feat: add google maps mcp source

oxfmt was reformatting generated drizzle migration snapshots and
crashing on .ona/review/comments.json. Also runs the formatter
across the full codebase.

Co-authored-by: Ona <no-reply@ona.com>

.github/workflows/build-waitlist-website.yml

@@ -11,7 +11,7 @@ on:
 
 env:
   REGISTRY: cr.nym.sh
-  IMAGE_NAME: aelis-waitlist-website
+  IMAGE_NAME: freya-waitlist-website
 
 jobs:
   build:

.ona/automations.yaml

@@ -1,45 +0,0 @@
-services:
-  expo:
-    name: Expo Dev Server
-    description: Expo development server for aelis-client
-    triggeredBy:
-      - postDevcontainerStart
-    commands:
-      start: cd apps/aelis-client && ./scripts/run-dev-server.sh
-
-  drizzle-studio:
-    name: Drizzle Studio
-    description: Drizzle Studio database browser for aelis-backend
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        FORWARD_URL=$(gitpod environment port open 4983 --name drizzle-studio-server | sed 's|https://||')
-        echo "Drizzle Studio: https://local.drizzle.studio/?host=${FORWARD_URL}&port=443"
-        cd apps/aelis-backend && bunx drizzle-kit studio --host 0.0.0.0 --port 4983
-
-  aelis-backend:
-    name: Aelis Backend
-    description: Hono API server for aelis-backend (port 3000)
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        gitpod --context environment environment port open 3000 --name "Aelis Backend" --protocol http
-        TS_IP=$(tailscale ip -4)
-        echo ""
-        echo "------------------ Bun Debugger ------------------"
-        echo "https://debug.bun.sh/#${TS_IP}:6499"
-        echo "------------------ Bun Debugger ------------------"
-        echo ""
-        cd apps/aelis-backend && bun run dev
-
-  admin-dashboard:
-    name: Admin Dashboard
-    description: Vite dev server for admin-dashboard (port 5174)
-    triggeredBy:
-      - manual
-    commands:
-      start: |
-        gitpod --context environment environment port open 5174 --name "Admin Dashboard" --protocol http
-        cd apps/admin-dashboard && bun run dev --host

.oxfmtrc.json

@@ -8,5 +8,5 @@
 		"ignoreCase": true,
 		"newlinesBetween": true
 	},
-	"ignorePatterns": [".claude", "fixtures"]
+	"ignorePatterns": [".claude", ".ona", "drizzle", "fixtures"]
 }

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+	"js/ts.experimental.useTsgo": true
+}

AGENTS.md

@@ -2,7 +2,7 @@
 
 ## Project
 
-AELIS is an AI-powered personal assistant that aggregates data from various sources into a contextual feed. Monorepo with `packages/` (shared libraries) and `apps/` (applications).
+FREYA is an AI-powered personal assistant that aggregates data from various sources into a contextual feed. Monorepo with `packages/` (shared libraries) and `apps/` (applications).
 
 ## Commands
 

README.md

@@ -1,4 +1,4 @@
-# aelis
+# freya
 
 To install dependencies:
 
@@ -8,14 +8,14 @@ bun install
 
 ## Packages
 
-### @aelis/source-tfl
+### @freya/source-tfl
 
 TfL (Transport for London) feed source for tube, overground, and Elizabeth line alerts.
 
 #### Testing
 
 ```bash
-cd packages/aelis-source-tfl
+cd packages/freya-source-tfl
 bun run test
 ```
 

apps/admin-dashboard/package.json

@@ -34,7 +34,7 @@
 		"@types/react": "^19.2.5",
 		"@types/react-dom": "^19.2.3",
 		"@vitejs/plugin-react": "^5.1.1",
-		"typescript": "~5.9.3",
+		"typescript": "^6",
 		"vite": "^7.2.4"
 	}
 }

apps/admin-dashboard/src/components/login-page.tsx

@@ -71,7 +71,7 @@ export function LoginPage({ onLogin }: LoginPageProps) {
 								type="email"
 								value={email}
 								onChange={(e) => setEmail(e.target.value)}
-								placeholder="admin@aelis.local"
+								placeholder="admin@freya.local"
 								required
 							/>
 						</div>

apps/admin-dashboard/src/components/source-config-panel.tsx

@@ -20,13 +20,7 @@ import {
 import { Separator } from "@/components/ui/separator"
 import { Switch } from "@/components/ui/switch"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
-import {
+import { fetchSourceConfig, pushLocation, replaceSource, updateProviderConfig } from "@/lib/api"
-	fetchSourceConfig,
-	pushLocation,
-	replaceSource,
-	updateProviderConfig,
-	updateSourceCredentials,
-} from "@/lib/api"
 
 interface SourceConfigPanelProps {
 	source: SourceDefinition
@@ -72,6 +66,20 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 		return creds
 	}
 
+	function hasUserConfigFields(): boolean {
+		return Object.values(source.fields).some((field) => !isCredentialField(field))
+	}
+
+	function buildReplaceBody(enabledValue: boolean): Parameters<typeof replaceSource>[1] {
+		const body: Parameters<typeof replaceSource>[1] = { enabled: enabledValue }
+
+		if (hasUserConfigFields()) {
+			body.config = getUserConfig()
+		}
+
+		return body
+	}
+
 	function invalidate() {
 		queryClient.invalidateQueries({ queryKey: ["sourceConfig", source.id] })
 		queryClient.invalidateQueries({ queryKey: ["configs"] })
@@ -80,23 +88,21 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 
 	const saveMutation = useMutation({
 		mutationFn: async () => {
-			const promises: Promise<void>[] = [
-				replaceSource(source.id, { enabled, config: getUserConfig() }),
-			]
-
 			const credentialFields = getCredentialFields()
 			const hasCredentials = Object.values(credentialFields).some(
 				(v) => typeof v === "string" && v.length > 0,
 			)
-			if (hasCredentials) {
-				if (source.perUserCredentials) {
-					promises.push(updateSourceCredentials(source.id, credentialFields))
-				} else {
-					promises.push(updateProviderConfig(source.id, { credentials: credentialFields }))
-				}
-			}
 
-			await Promise.all(promises)
+			const body = buildReplaceBody(enabled)
+			if (hasCredentials && source.perUserCredentials) {
+				body.credentials = credentialFields
+			}
+			await replaceSource(source.id, body)
+
+			// For non-per-user credentials (provider-level), still use the admin endpoint.
+			if (hasCredentials && !source.perUserCredentials) {
+				await updateProviderConfig(source.id, { credentials: credentialFields })
+			}
 		},
 		onSuccess() {
 			setDirty({})
@@ -109,8 +115,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 	})
 
 	const toggleMutation = useMutation({
-		mutationFn: (checked: boolean) =>
+		mutationFn: (checked: boolean) => replaceSource(source.id, buildReplaceBody(checked)),
-			replaceSource(source.id, { enabled: checked, config: getUserConfig() }),
 		onSuccess(_data, checked) {
 			invalidate()
 			toast.success(`Source ${checked ? "enabled" : "disabled"}`)
@@ -121,7 +126,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 	})
 
 	const deleteMutation = useMutation({
-		mutationFn: () => replaceSource(source.id, { enabled: false, config: {} }),
+		mutationFn: () => replaceSource(source.id, buildReplaceBody(false)),
 		onSuccess() {
 			setDirty({})
 			invalidate()
@@ -252,7 +257,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 			)}
 
 			{/* Always-on sources */}
-			{source.alwaysEnabled && source.id !== "aelis.location" && (
+			{source.alwaysEnabled && source.id !== "freya.location" && (
 				<>
 					<Separator />
 					<p className="text-sm text-muted-foreground">
@@ -261,7 +266,7 @@ export function SourceConfigPanel({ source, onUpdate }: SourceConfigPanelProps)
 				</>
 			)}
 
-			{source.id === "aelis.location" && <LocationCard />}
+			{source.id === "freya.location" && <LocationCard />}
 		</div>
 	)
 }

apps/admin-dashboard/src/lib/api.ts

@@ -36,14 +36,14 @@ export interface SourceConfig {
 
 const sourceDefinitions: SourceDefinition[] = [
 	{
-		id: "aelis.location",
+		id: "freya.location",
 		name: "Location",
 		description: "Device location provider. Always enabled as a dependency for other sources.",
 		alwaysEnabled: true,
 		fields: {},
 	},
 	{
-		id: "aelis.weather",
+		id: "freya.weather",
 		name: "WeatherKit",
 		description: "Apple WeatherKit weather data. Requires Apple Developer credentials.",
 		fields: {
@@ -81,7 +81,7 @@ const sourceDefinitions: SourceDefinition[] = [
 		},
 	},
 	{
-		id: "aelis.caldav",
+		id: "freya.caldav",
 		name: "CalDAV",
 		description: "Calendar events from any CalDAV server (Nextcloud, Radicale, Baikal, etc.).",
 		perUserCredentials: true,
@@ -114,12 +114,12 @@ const sourceDefinitions: SourceDefinition[] = [
 			timeZone: {
 				type: "string",
 				label: "Timezone",
-				description: "IANA timezone for determining \"today\" (e.g. Europe/London). Defaults to UTC.",
+				description: 'IANA timezone for determining "today" (e.g. Europe/London). Defaults to UTC.',
 			},
 		},
 	},
 	{
-		id: "aelis.tfl",
+		id: "freya.tfl",
 		name: "TfL",
 		description: "Transport for London tube line status alerts.",
 		fields: {
@@ -151,6 +151,18 @@ const sourceDefinitions: SourceDefinition[] = [
 			},
 		},
 	},
+	{
+		id: "freya.web-search",
+		name: "Web Search",
+		description: "Exa web search action. Requires EXA_API_KEY on the backend.",
+		fields: {},
+	},
+	{
+		id: "freya.google-maps",
+		name: "Google Maps",
+		description: "Google Maps Grounding Lite MCP tools for places, weather, routes, and Place IDs.",
+		fields: {},
+	},
 ]
 
 export function fetchSources(): Promise<SourceDefinition[]> {
@@ -174,7 +186,7 @@ export async function fetchConfigs(): Promise<SourceConfig[]> {
 
 export async function replaceSource(
 	sourceId: string,
-	body: { enabled: boolean; config: unknown },
+	body: { enabled: boolean; config?: unknown; credentials?: Record<string, unknown> },
 ): Promise<void> {
 	const res = await fetch(`${serverBase()}/sources/${sourceId}`, {
 		method: "PUT",

apps/admin-dashboard/src/lib/server-url.ts

@@ -1,4 +1,4 @@
-const STORAGE_KEY = "aelis-server-url"
+const STORAGE_KEY = "freya-server-url"
 const DEFAULT_URL = "https://3000--019cf276-6ed6-7529-a425-210182693908.eu-runner.flex.doptig.cloud"
 
 export function getServerUrl(): string {

apps/admin-dashboard/src/routes/_dashboard.tsx

@@ -15,6 +15,7 @@ import {
 	Loader2,
 	TrainFront,
 	LogOut,
+	Map as MapIcon,
 	MapPin,
 	Rss,
 	Server,
@@ -45,11 +46,12 @@ import { getSession, signOut } from "@/lib/auth"
 import { Route as rootRoute } from "./__root"
 
 const SOURCE_ICONS: Record<string, React.ComponentType<{ className?: string }>> = {
-	"aelis.location": MapPin,
+	"freya.location": MapPin,
-	"aelis.weather": CloudSun,
+	"freya.weather": CloudSun,
-	"aelis.caldav": CalendarDays,
+	"freya.caldav": CalendarDays,
-	"aelis.google-calendar": Calendar,
+	"freya.google-calendar": Calendar,
-	"aelis.tfl": TrainFront,
+	"freya.google-maps": MapIcon,
+	"freya.tfl": TrainFront,
 }
 
 export const Route = createRoute({

apps/admin-dashboard/tsconfig.app.json

@@ -3,12 +3,11 @@
 		"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
 		"target": "ES2022",
 		"useDefineForClassFields": true,
-		"lib": ["ES2022", "DOM", "DOM.Iterable"],
+		"lib": ["ES2022", "DOM"],
 		"module": "ESNext",
 		"types": ["vite/client"],
 		"skipLibCheck": true,
 
-		/* Bundler mode */
 		"moduleResolution": "bundler",
 		"allowImportingTsExtensions": true,
 		"verbatimModuleSyntax": true,
@@ -16,14 +15,12 @@
 		"noEmit": true,
 		"jsx": "react-jsx",
 
-		/* Linting */
 		"strict": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,
 		"erasableSyntaxOnly": true,
 		"noFallthroughCasesInSwitch": true,
 		"noUncheckedSideEffectImports": true,
-		"baseUrl": ".",
 		"paths": {
 			"@/*": ["./src/*"]
 		}

apps/admin-dashboard/tsconfig.json

@@ -2,7 +2,6 @@
 	"files": [],
 	"references": [{ "path": "./tsconfig.app.json" }, { "path": "./tsconfig.node.json" }],
 	"compilerOptions": {
-		"baseUrl": ".",
 		"paths": {
 			"@/*": ["./src/*"]
 		}

apps/admin-dashboard/tsconfig.node.json

@@ -7,14 +7,12 @@
 		"types": ["node"],
 		"skipLibCheck": true,
 
-		/* Bundler mode */
 		"moduleResolution": "bundler",
 		"allowImportingTsExtensions": true,
 		"verbatimModuleSyntax": true,
 		"moduleDetection": "force",
 		"noEmit": true,
 
-		/* Linting */
 		"strict": true,
 		"noUnusedLocals": true,
 		"noUnusedParameters": true,

apps/admin-dashboard/vite.config.ts

@@ -12,6 +12,7 @@ export default defineConfig({
 		},
 	},
 	server: {
+		host: "0.0.0.0",
 		port: 5174,
 		allowedHosts: true,
 	},

apps/aelis-backend/src/enhancement/llm-client.ts

@@ -1,116 +0,0 @@
-import { type } from "arktype"
-
-import type { EnhancementResult } from "./schema.ts"
-
-import { enhancementResultJsonSchema, parseEnhancementResult } from "./schema.ts"
-
-const DEFAULT_MODEL = "@cf/zai-org/glm-4.7-flash"
-const DEFAULT_TIMEOUT_MS = 30_000
-
-export interface LlmClientConfig {
-	accountId: string
-	apiKey: string
-	model?: string
-	timeoutMs?: number
-}
-
-export interface LlmClientRequest {
-	systemPrompt: string
-	userMessage: string
-}
-
-export interface LlmClient {
-	enhance(request: LlmClientRequest): Promise<EnhancementResult | null>
-}
-
-const CloudflareApiResponse = type({
-	result: {
-		choices: type({
-			message: {
-				content: "string",
-				"role?": "string",
-			},
-		}).array(),
-	},
-	success: "boolean",
-	"errors?": type({ message: "string" }).array(),
-})
-
-/**
- * Creates a reusable LLM client backed by Cloudflare Workers AI.
- * Uses the REST API with structured JSON output.
- */
-export function createLlmClient(config: LlmClientConfig): LlmClient {
-	const model = config.model ?? DEFAULT_MODEL
-	const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS
-	const baseUrl = `https://api.cloudflare.com/client/v4/accounts/${config.accountId}/ai/run/${model}`
-
-	return {
-		async enhance(request) {
-			try {
-				const res = await fetch(baseUrl, {
-					method: "POST",
-					headers: {
-						Authorization: `Bearer ${config.apiKey}`,
-						"Content-Type": "application/json",
-					},
-					body: JSON.stringify({
-						messages: [
-							{ role: "system", content: request.systemPrompt },
-							{ role: "user", content: request.userMessage },
-						],
-						response_format: {
-							type: "json_schema",
-							json_schema: {
-								name: "enhancement_result",
-								strict: false,
-								schema: enhancementResultJsonSchema,
-							},
-						},
-						stream: false,
-					}),
-					// @ts-expect-error — bun-types AbortSignal conflicts with ESNext lib in tsc; works at runtime and in VSCode
-					signal: AbortSignal.timeout(timeoutMs),
-				})
-
-				if (!res.ok) {
-					const body = await res.text()
-					console.warn(`[enhancement] Cloudflare API error ${res.status}: ${body}`)
-					return null
-				}
-
-				const json: unknown = await res.json()
-				const parsed = CloudflareApiResponse(json)
-				if (parsed instanceof type.errors) {
-					console.warn("[enhancement] Unexpected API response shape:", parsed.summary)
-					return null
-				}
-
-				if (!parsed.success) {
-					console.warn("[enhancement] Cloudflare API errors:", parsed.errors)
-					return null
-				}
-
-				const content = parsed.result.choices[0]?.message.content
-				if (content === undefined) {
-					console.warn("[enhancement] LLM returned no choices in response")
-					return null
-				}
-
-				const result = parseEnhancementResult(content)
-				if (!result) {
-					console.warn("[enhancement] Failed to parse LLM response:", content)
-				}
-
-				return result
-			} catch (error) {
-				if (error instanceof DOMException && error.name === "TimeoutError") {
-					console.warn("[enhancement] LLM request timed out")
-				} else {
-					console.warn("[enhancement] LLM request failed:", error)
-				}
-				return null
-			}
-		},
-	}
-}

apps/freya-backend/.env.example

@@ -10,11 +10,10 @@ CREDENTIAL_ENCRYPTION_KEY=
 # Base URL of the backend
 BETTER_AUTH_URL=http://localhost:3000
 
-# Cloudflare Workers AI (LLM feed enhancement)
+# OpenRouter (LLM feed enhancement)
-CF_ACCOUNT_ID=
+OPENROUTER_API_KEY=
-WORKERS_AI_API_KEY=
+# Optional: override the default model (default: openai/gpt-4.1-mini)
-# Optional: override the default model (default: @cf/zai-org/glm-4.7-flash)
+# OPENROUTER_MODEL=openai/gpt-4.1-mini
-# WORKERS_AI_MODEL=@cf/zai-org/glm-4.7-flash
 
 # Apple WeatherKit credentials
 WEATHERKIT_PRIVATE_KEY=

apps/freya-backend/package.json

@@ -1,5 +1,5 @@
 {
-	"name": "@aelis/backend",
+	"name": "@freya/backend",
 	"version": "0.0.0",
 	"type": "module",
 	"main": "src/server.ts",
@@ -15,12 +15,15 @@
 		"create-admin": "bun run src/scripts/create-admin.ts"
 	},
 	"dependencies": {
-		"@aelis/core": "workspace:*",
+		"@freya/core": "workspace:*",
-		"@aelis/source-caldav": "workspace:*",
+		"@freya/source-caldav": "workspace:*",
-		"@aelis/source-google-calendar": "workspace:*",
+		"@freya/source-google-calendar": "workspace:*",
-		"@aelis/source-location": "workspace:*",
+		"@freya/source-google-maps": "workspace:*",
-		"@aelis/source-tfl": "workspace:*",
+		"@freya/source-location": "workspace:*",
-		"@aelis/source-weatherkit": "workspace:*",
+		"@freya/source-tfl": "workspace:*",
+		"@freya/source-weatherkit": "workspace:*",
+		"@freya/source-web-search": "workspace:*",
+		"@openrouter/sdk": "^0.9.11",
 		"arktype": "^2.1.29",
 		"better-auth": "^1",
 		"drizzle-orm": "^0.45.1",

apps/freya-backend/src/admin/http.test.ts

@@ -1,4 +1,4 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
 import { describe, expect, mock, test } from "bun:test"
 import { Hono } from "hono"
@@ -118,9 +118,9 @@ const validWeatherConfig = {
 
 describe("PUT /api/admin/:sourceId/config", () => {
 	test("returns 404 for unknown provider", async () => {
-		const { app } = createApp([createStubProvider("aelis.location")])
+		const { app } = createApp([createStubProvider("freya.location")])
 
-		const res = await app.request("/api/admin/aelis.nonexistent/config", {
+		const res = await app.request("/api/admin/freya.nonexistent/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify({ key: "value" }),
@@ -132,9 +132,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 404 for provider without runtime config support", async () => {
-		const { app } = createApp([createStubProvider("aelis.location")])
+		const { app } = createApp([createStubProvider("freya.location")])
 
-		const res = await app.request("/api/admin/aelis.location/config", {
+		const res = await app.request("/api/admin/freya.location/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify({ key: "value" }),
@@ -146,9 +146,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 400 for invalid JSON body", async () => {
-		const { app } = createApp([createStubProvider("aelis.weather")])
+		const { app } = createApp([createStubProvider("freya.weather")])
 
-		const res = await app.request("/api/admin/aelis.weather/config", {
+		const res = await app.request("/api/admin/freya.weather/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: "not json",
@@ -160,9 +160,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 400 when weather config fails validation", async () => {
-		const { app } = createApp([createStubProvider("aelis.weather")])
+		const { app } = createApp([createStubProvider("freya.weather")])
 
-		const res = await app.request("/api/admin/aelis.weather/config", {
+		const res = await app.request("/api/admin/freya.weather/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify({ credentials: { privateKey: 123 } }),
@@ -174,11 +174,11 @@ describe("PUT /api/admin/:sourceId/config", () => {
 	})
 
 	test("returns 204 and applies valid weather config", async () => {
-		const { app, sessionManager } = createApp([createStubProvider("aelis.weather")])
+		const { app, sessionManager } = createApp([createStubProvider("freya.weather")])
 
-		const originalProvider = sessionManager.getProvider("aelis.weather")
+		const originalProvider = sessionManager.getProvider("freya.weather")
 
-		const res = await app.request("/api/admin/aelis.weather/config", {
+		const res = await app.request("/api/admin/freya.weather/config", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: JSON.stringify(validWeatherConfig),
@@ -187,9 +187,9 @@ describe("PUT /api/admin/:sourceId/config", () => {
 		expect(res.status).toBe(204)
 
 		// Provider was replaced with a new instance
-		const provider = sessionManager.getProvider("aelis.weather")
+		const provider = sessionManager.getProvider("freya.weather")
 		expect(provider).toBeDefined()
-		expect(provider!.sourceId).toBe("aelis.weather")
+		expect(provider!.sourceId).toBe("freya.weather")
 		expect(provider).not.toBe(originalProvider)
 	})
 })

apps/freya-backend/src/admin/http.ts

@@ -60,7 +60,7 @@ async function handleUpdateProviderConfig(c: Context<Env>) {
 	}
 
 	switch (sourceId) {
-		case "aelis.weather": {
+		case "freya.weather": {
 			const parsed = WeatherKitSourceProviderConfig(body)
 			if (parsed instanceof type.errors) {
 				return c.json({ error: parsed.summary }, 400)

apps/freya-backend/src/auth/admin-middleware.test.ts

@@ -1,5 +1,5 @@
-import { Hono } from "hono"
 import { describe, expect, test } from "bun:test"
+import { Hono } from "hono"
 
 import type { Auth } from "./index.ts"
 import type { AuthSession, AuthUser } from "./session.ts"

apps/freya-backend/src/auth/session-middleware.ts

@@ -79,7 +79,7 @@ export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddlewar
 		const user: AuthUser = {
 			id: "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn",
 			name: "Dev User",
-			email: "dev@aelis.local",
+			email: "dev@freya.local",
 			emailVerified: true,
 			image: null,
 			createdAt: now,
@@ -96,7 +96,7 @@ export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddlewar
 			token: "Vb9CxNfRm2KwQs7TjPeA5dLhYg0UoZi4",
 			expiresAt,
 			ipAddress: "127.0.0.1",
-			userAgent: "aelis-dev",
+			userAgent: "freya-dev",
 			createdAt: now,
 			updatedAt: now,
 		}

apps/freya-backend/src/caldav/provider.test.ts

@@ -5,8 +5,8 @@ import { CalDavSourceProvider } from "./provider.ts"
 describe("CalDavSourceProvider", () => {
 	const provider = new CalDavSourceProvider()
 
-	test("sourceId is aelis.caldav", () => {
+	test("sourceId is freya.caldav", () => {
-		expect(provider.sourceId).toBe("aelis.caldav")
+		expect(provider.sourceId).toBe("freya.caldav")
 	})
 
 	test("throws when credentials are null", async () => {
@@ -68,7 +68,7 @@ describe("CalDavSourceProvider", () => {
 
 		const source = await provider.feedSourceForUser("user-1", config, credentials)
 		expect(source).toBeDefined()
-		expect(source.id).toBe("aelis.caldav")
+		expect(source.id).toBe("freya.caldav")
 	})
 
 	test("returns CalDavSource with minimal config", async () => {
@@ -80,6 +80,6 @@ describe("CalDavSourceProvider", () => {
 
 		const source = await provider.feedSourceForUser("user-1", config, credentials)
 		expect(source).toBeDefined()
-		expect(source.id).toBe("aelis.caldav")
+		expect(source.id).toBe("freya.caldav")
 	})
 })

apps/freya-backend/src/caldav/provider.ts

@@ -1,4 +1,4 @@
-import { CalDavSource } from "@aelis/source-caldav"
+import { CalDavSource } from "@freya/source-caldav"
 import { type } from "arktype"
 
 import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
@@ -19,7 +19,7 @@ const caldavCredentials = type({
 })
 
 export class CalDavSourceProvider implements FeedSourceProvider {
-	readonly sourceId = "aelis.caldav"
+	readonly sourceId = "freya.caldav"
 	readonly configSchema = caldavConfig
 
 	async feedSourceForUser(
@@ -33,12 +33,12 @@ export class CalDavSourceProvider implements FeedSourceProvider {
 		}
 
 		if (!credentials) {
-			throw new InvalidSourceCredentialsError("aelis.caldav", "No CalDAV credentials configured")
+			throw new InvalidSourceCredentialsError("freya.caldav", "No CalDAV credentials configured")
 		}
 
 		const creds = caldavCredentials(credentials)
 		if (creds instanceof type.errors) {
-			throw new InvalidSourceCredentialsError("aelis.caldav", creds.summary)
+			throw new InvalidSourceCredentialsError("freya.caldav", creds.summary)
 		}
 
 		return new CalDavSource({

apps/freya-backend/src/db/index.ts

@@ -1,9 +1,12 @@
+import type { PgDatabase } from "drizzle-orm/pg-core"
+
 import { SQL } from "bun"
-import { drizzle, type BunSQLDatabase } from "drizzle-orm/bun-sql"
+import { drizzle, type BunSQLQueryResultHKT } from "drizzle-orm/bun-sql"
 
 import * as schema from "./schema.ts"
 
-export type Database = BunSQLDatabase<typeof schema>
+/** Covers both the top-level drizzle instance and transaction handles. */
+export type Database = PgDatabase<BunSQLQueryResultHKT, typeof schema>
 
 export interface DatabaseConnection {
 	db: Database

apps/freya-backend/src/db/schema.ts

@@ -29,7 +29,7 @@ export {
 import { user } from "./auth-schema.ts"
 
 // ---------------------------------------------------------------------------
-// AELIS — per-user source configuration
+// FREYA — per-user source configuration
 // ---------------------------------------------------------------------------
 
 const bytea = customType<{ data: Buffer }>({

apps/freya-backend/src/engine/http.test.ts

@@ -1,6 +1,6 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
-import { contextKey } from "@aelis/core"
+import { contextKey } from "@freya/core"
 import { describe, expect, mock, spyOn, test } from "bun:test"
 import { Hono } from "hono"
 
@@ -244,7 +244,7 @@ describe("GET /api/feed", () => {
 })
 
 describe("GET /api/context", () => {
-	const weatherKey = contextKey("aelis.weather", "weather")
+	const weatherKey = contextKey("freya.weather", "weather")
 	const weatherData = { temperature: 20, condition: "Clear" }
 	const contextEntries: readonly ContextEntry[] = [[weatherKey, weatherData]]
 
@@ -274,7 +274,7 @@ describe("GET /api/context", () => {
 		const manager = new UserSessionManager({ db: fakeDb, providers: [] })
 		const app = buildTestApp(manager)
 
-		const res = await app.request('/api/context?key=["aelis.weather","weather"]')
+		const res = await app.request('/api/context?key=["freya.weather","weather"]')
 
 		expect(res.status).toBe(401)
 	})
@@ -332,7 +332,7 @@ describe("GET /api/context", () => {
 	test("returns 400 when match param is invalid", async () => {
 		const { app } = await buildContextApp("user-1")
 
-		const res = await app.request('/api/context?key=["aelis.weather"]&match=invalid')
+		const res = await app.request('/api/context?key=["freya.weather"]&match=invalid')
 
 		expect(res.status).toBe(400)
 		const body = (await res.json()) as { error: string }
@@ -343,7 +343,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather","weather"]&match=exact')
+		const res = await app.request('/api/context?key=["freya.weather","weather"]&match=exact')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as { match: string; value: unknown }
@@ -355,7 +355,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather"]&match=exact')
+		const res = await app.request('/api/context?key=["freya.weather"]&match=exact')
 
 		expect(res.status).toBe(404)
 	})
@@ -364,7 +364,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather"]&match=prefix')
+		const res = await app.request('/api/context?key=["freya.weather"]&match=prefix')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as {
@@ -373,7 +373,7 @@ describe("GET /api/context", () => {
 		}
 		expect(body.match).toBe("prefix")
 		expect(body.entries).toHaveLength(1)
-		expect(body.entries[0]!.key).toEqual(["aelis.weather", "weather"])
+		expect(body.entries[0]!.key).toEqual(["freya.weather", "weather"])
 		expect(body.entries[0]!.value).toEqual(weatherData)
 	})
 
@@ -381,7 +381,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather","weather"]')
+		const res = await app.request('/api/context?key=["freya.weather","weather"]')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as { match: string; value: unknown }
@@ -393,7 +393,7 @@ describe("GET /api/context", () => {
 		const { app, session } = await buildContextApp("user-1")
 		await session.engine.refresh()
 
-		const res = await app.request('/api/context?key=["aelis.weather"]')
+		const res = await app.request('/api/context?key=["freya.weather"]')
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as {

apps/freya-backend/src/engine/http.ts

@@ -1,6 +1,6 @@
 import type { Context, Hono } from "hono"
 
-import { contextKey } from "@aelis/core"
+import { contextKey } from "@freya/core"
 import { createMiddleware } from "hono/factory"
 
 import type { AuthSessionMiddleware } from "../auth/session-middleware.ts"

apps/freya-backend/src/enhancement/enhance-feed.ts

@@ -1,4 +1,4 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import type { LlmClient } from "./llm-client.ts"
 
@@ -47,5 +47,3 @@ export function createFeedEnhancer(config: FeedEnhancerConfig): FeedEnhancer {
 		return mergeEnhancement(items, result, currentTime)
 	}
 }
-
-

apps/freya-backend/src/enhancement/llm-client.ts

@@ -0,0 +1,73 @@
+import { OpenRouter } from "@openrouter/sdk"
+
+import type { EnhancementResult } from "./schema.ts"
+
+import { enhancementResultJsonSchema, parseEnhancementResult } from "./schema.ts"
+
+const DEFAULT_MODEL = "z-ai/glm-4.7-flash"
+const DEFAULT_TIMEOUT_MS = 30_000
+
+export interface LlmClientConfig {
+	apiKey: string
+	model?: string
+	timeoutMs?: number
+}
+
+export interface LlmClientRequest {
+	systemPrompt: string
+	userMessage: string
+}
+
+export interface LlmClient {
+	enhance(request: LlmClientRequest): Promise<EnhancementResult | null>
+}
+
+/**
+ * Creates a reusable LLM client backed by OpenRouter.
+ * The OpenRouter SDK instance is created once and reused across calls.
+ */
+export function createLlmClient(config: LlmClientConfig): LlmClient {
+	const client = new OpenRouter({
+		apiKey: config.apiKey,
+		timeoutMs: config.timeoutMs ?? DEFAULT_TIMEOUT_MS,
+	})
+	const model = config.model ?? DEFAULT_MODEL
+
+	return {
+		async enhance(request) {
+			const response = await client.chat.send({
+				chatGenerationParams: {
+					model,
+					messages: [
+						{ role: "system" as const, content: request.systemPrompt },
+						{ role: "user" as const, content: request.userMessage },
+					],
+					responseFormat: {
+						type: "json_schema" as const,
+						jsonSchema: {
+							name: "enhancement_result",
+							strict: false,
+							schema: enhancementResultJsonSchema,
+						},
+					},
+					reasoning: { effort: "none" },
+					stream: false,
+				},
+			})
+
+			const message = response.choices?.[0]?.message
+			const content = message?.content ?? message?.reasoning
+			if (typeof content !== "string") {
+				console.warn("[enhancement] LLM returned no content in response")
+				return null
+			}
+
+			const result = parseEnhancementResult(content)
+			if (!result) {
+				console.warn("[enhancement] Failed to parse LLM response:", content)
+			}
+
+			return result
+		},
+	}
+}

apps/freya-backend/src/enhancement/merge.test.ts

@@ -1,4 +1,4 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import { describe, expect, test } from "bun:test"
 

apps/freya-backend/src/enhancement/merge.ts

@@ -1,8 +1,8 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import type { EnhancementResult } from "./schema.ts"
 
-const ENHANCEMENT_SOURCE_ID = "aelis.enhancement"
+const ENHANCEMENT_SOURCE_ID = "freya.enhancement"
 
 /**
  * Merges an EnhancementResult into feed items.

apps/freya-backend/src/enhancement/prompt-builder.test.ts

@@ -1,4 +1,4 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
 import { describe, expect, test } from "bun:test"
 

apps/freya-backend/src/enhancement/prompt-builder.ts

@@ -1,7 +1,7 @@
-import type { FeedItem } from "@aelis/core"
+import type { FeedItem } from "@freya/core"
 
-import { CalDavFeedItemType } from "@aelis/source-caldav"
+import { CalDavFeedItemType } from "@freya/source-caldav"
-import { CalendarFeedItemType } from "@aelis/source-google-calendar"
+import { CalendarFeedItemType } from "@freya/source-google-calendar"
 
 import systemPromptBase from "./prompts/system.txt"
 
@@ -36,8 +36,7 @@ export function buildPrompt(
 
 	for (const item of items) {
 		const hasUnfilledSlots =
-			item.slots &&
+			item.slots && Object.values(item.slots).some((slot) => slot.content === null)
-			Object.values(item.slots).some((slot) => slot.content === null)
 
 		if (hasUnfilledSlots) {
 			enhanceItems.push({
@@ -79,9 +78,7 @@ export function buildPrompt(
  */
 export function hasUnfilledSlots(items: FeedItem[]): boolean {
 	return items.some(
-		(item) =>
+		(item) => item.slots && Object.values(item.slots).some((slot) => slot.content === null),
-			item.slots &&
-			Object.values(item.slots).some((slot) => slot.content === null),
 	)
 }
 
@@ -129,7 +126,20 @@ function extractCalendarEntry(item: FeedItem): CalendarEntry | null {
 }
 
 const DAYS = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"] as const
-const MONTHS = ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"] as const
+const MONTHS = [
+	"Jan",
+	"Feb",
+	"Mar",
+	"Apr",
+	"May",
+	"Jun",
+	"Jul",
+	"Aug",
+	"Sep",
+	"Oct",
+	"Nov",
+	"Dec",
+] as const
 
 function pad2(n: number): string {
 	return n.toString().padStart(2, "0")
@@ -144,7 +154,11 @@ function formatDayShort(date: Date): string {
 }
 
 function formatDayLabel(date: Date, currentTime: Date): string {
-	const currentDay = Date.UTC(currentTime.getUTCFullYear(), currentTime.getUTCMonth(), currentTime.getUTCDate())
+	const currentDay = Date.UTC(
+		currentTime.getUTCFullYear(),
+		currentTime.getUTCMonth(),
+		currentTime.getUTCDate(),
+	)
 	const targetDay = Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate())
 	const diffDays = Math.round((targetDay - currentDay) / (1000 * 60 * 60 * 24))
 

apps/freya-backend/src/enhancement/prompts/system.txt

@@ -1,4 +1,4 @@
-You are AELIS, a personal assistant. You enhance a user's feed by filling slots and optionally generating synthetic items.
+You are FREYA, a personal assistant. You enhance a user's feed by filling slots and optionally generating synthetic items.
 
 The user message is a JSON object with:
 - "items": feed items with data and named slots to fill. Each slot has a description of what to write.

apps/freya-backend/src/enhancement/schema.test.ts

@@ -135,9 +135,7 @@ describe("schema sync", () => {
 
 			// JSON Schema structure matches
 			const jsonSchema = enhancementResultJsonSchema
-			expect(Object.keys(jsonSchema.properties).sort()).toEqual(
+			expect(Object.keys(jsonSchema.properties).sort()).toEqual(Object.keys(payload).sort())
-				Object.keys(payload).sort(),
-			)
 			expect([...jsonSchema.required].sort()).toEqual(Object.keys(payload).sort())
 
 			// syntheticItems item schema has the right required fields
@@ -167,11 +165,7 @@ describe("schema sync", () => {
 
 		// JSON Schema only allows string or null for slot values
 		const slotValueSchema =
-			enhancementResultJsonSchema.properties.slotFills.additionalProperties
+			enhancementResultJsonSchema.properties.slotFills.additionalProperties.additionalProperties
-				.additionalProperties
+		expect(slotValueSchema.anyOf).toEqual([{ type: "string" }, { type: "null" }])
-		expect(slotValueSchema.anyOf).toEqual([
-			{ type: "string" },
-			{ type: "null" },
-		])
 	})
 })

apps/freya-backend/src/enhancement/schema.ts

@@ -15,7 +15,8 @@ export type SyntheticItem = typeof SyntheticItem.infer
 export type EnhancementResult = typeof EnhancementResult.infer
 
 /**
- * JSON Schema passed to Cloudflare Workers AI for structured output.
+ * JSON Schema passed to OpenRouter's structured output.
+ * OpenRouter doesn't support arktype, so this is maintained separately.
  *
  * ⚠️  Must stay in sync with EnhancementResult above.
  * If you add/remove fields, update both schemas.

apps/freya-backend/src/google-maps/provider.test.ts

@@ -0,0 +1,55 @@
+import type { GoogleMapsSourceOptions } from "@freya/source-google-maps"
+
+import { describe, expect, test } from "bun:test"
+
+import { GoogleMapsSourceProvider } from "./provider.ts"
+
+type McpClient = NonNullable<GoogleMapsSourceOptions["client"]>
+
+class MockMcpClient implements McpClient {
+	async listTools(): ReturnType<McpClient["listTools"]> {
+		return { tools: [] }
+	}
+
+	async readResource(
+		_params: Parameters<McpClient["readResource"]>[0],
+	): ReturnType<McpClient["readResource"]> {
+		throw new Error("unexpected resource read")
+	}
+
+	async callTool(_params: Parameters<McpClient["callTool"]>[0]): ReturnType<McpClient["callTool"]> {
+		return { structuredContent: {} }
+	}
+}
+
+describe("GoogleMapsSourceProvider", () => {
+	test("sourceId is freya.google-maps", () => {
+		const provider = new GoogleMapsSourceProvider({ apiKey: "key" })
+		expect(provider.sourceId).toBe("freya.google-maps")
+	})
+
+	test("throws when service API key is empty", () => {
+		expect(() => new GoogleMapsSourceProvider({ apiKey: "" })).toThrow(
+			"Google Maps MCP API key must be configured",
+		)
+	})
+
+	test("returns source with service API key", async () => {
+		const provider = new GoogleMapsSourceProvider({ apiKey: "key" })
+
+		const source = await provider.feedSourceForUser("user-1", {}, null)
+
+		expect(source.id).toBe("freya.google-maps")
+	})
+
+	test("allows injected test client with service API key", async () => {
+		const provider = new GoogleMapsSourceProvider({
+			apiKey: "key",
+			client: new MockMcpClient(),
+		})
+
+		const source = await provider.feedSourceForUser("user-1", {}, null)
+
+		expect(source.id).toBe("freya.google-maps")
+	})
+})

apps/freya-backend/src/google-maps/provider.ts

@@ -0,0 +1,39 @@
+import { GoogleMapsSource, type GoogleMapsSourceOptions } from "@freya/source-google-maps"
+
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+export interface GoogleMapsSourceProviderOptions {
+	readonly apiKey: string
+	readonly client?: GoogleMapsSourceOptions["client"]
+}
+
+export class GoogleMapsSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "freya.google-maps"
+
+	private readonly apiKey: string
+	private readonly client: GoogleMapsSourceProviderOptions["client"]
+
+	constructor(options: GoogleMapsSourceProviderOptions) {
+		if (!nonEmptyString(options.apiKey)) {
+			throw new Error("Google Maps MCP API key must be configured")
+		}
+
+		this.apiKey = options.apiKey
+		this.client = options.client
+	}
+
+	async feedSourceForUser(
+		_userId: string,
+		_config: unknown,
+		_credentials: unknown,
+	): Promise<GoogleMapsSource> {
+		return new GoogleMapsSource({
+			apiKey: this.apiKey,
+			client: this.client,
+		})
+	}
+}
+
+function nonEmptyString(value: string): boolean {
+	return typeof value === "string" && value.trim().length > 0
+}

apps/freya-backend/src/lib/crypto.test.ts

@@ -1,5 +1,5 @@
-import { randomBytes } from "node:crypto"
 import { describe, expect, test } from "bun:test"
+import { randomBytes } from "node:crypto"
 
 import { CredentialEncryptor } from "./crypto.ts"
 

apps/freya-backend/src/location/http.ts

@@ -57,7 +57,7 @@ async function handleUpdateLocation(c: Context<Env>) {
 		return c.json({ error: "Service unavailable" }, 503)
 	}
 
-	await session.engine.executeAction("aelis.location", "update-location", {
+	await session.engine.executeAction("freya.location", "update-location", {
 		lat: result.lat,
 		lng: result.lng,
 		accuracy: result.accuracy,

apps/freya-backend/src/location/provider.ts

@@ -1,9 +1,9 @@
-import { LocationSource } from "@aelis/source-location"
+import { LocationSource } from "@freya/source-location"
 
 import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
 
 export class LocationSourceProvider implements FeedSourceProvider {
-	readonly sourceId = "aelis.location"
+	readonly sourceId = "freya.location"
 
 	async feedSourceForUser(
 		_userId: string,

apps/freya-backend/src/server.ts

@@ -11,6 +11,7 @@ import { createDatabase } from "./db/index.ts"
 import { registerFeedHttpHandlers } from "./engine/http.ts"
 import { createFeedEnhancer } from "./enhancement/enhance-feed.ts"
 import { createLlmClient } from "./enhancement/llm-client.ts"
+import { GoogleMapsSourceProvider } from "./google-maps/provider.ts"
 import { CredentialEncryptor } from "./lib/crypto.ts"
 import { registerLocationHttpHandlers } from "./location/http.ts"
 import { LocationSourceProvider } from "./location/provider.ts"
@@ -18,27 +19,23 @@ import { UserSessionManager } from "./session/index.ts"
 import { registerSourcesHttpHandlers } from "./sources/http.ts"
 import { TflSourceProvider } from "./tfl/provider.ts"
 import { WeatherSourceProvider } from "./weather/provider.ts"
+import { WebSearchSourceProvider } from "./web-search/provider.ts"
 
 function main() {
 	const { db, close: closeDb } = createDatabase(process.env.DATABASE_URL!)
 	const auth = createAuth(db)
 
-	const cfAccountId = process.env.CF_ACCOUNT_ID
+	const openrouterApiKey = process.env.OPENROUTER_API_KEY
-	const workersAiApiKey = process.env.WORKERS_AI_API_KEY
+	const feedEnhancer = openrouterApiKey
-	const feedEnhancer =
+		? createFeedEnhancer({
-		cfAccountId && workersAiApiKey
+				client: createLlmClient({
-			? createFeedEnhancer({
+					apiKey: openrouterApiKey,
-					client: createLlmClient({
+					model: process.env.OPENROUTER_MODEL || undefined,
-						accountId: cfAccountId,
+				}),
-						apiKey: workersAiApiKey,
+			})
-						model: process.env.WORKERS_AI_MODEL || undefined,
+		: null
-					}),
-				})
-			: null
 	if (!feedEnhancer) {
-		console.warn(
+		console.warn("[enhancement] OPENROUTER_API_KEY not set — feed enhancement disabled")
-			"[enhancement] CF_ACCOUNT_ID/WORKERS_AI_API_KEY not set — feed enhancement disabled",
-		)
 	}
 
 	const credentialEncryptionKey = process.env.CREDENTIAL_ENCRYPTION_KEY
@@ -51,6 +48,11 @@ function main() {
 		)
 	}
 
+	const googleMapsApiKey = process.env.GOOGLE_MAPS_API_KEY ?? process.env.GOOGLE_MAPS_MCP_API_KEY
+	if (!googleMapsApiKey) {
+		throw new Error("GOOGLE_MAPS_API_KEY or GOOGLE_MAPS_MCP_API_KEY must be set")
+	}
+
 	const sessionManager = new UserSessionManager({
 		db,
 		providers: [
@@ -65,6 +67,10 @@ function main() {
 				},
 			}),
 			new TflSourceProvider({ apiKey: process.env.TFL_API_KEY! }),
+			new WebSearchSourceProvider({ apiKey: process.env.EXA_API_KEY }),
+			new GoogleMapsSourceProvider({
+				apiKey: googleMapsApiKey,
+			}),
 		],
 		feedEnhancer,
 		credentialEncryptor,
@@ -127,5 +133,6 @@ const app = main()
 
 export default {
 	port: 3000,
+	hostname: "0.0.0.0",
 	fetch: app.fetch,
 }

apps/freya-backend/src/session/feed-source-provider.ts

@@ -1,10 +1,10 @@
-import type { FeedSource } from "@aelis/core"
+import type { FeedSource } from "@freya/core"
 import type { type } from "arktype"
 
 export type ConfigSchema = ReturnType<typeof type>
 
 export interface FeedSourceProvider {
-	/** The source ID this provider is responsible for (e.g., "aelis.location"). */
+	/** The source ID this provider is responsible for (e.g., "freya.location"). */
 	readonly sourceId: string
 	/** Arktype schema for validating user-provided config. Omit if the source has no config. */
 	readonly configSchema?: ConfigSchema

apps/freya-backend/src/session/user-session-manager.test.ts

@@ -1,7 +1,7 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
-import { LocationSource } from "@aelis/source-location"
+import { LocationSource } from "@freya/source-location"
-import { WeatherSource } from "@aelis/source-weatherkit"
+import { WeatherSource } from "@freya/source-weatherkit"
 import { beforeEach, describe, expect, mock, spyOn, test } from "bun:test"
 
 import type { Database } from "../db/index.ts"
@@ -81,6 +81,27 @@ mock.module("../sources/user-sources.ts", () => ({
 				updatedAt: now,
 			}
 		},
+		async findForUpdate(sourceId: string) {
+			// Delegates to find — row locking is a no-op in tests.
+			if (mockFindResult !== undefined) return mockFindResult
+			const now = new Date()
+			return {
+				id: crypto.randomUUID(),
+				userId,
+				sourceId,
+				enabled: true,
+				config: {},
+				credentials: null,
+				createdAt: now,
+				updatedAt: now,
+			}
+		},
+		async updateConfig(_sourceId: string, _update: { enabled?: boolean; config?: unknown }) {
+			// no-op for tests
+		},
+		async upsertConfig(_sourceId: string, _data: { enabled: boolean; config: unknown }) {
+			// no-op for tests
+		},
 		async updateCredentials(sourceId: string, credentials: Buffer) {
 			if (mockUpdateCredentialsError) {
 				throw mockUpdateCredentialsError
@@ -90,7 +111,9 @@ mock.module("../sources/user-sources.ts", () => ({
 	}),
 }))
 
-const fakeDb = {} as Database
+const fakeDb = {
+	transaction: <T>(fn: (tx: unknown) => Promise<T>) => fn(fakeDb),
+} as unknown as Database
 
 function createStubSource(id: string, items: FeedItem[] = []): FeedSource {
 	return {
@@ -122,14 +145,14 @@ function createStubProvider(
 }
 
 const locationProvider: FeedSourceProvider = {
-	sourceId: "aelis.location",
+	sourceId: "freya.location",
 	async feedSourceForUser() {
 		return new LocationSource()
 	},
 }
 
 const weatherProvider: FeedSourceProvider = {
-	sourceId: "aelis.weather",
+	sourceId: "freya.weather",
 	async feedSourceForUser() {
 		return new WeatherSource({ client: { fetch: async () => ({}) as never } })
 	},
@@ -144,7 +167,7 @@ beforeEach(() => {
 
 describe("UserSessionManager", () => {
 	test("getOrCreate creates session on first call", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session = await manager.getOrCreate("user-1")
@@ -154,7 +177,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("getOrCreate returns same session for same user", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
@@ -164,7 +187,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("getOrCreate returns different sessions for different users", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
@@ -174,20 +197,20 @@ describe("UserSessionManager", () => {
 	})
 
 	test("each user gets independent source instances", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
 		const session2 = await manager.getOrCreate("user-2")
 
-		const source1 = session1.getSource<LocationSource>("aelis.location")
+		const source1 = session1.getSource<LocationSource>("freya.location")
-		const source2 = session2.getSource<LocationSource>("aelis.location")
+		const source2 = session2.getSource<LocationSource>("freya.location")
 
 		expect(source1).not.toBe(source2)
 	})
 
 	test("remove destroys session and allows re-creation", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session1 = await manager.getOrCreate("user-1")
@@ -198,14 +221,14 @@ describe("UserSessionManager", () => {
 	})
 
 	test("remove is no-op for unknown user", () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		expect(() => manager.remove("unknown")).not.toThrow()
 	})
 
 	test("registers multiple providers", async () => {
-		setEnabledSources(["aelis.location", "aelis.weather"])
+		setEnabledSources(["freya.location", "freya.weather"])
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [locationProvider, weatherProvider],
@@ -213,12 +236,12 @@ describe("UserSessionManager", () => {
 
 		const session = await manager.getOrCreate("user-1")
 
-		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(session.getSource("freya.location")).toBeDefined()
-		expect(session.getSource("aelis.weather")).toBeDefined()
+		expect(session.getSource("freya.weather")).toBeDefined()
 	})
 
 	test("refresh returns feed result through session", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session = await manager.getOrCreate("user-1")
@@ -231,30 +254,30 @@ describe("UserSessionManager", () => {
 	})
 
 	test("location update via executeAction works", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
 		const session = await manager.getOrCreate("user-1")
-		await session.engine.executeAction("aelis.location", "update-location", {
+		await session.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5074,
 			lng: -0.1278,
 			accuracy: 10,
 			timestamp: new Date(),
 		})
 
-		const source = session.getSource<LocationSource>("aelis.location")
+		const source = session.getSource<LocationSource>("freya.location")
 		expect(source?.lastLocation?.lat).toBe(51.5074)
 	})
 
 	test("subscribe receives updates after location push", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 		const callback = mock()
 
 		const session = await manager.getOrCreate("user-1")
 		session.engine.subscribe(callback)
 
-		await session.engine.executeAction("aelis.location", "update-location", {
+		await session.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5074,
 			lng: -0.1278,
 			accuracy: 10,
@@ -268,7 +291,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("remove stops reactive updates", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 		const callback = mock()
 
@@ -279,7 +302,7 @@ describe("UserSessionManager", () => {
 
 		// Create new session and push location — old callback should not fire
 		const session2 = await manager.getOrCreate("user-1")
-		await session2.engine.executeAction("aelis.location", "update-location", {
+		await session2.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5074,
 			lng: -0.1278,
 			accuracy: 10,
@@ -292,9 +315,9 @@ describe("UserSessionManager", () => {
 	})
 
 	test("creates session with successful providers when some fail", async () => {
-		setEnabledSources(["aelis.location", "aelis.failing"])
+		setEnabledSources(["freya.location", "freya.failing"])
 		const failingProvider: FeedSourceProvider = {
-			sourceId: "aelis.failing",
+			sourceId: "freya.failing",
 			async feedSourceForUser() {
 				throw new Error("provider failed")
 			},
@@ -310,25 +333,25 @@ describe("UserSessionManager", () => {
 		const session = await manager.getOrCreate("user-1")
 
 		expect(session).toBeDefined()
-		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(session.getSource("freya.location")).toBeDefined()
 		expect(spy).toHaveBeenCalled()
 
 		spy.mockRestore()
 	})
 
 	test("throws AggregateError when all providers fail", async () => {
-		setEnabledSources(["aelis.fail-1", "aelis.fail-2"])
+		setEnabledSources(["freya.fail-1", "freya.fail-2"])
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [
 				{
-					sourceId: "aelis.fail-1",
+					sourceId: "freya.fail-1",
 					async feedSourceForUser() {
 						throw new Error("first failed")
 					},
 				},
 				{
-					sourceId: "aelis.fail-2",
+					sourceId: "freya.fail-2",
 					async feedSourceForUser() {
 						throw new Error("second failed")
 					},
@@ -340,13 +363,13 @@ describe("UserSessionManager", () => {
 	})
 
 	test("concurrent getOrCreate for same user returns same session", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		let callCount = 0
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [
 				{
-					sourceId: "aelis.location",
+					sourceId: "freya.location",
 					async feedSourceForUser() {
 						callCount++
 						await new Promise((resolve) => setTimeout(resolve, 10))
@@ -366,7 +389,7 @@ describe("UserSessionManager", () => {
 	})
 
 	test("remove during in-flight getOrCreate prevents session from being stored", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		let resolveProvider: () => void
 		const providerGate = new Promise<void>((r) => {
 			resolveProvider = r
@@ -376,7 +399,7 @@ describe("UserSessionManager", () => {
 			db: fakeDb,
 			providers: [
 				{
-					sourceId: "aelis.location",
+					sourceId: "freya.location",
 					async feedSourceForUser() {
 						await providerGate
 						return new LocationSource()
@@ -402,15 +425,15 @@ describe("UserSessionManager", () => {
 	})
 
 	test("only invokes providers for sources enabled for the user", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
-		const locationFactory = mock(async () => createStubSource("aelis.location"))
+		const locationFactory = mock(async () => createStubSource("freya.location"))
-		const weatherFactory = mock(async () => createStubSource("aelis.weather"))
+		const weatherFactory = mock(async () => createStubSource("freya.weather"))
 
 		const manager = new UserSessionManager({
 			db: fakeDb,
 			providers: [
-				{ sourceId: "aelis.location", feedSourceForUser: locationFactory },
+				{ sourceId: "freya.location", feedSourceForUser: locationFactory },
-				{ sourceId: "aelis.weather", feedSourceForUser: weatherFactory },
+				{ sourceId: "freya.weather", feedSourceForUser: weatherFactory },
 			],
 		})
 
@@ -418,43 +441,43 @@ describe("UserSessionManager", () => {
 
 		expect(locationFactory).toHaveBeenCalledTimes(1)
 		expect(weatherFactory).not.toHaveBeenCalled()
-		expect(session.getSource("aelis.location")).toBeDefined()
+		expect(session.getSource("freya.location")).toBeDefined()
-		expect(session.getSource("aelis.weather")).toBeUndefined()
+		expect(session.getSource("freya.weather")).toBeUndefined()
 	})
 
 	test("creates empty session when no sources are enabled", async () => {
 		setEnabledSources([])
-		const factory = mock(async () => createStubSource("aelis.location"))
+		const factory = mock(async () => createStubSource("freya.location"))
 
 		const manager = new UserSessionManager({
 			db: fakeDb,
-			providers: [{ sourceId: "aelis.location", feedSourceForUser: factory }],
+			providers: [{ sourceId: "freya.location", feedSourceForUser: factory }],
 		})
 
 		const session = await manager.getOrCreate("user-1")
 
 		expect(factory).not.toHaveBeenCalled()
 		expect(session).toBeDefined()
-		expect(session.getSource("aelis.location")).toBeUndefined()
+		expect(session.getSource("freya.location")).toBeUndefined()
 	})
 
 	test("per-user enabled sources are respected", async () => {
 		enabledByUser.clear()
-		setEnabledSourcesForUser("user-1", ["aelis.location"])
+		setEnabledSourcesForUser("user-1", ["freya.location"])
-		setEnabledSourcesForUser("user-2", ["aelis.weather"])
+		setEnabledSourcesForUser("user-2", ["freya.weather"])
 
 		const manager = new UserSessionManager({
 			db: fakeDb,
-			providers: [createStubProvider("aelis.location"), createStubProvider("aelis.weather")],
+			providers: [createStubProvider("freya.location"), createStubProvider("freya.weather")],
 		})
 
 		const session1 = await manager.getOrCreate("user-1")
 		const session2 = await manager.getOrCreate("user-2")
 
-		expect(session1.getSource("aelis.location")).toBeDefined()
+		expect(session1.getSource("freya.location")).toBeDefined()
-		expect(session1.getSource("aelis.weather")).toBeUndefined()
+		expect(session1.getSource("freya.weather")).toBeUndefined()
-		expect(session2.getSource("aelis.location")).toBeUndefined()
+		expect(session2.getSource("freya.location")).toBeUndefined()
-		expect(session2.getSource("aelis.weather")).toBeDefined()
+		expect(session2.getSource("freya.weather")).toBeDefined()
 	})
 })
 
@@ -502,10 +525,10 @@ describe("UserSessionManager.replaceProvider", () => {
 	})
 
 	test("throws for unknown provider sourceId", async () => {
-		setEnabledSources(["aelis.location"])
+		setEnabledSources(["freya.location"])
 		const manager = new UserSessionManager({ db: fakeDb, providers: [locationProvider] })
 
-		const unknownProvider = createStubProvider("aelis.unknown")
+		const unknownProvider = createStubProvider("freya.unknown")
 
 		await expect(manager.replaceProvider(unknownProvider)).rejects.toThrow(
 			"no existing provider with that sourceId",
@@ -824,3 +847,121 @@ describe("UserSessionManager.updateSourceCredentials", () => {
 		expect(factory).not.toHaveBeenCalled()
 	})
 })
+
+describe("UserSessionManager.saveSourceConfig", () => {
+	test("upserts config without credentials (existing behavior)", async () => {
+		setEnabledSources(["test"])
+		const factory = mock(async () => createStubSource("test"))
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		// Create a session first so we can verify the source is refreshed
+		await manager.getOrCreate("user-1")
+
+		await manager.saveSourceConfig("user-1", "test", {
+			enabled: true,
+			config: { key: "value" },
+		})
+
+		// feedSourceForUser called once for session creation, once for upsert refresh
+		expect(factory).toHaveBeenCalledTimes(2)
+		// No credentials should have been persisted
+		expect(mockUpdateCredentialsCalls).toHaveLength(0)
+	})
+
+	test("upserts config with credentials — persists both and passes credentials to source", async () => {
+		setEnabledSources(["test"])
+		let receivedCredentials: unknown = null
+		const factory = mock(async (_userId: string, _config: unknown, creds: unknown) => {
+			receivedCredentials = creds
+			return createStubSource("test")
+		})
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		// Create a session so the source refresh path runs
+		await manager.getOrCreate("user-1")
+
+		const creds = { username: "alice", password: "s3cret" }
+		await manager.saveSourceConfig("user-1", "test", {
+			enabled: true,
+			config: { serverUrl: "https://example.com" },
+			credentials: creds,
+		})
+
+		// Credentials were encrypted and persisted
+		expect(mockUpdateCredentialsCalls).toHaveLength(1)
+		const decrypted = JSON.parse(testEncryptor.decrypt(mockUpdateCredentialsCalls[0]!.credentials))
+		expect(decrypted).toEqual(creds)
+
+		// feedSourceForUser received the provided credentials (not null)
+		expect(receivedCredentials).toEqual(creds)
+	})
+
+	test("upserts config with credentials adds source to session when not already present", async () => {
+		// Start with no enabled sources so the session is empty
+		setEnabledSources([])
+		const factory = mock(async () => createStubSource("test"))
+		const provider: FeedSourceProvider = { sourceId: "test", feedSourceForUser: factory }
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			credentialEncryptor: testEncryptor,
+		})
+
+		const session = await manager.getOrCreate("user-1")
+		expect(session.hasSource("test")).toBe(false)
+
+		// Set mockFindResult to undefined so find() returns a row (simulating the row was just created by upsertConfig)
+		await manager.saveSourceConfig("user-1", "test", {
+			enabled: true,
+			config: {},
+			credentials: { token: "abc" },
+		})
+
+		// Source should now be in the session
+		expect(session.hasSource("test")).toBe(true)
+		expect(mockUpdateCredentialsCalls).toHaveLength(1)
+	})
+
+	test("throws CredentialStorageUnavailableError when credentials provided without encryptor", async () => {
+		setEnabledSources(["test"])
+		const provider = createStubProvider("test")
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [provider],
+			// No credentialEncryptor
+		})
+
+		await expect(
+			manager.saveSourceConfig("user-1", "test", {
+				enabled: true,
+				config: {},
+				credentials: { token: "abc" },
+			}),
+		).rejects.toBeInstanceOf(CredentialStorageUnavailableError)
+	})
+
+	test("throws SourceNotFoundError for unknown provider", async () => {
+		const manager = new UserSessionManager({
+			db: fakeDb,
+			providers: [],
+			credentialEncryptor: testEncryptor,
+		})
+
+		await expect(
+			manager.saveSourceConfig("user-1", "unknown", {
+				enabled: true,
+				config: {},
+			}),
+		).rejects.toBeInstanceOf(SourceNotFoundError)
+	})
+})

apps/freya-backend/src/session/user-session-manager.ts

@@ -1,4 +1,4 @@
-import type { FeedSource } from "@aelis/core"
+import type { FeedSource } from "@freya/core"
 
 import { type } from "arktype"
 import merge from "lodash.merge"
@@ -126,27 +126,29 @@ export class UserSessionManager {
 			return
 		}
 
-		// Fetch the existing row for config merging and credential access.
+		// Use a transaction with SELECT FOR UPDATE to prevent lost updates
-		// NOTE: find + updateConfig is not atomic. A concurrent update could
+		// when concurrent PATCH requests merge config against the same base.
-		// read stale config. Use SELECT FOR UPDATE or atomic jsonb merge if
+		const { existingRow, mergedConfig } = await this.db.transaction(async (tx) => {
-		// this becomes a problem.
+			const existingRow = await sources(tx, userId).findForUpdate(sourceId)
-		const existingRow = await sources(this.db, userId).find(sourceId)
 
-		let mergedConfig: Record<string, unknown> | undefined
+			let mergedConfig: Record<string, unknown> | undefined
-		if (update.config !== undefined && provider.configSchema) {
+			if (update.config !== undefined && provider.configSchema) {
-			const existingConfig = (existingRow?.config ?? {}) as Record<string, unknown>
+				const existingConfig = (existingRow?.config ?? {}) as Record<string, unknown>
-			mergedConfig = merge({}, existingConfig, update.config)
+				mergedConfig = merge({}, existingConfig, update.config)
 
-			const validated = provider.configSchema(mergedConfig)
+				const validated = provider.configSchema(mergedConfig)
-			if (validated instanceof type.errors) {
+				if (validated instanceof type.errors) {
-				throw new InvalidSourceConfigError(sourceId, validated.summary)
+					throw new InvalidSourceConfigError(sourceId, validated.summary)
+				}
 			}
-		}
 
-		// Throws SourceNotFoundError if the row doesn't exist
+			// Throws SourceNotFoundError if the row doesn't exist
-		await sources(this.db, userId).updateConfig(sourceId, {
+			await sources(tx, userId).updateConfig(sourceId, {
-			enabled: update.enabled,
+				enabled: update.enabled,
-			config: mergedConfig,
+				config: mergedConfig,
+			})
+
+			return { existingRow, mergedConfig }
 		})
 
 		// Refresh the specific source in the active session instead of
@@ -171,13 +173,18 @@ export class UserSessionManager {
 	 * inserts a new row if one doesn't exist and fully replaces config
 	 * (no merge).
 	 *
+	 * When `credentials` is provided, they are encrypted and persisted
+	 * alongside the config in the same flow, avoiding the race condition
+	 * of separate config + credential requests.
+	 *
 	 * @throws {SourceNotFoundError} if the sourceId has no registered provider
 	 * @throws {InvalidSourceConfigError} if config fails schema validation
+	 * @throws {CredentialStorageUnavailableError} if credentials are provided but no encryptor is configured
 	 */
-	async upsertSourceConfig(
+	async saveSourceConfig(
 		userId: string,
 		sourceId: string,
-		data: { enabled: boolean; config?: unknown },
+		data: { enabled: boolean; config?: unknown; credentials?: unknown },
 	): Promise<void> {
 		const provider = this.providers.get(sourceId)
 		if (!provider) {
@@ -191,15 +198,28 @@ export class UserSessionManager {
 			}
 		}
 
+		if (data.credentials !== undefined && !this.encryptor) {
+			throw new CredentialStorageUnavailableError()
+		}
+
 		const config = data.config ?? {}
 
-		// Fetch existing row before upsert to capture credentials for session refresh.
+		// Run the upsert + credential update atomically so a failure in
-		// For new rows this will be undefined — credentials will be null.
+		// either step doesn't leave the row in an inconsistent state.
-		const existingRow = await sources(this.db, userId).find(sourceId)
+		const existingRow = await this.db.transaction(async (tx) => {
+			const existing = await sources(tx, userId).find(sourceId)
 
-		await sources(this.db, userId).upsertConfig(sourceId, {
+			await sources(tx, userId).upsertConfig(sourceId, {
-			enabled: data.enabled,
+				enabled: data.enabled,
-			config,
+				config,
+			})
+
+			if (data.credentials !== undefined && this.encryptor) {
+				const encrypted = this.encryptor.encrypt(JSON.stringify(data.credentials))
+				await sources(tx, userId).updateCredentials(sourceId, encrypted)
+			}
+
+			return existing
 		})
 
 		const session = this.sessions.get(userId)
@@ -207,9 +227,13 @@ export class UserSessionManager {
 			if (!data.enabled) {
 				session.removeSource(sourceId)
 			} else {
-				const credentials = existingRow?.credentials
+				// Prefer the just-provided credentials over what was in the DB.
-					? this.decryptCredentials(existingRow.credentials)
+				let credentials: unknown = null
-					: null
+				if (data.credentials !== undefined) {
+					credentials = data.credentials
+				} else if (existingRow?.credentials) {
+					credentials = this.decryptCredentials(existingRow.credentials)
+				}
 				const source = await provider.feedSourceForUser(userId, config, credentials)
 				if (session.hasSource(sourceId)) {
 					session.replaceSource(sourceId, source)

apps/freya-backend/src/session/user-session.test.ts

@@ -1,6 +1,6 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
-import { LocationSource } from "@aelis/source-location"
+import { LocationSource } from "@freya/source-location"
 import { describe, expect, spyOn, test } from "bun:test"
 
 import { UserSession } from "./user-session.ts"
@@ -39,7 +39,7 @@ describe("UserSession", () => {
 		const location = new LocationSource()
 		const session = new UserSession("test-user", [location])
 
-		const result = session.getSource<LocationSource>("aelis.location")
+		const result = session.getSource<LocationSource>("freya.location")
 
 		expect(result).toBe(location)
 	})
@@ -62,7 +62,7 @@ describe("UserSession", () => {
 		const location = new LocationSource()
 		const session = new UserSession("test-user", [location])
 
-		await session.engine.executeAction("aelis.location", "update-location", {
+		await session.engine.executeAction("freya.location", "update-location", {
 			lat: 51.5,
 			lng: -0.1,
 			accuracy: 10,

apps/freya-backend/src/session/user-session.ts

@@ -1,4 +1,4 @@
-import { FeedEngine, type FeedItem, type FeedResult, type FeedSource } from "@aelis/core"
+import { FeedEngine, type FeedItem, type FeedResult, type FeedSource } from "@freya/core"
 
 import type { FeedEnhancer } from "../enhancement/enhance-feed.ts"
 

apps/freya-backend/src/sources/http.test.ts

@@ -1,4 +1,4 @@
-import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@freya/core"
 
 import { describe, expect, mock, spyOn, test } from "bun:test"
 import { Hono } from "hono"
@@ -80,6 +80,9 @@ function createInMemoryStore() {
 				async find(sourceId: string) {
 					return rows.get(key(userId, sourceId))
 				},
+				async findForUpdate(sourceId: string) {
+					return rows.get(key(userId, sourceId))
+				},
 				async updateConfig(sourceId: string, update: { enabled?: boolean; config?: unknown }) {
 					const existing = rows.get(key(userId, sourceId))
 					if (!existing) {
@@ -125,7 +128,9 @@ mock.module("../sources/user-sources.ts", () => ({
 	},
 }))
 
-const fakeDb = {} as Database
+const fakeDb = {
+	transaction: <T>(fn: (tx: unknown) => Promise<T>) => fn(fakeDb),
+} as unknown as Database
 
 function createApp(providers: FeedSourceProvider[], userId?: string) {
 	const sessionManager = new UserSessionManager({ providers, db: fakeDb })
@@ -181,6 +186,18 @@ function put(app: Hono, sourceId: string, body: unknown) {
 	})
 }
 
+function listActions(app: Hono, sourceId: string) {
+	return app.request(`/api/sources/${sourceId}/actions`, { method: "GET" })
+}
+
+function executeAction(app: Hono, sourceId: string, actionId: string, body: unknown) {
+	return app.request(`/api/sources/${sourceId}/actions/${actionId}`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify(body),
+	})
+}
+
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -188,16 +205,16 @@ function put(app: Hono, sourceId: string, body: unknown) {
 describe("GET /api/sources/:sourceId", () => {
 	test("returns 401 without auth", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)])
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)])
 
-		const res = await get(app, "aelis.weather")
+		const res = await get(app, "freya.weather")
 
 		expect(res.status).toBe(401)
 	})
 
 	test("returns 404 for unknown source", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
 		const res = await get(app, "unknown.source")
 
@@ -208,13 +225,13 @@ describe("GET /api/sources/:sourceId", () => {
 
 	test("returns enabled and config for existing source", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			enabled: true,
 			config: { units: "metric" },
 		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await get(app, "aelis.weather")
+		const res = await get(app, "freya.weather")
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as { enabled: boolean; config: unknown }
@@ -224,9 +241,9 @@ describe("GET /api/sources/:sourceId", () => {
 
 	test("returns defaults when user has no row for source", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await get(app, "aelis.weather")
+		const res = await get(app, "freya.weather")
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as { enabled: boolean; config: unknown }
@@ -236,13 +253,13 @@ describe("GET /api/sources/:sourceId", () => {
 
 	test("returns disabled source", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			enabled: false,
 			config: { units: "imperial" },
 		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await get(app, "aelis.weather")
+		const res = await get(app, "freya.weather")
 
 		expect(res.status).toBe(200)
 		const body = (await res.json()) as { enabled: boolean; config: unknown }
@@ -254,16 +271,16 @@ describe("GET /api/sources/:sourceId", () => {
 describe("PATCH /api/sources/:sourceId", () => {
 	test("returns 401 without auth", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)])
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)])
 
-		const res = await patch(app, "aelis.weather", { enabled: true })
+		const res = await patch(app, "freya.weather", { enabled: true })
 
 		expect(res.status).toBe(401)
 	})
 
 	test("returns 404 for unknown source", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
 		const res = await patch(app, "unknown.source", { enabled: true })
 
@@ -274,9 +291,9 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("returns 404 when user has no existing row for source", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", { enabled: true })
+		const res = await patch(app, "freya.weather", { enabled: true })
 
 		expect(res.status).toBe(404)
 		const body = (await res.json()) as { error: string }
@@ -285,29 +302,29 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("returns 204 when body is empty object (no-op) on existing source", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		activeStore.seed(MOCK_USER_ID, "freya.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", {})
+		const res = await patch(app, "freya.weather", {})
 
 		expect(res.status).toBe(204)
 	})
 
 	test("returns 404 when body is empty object on nonexistent user source", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", {})
+		const res = await patch(app, "freya.weather", {})
 
 		expect(res.status).toBe(404)
 	})
 
 	test("returns 400 for invalid JSON body", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		activeStore.seed(MOCK_USER_ID, "freya.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await app.request("/api/sources/aelis.weather", {
+		const res = await app.request("/api/sources/freya.weather", {
 			method: "PATCH",
 			headers: { "Content-Type": "application/json" },
 			body: "not json",
@@ -320,10 +337,10 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("returns 400 when request body contains unknown fields", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		activeStore.seed(MOCK_USER_ID, "freya.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", {
+		const res = await patch(app, "freya.weather", {
 			enabled: true,
 			unknownField: "hello",
 		})
@@ -333,10 +350,10 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("returns 400 when weather config contains unknown fields", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		activeStore.seed(MOCK_USER_ID, "freya.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", {
+		const res = await patch(app, "freya.weather", {
 			config: { units: "metric", unknownField: "hello" },
 		})
 
@@ -345,10 +362,10 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("returns 400 when weather config fails validation", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		activeStore.seed(MOCK_USER_ID, "freya.weather")
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", {
+		const res = await patch(app, "freya.weather", {
 			config: { units: "invalid" },
 		})
 
@@ -357,65 +374,65 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("returns 204 and updates enabled", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			enabled: true,
 			config: { units: "metric" },
 		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", { enabled: false })
+		const res = await patch(app, "freya.weather", { enabled: false })
 
 		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.weather`)
 		expect(row!.enabled).toBe(false)
 		expect(row!.config).toEqual({ units: "metric" })
 	})
 
 	test("returns 204 and updates config", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			config: { units: "metric" },
 		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", {
+		const res = await patch(app, "freya.weather", {
 			config: { units: "imperial" },
 		})
 
 		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.weather`)
 		expect(row!.config).toEqual({ units: "imperial" })
 	})
 
 	test("preserves config when only updating enabled", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.tfl", {
+		activeStore.seed(MOCK_USER_ID, "freya.tfl", {
 			enabled: true,
 			config: { lines: ["bakerloo"] },
 		})
-		const { app } = createApp([createStubProvider("aelis.tfl", tflConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.tfl", tflConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.tfl", { enabled: false })
+		const res = await patch(app, "freya.tfl", { enabled: false })
 
 		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.tfl`)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.tfl`)
 		expect(row!.enabled).toBe(false)
 		expect(row!.config).toEqual({ lines: ["bakerloo"] })
 	})
 
 	test("deep-merges config on update", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			config: { units: "metric", hourlyLimit: 12 },
 		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.weather", {
+		const res = await patch(app, "freya.weather", {
 			config: { dailyLimit: 5 },
 		})
 
 		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.weather`)
 		expect(row!.config).toEqual({
 			units: "metric",
 			hourlyLimit: 12,
@@ -425,18 +442,18 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("refreshes source in active session after config update", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			config: { units: "metric" },
 		})
 		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
+			[createStubProvider("freya.weather", weatherConfig)],
 			MOCK_USER_ID,
 		)
 
 		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
 		const replaceSpy = spyOn(session, "replaceSource")
 
-		const res = await patch(app, "aelis.weather", {
+		const res = await patch(app, "freya.weather", {
 			config: { units: "imperial" },
 		})
 
@@ -447,31 +464,31 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("removes source from session when disabled", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			enabled: true,
 			config: { units: "metric" },
 		})
 		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
+			[createStubProvider("freya.weather", weatherConfig)],
 			MOCK_USER_ID,
 		)
 
 		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
 		const removeSpy = spyOn(session, "removeSource")
 
-		const res = await patch(app, "aelis.weather", { enabled: false })
+		const res = await patch(app, "freya.weather", { enabled: false })
 
 		expect(res.status).toBe(204)
-		expect(removeSpy).toHaveBeenCalledWith("aelis.weather")
+		expect(removeSpy).toHaveBeenCalledWith("freya.weather")
 		removeSpy.mockRestore()
 	})
 
 	test("returns 400 when config is provided for source without schema", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location")
+		activeStore.seed(MOCK_USER_ID, "freya.location")
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.location", {
+		const res = await patch(app, "freya.location", {
 			config: { something: "value" },
 		})
 
@@ -480,10 +497,10 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("returns 400 when empty config is provided for source without schema", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location")
+		activeStore.seed(MOCK_USER_ID, "freya.location")
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.location", {
+		const res = await patch(app, "freya.location", {
 			config: {},
 		})
 
@@ -492,13 +509,13 @@ describe("PATCH /api/sources/:sourceId", () => {
 
 	test("updates enabled on location source", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location", { enabled: true })
+		activeStore.seed(MOCK_USER_ID, "freya.location", { enabled: true })
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await patch(app, "aelis.location", { enabled: false })
+		const res = await patch(app, "freya.location", { enabled: false })
 
 		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.location`)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.location`)
 		expect(row!.enabled).toBe(false)
 	})
 })
@@ -510,16 +527,16 @@ describe("PATCH /api/sources/:sourceId", () => {
 describe("PUT /api/sources/:sourceId", () => {
 	test("returns 401 without auth", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)])
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)])
 
-		const res = await put(app, "aelis.weather", { enabled: true, config: {} })
+		const res = await put(app, "freya.weather", { enabled: true, config: {} })
 
 		expect(res.status).toBe(401)
 	})
 
 	test("returns 404 for unknown source", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
 		const res = await put(app, "unknown.source", { enabled: true, config: {} })
 
@@ -530,9 +547,9 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 400 for invalid JSON", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await app.request("/api/sources/aelis.weather", {
+		const res = await app.request("/api/sources/freya.weather", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: "not json",
@@ -545,27 +562,27 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 400 when enabled is missing", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.weather", { config: {} })
+		const res = await put(app, "freya.weather", { config: {} })
 
 		expect(res.status).toBe(400)
 	})
 
 	test("returns 400 when config is missing", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.weather", { enabled: true })
+		const res = await put(app, "freya.weather", { enabled: true })
 
 		expect(res.status).toBe(400)
 	})
 
 	test("returns 400 when request body contains unknown fields", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: true,
 			config: { units: "metric" },
 			unknownField: "hello",
@@ -576,9 +593,9 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 400 when weather config contains unknown fields", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: true,
 			config: { units: "metric", unknownField: "hello" },
 		})
@@ -588,9 +605,9 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 400 when config fails schema validation", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: true,
 			config: { units: "invalid" },
 		})
@@ -600,15 +617,15 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 204 and inserts when row does not exist", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: true,
 			config: { units: "metric" },
 		})
 
 		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.weather`)
 		expect(row).toBeDefined()
 		expect(row!.enabled).toBe(true)
 		expect(row!.config).toEqual({ units: "metric" })
@@ -616,19 +633,19 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 204 and fully replaces existing row", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			enabled: true,
 			config: { units: "metric", hourlyLimit: 12 },
 		})
-		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: false,
 			config: { units: "imperial" },
 		})
 
 		expect(res.status).toBe(204)
-		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.weather`)
 		expect(row!.enabled).toBe(false)
 		// hourlyLimit should be gone — full replace, not merge
 		expect(row!.config).toEqual({ units: "imperial" })
@@ -636,18 +653,18 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("refreshes source in active session after upsert", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			config: { units: "metric" },
 		})
 		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
+			[createStubProvider("freya.weather", weatherConfig)],
 			MOCK_USER_ID,
 		)
 
 		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
 		const replaceSpy = spyOn(session, "replaceSource")
 
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: true,
 			config: { units: "imperial" },
 		})
@@ -659,56 +676,56 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("removes source from session when disabled via upsert", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+		activeStore.seed(MOCK_USER_ID, "freya.weather", {
 			enabled: true,
 			config: { units: "metric" },
 		})
 		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.weather", weatherConfig)],
+			[createStubProvider("freya.weather", weatherConfig)],
 			MOCK_USER_ID,
 		)
 
 		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
 		const removeSpy = spyOn(session, "removeSource")
 
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: false,
 			config: { units: "metric" },
 		})
 
 		expect(res.status).toBe(204)
-		expect(removeSpy).toHaveBeenCalledWith("aelis.weather")
+		expect(removeSpy).toHaveBeenCalledWith("freya.weather")
 		removeSpy.mockRestore()
 	})
 
 	test("adds source to active session when inserting a new source", async () => {
 		activeStore = createInMemoryStore()
 		// Seed a different source so the session can be created
-		activeStore.seed(MOCK_USER_ID, "aelis.location", { enabled: true })
+		activeStore.seed(MOCK_USER_ID, "freya.location", { enabled: true })
 		const { app, sessionManager } = createApp(
-			[createStubProvider("aelis.location"), createStubProvider("aelis.weather", weatherConfig)],
+			[createStubProvider("freya.location"), createStubProvider("freya.weather", weatherConfig)],
 			MOCK_USER_ID,
 		)
 
-		// Create session — only has aelis.location
+		// Create session — only has freya.location
 		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
-		expect(session.hasSource("aelis.weather")).toBe(false)
+		expect(session.hasSource("freya.weather")).toBe(false)
 
 		// PUT a new source that didn't exist before
-		const res = await put(app, "aelis.weather", {
+		const res = await put(app, "freya.weather", {
 			enabled: true,
 			config: { units: "metric" },
 		})
 
 		expect(res.status).toBe(204)
-		expect(session.hasSource("aelis.weather")).toBe(true)
+		expect(session.hasSource("freya.weather")).toBe(true)
 	})
 
 	test("returns 400 when config is provided for source without schema", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.location", {
+		const res = await put(app, "freya.location", {
 			enabled: true,
 			config: { something: "value" },
 		})
@@ -718,9 +735,9 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 400 when empty config is provided for source without schema", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.location", {
+		const res = await put(app, "freya.location", {
 			enabled: true,
 			config: {},
 		})
@@ -730,29 +747,227 @@ describe("PUT /api/sources/:sourceId", () => {
 
 	test("returns 204 without config field for source without schema", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await put(app, "aelis.location", {
+		const res = await put(app, "freya.location", {
 			enabled: true,
 		})
 
 		expect(res.status).toBe(204)
 	})
+
+	test("returns 204 when credentials are included alongside config", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createAppWithEncryptor(
+			[createStubProvider("freya.weather", weatherConfig)],
+			MOCK_USER_ID,
+		)
+
+		const res = await put(app, "freya.weather", {
+			enabled: true,
+			config: { units: "metric" },
+			credentials: { apiKey: "secret123" },
+		})
+
+		expect(res.status).toBe(204)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:freya.weather`)
+		expect(row).toBeDefined()
+		expect(row!.enabled).toBe(true)
+		expect(row!.config).toEqual({ units: "metric" })
+	})
+
+	test("returns 503 when credentials are provided but no encryptor is configured", async () => {
+		activeStore = createInMemoryStore()
+		// createApp does NOT configure an encryptor
+		const { app } = createApp([createStubProvider("freya.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await put(app, "freya.weather", {
+			enabled: true,
+			config: { units: "metric" },
+			credentials: { apiKey: "secret123" },
+		})
+
+		expect(res.status).toBe(503)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("not configured")
+	})
+})
+
+describe("GET /api/sources/:sourceId/actions", () => {
+	test("returns 401 without auth", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createApp([createStubProvider("freya.location")])
+
+		const res = await listActions(app, "freya.location")
+
+		expect(res.status).toBe(401)
+	})
+
+	test("returns 404 for source that is not enabled in the user session", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
+
+		const res = await listActions(app, "freya.location")
+
+		expect(res.status).toBe(404)
+	})
+
+	test("returns serializable action definitions", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "test.actions")
+		const provider: FeedSourceProvider = {
+			sourceId: "test.actions",
+			async feedSourceForUser() {
+				return {
+					id: "test.actions",
+					async listActions() {
+						return {
+							search: {
+								id: "search",
+								description: "Search something",
+								input: tflConfig,
+							},
+						}
+					},
+					async executeAction() {
+						return undefined
+					},
+					async fetchContext() {
+						return null
+					},
+				}
+			},
+		}
+		const { app } = createApp([provider], MOCK_USER_ID)
+
+		const res = await listActions(app, "test.actions")
+
+		expect(res.status).toBe(200)
+		const body = (await res.json()) as {
+			actions: Record<string, { id: string; description?: string; input?: unknown }>
+		}
+		expect(body.actions.search).toEqual({
+			id: "search",
+			description: "Search something",
+		})
+	})
+})
+
+describe("POST /api/sources/:sourceId/actions/:actionId", () => {
+	test("returns 401 without auth", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createApp([createStubProvider("freya.location")])
+
+		const res = await executeAction(app, "freya.location", "update-location", {})
+
+		expect(res.status).toBe(401)
+	})
+
+	test("executes source action with request body as params", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "test.actions")
+		let receivedParams: unknown
+		const provider: FeedSourceProvider = {
+			sourceId: "test.actions",
+			async feedSourceForUser() {
+				return {
+					id: "test.actions",
+					async listActions() {
+						return {
+							search: { id: "search", description: "Search something" },
+						}
+					},
+					async executeAction(_actionId: string, params: unknown) {
+						receivedParams = params
+						return { ok: true, count: 2 }
+					},
+					async fetchContext() {
+						return null
+					},
+				}
+			},
+		}
+		const { app } = createApp([provider], MOCK_USER_ID)
+
+		const res = await executeAction(app, "test.actions", "search", { query: "exa" })
+
+		expect(res.status).toBe(200)
+		expect(receivedParams).toEqual({ query: "exa" })
+		const body = (await res.json()) as { result: unknown }
+		expect(body.result).toEqual({ ok: true, count: 2 })
+	})
+
+	test("returns 404 for unknown action", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "freya.location")
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
+
+		const res = await executeAction(app, "freya.location", "missing", {})
+
+		expect(res.status).toBe(404)
+	})
+
+	test("returns 400 for invalid JSON", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "freya.location")
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
+
+		const res = await app.request("/api/sources/freya.location/actions/search", {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: "not-json",
+		})
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toBe("Invalid JSON")
+	})
+
+	test("returns 400 when source rejects params", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "test.actions")
+		const provider: FeedSourceProvider = {
+			sourceId: "test.actions",
+			async feedSourceForUser() {
+				return {
+					id: "test.actions",
+					async listActions() {
+						return {
+							search: { id: "search" },
+						}
+					},
+					async executeAction() {
+						throw new Error("query must not be empty")
+					},
+					async fetchContext() {
+						return null
+					},
+				}
+			},
+		}
+		const { app } = createApp([provider], MOCK_USER_ID)
+
+		const res = await executeAction(app, "test.actions", "search", { query: "" })
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toBe("query must not be empty")
+	})
 })
 
 describe("PUT /api/sources/:sourceId/credentials", () => {
 	test("returns 401 without auth", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createAppWithEncryptor([createStubProvider("aelis.location")])
+		const { app } = createAppWithEncryptor([createStubProvider("freya.location")])
 
-		const res = await putCredentials(app, "aelis.location", { token: "x" })
+		const res = await putCredentials(app, "freya.location", { token: "x" })
 
 		expect(res.status).toBe(401)
 	})
 
 	test("returns 404 for unknown source", async () => {
 		activeStore = createInMemoryStore()
-		const { app } = createAppWithEncryptor([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createAppWithEncryptor([createStubProvider("freya.location")], MOCK_USER_ID)
 
 		const res = await putCredentials(app, "unknown.source", { token: "x" })
 
@@ -761,10 +976,10 @@ describe("PUT /api/sources/:sourceId/credentials", () => {
 
 	test("returns 400 for invalid JSON", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location")
+		activeStore.seed(MOCK_USER_ID, "freya.location")
-		const { app } = createAppWithEncryptor([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createAppWithEncryptor([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await app.request("/api/sources/aelis.location/credentials", {
+		const res = await app.request("/api/sources/freya.location/credentials", {
 			method: "PUT",
 			headers: { "Content-Type": "application/json" },
 			body: "not-json",
@@ -777,10 +992,10 @@ describe("PUT /api/sources/:sourceId/credentials", () => {
 
 	test("returns 204 and persists credentials", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location")
+		activeStore.seed(MOCK_USER_ID, "freya.location")
-		const { app } = createAppWithEncryptor([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createAppWithEncryptor([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await putCredentials(app, "aelis.location", { token: "secret" })
+		const res = await putCredentials(app, "freya.location", { token: "secret" })
 
 		expect(res.status).toBe(204)
 	})
@@ -812,10 +1027,10 @@ describe("PUT /api/sources/:sourceId/credentials", () => {
 
 	test("returns 503 when credential encryption is not configured", async () => {
 		activeStore = createInMemoryStore()
-		activeStore.seed(MOCK_USER_ID, "aelis.location")
+		activeStore.seed(MOCK_USER_ID, "freya.location")
-		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+		const { app } = createApp([createStubProvider("freya.location")], MOCK_USER_ID)
 
-		const res = await putCredentials(app, "aelis.location", { token: "x" })
+		const res = await putCredentials(app, "freya.location", { token: "x" })
 
 		expect(res.status).toBe(503)
 		const body = (await res.json()) as { error: string }

apps/freya-backend/src/sources/http.ts

@@ -1,3 +1,4 @@
+import type { ActionDefinition } from "@freya/core"
 import type { Context, Hono } from "hono"
 
 import { type } from "arktype"
@@ -34,11 +35,13 @@ const ReplaceSourceConfigRequestBody = type({
 	"+": "reject",
 	enabled: "boolean",
 	config: "unknown",
+	"credentials?": "unknown",
 })
 
 const ReplaceSourceConfigNoConfigRequestBody = type({
 	"+": "reject",
 	enabled: "boolean",
+	"credentials?": "unknown",
 })
 
 export function registerSourcesHttpHandlers(
@@ -53,6 +56,13 @@ export function registerSourcesHttpHandlers(
 	app.get("/api/sources/:sourceId", inject, authSessionMiddleware, handleGetSource)
 	app.patch("/api/sources/:sourceId", inject, authSessionMiddleware, handleUpdateSource)
 	app.put("/api/sources/:sourceId", inject, authSessionMiddleware, handleReplaceSource)
+	app.get("/api/sources/:sourceId/actions", inject, authSessionMiddleware, handleListActions)
+	app.post(
+		"/api/sources/:sourceId/actions/:actionId",
+		inject,
+		authSessionMiddleware,
+		handleExecuteAction,
+	)
 	app.put(
 		"/api/sources/:sourceId/credentials",
 		inject,
@@ -161,14 +171,15 @@ async function handleReplaceSource(c: Context<Env>) {
 		return c.json({ error: parsed.summary }, 400)
 	}
 
-	const { enabled } = parsed
+	const { enabled, credentials } = parsed
 	const config = "config" in parsed ? parsed.config : undefined
 	const user = c.get("user")!
 
 	try {
-		await sessionManager.upsertSourceConfig(user.id, sourceId, {
+		await sessionManager.saveSourceConfig(user.id, sourceId, {
 			enabled,
 			config,
+			credentials,
 		})
 	} catch (err) {
 		if (err instanceof SourceNotFoundError) {
@@ -177,12 +188,80 @@ async function handleReplaceSource(c: Context<Env>) {
 		if (err instanceof InvalidSourceConfigError) {
 			return c.json({ error: err.message }, 400)
 		}
+		if (err instanceof CredentialStorageUnavailableError) {
+			return c.json({ error: err.message }, 503)
+		}
 		throw err
 	}
 
 	return c.body(null, 204)
 }
 
+async function handleListActions(c: Context<Env>) {
+	const sourceId = c.req.param("sourceId")
+	if (!sourceId) {
+		return c.body(null, 404)
+	}
+
+	const user = c.get("user")!
+	const sessionManager = c.get("sessionManager")
+
+	let session
+	try {
+		session = await sessionManager.getOrCreate(user.id)
+	} catch (err) {
+		console.error("[handleListActions] Failed to create session:", err)
+		return c.json({ error: "Service unavailable" }, 503)
+	}
+
+	try {
+		const actions = await session.engine.listActions(sourceId)
+		return c.json({ actions: serializeActions(actions) })
+	} catch (err) {
+		if (isActionNotFoundError(err)) {
+			return c.json({ error: err.message }, 404)
+		}
+		console.error(`[handleListActions] Failed to list actions for "${sourceId}":`, err)
+		return c.json({ error: "Failed to list actions" }, 500)
+	}
+}
+
+async function handleExecuteAction(c: Context<Env>) {
+	const sourceId = c.req.param("sourceId")
+	const actionId = c.req.param("actionId")
+	if (!sourceId || !actionId) {
+		return c.body(null, 404)
+	}
+
+	let params: unknown
+	try {
+		params = await c.req.json()
+	} catch {
+		return c.json({ error: "Invalid JSON" }, 400)
+	}
+
+	const user = c.get("user")!
+	const sessionManager = c.get("sessionManager")
+
+	let session
+	try {
+		session = await sessionManager.getOrCreate(user.id)
+	} catch (err) {
+		console.error("[handleExecuteAction] Failed to create session:", err)
+		return c.json({ error: "Service unavailable" }, 503)
+	}
+
+	try {
+		const result = await session.engine.executeAction(sourceId, actionId, params)
+		return c.json({ result })
+	} catch (err) {
+		if (isActionNotFoundError(err)) {
+			return c.json({ error: err.message }, 404)
+		}
+		return c.json({ error: err instanceof Error ? err.message : String(err) }, 400)
+	}
+}
+
 async function handleUpdateCredentials(c: Context<Env>) {
 	const sourceId = c.req.param("sourceId")
 	if (!sourceId) {
@@ -222,3 +301,21 @@ async function handleUpdateCredentials(c: Context<Env>) {
 
 	return c.body(null, 204)
 }
+
+function serializeActions(actions: Record<string, ActionDefinition>) {
+	const serialized: Record<string, { id: string; description?: string }> = {}
+	for (const [key, action] of Object.entries(actions)) {
+		serialized[key] = {
+			id: action.id,
+			...(action.description ? { description: action.description } : {}),
+		}
+	}
+	return serialized
+}
+
+function isActionNotFoundError(err: unknown): err is Error {
+	if (!(err instanceof Error)) {
+		return false
+	}
+	return err.message.startsWith("Source not found:") || err.message.startsWith("Action ")
+}

apps/freya-backend/src/sources/user-sources.ts

@@ -26,6 +26,18 @@ export function sources(db: Database, userId: string) {
 			return rows[0]
 		},
 
+		/** Like find(), but acquires a row lock to prevent concurrent modifications. Must be called inside a transaction. */
+		async findForUpdate(sourceId: string) {
+			const rows = await db
+				.select()
+				.from(userSources)
+				.where(and(eq(userSources.userId, userId), eq(userSources.sourceId, sourceId)))
+				.limit(1)
+				.for("update")
+
+			return rows[0]
+		},
+
 		/** Enables a source for the user. Throws if the source row doesn't exist. */
 		async enableSource(sourceId: string) {
 			const rows = await db

apps/freya-backend/src/tfl/provider.ts

@@ -1,4 +1,4 @@
-import { TflSource, type ITflApi, type TflLineId } from "@aelis/source-tfl"
+import { TflSource, type ITflApi, type TflLineId } from "@freya/source-tfl"
 import { type } from "arktype"
 
 import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
@@ -13,7 +13,7 @@ export const tflConfig = type({
 })
 
 export class TflSourceProvider implements FeedSourceProvider {
-	readonly sourceId = "aelis.tfl"
+	readonly sourceId = "freya.tfl"
 	readonly configSchema = tflConfig
 	private readonly apiKey: string | undefined
 	private readonly client: ITflApi | undefined

apps/freya-backend/src/weather/provider.ts

@@ -1,4 +1,4 @@
-import { WeatherSource, type WeatherSourceOptions } from "@aelis/source-weatherkit"
+import { WeatherSource, type WeatherSourceOptions } from "@freya/source-weatherkit"
 import { type } from "arktype"
 
 import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
@@ -16,7 +16,7 @@ export const weatherConfig = type({
 })
 
 export class WeatherSourceProvider implements FeedSourceProvider {
-	readonly sourceId = "aelis.weather"
+	readonly sourceId = "freya.weather"
 	readonly configSchema = weatherConfig
 	private readonly credentials: WeatherSourceOptions["credentials"]
 	private readonly client: WeatherSourceOptions["client"]

apps/freya-backend/src/web-search/provider.ts

@@ -0,0 +1,30 @@
+import { WebSearchSource, type WebSearchClient } from "@freya/source-web-search"
+
+import type { FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+export type WebSearchSourceProviderOptions =
+	| { apiKey: string | undefined; client?: never }
+	| { apiKey?: never; client: WebSearchClient }
+
+export class WebSearchSourceProvider implements FeedSourceProvider {
+	readonly sourceId = "freya.web-search"
+
+	private readonly apiKey: string | undefined
+	private readonly client: WebSearchClient | undefined
+
+	constructor(options: WebSearchSourceProviderOptions) {
+		this.apiKey = "apiKey" in options ? options.apiKey : undefined
+		this.client = "client" in options ? options.client : undefined
+	}
+
+	async feedSourceForUser(
+		_userId: string,
+		_config: unknown,
+		_credentials: unknown,
+	): Promise<WebSearchSource> {
+		return new WebSearchSource({
+			apiKey: this.apiKey,
+			client: this.client,
+		})
+	}
+}

apps/freya-client/app.json

@@ -1,11 +1,11 @@
 {
 	"expo": {
-		"name": "Aelis",
+		"name": "Freya",
-		"slug": "aelis-client",
+		"slug": "freya-client",
 		"version": "1.0.0",
 		"orientation": "portrait",
 		"icon": "./assets/images/icon.png",
-		"scheme": "aelis",
+		"scheme": "freya",
 		"userInterfaceStyle": "automatic",
 		"newArchEnabled": true,
 		"ios": {
@@ -15,7 +15,7 @@
 				},
 				"ITSAppUsesNonExemptEncryption": false
 			},
-			"bundleIdentifier": "sh.nym.aelis"
+			"bundleIdentifier": "sh.nym.freya"
 		},
 		"android": {
 			"adaptiveIcon": {
@@ -26,7 +26,7 @@
 			},
 			"edgeToEdgeEnabled": true,
 			"predictiveBackGestureEnabled": false,
-			"package": "sh.nym.aelis"
+			"package": "sh.nym.freya"
 		},
 		"web": {
 			"output": "static",
@@ -55,44 +55,112 @@
 								"fontFamily": "Inter",
 								"fontDefinitions": [
 									{ "path": "./assets/fonts/Inter_100Thin.ttf", "weight": 100 },
-									{ "path": "./assets/fonts/Inter_100Thin_Italic.ttf", "weight": 100, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_100Thin_Italic.ttf",
+										"weight": 100,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_200ExtraLight.ttf", "weight": 200 },
-									{ "path": "./assets/fonts/Inter_200ExtraLight_Italic.ttf", "weight": 200, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_200ExtraLight_Italic.ttf",
+										"weight": 200,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_300Light.ttf", "weight": 300 },
-									{ "path": "./assets/fonts/Inter_300Light_Italic.ttf", "weight": 300, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_300Light_Italic.ttf",
+										"weight": 300,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_400Regular.ttf", "weight": 400 },
-									{ "path": "./assets/fonts/Inter_400Regular_Italic.ttf", "weight": 400, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_400Regular_Italic.ttf",
+										"weight": 400,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_500Medium.ttf", "weight": 500 },
-									{ "path": "./assets/fonts/Inter_500Medium_Italic.ttf", "weight": 500, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_500Medium_Italic.ttf",
+										"weight": 500,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_600SemiBold.ttf", "weight": 600 },
-									{ "path": "./assets/fonts/Inter_600SemiBold_Italic.ttf", "weight": 600, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_600SemiBold_Italic.ttf",
+										"weight": 600,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_700Bold.ttf", "weight": 700 },
-									{ "path": "./assets/fonts/Inter_700Bold_Italic.ttf", "weight": 700, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_700Bold_Italic.ttf",
+										"weight": 700,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_800ExtraBold.ttf", "weight": 800 },
-									{ "path": "./assets/fonts/Inter_800ExtraBold_Italic.ttf", "weight": 800, "style": "italic" },
+									{
+										"path": "./assets/fonts/Inter_800ExtraBold_Italic.ttf",
+										"weight": 800,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/Inter_900Black.ttf", "weight": 900 },
-									{ "path": "./assets/fonts/Inter_900Black_Italic.ttf", "weight": 900, "style": "italic" }
+									{
+										"path": "./assets/fonts/Inter_900Black_Italic.ttf",
+										"weight": 900,
+										"style": "italic"
+									}
 								]
 							},
 							{
 								"fontFamily": "Source Serif 4",
 								"fontDefinitions": [
 									{ "path": "./assets/fonts/SourceSerif4_200ExtraLight.ttf", "weight": 200 },
-									{ "path": "./assets/fonts/SourceSerif4_200ExtraLight_Italic.ttf", "weight": 200, "style": "italic" },
+									{
+										"path": "./assets/fonts/SourceSerif4_200ExtraLight_Italic.ttf",
+										"weight": 200,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/SourceSerif4_300Light.ttf", "weight": 300 },
-									{ "path": "./assets/fonts/SourceSerif4_300Light_Italic.ttf", "weight": 300, "style": "italic" },
+									{
+										"path": "./assets/fonts/SourceSerif4_300Light_Italic.ttf",
+										"weight": 300,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/SourceSerif4_400Regular.ttf", "weight": 400 },
-									{ "path": "./assets/fonts/SourceSerif4_400Regular_Italic.ttf", "weight": 400, "style": "italic" },
+									{
+										"path": "./assets/fonts/SourceSerif4_400Regular_Italic.ttf",
+										"weight": 400,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/SourceSerif4_500Medium.ttf", "weight": 500 },
-									{ "path": "./assets/fonts/SourceSerif4_500Medium_Italic.ttf", "weight": 500, "style": "italic" },
+									{
+										"path": "./assets/fonts/SourceSerif4_500Medium_Italic.ttf",
+										"weight": 500,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/SourceSerif4_600SemiBold.ttf", "weight": 600 },
-									{ "path": "./assets/fonts/SourceSerif4_600SemiBold_Italic.ttf", "weight": 600, "style": "italic" },
+									{
+										"path": "./assets/fonts/SourceSerif4_600SemiBold_Italic.ttf",
+										"weight": 600,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/SourceSerif4_700Bold.ttf", "weight": 700 },
-									{ "path": "./assets/fonts/SourceSerif4_700Bold_Italic.ttf", "weight": 700, "style": "italic" },
+									{
+										"path": "./assets/fonts/SourceSerif4_700Bold_Italic.ttf",
+										"weight": 700,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/SourceSerif4_800ExtraBold.ttf", "weight": 800 },
-									{ "path": "./assets/fonts/SourceSerif4_800ExtraBold_Italic.ttf", "weight": 800, "style": "italic" },
+									{
+										"path": "./assets/fonts/SourceSerif4_800ExtraBold_Italic.ttf",
+										"weight": 800,
+										"style": "italic"
+									},
 									{ "path": "./assets/fonts/SourceSerif4_900Black.ttf", "weight": 900 },
-									{ "path": "./assets/fonts/SourceSerif4_900Black_Italic.ttf", "weight": 900, "style": "italic" }
+									{
+										"path": "./assets/fonts/SourceSerif4_900Black_Italic.ttf",
+										"weight": 900,
+										"style": "italic"
+									}
 								]
 							}
 						]