@agenticmail/core 0.9.4 → 0.9.6

package/dist/index.js

@@ -78,7 +78,7 @@ var MailSender = class {
         const code = err?.responseCode ?? err?.code;
         const isTransient = typeof code === "number" && code >= 400 && code < 500 || code === "ECONNRESET" || code === "ETIMEDOUT" || code === "ESOCKET";
         if (!isTransient || attempt === MAX_RETRIES) throw err;
-        await new Promise((resolve) => setTimeout(resolve, 1e3 * (attempt + 1)));
+        await new Promise((resolve2) => setTimeout(resolve2, 1e3 * (attempt + 1)));
       }
     }
     throw lastError;
@@ -1010,20 +1010,20 @@ var StalwartAdmin = class {
     }
     try {
       const net = await import("net");
-      return await new Promise((resolve) => {
+      return await new Promise((resolve2) => {
         const smtpPort = parseInt(process.env.SMTP_PORT || "25", 10);
         const smtpHost = process.env.SMTP_HOST || "localhost";
         const socket = net.createConnection({ host: smtpHost, port: smtpPort, timeout: 3e3 }, () => {
           socket.destroy();
-          resolve(true);
+          resolve2(true);
         });
         socket.on("error", () => {
           socket.destroy();
-          resolve(false);
+          resolve2(false);
         });
         socket.on("timeout", () => {
           socket.destroy();
-          resolve(false);
+          resolve2(false);
         });
       });
     } catch {
@@ -1093,14 +1093,14 @@ var StalwartAdmin = class {
     if (!isValidDomain(domain)) {
       throw new Error(`Invalid domain format: "${domain}"`);
     }
-    const { readFileSync: readFileSync7, writeFileSync: writeFileSync8 } = await import("fs");
-    const { homedir: homedir11 } = await import("os");
-    const { join: join12 } = await import("path");
-    const configPath = join12(homedir11(), ".agenticmail", "stalwart.toml");
+    const { readFileSync: readFileSync8, writeFileSync: writeFileSync9 } = await import("fs");
+    const { homedir: homedir12 } = await import("os");
+    const { join: join14 } = await import("path");
+    const configPath = join14(homedir12(), ".agenticmail", "stalwart.toml");
     try {
-      let config = readFileSync7(configPath, "utf-8");
+      let config = readFileSync8(configPath, "utf-8");
       config = config.replace(/^hostname\s*=\s*"[^"]*"/m, `hostname = "${escapeTomlString(domain)}"`);
-      writeFileSync8(configPath, config);
+      writeFileSync9(configPath, config);
       console.log(`[Stalwart] Updated hostname to "${domain}" in stalwart.toml`);
     } catch (err) {
       throw new Error(`Failed to set config server.hostname=${domain}`);
@@ -1109,15 +1109,15 @@ var StalwartAdmin = class {
   // --- DKIM ---
   /** Path to the host-side stalwart.toml (mounted read-only into container) */
   get configPath() {
-    const { homedir: homedir11 } = __require("os");
-    const { join: join12 } = __require("path");
-    return join12(homedir11(), ".agenticmail", "stalwart.toml");
+    const { homedir: homedir12 } = __require("os");
+    const { join: join14 } = __require("path");
+    return join14(homedir12(), ".agenticmail", "stalwart.toml");
   }
   /** Path to host-side DKIM key directory */
   get dkimDir() {
-    const { homedir: homedir11 } = __require("os");
-    const { join: join12 } = __require("path");
-    return join12(homedir11(), ".agenticmail");
+    const { homedir: homedir12 } = __require("os");
+    const { join: join14 } = __require("path");
+    return join14(homedir12(), ".agenticmail");
   }
   /**
    * Create/reuse a DKIM signing key for a domain.
@@ -1218,12 +1218,12 @@ var StalwartAdmin = class {
    * This bypasses the need for a PTR record on the sending IP.
    */
   async configureOutboundRelay(config) {
-    const { readFileSync: readFileSync7, writeFileSync: writeFileSync8 } = await import("fs");
-    const { homedir: homedir11 } = await import("os");
-    const { join: join12 } = await import("path");
+    const { readFileSync: readFileSync8, writeFileSync: writeFileSync9 } = await import("fs");
+    const { homedir: homedir12 } = await import("os");
+    const { join: join14 } = await import("path");
     const routeName = config.routeName ?? "gmail";
-    const tomlPath = join12(homedir11(), ".agenticmail", "stalwart.toml");
-    let toml = readFileSync7(tomlPath, "utf-8");
+    const tomlPath = join14(homedir12(), ".agenticmail", "stalwart.toml");
+    let toml = readFileSync8(tomlPath, "utf-8");
     toml = toml.replace(/\n\[queue\.route\.gmail\][\s\S]*?(?=\n\[|$)/, "");
     toml = toml.replace(/\n\[queue\.strategy\][\s\S]*?(?=\n\[|$)/, "");
     const safeRouteName = routeName.replace(/[^a-zA-Z0-9_-]/g, "");
@@ -1243,7 +1243,7 @@ auth.secret = "${escapeTomlString(config.password)}"
 route = [ { if = "is_local_domain('', rcpt_domain)", then = "'local'" },
            { else = "'${safeRouteName}'" } ]
 `;
-    writeFileSync8(tomlPath, toml, "utf-8");
+    writeFileSync9(tomlPath, toml, "utf-8");
     await this.restartContainer();
   }
 };
@@ -2327,7 +2327,8 @@ var OUTBOUND_TEXT_RULES = [
 var HIGH_RISK_EXTENSIONS = /* @__PURE__ */ new Set([".pem", ".key", ".p12", ".pfx", ".env", ".credentials", ".keystore", ".jks", ".p8"]);
 var MEDIUM_RISK_EXTENSIONS = /* @__PURE__ */ new Set([".db", ".sqlite", ".sqlite3", ".sql", ".csv", ".tsv", ".json", ".yml", ".yaml", ".conf", ".config", ".ini"]);
 function stripHtmlTags(html) {
-  return html.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, "").replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "").replace(/<[^>]+>/g, "").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#0?39;/g, "'").replace(/&nbsp;/g, " ").replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16))).replace(/&#(\d+);/g, (_, dec) => String.fromCharCode(parseInt(dec, 10)));
+  const bounded = html.length > 1048576 ? html.slice(0, 1048576) : html;
+  return bounded.replace(/<style[^>]*>[\s\S]*?<\/style>/gi, "").replace(/<script[^>]*>[\s\S]*?<\/script>/gi, "").replace(/<[^>]+>/g, "").replace(/&amp;/g, "&").replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&quot;/g, '"').replace(/&#0?39;/g, "'").replace(/&nbsp;/g, " ").replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16))).replace(/&#(\d+);/g, (_, dec) => String.fromCharCode(parseInt(dec, 10)));
 }
 var TEXT_SCANNABLE_TYPES = /* @__PURE__ */ new Set([
   "text/plain",
@@ -3859,7 +3860,7 @@ var CloudflareClient = class {
   // --- Workers methods ---
   /** Deploy an Email Worker script (ES module format) */
   async deployEmailWorker(scriptName, scriptContent, envVars = {}) {
-    const url = `${CF_API_BASE}/accounts/${this.accountId}/workers/scripts/${scriptName}`;
+    const url = `${CF_API_BASE}/accounts/${encodeURIComponent(this.accountId)}/workers/scripts/${encodeURIComponent(scriptName)}`;
     const bindings = Object.entries(envVars).map(([name, text2]) => ({
       type: "plain_text",
       name,
@@ -4239,9 +4240,9 @@ var TunnelManager = class {
       throw new Error(`Failed to download cloudflared: ${response.statusText}`);
     }
     const buffer = Buffer.from(await response.arrayBuffer());
-    const { writeFile: writeFile2, rename: rename2 } = await import("fs/promises");
+    const { writeFile: writeFile3, rename: rename2 } = await import("fs/promises");
     const tmpPath = this.binPath + ".tmp";
-    await writeFile2(tmpPath, buffer);
+    await writeFile3(tmpPath, buffer);
     await chmod(tmpPath, 493);
     await rename2(tmpPath, this.binPath);
     return this.binPath;
@@ -4277,7 +4278,7 @@ var TunnelManager = class {
       detached: false,
       env: { ...process.env, TUNNEL_TOKEN: tunnelToken }
     });
-    await new Promise((resolve, reject) => {
+    await new Promise((resolve2, reject) => {
       let resolved = false;
       const timeout = setTimeout(() => {
         if (!resolved) {
@@ -4291,7 +4292,7 @@ var TunnelManager = class {
           resolved = true;
           clearTimeout(timeout);
           this.running = true;
-          resolve();
+          resolve2();
         }
       };
       this.process.stderr?.on("data", onData);
@@ -4330,8 +4331,8 @@ var TunnelManager = class {
       this.process = null;
       p.kill("SIGTERM");
       await Promise.race([
-        new Promise((resolve) => p.on("exit", () => resolve())),
-        new Promise((resolve) => setTimeout(resolve, 5e3))
+        new Promise((resolve2) => p.on("exit", () => resolve2())),
+        new Promise((resolve2) => setTimeout(resolve2, 5e3))
       ]);
       this.running = false;
     }
@@ -4386,7 +4387,10 @@ function parseGoogleVoiceSms(emailBody, emailFrom) {
   if (!emailBody || typeof emailBody !== "string") return null;
   if (!emailFrom || typeof emailFrom !== "string") return null;
   const fromLower = emailFrom.toLowerCase();
-  const isGoogleVoice = fromLower.includes("voice-noreply@google.com") || fromLower.includes("@txt.voice.google.com") || fromLower.includes("voice.google.com") || fromLower.includes("google.com/voice") || fromLower.includes("google") && fromLower.includes("voice");
+  const atIdx = fromLower.lastIndexOf("@");
+  const domain = atIdx >= 0 ? fromLower.slice(atIdx + 1).replace(/[>"'\s].*$/, "") : "";
+  const isGoogleDomain = domain === "google.com" || domain.endsWith(".google.com");
+  const isGoogleVoice = isGoogleDomain && (fromLower.startsWith("voice-noreply@") || domain === "txt.voice.google.com" || domain === "voice.google.com" || domain.endsWith(".voice.google.com") || fromLower.includes("voice"));
   if (!isGoogleVoice) return null;
   let text = emailBody.replace(/<br\s*\/?>/gi, "\n").replace(/<\/p>/gi, "\n").replace(/<\/div>/gi, "\n").replace(/<[^>]+>/g, "").replace(/&nbsp;/gi, " ").replace(/&amp;/gi, "&").replace(/&lt;/gi, "<").replace(/&gt;/gi, ">").replace(/&quot;/gi, '"').replace(/&#39;/gi, "'").trim();
   let from = "";
@@ -5145,12 +5149,12 @@ var GatewayManager = class {
       zone = await this.cfClient.createZone(domain);
     }
     const existingRecords = await this.cfClient.listDnsRecords(zone.id);
-    const { homedir: homedir11 } = await import("os");
-    const backupDir = join4(homedir11(), ".agenticmail");
+    const { homedir: homedir12 } = await import("os");
+    const backupDir = join4(homedir12(), ".agenticmail");
     const backupPath = join4(backupDir, `dns-backup-${domain}-${Date.now()}.json`);
-    const { writeFileSync: writeFileSync8, mkdirSync: mkdirSync9 } = await import("fs");
-    mkdirSync9(backupDir, { recursive: true });
-    writeFileSync8(backupPath, JSON.stringify({
+    const { writeFileSync: writeFileSync9, mkdirSync: mkdirSync10 } = await import("fs");
+    mkdirSync10(backupDir, { recursive: true });
+    writeFileSync9(backupPath, JSON.stringify({
       domain,
       zoneId: zone.id,
       backedUpAt: (/* @__PURE__ */ new Date()).toISOString(),
@@ -5417,6 +5421,15 @@ var GatewayManager = class {
       bcc: mail.bcc ? Array.isArray(mail.bcc) ? mail.bcc.join(", ") : mail.bcc : void 0,
       subject: mail.subject,
       text: mail.text || void 0,
+      // The `html` field is the literal HTML body of the outbound
+      // mail — by design it is whatever the sender chose to compose.
+      // CodeQL `js/xss` flags this because the value flows from user
+      // input, but nodemailer is the SMTP serializer, not an HTML
+      // renderer; XSS would only occur if the recipient's MUA
+      // executed the body, which is outside our trust boundary.
+      // The outbound-guard (packages/core/src/mail/outbound-guard.ts)
+      // already scores HTML bodies for suspicious patterns at the
+      // pre-send step. lgtm[js/xss]
       html: mail.html || void 0,
       replyTo: mail.replyTo || from,
       inReplyTo: mail.inReplyTo || void 0,
@@ -5778,11 +5791,11 @@ var RelayBridge = class {
     this.options = options;
   }
   async start() {
-    return new Promise((resolve, reject) => {
+    return new Promise((resolve2, reject) => {
       this.server = createServer((req, res) => this.handleRequest(req, res));
       this.server.listen(this.options.port, "127.0.0.1", () => {
         console.log(`[RelayBridge] Listening on 127.0.0.1:${this.options.port}`);
-        resolve();
+        resolve2();
       });
       this.server.on("error", reject);
     });
@@ -5984,17 +5997,232 @@ try {
 } catch {
 }
 
+// src/util/safe-path.ts
+import { isAbsolute, join as join6, resolve, sep } from "path";
+var PathTraversalError = class extends Error {
+  constructor(baseDir, parts) {
+    super(
+      `path traversal attempt: ${JSON.stringify(parts)} resolves outside ${baseDir}`
+    );
+    this.baseDir = baseDir;
+    this.parts = parts;
+    this.name = "PathTraversalError";
+  }
+};
+function safeJoin(baseDir, ...partsAndOpts) {
+  let opts = {};
+  const parts = [];
+  for (const p of partsAndOpts) {
+    if (typeof p === "string") {
+      parts.push(p);
+    } else if (p && typeof p === "object") {
+      opts = p;
+    }
+  }
+  if (!opts.allowAbsolute) {
+    for (const part of parts) {
+      if (isAbsolute(part)) {
+        throw new PathTraversalError(baseDir, parts);
+      }
+    }
+  }
+  const resolvedBase = resolve(baseDir);
+  const resolved = resolve(resolvedBase, ...parts);
+  if (resolved !== resolvedBase && !resolved.startsWith(resolvedBase + sep)) {
+    throw new PathTraversalError(baseDir, parts);
+  }
+  return resolved;
+}
+function tryJoin(baseDir, ...parts) {
+  try {
+    return safeJoin(baseDir, ...parts);
+  } catch (err) {
+    if (err instanceof PathTraversalError) return null;
+    throw err;
+  }
+}
+function assertWithinBase(baseDir, candidate) {
+  const resolvedBase = resolve(baseDir);
+  const resolvedCandidate = resolve(candidate);
+  if (resolvedCandidate !== resolvedBase && !resolvedCandidate.startsWith(resolvedBase + sep)) {
+    throw new PathTraversalError(baseDir, [candidate]);
+  }
+  return resolvedCandidate;
+}
+
+// src/util/redact.ts
+var REDACTED = "***";
+function redactSecret(value) {
+  if (typeof value !== "string") return REDACTED;
+  if (value.length === 0) return REDACTED;
+  for (const prefix of ["mk_", "ak_", "sk-", "pk_", "tok_"]) {
+    if (value.startsWith(prefix)) return `${prefix}${REDACTED}`;
+  }
+  return REDACTED;
+}
+var SENSITIVE_KEY_PATTERNS = [
+  /key$/i,
+  /secret/i,
+  /password/i,
+  /passwd/i,
+  /token/i,
+  /authorization/i,
+  /bearer/i,
+  /\bapikey\b/i,
+  /\bapi_key\b/i,
+  /\bmasterkey\b/i,
+  /\bmaster_key\b/i
+];
+function looksSensitive(key) {
+  return SENSITIVE_KEY_PATTERNS.some((p) => p.test(key));
+}
+function redactObject(input, _depth = 0) {
+  if (_depth > 12) return input;
+  if (input === null || input === void 0) return input;
+  if (typeof input !== "object") return input;
+  if (Array.isArray(input)) {
+    return input.map((v) => redactObject(v, _depth + 1));
+  }
+  const proto = Object.getPrototypeOf(input);
+  if (proto !== Object.prototype && proto !== null) return input;
+  const out = {};
+  for (const [k, v] of Object.entries(input)) {
+    if (looksSensitive(k)) {
+      out[k] = typeof v === "string" ? redactSecret(v) : REDACTED;
+    } else {
+      out[k] = redactObject(v, _depth + 1);
+    }
+  }
+  return out;
+}
+
+// src/host-sessions.ts
+import { existsSync as existsSync4, mkdirSync as mkdirSync4, readFileSync as readFileSync3, renameSync, writeFileSync as writeFileSync4 } from "fs";
+import { join as join7 } from "path";
+import { homedir as homedir5 } from "os";
+function storageDir() {
+  return join7(homedir5(), ".agenticmail");
+}
+function storagePath() {
+  return join7(storageDir(), "host-sessions.json");
+}
+var DEFAULT_SESSION_MAX_AGE_MS = 24 * 60 * 60 * 1e3;
+function readFile() {
+  const p = storagePath();
+  if (!existsSync4(p)) return { version: 1, sessions: {} };
+  try {
+    const raw = readFileSync3(p, "utf-8");
+    if (!raw.trim()) return { version: 1, sessions: {} };
+    const parsed = JSON.parse(raw);
+    return {
+      version: 1,
+      sessions: parsed.sessions && typeof parsed.sessions === "object" ? parsed.sessions : {}
+    };
+  } catch {
+    return { version: 1, sessions: {} };
+  }
+}
+function writeFile(shape) {
+  const dir = storageDir();
+  const p = storagePath();
+  if (!existsSync4(dir)) mkdirSync4(dir, { recursive: true });
+  const tmp = `${p}.agenticmail-tmp-${process.pid}`;
+  writeFileSync4(tmp, JSON.stringify(shape, null, 2), "utf-8");
+  renameSync(tmp, p);
+}
+function saveHostSession(host, session) {
+  if (!session.sessionId) return;
+  try {
+    const shape = readFile();
+    shape.sessions[host] = {
+      ...session,
+      lastSeenMs: Date.now()
+    };
+    writeFile(shape);
+  } catch {
+  }
+}
+function loadHostSession(host, maxAgeMs = DEFAULT_SESSION_MAX_AGE_MS) {
+  const shape = readFile();
+  const record = shape.sessions[host];
+  if (!record) return null;
+  if (!isSessionFresh(record, maxAgeMs)) return null;
+  return record;
+}
+function isSessionFresh(session, maxAgeMs = DEFAULT_SESSION_MAX_AGE_MS) {
+  if (!session || !Number.isFinite(session.lastSeenMs)) return false;
+  return Date.now() - session.lastSeenMs <= maxAgeMs;
+}
+function forgetHostSession(host) {
+  try {
+    const shape = readFile();
+    if (!shape.sessions[host]) return;
+    delete shape.sessions[host];
+    writeFile(shape);
+  } catch {
+  }
+}
+function hostSessionStoragePath() {
+  return storagePath();
+}
+
+// src/util/safe-url.ts
+var UnsafeApiUrlError = class extends Error {
+  constructor(raw, reason) {
+    super(`unsafe AgenticMail API URL ${JSON.stringify(raw)}: ${reason}`);
+    this.raw = raw;
+    this.reason = reason;
+    this.name = "UnsafeApiUrlError";
+  }
+};
+var BLOCKED_HOSTS = /* @__PURE__ */ new Set([
+  "169.254.169.254",
+  // AWS / Azure / GCP IPv4 metadata
+  "fd00:ec2::254",
+  // AWS IPv6 metadata
+  "metadata.google.internal",
+  // GCP DNS
+  "metadata.azure.internal"
+  // Azure DNS
+]);
+function validateApiUrl(raw) {
+  if (typeof raw !== "string" || raw.length === 0) {
+    throw new UnsafeApiUrlError(String(raw), "must be a non-empty string");
+  }
+  let parsed;
+  try {
+    parsed = new URL(raw);
+  } catch (err) {
+    throw new UnsafeApiUrlError(raw, `unparseable: ${err.message}`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new UnsafeApiUrlError(raw, `unsupported protocol: ${parsed.protocol}`);
+  }
+  const host = parsed.hostname.toLowerCase().replace(/\.$/, "");
+  if (BLOCKED_HOSTS.has(host)) {
+    throw new UnsafeApiUrlError(raw, `blocked metadata host: ${host}`);
+  }
+  if (parsed.username || parsed.password) {
+    throw new UnsafeApiUrlError(raw, "embedded credentials are not supported");
+  }
+  return parsed.origin;
+}
+function buildApiUrl(baseOrigin, pathAndQuery) {
+  const path = pathAndQuery.startsWith("/") ? pathAndQuery : `/${pathAndQuery}`;
+  return new URL(path, baseOrigin + "/").toString();
+}
+
 // src/setup/index.ts
 import { randomBytes as randomBytes3 } from "crypto";
-import { existsSync as existsSync7, readFileSync as readFileSync4, writeFileSync as writeFileSync5, mkdirSync as mkdirSync6, chmodSync as chmodSync2 } from "fs";
-import { join as join9 } from "path";
-import { homedir as homedir8 } from "os";
+import { existsSync as existsSync8, readFileSync as readFileSync5, writeFileSync as writeFileSync6, mkdirSync as mkdirSync7, chmodSync as chmodSync2 } from "fs";
+import { join as join11 } from "path";
+import { homedir as homedir9 } from "os";
 
 // src/setup/deps.ts
 import { execFileSync } from "child_process";
-import { existsSync as existsSync4 } from "fs";
-import { join as join6 } from "path";
-import { homedir as homedir5 } from "os";
+import { existsSync as existsSync5 } from "fs";
+import { join as join8 } from "path";
+import { homedir as homedir6 } from "os";
 var DependencyChecker = class {
   async checkAll() {
     return Promise.all([
@@ -6044,8 +6272,8 @@ var DependencyChecker = class {
     }
   }
   async checkCloudflared() {
-    const binPath = join6(homedir5(), ".agenticmail", "bin", "cloudflared");
-    if (existsSync4(binPath)) {
+    const binPath = join8(homedir6(), ".agenticmail", "bin", "cloudflared");
+    if (existsSync5(binPath)) {
       let version;
       try {
         const output = execFileSync(binPath, ["--version"], { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
@@ -6067,14 +6295,14 @@ var DependencyChecker = class {
 
 // src/setup/installer.ts
 import { execFileSync as execFileSync2, execSync, spawn as spawnChild } from "child_process";
-import { existsSync as existsSync5, mkdirSync as mkdirSync4, symlinkSync } from "fs";
-import { writeFile, rename, chmod as chmod2, mkdir as mkdir2, unlink } from "fs/promises";
-import { join as join7 } from "path";
-import { homedir as homedir6, platform as platform3, arch as arch2 } from "os";
+import { existsSync as existsSync6, mkdirSync as mkdirSync5, symlinkSync } from "fs";
+import { writeFile as writeFile2, rename, chmod as chmod2, mkdir as mkdir2, unlink } from "fs/promises";
+import { join as join9 } from "path";
+import { homedir as homedir7, platform as platform3, arch as arch2 } from "os";
 function runShellWithRollingOutput(cmd, opts = {}) {
   const maxLines = opts.maxLines ?? 20;
   const timeout = opts.timeout ?? 3e5;
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const child = spawnChild("sh", ["-c", cmd], {
       stdio: ["ignore", "pipe", "pipe"],
       timeout
@@ -6116,7 +6344,7 @@ function runShellWithRollingOutput(cmd, opts = {}) {
         }
         process.stdout.write(`\x1B[${displayedCount}A`);
       }
-      resolve({ exitCode: code ?? 1, fullOutput });
+      resolve2({ exitCode: code ?? 1, fullOutput });
     });
     child.on("error", (err) => {
       if (displayedCount > 0) {
@@ -6132,7 +6360,7 @@ function runShellWithRollingOutput(cmd, opts = {}) {
 }
 function runSilent(command, args, opts = {}) {
   const timeout = opts.timeout ?? 3e5;
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const child = spawnChild(command, args, {
       stdio: ["ignore", "pipe", "pipe"],
       timeout
@@ -6144,7 +6372,7 @@ function runSilent(command, args, opts = {}) {
     child.stderr?.on("data", (d) => {
       fullOutput += d.toString();
     });
-    child.on("close", (code) => resolve({ exitCode: code ?? 1, fullOutput }));
+    child.on("close", (code) => resolve2({ exitCode: code ?? 1, fullOutput }));
     child.on("error", reject);
   });
 }
@@ -6246,11 +6474,11 @@ var DependencyInstaller = class {
     try {
       const composeBin = execFileSync2("which", ["docker-compose"], { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
       if (!composeBin) return;
-      const pluginDir = join7(homedir6(), ".docker", "cli-plugins");
-      const pluginPath = join7(pluginDir, "docker-compose");
-      if (existsSync5(pluginPath)) return;
+      const pluginDir = join9(homedir7(), ".docker", "cli-plugins");
+      const pluginPath = join9(pluginDir, "docker-compose");
+      if (existsSync6(pluginPath)) return;
       try {
-        mkdirSync4(pluginDir, { recursive: true });
+        mkdirSync5(pluginDir, { recursive: true });
       } catch {
       }
       try {
@@ -6313,9 +6541,9 @@ var DependencyInstaller = class {
       return;
     }
     this.onProgress("__progress__:5:Installing Docker Engine...");
-    const tmpDir = join7(homedir6(), ".agenticmail", "tmp");
+    const tmpDir = join9(homedir7(), ".agenticmail", "tmp");
     await mkdir2(tmpDir, { recursive: true });
-    const scriptPath = join7(tmpDir, "install-docker.sh");
+    const scriptPath = join9(tmpDir, "install-docker.sh");
     const dlResult = await runShellWithRollingOutput(
       `curl -fsSL https://get.docker.com -o "${scriptPath}" && sudo sh "${scriptPath}"`,
       { timeout: 3e5 }
@@ -6383,8 +6611,8 @@ var DependencyInstaller = class {
       }
       try {
         const programFiles = process.env["ProgramFiles"] || "C:\\Program Files";
-        const dockerExe = join7(programFiles, "Docker", "Docker", "Docker Desktop.exe");
-        if (existsSync5(dockerExe)) {
+        const dockerExe = join9(programFiles, "Docker", "Docker", "Docker Desktop.exe");
+        if (existsSync6(dockerExe)) {
           execSync(`start "" "${dockerExe}"`, { timeout: 1e4, stdio: "ignore", shell: "cmd.exe" });
         }
       } catch {
@@ -6434,8 +6662,8 @@ var DependencyInstaller = class {
         this.onProgress("__progress__:70:Docker Desktop installed. Starting...");
         try {
           const programFiles = process.env["ProgramFiles"] || "C:\\Program Files";
-          const dockerExe = join7(programFiles, "Docker", "Docker", "Docker Desktop.exe");
-          if (existsSync5(dockerExe)) {
+          const dockerExe = join9(programFiles, "Docker", "Docker", "Docker Desktop.exe");
+          if (existsSync6(dockerExe)) {
             execSync(`start "" "${dockerExe}"`, { timeout: 1e4, stdio: "ignore", shell: "cmd.exe" });
           }
         } catch {
@@ -6472,7 +6700,7 @@ var DependencyInstaller = class {
    * Start the Stalwart mail server Docker container.
    */
   async startStalwart(composePath) {
-    if (!existsSync5(composePath)) {
+    if (!existsSync6(composePath)) {
       throw new Error(`docker-compose.yml not found at: ${composePath}`);
     }
     if (!this.isDockerReady()) {
@@ -6531,16 +6759,16 @@ var DependencyInstaller = class {
    */
   async installCloudflared() {
     const os = platform3();
-    const binDir = join7(homedir6(), ".agenticmail", "bin");
+    const binDir = join9(homedir7(), ".agenticmail", "bin");
     const binName = os === "win32" ? "cloudflared.exe" : "cloudflared";
-    const binPath = join7(binDir, binName);
-    if (existsSync5(binPath)) {
+    const binPath = join9(binDir, binName);
+    if (existsSync6(binPath)) {
       return binPath;
     }
     try {
       const whichCmd = os === "win32" ? "where" : "which";
       const sysPath = execFileSync2(whichCmd, ["cloudflared"], { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim().split("\n")[0];
-      if (sysPath && existsSync5(sysPath)) return sysPath;
+      if (sysPath && existsSync6(sysPath)) return sysPath;
     } catch {
     }
     this.onProgress("Downloading cloudflared...");
@@ -6563,8 +6791,8 @@ var DependencyInstaller = class {
     }
     const buffer = Buffer.from(await response.arrayBuffer());
     if (os === "darwin") {
-      const tgzPath = join7(binDir, "cloudflared.tgz");
-      await writeFile(tgzPath, buffer);
+      const tgzPath = join9(binDir, "cloudflared.tgz");
+      await writeFile2(tgzPath, buffer);
       try {
         execFileSync2("tar", ["-xzf", tgzPath, "-C", binDir, "cloudflared"], { timeout: 15e3, stdio: "ignore" });
         await chmod2(binPath, 493);
@@ -6576,11 +6804,11 @@ var DependencyInstaller = class {
       }
     } else {
       const tmpPath = binPath + ".tmp";
-      await writeFile(tmpPath, buffer);
+      await writeFile2(tmpPath, buffer);
       if (os !== "win32") await chmod2(tmpPath, 493);
       await rename(tmpPath, binPath);
     }
-    if (!existsSync5(binPath)) {
+    if (!existsSync6(binPath)) {
       throw new Error("cloudflared download succeeded but binary not found after extraction");
     }
     this.onProgress("cloudflared installed");
@@ -6598,9 +6826,9 @@ var DependencyInstaller = class {
 
 // src/setup/service.ts
 import { execFileSync as execFileSync3, execSync as execSync2 } from "child_process";
-import { existsSync as existsSync6, readFileSync as readFileSync3, writeFileSync as writeFileSync4, unlinkSync, mkdirSync as mkdirSync5, chmodSync } from "fs";
-import { join as join8 } from "path";
-import { homedir as homedir7, platform as platform4 } from "os";
+import { existsSync as existsSync7, readFileSync as readFileSync4, writeFileSync as writeFileSync5, unlinkSync, mkdirSync as mkdirSync6, chmodSync } from "fs";
+import { join as join10 } from "path";
+import { homedir as homedir8, platform as platform4 } from "os";
 import { createRequire as createRequire2 } from "module";
 var PLIST_LABEL = "com.agenticmail.server";
 var SYSTEMD_UNIT = "agenticmail.service";
@@ -6611,9 +6839,9 @@ var ServiceManager = class {
    */
   getServicePath() {
     if (this.os === "darwin") {
-      return join8(homedir7(), "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
+      return join10(homedir8(), "Library", "LaunchAgents", `${PLIST_LABEL}.plist`);
     } else {
-      return join8(homedir7(), ".config", "systemd", "user", SYSTEMD_UNIT);
+      return join10(homedir8(), ".config", "systemd", "user", SYSTEMD_UNIT);
     }
   }
   /**
@@ -6647,40 +6875,40 @@ var ServiceManager = class {
     try {
       const req = createRequire2(import.meta.url);
       const resolved = req.resolve("@agenticmail/api");
-      if (existsSync6(resolved)) return resolved;
+      if (existsSync7(resolved)) return resolved;
     } catch {
     }
     const parentPackages = [
-      join8("@agenticmail", "cli"),
+      join10("@agenticmail", "cli"),
       // current scoped package
       "agenticmail"
       // legacy unscoped package
     ];
     const baseDirs = [
       // user-local install
-      join8(homedir7(), "node_modules")
+      join10(homedir8(), "node_modules")
     ];
     try {
       const prefix = execSync2("npm prefix -g", { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
-      baseDirs.push(join8(prefix, "lib", "node_modules"));
-      baseDirs.push(join8(prefix, "node_modules"));
+      baseDirs.push(join10(prefix, "lib", "node_modules"));
+      baseDirs.push(join10(prefix, "node_modules"));
     } catch {
     }
     baseDirs.push("/opt/homebrew/lib/node_modules");
     baseDirs.push("/usr/local/lib/node_modules");
     for (const base of baseDirs) {
-      const sibling = join8(base, "@agenticmail", "api", "dist", "index.js");
-      if (existsSync6(sibling)) return sibling;
+      const sibling = join10(base, "@agenticmail", "api", "dist", "index.js");
+      if (existsSync7(sibling)) return sibling;
       for (const parent of parentPackages) {
-        const nested = join8(base, parent, "node_modules", "@agenticmail", "api", "dist", "index.js");
-        if (existsSync6(nested)) return nested;
+        const nested = join10(base, parent, "node_modules", "@agenticmail", "api", "dist", "index.js");
+        if (existsSync7(nested)) return nested;
       }
     }
-    const dataDir = join8(homedir7(), ".agenticmail");
-    const entryCache = join8(dataDir, "api-entry.path");
-    if (existsSync6(entryCache)) {
-      const cached = readFileSync3(entryCache, "utf-8").trim();
-      if (cached && existsSync6(cached)) return cached;
+    const dataDir = join10(homedir8(), ".agenticmail");
+    const entryCache = join10(dataDir, "api-entry.path");
+    if (existsSync7(entryCache)) {
+      const cached = readFileSync4(entryCache, "utf-8").trim();
+      if (cached && existsSync7(cached)) return cached;
     }
     throw new Error("Could not find @agenticmail/api entry point. Run `agenticmail start` first to populate the cache.");
   }
@@ -6688,9 +6916,9 @@ var ServiceManager = class {
    * Cache the API entry path so the service can find it later.
    */
   cacheApiEntryPath(entryPath) {
-    const dataDir = join8(homedir7(), ".agenticmail");
-    if (!existsSync6(dataDir)) mkdirSync5(dataDir, { recursive: true });
-    writeFileSync4(join8(dataDir, "api-entry.path"), entryPath);
+    const dataDir = join10(homedir8(), ".agenticmail");
+    if (!existsSync7(dataDir)) mkdirSync6(dataDir, { recursive: true });
+    writeFileSync5(join10(dataDir, "api-entry.path"), entryPath);
   }
   /**
    * Get the current package version.
@@ -6703,36 +6931,36 @@ var ServiceManager = class {
     try {
       const req = createRequire2(import.meta.url);
       const pkgJson = req.resolve("@agenticmail/cli/package.json");
-      if (existsSync6(pkgJson)) {
-        const pkg = JSON.parse(readFileSync3(pkgJson, "utf-8"));
+      if (existsSync7(pkgJson)) {
+        const pkg = JSON.parse(readFileSync4(pkgJson, "utf-8"));
         if (pkg.version) return pkg.version;
       }
     } catch {
     }
     try {
       const apiEntry = this.getApiEntryPath();
-      const apiPkg = join8(apiEntry, "..", "..", "package.json");
-      if (existsSync6(apiPkg)) {
-        const pkg = JSON.parse(readFileSync3(apiPkg, "utf-8"));
+      const apiPkg = join10(apiEntry, "..", "..", "package.json");
+      if (existsSync7(apiPkg)) {
+        const pkg = JSON.parse(readFileSync4(apiPkg, "utf-8"));
         if (pkg.version) return pkg.version;
       }
     } catch {
     }
     const candidates = [
-      join8(homedir7(), "node_modules", "@agenticmail", "cli", "package.json"),
-      join8(homedir7(), "node_modules", "agenticmail", "package.json"),
-      join8(homedir7(), ".agenticmail", "package-version.json")
+      join10(homedir8(), "node_modules", "@agenticmail", "cli", "package.json"),
+      join10(homedir8(), "node_modules", "agenticmail", "package.json"),
+      join10(homedir8(), ".agenticmail", "package-version.json")
     ];
     try {
       const prefix = execSync2("npm prefix -g", { timeout: 5e3, stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
-      candidates.push(join8(prefix, "lib", "node_modules", "@agenticmail", "cli", "package.json"));
-      candidates.push(join8(prefix, "lib", "node_modules", "agenticmail", "package.json"));
+      candidates.push(join10(prefix, "lib", "node_modules", "@agenticmail", "cli", "package.json"));
+      candidates.push(join10(prefix, "lib", "node_modules", "agenticmail", "package.json"));
     } catch {
     }
     for (const p of candidates) {
       try {
-        if (existsSync6(p)) {
-          const pkg = JSON.parse(readFileSync3(p, "utf-8"));
+        if (existsSync7(p)) {
+          const pkg = JSON.parse(readFileSync4(p, "utf-8"));
           if (pkg.version) return pkg.version;
         }
       } catch {
@@ -6745,9 +6973,9 @@ var ServiceManager = class {
    * This ensures AgenticMail doesn't fail on boot when Docker is still loading.
    */
   generateStartScript(nodePath, apiEntry) {
-    const scriptPath = join8(homedir7(), ".agenticmail", "bin", "start-server.sh");
-    const scriptDir = join8(homedir7(), ".agenticmail", "bin");
-    if (!existsSync6(scriptDir)) mkdirSync5(scriptDir, { recursive: true });
+    const scriptPath = join10(homedir8(), ".agenticmail", "bin", "start-server.sh");
+    const scriptDir = join10(homedir8(), ".agenticmail", "bin");
+    if (!existsSync7(scriptDir)) mkdirSync6(scriptDir, { recursive: true });
     const script = [
       "#!/bin/bash",
       "# AgenticMail auto-start script",
@@ -6798,7 +7026,7 @@ var ServiceManager = class {
       `log "Starting API server: ${nodePath} ${apiEntry}"`,
       `exec "${nodePath}" "${apiEntry}"`
     ].join("\n") + "\n";
-    writeFileSync4(scriptPath, script, { mode: 493 });
+    writeFileSync5(scriptPath, script, { mode: 493 });
     return scriptPath;
   }
   /**
@@ -6811,9 +7039,9 @@ var ServiceManager = class {
    * - Service version tracking in env vars
    */
   generatePlist(nodePath, apiEntry, configPath) {
-    const config = JSON.parse(readFileSync3(configPath, "utf-8"));
-    const logDir = join8(homedir7(), ".agenticmail", "logs");
-    if (!existsSync6(logDir)) mkdirSync5(logDir, { recursive: true });
+    const config = JSON.parse(readFileSync4(configPath, "utf-8"));
+    const logDir = join10(homedir8(), ".agenticmail", "logs");
+    if (!existsSync7(logDir)) mkdirSync6(logDir, { recursive: true });
     const version = this.getVersion();
     const startScript = this.generateStartScript(nodePath, apiEntry);
     return `<?xml version="1.0" encoding="UTF-8"?>
@@ -6834,9 +7062,9 @@ var ServiceManager = class {
   <key>EnvironmentVariables</key>
   <dict>
     <key>HOME</key>
-    <string>${homedir7()}</string>
+    <string>${homedir8()}</string>
     <key>AGENTICMAIL_DATA_DIR</key>
-    <string>${config.dataDir || join8(homedir7(), ".agenticmail")}</string>
+    <string>${config.dataDir || join10(homedir8(), ".agenticmail")}</string>
     <key>PATH</key>
     <string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
     <key>AGENTICMAIL_SERVICE_VERSION</key>
@@ -6889,8 +7117,8 @@ var ServiceManager = class {
    * - Proper dependency ordering
    */
   generateSystemdUnit(nodePath, apiEntry, configPath) {
-    const config = JSON.parse(readFileSync3(configPath, "utf-8"));
-    const dataDir = config.dataDir || join8(homedir7(), ".agenticmail");
+    const config = JSON.parse(readFileSync4(configPath, "utf-8"));
+    const dataDir = config.dataDir || join10(homedir8(), ".agenticmail");
     const version = this.getVersion();
     const startScript = this.generateStartScript(nodePath, apiEntry);
     return `[Unit]
@@ -6907,7 +7135,7 @@ Restart=always
 RestartSec=15
 TimeoutStartSec=660
 LimitNOFILE=8192
-Environment=HOME=${homedir7()}
+Environment=HOME=${homedir8()}
 Environment=AGENTICMAIL_DATA_DIR=${dataDir}
 Environment=PATH=/usr/local/bin:/usr/bin:/bin:/opt/homebrew/bin
 Environment=AGENTICMAIL_SERVICE_VERSION=${version}
@@ -6920,8 +7148,8 @@ WantedBy=default.target
    * Install the auto-start service.
    */
   install() {
-    const configPath = join8(homedir7(), ".agenticmail", "config.json");
-    if (!existsSync6(configPath)) {
+    const configPath = join10(homedir8(), ".agenticmail", "config.json");
+    if (!existsSync7(configPath)) {
       return { installed: false, message: "Config not found. Run agenticmail setup first." };
     }
     const nodePath = this.getNodePath();
@@ -6933,16 +7161,16 @@ WantedBy=default.target
     }
     const servicePath = this.getServicePath();
     if (this.os === "darwin") {
-      const dir = join8(homedir7(), "Library", "LaunchAgents");
-      if (!existsSync6(dir)) mkdirSync5(dir, { recursive: true });
-      if (existsSync6(servicePath)) {
+      const dir = join10(homedir8(), "Library", "LaunchAgents");
+      if (!existsSync7(dir)) mkdirSync6(dir, { recursive: true });
+      if (existsSync7(servicePath)) {
         try {
           execFileSync3("launchctl", ["unload", servicePath], { timeout: 1e4, stdio: "ignore" });
         } catch {
         }
       }
       const plist = this.generatePlist(nodePath, apiEntry, configPath);
-      writeFileSync4(servicePath, plist);
+      writeFileSync5(servicePath, plist);
       chmodSync(servicePath, 384);
       try {
         execFileSync3("launchctl", ["load", servicePath], { timeout: 1e4, stdio: "ignore" });
@@ -6951,10 +7179,10 @@ WantedBy=default.target
       }
       return { installed: true, message: `Service installed at ${servicePath}` };
     } else if (this.os === "linux") {
-      const dir = join8(homedir7(), ".config", "systemd", "user");
-      if (!existsSync6(dir)) mkdirSync5(dir, { recursive: true });
+      const dir = join10(homedir8(), ".config", "systemd", "user");
+      if (!existsSync7(dir)) mkdirSync6(dir, { recursive: true });
       const unit = this.generateSystemdUnit(nodePath, apiEntry, configPath);
-      writeFileSync4(servicePath, unit);
+      writeFileSync5(servicePath, unit);
       chmodSync(servicePath, 384);
       try {
         execFileSync3("systemctl", ["--user", "daemon-reload"], { timeout: 1e4, stdio: "ignore" });
@@ -6977,7 +7205,7 @@ WantedBy=default.target
    */
   uninstall() {
     const servicePath = this.getServicePath();
-    if (!existsSync6(servicePath)) {
+    if (!existsSync7(servicePath)) {
       return { removed: false, message: "Service is not installed." };
     }
     if (this.os === "darwin") {
@@ -7015,7 +7243,7 @@ WantedBy=default.target
   status() {
     const servicePath = this.getServicePath();
     const plat = this.os === "darwin" ? "launchd" : this.os === "linux" ? "systemd" : "unsupported";
-    const installed = existsSync6(servicePath);
+    const installed = existsSync7(servicePath);
     let running = false;
     if (installed) {
       if (this.os === "darwin") {
@@ -7070,34 +7298,34 @@ WantedBy=default.target
   needsRepair() {
     if (this.os !== "darwin" && this.os !== "linux") return null;
     const servicePath = this.getServicePath();
-    if (!existsSync6(servicePath)) return null;
+    if (!existsSync7(servicePath)) return null;
     let serviceContent = "";
     try {
-      serviceContent = readFileSync3(servicePath, "utf-8");
+      serviceContent = readFileSync4(servicePath, "utf-8");
     } catch {
       return { reason: "Service file unreadable" };
     }
-    const startScript = join8(homedir7(), ".agenticmail", "bin", "start-server.sh");
+    const startScript = join10(homedir8(), ".agenticmail", "bin", "start-server.sh");
     if (serviceContent.includes(startScript)) {
-      if (!existsSync6(startScript)) {
+      if (!existsSync7(startScript)) {
         return { reason: "start-server.sh is missing" };
       }
       let scriptContent = "";
       try {
-        scriptContent = readFileSync3(startScript, "utf-8");
+        scriptContent = readFileSync4(startScript, "utf-8");
       } catch {
         return { reason: "start-server.sh unreadable" };
       }
       const apiPathMatch = scriptContent.match(/(\/[^"\s]+@agenticmail\/api\/dist\/index\.js)/);
       if (apiPathMatch) {
         const referenced = apiPathMatch[1];
-        if (!existsSync6(referenced)) {
+        if (!existsSync7(referenced)) {
           return { reason: `start-server.sh references missing path: ${referenced}` };
         }
       }
       if (/node_modules\/agenticmail\/(?!.*@agenticmail\/cli)/.test(scriptContent)) {
         const stale = /(\S*node_modules\/agenticmail\/\S*)/.exec(scriptContent)?.[1];
-        if (stale && !existsSync6(stale)) {
+        if (stale && !existsSync7(stale)) {
           return { reason: `start-server.sh references legacy unscoped path: ${stale}` };
         }
       }
@@ -7110,11 +7338,11 @@ WantedBy=default.target
         return { reason: `Service version drift (current CLI is v${currentVersion})` };
       }
     }
-    const entryCache = join8(homedir7(), ".agenticmail", "api-entry.path");
-    if (existsSync6(entryCache)) {
+    const entryCache = join10(homedir8(), ".agenticmail", "api-entry.path");
+    if (existsSync7(entryCache)) {
       try {
-        const cached = readFileSync3(entryCache, "utf-8").trim();
-        if (cached && !existsSync6(cached)) {
+        const cached = readFileSync4(entryCache, "utf-8").trim();
+        if (cached && !existsSync7(cached)) {
           return { reason: `Cached API entry path no longer exists: ${cached}` };
         }
       } catch {
@@ -7165,13 +7393,13 @@ var SetupManager = class {
    * falls back to monorepo location.
    */
   getComposePath() {
-    const standalonePath = join9(homedir8(), ".agenticmail", "docker-compose.yml");
-    if (existsSync7(standalonePath)) return standalonePath;
+    const standalonePath = join11(homedir9(), ".agenticmail", "docker-compose.yml");
+    if (existsSync8(standalonePath)) return standalonePath;
     const cwd = process.cwd();
-    const candidates = [cwd, join9(cwd, "..")];
+    const candidates = [cwd, join11(cwd, "..")];
     for (const dir of candidates) {
-      const p = join9(dir, "docker-compose.yml");
-      if (existsSync7(p)) return p;
+      const p = join11(dir, "docker-compose.yml");
+      if (existsSync8(p)) return p;
     }
     return standalonePath;
   }
@@ -7181,19 +7409,19 @@ var SetupManager = class {
    * Always regenerates Docker files to keep passwords in sync.
    */
   initConfig() {
-    const dataDir = join9(homedir8(), ".agenticmail");
-    const configPath = join9(dataDir, "config.json");
-    const envPath = join9(dataDir, ".env");
-    if (existsSync7(configPath)) {
+    const dataDir = join11(homedir9(), ".agenticmail");
+    const configPath = join11(dataDir, "config.json");
+    const envPath = join11(dataDir, ".env");
+    if (existsSync8(configPath)) {
       try {
-        const existing = JSON.parse(readFileSync4(configPath, "utf-8"));
+        const existing = JSON.parse(readFileSync5(configPath, "utf-8"));
         this.generateDockerFiles(existing);
         return { configPath, envPath, config: existing, isNew: false };
       } catch {
       }
     }
-    if (!existsSync7(dataDir)) {
-      mkdirSync6(dataDir, { recursive: true });
+    if (!existsSync8(dataDir)) {
+      mkdirSync7(dataDir, { recursive: true });
     }
     const masterKey = `mk_${randomBytes3(24).toString("hex")}`;
     const stalwartPassword = randomBytes3(16).toString("hex");
@@ -7209,7 +7437,7 @@ var SetupManager = class {
       api: { port: 3829, host: "127.0.0.1" },
       dataDir
     };
-    writeFileSync5(configPath, JSON.stringify(config, null, 2));
+    writeFileSync6(configPath, JSON.stringify(config, null, 2));
     chmodSync2(configPath, 384);
     const envContent = `# Auto-generated by agenticmail setup
 STALWART_ADMIN_USER=admin
@@ -7225,7 +7453,7 @@ SMTP_PORT=587
 IMAP_HOST=localhost
 IMAP_PORT=143
 `;
-    writeFileSync5(envPath, envContent);
+    writeFileSync6(envPath, envContent);
     chmodSync2(envPath, 384);
     this.generateDockerFiles(config);
     return { configPath, envPath, config, isNew: true };
@@ -7235,13 +7463,13 @@ IMAP_PORT=143
    * with the correct admin password from config.
    */
   generateDockerFiles(config) {
-    const dataDir = config.dataDir || join9(homedir8(), ".agenticmail");
-    if (!existsSync7(dataDir)) {
-      mkdirSync6(dataDir, { recursive: true });
+    const dataDir = config.dataDir || join11(homedir9(), ".agenticmail");
+    if (!existsSync8(dataDir)) {
+      mkdirSync7(dataDir, { recursive: true });
     }
     const password = config.stalwart?.adminPassword || "changeme";
-    const composePath = join9(dataDir, "docker-compose.yml");
-    writeFileSync5(composePath, `services:
+    const composePath = join11(dataDir, "docker-compose.yml");
+    writeFileSync6(composePath, `services:
   stalwart:
     # Pinned to v0.15.5 \u2014 Stalwart 0.16+ moved its config to JSON
     # at /etc/stalwart/config.json (hardcoded into the container
@@ -7271,8 +7499,8 @@ volumes:
   stalwart-data:
 `);
     chmodSync2(composePath, 384);
-    const tomlPath = join9(dataDir, "stalwart.toml");
-    writeFileSync5(tomlPath, `# Stalwart Mail Server \u2014 AgenticMail Configuration
+    const tomlPath = join11(dataDir, "stalwart.toml");
+    writeFileSync6(tomlPath, `# Stalwart Mail Server \u2014 AgenticMail Configuration
 
 [server]
 hostname = "localhost"
@@ -7328,15 +7556,15 @@ secret = "${password}"
    * Check if config has already been initialized.
    */
   isInitialized() {
-    const configPath = join9(homedir8(), ".agenticmail", "config.json");
-    return existsSync7(configPath);
+    const configPath = join11(homedir9(), ".agenticmail", "config.json");
+    return existsSync8(configPath);
   }
 };
 
 // src/threading/thread-id.ts
 import { createHash as createHash2 } from "crypto";
 function stripReplyPrefixes(subject) {
-  let s = subject;
+  let s = subject.length > 1e3 ? subject.slice(0, 1e3) : subject;
   for (; ; ) {
     const next = s.replace(/^\s*(?:re|fwd?|fw)\s*(?:\[\d+\])?\s*:\s*/i, "");
     if (next === s) break;
@@ -7356,8 +7584,9 @@ function normalizeSubject(subject) {
 }
 function normalizeAddress(addr) {
   if (!addr) return "(unknown)";
-  const m = addr.match(/<([^>]+)>/);
-  const raw = m ? m[1] : addr;
+  const bounded = addr.length > 500 ? addr.slice(0, 500) : addr;
+  const m = bounded.match(/<([^>]+)>/);
+  const raw = m ? m[1] : bounded;
   return raw.trim().toLowerCase();
 }
 function threadIdFor(input) {
@@ -7367,18 +7596,18 @@ function threadIdFor(input) {
 
 // src/threading/thread-cache.ts
 import {
-  existsSync as existsSync8,
-  mkdirSync as mkdirSync7,
-  readFileSync as readFileSync5,
-  writeFileSync as writeFileSync6,
+  existsSync as existsSync9,
+  mkdirSync as mkdirSync8,
+  readFileSync as readFileSync6,
+  writeFileSync as writeFileSync7,
   readdirSync,
   statSync,
   rmSync,
-  renameSync
+  renameSync as renameSync2
 } from "fs";
-import { homedir as homedir9 } from "os";
-import { join as join10 } from "path";
-var CACHE_DIR_DEFAULT = join10(homedir9(), ".agenticmail", "thread-cache");
+import { homedir as homedir10 } from "os";
+import { join as join12 } from "path";
+var CACHE_DIR_DEFAULT = join12(homedir10(), ".agenticmail", "thread-cache");
 var DEFAULT_K_MESSAGES = 10;
 var DEFAULT_LRU_CAP = 5e3;
 var PREVIEW_MAX_CHARS = 240;
@@ -7391,18 +7620,18 @@ var ThreadCache = class {
     this.k = opts.k ?? DEFAULT_K_MESSAGES;
     this.lruCap = opts.lruCap ?? DEFAULT_LRU_CAP;
     try {
-      mkdirSync7(this.dir, { recursive: true });
+      mkdirSync8(this.dir, { recursive: true });
     } catch {
     }
   }
   pathFor(threadId) {
-    return join10(this.dir, `${threadId}.json`);
+    return join12(this.dir, `${threadId}.json`);
   }
   read(threadId) {
     const p = this.pathFor(threadId);
-    if (!existsSync8(p)) return null;
+    if (!existsSync9(p)) return null;
     try {
-      const raw = readFileSync5(p, "utf-8");
+      const raw = readFileSync6(p, "utf-8");
       return JSON.parse(raw);
     } catch {
       try {
@@ -7467,8 +7696,8 @@ var ThreadCache = class {
   writeAtomic(threadId, entry) {
     const p = this.pathFor(threadId);
     const tmp = `${p}.tmp`;
-    writeFileSync6(tmp, JSON.stringify(entry), "utf-8");
-    renameSync(tmp, p);
+    writeFileSync7(tmp, JSON.stringify(entry), "utf-8");
+    renameSync2(tmp, p);
   }
   /**
    * Best-effort LRU eviction. Runs at most every 256 writes (we
@@ -7486,7 +7715,7 @@ var ThreadCache = class {
     }
     if (files.length <= this.lruCap) return;
     const stats = files.map((f) => {
-      const p = join10(this.dir, f);
+      const p = join12(this.dir, f);
       try {
         return { p, mtime: statSync(p).mtimeMs };
       } catch {
@@ -7517,36 +7746,36 @@ function dedupAndCap(messages, k) {
 
 // src/threading/agent-memory.ts
 import {
-  existsSync as existsSync9,
-  mkdirSync as mkdirSync8,
-  readFileSync as readFileSync6,
-  writeFileSync as writeFileSync7,
+  existsSync as existsSync10,
+  mkdirSync as mkdirSync9,
+  readFileSync as readFileSync7,
+  writeFileSync as writeFileSync8,
   rmSync as rmSync2,
-  renameSync as renameSync2
+  renameSync as renameSync3
 } from "fs";
-import { homedir as homedir10 } from "os";
-import { join as join11 } from "path";
-var MEMORY_DIR_DEFAULT = join11(homedir10(), ".agenticmail", "agent-memory");
+import { homedir as homedir11 } from "os";
+import { join as join13 } from "path";
+var MEMORY_DIR_DEFAULT = join13(homedir11(), ".agenticmail", "agent-memory");
 var AgentMemoryStore = class {
   dir;
   constructor(opts = {}) {
     this.dir = opts.memoryDir ?? MEMORY_DIR_DEFAULT;
     try {
-      mkdirSync8(this.dir, { recursive: true });
+      mkdirSync9(this.dir, { recursive: true });
     } catch {
     }
   }
   dirFor(agentId) {
-    return join11(this.dir, sanitizeId(agentId));
+    return join13(this.dir, sanitizeId(agentId));
   }
   pathFor(agentId, threadId) {
-    return join11(this.dirFor(agentId), `${sanitizeId(threadId)}.md`);
+    return join13(this.dirFor(agentId), `${sanitizeId(threadId)}.md`);
   }
   read(agentId, threadId) {
     const p = this.pathFor(agentId, threadId);
-    if (!existsSync9(p)) return null;
+    if (!existsSync10(p)) return null;
     try {
-      const raw = readFileSync6(p, "utf-8");
+      const raw = readFileSync7(p, "utf-8");
       const parsed = parse(raw);
       return { ...parsed, raw };
     } catch {
@@ -7556,14 +7785,14 @@ var AgentMemoryStore = class {
   write(agentId, threadId, fields) {
     const agentDir = this.dirFor(agentId);
     try {
-      mkdirSync8(agentDir, { recursive: true });
+      mkdirSync9(agentDir, { recursive: true });
     } catch {
     }
     const body = render({ ...fields, updatedAt: (/* @__PURE__ */ new Date()).toISOString() });
     const p = this.pathFor(agentId, threadId);
     const tmp = `${p}.tmp`;
-    writeFileSync7(tmp, body, "utf-8");
-    renameSync2(tmp, p);
+    writeFileSync8(tmp, body, "utf-8");
+    renameSync3(tmp, p);
   }
   delete(agentId, threadId) {
     try {
@@ -7631,6 +7860,7 @@ export {
   CloudflareClient,
   DEFAULT_AGENT_NAME,
   DEFAULT_AGENT_ROLE,
+  DEFAULT_SESSION_MAX_AGE_MS,
   DNSConfigurator,
   DependencyChecker,
   DependencyInstaller,
@@ -7641,6 +7871,8 @@ export {
   InboxWatcher,
   MailReceiver,
   MailSender,
+  PathTraversalError,
+  REDACTED,
   RELAY_PRESETS,
   RelayBridge,
   RelayGateway,
@@ -7652,7 +7884,10 @@ export {
   StalwartAdmin,
   ThreadCache,
   TunnelManager,
+  UnsafeApiUrlError,
   WARNING_THRESHOLD,
+  assertWithinBase,
+  buildApiUrl,
   buildInboundSecurityAdvisory,
   classifyEmailRoute,
   closeDatabase,
@@ -7662,21 +7897,31 @@ export {
   ensureDataDir,
   extractVerificationCode,
   flushTelemetry,
+  forgetHostSession,
   getDatabase,
+  hostSessionStoragePath,
   isInternalEmail,
+  isSessionFresh,
   isValidPhoneNumber,
+  loadHostSession,
   normalizeAddress,
   normalizePhoneNumber,
   normalizeSubject,
   parseEmail,
   parseGoogleVoiceSms,
   recordToolCall,
+  redactObject,
+  redactSecret,
   resolveConfig,
+  safeJoin,
   sanitizeEmail,
   saveConfig,
+  saveHostSession,
   scanOutboundEmail,
   scoreEmail,
   setTelemetryVersion,
   startRelayBridge,
-  threadIdFor
+  threadIdFor,
+  tryJoin,
+  validateApiUrl
 };