npm - @agenticmail/enterprise - Versions diffs - 0.5.120 → 0.5.122 - Mend

@agenticmail/enterprise 0.5.120 → 0.5.122

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli-agent-NZ7XWUYS.js +544 -0
package/dist/cli-agent-UAPPR2BA.js +509 -0
package/dist/cli.js +1 -1
package/package.json +1 -1
package/src/cli-agent.ts +68 -82

package/dist/cli-agent-NZ7XWUYS.js ADDED Viewed

@@ -0,0 +1,544 @@
+import "./chunk-KFQGP6VL.js";
+// src/cli-agent.ts
+import { Hono } from "hono";
+import { serve } from "@hono/node-server";
+async function runAgent(_args) {
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const AGENT_ID = process.env.AGENTICMAIL_AGENT_ID;
+  const PORT = parseInt(process.env.PORT || "3000", 10);
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required");
+    process.exit(1);
+  }
+  if (!JWT_SECRET) {
+    console.error("ERROR: JWT_SECRET is required");
+    process.exit(1);
+  }
+  if (!AGENT_ID) {
+    console.error("ERROR: AGENTICMAIL_AGENT_ID is required");
+    process.exit(1);
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = JWT_SECRET;
+  }
+  console.log("\u{1F916} AgenticMail Agent Runtime");
+  console.log(`   Agent ID: ${AGENT_ID}`);
+  console.log("   Connecting to database...");
+  const { createAdapter } = await import("./factory-GT6SUZSQ.js");
+  const db = await createAdapter({
+    type: DATABASE_URL.startsWith("postgres") ? "postgres" : "sqlite",
+    connectionString: DATABASE_URL
+  });
+  await db.migrate();
+  const { EngineDatabase } = await import("./db-adapter-5AESGT7G.js");
+  const engineDbInterface = db.getEngineDB();
+  if (!engineDbInterface) {
+    console.error("ERROR: Database does not support engine queries");
+    process.exit(1);
+  }
+  const adapterDialect = db.getDialect();
+  const dialectMap = {
+    sqlite: "sqlite",
+    postgres: "postgres",
+    supabase: "postgres",
+    neon: "postgres",
+    cockroachdb: "postgres"
+  };
+  const engineDialect = dialectMap[adapterDialect] || adapterDialect;
+  const engineDb = new EngineDatabase(engineDbInterface, engineDialect);
+  await engineDb.migrate();
+  const agentRow = await engineDb.query(
+    `SELECT id, name, display_name, config, state FROM managed_agents WHERE id = $1`,
+    [AGENT_ID]
+  );
+  if (!agentRow || agentRow.length === 0) {
+    console.error(`ERROR: Agent ${AGENT_ID} not found in database`);
+    process.exit(1);
+  }
+  const agent = agentRow[0];
+  console.log(`   Agent: ${agent.display_name || agent.name}`);
+  console.log(`   State: ${agent.state}`);
+  const { AgentLifecycleManager } = await import("./lifecycle-IFPWWGQ3.js");
+  const lifecycle = new AgentLifecycleManager({ db: engineDb });
+  await lifecycle.loadFromDb();
+  const managed = lifecycle.getAgent(AGENT_ID);
+  if (!managed) {
+    console.error(`ERROR: Could not load agent ${AGENT_ID} from lifecycle`);
+    process.exit(1);
+  }
+  const config = managed.config;
+  console.log(`   Model: ${config.model?.provider}/${config.model?.modelId}`);
+  let memoryManager;
+  try {
+    const { AgentMemoryManager } = await import("./agent-memory-G7YFTMDO.js");
+    memoryManager = new AgentMemoryManager(engineDb);
+    console.log("   Memory: DB-backed");
+  } catch {
+    console.log("   Memory: file-based fallback");
+  }
+  try {
+    const settings = await db.getSettings();
+    const keys = settings?.modelPricingConfig?.providerApiKeys;
+    if (keys && typeof keys === "object") {
+      const { PROVIDER_REGISTRY } = await import("./providers-DZDNNJTY.js");
+      for (const [providerId, apiKey] of Object.entries(keys)) {
+        const envVar = PROVIDER_REGISTRY[providerId]?.envKey;
+        if (envVar && apiKey && !process.env[envVar]) {
+          process.env[envVar] = apiKey;
+          console.log(`   \u{1F511} Loaded API key for ${providerId}`);
+        }
+      }
+    }
+  } catch {
+  }
+  const { createAgentRuntime } = await import("./runtime-GB7V3PPC.js");
+  const getEmailConfig = (agentId) => {
+    const m = lifecycle.getAgent(agentId);
+    return m?.config?.emailConfig || null;
+  };
+  const onTokenRefresh = (agentId, tokens) => {
+    const m = lifecycle.getAgent(agentId);
+    if (m?.config?.emailConfig) {
+      if (tokens.accessToken) m.config.emailConfig.oauthAccessToken = tokens.accessToken;
+      if (tokens.refreshToken) m.config.emailConfig.oauthRefreshToken = tokens.refreshToken;
+      if (tokens.expiresAt) m.config.emailConfig.oauthTokenExpiry = tokens.expiresAt;
+      lifecycle.saveAgent(agentId).catch(() => {
+      });
+    }
+  };
+  let defaultModel;
+  const modelStr = process.env.AGENTICMAIL_MODEL || `${config.model?.provider}/${config.model?.modelId}`;
+  if (modelStr && modelStr.includes("/")) {
+    const [provider, ...rest] = modelStr.split("/");
+    defaultModel = {
+      provider,
+      modelId: rest.join("/"),
+      thinkingLevel: process.env.AGENTICMAIL_THINKING || config.model?.thinkingLevel
+    };
+  }
+  const runtime = createAgentRuntime({
+    engineDb,
+    adminDb: db,
+    defaultModel,
+    apiKeys: {},
+    gatewayEnabled: true,
+    getEmailConfig,
+    onTokenRefresh,
+    agentMemoryManager: memoryManager,
+    resumeOnStartup: true
+  });
+  await runtime.start();
+  const runtimeApp = runtime.getApp();
+  try {
+    const { permissionEngine } = await import("./routes-T4KALX5K.js");
+    await permissionEngine.setDb(engineDb);
+    console.log("   Permissions: loaded from DB");
+  } catch (permErr) {
+    console.warn(`   Permissions: failed to load (${permErr.message}) \u2014 tools may be blocked`);
+  }
+  const app = new Hono();
+  app.get("/health", (c) => c.json({
+    status: "ok",
+    agentId: AGENT_ID,
+    agentName: agent.display_name || agent.name,
+    uptime: process.uptime()
+  }));
+  app.get("/ready", (c) => c.json({ ready: true, agentId: AGENT_ID }));
+  if (runtimeApp) {
+    app.route("/api/runtime", runtimeApp);
+  }
+  serve({ fetch: app.fetch, port: PORT }, (info) => {
+    console.log(`
+\u2705 Agent runtime started`);
+    console.log(`   Health: http://localhost:${info.port}/health`);
+    console.log(`   Runtime: http://localhost:${info.port}/api/runtime`);
+    console.log("");
+  });
+  const shutdown = () => {
+    console.log("\n\u23F3 Shutting down agent...");
+    runtime.stop().then(() => db.disconnect()).then(() => {
+      console.log("\u2705 Agent shutdown complete");
+      process.exit(0);
+    });
+    setTimeout(() => process.exit(1), 1e4).unref();
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  try {
+    await engineDb.query(
+      `UPDATE managed_agents SET state = 'running', updated_at = $1 WHERE id = $2`,
+      [(/* @__PURE__ */ new Date()).toISOString(), AGENT_ID]
+    );
+    console.log("   State: running");
+  } catch {
+  }
+  setTimeout(async () => {
+    try {
+      const orgRows = await engineDb.query(
+        `SELECT org_id FROM managed_agents WHERE id = $1`,
+        [AGENT_ID]
+      );
+      const orgId = orgRows?.[0]?.org_id;
+      if (!orgId) {
+        console.log("[onboarding] No org ID found, skipping");
+        return;
+      }
+      const pendingRows = await engineDb.query(
+        `SELECT r.id, r.policy_id, p.name as policy_name, p.content as policy_content, p.priority
+         FROM onboarding_records r
+         JOIN org_policies p ON r.policy_id = p.id
+         WHERE r.agent_id = $1 AND r.status = 'pending'`,
+        [AGENT_ID]
+      );
+      if (!pendingRows || pendingRows.length === 0) {
+        console.log("[onboarding] Already complete or no records");
+      } else {
+        console.log(`[onboarding] ${pendingRows.length} pending policies \u2014 auto-acknowledging...`);
+        const ts = (/* @__PURE__ */ new Date()).toISOString();
+        const policyNames = [];
+        for (const row of pendingRows) {
+          const policyName = row.policy_name || row.policy_id;
+          policyNames.push(policyName);
+          console.log(`[onboarding] Reading: ${policyName}`);
+          const { createHash } = await import("crypto");
+          const hash = createHash("sha256").update(row.policy_content || "").digest("hex").slice(0, 16);
+          await engineDb.query(
+            `UPDATE onboarding_records SET status = 'acknowledged', acknowledged_at = $1, verification_hash = $2, updated_at = $1 WHERE id = $3`,
+            [ts, hash, row.id]
+          );
+          console.log(`[onboarding] \u2705 Acknowledged: ${policyName}`);
+          if (memoryManager) {
+            try {
+              await memoryManager.storeMemory(AGENT_ID, {
+                content: `Organization policy "${policyName}" (${row.priority}): ${(row.policy_content || "").slice(0, 500)}`,
+                category: "org_knowledge",
+                importance: row.priority === "mandatory" ? "high" : "medium",
+                confidence: 1
+              });
+            } catch {
+            }
+          }
+        }
+        if (memoryManager) {
+          try {
+            await memoryManager.storeMemory(AGENT_ID, {
+              content: `Completed onboarding: read and acknowledged ${policyNames.length} organization policies: ${policyNames.join(", ")}.`,
+              category: "org_knowledge",
+              importance: "high",
+              confidence: 1
+            });
+          } catch {
+          }
+        }
+        console.log(`[onboarding] \u2705 Onboarding complete \u2014 ${policyNames.length} policies acknowledged`);
+      }
+      const managerEmail = config.managerEmail || (config.manager?.type === "external" ? config.manager.email : null);
+      const emailConfig = config.emailConfig;
+      if (managerEmail && emailConfig) {
+        console.log(`[welcome] Sending introduction email to ${managerEmail}...`);
+        try {
+          const { createEmailProvider } = await import("./agenticmail-4C2RL6PL.js");
+          const providerType = emailConfig.provider || (emailConfig.oauthProvider === "google" ? "google" : emailConfig.oauthProvider === "microsoft" ? "microsoft" : "imap");
+          const emailProvider = createEmailProvider(providerType);
+          let currentAccessToken = emailConfig.oauthAccessToken;
+          const refreshTokenFn = emailConfig.oauthRefreshToken ? async () => {
+            const clientId = emailConfig.oauthClientId;
+            const clientSecret = emailConfig.oauthClientSecret;
+            const refreshToken = emailConfig.oauthRefreshToken;
+            const tokenUrl = providerType === "google" ? "https://oauth2.googleapis.com/token" : "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            const res = await fetch(tokenUrl, {
+              method: "POST",
+              headers: { "Content-Type": "application/x-www-form-urlencoded" },
+              body: new URLSearchParams({
+                client_id: clientId,
+                client_secret: clientSecret,
+                refresh_token: refreshToken,
+                grant_type: "refresh_token"
+              })
+            });
+            const data = await res.json();
+            if (data.access_token) {
+              currentAccessToken = data.access_token;
+              emailConfig.oauthAccessToken = data.access_token;
+              if (data.expires_in) emailConfig.oauthTokenExpiry = new Date(Date.now() + data.expires_in * 1e3).toISOString();
+              lifecycle.saveAgent(AGENT_ID).catch(() => {
+              });
+              return data.access_token;
+            }
+            throw new Error(`Token refresh failed: ${JSON.stringify(data)}`);
+          } : void 0;
+          if (refreshTokenFn) {
+            try {
+              currentAccessToken = await refreshTokenFn();
+              console.log("[welcome] Refreshed OAuth token");
+            } catch (refreshErr) {
+              console.error(`[welcome] Token refresh failed: ${refreshErr.message}`);
+            }
+          }
+          await emailProvider.connect({
+            agentId: AGENT_ID,
+            name: config.displayName || config.name,
+            email: emailConfig.email || config.email?.address || "",
+            orgId,
+            accessToken: currentAccessToken,
+            refreshToken: refreshTokenFn,
+            provider: providerType
+          });
+          const agentName = config.displayName || config.name;
+          const role = config.identity?.role || "AI Agent";
+          const identity = config.identity || {};
+          const traits = identity.traits || {};
+          const policyCount = pendingRows?.length || 0;
+          const agentEmailAddr = config.email?.address || emailConfig?.email || "";
+          const traitMap = {
+            communication: "Communication",
+            detail: "Work Style",
+            energy: "Energy",
+            humor: "Humor",
+            formality: "Formality",
+            empathy: "Empathy",
+            patience: "Patience",
+            creativity: "Creativity"
+          };
+          const traitLines = Object.entries(traits).filter(([, v]) => v).map(([k, v]) => `  ${traitMap[k] || k}: ${v}`).join("\n");
+          const welcomeBody = `Hello!
+I'm ${agentName}, and I'm excited to introduce myself as your new ${role}. I've just been deployed and I'm ready to get to work.
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F4CB} PROFILE SUMMARY
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+Name:           ${agentName}
+Role:           ${role}
+Email:          ${agentEmailAddr}
+Language:       ${identity.language || "English"}
+Tone:           ${identity.tone || "professional"}
+${identity.gender ? `Gender:         ${identity.gender}
+` : ""}${identity.culturalBackground ? `Background:     ${identity.culturalBackground}
+` : ""}
+${traitLines ? `\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F9E0} PERSONALITY TRAITS
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+${traitLines}
+` : ""}
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u2705 ONBOARDING STATUS
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+I've completed my onboarding and have read and acknowledged all ${policyCount} organization policies. I understand the guidelines and will follow them in every interaction.
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F4BC} WHAT I CAN DO
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u2022 Read, respond to, and manage emails professionally
+\u2022 Handle customer inquiries and support requests
+\u2022 Process tasks assigned through the dashboard
+\u2022 Search the web and gather information
+\u2022 Create and manage documents and files
+\u2022 Follow escalation protocols for complex issues
+\u2022 Learn and improve from every interaction
+\u2022 Maintain context across conversations using persistent memory
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u{1F4EC} HOW TO REACH ME
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+\u2022 Email: ${agentEmailAddr}
+\u2022 Dashboard: Your AgenticMail Enterprise dashboard
+\u2022 I check my inbox every 30 seconds and respond promptly
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+${identity.personality ? `A bit about my personality:
+${identity.personality.slice(0, 500)}
+` : ""}I'm looking forward to working with you and making your workflow more efficient. Feel free to reply to this email to start a conversation \u2014 I'll respond right away.
+Best regards,
+${agentName}
+${role}`;
+          await emailProvider.send({
+            to: managerEmail,
+            subject: `Welcome! I'm ${agentName}, your new ${role} \u2014 here's my profile`,
+            body: welcomeBody
+          });
+          console.log(`[welcome] \u2705 Welcome email sent to ${managerEmail}`);
+          if (memoryManager) {
+            try {
+              await memoryManager.storeMemory(AGENT_ID, {
+                content: `Sent welcome introduction email to manager at ${managerEmail}. Introduced myself as ${agentName}, ${role}.`,
+                category: "interaction_pattern",
+                importance: "medium",
+                confidence: 1
+              });
+            } catch {
+            }
+          }
+        } catch (err) {
+          console.error(`[welcome] Failed to send welcome email: ${err.message}`);
+        }
+      } else {
+        if (!managerEmail) console.log("[welcome] No manager email configured, skipping welcome email");
+      }
+    } catch (err) {
+      console.error(`[onboarding] Error: ${err.message}`);
+    }
+    startEmailPolling(AGENT_ID, config, lifecycle, runtime, engineDb, memoryManager);
+  }, 3e3);
+}
+async function startEmailPolling(agentId, config, lifecycle, runtime, engineDb, memoryManager) {
+  const emailConfig = config.emailConfig;
+  if (!emailConfig) {
+    console.log("[email-poll] No email config, inbox polling disabled");
+    return;
+  }
+  const providerType = emailConfig.provider || (emailConfig.oauthProvider === "google" ? "google" : emailConfig.oauthProvider === "microsoft" ? "microsoft" : "imap");
+  const refreshTokenFn = emailConfig.oauthRefreshToken ? async () => {
+    const tokenUrl = providerType === "google" ? "https://oauth2.googleapis.com/token" : "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+    const res = await fetch(tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        client_id: emailConfig.oauthClientId,
+        client_secret: emailConfig.oauthClientSecret,
+        refresh_token: emailConfig.oauthRefreshToken,
+        grant_type: "refresh_token"
+      })
+    });
+    const data = await res.json();
+    if (data.access_token) {
+      emailConfig.oauthAccessToken = data.access_token;
+      if (data.expires_in) emailConfig.oauthTokenExpiry = new Date(Date.now() + data.expires_in * 1e3).toISOString();
+      lifecycle.saveAgent(agentId).catch(() => {
+      });
+      return data.access_token;
+    }
+    throw new Error(`Token refresh failed: ${JSON.stringify(data)}`);
+  } : void 0;
+  const { createEmailProvider } = await import("./agenticmail-4C2RL6PL.js");
+  const emailProvider = createEmailProvider(providerType);
+  let accessToken = emailConfig.oauthAccessToken;
+  if (refreshTokenFn) {
+    try {
+      accessToken = await refreshTokenFn();
+    } catch (e) {
+      console.error(`[email-poll] Token refresh failed: ${e.message}`);
+    }
+  }
+  const orgRows = await engineDb.query(`SELECT org_id FROM managed_agents WHERE id = $1`, [agentId]);
+  const orgId = orgRows?.[0]?.org_id || "";
+  await emailProvider.connect({
+    agentId,
+    name: config.displayName || config.name,
+    email: emailConfig.email || config.email?.address || "",
+    orgId,
+    accessToken,
+    refreshToken: refreshTokenFn,
+    provider: providerType
+  });
+  console.log("[email-poll] \u2705 Email provider connected, starting inbox polling (every 30s)");
+  const processedIds = /* @__PURE__ */ new Set();
+  try {
+    const existing = await emailProvider.listMessages("INBOX", { limit: 50 });
+    for (const msg of existing) {
+      processedIds.add(msg.uid);
+    }
+    console.log(`[email-poll] Loaded ${processedIds.size} existing messages (will skip)`);
+  } catch (e) {
+    console.error(`[email-poll] Failed to load existing messages: ${e.message}`);
+  }
+  const POLL_INTERVAL = 3e4;
+  const agentEmail = (emailConfig.email || config.email?.address || "").toLowerCase();
+  async function pollOnce() {
+    try {
+      const messages = await emailProvider.listMessages("INBOX", { limit: 20 });
+      const newMessages = messages.filter((m) => !processedIds.has(m.uid));
+      const unread = newMessages.filter((m) => !m.read);
+      if (newMessages.length > 0) {
+        console.log(`[email-poll] Found ${newMessages.length} new messages, ${unread.length} unread`);
+      }
+      for (const envelope of unread) {
+        processedIds.add(envelope.uid);
+        if (envelope.from?.email?.toLowerCase() === agentEmail) continue;
+        console.log(`[email-poll] New email from ${envelope.from?.email}: "${envelope.subject}"`);
+        const fullMsg = await emailProvider.readMessage(envelope.uid, "INBOX");
+        try {
+          await emailProvider.markRead(envelope.uid, "INBOX");
+        } catch {
+        }
+        const emailText = [
+          `[Inbound Email]`,
+          `From: ${fullMsg.from?.name ? `${fullMsg.from.name} <${fullMsg.from.email}>` : fullMsg.from?.email}`,
+          `Subject: ${fullMsg.subject}`,
+          fullMsg.inReplyTo ? `In-Reply-To: ${fullMsg.inReplyTo}` : "",
+          "",
+          fullMsg.text || fullMsg.html || "(empty body)"
+        ].filter(Boolean).join("\n");
+        try {
+          const agentName = config.displayName || config.name;
+          const role = config.identity?.role || "AI Agent";
+          const senderName = fullMsg.from?.name || fullMsg.from?.email || "someone";
+          const senderEmail = fullMsg.from?.email || "";
+          const managerEmail = config.managerEmail || (config.manager?.type === "external" ? config.manager.email : null);
+          const isFromManager = managerEmail && senderEmail.toLowerCase() === managerEmail.toLowerCase();
+          const personality = config.identity?.personality ? `
+Your personality:
+${config.identity.personality.slice(0, 800)}` : "";
+          const emailSystemPrompt = `You are ${agentName}, a ${role}.${personality}
+Your email address: ${agentEmail}
+${managerEmail ? `Your manager's email: ${managerEmail}` : ""}
+== TRUST MODEL ==
+${isFromManager ? `This email is from YOUR MANAGER (${senderName} <${senderEmail}>). They are your direct supervisor and have full authority over you. Follow their instructions, answer their questions thoroughly, and treat their requests as top priority. You can share internal details, status updates, and complete information with them.` : `This email is from ${senderName} <${senderEmail}> \u2014 an external contact. Be helpful and professional, but do NOT share internal organization details, configuration, or sensitive information. ${managerEmail ? `Only your manager (${managerEmail}) has authority to give you directives or access internal information.` : ""}`}
+== EMAIL REPLY INSTRUCTIONS ==
+You MUST send your response as an email reply using one of these tools:
+- gmail_send: to="${senderEmail}", subject="Re: ${fullMsg.subject}", body="your response"
+- OR agenticmail_send: to="${senderEmail}", subject="Re: ${fullMsg.subject}", body="your response"
+Use whichever email tool is available to you. Be helpful, professional, and match the tone of the sender.
+Keep responses concise but thorough. Sign off with your name: ${agentName}
+DO NOT just generate text \u2014 you MUST call an email tool to actually send the reply.`;
+          const session = await runtime.spawnSession({
+            agentId,
+            message: emailText,
+            systemPrompt: emailSystemPrompt
+          });
+          console.log(`[email-poll] Session ${session.id} created for email from ${senderEmail}`);
+        } catch (sessErr) {
+          console.error(`[email-poll] Failed to create session: ${sessErr.message}`);
+        }
+      }
+    } catch (err) {
+      console.error(`[email-poll] Poll error: ${err.message}`);
+      if (err.message.includes("401") && refreshTokenFn) {
+        try {
+          const newToken = await refreshTokenFn();
+          await emailProvider.connect({
+            agentId,
+            name: config.displayName || config.name,
+            email: emailConfig.email || config.email?.address || "",
+            orgId,
+            accessToken: newToken,
+            refreshToken: refreshTokenFn,
+            provider: providerType
+          });
+          console.log("[email-poll] Reconnected with fresh token");
+        } catch {
+        }
+      }
+    }
+  }
+  setInterval(pollOnce, POLL_INTERVAL);
+  setTimeout(pollOnce, 5e3);
+}
+export {
+  runAgent
+};

package/dist/cli-agent-UAPPR2BA.js ADDED Viewed

@@ -0,0 +1,509 @@
+import "./chunk-KFQGP6VL.js";
+// src/cli-agent.ts
+import { Hono } from "hono";
+import { serve } from "@hono/node-server";
+async function runAgent(_args) {
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const AGENT_ID = process.env.AGENTICMAIL_AGENT_ID;
+  const PORT = parseInt(process.env.PORT || "3000", 10);
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required");
+    process.exit(1);
+  }
+  if (!JWT_SECRET) {
+    console.error("ERROR: JWT_SECRET is required");
+    process.exit(1);
+  }
+  if (!AGENT_ID) {
+    console.error("ERROR: AGENTICMAIL_AGENT_ID is required");
+    process.exit(1);
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = JWT_SECRET;
+  }
+  console.log("\u{1F916} AgenticMail Agent Runtime");
+  console.log(`   Agent ID: ${AGENT_ID}`);
+  console.log("   Connecting to database...");
+  const { createAdapter } = await import("./factory-GT6SUZSQ.js");
+  const db = await createAdapter({
+    type: DATABASE_URL.startsWith("postgres") ? "postgres" : "sqlite",
+    connectionString: DATABASE_URL
+  });
+  await db.migrate();
+  const { EngineDatabase } = await import("./db-adapter-5AESGT7G.js");
+  const engineDbInterface = db.getEngineDB();
+  if (!engineDbInterface) {
+    console.error("ERROR: Database does not support engine queries");
+    process.exit(1);
+  }
+  const adapterDialect = db.getDialect();
+  const dialectMap = {
+    sqlite: "sqlite",
+    postgres: "postgres",
+    supabase: "postgres",
+    neon: "postgres",
+    cockroachdb: "postgres"
+  };
+  const engineDialect = dialectMap[adapterDialect] || adapterDialect;
+  const engineDb = new EngineDatabase(engineDbInterface, engineDialect);
+  await engineDb.migrate();
+  const agentRow = await engineDb.query(
+    `SELECT id, name, display_name, config, state FROM managed_agents WHERE id = $1`,
+    [AGENT_ID]
+  );
+  if (!agentRow || agentRow.length === 0) {
+    console.error(`ERROR: Agent ${AGENT_ID} not found in database`);
+    process.exit(1);
+  }
+  const agent = agentRow[0];
+  console.log(`   Agent: ${agent.display_name || agent.name}`);
+  console.log(`   State: ${agent.state}`);
+  const { AgentLifecycleManager } = await import("./lifecycle-IFPWWGQ3.js");
+  const lifecycle = new AgentLifecycleManager({ db: engineDb });
+  await lifecycle.loadFromDb();
+  const managed = lifecycle.getAgent(AGENT_ID);
+  if (!managed) {
+    console.error(`ERROR: Could not load agent ${AGENT_ID} from lifecycle`);
+    process.exit(1);
+  }
+  const config = managed.config;
+  console.log(`   Model: ${config.model?.provider}/${config.model?.modelId}`);
+  let memoryManager;
+  try {
+    const { AgentMemoryManager } = await import("./agent-memory-G7YFTMDO.js");
+    memoryManager = new AgentMemoryManager(engineDb);
+    console.log("   Memory: DB-backed");
+  } catch {
+    console.log("   Memory: file-based fallback");
+  }
+  try {
+    const settings = await db.getSettings();
+    const keys = settings?.modelPricingConfig?.providerApiKeys;
+    if (keys && typeof keys === "object") {
+      const { PROVIDER_REGISTRY } = await import("./providers-DZDNNJTY.js");
+      for (const [providerId, apiKey] of Object.entries(keys)) {
+        const envVar = PROVIDER_REGISTRY[providerId]?.envKey;
+        if (envVar && apiKey && !process.env[envVar]) {
+          process.env[envVar] = apiKey;
+          console.log(`   \u{1F511} Loaded API key for ${providerId}`);
+        }
+      }
+    }
+  } catch {
+  }
+  const { createAgentRuntime } = await import("./runtime-GB7V3PPC.js");
+  const getEmailConfig = (agentId) => {
+    const m = lifecycle.getAgent(agentId);
+    return m?.config?.emailConfig || null;
+  };
+  const onTokenRefresh = (agentId, tokens) => {
+    const m = lifecycle.getAgent(agentId);
+    if (m?.config?.emailConfig) {
+      if (tokens.accessToken) m.config.emailConfig.oauthAccessToken = tokens.accessToken;
+      if (tokens.refreshToken) m.config.emailConfig.oauthRefreshToken = tokens.refreshToken;
+      if (tokens.expiresAt) m.config.emailConfig.oauthTokenExpiry = tokens.expiresAt;
+      lifecycle.saveAgent(agentId).catch(() => {
+      });
+    }
+  };
+  let defaultModel;
+  const modelStr = process.env.AGENTICMAIL_MODEL || `${config.model?.provider}/${config.model?.modelId}`;
+  if (modelStr && modelStr.includes("/")) {
+    const [provider, ...rest] = modelStr.split("/");
+    defaultModel = {
+      provider,
+      modelId: rest.join("/"),
+      thinkingLevel: process.env.AGENTICMAIL_THINKING || config.model?.thinkingLevel
+    };
+  }
+  const runtime = createAgentRuntime({
+    engineDb,
+    adminDb: db,
+    defaultModel,
+    apiKeys: {},
+    gatewayEnabled: true,
+    getEmailConfig,
+    onTokenRefresh,
+    agentMemoryManager: memoryManager,
+    resumeOnStartup: true
+  });
+  await runtime.start();
+  const runtimeApp = runtime.getApp();
+  try {
+    const { permissionEngine } = await import("./routes-T4KALX5K.js");
+    await permissionEngine.setDb(engineDb);
+    console.log("   Permissions: loaded from DB");
+  } catch (permErr) {
+    console.warn(`   Permissions: failed to load (${permErr.message}) \u2014 tools may be blocked`);
+  }
+  const app = new Hono();
+  app.get("/health", (c) => c.json({
+    status: "ok",
+    agentId: AGENT_ID,
+    agentName: agent.display_name || agent.name,
+    uptime: process.uptime()
+  }));
+  app.get("/ready", (c) => c.json({ ready: true, agentId: AGENT_ID }));
+  if (runtimeApp) {
+    app.route("/api/runtime", runtimeApp);
+  }
+  serve({ fetch: app.fetch, port: PORT }, (info) => {
+    console.log(`
+\u2705 Agent runtime started`);
+    console.log(`   Health: http://localhost:${info.port}/health`);
+    console.log(`   Runtime: http://localhost:${info.port}/api/runtime`);
+    console.log("");
+  });
+  const shutdown = () => {
+    console.log("\n\u23F3 Shutting down agent...");
+    runtime.stop().then(() => db.disconnect()).then(() => {
+      console.log("\u2705 Agent shutdown complete");
+      process.exit(0);
+    });
+    setTimeout(() => process.exit(1), 1e4).unref();
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  try {
+    await engineDb.query(
+      `UPDATE managed_agents SET state = 'running', updated_at = $1 WHERE id = $2`,
+      [(/* @__PURE__ */ new Date()).toISOString(), AGENT_ID]
+    );
+    console.log("   State: running");
+  } catch {
+  }
+  setTimeout(async () => {
+    try {
+      const orgRows = await engineDb.query(
+        `SELECT org_id FROM managed_agents WHERE id = $1`,
+        [AGENT_ID]
+      );
+      const orgId = orgRows?.[0]?.org_id;
+      if (!orgId) {
+        console.log("[onboarding] No org ID found, skipping");
+        return;
+      }
+      const pendingRows = await engineDb.query(
+        `SELECT r.id, r.policy_id, p.name as policy_name, p.content as policy_content, p.priority
+         FROM onboarding_records r
+         JOIN org_policies p ON r.policy_id = p.id
+         WHERE r.agent_id = $1 AND r.status = 'pending'`,
+        [AGENT_ID]
+      );
+      if (!pendingRows || pendingRows.length === 0) {
+        console.log("[onboarding] Already complete or no records");
+      } else {
+        console.log(`[onboarding] ${pendingRows.length} pending policies \u2014 auto-acknowledging...`);
+        const ts = (/* @__PURE__ */ new Date()).toISOString();
+        const policyNames = [];
+        for (const row of pendingRows) {
+          const policyName = row.policy_name || row.policy_id;
+          policyNames.push(policyName);
+          console.log(`[onboarding] Reading: ${policyName}`);
+          const { createHash } = await import("crypto");
+          const hash = createHash("sha256").update(row.policy_content || "").digest("hex").slice(0, 16);
+          await engineDb.query(
+            `UPDATE onboarding_records SET status = 'acknowledged', acknowledged_at = $1, verification_hash = $2, updated_at = $1 WHERE id = $3`,
+            [ts, hash, row.id]
+          );
+          console.log(`[onboarding] \u2705 Acknowledged: ${policyName}`);
+          if (memoryManager) {
+            try {
+              await memoryManager.storeMemory(AGENT_ID, {
+                content: `Organization policy "${policyName}" (${row.priority}): ${(row.policy_content || "").slice(0, 500)}`,
+                category: "org_knowledge",
+                importance: row.priority === "mandatory" ? "high" : "medium",
+                confidence: 1
+              });
+            } catch {
+            }
+          }
+        }
+        if (memoryManager) {
+          try {
+            await memoryManager.storeMemory(AGENT_ID, {
+              content: `Completed onboarding: read and acknowledged ${policyNames.length} organization policies: ${policyNames.join(", ")}.`,
+              category: "org_knowledge",
+              importance: "high",
+              confidence: 1
+            });
+          } catch {
+          }
+        }
+        console.log(`[onboarding] \u2705 Onboarding complete \u2014 ${policyNames.length} policies acknowledged`);
+      }
+      const managerEmail = config.managerEmail || (config.manager?.type === "external" ? config.manager.email : null);
+      const emailConfig = config.emailConfig;
+      if (managerEmail && emailConfig) {
+        console.log(`[welcome] Sending introduction email to ${managerEmail}...`);
+        try {
+          const { createEmailProvider } = await import("./agenticmail-4C2RL6PL.js");
+          const providerType = emailConfig.provider || (emailConfig.oauthProvider === "google" ? "google" : emailConfig.oauthProvider === "microsoft" ? "microsoft" : "imap");
+          const emailProvider = createEmailProvider(providerType);
+          let currentAccessToken = emailConfig.oauthAccessToken;
+          const refreshTokenFn = emailConfig.oauthRefreshToken ? async () => {
+            const clientId = emailConfig.oauthClientId;
+            const clientSecret = emailConfig.oauthClientSecret;
+            const refreshToken = emailConfig.oauthRefreshToken;
+            const tokenUrl = providerType === "google" ? "https://oauth2.googleapis.com/token" : "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            const res = await fetch(tokenUrl, {
+              method: "POST",
+              headers: { "Content-Type": "application/x-www-form-urlencoded" },
+              body: new URLSearchParams({
+                client_id: clientId,
+                client_secret: clientSecret,
+                refresh_token: refreshToken,
+                grant_type: "refresh_token"
+              })
+            });
+            const data = await res.json();
+            if (data.access_token) {
+              currentAccessToken = data.access_token;
+              emailConfig.oauthAccessToken = data.access_token;
+              if (data.expires_in) emailConfig.oauthTokenExpiry = new Date(Date.now() + data.expires_in * 1e3).toISOString();
+              lifecycle.saveAgent(AGENT_ID).catch(() => {
+              });
+              return data.access_token;
+            }
+            throw new Error(`Token refresh failed: ${JSON.stringify(data)}`);
+          } : void 0;
+          if (refreshTokenFn) {
+            try {
+              currentAccessToken = await refreshTokenFn();
+              console.log("[welcome] Refreshed OAuth token");
+            } catch (refreshErr) {
+              console.error(`[welcome] Token refresh failed: ${refreshErr.message}`);
+            }
+          }
+          await emailProvider.connect({
+            agentId: AGENT_ID,
+            name: config.displayName || config.name,
+            email: emailConfig.email || config.email?.address || "",
+            orgId,
+            accessToken: currentAccessToken,
+            refreshToken: refreshTokenFn,
+            provider: providerType
+          });
+          const agentName = config.displayName || config.name;
+          const role = config.identity?.role || "AI Agent";
+          const identity = config.identity || {};
+          const agentEmailAddr = config.email?.address || emailConfig?.email || "";
+          let alreadySent = false;
+          if (memoryManager) {
+            try {
+              const memories = await memoryManager.recall(AGENT_ID, "welcome email sent to manager", 5);
+              alreadySent = memories.some((m) => m.content?.includes("welcome_email_sent"));
+            } catch {
+            }
+          }
+          if (!alreadySent) {
+            try {
+              const sentCheck = await engineDb.query(
+                `SELECT id FROM agent_memory WHERE agent_id = $1 AND content LIKE '%welcome_email_sent%' LIMIT 1`,
+                [AGENT_ID]
+              );
+              alreadySent = sentCheck.rows.length > 0;
+            } catch {
+            }
+          }
+          if (alreadySent) {
+            console.log("[welcome] Welcome email already sent, skipping");
+          } else {
+            console.log(`[welcome] Generating AI welcome email for ${managerEmail}...`);
+            const welcomeSession = await runtime.spawnSession({
+              agentId: AGENT_ID,
+              message: `You are about to introduce yourself to your manager for the first time via email.
+Your details:
+- Name: ${agentName}
+- Role: ${role}
+- Email: ${agentEmailAddr}
+- Manager email: ${managerEmail}
+${identity.personality ? `- Personality: ${identity.personality.slice(0, 600)}` : ""}
+${identity.tone ? `- Tone: ${identity.tone}` : ""}
+Write and send a brief, genuine introduction email to your manager. Be yourself \u2014 don't use templates or corporate speak. Mention your role, what you can help with, and that you're ready to get started. Keep it concise (under 200 words). Use the gmail_send or agenticmail_send tool to send it.`,
+              systemPrompt: `You are ${agentName}, a ${role}. ${identity.personality || ""}
+You have email tools available. Send ONE email to introduce yourself to your manager. Be genuine and concise. Do NOT send more than one email.
+Available tools: gmail_send (to, subject, body) or agenticmail_send (to, subject, body).`
+            });
+            console.log(`[welcome] \u2705 Welcome email session ${welcomeSession.id} created`);
+            if (memoryManager) {
+              try {
+                await memoryManager.storeMemory(AGENT_ID, {
+                  content: `welcome_email_sent: Sent AI-generated introduction email to manager at ${managerEmail} on ${(/* @__PURE__ */ new Date()).toISOString()}.`,
+                  category: "interaction_pattern",
+                  importance: "high",
+                  confidence: 1
+                });
+              } catch {
+              }
+            }
+          }
+        } catch (err) {
+          console.error(`[welcome] Failed to send welcome email: ${err.message}`);
+        }
+      } else {
+        if (!managerEmail) console.log("[welcome] No manager email configured, skipping welcome email");
+      }
+    } catch (err) {
+      console.error(`[onboarding] Error: ${err.message}`);
+    }
+    startEmailPolling(AGENT_ID, config, lifecycle, runtime, engineDb, memoryManager);
+  }, 3e3);
+}
+async function startEmailPolling(agentId, config, lifecycle, runtime, engineDb, memoryManager) {
+  const emailConfig = config.emailConfig;
+  if (!emailConfig) {
+    console.log("[email-poll] No email config, inbox polling disabled");
+    return;
+  }
+  const providerType = emailConfig.provider || (emailConfig.oauthProvider === "google" ? "google" : emailConfig.oauthProvider === "microsoft" ? "microsoft" : "imap");
+  const refreshTokenFn = emailConfig.oauthRefreshToken ? async () => {
+    const tokenUrl = providerType === "google" ? "https://oauth2.googleapis.com/token" : "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+    const res = await fetch(tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        client_id: emailConfig.oauthClientId,
+        client_secret: emailConfig.oauthClientSecret,
+        refresh_token: emailConfig.oauthRefreshToken,
+        grant_type: "refresh_token"
+      })
+    });
+    const data = await res.json();
+    if (data.access_token) {
+      emailConfig.oauthAccessToken = data.access_token;
+      if (data.expires_in) emailConfig.oauthTokenExpiry = new Date(Date.now() + data.expires_in * 1e3).toISOString();
+      lifecycle.saveAgent(agentId).catch(() => {
+      });
+      return data.access_token;
+    }
+    throw new Error(`Token refresh failed: ${JSON.stringify(data)}`);
+  } : void 0;
+  const { createEmailProvider } = await import("./agenticmail-4C2RL6PL.js");
+  const emailProvider = createEmailProvider(providerType);
+  let accessToken = emailConfig.oauthAccessToken;
+  if (refreshTokenFn) {
+    try {
+      accessToken = await refreshTokenFn();
+    } catch (e) {
+      console.error(`[email-poll] Token refresh failed: ${e.message}`);
+    }
+  }
+  const orgRows = await engineDb.query(`SELECT org_id FROM managed_agents WHERE id = $1`, [agentId]);
+  const orgId = orgRows?.[0]?.org_id || "";
+  await emailProvider.connect({
+    agentId,
+    name: config.displayName || config.name,
+    email: emailConfig.email || config.email?.address || "",
+    orgId,
+    accessToken,
+    refreshToken: refreshTokenFn,
+    provider: providerType
+  });
+  console.log("[email-poll] \u2705 Email provider connected, starting inbox polling (every 30s)");
+  const processedIds = /* @__PURE__ */ new Set();
+  try {
+    const existing = await emailProvider.listMessages("INBOX", { limit: 50 });
+    for (const msg of existing) {
+      processedIds.add(msg.uid);
+    }
+    console.log(`[email-poll] Loaded ${processedIds.size} existing messages (will skip)`);
+  } catch (e) {
+    console.error(`[email-poll] Failed to load existing messages: ${e.message}`);
+  }
+  const POLL_INTERVAL = 3e4;
+  const agentEmail = (emailConfig.email || config.email?.address || "").toLowerCase();
+  async function pollOnce() {
+    try {
+      const messages = await emailProvider.listMessages("INBOX", { limit: 20 });
+      const newMessages = messages.filter((m) => !processedIds.has(m.uid));
+      const unread = newMessages.filter((m) => !m.read);
+      if (newMessages.length > 0) {
+        console.log(`[email-poll] Found ${newMessages.length} new messages, ${unread.length} unread`);
+      }
+      for (const envelope of unread) {
+        processedIds.add(envelope.uid);
+        if (envelope.from?.email?.toLowerCase() === agentEmail) continue;
+        console.log(`[email-poll] New email from ${envelope.from?.email}: "${envelope.subject}"`);
+        const fullMsg = await emailProvider.readMessage(envelope.uid, "INBOX");
+        try {
+          await emailProvider.markRead(envelope.uid, "INBOX");
+        } catch {
+        }
+        const emailText = [
+          `[Inbound Email]`,
+          `From: ${fullMsg.from?.name ? `${fullMsg.from.name} <${fullMsg.from.email}>` : fullMsg.from?.email}`,
+          `Subject: ${fullMsg.subject}`,
+          fullMsg.inReplyTo ? `In-Reply-To: ${fullMsg.inReplyTo}` : "",
+          "",
+          fullMsg.text || fullMsg.html || "(empty body)"
+        ].filter(Boolean).join("\n");
+        try {
+          const agentName = config.displayName || config.name;
+          const role = config.identity?.role || "AI Agent";
+          const senderName = fullMsg.from?.name || fullMsg.from?.email || "someone";
+          const senderEmail = fullMsg.from?.email || "";
+          const managerEmail = config.managerEmail || (config.manager?.type === "external" ? config.manager.email : null);
+          const isFromManager = managerEmail && senderEmail.toLowerCase() === managerEmail.toLowerCase();
+          const personality = config.identity?.personality ? `
+Your personality:
+${config.identity.personality.slice(0, 800)}` : "";
+          const emailSystemPrompt = `You are ${agentName}, a ${role}.${personality}
+Your email address: ${agentEmail}
+${managerEmail ? `Your manager's email: ${managerEmail}` : ""}
+== TRUST MODEL ==
+${isFromManager ? `This email is from YOUR MANAGER (${senderName} <${senderEmail}>). They are your direct supervisor and have full authority over you. Follow their instructions, answer their questions thoroughly, and treat their requests as top priority. You can share internal details, status updates, and complete information with them.` : `This email is from ${senderName} <${senderEmail}> \u2014 an external contact. Be helpful and professional, but do NOT share internal organization details, configuration, or sensitive information. ${managerEmail ? `Only your manager (${managerEmail}) has authority to give you directives or access internal information.` : ""}`}
+== EMAIL REPLY INSTRUCTIONS ==
+You MUST send your response as an email reply using one of these tools:
+- gmail_send: to="${senderEmail}", subject="Re: ${fullMsg.subject}", body="your response"
+- OR agenticmail_send: to="${senderEmail}", subject="Re: ${fullMsg.subject}", body="your response"
+Use whichever email tool is available to you. Be helpful, professional, and match the tone of the sender.
+Keep responses concise but thorough. Sign off with your name: ${agentName}
+DO NOT just generate text \u2014 you MUST call an email tool to actually send the reply.`;
+          const session = await runtime.spawnSession({
+            agentId,
+            message: emailText,
+            systemPrompt: emailSystemPrompt
+          });
+          console.log(`[email-poll] Session ${session.id} created for email from ${senderEmail}`);
+        } catch (sessErr) {
+          console.error(`[email-poll] Failed to create session: ${sessErr.message}`);
+        }
+      }
+    } catch (err) {
+      console.error(`[email-poll] Poll error: ${err.message}`);
+      if (err.message.includes("401") && refreshTokenFn) {
+        try {
+          const newToken = await refreshTokenFn();
+          await emailProvider.connect({
+            agentId,
+            name: config.displayName || config.name,
+            email: emailConfig.email || config.email?.address || "",
+            orgId,
+            accessToken: newToken,
+            refreshToken: refreshTokenFn,
+            provider: providerType
+          });
+          console.log("[email-poll] Reconnected with fresh token");
+        } catch {
+        }
+      }
+    }
+  }
+  setInterval(pollOnce, POLL_INTERVAL);
+  setTimeout(pollOnce, 5e3);
+}
+export {
+  runAgent
+};

package/dist/cli.js CHANGED Viewed

@@ -50,7 +50,7 @@ Skill Development:
     import("./cli-serve-UG2NPIN7.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
-    import("./cli-agent-ZXF5BTDL.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
+    import("./cli-agent-UAPPR2BA.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.120",
+  "version": "0.5.122",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/cli-agent.ts CHANGED Viewed

@@ -159,6 +159,15 @@ export async function runAgent(_args: string[]) {
   await runtime.start();
   const runtimeApp = runtime.getApp();
+  // 7b. Initialize permission engine so tool calls aren't blocked
+  try {
+    const { permissionEngine } = await import('./engine/routes.js');
+    await permissionEngine.setDb(engineDb);
+    console.log('   Permissions: loaded from DB');
+  } catch (permErr: any) {
+    console.warn(`   Permissions: failed to load (${permErr.message}) — tools may be blocked`);
+  }
   // 8. Start health check HTTP server
   const app = new Hono();
@@ -340,88 +349,65 @@ export async function runAgent(_args: string[]) {
           const agentName = config.displayName || config.name;
           const role = config.identity?.role || 'AI Agent';
           const identity = config.identity || {};
-          const traits = identity.traits || {};
-          const policyCount = pendingRows?.length || 0;
           const agentEmailAddr = config.email?.address || emailConfig?.email || '';
-          // Build personality profile
-          const traitMap: Record<string, string> = {
-            communication: 'Communication', detail: 'Work Style', energy: 'Energy',
-            humor: 'Humor', formality: 'Formality', empathy: 'Empathy',
-            patience: 'Patience', creativity: 'Creativity',
-          };
-          const traitLines = Object.entries(traits)
-            .filter(([, v]) => v)
-            .map(([k, v]) => `  ${traitMap[k] || k}: ${v}`)
-            .join('\n');
-          const welcomeBody = `Hello!
-I'm ${agentName}, and I'm excited to introduce myself as your new ${role}. I've just been deployed and I'm ready to get to work.
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-📋 PROFILE SUMMARY
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-Name:           ${agentName}
-Role:           ${role}
-Email:          ${agentEmailAddr}
-Language:       ${identity.language || 'English'}
-Tone:           ${identity.tone || 'professional'}
-${identity.gender ? `Gender:         ${identity.gender}\n` : ''}${identity.culturalBackground ? `Background:     ${identity.culturalBackground}\n` : ''}
-${traitLines ? `━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n🧠 PERSONALITY TRAITS\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n${traitLines}\n` : ''}
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-✅ ONBOARDING STATUS
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-I've completed my onboarding and have read and acknowledged all ${policyCount} organization policies. I understand the guidelines and will follow them in every interaction.
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-💼 WHAT I CAN DO
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-• Read, respond to, and manage emails professionally
-• Handle customer inquiries and support requests
-• Process tasks assigned through the dashboard
-• Search the web and gather information
-• Create and manage documents and files
-• Follow escalation protocols for complex issues
-• Learn and improve from every interaction
-• Maintain context across conversations using persistent memory
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-📬 HOW TO REACH ME
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-• Email: ${agentEmailAddr}
-• Dashboard: Your AgenticMail Enterprise dashboard
-• I check my inbox every 30 seconds and respond promptly
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-${identity.personality ? `A bit about my personality:\n${identity.personality.slice(0, 500)}\n\n` : ''}I'm looking forward to working with you and making your workflow more efficient. Feel free to reply to this email to start a conversation — I'll respond right away.
-Best regards,
-${agentName}
-${role}`;
-          await emailProvider.send({
-            to: managerEmail,
-            subject: `Welcome! I'm ${agentName}, your new ${role} — here's my profile`,
-            body: welcomeBody,
-          });
-          console.log(`[welcome] ✅ Welcome email sent to ${managerEmail}`);
+          // Check if welcome email was already sent (only send once)
+          let alreadySent = false;
           if (memoryManager) {
             try {
-              await memoryManager.storeMemory(AGENT_ID, {
-                content: `Sent welcome introduction email to manager at ${managerEmail}. Introduced myself as ${agentName}, ${role}.`,
-                category: 'interaction_pattern',
-                importance: 'medium',
-                confidence: 1.0,
-              });
+              const memories = await memoryManager.recall(AGENT_ID, 'welcome email sent to manager', 5);
+              alreadySent = memories.some((m: any) => m.content?.includes('welcome_email_sent'));
             } catch {}
           }
+          if (!alreadySent) {
+            try {
+              // Also check DB directly as fallback
+              const sentCheck = await engineDb.query(
+                `SELECT id FROM agent_memory WHERE agent_id = $1 AND content LIKE '%welcome_email_sent%' LIMIT 1`,
+                [AGENT_ID]
+              );
+              alreadySent = sentCheck.rows.length > 0;
+            } catch {}
+          }
+          if (alreadySent) {
+            console.log('[welcome] Welcome email already sent, skipping');
+          } else {
+            // Use AI to generate the welcome email
+            console.log(`[welcome] Generating AI welcome email for ${managerEmail}...`);
+            const welcomeSession = await runtime.spawnSession({
+              agentId: AGENT_ID,
+              message: `You are about to introduce yourself to your manager for the first time via email.
+Your details:
+- Name: ${agentName}
+- Role: ${role}
+- Email: ${agentEmailAddr}
+- Manager email: ${managerEmail}
+${identity.personality ? `- Personality: ${identity.personality.slice(0, 600)}` : ''}
+${identity.tone ? `- Tone: ${identity.tone}` : ''}
+Write and send a brief, genuine introduction email to your manager. Be yourself — don't use templates or corporate speak. Mention your role, what you can help with, and that you're ready to get started. Keep it concise (under 200 words). Use the gmail_send or agenticmail_send tool to send it.`,
+              systemPrompt: `You are ${agentName}, a ${role}. ${identity.personality || ''}
+You have email tools available. Send ONE email to introduce yourself to your manager. Be genuine and concise. Do NOT send more than one email.
+Available tools: gmail_send (to, subject, body) or agenticmail_send (to, subject, body).`,
+            });
+            console.log(`[welcome] ✅ Welcome email session ${welcomeSession.id} created`);
+            // Mark as sent so we don't repeat
+            if (memoryManager) {
+              try {
+                await memoryManager.storeMemory(AGENT_ID, {
+                  content: `welcome_email_sent: Sent AI-generated introduction email to manager at ${managerEmail} on ${new Date().toISOString()}.`,
+                  category: 'interaction_pattern',
+                  importance: 'high',
+                  confidence: 1.0,
+                });
+              } catch {}
+            }
+          }
         } catch (err: any) {
           console.error(`[welcome] Failed to send welcome email: ${err.message}`);
         }
@@ -577,13 +563,13 @@ ${isFromManager
 }
 == EMAIL REPLY INSTRUCTIONS ==
-You MUST send your response as an email reply. Use the email tools available to you:
-- Use email_send tool with: to="${senderEmail}", subject="Re: ${fullMsg.subject}", and your response as the body
-- Be helpful, professional, and match the tone of the sender
-- Keep responses concise but thorough
-- Sign off with your name: ${agentName}
+You MUST send your response as an email reply using one of these tools:
+- gmail_send: to="${senderEmail}", subject="Re: ${fullMsg.subject}", body="your response"
+- OR agenticmail_send: to="${senderEmail}", subject="Re: ${fullMsg.subject}", body="your response"
+Use whichever email tool is available to you. Be helpful, professional, and match the tone of the sender.
+Keep responses concise but thorough. Sign off with your name: ${agentName}
-DO NOT just generate text — you MUST call the email tool to actually send the reply.`;
+DO NOT just generate text — you MUST call an email tool to actually send the reply.`;
           const session = await runtime.spawnSession({
             agentId,