@agenticmail/enterprise 0.5.194 → 0.5.196

package/dist/cli-serve-4TOTP57F.js

@@ -0,0 +1,69 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/cli-serve.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function loadEnvFile() {
+  const candidates = [
+    join(process.cwd(), ".env"),
+    join(homedir(), ".agenticmail", ".env")
+  ];
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, "utf8");
+      for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) continue;
+        const eq = trimmed.indexOf("=");
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch {
+    }
+  }
+}
+async function runServe(_args) {
+  loadEnvFile();
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const JWT_SECRET = process.env.JWT_SECRET || "auto-" + Date.now();
+  const PORT = parseInt(process.env.PORT || "8080", 10);
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required.");
+    console.error("");
+    console.error("Set it via environment variable or .env file:");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start");
+    console.error("");
+    console.error("Or create a .env file (in cwd or ~/.agenticmail/.env):");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db");
+    console.error("  JWT_SECRET=your-secret-here");
+    console.error("  PORT=3200");
+    process.exit(1);
+  }
+  const { createAdapter } = await import("./factory-K32DV2DR.js");
+  const { createServer } = await import("./server-P7UOPB2B.js");
+  const db = await createAdapter({
+    type: DATABASE_URL.startsWith("postgres") ? "postgres" : "sqlite",
+    connectionString: DATABASE_URL
+  });
+  await db.migrate();
+  const server = createServer({
+    port: PORT,
+    db,
+    jwtSecret: JWT_SECRET,
+    corsOrigins: ["*"]
+  });
+  await server.start();
+  console.log(`AgenticMail Enterprise server running on :${PORT}`);
+}
+export {
+  runServe
+};

package/dist/cli-serve-LGKXTAZ3.js

@@ -0,0 +1,114 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/cli-serve.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function loadEnvFile() {
+  const candidates = [
+    join(process.cwd(), ".env"),
+    join(homedir(), ".agenticmail", ".env")
+  ];
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, "utf8");
+      for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) continue;
+        const eq = trimmed.indexOf("=");
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch {
+    }
+  }
+}
+async function ensureSecrets() {
+  const { randomUUID } = await import("crypto");
+  const envDir = join(homedir(), ".agenticmail");
+  const envPath = join(envDir, ".env");
+  let dirty = false;
+  if (!process.env.JWT_SECRET) {
+    process.env.JWT_SECRET = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new JWT_SECRET (existing sessions will need to re-login)");
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new AGENTICMAIL_VAULT_KEY");
+    console.log("[startup] \u26A0\uFE0F  Previously encrypted credentials will need to be re-entered in the dashboard");
+  }
+  if (dirty) {
+    try {
+      if (!existsSync(envDir)) {
+        const { mkdirSync } = await import("fs");
+        mkdirSync(envDir, { recursive: true });
+      }
+      const { appendFileSync } = await import("fs");
+      const lines = [];
+      let existing = "";
+      if (existsSync(envPath)) {
+        existing = readFileSync(envPath, "utf8");
+      }
+      if (!existing.includes("JWT_SECRET=")) {
+        lines.push(`JWT_SECRET=${process.env.JWT_SECRET}`);
+      }
+      if (!existing.includes("AGENTICMAIL_VAULT_KEY=")) {
+        lines.push(`AGENTICMAIL_VAULT_KEY=${process.env.AGENTICMAIL_VAULT_KEY}`);
+      }
+      if (lines.length) {
+        appendFileSync(envPath, "\n" + lines.join("\n") + "\n", { mode: 384 });
+        console.log(`[startup] Saved secrets to ${envPath}`);
+      }
+    } catch (e) {
+      console.warn(`[startup] Could not save secrets to ${envPath}: ${e.message}`);
+    }
+  }
+}
+async function runServe(_args) {
+  loadEnvFile();
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const PORT = parseInt(process.env.PORT || "8080", 10);
+  await ensureSecrets();
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const VAULT_KEY = process.env.AGENTICMAIL_VAULT_KEY;
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required.");
+    console.error("");
+    console.error("Set it via environment variable or .env file:");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start");
+    console.error("");
+    console.error("Or create a .env file (in cwd or ~/.agenticmail/.env):");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db");
+    console.error("  JWT_SECRET=your-secret-here");
+    console.error("  PORT=3200");
+    process.exit(1);
+  }
+  const { createAdapter } = await import("./factory-K32DV2DR.js");
+  const { createServer } = await import("./server-P7UOPB2B.js");
+  const db = await createAdapter({
+    type: DATABASE_URL.startsWith("postgres") ? "postgres" : "sqlite",
+    connectionString: DATABASE_URL
+  });
+  await db.migrate();
+  const server = createServer({
+    port: PORT,
+    db,
+    jwtSecret: JWT_SECRET,
+    corsOrigins: ["*"]
+  });
+  await server.start();
+  console.log(`AgenticMail Enterprise server running on :${PORT}`);
+}
+export {
+  runServe
+};

package/dist/cli.js

@@ -53,14 +53,14 @@ Skill Development:
     break;
   case "serve":
   case "start":
-    import("./cli-serve-OOXMWQUD.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
+    import("./cli-serve-LGKXTAZ3.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
     import("./cli-agent-XYXSRD2Q.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:
-    import("./setup-GBVE3MRW.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-LVG72MU2.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/index.js

@@ -7,7 +7,7 @@ import {
 import {
   provision,
   runSetupWizard
-} from "./chunk-2ZP3V7GQ.js";
+} from "./chunk-MS2ELDV5.js";
 import {
   AgenticMailManager,
   GoogleEmailProvider,

package/dist/setup-LVG72MU2.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-MS2ELDV5.js";
+import "./chunk-VQQ4SYYQ.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.194",
+  "version": "0.5.196",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/cli-serve.ts

@@ -1,20 +1,125 @@
 /**
- * `npx @agenticmail/enterprise serve`
+ * `npx @agenticmail/enterprise serve` / `start`
  *
  * Starts the enterprise server headlessly (no interactive wizard).
+ * Auto-loads .env file from cwd or ~/.agenticmail/.env if present.
  * Reads configuration from environment variables:
  *   DATABASE_URL  — Postgres/SQLite connection string (required)
  *   JWT_SECRET    — JWT signing secret (required)
  *   PORT          — HTTP port (default: 8080)
  */
 
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+function loadEnvFile(): void {
+  // Try cwd first, then ~/.agenticmail/
+  const candidates = [
+    join(process.cwd(), '.env'),
+    join(homedir(), '.agenticmail', '.env'),
+  ];
+
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, 'utf8');
+      for (const line of content.split('\n')) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#')) continue;
+        const eq = trimmed.indexOf('=');
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        // Strip quotes
+        if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch { /* ignore */ }
+  }
+}
+
+/**
+ * If JWT_SECRET or AGENTICMAIL_VAULT_KEY are missing, generate them
+ * and append to ~/.agenticmail/.env so they persist across restarts.
+ */
+async function ensureSecrets(): Promise<void> {
+  const { randomUUID } = await import('crypto');
+  const envDir = join(homedir(), '.agenticmail');
+  const envPath = join(envDir, '.env');
+  let dirty = false;
+
+  if (!process.env.JWT_SECRET) {
+    process.env.JWT_SECRET = randomUUID() + randomUUID();
+    dirty = true;
+    console.log('[startup] Generated new JWT_SECRET (existing sessions will need to re-login)');
+  }
+
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = randomUUID() + randomUUID();
+    dirty = true;
+    console.log('[startup] Generated new AGENTICMAIL_VAULT_KEY');
+    console.log('[startup] ⚠️  Previously encrypted credentials will need to be re-entered in the dashboard');
+  }
+
+  if (dirty) {
+    try {
+      if (!existsSync(envDir)) {
+        const { mkdirSync } = await import('fs');
+        mkdirSync(envDir, { recursive: true });
+      }
+      // Append new secrets to .env (don't overwrite existing)
+      const { appendFileSync } = await import('fs');
+      const lines: string[] = [];
+      // Read existing to avoid duplicates
+      let existing = '';
+      if (existsSync(envPath)) {
+        existing = readFileSync(envPath, 'utf8');
+      }
+      if (!existing.includes('JWT_SECRET=')) {
+        lines.push(`JWT_SECRET=${process.env.JWT_SECRET}`);
+      }
+      if (!existing.includes('AGENTICMAIL_VAULT_KEY=')) {
+        lines.push(`AGENTICMAIL_VAULT_KEY=${process.env.AGENTICMAIL_VAULT_KEY}`);
+      }
+      if (lines.length) {
+        appendFileSync(envPath, '\n' + lines.join('\n') + '\n', { mode: 0o600 });
+        console.log(`[startup] Saved secrets to ${envPath}`);
+      }
+    } catch (e: any) {
+      console.warn(`[startup] Could not save secrets to ${envPath}: ${e.message}`);
+    }
+  }
+}
+
 export async function runServe(_args: string[]) {
+  loadEnvFile();
+
   const DATABASE_URL = process.env.DATABASE_URL;
-  const JWT_SECRET = process.env.JWT_SECRET;
   const PORT = parseInt(process.env.PORT || '8080', 10);
 
-  if (!DATABASE_URL) { console.error('ERROR: DATABASE_URL environment variable is required'); process.exit(1); }
-  if (!JWT_SECRET) { console.error('ERROR: JWT_SECRET environment variable is required'); process.exit(1); }
+  // Auto-generate and persist secrets if missing
+  await ensureSecrets();
+
+  const JWT_SECRET = process.env.JWT_SECRET!;
+  const VAULT_KEY = process.env.AGENTICMAIL_VAULT_KEY!;
+
+  if (!DATABASE_URL) {
+    console.error('ERROR: DATABASE_URL is required.');
+    console.error('');
+    console.error('Set it via environment variable or .env file:');
+    console.error('  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start');
+    console.error('');
+    console.error('Or create a .env file (in cwd or ~/.agenticmail/.env):');
+    console.error('  DATABASE_URL=postgresql://user:pass@host:5432/db');
+    console.error('  JWT_SECRET=your-secret-here');
+    console.error('  PORT=3200');
+    process.exit(1);
+  }
 
   const { createAdapter } = await import('./db/factory.js');
   const { createServer } = await import('./server.js');

package/src/setup/provision.ts

@@ -164,6 +164,24 @@ export async function provision(
     });
     spinner.succeed('Admin account created');
 
+    // ─── Save .env for restart ─────────────────────
+    try {
+      const { writeFileSync, existsSync, mkdirSync } = await import('fs');
+      const { join } = await import('path');
+      const { homedir } = await import('os');
+      const envDir = join(homedir(), '.agenticmail');
+      if (!existsSync(envDir)) mkdirSync(envDir, { recursive: true });
+      const envContent = [
+        '# AgenticMail Enterprise — auto-generated by setup wizard',
+        `DATABASE_URL=${config.database.connectionString || ''}`,
+        `JWT_SECRET=${jwtSecret}`,
+        `AGENTICMAIL_VAULT_KEY=${vaultKey}`,
+        `PORT=${config.tunnel?.port || 3200}`,
+      ].join('\n') + '\n';
+      writeFileSync(join(envDir, '.env'), envContent, { mode: 0o600 });
+      spinner.succeed(`Config saved to ~/.agenticmail/.env`);
+    } catch { /* non-critical */ }
+
     // ─── Deploy ────────────────────────────────────
     const result = await deploy(config, db, jwtSecret, vaultKey, spinner, chalk);