stop** — Tracks peak price, sells if drops 12% from peak\n\nAll three are OCO (One-Cancel-Other): when any fires, the others auto-cancel. Configurable via `poly_bracket_config`.\n\n### 126 Agent Tools (10 Skill Modules)\n\n#### Market Discovery \u0026 Screening\n| Tool | Purpose |\n|------|---------|\n| `poly_search_markets` | Keyword search across all markets |\n| `poly_screen_markets` | Strategy-based screening (high_volume, momentum, contested, closing_soon, best_opportunities) |\n| `poly_get_market` | Get full market data by slug |\n| `poly_momentum_scanner` | Find price movers right now |\n| `poly_breaking_news` | News-driven opportunities |\n| `poly_calendar_events` | Upcoming market-moving events |\n| `poly_odds_aggregator` | Compare odds vs other prediction/betting platforms |\n\n#### Quantitative Analysis (14 Tools)\nKelly criterion, Black-Scholes binary pricing, Bayesian probability updates, Monte Carlo simulations, RSI/MACD/Bollinger Bands, historical/implied volatility, statistical arbitrage, Value-at-Risk, market entropy, and more.\n\n#### On-Chain Intelligence (6 Tools)\nWhale tracking, L2 orderbook depth analysis, net buy/sell flow detection, wallet sophistication profiling, liquidity mapping, CTF framework transaction decoding.\n\n#### Social \u0026 News Intelligence (5 Tools)\nTwitter sentiment analysis, Reddit consensus, Telegram alpha monitoring, Polymarket community discussion, social velocity (sentiment acceleration).\n\n#### Market Analytics (5 Tools)\nPearson correlation detection, arbitrage scanning (free money when YES+NO != $1), regime detection (trending vs mean-reverting via Hurst exponent), smart money index (composite of whale + orderbook + momentum), manipulation detection (wash trading/spoofing).\n\n#### Execution (4 Tools)\n| Tool | Purpose |\n|------|---------|\n| `poly_place_order` | Standard order execution |\n| `poly_sniper` | Trailing limit orders for time-sensitive entries |\n| `poly_scale_in` | TWAP/VWAP for large positions (\u003e$50) |\n| `poly_hedge` | Correlation-based hedging |\n\n#### Position \u0026 Portfolio Management\n| Tool | Purpose |\n|------|---------|\n| `poly_exit_strategy` | Configure SL/TP/trailing/time-based exits per position |\n| `poly_position_heatmap` | Urgency-ranked view of open positions (CRITICAL/HIGH/MEDIUM/LOW) |\n| `poly_portfolio_optimizer` | Concentration analysis and rebalancing suggestions |\n| `poly_drawdown_monitor` | Portfolio drawdown tracking with threshold alerts |\n| `poly_capital_recycler` | Evaluate redeployment opportunities for freed capital |\n| `poly_profit_lock` | Circuit breaker — halts trading if daily loss threshold exceeded |\n| `poly_daily_scorecard` | Daily P\u0026L dashboard with realized/unrealized breakdown |\n| `poly_pnl_attribution` | P\u0026L breakdown by market and category |\n\n#### Learning \u0026 Calibration System\n| Tool | Purpose |\n|------|---------|\n| `poly_record_prediction` | Pre-trade journal: predicted outcome, confidence, signals, reasoning |\n| `poly_resolve_prediction` | Post-trade: actual outcome, was_correct, P\u0026L |\n| `poly_trade_review` | Win/loss analysis with lessons extraction |\n| `poly_record_lesson` | Store actionable lessons by category (entry timing, risk management, etc.) |\n| `poly_recall_lessons` | Retrieve relevant lessons before trading similar markets |\n| `poly_calibration` | Confidence calibration: tracks overconfidence/underconfidence across 10 buckets |\n| `poly_strategy_performance` | Win rate, total P\u0026L, Brier score by strategy |\n\n#### Counter-Intelligence (3 Tools)\nManipulation detection (wash trading, spoofing, layering), resolution risk scoring (ambiguous resolution criteria), counterparty analysis (retail vs whale distribution).\n\n### Risk Management\n\nBuilt-in risk rules enforced at the system level:\n\n| Rule | Limit |\n|------|-------|\n| Max position size | 5% of bankroll (half-Kelly or quarter-Kelly) |\n| Max single-market exposure | 20% of portfolio |\n| Max category exposure | 30% of portfolio |\n| Drawdown \u003e 15% | Reduce all positions by 50% |\n| Drawdown \u003e 25% | Close all positions |\n| Daily loss \u003e 5% | Halt trading |\n| Min liquidity | $5K (skip markets below this) |\n| Slippage \u003e 2% | Limit orders only |\n| Slippage \u003e 5% | Walk away |\n| Resolution proximity | Exit 24h before unless \u003e90% conviction |\n\n**Circuit breakers:** `poly_profit_lock` enforces trading mode changes based on daily P\u0026L (NORMAL → CONSERVATIVE → LOCKED).\n\n### Trading Philosophy\n\nThe system prompt enforces **profit over activity** with four time horizons:\n\n| Horizon | Duration | Strategy |\n|---------|----------|----------|\n| **Scalp** | Minutes-hours | Momentum, news spikes, mispricing |\n| **Swing** | 1-7 days | Trend-following, event anticipation |\n| **Position** | 1-4 weeks | Fundamental conviction, value bets |\n| **Hold to resolution** | Weeks-months | Deep research, contrarian, \u003e15% edge |\n\nAgents are guided to prioritize managing existing positions over placing new trades. No good setups = no new trades.\n\n### Wallet \u0026 Security\n\n| Feature | Description |\n|---------|-------------|\n| **Encrypted storage** | Private keys and API credentials stored encrypted in `poly_wallet_credentials` |\n| **Multi-RPC fallback** | 5 Polygon RPCs tried sequentially — never caches failed $0 balances |\n| **Whitelisted addresses** | Per-address transfer limits (per-tx + daily caps) |\n| **Transfer approval** | All transfers require dashboard approval |\n| **Security PIN** | Optional PIN for sensitive wallet operations |\n| **Token swaps** | USDC.e/USDC/MATIC swaps from dashboard |\n| **Conditional token redemption** | Redeem winning positions directly from dashboard |\n\n### Proactive Agent Behavior\n\nThe watcher engine periodically wakes trading agents for portfolio checks:\n\n1. **Priority 1 — Manage Positions:** Check unread signals, review daily P\u0026L, check position heatmap, verify exit conditions, monitor drawdown\n2. **Priority 2 — Review Performance:** Check calibration accuracy, review P\u0026L attribution, evaluate goals\n3. **Priority 3 — Find Opportunities:** Only if genuine edge exists — momentum scan, breaking news, then full analysis pipeline\n\nAgents are never pressured to hit trade count targets. The system respects agent pause commands and balance gates (won't wake if wallet \u003c $5).\n\n### Database Tables (17+)\n\n| Table | Purpose |\n|-------|---------|\n| `poly_wallet_credentials` | Encrypted keys, API creds, RPC URLs |\n| `poly_trading_config` | Agent trading parameters, mode, limits |\n| `poly_pending_trades` | Approval-gated trade queue |\n| `poly_trade_log` | Complete trade history with fills, fees, P\u0026L |\n| `poly_price_alerts` | Price triggers with optional auto-trade |\n| `poly_paper_positions` | Paper trading simulation positions |\n| `poly_daily_counters` | Daily trade count + loss tracking |\n| `poly_auto_approve_rules` | Auto-approval by category/size |\n| `poly_whitelisted_addresses` | Approved withdrawal addresses |\n| `poly_transfer_requests` | Transfer approval queue |\n| `poly_predictions` | Pre-trade prediction journal |\n| `poly_strategy_stats` | Strategy win rates, P\u0026L, Brier scores |\n| `poly_lessons` | Distilled lessons learned |\n| `poly_calibration` | Confidence calibration buckets |\n| `poly_watchers` | Watcher configurations |\n| `poly_watcher_events` | AI-analyzed signals |\n| `poly_watcher_config` | LLM model + budget for watchers |\n| `poly_proxy_config` | CLOB proxy (HTTP/SSH SOCKS) |\n\n### Getting Started with Polymarket\n\n1. **Create an agent** with the Polymarket skill assigned\n2. Agent runs `poly_create_account` → `poly_setup_wallet` → `poly_set_allowances`\n3. Fund the wallet with USDC.e on Polygon\n4. Configure watcher AI model: `poly_watcher_config action=set provider=xai model=grok-3-mini`\n5. Agent runs `poly_setup_monitors` to create the full monitoring suite\n6. Set trading mode: approval (default), autonomous, or paper\n7. Monitor everything from the 23-tab dashboard\n\n---\n\n## Database Backends\n\n10 backends, all implementing the same adapter interface with full feature parity:\n\n| Backend | Type | Best For |\n|---------|------|----------|\n| **PostgreSQL** | SQL | Production (recommended) |\n| **Supabase** | Managed Postgres | Quick setup, free tier available |\n| **Neon** | Serverless Postgres | Serverless deployments |\n| **CockroachDB** | Distributed Postgres | Global scale |\n| **MySQL / MariaDB** | SQL | Existing MySQL infrastructure |\n| **PlanetScale** | Managed MySQL | Serverless MySQL |\n| **SQLite** | Embedded | Development, small deployments |\n| **Turso** | LibSQL (edge) | Edge deployments |\n| **MongoDB** | NoSQL | Document-oriented workloads |\n| **DynamoDB** | AWS NoSQL | AWS-native deployments |\n\n### Smart Connection Auto-Configuration\n\nWhen you provide a `DATABASE_URL`, the system automatically:\n\n1. **Detects your provider** — Supabase, Neon, or generic Postgres from the hostname\n2. **Optimizes the connection** — Switches Supabase session mode (port 5432) to transaction mode (port 6543), adds `?pgbouncer=true`\n3. **Generates a direct URL** — For migrations and DDL operations that need real transactions (bypasses PgBouncer)\n4. **Configures pool sizing** — Conservative pool limits for shared PgBouncer setups (max 3 per process), generous for direct connections (max 10)\n5. **Sets idle timeouts** — 2s for PgBouncer (fast release), 30s for direct connections\n6. **Handles connection errors gracefully** — Automatic retry with ROLLBACK recovery for aborted transactions\n\n```typescript\nimport { smartDbConfig, createAdapter } from '@agenticmail/enterprise';\n\n// Automatically optimized — no manual config needed\nconst db = await createAdapter(smartDbConfig('postgresql://postgres.ref:pass@pooler.supabase.com:5432/postgres'));\n// → Switches to port 6543, adds ?pgbouncer=true, generates direct URL for migrations\n```\n\nThe setup wizard shows all auto-configurations in the UI:\n- 🟢 Provider detection (Supabase, Neon)\n- ✨ Auto-configured optimizations (pooler mode, pgbouncer param)\n- 🔗 Pooler URL and Direct URL (for migrations)\n\n---\n\n## Security \u0026 Compliance\n\n### Authentication\n\n| Feature | Details |\n|---------|---------|\n| **Session cookies** | `httpOnly` cookies (`em_session`, `em_refresh`, `em_csrf`) — not localStorage |\n| **CSRF protection** | Double-submit cookie pattern |\n| **2FA / TOTP** | Time-based one-time passwords with backup codes |\n| **SSO** | Google, Microsoft, GitHub, Okta, SAML 2.0, LDAP |\n| **Password hashing** | bcrypt with cost factor 12 |\n| **JWT** | Short-lived access + long-lived refresh tokens |\n| **Impersonation** | Admin can impersonate users with full audit trail |\n\n### Authorization\n\n| Feature | Details |\n|---------|---------|\n| **RBAC** | 4 roles: owner, admin, member, viewer |\n| **Per-tool permissions** | Allow/deny at individual tool level |\n| **5 preset profiles** | Research Assistant, Customer Support, Developer, Full Access, Sandbox |\n| **Approval workflows** | Human-in-the-loop for sensitive operations |\n| **Escalation chains** | Multi-level escalation with time-based auto-escalation |\n| **Budget gates** | Hard cost limits per agent with warning thresholds |\n| **Org-bound access** | External client users see only their org's data |\n\n### Transport Encryption\n\nOptional AES-GCM encryption for all API responses:\n- Dashboard derives encryption key from user password\n- All API responses wrapped in `{\"_enc\":\"...\"}` in the network tab\n- SSE streams excluded (EventSource can't send custom headers)\n- Protects against network-level MITM even without HTTPS\n\n### Compliance Reporting\n\n5 report types with full HTML export for auditors:\n\n| Report | Standard | Content |\n|--------|----------|---------|\n| **SOC 2 Type II** | Trust Service Criteria CC1-CC9 | Executive summary, risk score (A-F), control effectiveness, findings |\n| **GDPR DSAR** | EU Data Protection | Data subject access request processing |\n| **SOX Audit Trail** | Sarbanes-Oxley | Financial controls and audit trail |\n| **Incident Report** | Custom | Security incident documentation |\n| **Access Review** | Custom | User and agent access audit |\n\nReports include:\n- Agent names resolved (not raw UUIDs)\n- Organization/company name\n- Generator identity\n- Both positive (controls in place) and negative (gaps) findings\n- Professional HTML export with enterprise styling\n\n### Action Journal \u0026 Rollback\n\nEvery agent action is journaled with:\n- Before/after state snapshots\n- Actor identity and timestamp\n- Rollback capability for reversible actions\n- Detail modal with full context\n- Org-scoped filtering\n\n### Audit Logging\n\nEvery mutating API call is logged with:\n- Actor (user or agent)\n- Organization scope\n- Action type and details\n- IP address and request ID\n- Org-scoped filtering in dashboard\n\n---\n\n## Data Loss Prevention (DLP)\n\nEnterprise-grade DLP with real-time content scanning:\n\n### 7 Pre-Built Rule Packs (53 rules)\n\n| Pack | Rules | Examples |\n|------|-------|---------|\n| **PII Protection** | 8 | SSN, email, phone, address, DOB, passport, driver's license |\n| **Credentials \u0026 Secrets** | 8 | API keys, passwords, private keys, tokens, connection strings |\n| **Financial Data** | 8 | Credit cards, bank accounts, tax IDs, financial statements |\n| **Healthcare (HIPAA)** | 7 | Medical records, diagnoses, prescriptions, insurance IDs |\n| **GDPR Compliance** | 7 | EU personal data, consent records, genetic data, biometrics |\n| **Intellectual Property** | 8 | Source code, trade secrets, patents, M\u0026A, board minutes |\n| **Agent Safety** | 7 | Prompt injection, jailbreak, unauthorized escalation, data exfil |\n\n### DLP Features\n\n- **One-click rule pack deployment** — Apply entire packs from the dashboard\n- **Per-rule enable/disable** — Toggle rules without deleting them\n- **Rule editing** — Full modal editor for pattern, action, severity\n- **Detail modal** — Click any rule to see full configuration\n- **Violation tracking** — Real-time scanning with severity levels\n- **Org-scoped** — Rules and violations filtered by organization\n\n---\n\n## Multi-Tenant \u0026 Organizations\n\n### Internal Organizations\n\n- Multiple organizations within one deployment\n- Org switcher on every dashboard page\n- Org-scoped data: agents, users, audit logs, vault, DLP, compliance, workforce, activity\n- 4 plan tiers: Free (3 agents), Team (25), Enterprise (unlimited), Self-Hosted (unlimited)\n\n### External Client Organizations\n\n- Create client organizations for external customers\n- Bind users to a client org with \"full access\"\n- **Strict data isolation** — org-bound users only see their client org's data\n- Impersonation respects org boundaries\n- Billing records per client org per agent per month\n\n### SSO Configuration\n\n| Provider | Protocol |\n|----------|----------|\n| Google | OAuth 2.0 |\n| Microsoft | OAuth 2.0 |\n| GitHub | OAuth 2.0 |\n| Okta | OAuth 2.0 / SAML |\n| SAML 2.0 | Generic |\n| LDAP | LDAP/LDAPS |\n\n---\n\n## Workforce Management\n\nManage agents like employees:\n\n| Feature | Description |\n|---------|-------------|\n| **Shift Schedules** | Define work hours per agent, per day |\n| **On-Call Rotations** | Automatic rotation schedules |\n| **Capacity Planning** | Track agent utilization and availability |\n| **Clock Records** | Automatic clock in/out with timestamp logging |\n| **Off-Duty Enforcement** | Guardrails prevent agents from working outside shifts |\n| **Vacation Auto-Responder** | Automatic responses when agent is \"on vacation\" |\n| **Birthday Automation** | Sends birthday emails on agent DOB |\n| **Org-Scoped** | Workforce data filtered by organization |\n\n---\n\n## Knowledge Base \u0026 RAG\n\n| Feature | Description |\n|---------|-------------|\n| **Document Ingestion** | Upload documents for chunking and indexing |\n| **BM25F Search** | Full-text search across knowledge bases |\n| **RAG Retrieval** | Automatic context injection into agent prompts |\n| **Multi-KB Support** | Multiple knowledge bases per org |\n| **Agent Access Control** | Per-agent knowledge base permissions |\n| **Contribution System** | Agents contribute learned knowledge back |\n| **Bulk Import** | Import from external sources |\n\n---\n\n## Communication \u0026 Task Pipeline\n\n### Agent-to-Agent Messaging\n\n- Direct messages between agents\n- Broadcast messages to all agents\n- Topic-based channels\n- Priority levels: normal, high, urgent\n- Email-based delivery via agent addresses\n\n### Task Pipeline\n\n- **Real-time table view** — Paginated task list with search, sort, and status tabs (Active, Completed, Failed, All)\n- **Live SSE updates** — Tasks appear, update, and move between tabs instantly as agents work\n- **Cross-process webhook relay** — Standalone agent processes notify the enterprise server, so the dashboard updates in real-time even when agents run as separate processes\n- **Delegation chain visualization** — Click any task to see the full delegation flow (who assigned → who worked → review loops)\n- **Stats cards** — Active, completed, failed counts with today's metrics, token usage, and cost\n- **Org-scoped views** — Client org users only see their agents' tasks\n- **Activity log** — Per-task activity timeline with search and type filtering\n\n### External Channels\n\n| Channel | Mode | Features |\n|---------|------|----------|\n| **Email (Gmail)** | OAuth | Full CRUD, attachments, signatures |\n| **Email (Outlook)** | OAuth | Full CRUD, attachments, rules, auto-reply, categories |\n| **Microsoft Teams** | OAuth | Channels, chats, file sharing, presence, status |\n| **Telegram** | Long-polling | Text, media (images/video/docs), inline buttons |\n| **WhatsApp** | Webhook | Text, media, templates |\n| **Google Chat** | Webhook + API | Messages, spaces, reactions |\n\n---\n\n## Agent Autonomy System\n\nAgents operate independently with configurable autonomy features:\n\n| Feature | Description |\n|---------|-------------|\n| **Clock In/Out** | Agents clock in at shift start, out at end |\n| **Morning Triage** | Scan overnight accumulation on first clock-in |\n| **Daily Catchup** | Scheduled daily summary and planning |\n| **Weekly Catchup** | Monday morning weekly review |\n| **Goal Tracking** | Check goal progress at configured times |\n| **Knowledge Updates** | Weekly knowledge base contribution |\n| **Heartbeat** | Periodic health checks with configurable intervals |\n\n---\n\n## 🎙️ Meeting \u0026 Voice Intelligence — Agents That Join Calls and Speak\n\n**Your AI agents join Google Meet calls and participate with natural human-like voice.** This isn't a transcription bot — agents actually listen, understand context, and respond verbally in real-time using ElevenLabs TTS.\n\n- **Join any Google Meet** — Agent opens the browser, clicks \"Join\", and enters the meeting\n- **Speak with natural voice** — ElevenLabs TTS generates human-quality speech routed through a virtual audio device\n- **Listen and understand** — Real-time transcription feeds into the agent's context so it knows what's being discussed\n- **Context-aware responses** — Agent draws on its email, calendar, documents, and memory to give informed answers\n- **Multi-agent meetings** — Multiple agents can join the same call and collaborate\n- **Automatic meeting notes** — Agent generates summaries and action items after the call\n\n**Use cases:** Daily standups, client demos, team syncs, investor updates, sales calls, onboarding sessions, interview screening.\n\n| Feature | Description |\n|---------|-------------|\n| **Meeting Voice** | ElevenLabs TTS through virtual audio device |\n| **Meeting Monitor** | Track Google Meet attendance |\n| **Voice Intelligence** | Real-time transcription and analysis |\n| **Browser-Based** | Joins via Playwright browser automation |\n| **sox + Virtual Audio** | Audio routing for meeting participation |\n\n---\n\n## Multimodal Support\n\nAgents can process media sent via messaging channels:\n\n| Media Type | Support |\n|------------|---------|\n| **Images** | Received as base64, sent to LLM as vision content blocks |\n| **Videos** | Downloaded and processed locally |\n| **Documents** | Downloaded for analysis |\n| **Voice Notes** | Transcription via Whisper |\n\nMedia handling includes:\n- Automatic download from Telegram/WhatsApp\n- Base64 encoding for LLM vision models\n- Temporary file cleanup\n- Dependency auto-installation (ffmpeg, etc.)\n\n---\n\n## Deployment\n\n### Zero-Config (Recommended)\n\n```bash\nnpx @agenticmail/enterprise\n```\n\nThe setup wizard handles everything. After setup, the system is **self-managing**.\n\n### Automatic System Persistence\n\nAgenticMail automatically configures itself to survive reboots, crashes, and network outages — **you never run a single command**:\n\n| Feature | What It Does |\n|---------|-------------|\n| **Auto-start on boot** | Configures OS-level startup (launchd on macOS, systemd on Linux, Windows Service on Windows) |\n| **Crash recovery** | Exponential backoff restart (1.5s → 3s → 6s → 12s → 15s cap). Max 50 restarts before stopping |\n| **Memory protection** | Auto-restart if process exceeds memory limit (512MB server, 384MB agents) |\n| **Log rotation** | Auto-installs pm2-logrotate: 10MB max per file, 5 rotated files, compressed |\n| **Process persistence** | Saves process list on every boot — `pm2 resurrect` restores everything automatically |\n| **Graceful shutdown** | 10s timeout for clean shutdown before force-kill |\n\n**Works on every platform — automatically:**\n\n| Platform | Startup Method | User Action Needed |\n|----------|---------------|-------------------|\n| macOS | launchd (LaunchAgent) | None |\n| Linux (Ubuntu/Debian/RHEL) | systemd service | None |\n| Windows | Windows Service | None |\n| Docker | `pm2-runtime` in CMD | None |\n| Raspberry Pi | systemd | None |\n\nAll persistence setup runs **once on first boot** and writes a marker file. Subsequent boots just save the process list silently.\n\n### Self-Update System\n\nAgenticMail includes a built-in self-update system — **4 ways to stay current**:\n\n| Method | How | Best For |\n|--------|-----|----------|\n| **Dashboard banner** | One-click \"Update Now\" button when a new version is detected | GUI users |\n| **CLI command** | `agenticmail-enterprise update` | Terminal users |\n| **Auto-update cron** | `agenticmail-enterprise update --cron` — checks every 6 hours | Set and forget |\n| **Background check** | Server checks npm registry on startup + every 6 hours, logs when update available | Awareness |\n\n```bash\n# One command to update everything\nagenticmail-enterprise update\n\n# Just check, don't install\nagenticmail-enterprise update --check\n\n# Set up automatic updates (cron job / Windows Task Scheduler)\nagenticmail-enterprise update --cron\n```\n\nThe update process: installs the latest npm package globally, finds all AgenticMail PM2 processes, restarts them, and saves the PM2 config. Zero downtime for agents — they restart in seconds.\n\n### Production Log Levels\n\n| Level | What Shows |\n|-------|-----------|\n| `debug` | Everything (verbose) |\n| `info` | Normal operation (default) |\n| `warn` | Warnings and errors only (recommended for production) |\n| `error` | Errors only |\n\nSet `LOG_LEVEL=warn` in your `.env` file for production deployments.\n\n### Manual PM2 (Advanced)\n\n```bash\n# Or use the ecosystem config for full control:\npm2 start ecosystem.config.cjs\npm2 save\n```\n\n### Docker / Fly.io / Railway\n\n```bash\nnpx @agenticmail/enterprise  # Select your deploy target\n# Wizard handles everything\n```\n\n---\n\n## CLI Commands\n\n```bash\n# Interactive setup wizard (default)\nnpx @agenticmail/enterprise\n\n# Start the server\nnpx @agenticmail/enterprise start\n\n# Run a standalone agent\nnpx @agenticmail/enterprise agent --env-file=.env.fola\n\n# Validate a community skill\nnpx @agenticmail/enterprise validate ./community-skills/my-skill/\nnpx @agenticmail/enterprise validate --all --json\n\n# AI-assisted skill scaffolding\nnpx @agenticmail/enterprise build-skill\n\n# Submit a skill to the marketplace\nnpx @agenticmail/enterprise submit-skill ./community-skills/my-skill/\n\n# Domain recovery\nnpx @agenticmail/enterprise recover --domain agents.agenticmail.io --key \u003chex\u003e\n\n# DNS verification\nnpx @agenticmail/enterprise verify-domain\n\n# Self-update\nnpx @agenticmail/enterprise update              # Update + restart all services\nnpx @agenticmail/enterprise update --check       # Check for updates without installing\nnpx @agenticmail/enterprise update --cron        # Set up automatic updates (every 6 hours)\nnpx @agenticmail/enterprise update --no-restart  # Update without restarting PM2\n```\n\n---\n\n## Environment Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `DATABASE_URL` | Database connection string (auto-optimized for poolers) | — |\n| `JWT_SECRET` | JWT signing secret | — |\n| `ENCRYPTION_KEY` | Vault encryption key | — |\n| `MASTER_KEY` | Admin master key (first-run setup) | — |\n| `TRANSPORT_DECRYPT_KEY` | Transport encryption key for API responses | — |\n| `PORT` | Server port | `3000` |\n| `LOG_LEVEL` | Log verbosity: `debug`, `info`, `warn`, `error` | `info` |\n| `CORS_ORIGINS` | Allowed CORS origins (comma-separated) | `*` |\n| `RATE_LIMIT` | Requests per minute per IP | `120` |\n| `DB_POOL_MAX` | Override database connection pool size | Auto (3 for pooler, 10 for direct) |\n| `AGENT_ID` | Agent ID (standalone agent mode) | — |\n| `ANTHROPIC_API_KEY` | Anthropic API key | — |\n| `OPENAI_API_KEY` | OpenAI API key | — |\n| `XAI_API_KEY` | xAI (Grok) API key | — |\n| `GOOGLE_API_KEY` | Google AI API key | — |\n| `ELEVENLABS_API_KEY` | ElevenLabs TTS API key | — |\n| `BRAVE_API_KEY` | Brave Search API key | — |\n| `TELEGRAM_BOT_TOKEN` | Telegram bot token | — |\n| `CLOUDFLARE_TUNNEL_TOKEN` | Cloudflare tunnel token | — |\n\n---\n\n## Community Skills Marketplace\n\nBuild and share skills:\n\n### Creating a Skill\n\n```bash\nnpx @agenticmail/enterprise build-skill\n```\n\n### Skill Manifest\n\n```json\n{\n  \"name\": \"my-skill\",\n  \"version\": \"1.0.0\",\n  \"description\": \"What this skill does\",\n  \"author\": \"your-name\",\n  \"category\": \"productivity\",\n  \"tools\": [\n    {\n      \"name\": \"my_tool\",\n      \"description\": \"Tool description\",\n      \"parameters\": { \"type\": \"object\", \"properties\": {} },\n      \"riskLevel\": \"low\",\n      \"sideEffects\": [\"read\"]\n    }\n  ],\n  \"config\": [\n    { \"name\": \"API_KEY\", \"type\": \"secret\", \"required\": true }\n  ]\n}\n```\n\n### Validation \u0026 Submission\n\n```bash\nnpx @agenticmail/enterprise validate ./my-skill/\nnpx @agenticmail/enterprise submit-skill ./my-skill/\n```\n\nSkills are synced from the GitHub registry every 6 hours to all deployments.\n\n---\n\n## API Reference\n\nThe API is organized into 3 major route groups:\n\n### Auth (`/api/auth/*`)\nLogin, refresh, logout, SSO callbacks, bootstrap, 2FA, impersonation\n\n### Admin (`/api/admin/*`)\nAgent CRUD, user management, settings, audit log, bridge API\n\n### Engine (`/api/engine/*`)\n82 modules exposed across 22+ route sub-apps:\n\n| Sub-App | Routes | Description |\n|---------|--------|-------------|\n| Agents \u0026 Lifecycle | `/agents/*`, `/usage/*`, `/budget/*` | Agent management, health, budgets |\n| DLP | `/dlp/*` | Rules, rule packs, violations, scanning |\n| Guardrails | `/guardrails/*`, `/anomaly-rules/*` | Intervention rules, anomaly detection |\n| Journal | `/journal/*` | Action journal, rollback, detail |\n| Compliance | `/compliance/*` | 5 report types, HTML export |\n| Knowledge | `/knowledge-bases/*` | Documents, RAG, search |\n| Communication | `/messages/*`, `/tasks/*` | Messaging, task pipeline |\n| Workforce | `/workforce/*` | Schedules, shifts, capacity, clock records |\n| Catalog | `/skills/*`, `/souls/*`, `/profiles/*`, `/permissions/*` | Registry |\n| Approvals | `/approvals/*`, `/escalation-chains/*` | Approval workflows |\n| Activity | `/activity/*`, `/stats/*` | Real-time tracking |\n| Vault | `/vault/*` | Encrypted credentials |\n| Storage | `/storage/*` | Dynamic agent databases |\n| OAuth | `/oauth/*` | SaaS OAuth connect |\n| Policies | `/policies/*` | Org policies |\n| Memory | `/memory/*` | Agent memory |\n| Onboarding | `/onboarding/*` | Agent onboarding |\n| Community | `/community/*` | Skill marketplace |\n| Roles | `/roles/*` | Custom role templates |\n| Organizations | `/orgs/*` | Multi-tenant management |\n| Skill Updates | `/skill-updates/*` | Auto-update management |\n| Knowledge Contrib | `/knowledge-contribution/*` | Agent contributions |\n\n---\n\n## Requirements\n\n- **Node.js** 18+ (22+ recommended)\n- **Database** — Any of the 10 supported backends\n- **LLM API Key** — Anthropic, OpenAI, xAI, or Google (at least one)\n\n---\n\n## License\n\nMIT — See [LICENSE](./LICENSE)\n\n---\n\nBuilt with [AgenticMail](https://agenticmail.io) · [Docs](https://docs.agenticmail.io) · [Discord](https://discord.gg/agenticmail)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagenticmail%2Fenterprise","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fagenticmail%2Fenterprise","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fagenticmail%2Fenterprise/lists"}