@agenticmail/core 0.9.29 → 0.9.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.cjs +49 -0
  2. package/dist/index.d.cts +19 -0
  3. package/dist/index.d.ts +19 -0
  4. package/dist/index.js +49 -0
  5. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -13335,6 +13335,24 @@ var ServiceManager = class {
13335
13335
  "",
13336
13336
  'log "AgenticMail starting..."',
13337
13337
  "",
13338
+ "# v0.9.84 \u2014 source ~/.agenticmail/.env before exec so the API process",
13339
+ "# inherits AGENTICMAIL_MASTER_KEY, AGENTICMAIL_INBOUND_SECRET, the",
13340
+ "# Stalwart admin creds, and SMTP/IMAP/data-dir overrides. Without",
13341
+ "# this, launchd's child ran with only HOME / PATH / DATA_DIR (the",
13342
+ "# plist EnvironmentVariables block), so the API silently fell back",
13343
+ "# to a fresh-random INBOUND_SECRET on every boot and could not",
13344
+ "# decrypt master-key-protected secrets at all.",
13345
+ 'ENV_FILE="$HOME/.agenticmail/.env"',
13346
+ 'if [ -f "$ENV_FILE" ]; then',
13347
+ ' log "Sourcing $ENV_FILE"',
13348
+ " set -a # mark all sourced vars for export",
13349
+ " # shellcheck disable=SC1090",
13350
+ ' . "$ENV_FILE"',
13351
+ " set +a",
13352
+ "else",
13353
+ ' log "WARNING: $ENV_FILE not found \u2014 API will run with default config (no master key)."',
13354
+ "fi",
13355
+ "",
13338
13356
  "# Wait for Docker daemon (up to 10 minutes \u2014 Docker Desktop can be very slow on first boot)",
13339
13357
  "MAX_WAIT=600",
13340
13358
  "WAITED=0",
@@ -13760,6 +13778,16 @@ var SetupManager = class {
13760
13778
  if ((0, import_node_fs10.existsSync)(configPath)) {
13761
13779
  try {
13762
13780
  const existing = JSON.parse((0, import_node_fs10.readFileSync)(configPath, "utf-8"));
13781
+ let needsRewrite = false;
13782
+ if (!existing.inboundSecret) {
13783
+ existing.inboundSecret = `inb_${(0, import_node_crypto6.randomBytes)(24).toString("hex")}`;
13784
+ needsRewrite = true;
13785
+ }
13786
+ if (needsRewrite) {
13787
+ (0, import_node_fs10.writeFileSync)(configPath, JSON.stringify(existing, null, 2));
13788
+ (0, import_node_fs10.chmodSync)(configPath, 384);
13789
+ this.ensureEnvHasInboundSecret(envPath, existing.inboundSecret);
13790
+ }
13763
13791
  this.generateDockerFiles(existing);
13764
13792
  return { configPath, envPath, config: existing, isNew: false };
13765
13793
  } catch {
@@ -13770,8 +13798,10 @@ var SetupManager = class {
13770
13798
  }
13771
13799
  const masterKey = `mk_${(0, import_node_crypto6.randomBytes)(24).toString("hex")}`;
13772
13800
  const stalwartPassword = (0, import_node_crypto6.randomBytes)(16).toString("hex");
13801
+ const inboundSecret = `inb_${(0, import_node_crypto6.randomBytes)(24).toString("hex")}`;
13773
13802
  const config = {
13774
13803
  masterKey,
13804
+ inboundSecret,
13775
13805
  stalwart: {
13776
13806
  url: "http://localhost:8080",
13777
13807
  adminUser: "admin",
@@ -13790,6 +13820,7 @@ STALWART_ADMIN_PASSWORD=${stalwartPassword}
13790
13820
  STALWART_URL=http://localhost:8080
13791
13821
 
13792
13822
  AGENTICMAIL_MASTER_KEY=${masterKey}
13823
+ AGENTICMAIL_INBOUND_SECRET=${inboundSecret}
13793
13824
  AGENTICMAIL_API_PORT=3829
13794
13825
  AGENTICMAIL_DATA_DIR=${dataDir}
13795
13826
 
@@ -13803,6 +13834,24 @@ IMAP_PORT=143
13803
13834
  this.generateDockerFiles(config);
13804
13835
  return { configPath, envPath, config, isNew: true };
13805
13836
  }
13837
+ /**
13838
+ * Append `AGENTICMAIL_INBOUND_SECRET=...` to .env if the file does
13839
+ * not already contain that key. Used by the lazy-mint path to make
13840
+ * sure existing installs pick up the new secret on next boot
13841
+ * without clobbering anything the operator added.
13842
+ */
13843
+ ensureEnvHasInboundSecret(envPath, secret) {
13844
+ if (!(0, import_node_fs10.existsSync)(envPath)) return;
13845
+ try {
13846
+ const current = (0, import_node_fs10.readFileSync)(envPath, "utf-8");
13847
+ if (/^AGENTICMAIL_INBOUND_SECRET=/m.test(current)) return;
13848
+ const updated = current + (current.endsWith("\n") ? "" : "\n") + `AGENTICMAIL_INBOUND_SECRET=${secret}
13849
+ `;
13850
+ (0, import_node_fs10.writeFileSync)(envPath, updated);
13851
+ (0, import_node_fs10.chmodSync)(envPath, 384);
13852
+ } catch {
13853
+ }
13854
+ }
13806
13855
  /**
13807
13856
  * Generate docker-compose.yml and stalwart.toml in ~/.agenticmail/
13808
13857
  * with the correct admin password from config.
package/dist/index.d.cts CHANGED
@@ -4943,6 +4943,18 @@ declare class ServiceManager {
4943
4943
 
4944
4944
  interface SetupConfig {
4945
4945
  masterKey: string;
4946
+ /**
4947
+ * Shared secret the inbound-email webhook authenticates against
4948
+ * (`X-Inbound-Secret` header). Auto-minted at setup time and
4949
+ * persisted alongside `masterKey` so every API restart reuses the
4950
+ * same value — without this, the API generated a fresh secret on
4951
+ * every cold start and printed a noisy warning to the operator.
4952
+ *
4953
+ * Optional in the type for backward compatibility with existing
4954
+ * on-disk configs; {@link SetupManager.initConfig} lazy-mints it
4955
+ * into older configs the first time it loads them.
4956
+ */
4957
+ inboundSecret?: string;
4946
4958
  stalwart: {
4947
4959
  url: string;
4948
4960
  adminUser: string;
@@ -5004,6 +5016,13 @@ declare class SetupManager {
5004
5016
  * Always regenerates Docker files to keep passwords in sync.
5005
5017
  */
5006
5018
  initConfig(): SetupResult;
5019
+ /**
5020
+ * Append `AGENTICMAIL_INBOUND_SECRET=...` to .env if the file does
5021
+ * not already contain that key. Used by the lazy-mint path to make
5022
+ * sure existing installs pick up the new secret on next boot
5023
+ * without clobbering anything the operator added.
5024
+ */
5025
+ private ensureEnvHasInboundSecret;
5007
5026
  /**
5008
5027
  * Generate docker-compose.yml and stalwart.toml in ~/.agenticmail/
5009
5028
  * with the correct admin password from config.
package/dist/index.d.ts CHANGED
@@ -4943,6 +4943,18 @@ declare class ServiceManager {
4943
4943
 
4944
4944
  interface SetupConfig {
4945
4945
  masterKey: string;
4946
+ /**
4947
+ * Shared secret the inbound-email webhook authenticates against
4948
+ * (`X-Inbound-Secret` header). Auto-minted at setup time and
4949
+ * persisted alongside `masterKey` so every API restart reuses the
4950
+ * same value — without this, the API generated a fresh secret on
4951
+ * every cold start and printed a noisy warning to the operator.
4952
+ *
4953
+ * Optional in the type for backward compatibility with existing
4954
+ * on-disk configs; {@link SetupManager.initConfig} lazy-mints it
4955
+ * into older configs the first time it loads them.
4956
+ */
4957
+ inboundSecret?: string;
4946
4958
  stalwart: {
4947
4959
  url: string;
4948
4960
  adminUser: string;
@@ -5004,6 +5016,13 @@ declare class SetupManager {
5004
5016
  * Always regenerates Docker files to keep passwords in sync.
5005
5017
  */
5006
5018
  initConfig(): SetupResult;
5019
+ /**
5020
+ * Append `AGENTICMAIL_INBOUND_SECRET=...` to .env if the file does
5021
+ * not already contain that key. Used by the lazy-mint path to make
5022
+ * sure existing installs pick up the new secret on next boot
5023
+ * without clobbering anything the operator added.
5024
+ */
5025
+ private ensureEnvHasInboundSecret;
5007
5026
  /**
5008
5027
  * Generate docker-compose.yml and stalwart.toml in ~/.agenticmail/
5009
5028
  * with the correct admin password from config.
package/dist/index.js CHANGED
@@ -11671,6 +11671,24 @@ var ServiceManager = class {
11671
11671
  "",
11672
11672
  'log "AgenticMail starting..."',
11673
11673
  "",
11674
+ "# v0.9.84 \u2014 source ~/.agenticmail/.env before exec so the API process",
11675
+ "# inherits AGENTICMAIL_MASTER_KEY, AGENTICMAIL_INBOUND_SECRET, the",
11676
+ "# Stalwart admin creds, and SMTP/IMAP/data-dir overrides. Without",
11677
+ "# this, launchd's child ran with only HOME / PATH / DATA_DIR (the",
11678
+ "# plist EnvironmentVariables block), so the API silently fell back",
11679
+ "# to a fresh-random INBOUND_SECRET on every boot and could not",
11680
+ "# decrypt master-key-protected secrets at all.",
11681
+ 'ENV_FILE="$HOME/.agenticmail/.env"',
11682
+ 'if [ -f "$ENV_FILE" ]; then',
11683
+ ' log "Sourcing $ENV_FILE"',
11684
+ " set -a # mark all sourced vars for export",
11685
+ " # shellcheck disable=SC1090",
11686
+ ' . "$ENV_FILE"',
11687
+ " set +a",
11688
+ "else",
11689
+ ' log "WARNING: $ENV_FILE not found \u2014 API will run with default config (no master key)."',
11690
+ "fi",
11691
+ "",
11674
11692
  "# Wait for Docker daemon (up to 10 minutes \u2014 Docker Desktop can be very slow on first boot)",
11675
11693
  "MAX_WAIT=600",
11676
11694
  "WAITED=0",
@@ -12096,6 +12114,16 @@ var SetupManager = class {
12096
12114
  if (existsSync9(configPath)) {
12097
12115
  try {
12098
12116
  const existing = JSON.parse(readFileSync6(configPath, "utf-8"));
12117
+ let needsRewrite = false;
12118
+ if (!existing.inboundSecret) {
12119
+ existing.inboundSecret = `inb_${randomBytes3(24).toString("hex")}`;
12120
+ needsRewrite = true;
12121
+ }
12122
+ if (needsRewrite) {
12123
+ writeFileSync7(configPath, JSON.stringify(existing, null, 2));
12124
+ chmodSync2(configPath, 384);
12125
+ this.ensureEnvHasInboundSecret(envPath, existing.inboundSecret);
12126
+ }
12099
12127
  this.generateDockerFiles(existing);
12100
12128
  return { configPath, envPath, config: existing, isNew: false };
12101
12129
  } catch {
@@ -12106,8 +12134,10 @@ var SetupManager = class {
12106
12134
  }
12107
12135
  const masterKey = `mk_${randomBytes3(24).toString("hex")}`;
12108
12136
  const stalwartPassword = randomBytes3(16).toString("hex");
12137
+ const inboundSecret = `inb_${randomBytes3(24).toString("hex")}`;
12109
12138
  const config = {
12110
12139
  masterKey,
12140
+ inboundSecret,
12111
12141
  stalwart: {
12112
12142
  url: "http://localhost:8080",
12113
12143
  adminUser: "admin",
@@ -12126,6 +12156,7 @@ STALWART_ADMIN_PASSWORD=${stalwartPassword}
12126
12156
  STALWART_URL=http://localhost:8080
12127
12157
 
12128
12158
  AGENTICMAIL_MASTER_KEY=${masterKey}
12159
+ AGENTICMAIL_INBOUND_SECRET=${inboundSecret}
12129
12160
  AGENTICMAIL_API_PORT=3829
12130
12161
  AGENTICMAIL_DATA_DIR=${dataDir}
12131
12162
 
@@ -12139,6 +12170,24 @@ IMAP_PORT=143
12139
12170
  this.generateDockerFiles(config);
12140
12171
  return { configPath, envPath, config, isNew: true };
12141
12172
  }
12173
+ /**
12174
+ * Append `AGENTICMAIL_INBOUND_SECRET=...` to .env if the file does
12175
+ * not already contain that key. Used by the lazy-mint path to make
12176
+ * sure existing installs pick up the new secret on next boot
12177
+ * without clobbering anything the operator added.
12178
+ */
12179
+ ensureEnvHasInboundSecret(envPath, secret) {
12180
+ if (!existsSync9(envPath)) return;
12181
+ try {
12182
+ const current = readFileSync6(envPath, "utf-8");
12183
+ if (/^AGENTICMAIL_INBOUND_SECRET=/m.test(current)) return;
12184
+ const updated = current + (current.endsWith("\n") ? "" : "\n") + `AGENTICMAIL_INBOUND_SECRET=${secret}
12185
+ `;
12186
+ writeFileSync7(envPath, updated);
12187
+ chmodSync2(envPath, 384);
12188
+ } catch {
12189
+ }
12190
+ }
12142
12191
  /**
12143
12192
  * Generate docker-compose.yml and stalwart.toml in ~/.agenticmail/
12144
12193
  * with the correct admin password from config.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agenticmail/core",
3
- "version": "0.9.29",
3
+ "version": "0.9.30",
4
4
  "description": "Core SDK for AgenticMail — email, SMS, and phone call-control for AI agents",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",