@agenticmail/enterprise 0.5.286 → 0.5.287

package/dist/cli.js

@@ -60,7 +60,7 @@ Skill Development:
     break;
   case "setup":
   default:
-    import("./setup-FSEN2QRL.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-E6TDJMKW.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/index.js

@@ -13,7 +13,7 @@ import {
 import {
   provision,
   runSetupWizard
-} from "./chunk-3LCTQEDL.js";
+} from "./chunk-N5ADPJ5V.js";
 import {
   AgentRuntime,
   EmailChannel,

package/dist/setup-E6TDJMKW.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-N5ADPJ5V.js";
+import "./chunk-ULRBF2T7.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.286",
+  "version": "0.5.287",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/setup/deployment.ts

@@ -16,6 +16,9 @@ const execP = promisify(execCb);
 
 export type DeployTarget = 'cloud' | 'cloudflare-tunnel' | 'fly' | 'railway' | 'docker' | 'local';
 
+const SUBDOMAIN_REGISTRY_URL = process.env.AGENTICMAIL_SUBDOMAIN_REGISTRY_URL
+  || 'https://subdomain-registry.agenticmail.io';
+
 export interface DeploymentSelection {
   target: DeployTarget;
   /** Populated when target is 'cloudflare-tunnel' */
@@ -25,6 +28,14 @@ export interface DeploymentSelection {
     port: number;
     tunnelName: string;
   };
+  /** Populated when target is 'cloud' (agenticmail.io subdomain) */
+  cloud?: {
+    subdomain: string;
+    fqdn: string;
+    tunnelId: string;
+    tunnelToken: string;
+    port: number;
+  };
 }
 
 export async function promptDeployment(
@@ -67,6 +78,11 @@ export async function promptDeployment(
     ],
   }]);
 
+  if (deployTarget === 'cloud') {
+    const cloud = await runCloudSetup(inquirer, chalk);
+    return { target: deployTarget, cloud };
+  }
+
   if (deployTarget === 'cloudflare-tunnel') {
     const tunnel = await runTunnelSetup(inquirer, chalk);
     return { target: deployTarget, tunnel };
@@ -75,6 +91,206 @@ export async function promptDeployment(
   return { target: deployTarget };
 }
 
+// ─── AgenticMail Cloud (Subdomain) Setup ────────────
+
+async function runCloudSetup(
+  inquirer: any,
+  chalk: any,
+): Promise<DeploymentSelection['cloud']> {
+  console.log('');
+  console.log(chalk.bold('  AgenticMail Cloud Setup'));
+  console.log(chalk.dim('  Get a free subdomain on agenticmail.io — no Cloudflare account needed.'));
+  console.log(chalk.dim('  Your instance will be live at https://yourname.agenticmail.io\n'));
+
+  // ── Step 1: Choose subdomain ─────────
+
+  let subdomain = '';
+  let claimResult: any = null;
+
+  while (!subdomain) {
+    const { name } = await inquirer.prompt([{
+      type: 'input',
+      name: 'name',
+      message: 'Choose your subdomain:',
+      suffix: chalk.dim('.agenticmail.io'),
+      validate: (input: string) => {
+        const cleaned = input.toLowerCase().trim();
+        if (cleaned.length < 3) return 'Must be at least 3 characters';
+        if (cleaned.length > 32) return 'Must be 32 characters or fewer';
+        if (!/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(cleaned)) return 'Only lowercase letters, numbers, and hyphens allowed';
+        return true;
+      },
+    }]);
+
+    const cleaned = name.toLowerCase().trim();
+
+    // Check availability
+    process.stdout.write(chalk.dim(`  Checking ${cleaned}.agenticmail.io... `));
+    try {
+      const checkResp = await fetch(`${SUBDOMAIN_REGISTRY_URL}/check?name=${encodeURIComponent(cleaned)}`);
+      const checkData = await checkResp.json() as any;
+
+      if (!checkData.available) {
+        console.log(chalk.red('✗ ' + (checkData.reason || 'Not available')));
+        continue;
+      }
+      console.log(chalk.green('✓ Available!'));
+    } catch (err: any) {
+      console.log(chalk.yellow('⚠ Could not check availability: ' + err.message));
+      console.log(chalk.dim('  Proceeding anyway — the claim step will verify.\n'));
+    }
+
+    // Confirm
+    const { confirmed } = await inquirer.prompt([{
+      type: 'confirm',
+      name: 'confirmed',
+      message: `Claim ${chalk.bold(cleaned + '.agenticmail.io')}?`,
+      default: true,
+    }]);
+
+    if (!confirmed) continue;
+
+    // ── Step 2: Claim subdomain ─────────
+
+    // Get or generate vault key hash for recovery
+    const { createHash, randomUUID } = await import('crypto');
+    let vaultKey = process.env.AGENTICMAIL_VAULT_KEY;
+    if (!vaultKey) {
+      vaultKey = randomUUID() + randomUUID();
+      process.env.AGENTICMAIL_VAULT_KEY = vaultKey;
+    }
+    const vaultKeyHash = createHash('sha256').update(vaultKey).digest('hex');
+
+    process.stdout.write(chalk.dim('  Provisioning subdomain... '));
+    try {
+      const claimResp = await fetch(`${SUBDOMAIN_REGISTRY_URL}/claim`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: cleaned, vaultKeyHash }),
+      });
+      claimResult = await claimResp.json() as any;
+
+      if (claimResult.error) {
+        console.log(chalk.red('✗ ' + claimResult.error));
+
+        // If they already have a subdomain, offer recovery
+        if (claimResult.error.includes('already has subdomain')) {
+          const { wantsRecover } = await inquirer.prompt([{
+            type: 'confirm',
+            name: 'wantsRecover',
+            message: 'Recover your existing subdomain instead?',
+            default: true,
+          }]);
+          if (wantsRecover) {
+            const recoverResp = await fetch(`${SUBDOMAIN_REGISTRY_URL}/recover`, {
+              method: 'POST',
+              headers: { 'Content-Type': 'application/json' },
+              body: JSON.stringify({ vaultKeyHash }),
+            });
+            claimResult = await recoverResp.json() as any;
+            if (claimResult.success) {
+              subdomain = claimResult.subdomain;
+              console.log(chalk.green(`✓ Recovered: ${claimResult.fqdn}`));
+            } else {
+              console.log(chalk.red('✗ Recovery failed: ' + (claimResult.error || 'Unknown error')));
+            }
+          }
+        }
+        continue;
+      }
+
+      if (claimResult.success) {
+        subdomain = claimResult.subdomain || cleaned;
+        if (claimResult.recovered) {
+          console.log(chalk.green('✓ Recovered existing subdomain'));
+        } else {
+          console.log(chalk.green('✓ Subdomain claimed!'));
+        }
+      }
+    } catch (err: any) {
+      console.log(chalk.red('✗ Failed: ' + err.message));
+      console.log(chalk.dim('  Check your internet connection and try again.\n'));
+    }
+  }
+
+  // ── Step 3: Install cloudflared ─────────
+
+  console.log('');
+  console.log(chalk.bold('  Installing cloudflared connector...'));
+
+  let cloudflaredPath = '';
+  try {
+    cloudflaredPath = execSync('which cloudflared', { encoding: 'utf8' }).trim();
+    console.log(chalk.green(`  ✓ cloudflared found at ${cloudflaredPath}`));
+  } catch {
+    console.log(chalk.dim('  cloudflared not found — installing...'));
+    try {
+      const os = platform();
+      if (os === 'darwin') {
+        execSync('brew install cloudflared', { stdio: 'pipe' });
+      } else if (os === 'linux') {
+        const archStr = arch() === 'arm64' ? 'arm64' : 'amd64';
+        execSync(`curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-${archStr} -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared`, { stdio: 'pipe' });
+      } else {
+        console.log(chalk.yellow('  Please install cloudflared manually: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/'));
+      }
+      cloudflaredPath = execSync('which cloudflared', { encoding: 'utf8' }).trim();
+      console.log(chalk.green(`  ✓ cloudflared installed at ${cloudflaredPath}`));
+    } catch (e: any) {
+      console.log(chalk.yellow('  ⚠ Could not auto-install cloudflared.'));
+      console.log(chalk.dim('    Install manually: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/'));
+    }
+  }
+
+  // ── Step 4: Configure PM2 ─────────
+
+  const port = 3100;
+  const fqdn = claimResult?.fqdn || `${subdomain}.agenticmail.io`;
+  const tunnelToken = claimResult?.tunnelToken;
+  const tunnelId = claimResult?.tunnelId;
+
+  console.log('');
+  console.log(chalk.bold.green('  ✓ Setup Complete!'));
+  console.log('');
+  console.log(`  Your dashboard: ${chalk.bold.cyan('https://' + fqdn)}`);
+  console.log('');
+  console.log(chalk.dim('  To start your instance, run these two processes:'));
+  console.log('');
+  console.log(`    ${chalk.cyan('cloudflared tunnel --no-autoupdate run --token ' + (tunnelToken || '<your-tunnel-token>'))}`);
+  console.log(`    ${chalk.cyan('npx @agenticmail/enterprise start')}`);
+  console.log('');
+  console.log(chalk.dim('  Or let the setup wizard start them with PM2 (next step).\n'));
+
+  // Save tunnel token to .env
+  const envPath = join(homedir(), '.agenticmail', '.env');
+  try {
+    let envContent = '';
+    if (existsSync(envPath)) {
+      envContent = readFileSync(envPath, 'utf8');
+    }
+    if (tunnelToken && !envContent.includes('CLOUDFLARED_TOKEN=')) {
+      envContent += `\nCLOUDFLARED_TOKEN=${tunnelToken}\n`;
+    }
+    if (!envContent.includes('AGENTICMAIL_SUBDOMAIN=')) {
+      envContent += `AGENTICMAIL_SUBDOMAIN=${subdomain}\n`;
+    }
+    if (!envContent.includes('AGENTICMAIL_DOMAIN=')) {
+      envContent += `AGENTICMAIL_DOMAIN=${fqdn}\n`;
+    }
+    const { mkdirSync } = await import('fs');
+    mkdirSync(join(homedir(), '.agenticmail'), { recursive: true });
+    writeFileSync(envPath, envContent, { mode: 0o600 });
+  } catch {}
+
+  return {
+    subdomain,
+    fqdn,
+    tunnelId: tunnelId || '',
+    tunnelToken: tunnelToken || '',
+    port,
+  };
+}
+
 // ─── Cloudflare Tunnel Interactive Setup ────────────
 
 async function runTunnelSetup(

package/src/setup/index.ts

@@ -129,14 +129,16 @@ export async function runSetupWizard(): Promise<void> {
   const deployTarget = deploymentResult.target;
 
   // ─── Step 4: Custom Domain ───────────────────────
-  // Skip if Cloudflare Tunnel — domain was already configured during tunnel setup
+  // Skip if Cloudflare Tunnel or Cloud — domain was already configured
   const domain = deploymentResult.tunnel
     ? { customDomain: deploymentResult.tunnel.domain }
+    : deploymentResult.cloud
+    ? { customDomain: deploymentResult.cloud.fqdn }
     : await promptDomain(inquirer, chalk, deployTarget);
 
   // ─── Step 5: Domain Registration ─────────────────
-  // Skip for tunnel — DNS is already configured by cloudflared
-  const registration = deploymentResult.tunnel
+  // Skip for tunnel or cloud — DNS is already configured
+  const registration = (deploymentResult.tunnel || deploymentResult.cloud)
     ? { registered: true, verificationStatus: 'verified' as const } as any
     : await promptRegistration(
         inquirer, chalk, ora,
@@ -154,7 +156,7 @@ export async function runSetupWizard(): Promise<void> {
   console.log('');
 
   const result = await provision(
-    { company, database, deployTarget, domain, registration, tunnel: deploymentResult.tunnel },
+    { company, database, deployTarget, domain, registration, tunnel: deploymentResult.tunnel, cloud: deploymentResult.cloud },
     ora,
     chalk,
   );

package/src/setup/provision.ts

@@ -35,6 +35,13 @@ export interface ProvisionConfig {
     port: number;
     tunnelName: string;
   };
+  cloud?: {
+    subdomain: string;
+    fqdn: string;
+    tunnelId: string;
+    tunnelToken: string;
+    port: number;
+  };
 }
 
 export interface ProvisionResult {
@@ -222,7 +229,7 @@ async function deploy(
   spinner: any,
   chalk: any,
 ): Promise<DeployResult> {
-  const { deployTarget, company, database, domain, tunnel } = config;
+  const { deployTarget, company, database, domain, tunnel, cloud } = config;
 
   // ── Cloudflare Tunnel ─────────────────────────────
   if (deployTarget === 'cloudflare-tunnel' && tunnel) {
@@ -247,21 +254,60 @@ async function deploy(
     return { url: 'https://' + tunnel.domain, close: handle.close };
   }
 
-  // ── Cloud ─────────────────────────────────────────
-  if (deployTarget === 'cloud') {
-    spinner.start('Deploying to AgenticMail Cloud...');
-    const { deployToCloud } = await import('../deploy/managed.js');
-    const result = await deployToCloud({
-      subdomain: company.subdomain,
-      plan: 'free',
-      dbType: database.type,
-      dbConnectionString: database.connectionString || '',
-      jwtSecret,
-    });
-    spinner.succeed(`Deployed to ${result.url}`);
+  // ── Cloud (agenticmail.io subdomain) ───────────────
+  if (deployTarget === 'cloud' && cloud) {
+    spinner.start('Configuring agenticmail.io deployment...');
 
-    printCloudSuccess(chalk, result.url, company.adminEmail, domain.customDomain, company.subdomain);
-    return { url: result.url };
+    // Start cloudflared with the tunnel token via PM2
+    try {
+      const pm2 = await import('pm2' as string);
+      await new Promise<void>((resolve, reject) => {
+        pm2.connect((err: any) => {
+          if (err) { reject(err); return; }
+
+          // Start cloudflared tunnel
+          pm2.start({
+            name: 'cloudflared',
+            script: 'cloudflared',
+            args: `tunnel --no-autoupdate run --token ${cloud.tunnelToken}`,
+            interpreter: 'none',
+            autorestart: true,
+          }, (e: any) => {
+            if (e) console.warn(`PM2 cloudflared start: ${e.message}`);
+
+            // Start enterprise server
+            pm2.start({
+              name: 'enterprise',
+              script: 'npx',
+              args: '@agenticmail/enterprise start',
+              env: {
+                PORT: String(cloud.port || 3100),
+                DATABASE_URL: database.connectionString || '',
+                JWT_SECRET: jwtSecret,
+                AGENTICMAIL_VAULT_KEY: vaultKey,
+                AGENTICMAIL_DOMAIN: cloud.fqdn,
+              },
+              autorestart: true,
+            }, (e2: any) => {
+              pm2.disconnect();
+              if (e2) reject(e2); else resolve();
+            });
+          });
+        });
+      });
+      spinner.succeed(`Live at https://${cloud.fqdn}`);
+    } catch (e: any) {
+      spinner.warn(`PM2 setup failed: ${e.message}`);
+      console.log(`  Start manually:`);
+      console.log(`    cloudflared tunnel --no-autoupdate run --token ${cloud.tunnelToken}`);
+      console.log(`    npx @agenticmail/enterprise start`);
+    }
+
+    console.log('');
+    console.log(`  Dashboard: https://${cloud.fqdn}`);
+    console.log(`  To recover on a new machine, keep your AGENTICMAIL_VAULT_KEY safe.`);
+    console.log('');
+    return { url: `https://${cloud.fqdn}` };
   }
 
   // ── Docker ────────────────────────────────────────