import * as agents from '../../../../db/repos/agents.js';

// Privilege inventory: which agents exist and what each is allowed to do.
// Returns an explicit projection (never SELECT *) so token/secret columns can
// never leak through this view even if the agents schema grows.
export const agentInventoryTool = {
  name: 'agent_inventory',
  description: 'List every agent and its privilege level (capabilities + scopes). Use to audit who can read/suggest/write and to spot over-privileged agents. Never returns token material.',
  input_schema: { type: 'object', properties: {} },
  async handler(_args, _ctx) {
    const rows = await agents.list();
    const projected = rows.map(a => ({
      id: a.id,
      slug: a.slug,
      name: a.name,
      kind: a.kind,
      model: a.model,
      capabilities: a.capabilities || {},
      scopes: a.scopes || {}
    }));
    return { agents: projected };
  }
};