@agenticmail/enterprise 0.5.312 → 0.5.313

package/src/engine/oauth-connect-routes.ts

@@ -51,7 +51,7 @@ async function findVaultEntryByName(
 
 // ─── Route Factory ──────────────────────────────────────
 
-export function createOAuthConnectRoutes(vault: SecureVault, lifecycle?: any) {
+export function createOAuthConnectRoutes(vault: SecureVault, lifecycle?: any, getAdminDb?: () => any) {
   const router = new Hono();
 
   // ─── GET /authorize/:skillId — Start OAuth flow ─────
@@ -211,7 +211,7 @@ export function createOAuthConnectRoutes(vault: SecureVault, lifecycle?: any) {
           const managed = lifecycle.getAgent(state);
           console.log(`[OAuth callback] state=${state}, lifecycle exists=${!!lifecycle}, agent found=${!!managed}, emailStatus=${managed?.config?.emailConfig?.status}`);
           if (managed?.config?.emailConfig?.status === 'awaiting_oauth' || managed?.config?.emailConfig?.status === 'connected') {
-            return await handleAgentEmailOAuthCallback(c, state, code, managed, lifecycle);
+            return await handleAgentEmailOAuthCallback(c, state, code, managed, lifecycle, getAdminDb);
           }
         } else {
           console.log(`[OAuth callback] state=${state}, lifecycle is null/undefined`);
@@ -436,8 +436,28 @@ export function createOAuthConnectRoutes(vault: SecureVault, lifecycle?: any) {
 
 // ─── Agent Email OAuth Callback Handler ─────────────────
 
-async function handleAgentEmailOAuthCallback(c: any, agentId: string, code: string, managed: any, lifecycle: any) {
+async function handleAgentEmailOAuthCallback(c: any, agentId: string, code: string, managed: any, lifecycle: any, _getAdminDb?: () => any) {
   const emailConfig = managed.config.emailConfig;
+
+  // If client secret is missing, try to inherit from org-level email config
+  if (!emailConfig.oauthClientSecret && _getAdminDb) {
+    try {
+      const adminDb = _getAdminDb();
+      if (adminDb?.getSettings) {
+        const settings = await adminDb.getSettings();
+        if (settings?.orgEmailConfig?.oauthClientSecret && settings.orgEmailConfig.provider === emailConfig.oauthProvider) {
+          emailConfig.oauthClientSecret = settings.orgEmailConfig.oauthClientSecret;
+          if (!emailConfig.oauthClientId && settings.orgEmailConfig.oauthClientId) {
+            emailConfig.oauthClientId = settings.orgEmailConfig.oauthClientId;
+          }
+          console.log('[OAuth callback] Inherited org-level client credentials for agent', agentId);
+        }
+      }
+    } catch (e) {
+      console.error('[OAuth callback] Failed to inherit org email config:', e);
+    }
+  }
+
   try {
     if (emailConfig.oauthProvider === 'microsoft') {
       const tokenRes = await fetch(`https://login.microsoftonline.com/${emailConfig.oauthTenantId || 'common'}/oauth2/v2.0/token`, {

package/src/engine/routes.ts

@@ -323,7 +323,7 @@ engine.route('/policies', createPolicyImportRoutes(policyImporter));
 engine.route('/knowledge-contribution', createKnowledgeContributionRoutes(knowledgeContribution, { lifecycle }));
 engine.route('/knowledge-import', createKnowledgeImportRoutes(knowledgeImport));
 engine.route('/skill-updates', createSkillUpdaterRoutes(skillUpdater));
-engine.route('/oauth', createOAuthConnectRoutes(vault, lifecycle));
+engine.route('/oauth', createOAuthConnectRoutes(vault, lifecycle, () => _adminDb));
 engine.route('/org-integrations', createOrgIntegrationRoutes(orgIntegrations));
 
 // Database Access system

package/src/engine/task-poller.ts

@@ -107,6 +107,15 @@ export class TaskPoller {
 
     try {
       const now = Date.now();
+
+      // Sync from database first — ensures we catch tasks that were reset, added externally,
+      // or survived a process restart. This is the enterprise-grade approach.
+      try {
+        await this.deps.taskQueue.syncFromDb?.();
+      } catch (syncErr: any) {
+        this.log('DB sync warning (non-fatal):', syncErr.message);
+      }
+
       const activeTasks = this.deps.taskQueue.getActiveTasks();
       checked = activeTasks.length;
 
@@ -256,6 +265,27 @@ export class TaskPoller {
       }
     }
 
+    // Session not found or gone — this means a crash/restart happened
+    if (task.sessionId) {
+      this.log(`Task ${task.id.slice(0, 8)}: session ${task.sessionId} is DEAD (agent crash/restart)`);
+      await taskQueue.updateTask(task.id, {
+        status: 'assigned',
+        sessionId: null as any,
+        activityLog: [
+          ...task.activityLog,
+          {
+            ts: new Date().toISOString(),
+            type: 'crash',
+            agent: 'task-poller',
+            detail: `Session ${task.sessionId} died (agent crash/restart). Reason: ${reason}. Recovering...`,
+            previousStatus: task.status,
+            retryCount: (this.retries.get(task.id)?.count ?? 0) + 1,
+            nextRetryAt: new Date(Date.now() + 5000).toISOString(),
+          },
+        ],
+      });
+    }
+
     // Strategy 2: Check if agent has ANY active session to route to
     const activeSessions = sessionRouter.getActiveSessions(agentId);
     const chatSession = activeSessions.find(s => s.type === 'chat' || s.type === 'task');
@@ -278,22 +308,43 @@ export class TaskPoller {
     }
 
     // Strategy 3: Spawn a new session
-    this.log(`Task ${task.id}: spawning new session`);
+    this.log(`Task ${task.id.slice(0, 8)}: spawning new session`);
     try {
       const sessionId = await spawnForTask(task);
       if (sessionId) {
+        const retryCount = (this.retries.get(task.id)?.count ?? 0) + 1;
         await taskQueue.updateTask(task.id, {
           status: 'in_progress',
           sessionId,
+          startedAt: new Date().toISOString(),
           activityLog: [
             ...task.activityLog,
-            { ts: new Date().toISOString(), type: 'note', agent: 'task-poller', detail: `Spawned recovery session ${sessionId}: ${reason}` },
+            {
+              ts: new Date().toISOString(),
+              type: 'recovery',
+              agent: 'task-poller',
+              detail: `Recovery session spawned (attempt ${retryCount}/${this.maxRetries}): ${reason}`,
+              sessionId,
+              retryCount,
+            },
           ],
         });
         return true;
       }
     } catch (e: any) {
-      this.log(`Failed to spawn session for task ${task.id}:`, e.message);
+      this.log(`Failed to spawn session for task ${task.id.slice(0, 8)}:`, e.message);
+      // Log the failure
+      await taskQueue.updateTask(task.id, {
+        activityLog: [
+          ...task.activityLog,
+          {
+            ts: new Date().toISOString(),
+            type: 'error',
+            agent: 'task-poller',
+            detail: `Recovery spawn failed: ${e.message}. Will retry in ~${Math.round(this.intervalMs / 1000)}s.`,
+          },
+        ],
+      }).catch(() => {});
     }
 
     return false;

package/src/engine/task-queue.ts

@@ -194,6 +194,36 @@ export class TaskQueueManager {
     this.initialized = true;
   }
 
+  /**
+   * Sync active tasks from database into memory.
+   * Called by the task poller before each cycle to catch externally-added or reset tasks.
+   */
+  async syncFromDb(): Promise<void> {
+    if (!this.db) return;
+    try {
+      const rows = await this.db.all(
+        `SELECT * FROM task_pipeline WHERE status IN ('created','assigned','in_progress') ORDER BY created_at DESC LIMIT 200`
+      );
+      if (!rows) return;
+      let added = 0;
+      for (const row of rows) {
+        const existing = this.tasks.get(row.id);
+        const dbTask = this.rowToTask(row);
+        if (!existing) {
+          // New task not in memory — add it
+          this.tasks.set(row.id, dbTask);
+          added++;
+        } else if (existing.status !== dbTask.status || existing.sessionId !== dbTask.sessionId) {
+          // Status changed externally (e.g., reset after crash) — update in memory
+          this.tasks.set(row.id, dbTask);
+        }
+      }
+      if (added > 0) console.log(`[TaskQueue] syncFromDb: added ${added} tasks from DB`);
+    } catch (e: any) {
+      console.error('[TaskQueue] syncFromDb error:', e.message);
+    }
+  }
+
   // ─── CRUD ─────────────────────────────────────────────
 
   async createTask(opts: {

package/src/runtime/index.ts

@@ -413,7 +413,8 @@ export class AgentRuntime {
       }
     }
 
-    this.runSessionLoop(session.id, agentConfig, [{ role: 'user', content: opts.message }], apiKey);
+    const initialContent = opts.messageContent || opts.message;
+    this.runSessionLoop(session.id, agentConfig, [{ role: 'user', content: initialContent }], apiKey);
 
     return session;
   }

package/src/runtime/types.ts

@@ -230,6 +230,8 @@ export interface SpawnOptions {
   agentId: string;
   orgId?: string;
   message: string;
+  /** Multimodal content blocks (images + text). When provided, overrides `message` for the initial user turn. */
+  messageContent?: any[];
   model?: ModelConfig;
   systemPrompt?: string;
   tools?: AnyAgentTool[];

package/src/server.ts

@@ -299,6 +299,13 @@ export function createServer(config: ServerConfig): ServerInstance {
       return c.json({ error: 'Access denied: you can only access your assigned organization' }, 403);
     }
 
+    // INJECT clientOrgId when no orgId is specified — ensures downstream queries are always scoped
+    // Store for downstream handlers; also override userOrgId so audit/filtering uses client org
+    if (!requestedOrg) {
+      c.set('enforcedOrgId', clientOrgId);
+      c.set('userOrgId', clientOrgId);
+    }
+
     // Block org listing — only return their own org
     const path = c.req.path;
     if (path === '/api/organizations' && c.req.method === 'GET') {
@@ -469,7 +476,12 @@ export function createServer(config: ServerConfig): ServerInstance {
         if ((c as any)._decryptedBody !== undefined) {
           subBody = JSON.stringify((c as any)._decryptedBody);
         } else {
-          subBody = c.req.raw.body;
+          try {
+            // Clone the body to avoid "disturbed or locked" errors
+            subBody = c.req.raw.bodyUsed ? null : c.req.raw.body;
+          } catch {
+            subBody = null;
+          }
         }
       }
       const subReq = new Request(new URL(subPath, 'http://localhost'), {

package/src/system-prompts/triage.ts

@@ -22,7 +22,7 @@ Good morning! Here's what accumulated while you were off:
 - ${ctx.failedChats} chat message(s) may be unanswered
 
 Your morning routine:
-1. Check your inbox with gmail_list (unread only) — scan subjects and senders
+1. Check your inbox with gmail_search (unread only) — scan subjects and senders
 2. For each important email, create a Google Task: google_tasks_create with title, notes, and priority
 3. Check Google Chat for any unanswered messages: google_chat_list_messages
 4. For any failed sessions that look important, add them as tasks too