@agenticmail/enterprise 0.5.172 → 0.5.174

package/dist/runtime-2NMHFRUT.js

@@ -0,0 +1,49 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-EMSCGO7G.js";
+import "./chunk-AQH4DFYV.js";
+import "./chunk-JLSQOQ5L.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-67KZYSLU.js";
+import "./chunk-NRF3YRF7.js";
+import "./chunk-TYW5XTOW.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/runtime-6CMR2IND.js

@@ -0,0 +1,49 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-BAPSCAX3.js";
+import "./chunk-AQH4DFYV.js";
+import "./chunk-JLSQOQ5L.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-67KZYSLU.js";
+import "./chunk-NRF3YRF7.js";
+import "./chunk-TYW5XTOW.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/server-HI764D36.js

@@ -0,0 +1,12 @@
+import {
+  createServer
+} from "./chunk-PWO3XE5P.js";
+import "./chunk-3SMTCIR4.js";
+import "./chunk-JLSQOQ5L.js";
+import "./chunk-RO537U6H.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-67KZYSLU.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/server-U5J3SEZM.js

@@ -0,0 +1,12 @@
+import {
+  createServer
+} from "./chunk-BZM7M7ZD.js";
+import "./chunk-3SMTCIR4.js";
+import "./chunk-JLSQOQ5L.js";
+import "./chunk-RO537U6H.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-67KZYSLU.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-CEX46TOT.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-GKPFCKNU.js";
+import "./chunk-MHIFVS5L.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/dist/setup-UB6MDX5B.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-UQEMQK5I.js";
+import "./chunk-MHIFVS5L.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.172",
+  "version": "0.5.174",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/dashboard/pages/agent-detail.js

@@ -6120,9 +6120,24 @@ function EmailSection(props) {
       ),
 
       // ─── Actions ──────────────────────────────────────
-      h('div', { style: { display: 'flex', gap: 8, borderTop: '1px solid var(--border)', paddingTop: 16 } },
+      h('div', { style: { display: 'flex', gap: 8, borderTop: '1px solid var(--border)', paddingTop: 16, flexWrap: 'wrap' } },
         h('button', { className: 'btn btn-primary', disabled: saving, onClick: handleSave }, saving ? 'Saving...' : 'Save Configuration'),
         emailConfig && emailConfig.configured && h('button', { className: 'btn btn-secondary', disabled: testing, onClick: handleTest }, testing ? 'Testing...' : 'Test Connection'),
+        emailConfig && emailConfig.status === 'connected' && emailConfig.oauthProvider === 'google' && h('button', {
+          className: 'btn btn-secondary',
+          onClick: function() {
+            engineCall('/bridge/agents/' + agentId + '/email-config/reauthorize', { method: 'POST', body: JSON.stringify({}) })
+              .then(function(r) {
+                if (r.oauthAuthUrl) {
+                  toast('Opening Google re-authorization with ' + r.scopeCount + ' scopes...', 'info');
+                  window.open(r.oauthAuthUrl, '_blank', 'width=600,height=700');
+                } else {
+                  toast('Failed: ' + (r.error || 'Unknown'), 'error');
+                }
+              })
+              .catch(function(e) { toast('Error: ' + e.message, 'error'); });
+          }
+        }, 'Re-authorize (Update Scopes)'),
         emailConfig && emailConfig.configured && h('button', { className: 'btn btn-danger btn-ghost', onClick: function() { if (confirm('Disconnect email? The agent will no longer be able to send/receive.')) handleDisconnect(); } }, 'Disconnect')
       )
     )

package/src/engine/agent-routes.ts

@@ -542,11 +542,18 @@ export function createAgentRoutes(opts: {
     }
     if (!email && provider === 'imap') return c.json({ error: 'email is required' }, 400);
 
+    // Preserve existing tokens/state when re-configuring (e.g. to pick up new scopes)
+    const existingConfig = managed.config?.emailConfig || {};
     const emailConfig: any = {
       provider,
-      email: email || managed.config?.identity?.email || managed.config?.email,
+      email: email || existingConfig.email || managed.config?.identity?.email || managed.config?.email,
       updatedAt: new Date().toISOString(),
     };
+    // Preserve existing OAuth tokens so re-auth doesn't lose refresh_token
+    if (existingConfig.oauthRefreshToken) emailConfig.oauthRefreshToken = existingConfig.oauthRefreshToken;
+    if (existingConfig.oauthAccessToken) emailConfig.oauthAccessToken = existingConfig.oauthAccessToken;
+    if (existingConfig.oauthTokenExpiry) emailConfig.oauthTokenExpiry = existingConfig.oauthTokenExpiry;
+    if (existingConfig.lastConnected) emailConfig.lastConnected = existingConfig.lastConnected;
 
     if (provider === 'imap') {
       // Auto-detect IMAP/SMTP from well-known providers
@@ -737,7 +744,10 @@ export function createAgentRoutes(opts: {
 
         const tokens = await tokenRes.json() as any;
         emailConfig.oauthAccessToken = tokens.access_token;
-        emailConfig.oauthRefreshToken = tokens.refresh_token;
+        // Only overwrite refresh_token if Google returned one (re-auth may not include it)
+        if (tokens.refresh_token) {
+          emailConfig.oauthRefreshToken = tokens.refresh_token;
+        }
         emailConfig.oauthTokenExpiry = new Date(Date.now() + (tokens.expires_in * 1000)).toISOString();
 
         // Get the user's email from Gmail
@@ -817,6 +827,61 @@ export function createAgentRoutes(opts: {
     }
   });
 
+  /**
+   * POST /bridge/agents/:id/email-config/reauthorize — Generate a new OAuth URL with updated scopes.
+   * Preserves all existing config/tokens. Just builds a fresh auth URL for re-consent.
+   */
+  router.post('/bridge/agents/:id/email-config/reauthorize', async (c) => {
+    const agentId = c.req.param('id');
+    const managed = lifecycle.getAgent(agentId);
+    if (!managed) return c.json({ error: 'Agent not found' }, 404);
+
+    const emailConfig = managed.config?.emailConfig;
+    if (!emailConfig) return c.json({ error: 'No email config found' }, 400);
+
+    if (emailConfig.oauthProvider === 'google') {
+      const clientId = emailConfig.oauthClientId;
+      const redirectUri = emailConfig.oauthRedirectUri;
+      if (!clientId) return c.json({ error: 'No OAuth client ID configured' }, 400);
+
+      // Updated scopes
+      const scopes = [
+        'https://www.googleapis.com/auth/gmail.modify',
+        'https://www.googleapis.com/auth/gmail.send',
+        'https://www.googleapis.com/auth/gmail.settings.basic',
+        'https://www.googleapis.com/auth/calendar',
+        'https://www.googleapis.com/auth/drive',
+        'https://www.googleapis.com/auth/spreadsheets',
+        'https://www.googleapis.com/auth/documents',
+        'https://www.googleapis.com/auth/contacts',
+        'https://www.googleapis.com/auth/tasks',
+        'https://www.googleapis.com/auth/chat.spaces',
+        'https://www.googleapis.com/auth/chat.messages',
+        'https://www.googleapis.com/auth/chat.memberships',
+        'https://www.googleapis.com/auth/presentations',
+        'https://www.googleapis.com/auth/forms.body',
+        'https://www.googleapis.com/auth/forms.responses.readonly',
+      ];
+
+      emailConfig.oauthScopes = scopes;
+      const authUrl = `https://accounts.google.com/o/oauth2/v2/auth?` +
+        `client_id=${encodeURIComponent(clientId)}&response_type=code&` +
+        `redirect_uri=${encodeURIComponent(redirectUri)}&` +
+        `scope=${encodeURIComponent(scopes.join(' '))}&` +
+        `access_type=offline&prompt=consent&state=${agentId}`;
+      emailConfig.oauthAuthUrl = authUrl;
+
+      const _managed = lifecycle.getAgent(agentId);
+      if (_managed) { _managed.config.emailConfig = emailConfig; _managed.updatedAt = new Date().toISOString(); }
+      await lifecycle.saveAgent(agentId);
+
+      return c.json({ success: true, oauthAuthUrl: authUrl, scopeCount: scopes.length });
+    } else if (emailConfig.oauthProvider === 'microsoft') {
+      return c.json({ error: 'Microsoft re-authorization not yet implemented' }, 400);
+    }
+    return c.json({ error: 'No OAuth provider configured' }, 400);
+  });
+
   /**
    * DELETE /bridge/agents/:id/email-config — Disconnect email.
    */

package/src/engine/oauth-connect-routes.ts

@@ -372,7 +372,9 @@ async function handleAgentEmailOAuthCallback(c: any, agentId: string, code: stri
       }
       const tokens = await tokenRes.json() as any;
       emailConfig.oauthAccessToken = tokens.access_token;
-      emailConfig.oauthRefreshToken = tokens.refresh_token;
+      if (tokens.refresh_token) {
+        emailConfig.oauthRefreshToken = tokens.refresh_token;
+      }
       emailConfig.oauthTokenExpiry = new Date(Date.now() + (tokens.expires_in * 1000)).toISOString();
 
       // Get user email from Graph
@@ -404,7 +406,10 @@ async function handleAgentEmailOAuthCallback(c: any, agentId: string, code: stri
       }
       const tokens = await tokenRes.json() as any;
       emailConfig.oauthAccessToken = tokens.access_token;
-      emailConfig.oauthRefreshToken = tokens.refresh_token;
+      // Only overwrite refresh_token if Google returned one (re-auth may not include it)
+      if (tokens.refresh_token) {
+        emailConfig.oauthRefreshToken = tokens.refresh_token;
+      }
       emailConfig.oauthTokenExpiry = tokens.expires_in
         ? new Date(Date.now() + (tokens.expires_in * 1000)).toISOString()
         : undefined;