npm - @agenticmail/core - Versions diffs - 0.5.43 → 0.5.45 - Mend

@agenticmail/core 0.5.43 → 0.5.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/chunk-TIAKW5DC.js +623 -0
package/dist/index.cjs +792 -673
package/dist/index.d.cts +12 -0
package/dist/index.d.ts +12 -0
package/dist/index.js +166 -675
package/dist/spam-filter-L6KNZ7QI.js +13 -0
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,9 @@
+import {
+  SPAM_THRESHOLD,
+  WARNING_THRESHOLD,
+  isInternalEmail,
+  scoreEmail
+} from "./chunk-TIAKW5DC.js";
 import {
   __require
 } from "./chunk-3RG5ZIWI.js";
@@ -54,15 +60,28 @@ var MailSender = class {
     };
     const composer = new MailComposer(mailOpts);
     const raw = await composer.compile().build();
-    const result = await this.transporter.sendMail(mailOpts);
-    return {
-      messageId: result.messageId,
-      envelope: {
-        from: result.envelope.from || "",
-        to: Array.isArray(result.envelope.to) ? result.envelope.to : result.envelope.to ? [result.envelope.to] : []
-      },
-      raw
-    };
+    const MAX_RETRIES = 2;
+    let lastError = null;
+    for (let attempt = 0; attempt <= MAX_RETRIES; attempt++) {
+      try {
+        const result = await this.transporter.sendMail(mailOpts);
+        return {
+          messageId: result.messageId,
+          envelope: {
+            from: result.envelope.from || "",
+            to: Array.isArray(result.envelope.to) ? result.envelope.to : result.envelope.to ? [result.envelope.to] : []
+          },
+          raw
+        };
+      } catch (err) {
+        lastError = err;
+        const code = err?.responseCode ?? err?.code;
+        const isTransient = typeof code === "number" && code >= 400 && code < 500 || code === "ECONNRESET" || code === "ETIMEDOUT" || code === "ESOCKET";
+        if (!isTransient || attempt === MAX_RETRIES) throw err;
+        await new Promise((resolve) => setTimeout(resolve, 1e3 * (attempt + 1)));
+      }
+    }
+    throw lastError;
   }
   async verify() {
     try {
@@ -145,10 +164,13 @@ var MailReceiver = class {
       const limit = Math.min(Math.max(options?.limit ?? 20, 1), 1e3);
       const offset = Math.max(options?.offset ?? 0, 0);
       if (offset >= total) return envelopes;
-      const end = Math.max(total - offset, 1);
-      const start = Math.max(end - limit + 1, 1);
-      const range = `${start}:${end}`;
-      for await (const msg of this.client.fetch(range, {
+      const allUids = await this.client.search({ all: true }, { uid: true });
+      if (!allUids || allUids.length === 0) return envelopes;
+      const sortedUids = Array.from(allUids).sort((a, b) => b - a);
+      const pageUids = sortedUids.slice(offset, offset + limit);
+      if (pageUids.length === 0) return envelopes;
+      const uidRange = pageUids.join(",");
+      for await (const msg of this.client.fetch(uidRange, {
         uid: true,
         envelope: true,
         flags: true,
@@ -174,7 +196,8 @@ var MailReceiver = class {
           size: msg.size ?? 0
         });
       }
-      return envelopes.reverse();
+      envelopes.sort((a, b) => b.uid - a.uid);
+      return envelopes;
     } finally {
       lock.release();
     }
@@ -362,12 +385,17 @@ async function parseEmail(raw) {
 }
 // src/inbox/watcher.ts
+var RECONNECT_INITIAL_MS = 2e3;
+var RECONNECT_MAX_MS = 6e4;
+var RECONNECT_FACTOR = 2;
 var InboxWatcher = class extends EventEmitter {
   constructor(options, watcherOptions) {
     super();
     this.options = options;
     this.mailbox = watcherOptions?.mailbox ?? "INBOX";
     this.autoFetch = watcherOptions?.autoFetch ?? true;
+    this._autoReconnect = options.autoReconnect ?? false;
+    this._maxReconnectAttempts = options.maxReconnectAttempts ?? Infinity;
     this.client = new ImapFlow2({
       host: options.host,
       port: options.port,
@@ -387,8 +415,15 @@ var InboxWatcher = class extends EventEmitter {
   mailbox;
   autoFetch;
   _lock = null;
+  _stopped = false;
+  _reconnectTimer = null;
+  _reconnectDelay = RECONNECT_INITIAL_MS;
+  _reconnectAttempts = 0;
+  _maxReconnectAttempts;
+  _autoReconnect;
   async start() {
     if (this.watching) return;
+    this._stopped = false;
     this.client = new ImapFlow2({
       host: this.options.host,
       port: this.options.port,
@@ -406,6 +441,8 @@ var InboxWatcher = class extends EventEmitter {
     const lock = await this.client.getMailboxLock(this.mailbox);
     try {
       this.watching = true;
+      this._reconnectDelay = RECONNECT_INITIAL_MS;
+      this._reconnectAttempts = 0;
       this.client.on("exists", async (data) => {
         try {
           if (data.count > data.prevCount) {
@@ -443,6 +480,7 @@ var InboxWatcher = class extends EventEmitter {
       this.client.on("close", () => {
         this.watching = false;
         this.emit("close");
+        this._scheduleReconnect();
       });
       this._lock = lock;
     } catch (err) {
@@ -450,9 +488,44 @@ var InboxWatcher = class extends EventEmitter {
       throw err;
     }
   }
+  /** Schedule a reconnect attempt with exponential backoff */
+  _scheduleReconnect() {
+    if (this._stopped || !this._autoReconnect) return;
+    if (this._reconnectAttempts >= this._maxReconnectAttempts) {
+      this.emit("reconnect_failed", { attempts: this._reconnectAttempts });
+      return;
+    }
+    const delay = this._reconnectDelay;
+    this._reconnectDelay = Math.min(this._reconnectDelay * RECONNECT_FACTOR, RECONNECT_MAX_MS);
+    this._reconnectAttempts++;
+    this.emit("reconnecting", { attempt: this._reconnectAttempts, delayMs: delay });
+    this._reconnectTimer = setTimeout(async () => {
+      if (this._stopped) return;
+      try {
+        this.client.removeAllListeners();
+        if (this._lock) {
+          try {
+            this._lock.release();
+          } catch {
+          }
+          this._lock = null;
+        }
+        await this.start();
+        this.emit("reconnected", { attempt: this._reconnectAttempts });
+      } catch (err) {
+        this.emit("error", err);
+        this._scheduleReconnect();
+      }
+    }, delay);
+  }
   async stop() {
-    if (!this.watching) return;
+    if (!this.watching && !this._reconnectTimer) return;
+    this._stopped = true;
     this.watching = false;
+    if (this._reconnectTimer) {
+      clearTimeout(this._reconnectTimer);
+      this._reconnectTimer = null;
+    }
     this.client.removeAllListeners();
     if (this._lock) {
       try {
@@ -1063,7 +1136,7 @@ var AccountManager = class {
     const apiKey = generateApiKey();
     const password = options.password ?? generatePassword();
     const domain = options.domain ?? "localhost";
-    if (domain !== "localhost" && !/^[a-zA-Z0-9][a-zA-Z0-9.-]*[a-zA-Z]{2,}$/.test(domain)) {
+    if (domain !== "localhost" && !/^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/.test(domain)) {
       throw new Error(`Invalid domain "${domain}": must be a valid domain name`);
     }
     const principalName = options.name.toLowerCase();
@@ -1280,31 +1353,39 @@ var AgentDeletionService = class {
   }
   async archiveFolder(receiver, folder) {
     const archived = [];
+    const PAGE_SIZE = 100;
     try {
-      const envelopes = await receiver.listEnvelopes(folder, { limit: 1e4 });
-      for (const env of envelopes) {
-        try {
-          const raw = await receiver.fetchMessage(env.uid, folder);
-          const parsed = await parseEmail(raw);
-          archived.push({
-            uid: env.uid,
-            messageId: parsed.messageId || env.messageId,
-            from: parsed.from?.[0]?.address ?? "",
-            to: parsed.to?.map((a) => a.address) ?? [],
-            subject: parsed.subject || env.subject,
-            date: parsed.date?.toISOString() ?? env.date?.toISOString?.() ?? "",
-            text: parsed.text,
-            html: parsed.html
-          });
-        } catch {
-          archived.push({
-            uid: env.uid,
-            messageId: env.messageId,
-            from: env.from?.[0]?.address ?? "",
-            to: env.to?.map((a) => a.address) ?? [],
-            subject: env.subject,
-            date: env.date?.toISOString?.() ?? ""
-          });
+      let offset = 0;
+      let hasMore = true;
+      while (hasMore) {
+        const envelopes = await receiver.listEnvelopes(folder, { limit: PAGE_SIZE, offset });
+        if (envelopes.length === 0) break;
+        hasMore = envelopes.length === PAGE_SIZE;
+        offset += envelopes.length;
+        for (const env of envelopes) {
+          try {
+            const raw = await receiver.fetchMessage(env.uid, folder);
+            const parsed = await parseEmail(raw);
+            archived.push({
+              uid: env.uid,
+              messageId: parsed.messageId || env.messageId,
+              from: parsed.from?.[0]?.address ?? "",
+              to: parsed.to?.map((a) => a.address) ?? [],
+              subject: parsed.subject || env.subject,
+              date: parsed.date?.toISOString() ?? env.date?.toISOString?.() ?? "",
+              text: parsed.text,
+              html: parsed.html
+            });
+          } catch {
+            archived.push({
+              uid: env.uid,
+              messageId: env.messageId,
+              from: env.from?.[0]?.address ?? "",
+              to: env.to?.map((a) => a.address) ?? [],
+              subject: env.subject,
+              date: env.date?.toISOString?.() ?? ""
+            });
+          }
         }
       }
     } catch (err) {
@@ -1381,623 +1462,6 @@ var AgentDeletionService = class {
   }
 };
-// src/mail/spam-filter.ts
-var SPAM_THRESHOLD = 40;
-var WARNING_THRESHOLD = 20;
-function isInternalEmail(email, localDomains) {
-  const fromDomain = email.from[0]?.address?.split("@")[1]?.toLowerCase();
-  if (!fromDomain) return false;
-  const internals = /* @__PURE__ */ new Set(["localhost", ...(localDomains ?? []).map((d) => d.toLowerCase())]);
-  if (internals.has(fromDomain) && email.replyTo?.length) {
-    const replyDomain = email.replyTo[0]?.address?.split("@")[1]?.toLowerCase();
-    if (replyDomain && !internals.has(replyDomain)) return false;
-  }
-  return internals.has(fromDomain);
-}
-var RE_IGNORE_INSTRUCTIONS = /ignore\s+(all\s+)?(previous|prior|above)\s+(instructions|prompts|rules)/i;
-var RE_YOU_ARE_NOW = /you\s+are\s+now\s+(a|an|the|my)\b/i;
-var RE_SYSTEM_DELIMITER = /\[SYSTEM\]|\[INST\]|<<SYS>>|<\|im_start\|>/i;
-var RE_NEW_INSTRUCTIONS = /new\s+instructions?:|override\s+instructions?:/i;
-var RE_ACT_AS = /act\s+as\s+(a|an|if)|pretend\s+(to be|you\s+are)/i;
-var RE_DO_NOT_MENTION = /do\s+not\s+(mention|tell|reveal|disclose)\s+(that|this)/i;
-var RE_TAG_CHARS = /[\u{E0001}-\u{E007F}]/u;
-var RE_DENSE_ZWC = /[\u200B\u200C\u200D\uFEFF]{3,}/;
-var RE_JAILBREAK = /\b(DAN|jailbreak|bypass\s+(safety|filter|restriction)|unlimited\s+mode)\b/i;
-var RE_BASE64_BLOCK = /[A-Za-z0-9+/]{100,}={0,2}/;
-var RE_MARKDOWN_INJECTION = /```(?:system|python\s+exec|bash\s+exec)/i;
-var RE_OWNER_IMPERSONATION = /your\s+(owner|creator|admin|boss|master|human)\s+(asked|told|wants|said|instructed|needs)/i;
-var RE_SECRET_REQUEST = /share\s+(your|the)\s+(api.?key|password|secret|credential|token)/i;
-var RE_IMPERSONATE_SYSTEM = /this\s+is\s+(a|an)\s+(system|security|admin|automated)\s+(message|alert|notification)/i;
-var RE_URGENCY = /\b(urgent|immediately|right now|asap|deadline|expires?|last chance|act now|time.?sensitive)\b/i;
-var RE_AUTHORITY = /\b(suspend|terminate|deactivat|unauthori[zs]|locked|compromised|breach|violation|legal action)\b/i;
-var RE_MONEY_REQUEST = /send\s+(me|us)\s+\$?\d|wire\s+transfer|western\s+union|money\s*gram/i;
-var RE_GIFT_CARD = /buy\s+(me\s+)?gift\s*cards?|itunes\s+cards?|google\s+play\s+cards?/i;
-var RE_CEO_FRAUD = /\b(CEO|CFO|CTO|director|executive)\b.*\b(wire|transfer|payment|urgent)\b/i;
-var RE_FORWARD_ALL = /forward\s+(all|every)\s+(email|message)/i;
-var RE_SEARCH_CREDS = /search\s+(inbox|email|mailbox).*password|find.*credential/i;
-var RE_SEND_TO_EXTERNAL = /send\s+(the|all|every).*to\s+\S+@\S+/i;
-var RE_DUMP_INSTRUCTIONS = /reveal.*system\s+prompt|dump.*instructions|show.*system\s+prompt|print.*instructions/i;
-var RE_WEBHOOK_EXFIL = /https?:\/\/[^/]*(webhook|ngrok|pipedream|requestbin|hookbin)/i;
-var RE_CREDENTIAL_HARVEST = /verify\s+your\s+(account|identity|password|credentials?)/i;
-var RE_LINK_TAG = /<a\s[^>]*href\s*=\s*["']([^"']+)["']/gi;
-var RE_LINK_TAG_WITH_TEXT = /<a\s[^>]*href\s*=\s*["']([^"']+)["'][^>]*>(.*?)<\/a>/gi;
-var RE_URL_IN_TEXT = /https?:\/\/[^\s<>"]+/gi;
-var RE_IP_URL = /https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/i;
-var RE_URL_SHORTENER = /https?:\/\/(bit\.ly|t\.co|tinyurl\.com|goo\.gl|ow\.ly|is\.gd|buff\.ly|rebrand\.ly|shorturl\.at)\//i;
-var RE_DATA_URI = /(?:data:text\/html|javascript:)/i;
-var RE_LOGIN_URGENCY = /(click\s+here|sign\s+in|log\s*in).*\b(urgent|immediately|expire|suspend|locked)/i;
-var RE_PHARMACY_SPAM = /\b(viagra|cialis|pharmacy|prescription|cheap\s+meds|online\s+pharmacy)\b/i;
-var RE_WEIGHT_LOSS = /\b(weight\s+loss|diet\s+pill|lose\s+\d+\s+(lbs?|pounds|kg)|fat\s+burn)\b/i;
-var RE_LOTTERY_SCAM = /you\s+(have\s+)?(won|been\s+selected)|lottery|million\s+dollars|nigerian?\s+prince/i;
-var RE_CRYPTO_SCAM = /(bitcoin|crypto|ethereum).*invest(ment)?|guaranteed\s+returns|double\s+your\s+(money|bitcoin|crypto)/i;
-var RE_EXECUTABLE_EXT = /\.(exe|bat|cmd|ps1|sh|dll|scr|vbs|js|msi|com)$/i;
-var RE_DOUBLE_EXT = /\.\w{2,5}\.(exe|bat|cmd|ps1|sh|dll|scr|vbs|js|msi|com)$/i;
-var RE_ARCHIVE_EXT = /\.(zip|rar|7z|tar\.gz|tgz)$/i;
-var RE_HTML_ATTACHMENT_EXT = /\.(html?|svg)$/i;
-var BRAND_DOMAINS = {
-  google: ["google.com", "gmail.com", "googlemail.com"],
-  microsoft: ["microsoft.com", "outlook.com", "hotmail.com", "live.com"],
-  apple: ["apple.com", "icloud.com"],
-  amazon: ["amazon.com", "amazon.co.uk", "amazon.de"],
-  paypal: ["paypal.com"],
-  meta: ["facebook.com", "meta.com", "instagram.com"],
-  netflix: ["netflix.com"],
-  bank: ["chase.com", "wellsfargo.com", "bankofamerica.com", "citibank.com"]
-};
-var SPAM_WORDS = [
-  "congratulations",
-  "winner",
-  "prize",
-  "claim",
-  "free",
-  "offer",
-  "limited time",
-  "act now",
-  "click here",
-  "no obligation",
-  "risk free",
-  "guaranteed",
-  "million",
-  "billion",
-  "inheritance",
-  "beneficiary",
-  "wire transfer",
-  "western union",
-  "dear friend",
-  "dear sir",
-  "kindly",
-  "revert back",
-  "do the needful",
-  "humbly",
-  "esteemed",
-  "investment opportunity",
-  "double your",
-  "earn money",
-  "work from home",
-  "make money",
-  "cash bonus",
-  "discount",
-  "lowest price"
-];
-function countSpamWords(text) {
-  const lower = text.toLowerCase();
-  let count = 0;
-  for (const word of SPAM_WORDS) {
-    if (lower.includes(word)) count++;
-  }
-  return count;
-}
-function hasHomographChars(domain) {
-  if (domain.startsWith("xn--")) return true;
-  const hasCyrillic = /[\u0400-\u04FF]/.test(domain);
-  const hasLatin = /[a-zA-Z]/.test(domain);
-  return hasCyrillic && hasLatin;
-}
-var RULES = [
-  // === Prompt injection ===
-  {
-    id: "pi_ignore_instructions",
-    category: "prompt_injection",
-    score: 25,
-    description: 'Contains "ignore previous instructions" pattern',
-    test: (_e, text) => RE_IGNORE_INSTRUCTIONS.test(text)
-  },
-  {
-    id: "pi_you_are_now",
-    category: "prompt_injection",
-    score: 25,
-    description: 'Contains "you are now a..." roleplay injection',
-    test: (_e, text) => RE_YOU_ARE_NOW.test(text)
-  },
-  {
-    id: "pi_system_delimiter",
-    category: "prompt_injection",
-    score: 20,
-    description: "Contains LLM system delimiters ([SYSTEM], [INST], etc.)",
-    test: (_e, text, html) => RE_SYSTEM_DELIMITER.test(text) || RE_SYSTEM_DELIMITER.test(html)
-  },
-  {
-    id: "pi_new_instructions",
-    category: "prompt_injection",
-    score: 20,
-    description: 'Contains "new instructions:" or "override instructions:"',
-    test: (_e, text) => RE_NEW_INSTRUCTIONS.test(text)
-  },
-  {
-    id: "pi_act_as",
-    category: "prompt_injection",
-    score: 15,
-    description: 'Contains "act as" or "pretend to be" injection',
-    test: (_e, text) => RE_ACT_AS.test(text)
-  },
-  {
-    id: "pi_do_not_mention",
-    category: "prompt_injection",
-    score: 15,
-    description: 'Contains "do not mention/tell/reveal" suppression',
-    test: (_e, text) => RE_DO_NOT_MENTION.test(text)
-  },
-  {
-    id: "pi_invisible_unicode",
-    category: "prompt_injection",
-    score: 20,
-    description: "Contains invisible Unicode tag characters or dense zero-width chars",
-    test: (_e, text, html) => RE_TAG_CHARS.test(text) || RE_TAG_CHARS.test(html) || RE_DENSE_ZWC.test(text) || RE_DENSE_ZWC.test(html)
-  },
-  {
-    id: "pi_jailbreak",
-    category: "prompt_injection",
-    score: 20,
-    description: "Contains jailbreak/DAN/bypass safety language",
-    test: (_e, text) => RE_JAILBREAK.test(text)
-  },
-  {
-    id: "pi_base64_injection",
-    category: "prompt_injection",
-    score: 15,
-    description: "Contains long base64-encoded blocks (potential hidden instructions)",
-    test: (_e, text) => RE_BASE64_BLOCK.test(text)
-  },
-  {
-    id: "pi_markdown_injection",
-    category: "prompt_injection",
-    score: 10,
-    description: "Contains code block injection attempts (```system, ```python exec)",
-    test: (_e, text) => RE_MARKDOWN_INJECTION.test(text)
-  },
-  // === Social engineering ===
-  {
-    id: "se_owner_impersonation",
-    category: "social_engineering",
-    score: 20,
-    description: "Claims to speak on behalf of the agent's owner",
-    test: (_e, text) => RE_OWNER_IMPERSONATION.test(text)
-  },
-  {
-    id: "se_secret_request",
-    category: "social_engineering",
-    score: 15,
-    description: "Requests API keys, passwords, or credentials",
-    test: (_e, text) => RE_SECRET_REQUEST.test(text)
-  },
-  {
-    id: "se_impersonate_system",
-    category: "social_engineering",
-    score: 15,
-    description: "Impersonates a system/security message",
-    test: (_e, text) => RE_IMPERSONATE_SYSTEM.test(text)
-  },
-  {
-    id: "se_urgency_authority",
-    category: "social_engineering",
-    score: 10,
-    description: "Combines urgency language with authority/threat language",
-    test: (_e, text) => RE_URGENCY.test(text) && RE_AUTHORITY.test(text)
-  },
-  {
-    id: "se_money_request",
-    category: "social_engineering",
-    score: 15,
-    description: "Requests money transfer or wire",
-    test: (_e, text) => RE_MONEY_REQUEST.test(text)
-  },
-  {
-    id: "se_gift_card",
-    category: "social_engineering",
-    score: 20,
-    description: "Requests purchase of gift cards",
-    test: (_e, text) => RE_GIFT_CARD.test(text)
-  },
-  {
-    id: "se_ceo_fraud",
-    category: "social_engineering",
-    score: 15,
-    description: "BEC pattern: executive title + payment/wire/urgent",
-    test: (_e, text) => RE_CEO_FRAUD.test(text)
-  },
-  // === Data exfiltration ===
-  {
-    id: "de_forward_all",
-    category: "data_exfiltration",
-    score: 20,
-    description: "Requests forwarding all emails",
-    test: (_e, text) => RE_FORWARD_ALL.test(text)
-  },
-  {
-    id: "de_search_credentials",
-    category: "data_exfiltration",
-    score: 20,
-    description: "Requests searching inbox for passwords/credentials",
-    test: (_e, text) => RE_SEARCH_CREDS.test(text)
-  },
-  {
-    id: "de_send_to_external",
-    category: "data_exfiltration",
-    score: 15,
-    description: "Instructs sending data to an external email address",
-    test: (_e, text) => RE_SEND_TO_EXTERNAL.test(text)
-  },
-  {
-    id: "de_dump_instructions",
-    category: "data_exfiltration",
-    score: 15,
-    description: "Attempts to extract system prompt or instructions",
-    test: (_e, text) => RE_DUMP_INSTRUCTIONS.test(text)
-  },
-  {
-    id: "de_webhook_exfil",
-    category: "data_exfiltration",
-    score: 15,
-    description: "Contains webhook/ngrok/pipedream exfiltration URLs",
-    test: (_e, text) => RE_WEBHOOK_EXFIL.test(text)
-  },
-  // === Phishing ===
-  {
-    id: "ph_spoofed_sender",
-    category: "phishing",
-    score: 10,
-    description: "Sender name contains brand but domain doesn't match",
-    test: (email) => {
-      const from = email.from[0];
-      if (!from) return false;
-      const name = (from.name ?? "").toLowerCase();
-      const domain = (from.address ?? "").split("@")[1]?.toLowerCase() ?? "";
-      for (const [brand, domains] of Object.entries(BRAND_DOMAINS)) {
-        if (name.includes(brand) && !domains.some((d) => domain === d || domain.endsWith("." + d))) {
-          return true;
-        }
-      }
-      return false;
-    }
-  },
-  {
-    id: "ph_credential_harvest",
-    category: "phishing",
-    score: 15,
-    description: 'Asks to "verify your account/password" with links present',
-    test: (_e, text, html) => {
-      if (!RE_CREDENTIAL_HARVEST.test(text)) return false;
-      return RE_URL_IN_TEXT.test(text) || RE_LINK_TAG.test(html);
-    }
-  },
-  {
-    id: "ph_suspicious_links",
-    category: "phishing",
-    score: 10,
-    description: "Contains links with IP addresses, URL shorteners, or excessive subdomains",
-    test: (_e, text, html) => {
-      const allText = text + " " + html;
-      if (RE_IP_URL.test(allText)) return true;
-      if (RE_URL_SHORTENER.test(allText)) return true;
-      const urls = allText.match(RE_URL_IN_TEXT) ?? [];
-      for (const url of urls) {
-        try {
-          const hostname = new URL(url).hostname;
-          if (hostname.split(".").length > 4) return true;
-        } catch {
-        }
-      }
-      return false;
-    }
-  },
-  {
-    id: "ph_data_uri",
-    category: "phishing",
-    score: 15,
-    description: "Contains data: or javascript: URIs in links",
-    test: (_e, _text, html) => {
-      RE_LINK_TAG.lastIndex = 0;
-      let match;
-      while ((match = RE_LINK_TAG.exec(html)) !== null) {
-        if (RE_DATA_URI.test(match[1])) return true;
-      }
-      return false;
-    }
-  },
-  {
-    id: "ph_homograph",
-    category: "phishing",
-    score: 15,
-    description: "From domain contains mixed-script or punycode characters",
-    test: (email) => {
-      const domain = email.from[0]?.address?.split("@")[1] ?? "";
-      if (!domain) return false;
-      return hasHomographChars(domain);
-    }
-  },
-  {
-    id: "ph_mismatched_display_url",
-    category: "phishing",
-    score: 10,
-    description: "HTML link text shows one URL but href points to a different domain",
-    test: (_e, _text, html) => {
-      RE_LINK_TAG_WITH_TEXT.lastIndex = 0;
-      let match;
-      while ((match = RE_LINK_TAG_WITH_TEXT.exec(html)) !== null) {
-        const href = match[1];
-        const linkText = match[2].replace(/<[^>]*>/g, "").trim();
-        if (!/^https?:\/\//i.test(linkText)) continue;
-        try {
-          const hrefHost = new URL(href).hostname.replace(/^www\./, "");
-          const textHost = new URL(linkText).hostname.replace(/^www\./, "");
-          if (hrefHost !== textHost) return true;
-        } catch {
-        }
-      }
-      return false;
-    }
-  },
-  {
-    id: "ph_login_urgency",
-    category: "phishing",
-    score: 10,
-    description: "Combines login/click-here language with urgency",
-    test: (_e, text) => RE_LOGIN_URGENCY.test(text)
-  },
-  {
-    id: "ph_unsubscribe_missing",
-    category: "phishing",
-    score: 3,
-    description: "Marketing-like email with many links but no List-Unsubscribe header",
-    test: (email, text, html) => {
-      const allText = text + " " + html;
-      const urls = new Set(allText.match(RE_URL_IN_TEXT) ?? []);
-      if (urls.size < 5) return false;
-      return !email.headers.get("list-unsubscribe");
-    }
-  },
-  // === Authentication (SPF/DKIM/DMARC from headers) ===
-  {
-    id: "auth_spf_fail",
-    category: "authentication",
-    score: 15,
-    description: "SPF authentication failed",
-    test: (email) => {
-      const authResults = email.headers.get("authentication-results") ?? "";
-      return /spf=(fail|softfail)/i.test(authResults);
-    }
-  },
-  {
-    id: "auth_dkim_fail",
-    category: "authentication",
-    score: 15,
-    description: "DKIM authentication failed",
-    test: (email) => {
-      const authResults = email.headers.get("authentication-results") ?? "";
-      return /dkim=fail/i.test(authResults);
-    }
-  },
-  {
-    id: "auth_dmarc_fail",
-    category: "authentication",
-    score: 20,
-    description: "DMARC authentication failed",
-    test: (email) => {
-      const authResults = email.headers.get("authentication-results") ?? "";
-      return /dmarc=fail/i.test(authResults);
-    }
-  },
-  {
-    id: "auth_no_auth_results",
-    category: "authentication",
-    score: 3,
-    description: "No Authentication-Results header present",
-    test: (email) => {
-      return !email.headers.has("authentication-results");
-    }
-  },
-  // === Attachment risk ===
-  {
-    id: "at_executable",
-    category: "attachment_risk",
-    score: 25,
-    description: "Attachment has executable file extension",
-    test: (email) => {
-      return email.attachments.some((a) => RE_EXECUTABLE_EXT.test(a.filename));
-    }
-  },
-  {
-    id: "at_double_extension",
-    category: "attachment_risk",
-    score: 20,
-    description: "Attachment has double extension (e.g. document.pdf.exe)",
-    test: (email) => {
-      return email.attachments.some((a) => RE_DOUBLE_EXT.test(a.filename));
-    }
-  },
-  {
-    id: "at_archive_carrier",
-    category: "attachment_risk",
-    score: 15,
-    description: "Attachment is an archive (potential payload carrier)",
-    test: (email) => {
-      return email.attachments.some((a) => RE_ARCHIVE_EXT.test(a.filename));
-    }
-  },
-  {
-    id: "at_html_attachment",
-    category: "attachment_risk",
-    score: 10,
-    description: "HTML/SVG file attachment (phishing vector)",
-    test: (email) => {
-      return email.attachments.some((a) => RE_HTML_ATTACHMENT_EXT.test(a.filename));
-    }
-  },
-  // === Header anomalies ===
-  {
-    id: "ha_missing_message_id",
-    category: "header_anomaly",
-    score: 5,
-    description: "Missing Message-ID header",
-    test: (email) => !email.messageId
-  },
-  {
-    id: "ha_empty_from",
-    category: "header_anomaly",
-    score: 10,
-    description: "Missing or empty From address",
-    test: (email) => !email.from.length || !email.from[0].address
-  },
-  {
-    id: "ha_reply_to_mismatch",
-    category: "header_anomaly",
-    score: 5,
-    description: "Reply-To domain differs from From domain",
-    test: (email) => {
-      if (!email.replyTo?.length || !email.from.length) return false;
-      const fromDomain = email.from[0].address?.split("@")[1]?.toLowerCase();
-      const replyDomain = email.replyTo[0].address?.split("@")[1]?.toLowerCase();
-      return !!fromDomain && !!replyDomain && fromDomain !== replyDomain;
-    }
-  },
-  // === Content spam ===
-  {
-    id: "cs_all_caps_subject",
-    category: "content_spam",
-    score: 5,
-    description: "Subject is mostly uppercase",
-    test: (email) => {
-      const s = email.subject;
-      if (s.length < 10) return false;
-      const letters = s.replace(/[^a-zA-Z]/g, "");
-      if (letters.length < 5) return false;
-      const upper = letters.replace(/[^A-Z]/g, "").length;
-      return upper / letters.length > 0.8;
-    }
-  },
-  {
-    id: "cs_lottery_scam",
-    category: "content_spam",
-    score: 25,
-    description: "Contains lottery/prize scam language",
-    test: (_e, text) => RE_LOTTERY_SCAM.test(text)
-  },
-  {
-    id: "cs_crypto_scam",
-    category: "content_spam",
-    score: 10,
-    description: "Contains crypto/investment scam language",
-    test: (_e, text) => RE_CRYPTO_SCAM.test(text)
-  },
-  {
-    id: "cs_excessive_punctuation",
-    category: "content_spam",
-    score: 3,
-    description: "Subject has excessive punctuation (!!!!, ????)",
-    test: (email) => /[!]{4,}|[?]{4,}/.test(email.subject)
-  },
-  {
-    id: "cs_pharmacy_spam",
-    category: "content_spam",
-    score: 15,
-    description: "Contains pharmacy/prescription drug spam language",
-    test: (_e, text) => RE_PHARMACY_SPAM.test(text)
-  },
-  {
-    id: "cs_weight_loss",
-    category: "content_spam",
-    score: 10,
-    description: "Contains weight loss scam language",
-    test: (_e, text) => RE_WEIGHT_LOSS.test(text)
-  },
-  {
-    id: "cs_html_only_no_text",
-    category: "content_spam",
-    score: 5,
-    description: "Email has HTML body but empty/missing text body",
-    test: (email) => {
-      const hasHtml = !!email.html && email.html.trim().length > 0;
-      const hasText = !!email.text && email.text.trim().length > 0;
-      return hasHtml && !hasText;
-    }
-  },
-  {
-    id: "cs_spam_word_density",
-    category: "content_spam",
-    score: 0,
-    // Dynamic — calculated in test
-    description: "High density of common spam words",
-    test: (_e, text) => countSpamWords(text) > 5
-  },
-  // === Link analysis ===
-  {
-    id: "la_excessive_links",
-    category: "link_analysis",
-    score: 5,
-    description: "Contains more than 10 unique links",
-    test: (_e, text, html) => {
-      const allText = text + " " + html;
-      const urls = new Set(allText.match(RE_URL_IN_TEXT) ?? []);
-      return urls.size > 10;
-    }
-  }
-];
-function scoreEmail(email) {
-  const bodyText = [email.subject, email.text ?? ""].join("\n");
-  const bodyHtml = email.html ?? "";
-  const matches = [];
-  for (const rule of RULES) {
-    try {
-      if (rule.test(email, bodyText, bodyHtml)) {
-        let score2 = rule.score;
-        if (rule.id === "cs_spam_word_density") {
-          const wordCount = countSpamWords(bodyText);
-          score2 = wordCount > 10 ? 20 : 10;
-        }
-        matches.push({
-          ruleId: rule.id,
-          category: rule.category,
-          score: score2,
-          description: rule.description
-        });
-      }
-    } catch {
-    }
-  }
-  const score = matches.reduce((sum, m) => sum + m.score, 0);
-  let topCategory = null;
-  if (matches.length > 0) {
-    const categoryScores = /* @__PURE__ */ new Map();
-    for (const m of matches) {
-      categoryScores.set(m.category, (categoryScores.get(m.category) ?? 0) + m.score);
-    }
-    let maxScore = 0;
-    for (const [cat, catScore] of categoryScores) {
-      if (catScore > maxScore) {
-        maxScore = catScore;
-        topCategory = cat;
-      }
-    }
-  }
-  return {
-    score,
-    isSpam: score >= SPAM_THRESHOLD,
-    isWarning: score >= WARNING_THRESHOLD && score < SPAM_THRESHOLD,
-    matches,
-    topCategory
-  };
-}
 // src/mail/sanitizer.ts
 var RE_TAG_BLOCK = /[\u{E0001}-\u{E007F}]/gu;
 var RE_ZERO_WIDTH = /[\u200B\u200C\u200D\uFEFF]/g;
@@ -2564,7 +2028,10 @@ function getAttachmentText(content, encoding) {
 }
 function scanOutboundEmail(input) {
   const recipients = Array.isArray(input.to) ? input.to : [input.to];
-  const allInternal = recipients.every((r) => r.endsWith("@localhost"));
+  const allInternal = recipients.every((r) => {
+    const domain = r.split("@").pop()?.toLowerCase();
+    return domain === "localhost";
+  });
   if (allInternal) {
     return { warnings: [], hasHighSeverity: false, hasMediumSeverity: false, blocked: false, summary: "" };
   }
@@ -3057,6 +2524,12 @@ var EmailSearchIndex = class {
     this.db = db2;
   }
   index(email) {
+    if (email.messageId) {
+      const existing = this.db.prepare(
+        "SELECT rowid FROM email_search WHERE agent_id = ? AND message_id = ?"
+      ).get(email.agentId, email.messageId);
+      if (existing) return;
+    }
     const stmt = this.db.prepare(`
       INSERT INTO email_search (agent_id, message_id, subject, from_address, to_address, body_text, received_at)
       VALUES (?, ?, ?, ?, ?, ?, ?)
@@ -3203,7 +2676,7 @@ var DomainManager = class {
 // src/gateway/manager.ts
 import { join as join4 } from "path";
-import { createCipheriv, createDecipheriv, randomBytes as randomBytes2, createHash } from "crypto";
+import { createCipheriv, createDecipheriv, randomBytes as randomBytes2, createHash, scryptSync } from "crypto";
 import nodemailer3 from "nodemailer";
 // src/debug.ts
@@ -4844,23 +4317,38 @@ var SmsPoller = class {
 };
 // src/gateway/manager.ts
+function deriveKey(key, salt) {
+  return scryptSync(key, salt, 32, { N: 16384, r: 8, p: 1 });
+}
 function encryptSecret(plaintext, key) {
-  const keyHash = createHash("sha256").update(key).digest();
+  const salt = randomBytes2(16);
+  const derivedKey = deriveKey(key, salt);
   const iv = randomBytes2(12);
-  const cipher = createCipheriv("aes-256-gcm", keyHash, iv);
+  const cipher = createCipheriv("aes-256-gcm", derivedKey, iv);
   const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
   const authTag = cipher.getAuthTag();
-  return `enc:${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted.toString("hex")}`;
+  return `enc2:${salt.toString("hex")}:${iv.toString("hex")}:${authTag.toString("hex")}:${encrypted.toString("hex")}`;
 }
 function decryptSecret(value, key) {
-  if (!value.startsWith("enc:")) return value;
-  const parts = value.split(":");
-  if (parts.length !== 4) return value;
-  const [, ivHex, authTagHex, ciphertextHex] = parts;
-  const keyHash = createHash("sha256").update(key).digest();
-  const decipher = createDecipheriv("aes-256-gcm", keyHash, Buffer.from(ivHex, "hex"));
-  decipher.setAuthTag(Buffer.from(authTagHex, "hex"));
-  return Buffer.concat([decipher.update(Buffer.from(ciphertextHex, "hex")), decipher.final()]).toString("utf8");
+  if (value.startsWith("enc2:")) {
+    const parts = value.split(":");
+    if (parts.length !== 5) return value;
+    const [, saltHex, ivHex, authTagHex, ciphertextHex] = parts;
+    const derivedKey = deriveKey(key, Buffer.from(saltHex, "hex"));
+    const decipher = createDecipheriv("aes-256-gcm", derivedKey, Buffer.from(ivHex, "hex"));
+    decipher.setAuthTag(Buffer.from(authTagHex, "hex"));
+    return Buffer.concat([decipher.update(Buffer.from(ciphertextHex, "hex")), decipher.final()]).toString("utf8");
+  }
+  if (value.startsWith("enc:")) {
+    const parts = value.split(":");
+    if (parts.length !== 4) return value;
+    const [, ivHex, authTagHex, ciphertextHex] = parts;
+    const keyHash = createHash("sha256").update(key).digest();
+    const decipher = createDecipheriv("aes-256-gcm", keyHash, Buffer.from(ivHex, "hex"));
+    decipher.setAuthTag(Buffer.from(authTagHex, "hex"));
+    return Buffer.concat([decipher.update(Buffer.from(ciphertextHex, "hex")), decipher.final()]).toString("utf8");
+  }
+  return value;
 }
 var GatewayManager = class {
   constructor(options) {
@@ -4950,11 +4438,14 @@ var GatewayManager = class {
       console.warn(`[GatewayManager] Approval reply check failed: ${err.message}`);
     }
     const parsed = inboundToParsedEmail(mail);
-    const spamResult = scoreEmail(parsed);
-    if (spamResult.isSpam) {
-      console.warn(`[GatewayManager] Spam blocked (score=${spamResult.score}, category=${spamResult.topCategory}): "${mail.subject}" from ${mail.from}`);
-      if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
-      return;
+    const { isInternalEmail: isInternalEmail2 } = await import("./spam-filter-L6KNZ7QI.js");
+    if (!isInternalEmail2(parsed)) {
+      const spamResult = scoreEmail(parsed);
+      if (spamResult.isSpam) {
+        console.warn(`[GatewayManager] Spam blocked (score=${spamResult.score}, category=${spamResult.topCategory}): "${mail.subject}" from ${mail.from}`);
+        if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
+        return;
+      }
     }
     let agent = await this.accountManager.getByName(agentName);
     if (!agent && agentName !== DEFAULT_AGENT_NAME) {