@agenticmail/core 0.9.19 → 0.9.21

package/dist/index.js

@@ -5137,1605 +5137,1944 @@ var SmsPoller = class {
   }
 };
 
-// src/gateway/manager.ts
-var GatewayManager = class {
-  constructor(options) {
-    this.options = options;
-    this.db = options.db;
-    this.stalwart = options.stalwart;
-    this.accountManager = options.accountManager ?? null;
-    this.encryptionKey = options.encryptionKey ?? process.env.AGENTICMAIL_MASTER_KEY ?? null;
-    const inboundHandler = options.onInboundMail ?? (this.accountManager && options.localSmtp ? this.deliverInboundLocally.bind(this) : void 0);
-    this.relay = new RelayGateway({
-      onInboundMail: inboundHandler,
-      defaultAgentName: DEFAULT_AGENT_NAME
+// src/telegram/client.ts
+var TELEGRAM_API_BASE = "https://api.telegram.org";
+var TELEGRAM_MESSAGE_LIMIT = 4096;
+var TELEGRAM_CHUNK_SIZE = 4e3;
+var TelegramApiError = class extends Error {
+  isTelegramApiError = true;
+  description;
+  errorCode;
+  constructor(method, description, errorCode) {
+    super(`Telegram ${method} failed: ${description}${errorCode ? ` (code ${errorCode})` : ""}`);
+    this.name = "TelegramApiError";
+    this.description = description;
+    this.errorCode = errorCode;
+  }
+};
+function redactBotToken(text, token) {
+  let out = typeof text === "string" ? text : String(text);
+  if (token) out = out.split(token).join("bot***");
+  return out.replace(/\d{6,}:[A-Za-z0-9_-]{30,}/g, "bot***");
+}
+async function callTelegramApi(token, method, body, options = {}) {
+  if (!token || typeof token !== "string") {
+    throw new TelegramApiError(method, "bot token is required");
+  }
+  const pollTimeout = typeof body?.timeout === "number" ? body.timeout : 0;
+  const timeoutMs = options.longPoll && pollTimeout > 0 ? (pollTimeout + 15) * 1e3 : 3e4;
+  const timeoutSignal = AbortSignal.timeout(timeoutMs);
+  const signal = options.signal ? AbortSignal.any([timeoutSignal, options.signal]) : timeoutSignal;
+  let response;
+  try {
+    response = await fetch(`${TELEGRAM_API_BASE}/bot${token}/${method}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: body ? JSON.stringify(body) : void 0,
+      signal
     });
-    try {
-      this.loadConfig();
-    } catch {
-      this.config = { mode: "none" };
-    }
-    try {
-      this.smsManager = new SmsManager(options.db);
-    } catch {
+  } catch (err) {
+    throw new TelegramApiError(method, redactBotToken(err?.message ?? String(err), token));
+  }
+  let json;
+  try {
+    json = await response.json();
+  } catch {
+    throw new TelegramApiError(method, `non-JSON response (HTTP ${response.status})`);
+  }
+  if (!json || json.ok !== true) {
+    throw new TelegramApiError(
+      method,
+      redactBotToken(String(json?.description || `HTTP ${response.status}`), token),
+      typeof json?.error_code === "number" ? json.error_code : void 0
+    );
+  }
+  return json.result;
+}
+function stripTelegramMarkdown(text) {
+  if (!text) return text;
+  return text.replace(/\*\*(.+?)\*\*/g, "$1").replace(/\*(.+?)\*/g, "$1").replace(/__(.+?)__/g, "$1").replace(/~~(.+?)~~/g, "$1").replace(/^#{1,6}\s+/gm, "").replace(/```[\s\S]*?```/g, (m) => m.replace(/```\w*\n?/g, "").trim()).replace(/`([^`]+)`/g, "$1").replace(/\[([^\]]+)\]\([^)]+\)/g, "$1").trim();
+}
+function splitTelegramMessage(text, maxLen = TELEGRAM_CHUNK_SIZE) {
+  const chunks = [];
+  let rest = text || "";
+  while (rest.length > maxLen) {
+    let cut = rest.lastIndexOf("\n", maxLen);
+    if (cut < maxLen / 2) cut = maxLen;
+    chunks.push(rest.slice(0, cut));
+    rest = rest.slice(cut).replace(/^\n+/, "");
+  }
+  if (rest) chunks.push(rest);
+  return chunks;
+}
+async function sendTelegramMessage(token, chatId, text, options = {}) {
+  const clean = stripTelegramMarkdown(text);
+  const chunks = splitTelegramMessage(clean);
+  if (chunks.length === 0) chunks.push("");
+  const messageIds = [];
+  for (let i = 0; i < chunks.length; i++) {
+    const body = { chat_id: String(chatId), text: chunks[i] };
+    if (i === 0 && options.replyToMessageId) {
+      body.reply_parameters = { message_id: options.replyToMessageId };
     }
+    if (options.disableNotification) body.disable_notification = true;
+    const result = await callTelegramApi(token, "sendMessage", body);
+    messageIds.push(result.message_id);
   }
-  db;
-  stalwart;
-  accountManager;
-  relay;
-  config = { mode: "none" };
-  cfClient = null;
-  tunnel = null;
-  dnsConfigurator = null;
-  domainPurchaser = null;
-  smsManager = null;
-  smsPollers = /* @__PURE__ */ new Map();
-  encryptionKey = null;
-  /**
-   * Check if a message has already been delivered to an agent (deduplication).
-   */
-  isAlreadyDelivered(messageId, agentName) {
-    if (!messageId) return false;
-    const row = this.db.prepare("SELECT 1 FROM delivered_messages WHERE message_id = ? AND agent_name = ?").get(messageId, agentName);
-    return !!row;
+  return { messageIds, chunks: chunks.length };
+}
+function getTelegramMe(token) {
+  return callTelegramApi(token, "getMe");
+}
+function getTelegramChat(token, chatId) {
+  return callTelegramApi(token, "getChat", { chat_id: String(chatId) });
+}
+function getTelegramUpdates(token, offset, options = {}) {
+  const timeoutSec = Math.max(options.timeoutSec ?? 0, 0);
+  return callTelegramApi(token, "getUpdates", {
+    offset,
+    limit: Math.min(Math.max(options.limit ?? 100, 1), 100),
+    timeout: timeoutSec,
+    allowed_updates: ["message"]
+  }, { longPoll: timeoutSec > 0, signal: options.signal });
+}
+function setTelegramWebhook(token, url, options = {}) {
+  return callTelegramApi(token, "setWebhook", {
+    url,
+    secret_token: options.secretToken,
+    allowed_updates: ["message"],
+    drop_pending_updates: options.dropPendingUpdates ?? false
+  });
+}
+function deleteTelegramWebhook(token) {
+  return callTelegramApi(token, "deleteWebhook", {});
+}
+function getTelegramWebhookInfo(token) {
+  return callTelegramApi(token, "getWebhookInfo");
+}
+
+// src/telegram/update.ts
+function asTrimmed(value) {
+  return typeof value === "string" ? value.trim() : "";
+}
+function normalizeChatType(type) {
+  return type === "private" || type === "group" || type === "supergroup" || type === "channel" ? type : "unknown";
+}
+function parseTelegramUpdate(update) {
+  if (!update || typeof update !== "object") return null;
+  const u = update;
+  if (typeof u.update_id !== "number") return null;
+  const msg = u.message || u.channel_post;
+  if (!msg || typeof msg !== "object") return null;
+  if (typeof msg.message_id !== "number") return null;
+  const chat = msg.chat || {};
+  if (typeof chat.id !== "number" && typeof chat.id !== "string") return null;
+  const text = asTrimmed(msg.text) || asTrimmed(msg.caption);
+  if (!text) return null;
+  const from = msg.from || {};
+  const fromName = [from.first_name, from.last_name].filter((p) => typeof p === "string" && p).join(" ") || asTrimmed(from.username) || asTrimmed(chat.title) || "User";
+  const replyTo = msg.reply_to_message;
+  return {
+    updateId: u.update_id,
+    messageId: msg.message_id,
+    chatId: String(chat.id),
+    chatType: normalizeChatType(chat.type),
+    chatTitle: asTrimmed(chat.title) || void 0,
+    fromId: from.id != null ? String(from.id) : String(chat.id),
+    fromName,
+    fromUsername: asTrimmed(from.username) || void 0,
+    text,
+    replyToMessageId: replyTo && typeof replyTo.message_id === "number" ? replyTo.message_id : void 0,
+    replyToText: replyTo ? asTrimmed(replyTo.text) || asTrimmed(replyTo.caption) || void 0 : void 0,
+    date: typeof msg.date === "number" ? new Date(msg.date * 1e3).toISOString() : (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+var TELEGRAM_STOP_WORDS = /* @__PURE__ */ new Set([
+  "stop",
+  "abort",
+  "kill",
+  "cancel",
+  "halt"
+]);
+function isTelegramStopCommand(text) {
+  if (!text) return false;
+  const cleaned = text.trim().toLowerCase().replace(/[!.?]+$/, "");
+  return TELEGRAM_STOP_WORDS.has(cleaned);
+}
+function nextTelegramOffset(currentOffset, updates) {
+  let next = currentOffset;
+  for (const u of updates) {
+    if (u && typeof u.update_id === "number" && u.update_id >= next) {
+      next = u.update_id + 1;
+    }
   }
+  return next;
+}
+
+// src/telegram/manager.ts
+import { timingSafeEqual } from "crypto";
+var TELEGRAM_WEBHOOK_SECRET_RE = /^[A-Za-z0-9_-]+$/;
+var TELEGRAM_MIN_WEBHOOK_SECRET_LENGTH = 16;
+var TELEGRAM_SECRET_FIELDS = ["botToken", "webhookSecret"];
+function redactTelegramConfig(config) {
+  return {
+    ...config,
+    botToken: config.botToken ? "***" : config.botToken,
+    webhookSecret: config.webhookSecret ? "***" : void 0
+  };
+}
+function isTelegramChatAllowed(config, chatId) {
+  const id = String(chatId ?? "").trim();
+  if (!id) return false;
+  if (config.operatorChatId && String(config.operatorChatId).trim() === id) return true;
+  return Array.isArray(config.allowedChatIds) && config.allowedChatIds.some((c) => String(c).trim() === id);
+}
+function safeEqual(a, b) {
+  const bufA = Buffer.from(a, "utf8");
+  const bufB = Buffer.from(b, "utf8");
+  if (bufA.length !== bufB.length) return false;
+  return timingSafeEqual(bufA, bufB);
+}
+var TelegramManager = class {
   /**
-   * Record that a message was delivered to an agent.
+   * Optional master key used to encrypt Telegram credentials at rest
+   * (the same AES-256-GCM scheme SMS/phone use). When absent (tests, or
+   * a deployment with no master key) configs are stored as-is and reads
+   * tolerate plaintext — upgrades and downgrades both stay safe.
    */
-  recordDelivery(messageId, agentName) {
-    if (!messageId) return;
-    this.db.prepare("INSERT OR IGNORE INTO delivered_messages (message_id, agent_name) VALUES (?, ?)").run(messageId, agentName);
+  constructor(db2, encryptionKey) {
+    this.db = db2;
+    this.encryptionKey = encryptionKey;
+    this.ensureTable();
   }
-  /**
-   * Built-in inbound mail handler: delivers relay inbound mail to agent's local Stalwart mailbox.
-   * Authenticates as the agent to send to their own mailbox (Stalwart requires sender = auth user).
-   *
-   * Also intercepts owner replies to approval notification emails — if the reply says
-   * "approve" or "reject", the pending outbound email is automatically processed.
-   */
-  async deliverInboundLocally(agentName, mail) {
-    if (!this.accountManager || !this.options.localSmtp) {
-      console.warn("[GatewayManager] Cannot deliver inbound: no accountManager or localSmtp config");
-      return;
-    }
-    if (mail.messageId && this.isAlreadyDelivered(mail.messageId, agentName)) return;
-    if (this.smsManager) {
+  initialized = false;
+  ensureTable() {
+    if (this.initialized) return;
+    try {
+      this.db.exec(`
+        CREATE TABLE IF NOT EXISTS telegram_messages (
+          id TEXT PRIMARY KEY,
+          agent_id TEXT NOT NULL,
+          direction TEXT NOT NULL CHECK(direction IN ('inbound', 'outbound')),
+          chat_id TEXT NOT NULL,
+          telegram_message_id INTEGER,
+          from_id TEXT,
+          text TEXT NOT NULL,
+          status TEXT NOT NULL DEFAULT 'pending',
+          created_at TEXT NOT NULL DEFAULT (datetime('now')),
+          metadata TEXT DEFAULT '{}'
+        )
+      `);
       try {
-        const smsBody = mail.text || mail.html || "";
-        const parsedSms = parseGoogleVoiceSms(smsBody, mail.from);
-        if (parsedSms) {
-          const agent2 = this.accountManager ? await this.accountManager.getByName(agentName) : null;
-          const agentId = agent2?.id;
-          if (agentId) {
-            const smsConfig = this.smsManager.getSmsConfig(agentId);
-            if (smsConfig?.enabled && smsConfig.sameAsRelay) {
-              this.smsManager.recordInbound(agentId, parsedSms);
-              console.log(`[GatewayManager] SMS received from ${parsedSms.from}: "${parsedSms.body.slice(0, 50)}..." \u2192 agent ${agentName}`);
-              if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
-            }
-          }
-        }
-      } catch (err) {
-        debug("GatewayManager", `SMS detection error: ${err.message}`);
+        this.db.exec("CREATE INDEX IF NOT EXISTS idx_telegram_agent ON telegram_messages(agent_id)");
+      } catch {
       }
-    }
-    try {
-      await this.tryProcessApprovalReply(mail);
-    } catch (err) {
-      console.warn(`[GatewayManager] Approval reply check failed: ${err.message}`);
-    }
-    const parsed = inboundToParsedEmail(mail);
-    const { isInternalEmail: isInternalEmail2 } = await import("./spam-filter-L6KNZ7QI.js");
-    if (!isInternalEmail2(parsed)) {
-      const spamResult = scoreEmail(parsed);
-      if (spamResult.isSpam) {
-        console.warn(`[GatewayManager] Spam blocked (score=${spamResult.score}, category=${spamResult.topCategory}): "${mail.subject}" from ${mail.from}`);
-        if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
-        return;
+      try {
+        this.db.exec("CREATE INDEX IF NOT EXISTS idx_telegram_chat ON telegram_messages(chat_id)");
+      } catch {
       }
-    }
-    let agent = await this.accountManager.getByName(agentName);
-    if (!agent && agentName !== DEFAULT_AGENT_NAME) {
-      agent = await this.accountManager.getByName(DEFAULT_AGENT_NAME);
-      if (agent) {
-        console.warn(`[GatewayManager] Agent "${agentName}" not found, delivering to default agent "${DEFAULT_AGENT_NAME}"`);
+      try {
+        this.db.exec("CREATE INDEX IF NOT EXISTS idx_telegram_created ON telegram_messages(created_at)");
+      } catch {
       }
+      this.initialized = true;
+    } catch {
+      this.initialized = true;
     }
-    if (!agent) {
-      console.warn(`[GatewayManager] No agent to deliver inbound mail (target: "${agentName}")`);
-      return;
-    }
-    const agentPassword = agent.metadata?._password;
-    if (!agentPassword) {
-      console.warn(`[GatewayManager] No password for agent "${agentName}", cannot deliver`);
-      return;
+  }
+  /** Encrypt the credential fields of a config before persisting. */
+  encryptConfig(config) {
+    if (!this.encryptionKey) return config;
+    const out = { ...config };
+    for (const field of TELEGRAM_SECRET_FIELDS) {
+      const value = out[field];
+      if (typeof value === "string" && value && !isEncryptedSecret(value)) {
+        out[field] = encryptSecret(value, this.encryptionKey);
+      }
     }
-    const transport = nodemailer3.createTransport({
-      host: this.options.localSmtp.host,
-      port: this.options.localSmtp.port,
-      secure: false,
-      auth: {
-        user: agent.stalwartPrincipal,
-        pass: agentPassword
-      },
-      tls: { rejectUnauthorized: false },
-      connectionTimeout: 1e4,
-      greetingTimeout: 1e4,
-      socketTimeout: 15e3
-    });
-    try {
-      await transport.sendMail({
-        from: `${mail.from} <${agent.email}>`,
-        to: agent.email,
-        subject: mail.subject,
-        text: mail.text,
-        html: mail.html || void 0,
-        replyTo: mail.from,
-        inReplyTo: mail.inReplyTo,
-        references: Array.isArray(mail.references) ? mail.references.join(" ") : mail.references,
-        headers: {
-          "X-AgenticMail-Relay": "inbound",
-          "X-Original-From": mail.from,
-          ...mail.messageId ? { "X-Original-Message-Id": mail.messageId } : {}
-        },
-        attachments: mail.attachments?.map((a) => ({
-          filename: a.filename,
-          content: a.content,
-          contentType: a.contentType
-        }))
-      });
-      if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
-    } catch (err) {
-      console.error(`[GatewayManager] Failed to deliver to ${agent.email}: ${err.message}`);
-      throw err;
-    } finally {
-      transport.close();
+    return out;
+  }
+  /** Decrypt the credential fields of a config after loading. */
+  decryptConfig(config) {
+    if (!this.encryptionKey) return config;
+    const out = { ...config };
+    for (const field of TELEGRAM_SECRET_FIELDS) {
+      const value = out[field];
+      if (typeof value === "string" && isEncryptedSecret(value)) {
+        try {
+          out[field] = decryptSecret(value, this.encryptionKey);
+        } catch {
+        }
+      }
     }
+    return out;
+  }
+  /** Normalize a stored/loaded config object, defaulting missing fields. */
+  normalizeConfig(raw) {
+    return {
+      enabled: raw.enabled === true,
+      botToken: typeof raw.botToken === "string" ? raw.botToken : "",
+      botUsername: typeof raw.botUsername === "string" ? raw.botUsername : void 0,
+      botId: typeof raw.botId === "number" ? raw.botId : void 0,
+      allowedChatIds: Array.isArray(raw.allowedChatIds) ? raw.allowedChatIds.map((c) => String(c).trim()).filter(Boolean) : [],
+      operatorChatId: typeof raw.operatorChatId === "string" && raw.operatorChatId.trim() ? raw.operatorChatId.trim() : void 0,
+      mode: raw.mode === "webhook" ? "webhook" : "poll",
+      webhookUrl: typeof raw.webhookUrl === "string" ? raw.webhookUrl : void 0,
+      webhookSecret: typeof raw.webhookSecret === "string" ? raw.webhookSecret : void 0,
+      pollOffset: typeof raw.pollOffset === "number" ? raw.pollOffset : 0,
+      configuredAt: typeof raw.configuredAt === "string" ? raw.configuredAt : (/* @__PURE__ */ new Date()).toISOString()
+    };
   }
-  /**
-   * Check if an inbound email is a reply to a pending approval notification.
-   * If the reply body starts with "approve"/"yes" or "reject"/"no", automatically
-   * process the pending email (send it or discard it) and confirm to the owner.
-   */
-  async tryProcessApprovalReply(mail) {
-    const candidateIds = [];
-    if (mail.inReplyTo) candidateIds.push(mail.inReplyTo);
-    if (mail.references) candidateIds.push(...mail.references);
-    if (candidateIds.length === 0) return false;
-    let row = null;
-    for (const id of candidateIds) {
-      row = this.db.prepare(
-        `SELECT * FROM pending_outbound WHERE notification_message_id = ? AND status = 'pending'`
-      ).get(id);
-      if (row) break;
+  /** Get the Telegram config from agent metadata (credentials decrypted). */
+  getConfig(agentId) {
+    const row = this.db.prepare("SELECT metadata FROM agents WHERE id = ?").get(agentId);
+    if (!row) return null;
+    try {
+      const meta = JSON.parse(row.metadata || "{}");
+      if (!meta.telegram || typeof meta.telegram !== "object") return null;
+      return this.decryptConfig(this.normalizeConfig(meta.telegram));
+    } catch {
+      return null;
     }
-    if (!row) return false;
-    const body = (mail.text || "").trim();
-    const lines = body.split("\n").filter((l) => !l.startsWith(">") && l.trim().length > 0);
-    const firstLine = (lines[0] || "").trim().toLowerCase();
-    const approvePattern = /^(approve[d]?|yes|send\s*it|send|go\s*ahead|lgtm|ok(?:ay)?)\b/;
-    const rejectPattern = /^(reject(?:ed)?|no|den(?:y|ied)|don'?t\s*send|do\s*not\s*send|cancel|block(?:ed)?)\b/;
-    let action = null;
-    if (approvePattern.test(firstLine)) {
-      action = "approve";
-    } else if (rejectPattern.test(firstLine)) {
-      action = "reject";
+  }
+  /** Save the Telegram config to agent metadata (credentials encrypted). */
+  saveConfig(agentId, config) {
+    const row = this.db.prepare("SELECT metadata FROM agents WHERE id = ?").get(agentId);
+    if (!row) throw new Error(`Agent ${agentId} not found`);
+    let meta;
+    try {
+      meta = JSON.parse(row.metadata || "{}");
+    } catch {
+      meta = {};
     }
-    if (!action) return false;
+    meta.telegram = this.encryptConfig(config);
+    this.db.prepare("UPDATE agents SET metadata = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(meta), agentId);
+  }
+  /** Remove the Telegram config from agent metadata. */
+  removeConfig(agentId) {
+    const row = this.db.prepare("SELECT metadata FROM agents WHERE id = ?").get(agentId);
+    if (!row) return;
+    let meta;
     try {
-      if (action === "approve") {
-        await this.executeApproval(row);
-      } else {
-        this.db.prepare(
-          `UPDATE pending_outbound SET status = 'rejected', resolved_at = datetime('now'), resolved_by = 'owner-reply' WHERE id = ?`
-        ).run(row.id);
-      }
-      await this.sendApprovalConfirmation(row, action, mail.messageId);
-    } catch (err) {
-      console.error(`[GatewayManager] Failed to process approval reply for ${row.id}:`, err);
+      meta = JSON.parse(row.metadata || "{}");
+    } catch {
+      meta = {};
     }
-    return true;
+    delete meta.telegram;
+    this.db.prepare("UPDATE agents SET metadata = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(meta), agentId);
+  }
+  /** Persist a new poll offset without touching the rest of the config. */
+  updatePollOffset(agentId, offset) {
+    const config = this.getConfig(agentId);
+    if (!config) return;
+    config.pollOffset = offset;
+    this.saveConfig(agentId, config);
   }
   /**
-   * Execute approval of a pending outbound email: look up the agent, reconstitute
-   * attachments, and send the email via gateway routing or local SMTP.
+   * Resolve the agent that owns a webhook secret. Used to authenticate +
+   * route an inbound Telegram webhook delivery: a webhook carries no bot
+   * identity, so the `X-Telegram-Bot-Api-Secret-Token` header is the
+   * routing key. The comparison is constant-time, and a non-match
+   * returns `null` so the route can answer with a single uniform 403
+   * (no enumeration oracle — same posture as the SMS webhook).
    */
-  async executeApproval(row) {
-    if (!this.accountManager) {
-      throw new Error("AccountManager required for approval processing");
-    }
-    const agent = await this.accountManager.getById(row.agent_id);
-    if (!agent) {
-      console.warn(`[GatewayManager] Cannot approve pending ${row.id}: agent ${row.agent_id} no longer exists`);
-      this.db.prepare(
-        `UPDATE pending_outbound SET status = 'rejected', resolved_at = datetime('now'), resolved_by = 'owner-reply', error = 'Agent no longer exists' WHERE id = ?`
-      ).run(row.id);
-      return;
-    }
-    const mailOpts = JSON.parse(row.mail_options);
-    const ownerName = agent.metadata?.ownerName;
-    mailOpts.fromName = ownerName ? `${agent.name} from ${ownerName}` : agent.name;
-    if (Array.isArray(mailOpts.attachments)) {
-      for (const att of mailOpts.attachments) {
-        if (att.content && typeof att.content === "object" && att.content.type === "Buffer" && Array.isArray(att.content.data)) {
-          att.content = Buffer.from(att.content.data);
+  findAgentByWebhookSecret(secret) {
+    const provided = String(secret ?? "");
+    if (!provided) return null;
+    const rows = this.db.prepare("SELECT id, metadata FROM agents").all();
+    for (const row of rows) {
+      try {
+        const meta = JSON.parse(row.metadata || "{}");
+        if (!meta.telegram || typeof meta.telegram !== "object") continue;
+        const config = this.decryptConfig(this.normalizeConfig(meta.telegram));
+        if (!config.enabled || !config.webhookSecret) continue;
+        if (safeEqual(provided, config.webhookSecret)) {
+          return { agentId: row.id, config };
         }
+      } catch {
       }
     }
-    const gatewayResult = await this.routeOutbound(agent.name, mailOpts);
-    if (!gatewayResult && this.options.localSmtp) {
-      const agentPassword = agent.metadata?._password;
-      if (!agentPassword) {
-        throw new Error(`No password for agent "${agent.name}"`);
-      }
-      const transport = nodemailer3.createTransport({
-        host: this.options.localSmtp.host,
-        port: this.options.localSmtp.port,
-        secure: false,
-        auth: {
-          user: agent.stalwartPrincipal,
-          pass: agentPassword
-        },
-        tls: { rejectUnauthorized: false }
-      });
-      try {
-        await transport.sendMail({
-          from: mailOpts.fromName ? `${mailOpts.fromName} <${agent.email}>` : agent.email,
-          to: Array.isArray(mailOpts.to) ? mailOpts.to.join(", ") : mailOpts.to,
-          subject: mailOpts.subject,
-          text: mailOpts.text || void 0,
-          html: mailOpts.html || void 0,
-          cc: mailOpts.cc || void 0,
-          bcc: mailOpts.bcc || void 0,
-          replyTo: mailOpts.replyTo || void 0,
-          inReplyTo: mailOpts.inReplyTo || void 0,
-          references: Array.isArray(mailOpts.references) ? mailOpts.references.join(" ") : mailOpts.references || void 0,
-          attachments: mailOpts.attachments?.map((a) => ({
-            filename: a.filename,
-            content: a.content,
-            contentType: a.contentType,
-            encoding: a.encoding
-          }))
-        });
-      } finally {
-        transport.close();
-      }
+    return null;
+  }
+  /** True if an inbound message with this Telegram id is already stored. */
+  inboundMessageExists(agentId, chatId, telegramMessageId) {
+    const row = this.db.prepare(
+      "SELECT 1 FROM telegram_messages WHERE agent_id = ? AND direction = ? AND chat_id = ? AND telegram_message_id = ? LIMIT 1"
+    ).get(agentId, "inbound", String(chatId), telegramMessageId);
+    return !!row;
+  }
+  /** Record an inbound Telegram message. */
+  recordInbound(agentId, input, metadata) {
+    const id = `tg_in_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+    const createdAt = input.createdAt || (/* @__PURE__ */ new Date()).toISOString();
+    this.db.prepare(
+      "INSERT INTO telegram_messages (id, agent_id, direction, chat_id, telegram_message_id, from_id, text, status, created_at, metadata) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
+    ).run(
+      id,
+      agentId,
+      "inbound",
+      String(input.chatId),
+      input.telegramMessageId,
+      input.fromId ?? null,
+      input.text,
+      "received",
+      createdAt,
+      JSON.stringify(metadata ?? {})
+    );
+    return {
+      id,
+      agentId,
+      direction: "inbound",
+      chatId: String(input.chatId),
+      telegramMessageId: input.telegramMessageId,
+      fromId: input.fromId,
+      text: input.text,
+      status: "received",
+      createdAt,
+      metadata
+    };
+  }
+  /** Record an outbound Telegram message attempt. */
+  recordOutbound(agentId, input, metadata) {
+    const id = `tg_out_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+    const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+    const status = input.status ?? "sent";
+    this.db.prepare(
+      "INSERT INTO telegram_messages (id, agent_id, direction, chat_id, telegram_message_id, from_id, text, status, created_at, metadata) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
+    ).run(
+      id,
+      agentId,
+      "outbound",
+      String(input.chatId),
+      input.telegramMessageId ?? null,
+      null,
+      input.text,
+      status,
+      createdAt,
+      JSON.stringify(metadata ?? {})
+    );
+    return {
+      id,
+      agentId,
+      direction: "outbound",
+      chatId: String(input.chatId),
+      telegramMessageId: input.telegramMessageId,
+      text: input.text,
+      status,
+      createdAt,
+      metadata
+    };
+  }
+  /** Update the status (+ optional metadata) of a stored message. */
+  updateStatus(id, status, metadata) {
+    if (metadata) {
+      this.db.prepare("UPDATE telegram_messages SET status = ?, metadata = ? WHERE id = ?").run(status, JSON.stringify(metadata), id);
+      return;
+    }
+    this.db.prepare("UPDATE telegram_messages SET status = ? WHERE id = ?").run(status, id);
+  }
+  /** List stored Telegram messages for an agent, newest first. */
+  listMessages(agentId, opts) {
+    const limit = Math.min(Math.max(opts?.limit ?? 20, 1), 100);
+    const offset = Math.max(opts?.offset ?? 0, 0);
+    let query = "SELECT * FROM telegram_messages WHERE agent_id = ?";
+    const params = [agentId];
+    if (opts?.direction === "inbound" || opts?.direction === "outbound") {
+      query += " AND direction = ?";
+      params.push(opts.direction);
     }
-    this.db.prepare(
-      `UPDATE pending_outbound SET status = 'approved', resolved_at = datetime('now'), resolved_by = 'owner-reply' WHERE id = ?`
-    ).run(row.id);
+    if (opts?.chatId) {
+      query += " AND chat_id = ?";
+      params.push(String(opts.chatId));
+    }
+    query += " ORDER BY created_at DESC, id DESC LIMIT ? OFFSET ?";
+    params.push(limit, offset);
+    return this.db.prepare(query).all(...params).map((row) => ({
+      id: row.id,
+      agentId: row.agent_id,
+      direction: row.direction,
+      chatId: row.chat_id,
+      telegramMessageId: row.telegram_message_id ?? void 0,
+      fromId: row.from_id ?? void 0,
+      text: row.text,
+      status: row.status,
+      createdAt: row.created_at,
+      metadata: row.metadata ? JSON.parse(row.metadata) : void 0
+    }));
   }
+};
+
+// src/telegram/poller.ts
+var TELEGRAM_LONG_POLL_TIMEOUT_SEC = 25;
+var ERROR_BACKOFF_MAX_MS = 6e4;
+var ERROR_BACKOFF_BASE_MS = 2e3;
+var TelegramPoller = class {
+  constructor(telegramManager, agentId, options = {}) {
+    this.telegramManager = telegramManager;
+    this.agentId = agentId;
+    this.options = options;
+  }
+  running = false;
+  currentAbort = null;
+  /** Wakes a sleeping backoff so `stop()` returns quickly. */
+  wakeStop = null;
+  lastErrorLogAt = 0;
+  lastErrorMessage = "";
   /**
-   * Send a confirmation email back to the owner after processing an approval reply.
+   * Set by the caller. Fired for every new inbound message that isn't a
+   * duplicate and is in the allow-list. The callback's return value
+   * gates record-as-handled (errors propagate as failures the loop
+   * tolerates — the poll offset is STILL advanced so a single bad
+   * message doesn't wedge the agent forever).
    */
-  async sendApprovalConfirmation(row, action, replyMessageId) {
-    const ownerEmail = this.config.relay?.email;
-    if (!ownerEmail || !this.accountManager) return;
-    const mailOpts = JSON.parse(row.mail_options);
-    const agent = await this.accountManager.getById(row.agent_id);
-    const agentName = agent?.name || "unknown agent";
-    const statusText = action === "approve" ? "APPROVED and sent" : "REJECTED and discarded";
-    this.routeOutbound(agentName, {
-      to: ownerEmail,
-      subject: `Re: [Approval Required] Blocked email from "${agentName}" \u2014 ${statusText}`,
-      text: [
-        `The blocked email has been ${statusText}.`,
-        "",
-        `  To: ${Array.isArray(mailOpts.to) ? mailOpts.to.join(", ") : mailOpts.to}`,
-        `  Subject: ${mailOpts.subject}`,
-        "",
-        action === "approve" ? "The email has been delivered to the recipient." : "The email has been discarded and will not be sent."
-      ].join("\n"),
-      fromName: "Agentic Mail",
-      inReplyTo: replyMessageId
-    }).catch((err) => {
-      console.warn(`[GatewayManager] Failed to send approval confirmation: ${err.message}`);
+  onInbound = null;
+  /** Has `start()` been called and is the loop still running? */
+  get isRunning() {
+    return this.running;
+  }
+  /** Resolves when the background loop has fully exited. */
+  loopPromise = null;
+  async start() {
+    if (this.running) return;
+    this.running = true;
+    this.loopPromise = this.loop().catch((err) => {
+      this.running = false;
+      console.warn(`[TelegramPoller:${this.agentId.slice(0, 8)}] loop crashed: ${err?.message ?? err}`);
     });
   }
-  // --- Relay Mode ---
-  async setupRelay(config, options) {
-    await this.relay.setup(config);
-    this.config = { mode: "relay", relay: config };
-    this.saveConfig();
-    let agent;
-    if (!options?.skipDefaultAgent && this.accountManager) {
-      const agentName = options?.defaultAgentName ?? DEFAULT_AGENT_NAME;
-      const agentRole = options?.defaultAgentRole ?? DEFAULT_AGENT_ROLE;
-      const existing = await this.accountManager.getByName(agentName);
-      if (existing) {
-        agent = existing;
-      } else {
-        agent = await this.accountManager.create({
-          name: agentName,
-          role: agentRole,
-          gateway: "relay"
-        });
-      }
+  /** Cancel the in-flight long-poll and wait for the loop to exit. */
+  async stop() {
+    this.running = false;
+    try {
+      this.currentAbort?.abort();
+    } catch {
     }
-    this.relay.onUidAdvance = (uid) => this.saveLastSeenUid(uid);
-    await this.relay.startPolling();
-    return { agent };
-  }
-  // --- Domain Mode ---
-  async setupDomain(options) {
-    this.cfClient = new CloudflareClient(options.cloudflareToken, options.cloudflareAccountId);
-    this.dnsConfigurator = new DNSConfigurator(this.cfClient);
-    this.tunnel = new TunnelManager(this.cfClient);
-    this.domainPurchaser = new DomainPurchaser(this.cfClient);
-    let domain = options.domain;
-    if (!domain && options.purchase) {
-      const available = await this.domainPurchaser.searchAvailable(
-        options.purchase.keywords,
-        options.purchase.tld ? [options.purchase.tld] : void 0
-      );
-      const first = available.find((d) => d.available && !d.premium);
-      if (!first) {
-        throw new Error("No available domains found for the given keywords");
+    if (this.wakeStop) {
+      try {
+        this.wakeStop();
+      } catch {
       }
-      await this.domainPurchaser.purchase(first.domain);
-      domain = first.domain;
-      this.db.prepare(`
-        INSERT OR REPLACE INTO purchased_domains (domain, registrar) VALUES (?, ?)
-      `).run(domain, "cloudflare");
-    }
-    if (!domain) {
-      throw new Error("No domain specified and no purchase keywords provided");
-    }
-    let zone = await this.cfClient.getZone(domain);
-    if (!zone) {
-      zone = await this.cfClient.createZone(domain);
     }
-    const existingRecords = await this.cfClient.listDnsRecords(zone.id);
-    const { homedir: homedir13 } = await import("os");
-    const backupDir = join4(homedir13(), ".agenticmail");
-    const backupPath = join4(backupDir, `dns-backup-${domain}-${Date.now()}.json`);
-    const { writeFileSync: writeFileSync11, mkdirSync: mkdirSync12 } = await import("fs");
-    mkdirSync12(backupDir, { recursive: true });
-    writeFileSync11(backupPath, JSON.stringify({
-      domain,
-      zoneId: zone.id,
-      backedUpAt: (/* @__PURE__ */ new Date()).toISOString(),
-      records: existingRecords
-    }, null, 2));
-    console.log(`[GatewayManager] DNS backup saved to ${backupPath} (${existingRecords.length} records)`);
-    const rootRecords = existingRecords.filter(
-      (r) => r.name === domain && (r.type === "A" || r.type === "AAAA" || r.type === "CNAME" || r.type === "MX")
-    );
-    if (rootRecords.length > 0) {
-      console.warn(`[GatewayManager] \u26A0\uFE0F  WARNING: ${rootRecords.length} existing root DNS record(s) for ${domain} will be modified:`);
-      for (const r of rootRecords) {
-        console.warn(`[GatewayManager]   ${r.type} ${r.name} \u2192 ${r.content}`);
+    if (this.loopPromise) {
+      try {
+        await this.loopPromise;
+      } catch {
       }
-      console.warn(`[GatewayManager] Backup saved at: ${backupPath}`);
-    }
-    const tunnelConfig = await this.tunnel.create(`agenticmail-${domain}`);
-    console.log(`[GatewayManager] Configuring mail server hostname: ${domain}`);
-    try {
-      await this.stalwart.setHostname(domain);
-      console.log(`[GatewayManager] Mail server hostname set to ${domain}`);
-    } catch (err) {
-      console.warn(`[GatewayManager] Failed to set hostname (EHLO may show "localhost"): ${err.message}`);
-    }
-    console.log("[GatewayManager] Setting up DKIM signing...");
-    let dkimPublicKey;
-    let dkimSelector = "agenticmail";
-    try {
-      const dkim = await this.stalwart.createDkimSignature(domain, dkimSelector);
-      dkimPublicKey = dkim.publicKey;
-      console.log(`[GatewayManager] DKIM signature created (selector: ${dkimSelector})`);
-    } catch (err) {
-      console.warn(`[GatewayManager] DKIM setup failed (email may land in spam): ${err.message}`);
+      this.loopPromise = null;
     }
-    const tunnelRemoved = await this.dnsConfigurator.configureForTunnel(domain, zone.id, tunnelConfig.tunnelId);
-    if (tunnelRemoved.length > 0) {
-      console.log(`[GatewayManager] Removed ${tunnelRemoved.length} conflicting DNS record(s) for tunnel`);
+  }
+  async loop() {
+    const timeoutSec = Math.max(1, this.options.timeoutSec ?? TELEGRAM_LONG_POLL_TIMEOUT_SEC);
+    let backoff = ERROR_BACKOFF_BASE_MS;
+    while (this.running) {
+      const config = this.telegramManager.getConfig(this.agentId);
+      if (!config?.enabled || config.mode !== "poll" || !config.botToken) {
+        this.running = false;
+        return;
+      }
+      const offset = config.pollOffset ?? 0;
+      const controller = new AbortController();
+      this.currentAbort = controller;
+      try {
+        const updates = await getTelegramUpdates(config.botToken, offset, {
+          timeoutSec,
+          signal: controller.signal
+        });
+        backoff = ERROR_BACKOFF_BASE_MS;
+        if (updates.length === 0 && timeoutSec > 0) {
+          await new Promise((r) => setImmediate(r));
+        }
+        for (const update of updates) {
+          if (!this.running) break;
+          const parsed = parseTelegramUpdate(update);
+          if (!parsed) continue;
+          if (!isTelegramChatAllowed(config, parsed.chatId)) continue;
+          if (this.telegramManager.inboundMessageExists(this.agentId, parsed.chatId, parsed.messageId)) {
+            continue;
+          }
+          this.telegramManager.recordInbound(this.agentId, {
+            chatId: parsed.chatId,
+            telegramMessageId: parsed.messageId,
+            fromId: parsed.fromId,
+            text: parsed.text,
+            createdAt: parsed.date
+          }, {
+            chatType: parsed.chatType,
+            fromName: parsed.fromName,
+            fromUsername: parsed.fromUsername,
+            updateId: parsed.updateId
+          });
+          if (this.onInbound) {
+            try {
+              await this.onInbound({ agentId: this.agentId, message: parsed, config });
+            } catch (err) {
+              this.logError("inbound bridge failed", err);
+            }
+          }
+        }
+        const newOffset = nextTelegramOffset(offset, updates);
+        if (newOffset !== offset) {
+          this.telegramManager.updatePollOffset(this.agentId, newOffset);
+        }
+      } catch (err) {
+        if (!this.running) return;
+        if (controller.signal.aborted) return;
+        if (err instanceof TelegramApiError && (err.errorCode === 401 || err.errorCode === 404)) {
+          this.logError("bot token rejected \u2014 stopping poller", err);
+          this.running = false;
+          return;
+        }
+        this.logError("getUpdates failed", err);
+        await this.backoff(backoff);
+        backoff = Math.min(backoff * 2, ERROR_BACKOFF_MAX_MS);
+      } finally {
+        if (this.currentAbort === controller) this.currentAbort = null;
+      }
     }
-    const emailDns = await this.dnsConfigurator.configureForEmail(domain, zone.id, {
-      dkimSelector,
-      dkimPublicKey
+  }
+  /** Sleep that returns early on `stop()`. */
+  backoff(ms) {
+    return new Promise((resolve2) => {
+      const t = setTimeout(() => {
+        this.wakeStop = null;
+        resolve2();
+      }, ms);
+      this.wakeStop = () => {
+        clearTimeout(t);
+        this.wakeStop = null;
+        resolve2();
+      };
+    });
+  }
+  /** Collapse identical errors fired in close succession to one log line. */
+  logError(prefix, err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    const suppressMs = this.options.suppressDuplicateLogsMs ?? 3e4;
+    const now = Date.now();
+    if (msg === this.lastErrorMessage && now - this.lastErrorLogAt < suppressMs) return;
+    this.lastErrorLogAt = now;
+    this.lastErrorMessage = msg;
+    console.warn(`[TelegramPoller:${this.agentId.slice(0, 8)}] ${prefix}: ${msg}`);
+  }
+};
+
+// src/telegram/operator-query.ts
+var TELEGRAM_OPERATOR_QUERY_TAG = "AMQ";
+var QUERY_ID_RE = /(oq_[A-Za-z0-9-]+)/;
+var QUERY_TAG_RE = new RegExp(`\\[${TELEGRAM_OPERATOR_QUERY_TAG}\\s+(oq_[A-Za-z0-9-]+)\\]`);
+function formatOperatorQueryTelegramMessage(input) {
+  const lines = [];
+  lines.push(input.urgency === "high" ? "\u{1F534} Your agent needs an answer to continue a live call (URGENT)." : "\u{1F7E1} Your agent needs an answer to continue a live call.");
+  lines.push("");
+  lines.push(`Question: ${input.question}`);
+  if (input.callContext) lines.push(`Context: ${input.callContext}`);
+  lines.push("");
+  lines.push("Reply to this message with your answer. You can also send:");
+  lines.push(`  /answer ${input.queryId} <your answer>`);
+  lines.push(`  /approve ${input.queryId}   \xB7   /deny ${input.queryId}`);
+  lines.push("");
+  lines.push(`[${TELEGRAM_OPERATOR_QUERY_TAG} ${input.queryId}]`);
+  return lines.join("\n");
+}
+function parseTelegramOperatorReply(input) {
+  const text = (input.text ?? "").trim();
+  if (!text) return null;
+  const quotedTag = input.replyToText ? QUERY_TAG_RE.exec(input.replyToText) : null;
+  const quotedQueryId = quotedTag?.[1];
+  const answerCmd = /^\/answer(?:@\w+)?\s+(oq_[A-Za-z0-9-]+)\s+([\s\S]+)$/i.exec(text);
+  if (answerCmd) {
+    return { queryId: answerCmd[1], answer: answerCmd[2].trim(), kind: "answer" };
+  }
+  const decisionCmd = /^\/(approve|deny)(?:@\w+)?\b([\s\S]*)$/i.exec(text);
+  if (decisionCmd) {
+    const kind = decisionCmd[1].toLowerCase() === "approve" ? "approve" : "deny";
+    const rest = decisionCmd[2].trim();
+    const inlineId2 = QUERY_ID_RE.exec(rest)?.[1];
+    const note = rest.replace(QUERY_ID_RE, "").trim();
+    const answer2 = (kind === "approve" ? "Approved" : "Denied") + (note ? `: ${note}` : ".");
+    return { queryId: inlineId2 ?? quotedQueryId, answer: answer2, kind };
+  }
+  const inlineId = QUERY_TAG_RE.exec(text)?.[1] ?? QUERY_ID_RE.exec(text)?.[1];
+  const answer = text.replace(QUERY_TAG_RE, "").trim();
+  if (!answer) return null;
+  return { queryId: quotedQueryId ?? inlineId, answer, kind: "answer" };
+}
+
+// src/gateway/manager.ts
+var GatewayManager = class {
+  constructor(options) {
+    this.options = options;
+    this.db = options.db;
+    this.stalwart = options.stalwart;
+    this.accountManager = options.accountManager ?? null;
+    this.encryptionKey = options.encryptionKey ?? process.env.AGENTICMAIL_MASTER_KEY ?? null;
+    const inboundHandler = options.onInboundMail ?? (this.accountManager && options.localSmtp ? this.deliverInboundLocally.bind(this) : void 0);
+    this.relay = new RelayGateway({
+      onInboundMail: inboundHandler,
+      defaultAgentName: DEFAULT_AGENT_NAME
     });
-    if (emailDns.removed.length > 0) {
-      console.log(`[GatewayManager] Replaced ${emailDns.removed.length} old DNS record(s) for email`);
-    }
-    await this.tunnel.start(tunnelConfig.tunnelToken);
-    await this.tunnel.createIngress(tunnelConfig.tunnelId, domain);
-    console.log("[GatewayManager] Enabling Cloudflare Email Routing...");
-    try {
-      await this.cfClient.enableEmailRouting(zone.id);
-      console.log("[GatewayManager] Email Routing enabled");
-    } catch (err) {
-      console.warn(`[GatewayManager] Email Routing enable failed (may already be active): ${err.message}`);
-    }
-    const workerName = `agenticmail-inbound-${domain.replace(/\./g, "-")}`;
-    const inboundUrl = `https://${domain}/api/agenticmail/mail/inbound`;
-    const inboundSecret = options.outboundSecret || crypto.randomUUID();
-    console.log(`[GatewayManager] Deploying Email Worker "${workerName}"...`);
-    console.log(`[GatewayManager] Set AGENTICMAIL_INBOUND_SECRET="${inboundSecret}" in your environment to match the worker`);
     try {
-      const { EMAIL_WORKER_SCRIPT } = await import("./email-worker-template-BOJPKCVB.js");
-      await this.cfClient.deployEmailWorker(workerName, EMAIL_WORKER_SCRIPT, {
-        INBOUND_URL: inboundUrl,
-        INBOUND_SECRET: inboundSecret
-      });
-      console.log(`[GatewayManager] Email Worker deployed: ${workerName}`);
-    } catch (err) {
-      console.warn(`[GatewayManager] Email Worker deployment failed: ${err.message}`);
-      console.warn("[GatewayManager] You may need to deploy the worker manually or check Workers permissions on your API token");
+      this.loadConfig();
+    } catch {
+      this.config = { mode: "none" };
     }
-    console.log("[GatewayManager] Configuring catch-all Email Routing rule...");
     try {
-      await this.cfClient.setCatchAllWorkerRule(zone.id, workerName);
-      console.log("[GatewayManager] Catch-all rule set: all emails \u2192 Worker \u2192 AgenticMail");
-    } catch (err) {
-      console.warn(`[GatewayManager] Catch-all rule failed: ${err.message}`);
+      this.smsManager = new SmsManager(options.db);
+    } catch {
     }
     try {
-      await this.stalwart.createPrincipal({
-        type: "domain",
-        name: domain,
-        description: `AgenticMail gateway domain: ${domain}`
-      });
+      this.telegramManager = new TelegramManager(options.db, this.encryptionKey ?? void 0);
     } catch {
+      this.telegramManager = null;
     }
-    if (this.accountManager) {
-      try {
-        const agents = await this.accountManager.list();
-        for (const agent of agents) {
-          const domainEmail = `${agent.name.toLowerCase()}@${domain}`;
-          try {
-            const principal = await this.stalwart.getPrincipal(agent.stalwartPrincipal);
-            const emails = principal.emails ?? [];
-            if (!emails.includes(domainEmail)) {
-              await this.stalwart.addEmailAlias(agent.stalwartPrincipal, domainEmail);
-              console.log(`[GatewayManager] Added ${domainEmail} to Stalwart principal "${agent.stalwartPrincipal}"`);
-            }
-          } catch (err) {
-            console.warn(`[GatewayManager] Could not update principal for ${agent.name}: ${err.message}`);
-          }
-        }
-      } catch (err) {
-        console.warn(`[GatewayManager] Could not update agent email aliases: ${err.message}`);
-      }
-    }
-    const domainConfig = {
-      domain,
-      cloudflareApiToken: options.cloudflareToken,
-      cloudflareAccountId: options.cloudflareAccountId,
-      tunnelId: tunnelConfig.tunnelId,
-      tunnelToken: tunnelConfig.tunnelToken,
-      outboundWorkerUrl: options.outboundWorkerUrl,
-      outboundSecret: options.outboundSecret,
-      inboundSecret,
-      emailWorkerName: workerName
-    };
-    this.config = { mode: "domain", domain: domainConfig };
-    this.saveConfig();
-    this.db.prepare(`
-      INSERT OR REPLACE INTO purchased_domains (domain, registrar, cloudflare_zone_id, tunnel_id, dns_configured, tunnel_active)
-      VALUES (?, 'cloudflare', ?, ?, 1, 1)
-    `).run(domain, zone.id, tunnelConfig.tunnelId);
-    let outboundRelay;
-    const nextSteps = [];
-    if (options.gmailRelay) {
-      console.log("[GatewayManager] Configuring outbound relay through Gmail SMTP...");
-      try {
-        await this.stalwart.configureOutboundRelay({
-          smtpHost: "smtp.gmail.com",
-          smtpPort: 465,
-          username: options.gmailRelay.email,
-          password: options.gmailRelay.appPassword
-        });
-        outboundRelay = { configured: true, provider: "gmail" };
-        console.log("[GatewayManager] Outbound relay configured: all external mail routes through Gmail SMTP");
-        const gmailSettingsUrl = "https://mail.google.com/mail/u/0/#settings/accounts";
-        nextSteps.push(
-          `IMPORTANT: To send emails showing your domain (not ${options.gmailRelay.email}), add each agent email as a "Send mail as" alias in Gmail:`,
-          `1. Open: ${gmailSettingsUrl}`,
-          `2. Under "Send mail as" click "Add another email address"`,
-          `3. Enter agent name and email (e.g. "Secretary" / secretary@${domain}), uncheck "Treat as alias"`,
-          `4. On the SMTP screen, Gmail will auto-fill WRONG values. You MUST change them to:`,
-          `   SMTP Server: smtp.gmail.com | Port: 465 | Username: ${options.gmailRelay.email} | Password: [your app password] | Select "Secured connection using SSL"`,
-          `5. Click "Add Account". Gmail sends a verification email to the agent's @${domain} address`,
-          `6. Check AgenticMail inbox for the code/link from gmail-noreply@google.com, then confirm`,
-          `7. Repeat for each agent. Or ask your OpenClaw agent to automate this via the browser tool.`
-        );
-      } catch (err) {
-        outboundRelay = { configured: false, provider: "gmail" };
-        console.warn(`[GatewayManager] Outbound relay setup failed: ${err.message}`);
-        nextSteps.push(`Outbound relay setup failed: ${err.message}. You can configure it manually later.`);
-      }
-    } else {
-      nextSteps.push(
-        "Outbound email: Your server sends directly from your IP. If your IP lacks a PTR record (common for residential connections), emails may be rejected.",
-        'To fix this, re-run setup with gmailRelay: { email: "you@gmail.com", appPassword: "xxxx xxxx xxxx xxxx" } to relay outbound mail through Gmail SMTP.',
-        "You will need a Gmail app password: https://myaccount.google.com/apppasswords"
-      );
-    }
-    return {
-      domain,
-      dnsConfigured: true,
-      tunnelId: tunnelConfig.tunnelId,
-      outboundRelay,
-      nextSteps: nextSteps.length > 0 ? nextSteps : void 0
-    };
   }
-  // --- Test ---
+  db;
+  stalwart;
+  accountManager;
+  relay;
+  config = { mode: "none" };
+  cfClient = null;
+  tunnel = null;
+  dnsConfigurator = null;
+  domainPurchaser = null;
+  smsManager = null;
+  smsPollers = /* @__PURE__ */ new Map();
+  telegramManager = null;
+  telegramPollers = /* @__PURE__ */ new Map();
+  encryptionKey = null;
   /**
-   * Send a test email through the gateway without requiring a real agent.
-   * In relay mode, uses "test" as the sub-address.
-   * In domain mode, uses the first available agent (Stalwart needs real credentials).
+   * Check if a message has already been delivered to an agent (deduplication).
    */
-  async sendTestEmail(to) {
-    const mail = {
-      to,
-      subject: "AgenticMail Gateway Test",
-      text: "This is a test email sent via the AgenticMail gateway to verify your configuration is working."
-    };
-    if (this.config.mode === "relay") {
-      return this.routeOutbound("test", mail);
-    }
-    if (this.config.mode === "domain" && this.accountManager) {
-      const agents = await this.accountManager.list();
-      if (agents.length === 0) {
-        throw new Error("No agents exist yet. Create an agent first, then send a test email.");
-      }
-      const primary = agents.find((a) => a.metadata?.persistent) ?? agents[0];
-      return this.routeOutbound(primary.name, mail);
-    }
-    return null;
+  isAlreadyDelivered(messageId, agentName) {
+    if (!messageId) return false;
+    const row = this.db.prepare("SELECT 1 FROM delivered_messages WHERE message_id = ? AND agent_name = ?").get(messageId, agentName);
+    return !!row;
   }
-  // --- Routing ---
   /**
-   * Route an outbound email. If the destination is external and a gateway
-   * is configured, send via the appropriate channel.
-   * Returns null if the mail should be sent via local Stalwart.
+   * Record that a message was delivered to an agent.
    */
-  async routeOutbound(agentName, mail) {
-    if (this.config.mode === "none") return null;
-    const collect = (field) => {
-      if (!field) return [];
-      if (Array.isArray(field)) return field;
-      return field.split(",").map((s) => s.trim()).filter(Boolean);
-    };
-    const allRecipients = [
-      ...collect(mail.to),
-      ...collect(mail.cc),
-      ...collect(mail.bcc)
-    ];
-    const localDomain = this.config.domain?.domain?.toLowerCase();
-    const isExternal = allRecipients.some((addr) => {
-      const domain = (addr.split("@")[1] ?? "localhost").toLowerCase();
-      return domain !== "localhost" && domain !== localDomain;
-    });
-    if (!isExternal) return null;
-    if (this.config.mode === "relay") {
-      return this.relay.sendViaRelay(agentName, mail);
-    }
-    if (this.config.mode === "domain" && this.config.domain) {
-      return this.sendViaStalwart(agentName, mail);
-    }
-    return null;
+  recordDelivery(messageId, agentName) {
+    if (!messageId) return;
+    this.db.prepare("INSERT OR IGNORE INTO delivered_messages (message_id, agent_name) VALUES (?, ?)").run(messageId, agentName);
   }
   /**
-   * Send email by submitting to local Stalwart via SMTP (port 587).
-   * Stalwart handles DKIM signing and delivery (direct or via relay).
-   * Reply-To is set to the agent's domain email so replies come back
-   * to the domain (handled by Cloudflare Email Routing → inbound Worker).
+   * Built-in inbound mail handler: delivers relay inbound mail to agent's local Stalwart mailbox.
+   * Authenticates as the agent to send to their own mailbox (Stalwart requires sender = auth user).
+   *
+   * Also intercepts owner replies to approval notification emails — if the reply says
+   * "approve" or "reject", the pending outbound email is automatically processed.
    */
-  async sendViaStalwart(agentName, mail) {
-    if (!this.accountManager) {
-      throw new Error("AccountManager required for domain mode outbound");
-    }
-    const agent = await this.accountManager.getByName(agentName);
-    if (!agent) {
-      throw new Error(`Agent "${agentName}" not found`);
-    }
-    const agentPassword = agent.metadata?._password;
-    if (!agentPassword) {
-      throw new Error(`No password for agent "${agentName}"`);
+  async deliverInboundLocally(agentName, mail) {
+    if (!this.accountManager || !this.options.localSmtp) {
+      console.warn("[GatewayManager] Cannot deliver inbound: no accountManager or localSmtp config");
+      return;
     }
-    const domainName = this.config.domain?.domain;
-    const fromAddr = domainName ? agent.email.replace(/@localhost$/, `@${domainName}`) : agent.email;
-    const displayName = mail.fromName || agentName;
-    const from = `${displayName} <${fromAddr}>`;
-    if (domainName && fromAddr !== agent.email) {
+    if (mail.messageId && this.isAlreadyDelivered(mail.messageId, agentName)) return;
+    if (this.smsManager) {
       try {
-        const principal = await this.stalwart.getPrincipal(agent.stalwartPrincipal);
-        const emails = principal.emails ?? [];
-        if (!emails.includes(fromAddr)) {
-          await this.stalwart.addEmailAlias(agent.stalwartPrincipal, fromAddr);
-          console.log(`[GatewayManager] Auto-added ${fromAddr} to Stalwart principal "${agent.stalwartPrincipal}"`);
+        const smsBody = mail.text || mail.html || "";
+        const parsedSms = parseGoogleVoiceSms(smsBody, mail.from);
+        if (parsedSms) {
+          const agent2 = this.accountManager ? await this.accountManager.getByName(agentName) : null;
+          const agentId = agent2?.id;
+          if (agentId) {
+            const smsConfig = this.smsManager.getSmsConfig(agentId);
+            if (smsConfig?.enabled && smsConfig.sameAsRelay) {
+              this.smsManager.recordInbound(agentId, parsedSms);
+              console.log(`[GatewayManager] SMS received from ${parsedSms.from}: "${parsedSms.body.slice(0, 50)}..." \u2192 agent ${agentName}`);
+              if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
+            }
+          }
         }
       } catch (err) {
-        console.warn(`[GatewayManager] Could not auto-add domain email alias: ${err.message}`);
+        debug("GatewayManager", `SMS detection error: ${err.message}`);
+      }
+    }
+    try {
+      await this.tryProcessApprovalReply(mail);
+    } catch (err) {
+      console.warn(`[GatewayManager] Approval reply check failed: ${err.message}`);
+    }
+    const parsed = inboundToParsedEmail(mail);
+    const { isInternalEmail: isInternalEmail2 } = await import("./spam-filter-L6KNZ7QI.js");
+    if (!isInternalEmail2(parsed)) {
+      const spamResult = scoreEmail(parsed);
+      if (spamResult.isSpam) {
+        console.warn(`[GatewayManager] Spam blocked (score=${spamResult.score}, category=${spamResult.topCategory}): "${mail.subject}" from ${mail.from}`);
+        if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
+        return;
+      }
+    }
+    let agent = await this.accountManager.getByName(agentName);
+    if (!agent && agentName !== DEFAULT_AGENT_NAME) {
+      agent = await this.accountManager.getByName(DEFAULT_AGENT_NAME);
+      if (agent) {
+        console.warn(`[GatewayManager] Agent "${agentName}" not found, delivering to default agent "${DEFAULT_AGENT_NAME}"`);
       }
     }
-    const recipients = Array.isArray(mail.to) ? mail.to : [mail.to];
-    const mailOpts = {
-      from,
-      to: recipients.join(", "),
-      cc: mail.cc ? Array.isArray(mail.cc) ? mail.cc.join(", ") : mail.cc : void 0,
-      bcc: mail.bcc ? Array.isArray(mail.bcc) ? mail.bcc.join(", ") : mail.bcc : void 0,
-      subject: mail.subject,
-      text: mail.text || void 0,
-      // The `html` field is the literal HTML body of the outbound
-      // mail — by design it is whatever the sender chose to compose.
-      // CodeQL `js/xss` flags this because the value flows from user
-      // input, but nodemailer is the SMTP serializer, not an HTML
-      // renderer; XSS would only occur if the recipient's MUA
-      // executed the body, which is outside our trust boundary.
-      // The outbound-guard (packages/core/src/mail/outbound-guard.ts)
-      // already scores HTML bodies for suspicious patterns at the
-      // pre-send step. lgtm[js/xss]
-      html: mail.html || void 0,
-      replyTo: mail.replyTo || from,
-      inReplyTo: mail.inReplyTo || void 0,
-      references: Array.isArray(mail.references) ? mail.references.join(" ") : mail.references || void 0,
-      headers: {
-        "X-Mailer": "AgenticMail/1.0"
-      },
-      attachments: mail.attachments?.map((a) => ({
-        filename: a.filename,
-        content: a.content,
-        contentType: a.contentType,
-        encoding: a.encoding
-      }))
-    };
-    const composer = new MailComposer3(mailOpts);
-    const raw = await composer.compile().build();
-    const smtpHost = this.options.localSmtp?.host ?? "127.0.0.1";
-    const smtpPort = this.options.localSmtp?.port ?? 587;
+    if (!agent) {
+      console.warn(`[GatewayManager] No agent to deliver inbound mail (target: "${agentName}")`);
+      return;
+    }
+    const agentPassword = agent.metadata?._password;
+    if (!agentPassword) {
+      console.warn(`[GatewayManager] No password for agent "${agentName}", cannot deliver`);
+      return;
+    }
     const transport = nodemailer3.createTransport({
-      host: smtpHost,
-      port: smtpPort,
+      host: this.options.localSmtp.host,
+      port: this.options.localSmtp.port,
       secure: false,
       auth: {
         user: agent.stalwartPrincipal,
         pass: agentPassword
       },
-      tls: { rejectUnauthorized: false }
+      tls: { rejectUnauthorized: false },
+      connectionTimeout: 1e4,
+      greetingTimeout: 1e4,
+      socketTimeout: 15e3
     });
     try {
-      const info = await transport.sendMail(mailOpts);
-      debug("GatewayManager", `Sent via Stalwart: ${info.messageId} \u2192 ${info.response}`);
-      return {
-        messageId: info.messageId,
-        envelope: { from, to: recipients },
-        raw
-      };
+      await transport.sendMail({
+        from: `${mail.from} <${agent.email}>`,
+        to: agent.email,
+        subject: mail.subject,
+        text: mail.text,
+        html: mail.html || void 0,
+        replyTo: mail.from,
+        inReplyTo: mail.inReplyTo,
+        references: Array.isArray(mail.references) ? mail.references.join(" ") : mail.references,
+        headers: {
+          "X-AgenticMail-Relay": "inbound",
+          "X-Original-From": mail.from,
+          ...mail.messageId ? { "X-Original-Message-Id": mail.messageId } : {}
+        },
+        attachments: mail.attachments?.map((a) => ({
+          filename: a.filename,
+          content: a.content,
+          contentType: a.contentType
+        }))
+      });
+      if (mail.messageId) this.recordDelivery(mail.messageId, agentName);
+    } catch (err) {
+      console.error(`[GatewayManager] Failed to deliver to ${agent.email}: ${err.message}`);
+      throw err;
     } finally {
       transport.close();
     }
   }
-  // --- Status ---
-  getStatus() {
-    const status = {
-      mode: this.config.mode,
-      healthy: false
-    };
-    if (this.config.mode === "relay" && this.config.relay) {
-      status.relay = {
-        provider: this.config.relay.provider,
-        email: this.config.relay.email,
-        polling: this.relay.isPolling()
-      };
-      status.healthy = this.relay.isConfigured();
-    }
-    if (this.config.mode === "domain" && this.config.domain) {
-      const tunnelStatus = this.tunnel?.status();
-      status.domain = {
-        domain: this.config.domain.domain,
-        dnsConfigured: true,
-        tunnelActive: tunnelStatus?.running ?? false
-      };
-      status.healthy = tunnelStatus?.running ?? false;
-    }
-    if (this.config.mode === "none") {
-      status.healthy = true;
-    }
-    return status;
-  }
-  getMode() {
-    return this.config.mode;
-  }
-  getConfig() {
-    return this.config;
-  }
-  // --- Domain Purchase ---
-  getStalwart() {
-    return this.stalwart;
-  }
-  getDomainPurchaser() {
-    return this.domainPurchaser;
-  }
-  getDNSConfigurator() {
-    return this.dnsConfigurator;
-  }
-  getTunnelManager() {
-    return this.tunnel;
-  }
-  getRelay() {
-    return this.relay;
-  }
-  /**
-   * Search the connected relay account (Gmail/Outlook) for emails matching criteria.
-   * Returns empty array if relay is not configured.
-   */
-  async searchRelay(criteria, maxResults = 50) {
-    if (this.config.mode !== "relay" || !this.relay.isConfigured()) return [];
-    return this.relay.searchRelay(criteria, maxResults);
-  }
   /**
-   * Import an email from the connected relay account into an agent's local inbox.
-   * Fetches the full message from relay IMAP and delivers it locally, preserving
-   * all headers (Message-ID, In-Reply-To, References) for thread continuity.
+   * Check if an inbound email is a reply to a pending approval notification.
+   * If the reply body starts with "approve"/"yes" or "reject"/"no", automatically
+   * process the pending email (send it or discard it) and confirm to the owner.
    */
-  async importRelayMessage(relayUid, agentName) {
-    if (this.config.mode !== "relay" || !this.relay.isConfigured()) {
-      return { success: false, error: "Relay not configured" };
+  async tryProcessApprovalReply(mail) {
+    const candidateIds = [];
+    if (mail.inReplyTo) candidateIds.push(mail.inReplyTo);
+    if (mail.references) candidateIds.push(...mail.references);
+    if (candidateIds.length === 0) return false;
+    let row = null;
+    for (const id of candidateIds) {
+      row = this.db.prepare(
+        `SELECT * FROM pending_outbound WHERE notification_message_id = ? AND status = 'pending'`
+      ).get(id);
+      if (row) break;
     }
-    const mail = await this.relay.fetchRelayMessage(relayUid);
-    if (!mail) {
-      return { success: false, error: "Could not fetch message from relay account" };
+    if (!row) return false;
+    const body = (mail.text || "").trim();
+    const lines = body.split("\n").filter((l) => !l.startsWith(">") && l.trim().length > 0);
+    const firstLine = (lines[0] || "").trim().toLowerCase();
+    const approvePattern = /^(approve[d]?|yes|send\s*it|send|go\s*ahead|lgtm|ok(?:ay)?)\b/;
+    const rejectPattern = /^(reject(?:ed)?|no|den(?:y|ied)|don'?t\s*send|do\s*not\s*send|cancel|block(?:ed)?)\b/;
+    let action = null;
+    if (approvePattern.test(firstLine)) {
+      action = "approve";
+    } else if (rejectPattern.test(firstLine)) {
+      action = "reject";
     }
+    if (!action) return false;
     try {
-      await this.deliverInboundLocally(agentName, mail);
-      return { success: true };
+      if (action === "approve") {
+        await this.executeApproval(row);
+      } else {
+        this.db.prepare(
+          `UPDATE pending_outbound SET status = 'rejected', resolved_at = datetime('now'), resolved_by = 'owner-reply' WHERE id = ?`
+        ).run(row.id);
+      }
+      await this.sendApprovalConfirmation(row, action, mail.messageId);
     } catch (err) {
-      return { success: false, error: err instanceof Error ? err.message : String(err) };
+      console.error(`[GatewayManager] Failed to process approval reply for ${row.id}:`, err);
     }
+    return true;
   }
-  // --- SMS Polling ---
   /**
-   * Start SMS pollers for all agents that have separate GV Gmail credentials.
-   * Agents with sameAsRelay=true are handled in deliverInboundLocally.
+   * Execute approval of a pending outbound email: look up the agent, reconstitute
+   * attachments, and send the email via gateway routing or local SMTP.
    */
-  async startSmsPollers() {
-    if (!this.smsManager || !this.accountManager) return;
-    const agents = this.db.prepare("SELECT id, name, metadata FROM agents").all();
-    for (const agent of agents) {
+  async executeApproval(row) {
+    if (!this.accountManager) {
+      throw new Error("AccountManager required for approval processing");
+    }
+    const agent = await this.accountManager.getById(row.agent_id);
+    if (!agent) {
+      console.warn(`[GatewayManager] Cannot approve pending ${row.id}: agent ${row.agent_id} no longer exists`);
+      this.db.prepare(
+        `UPDATE pending_outbound SET status = 'rejected', resolved_at = datetime('now'), resolved_by = 'owner-reply', error = 'Agent no longer exists' WHERE id = ?`
+      ).run(row.id);
+      return;
+    }
+    const mailOpts = JSON.parse(row.mail_options);
+    const ownerName = agent.metadata?.ownerName;
+    mailOpts.fromName = ownerName ? `${agent.name} from ${ownerName}` : agent.name;
+    if (Array.isArray(mailOpts.attachments)) {
+      for (const att of mailOpts.attachments) {
+        if (att.content && typeof att.content === "object" && att.content.type === "Buffer" && Array.isArray(att.content.data)) {
+          att.content = Buffer.from(att.content.data);
+        }
+      }
+    }
+    const gatewayResult = await this.routeOutbound(agent.name, mailOpts);
+    if (!gatewayResult && this.options.localSmtp) {
+      const agentPassword = agent.metadata?._password;
+      if (!agentPassword) {
+        throw new Error(`No password for agent "${agent.name}"`);
+      }
+      const transport = nodemailer3.createTransport({
+        host: this.options.localSmtp.host,
+        port: this.options.localSmtp.port,
+        secure: false,
+        auth: {
+          user: agent.stalwartPrincipal,
+          pass: agentPassword
+        },
+        tls: { rejectUnauthorized: false }
+      });
       try {
-        const meta = JSON.parse(agent.metadata || "{}");
-        const smsConfig = meta.sms;
-        if (!smsConfig?.enabled || !smsConfig.forwardingPassword || smsConfig.sameAsRelay) continue;
-        const poller = new SmsPoller(this.smsManager, agent.id, smsConfig);
-        poller.onSmsReceived = (agentId, sms) => {
-          console.log(`[SmsPoller] SMS received for agent ${agent.name}: from ${sms.from}, body="${sms.body.slice(0, 50)}..."`);
-        };
-        this.smsPollers.set(agent.id, poller);
-        await poller.startPolling();
-        console.log(`[GatewayManager] SMS poller started for agent "${agent.name}" (${smsConfig.forwardingEmail})`);
-      } catch {
+        await transport.sendMail({
+          from: mailOpts.fromName ? `${mailOpts.fromName} <${agent.email}>` : agent.email,
+          to: Array.isArray(mailOpts.to) ? mailOpts.to.join(", ") : mailOpts.to,
+          subject: mailOpts.subject,
+          text: mailOpts.text || void 0,
+          html: mailOpts.html || void 0,
+          cc: mailOpts.cc || void 0,
+          bcc: mailOpts.bcc || void 0,
+          replyTo: mailOpts.replyTo || void 0,
+          inReplyTo: mailOpts.inReplyTo || void 0,
+          references: Array.isArray(mailOpts.references) ? mailOpts.references.join(" ") : mailOpts.references || void 0,
+          attachments: mailOpts.attachments?.map((a) => ({
+            filename: a.filename,
+            content: a.content,
+            contentType: a.contentType,
+            encoding: a.encoding
+          }))
+        });
+      } finally {
+        transport.close();
       }
     }
-  }
-  // --- Lifecycle ---
-  async shutdown() {
-    await this.relay.shutdown();
-    this.tunnel?.stop();
-    for (const poller of this.smsPollers.values()) {
-      poller.stopPolling();
-    }
-    this.smsPollers.clear();
+    this.db.prepare(
+      `UPDATE pending_outbound SET status = 'approved', resolved_at = datetime('now'), resolved_by = 'owner-reply' WHERE id = ?`
+    ).run(row.id);
   }
   /**
-   * Resume gateway from saved config (e.g., after server restart).
-   *
-   * Issue #31 — On a Docker container restart the API can come up
-   * before Stalwart / Gmail IMAP / DNS is reachable, so the very first
-   * setup() can fail with a transient network error. Previously that
-   * single failure was logged and never retried, leaving polling
-   * permanently dead until someone noticed and manually revived the
-   * relay. We now schedule background retries with exponential backoff
-   * (5s, 10s, 20s, 40s, 60s cap, indefinite) so the relay
-   * self-recovers as soon as the dependency is reachable again.
+   * Send a confirmation email back to the owner after processing an approval reply.
    */
-  async resume() {
-    if (this.config.mode === "relay" && this.config.relay) {
-      try {
-        await this._resumeRelayOnce();
-      } catch (err) {
-        console.error("[GatewayManager] Initial relay resume failed; scheduling retries:", formatPollError(err));
-        this._scheduleRelayResumeRetry();
+  async sendApprovalConfirmation(row, action, replyMessageId) {
+    const ownerEmail = this.config.relay?.email;
+    if (!ownerEmail || !this.accountManager) return;
+    const mailOpts = JSON.parse(row.mail_options);
+    const agent = await this.accountManager.getById(row.agent_id);
+    const agentName = agent?.name || "unknown agent";
+    const statusText = action === "approve" ? "APPROVED and sent" : "REJECTED and discarded";
+    this.routeOutbound(agentName, {
+      to: ownerEmail,
+      subject: `Re: [Approval Required] Blocked email from "${agentName}" \u2014 ${statusText}`,
+      text: [
+        `The blocked email has been ${statusText}.`,
+        "",
+        `  To: ${Array.isArray(mailOpts.to) ? mailOpts.to.join(", ") : mailOpts.to}`,
+        `  Subject: ${mailOpts.subject}`,
+        "",
+        action === "approve" ? "The email has been delivered to the recipient." : "The email has been discarded and will not be sent."
+      ].join("\n"),
+      fromName: "Agentic Mail",
+      inReplyTo: replyMessageId
+    }).catch((err) => {
+      console.warn(`[GatewayManager] Failed to send approval confirmation: ${err.message}`);
+    });
+  }
+  // --- Relay Mode ---
+  async setupRelay(config, options) {
+    await this.relay.setup(config);
+    this.config = { mode: "relay", relay: config };
+    this.saveConfig();
+    let agent;
+    if (!options?.skipDefaultAgent && this.accountManager) {
+      const agentName = options?.defaultAgentName ?? DEFAULT_AGENT_NAME;
+      const agentRole = options?.defaultAgentRole ?? DEFAULT_AGENT_ROLE;
+      const existing = await this.accountManager.getByName(agentName);
+      if (existing) {
+        agent = existing;
+      } else {
+        agent = await this.accountManager.create({
+          name: agentName,
+          role: agentRole,
+          gateway: "relay"
+        });
       }
     }
-    if (this.smsManager && this.accountManager) {
-      try {
-        await this.startSmsPollers();
-      } catch (err) {
-        console.error("[GatewayManager] Failed to start SMS pollers:", err);
+    this.relay.onUidAdvance = (uid) => this.saveLastSeenUid(uid);
+    await this.relay.startPolling();
+    return { agent };
+  }
+  // --- Domain Mode ---
+  async setupDomain(options) {
+    this.cfClient = new CloudflareClient(options.cloudflareToken, options.cloudflareAccountId);
+    this.dnsConfigurator = new DNSConfigurator(this.cfClient);
+    this.tunnel = new TunnelManager(this.cfClient);
+    this.domainPurchaser = new DomainPurchaser(this.cfClient);
+    let domain = options.domain;
+    if (!domain && options.purchase) {
+      const available = await this.domainPurchaser.searchAvailable(
+        options.purchase.keywords,
+        options.purchase.tld ? [options.purchase.tld] : void 0
+      );
+      const first = available.find((d) => d.available && !d.premium);
+      if (!first) {
+        throw new Error("No available domains found for the given keywords");
       }
+      await this.domainPurchaser.purchase(first.domain);
+      domain = first.domain;
+      this.db.prepare(`
+        INSERT OR REPLACE INTO purchased_domains (domain, registrar) VALUES (?, ?)
+      `).run(domain, "cloudflare");
     }
-    if (this.config.mode === "domain" && this.config.domain) {
-      try {
-        this.cfClient = new CloudflareClient(
-          this.config.domain.cloudflareApiToken,
-          this.config.domain.cloudflareAccountId
-        );
-        this.dnsConfigurator = new DNSConfigurator(this.cfClient);
-        this.tunnel = new TunnelManager(this.cfClient);
-        this.domainPurchaser = new DomainPurchaser(this.cfClient);
-        if (this.config.domain.tunnelToken) {
-          await this.tunnel.start(this.config.domain.tunnelToken);
-        }
-      } catch (err) {
-        console.error("[GatewayManager] Failed to resume domain mode:", err);
+    if (!domain) {
+      throw new Error("No domain specified and no purchase keywords provided");
+    }
+    let zone = await this.cfClient.getZone(domain);
+    if (!zone) {
+      zone = await this.cfClient.createZone(domain);
+    }
+    const existingRecords = await this.cfClient.listDnsRecords(zone.id);
+    const { homedir: homedir13 } = await import("os");
+    const backupDir = join4(homedir13(), ".agenticmail");
+    const backupPath = join4(backupDir, `dns-backup-${domain}-${Date.now()}.json`);
+    const { writeFileSync: writeFileSync11, mkdirSync: mkdirSync12 } = await import("fs");
+    mkdirSync12(backupDir, { recursive: true });
+    writeFileSync11(backupPath, JSON.stringify({
+      domain,
+      zoneId: zone.id,
+      backedUpAt: (/* @__PURE__ */ new Date()).toISOString(),
+      records: existingRecords
+    }, null, 2));
+    console.log(`[GatewayManager] DNS backup saved to ${backupPath} (${existingRecords.length} records)`);
+    const rootRecords = existingRecords.filter(
+      (r) => r.name === domain && (r.type === "A" || r.type === "AAAA" || r.type === "CNAME" || r.type === "MX")
+    );
+    if (rootRecords.length > 0) {
+      console.warn(`[GatewayManager] \u26A0\uFE0F  WARNING: ${rootRecords.length} existing root DNS record(s) for ${domain} will be modified:`);
+      for (const r of rootRecords) {
+        console.warn(`[GatewayManager]   ${r.type} ${r.name} \u2192 ${r.content}`);
       }
+      console.warn(`[GatewayManager] Backup saved at: ${backupPath}`);
     }
-  }
-  // ─── Issue #31 helpers — resume retry with backoff ───
-  _resumeRetryTimer = null;
-  _resumeRetryAttempt = 0;
-  async _resumeRelayOnce() {
-    if (!this.config.relay) throw new Error("No relay config to resume");
-    await this.relay.setup(this.config.relay);
-    const savedUid = this.loadLastSeenUid();
-    if (savedUid > 0) {
-      this.relay.setLastSeenUid(savedUid);
-      console.log(`[GatewayManager] Restored lastSeenUid=${savedUid} from database`);
+    const tunnelConfig = await this.tunnel.create(`agenticmail-${domain}`);
+    console.log(`[GatewayManager] Configuring mail server hostname: ${domain}`);
+    try {
+      await this.stalwart.setHostname(domain);
+      console.log(`[GatewayManager] Mail server hostname set to ${domain}`);
+    } catch (err) {
+      console.warn(`[GatewayManager] Failed to set hostname (EHLO may show "localhost"): ${err.message}`);
     }
-    this.relay.onUidAdvance = (uid) => this.saveLastSeenUid(uid);
-    await this.relay.startPolling();
-    if (this._resumeRetryAttempt > 0) {
-      console.log(`[GatewayManager] Relay polling resumed after ${this._resumeRetryAttempt} retry attempt${this._resumeRetryAttempt !== 1 ? "s" : ""}`);
+    console.log("[GatewayManager] Setting up DKIM signing...");
+    let dkimPublicKey;
+    let dkimSelector = "agenticmail";
+    try {
+      const dkim = await this.stalwart.createDkimSignature(domain, dkimSelector);
+      dkimPublicKey = dkim.publicKey;
+      console.log(`[GatewayManager] DKIM signature created (selector: ${dkimSelector})`);
+    } catch (err) {
+      console.warn(`[GatewayManager] DKIM setup failed (email may land in spam): ${err.message}`);
     }
-    this._resumeRetryAttempt = 0;
-  }
-  _scheduleRelayResumeRetry() {
-    if (this._resumeRetryTimer) return;
-    this._resumeRetryAttempt++;
-    const base = Math.min(5e3 * Math.pow(2, this._resumeRetryAttempt - 1), 6e4);
-    const jitter = base * (0.8 + Math.random() * 0.4);
-    const delay = Math.round(jitter);
-    console.log(`[GatewayManager] Will retry relay resume in ${(delay / 1e3).toFixed(1)}s (attempt ${this._resumeRetryAttempt + 1})`);
-    this._resumeRetryTimer = setTimeout(async () => {
-      this._resumeRetryTimer = null;
-      if (this.config.mode !== "relay" || !this.config.relay) return;
-      try {
-        await this._resumeRelayOnce();
-      } catch (err) {
-        console.error(`[GatewayManager] Relay resume retry ${this._resumeRetryAttempt} failed:`, formatPollError(err));
-        this._scheduleRelayResumeRetry();
-      }
-    }, delay);
-  }
-  // --- Persistence ---
-  loadConfig() {
-    const row = this.db.prepare("SELECT * FROM gateway_config WHERE id = ?").get("default");
-    if (row) {
+    const tunnelRemoved = await this.dnsConfigurator.configureForTunnel(domain, zone.id, tunnelConfig.tunnelId);
+    if (tunnelRemoved.length > 0) {
+      console.log(`[GatewayManager] Removed ${tunnelRemoved.length} conflicting DNS record(s) for tunnel`);
+    }
+    const emailDns = await this.dnsConfigurator.configureForEmail(domain, zone.id, {
+      dkimSelector,
+      dkimPublicKey
+    });
+    if (emailDns.removed.length > 0) {
+      console.log(`[GatewayManager] Replaced ${emailDns.removed.length} old DNS record(s) for email`);
+    }
+    await this.tunnel.start(tunnelConfig.tunnelToken);
+    await this.tunnel.createIngress(tunnelConfig.tunnelId, domain);
+    console.log("[GatewayManager] Enabling Cloudflare Email Routing...");
+    try {
+      await this.cfClient.enableEmailRouting(zone.id);
+      console.log("[GatewayManager] Email Routing enabled");
+    } catch (err) {
+      console.warn(`[GatewayManager] Email Routing enable failed (may already be active): ${err.message}`);
+    }
+    const workerName = `agenticmail-inbound-${domain.replace(/\./g, "-")}`;
+    const inboundUrl = `https://${domain}/api/agenticmail/mail/inbound`;
+    const inboundSecret = options.outboundSecret || crypto.randomUUID();
+    console.log(`[GatewayManager] Deploying Email Worker "${workerName}"...`);
+    console.log(`[GatewayManager] Set AGENTICMAIL_INBOUND_SECRET="${inboundSecret}" in your environment to match the worker`);
+    try {
+      const { EMAIL_WORKER_SCRIPT } = await import("./email-worker-template-BOJPKCVB.js");
+      await this.cfClient.deployEmailWorker(workerName, EMAIL_WORKER_SCRIPT, {
+        INBOUND_URL: inboundUrl,
+        INBOUND_SECRET: inboundSecret
+      });
+      console.log(`[GatewayManager] Email Worker deployed: ${workerName}`);
+    } catch (err) {
+      console.warn(`[GatewayManager] Email Worker deployment failed: ${err.message}`);
+      console.warn("[GatewayManager] You may need to deploy the worker manually or check Workers permissions on your API token");
+    }
+    console.log("[GatewayManager] Configuring catch-all Email Routing rule...");
+    try {
+      await this.cfClient.setCatchAllWorkerRule(zone.id, workerName);
+      console.log("[GatewayManager] Catch-all rule set: all emails \u2192 Worker \u2192 AgenticMail");
+    } catch (err) {
+      console.warn(`[GatewayManager] Catch-all rule failed: ${err.message}`);
+    }
+    try {
+      await this.stalwart.createPrincipal({
+        type: "domain",
+        name: domain,
+        description: `AgenticMail gateway domain: ${domain}`
+      });
+    } catch {
+    }
+    if (this.accountManager) {
       try {
-        const parsed = JSON.parse(row.config);
-        if (this.encryptionKey) {
-          if (parsed.relay?.password) {
-            try {
-              parsed.relay.password = decryptSecret(parsed.relay.password, this.encryptionKey);
-            } catch {
-            }
-          }
-          if (parsed.relay?.appPassword) {
-            try {
-              parsed.relay.appPassword = decryptSecret(parsed.relay.appPassword, this.encryptionKey);
-            } catch {
-            }
-          }
-          if (parsed.domain?.cloudflareApiToken) {
-            try {
-              parsed.domain.cloudflareApiToken = decryptSecret(parsed.domain.cloudflareApiToken, this.encryptionKey);
-            } catch {
-            }
-          }
-          if (parsed.domain?.tunnelToken) {
-            try {
-              parsed.domain.tunnelToken = decryptSecret(parsed.domain.tunnelToken, this.encryptionKey);
-            } catch {
-            }
-          }
-          if (parsed.domain?.inboundSecret) {
-            try {
-              parsed.domain.inboundSecret = decryptSecret(parsed.domain.inboundSecret, this.encryptionKey);
-            } catch {
-            }
-          }
-          if (parsed.domain?.outboundSecret) {
-            try {
-              parsed.domain.outboundSecret = decryptSecret(parsed.domain.outboundSecret, this.encryptionKey);
-            } catch {
+        const agents = await this.accountManager.list();
+        for (const agent of agents) {
+          const domainEmail = `${agent.name.toLowerCase()}@${domain}`;
+          try {
+            const principal = await this.stalwart.getPrincipal(agent.stalwartPrincipal);
+            const emails = principal.emails ?? [];
+            if (!emails.includes(domainEmail)) {
+              await this.stalwart.addEmailAlias(agent.stalwartPrincipal, domainEmail);
+              console.log(`[GatewayManager] Added ${domainEmail} to Stalwart principal "${agent.stalwartPrincipal}"`);
             }
+          } catch (err) {
+            console.warn(`[GatewayManager] Could not update principal for ${agent.name}: ${err.message}`);
           }
         }
-        this.config = {
-          mode: row.mode,
-          ...parsed
-        };
-      } catch {
-        this.config = { mode: "none" };
+      } catch (err) {
+        console.warn(`[GatewayManager] Could not update agent email aliases: ${err.message}`);
       }
     }
-  }
-  saveConfig() {
-    const { mode, ...rest } = this.config;
-    const toStore = JSON.parse(JSON.stringify(rest));
-    if (this.encryptionKey) {
-      if (toStore.relay?.password) {
-        toStore.relay.password = encryptSecret(toStore.relay.password, this.encryptionKey);
-      }
-      if (toStore.relay?.appPassword) {
-        toStore.relay.appPassword = encryptSecret(toStore.relay.appPassword, this.encryptionKey);
-      }
-      if (toStore.domain?.cloudflareApiToken) {
-        toStore.domain.cloudflareApiToken = encryptSecret(toStore.domain.cloudflareApiToken, this.encryptionKey);
-      }
-      if (toStore.domain?.tunnelToken) {
-        toStore.domain.tunnelToken = encryptSecret(toStore.domain.tunnelToken, this.encryptionKey);
-      }
-      if (toStore.domain?.inboundSecret) {
-        toStore.domain.inboundSecret = encryptSecret(toStore.domain.inboundSecret, this.encryptionKey);
-      }
-      if (toStore.domain?.outboundSecret) {
-        toStore.domain.outboundSecret = encryptSecret(toStore.domain.outboundSecret, this.encryptionKey);
+    const domainConfig = {
+      domain,
+      cloudflareApiToken: options.cloudflareToken,
+      cloudflareAccountId: options.cloudflareAccountId,
+      tunnelId: tunnelConfig.tunnelId,
+      tunnelToken: tunnelConfig.tunnelToken,
+      outboundWorkerUrl: options.outboundWorkerUrl,
+      outboundSecret: options.outboundSecret,
+      inboundSecret,
+      emailWorkerName: workerName
+    };
+    this.config = { mode: "domain", domain: domainConfig };
+    this.saveConfig();
+    this.db.prepare(`
+      INSERT OR REPLACE INTO purchased_domains (domain, registrar, cloudflare_zone_id, tunnel_id, dns_configured, tunnel_active)
+      VALUES (?, 'cloudflare', ?, ?, 1, 1)
+    `).run(domain, zone.id, tunnelConfig.tunnelId);
+    let outboundRelay;
+    const nextSteps = [];
+    if (options.gmailRelay) {
+      console.log("[GatewayManager] Configuring outbound relay through Gmail SMTP...");
+      try {
+        await this.stalwart.configureOutboundRelay({
+          smtpHost: "smtp.gmail.com",
+          smtpPort: 465,
+          username: options.gmailRelay.email,
+          password: options.gmailRelay.appPassword
+        });
+        outboundRelay = { configured: true, provider: "gmail" };
+        console.log("[GatewayManager] Outbound relay configured: all external mail routes through Gmail SMTP");
+        const gmailSettingsUrl = "https://mail.google.com/mail/u/0/#settings/accounts";
+        nextSteps.push(
+          `IMPORTANT: To send emails showing your domain (not ${options.gmailRelay.email}), add each agent email as a "Send mail as" alias in Gmail:`,
+          `1. Open: ${gmailSettingsUrl}`,
+          `2. Under "Send mail as" click "Add another email address"`,
+          `3. Enter agent name and email (e.g. "Secretary" / secretary@${domain}), uncheck "Treat as alias"`,
+          `4. On the SMTP screen, Gmail will auto-fill WRONG values. You MUST change them to:`,
+          `   SMTP Server: smtp.gmail.com | Port: 465 | Username: ${options.gmailRelay.email} | Password: [your app password] | Select "Secured connection using SSL"`,
+          `5. Click "Add Account". Gmail sends a verification email to the agent's @${domain} address`,
+          `6. Check AgenticMail inbox for the code/link from gmail-noreply@google.com, then confirm`,
+          `7. Repeat for each agent. Or ask your OpenClaw agent to automate this via the browser tool.`
+        );
+      } catch (err) {
+        outboundRelay = { configured: false, provider: "gmail" };
+        console.warn(`[GatewayManager] Outbound relay setup failed: ${err.message}`);
+        nextSteps.push(`Outbound relay setup failed: ${err.message}. You can configure it manually later.`);
       }
+    } else {
+      nextSteps.push(
+        "Outbound email: Your server sends directly from your IP. If your IP lacks a PTR record (common for residential connections), emails may be rejected.",
+        'To fix this, re-run setup with gmailRelay: { email: "you@gmail.com", appPassword: "xxxx xxxx xxxx xxxx" } to relay outbound mail through Gmail SMTP.',
+        "You will need a Gmail app password: https://myaccount.google.com/apppasswords"
+      );
     }
-    this.db.prepare(`
-      INSERT OR REPLACE INTO gateway_config (id, mode, config)
-      VALUES ('default', ?, ?)
-    `).run(mode, JSON.stringify(toStore));
-  }
-  saveLastSeenUid(uid) {
-    this.db.prepare(`
-      INSERT OR REPLACE INTO config (key, value) VALUES ('relay_last_seen_uid', ?)
-    `).run(String(uid));
-  }
-  loadLastSeenUid() {
-    const row = this.db.prepare("SELECT value FROM config WHERE key = ?").get("relay_last_seen_uid");
-    return row ? parseInt(row.value, 10) || 0 : 0;
-  }
-};
-function parseAddressString(addr) {
-  const match = addr.match(/^(.+?)\s*<([^>]+)>$/);
-  if (match) {
-    return { name: match[1].trim(), address: match[2].trim() };
+    return {
+      domain,
+      dnsConfigured: true,
+      tunnelId: tunnelConfig.tunnelId,
+      outboundRelay,
+      nextSteps: nextSteps.length > 0 ? nextSteps : void 0
+    };
   }
-  return { address: addr.trim() };
-}
-function inboundToParsedEmail(mail) {
-  return {
-    messageId: mail.messageId || "",
-    subject: mail.subject || "",
-    from: [parseAddressString(mail.from)],
-    to: [parseAddressString(mail.to)],
-    date: mail.date || /* @__PURE__ */ new Date(),
-    text: mail.text,
-    html: mail.html,
-    inReplyTo: mail.inReplyTo,
-    references: mail.references,
-    attachments: (mail.attachments ?? []).map((a) => ({
-      filename: a.filename,
-      contentType: a.contentType,
-      size: a.size,
-      content: a.content
-    })),
-    headers: /* @__PURE__ */ new Map()
-  };
-}
-
-// src/gateway/relay-bridge.ts
-import { createServer } from "http";
-import { createTransport } from "nodemailer";
-var RelayBridge = class {
-  server = null;
-  options;
-  constructor(options) {
-    this.options = options;
+  // --- Test ---
+  /**
+   * Send a test email through the gateway without requiring a real agent.
+   * In relay mode, uses "test" as the sub-address.
+   * In domain mode, uses the first available agent (Stalwart needs real credentials).
+   */
+  async sendTestEmail(to) {
+    const mail = {
+      to,
+      subject: "AgenticMail Gateway Test",
+      text: "This is a test email sent via the AgenticMail gateway to verify your configuration is working."
+    };
+    if (this.config.mode === "relay") {
+      return this.routeOutbound("test", mail);
+    }
+    if (this.config.mode === "domain" && this.accountManager) {
+      const agents = await this.accountManager.list();
+      if (agents.length === 0) {
+        throw new Error("No agents exist yet. Create an agent first, then send a test email.");
+      }
+      const primary = agents.find((a) => a.metadata?.persistent) ?? agents[0];
+      return this.routeOutbound(primary.name, mail);
+    }
+    return null;
   }
-  async start() {
-    return new Promise((resolve2, reject) => {
-      this.server = createServer((req, res) => this.handleRequest(req, res));
-      this.server.listen(this.options.port, "127.0.0.1", () => {
-        console.log(`[RelayBridge] Listening on 127.0.0.1:${this.options.port}`);
-        resolve2();
-      });
-      this.server.on("error", reject);
+  // --- Routing ---
+  /**
+   * Route an outbound email. If the destination is external and a gateway
+   * is configured, send via the appropriate channel.
+   * Returns null if the mail should be sent via local Stalwart.
+   */
+  async routeOutbound(agentName, mail) {
+    if (this.config.mode === "none") return null;
+    const collect = (field) => {
+      if (!field) return [];
+      if (Array.isArray(field)) return field;
+      return field.split(",").map((s) => s.trim()).filter(Boolean);
+    };
+    const allRecipients = [
+      ...collect(mail.to),
+      ...collect(mail.cc),
+      ...collect(mail.bcc)
+    ];
+    const localDomain = this.config.domain?.domain?.toLowerCase();
+    const isExternal = allRecipients.some((addr) => {
+      const domain = (addr.split("@")[1] ?? "localhost").toLowerCase();
+      return domain !== "localhost" && domain !== localDomain;
     });
+    if (!isExternal) return null;
+    if (this.config.mode === "relay") {
+      return this.relay.sendViaRelay(agentName, mail);
+    }
+    if (this.config.mode === "domain" && this.config.domain) {
+      return this.sendViaStalwart(agentName, mail);
+    }
+    return null;
   }
-  stop() {
-    this.server?.close();
-    this.server = null;
-  }
-  async handleRequest(req, res) {
-    if (req.method !== "POST" || req.url !== "/send") {
-      res.writeHead(404, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ error: "Not found" }));
-      return;
+  /**
+   * Send email by submitting to local Stalwart via SMTP (port 587).
+   * Stalwart handles DKIM signing and delivery (direct or via relay).
+   * Reply-To is set to the agent's domain email so replies come back
+   * to the domain (handled by Cloudflare Email Routing → inbound Worker).
+   */
+  async sendViaStalwart(agentName, mail) {
+    if (!this.accountManager) {
+      throw new Error("AccountManager required for domain mode outbound");
     }
-    const secret = req.headers["x-relay-secret"];
-    if (secret !== this.options.secret) {
-      res.writeHead(401, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ error: "Unauthorized" }));
-      return;
+    const agent = await this.accountManager.getByName(agentName);
+    if (!agent) {
+      throw new Error(`Agent "${agentName}" not found`);
     }
-    let body = "";
-    for await (const chunk of req) body += chunk;
-    try {
-      const payload = JSON.parse(body);
-      const result = await this.submitToStalwart(payload);
-      res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(JSON.stringify(result));
-    } catch (err) {
-      console.error("[RelayBridge] Delivery failed:", err.message);
-      res.writeHead(500, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ error: err.message }));
+    const agentPassword = agent.metadata?._password;
+    if (!agentPassword) {
+      throw new Error(`No password for agent "${agentName}"`);
     }
-  }
-  async submitToStalwart(payload) {
-    const { from, to, subject, text, html, replyTo, inReplyTo, references } = payload;
-    const recipients = Array.isArray(to) ? to : [to];
-    debug("RelayBridge", `Submitting to Stalwart: ${from} \u2192 ${recipients.join(", ")}`);
-    const transport = createTransport({
-      host: this.options.smtpHost ?? "127.0.0.1",
-      port: this.options.smtpPort ?? 587,
+    const domainName = this.config.domain?.domain;
+    const fromAddr = domainName ? agent.email.replace(/@localhost$/, `@${domainName}`) : agent.email;
+    const displayName = mail.fromName || agentName;
+    const from = `${displayName} <${fromAddr}>`;
+    if (domainName && fromAddr !== agent.email) {
+      try {
+        const principal = await this.stalwart.getPrincipal(agent.stalwartPrincipal);
+        const emails = principal.emails ?? [];
+        if (!emails.includes(fromAddr)) {
+          await this.stalwart.addEmailAlias(agent.stalwartPrincipal, fromAddr);
+          console.log(`[GatewayManager] Auto-added ${fromAddr} to Stalwart principal "${agent.stalwartPrincipal}"`);
+        }
+      } catch (err) {
+        console.warn(`[GatewayManager] Could not auto-add domain email alias: ${err.message}`);
+      }
+    }
+    const recipients = Array.isArray(mail.to) ? mail.to : [mail.to];
+    const mailOpts = {
+      from,
+      to: recipients.join(", "),
+      cc: mail.cc ? Array.isArray(mail.cc) ? mail.cc.join(", ") : mail.cc : void 0,
+      bcc: mail.bcc ? Array.isArray(mail.bcc) ? mail.bcc.join(", ") : mail.bcc : void 0,
+      subject: mail.subject,
+      text: mail.text || void 0,
+      // The `html` field is the literal HTML body of the outbound
+      // mail — by design it is whatever the sender chose to compose.
+      // CodeQL `js/xss` flags this because the value flows from user
+      // input, but nodemailer is the SMTP serializer, not an HTML
+      // renderer; XSS would only occur if the recipient's MUA
+      // executed the body, which is outside our trust boundary.
+      // The outbound-guard (packages/core/src/mail/outbound-guard.ts)
+      // already scores HTML bodies for suspicious patterns at the
+      // pre-send step. lgtm[js/xss]
+      html: mail.html || void 0,
+      replyTo: mail.replyTo || from,
+      inReplyTo: mail.inReplyTo || void 0,
+      references: Array.isArray(mail.references) ? mail.references.join(" ") : mail.references || void 0,
+      headers: {
+        "X-Mailer": "AgenticMail/1.0"
+      },
+      attachments: mail.attachments?.map((a) => ({
+        filename: a.filename,
+        content: a.content,
+        contentType: a.contentType,
+        encoding: a.encoding
+      }))
+    };
+    const composer = new MailComposer3(mailOpts);
+    const raw = await composer.compile().build();
+    const smtpHost = this.options.localSmtp?.host ?? "127.0.0.1";
+    const smtpPort = this.options.localSmtp?.port ?? 587;
+    const transport = nodemailer3.createTransport({
+      host: smtpHost,
+      port: smtpPort,
       secure: false,
       auth: {
-        user: this.options.smtpUser,
-        pass: this.options.smtpPass
+        user: agent.stalwartPrincipal,
+        pass: agentPassword
       },
       tls: { rejectUnauthorized: false }
     });
     try {
-      const info = await transport.sendMail({
-        from,
-        to: recipients.join(", "),
-        subject,
-        text: text || void 0,
-        html: html || void 0,
-        replyTo: replyTo || void 0,
-        inReplyTo: inReplyTo || void 0,
-        references: references || void 0,
-        headers: {
-          "X-Mailer": "AgenticMail/1.0"
-        }
-      });
-      debug("RelayBridge", `Queued: ${info.messageId} \u2192 ${info.response}`);
+      const info = await transport.sendMail(mailOpts);
+      debug("GatewayManager", `Sent via Stalwart: ${info.messageId} \u2192 ${info.response}`);
       return {
-        ok: true,
         messageId: info.messageId,
-        response: info.response
+        envelope: { from, to: recipients },
+        raw
       };
     } finally {
       transport.close();
     }
   }
-};
-function startRelayBridge(options) {
-  const bridge = new RelayBridge(options);
-  bridge.start().catch((err) => {
-    console.error("[RelayBridge] Failed to start:", err);
-  });
-  return bridge;
-}
-
-// src/gateway/types.ts
-var RELAY_PRESETS = {
-  gmail: {
-    smtpHost: "smtp.gmail.com",
-    smtpPort: 587,
-    imapHost: "imap.gmail.com",
-    imapPort: 993
-  },
-  outlook: {
-    smtpHost: "smtp.office365.com",
-    smtpPort: 587,
-    imapHost: "outlook.office365.com",
-    imapPort: 993
+  // --- Status ---
+  getStatus() {
+    const status = {
+      mode: this.config.mode,
+      healthy: false
+    };
+    if (this.config.mode === "relay" && this.config.relay) {
+      status.relay = {
+        provider: this.config.relay.provider,
+        email: this.config.relay.email,
+        polling: this.relay.isPolling()
+      };
+      status.healthy = this.relay.isConfigured();
+    }
+    if (this.config.mode === "domain" && this.config.domain) {
+      const tunnelStatus = this.tunnel?.status();
+      status.domain = {
+        domain: this.config.domain.domain,
+        dnsConfigured: true,
+        tunnelActive: tunnelStatus?.running ?? false
+      };
+      status.healthy = tunnelStatus?.running ?? false;
+    }
+    if (this.config.mode === "none") {
+      status.healthy = true;
+    }
+    return status;
   }
-};
-
-// src/telegram/client.ts
-var TELEGRAM_API_BASE = "https://api.telegram.org";
-var TELEGRAM_MESSAGE_LIMIT = 4096;
-var TELEGRAM_CHUNK_SIZE = 4e3;
-var TelegramApiError = class extends Error {
-  isTelegramApiError = true;
-  description;
-  errorCode;
-  constructor(method, description, errorCode) {
-    super(`Telegram ${method} failed: ${description}${errorCode ? ` (code ${errorCode})` : ""}`);
-    this.name = "TelegramApiError";
-    this.description = description;
-    this.errorCode = errorCode;
+  getMode() {
+    return this.config.mode;
   }
-};
-function redactBotToken(text, token) {
-  let out = typeof text === "string" ? text : String(text);
-  if (token) out = out.split(token).join("bot***");
-  return out.replace(/\d{6,}:[A-Za-z0-9_-]{30,}/g, "bot***");
-}
-async function callTelegramApi(token, method, body, options = {}) {
-  if (!token || typeof token !== "string") {
-    throw new TelegramApiError(method, "bot token is required");
+  getConfig() {
+    return this.config;
   }
-  const pollTimeout = typeof body?.timeout === "number" ? body.timeout : 0;
-  const timeoutMs = options.longPoll && pollTimeout > 0 ? (pollTimeout + 15) * 1e3 : 3e4;
-  let response;
-  try {
-    response = await fetch(`${TELEGRAM_API_BASE}/bot${token}/${method}`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: body ? JSON.stringify(body) : void 0,
-      signal: AbortSignal.timeout(timeoutMs)
-    });
-  } catch (err) {
-    throw new TelegramApiError(method, redactBotToken(err?.message ?? String(err), token));
+  // --- Domain Purchase ---
+  getStalwart() {
+    return this.stalwart;
   }
-  let json;
-  try {
-    json = await response.json();
-  } catch {
-    throw new TelegramApiError(method, `non-JSON response (HTTP ${response.status})`);
+  getDomainPurchaser() {
+    return this.domainPurchaser;
+  }
+  getDNSConfigurator() {
+    return this.dnsConfigurator;
+  }
+  getTunnelManager() {
+    return this.tunnel;
+  }
+  getRelay() {
+    return this.relay;
+  }
+  /**
+   * Search the connected relay account (Gmail/Outlook) for emails matching criteria.
+   * Returns empty array if relay is not configured.
+   */
+  async searchRelay(criteria, maxResults = 50) {
+    if (this.config.mode !== "relay" || !this.relay.isConfigured()) return [];
+    return this.relay.searchRelay(criteria, maxResults);
+  }
+  /**
+   * Import an email from the connected relay account into an agent's local inbox.
+   * Fetches the full message from relay IMAP and delivers it locally, preserving
+   * all headers (Message-ID, In-Reply-To, References) for thread continuity.
+   */
+  async importRelayMessage(relayUid, agentName) {
+    if (this.config.mode !== "relay" || !this.relay.isConfigured()) {
+      return { success: false, error: "Relay not configured" };
+    }
+    const mail = await this.relay.fetchRelayMessage(relayUid);
+    if (!mail) {
+      return { success: false, error: "Could not fetch message from relay account" };
+    }
+    try {
+      await this.deliverInboundLocally(agentName, mail);
+      return { success: true };
+    } catch (err) {
+      return { success: false, error: err instanceof Error ? err.message : String(err) };
+    }
   }
-  if (!json || json.ok !== true) {
-    throw new TelegramApiError(
-      method,
-      redactBotToken(String(json?.description || `HTTP ${response.status}`), token),
-      typeof json?.error_code === "number" ? json.error_code : void 0
-    );
+  // --- SMS Polling ---
+  /**
+   * Start SMS pollers for all agents that have separate GV Gmail credentials.
+   * Agents with sameAsRelay=true are handled in deliverInboundLocally.
+   */
+  async startSmsPollers() {
+    if (!this.smsManager || !this.accountManager) return;
+    const agents = this.db.prepare("SELECT id, name, metadata FROM agents").all();
+    for (const agent of agents) {
+      try {
+        const meta = JSON.parse(agent.metadata || "{}");
+        const smsConfig = meta.sms;
+        if (!smsConfig?.enabled || !smsConfig.forwardingPassword || smsConfig.sameAsRelay) continue;
+        const poller = new SmsPoller(this.smsManager, agent.id, smsConfig);
+        poller.onSmsReceived = (agentId, sms) => {
+          console.log(`[SmsPoller] SMS received for agent ${agent.name}: from ${sms.from}, body="${sms.body.slice(0, 50)}..."`);
+        };
+        this.smsPollers.set(agent.id, poller);
+        await poller.startPolling();
+        console.log(`[GatewayManager] SMS poller started for agent "${agent.name}" (${smsConfig.forwardingEmail})`);
+      } catch {
+      }
+    }
   }
-  return json.result;
-}
-function stripTelegramMarkdown(text) {
-  if (!text) return text;
-  return text.replace(/\*\*(.+?)\*\*/g, "$1").replace(/\*(.+?)\*/g, "$1").replace(/__(.+?)__/g, "$1").replace(/~~(.+?)~~/g, "$1").replace(/^#{1,6}\s+/gm, "").replace(/```[\s\S]*?```/g, (m) => m.replace(/```\w*\n?/g, "").trim()).replace(/`([^`]+)`/g, "$1").replace(/\[([^\]]+)\]\([^)]+\)/g, "$1").trim();
-}
-function splitTelegramMessage(text, maxLen = TELEGRAM_CHUNK_SIZE) {
-  const chunks = [];
-  let rest = text || "";
-  while (rest.length > maxLen) {
-    let cut = rest.lastIndexOf("\n", maxLen);
-    if (cut < maxLen / 2) cut = maxLen;
-    chunks.push(rest.slice(0, cut));
-    rest = rest.slice(cut).replace(/^\n+/, "");
+  // --- Telegram Polling ---
+  /**
+   * Start a long-poll loop for every agent whose Telegram channel is
+   * configured + enabled + in poll mode. Webhook-mode agents skip — the
+   * webhook route already calls back into the same agent-wake bridge.
+   *
+   * Each new inbound Telegram message (that isn't an operator-query
+   * reply) is converted to a synthetic email and delivered into the
+   * agent's INBOX via the existing local-SMTP path — the very same
+   * delivery the relay uses for real email. This makes the existing
+   * IMAP IDLE → claudecode dispatcher path light up exactly as it
+   * would for a real inbound mail, so the agent gets a Claude turn
+   * without any new dispatcher plumbing. The body of the synthetic
+   * mail tells the agent the message came from Telegram and that it
+   * MUST reply via the `telegram_send` MCP tool, not via email.
+   */
+  async startTelegramPollers() {
+    if (!this.telegramManager || !this.accountManager) return;
+    const agents = this.db.prepare("SELECT id, name FROM agents").all();
+    for (const agent of agents) {
+      try {
+        const config = this.telegramManager.getConfig(agent.id);
+        if (!config?.enabled || config.mode !== "poll" || !config.botToken) continue;
+        await this.startTelegramPollerForAgent(agent.id, agent.name);
+      } catch (err) {
+        console.warn(`[GatewayManager] Could not start Telegram poller for ${agent.name}: ${err.message}`);
+      }
+    }
   }
-  if (rest) chunks.push(rest);
-  return chunks;
-}
-async function sendTelegramMessage(token, chatId, text, options = {}) {
-  const clean = stripTelegramMarkdown(text);
-  const chunks = splitTelegramMessage(clean);
-  if (chunks.length === 0) chunks.push("");
-  const messageIds = [];
-  for (let i = 0; i < chunks.length; i++) {
-    const body = { chat_id: String(chatId), text: chunks[i] };
-    if (i === 0 && options.replyToMessageId) {
-      body.reply_parameters = { message_id: options.replyToMessageId };
+  /**
+   * Start (or restart) the Telegram poller for one agent. Idempotent —
+   * a prior poller is stopped first so re-running `/telegram/setup`
+   * picks up the new token / allow-list cleanly.
+   *
+   * Public so the API layer can poke the gateway after a successful
+   * `/telegram/setup` without waiting for the next server restart.
+   */
+  async startTelegramPollerForAgent(agentId, agentName) {
+    if (!this.telegramManager) return;
+    const existing = this.telegramPollers.get(agentId);
+    if (existing) {
+      try {
+        await existing.stop();
+      } catch {
+      }
+      this.telegramPollers.delete(agentId);
     }
-    if (options.disableNotification) body.disable_notification = true;
-    const result = await callTelegramApi(token, "sendMessage", body);
-    messageIds.push(result.message_id);
+    const config = this.telegramManager.getConfig(agentId);
+    if (!config?.enabled || config.mode !== "poll" || !config.botToken) return;
+    const poller = new TelegramPoller(this.telegramManager, agentId);
+    poller.onInbound = async (event) => {
+      await this.bridgeInboundTelegram(event.agentId, event.message, event.config, agentName);
+    };
+    this.telegramPollers.set(agentId, poller);
+    await poller.start();
+    const botName = config.botUsername ? `@${config.botUsername}` : `bot ${config.botId ?? "(unknown)"}`;
+    console.log(`[GatewayManager] Telegram poller started for agent "${agentName ?? agentId.slice(0, 8)}" (${botName})`);
   }
-  return { messageIds, chunks: chunks.length };
-}
-function getTelegramMe(token) {
-  return callTelegramApi(token, "getMe");
-}
-function getTelegramChat(token, chatId) {
-  return callTelegramApi(token, "getChat", { chat_id: String(chatId) });
-}
-function getTelegramUpdates(token, offset, options = {}) {
-  const timeoutSec = Math.max(options.timeoutSec ?? 0, 0);
-  return callTelegramApi(token, "getUpdates", {
-    offset,
-    limit: Math.min(Math.max(options.limit ?? 100, 1), 100),
-    timeout: timeoutSec,
-    allowed_updates: ["message"]
-  }, { longPoll: timeoutSec > 0 });
-}
-function setTelegramWebhook(token, url, options = {}) {
-  return callTelegramApi(token, "setWebhook", {
-    url,
-    secret_token: options.secretToken,
-    allowed_updates: ["message"],
-    drop_pending_updates: options.dropPendingUpdates ?? false
-  });
-}
-function deleteTelegramWebhook(token) {
-  return callTelegramApi(token, "deleteWebhook", {});
-}
-function getTelegramWebhookInfo(token) {
-  return callTelegramApi(token, "getWebhookInfo");
-}
-
-// src/telegram/update.ts
-function asTrimmed(value) {
-  return typeof value === "string" ? value.trim() : "";
-}
-function normalizeChatType(type) {
-  return type === "private" || type === "group" || type === "supergroup" || type === "channel" ? type : "unknown";
-}
-function parseTelegramUpdate(update) {
-  if (!update || typeof update !== "object") return null;
-  const u = update;
-  if (typeof u.update_id !== "number") return null;
-  const msg = u.message || u.channel_post;
-  if (!msg || typeof msg !== "object") return null;
-  if (typeof msg.message_id !== "number") return null;
-  const chat = msg.chat || {};
-  if (typeof chat.id !== "number" && typeof chat.id !== "string") return null;
-  const text = asTrimmed(msg.text) || asTrimmed(msg.caption);
-  if (!text) return null;
-  const from = msg.from || {};
-  const fromName = [from.first_name, from.last_name].filter((p) => typeof p === "string" && p).join(" ") || asTrimmed(from.username) || asTrimmed(chat.title) || "User";
-  const replyTo = msg.reply_to_message;
-  return {
-    updateId: u.update_id,
-    messageId: msg.message_id,
-    chatId: String(chat.id),
-    chatType: normalizeChatType(chat.type),
-    chatTitle: asTrimmed(chat.title) || void 0,
-    fromId: from.id != null ? String(from.id) : String(chat.id),
-    fromName,
-    fromUsername: asTrimmed(from.username) || void 0,
-    text,
-    replyToMessageId: replyTo && typeof replyTo.message_id === "number" ? replyTo.message_id : void 0,
-    replyToText: replyTo ? asTrimmed(replyTo.text) || asTrimmed(replyTo.caption) || void 0 : void 0,
-    date: typeof msg.date === "number" ? new Date(msg.date * 1e3).toISOString() : (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-var TELEGRAM_STOP_WORDS = /* @__PURE__ */ new Set([
-  "stop",
-  "abort",
-  "kill",
-  "cancel",
-  "halt"
-]);
-function isTelegramStopCommand(text) {
-  if (!text) return false;
-  const cleaned = text.trim().toLowerCase().replace(/[!.?]+$/, "");
-  return TELEGRAM_STOP_WORDS.has(cleaned);
-}
-function nextTelegramOffset(currentOffset, updates) {
-  let next = currentOffset;
-  for (const u of updates) {
-    if (u && typeof u.update_id === "number" && u.update_id >= next) {
-      next = u.update_id + 1;
+  /** Stop a single agent's Telegram poller (called on disable). */
+  async stopTelegramPollerForAgent(agentId) {
+    const poller = this.telegramPollers.get(agentId);
+    if (!poller) return;
+    try {
+      await poller.stop();
+    } catch {
     }
+    this.telegramPollers.delete(agentId);
   }
-  return next;
-}
-
-// src/telegram/manager.ts
-import { timingSafeEqual } from "crypto";
-var TELEGRAM_WEBHOOK_SECRET_RE = /^[A-Za-z0-9_-]+$/;
-var TELEGRAM_MIN_WEBHOOK_SECRET_LENGTH = 16;
-var TELEGRAM_SECRET_FIELDS = ["botToken", "webhookSecret"];
-function redactTelegramConfig(config) {
-  return {
-    ...config,
-    botToken: config.botToken ? "***" : config.botToken,
-    webhookSecret: config.webhookSecret ? "***" : void 0
-  };
-}
-function isTelegramChatAllowed(config, chatId) {
-  const id = String(chatId ?? "").trim();
-  if (!id) return false;
-  if (config.operatorChatId && String(config.operatorChatId).trim() === id) return true;
-  return Array.isArray(config.allowedChatIds) && config.allowedChatIds.some((c) => String(c).trim() === id);
-}
-function safeEqual(a, b) {
-  const bufA = Buffer.from(a, "utf8");
-  const bufB = Buffer.from(b, "utf8");
-  if (bufA.length !== bufB.length) return false;
-  return timingSafeEqual(bufA, bufB);
-}
-var TelegramManager = class {
   /**
-   * Optional master key used to encrypt Telegram credentials at rest
-   * (the same AES-256-GCM scheme SMS/phone use). When absent (tests, or
-   * a deployment with no master key) configs are stored as-is and reads
-   * tolerate plaintext — upgrades and downgrades both stay safe.
+   * Convert one new inbound Telegram message into a synthetic email
+   * landing in the agent's INBOX, so the dispatcher wakes the agent.
+   *
+   * Two short-circuits before delivery:
+   *
+   *   1. If the message is from the configured operator's chat AND
+   *      looks like an operator-query reply (parsed by
+   *      `parseTelegramOperatorReply`), it's an answer to an in-flight
+   *      voice mission, not free-form chat — the HTTP webhook/poll
+   *      route already handles those by calling into the phone
+   *      manager, and the route does NOT need an agent turn. The poller
+   *      hands them off the same way: we just skip the wake here.
+   *
+   *   2. Plain `/start` (BotFather's default first DM) is a Telegram
+   *      housekeeping nudge — replying with an LLM turn for "/start"
+   *      would be embarrassing. Skip it.
+   *
+   * Everything else: synthesise the email and deliver.
    */
-  constructor(db2, encryptionKey) {
-    this.db = db2;
-    this.encryptionKey = encryptionKey;
-    this.ensureTable();
+  /**
+   * Public wrapper around the bridge — the Telegram webhook route calls
+   * this directly so push-mode and poll-mode share the wake path.
+   */
+  async bridgeTelegramInbound(agentId, parsed, config) {
+    return this.bridgeInboundTelegram(agentId, parsed, config);
   }
-  initialized = false;
-  ensureTable() {
-    if (this.initialized) return;
+  async bridgeInboundTelegram(agentId, parsed, config, agentNameHint) {
+    const operatorChatId = config.operatorChatId?.toString().trim() || "";
+    if (operatorChatId && parsed.chatId === operatorChatId) {
+      const reply = parseTelegramOperatorReply({ text: parsed.text, replyToText: parsed.replyToText });
+      if (reply) return;
+    }
+    const trimmedText = (parsed.text ?? "").trim();
+    if (trimmedText === "/start" || trimmedText === "/help" || trimmedText === "/stop") {
+      return;
+    }
+    if (!trimmedText) return;
+    if (!this.accountManager) return;
+    const agent = await this.accountManager.getById(agentId);
+    if (!agent) return;
+    const agentName = agentNameHint ?? agent.name;
+    const fromLabel = parsed.fromName ? `${parsed.fromName} (Telegram chat ${parsed.chatId})` : `Telegram chat ${parsed.chatId}`;
+    const senderName = parsed.fromName || parsed.fromUsername || "User";
+    const subject = `[Telegram] ${trimmedText.slice(0, 80)}${trimmedText.length > 80 ? "\u2026" : ""}`;
+    const body = [
+      `[Incoming Telegram message \u2014 via AgenticMail Telegram bridge]`,
+      `from_name:           ${senderName}`,
+      parsed.fromId ? `from_id:             ${parsed.fromId}` : null,
+      `chat_id:             ${parsed.chatId}`,
+      `chat_type:           ${parsed.chatType}`,
+      `telegram_message_id: ${parsed.messageId}`,
+      `received_at:         ${parsed.date}`,
+      ``,
+      `=== REPLY ROUTING (important, read before responding) ===`,
+      `This message arrived via Telegram, NOT email. To reply to ${senderName}`,
+      `you must use the telegram_send MCP tool \u2014 replying by email will go`,
+      `nowhere they can see it.`,
+      ``,
+      `    telegram_send({ chatId: "${parsed.chatId}", text: "<your reply>" })`,
+      ``,
+      `Send EXACTLY ONE telegram_send call per response \u2014 do not also narrate`,
+      `or summarise what you sent in a separate reply / email, that just shows`,
+      `up to the user as a duplicate. Keep replies concise and plain text`,
+      `(Telegram strips markdown formatting in transit). No preamble like`,
+      `"sure, here you go" \u2014 just answer the question.`,
+      ``,
+      `If the user is asking you to do an errand (call someone, look up info,`,
+      `send something), do the work FIRST, then telegram_send a single clear`,
+      `update back to chat_id ${parsed.chatId} when done \u2014 that becomes the`,
+      `whole reply.`,
+      `=== END REPLY ROUTING ===`,
+      ``,
+      `--- User's message ---`,
+      trimmedText,
+      `---`
+    ].filter((l) => l !== null).join("\n");
+    const inbound = {
+      from: `telegram-bridge@telegram.local`,
+      to: agent.email,
+      subject,
+      text: body,
+      html: void 0,
+      // Use the Telegram-provided send time so the inbox ordering matches
+      // when the user actually pressed Send, not when the bridge ran.
+      date: parsed.date ? new Date(parsed.date) : /* @__PURE__ */ new Date(),
+      messageId: `<tg-${parsed.chatId}-${parsed.messageId}@telegram.local>`
+    };
     try {
-      this.db.exec(`
-        CREATE TABLE IF NOT EXISTS telegram_messages (
-          id TEXT PRIMARY KEY,
-          agent_id TEXT NOT NULL,
-          direction TEXT NOT NULL CHECK(direction IN ('inbound', 'outbound')),
-          chat_id TEXT NOT NULL,
-          telegram_message_id INTEGER,
-          from_id TEXT,
-          text TEXT NOT NULL,
-          status TEXT NOT NULL DEFAULT 'pending',
-          created_at TEXT NOT NULL DEFAULT (datetime('now')),
-          metadata TEXT DEFAULT '{}'
-        )
-      `);
+      await this.deliverInboundLocally(agentName, inbound);
+    } catch (err) {
+      console.warn(`[GatewayManager] Telegram \u2192 inbox bridge failed for ${agentName}: ${err.message}`);
+    }
+  }
+  // --- Lifecycle ---
+  async shutdown() {
+    await this.relay.shutdown();
+    this.tunnel?.stop();
+    for (const poller of this.smsPollers.values()) {
+      poller.stopPolling();
+    }
+    this.smsPollers.clear();
+    for (const poller of this.telegramPollers.values()) {
       try {
-        this.db.exec("CREATE INDEX IF NOT EXISTS idx_telegram_agent ON telegram_messages(agent_id)");
+        void poller.stop();
       } catch {
       }
+    }
+    this.telegramPollers.clear();
+  }
+  /**
+   * Resume gateway from saved config (e.g., after server restart).
+   *
+   * Issue #31 — On a Docker container restart the API can come up
+   * before Stalwart / Gmail IMAP / DNS is reachable, so the very first
+   * setup() can fail with a transient network error. Previously that
+   * single failure was logged and never retried, leaving polling
+   * permanently dead until someone noticed and manually revived the
+   * relay. We now schedule background retries with exponential backoff
+   * (5s, 10s, 20s, 40s, 60s cap, indefinite) so the relay
+   * self-recovers as soon as the dependency is reachable again.
+   */
+  async resume() {
+    if (this.config.mode === "relay" && this.config.relay) {
       try {
-        this.db.exec("CREATE INDEX IF NOT EXISTS idx_telegram_chat ON telegram_messages(chat_id)");
-      } catch {
+        await this._resumeRelayOnce();
+      } catch (err) {
+        console.error("[GatewayManager] Initial relay resume failed; scheduling retries:", formatPollError(err));
+        this._scheduleRelayResumeRetry();
       }
+    }
+    if (this.smsManager && this.accountManager) {
       try {
-        this.db.exec("CREATE INDEX IF NOT EXISTS idx_telegram_created ON telegram_messages(created_at)");
-      } catch {
+        await this.startSmsPollers();
+      } catch (err) {
+        console.error("[GatewayManager] Failed to start SMS pollers:", err);
       }
-      this.initialized = true;
-    } catch {
-      this.initialized = true;
     }
-  }
-  /** Encrypt the credential fields of a config before persisting. */
-  encryptConfig(config) {
-    if (!this.encryptionKey) return config;
-    const out = { ...config };
-    for (const field of TELEGRAM_SECRET_FIELDS) {
-      const value = out[field];
-      if (typeof value === "string" && value && !isEncryptedSecret(value)) {
-        out[field] = encryptSecret(value, this.encryptionKey);
+    if (this.telegramManager && this.accountManager) {
+      try {
+        await this.startTelegramPollers();
+      } catch (err) {
+        console.error("[GatewayManager] Failed to start Telegram pollers:", err);
       }
     }
-    return out;
-  }
-  /** Decrypt the credential fields of a config after loading. */
-  decryptConfig(config) {
-    if (!this.encryptionKey) return config;
-    const out = { ...config };
-    for (const field of TELEGRAM_SECRET_FIELDS) {
-      const value = out[field];
-      if (typeof value === "string" && isEncryptedSecret(value)) {
-        try {
-          out[field] = decryptSecret(value, this.encryptionKey);
-        } catch {
+    if (this.config.mode === "domain" && this.config.domain) {
+      try {
+        this.cfClient = new CloudflareClient(
+          this.config.domain.cloudflareApiToken,
+          this.config.domain.cloudflareAccountId
+        );
+        this.dnsConfigurator = new DNSConfigurator(this.cfClient);
+        this.tunnel = new TunnelManager(this.cfClient);
+        this.domainPurchaser = new DomainPurchaser(this.cfClient);
+        if (this.config.domain.tunnelToken) {
+          await this.tunnel.start(this.config.domain.tunnelToken);
         }
+      } catch (err) {
+        console.error("[GatewayManager] Failed to resume domain mode:", err);
       }
     }
-    return out;
-  }
-  /** Normalize a stored/loaded config object, defaulting missing fields. */
-  normalizeConfig(raw) {
-    return {
-      enabled: raw.enabled === true,
-      botToken: typeof raw.botToken === "string" ? raw.botToken : "",
-      botUsername: typeof raw.botUsername === "string" ? raw.botUsername : void 0,
-      botId: typeof raw.botId === "number" ? raw.botId : void 0,
-      allowedChatIds: Array.isArray(raw.allowedChatIds) ? raw.allowedChatIds.map((c) => String(c).trim()).filter(Boolean) : [],
-      operatorChatId: typeof raw.operatorChatId === "string" && raw.operatorChatId.trim() ? raw.operatorChatId.trim() : void 0,
-      mode: raw.mode === "webhook" ? "webhook" : "poll",
-      webhookUrl: typeof raw.webhookUrl === "string" ? raw.webhookUrl : void 0,
-      webhookSecret: typeof raw.webhookSecret === "string" ? raw.webhookSecret : void 0,
-      pollOffset: typeof raw.pollOffset === "number" ? raw.pollOffset : 0,
-      configuredAt: typeof raw.configuredAt === "string" ? raw.configuredAt : (/* @__PURE__ */ new Date()).toISOString()
-    };
-  }
-  /** Get the Telegram config from agent metadata (credentials decrypted). */
-  getConfig(agentId) {
-    const row = this.db.prepare("SELECT metadata FROM agents WHERE id = ?").get(agentId);
-    if (!row) return null;
-    try {
-      const meta = JSON.parse(row.metadata || "{}");
-      if (!meta.telegram || typeof meta.telegram !== "object") return null;
-      return this.decryptConfig(this.normalizeConfig(meta.telegram));
-    } catch {
-      return null;
-    }
   }
-  /** Save the Telegram config to agent metadata (credentials encrypted). */
-  saveConfig(agentId, config) {
-    const row = this.db.prepare("SELECT metadata FROM agents WHERE id = ?").get(agentId);
-    if (!row) throw new Error(`Agent ${agentId} not found`);
-    let meta;
-    try {
-      meta = JSON.parse(row.metadata || "{}");
-    } catch {
-      meta = {};
+  // ─── Issue #31 helpers — resume retry with backoff ───
+  _resumeRetryTimer = null;
+  _resumeRetryAttempt = 0;
+  async _resumeRelayOnce() {
+    if (!this.config.relay) throw new Error("No relay config to resume");
+    await this.relay.setup(this.config.relay);
+    const savedUid = this.loadLastSeenUid();
+    if (savedUid > 0) {
+      this.relay.setLastSeenUid(savedUid);
+      console.log(`[GatewayManager] Restored lastSeenUid=${savedUid} from database`);
     }
-    meta.telegram = this.encryptConfig(config);
-    this.db.prepare("UPDATE agents SET metadata = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(meta), agentId);
-  }
-  /** Remove the Telegram config from agent metadata. */
-  removeConfig(agentId) {
-    const row = this.db.prepare("SELECT metadata FROM agents WHERE id = ?").get(agentId);
-    if (!row) return;
-    let meta;
-    try {
-      meta = JSON.parse(row.metadata || "{}");
-    } catch {
-      meta = {};
+    this.relay.onUidAdvance = (uid) => this.saveLastSeenUid(uid);
+    await this.relay.startPolling();
+    if (this._resumeRetryAttempt > 0) {
+      console.log(`[GatewayManager] Relay polling resumed after ${this._resumeRetryAttempt} retry attempt${this._resumeRetryAttempt !== 1 ? "s" : ""}`);
     }
-    delete meta.telegram;
-    this.db.prepare("UPDATE agents SET metadata = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(meta), agentId);
+    this._resumeRetryAttempt = 0;
   }
-  /** Persist a new poll offset without touching the rest of the config. */
-  updatePollOffset(agentId, offset) {
-    const config = this.getConfig(agentId);
-    if (!config) return;
-    config.pollOffset = offset;
-    this.saveConfig(agentId, config);
+  _scheduleRelayResumeRetry() {
+    if (this._resumeRetryTimer) return;
+    this._resumeRetryAttempt++;
+    const base = Math.min(5e3 * Math.pow(2, this._resumeRetryAttempt - 1), 6e4);
+    const jitter = base * (0.8 + Math.random() * 0.4);
+    const delay = Math.round(jitter);
+    console.log(`[GatewayManager] Will retry relay resume in ${(delay / 1e3).toFixed(1)}s (attempt ${this._resumeRetryAttempt + 1})`);
+    this._resumeRetryTimer = setTimeout(async () => {
+      this._resumeRetryTimer = null;
+      if (this.config.mode !== "relay" || !this.config.relay) return;
+      try {
+        await this._resumeRelayOnce();
+      } catch (err) {
+        console.error(`[GatewayManager] Relay resume retry ${this._resumeRetryAttempt} failed:`, formatPollError(err));
+        this._scheduleRelayResumeRetry();
+      }
+    }, delay);
   }
-  /**
-   * Resolve the agent that owns a webhook secret. Used to authenticate +
-   * route an inbound Telegram webhook delivery: a webhook carries no bot
-   * identity, so the `X-Telegram-Bot-Api-Secret-Token` header is the
-   * routing key. The comparison is constant-time, and a non-match
-   * returns `null` so the route can answer with a single uniform 403
-   * (no enumeration oracle — same posture as the SMS webhook).
-   */
-  findAgentByWebhookSecret(secret) {
-    const provided = String(secret ?? "");
-    if (!provided) return null;
-    const rows = this.db.prepare("SELECT id, metadata FROM agents").all();
-    for (const row of rows) {
+  // --- Persistence ---
+  loadConfig() {
+    const row = this.db.prepare("SELECT * FROM gateway_config WHERE id = ?").get("default");
+    if (row) {
       try {
-        const meta = JSON.parse(row.metadata || "{}");
-        if (!meta.telegram || typeof meta.telegram !== "object") continue;
-        const config = this.decryptConfig(this.normalizeConfig(meta.telegram));
-        if (!config.enabled || !config.webhookSecret) continue;
-        if (safeEqual(provided, config.webhookSecret)) {
-          return { agentId: row.id, config };
+        const parsed = JSON.parse(row.config);
+        if (this.encryptionKey) {
+          if (parsed.relay?.password) {
+            try {
+              parsed.relay.password = decryptSecret(parsed.relay.password, this.encryptionKey);
+            } catch {
+            }
+          }
+          if (parsed.relay?.appPassword) {
+            try {
+              parsed.relay.appPassword = decryptSecret(parsed.relay.appPassword, this.encryptionKey);
+            } catch {
+            }
+          }
+          if (parsed.domain?.cloudflareApiToken) {
+            try {
+              parsed.domain.cloudflareApiToken = decryptSecret(parsed.domain.cloudflareApiToken, this.encryptionKey);
+            } catch {
+            }
+          }
+          if (parsed.domain?.tunnelToken) {
+            try {
+              parsed.domain.tunnelToken = decryptSecret(parsed.domain.tunnelToken, this.encryptionKey);
+            } catch {
+            }
+          }
+          if (parsed.domain?.inboundSecret) {
+            try {
+              parsed.domain.inboundSecret = decryptSecret(parsed.domain.inboundSecret, this.encryptionKey);
+            } catch {
+            }
+          }
+          if (parsed.domain?.outboundSecret) {
+            try {
+              parsed.domain.outboundSecret = decryptSecret(parsed.domain.outboundSecret, this.encryptionKey);
+            } catch {
+            }
+          }
         }
+        this.config = {
+          mode: row.mode,
+          ...parsed
+        };
       } catch {
+        this.config = { mode: "none" };
       }
     }
-    return null;
   }
-  /** True if an inbound message with this Telegram id is already stored. */
-  inboundMessageExists(agentId, chatId, telegramMessageId) {
-    const row = this.db.prepare(
-      "SELECT 1 FROM telegram_messages WHERE agent_id = ? AND direction = ? AND chat_id = ? AND telegram_message_id = ? LIMIT 1"
-    ).get(agentId, "inbound", String(chatId), telegramMessageId);
-    return !!row;
+  saveConfig() {
+    const { mode, ...rest } = this.config;
+    const toStore = JSON.parse(JSON.stringify(rest));
+    if (this.encryptionKey) {
+      if (toStore.relay?.password) {
+        toStore.relay.password = encryptSecret(toStore.relay.password, this.encryptionKey);
+      }
+      if (toStore.relay?.appPassword) {
+        toStore.relay.appPassword = encryptSecret(toStore.relay.appPassword, this.encryptionKey);
+      }
+      if (toStore.domain?.cloudflareApiToken) {
+        toStore.domain.cloudflareApiToken = encryptSecret(toStore.domain.cloudflareApiToken, this.encryptionKey);
+      }
+      if (toStore.domain?.tunnelToken) {
+        toStore.domain.tunnelToken = encryptSecret(toStore.domain.tunnelToken, this.encryptionKey);
+      }
+      if (toStore.domain?.inboundSecret) {
+        toStore.domain.inboundSecret = encryptSecret(toStore.domain.inboundSecret, this.encryptionKey);
+      }
+      if (toStore.domain?.outboundSecret) {
+        toStore.domain.outboundSecret = encryptSecret(toStore.domain.outboundSecret, this.encryptionKey);
+      }
+    }
+    this.db.prepare(`
+      INSERT OR REPLACE INTO gateway_config (id, mode, config)
+      VALUES ('default', ?, ?)
+    `).run(mode, JSON.stringify(toStore));
+  }
+  saveLastSeenUid(uid) {
+    this.db.prepare(`
+      INSERT OR REPLACE INTO config (key, value) VALUES ('relay_last_seen_uid', ?)
+    `).run(String(uid));
+  }
+  loadLastSeenUid() {
+    const row = this.db.prepare("SELECT value FROM config WHERE key = ?").get("relay_last_seen_uid");
+    return row ? parseInt(row.value, 10) || 0 : 0;
+  }
+};
+function parseAddressString(addr) {
+  const match = addr.match(/^(.+?)\s*<([^>]+)>$/);
+  if (match) {
+    return { name: match[1].trim(), address: match[2].trim() };
+  }
+  return { address: addr.trim() };
+}
+function inboundToParsedEmail(mail) {
+  return {
+    messageId: mail.messageId || "",
+    subject: mail.subject || "",
+    from: [parseAddressString(mail.from)],
+    to: [parseAddressString(mail.to)],
+    date: mail.date || /* @__PURE__ */ new Date(),
+    text: mail.text,
+    html: mail.html,
+    inReplyTo: mail.inReplyTo,
+    references: mail.references,
+    attachments: (mail.attachments ?? []).map((a) => ({
+      filename: a.filename,
+      contentType: a.contentType,
+      size: a.size,
+      content: a.content
+    })),
+    headers: /* @__PURE__ */ new Map()
+  };
+}
+
+// src/gateway/relay-bridge.ts
+import { createServer } from "http";
+import { createTransport } from "nodemailer";
+var RelayBridge = class {
+  server = null;
+  options;
+  constructor(options) {
+    this.options = options;
   }
-  /** Record an inbound Telegram message. */
-  recordInbound(agentId, input, metadata) {
-    const id = `tg_in_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
-    const createdAt = input.createdAt || (/* @__PURE__ */ new Date()).toISOString();
-    this.db.prepare(
-      "INSERT INTO telegram_messages (id, agent_id, direction, chat_id, telegram_message_id, from_id, text, status, created_at, metadata) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
-    ).run(
-      id,
-      agentId,
-      "inbound",
-      String(input.chatId),
-      input.telegramMessageId,
-      input.fromId ?? null,
-      input.text,
-      "received",
-      createdAt,
-      JSON.stringify(metadata ?? {})
-    );
-    return {
-      id,
-      agentId,
-      direction: "inbound",
-      chatId: String(input.chatId),
-      telegramMessageId: input.telegramMessageId,
-      fromId: input.fromId,
-      text: input.text,
-      status: "received",
-      createdAt,
-      metadata
-    };
+  async start() {
+    return new Promise((resolve2, reject) => {
+      this.server = createServer((req, res) => this.handleRequest(req, res));
+      this.server.listen(this.options.port, "127.0.0.1", () => {
+        console.log(`[RelayBridge] Listening on 127.0.0.1:${this.options.port}`);
+        resolve2();
+      });
+      this.server.on("error", reject);
+    });
   }
-  /** Record an outbound Telegram message attempt. */
-  recordOutbound(agentId, input, metadata) {
-    const id = `tg_out_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
-    const createdAt = (/* @__PURE__ */ new Date()).toISOString();
-    const status = input.status ?? "sent";
-    this.db.prepare(
-      "INSERT INTO telegram_messages (id, agent_id, direction, chat_id, telegram_message_id, from_id, text, status, created_at, metadata) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
-    ).run(
-      id,
-      agentId,
-      "outbound",
-      String(input.chatId),
-      input.telegramMessageId ?? null,
-      null,
-      input.text,
-      status,
-      createdAt,
-      JSON.stringify(metadata ?? {})
-    );
-    return {
-      id,
-      agentId,
-      direction: "outbound",
-      chatId: String(input.chatId),
-      telegramMessageId: input.telegramMessageId,
-      text: input.text,
-      status,
-      createdAt,
-      metadata
-    };
+  stop() {
+    this.server?.close();
+    this.server = null;
   }
-  /** Update the status (+ optional metadata) of a stored message. */
-  updateStatus(id, status, metadata) {
-    if (metadata) {
-      this.db.prepare("UPDATE telegram_messages SET status = ?, metadata = ? WHERE id = ?").run(status, JSON.stringify(metadata), id);
+  async handleRequest(req, res) {
+    if (req.method !== "POST" || req.url !== "/send") {
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Not found" }));
       return;
     }
-    this.db.prepare("UPDATE telegram_messages SET status = ? WHERE id = ?").run(status, id);
-  }
-  /** List stored Telegram messages for an agent, newest first. */
-  listMessages(agentId, opts) {
-    const limit = Math.min(Math.max(opts?.limit ?? 20, 1), 100);
-    const offset = Math.max(opts?.offset ?? 0, 0);
-    let query = "SELECT * FROM telegram_messages WHERE agent_id = ?";
-    const params = [agentId];
-    if (opts?.direction === "inbound" || opts?.direction === "outbound") {
-      query += " AND direction = ?";
-      params.push(opts.direction);
+    const secret = req.headers["x-relay-secret"];
+    if (secret !== this.options.secret) {
+      res.writeHead(401, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Unauthorized" }));
+      return;
     }
-    if (opts?.chatId) {
-      query += " AND chat_id = ?";
-      params.push(String(opts.chatId));
+    let body = "";
+    for await (const chunk of req) body += chunk;
+    try {
+      const payload = JSON.parse(body);
+      const result = await this.submitToStalwart(payload);
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify(result));
+    } catch (err) {
+      console.error("[RelayBridge] Delivery failed:", err.message);
+      res.writeHead(500, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: err.message }));
+    }
+  }
+  async submitToStalwart(payload) {
+    const { from, to, subject, text, html, replyTo, inReplyTo, references } = payload;
+    const recipients = Array.isArray(to) ? to : [to];
+    debug("RelayBridge", `Submitting to Stalwart: ${from} \u2192 ${recipients.join(", ")}`);
+    const transport = createTransport({
+      host: this.options.smtpHost ?? "127.0.0.1",
+      port: this.options.smtpPort ?? 587,
+      secure: false,
+      auth: {
+        user: this.options.smtpUser,
+        pass: this.options.smtpPass
+      },
+      tls: { rejectUnauthorized: false }
+    });
+    try {
+      const info = await transport.sendMail({
+        from,
+        to: recipients.join(", "),
+        subject,
+        text: text || void 0,
+        html: html || void 0,
+        replyTo: replyTo || void 0,
+        inReplyTo: inReplyTo || void 0,
+        references: references || void 0,
+        headers: {
+          "X-Mailer": "AgenticMail/1.0"
+        }
+      });
+      debug("RelayBridge", `Queued: ${info.messageId} \u2192 ${info.response}`);
+      return {
+        ok: true,
+        messageId: info.messageId,
+        response: info.response
+      };
+    } finally {
+      transport.close();
     }
-    query += " ORDER BY created_at DESC, id DESC LIMIT ? OFFSET ?";
-    params.push(limit, offset);
-    return this.db.prepare(query).all(...params).map((row) => ({
-      id: row.id,
-      agentId: row.agent_id,
-      direction: row.direction,
-      chatId: row.chat_id,
-      telegramMessageId: row.telegram_message_id ?? void 0,
-      fromId: row.from_id ?? void 0,
-      text: row.text,
-      status: row.status,
-      createdAt: row.created_at,
-      metadata: row.metadata ? JSON.parse(row.metadata) : void 0
-    }));
   }
 };
-
-// src/telegram/operator-query.ts
-var TELEGRAM_OPERATOR_QUERY_TAG = "AMQ";
-var QUERY_ID_RE = /(oq_[A-Za-z0-9-]+)/;
-var QUERY_TAG_RE = new RegExp(`\\[${TELEGRAM_OPERATOR_QUERY_TAG}\\s+(oq_[A-Za-z0-9-]+)\\]`);
-function formatOperatorQueryTelegramMessage(input) {
-  const lines = [];
-  lines.push(input.urgency === "high" ? "\u{1F534} Your agent needs an answer to continue a live call (URGENT)." : "\u{1F7E1} Your agent needs an answer to continue a live call.");
-  lines.push("");
-  lines.push(`Question: ${input.question}`);
-  if (input.callContext) lines.push(`Context: ${input.callContext}`);
-  lines.push("");
-  lines.push("Reply to this message with your answer. You can also send:");
-  lines.push(`  /answer ${input.queryId} <your answer>`);
-  lines.push(`  /approve ${input.queryId}   \xB7   /deny ${input.queryId}`);
-  lines.push("");
-  lines.push(`[${TELEGRAM_OPERATOR_QUERY_TAG} ${input.queryId}]`);
-  return lines.join("\n");
+function startRelayBridge(options) {
+  const bridge = new RelayBridge(options);
+  bridge.start().catch((err) => {
+    console.error("[RelayBridge] Failed to start:", err);
+  });
+  return bridge;
 }
-function parseTelegramOperatorReply(input) {
-  const text = (input.text ?? "").trim();
-  if (!text) return null;
-  const quotedTag = input.replyToText ? QUERY_TAG_RE.exec(input.replyToText) : null;
-  const quotedQueryId = quotedTag?.[1];
-  const answerCmd = /^\/answer(?:@\w+)?\s+(oq_[A-Za-z0-9-]+)\s+([\s\S]+)$/i.exec(text);
-  if (answerCmd) {
-    return { queryId: answerCmd[1], answer: answerCmd[2].trim(), kind: "answer" };
-  }
-  const decisionCmd = /^\/(approve|deny)(?:@\w+)?\b([\s\S]*)$/i.exec(text);
-  if (decisionCmd) {
-    const kind = decisionCmd[1].toLowerCase() === "approve" ? "approve" : "deny";
-    const rest = decisionCmd[2].trim();
-    const inlineId2 = QUERY_ID_RE.exec(rest)?.[1];
-    const note = rest.replace(QUERY_ID_RE, "").trim();
-    const answer2 = (kind === "approve" ? "Approved" : "Denied") + (note ? `: ${note}` : ".");
-    return { queryId: inlineId2 ?? quotedQueryId, answer: answer2, kind };
+
+// src/gateway/types.ts
+var RELAY_PRESETS = {
+  gmail: {
+    smtpHost: "smtp.gmail.com",
+    smtpPort: 587,
+    imapHost: "imap.gmail.com",
+    imapPort: 993
+  },
+  outlook: {
+    smtpHost: "smtp.office365.com",
+    smtpPort: 587,
+    imapHost: "outlook.office365.com",
+    imapPort: 993
   }
-  const inlineId = QUERY_TAG_RE.exec(text)?.[1] ?? QUERY_ID_RE.exec(text)?.[1];
-  const answer = text.replace(QUERY_TAG_RE, "").trim();
-  if (!answer) return null;
-  return { queryId: quotedQueryId ?? inlineId, answer, kind: "answer" };
-}
+};
 
 // src/phone/realtime.ts
 var ELKS_REALTIME_AUDIO_FORMATS = ["ulaw", "pcm_16000", "pcm_24000", "wav"];
@@ -6942,7 +7281,9 @@ var ElksRealtimeTransport = class {
   // Historical prefix — `elks-bye` / `elks-closed` etc. are matched by
   // long-standing call sites and tests; do not change.
   endReasonPrefix = "elks";
-  openaiAudioFormat = { type: "audio/pcm", rate: 24e3 };
+  // OpenAI rejects `format.rate` as an unknown parameter — `audio/pcm` is
+  // implicitly 24 kHz mono PCM16 in the current Realtime API.
+  openaiAudioFormat = { type: "audio/pcm" };
   parseInbound(raw) {
     const msg = parseElksRealtimeMessage(raw);
     if (msg.t === "hello") {
@@ -6973,9 +7314,9 @@ var TwilioRealtimeTransport = class {
   provider = "twilio";
   endReasonPrefix = "twilio";
   // µ-law @ 8 kHz — Twilio's native format; no transcode end to end.
-  // > `audio/pcmu` is the OpenAI GA Realtime µ-law format token; verify
-  // > against current OpenAI docs before the live smoke-test.
-  openaiAudioFormat = { type: "audio/pcmu", rate: 8e3 };
+  // OpenAI rejects `format.rate` as an unknown parameter; `audio/pcmu` is
+  // implicitly 8 kHz G.711 µ-law in the current Realtime API.
+  openaiAudioFormat = { type: "audio/pcmu" };
   /** Latched from the Twilio `start` frame; required on every outbound. */
   streamSid = "";
   /** The active `streamSid`, once the `start` frame has been seen. */
@@ -7335,7 +7676,7 @@ ${task}`);
   }
   return sections.join("\n\n");
 }
-var DEFAULT_REALTIME_AUDIO_FORMAT = { type: "audio/pcm", rate: REALTIME_AUDIO_SAMPLE_RATE };
+var DEFAULT_REALTIME_AUDIO_FORMAT = { type: "audio/pcm" };
 function buildRealtimeSessionConfig(opts) {
   const tools = opts.tools ?? [];
   const instructions = opts.instructions?.trim() || buildRealtimeInstructions({
@@ -7438,6 +7779,7 @@ var RealtimeVoiceBridge = class {
     if (this.ended || this.openaiReady) return;
     this.openaiReady = true;
     this.safeSend(this.openai, this.sessionConfig);
+    this.safeSend(this.openai, { type: "response.create" });
     for (const audio of this.pendingAudio.splice(0)) {
       this.safeSend(this.openai, { type: "input_audio_buffer.append", audio });
     }
@@ -8170,7 +8512,8 @@ function buildWebhookUrl(config, path2, missionId) {
   return url.toString();
 }
 function buildRealtimeStreamUrl(webhookBaseUrl, missionId, token) {
-  const url = new URL(`${apiBaseUrl(webhookBaseUrl)}${TWILIO_REALTIME_WS_PATH}`);
+  const root = webhookBaseUrl.replace(/\/+$/, "");
+  const url = new URL(`${root}${TWILIO_REALTIME_WS_PATH}`);
   url.protocol = url.protocol === "http:" ? "ws:" : "wss:";
   url.searchParams.set("missionId", missionId);
   url.searchParams.set("token", token);