@agenticmail/enterprise 0.5.289 → 0.5.290

package/dist/runtime-VBLQQ7B3.js

@@ -0,0 +1,45 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-2YOTK5B7.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-UF3ZJMJO.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/server-CLPV5R4E.js

@@ -0,0 +1,15 @@
+import {
+  createServer
+} from "./chunk-PG5CNF22.js";
+import "./chunk-OF4MUWWS.js";
+import "./chunk-UF3ZJMJO.js";
+import "./chunk-3OC6RH7W.js";
+import "./chunk-2DDKGTD6.js";
+import "./chunk-YVK6F5OD.js";
+import "./chunk-MKRNEM5A.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-6WSX7QXF.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-CGSB4P4S.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-HE5H6NHI.js";
+import "./chunk-ULRBF2T7.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.289",
+  "version": "0.5.290",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/cli-reset-password.ts

@@ -0,0 +1,138 @@
+/**
+ * CLI Command: reset-password
+ *
+ * Reset the admin password directly in the database.
+ * Useful for recovery or when locked out.
+ *
+ * Usage:
+ *   npx @agenticmail/enterprise reset-password
+ *   DATABASE_URL=postgres://... npx @agenticmail/enterprise reset-password
+ */
+
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+export async function runResetPassword(_args: string[]): Promise<void> {
+  const { default: inquirer } = await import('inquirer');
+  const { default: chalk } = await import('chalk');
+  const { default: ora } = await import('ora');
+
+  console.log('');
+  console.log(chalk.bold('  AgenticMail Enterprise — Password Reset'));
+  console.log(chalk.dim('  Reset your admin login password.\n'));
+
+  // Find DATABASE_URL
+  let dbUrl = process.env.DATABASE_URL;
+  if (!dbUrl) {
+    // Try loading from .env
+    const envPaths = [
+      join(process.cwd(), '.env'),
+      join(homedir(), '.agenticmail', '.env'),
+    ];
+    for (const p of envPaths) {
+      if (!existsSync(p)) continue;
+      try {
+        for (const line of readFileSync(p, 'utf8').split('\n')) {
+          const t = line.trim();
+          if (t.startsWith('DATABASE_URL=')) {
+            dbUrl = t.slice('DATABASE_URL='.length).replace(/^["']|["']$/g, '');
+            console.log(chalk.dim(`  Found DATABASE_URL in ${p}`));
+            break;
+          }
+        }
+        if (dbUrl) break;
+      } catch {}
+    }
+  }
+
+  if (!dbUrl) {
+    const answer = await inquirer.prompt([{
+      type: 'input',
+      name: 'dbUrl',
+      message: 'DATABASE_URL:',
+      validate: (v: string) => v.trim().length > 5 ? true : 'Enter your database connection string',
+    }]);
+    dbUrl = answer.dbUrl.trim();
+  }
+
+  // Get new password
+  const { newPassword } = await inquirer.prompt([{
+    type: 'password',
+    name: 'newPassword',
+    message: 'New admin password:',
+    mask: '*',
+    validate: (v: string) => v.length >= 8 ? true : 'Password must be at least 8 characters',
+  }]);
+
+  const { confirmPassword } = await inquirer.prompt([{
+    type: 'password',
+    name: 'confirmPassword',
+    message: 'Confirm password:',
+    mask: '*',
+    validate: (v: string) => v === newPassword ? true : 'Passwords do not match',
+  }]);
+
+  if (newPassword !== confirmPassword) {
+    console.log(chalk.red('  Passwords do not match.'));
+    process.exit(1);
+  }
+
+  const spinner = ora('Resetting admin password...').start();
+
+  try {
+    const bcryptMod = await import('bcryptjs');
+    const bcrypt = bcryptMod.default || bcryptMod;
+    const hash = await bcrypt.hash(newPassword, 12);
+
+    if (dbUrl!.startsWith('postgres')) {
+      const pgMod = await import('postgres' as string);
+      const sql = (pgMod.default || pgMod)(dbUrl!);
+      // Update the first admin/owner user
+      const result = await sql`
+        UPDATE users SET password_hash = ${hash}, updated_at = NOW()
+        WHERE id = (
+          SELECT id FROM users
+          WHERE role IN ('admin', 'owner')
+          ORDER BY created_at ASC
+          LIMIT 1
+        )
+        RETURNING email, role
+      `;
+      await sql.end();
+
+      if (result.length > 0) {
+        spinner.succeed(`Password reset for ${result[0].email} (${result[0].role})`);
+      } else {
+        spinner.warn('No admin user found in database. Run setup first.');
+      }
+    } else {
+      // SQLite
+      const sqliteMod = await import('better-sqlite3' as string);
+      const Database = sqliteMod.default || sqliteMod;
+      const dbPath = dbUrl!.replace('file:', '').replace('sqlite:', '');
+      const db = new Database(dbPath);
+
+      const user = db.prepare(
+        "SELECT id, email, role FROM users WHERE role IN ('admin', 'owner') ORDER BY created_at ASC LIMIT 1"
+      ).get() as any;
+
+      if (user) {
+        db.prepare('UPDATE users SET password_hash = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?').run(hash, user.id);
+        db.close();
+        spinner.succeed(`Password reset for ${user.email} (${user.role})`);
+      } else {
+        db.close();
+        spinner.warn('No admin user found in database. Run setup first.');
+      }
+    }
+
+    console.log('');
+    console.log(chalk.green('  You can now log in with your new password.'));
+    console.log('');
+  } catch (e: any) {
+    spinner.fail('Failed: ' + e.message);
+    console.log(chalk.dim('  Make sure DATABASE_URL is correct and the database is accessible.'));
+    process.exit(1);
+  }
+}

package/src/cli.ts

@@ -44,6 +44,10 @@ switch (command) {
     import('./domain-lock/cli-verify.js').then(m => m.runVerifyDomain(args.slice(1))).catch(fatal);
     break;
 
+  case 'reset-password':
+    import('./cli-reset-password.js').then(m => m.runResetPassword(args.slice(1))).catch(fatal);
+    break;
+
   case '--help':
   case '-h':
     console.log(`
@@ -57,7 +61,8 @@ Commands:
     --json                Machine-readable output
   build-skill             AI-assisted skill scaffolding
   submit-skill <path>     Submit a skill as a PR
-  recover                 Recover a domain registration on a new machine
+  recover                 Recover a domain/subdomain on a new machine
+  reset-password          Reset admin password directly in the database
   verify-domain           Check DNS verification for your domain
 
 Domain Recovery & Verification:

package/src/domain-lock/cli-recover.ts

@@ -443,6 +443,69 @@ async function runCloudRecover(args: string[], inquirer: any, chalk: any, ora: a
       console.log(chalk.dim('  Users will need to log in again. This is normal for recovery.'));
     }
 
+    // Offer to reset admin password
+    const { wantsReset } = await inquirer.prompt([{
+      type: 'confirm',
+      name: 'wantsReset',
+      message: 'Reset your admin password?',
+      default: false,
+    }]);
+
+    if (wantsReset) {
+      // Read DATABASE_URL from current env
+      let dbUrl = '';
+      for (const line of currentEnv.split('\n')) {
+        const t = line.trim();
+        if (t.startsWith('DATABASE_URL=')) dbUrl = t.slice('DATABASE_URL='.length);
+      }
+
+      if (!dbUrl) {
+        console.log(chalk.yellow('  Cannot reset password without DATABASE_URL.'));
+      } else {
+        const { newPassword } = await inquirer.prompt([{
+          type: 'password',
+          name: 'newPassword',
+          message: 'New admin password:',
+          mask: '*',
+          validate: (v: string) => v.length >= 8 ? true : 'Password must be at least 8 characters',
+        }]);
+        const { confirmPassword } = await inquirer.prompt([{
+          type: 'password',
+          name: 'confirmPassword',
+          message: 'Confirm password:',
+          mask: '*',
+          validate: (v: string) => v === newPassword ? true : 'Passwords do not match',
+        }]);
+
+        if (newPassword === confirmPassword) {
+          const resetSpinner = ora('Resetting admin password...').start();
+          try {
+            const bcryptMod = await import('bcryptjs');
+            const bcrypt = bcryptMod.default || bcryptMod;
+            const hash = await bcrypt.hash(newPassword, 12);
+
+            if (dbUrl.startsWith('postgres')) {
+              const pgMod = await import('postgres' as string);
+              const sql = (pgMod.default || pgMod)(dbUrl);
+              await sql`UPDATE users SET password_hash = ${hash} WHERE role = 'admin' OR role = 'owner' ORDER BY created_at ASC LIMIT 1`;
+              await sql.end();
+            } else {
+              // SQLite
+              const sqliteMod = await import('better-sqlite3' as string);
+              const Database = sqliteMod.default || sqliteMod;
+              const db = new Database(dbUrl.replace('file:', '').replace('sqlite:', ''));
+              db.prepare('UPDATE users SET password_hash = ? WHERE rowid = (SELECT rowid FROM users WHERE role IN (?, ?) ORDER BY created_at ASC LIMIT 1)').run(hash, 'admin', 'owner');
+              db.close();
+            }
+            resetSpinner.succeed('Admin password reset successfully');
+          } catch (e: any) {
+            resetSpinner.fail('Could not reset password: ' + e.message);
+            console.log(chalk.dim('  You can reset it later from the dashboard or by re-running recovery.'));
+          }
+        }
+      }
+    }
+
     console.log('');
     console.log(`  Start your instance:`);
     console.log(`     ${chalk.cyan('npx @agenticmail/enterprise start')}`);