@agenticmail/api 0.9.27 → 0.9.29

package/README.md

@@ -408,6 +408,17 @@ JSON parse errors (malformed request bodies) return a clear 400 error rather tha
 
 ---
 
+## External inbox exposure — what `/gateway/relay` actually opens up
+
+> **The `POST /gateway/relay` endpoint (the one `agenticmail setup-email` calls) makes every sub-agent publicly reachable from the internet via plus-addressing.** This is by design — agents that can only email each other aren't very useful for talking to real people — but the implications surprise some operators:
+
+- **Plus-addresses are publicly guessable.** Once relay is connected, anyone can hit `your-relay+secretary@gmail.com`, `your-relay+kepler@gmail.com`, etc. and the corresponding agent's AgenticMail inbox receives the message. The `+sub` part is not a secret.
+- **External mail wakes the dispatcher identically to internal `@localhost` mail.** The API publishes the same SSE `new-mail` event regardless of source; the host integration (`@agenticmail/claudecode`, `@agenticmail/codex`) spawns a worker turn either way.
+- **The host bridges take a different path.** Mail to `your-relay+claudecode@gmail.com` / `your-relay+codex@gmail.com` routes to `handleBridgeMail` in the dispatcher, which uses the host SDK's `resume` option to wake the operator's last session headlessly. If that fails it falls through to the bridge-escalation email configured via `setup_operator_email`.
+- **Spam = worker turns.** Throttles in order of escalation: the `wake-budget` guard in `dispatcher.handleEvent` (automatic, default cap per minute per agent), the built-in relay-level spam filter (runs before publishing the SSE event), and `metadata.host`-based fencing for agents that should stay internal-only.
+
+---
+
 ## License
 
 [MIT](./LICENSE) - Ope Olatunji ([@ope-olatunji](https://github.com/ope-olatunji))

package/dist/index.js

@@ -1956,18 +1956,45 @@ function normalizeWakeList(value) {
   return void 0;
 }
 function deriveDefaultWakeList(toField) {
-  if (!toField) return void 0;
-  const arr = Array.isArray(toField) ? toField : String(toField).split(",");
-  const localNames = [];
+  const localNames = extractLocalNames(toField);
+  return localNames.length > 0 ? localNames : void 0;
+}
+function extractLocalNames(field) {
+  if (!field) return [];
+  const arr = Array.isArray(field) ? field : String(field).split(",");
+  const out = [];
   for (const raw of arr) {
     const trimmed = String(raw).slice(0, 500).trim().toLowerCase();
     const m = trimmed.match(/<([^>]+)>/);
     const bare = (m ? m[1] : trimmed).trim();
     if (!bare.endsWith("@localhost")) continue;
     const name = bare.replace(/@localhost$/i, "");
-    if (name) localNames.push(name);
+    if (name) out.push(name);
   }
-  return localNames.length > 0 ? localNames : void 0;
+  return out;
+}
+function deriveWakeFromBody(body, candidateNames) {
+  if (!body || candidateNames.length === 0) return [];
+  const sample = body.length > 2e4 ? body.slice(0, 2e4) : body;
+  const found = /* @__PURE__ */ new Set();
+  for (const raw of candidateNames) {
+    const name = String(raw).trim().toLowerCase();
+    if (!name) continue;
+    const esc = name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const patterns = [
+      // Greeting / handoff anchors:
+      //   "Marlow —"  "Marlow:"  "Marlow,"
+      new RegExp(`(?:^|[\\n.])\\s*${esc}\\s*[\u2014\u2013\\-:,]`, "i"),
+      // Mention syntax:
+      //   "@marlow"
+      new RegExp(`@${esc}\\b`, "i"),
+      // Conversational handoff phrases:
+      //   "over to marlow"  "handing off to marlow"  "next up: marlow"
+      new RegExp(`\\b(?:hi|hey|hello|over to|hand(?:ing)? off to|dispatch(?:ing)? to|assigning to|next up:?|next slice:?)\\s+${esc}\\b`, "i")
+    ];
+    if (patterns.some((p) => p.test(sample))) found.add(name);
+  }
+  return Array.from(found);
 }
 function wakeHeaders(wakeList) {
   if (wakeList === void 0) return {};
@@ -2113,7 +2140,13 @@ function createMailRoutes(accountManager, config, db, gatewayManager) {
           const ownerName2 = agent.metadata?.ownerName;
           const fromName2 = ownerName2 ? `${agent.name} from ${ownerName2}` : agent.name;
           const explicitWakeForPersist = normalizeWakeList(wake);
-          const wakeListForPersist = wake === void 0 ? deriveDefaultWakeList(to) : explicitWakeForPersist;
+          let wakeListForPersist;
+          if (wake !== void 0) {
+            wakeListForPersist = explicitWakeForPersist;
+          } else {
+            const bodyDerived = deriveWakeFromBody(typeof text === "string" ? text : "", extractLocalNames(cc));
+            wakeListForPersist = bodyDerived.length > 0 ? bodyDerived : deriveDefaultWakeList(to);
+          }
           const mailOptions = {
             to,
             subject,
@@ -2197,7 +2230,13 @@ function createMailRoutes(accountManager, config, db, gatewayManager) {
       const ownerName = agent.metadata?.ownerName;
       const fromName = ownerName ? `${agent.name} from ${ownerName}` : agent.name;
       const explicitWake = normalizeWakeList(wake);
-      const wakeList = wake === void 0 ? deriveDefaultWakeList(to) : explicitWake;
+      let wakeList;
+      if (wake !== void 0) {
+        wakeList = explicitWake;
+      } else {
+        const bodyDerived = deriveWakeFromBody(typeof text === "string" ? text : "", extractLocalNames(cc));
+        wakeList = bodyDerived.length > 0 ? bodyDerived : deriveDefaultWakeList(to);
+      }
       const customHeaders = wakeHeaders(wakeList);
       const mailOpts = {
         to,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/api",
-  "version": "0.9.27",
+  "version": "0.9.29",
   "description": "REST API server for AgenticMail — email and SMS endpoints for AI agents",
   "type": "module",
   "main": "dist/index.js",

package/public/js/message-view.js

@@ -324,6 +324,17 @@ function renderBodyWithThreading(src, audienceLookup = null) {
       i++;
       continue;
     }
+    // Strip any trailing blank lines from the prose buffer before
+    // flushing. Reply builders typically pad the new content with
+    // `\n\n` before the `On <date>, <addr> wrote:` header so the
+    // quote stands apart in plaintext clients. In the web view those
+    // blank lines render as empty <p> blocks with their own margins,
+    // producing the huge gap operators flagged between the latest
+    // message and the quoted thread. Trimming here keeps plain-text
+    // readers happy and tightens the rendered HTML at the same time.
+    while (prose.length > 0 && prose[prose.length - 1].trim() === '') {
+      prose.pop();
+    }
     flushProse();
     const dateRaw = m[1];
     const sender = m[2];
@@ -361,16 +372,27 @@ function renderBodyWithThreading(src, audienceLookup = null) {
       }
       break;
     }
-    // Fall back to cross-message lookup if the body didn't carry
-    // audience lines (older replies pre-0.9.32). The lookup uses
-    // the surrounding inbox-list messages to find the original
-    // message by sender + date and lift its To/Cc/Bcc.
-    if (!toAddrs && !ccAddrs && !bccAddrs && typeof audienceLookup === 'function') {
+    // Fall back to cross-message lookup to fill ANY missing audience
+    // field — not just the all-empty case.
+    //
+    // The previous gate (`!toAddrs && !ccAddrs && !bccAddrs`) was wrong:
+    // it treated a body that had a `To:` line but no `Cc:` line as
+    // "audience encoded, lookup not needed", silently dropping the Cc
+    // info that state.messages had. This surfaced as quoted blocks
+    // showing only `TO:` even when the original message had Cc'd
+    // multiple agents — operators correctly flagged this as "the
+    // earlier email's CCs aren't being shown".
+    //
+    // Now: run the lookup whenever any field is missing, and only
+    // backfill the fields that weren't already in the body. The
+    // body-encoded value always wins (it's authoritative); the
+    // lookup is purely a backfill.
+    if ((!toAddrs || !ccAddrs || !bccAddrs) && typeof audienceLookup === 'function') {
       const fromLookup = audienceLookup(sender, dateRaw);
       if (fromLookup) {
-        toAddrs = fromLookup.to;
-        ccAddrs = fromLookup.cc;
-        bccAddrs = fromLookup.bcc;
+        if (!toAddrs) toAddrs = fromLookup.to || '';
+        if (!ccAddrs) ccAddrs = fromLookup.cc || '';
+        if (!bccAddrs) bccAddrs = fromLookup.bcc || '';
       }
     }
     out.push(renderThreadQuote(dateRaw, sender, quoted.join('\n'), { to: toAddrs, cc: ccAddrs, bcc: bccAddrs }, audienceLookup));

package/public/styles.css

@@ -1019,14 +1019,41 @@ mark.search-hl {
    styled card with proper avatar + name + friendly date instead
    of leaving the raw ISO timestamp visible. Nested replies recurse
    so a 3-deep thread gets 3 nested cards. */
+/* Thread-quote: the boxed-up older email a reply quotes. Two issues
+ * users flagged on the rendered view before:
+ *
+ *   1. Huge vertical gap before the quote — was 16px margin-top here
+ *      PLUS empty <p> blocks from trailing newlines in the parent
+ *      message body (now also fixed in message-view.js by trimming
+ *      trailing whitespace before the quote). Dropped to a tight 4px
+ *      since the horizontal divider below carries the separation.
+ *   2. The pink left rule looked like a stub. We add a full-width
+ *      hairline divider on ::before so the visual break between the
+ *      parent message and the quote is unambiguous, and pin the rule
+ *      so it reads as a thread spine continuing down through the
+ *      whole quoted block.
+ *
+ * Nested quotes (replies-of-replies) get progressively warmer rule
+ * colours (pink → purple → amber) so the depth is visible at a
+ * glance without staring at indentation. */
 .thread-quote {
-  margin: 16px 0;
+  position: relative;
+  margin: 4px 0 8px;
+  padding: 14px 0 4px 16px;
   border-left: 3px solid var(--pink-rule);
-  padding: 0 0 0 16px;
+}
+.thread-quote::before {
+  content: '';
+  position: absolute;
+  top: 0;
+  left: -3px;
+  right: 0;
+  height: 1px;
+  background: var(--line, rgba(255,255,255,0.08));
 }
 .thread-quote .thread-quote {
   border-left-color: #c084fc;
-  margin: 12px 0;
+  margin: 4px 0 8px;
 }
 .thread-quote .thread-quote .thread-quote { border-left-color: #f59e0b; }
 .thread-quote-head {