@agenticmail/enterprise 0.5.294 → 0.5.295

package/dist/server-ADSJRMMF.js

@@ -0,0 +1,15 @@
+import {
+  createServer
+} from "./chunk-HGSWCMB7.js";
+import "./chunk-OF4MUWWS.js";
+import "./chunk-UF3ZJMJO.js";
+import "./chunk-3OC6RH7W.js";
+import "./chunk-2DDKGTD6.js";
+import "./chunk-YVK6F5OD.js";
+import "./chunk-MKRNEM5A.js";
+import "./chunk-DRXMYYKN.js";
+import "./chunk-6WSX7QXF.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-2VN7D4OT.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-3YLLWCUC.js";
+import "./chunk-KWW53O2B.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/dist/sqlite-C5PV4SCD.js

@@ -0,0 +1,499 @@
+import {
+  getAllCreateStatements
+} from "./chunk-XMDE2NGH.js";
+import {
+  DatabaseAdapter
+} from "./chunk-FLRYMSKY.js";
+import "./chunk-KFQGP6VL.js";
+
+// src/db/sqlite.ts
+import { randomUUID, createHash } from "crypto";
+var Database;
+async function getSqlite() {
+  if (!Database) {
+    try {
+      const { resolveDriver } = await import("./resolve-driver-VQXMFKLJ.js");
+      const mod = await resolveDriver("better-sqlite3", "SQLite driver not found. Install it: npm install better-sqlite3");
+      Database = mod.default;
+    } catch {
+      throw new Error("SQLite driver not found. Install it: npm install better-sqlite3");
+    }
+  }
+  return Database;
+}
+var SqliteAdapter = class extends DatabaseAdapter {
+  type = "sqlite";
+  db = null;
+  async connect(config) {
+    const Db = await getSqlite();
+    const path = config.connectionString || config.database || "./agenticmail-enterprise.db";
+    this.db = new Db(path);
+    this.db.pragma("journal_mode = WAL");
+    this.db.pragma("foreign_keys = ON");
+  }
+  async disconnect() {
+    if (this.db) this.db.close();
+  }
+  isConnected() {
+    return this.db !== null;
+  }
+  async migrate() {
+    const stmts = getAllCreateStatements();
+    const tx = this.db.transaction(() => {
+      for (const stmt of stmts) this.db.exec(stmt);
+      this.db.prepare(
+        `INSERT OR IGNORE INTO retention_policy (id) VALUES ('default')`
+      ).run();
+      this.db.prepare(
+        `INSERT OR IGNORE INTO company_settings (id, name, subdomain) VALUES ('default', 'My Company', 'my-company')`
+      ).run();
+      try {
+        this.db.exec(`ALTER TABLE users ADD COLUMN permissions TEXT DEFAULT '"*"'`);
+      } catch {
+      }
+      try {
+        this.db.exec(`ALTER TABLE users ADD COLUMN must_reset_password INTEGER DEFAULT 0`);
+      } catch {
+      }
+    });
+    tx();
+  }
+  // ─── Engine Integration ──────────────────────────────────
+  getEngineDB() {
+    if (!this.db) return null;
+    const db = this.db;
+    return {
+      run: async (sql, params) => {
+        db.prepare(sql).run(...params || []);
+      },
+      get: async (sql, params) => {
+        return db.prepare(sql).get(...params || []);
+      },
+      all: async (sql, params) => {
+        return db.prepare(sql).all(...params || []);
+      }
+    };
+  }
+  // ─── Company ─────────────────────────────────────────────
+  async getSettings() {
+    const r = this.db.prepare("SELECT * FROM company_settings WHERE id = ?").get("default");
+    return r ? this.mapSettings(r) : null;
+  }
+  async updateSettings(updates) {
+    const map = {
+      name: "name",
+      domain: "domain",
+      subdomain: "subdomain",
+      smtpHost: "smtp_host",
+      smtpPort: "smtp_port",
+      smtpUser: "smtp_user",
+      smtpPass: "smtp_pass",
+      dkimPrivateKey: "dkim_private_key",
+      logoUrl: "logo_url",
+      primaryColor: "primary_color",
+      plan: "plan",
+      deploymentKeyHash: "deployment_key_hash",
+      domainRegistrationId: "domain_registration_id",
+      domainDnsChallenge: "domain_dns_challenge",
+      domainVerifiedAt: "domain_verified_at",
+      domainRegisteredAt: "domain_registered_at",
+      domainStatus: "domain_status"
+    };
+    const sets = [];
+    const vals = [];
+    for (const [key, col] of Object.entries(map)) {
+      if (updates[key] !== void 0) {
+        sets.push(`${col} = ?`);
+        vals.push(updates[key]);
+      }
+    }
+    if (updates.ssoConfig !== void 0) {
+      sets.push("sso_config = ?");
+      vals.push(JSON.stringify(updates.ssoConfig));
+    }
+    if (updates.toolSecurityConfig !== void 0) {
+      sets.push("tool_security_config = ?");
+      vals.push(JSON.stringify(updates.toolSecurityConfig));
+    }
+    if (updates.firewallConfig !== void 0) {
+      sets.push("firewall_config = ?");
+      vals.push(JSON.stringify(updates.firewallConfig));
+    }
+    if (updates.modelPricingConfig !== void 0) {
+      sets.push("model_pricing_config = ?");
+      vals.push(JSON.stringify(updates.modelPricingConfig));
+    }
+    sets.push("updated_at = datetime('now')");
+    vals.push("default");
+    this.db.prepare(`UPDATE company_settings SET ${sets.join(", ")} WHERE id = ?`).run(...vals);
+    return this.getSettings();
+  }
+  // ─── Agents ──────────────────────────────────────────────
+  async createAgent(input) {
+    const id = input.id || randomUUID();
+    const email = input.email || `${input.name.toLowerCase().replace(/\s+/g, "-")}@localhost`;
+    this.db.prepare(
+      `INSERT INTO agents (id, name, email, role, metadata, created_by) VALUES (?, ?, ?, ?, ?, ?)`
+    ).run(id, input.name, email, input.role || "assistant", JSON.stringify(input.metadata || {}), input.createdBy);
+    return await this.getAgent(id);
+  }
+  async getAgent(id) {
+    const r = this.db.prepare("SELECT * FROM agents WHERE id = ?").get(id);
+    return r ? this.mapAgent(r) : null;
+  }
+  async getAgentByName(name) {
+    const r = this.db.prepare("SELECT * FROM agents WHERE name = ?").get(name);
+    return r ? this.mapAgent(r) : null;
+  }
+  async listAgents(opts) {
+    let q = "SELECT * FROM agents";
+    const params = [];
+    if (opts?.status) {
+      q += " WHERE status = ?";
+      params.push(opts.status);
+    }
+    q += " ORDER BY created_at DESC";
+    if (opts?.limit) q += ` LIMIT ${opts.limit}`;
+    if (opts?.offset) q += ` OFFSET ${opts.offset}`;
+    return this.db.prepare(q).all(...params).map((r) => this.mapAgent(r));
+  }
+  async updateAgent(id, updates) {
+    const fields = [];
+    const vals = [];
+    for (const [key, col] of Object.entries({ name: "name", email: "email", role: "role", status: "status" })) {
+      if (updates[key] !== void 0) {
+        fields.push(`${col} = ?`);
+        vals.push(updates[key]);
+      }
+    }
+    if (updates.metadata) {
+      fields.push("metadata = ?");
+      vals.push(JSON.stringify(updates.metadata));
+    }
+    fields.push("updated_at = datetime('now')");
+    vals.push(id);
+    this.db.prepare(`UPDATE agents SET ${fields.join(", ")} WHERE id = ?`).run(...vals);
+    return await this.getAgent(id);
+  }
+  async archiveAgent(id) {
+    this.db.prepare("UPDATE agents SET status = 'archived', updated_at = datetime('now') WHERE id = ?").run(id);
+  }
+  async deleteAgent(id) {
+    this.db.prepare("DELETE FROM agents WHERE id = ?").run(id);
+  }
+  async countAgents(status) {
+    const r = status ? this.db.prepare("SELECT COUNT(*) as c FROM agents WHERE status = ?").get(status) : this.db.prepare("SELECT COUNT(*) as c FROM agents").get();
+    return r.c;
+  }
+  // ─── Users ───────────────────────────────────────────────
+  async createUser(input) {
+    const id = randomUUID();
+    let passwordHash = null;
+    if (input.password) {
+      const { default: bcrypt } = await import("bcryptjs");
+      passwordHash = await bcrypt.hash(input.password, 12);
+    }
+    this.db.prepare(
+      `INSERT INTO users (id, email, name, role, password_hash, sso_provider, sso_subject)
+       VALUES (?, ?, ?, ?, ?, ?, ?)`
+    ).run(id, input.email, input.name, input.role, passwordHash, input.ssoProvider || null, input.ssoSubject || null);
+    return await this.getUser(id);
+  }
+  async getUser(id) {
+    const r = this.db.prepare("SELECT * FROM users WHERE id = ?").get(id);
+    return r ? this.mapUser(r) : null;
+  }
+  async getUserByEmail(email) {
+    const r = this.db.prepare("SELECT * FROM users WHERE email = ?").get(email);
+    return r ? this.mapUser(r) : null;
+  }
+  async getUserBySso(provider, subject) {
+    const r = this.db.prepare("SELECT * FROM users WHERE sso_provider = ? AND sso_subject = ?").get(provider, subject);
+    return r ? this.mapUser(r) : null;
+  }
+  async listUsers(opts) {
+    let q = "SELECT * FROM users ORDER BY created_at DESC";
+    if (opts?.limit) q += ` LIMIT ${opts.limit}`;
+    if (opts?.offset) q += ` OFFSET ${opts.offset}`;
+    return this.db.prepare(q).all().map((r) => this.mapUser(r));
+  }
+  async updateUser(id, updates) {
+    const fields = [];
+    const vals = [];
+    for (const key of ["email", "name", "role"]) {
+      if (updates[key] !== void 0) {
+        fields.push(`${key} = ?`);
+        vals.push(updates[key]);
+      }
+    }
+    fields.push("updated_at = datetime('now')");
+    vals.push(id);
+    this.db.prepare(`UPDATE users SET ${fields.join(", ")} WHERE id = ?`).run(...vals);
+    return await this.getUser(id);
+  }
+  async deleteUser(id) {
+    this.db.prepare("DELETE FROM users WHERE id = ?").run(id);
+  }
+  // ─── Audit ───────────────────────────────────────────────
+  async logEvent(event) {
+    this.db.prepare(
+      `INSERT INTO audit_log (id, actor, actor_type, action, resource, details, ip) VALUES (?, ?, ?, ?, ?, ?, ?)`
+    ).run(
+      randomUUID(),
+      event.actor,
+      event.actorType,
+      event.action,
+      event.resource,
+      JSON.stringify(event.details || {}),
+      event.ip || null
+    );
+  }
+  async queryAudit(filters) {
+    const where = [];
+    const params = [];
+    if (filters.actor) {
+      where.push("actor = ?");
+      params.push(filters.actor);
+    }
+    if (filters.action) {
+      where.push("action = ?");
+      params.push(filters.action);
+    }
+    if (filters.resource) {
+      where.push("resource LIKE ?");
+      params.push(`%${filters.resource}%`);
+    }
+    if (filters.from) {
+      where.push("timestamp >= ?");
+      params.push(filters.from.toISOString());
+    }
+    if (filters.to) {
+      where.push("timestamp <= ?");
+      params.push(filters.to.toISOString());
+    }
+    const wc = where.length > 0 ? `WHERE ${where.join(" AND ")}` : "";
+    const total = this.db.prepare(`SELECT COUNT(*) as c FROM audit_log ${wc}`).get(...params).c;
+    let q = `SELECT * FROM audit_log ${wc} ORDER BY timestamp DESC`;
+    if (filters.limit) q += ` LIMIT ${filters.limit}`;
+    if (filters.offset) q += ` OFFSET ${filters.offset}`;
+    const rows = this.db.prepare(q).all(...params);
+    return {
+      events: rows.map((r) => ({
+        id: r.id,
+        timestamp: new Date(r.timestamp),
+        actor: r.actor,
+        actorType: r.actor_type,
+        action: r.action,
+        resource: r.resource,
+        details: JSON.parse(r.details || "{}"),
+        ip: r.ip
+      })),
+      total
+    };
+  }
+  // ─── API Keys ────────────────────────────────────────────
+  async createApiKey(input) {
+    const id = randomUUID();
+    const plaintext = `ek_${randomUUID().replace(/-/g, "")}`;
+    const keyHash = createHash("sha256").update(plaintext).digest("hex");
+    const keyPrefix = plaintext.substring(0, 11);
+    this.db.prepare(
+      `INSERT INTO api_keys (id, name, key_hash, key_prefix, scopes, created_by, expires_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?)`
+    ).run(id, input.name, keyHash, keyPrefix, JSON.stringify(input.scopes), input.createdBy, input.expiresAt?.toISOString() || null);
+    return { key: await this.getApiKey(id), plaintext };
+  }
+  async getApiKey(id) {
+    const r = this.db.prepare("SELECT * FROM api_keys WHERE id = ?").get(id);
+    return r ? this.mapApiKey(r) : null;
+  }
+  async validateApiKey(plaintext) {
+    const keyHash = createHash("sha256").update(plaintext).digest("hex");
+    const r = this.db.prepare("SELECT * FROM api_keys WHERE key_hash = ? AND revoked = 0").get(keyHash);
+    if (!r) return null;
+    const key = this.mapApiKey(r);
+    if (key.expiresAt && /* @__PURE__ */ new Date() > key.expiresAt) return null;
+    this.db.prepare("UPDATE api_keys SET last_used_at = datetime('now') WHERE id = ?").run(key.id);
+    return key;
+  }
+  async listApiKeys(opts) {
+    let q = "SELECT * FROM api_keys WHERE revoked = 0";
+    const params = [];
+    if (opts?.createdBy) {
+      q += " AND created_by = ?";
+      params.push(opts.createdBy);
+    }
+    q += " ORDER BY created_at DESC";
+    return this.db.prepare(q).all(...params).map((r) => this.mapApiKey(r));
+  }
+  async revokeApiKey(id) {
+    this.db.prepare("UPDATE api_keys SET revoked = 1 WHERE id = ?").run(id);
+  }
+  // ─── Rules ───────────────────────────────────────────────
+  async createRule(rule) {
+    const id = randomUUID();
+    this.db.prepare(
+      `INSERT INTO email_rules (id, name, agent_id, conditions, actions, priority, enabled)
+       VALUES (?, ?, ?, ?, ?, ?, ?)`
+    ).run(
+      id,
+      rule.name,
+      rule.agentId || null,
+      JSON.stringify(rule.conditions),
+      JSON.stringify(rule.actions),
+      rule.priority,
+      rule.enabled ? 1 : 0
+    );
+    const r = this.db.prepare("SELECT * FROM email_rules WHERE id = ?").get(id);
+    return this.mapRule(r);
+  }
+  async getRules(agentId) {
+    let q = "SELECT * FROM email_rules";
+    const params = [];
+    if (agentId) {
+      q += " WHERE agent_id = ? OR agent_id IS NULL";
+      params.push(agentId);
+    }
+    q += " ORDER BY priority DESC";
+    return this.db.prepare(q).all(...params).map((r) => this.mapRule(r));
+  }
+  async updateRule(id, updates) {
+    const fields = [];
+    const vals = [];
+    if (updates.name !== void 0) {
+      fields.push("name = ?");
+      vals.push(updates.name);
+    }
+    if (updates.conditions) {
+      fields.push("conditions = ?");
+      vals.push(JSON.stringify(updates.conditions));
+    }
+    if (updates.actions) {
+      fields.push("actions = ?");
+      vals.push(JSON.stringify(updates.actions));
+    }
+    if (updates.priority !== void 0) {
+      fields.push("priority = ?");
+      vals.push(updates.priority);
+    }
+    if (updates.enabled !== void 0) {
+      fields.push("enabled = ?");
+      vals.push(updates.enabled ? 1 : 0);
+    }
+    fields.push("updated_at = datetime('now')");
+    vals.push(id);
+    this.db.prepare(`UPDATE email_rules SET ${fields.join(", ")} WHERE id = ?`).run(...vals);
+    const r = this.db.prepare("SELECT * FROM email_rules WHERE id = ?").get(id);
+    return this.mapRule(r);
+  }
+  async deleteRule(id) {
+    this.db.prepare("DELETE FROM email_rules WHERE id = ?").run(id);
+  }
+  // ─── Retention ───────────────────────────────────────────
+  async getRetentionPolicy() {
+    const r = this.db.prepare("SELECT * FROM retention_policy WHERE id = ?").get("default");
+    if (!r) return { enabled: false, retainDays: 365, archiveFirst: true };
+    return { enabled: !!r.enabled, retainDays: r.retain_days, excludeTags: JSON.parse(r.exclude_tags || "[]"), archiveFirst: !!r.archive_first };
+  }
+  async setRetentionPolicy(policy) {
+    this.db.prepare(
+      `UPDATE retention_policy SET enabled = ?, retain_days = ?, exclude_tags = ?, archive_first = ? WHERE id = 'default'`
+    ).run(policy.enabled ? 1 : 0, policy.retainDays, JSON.stringify(policy.excludeTags || []), policy.archiveFirst ? 1 : 0);
+  }
+  // ─── Stats ───────────────────────────────────────────────
+  async getStats() {
+    return {
+      totalAgents: this.db.prepare("SELECT COUNT(*) as c FROM agents").get().c,
+      activeAgents: this.db.prepare("SELECT COUNT(*) as c FROM agents WHERE status = 'active'").get().c,
+      totalUsers: this.db.prepare("SELECT COUNT(*) as c FROM users").get().c,
+      totalEmails: 0,
+      totalAuditEvents: this.db.prepare("SELECT COUNT(*) as c FROM audit_log").get().c
+    };
+  }
+  // ─── Mappers ─────────────────────────────────────────────
+  mapAgent(r) {
+    return {
+      id: r.id,
+      name: r.name,
+      email: r.email,
+      role: r.role,
+      status: r.status,
+      metadata: typeof r.metadata === "string" ? JSON.parse(r.metadata) : r.metadata,
+      createdAt: new Date(r.created_at),
+      updatedAt: new Date(r.updated_at),
+      createdBy: r.created_by
+    };
+  }
+  mapUser(r) {
+    return {
+      id: r.id,
+      email: r.email,
+      name: r.name,
+      role: r.role,
+      passwordHash: r.password_hash,
+      ssoProvider: r.sso_provider,
+      ssoSubject: r.sso_subject,
+      createdAt: new Date(r.created_at),
+      updatedAt: new Date(r.updated_at),
+      lastLoginAt: r.last_login_at ? new Date(r.last_login_at) : void 0
+    };
+  }
+  mapApiKey(r) {
+    return {
+      id: r.id,
+      name: r.name,
+      keyHash: r.key_hash,
+      keyPrefix: r.key_prefix,
+      scopes: typeof r.scopes === "string" ? JSON.parse(r.scopes) : r.scopes,
+      createdBy: r.created_by,
+      createdAt: new Date(r.created_at),
+      lastUsedAt: r.last_used_at ? new Date(r.last_used_at) : void 0,
+      expiresAt: r.expires_at ? new Date(r.expires_at) : void 0,
+      revoked: !!r.revoked
+    };
+  }
+  mapRule(r) {
+    return {
+      id: r.id,
+      name: r.name,
+      agentId: r.agent_id,
+      conditions: typeof r.conditions === "string" ? JSON.parse(r.conditions) : r.conditions,
+      actions: typeof r.actions === "string" ? JSON.parse(r.actions) : r.actions,
+      priority: r.priority,
+      enabled: !!r.enabled,
+      createdAt: new Date(r.created_at),
+      updatedAt: new Date(r.updated_at)
+    };
+  }
+  mapSettings(r) {
+    return {
+      id: r.id,
+      name: r.name,
+      domain: r.domain,
+      subdomain: r.subdomain,
+      smtpHost: r.smtp_host,
+      smtpPort: r.smtp_port,
+      smtpUser: r.smtp_user,
+      smtpPass: r.smtp_pass,
+      dkimPrivateKey: r.dkim_private_key,
+      logoUrl: r.logo_url,
+      primaryColor: r.primary_color,
+      ssoConfig: r.sso_config ? typeof r.sso_config === "string" ? JSON.parse(r.sso_config) : r.sso_config : void 0,
+      toolSecurityConfig: r.tool_security_config ? typeof r.tool_security_config === "string" ? JSON.parse(r.tool_security_config) : r.tool_security_config : {},
+      firewallConfig: r.firewall_config ? typeof r.firewall_config === "string" ? JSON.parse(r.firewall_config) : r.firewall_config : {},
+      modelPricingConfig: r.model_pricing_config ? typeof r.model_pricing_config === "string" ? JSON.parse(r.model_pricing_config) : r.model_pricing_config : {},
+      plan: r.plan,
+      createdAt: new Date(r.created_at),
+      updatedAt: new Date(r.updated_at),
+      deploymentKeyHash: r.deployment_key_hash,
+      domainRegistrationId: r.domain_registration_id,
+      domainDnsChallenge: r.domain_dns_challenge,
+      domainVerifiedAt: r.domain_verified_at || void 0,
+      domainRegisteredAt: r.domain_registered_at || void 0,
+      domainStatus: r.domain_status || "unregistered"
+    };
+  }
+};
+export {
+  SqliteAdapter
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.294",
+  "version": "0.5.295",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {

package/src/admin/routes.ts

@@ -481,6 +481,35 @@ export function createAdminRoutes(db: DatabaseAdapter) {
     if (existing) return c.json({ error: 'Email already registered' }, 409);
 
     const user = await db.createUser(body);
+
+    // Mark as must-reset-password (admin-created accounts)
+    try {
+      await (db as any).pool.query(
+        'UPDATE users SET must_reset_password = TRUE WHERE id = $1',
+        [user.id]
+      );
+    } catch {
+      try {
+        const edb = (db as any).db;
+        if (edb?.prepare) edb.prepare('UPDATE users SET must_reset_password = 1 WHERE id = ?').run(user.id);
+      } catch { /* ignore */ }
+    }
+
+    // Set initial permissions if provided
+    if (body.permissions && body.permissions !== '*') {
+      try {
+        await (db as any).pool.query(
+          'UPDATE users SET permissions = $1 WHERE id = $2',
+          [JSON.stringify(body.permissions), user.id]
+        );
+      } catch {
+        try {
+          const edb = (db as any).db;
+          if (edb?.prepare) edb.prepare('UPDATE users SET permissions = ? WHERE id = ?').run(JSON.stringify(body.permissions), user.id);
+        } catch { /* ignore */ }
+      }
+    }
+
     const { passwordHash, ...safe } = user;
     return c.json(safe, 201);
   });