@agenticmail/enterprise 0.5.319 → 0.5.321

package/dist/cli-serve-WNOZMAWD.js

@@ -0,0 +1,153 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/cli-serve.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function loadEnvFile() {
+  const candidates = [
+    join(process.cwd(), ".env"),
+    join(homedir(), ".agenticmail", ".env")
+  ];
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, "utf8");
+      for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) continue;
+        const eq = trimmed.indexOf("=");
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch {
+    }
+  }
+}
+async function ensureSecrets() {
+  const { randomUUID } = await import("crypto");
+  const envDir = join(homedir(), ".agenticmail");
+  const envPath = join(envDir, ".env");
+  let dirty = false;
+  if (!process.env.JWT_SECRET) {
+    process.env.JWT_SECRET = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new JWT_SECRET (existing sessions will need to re-login)");
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new AGENTICMAIL_VAULT_KEY");
+    console.log("[startup] \u26A0\uFE0F  Previously encrypted credentials will need to be re-entered in the dashboard");
+  }
+  if (dirty) {
+    try {
+      if (!existsSync(envDir)) {
+        const { mkdirSync } = await import("fs");
+        mkdirSync(envDir, { recursive: true });
+      }
+      const { appendFileSync } = await import("fs");
+      const lines = [];
+      let existing = "";
+      if (existsSync(envPath)) {
+        existing = readFileSync(envPath, "utf8");
+      }
+      if (!existing.includes("JWT_SECRET=")) {
+        lines.push(`JWT_SECRET=${process.env.JWT_SECRET}`);
+      }
+      if (!existing.includes("AGENTICMAIL_VAULT_KEY=")) {
+        lines.push(`AGENTICMAIL_VAULT_KEY=${process.env.AGENTICMAIL_VAULT_KEY}`);
+      }
+      if (lines.length) {
+        appendFileSync(envPath, "\n" + lines.join("\n") + "\n", { mode: 384 });
+        console.log(`[startup] Saved secrets to ${envPath}`);
+      }
+    } catch (e) {
+      console.warn(`[startup] Could not save secrets to ${envPath}: ${e.message}`);
+    }
+  }
+}
+async function runServe(_args) {
+  loadEnvFile();
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const PORT = parseInt(process.env.PORT || "8080", 10);
+  await ensureSecrets();
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const VAULT_KEY = process.env.AGENTICMAIL_VAULT_KEY;
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required.");
+    console.error("");
+    console.error("Set it via environment variable or .env file:");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start");
+    console.error("");
+    console.error("Or create a .env file (in cwd or ~/.agenticmail/.env):");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db");
+    console.error("  JWT_SECRET=your-secret-here");
+    console.error("  PORT=3200");
+    process.exit(1);
+  }
+  const { createAdapter, smartDbConfig } = await import("./factory-MQASIPEB.js");
+  const { createServer } = await import("./server-DFYGH2CV.js");
+  const db = await createAdapter(smartDbConfig(DATABASE_URL));
+  await db.migrate();
+  const server = createServer({
+    port: PORT,
+    db,
+    jwtSecret: JWT_SECRET,
+    corsOrigins: ["*"]
+  });
+  await server.start();
+  console.log(`AgenticMail Enterprise server running on :${PORT}`);
+  try {
+    const { startPreventSleep } = await import("./screen-unlock-4RPZBHOI.js");
+    const adminDb = server.getAdminDb?.() || server.adminDb;
+    if (adminDb) {
+      const settings = await adminDb.getSettings?.().catch(() => null);
+      const screenAccess = settings?.securityConfig?.screenAccess;
+      if (screenAccess?.enabled && screenAccess?.preventSleep) {
+        startPreventSleep();
+        console.log("[startup] Prevent-sleep enabled \u2014 system will stay awake while agents are active");
+      }
+    }
+  } catch {
+  }
+  const tunnelToken = process.env.CLOUDFLARED_TOKEN;
+  if (tunnelToken) {
+    try {
+      const { execSync, spawn } = await import("child_process");
+      try {
+        execSync("which cloudflared", { timeout: 3e3 });
+      } catch {
+        console.log("[startup] cloudflared not found \u2014 skipping tunnel auto-start");
+        console.log("[startup] Install cloudflared to enable tunnel: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/");
+        return;
+      }
+      try {
+        execSync('pgrep -f "cloudflared.*tunnel.*run"', { timeout: 3e3 });
+        console.log("[startup] cloudflared tunnel already running");
+        return;
+      } catch {
+      }
+      const subdomain = process.env.AGENTICMAIL_SUBDOMAIN || process.env.AGENTICMAIL_DOMAIN || "";
+      console.log(`[startup] Starting cloudflared tunnel${subdomain ? ` for ${subdomain}.agenticmail.io` : ""}...`);
+      const child = spawn("cloudflared", ["tunnel", "--no-autoupdate", "run", "--token", tunnelToken], {
+        detached: true,
+        stdio: "ignore"
+      });
+      child.unref();
+      console.log("[startup] cloudflared tunnel started (pid " + child.pid + ")");
+    } catch (e) {
+      console.warn("[startup] Could not auto-start cloudflared: " + e.message);
+    }
+  }
+}
+export {
+  runServe
+};

package/dist/cli-validate-Z726VJCN.js

@@ -0,0 +1,150 @@
+import {
+  ALL_TOOLS,
+  init_tool_catalog
+} from "./chunk-ZGYVXYQQ.js";
+import {
+  collectCommunityToolIds,
+  init_skill_validator,
+  validateSkillManifest
+} from "./chunk-22U7TZPN.js";
+import "./chunk-KFQGP6VL.js";
+
+// src/engine/cli-validate.ts
+init_skill_validator();
+init_tool_catalog();
+async function runValidate(args) {
+  const chalk = (await import("chalk")).default;
+  const fs = await import("fs/promises");
+  const path = await import("path");
+  const jsonMode = args.includes("--json");
+  const allMode = args.includes("--all");
+  const pathArgs = args.filter((a) => !a.startsWith("--"));
+  const builtinIds = new Set(ALL_TOOLS.map((t) => t.id || t.name));
+  const communityDir = path.resolve(process.cwd(), "community-skills");
+  const reports = [];
+  if (allMode) {
+    let entries;
+    try {
+      entries = await fs.readdir(communityDir, { withFileTypes: true });
+    } catch {
+      if (jsonMode) {
+        console.log(JSON.stringify({ error: "community-skills/ directory not found" }));
+      } else {
+        console.error(chalk.red("Error: community-skills/ directory not found"));
+      }
+      process.exit(1);
+      return;
+    }
+    for (const entry of entries) {
+      if (!entry.isDirectory() || entry.name.startsWith("_") || entry.name.startsWith(".")) continue;
+      const skillDir = path.join(communityDir, entry.name);
+      const report = await validatePath(skillDir, builtinIds, communityDir);
+      reports.push(report);
+    }
+  } else {
+    const target = pathArgs[0];
+    if (!target) {
+      if (jsonMode) {
+        console.log(JSON.stringify({ error: "No path specified. Usage: npx @agenticmail/enterprise validate <path> [--all] [--json]" }));
+      } else {
+        console.log(`${chalk.bold("Usage:")} npx @agenticmail/enterprise validate <path>`);
+        console.log("");
+        console.log("  <path>    Path to a skill directory or agenticmail-skill.json file");
+        console.log("  --all     Validate all skills in community-skills/");
+        console.log("  --json    Machine-readable JSON output");
+      }
+      process.exit(1);
+      return;
+    }
+    const report = await validatePath(path.resolve(target), builtinIds, communityDir);
+    reports.push(report);
+  }
+  if (jsonMode) {
+    console.log(JSON.stringify({ results: reports, totalErrors: reports.reduce((s, r) => s + r.errors.length, 0) }, null, 2));
+  } else {
+    console.log("");
+    for (const report of reports) {
+      if (report.valid) {
+        console.log(chalk.green("  \u2714") + " " + chalk.bold(report.skillId) + chalk.dim(` (${report.path})`));
+      } else {
+        console.log(chalk.red("  \u2718") + " " + chalk.bold(report.skillId) + chalk.dim(` (${report.path})`));
+        for (const err of report.errors) {
+          console.log(chalk.red("    \u2502 ") + err);
+        }
+      }
+      for (const warn of report.warnings) {
+        console.log(chalk.yellow("    \u26A0 ") + warn);
+      }
+    }
+    console.log("");
+    const passed = reports.filter((r) => r.valid).length;
+    const failed = reports.filter((r) => !r.valid).length;
+    if (failed > 0) {
+      console.log(chalk.red(`  ${failed} failed`) + chalk.dim(`, ${passed} passed, ${reports.length} total`));
+    } else {
+      console.log(chalk.green(`  ${passed} passed`) + chalk.dim(`, ${reports.length} total`));
+    }
+    console.log("");
+  }
+  if (reports.some((r) => !r.valid)) {
+    process.exit(1);
+  }
+}
+async function validatePath(targetPath, builtinIds, communityDir) {
+  const fs = await import("fs/promises");
+  const path = await import("path");
+  let manifestPath;
+  try {
+    const stat = await fs.stat(targetPath);
+    if (stat.isDirectory()) {
+      manifestPath = path.join(targetPath, "agenticmail-skill.json");
+    } else {
+      manifestPath = targetPath;
+    }
+  } catch {
+    return {
+      path: targetPath,
+      skillId: path.basename(targetPath),
+      valid: false,
+      errors: [`Path not found: ${targetPath}`],
+      warnings: []
+    };
+  }
+  let raw;
+  try {
+    raw = await fs.readFile(manifestPath, "utf-8");
+  } catch {
+    return {
+      path: manifestPath,
+      skillId: path.basename(path.dirname(manifestPath)),
+      valid: false,
+      errors: [`Cannot read: ${manifestPath}`],
+      warnings: []
+    };
+  }
+  let manifest;
+  try {
+    manifest = JSON.parse(raw);
+  } catch (err) {
+    return {
+      path: manifestPath,
+      skillId: path.basename(path.dirname(manifestPath)),
+      valid: false,
+      errors: [`Invalid JSON: ${err.message}`],
+      warnings: []
+    };
+  }
+  const communityIds = await collectCommunityToolIds(communityDir, manifest.id);
+  const allExistingIds = /* @__PURE__ */ new Set([...builtinIds, ...communityIds]);
+  const result = validateSkillManifest(manifest, { existingToolIds: allExistingIds });
+  return {
+    path: manifestPath,
+    skillId: manifest.id || path.basename(path.dirname(manifestPath)),
+    valid: result.valid,
+    errors: result.errors,
+    warnings: result.warnings
+  };
+}
+export {
+  runValidate
+};

package/dist/cli.js

@@ -5,7 +5,7 @@ var args = process.argv.slice(2);
 var command = args[0];
 switch (command) {
   case "validate":
-    import("./cli-validate-6XDDLVVQ.js").then((m) => m.runValidate(args.slice(1))).catch(fatal);
+    import("./cli-validate-Z726VJCN.js").then((m) => m.runValidate(args.slice(1))).catch(fatal);
     break;
   case "build-skill":
     import("./cli-build-skill-2IOE7MYP.js").then((m) => m.runBuildSkill(args.slice(1))).catch(fatal);
@@ -57,14 +57,14 @@ Skill Development:
     break;
   case "serve":
   case "start":
-    import("./cli-serve-657NRUOX.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
+    import("./cli-serve-BDGOOOKQ.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
-    import("./cli-agent-FXZ6DJKP.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
+    import("./cli-agent-QAYEX3BE.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:
-    import("./setup-2JYXGTW6.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-4OSBXSCL.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/connection-manager-KAWEUWUR.js

@@ -0,0 +1,9 @@
+import {
+  DatabaseConnectionManager,
+  init_connection_manager
+} from "./chunk-BQM7MBPS.js";
+import "./chunk-KFQGP6VL.js";
+init_connection_manager();
+export {
+  DatabaseConnectionManager
+};

package/dist/dashboard/app.js

@@ -156,7 +156,8 @@ function App() {
   const [selectedOrgId, setSelectedOrgId] = useState('');
   const [selectedOrg, setSelectedOrg] = useState(null);
   const [orgVersion, setOrgVersion] = useState(0);
-  const onOrgChange = useCallback((id, org) => { setSelectedOrgId(id); setSelectedOrg(org); setOrgVersion(v => v + 1); }, []);
+  const [companyName, setCompanyName] = useState((window.__EM_BRANDING__ && window.__EM_BRANDING__.companyName) || '');
+  const onOrgChange = useCallback((id, org) => { setSelectedOrgId(id); setSelectedOrg(org); setOrgVersion(v => v + 1); if (org && org.name) setCompanyName(org.name); }, []);
 
   // Check if already authenticated via cookie on mount, and check setup state
   useEffect(() => {
@@ -189,6 +190,11 @@ function App() {
             if (window.__transportEncryption) await window.__transportEncryption.waitForReady();
           }
         } catch {}
+        // Fetch company name for sidebar
+        try {
+          var s = await apiCall('/settings');
+          if (s && s.name) setCompanyName(s.name);
+        } catch {}
         setAuthed(true);
         setAuthChecked(true);
       }).catch(() => setAuthChecked(true));
@@ -457,7 +463,7 @@ function App() {
   const PageComponent = canAccessPage ? (pages[page] || DashboardPage) : null;
   const sidebarClass = 'sidebar' + (sidebarPinned ? ' expanded' : sidebarHovered ? ' hover-expanded' : '') + (mobileMenuOpen ? ' mobile-open' : '');
 
-  return h(AppContext.Provider, { value: { toast, toasts, user, theme, setPage, permissions, impersonating, startImpersonation, stopImpersonation, selectedOrgId, selectedOrg, onOrgChange } },
+  return h(AppContext.Provider, { value: { toast, toasts, user, theme, setPage, permissions, impersonating, startImpersonation, stopImpersonation, selectedOrgId, selectedOrg, onOrgChange, companyName, setCompanyName } },
     h('div', { className: 'app-layout' },
       // Mobile hamburger
       h('button', { className: 'mobile-hamburger', onClick: () => setMobileMenuOpen(true) },
@@ -473,7 +479,7 @@ function App() {
       h('div', { className: sidebarClass, onMouseEnter: onSidebarEnter, onMouseLeave: onSidebarLeave },
         h('div', { className: 'sidebar-brand' },
           h('img', { src: (window.__EM_BRANDING__ && window.__EM_BRANDING__.logo) || '/dashboard/assets/logo.png', alt: 'AgenticMail', style: { width: 28, height: 28, objectFit: 'contain' } }),
-          h('div', { className: 'sidebar-brand-text' }, h('h2', null, (window.__EM_BRANDING__ && window.__EM_BRANDING__.companyName) || 'AgenticMail'), h('span', null, 'Enterprise')),
+          h('div', { className: 'sidebar-brand-text' }, h('h2', null, companyName || 'AgenticMail'), h('span', null, 'Enterprise')),
           h('button', { className: 'sidebar-toggle' + (sidebarPinned ? ' pinned' : ''), onClick: toggleSidebarPin, title: sidebarPinned ? 'Unpin sidebar' : 'Pin sidebar' }, sidebarPinned ? I.chevronLeft() : I.panelLeft())
         ),
         h('div', { className: 'sidebar-nav' },

package/dist/dashboard/components/knowledge-link.js

@@ -62,3 +62,18 @@ export var AGENT_TAB_DOCS = {
   deployment: 'agent-deployment',
   'memory-transfer': 'memory-transfer',
 };
+
+/** Map of settings tab IDs to doc filenames */
+export var SETTINGS_TAB_DOCS = {
+  general: 'settings',
+  models: 'settings',
+  'api-keys': 'settings',
+  authentication: 'settings',
+  platform: 'settings',
+  email: 'settings',
+  deployments: 'settings',
+  'security-system': 'settings-security',
+  'tool-security': 'settings-tool-security',
+  network: 'settings-network',
+  integrations: 'settings',
+};

package/dist/dashboard/components/settings-help.js

@@ -138,7 +138,8 @@ export var SETTINGS_HELP = {
           h('li', null, h('strong', null, 'Rate Limiting'), ' \u2014 Limits how many times each tool can be called per minute per agent. Prevents any single agent from overwhelming the system. Adjust limits per tool type in the table.'),
           h('li', null, h('strong', null, 'Circuit Breaker'), ' \u2014 Automatically pauses a tool that keeps failing (after 5 consecutive errors). Waits 30 seconds before retrying. Prevents error cascading when an external service is down.'),
           h('li', null, h('strong', null, 'Telemetry'), ' \u2014 Collects performance metrics: call duration, success rates, and output sizes. Useful for identifying slow tools or agents using resources inefficiently.')
-        )
+        ),
+        h('p', { style: { marginTop: 12 } }, h('a', { href: '/docs/settings-tool-security', style: { fontSize: 12 } }, 'View full Tool Security documentation \u2192'))
       );
     }
   },
@@ -163,7 +164,8 @@ export var SETTINGS_HELP = {
           h('li', null, h('strong', null, 'Rate Limiting'), ' \u2014 Limits API requests per IP per minute. Protects against abuse and denial-of-service. "Skip Paths" excludes health-check endpoints.'),
           h('li', null, h('strong', null, 'HTTPS Enforcement'), ' \u2014 Forces all connections to use encrypted HTTPS. Highly recommended for production.'),
           h('li', null, h('strong', null, 'Security Headers'), ' \u2014 Browser security policies: HSTS forces HTTPS, X-Frame-Options prevents clickjacking, Content-Type-Options prevents MIME sniffing. The defaults are recommended for most deployments.')
-        )
+        ),
+        h('p', { style: { marginTop: 12 } }, h('a', { href: '/docs/settings-network', style: { fontSize: 12 } }, 'View full Network & Firewall documentation \u2192'))
       );
     }
   },

package/dist/dashboard/docs/agent-deployment.html

@@ -162,12 +162,39 @@
 <h3 id="local">Local (In-Process)</h3>
 <p>For development and single-server deployments:</p>
 <ul>
-  <li><strong>Port</strong> — HTTP port the agent listens on.</li>
+  <li><strong>Port</strong> — HTTP port the agent listens on. Validated in real-time (see below).</li>
   <li><strong>Host</strong> — Hostname or IP (default: localhost).</li>
   <li><strong>Process Manager</strong> — PM2 (with install detection), systemd, Manual, or In-Process (embedded).</li>
   <li><strong>Process Name</strong> — PM2/systemd service name for lifecycle management.</li>
   <li><strong>Working Directory</strong> — Auto-detected or manually specified.</li>
 </ul>
+
+<h4>Port Validation</h4>
+<p>When you enter a port number, the system automatically checks whether it's available before allowing you to save:</p>
+<div class="card">
+  <table>
+    <thead><tr><th>Indicator</th><th>Meaning</th></tr></thead>
+    <tbody>
+      <tr><td><strong style="color:var(--success)">Green border + checkmark</strong></td><td>Port is available — you can save and deploy.</td></tr>
+      <tr><td><strong style="color:var(--danger)">Red border + error</strong></td><td>Port is already in use — save is blocked. The error shows which process is using it (e.g., "Port 3100 is in use by node (PID 12345)").</td></tr>
+    </tbody>
+  </table>
+</div>
+<ul>
+  <li><strong>Debounced</strong> — Validation triggers 500ms after you stop typing, preventing excessive API calls.</li>
+  <li><strong>Bind test</strong> — Uses <code>net.createServer()</code> to attempt binding the port. This is the most reliable availability check.</li>
+  <li><strong>Process identification</strong> — If the port is in use, the system runs <code>lsof</code> (macOS/Linux) or <code>netstat</code> (Windows) to identify the process name and PID.</li>
+  <li><strong>Save blocked</strong> — You cannot save deployment configuration while a port conflict exists.</li>
+</ul>
+
+<div class="card">
+  <h3>API Reference</h3>
+  <pre><code>POST /system/check-port
+Body: { "port": 4100 }
+Response (available): { "available": true, "port": 3102 }
+Response (in use):    { "available": false, "port": 3102, "process": "node (PID 12345)" }</code></pre>
+</div>
+
 <div class="tip">
   <strong>Tip:</strong> PM2 availability is auto-detected. If PM2 isn't installed, the dashboard offers a one-click "Install PM2" button.
 </div>
@@ -268,6 +295,11 @@ Response: { "agentId": "...", "assigned": ["kb-1", "kb-2"], "count": 2 }</code><
   <p>The agent process may have crashed. Check logs on the deployment platform. Common causes: missing environment variables, incorrect model configuration, or insufficient memory.</p>
 </div>
 
+<div class="card">
+  <h3>Port is in use — can't save</h3>
+  <p>The port validation detected another process using the port. Either change the port number or stop the conflicting process. The error message shows the process name and PID — you can stop it with <code>kill &lt;PID&gt;</code> or choose a different port. Common conflicts: another agent already running on that port, or a development server.</p>
+</div>
+
 <div class="card">
   <h3>Delete confirmation name doesn't match</h3>
   <p>The typed name must match exactly (case-insensitive) with the agent's display name. Check the agent name shown in the header.</p>