Upload 33 files

.env

@@ -0,0 +1,30 @@
+# Server Configuration
+PORT=3001
+NODE_ENV=development
+
+# JWT Secret (generate a secure random string)
+JWT_SECRET=your-super-secure-jwt-secret-key-here-min-32-chars
+
+# Google OAuth
+GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
+GOOGLE_CLIENT_SECRET=your-google-client-secret
+
+# Database
+DATABASE_URL=./database.sqlite
+
+# MCP Server Configuration
+MCP_SERVER_URL=https://gemini-mcp-server-production.up.railway.app
+MCP_AUTH_TOKEN=test-token
+
+# Email Configuration (optional - for notifications)
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USER=your-email@gmail.com
+SMTP_PASS=your-app-password
+
+# Frontend URL
+FRONTEND_URL=http://localhost:5173
+
+# File Upload
+MAX_FILE_SIZE=10485760
+UPLOAD_DIR=./uploads 

.env.production

@@ -0,0 +1,2 @@
+VITE_API_URL=https://watery-light-production.up.railway.app/api
+VITE_MCP_AUTH_TOKEN=test-token

.gitattributes

@@ -33,3 +33,4 @@ saved_model/**/* filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 *tfevents* filter=lfs diff=lfs merge=lfs -text
+database.sqlite filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1,6 @@
+    node_modules/
+    .env
+    database.sqlite
+    dist/
+    uploads/
+    *.log

database.sqlite

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:838c9a68ad659fe7ba4f31586e43b381cb01ce2e074fb514bc61af9d1952fb77
+size 131072

env.example

@@ -0,0 +1,30 @@
+# Server Configuration
+PORT=3001
+NODE_ENV=development
+
+# JWT Secret (generate a secure random string)
+JWT_SECRET=your-super-secure-jwt-secret-key-here-min-32-chars
+
+# Google OAuth
+GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
+GOOGLE_CLIENT_SECRET=your-google-client-secret
+
+# Database
+DATABASE_URL=./database.sqlite
+
+# MCP Server Configuration
+MCP_SERVER_URL=https://gemini-mcp-server-production.up.railway.app
+MCP_AUTH_TOKEN=test-token
+
+# Email Configuration (optional - for notifications)
+SMTP_HOST=smtp.gmail.com
+SMTP_PORT=587
+SMTP_USER=your-email@gmail.com
+SMTP_PASS=your-app-password
+
+# Frontend URL
+FRONTEND_URL=http://localhost:5173
+
+# File Upload
+MAX_FILE_SIZE=10485760
+UPLOAD_DIR=./uploads 

package.json

@@ -0,0 +1,43 @@
+{
+  "name": "mcp-chat-support-backend",
+  "version": "1.0.0",
+  "description": "Backend API for MCP Chat Support Platform",
+  "main": "dist/server.js",
+  "scripts": {
+    "dev": "tsx watch src/server.ts",
+    "build": "tsc",
+    "start": "node dist/server.js",
+    "migrate": "tsx src/db/migrate.ts"
+  },
+  "dependencies": {
+    "axios": "^1.6.2",
+    "bcryptjs": "^2.4.3",
+    "cors": "^2.8.5",
+    "dotenv": "^16.3.1",
+    "express": "^4.18.2",
+    "express-rate-limit": "^7.1.5",
+    "express-validator": "^7.0.1",
+    "google-auth-library": "^9.4.1",
+    "helmet": "^7.1.0",
+    "jsonwebtoken": "^9.0.2",
+    "multer": "^1.4.5-lts.1",
+    "nodemailer": "^6.9.7",
+    "sqlite3": "^5.1.6",
+    "uuid": "^9.0.1",
+    "ws": "^8.14.2",
+    "zod": "^3.22.4"
+  },
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
+    "@types/cors": "^2.8.17",
+    "@types/express": "^4.17.21",
+    "@types/jsonwebtoken": "^9.0.5",
+    "@types/multer": "^1.4.11",
+    "@types/node": "^22.15.29",
+    "@types/nodemailer": "^6.4.14",
+    "@types/uuid": "^9.0.7",
+    "@types/ws": "^8.5.10",
+    "tsx": "^4.6.2",
+    "typescript": "^5.3.3"
+  }
+}

render.yaml

@@ -0,0 +1,19 @@
+services:
+  - type: web
+    name: mcp-chat-backend
+    env: node
+    buildCommand: npm install && npm run build
+    startCommand: npm start
+    envVars:
+      - key: NODE_ENV
+        value: production
+      - key: PORT
+        value: 3001
+      - key: JWT_SECRET
+        generateValue: true
+      - key: MCP_SERVER_URL
+        value: https://gemini-mcp-server-production.up.railway.app
+      - key: MCP_AUTH_TOKEN
+        value: test-token
+      - key: FRONTEND_URL
+        value: https://mcp-chat-support.vercel.app 

src/db/database.js

@@ -0,0 +1,229 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.database = void 0;
+exports.initializeDatabase = initializeDatabase;
+var sqlite3_1 = require("sqlite3");
+var util_1 = require("util");
+var path_1 = require("path");
+var fs_1 = require("fs");
+// Enable verbose mode for debugging
+var Database = sqlite3_1.default.verbose().Database;
+var DatabaseConnection = /** @class */ (function () {
+    function DatabaseConnection() {
+        this.db = null;
+    }
+    DatabaseConnection.prototype.connect = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var dbPath, dbDir;
+            var _this = this;
+            return __generator(this, function (_a) {
+                if (this.db) {
+                    return [2 /*return*/, this.db];
+                }
+                dbPath = process.env.DATABASE_URL || path_1.default.join(__dirname, '../../database.sqlite');
+                dbDir = path_1.default.dirname(dbPath);
+                if (!fs_1.default.existsSync(dbDir)) {
+                    fs_1.default.mkdirSync(dbDir, { recursive: true });
+                }
+                return [2 /*return*/, new Promise(function (resolve, reject) {
+                        _this.db = new Database(dbPath, function (err) {
+                            if (err) {
+                                console.error('Error opening database:', err.message);
+                                reject(err);
+                            }
+                            else {
+                                console.log('Connected to SQLite database');
+                                resolve(_this.db);
+                            }
+                        });
+                    })];
+            });
+        });
+    };
+    DatabaseConnection.prototype.query = function (sql_1) {
+        return __awaiter(this, arguments, void 0, function (sql, params) {
+            var db, all;
+            if (params === void 0) { params = []; }
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.connect()];
+                    case 1:
+                        db = _a.sent();
+                        all = (0, util_1.promisify)(db.all.bind(db));
+                        return [2 /*return*/, all(sql, params)];
+                }
+            });
+        });
+    };
+    DatabaseConnection.prototype.run = function (sql_1) {
+        return __awaiter(this, arguments, void 0, function (sql, params) {
+            var db, run;
+            if (params === void 0) { params = []; }
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.connect()];
+                    case 1:
+                        db = _a.sent();
+                        run = (0, util_1.promisify)(db.run.bind(db));
+                        return [2 /*return*/, run(sql, params)];
+                }
+            });
+        });
+    };
+    DatabaseConnection.prototype.get = function (sql_1) {
+        return __awaiter(this, arguments, void 0, function (sql, params) {
+            var db, get;
+            if (params === void 0) { params = []; }
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.connect()];
+                    case 1:
+                        db = _a.sent();
+                        get = (0, util_1.promisify)(db.get.bind(db));
+                        return [2 /*return*/, get(sql, params)];
+                }
+            });
+        });
+    };
+    DatabaseConnection.prototype.close = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var _this = this;
+            return __generator(this, function (_a) {
+                if (this.db) {
+                    return [2 /*return*/, new Promise(function (resolve, reject) {
+                            _this.db.close(function (err) {
+                                if (err) {
+                                    reject(err);
+                                }
+                                else {
+                                    _this.db = null;
+                                    resolve();
+                                }
+                            });
+                        })];
+                }
+                return [2 /*return*/];
+            });
+        });
+    };
+    return DatabaseConnection;
+}());
+// Singleton instance
+exports.database = new DatabaseConnection();
+// Database initialization function
+function initializeDatabase() {
+    return __awaiter(this, void 0, void 0, function () {
+        var createTables, createIndexes, _i, createTables_1, sql, _a, createIndexes_1, sql, error_1;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0:
+                    createTables = [
+                        // Users table
+                        "CREATE TABLE IF NOT EXISTS users (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      email TEXT UNIQUE NOT NULL,\n      name TEXT NOT NULL,\n      password_hash TEXT,\n      avatar TEXT,\n      google_id TEXT UNIQUE,\n      email_verified BOOLEAN DEFAULT FALSE,\n      verification_token TEXT,\n      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP\n    )",
+                        // Tenants table
+                        "CREATE TABLE IF NOT EXISTS tenants (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      name TEXT NOT NULL,\n      subdomain TEXT UNIQUE,\n      plan TEXT DEFAULT 'starter',\n      settings TEXT DEFAULT '{}',\n      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP\n    )",
+                        // User-Tenant relationships
+                        "CREATE TABLE IF NOT EXISTS user_tenants (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      user_id INTEGER NOT NULL,\n      tenant_id INTEGER NOT NULL,\n      role TEXT DEFAULT 'owner',\n      permissions TEXT DEFAULT '{}',\n      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE,\n      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE,\n      UNIQUE(user_id, tenant_id)\n    )",
+                        // Domains table
+                        "CREATE TABLE IF NOT EXISTS domains (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      tenant_id INTEGER NOT NULL,\n      domain TEXT NOT NULL,\n      verified BOOLEAN DEFAULT FALSE,\n      verification_token TEXT,\n      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE\n    )",
+                        // Knowledge base table
+                        "CREATE TABLE IF NOT EXISTS knowledge_base (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      tenant_id INTEGER NOT NULL,\n      name TEXT NOT NULL,\n      type TEXT NOT NULL,\n      source TEXT NOT NULL,\n      status TEXT DEFAULT 'processing',\n      size INTEGER,\n      metadata TEXT DEFAULT '{}',\n      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE\n    )",
+                        // Chat sessions table
+                        "CREATE TABLE IF NOT EXISTS chat_sessions (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      tenant_id INTEGER NOT NULL,\n      domain TEXT,\n      user_ip TEXT,\n      user_agent TEXT,\n      session_token TEXT UNIQUE NOT NULL,\n      started_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      ended_at DATETIME,\n      resolved BOOLEAN DEFAULT FALSE,\n      rating INTEGER,\n      feedback TEXT,\n      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE\n    )",
+                        // Chat messages table
+                        "CREATE TABLE IF NOT EXISTS chat_messages (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      session_id INTEGER NOT NULL,\n      sender TEXT NOT NULL, -- 'user' or 'ai'\n      message TEXT NOT NULL,\n      metadata TEXT DEFAULT '{}',\n      timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,\n      FOREIGN KEY (session_id) REFERENCES chat_sessions (id) ON DELETE CASCADE\n    )",
+                        // Analytics events table
+                        "CREATE TABLE IF NOT EXISTS analytics_events (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      tenant_id INTEGER NOT NULL,\n      event_type TEXT NOT NULL,\n      event_data TEXT DEFAULT '{}',\n      timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,\n      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE\n    )",
+                        // Widget configurations table
+                        "CREATE TABLE IF NOT EXISTS widget_configs (\n      id INTEGER PRIMARY KEY AUTOINCREMENT,\n      tenant_id INTEGER NOT NULL,\n      config TEXT NOT NULL DEFAULT '{}',\n      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,\n      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE\n    )"
+                    ];
+                    createIndexes = [
+                        "CREATE INDEX IF NOT EXISTS idx_users_email ON users(email)",
+                        "CREATE INDEX IF NOT EXISTS idx_users_google_id ON users(google_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_tenants_subdomain ON tenants(subdomain)",
+                        "CREATE INDEX IF NOT EXISTS idx_user_tenants_user_id ON user_tenants(user_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_user_tenants_tenant_id ON user_tenants(tenant_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_domains_tenant_id ON domains(tenant_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_knowledge_base_tenant_id ON knowledge_base(tenant_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_chat_sessions_tenant_id ON chat_sessions(tenant_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_chat_sessions_token ON chat_sessions(session_token)",
+                        "CREATE INDEX IF NOT EXISTS idx_chat_messages_session_id ON chat_messages(session_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_analytics_events_tenant_id ON analytics_events(tenant_id)",
+                        "CREATE INDEX IF NOT EXISTS idx_analytics_events_timestamp ON analytics_events(timestamp)"
+                    ];
+                    _b.label = 1;
+                case 1:
+                    _b.trys.push([1, 10, , 11]);
+                    _i = 0, createTables_1 = createTables;
+                    _b.label = 2;
+                case 2:
+                    if (!(_i < createTables_1.length)) return [3 /*break*/, 5];
+                    sql = createTables_1[_i];
+                    return [4 /*yield*/, exports.database.run(sql)];
+                case 3:
+                    _b.sent();
+                    _b.label = 4;
+                case 4:
+                    _i++;
+                    return [3 /*break*/, 2];
+                case 5:
+                    _a = 0, createIndexes_1 = createIndexes;
+                    _b.label = 6;
+                case 6:
+                    if (!(_a < createIndexes_1.length)) return [3 /*break*/, 9];
+                    sql = createIndexes_1[_a];
+                    return [4 /*yield*/, exports.database.run(sql)];
+                case 7:
+                    _b.sent();
+                    _b.label = 8;
+                case 8:
+                    _a++;
+                    return [3 /*break*/, 6];
+                case 9:
+                    console.log('Database tables and indexes created successfully');
+                    return [3 /*break*/, 11];
+                case 10:
+                    error_1 = _b.sent();
+                    console.error('Error initializing database:', error_1);
+                    throw error_1;
+                case 11: return [2 /*return*/];
+            }
+        });
+    });
+}

src/db/database.ts

@@ -0,0 +1,239 @@
+import sqlite3 from 'sqlite3';
+import { promisify } from 'util';
+import path from 'path';
+import fs from 'fs';
+
+// Enable verbose mode for debugging
+const Database = sqlite3.verbose().Database;
+
+class DatabaseConnection {
+  private db: sqlite3.Database | null = null;
+
+  async connect(): Promise<sqlite3.Database> {
+    if (this.db) {
+      return this.db;
+    }
+
+    const dbPath = process.env.DATABASE_URL || path.join(__dirname, '../../database.sqlite');
+    
+    // Ensure directory exists
+    const dbDir = path.dirname(dbPath);
+    if (!fs.existsSync(dbDir)) {
+      fs.mkdirSync(dbDir, { recursive: true });
+    }
+
+    return new Promise((resolve, reject) => {
+      this.db = new Database(dbPath, (err) => {
+        if (err) {
+          console.error('Error opening database:', err.message);
+          reject(err);
+        } else {
+          console.log('Connected to SQLite database');
+          resolve(this.db!);
+        }
+      });
+    });
+  }
+
+  async query(sql: string, params: any[] = []): Promise<any[]> {
+    const db = await this.connect();
+    return new Promise((resolve, reject) => {
+      db.all(sql, params, (err, rows) => {
+        if (err) reject(err);
+        else resolve(rows || []);
+      });
+    });
+  }
+
+  async run(sql: string, params: any[] = []): Promise<{ lastID: number; changes: number }> {
+    const db = await this.connect();
+    return new Promise((resolve, reject) => {
+      db.run(sql, params, function(err) {
+        if (err) {
+          reject(err);
+        } else {
+          resolve({ 
+            lastID: this.lastID || 0, 
+            changes: this.changes || 0 
+          });
+        }
+      });
+    });
+  }
+
+  async get(sql: string, params: any[] = []): Promise<any> {
+    const db = await this.connect();
+    return new Promise((resolve, reject) => {
+      db.get(sql, params, (err, row) => {
+        if (err) reject(err);
+        else resolve(row);
+      });
+    });
+  }
+
+  async close(): Promise<void> {
+    if (this.db) {
+      return new Promise((resolve, reject) => {
+        this.db!.close((err) => {
+          if (err) {
+            reject(err);
+          } else {
+            this.db = null;
+            resolve();
+          }
+        });
+      });
+    }
+  }
+}
+
+// Singleton instance
+export const database = new DatabaseConnection();
+
+// Database initialization function
+export async function initializeDatabase(): Promise<void> {
+  const createTables = [
+    // Users table
+    `CREATE TABLE IF NOT EXISTS users (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      email TEXT UNIQUE NOT NULL,
+      name TEXT NOT NULL,
+      password_hash TEXT,
+      avatar TEXT,
+      google_id TEXT UNIQUE,
+      email_verified BOOLEAN DEFAULT FALSE,
+      verification_token TEXT,
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    )`,
+
+    // Tenants table
+    `CREATE TABLE IF NOT EXISTS tenants (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      name TEXT NOT NULL,
+      subdomain TEXT UNIQUE,
+      plan TEXT DEFAULT 'starter',
+      settings TEXT DEFAULT '{}',
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
+    )`,
+
+    // User-Tenant relationships
+    `CREATE TABLE IF NOT EXISTS user_tenants (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      user_id INTEGER NOT NULL,
+      tenant_id INTEGER NOT NULL,
+      role TEXT DEFAULT 'owner',
+      permissions TEXT DEFAULT '{}',
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE,
+      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE,
+      UNIQUE(user_id, tenant_id)
+    )`,
+
+    // Domains table
+    `CREATE TABLE IF NOT EXISTS domains (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      tenant_id INTEGER NOT NULL,
+      domain TEXT NOT NULL,
+      verified BOOLEAN DEFAULT FALSE,
+      verification_token TEXT,
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE
+    )`,
+
+    // Knowledge base table
+    `CREATE TABLE IF NOT EXISTS knowledge_base (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      tenant_id INTEGER NOT NULL,
+      name TEXT NOT NULL,
+      type TEXT NOT NULL,
+      source TEXT NOT NULL,
+      status TEXT DEFAULT 'processing',
+      size INTEGER,
+      metadata TEXT DEFAULT '{}',
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE
+    )`,
+
+    // Chat sessions table
+    `CREATE TABLE IF NOT EXISTS chat_sessions (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      tenant_id INTEGER NOT NULL,
+      domain TEXT,
+      user_ip TEXT,
+      user_agent TEXT,
+      session_token TEXT UNIQUE NOT NULL,
+      started_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      ended_at DATETIME,
+      resolved BOOLEAN DEFAULT FALSE,
+      rating INTEGER,
+      feedback TEXT,
+      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE
+    )`,
+
+    // Chat messages table
+    `CREATE TABLE IF NOT EXISTS chat_messages (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      session_id INTEGER NOT NULL,
+      sender TEXT NOT NULL, -- 'user' or 'ai'
+      message TEXT NOT NULL,
+      metadata TEXT DEFAULT '{}',
+      timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (session_id) REFERENCES chat_sessions (id) ON DELETE CASCADE
+    )`,
+
+    // Analytics events table
+    `CREATE TABLE IF NOT EXISTS analytics_events (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      tenant_id INTEGER NOT NULL,
+      event_type TEXT NOT NULL,
+      event_data TEXT DEFAULT '{}',
+      timestamp DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE
+    )`,
+
+    // Widget configurations table
+    `CREATE TABLE IF NOT EXISTS widget_configs (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      tenant_id INTEGER NOT NULL,
+      config TEXT NOT NULL DEFAULT '{}',
+      created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+      FOREIGN KEY (tenant_id) REFERENCES tenants (id) ON DELETE CASCADE
+    )`
+  ];
+
+  const createIndexes = [
+    `CREATE INDEX IF NOT EXISTS idx_users_email ON users(email)`,
+    `CREATE INDEX IF NOT EXISTS idx_users_google_id ON users(google_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_tenants_subdomain ON tenants(subdomain)`,
+    `CREATE INDEX IF NOT EXISTS idx_user_tenants_user_id ON user_tenants(user_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_user_tenants_tenant_id ON user_tenants(tenant_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_domains_tenant_id ON domains(tenant_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_knowledge_base_tenant_id ON knowledge_base(tenant_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_chat_sessions_tenant_id ON chat_sessions(tenant_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_chat_sessions_token ON chat_sessions(session_token)`,
+    `CREATE INDEX IF NOT EXISTS idx_chat_messages_session_id ON chat_messages(session_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_analytics_events_tenant_id ON analytics_events(tenant_id)`,
+    `CREATE INDEX IF NOT EXISTS idx_analytics_events_timestamp ON analytics_events(timestamp)`
+  ];
+
+  try {
+    // Create tables
+    for (const sql of createTables) {
+      await database.run(sql);
+    }
+
+    // Create indexes
+    for (const sql of createIndexes) {
+      await database.run(sql);
+    }
+
+    console.log('Database tables and indexes created successfully');
+  } catch (error) {
+    console.error('Error initializing database:', error);
+    throw error;
+  }
+} 

src/middleware/auth.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authenticateToken = void 0;
+var jsonwebtoken_1 = require("jsonwebtoken");
+var authenticateToken = function (req, res, next) {
+    var authHeader = req.headers['authorization'];
+    var token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+    if (!token) {
+        return res.status(401).json({ error: 'Access token required' });
+    }
+    try {
+        var decoded = jsonwebtoken_1.default.verify(token, process.env.JWT_SECRET);
+        req.user = {
+            userId: decoded.userId,
+            tenantId: decoded.tenantId
+        };
+        next();
+    }
+    catch (error) {
+        return res.status(403).json({ error: 'Invalid or expired token' });
+    }
+};
+exports.authenticateToken = authenticateToken;

src/middleware/auth.ts

@@ -0,0 +1,29 @@
+import jwt from 'jsonwebtoken';
+import { Request, Response, NextFunction } from 'express';
+
+export interface AuthenticatedRequest extends Request {
+  user?: {
+    userId: number;
+    tenantId: number;
+  };
+}
+
+export const authenticateToken = (req: AuthenticatedRequest, res: Response, next: NextFunction) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+
+  if (!token) {
+    return res.status(401).json({ error: 'Access token required' });
+  }
+
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET!) as any;
+    req.user = {
+      userId: decoded.userId,
+      tenantId: decoded.tenantId
+    };
+    next();
+  } catch (error) {
+    return res.status(403).json({ error: 'Invalid or expired token' });
+  }
+}; 

src/middleware/errorHandler.js

@@ -0,0 +1,24 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.errorHandler = void 0;
+var errorHandler = function (error, req, res, next) {
+    var statusCode = error.statusCode || 500;
+    var message = error.message || 'Internal Server Error';
+    // Log error for debugging
+    console.error('Error:', error);
+    // Don't leak error details in production
+    var isDevelopment = process.env.NODE_ENV === 'development';
+    res.status(statusCode).json(__assign({ error: message }, (isDevelopment && { stack: error.stack })));
+};
+exports.errorHandler = errorHandler;

src/middleware/errorHandler.ts

@@ -0,0 +1,27 @@
+import { Request, Response, NextFunction } from 'express';
+
+export interface AppError extends Error {
+  statusCode?: number;
+  isOperational?: boolean;
+}
+
+export const errorHandler = (
+  error: AppError,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  const statusCode = error.statusCode || 500;
+  const message = error.message || 'Internal Server Error';
+
+  // Log error for debugging
+  console.error('Error:', error);
+
+  // Don't leak error details in production
+  const isDevelopment = process.env.NODE_ENV === 'development';
+
+  res.status(statusCode).json({
+    error: message,
+    ...(isDevelopment && { stack: error.stack })
+  });
+}; 

src/routes/analytics.js

@@ -0,0 +1,219 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = require("express");
+var database_1 = require("../db/database");
+var router = express_1.default.Router();
+// Get dashboard metrics
+router.get('/metrics', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, totalConversations, thisMonthConversations, avgRating, resolutionRate, knowledgeBaseCount, error_1;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 6, , 7]);
+                tenantId = req.user.tenantId;
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ?', [tenantId])];
+            case 1:
+                totalConversations = _a.sent();
+                return [4 /*yield*/, database_1.database.get("SELECT COUNT(*) as count FROM chat_sessions \n       WHERE tenant_id = ? AND created_at >= date('now', 'start of month')", [tenantId])];
+            case 2:
+                thisMonthConversations = _a.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT AVG(rating) as avg FROM chat_sessions WHERE tenant_id = ? AND rating IS NOT NULL', [tenantId])];
+            case 3:
+                avgRating = _a.sent();
+                return [4 /*yield*/, database_1.database.get("SELECT \n         COUNT(CASE WHEN resolved = 1 THEN 1 END) * 100.0 / COUNT(*) as rate\n       FROM chat_sessions WHERE tenant_id = ?", [tenantId])];
+            case 4:
+                resolutionRate = _a.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM knowledge_base WHERE tenant_id = ? AND status = "active"', [tenantId])];
+            case 5:
+                knowledgeBaseCount = _a.sent();
+                res.json({
+                    totalConversations: totalConversations.count || 0,
+                    thisMonthConversations: thisMonthConversations.count || 0,
+                    averageRating: parseFloat((avgRating.avg || 0).toFixed(1)),
+                    resolutionRate: parseFloat((resolutionRate.rate || 0).toFixed(1)),
+                    knowledgeBaseDocuments: knowledgeBaseCount.count || 0
+                });
+                return [3 /*break*/, 7];
+            case 6:
+                error_1 = _a.sent();
+                console.error('Get metrics error:', error_1);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 7];
+            case 7: return [2 /*return*/];
+        }
+    });
+}); });
+// Get conversation trends
+router.get('/conversations', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, _a, period, dateRange, conversations, error_2;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                _a = req.query.period, period = _a === void 0 ? '7d' : _a;
+                dateRange = '';
+                switch (period) {
+                    case '1d':
+                        dateRange = "date('now', '-1 day')";
+                        break;
+                    case '7d':
+                        dateRange = "date('now', '-7 days')";
+                        break;
+                    case '30d':
+                        dateRange = "date('now', '-30 days')";
+                        break;
+                    default:
+                        dateRange = "date('now', '-7 days')";
+                }
+                return [4 /*yield*/, database_1.database.query("SELECT \n         date(started_at) as date,\n         COUNT(*) as count,\n         AVG(CASE WHEN rating IS NOT NULL THEN rating END) as avg_rating,\n         COUNT(CASE WHEN resolved = 1 THEN 1 END) * 100.0 / COUNT(*) as resolution_rate\n       FROM chat_sessions \n       WHERE tenant_id = ? AND started_at >= ".concat(dateRange, "\n       GROUP BY date(started_at)\n       ORDER BY date"), [tenantId])];
+            case 1:
+                conversations = _b.sent();
+                res.json({ conversations: conversations });
+                return [3 /*break*/, 3];
+            case 2:
+                error_2 = _b.sent();
+                console.error('Get conversations error:', error_2);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+// Get chat history with filters
+router.get('/chat-history', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, _a, _b, limit, _c, offset, status_1, sentiment, whereClause, params, conversations, error_3;
+    return __generator(this, function (_d) {
+        switch (_d.label) {
+            case 0:
+                _d.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                _a = req.query, _b = _a.limit, limit = _b === void 0 ? 50 : _b, _c = _a.offset, offset = _c === void 0 ? 0 : _c, status_1 = _a.status, sentiment = _a.sentiment;
+                whereClause = 'WHERE cs.tenant_id = ?';
+                params = [tenantId];
+                if (status_1 === 'resolved') {
+                    whereClause += ' AND cs.resolved = 1';
+                }
+                else if (status_1 === 'unresolved') {
+                    whereClause += ' AND cs.resolved = 0';
+                }
+                return [4 /*yield*/, database_1.database.query("SELECT \n         cs.id, cs.session_token, cs.started_at, cs.ended_at, cs.resolved, cs.rating, cs.feedback,\n         (SELECT message FROM chat_messages WHERE session_id = cs.id AND sender = 'user' ORDER BY timestamp LIMIT 1) as first_message,\n         (SELECT COUNT(*) FROM chat_messages WHERE session_id = cs.id) as message_count\n       FROM chat_sessions cs\n       ".concat(whereClause, "\n       ORDER BY cs.started_at DESC\n       LIMIT ? OFFSET ?"), __spreadArray(__spreadArray([], params, true), [limit, offset], false))];
+            case 1:
+                conversations = _d.sent();
+                res.json({ conversations: conversations });
+                return [3 /*break*/, 3];
+            case 2:
+                error_3 = _d.sent();
+                console.error('Get chat history error:', error_3);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+// Get top questions/issues
+router.get('/top-questions', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, topQuestions, error_4;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                return [4 /*yield*/, database_1.database.query("SELECT \n         cm.message,\n         COUNT(*) as frequency\n       FROM chat_messages cm\n       JOIN chat_sessions cs ON cm.session_id = cs.id\n       WHERE cs.tenant_id = ? AND cm.sender = 'user'\n       GROUP BY cm.message\n       HAVING frequency > 1\n       ORDER BY frequency DESC\n       LIMIT 10", [tenantId])];
+            case 1:
+                topQuestions = _a.sent();
+                res.json({ topQuestions: topQuestions });
+                return [3 /*break*/, 3];
+            case 2:
+                error_4 = _a.sent();
+                console.error('Get top questions error:', error_4);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+// Get sentiment analysis
+router.get('/sentiment', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, totalSessions, resolvedSessions, highRatingSessions, total, positive, negative, neutral, error_5;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 4, , 5]);
+                tenantId = req.user.tenantId;
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ?', [tenantId])];
+            case 1:
+                totalSessions = _a.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ? AND resolved = 1', [tenantId])];
+            case 2:
+                resolvedSessions = _a.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ? AND rating >= 4', [tenantId])];
+            case 3:
+                highRatingSessions = _a.sent();
+                total = totalSessions.count || 1;
+                positive = (resolvedSessions.count || 0) * 0.7 + (highRatingSessions.count || 0) * 0.3;
+                negative = total * 0.1;
+                neutral = total - positive - negative;
+                res.json({
+                    sentiment: {
+                        positive: Math.round((positive / total) * 100),
+                        neutral: Math.round((neutral / total) * 100),
+                        negative: Math.round((negative / total) * 100)
+                    }
+                });
+                return [3 /*break*/, 5];
+            case 4:
+                error_5 = _a.sent();
+                console.error('Get sentiment error:', error_5);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 5];
+            case 5: return [2 /*return*/];
+        }
+    });
+}); });
+exports.default = router;

src/routes/analytics.ts

@@ -0,0 +1,199 @@
+import express from 'express';
+import { database } from '../db/database';
+import { AuthenticatedRequest } from '../middleware/auth';
+
+const router = express.Router();
+
+// Get dashboard metrics
+router.get('/metrics', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    
+    // Get total conversations
+    const totalConversations = await database.get(
+      'SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ?',
+      [tenantId]
+    );
+
+    // Get conversations this month
+    const thisMonthConversations = await database.get(
+      `SELECT COUNT(*) as count FROM chat_sessions 
+       WHERE tenant_id = ? AND started_at >= date('now', 'start of month')`,
+      [tenantId]
+    );
+
+    // Get average rating
+    const avgRating = await database.get(
+      'SELECT AVG(rating) as avg FROM chat_sessions WHERE tenant_id = ? AND rating IS NOT NULL',
+      [tenantId]
+    );
+
+    // Get resolution rate
+    const resolutionRate = await database.get(
+      `SELECT 
+         COUNT(CASE WHEN resolved = 1 THEN 1 END) * 100.0 / COUNT(*) as rate
+       FROM chat_sessions WHERE tenant_id = ?`,
+      [tenantId]
+    );
+
+    // Get knowledge base count
+    const knowledgeBaseCount = await database.get(
+      'SELECT COUNT(*) as count FROM knowledge_base WHERE tenant_id = ? AND status = "active"',
+      [tenantId]
+    );
+
+    res.json({
+      totalConversations: totalConversations.count || 0,
+      thisMonthConversations: thisMonthConversations.count || 0,
+      averageRating: parseFloat((avgRating.avg || 0).toFixed(1)),
+      resolutionRate: parseFloat((resolutionRate.rate || 0).toFixed(1)),
+      knowledgeBaseDocuments: knowledgeBaseCount.count || 0
+    });
+  } catch (error) {
+    console.error('Get metrics error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get conversation trends
+router.get('/conversations', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { period = '7d' } = req.query;
+
+    let dateRange = '';
+    switch (period) {
+      case '1d':
+        dateRange = "date('now', '-1 day')";
+        break;
+      case '7d':
+        dateRange = "date('now', '-7 days')";
+        break;
+      case '30d':
+        dateRange = "date('now', '-30 days')";
+        break;
+      default:
+        dateRange = "date('now', '-7 days')";
+    }
+
+    const conversations = await database.query(
+      `SELECT 
+         date(started_at) as date,
+         COUNT(*) as count,
+         AVG(CASE WHEN rating IS NOT NULL THEN rating END) as avg_rating,
+         COUNT(CASE WHEN resolved = 1 THEN 1 END) * 100.0 / COUNT(*) as resolution_rate
+       FROM chat_sessions 
+       WHERE tenant_id = ? AND started_at >= ${dateRange}
+       GROUP BY date(started_at)
+       ORDER BY date`,
+      [tenantId]
+    );
+
+    res.json({ conversations });
+  } catch (error) {
+    console.error('Get conversations error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get chat history with filters
+router.get('/chat-history', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { limit = 50, offset = 0, status, sentiment } = req.query;
+
+    let whereClause = 'WHERE cs.tenant_id = ?';
+    const params = [tenantId];
+
+    if (status === 'resolved') {
+      whereClause += ' AND cs.resolved = 1';
+    } else if (status === 'unresolved') {
+      whereClause += ' AND cs.resolved = 0';
+    }
+
+    const conversations = await database.query(
+      `SELECT 
+         cs.id, cs.session_token, cs.started_at, cs.ended_at, cs.resolved, cs.rating, cs.feedback,
+         (SELECT message FROM chat_messages WHERE session_id = cs.id AND sender = 'user' ORDER BY timestamp LIMIT 1) as first_message,
+         (SELECT COUNT(*) FROM chat_messages WHERE session_id = cs.id) as message_count
+       FROM chat_sessions cs
+       ${whereClause}
+       ORDER BY cs.started_at DESC
+       LIMIT ? OFFSET ?`,
+      [...params, limit, offset]
+    );
+
+    res.json({ conversations });
+  } catch (error) {
+    console.error('Get chat history error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get top questions/issues
+router.get('/top-questions', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    
+    const topQuestions = await database.query(
+      `SELECT 
+         cm.message,
+         COUNT(*) as frequency
+       FROM chat_messages cm
+       JOIN chat_sessions cs ON cm.session_id = cs.id
+       WHERE cs.tenant_id = ? AND cm.sender = 'user'
+       GROUP BY cm.message
+       HAVING frequency > 1
+       ORDER BY frequency DESC
+       LIMIT 10`,
+      [tenantId]
+    );
+
+    res.json({ topQuestions });
+  } catch (error) {
+    console.error('Get top questions error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get sentiment analysis
+router.get('/sentiment', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    
+    // For now, we'll simulate sentiment analysis
+    // In a real app, you'd analyze message content
+    const totalSessions = await database.get(
+      'SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ?',
+      [tenantId]
+    );
+
+    const resolvedSessions = await database.get(
+      'SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ? AND resolved = 1',
+      [tenantId]
+    );
+
+    const highRatingSessions = await database.get(
+      'SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ? AND rating >= 4',
+      [tenantId]
+    );
+
+    const total = totalSessions.count || 1;
+    const positive = (resolvedSessions.count || 0) * 0.7 + (highRatingSessions.count || 0) * 0.3;
+    const negative = total * 0.1; // Assume 10% negative
+    const neutral = total - positive - negative;
+
+    res.json({
+      sentiment: {
+        positive: Math.round((positive / total) * 100),
+        neutral: Math.round((neutral / total) * 100),
+        negative: Math.round((negative / total) * 100)
+      }
+    });
+  } catch (error) {
+    console.error('Get sentiment error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+export default router; 

src/routes/auth.js

@@ -0,0 +1,314 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = require("express");
+var bcryptjs_1 = require("bcryptjs");
+var jsonwebtoken_1 = require("jsonwebtoken");
+var uuid_1 = require("uuid");
+var google_auth_library_1 = require("google-auth-library");
+var database_1 = require("../db/database");
+var auth_1 = require("../middleware/auth");
+var router = express_1.default.Router();
+var client = new google_auth_library_1.OAuth2Client(process.env.GOOGLE_CLIENT_ID);
+// Sign up with email/password
+router.post('/signup', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var _a, email, password, name_1, existingUser, saltRounds, passwordHash, verificationToken, result, tenantResult, token, user, error_1;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 7, , 8]);
+                _a = req.body, email = _a.email, password = _a.password, name_1 = _a.name;
+                // Validation
+                if (!email || !password || !name_1) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Email, password, and name are required' })];
+                }
+                if (password.length < 6) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Password must be at least 6 characters' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT id FROM users WHERE email = ?', [email])];
+            case 1:
+                existingUser = _b.sent();
+                if (existingUser) {
+                    return [2 /*return*/, res.status(400).json({ error: 'User already exists' })];
+                }
+                saltRounds = 10;
+                return [4 /*yield*/, bcryptjs_1.default.hash(password, saltRounds)];
+            case 2:
+                passwordHash = _b.sent();
+                verificationToken = (0, uuid_1.v4)();
+                return [4 /*yield*/, database_1.database.run('INSERT INTO users (email, name, password_hash, verification_token) VALUES (?, ?, ?, ?)', [email, name_1, passwordHash, verificationToken])];
+            case 3:
+                result = _b.sent();
+                return [4 /*yield*/, database_1.database.run('INSERT INTO tenants (name, subdomain) VALUES (?, ?)', ["".concat(name_1, "'s Workspace"), "tenant-".concat(result.lastID)])];
+            case 4:
+                tenantResult = _b.sent();
+                // Link user to tenant
+                return [4 /*yield*/, database_1.database.run('INSERT INTO user_tenants (user_id, tenant_id, role) VALUES (?, ?, ?)', [result.lastID, tenantResult.lastID, 'owner'])];
+            case 5:
+                // Link user to tenant
+                _b.sent();
+                token = jsonwebtoken_1.default.sign({ userId: result.lastID, tenantId: tenantResult.lastID }, process.env.JWT_SECRET, { expiresIn: '7d' });
+                return [4 /*yield*/, database_1.database.get('SELECT id, email, name, avatar, created_at FROM users WHERE id = ?', [result.lastID])];
+            case 6:
+                user = _b.sent();
+                res.status(201).json({
+                    message: 'User created successfully',
+                    token: token,
+                    user: user,
+                    tenant: { id: tenantResult.lastID, name: "".concat(name_1, "'s Workspace") }
+                });
+                return [3 /*break*/, 8];
+            case 7:
+                error_1 = _b.sent();
+                console.error('Signup error:', error_1);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 8];
+            case 8: return [2 /*return*/];
+        }
+    });
+}); });
+// Sign in with email/password
+router.post('/signin', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var _a, email, password, user, isValidPassword, userTenant, token, password_hash, verification_token, safeUser, error_2;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 4, , 5]);
+                _a = req.body, email = _a.email, password = _a.password;
+                if (!email || !password) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Email and password are required' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT * FROM users WHERE email = ?', [email])];
+            case 1:
+                user = _b.sent();
+                if (!user || !user.password_hash) {
+                    return [2 /*return*/, res.status(401).json({ error: 'Invalid credentials' })];
+                }
+                return [4 /*yield*/, bcryptjs_1.default.compare(password, user.password_hash)];
+            case 2:
+                isValidPassword = _b.sent();
+                if (!isValidPassword) {
+                    return [2 /*return*/, res.status(401).json({ error: 'Invalid credentials' })];
+                }
+                return [4 /*yield*/, database_1.database.get("SELECT t.id, t.name, t.subdomain, t.plan \n       FROM tenants t \n       JOIN user_tenants ut ON t.id = ut.tenant_id \n       WHERE ut.user_id = ? AND ut.role = 'owner'", [user.id])];
+            case 3:
+                userTenant = _b.sent();
+                token = jsonwebtoken_1.default.sign({ userId: user.id, tenantId: userTenant === null || userTenant === void 0 ? void 0 : userTenant.id }, process.env.JWT_SECRET, { expiresIn: '7d' });
+                password_hash = user.password_hash, verification_token = user.verification_token, safeUser = __rest(user, ["password_hash", "verification_token"]);
+                res.json({
+                    message: 'Signed in successfully',
+                    token: token,
+                    user: safeUser,
+                    tenant: userTenant
+                });
+                return [3 /*break*/, 5];
+            case 4:
+                error_2 = _b.sent();
+                console.error('Signin error:', error_2);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 5];
+            case 5: return [2 /*return*/];
+        }
+    });
+}); });
+// Google OAuth
+router.post('/google', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var credential, ticket, payload, googleId, email, name_2, picture, user, result, tenantResult, userTenant, token, password_hash, verification_token, safeUser, error_3;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 11, , 12]);
+                credential = req.body.credential;
+                if (!credential) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Google credential is required' })];
+                }
+                return [4 /*yield*/, client.verifyIdToken({
+                        idToken: credential,
+                        audience: process.env.GOOGLE_CLIENT_ID,
+                    })];
+            case 1:
+                ticket = _a.sent();
+                payload = ticket.getPayload();
+                if (!payload) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Invalid Google token' })];
+                }
+                googleId = payload.sub, email = payload.email, name_2 = payload.name, picture = payload.picture;
+                return [4 /*yield*/, database_1.database.get('SELECT * FROM users WHERE google_id = ? OR email = ?', [googleId, email])];
+            case 2:
+                user = _a.sent();
+                if (!user) return [3 /*break*/, 5];
+                if (!!user.google_id) return [3 /*break*/, 4];
+                return [4 /*yield*/, database_1.database.run('UPDATE users SET google_id = ?, avatar = ? WHERE id = ?', [googleId, picture, user.id])];
+            case 3:
+                _a.sent();
+                user.google_id = googleId;
+                user.avatar = picture;
+                _a.label = 4;
+            case 4: return [3 /*break*/, 9];
+            case 5: return [4 /*yield*/, database_1.database.run('INSERT INTO users (email, name, google_id, avatar, email_verified) VALUES (?, ?, ?, ?, ?)', [email, name_2, googleId, picture, true])];
+            case 6:
+                result = _a.sent();
+                return [4 /*yield*/, database_1.database.run('INSERT INTO tenants (name, subdomain) VALUES (?, ?)', ["".concat(name_2, "'s Workspace"), "tenant-".concat(result.lastID)])];
+            case 7:
+                tenantResult = _a.sent();
+                // Link user to tenant
+                return [4 /*yield*/, database_1.database.run('INSERT INTO user_tenants (user_id, tenant_id, role) VALUES (?, ?, ?)', [result.lastID, tenantResult.lastID, 'owner'])];
+            case 8:
+                // Link user to tenant
+                _a.sent();
+                user = {
+                    id: result.lastID,
+                    email: email,
+                    name: name_2,
+                    google_id: googleId,
+                    avatar: picture,
+                    email_verified: true
+                };
+                _a.label = 9;
+            case 9: return [4 /*yield*/, database_1.database.get("SELECT t.id, t.name, t.subdomain, t.plan \n       FROM tenants t \n       JOIN user_tenants ut ON t.id = ut.tenant_id \n       WHERE ut.user_id = ? AND ut.role = 'owner'", [user.id])];
+            case 10:
+                userTenant = _a.sent();
+                token = jsonwebtoken_1.default.sign({ userId: user.id, tenantId: userTenant === null || userTenant === void 0 ? void 0 : userTenant.id }, process.env.JWT_SECRET, { expiresIn: '7d' });
+                password_hash = user.password_hash, verification_token = user.verification_token, safeUser = __rest(user, ["password_hash", "verification_token"]);
+                res.json({
+                    message: 'Google authentication successful',
+                    token: token,
+                    user: safeUser,
+                    tenant: userTenant
+                });
+                return [3 /*break*/, 12];
+            case 11:
+                error_3 = _a.sent();
+                console.error('Google auth error:', error_3);
+                res.status(500).json({ error: 'Google authentication failed' });
+                return [3 /*break*/, 12];
+            case 12: return [2 /*return*/];
+        }
+    });
+}); });
+// Get current user
+router.get('/me', auth_1.authenticateToken, function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var _a, userId, tenantId, user, tenant, error_4;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 3, , 4]);
+                _a = req.user, userId = _a.userId, tenantId = _a.tenantId;
+                return [4 /*yield*/, database_1.database.get('SELECT id, email, name, avatar, email_verified, created_at FROM users WHERE id = ?', [userId])];
+            case 1:
+                user = _b.sent();
+                if (!user) {
+                    return [2 /*return*/, res.status(404).json({ error: 'User not found' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT id, name, subdomain, plan, settings FROM tenants WHERE id = ?', [tenantId])];
+            case 2:
+                tenant = _b.sent();
+                res.json({
+                    user: user,
+                    tenant: tenant
+                });
+                return [3 /*break*/, 4];
+            case 3:
+                error_4 = _b.sent();
+                console.error('Get user error:', error_4);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Update user profile
+router.put('/profile', auth_1.authenticateToken, function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var userId, _a, name_3, avatar, updates, params, user, error_5;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 3, , 4]);
+                userId = req.user.userId;
+                _a = req.body, name_3 = _a.name, avatar = _a.avatar;
+                updates = [];
+                params = [];
+                if (name_3) {
+                    updates.push('name = ?');
+                    params.push(name_3);
+                }
+                if (avatar) {
+                    updates.push('avatar = ?');
+                    params.push(avatar);
+                }
+                if (updates.length === 0) {
+                    return [2 /*return*/, res.status(400).json({ error: 'No valid fields to update' })];
+                }
+                updates.push('updated_at = CURRENT_TIMESTAMP');
+                params.push(userId);
+                return [4 /*yield*/, database_1.database.run("UPDATE users SET ".concat(updates.join(', '), " WHERE id = ?"), params)];
+            case 1:
+                _b.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT id, email, name, avatar, email_verified, created_at FROM users WHERE id = ?', [userId])];
+            case 2:
+                user = _b.sent();
+                res.json({
+                    message: 'Profile updated successfully',
+                    user: user
+                });
+                return [3 /*break*/, 4];
+            case 3:
+                error_5 = _b.sent();
+                console.error('Update profile error:', error_5);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Logout (client-side token removal, but we can blacklist if needed)
+router.post('/logout', auth_1.authenticateToken, function (req, res) {
+    res.json({ message: 'Logged out successfully' });
+});
+exports.default = router;

src/routes/auth.ts

@@ -0,0 +1,313 @@
+import express from 'express';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import { v4 as uuidv4 } from 'uuid';
+import { OAuth2Client } from 'google-auth-library';
+import { database } from '../db/database';
+import { authenticateToken } from '../middleware/auth';
+
+const router = express.Router();
+const client = new OAuth2Client(process.env.GOOGLE_CLIENT_ID);
+
+// Sign up with email/password
+router.post('/signup', async (req, res) => {
+  try {
+    const { email, password, name } = req.body;
+
+    // Validation
+    if (!email || !password || !name) {
+      return res.status(400).json({ error: 'Email, password, and name are required' });
+    }
+
+    if (password.length < 6) {
+      return res.status(400).json({ error: 'Password must be at least 6 characters' });
+    }
+
+    // Check if user already exists
+    const existingUser = await database.get('SELECT id FROM users WHERE email = ?', [email]);
+    if (existingUser) {
+      return res.status(400).json({ error: 'User already exists' });
+    }
+
+    // Hash password
+    const saltRounds = 10;
+    const passwordHash = await bcrypt.hash(password, saltRounds);
+
+    // Generate verification token
+    const verificationToken = uuidv4();
+
+    // Create user
+    const result = await database.run(
+      'INSERT INTO users (email, name, password_hash, verification_token) VALUES (?, ?, ?, ?)',
+      [email, name, passwordHash, verificationToken]
+    );
+
+    // Create default tenant for user
+    const tenantResult = await database.run(
+      'INSERT INTO tenants (name, subdomain) VALUES (?, ?)',
+      [`${name}'s Workspace`, `tenant-${result.lastID}`]
+    );
+
+    // Link user to tenant
+    await database.run(
+      'INSERT INTO user_tenants (user_id, tenant_id, role) VALUES (?, ?, ?)',
+      [result.lastID, tenantResult.lastID, 'owner']
+    );
+
+    // Generate JWT token
+    const token = jwt.sign(
+      { userId: result.lastID, tenantId: tenantResult.lastID },
+      process.env.JWT_SECRET!,
+      { expiresIn: '7d' }
+    );
+
+    // Get user data
+    const user = await database.get(
+      'SELECT id, email, name, avatar, created_at FROM users WHERE id = ?',
+      [result.lastID]
+    );
+
+    res.status(201).json({
+      message: 'User created successfully',
+      token,
+      user,
+      tenant: { id: tenantResult.lastID, name: `${name}'s Workspace` }
+    });
+  } catch (error) {
+    console.error('Signup error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Sign in with email/password
+router.post('/signin', async (req, res) => {
+  try {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      return res.status(400).json({ error: 'Email and password are required' });
+    }
+
+    // Get user
+    const user = await database.get(
+      'SELECT * FROM users WHERE email = ?',
+      [email]
+    );
+
+    if (!user || !user.password_hash) {
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
+
+    // Check password
+    const isValidPassword = await bcrypt.compare(password, user.password_hash);
+    if (!isValidPassword) {
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
+
+    // Get user's tenant
+    const userTenant = await database.get(
+      `SELECT t.id, t.name, t.subdomain, t.plan 
+       FROM tenants t 
+       JOIN user_tenants ut ON t.id = ut.tenant_id 
+       WHERE ut.user_id = ? AND ut.role = 'owner'`,
+      [user.id]
+    );
+
+    // Generate JWT token
+    const token = jwt.sign(
+      { userId: user.id, tenantId: userTenant?.id },
+      process.env.JWT_SECRET!,
+      { expiresIn: '7d' }
+    );
+
+    // Remove sensitive data
+    const { password_hash, verification_token, ...safeUser } = user;
+
+    res.json({
+      message: 'Signed in successfully',
+      token,
+      user: safeUser,
+      tenant: userTenant
+    });
+  } catch (error) {
+    console.error('Signin error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Google OAuth
+router.post('/google', async (req, res) => {
+  try {
+    const { credential } = req.body;
+
+    if (!credential) {
+      return res.status(400).json({ error: 'Google credential is required' });
+    }
+
+    // Verify Google token
+    const ticket = await client.verifyIdToken({
+      idToken: credential,
+      audience: process.env.GOOGLE_CLIENT_ID,
+    });
+
+    const payload = ticket.getPayload();
+    if (!payload) {
+      return res.status(400).json({ error: 'Invalid Google token' });
+    }
+
+    const { sub: googleId, email, name, picture } = payload;
+
+    // Check if user exists
+    let user = await database.get('SELECT * FROM users WHERE google_id = ? OR email = ?', [googleId, email]);
+
+    if (user) {
+      // Update Google ID if needed
+      if (!user.google_id) {
+        await database.run('UPDATE users SET google_id = ?, avatar = ? WHERE id = ?', [googleId, picture, user.id]);
+        user.google_id = googleId;
+        user.avatar = picture;
+      }
+    } else {
+      // Create new user
+      const result = await database.run(
+        'INSERT INTO users (email, name, google_id, avatar, email_verified) VALUES (?, ?, ?, ?, ?)',
+        [email, name, googleId, picture, true]
+      );
+
+      // Create default tenant
+      const tenantResult = await database.run(
+        'INSERT INTO tenants (name, subdomain) VALUES (?, ?)',
+        [`${name}'s Workspace`, `tenant-${result.lastID}`]
+      );
+
+      // Link user to tenant
+      await database.run(
+        'INSERT INTO user_tenants (user_id, tenant_id, role) VALUES (?, ?, ?)',
+        [result.lastID, tenantResult.lastID, 'owner']
+      );
+
+      user = {
+        id: result.lastID,
+        email,
+        name,
+        google_id: googleId,
+        avatar: picture,
+        email_verified: true
+      };
+    }
+
+    // Get user's tenant
+    const userTenant = await database.get(
+      `SELECT t.id, t.name, t.subdomain, t.plan 
+       FROM tenants t 
+       JOIN user_tenants ut ON t.id = ut.tenant_id 
+       WHERE ut.user_id = ? AND ut.role = 'owner'`,
+      [user.id]
+    );
+
+    // Generate JWT token
+    const token = jwt.sign(
+      { userId: user.id, tenantId: userTenant?.id },
+      process.env.JWT_SECRET!,
+      { expiresIn: '7d' }
+    );
+
+    // Remove sensitive data
+    const { password_hash, verification_token, ...safeUser } = user;
+
+    res.json({
+      message: 'Google authentication successful',
+      token,
+      user: safeUser,
+      tenant: userTenant
+    });
+  } catch (error) {
+    console.error('Google auth error:', error);
+    res.status(500).json({ error: 'Google authentication failed' });
+  }
+});
+
+// Get current user
+router.get('/me', authenticateToken, async (req, res) => {
+  try {
+    const { userId, tenantId } = (req as any).user;
+
+    // Get user data
+    const user = await database.get(
+      'SELECT id, email, name, avatar, email_verified, created_at FROM users WHERE id = ?',
+      [userId]
+    );
+
+    if (!user) {
+      return res.status(404).json({ error: 'User not found' });
+    }
+
+    // Get tenant data
+    const tenant = await database.get(
+      'SELECT id, name, subdomain, plan, settings FROM tenants WHERE id = ?',
+      [tenantId]
+    );
+
+    res.json({
+      user,
+      tenant
+    });
+  } catch (error) {
+    console.error('Get user error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Update user profile
+router.put('/profile', authenticateToken, async (req, res) => {
+  try {
+    const { userId } = (req as any).user;
+    const { name, avatar } = req.body;
+
+    const updates = [];
+    const params = [];
+
+    if (name) {
+      updates.push('name = ?');
+      params.push(name);
+    }
+
+    if (avatar) {
+      updates.push('avatar = ?');
+      params.push(avatar);
+    }
+
+    if (updates.length === 0) {
+      return res.status(400).json({ error: 'No valid fields to update' });
+    }
+
+    updates.push('updated_at = CURRENT_TIMESTAMP');
+    params.push(userId);
+
+    await database.run(
+      `UPDATE users SET ${updates.join(', ')} WHERE id = ?`,
+      params
+    );
+
+    // Get updated user
+    const user = await database.get(
+      'SELECT id, email, name, avatar, email_verified, created_at FROM users WHERE id = ?',
+      [userId]
+    );
+
+    res.json({
+      message: 'Profile updated successfully',
+      user
+    });
+  } catch (error) {
+    console.error('Update profile error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Logout (client-side token removal, but we can blacklist if needed)
+router.post('/logout', authenticateToken, (req, res) => {
+  res.json({ message: 'Logged out successfully' });
+});
+
+export default router; 

src/routes/chat.js

@@ -0,0 +1,292 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = require("express");
+var uuid_1 = require("uuid");
+var axios_1 = require("axios");
+var database_1 = require("../db/database");
+var router = express_1.default.Router();
+// Create a new chat session
+router.post('/sessions', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var _a, tenantId, domain, userAgent, userIp, tenant, sessionToken, result, error_1;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 4, , 5]);
+                _a = req.body, tenantId = _a.tenantId, domain = _a.domain, userAgent = _a.userAgent;
+                userIp = req.ip || req.connection.remoteAddress;
+                if (!tenantId) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Tenant ID is required' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT id FROM tenants WHERE id = ?', [tenantId])];
+            case 1:
+                tenant = _b.sent();
+                if (!tenant) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Tenant not found' })];
+                }
+                sessionToken = (0, uuid_1.v4)();
+                return [4 /*yield*/, database_1.database.run('INSERT INTO chat_sessions (tenant_id, domain, user_ip, user_agent, session_token) VALUES (?, ?, ?, ?, ?)', [tenantId, domain, userIp, userAgent, sessionToken])];
+            case 2:
+                result = _b.sent();
+                // Log analytics event
+                return [4 /*yield*/, database_1.database.run('INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)', [tenantId, 'chat_session_started', JSON.stringify({ sessionId: result.lastID, domain: domain })])];
+            case 3:
+                // Log analytics event
+                _b.sent();
+                res.status(201).json({
+                    sessionId: result.lastID,
+                    sessionToken: sessionToken,
+                    message: 'Chat session created successfully'
+                });
+                return [3 /*break*/, 5];
+            case 4:
+                error_1 = _b.sent();
+                console.error('Create session error:', error_1);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 5];
+            case 5: return [2 /*return*/];
+        }
+    });
+}); });
+// Send a message and get AI response
+router.post('/messages', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var _a, sessionToken, message, tenantId, session, chatHistory, knowledgeBase, mcpResponse, aiResponse, mcpError_1, fallbackResponse, error_2;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 12, , 13]);
+                _a = req.body, sessionToken = _a.sessionToken, message = _a.message, tenantId = _a.tenantId;
+                if (!sessionToken || !message || !tenantId) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Session token, message, and tenant ID are required' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT * FROM chat_sessions WHERE session_token = ? AND tenant_id = ?', [sessionToken, tenantId])];
+            case 1:
+                session = _b.sent();
+                if (!session) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Chat session not found' })];
+                }
+                // Save user message
+                return [4 /*yield*/, database_1.database.run('INSERT INTO chat_messages (session_id, sender, message) VALUES (?, ?, ?)', [session.id, 'user', message])];
+            case 2:
+                // Save user message
+                _b.sent();
+                return [4 /*yield*/, database_1.database.query('SELECT sender, message, timestamp FROM chat_messages WHERE session_id = ? ORDER BY timestamp ASC', [session.id])];
+            case 3:
+                chatHistory = _b.sent();
+                return [4 /*yield*/, database_1.database.query('SELECT name, type, source FROM knowledge_base WHERE tenant_id = ? AND status = "active"', [tenantId])];
+            case 4:
+                knowledgeBase = _b.sent();
+                _b.label = 5;
+            case 5:
+                _b.trys.push([5, 9, , 11]);
+                return [4 /*yield*/, axios_1.default.post("".concat(process.env.MCP_SERVER_URL, "/chat"), {
+                        message: message,
+                        history: chatHistory,
+                        knowledge_base: knowledgeBase,
+                        tenant_id: tenantId
+                    }, {
+                        headers: {
+                            'Authorization': "Bearer ".concat(process.env.MCP_AUTH_TOKEN),
+                            'Content-Type': 'application/json'
+                        },
+                        timeout: 30000 // 30 second timeout
+                    })];
+            case 6:
+                mcpResponse = _b.sent();
+                aiResponse = mcpResponse.data.response || 'I apologize, but I encountered an issue processing your request.';
+                // Save AI response
+                return [4 /*yield*/, database_1.database.run('INSERT INTO chat_messages (session_id, sender, message, metadata) VALUES (?, ?, ?, ?)', [session.id, 'ai', aiResponse, JSON.stringify({
+                            model: mcpResponse.data.model || 'gemini-1.5-flash',
+                            confidence: mcpResponse.data.confidence || 0.8
+                        })])];
+            case 7:
+                // Save AI response
+                _b.sent();
+                // Log analytics event
+                return [4 /*yield*/, database_1.database.run('INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)', [tenantId, 'message_sent', JSON.stringify({
+                            sessionId: session.id,
+                            messageLength: message.length,
+                            responseLength: aiResponse.length
+                        })])];
+            case 8:
+                // Log analytics event
+                _b.sent();
+                res.json({
+                    response: aiResponse,
+                    messageId: session.id,
+                    timestamp: new Date().toISOString()
+                });
+                return [3 /*break*/, 11];
+            case 9:
+                mcpError_1 = _b.sent();
+                console.error('MCP Server error:', mcpError_1);
+                fallbackResponse = "I'm sorry, but I'm experiencing technical difficulties at the moment. Please try again in a few minutes or contact support if the issue persists.";
+                return [4 /*yield*/, database_1.database.run('INSERT INTO chat_messages (session_id, sender, message, metadata) VALUES (?, ?, ?, ?)', [session.id, 'ai', fallbackResponse, JSON.stringify({ error: 'mcp_server_unavailable' })])];
+            case 10:
+                _b.sent();
+                res.json({
+                    response: fallbackResponse,
+                    messageId: session.id,
+                    timestamp: new Date().toISOString(),
+                    error: 'Service temporarily unavailable'
+                });
+                return [3 /*break*/, 11];
+            case 11: return [3 /*break*/, 13];
+            case 12:
+                error_2 = _b.sent();
+                console.error('Send message error:', error_2);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 13];
+            case 13: return [2 /*return*/];
+        }
+    });
+}); });
+// Get chat history
+router.get('/sessions/:sessionToken/history', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var sessionToken, tenantId, session, messages, error_3;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 3, , 4]);
+                sessionToken = req.params.sessionToken;
+                tenantId = req.query.tenantId;
+                if (!tenantId) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Tenant ID is required' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT * FROM chat_sessions WHERE session_token = ? AND tenant_id = ?', [sessionToken, tenantId])];
+            case 1:
+                session = _a.sent();
+                if (!session) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Chat session not found' })];
+                }
+                return [4 /*yield*/, database_1.database.query('SELECT sender, message, metadata, timestamp FROM chat_messages WHERE session_id = ? ORDER BY timestamp ASC', [session.id])];
+            case 2:
+                messages = _a.sent();
+                res.json({
+                    sessionId: session.id,
+                    messages: messages,
+                    session: {
+                        started_at: session.started_at,
+                        resolved: session.resolved,
+                        rating: session.rating
+                    }
+                });
+                return [3 /*break*/, 4];
+            case 3:
+                error_3 = _a.sent();
+                console.error('Get history error:', error_3);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Rate conversation
+router.post('/sessions/:sessionToken/rate', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var sessionToken, _a, rating, feedback, tenantId, error_4;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 3, , 4]);
+                sessionToken = req.params.sessionToken;
+                _a = req.body, rating = _a.rating, feedback = _a.feedback, tenantId = _a.tenantId;
+                if (!tenantId || rating === undefined) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Tenant ID and rating are required' })];
+                }
+                if (rating < 1 || rating > 5) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Rating must be between 1 and 5' })];
+                }
+                // Update session
+                return [4 /*yield*/, database_1.database.run('UPDATE chat_sessions SET rating = ?, feedback = ?, resolved = TRUE WHERE session_token = ? AND tenant_id = ?', [rating, feedback, sessionToken, tenantId])];
+            case 1:
+                // Update session
+                _b.sent();
+                // Log analytics event
+                return [4 /*yield*/, database_1.database.run('INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)', [tenantId, 'conversation_rated', JSON.stringify({
+                            sessionToken: sessionToken,
+                            rating: rating,
+                            hasFeedback: !!feedback
+                        })])];
+            case 2:
+                // Log analytics event
+                _b.sent();
+                res.json({ message: 'Rating submitted successfully' });
+                return [3 /*break*/, 4];
+            case 3:
+                error_4 = _b.sent();
+                console.error('Rate conversation error:', error_4);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// End chat session
+router.post('/sessions/:sessionToken/end', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var sessionToken, tenantId, error_5;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 3, , 4]);
+                sessionToken = req.params.sessionToken;
+                tenantId = req.body.tenantId;
+                if (!tenantId) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Tenant ID is required' })];
+                }
+                // Update session
+                return [4 /*yield*/, database_1.database.run('UPDATE chat_sessions SET ended_at = CURRENT_TIMESTAMP WHERE session_token = ? AND tenant_id = ?', [sessionToken, tenantId])];
+            case 1:
+                // Update session
+                _a.sent();
+                // Log analytics event
+                return [4 /*yield*/, database_1.database.run('INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)', [tenantId, 'chat_session_ended', JSON.stringify({ sessionToken: sessionToken })])];
+            case 2:
+                // Log analytics event
+                _a.sent();
+                res.json({ message: 'Chat session ended successfully' });
+                return [3 /*break*/, 4];
+            case 3:
+                error_5 = _a.sent();
+                console.error('End session error:', error_5);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+exports.default = router;

src/routes/chat.ts

@@ -0,0 +1,302 @@
+import express from 'express';
+import { v4 as uuidv4 } from 'uuid';
+import axios from 'axios';
+import { database } from '../db/database';
+import { AuthenticatedRequest, authenticateToken } from '../middleware/auth';
+
+const router = express.Router();
+
+// Create a new chat session (authenticated - for tenant dashboard)
+router.post('/sessions', authenticateToken, async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { domain, userAgent } = req.body;
+    const userIp = req.ip || req.connection.remoteAddress;
+
+    // Verify tenant exists
+    const tenant = await database.get('SELECT id FROM tenants WHERE id = ?', [tenantId]);
+    if (!tenant) {
+      return res.status(404).json({ error: 'Tenant not found' });
+    }
+
+    // Generate session token
+    const sessionToken = uuidv4();
+
+    // Create chat session
+    const result = await database.run(
+      'INSERT INTO chat_sessions (tenant_id, domain, user_ip, user_agent, session_token) VALUES (?, ?, ?, ?, ?)',
+      [tenantId, domain, userIp, userAgent, sessionToken]
+    );
+
+    // Log analytics event
+    await database.run(
+      'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+      [tenantId, 'chat_session_started', JSON.stringify({ sessionId: result.lastID, domain })]
+    );
+
+    res.status(201).json({
+      sessionId: result.lastID,
+      sessionToken,
+      tenantId,
+      message: 'Chat session created successfully'
+    });
+  } catch (error) {
+    console.error('Create session error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Create a new chat session (public - for widget)
+router.post('/public/sessions', async (req, res) => {
+  try {
+    const { tenantId, domain, userAgent } = req.body;
+    const userIp = req.ip || req.connection.remoteAddress;
+
+    if (!tenantId) {
+      return res.status(400).json({ error: 'Tenant ID is required' });
+    }
+
+    // Verify tenant exists
+    const tenant = await database.get('SELECT id FROM tenants WHERE id = ?', [tenantId]);
+    if (!tenant) {
+      return res.status(404).json({ error: 'Tenant not found' });
+    }
+
+    // Generate session token
+    const sessionToken = uuidv4();
+
+    // Create chat session
+    const result = await database.run(
+      'INSERT INTO chat_sessions (tenant_id, domain, user_ip, user_agent, session_token) VALUES (?, ?, ?, ?, ?)',
+      [tenantId, domain, userIp, userAgent, sessionToken]
+    );
+
+    // Log analytics event
+    await database.run(
+      'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+      [tenantId, 'chat_session_started', JSON.stringify({ sessionId: result.lastID, domain })]
+    );
+
+    res.status(201).json({
+      sessionId: result.lastID,
+      sessionToken,
+      message: 'Chat session created successfully'
+    });
+  } catch (error) {
+    console.error('Create session error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Send a message and get AI response
+router.post('/messages', async (req, res) => {
+  try {
+    const { sessionToken, message, tenantId } = req.body;
+
+    if (!sessionToken || !message || !tenantId) {
+      return res.status(400).json({ error: 'Session token, message, and tenant ID are required' });
+    }
+
+    // Get chat session
+    const session = await database.get(
+      'SELECT * FROM chat_sessions WHERE session_token = ? AND tenant_id = ?',
+      [sessionToken, tenantId]
+    );
+
+    if (!session) {
+      return res.status(404).json({ error: 'Chat session not found' });
+    }
+
+    // Save user message
+    await database.run(
+      'INSERT INTO chat_messages (session_id, sender, message) VALUES (?, ?, ?)',
+      [session.id, 'user', message]
+    );
+
+    // Get chat history for context
+    const chatHistory = await database.query(
+      'SELECT sender, message, timestamp FROM chat_messages WHERE session_id = ? ORDER BY timestamp ASC',
+      [session.id]
+    );
+
+    // Get tenant's knowledge base
+    const knowledgeBase = await database.query(
+      'SELECT name, type, source FROM knowledge_base WHERE tenant_id = ? AND status = "active"',
+      [tenantId]
+    );
+
+    try {
+      // Call MCP server for AI response
+      const mcpResponse = await axios.post(`${process.env.MCP_SERVER_URL}/chat`, {
+        message,
+        history: chatHistory,
+        knowledge_base: knowledgeBase,
+        tenant_id: tenantId
+      }, {
+        headers: {
+          'Authorization': `Bearer ${process.env.MCP_AUTH_TOKEN}`,
+          'Content-Type': 'application/json'
+        },
+        timeout: 30000 // 30 second timeout
+      });
+
+      const aiResponse = mcpResponse.data.response || 'I apologize, but I encountered an issue processing your request.';
+
+      // Save AI response
+      await database.run(
+        'INSERT INTO chat_messages (session_id, sender, message, metadata) VALUES (?, ?, ?, ?)',
+        [session.id, 'ai', aiResponse, JSON.stringify({ 
+          model: mcpResponse.data.model || 'gemini-1.5-flash',
+          confidence: mcpResponse.data.confidence || 0.8
+        })]
+      );
+
+      // Log analytics event
+      await database.run(
+        'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+        [tenantId, 'message_sent', JSON.stringify({ 
+          sessionId: session.id, 
+          messageLength: message.length,
+          responseLength: aiResponse.length
+        })]
+      );
+
+      res.json({
+        response: aiResponse,
+        messageId: session.id,
+        timestamp: new Date().toISOString()
+      });
+
+    } catch (mcpError) {
+      console.error('MCP Server error:', mcpError);
+      
+      // Fallback response if MCP server is down
+      const fallbackResponse = "I'm sorry, but I'm experiencing technical difficulties at the moment. Please try again in a few minutes or contact support if the issue persists.";
+      
+      await database.run(
+        'INSERT INTO chat_messages (session_id, sender, message, metadata) VALUES (?, ?, ?, ?)',
+        [session.id, 'ai', fallbackResponse, JSON.stringify({ error: 'mcp_server_unavailable' })]
+      );
+
+      res.json({
+        response: fallbackResponse,
+        messageId: session.id,
+        timestamp: new Date().toISOString(),
+        error: 'Service temporarily unavailable'
+      });
+    }
+
+  } catch (error) {
+    console.error('Send message error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get chat history
+router.get('/sessions/:sessionToken/history', async (req, res) => {
+  try {
+    const { sessionToken } = req.params;
+    const { tenantId } = req.query;
+
+    if (!tenantId) {
+      return res.status(400).json({ error: 'Tenant ID is required' });
+    }
+
+    // Get session
+    const session = await database.get(
+      'SELECT * FROM chat_sessions WHERE session_token = ? AND tenant_id = ?',
+      [sessionToken, tenantId]
+    );
+
+    if (!session) {
+      return res.status(404).json({ error: 'Chat session not found' });
+    }
+
+    // Get messages
+    const messages = await database.query(
+      'SELECT sender, message, metadata, timestamp FROM chat_messages WHERE session_id = ? ORDER BY timestamp ASC',
+      [session.id]
+    );
+
+    res.json({
+      sessionId: session.id,
+      messages,
+      session: {
+        started_at: session.started_at,
+        resolved: session.resolved,
+        rating: session.rating
+      }
+    });
+  } catch (error) {
+    console.error('Get history error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Rate conversation
+router.post('/sessions/:sessionToken/rate', async (req, res) => {
+  try {
+    const { sessionToken } = req.params;
+    const { rating, feedback, tenantId } = req.body;
+
+    if (!tenantId || rating === undefined) {
+      return res.status(400).json({ error: 'Tenant ID and rating are required' });
+    }
+
+    if (rating < 1 || rating > 5) {
+      return res.status(400).json({ error: 'Rating must be between 1 and 5' });
+    }
+
+    // Update session
+    await database.run(
+      'UPDATE chat_sessions SET rating = ?, feedback = ?, resolved = TRUE WHERE session_token = ? AND tenant_id = ?',
+      [rating, feedback, sessionToken, tenantId]
+    );
+
+    // Log analytics event
+    await database.run(
+      'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+      [tenantId, 'conversation_rated', JSON.stringify({ 
+        sessionToken, 
+        rating, 
+        hasFeedback: !!feedback 
+      })]
+    );
+
+    res.json({ message: 'Rating submitted successfully' });
+  } catch (error) {
+    console.error('Rate conversation error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// End chat session
+router.post('/sessions/:sessionToken/end', async (req, res) => {
+  try {
+    const { sessionToken } = req.params;
+    const { tenantId } = req.body;
+
+    if (!tenantId) {
+      return res.status(400).json({ error: 'Tenant ID is required' });
+    }
+
+    // Update session
+    await database.run(
+      'UPDATE chat_sessions SET ended_at = CURRENT_TIMESTAMP WHERE session_token = ? AND tenant_id = ?',
+      [sessionToken, tenantId]
+    );
+
+    // Log analytics event
+    await database.run(
+      'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+      [tenantId, 'chat_session_ended', JSON.stringify({ sessionToken })]
+    );
+
+    res.json({ message: 'Chat session ended successfully' });
+  } catch (error) {
+    console.error('End session error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+export default router; 

src/routes/knowledge-base.js

@@ -0,0 +1,314 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = require("express");
+var multer_1 = require("multer");
+var path_1 = require("path");
+var fs_1 = require("fs");
+var database_1 = require("../db/database");
+var router = express_1.default.Router();
+// Configure multer for file uploads
+var storage = multer_1.default.diskStorage({
+    destination: function (req, file, cb) {
+        var uploadDir = process.env.UPLOAD_DIR || './uploads';
+        if (!fs_1.default.existsSync(uploadDir)) {
+            fs_1.default.mkdirSync(uploadDir, { recursive: true });
+        }
+        cb(null, uploadDir);
+    },
+    filename: function (req, file, cb) {
+        var uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1E9);
+        cb(null, file.fieldname + '-' + uniqueSuffix + path_1.default.extname(file.originalname));
+    }
+});
+var upload = (0, multer_1.default)({
+    storage: storage,
+    limits: {
+        fileSize: parseInt(process.env.MAX_FILE_SIZE || '10485760') // 10MB default
+    },
+    fileFilter: function (req, file, cb) {
+        var allowedTypes = ['.pdf', '.docx', '.txt', '.md'];
+        var ext = path_1.default.extname(file.originalname).toLowerCase();
+        if (allowedTypes.includes(ext)) {
+            cb(null, true);
+        }
+        else {
+            cb(new Error('Invalid file type. Only PDF, DOCX, TXT, and MD files are allowed.'));
+        }
+    }
+});
+// Get knowledge base documents
+router.get('/', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, documents, error_1;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                return [4 /*yield*/, database_1.database.query('SELECT id, name, type, source, status, size, created_at, updated_at FROM knowledge_base WHERE tenant_id = ? ORDER BY created_at DESC', [tenantId])];
+            case 1:
+                documents = _a.sent();
+                res.json({ documents: documents });
+                return [3 /*break*/, 3];
+            case 2:
+                error_1 = _a.sent();
+                console.error('Get knowledge base error:', error_1);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+// Upload document
+router.post('/upload', upload.single('document'), function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, _a, originalname, filename, size, mimetype, fileType, result, error_2;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 3, , 4]);
+                tenantId = req.user.tenantId;
+                if (!req.file) {
+                    return [2 /*return*/, res.status(400).json({ error: 'No file uploaded' })];
+                }
+                _a = req.file, originalname = _a.originalname, filename = _a.filename, size = _a.size, mimetype = _a.mimetype;
+                fileType = path_1.default.extname(originalname).toLowerCase().substring(1);
+                return [4 /*yield*/, database_1.database.run('INSERT INTO knowledge_base (tenant_id, name, type, source, status, size, metadata) VALUES (?, ?, ?, ?, ?, ?, ?)', [
+                        tenantId,
+                        originalname,
+                        fileType,
+                        filename,
+                        'processing',
+                        size,
+                        JSON.stringify({ mimetype: mimetype, uploadedAt: new Date().toISOString() })
+                    ])];
+            case 1:
+                result = _b.sent();
+                // Log analytics event
+                return [4 /*yield*/, database_1.database.run('INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)', [tenantId, 'document_uploaded', JSON.stringify({
+                            documentId: result.lastID,
+                            type: fileType,
+                            size: size
+                        })])];
+            case 2:
+                // Log analytics event
+                _b.sent();
+                res.status(201).json({
+                    id: result.lastID,
+                    name: originalname,
+                    type: fileType,
+                    status: 'processing',
+                    message: 'Document uploaded successfully'
+                });
+                return [3 /*break*/, 4];
+            case 3:
+                error_2 = _b.sent();
+                console.error('Upload document error:', error_2);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Add website URL
+router.post('/url', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, _a, url, name_1, displayName, result, error_3;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 3, , 4]);
+                tenantId = req.user.tenantId;
+                _a = req.body, url = _a.url, name_1 = _a.name;
+                if (!url) {
+                    return [2 /*return*/, res.status(400).json({ error: 'URL is required' })];
+                }
+                // Basic URL validation
+                try {
+                    new URL(url);
+                }
+                catch (_c) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Invalid URL format' })];
+                }
+                displayName = name_1 || new URL(url).hostname;
+                return [4 /*yield*/, database_1.database.run('INSERT INTO knowledge_base (tenant_id, name, type, source, status, metadata) VALUES (?, ?, ?, ?, ?, ?)', [
+                        tenantId,
+                        displayName,
+                        'website',
+                        url,
+                        'processing',
+                        JSON.stringify({ addedAt: new Date().toISOString() })
+                    ])];
+            case 1:
+                result = _b.sent();
+                // Log analytics event
+                return [4 /*yield*/, database_1.database.run('INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)', [tenantId, 'website_added', JSON.stringify({
+                            documentId: result.lastID,
+                            url: url
+                        })])];
+            case 2:
+                // Log analytics event
+                _b.sent();
+                res.status(201).json({
+                    id: result.lastID,
+                    name: displayName,
+                    type: 'website',
+                    source: url,
+                    status: 'processing',
+                    message: 'Website added successfully'
+                });
+                return [3 /*break*/, 4];
+            case 3:
+                error_3 = _b.sent();
+                console.error('Add URL error:', error_3);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Delete document
+router.delete('/:documentId', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, documentId, document_1, filePath, error_4;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 4, , 5]);
+                tenantId = req.user.tenantId;
+                documentId = req.params.documentId;
+                return [4 /*yield*/, database_1.database.get('SELECT * FROM knowledge_base WHERE id = ? AND tenant_id = ?', [documentId, tenantId])];
+            case 1:
+                document_1 = _a.sent();
+                if (!document_1) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Document not found' })];
+                }
+                // Delete file if it's a uploaded document
+                if (document_1.type !== 'website') {
+                    filePath = path_1.default.join(process.env.UPLOAD_DIR || './uploads', document_1.source);
+                    if (fs_1.default.existsSync(filePath)) {
+                        fs_1.default.unlinkSync(filePath);
+                    }
+                }
+                // Delete from database
+                return [4 /*yield*/, database_1.database.run('DELETE FROM knowledge_base WHERE id = ? AND tenant_id = ?', [documentId, tenantId])];
+            case 2:
+                // Delete from database
+                _a.sent();
+                // Log analytics event
+                return [4 /*yield*/, database_1.database.run('INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)', [tenantId, 'document_deleted', JSON.stringify({
+                            documentId: documentId,
+                            name: document_1.name,
+                            type: document_1.type
+                        })])];
+            case 3:
+                // Log analytics event
+                _a.sent();
+                res.json({ message: 'Document deleted successfully' });
+                return [3 /*break*/, 5];
+            case 4:
+                error_4 = _a.sent();
+                console.error('Delete document error:', error_4);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 5];
+            case 5: return [2 /*return*/];
+        }
+    });
+}); });
+// Update document status (for processing updates)
+router.put('/:documentId/status', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, documentId, status_1, error_5;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                documentId = req.params.documentId;
+                status_1 = req.body.status;
+                if (!['processing', 'active', 'error'].includes(status_1)) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Invalid status' })];
+                }
+                return [4 /*yield*/, database_1.database.run('UPDATE knowledge_base SET status = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ? AND tenant_id = ?', [status_1, documentId, tenantId])];
+            case 1:
+                _a.sent();
+                res.json({ message: 'Document status updated successfully' });
+                return [3 /*break*/, 3];
+            case 2:
+                error_5 = _a.sent();
+                console.error('Update document status error:', error_5);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+// Get document by ID
+router.get('/:documentId', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, documentId, document_2, error_6;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                documentId = req.params.documentId;
+                return [4 /*yield*/, database_1.database.get('SELECT * FROM knowledge_base WHERE id = ? AND tenant_id = ?', [documentId, tenantId])];
+            case 1:
+                document_2 = _a.sent();
+                if (!document_2) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Document not found' })];
+                }
+                res.json(__assign(__assign({}, document_2), { metadata: JSON.parse(document_2.metadata || '{}') }));
+                return [3 /*break*/, 3];
+            case 2:
+                error_6 = _a.sent();
+                console.error('Get document error:', error_6);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+exports.default = router;

src/routes/knowledge-base.ts

@@ -0,0 +1,257 @@
+import express from 'express';
+import multer from 'multer';
+import path from 'path';
+import fs from 'fs';
+import { database } from '../db/database';
+import { AuthenticatedRequest } from '../middleware/auth';
+
+const router = express.Router();
+
+// Configure multer for file uploads
+const storage = multer.diskStorage({
+  destination: (req, file, cb) => {
+    const uploadDir = process.env.UPLOAD_DIR || './uploads';
+    if (!fs.existsSync(uploadDir)) {
+      fs.mkdirSync(uploadDir, { recursive: true });
+    }
+    cb(null, uploadDir);
+  },
+  filename: (req, file, cb) => {
+    const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1E9);
+    cb(null, file.fieldname + '-' + uniqueSuffix + path.extname(file.originalname));
+  }
+});
+
+const upload = multer({
+  storage,
+  limits: {
+    fileSize: parseInt(process.env.MAX_FILE_SIZE || '10485760') // 10MB default
+  },
+  fileFilter: (req, file, cb) => {
+    const allowedTypes = ['.pdf', '.docx', '.txt', '.md'];
+    const ext = path.extname(file.originalname).toLowerCase();
+    if (allowedTypes.includes(ext)) {
+      cb(null, true);
+    } else {
+      cb(new Error('Invalid file type. Only PDF, DOCX, TXT, and MD files are allowed.'));
+    }
+  }
+});
+
+// Get knowledge base documents
+router.get('/', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+
+    const documents = await database.query(
+      'SELECT id, name, type, source, status, size, created_at, updated_at FROM knowledge_base WHERE tenant_id = ? ORDER BY created_at DESC',
+      [tenantId]
+    );
+
+    res.json({ documents });
+  } catch (error) {
+    console.error('Get knowledge base error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Upload document
+router.post('/upload', upload.single('document'), async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    
+    if (!req.file) {
+      return res.status(400).json({ error: 'No file uploaded' });
+    }
+
+    const { originalname, filename, size, mimetype } = req.file;
+    const fileType = path.extname(originalname).toLowerCase().substring(1);
+
+    // Save to database
+    const result = await database.run(
+      'INSERT INTO knowledge_base (tenant_id, name, type, source, status, size, metadata) VALUES (?, ?, ?, ?, ?, ?, ?)',
+      [
+        tenantId,
+        originalname,
+        fileType,
+        filename,
+        'processing',
+        size,
+        JSON.stringify({ mimetype, uploadedAt: new Date().toISOString() })
+      ]
+    );
+
+    // Log analytics event
+    await database.run(
+      'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+      [tenantId, 'document_uploaded', JSON.stringify({ 
+        documentId: result.lastID, 
+        type: fileType, 
+        size 
+      })]
+    );
+
+    res.status(201).json({
+      id: result.lastID,
+      name: originalname,
+      type: fileType,
+      status: 'processing',
+      message: 'Document uploaded successfully'
+    });
+  } catch (error) {
+    console.error('Upload document error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Add website URL
+router.post('/url', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { url, name } = req.body;
+
+    if (!url) {
+      return res.status(400).json({ error: 'URL is required' });
+    }
+
+    // Basic URL validation
+    try {
+      new URL(url);
+    } catch {
+      return res.status(400).json({ error: 'Invalid URL format' });
+    }
+
+    const displayName = name || new URL(url).hostname;
+
+    // Save to database
+    const result = await database.run(
+      'INSERT INTO knowledge_base (tenant_id, name, type, source, status, metadata) VALUES (?, ?, ?, ?, ?, ?)',
+      [
+        tenantId,
+        displayName,
+        'website',
+        url,
+        'processing',
+        JSON.stringify({ addedAt: new Date().toISOString() })
+      ]
+    );
+
+    // Log analytics event
+    await database.run(
+      'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+      [tenantId, 'website_added', JSON.stringify({ 
+        documentId: result.lastID, 
+        url 
+      })]
+    );
+
+    res.status(201).json({
+      id: result.lastID,
+      name: displayName,
+      type: 'website',
+      source: url,
+      status: 'processing',
+      message: 'Website added successfully'
+    });
+  } catch (error) {
+    console.error('Add URL error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Delete document
+router.delete('/:documentId', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { documentId } = req.params;
+
+    // Get document info
+    const document = await database.get(
+      'SELECT * FROM knowledge_base WHERE id = ? AND tenant_id = ?',
+      [documentId, tenantId]
+    );
+
+    if (!document) {
+      return res.status(404).json({ error: 'Document not found' });
+    }
+
+    // Delete file if it's a uploaded document
+    if (document.type !== 'website') {
+      const filePath = path.join(process.env.UPLOAD_DIR || './uploads', document.source);
+      if (fs.existsSync(filePath)) {
+        fs.unlinkSync(filePath);
+      }
+    }
+
+    // Delete from database
+    await database.run(
+      'DELETE FROM knowledge_base WHERE id = ? AND tenant_id = ?',
+      [documentId, tenantId]
+    );
+
+    // Log analytics event
+    await database.run(
+      'INSERT INTO analytics_events (tenant_id, event_type, event_data) VALUES (?, ?, ?)',
+      [tenantId, 'document_deleted', JSON.stringify({ 
+        documentId, 
+        name: document.name, 
+        type: document.type 
+      })]
+    );
+
+    res.json({ message: 'Document deleted successfully' });
+  } catch (error) {
+    console.error('Delete document error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Update document status (for processing updates)
+router.put('/:documentId/status', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { documentId } = req.params;
+    const { status } = req.body;
+
+    if (!['processing', 'active', 'error'].includes(status)) {
+      return res.status(400).json({ error: 'Invalid status' });
+    }
+
+    await database.run(
+      'UPDATE knowledge_base SET status = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ? AND tenant_id = ?',
+      [status, documentId, tenantId]
+    );
+
+    res.json({ message: 'Document status updated successfully' });
+  } catch (error) {
+    console.error('Update document status error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get document by ID
+router.get('/:documentId', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { documentId } = req.params;
+
+    const document = await database.get(
+      'SELECT * FROM knowledge_base WHERE id = ? AND tenant_id = ?',
+      [documentId, tenantId]
+    );
+
+    if (!document) {
+      return res.status(404).json({ error: 'Document not found' });
+    }
+
+    res.json({
+      ...document,
+      metadata: JSON.parse(document.metadata || '{}')
+    });
+  } catch (error) {
+    console.error('Get document error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+export default router; 

src/routes/tenants.js

@@ -0,0 +1,215 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = require("express");
+var database_1 = require("../db/database");
+var router = express_1.default.Router();
+// Get current tenant info
+router.get('/me', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, tenant, domains, error_1;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 3, , 4]);
+                tenantId = req.user.tenantId;
+                return [4 /*yield*/, database_1.database.get('SELECT id, name, subdomain, plan, settings, created_at FROM tenants WHERE id = ?', [tenantId])];
+            case 1:
+                tenant = _a.sent();
+                if (!tenant) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Tenant not found' })];
+                }
+                return [4 /*yield*/, database_1.database.query('SELECT id, domain, verified, created_at FROM domains WHERE tenant_id = ?', [tenantId])];
+            case 2:
+                domains = _a.sent();
+                res.json(__assign(__assign({}, tenant), { settings: JSON.parse(tenant.settings || '{}'), domains: domains }));
+                return [3 /*break*/, 4];
+            case 3:
+                error_1 = _a.sent();
+                console.error('Get tenant error:', error_1);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Update tenant settings
+router.put('/me', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, _a, name_1, settings, updates, params, error_2;
+    return __generator(this, function (_b) {
+        switch (_b.label) {
+            case 0:
+                _b.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                _a = req.body, name_1 = _a.name, settings = _a.settings;
+                updates = [];
+                params = [];
+                if (name_1) {
+                    updates.push('name = ?');
+                    params.push(name_1);
+                }
+                if (settings) {
+                    updates.push('settings = ?');
+                    params.push(JSON.stringify(settings));
+                }
+                if (updates.length === 0) {
+                    return [2 /*return*/, res.status(400).json({ error: 'No valid fields to update' })];
+                }
+                updates.push('updated_at = CURRENT_TIMESTAMP');
+                params.push(tenantId);
+                return [4 /*yield*/, database_1.database.run("UPDATE tenants SET ".concat(updates.join(', '), " WHERE id = ?"), params)];
+            case 1:
+                _b.sent();
+                res.json({ message: 'Tenant updated successfully' });
+                return [3 /*break*/, 3];
+            case 2:
+                error_2 = _b.sent();
+                console.error('Update tenant error:', error_2);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+// Add domain
+router.post('/domains', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, domain, existingDomain, result, error_3;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 3, , 4]);
+                tenantId = req.user.tenantId;
+                domain = req.body.domain;
+                if (!domain) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Domain is required' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT id FROM domains WHERE domain = ?', [domain])];
+            case 1:
+                existingDomain = _a.sent();
+                if (existingDomain) {
+                    return [2 /*return*/, res.status(400).json({ error: 'Domain already exists' })];
+                }
+                return [4 /*yield*/, database_1.database.run('INSERT INTO domains (tenant_id, domain) VALUES (?, ?)', [tenantId, domain])];
+            case 2:
+                result = _a.sent();
+                res.status(201).json({
+                    id: result.lastID,
+                    domain: domain,
+                    verified: false,
+                    message: 'Domain added successfully'
+                });
+                return [3 /*break*/, 4];
+            case 3:
+                error_3 = _a.sent();
+                console.error('Add domain error:', error_3);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Remove domain
+router.delete('/domains/:domainId', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, domainId, error_4;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 2, , 3]);
+                tenantId = req.user.tenantId;
+                domainId = req.params.domainId;
+                return [4 /*yield*/, database_1.database.run('DELETE FROM domains WHERE id = ? AND tenant_id = ?', [domainId, tenantId])];
+            case 1:
+                _a.sent();
+                res.json({ message: 'Domain removed successfully' });
+                return [3 /*break*/, 3];
+            case 2:
+                error_4 = _a.sent();
+                console.error('Remove domain error:', error_4);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+// Get tenant analytics summary
+router.get('/analytics/summary', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, totalConversations, totalMessages, avgRating, knowledgeBaseCount, error_5;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 5, , 6]);
+                tenantId = req.user.tenantId;
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ?', [tenantId])];
+            case 1:
+                totalConversations = _a.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM chat_messages cm JOIN chat_sessions cs ON cm.session_id = cs.id WHERE cs.tenant_id = ?', [tenantId])];
+            case 2:
+                totalMessages = _a.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT AVG(rating) as avg FROM chat_sessions WHERE tenant_id = ? AND rating IS NOT NULL', [tenantId])];
+            case 3:
+                avgRating = _a.sent();
+                return [4 /*yield*/, database_1.database.get('SELECT COUNT(*) as count FROM knowledge_base WHERE tenant_id = ?', [tenantId])];
+            case 4:
+                knowledgeBaseCount = _a.sent();
+                res.json({
+                    totalConversations: totalConversations.count,
+                    totalMessages: totalMessages.count,
+                    averageRating: avgRating.avg || 0,
+                    knowledgeBaseDocuments: knowledgeBaseCount.count
+                });
+                return [3 /*break*/, 6];
+            case 5:
+                error_5 = _a.sent();
+                console.error('Get analytics summary error:', error_5);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 6];
+            case 6: return [2 /*return*/];
+        }
+    });
+}); });
+exports.default = router;

src/routes/tenants.ts

@@ -0,0 +1,170 @@
+import express from 'express';
+import { database } from '../db/database';
+import { AuthenticatedRequest } from '../middleware/auth';
+
+const router = express.Router();
+
+// Get current tenant info
+router.get('/me', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+
+    const tenant = await database.get(
+      'SELECT id, name, subdomain, plan, settings, created_at FROM tenants WHERE id = ?',
+      [tenantId]
+    );
+
+    if (!tenant) {
+      return res.status(404).json({ error: 'Tenant not found' });
+    }
+
+    // Get domains
+    const domains = await database.query(
+      'SELECT id, domain, verified, created_at FROM domains WHERE tenant_id = ?',
+      [tenantId]
+    );
+
+    res.json({
+      ...tenant,
+      settings: JSON.parse(tenant.settings || '{}'),
+      domains
+    });
+  } catch (error) {
+    console.error('Get tenant error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Update tenant settings
+router.put('/me', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { name, settings } = req.body;
+
+    const updates = [];
+    const params = [];
+
+    if (name) {
+      updates.push('name = ?');
+      params.push(name);
+    }
+
+    if (settings) {
+      updates.push('settings = ?');
+      params.push(JSON.stringify(settings));
+    }
+
+    if (updates.length === 0) {
+      return res.status(400).json({ error: 'No valid fields to update' });
+    }
+
+    updates.push('updated_at = CURRENT_TIMESTAMP');
+    params.push(tenantId);
+
+    await database.run(
+      `UPDATE tenants SET ${updates.join(', ')} WHERE id = ?`,
+      params
+    );
+
+    res.json({ message: 'Tenant updated successfully' });
+  } catch (error) {
+    console.error('Update tenant error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Add domain
+router.post('/domains', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { domain } = req.body;
+
+    if (!domain) {
+      return res.status(400).json({ error: 'Domain is required' });
+    }
+
+    // Check if domain already exists
+    const existingDomain = await database.get(
+      'SELECT id FROM domains WHERE domain = ?',
+      [domain]
+    );
+
+    if (existingDomain) {
+      return res.status(400).json({ error: 'Domain already exists' });
+    }
+
+    // Add domain
+    const result = await database.run(
+      'INSERT INTO domains (tenant_id, domain) VALUES (?, ?)',
+      [tenantId, domain]
+    );
+
+    res.status(201).json({
+      id: result.lastID,
+      domain,
+      verified: false,
+      message: 'Domain added successfully'
+    });
+  } catch (error) {
+    console.error('Add domain error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Remove domain
+router.delete('/domains/:domainId', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+    const { domainId } = req.params;
+
+    await database.run(
+      'DELETE FROM domains WHERE id = ? AND tenant_id = ?',
+      [domainId, tenantId]
+    );
+
+    res.json({ message: 'Domain removed successfully' });
+  } catch (error) {
+    console.error('Remove domain error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get tenant analytics summary
+router.get('/analytics/summary', async (req: AuthenticatedRequest, res) => {
+  try {
+    const { tenantId } = req.user!;
+
+    // Get basic stats
+    const totalConversations = await database.get(
+      'SELECT COUNT(*) as count FROM chat_sessions WHERE tenant_id = ?',
+      [tenantId]
+    );
+
+    const totalMessages = await database.get(
+      'SELECT COUNT(*) as count FROM chat_messages cm JOIN chat_sessions cs ON cm.session_id = cs.id WHERE cs.tenant_id = ?',
+      [tenantId]
+    );
+
+    const avgRating = await database.get(
+      'SELECT AVG(rating) as avg FROM chat_sessions WHERE tenant_id = ? AND rating IS NOT NULL',
+      [tenantId]
+    );
+
+    const knowledgeBaseCount = await database.get(
+      'SELECT COUNT(*) as count FROM knowledge_base WHERE tenant_id = ?',
+      [tenantId]
+    );
+
+    res.json({
+      totalConversations: totalConversations.count,
+      totalMessages: totalMessages.count,
+      averageRating: avgRating.avg || 0,
+      knowledgeBaseDocuments: knowledgeBaseCount.count
+    });
+  } catch (error) {
+    console.error('Get analytics summary error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+export default router; 

src/routes/widget.js

@@ -0,0 +1,136 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = require("express");
+var database_1 = require("../db/database");
+var router = express_1.default.Router();
+// Get widget configuration
+router.get('/config/:tenantId', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, tenant, config, defaultConfig, widgetConfig, error_1;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 3, , 4]);
+                tenantId = req.params.tenantId;
+                return [4 /*yield*/, database_1.database.get('SELECT id, name, plan FROM tenants WHERE id = ?', [tenantId])];
+            case 1:
+                tenant = _a.sent();
+                if (!tenant) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Tenant not found' })];
+                }
+                return [4 /*yield*/, database_1.database.get('SELECT config FROM widget_configs WHERE tenant_id = ?', [tenantId])];
+            case 2:
+                config = _a.sent();
+                defaultConfig = {
+                    theme: {
+                        primaryColor: '#6366f1',
+                        backgroundColor: '#ffffff',
+                        textColor: '#374151',
+                        borderRadius: '12px'
+                    },
+                    position: {
+                        bottom: '20px',
+                        right: '20px'
+                    },
+                    size: 'medium',
+                    welcome: {
+                        title: "Hi! I'm ".concat(tenant.name, "'s AI assistant"),
+                        message: 'How can I help you today?',
+                        showAvatar: true
+                    },
+                    features: {
+                        fileUpload: false,
+                        typing: true,
+                        ratings: true
+                    }
+                };
+                widgetConfig = config ? __assign(__assign({}, defaultConfig), JSON.parse(config.config)) :
+                    defaultConfig;
+                res.json({
+                    tenantId: tenantId,
+                    config: widgetConfig
+                });
+                return [3 /*break*/, 4];
+            case 3:
+                error_1 = _a.sent();
+                console.error('Get widget config error:', error_1);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 4];
+            case 4: return [2 /*return*/];
+        }
+    });
+}); });
+// Get widget script
+router.get('/script/:tenantId', function (req, res) { return __awaiter(void 0, void 0, void 0, function () {
+    var tenantId, tenant, script, error_2;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                _a.trys.push([0, 2, , 3]);
+                tenantId = req.params.tenantId;
+                return [4 /*yield*/, database_1.database.get('SELECT id FROM tenants WHERE id = ?', [tenantId])];
+            case 1:
+                tenant = _a.sent();
+                if (!tenant) {
+                    return [2 /*return*/, res.status(404).json({ error: 'Tenant not found' })];
+                }
+                script = "\n(function() {\n  // MCP Chat Widget\n  const TENANT_ID = '".concat(tenantId, "';\n  const API_URL = '").concat(process.env.FRONTEND_URL || 'http://localhost:3001', "/api';\n  \n  // Create widget container\n  const widget = document.createElement('div');\n  widget.id = 'mcp-chat-widget';\n  widget.style.cssText = `\n    position: fixed;\n    bottom: 20px;\n    right: 20px;\n    width: 350px;\n    height: 500px;\n    background: white;\n    border-radius: 12px;\n    box-shadow: 0 10px 25px rgba(0,0,0,0.1);\n    z-index: 10000;\n    display: none;\n    flex-direction: column;\n    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n    border: 1px solid #e5e7eb;\n  `;\n\n  // Create chat button\n  const button = document.createElement('div');\n  button.id = 'mcp-chat-button';\n  button.style.cssText = `\n    position: fixed;\n    bottom: 20px;\n    right: 20px;\n    width: 60px;\n    height: 60px;\n    background: linear-gradient(135deg, #6366f1, #8b5cf6);\n    border-radius: 50%;\n    cursor: pointer;\n    z-index: 10001;\n    display: flex;\n    align-items: center;\n    justify-content: center;\n    box-shadow: 0 4px 12px rgba(99, 102, 241, 0.4);\n    transition: transform 0.2s ease;\n  `;\n  \n  button.innerHTML = `\n    <svg width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"white\" stroke-width=\"2\">\n      <path d=\"M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z\"></path>\n    </svg>\n  `;\n\n  button.onmouseover = () => button.style.transform = 'scale(1.05)';\n  button.onmouseout = () => button.style.transform = 'scale(1)';\n\n  // Widget header\n  const header = document.createElement('div');\n  header.style.cssText = `\n    padding: 16px;\n    background: linear-gradient(135deg, #6366f1, #8b5cf6);\n    color: white;\n    border-radius: 12px 12px 0 0;\n    display: flex;\n    justify-content: space-between;\n    align-items: center;\n  `;\n  \n  header.innerHTML = `\n    <div>\n      <h3 style=\"margin: 0; font-size: 16px; font-weight: 600;\">Chat Support</h3>\n      <p style=\"margin: 4px 0 0 0; font-size: 12px; opacity: 0.9;\">We're here to help!</p>\n    </div>\n    <button id=\"mcp-close-btn\" style=\"background: none; border: none; color: white; font-size: 20px; cursor: pointer; padding: 4px;\">\u00D7</button>\n  `;\n\n  // Messages container\n  const messages = document.createElement('div');\n  messages.id = 'mcp-messages';\n  messages.style.cssText = `\n    flex: 1;\n    padding: 16px;\n    overflow-y: auto;\n    display: flex;\n    flex-direction: column;\n    gap: 12px;\n  `;\n\n  // Input container\n  const inputContainer = document.createElement('div');\n  inputContainer.style.cssText = `\n    padding: 16px;\n    border-top: 1px solid #e5e7eb;\n    display: flex;\n    gap: 8px;\n  `;\n\n  const input = document.createElement('input');\n  input.type = 'text';\n  input.placeholder = 'Type your message...';\n  input.style.cssText = `\n    flex: 1;\n    padding: 12px;\n    border: 1px solid #d1d5db;\n    border-radius: 8px;\n    outline: none;\n    font-size: 14px;\n  `;\n\n  const sendBtn = document.createElement('button');\n  sendBtn.textContent = 'Send';\n  sendBtn.style.cssText = `\n    padding: 12px 16px;\n    background: #6366f1;\n    color: white;\n    border: none;\n    border-radius: 8px;\n    cursor: pointer;\n    font-size: 14px;\n    font-weight: 500;\n  `;\n\n  // Assemble widget\n  inputContainer.appendChild(input);\n  inputContainer.appendChild(sendBtn);\n  widget.appendChild(header);\n  widget.appendChild(messages);\n  widget.appendChild(inputContainer);\n\n  // Add to page\n  document.body.appendChild(button);\n  document.body.appendChild(widget);\n\n  // Session management\n  let sessionToken = null;\n  let isVisible = false;\n\n  // Toggle widget\n  function toggleWidget() {\n    isVisible = !isVisible;\n    widget.style.display = isVisible ? 'flex' : 'none';\n    button.style.display = isVisible ? 'none' : 'flex';\n    \n    if (isVisible && !sessionToken) {\n      initializeSession();\n    }\n  }\n\n  // Initialize chat session\n  async function initializeSession() {\n    try {\n      const response = await fetch(`${API_URL}/chat/sessions`, {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n        body: JSON.stringify({\n          tenantId: TENANT_ID,\n          domain: window.location.hostname,\n          userAgent: navigator.userAgent\n        })\n      });\n      \n      const data = await response.json();\n      sessionToken = data.sessionToken;\n      \n      // Add welcome message\n      addMessage('ai', 'Hello! How can I help you today?');\n    } catch (error) {\n      console.error('Failed to initialize session:', error);\n      addMessage('ai', 'Sorry, I\\'m having trouble connecting. Please try again later.');\n    }\n  }\n\n  // Send message\n  async function sendMessage(message) {\n    if (!sessionToken || !message.trim()) return;\n\n    addMessage('user', message);\n    input.value = '';\n    \n    // Show typing indicator\n    const typingEl = addMessage('ai', 'Typing...', true);\n    \n    try {\n      const response = await fetch(`${API_URL}/chat/messages`, {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n        body: JSON.stringify({\n          sessionToken,\n          message,\n          tenantId: TENANT_ID\n        })\n      });\n      \n      const data = await response.json();\n      \n      // Remove typing indicator\n      typingEl.remove();\n      \n      // Add AI response\n      addMessage('ai', data.response);\n      \n    } catch (error) {\n      typingEl.remove();\n      addMessage('ai', 'Sorry, I encountered an error. Please try again.');\n    }\n  }\n\n  // Add message to chat\n  function addMessage(sender, text, isTyping = false) {\n    const messageEl = document.createElement('div');\n    messageEl.style.cssText = `\n      max-width: 80%;\n      padding: 12px 16px;\n      border-radius: 18px;\n      font-size: 14px;\n      line-height: 1.4;\n      ${sender === 'user' ? \n        'background: #6366f1; color: white; align-self: flex-end; margin-left: auto;' : \n        'background: #f3f4f6; color: #374151; align-self: flex-start;'\n      }\n      ${isTyping ? 'opacity: 0.7; font-style: italic;' : ''}\n    `;\n    \n    messageEl.textContent = text;\n    messages.appendChild(messageEl);\n    messages.scrollTop = messages.scrollHeight;\n    \n    return messageEl;\n  }\n\n  // Event listeners\n  button.onclick = toggleWidget;\n  header.querySelector('#mcp-close-btn').onclick = toggleWidget;\n  sendBtn.onclick = () => sendMessage(input.value);\n  input.onkeypress = (e) => {\n    if (e.key === 'Enter') sendMessage(input.value);\n  };\n\n  console.log('MCP Chat Widget loaded successfully');\n})();\n");
+                res.setHeader('Content-Type', 'application/javascript');
+                res.send(script);
+                return [3 /*break*/, 3];
+            case 2:
+                error_2 = _a.sent();
+                console.error('Get widget script error:', error_2);
+                res.status(500).json({ error: 'Internal server error' });
+                return [3 /*break*/, 3];
+            case 3: return [2 /*return*/];
+        }
+    });
+}); });
+exports.default = router;

src/routes/widget.ts

@@ -0,0 +1,328 @@
+import express from 'express';
+import { database } from '../db/database';
+
+const router = express.Router();
+
+// Get widget configuration
+router.get('/config/:tenantId', async (req, res) => {
+  try {
+    const { tenantId } = req.params;
+
+    // Get tenant info
+    const tenant = await database.get(
+      'SELECT id, name, plan FROM tenants WHERE id = ?',
+      [tenantId]
+    );
+
+    if (!tenant) {
+      return res.status(404).json({ error: 'Tenant not found' });
+    }
+
+    // Get widget configuration
+    const config = await database.get(
+      'SELECT config FROM widget_configs WHERE tenant_id = ?',
+      [tenantId]
+    );
+
+    const defaultConfig = {
+      theme: {
+        primaryColor: '#6366f1',
+        backgroundColor: '#ffffff',
+        textColor: '#374151',
+        borderRadius: '12px'
+      },
+      position: {
+        bottom: '20px',
+        right: '20px'
+      },
+      size: 'medium',
+      welcome: {
+        title: `Hi! I'm ${tenant.name}'s AI assistant`,
+        message: 'How can I help you today?',
+        showAvatar: true
+      },
+      features: {
+        fileUpload: false,
+        typing: true,
+        ratings: true
+      }
+    };
+
+    const widgetConfig = config ? 
+      { ...defaultConfig, ...JSON.parse(config.config) } : 
+      defaultConfig;
+
+    res.json({
+      tenantId,
+      config: widgetConfig
+    });
+  } catch (error) {
+    console.error('Get widget config error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// Get widget script
+router.get('/script/:tenantId', async (req, res) => {
+  try {
+    const { tenantId } = req.params;
+
+    // Verify tenant exists
+    const tenant = await database.get(
+      'SELECT id FROM tenants WHERE id = ?',
+      [tenantId]
+    );
+
+    if (!tenant) {
+      return res.status(404).json({ error: 'Tenant not found' });
+    }
+
+    const script = `
+(function() {
+  // MCP Chat Widget
+  const TENANT_ID = '${tenantId}';
+  const API_URL = '${process.env.FRONTEND_URL || 'http://localhost:3001'}/api';
+  
+  // Create widget container
+  const widget = document.createElement('div');
+  widget.id = 'mcp-chat-widget';
+  widget.style.cssText = \`
+    position: fixed;
+    bottom: 20px;
+    right: 20px;
+    width: 350px;
+    height: 500px;
+    background: white;
+    border-radius: 12px;
+    box-shadow: 0 10px 25px rgba(0,0,0,0.1);
+    z-index: 10000;
+    display: none;
+    flex-direction: column;
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+    border: 1px solid #e5e7eb;
+  \`;
+
+  // Create chat button
+  const button = document.createElement('div');
+  button.id = 'mcp-chat-button';
+  button.style.cssText = \`
+    position: fixed;
+    bottom: 20px;
+    right: 20px;
+    width: 60px;
+    height: 60px;
+    background: linear-gradient(135deg, #6366f1, #8b5cf6);
+    border-radius: 50%;
+    cursor: pointer;
+    z-index: 10001;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    box-shadow: 0 4px 12px rgba(99, 102, 241, 0.4);
+    transition: transform 0.2s ease;
+  \`;
+  
+  button.innerHTML = \`
+    <svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="white" stroke-width="2">
+      <path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z"></path>
+    </svg>
+  \`;
+
+  button.onmouseover = () => button.style.transform = 'scale(1.05)';
+  button.onmouseout = () => button.style.transform = 'scale(1)';
+
+  // Widget header
+  const header = document.createElement('div');
+  header.style.cssText = \`
+    padding: 16px;
+    background: linear-gradient(135deg, #6366f1, #8b5cf6);
+    color: white;
+    border-radius: 12px 12px 0 0;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+  \`;
+  
+  header.innerHTML = \`
+    <div>
+      <h3 style="margin: 0; font-size: 16px; font-weight: 600;">Chat Support</h3>
+      <p style="margin: 4px 0 0 0; font-size: 12px; opacity: 0.9;">We're here to help!</p>
+    </div>
+    <button id="mcp-close-btn" style="background: none; border: none; color: white; font-size: 20px; cursor: pointer; padding: 4px;">×</button>
+  \`;
+
+  // Messages container
+  const messages = document.createElement('div');
+  messages.id = 'mcp-messages';
+  messages.style.cssText = \`
+    flex: 1;
+    padding: 16px;
+    overflow-y: auto;
+    display: flex;
+    flex-direction: column;
+    gap: 12px;
+  \`;
+
+  // Input container
+  const inputContainer = document.createElement('div');
+  inputContainer.style.cssText = \`
+    padding: 16px;
+    border-top: 1px solid #e5e7eb;
+    display: flex;
+    gap: 8px;
+  \`;
+
+  const input = document.createElement('input');
+  input.type = 'text';
+  input.placeholder = 'Type your message...';
+  input.style.cssText = \`
+    flex: 1;
+    padding: 12px;
+    border: 1px solid #d1d5db;
+    border-radius: 8px;
+    outline: none;
+    font-size: 14px;
+  \`;
+
+  const sendBtn = document.createElement('button');
+  sendBtn.textContent = 'Send';
+  sendBtn.style.cssText = \`
+    padding: 12px 16px;
+    background: #6366f1;
+    color: white;
+    border: none;
+    border-radius: 8px;
+    cursor: pointer;
+    font-size: 14px;
+    font-weight: 500;
+  \`;
+
+  // Assemble widget
+  inputContainer.appendChild(input);
+  inputContainer.appendChild(sendBtn);
+  widget.appendChild(header);
+  widget.appendChild(messages);
+  widget.appendChild(inputContainer);
+
+  // Add to page
+  document.body.appendChild(button);
+  document.body.appendChild(widget);
+
+  // Session management
+  let sessionToken = null;
+  let isVisible = false;
+
+  // Toggle widget
+  function toggleWidget() {
+    isVisible = !isVisible;
+    widget.style.display = isVisible ? 'flex' : 'none';
+    button.style.display = isVisible ? 'none' : 'flex';
+    
+    if (isVisible && !sessionToken) {
+      initializeSession();
+    }
+  }
+
+  // Initialize chat session
+  async function initializeSession() {
+    try {
+      const response = await fetch(\`\${API_URL}/chat/sessions\`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          tenantId: TENANT_ID,
+          domain: window.location.hostname,
+          userAgent: navigator.userAgent
+        })
+      });
+      
+      const data = await response.json();
+      sessionToken = data.sessionToken;
+      
+      // Add welcome message
+      addMessage('ai', 'Hello! How can I help you today?');
+    } catch (error) {
+      console.error('Failed to initialize session:', error);
+      addMessage('ai', 'Sorry, I\\'m having trouble connecting. Please try again later.');
+    }
+  }
+
+  // Send message
+  async function sendMessage(message) {
+    if (!sessionToken || !message.trim()) return;
+
+    addMessage('user', message);
+    input.value = '';
+    
+    // Show typing indicator
+    const typingEl = addMessage('ai', 'Typing...', true);
+    
+    try {
+      const response = await fetch(\`\${API_URL}/chat/messages\`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          sessionToken,
+          message,
+          tenantId: TENANT_ID
+        })
+      });
+      
+      const data = await response.json();
+      
+      // Remove typing indicator
+      typingEl.remove();
+      
+      // Add AI response
+      addMessage('ai', data.response);
+      
+    } catch (error) {
+      typingEl.remove();
+      addMessage('ai', 'Sorry, I encountered an error. Please try again.');
+    }
+  }
+
+  // Add message to chat
+  function addMessage(sender, text, isTyping = false) {
+    const messageEl = document.createElement('div');
+    messageEl.style.cssText = \`
+      max-width: 80%;
+      padding: 12px 16px;
+      border-radius: 18px;
+      font-size: 14px;
+      line-height: 1.4;
+      \${sender === 'user' ? 
+        'background: #6366f1; color: white; align-self: flex-end; margin-left: auto;' : 
+        'background: #f3f4f6; color: #374151; align-self: flex-start;'
+      }
+      \${isTyping ? 'opacity: 0.7; font-style: italic;' : ''}
+    \`;
+    
+    messageEl.textContent = text;
+    messages.appendChild(messageEl);
+    messages.scrollTop = messages.scrollHeight;
+    
+    return messageEl;
+  }
+
+  // Event listeners
+  button.onclick = toggleWidget;
+  header.querySelector('#mcp-close-btn').onclick = toggleWidget;
+  sendBtn.onclick = () => sendMessage(input.value);
+  input.onkeypress = (e) => {
+    if (e.key === 'Enter') sendMessage(input.value);
+  };
+
+  console.log('MCP Chat Widget loaded successfully');
+})();
+`;
+
+    res.setHeader('Content-Type', 'application/javascript');
+    res.send(script);
+  } catch (error) {
+    console.error('Get widget script error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+export default router; 

src/server.js

@@ -0,0 +1,148 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
+    return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+var express_1 = require("express");
+var cors_1 = require("cors");
+var helmet_1 = require("helmet");
+var dotenv_1 = require("dotenv");
+var express_rate_limit_1 = require("express-rate-limit");
+var http_1 = require("http");
+var ws_1 = require("ws");
+var path_1 = require("path");
+// Import routes
+var auth_1 = require("./routes/auth");
+var tenants_1 = require("./routes/tenants");
+var knowledge_base_1 = require("./routes/knowledge-base");
+var chat_1 = require("./routes/chat");
+var analytics_1 = require("./routes/analytics");
+var widget_1 = require("./routes/widget");
+// Import middleware
+var auth_2 = require("./middleware/auth");
+var errorHandler_1 = require("./middleware/errorHandler");
+// Import database initialization
+var database_1 = require("./db/database");
+// Import WebSocket handler
+var websocket_1 = require("./services/websocket");
+dotenv_1.default.config();
+var app = (0, express_1.default)();
+var PORT = process.env.PORT || 3001;
+// Create HTTP server for WebSocket support
+var server = (0, http_1.createServer)(app);
+// Initialize WebSocket
+var wss = new ws_1.WebSocketServer({ server: server });
+(0, websocket_1.setupWebSocket)(wss);
+// Security middleware
+app.use((0, helmet_1.default)({
+    contentSecurityPolicy: false, // Disable for development
+    crossOriginEmbedderPolicy: false
+}));
+// Rate limiting
+var limiter = (0, express_rate_limit_1.default)({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+    message: 'Too many requests from this IP, please try again later.'
+});
+app.use('/api/', limiter);
+// CORS configuration
+app.use((0, cors_1.default)({
+    origin: [
+        process.env.FRONTEND_URL || 'http://localhost:5173',
+        'http://localhost:3000',
+        'https://your-frontend-domain.com' // Add your production frontend URL
+    ],
+    credentials: true,
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization']
+}));
+// Body parsing middleware
+app.use(express_1.default.json({ limit: '50mb' }));
+app.use(express_1.default.urlencoded({ extended: true, limit: '50mb' }));
+// Static file serving for uploads
+app.use('/uploads', express_1.default.static(path_1.default.join(__dirname, '../uploads')));
+// Health check endpoint
+app.get('/health', function (req, res) {
+    res.json({
+        status: 'healthy',
+        timestamp: new Date().toISOString(),
+        version: '1.0.0'
+    });
+});
+// API Routes
+app.use('/api/auth', auth_1.default);
+app.use('/api/tenants', auth_2.authenticateToken, tenants_1.default);
+app.use('/api/knowledge-base', auth_2.authenticateToken, knowledge_base_1.default);
+app.use('/api/chat', chat_1.default); // No auth required for public chat widget
+app.use('/api/analytics', auth_2.authenticateToken, analytics_1.default);
+app.use('/api/widget', widget_1.default); // No auth required for widget access
+// Error handling middleware
+app.use(errorHandler_1.errorHandler);
+// 404 handler
+app.use('*', function (req, res) {
+    res.status(404).json({ error: 'Endpoint not found' });
+});
+// Initialize database and start server
+function startServer() {
+    return __awaiter(this, void 0, void 0, function () {
+        var error_1;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    _a.trys.push([0, 2, , 3]);
+                    return [4 /*yield*/, (0, database_1.initializeDatabase)()];
+                case 1:
+                    _a.sent();
+                    console.log('✅ Database initialized successfully');
+                    server.listen(PORT, function () {
+                        console.log("\uD83D\uDE80 Server running on port ".concat(PORT));
+                        console.log("\uD83D\uDCF1 Health check: http://localhost:".concat(PORT, "/health"));
+                        console.log("\uD83D\uDD0C WebSocket server ready");
+                        console.log("\uD83C\uDF10 CORS enabled for: ".concat(process.env.FRONTEND_URL));
+                    });
+                    return [3 /*break*/, 3];
+                case 2:
+                    error_1 = _a.sent();
+                    console.error('❌ Failed to start server:', error_1);
+                    process.exit(1);
+                    return [3 /*break*/, 3];
+                case 3: return [2 /*return*/];
+            }
+        });
+    });
+}
+startServer();
+exports.default = app;

src/server.ts

@@ -0,0 +1,118 @@
+import express from 'express';
+import cors from 'cors';
+import helmet from 'helmet';
+import dotenv from 'dotenv';
+import rateLimit from 'express-rate-limit';
+import { createServer } from 'http';
+import { WebSocketServer } from 'ws';
+import path from 'path';
+
+// Import routes
+import authRoutes from './routes/auth';
+import tenantRoutes from './routes/tenants';
+import knowledgeBaseRoutes from './routes/knowledge-base';
+import chatRoutes from './routes/chat';
+import analyticsRoutes from './routes/analytics';
+import widgetRoutes from './routes/widget';
+
+// Import middleware
+import { authenticateToken } from './middleware/auth';
+import { errorHandler } from './middleware/errorHandler';
+
+// Import database initialization
+import { initializeDatabase } from './db/database';
+
+// Import WebSocket handler
+import { setupWebSocket } from './services/websocket';
+
+dotenv.config();
+
+const app = express();
+const PORT = process.env.PORT || 3001;
+
+// Create HTTP server for WebSocket support
+const server = createServer(app);
+
+// Initialize WebSocket
+const wss = new WebSocketServer({ server });
+setupWebSocket(wss);
+
+// Security middleware
+app.use(helmet({
+  contentSecurityPolicy: false, // Disable for development
+  crossOriginEmbedderPolicy: false
+}));
+
+// Rate limiting
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+  message: 'Too many requests from this IP, please try again later.'
+});
+app.use('/api/', limiter);
+
+// CORS configuration
+app.use(cors({
+  origin: [
+    process.env.FRONTEND_URL || 'http://localhost:5173',
+    'http://localhost:3000',
+    'https://your-frontend-domain.com' // Add your production frontend URL
+  ],
+  credentials: true,
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization']
+}));
+
+// Body parsing middleware
+app.use(express.json({ limit: '50mb' }));
+app.use(express.urlencoded({ extended: true, limit: '50mb' }));
+
+// Static file serving for uploads
+app.use('/uploads', express.static(path.join(__dirname, '../uploads')));
+
+// Health check endpoint
+app.get('/health', (req, res) => {
+  res.json({ 
+    status: 'healthy', 
+    timestamp: new Date().toISOString(),
+    version: '1.0.0'
+  });
+});
+
+// API Routes
+app.use('/api/auth', authRoutes);
+app.use('/api/tenants', authenticateToken, tenantRoutes);
+app.use('/api/knowledge-base', authenticateToken, knowledgeBaseRoutes);
+app.use('/api/chat', chatRoutes); // No auth required for public chat widget
+app.use('/api/analytics', authenticateToken, analyticsRoutes);
+app.use('/api/widget', widgetRoutes); // No auth required for widget access
+
+// Error handling middleware
+app.use(errorHandler);
+
+// 404 handler
+app.use('*', (req, res) => {
+  res.status(404).json({ error: 'Endpoint not found' });
+});
+
+// Initialize database and start server
+async function startServer() {
+  try {
+    await initializeDatabase();
+    console.log('✅ Database initialized successfully');
+
+    server.listen(PORT, () => {
+      console.log(`🚀 Server running on port ${PORT}`);
+      console.log(`📱 Health check: http://localhost:${PORT}/health`);
+      console.log(`🔌 WebSocket server ready`);
+      console.log(`🌐 CORS enabled for: ${process.env.FRONTEND_URL}`);
+    });
+  } catch (error) {
+    console.error('❌ Failed to start server:', error);
+    process.exit(1);
+  }
+}
+
+startServer();
+
+export default app; 

src/services/websocket.ts

@@ -0,0 +1,139 @@
+import { WebSocketServer, WebSocket } from 'ws';
+import { IncomingMessage } from 'http';
+import { parse } from 'url';
+
+interface ExtendedWebSocket extends WebSocket {
+  tenantId?: string;
+  sessionToken?: string;
+  isAlive?: boolean;
+}
+
+export function setupWebSocket(wss: WebSocketServer) {
+  const clients = new Map<string, ExtendedWebSocket>();
+
+  wss.on('connection', (ws: ExtendedWebSocket, req: IncomingMessage) => {
+    // Parse query parameters
+    const query = parse(req.url || '', true).query;
+    const tenantId = query.tenantId as string;
+    const sessionToken = query.sessionToken as string;
+
+    if (!tenantId || !sessionToken) {
+      ws.close(1008, 'Missing tenantId or sessionToken');
+      return;
+    }
+
+    // Set up connection
+    ws.tenantId = tenantId;
+    ws.sessionToken = sessionToken;
+    ws.isAlive = true;
+
+    // Store client connection
+    const clientKey = `${tenantId}:${sessionToken}`;
+    clients.set(clientKey, ws);
+
+    console.log(`WebSocket client connected: ${clientKey}`);
+
+    // Handle ping/pong for connection health
+    ws.on('pong', () => {
+      ws.isAlive = true;
+    });
+
+    ws.on('message', (data: Buffer) => {
+      try {
+        const message = JSON.parse(data.toString());
+        handleMessage(ws, message);
+      } catch (error) {
+        console.error('Invalid WebSocket message:', error);
+        ws.send(JSON.stringify({ error: 'Invalid message format' }));
+      }
+    });
+
+    ws.on('close', () => {
+      console.log(`WebSocket client disconnected: ${clientKey}`);
+      clients.delete(clientKey);
+    });
+
+    ws.on('error', (error) => {
+      console.error('WebSocket error:', error);
+      clients.delete(clientKey);
+    });
+
+    // Send welcome message
+    ws.send(JSON.stringify({
+      type: 'connection',
+      message: 'Connected to chat server',
+      timestamp: new Date().toISOString()
+    }));
+  });
+
+  // Health check - ping clients every 30 seconds
+  const interval = setInterval(() => {
+    wss.clients.forEach((ws: ExtendedWebSocket) => {
+      if (ws.isAlive === false) {
+        return ws.terminate();
+      }
+      
+      ws.isAlive = false;
+      ws.ping();
+    });
+  }, 30000);
+
+  wss.on('close', () => {
+    clearInterval(interval);
+  });
+
+  function handleMessage(ws: ExtendedWebSocket, message: any) {
+    switch (message.type) {
+      case 'ping':
+        ws.send(JSON.stringify({ type: 'pong', timestamp: new Date().toISOString() }));
+        break;
+        
+      case 'typing':
+        // Broadcast typing indicator to other participants (if multi-user chat)
+        broadcastToSession(ws.tenantId!, ws.sessionToken!, {
+          type: 'typing',
+          sender: 'user',
+          timestamp: new Date().toISOString()
+        }, ws);
+        break;
+        
+      case 'stop_typing':
+        broadcastToSession(ws.tenantId!, ws.sessionToken!, {
+          type: 'stop_typing',
+          sender: 'user',
+          timestamp: new Date().toISOString()
+        }, ws);
+        break;
+        
+      default:
+        ws.send(JSON.stringify({ error: 'Unknown message type' }));
+    }
+  }
+
+  function broadcastToSession(tenantId: string, sessionToken: string, message: any, sender?: WebSocket) {
+    const clientKey = `${tenantId}:${sessionToken}`;
+    const client = clients.get(clientKey);
+    
+    if (client && client !== sender && client.readyState === WebSocket.OPEN) {
+      client.send(JSON.stringify(message));
+    }
+  }
+
+  // Utility function to send message to specific session
+  function sendToSession(tenantId: string, sessionToken: string, message: any) {
+    const clientKey = `${tenantId}:${sessionToken}`;
+    const client = clients.get(clientKey);
+    
+    if (client && client.readyState === WebSocket.OPEN) {
+      client.send(JSON.stringify(message));
+      return true;
+    }
+    return false;
+  }
+
+  return {
+    broadcastToSession,
+    sendToSession,
+    getConnectedClients: () => clients.size
+  };
+} 

src/start.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+require("./server");

src/start.ts

@@ -0,0 +1 @@
+import './server'; 

tsconfig.json

@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": ["ES2020"],
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": false,
+    "sourceMap": true,
+    "moduleResolution": "node",
+    "allowJs": true,
+    "noEmit": false
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"],
+  "ts-node": {
+    "esm": false
+  }
+}