Fix db_list_tables blocked by own sanitizer + add security_overrides column

Two fixes:

1. db_list_tables and db_describe_table were blocked by the query
   sanitizer because they use information_schema queries, which matched
   the BLOCKED_PATTERNS list. Added _trusted flag to DatabaseQuery so
   internal system tools bypass the sanitizer while user queries still
   get checked.

2. Agent security settings save failed with "column security_overrides
   does not exist" — the column was never added via migration. Added
   ALTER TABLE migration for Postgres and SQLite. Updated updateAgent()
   and mapAgent() in all 6 adapters (postgres, sqlite, mysql, turso,
   mongodb, dynamodb).

Author: Ope Olatunji

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.508",
+  "version": "0.5.510",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package.json

@@ -136,7 +136,7 @@ export function createDatabaseTools(manager: DatabaseConnectionManager, agentId:
       }
 
       try {
-        const result = await manager.executeQuery({ connectionId: input.connectionId, agentId, operation: 'read', sql });
+        const result = await manager.executeQuery({ connectionId: input.connectionId, agentId, operation: 'read', sql, _trusted: true });
         if (!result.success) return errorResult(result.error || 'Query failed');
         return jsonResult({ columns: result.rows, table: input.table });
       } catch (e: any) {
@@ -180,7 +180,7 @@ export function createDatabaseTools(manager: DatabaseConnectionManager, agentId:
       }
 
       try {
-        const result = await manager.executeQuery({ connectionId: input.connectionId, agentId, operation: 'read', sql });
+        const result = await manager.executeQuery({ connectionId: input.connectionId, agentId, operation: 'read', sql, _trusted: true });
         if (!result.success) return errorResult(result.error || 'Query failed');
         return jsonResult({ tables: result.rows });
       } catch (e: any) {

src/database-access/agent-tools.ts

@@ -468,14 +468,21 @@ export class DatabaseConnectionManager {
       return { success: false, error: 'No SQL query provided', executionTimeMs: 0, queryId };
     }
 
-    const sanitizeResult = sanitizeQuery(query.sql, access.permissions, config, access);
-    if (!sanitizeResult.allowed) {
-      await this.logAudit(query, config, access, 'read', 0, false, sanitizeResult.reason || 'Query blocked', startMs, queryId);
-      return { success: false, error: sanitizeResult.reason, executionTimeMs: Date.now() - startMs, queryId };
+    let finalSql = query.sql;
+    let sanitizeResult: { allowed: boolean; operation: string; reason?: string; sanitizedQuery?: string } | undefined;
+
+    if (query._trusted) {
+      // Internal system tools (db_list_tables, db_describe_table) bypass sanitizer
+      finalSql = query.sql;
+    } else {
+      sanitizeResult = sanitizeQuery(query.sql, access.permissions, config, access);
+      if (!sanitizeResult.allowed) {
+        await this.logAudit(query, config, access, 'read', 0, false, sanitizeResult.reason || 'Query blocked', startMs, queryId);
+        return { success: false, error: sanitizeResult.reason, executionTimeMs: Date.now() - startMs, queryId };
+      }
+      finalSql = sanitizeResult.sanitizedQuery || query.sql;
     }
 
-    const finalSql = sanitizeResult.sanitizedQuery || query.sql;
-
     // 4. Check concurrent query limit
     const _maxConcurrent = access.queryLimits?.maxConcurrentQueries ?? config.queryLimits?.maxConcurrentQueries ?? 5;
     // (In production, track active queries per connection — simplified here)

src/database-access/connection-manager.ts

@@ -167,16 +167,19 @@ export interface DatabaseQuery {
   operation: 'read' | 'write' | 'delete' | 'schema' | 'execute';
   sql?: string;
   params?: any[];
-  
+
   // For NoSQL
   collection?: string;
   filter?: Record<string, any>;
   update?: Record<string, any>;
   document?: Record<string, any>;
-  
+
   // For Redis
   command?: string;
   args?: string[];
+
+  /** Skip query sanitizer — only for internal system tools (db_list_tables, db_describe_table) */
+  _trusted?: boolean;
 }
 
 export interface QueryResult {

src/database-access/types.ts

@@ -210,7 +210,7 @@ export class DynamoAdapter extends DatabaseAdapter {
     const current = await this.getItem(pk('AGENT'), id);
     if (!current) throw new Error('Agent not found');
     const merged = { ...current, updatedAt: new Date().toISOString() };
-    for (const key of ['name', 'email', 'role', 'status', 'metadata']) {
+    for (const key of ['name', 'email', 'role', 'status', 'metadata', 'securityOverrides']) {
       if ((updates as any)[key] !== undefined) merged[key] = (updates as any)[key];
     }
     if (updates.name) { merged.GSI1SK = updates.name; }

src/db/dynamodb.ts

@@ -129,7 +129,7 @@ export class MongoAdapter extends DatabaseAdapter {
 
   async updateAgent(id: string, updates: Partial<Agent>): Promise<Agent> {
     const set: any = { updatedAt: new Date() };
-    for (const key of ['name', 'email', 'role', 'status', 'metadata']) {
+    for (const key of ['name', 'email', 'role', 'status', 'metadata', 'securityOverrides']) {
       if ((updates as any)[key] !== undefined) set[key] = (updates as any)[key];
     }
     await this.col('agents').updateOne({ _id: id }, { $set: set });

src/db/mongodb.ts

@@ -226,6 +226,7 @@ export class MysqlAdapter extends DatabaseAdapter {
       if ((updates as any)[key] !== undefined) { fields.push(`${col} = ?`); vals.push((updates as any)[key]); }
     }
     if (updates.metadata) { fields.push('metadata = ?'); vals.push(JSON.stringify(updates.metadata)); }
+    if ((updates as any).securityOverrides !== undefined) { fields.push('security_overrides = ?'); vals.push(JSON.stringify((updates as any).securityOverrides)); }
     if (fields.length === 0) return (await this.getAgent(id))!;
     fields.push('updated_at = NOW()');
     vals.push(id);
@@ -475,6 +476,7 @@ export class MysqlAdapter extends DatabaseAdapter {
     return {
       id: r.id, name: r.name, email: r.email, role: r.role, status: r.status,
       metadata: typeof r.metadata === 'string' ? JSON.parse(r.metadata) : (r.metadata || {}),
+      securityOverrides: r.security_overrides ? (typeof r.security_overrides === 'string' ? JSON.parse(r.security_overrides) : r.security_overrides) : undefined,
       createdAt: new Date(r.created_at), updatedAt: new Date(r.updated_at), createdBy: r.created_by,
     };
   }

src/db/mysql.ts

@@ -247,6 +247,7 @@ export class PostgresAdapter extends DatabaseAdapter {
         ALTER TABLE users ADD COLUMN IF NOT EXISTS is_active BOOLEAN DEFAULT TRUE;
         ALTER TABLE users ADD COLUMN IF NOT EXISTS client_org_id TEXT;
         ALTER TABLE agents ADD COLUMN IF NOT EXISTS billing_rate NUMERIC(10,2) DEFAULT 0;
+        ALTER TABLE agents ADD COLUMN IF NOT EXISTS security_overrides JSONB;
       `).catch(() => {});
       // ─── Client Organizations ────────────────────────────
       await client.query(`

src/db/postgres.ts

@@ -65,6 +65,7 @@ export class SqliteAdapter extends DatabaseAdapter {
       try { this.db.exec(`ALTER TABLE users ADD COLUMN is_active INTEGER DEFAULT 1`); } catch { /* exists */ }
       try { this.db.exec(`ALTER TABLE users ADD COLUMN client_org_id TEXT`); } catch { /* exists */ }
       try { this.db.exec(`ALTER TABLE agents ADD COLUMN billing_rate REAL DEFAULT 0`); } catch { /* exists */ }
+      try { this.db.exec(`ALTER TABLE agents ADD COLUMN security_overrides TEXT`); } catch { /* exists */ }
       // ─── Client Organizations ────────────────────────────
       this.db.exec(`
         CREATE TABLE IF NOT EXISTS client_organizations (
@@ -212,6 +213,7 @@ export class SqliteAdapter extends DatabaseAdapter {
       if ((updates as any)[key] !== undefined) { fields.push(`${col} = ?`); vals.push((updates as any)[key]); }
     }
     if (updates.metadata) { fields.push('metadata = ?'); vals.push(JSON.stringify(updates.metadata)); }
+    if ((updates as any).securityOverrides !== undefined) { fields.push('security_overrides = ?'); vals.push(JSON.stringify((updates as any).securityOverrides)); }
     fields.push("updated_at = datetime('now')");
     vals.push(id);
     this.db.prepare(`UPDATE agents SET ${fields.join(', ')} WHERE id = ?`).run(...vals);
@@ -432,6 +434,7 @@ export class SqliteAdapter extends DatabaseAdapter {
     return {
       id: r.id, name: r.name, email: r.email, role: r.role, status: r.status,
       metadata: typeof r.metadata === 'string' ? JSON.parse(r.metadata) : r.metadata,
+      securityOverrides: r.security_overrides ? (typeof r.security_overrides === 'string' ? JSON.parse(r.security_overrides) : r.security_overrides) : undefined,
       createdAt: new Date(r.created_at), updatedAt: new Date(r.updated_at), createdBy: r.created_by,
       client_org_id: r.client_org_id || null,
     };