npm - @agenticmail/core - Versions diffs - 0.9.4 → 0.9.5 - Mend

@agenticmail/core 0.9.4 → 0.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -78,7 +78,7 @@ var MailSender = class {
         const code = err?.responseCode ?? err?.code;
         const isTransient = typeof code === "number" && code >= 400 && code < 500 || code === "ECONNRESET" || code === "ETIMEDOUT" || code === "ESOCKET";
         if (!isTransient || attempt === MAX_RETRIES) throw err;
-        await new Promise((resolve) => setTimeout(resolve, 1e3 * (attempt + 1)));
+        await new Promise((resolve2) => setTimeout(resolve2, 1e3 * (attempt + 1)));
       }
     }
     throw lastError;
@@ -1010,20 +1010,20 @@ var StalwartAdmin = class {
     }
     try {
       const net = await import("net");
-      return await new Promise((resolve) => {
+      return await new Promise((resolve2) => {
         const smtpPort = parseInt(process.env.SMTP_PORT || "25", 10);
         const smtpHost = process.env.SMTP_HOST || "localhost";
         const socket = net.createConnection({ host: smtpHost, port: smtpPort, timeout: 3e3 }, () => {
           socket.destroy();
-          resolve(true);
+          resolve2(true);
         });
         socket.on("error", () => {
           socket.destroy();
-          resolve(false);
+          resolve2(false);
         });
         socket.on("timeout", () => {
           socket.destroy();
-          resolve(false);
+          resolve2(false);
         });
       });
     } catch {
@@ -1095,8 +1095,8 @@ var StalwartAdmin = class {
     }
     const { readFileSync: readFileSync7, writeFileSync: writeFileSync8 } = await import("fs");
     const { homedir: homedir11 } = await import("os");
-    const { join: join12 } = await import("path");
-    const configPath = join12(homedir11(), ".agenticmail", "stalwart.toml");
+    const { join: join13 } = await import("path");
+    const configPath = join13(homedir11(), ".agenticmail", "stalwart.toml");
     try {
       let config = readFileSync7(configPath, "utf-8");
       config = config.replace(/^hostname\s*=\s*"[^"]*"/m, `hostname = "${escapeTomlString(domain)}"`);
@@ -1110,14 +1110,14 @@ var StalwartAdmin = class {
   /** Path to the host-side stalwart.toml (mounted read-only into container) */
   get configPath() {
     const { homedir: homedir11 } = __require("os");
-    const { join: join12 } = __require("path");
-    return join12(homedir11(), ".agenticmail", "stalwart.toml");
+    const { join: join13 } = __require("path");
+    return join13(homedir11(), ".agenticmail", "stalwart.toml");
   }
   /** Path to host-side DKIM key directory */
   get dkimDir() {
     const { homedir: homedir11 } = __require("os");
-    const { join: join12 } = __require("path");
-    return join12(homedir11(), ".agenticmail");
+    const { join: join13 } = __require("path");
+    return join13(homedir11(), ".agenticmail");
   }
   /**
    * Create/reuse a DKIM signing key for a domain.
@@ -1220,9 +1220,9 @@ var StalwartAdmin = class {
   async configureOutboundRelay(config) {
     const { readFileSync: readFileSync7, writeFileSync: writeFileSync8 } = await import("fs");
     const { homedir: homedir11 } = await import("os");
-    const { join: join12 } = await import("path");
+    const { join: join13 } = await import("path");
     const routeName = config.routeName ?? "gmail";
-    const tomlPath = join12(homedir11(), ".agenticmail", "stalwart.toml");
+    const tomlPath = join13(homedir11(), ".agenticmail", "stalwart.toml");
     let toml = readFileSync7(tomlPath, "utf-8");
     toml = toml.replace(/\n\[queue\.route\.gmail\][\s\S]*?(?=\n\[|$)/, "");
     toml = toml.replace(/\n\[queue\.strategy\][\s\S]*?(?=\n\[|$)/, "");
@@ -2327,7 +2327,8 @@ var OUTBOUND_TEXT_RULES = [
 var HIGH_RISK_EXTENSIONS = /* @__PURE__ */ new Set([".pem", ".key", ".p12", ".pfx", ".env", ".credentials", ".keystore", ".jks", ".p8"]);
 var MEDIUM_RISK_EXTENSIONS = /* @__PURE__ */ new Set([".db", ".sqlite", ".sqlite3", ".sql", ".csv", ".tsv", ".json", ".yml", ".yaml", ".conf", ".config", ".ini"]);
 function stripHtmlTags(html) {
-  return html.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, "").replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "").replace(/<[^>]+>/g, "").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#0?39;/g, "'").replace(/&nbsp;/g, " ").replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16))).replace(/&#(\d+);/g, (_, dec) => String.fromCharCode(parseInt(dec, 10)));
+  const bounded = html.length > 1048576 ? html.slice(0, 1048576) : html;
+  return bounded.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, "").replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "").replace(/<[^>]+>/g, "").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#0?39;/g, "'").replace(/&nbsp;/g, " ").replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16))).replace(/&#(\d+);/g, (_, dec) => String.fromCharCode(parseInt(dec, 10)));
 }
 var TEXT_SCANNABLE_TYPES = /* @__PURE__ */ new Set([
   "text/plain",
@@ -3859,7 +3860,7 @@ var CloudflareClient = class {
   // --- Workers methods ---
   /** Deploy an Email Worker script (ES module format) */
   async deployEmailWorker(scriptName, scriptContent, envVars = {}) {
-    const url = `${CF_API_BASE}/accounts/${this.accountId}/workers/scripts/${scriptName}`;
+    const url = `${CF_API_BASE}/accounts/${encodeURIComponent(this.accountId)}/workers/scripts/${encodeURIComponent(scriptName)}`;
     const bindings = Object.entries(envVars).map(([name, text2]) => ({
       type: "plain_text",
       name,
@@ -4277,7 +4278,7 @@ var TunnelManager = class {
       detached: false,
       env: { ...process.env, TUNNEL_TOKEN: tunnelToken }
     });
-    await new Promise((resolve, reject) => {
+    await new Promise((resolve2, reject) => {
       let resolved = false;
       const timeout = setTimeout(() => {
         if (!resolved) {
@@ -4291,7 +4292,7 @@ var TunnelManager = class {
           resolved = true;
           clearTimeout(timeout);
           this.running = true;
-          resolve();
+          resolve2();
         }
       };
       this.process.stderr?.on("data", onData);
@@ -4330,8 +4331,8 @@ var TunnelManager = class {
       this.process = null;
       p.kill("SIGTERM");
       await Promise.race([
-        new Promise((resolve) => p.on("exit", () => resolve())),
-        new Promise((resolve) => setTimeout(resolve, 5e3))
+        new Promise((resolve2) => p.on("exit", () => resolve2())),
+        new Promise((resolve2) => setTimeout(resolve2, 5e3))
       ]);
       this.running = false;
     }
@@ -4386,7 +4387,10 @@ function parseGoogleVoiceSms(emailBody, emailFrom) {
   if (!emailBody || typeof emailBody !== "string") return null;
   if (!emailFrom || typeof emailFrom !== "string") return null;
   const fromLower = emailFrom.toLowerCase();
-  const isGoogleVoice = fromLower.includes("voice-noreply@google.com") || fromLower.includes("@txt.voice.google.com") || fromLower.includes("voice.google.com") || fromLower.includes("google.com/voice") || fromLower.includes("google") && fromLower.includes("voice");
+  const atIdx = fromLower.lastIndexOf("@");
+  const domain = atIdx >= 0 ? fromLower.slice(atIdx + 1).replace(/[>"'\s].*$/, "") : "";
+  const isGoogleDomain = domain === "google.com" || domain.endsWith(".google.com");
+  const isGoogleVoice = isGoogleDomain && (fromLower.startsWith("voice-noreply@") || domain === "txt.voice.google.com" || domain === "voice.google.com" || domain.endsWith(".voice.google.com") || fromLower.includes("voice"));
   if (!isGoogleVoice) return null;
   let text = emailBody.replace(/<br\s*\/?>/gi, "\n").replace(/<\/p>/gi, "\n").replace(/<\/div>/gi, "\n").replace(/<[^>]+>/g, "").replace(/&nbsp;/gi, " ").replace(/&amp;/gi, "&").replace(/&lt;/gi, "<").replace(/&gt;/gi, ">").replace(/&quot;/gi, '"').replace(/&#39;/gi, "'").trim();
   let from = "";
@@ -5417,6 +5421,15 @@ var GatewayManager = class {
       bcc: mail.bcc ? Array.isArray(mail.bcc) ? mail.bcc.join(", ") : mail.bcc : void 0,
       subject: mail.subject,
       text: mail.text || void 0,
+      // The `html` field is the literal HTML body of the outbound
+      // mail — by design it is whatever the sender chose to compose.
+      // CodeQL `js/xss` flags this because the value flows from user
+      // input, but nodemailer is the SMTP serializer, not an HTML
+      // renderer; XSS would only occur if the recipient's MUA
+      // executed the body, which is outside our trust boundary.
+      // The outbound-guard (packages/core/src/mail/outbound-guard.ts)
+      // already scores HTML bodies for suspicious patterns at the
+      // pre-send step. lgtm[js/xss]
       html: mail.html || void 0,
       replyTo: mail.replyTo || from,
       inReplyTo: mail.inReplyTo || void 0,
@@ -5778,11 +5791,11 @@ var RelayBridge = class {
     this.options = options;
   }
   async start() {
-    return new Promise((resolve, reject) => {
+    return new Promise((resolve2, reject) => {
       this.server = createServer((req, res) => this.handleRequest(req, res));
       this.server.listen(this.options.port, "127.0.0.1", () => {
         console.log(`[RelayBridge] Listening on 127.0.0.1:${this.options.port}`);
-        resolve();
+        resolve2();
       });
       this.server.on("error", reject);
     });
@@ -5984,16 +5997,161 @@ try {
 } catch {
 }
+// src/util/safe-path.ts
+import { isAbsolute, join as join6, resolve, sep } from "path";
+var PathTraversalError = class extends Error {
+  constructor(baseDir, parts) {
+    super(
+      `path traversal attempt: ${JSON.stringify(parts)} resolves outside ${baseDir}`
+    );
+    this.baseDir = baseDir;
+    this.parts = parts;
+    this.name = "PathTraversalError";
+  }
+};
+function safeJoin(baseDir, ...partsAndOpts) {
+  let opts = {};
+  const parts = [];
+  for (const p of partsAndOpts) {
+    if (typeof p === "string") {
+      parts.push(p);
+    } else if (p && typeof p === "object") {
+      opts = p;
+    }
+  }
+  if (!opts.allowAbsolute) {
+    for (const part of parts) {
+      if (isAbsolute(part)) {
+        throw new PathTraversalError(baseDir, parts);
+      }
+    }
+  }
+  const resolvedBase = resolve(baseDir);
+  const resolved = resolve(resolvedBase, ...parts);
+  if (resolved !== resolvedBase && !resolved.startsWith(resolvedBase + sep)) {
+    throw new PathTraversalError(baseDir, parts);
+  }
+  return resolved;
+}
+function tryJoin(baseDir, ...parts) {
+  try {
+    return safeJoin(baseDir, ...parts);
+  } catch (err) {
+    if (err instanceof PathTraversalError) return null;
+    throw err;
+  }
+}
+function assertWithinBase(baseDir, candidate) {
+  const resolvedBase = resolve(baseDir);
+  const resolvedCandidate = resolve(candidate);
+  if (resolvedCandidate !== resolvedBase && !resolvedCandidate.startsWith(resolvedBase + sep)) {
+    throw new PathTraversalError(baseDir, [candidate]);
+  }
+  return resolvedCandidate;
+}
+// src/util/redact.ts
+var REDACTED = "***";
+function redactSecret(value) {
+  if (typeof value !== "string") return REDACTED;
+  if (value.length === 0) return REDACTED;
+  for (const prefix of ["mk_", "ak_", "sk-", "pk_", "tok_"]) {
+    if (value.startsWith(prefix)) return `${prefix}${REDACTED}`;
+  }
+  return REDACTED;
+}
+var SENSITIVE_KEY_PATTERNS = [
+  /key$/i,
+  /secret/i,
+  /password/i,
+  /passwd/i,
+  /token/i,
+  /authorization/i,
+  /bearer/i,
+  /\bapikey\b/i,
+  /\bapi_key\b/i,
+  /\bmasterkey\b/i,
+  /\bmaster_key\b/i
+];
+function looksSensitive(key) {
+  return SENSITIVE_KEY_PATTERNS.some((p) => p.test(key));
+}
+function redactObject(input, _depth = 0) {
+  if (_depth > 12) return input;
+  if (input === null || input === void 0) return input;
+  if (typeof input !== "object") return input;
+  if (Array.isArray(input)) {
+    return input.map((v) => redactObject(v, _depth + 1));
+  }
+  const proto = Object.getPrototypeOf(input);
+  if (proto !== Object.prototype && proto !== null) return input;
+  const out = {};
+  for (const [k, v] of Object.entries(input)) {
+    if (looksSensitive(k)) {
+      out[k] = typeof v === "string" ? redactSecret(v) : REDACTED;
+    } else {
+      out[k] = redactObject(v, _depth + 1);
+    }
+  }
+  return out;
+}
+// src/util/safe-url.ts
+var UnsafeApiUrlError = class extends Error {
+  constructor(raw, reason) {
+    super(`unsafe AgenticMail API URL ${JSON.stringify(raw)}: ${reason}`);
+    this.raw = raw;
+    this.reason = reason;
+    this.name = "UnsafeApiUrlError";
+  }
+};
+var BLOCKED_HOSTS = /* @__PURE__ */ new Set([
+  "169.254.169.254",
+  // AWS / Azure / GCP IPv4 metadata
+  "fd00:ec2::254",
+  // AWS IPv6 metadata
+  "metadata.google.internal",
+  // GCP DNS
+  "metadata.azure.internal"
+  // Azure DNS
+]);
+function validateApiUrl(raw) {
+  if (typeof raw !== "string" || raw.length === 0) {
+    throw new UnsafeApiUrlError(String(raw), "must be a non-empty string");
+  }
+  let parsed;
+  try {
+    parsed = new URL(raw);
+  } catch (err) {
+    throw new UnsafeApiUrlError(raw, `unparseable: ${err.message}`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new UnsafeApiUrlError(raw, `unsupported protocol: ${parsed.protocol}`);
+  }
+  const host = parsed.hostname.toLowerCase().replace(/\.$/, "");
+  if (BLOCKED_HOSTS.has(host)) {
+    throw new UnsafeApiUrlError(raw, `blocked metadata host: ${host}`);
+  }
+  if (parsed.username || parsed.password) {
+    throw new UnsafeApiUrlError(raw, "embedded credentials are not supported");
+  }
+  return parsed.origin;
+}
+function buildApiUrl(baseOrigin, pathAndQuery) {
+  const path = pathAndQuery.startsWith("/") ? pathAndQuery : `/${pathAndQuery}`;
+  return new URL(path, baseOrigin + "/").toString();
+}
 // src/setup/index.ts
 import { randomBytes as randomBytes3 } from "crypto";
 import { existsSync as existsSync7, readFileSync as readFileSync4, writeFileSync as writeFileSync5, mkdirSync as mkdirSync6, chmodSync as chmodSync2 } from "fs";
-import { join as join9 } from "path";
+import { join as join10 } from "path";
 import { homedir as homedir8 } from "os";
 // src/setup/deps.ts
 import { execFileSync } from "child_process";
 import { existsSync as existsSync4 } from "fs";
-import { join as join6 } from "path";
+import { join as join7 } from "path";
 import { homedir as homedir5 } from "os";
 var DependencyChecker = class {
   async checkAll() {
@@ -6044,7 +6202,7 @@ var DependencyChecker = class {
     }
   }
   async checkCloudflared() {
-    const binPath = join6(homedir5(), ".agenticmail", "bin", "cloudflared");
+    const binPath = join7(homedir5(), ".agenticmail", "bin", "cloudflared");
     if (existsSync4(binPath)) {
       let version;
       try {
@@ -6069,12 +6227,12 @@ var DependencyChecker = class {
 import { execFileSync as execFileSync2, execSync, spawn as spawnChild } from "child_process";
 import { existsSync as existsSync5, mkdirSync as mkdirSync4, symlinkSync } from "fs";
 import { writeFile, rename, chmod as chmod2, mkdir as mkdir2, unlink } from "fs/promises";
-import { join as join7 } from "path";
+import { join as join8 } from "path";
 import { homedir as homedir6, platform as platform3, arch as arch2 } from "os";
 function runShellWithRollingOutput(cmd, opts = {}) {
   const maxLines = opts.maxLines ?? 20;
   const timeout = opts.timeout ?? 3e5;
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const child = spawnChild("sh", ["-c", cmd], {
       stdio: ["ignore", "pipe", "pipe"],
       timeout
@@ -6116,7 +6274,7 @@ function runShellWithRollingOutput(cmd, opts = {}) {
         }
         process.stdout.write(`\x1B[${displayedCount}A`);
       }
-      resolve({ exitCode: code ?? 1, fullOutput });
+      resolve2({ exitCode: code ?? 1, fullOutput });
     });
     child.on("error", (err) => {
       if (displayedCount > 0) {
@@ -6132,7 +6290,7 @@ function runShellWithRollingOutput(cmd, opts = {}) {
 }
 function runSilent(command, args, opts = {}) {
   const timeout = opts.timeout ?? 3e5;
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const child = spawnChild(command, args, {
       stdio: ["ignore", "pipe", "pipe"],
       timeout
@@ -6144,7 +6302,7 @@ function runSilent(command, args, opts = {}) {
     child.stderr?.on("data", (d) => {
       fullOutput += d.toString();
     });
-    child.on("close", (code) => resolve({ exitCode: code ?? 1, fullOutput }));
+    child.on("close", (code) => resolve2({ exitCode: code ?? 1, fullOutput }));
     child.on("error", reject);
   });
 }
@@ -6246,8 +6404,8 @@ var DependencyInstaller = class {
     try {
       const composeBin = execFileSync2("which", ["docker-compose"], { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
       if (!composeBin) return;
-      const pluginDir = join7(homedir6(), ".docker", "cli-plugins");
-      const pluginPath = join7(pluginDir, "docker-compose");
+      const pluginDir = join8(homedir6(), ".docker", "cli-plugins");
+      const pluginPath = join8(pluginDir, "docker-compose");
       if (existsSync5(pluginPath)) return;
       try {
         mkdirSync4(pluginDir, { recursive: true });
@@ -6313,9 +6471,9 @@ var DependencyInstaller = class {
       return;
     }
     this.onProgress("__progress__:5:Installing Docker Engine...");
-    const tmpDir = join7(homedir6(), ".agenticmail", "tmp");
+    const tmpDir = join8(homedir6(), ".agenticmail", "tmp");
     await mkdir2(tmpDir, { recursive: true });
-    const scriptPath = join7(tmpDir, "install-docker.sh");
+    const scriptPath = join8(tmpDir, "install-docker.sh");
     const dlResult = await runShellWithRollingOutput(
       `curl -fsSL https://get.docker.com -o "${scriptPath}" && sudo sh "${scriptPath}"`,
       { timeout: 3e5 }
@@ -6383,7 +6541,7 @@ var DependencyInstaller = class {
       }
       try {
         const programFiles = process.env["ProgramFiles"] || "C:\\Program Files";
-        const dockerExe = join7(programFiles, "Docker", "Docker", "Docker Desktop.exe");
+        const dockerExe = join8(programFiles, "Docker", "Docker", "Docker Desktop.exe");
         if (existsSync5(dockerExe)) {
           execSync(`start "" "${dockerExe}"`, { timeout: 1e4, stdio: "ignore", shell: "cmd.exe" });
         }
@@ -6434,7 +6592,7 @@ var DependencyInstaller = class {
         this.onProgress("__progress__:70:Docker Desktop installed. Starting...");
         try {
           const programFiles = process.env["ProgramFiles"] || "C:\\Program Files";
-          const dockerExe = join7(programFiles, "Docker", "Docker", "Docker Desktop.exe");
+          const dockerExe = join8(programFiles, "Docker", "Docker", "Docker Desktop.exe");
           if (existsSync5(dockerExe)) {
             execSync(`start "" "${dockerExe}"`, { timeout: 1e4, stdio: "ignore", shell: "cmd.exe" });
           }
@@ -6531,9 +6689,9 @@ var DependencyInstaller = class {
    */
   async installCloudflared() {
     const os = platform3();
-    const binDir = join7(homedir6(), ".agenticmail", "bin");
+    const binDir = join8(homedir6(), ".agenticmail", "bin");
     const binName = os === "win32" ? "cloudflared.exe" : "cloudflared";
-    const binPath = join7(binDir, binName);
+    const binPath = join8(binDir, binName);
     if (existsSync5(binPath)) {
       return binPath;
     }
@@ -6563,7 +6721,7 @@ var DependencyInstaller = class {
     }
     const buffer = Buffer.from(await response.arrayBuffer());
     if (os === "darwin") {
-      const tgzPath = join7(binDir, "cloudflared.tgz");
+      const tgzPath = join8(binDir, "cloudflared.tgz");
       await writeFile(tgzPath, buffer);
       try {
         execFileSync2("tar", ["-xzf", tgzPath, "-C", binDir, "cloudflared"], { timeout: 15e3, stdio: "ignore" });
@@ -6599,7 +6757,7 @@ var DependencyInstaller = class {
 // src/setup/service.ts
 import { execFileSync as execFileSync3, execSync as execSync2 } from "child_process";
 import { existsSync as existsSync6, readFileSync as readFileSync3, writeFileSync as writeFileSync4, unlinkSync, mkdirSync as mkdirSync5, chmodSync } from "fs";
-import { join as join8 } from "path";
+import { join as join9 } from "path";
 import { homedir as homedir7, platform as platform4 } from "os";
 import { createRequire as createRequire2 } from "module";
 var PLIST_LABEL = "com.agenticmail.server";
@@ -6611,9 +6769,9 @@ var ServiceManager = class {
    */
   getServicePath() {
     if (this.os === "darwin") {
-      return join8(homedir7(), "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
+      return join9(homedir7(), "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
     } else {
-      return join8(homedir7(), ".config", "systemd", "user", SYSTEMD_UNIT);
+      return join9(homedir7(), ".config", "systemd", "user", SYSTEMD_UNIT);
     }
   }
   /**
@@ -6651,33 +6809,33 @@ var ServiceManager = class {
     } catch {
     }
     const parentPackages = [
-      join8("@agenticmail", "cli"),
+      join9("@agenticmail", "cli"),
       // current scoped package
       "agenticmail"
       // legacy unscoped package
     ];
     const baseDirs = [
       // user-local install
-      join8(homedir7(), "node_modules")
+      join9(homedir7(), "node_modules")
     ];
     try {
       const prefix = execSync2("npm prefix -g", { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
-      baseDirs.push(join8(prefix, "lib", "node_modules"));
-      baseDirs.push(join8(prefix, "node_modules"));
+      baseDirs.push(join9(prefix, "lib", "node_modules"));
+      baseDirs.push(join9(prefix, "node_modules"));
     } catch {
     }
     baseDirs.push("/opt/homebrew/lib/node_modules");
     baseDirs.push("/usr/local/lib/node_modules");
     for (const base of baseDirs) {
-      const sibling = join8(base, "@agenticmail", "api", "dist", "index.js");
+      const sibling = join9(base, "@agenticmail", "api", "dist", "index.js");
       if (existsSync6(sibling)) return sibling;
       for (const parent of parentPackages) {
-        const nested = join8(base, parent, "node_modules", "@agenticmail", "api", "dist", "index.js");
+        const nested = join9(base, parent, "node_modules", "@agenticmail", "api", "dist", "index.js");
         if (existsSync6(nested)) return nested;
       }
     }
-    const dataDir = join8(homedir7(), ".agenticmail");
-    const entryCache = join8(dataDir, "api-entry.path");
+    const dataDir = join9(homedir7(), ".agenticmail");
+    const entryCache = join9(dataDir, "api-entry.path");
     if (existsSync6(entryCache)) {
       const cached = readFileSync3(entryCache, "utf-8").trim();
       if (cached && existsSync6(cached)) return cached;
@@ -6688,9 +6846,9 @@ var ServiceManager = class {
    * Cache the API entry path so the service can find it later.
    */
   cacheApiEntryPath(entryPath) {
-    const dataDir = join8(homedir7(), ".agenticmail");
+    const dataDir = join9(homedir7(), ".agenticmail");
     if (!existsSync6(dataDir)) mkdirSync5(dataDir, { recursive: true });
-    writeFileSync4(join8(dataDir, "api-entry.path"), entryPath);
+    writeFileSync4(join9(dataDir, "api-entry.path"), entryPath);
   }
   /**
    * Get the current package version.
@@ -6711,7 +6869,7 @@ var ServiceManager = class {
     }
     try {
       const apiEntry = this.getApiEntryPath();
-      const apiPkg = join8(apiEntry, "..", "..", "package.json");
+      const apiPkg = join9(apiEntry, "..", "..", "package.json");
       if (existsSync6(apiPkg)) {
         const pkg = JSON.parse(readFileSync3(apiPkg, "utf-8"));
         if (pkg.version) return pkg.version;
@@ -6719,14 +6877,14 @@ var ServiceManager = class {
     } catch {
     }
     const candidates = [
-      join8(homedir7(), "node_modules", "@agenticmail", "cli", "package.json"),
-      join8(homedir7(), "node_modules", "agenticmail", "package.json"),
-      join8(homedir7(), ".agenticmail", "package-version.json")
+      join9(homedir7(), "node_modules", "@agenticmail", "cli", "package.json"),
+      join9(homedir7(), "node_modules", "agenticmail", "package.json"),
+      join9(homedir7(), ".agenticmail", "package-version.json")
     ];
     try {
       const prefix = execSync2("npm prefix -g", { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
-      candidates.push(join8(prefix, "lib", "node_modules", "@agenticmail", "cli", "package.json"));
-      candidates.push(join8(prefix, "lib", "node_modules", "agenticmail", "package.json"));
+      candidates.push(join9(prefix, "lib", "node_modules", "@agenticmail", "cli", "package.json"));
+      candidates.push(join9(prefix, "lib", "node_modules", "agenticmail", "package.json"));
     } catch {
     }
     for (const p of candidates) {
@@ -6745,8 +6903,8 @@ var ServiceManager = class {
    * This ensures AgenticMail doesn't fail on boot when Docker is still loading.
    */
   generateStartScript(nodePath, apiEntry) {
-    const scriptPath = join8(homedir7(), ".agenticmail", "bin", "start-server.sh");
-    const scriptDir = join8(homedir7(), ".agenticmail", "bin");
+    const scriptPath = join9(homedir7(), ".agenticmail", "bin", "start-server.sh");
+    const scriptDir = join9(homedir7(), ".agenticmail", "bin");
     if (!existsSync6(scriptDir)) mkdirSync5(scriptDir, { recursive: true });
     const script = [
       "#!/bin/bash",
@@ -6812,7 +6970,7 @@ var ServiceManager = class {
    */
   generatePlist(nodePath, apiEntry, configPath) {
     const config = JSON.parse(readFileSync3(configPath, "utf-8"));
-    const logDir = join8(homedir7(), ".agenticmail", "logs");
+    const logDir = join9(homedir7(), ".agenticmail", "logs");
     if (!existsSync6(logDir)) mkdirSync5(logDir, { recursive: true });
     const version = this.getVersion();
     const startScript = this.generateStartScript(nodePath, apiEntry);
@@ -6836,7 +6994,7 @@ var ServiceManager = class {
     <key>HOME</key>
     <string>${homedir7()}</string>
     <key>AGENTICMAIL_DATA_DIR</key>
-    <string>${config.dataDir || join8(homedir7(), ".agenticmail")}</string>
+    <string>${config.dataDir || join9(homedir7(), ".agenticmail")}</string>
     <key>PATH</key>
     <string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
     <key>AGENTICMAIL_SERVICE_VERSION</key>
@@ -6890,7 +7048,7 @@ var ServiceManager = class {
    */
   generateSystemdUnit(nodePath, apiEntry, configPath) {
     const config = JSON.parse(readFileSync3(configPath, "utf-8"));
-    const dataDir = config.dataDir || join8(homedir7(), ".agenticmail");
+    const dataDir = config.dataDir || join9(homedir7(), ".agenticmail");
     const version = this.getVersion();
     const startScript = this.generateStartScript(nodePath, apiEntry);
     return `[Unit]
@@ -6920,7 +7078,7 @@ WantedBy=default.target
    * Install the auto-start service.
    */
   install() {
-    const configPath = join8(homedir7(), ".agenticmail", "config.json");
+    const configPath = join9(homedir7(), ".agenticmail", "config.json");
     if (!existsSync6(configPath)) {
       return { installed: false, message: "Config not found. Run agenticmail setup first." };
     }
@@ -6933,7 +7091,7 @@ WantedBy=default.target
     }
     const servicePath = this.getServicePath();
     if (this.os === "darwin") {
-      const dir = join8(homedir7(), "Library", "LaunchAgents");
+      const dir = join9(homedir7(), "Library", "LaunchAgents");
       if (!existsSync6(dir)) mkdirSync5(dir, { recursive: true });
       if (existsSync6(servicePath)) {
         try {
@@ -6951,7 +7109,7 @@ WantedBy=default.target
       }
       return { installed: true, message: `Service installed at ${servicePath}` };
     } else if (this.os === "linux") {
-      const dir = join8(homedir7(), ".config", "systemd", "user");
+      const dir = join9(homedir7(), ".config", "systemd", "user");
       if (!existsSync6(dir)) mkdirSync5(dir, { recursive: true });
       const unit = this.generateSystemdUnit(nodePath, apiEntry, configPath);
       writeFileSync4(servicePath, unit);
@@ -7077,7 +7235,7 @@ WantedBy=default.target
     } catch {
       return { reason: "Service file unreadable" };
     }
-    const startScript = join8(homedir7(), ".agenticmail", "bin", "start-server.sh");
+    const startScript = join9(homedir7(), ".agenticmail", "bin", "start-server.sh");
     if (serviceContent.includes(startScript)) {
       if (!existsSync6(startScript)) {
         return { reason: "start-server.sh is missing" };
@@ -7110,7 +7268,7 @@ WantedBy=default.target
         return { reason: `Service version drift (current CLI is v${currentVersion})` };
       }
     }
-    const entryCache = join8(homedir7(), ".agenticmail", "api-entry.path");
+    const entryCache = join9(homedir7(), ".agenticmail", "api-entry.path");
     if (existsSync6(entryCache)) {
       try {
         const cached = readFileSync3(entryCache, "utf-8").trim();
@@ -7165,12 +7323,12 @@ var SetupManager = class {
    * falls back to monorepo location.
    */
   getComposePath() {
-    const standalonePath = join9(homedir8(), ".agenticmail", "docker-compose.yml");
+    const standalonePath = join10(homedir8(), ".agenticmail", "docker-compose.yml");
     if (existsSync7(standalonePath)) return standalonePath;
     const cwd = process.cwd();
-    const candidates = [cwd, join9(cwd, "..")];
+    const candidates = [cwd, join10(cwd, "..")];
     for (const dir of candidates) {
-      const p = join9(dir, "docker-compose.yml");
+      const p = join10(dir, "docker-compose.yml");
       if (existsSync7(p)) return p;
     }
     return standalonePath;
@@ -7181,9 +7339,9 @@ var SetupManager = class {
    * Always regenerates Docker files to keep passwords in sync.
    */
   initConfig() {
-    const dataDir = join9(homedir8(), ".agenticmail");
-    const configPath = join9(dataDir, "config.json");
-    const envPath = join9(dataDir, ".env");
+    const dataDir = join10(homedir8(), ".agenticmail");
+    const configPath = join10(dataDir, "config.json");
+    const envPath = join10(dataDir, ".env");
     if (existsSync7(configPath)) {
       try {
         const existing = JSON.parse(readFileSync4(configPath, "utf-8"));
@@ -7235,12 +7393,12 @@ IMAP_PORT=143
    * with the correct admin password from config.
    */
   generateDockerFiles(config) {
-    const dataDir = config.dataDir || join9(homedir8(), ".agenticmail");
+    const dataDir = config.dataDir || join10(homedir8(), ".agenticmail");
     if (!existsSync7(dataDir)) {
       mkdirSync6(dataDir, { recursive: true });
     }
     const password = config.stalwart?.adminPassword || "changeme";
-    const composePath = join9(dataDir, "docker-compose.yml");
+    const composePath = join10(dataDir, "docker-compose.yml");
     writeFileSync5(composePath, `services:
   stalwart:
     # Pinned to v0.15.5 \u2014 Stalwart 0.16+ moved its config to JSON
@@ -7271,7 +7429,7 @@ volumes:
   stalwart-data:
 `);
     chmodSync2(composePath, 384);
-    const tomlPath = join9(dataDir, "stalwart.toml");
+    const tomlPath = join10(dataDir, "stalwart.toml");
     writeFileSync5(tomlPath, `# Stalwart Mail Server \u2014 AgenticMail Configuration
 [server]
@@ -7328,7 +7486,7 @@ secret = "${password}"
    * Check if config has already been initialized.
    */
   isInitialized() {
-    const configPath = join9(homedir8(), ".agenticmail", "config.json");
+    const configPath = join10(homedir8(), ".agenticmail", "config.json");
     return existsSync7(configPath);
   }
 };
@@ -7336,7 +7494,7 @@ secret = "${password}"
 // src/threading/thread-id.ts
 import { createHash as createHash2 } from "crypto";
 function stripReplyPrefixes(subject) {
-  let s = subject;
+  let s = subject.length > 1e3 ? subject.slice(0, 1e3) : subject;
   for (; ; ) {
     const next = s.replace(/^\s*(?:re|fwd?|fw)\s*(?:\[\d+\])?\s*:\s*/i, "");
     if (next === s) break;
@@ -7356,8 +7514,9 @@ function normalizeSubject(subject) {
 }
 function normalizeAddress(addr) {
   if (!addr) return "(unknown)";
-  const m = addr.match(/<([^>]+)>/);
-  const raw = m ? m[1] : addr;
+  const bounded = addr.length > 500 ? addr.slice(0, 500) : addr;
+  const m = bounded.match(/<([^>]+)>/);
+  const raw = m ? m[1] : bounded;
   return raw.trim().toLowerCase();
 }
 function threadIdFor(input) {
@@ -7377,8 +7536,8 @@ import {
   renameSync
 } from "fs";
 import { homedir as homedir9 } from "os";
-import { join as join10 } from "path";
-var CACHE_DIR_DEFAULT = join10(homedir9(), ".agenticmail", "thread-cache");
+import { join as join11 } from "path";
+var CACHE_DIR_DEFAULT = join11(homedir9(), ".agenticmail", "thread-cache");
 var DEFAULT_K_MESSAGES = 10;
 var DEFAULT_LRU_CAP = 5e3;
 var PREVIEW_MAX_CHARS = 240;
@@ -7396,7 +7555,7 @@ var ThreadCache = class {
     }
   }
   pathFor(threadId) {
-    return join10(this.dir, `${threadId}.json`);
+    return join11(this.dir, `${threadId}.json`);
   }
   read(threadId) {
     const p = this.pathFor(threadId);
@@ -7486,7 +7645,7 @@ var ThreadCache = class {
     }
     if (files.length <= this.lruCap) return;
     const stats = files.map((f) => {
-      const p = join10(this.dir, f);
+      const p = join11(this.dir, f);
       try {
         return { p, mtime: statSync(p).mtimeMs };
       } catch {
@@ -7525,8 +7684,8 @@ import {
   renameSync as renameSync2
 } from "fs";
 import { homedir as homedir10 } from "os";
-import { join as join11 } from "path";
-var MEMORY_DIR_DEFAULT = join11(homedir10(), ".agenticmail", "agent-memory");
+import { join as join12 } from "path";
+var MEMORY_DIR_DEFAULT = join12(homedir10(), ".agenticmail", "agent-memory");
 var AgentMemoryStore = class {
   dir;
   constructor(opts = {}) {
@@ -7537,10 +7696,10 @@ var AgentMemoryStore = class {
     }
   }
   dirFor(agentId) {
-    return join11(this.dir, sanitizeId(agentId));
+    return join12(this.dir, sanitizeId(agentId));
   }
   pathFor(agentId, threadId) {
-    return join11(this.dirFor(agentId), `${sanitizeId(threadId)}.md`);
+    return join12(this.dirFor(agentId), `${sanitizeId(threadId)}.md`);
   }
   read(agentId, threadId) {
     const p = this.pathFor(agentId, threadId);
@@ -7641,6 +7800,8 @@ export {
   InboxWatcher,
   MailReceiver,
   MailSender,
+  PathTraversalError,
+  REDACTED,
   RELAY_PRESETS,
   RelayBridge,
   RelayGateway,
@@ -7652,7 +7813,10 @@ export {
   StalwartAdmin,
   ThreadCache,
   TunnelManager,
+  UnsafeApiUrlError,
   WARNING_THRESHOLD,
+  assertWithinBase,
+  buildApiUrl,
   buildInboundSecurityAdvisory,
   classifyEmailRoute,
   closeDatabase,
@@ -7671,12 +7835,17 @@ export {
   parseEmail,
   parseGoogleVoiceSms,
   recordToolCall,
+  redactObject,
+  redactSecret,
   resolveConfig,
+  safeJoin,
   sanitizeEmail,
   saveConfig,
   scanOutboundEmail,
   scoreEmail,
   setTelemetryVersion,
   startRelayBridge,
-  threadIdFor
+  threadIdFor,
+  tryJoin,
+  validateApiUrl
 };