npm - @agenticmail/enterprise - Versions diffs - 0.5.319 → 0.5.321 - Mend

@agenticmail/enterprise 0.5.319 → 0.5.321

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (330) hide show

package/CHANGELOG.md +68 -0
package/CODE_OF_CONDUCT.md +31 -0
package/README.md +118 -38
package/SECURITY.md +42 -0
package/dist/agent-heartbeat-3FWNHZFX.js +510 -0
package/dist/agent-heartbeat-4RWHZR7H.js +510 -0
package/dist/agent-heartbeat-6ZGB5ILY.js +510 -0
package/dist/agent-heartbeat-BIVHLKFM.js +510 -0
package/dist/agent-heartbeat-HRKVFK2T.js +510 -0
package/dist/agent-heartbeat-JC5GWVXD.js +510 -0
package/dist/agent-heartbeat-K6A4HMHB.js +510 -0
package/dist/agent-heartbeat-LCDXWFVB.js +510 -0
package/dist/agent-heartbeat-P7HZCZAQ.js +510 -0
package/dist/agent-heartbeat-PUIRSNIO.js +510 -0
package/dist/agent-heartbeat-SN5ILQ6Y.js +510 -0
package/dist/agent-heartbeat-TW5YTDYC.js +510 -0
package/dist/agent-heartbeat-Z2QQXROL.js +510 -0
package/dist/agent-notify-OEQBCZLN.js +43 -0
package/dist/{agent-tools-263HM5QU.js → agent-tools-3W7XLUYA.js} +1 -1
package/dist/agent-tools-4QK7LLNP.js +9 -0
package/dist/agent-tools-54VZGT6L.js +9 -0
package/dist/{agent-tools-AT4D276V.js → agent-tools-AYYDPO27.js} +7 -7
package/dist/{agent-tools-MSTAPX2I.js → agent-tools-F2X47FKF.js} +7 -7
package/dist/{agent-tools-FA26SY5O.js → agent-tools-O6W3QAZL.js} +11 -6
package/dist/agent-tools-OAWVZBMW.js +9 -0
package/dist/agent-tools-QCCU74PN.js +13949 -0
package/dist/chunk-2LHUARN6.js +4929 -0
package/dist/chunk-2WVCNCYC.js +5087 -0
package/dist/{chunk-6PWDS7KY.js → chunk-3FM6YQUK.js} +20 -20
package/dist/chunk-3UAFHUEC.js +212 -0
package/dist/{chunk-WJO57PMO.js → chunk-46GOWZT4.js} +20 -20
package/dist/{chunk-BNRE7TSX.js → chunk-5KYJAUZV.js} +3 -3
package/dist/chunk-6C5PKREN.js +467 -0
package/dist/{chunk-447MTPZF.js → chunk-6ZMLNEHB.js} +3 -3
package/dist/chunk-BPZQT5N5.js +25652 -0
package/dist/chunk-BQM7MBPS.js +1380 -0
package/dist/{chunk-ZRFKGPIU.js → chunk-C52OQNNY.js} +20 -20
package/dist/chunk-C7HGQF4Y.js +25652 -0
package/dist/chunk-CAHNZGGK.js +25656 -0
package/dist/{chunk-FL3CH3ET.js → chunk-CK7R6UHE.js} +51 -27
package/dist/chunk-D36RPWB7.js +25652 -0
package/dist/{chunk-36NM2B4C.js → chunk-DJK2UPFH.js} +63 -93
package/dist/chunk-DM7FTF7W.js +4929 -0
package/dist/chunk-DMD24UFZ.js +5101 -0
package/dist/{chunk-36XNMIHA.js → chunk-DXZGPUAF.js} +20 -20
package/dist/chunk-F46WB5IL.js +5087 -0
package/dist/chunk-F5QG5SQH.js +5087 -0
package/dist/{chunk-JGEVQZDR.js → chunk-FLQ5FLHW.js} +13 -16
package/dist/chunk-H7GP733U.js +5087 -0
package/dist/{chunk-OZSQLOV6.js → chunk-HHBXWB5U.js} +415 -19
package/dist/{chunk-D24JY75H.js → chunk-IMXS4N6W.js} +3 -3
package/dist/{chunk-6PVBV6ZP.js → chunk-JNMDD7JY.js} +3 -3
package/dist/chunk-JTV5LA47.js +1519 -0
package/dist/chunk-KV6G7NZX.js +1519 -0
package/dist/chunk-MU5MEBIK.js +1519 -0
package/dist/chunk-NLT5MC7X.js +465 -0
package/dist/{chunk-GTFZZUXX.js → chunk-NVLYIM4J.js} +51 -27
package/dist/{chunk-6G5SXLXC.js → chunk-NZY2BIZH.js} +63 -93
package/dist/chunk-O42L6G67.js +1519 -0
package/dist/chunk-OCNERGGM.js +4891 -0
package/dist/chunk-OJSNHONE.js +1519 -0
package/dist/{chunk-2TAZJWJN.js → chunk-OWL3QVH7.js} +18 -0
package/dist/{chunk-P3HVY2HS.js → chunk-OWTLNV4Q.js} +382 -7
package/dist/chunk-PCNYEP6T.js +4891 -0
package/dist/{chunk-YL3Z5KPR.js → chunk-PI4AQ4Z6.js} +438 -15
package/dist/chunk-PN3EGTCA.js +194 -0
package/dist/chunk-Q37UKNRC.js +1519 -0
package/dist/chunk-QXTC6J7H.js +5087 -0
package/dist/{chunk-SPBQVNDI.js → chunk-RKERL5LZ.js} +25 -21
package/dist/chunk-RVBK2IOX.js +25652 -0
package/dist/chunk-SAKODCZ5.js +4891 -0
package/dist/{chunk-XV4TU65E.js → chunk-SALGFC5L.js} +51 -27
package/dist/chunk-STGWZ2MS.js +1519 -0
package/dist/chunk-UY3ZVQDP.js +25652 -0
package/dist/chunk-V6OSD62M.js +5087 -0
package/dist/chunk-VP6YAHX4.js +1519 -0
package/dist/chunk-WDYJOEAI.js +5087 -0
package/dist/chunk-WEAFQNOS.js +195 -0
package/dist/chunk-XKUSAZGP.js +5087 -0
package/dist/chunk-Z6K5FKAB.js +548 -0
package/dist/chunk-ZGE3XAXY.js +1519 -0
package/dist/chunk-ZGYVXYQQ.js +3296 -0
package/dist/cli-agent-7TB2BWS6.js +2370 -0
package/dist/cli-agent-AKXFFST2.js +2370 -0
package/dist/cli-agent-DZTKLITB.js +2357 -0
package/dist/cli-agent-FOF7PFEP.js +2357 -0
package/dist/cli-agent-H74M2ZYN.js +2357 -0
package/dist/cli-agent-HORWVPHB.js +2370 -0
package/dist/cli-agent-HSZT6SKF.js +2423 -0
package/dist/cli-agent-JLUQ4ZU6.js +2424 -0
package/dist/cli-agent-MVCDH4HV.js +2370 -0
package/dist/cli-agent-NZXOEPJ2.js +2357 -0
package/dist/cli-agent-PADN3QRC.js +2357 -0
package/dist/cli-agent-QAYEX3BE.js +2441 -0
package/dist/cli-agent-QT64DT5J.js +2370 -0
package/dist/cli-agent-TFL2M6UK.js +2424 -0
package/dist/cli-agent-UIKXATTD.js +2357 -0
package/dist/cli-agent-UJN6FYTO.js +2370 -0
package/dist/cli-agent-VIQAYVY4.js +2357 -0
package/dist/cli-agent-WNWFVOFM.js +2370 -0
package/dist/cli-agent-XBQX67VJ.js +2423 -0
package/dist/cli-agent-ZLSC6FF4.js +2357 -0
package/dist/cli-serve-2IL5DTEY.js +153 -0
package/dist/cli-serve-47N5UKKW.js +153 -0
package/dist/cli-serve-4XGZFUV2.js +140 -0
package/dist/cli-serve-6OT3UEAN.js +140 -0
package/dist/cli-serve-7L6EY5UH.js +153 -0
package/dist/cli-serve-BDGOOOKQ.js +260 -0
package/dist/cli-serve-BFNIW2LF.js +153 -0
package/dist/cli-serve-C7MN6U5Q.js +153 -0
package/dist/cli-serve-CR3OY3IM.js +153 -0
package/dist/cli-serve-DAJFRWQ7.js +153 -0
package/dist/cli-serve-FW6FHFW4.js +153 -0
package/dist/cli-serve-GEEOQS77.js +153 -0
package/dist/cli-serve-H562I3ZK.js +153 -0
package/dist/cli-serve-HDQZF4C4.js +153 -0
package/dist/cli-serve-LICAOMEB.js +140 -0
package/dist/cli-serve-LLGYLWFS.js +153 -0
package/dist/cli-serve-N3OISDNB.js +153 -0
package/dist/cli-serve-TIZ27EVR.js +153 -0
package/dist/cli-serve-TUNI2RCN.js +153 -0
package/dist/cli-serve-WNOZMAWD.js +153 -0
package/dist/cli-validate-Z726VJCN.js +150 -0
package/dist/cli.js +4 -4
package/dist/connection-manager-KAWEUWUR.js +9 -0
package/dist/dashboard/app.js +9 -3
package/dist/dashboard/components/knowledge-link.js +15 -0
package/dist/dashboard/components/settings-help.js +4 -2
package/dist/dashboard/docs/agent-deployment.html +33 -1
package/dist/dashboard/docs/settings-network.html +321 -0
package/dist/dashboard/docs/settings-security.html +347 -0
package/dist/dashboard/docs/settings-tool-security.html +176 -0
package/dist/dashboard/docs/settings.html +36 -16
package/dist/dashboard/pages/agent-detail/deployment.js +39 -6
package/dist/dashboard/pages/agent-detail/tools.js +10 -0
package/dist/dashboard/pages/database-access.js +4 -3
package/dist/dashboard/pages/settings.js +174 -37
package/dist/dashboard/pages/task-pipeline.js +400 -843
package/dist/db-adapter-2T56ORSD.js +7 -0
package/dist/db-adapter-IRHOUMVC.js +7 -0
package/dist/index.js +41 -41
package/dist/microsoft-VREAZ7M2.js +3955 -0
package/dist/routes-3MMLQTB6.js +90 -0
package/dist/routes-4ZUIJ4HE.js +90 -0
package/dist/routes-5MXHKKH4.js +90 -0
package/dist/routes-64NJFK3B.js +90 -0
package/dist/routes-6AKQ2LBV.js +90 -0
package/dist/routes-CRRBUDO4.js +90 -0
package/dist/routes-DIAF3MC3.js +90 -0
package/dist/routes-KMUNU6CY.js +90 -0
package/dist/routes-LRRLXIZR.js +90 -0
package/dist/routes-N647AJYG.js +90 -0
package/dist/routes-SSSELAAR.js +90 -0
package/dist/routes-STERVGKJ.js +90 -0
package/dist/routes-ZEZZACZP.js +90 -0
package/dist/runtime-5EQN4GFM.js +45 -0
package/dist/runtime-5LP7PUD4.js +45 -0
package/dist/runtime-6BULDBR3.js +45 -0
package/dist/runtime-6YEENDN3.js +45 -0
package/dist/runtime-7LQFRG3B.js +45 -0
package/dist/runtime-AMXJU2MB.js +45 -0
package/dist/runtime-D6WSE7FG.js +45 -0
package/dist/runtime-EYVN7NFJ.js +45 -0
package/dist/runtime-F6RPWQVW.js +45 -0
package/dist/runtime-FYMJURFC.js +45 -0
package/dist/runtime-JRNBL4O4.js +45 -0
package/dist/runtime-OM2NIBMI.js +45 -0
package/dist/runtime-QWPVD7CY.js +45 -0
package/dist/runtime-YLIIPTE4.js +45 -0
package/dist/runtime-YU6P22CG.js +45 -0
package/dist/screen-unlock-4RPZBHOI.js +118 -0
package/dist/server-AMCSXINC.js +28 -0
package/dist/server-CU6LVQS4.js +28 -0
package/dist/server-DFYGH2CV.js +28 -0
package/dist/server-EELWOC3X.js +28 -0
package/dist/server-EN5E2OWQ.js +28 -0
package/dist/server-GW2HYJYI.js +28 -0
package/dist/server-J25NCRWJ.js +28 -0
package/dist/server-JDGNOTFV.js +28 -0
package/dist/server-NE5HD5DJ.js +28 -0
package/dist/server-NQOT7W77.js +28 -0
package/dist/server-PWE5PQTR.js +28 -0
package/dist/server-Q2Q32H2B.js +28 -0
package/dist/server-Q77ME7TL.js +28 -0
package/dist/server-WLLH4WST.js +28 -0
package/dist/server-WTUJ2O3F.js +28 -0
package/dist/server-X4CJTHHF.js +28 -0
package/dist/server-XK3ILCJC.js +28 -0
package/dist/server-ZRD3NDJE.js +28 -0
package/dist/setup-44VBAO4J.js +20 -0
package/dist/setup-4ONNQBWB.js +20 -0
package/dist/setup-4OSBXSCL.js +20 -0
package/dist/setup-4QFGRBLZ.js +20 -0
package/dist/setup-6766SGAR.js +20 -0
package/dist/setup-AYY24DKM.js +20 -0
package/dist/setup-B34N4HPU.js +20 -0
package/dist/setup-E2YLC2EY.js +20 -0
package/dist/setup-ER6NXTY5.js +20 -0
package/dist/setup-H2AGCBW5.js +20 -0
package/dist/setup-ICOZRKCX.js +20 -0
package/dist/setup-JFTJH7UF.js +20 -0
package/dist/setup-PRFNI6YW.js +20 -0
package/dist/setup-RAHBMYHE.js +20 -0
package/dist/setup-TXPR5UQX.js +20 -0
package/dist/setup-XCJMELVU.js +20 -0
package/dist/setup-XIYEIFVK.js +20 -0
package/dist/setup-Z4PZSHBI.js +20 -0
package/dist/skills-FR7I5V7H.js +16 -0
package/dist/skills-HCVBA6PK.js +16 -0
package/dist/system-prompts-TM7OA32C.js +913 -0
package/dist/task-queue-O7IVZYUO.js +9 -0
package/dist/transport-encryption-2T7PIXKG.js +25 -0
package/logs/cloudflared-error.log +61 -0
package/logs/cloudflared-out.log +0 -0
package/logs/enterprise-error.log +0 -0
package/logs/enterprise-out.log +3 -0
package/logs/fola-error.log +0 -0
package/logs/fola-out.log +0 -0
package/logs/john-error.log +8 -0
package/logs/john-out.log +0 -0
package/package.json +31 -3
package/src/agent-tools/tool-resolver.ts +50 -61
package/src/agent-tools/tools/enterprise-database.ts +5 -5
package/src/agent-tools/tools/local/dependency-manager.ts +2 -2
package/src/agent-tools/tools/microsoft/graph-api.ts +137 -26
package/src/agent-tools/tools/microsoft/outlook-mail.ts +392 -100
package/src/agent-tools/tools/microsoft/teams.ts +267 -48
package/src/auth/routes.ts +4 -4
package/src/cli-agent.ts +108 -8
package/src/cli-serve.ts +140 -0
package/src/dashboard/app.js +9 -3
package/src/dashboard/components/knowledge-link.js +15 -0
package/src/dashboard/components/settings-help.js +4 -2
package/src/dashboard/docs/agent-deployment.html +33 -1
package/src/dashboard/docs/settings-network.html +321 -0
package/src/dashboard/docs/settings-security.html +347 -0
package/src/dashboard/docs/settings-tool-security.html +176 -0
package/src/dashboard/docs/settings.html +36 -16
package/src/dashboard/pages/agent-detail/deployment.js +39 -6
package/src/dashboard/pages/agent-detail/tools.js +10 -0
package/src/dashboard/pages/database-access.js +4 -3
package/src/dashboard/pages/settings.js +174 -37
package/src/dashboard/pages/task-pipeline.js +400 -843
package/src/database-access/agent-tools.ts +78 -63
package/src/database-access/connection-manager.ts +13 -2
package/src/database-access/routes.ts +13 -1
package/src/db/adapter.ts +1 -0
package/src/engine/agent-memory.ts +2 -1
package/src/engine/agent-notify.ts +50 -0
package/src/engine/agent-routes.ts +257 -4
package/src/engine/db-adapter.ts +16 -0
package/src/engine/lifecycle.ts +4 -0
package/src/engine/routes.ts +4 -3
package/src/engine/screen-unlock.ts +136 -0
package/src/engine/skills/database-access.ts +78 -0
package/src/engine/skills/index.ts +3 -2
package/src/engine/skills.ts +2 -0
package/src/engine/task-queue-routes.ts +18 -0
package/src/engine/task-queue.ts +15 -2
package/src/middleware/transport-encryption.ts +1 -4
package/src/runtime/agent-loop.ts +4 -0
package/src/runtime/index.ts +15 -6
package/src/server.ts +14 -1
package/src/system-prompts/google/index.ts +1 -2
package/src/system-prompts/index.ts +1 -1
package/src/system-prompts/microsoft/contacts.ts +34 -0
package/src/system-prompts/microsoft/excel.ts +52 -0
package/src/system-prompts/microsoft/index.ts +31 -0
package/src/system-prompts/microsoft/onedrive.ts +41 -0
package/src/system-prompts/microsoft/onenote.ts +36 -0
package/src/system-prompts/microsoft/outlook-calendar.ts +37 -0
package/src/system-prompts/microsoft/outlook-mail.ts +46 -0
package/src/system-prompts/microsoft/planner.ts +37 -0
package/src/system-prompts/microsoft/powerbi.ts +38 -0
package/src/system-prompts/microsoft/powerpoint.ts +35 -0
package/src/system-prompts/microsoft/sharepoint.ts +44 -0
package/src/system-prompts/microsoft/teams.ts +49 -0
package/src/system-prompts/microsoft/todo.ts +37 -0
package/src/types/hono-env.ts +4 -0
package/.github/CODEOWNERS +0 -23
package/.github/workflows/publish-community-skills.yml +0 -121
package/.github/workflows/validate-community-skills.yml +0 -172
package/agriculture_southwest_nigeria_research.txt +0 -10
package/boa_credit_cards_research.txt +0 -10
package/customer_support_research_feb2026.txt +0 -10
package/dist/agent-tools-LRA7PPXG.js +0 -13922
package/dist/agent-tools-VAU5DOQB.js +0 -13910
package/dist/agent-tools-VWV7OWXU.js +0 -13922
package/dist/chunk-2Z7MWTCX.js +0 -4977
package/dist/chunk-3T4XU3VV.js +0 -5010
package/dist/chunk-445QM4NX.js +0 -5061
package/dist/chunk-5TW3Y7DJ.js +0 -1519
package/dist/chunk-6I7VY3LT.js +0 -5060
package/dist/chunk-6W5EK3UP.js +0 -4977
package/dist/chunk-AQMSHJQT.js +0 -5069
package/dist/chunk-ASSQW7HX.js +0 -5051
package/dist/chunk-CIN27FGC.js +0 -5037
package/dist/chunk-CMXY3NUB.js +0 -4977
package/dist/chunk-DRLMRUDP.js +0 -5052
package/dist/chunk-EHI7Z446.js +0 -1519
package/dist/chunk-FEAILFAQ.js +0 -1519
package/dist/chunk-GA3PYBZL.js +0 -1519
package/dist/chunk-GWX63G5J.js +0 -1519
package/dist/chunk-HHMZ4UY6.js +0 -1519
package/dist/chunk-HVQMNF7E.js +0 -4921
package/dist/chunk-HXM7F3YN.js +0 -1519
package/dist/chunk-K6NGOUXG.js +0 -5060
package/dist/chunk-KPG5WINJ.js +0 -4977
package/dist/chunk-LBCUBYDL.js +0 -1519
package/dist/chunk-LIRQSWLR.js +0 -5014
package/dist/chunk-LRCKO5KE.js +0 -1519
package/dist/chunk-M7XL3DJD.js +0 -5069
package/dist/chunk-MHJULEIQ.js +0 -1519
package/dist/chunk-MJGGW6MC.js +0 -106
package/dist/chunk-MMYBDHDB.js +0 -4921
package/dist/chunk-MQT5FXKD.js +0 -1519
package/dist/chunk-OIMPEQF5.js +0 -4977
package/dist/chunk-OOU7JUYE.js +0 -542
package/dist/chunk-OW4GLBHP.js +0 -1519
package/dist/chunk-Q4K4MMLU.js +0 -4977
package/dist/chunk-RUK4CRPF.js +0 -1519
package/dist/chunk-T7H65XQY.js +0 -1519
package/dist/chunk-TQVFWG57.js +0 -5064
package/dist/chunk-UEPK3IMC.js +0 -1519
package/dist/chunk-VUWTXJH6.js +0 -1519
package/dist/chunk-WCPGGSAD.js +0 -1519
package/dist/chunk-WO63NZOJ.js +0 -1519
package/dist/chunk-YPJDRVUM.js +0 -5064
package/dist/chunk-ZROMH5DL.js +0 -4921
package/src/dashboard/docs/_template.txt +0 -92

package/dist/dashboard/docs/settings-security.html ADDED Viewed

@@ -0,0 +1,347 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Security System — AgenticMail Enterprise</title>
+<style>
+  :root {
+    --bg-primary: #0f1117; --bg-secondary: #161822; --bg-tertiary: #1c1f2e; --bg-card: #181b28;
+    --text-primary: #e8eaf0; --text-secondary: #9ca3b8; --text-muted: #6b7394;
+    --accent: #6366f1; --accent-soft: rgba(99,102,241,0.12);
+    --border: #2a2f45; --border-light: #353a52; --radius: 10px;
+    --success: #15803d; --warning: #eab308; --danger: #ef4444;
+    --info-soft: rgba(99,102,241,0.06);
+  }
+  [data-theme="light"] {
+    --bg-primary: #d0c5a0; --bg-secondary: #ddd3b2; --bg-tertiary: #c8bc94; --bg-card: #e5dcc0;
+    --text-primary: #2c2410; --text-secondary: #3d3520; --text-muted: #6b5e42;
+    --accent: #2563eb; --accent-soft: rgba(37,99,235,0.1);
+    --border: #b8ad8a; --border-light: #a89e7a; --info-soft: rgba(37,99,235,0.06);
+  }
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg-primary); color: var(--text-primary); line-height: 1.7; padding: 32px; max-width: 900px; margin: 0 auto; }
+  h1 { font-size: 28px; margin-bottom: 8px; }
+  h2 { font-size: 20px; margin: 32px 0 12px; padding-bottom: 8px; border-bottom: 1px solid var(--border); }
+  h3 { font-size: 16px; margin: 20px 0 8px; color: var(--accent); }
+  p { margin-bottom: 12px; color: var(--text-secondary); }
+  code { background: var(--bg-primary); border: 1px solid var(--border); padding: 2px 6px; border-radius: 4px; font-size: 13px; color: var(--accent); }
+  pre { background: var(--bg-primary); border: 1px solid var(--border); padding: 16px; border-radius: var(--radius); overflow-x: auto; margin: 12px 0; font-size: 13px; line-height: 1.5; color: var(--text-secondary); }
+  pre code { background: none; border: none; padding: 0; }
+  .card { background: var(--bg-card); border: 1px solid var(--border); border-radius: var(--radius); padding: 20px; margin: 16px 0; }
+  .tip { background: var(--info-soft); border: 1px solid rgba(59,130,246,0.3); padding: 12px 16px; border-radius: var(--radius); margin: 12px 0; font-size: 13px; color: var(--text-secondary); }
+  .warning { background: rgba(245,158,11,0.08); border: 1px solid rgba(245,158,11,0.3); padding: 12px 16px; border-radius: var(--radius); margin: 12px 0; font-size: 13px; color: var(--text-secondary); }
+  .danger { background: rgba(239,68,68,0.08); border: 1px solid rgba(239,68,68,0.3); padding: 12px 16px; border-radius: var(--radius); margin: 12px 0; font-size: 13px; color: var(--text-secondary); }
+  table { width: 100%; border-collapse: collapse; margin: 12px 0; font-size: 13px; }
+  th, td { text-align: left; padding: 8px 12px; border: 1px solid var(--border); color: var(--text-secondary); }
+  th { background: var(--bg-secondary); font-weight: 600; color: var(--text-primary); }
+  ul, ol { padding-left: 24px; margin-bottom: 12px; color: var(--text-secondary); }
+  li { margin-bottom: 6px; }
+  a { color: var(--accent); }
+  .back { display: inline-block; margin-bottom: 20px; font-size: 13px; color: var(--text-muted); text-decoration: none; }
+  .back:hover { color: var(--text-primary); }
+  strong { color: var(--text-primary); }
+  .toc { background: var(--bg-card); border: 1px solid var(--border); border-radius: var(--radius); padding: 16px 20px; margin: 16px 0; }
+  .toc h3 { margin: 0 0 8px; font-size: 14px; }
+  .toc ul { list-style: none; padding: 0; }
+  .toc li { margin: 4px 0; }
+  .toc a { font-size: 13px; text-decoration: none; }
+</style>
+<script>
+  var t = localStorage.getItem('em_theme') || 'dark';
+  document.documentElement.setAttribute('data-theme', t);
+</script>
+</head>
+<body>
+<a class="back" href="/dashboard/settings">&#8592; Back to Settings</a>
+<h1>Security System</h1>
+<p style="color: var(--text-muted); margin-bottom: 24px;">Comprehensive security configuration for your AgenticMail Enterprise deployment. Each section can be edited independently using its own Edit button.</p>
+<div class="toc">
+  <h3>On This Page</h3>
+  <ul>
+    <li><a href="#overview">Overview</a></li>
+    <li><a href="#prompt-injection">Prompt Injection Defense</a></li>
+    <li><a href="#sql-injection">SQL Injection Prevention</a></li>
+    <li><a href="#input-validation">Input Validation</a></li>
+    <li><a href="#output-filtering">Output Filtering</a></li>
+    <li><a href="#transport-encryption">Transport Encryption</a></li>
+    <li><a href="#dependency-management">Dependency &amp; Package Management</a></li>
+    <li><a href="#screen-unlock">Screen Unlock &amp; Machine Access</a></li>
+    <li><a href="#audit-logging">Security Audit Log</a></li>
+    <li><a href="#best-practices">Best Practices</a></li>
+  </ul>
+</div>
+<h2 id="overview">Overview</h2>
+<p>The Security System tab provides defense-in-depth controls protecting your instance from prompt injection, data exfiltration, SQL injection, and other attack vectors. Each section has its own Edit/Save/Cancel buttons — click Edit to modify a section, then Save to persist changes or Cancel to discard.</p>
+<div class="tip"><strong>Per-section editing:</strong> Only one section can be edited at a time. Other sections dim while you're editing, preventing accidental changes. Your changes are saved to the server when you click Save.</div>
+<h2 id="prompt-injection">Prompt Injection Defense</h2>
+<p>Multi-layer detection and prevention of prompt injection attacks — attempts by users or external content to override an agent's instructions.</p>
+<div class="card">
+  <h3 style="margin-top: 0;">Settings</h3>
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable Protection</strong></td><td>Master toggle for prompt injection defense</td></tr>
+    <tr><td><strong>Detection Mode</strong></td><td>
+      <ul style="margin: 0;">
+        <li><strong>Monitor Only</strong> — Logs detections but allows them through. Good for testing.</li>
+        <li><strong>Sanitize Content</strong> — Strips suspected injection patterns from input. Recommended for most deployments.</li>
+        <li><strong>Block Request</strong> — Rejects the entire request. Strictest mode.</li>
+      </ul>
+    </td></tr>
+    <tr><td><strong>Sensitivity Level</strong></td><td>Low / Medium / High / Maximum. Higher sensitivity catches more but increases false positives.</td></tr>
+    <tr><td><strong>Log Detections</strong></td><td>Write detection events to the security audit log</td></tr>
+    <tr><td><strong>Block Response</strong></td><td>Custom message returned when a request is blocked (only in Block mode)</td></tr>
+  </table>
+</div>
+<div class="tip"><strong>Recommended:</strong> Start with <code>Sanitize</code> mode at <code>Medium</code> sensitivity. Monitor the audit log for false positives before increasing to High.</div>
+<h3>How It Works</h3>
+<p>The system scans all incoming messages and tool inputs for known prompt injection patterns:</p>
+<ul>
+  <li>System prompt override attempts ("Ignore previous instructions...")</li>
+  <li>Role confusion attacks ("You are now a different assistant...")</li>
+  <li>Delimiter injection (using special characters to break out of context)</li>
+  <li>Indirect injection via tool outputs (e.g., a fetched webpage containing injection)</li>
+</ul>
+<h2 id="sql-injection">SQL Injection Prevention</h2>
+<p>Detects and blocks SQL injection attempts in tool inputs and API request bodies.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable Protection</strong></td><td>Master toggle</td></tr>
+    <tr><td><strong>Detection Mode</strong></td><td><code>Monitor Only</code> (log but allow) or <code>Block Request</code> (reject)</td></tr>
+    <tr><td><strong>Scan Tool Arguments</strong></td><td>Check arguments passed to agent tools (database queries, file operations, etc.)</td></tr>
+    <tr><td><strong>Scan API Request Bodies</strong></td><td>Check incoming API request payloads for SQL patterns</td></tr>
+    <tr><td><strong>Log Detections</strong></td><td>Write events to the audit log</td></tr>
+  </table>
+</div>
+<h3>Detection Patterns</h3>
+<p>Scans for common SQL injection vectors including:</p>
+<ul>
+  <li>Union-based injection (<code>UNION SELECT</code>)</li>
+  <li>Boolean-based blind injection (<code>OR 1=1</code>)</li>
+  <li>Time-based injection (<code>SLEEP()</code>, <code>WAITFOR DELAY</code>)</li>
+  <li>Stacked queries (semicolon-separated statements)</li>
+  <li>Comment-based evasion (<code>--</code>, <code>/* */</code>)</li>
+</ul>
+<h2 id="input-validation">Input Validation</h2>
+<p>Sanitizes and validates all incoming data to prevent malformed or malicious payloads.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Default</th><th>Description</th></tr>
+    <tr><td><strong>Max Input Length</strong></td><td>100,000 chars</td><td>Reject inputs exceeding this length. Prevents memory exhaustion attacks.</td></tr>
+    <tr><td><strong>Max JSON Depth</strong></td><td>20 levels</td><td>Reject deeply nested JSON objects. Prevents stack overflow in parsers.</td></tr>
+    <tr><td><strong>Strip HTML</strong></td><td>Off</td><td>Remove all HTML tags from text inputs. Use when agents don't need HTML.</td></tr>
+    <tr><td><strong>Block Scripts</strong></td><td>On</td><td>Reject inputs containing <code>&lt;script&gt;</code> tags. Prevents XSS via agent outputs.</td></tr>
+    <tr><td><strong>Sanitize Unicode</strong></td><td>On</td><td>Normalize Unicode and remove invisible/homoglyph characters used for evasion.</td></tr>
+  </table>
+</div>
+<h2 id="output-filtering">Output Filtering</h2>
+<p>Scans agent outputs for secrets and personal information before they reach users or external systems.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Filter Mode</strong></td><td>
+      <ul style="margin: 0;">
+        <li><strong>Monitor Only</strong> — Log but don't modify outputs</li>
+        <li><strong>Redact Secrets</strong> — Replace detected secrets with <code>[REDACTED]</code></li>
+        <li><strong>Block Output</strong> — Reject the entire response</li>
+      </ul>
+    </td></tr>
+    <tr><td><strong>Scan for Secrets</strong></td><td>Detect API keys, passwords, tokens, connection strings</td></tr>
+    <tr><td><strong>Scan for PII</strong></td><td>Detect emails, phone numbers, SSNs, credit card numbers</td></tr>
+    <tr><td><strong>Log Detections</strong></td><td>Write events to the audit log</td></tr>
+  </table>
+</div>
+<div class="warning"><strong>Important:</strong> Output filtering works alongside <a href="/docs/dlp">DLP rules</a>. DLP provides more granular, rule-based detection. Output filtering here is a safety net that catches common patterns without custom rules.</div>
+<h2 id="transport-encryption">Transport Encryption</h2>
+<p>Encrypts API data in transit between the dashboard and server using AES-256-CBC with HMAC verification. Provides application-layer encryption on top of HTTPS for defense-in-depth.</p>
+<div class="card">
+  <h3 style="margin-top: 0;">Why Use This?</h3>
+  <p>HTTPS already encrypts traffic at the transport layer. Transport encryption adds a second layer that protects against:</p>
+  <ul>
+    <li><strong>Compromised TLS proxies</strong> — Corporate SSL inspection that decrypts and re-encrypts traffic</li>
+    <li><strong>MITM attacks</strong> — Even if TLS is broken, data remains encrypted</li>
+    <li><strong>Network sniffing</strong> — Encrypted payloads are opaque even if captured</li>
+  </ul>
+</div>
+<h3>Encryption Modes</h3>
+<table>
+  <tr><th>Mode</th><th>Description</th></tr>
+  <tr><td><strong>Encrypt All</strong></td><td>Every dashboard API call is encrypted. SSE streams are automatically excluded (they don't support custom headers).</td></tr>
+  <tr><td><strong>Sensitive Only</strong></td><td>Pre-selected endpoint groups handling credentials and secrets (API keys, OAuth tokens, database URLs, vault).</td></tr>
+  <tr><td><strong>Custom</strong></td><td>Toggle individual endpoint groups and add custom path patterns.</td></tr>
+</table>
+<h3>Endpoint Groups</h3>
+<p>There are 22 endpoint groups covering every API area. Groups marked <span style="color: var(--danger);">SENSITIVE</span> handle credentials or secrets:</p>
+<ul>
+  <li><strong>Models & API Keys</strong> <span style="color: var(--danger);">SENSITIVE</span> — LLM provider API keys</li>
+  <li><strong>Authentication</strong> <span style="color: var(--danger);">SENSITIVE</span> — Login, sessions, tokens</li>
+  <li><strong>Email & SMTP</strong> <span style="color: var(--danger);">SENSITIVE</span> — SMTP credentials, email configs</li>
+  <li><strong>Database Connections</strong> <span style="color: var(--danger);">SENSITIVE</span> — Database URLs and credentials</li>
+  <li><strong>Vault & Secrets</strong> <span style="color: var(--danger);">SENSITIVE</span> — Encrypted secret storage</li>
+  <li><strong>Integrations</strong> <span style="color: var(--danger);">SENSITIVE</span> — OAuth tokens, org integrations</li>
+  <li><strong>Memory</strong> <span style="color: var(--danger);">SENSITIVE</span> — Agent memories and transfer data</li>
+  <li>Settings, Agents, Skills, Organizations, Knowledge, Tasks, Workforce, Messages, Guardrails, Journal, Approvals, Compliance, Domain, Roles, Dashboard</li>
+</ul>
+<h3>Advanced Settings</h3>
+<table>
+  <tr><th>Setting</th><th>Default</th><th>Description</th></tr>
+  <tr><td><strong>Payload Max Age</strong></td><td>300 seconds</td><td>Reject encrypted payloads older than this (replay attack protection)</td></tr>
+  <tr><td><strong>Debug Logging</strong></td><td>Off</td><td>Log encryption/decryption operations to browser console. Never enable in production.</td></tr>
+</table>
+<p>For full technical details, see the <a href="/docs/transport-encryption">Transport Encryption documentation</a>.</p>
+<h2 id="dependency-management">Dependency &amp; Package Management</h2>
+<p>Organization-wide defaults for how agents install software packages. Individual agents can override these in their Permissions tab.</p>
+<div class="card">
+  <h3 style="margin-top: 0;">Install Policy</h3>
+  <table>
+    <tr><th>Policy</th><th>Description</th></tr>
+    <tr><td><strong>Auto</strong></td><td>Agents install what they need without asking. Best for trusted environments.</td></tr>
+    <tr><td><strong>Ask Manager</strong></td><td>Agents must get human approval before installing any package.</td></tr>
+    <tr><td><strong>Deny</strong></td><td>No package installation allowed. Agents must use pre-installed tools.</td></tr>
+  </table>
+</div>
+<h3>Cross-Platform Support</h3>
+<p>The dependency manager automatically detects the platform and uses the appropriate package manager:</p>
+<table>
+  <tr><th>Platform</th><th>Package Managers</th></tr>
+  <tr><td>macOS</td><td>Homebrew (brew)</td></tr>
+  <tr><td>Ubuntu/Debian</td><td>apt</td></tr>
+  <tr><td>Fedora/RHEL</td><td>dnf</td></tr>
+  <tr><td>Arch Linux</td><td>pacman</td></tr>
+  <tr><td>Snap-enabled Linux</td><td>snap</td></tr>
+  <tr><td>Windows</td><td>Chocolatey, winget, Scoop</td></tr>
+  <tr><td>npm packages</td><td>npm (local install to temp dir, never global)</td></tr>
+  <tr><td>Python packages</td><td>pip</td></tr>
+</table>
+<h3>Safety Guarantees</h3>
+<ul>
+  <li><strong>Never touches existing installations</strong> — If a tool is already installed, agents use it as-is without upgrading or reinstalling.</li>
+  <li><strong>npm packages install locally</strong> — Installed to a session temp directory (<code>/tmp/agenticmail-deps-{pid}/</code>), never globally. Cleaned up on session end.</li>
+  <li><strong>Blocked packages</strong> — Packages listed here can never be installed by any agent, regardless of policy.</li>
+  <li><strong>Auto-cleanup</strong> — Agent-installed packages are removed when the session ends (only agent-installed, never pre-existing).</li>
+</ul>
+<h3>Elevated Access</h3>
+<table>
+  <tr><th>Setting</th><th>Description</th></tr>
+  <tr><td><strong>Allow Global Installs</strong></td><td>Permit system-level package installation (brew, apt, etc.). When off, only local npm/pip installs are allowed.</td></tr>
+  <tr><td><strong>Allow Elevated (sudo)</strong></td><td>Permit agents to use sudo for packages that require root (e.g., <code>apt install</code>). Requires a system password to be configured.</td></tr>
+  <tr><td><strong>Allowed Managers</strong></td><td>Whitelist which package managers agents can use.</td></tr>
+</table>
+<div class="danger"><strong>Security note:</strong> Enabling elevated access gives agents the ability to install system-level software. Only enable this in trusted, isolated environments. The system password is stored encrypted in the server's security config.</div>
+<h2 id="screen-unlock">Screen Unlock &amp; Machine Access</h2>
+<p>Allows the system to automatically unlock the screen when agents need to interact with the desktop (browser automation, GUI tools, scheduled tasks).</p>
+<div class="card">
+  <h3 style="margin-top: 0;">How It Works</h3>
+  <ol>
+    <li>Agent detects the screen is locked (via system APIs)</li>
+    <li>System wakes the display if asleep (using <code>caffeinate</code> on macOS)</li>
+    <li>Types your password to unlock the screen (via AppleScript keystroke on macOS)</li>
+    <li>Agent performs the required action (browser, desktop automation, etc.)</li>
+  </ol>
+</div>
+<h3>Settings</h3>
+<table>
+  <tr><th>Setting</th><th>Description</th></tr>
+  <tr><td><strong>Enable Screen Auto-Unlock</strong></td><td>Master toggle for all screen unlock features</td></tr>
+  <tr><td><strong>System / Computer Password</strong></td><td>Your macOS or Linux login password. Stored encrypted in the server's security config. Agents never see the raw password.</td></tr>
+  <tr><td><strong>Check Screen Status</strong></td><td>Shows whether the screen is currently locked or unlocked, and the platform</td></tr>
+  <tr><td><strong>Unlock Now</strong></td><td>Manually trigger an unlock (useful for testing)</td></tr>
+  <tr><td><strong>Auto-Unlock on Agent Activity</strong></td><td>Automatically unlock when an agent needs to use the browser, run desktop automation, or start a scheduled task</td></tr>
+  <tr><td><strong>Prevent System Sleep</strong></td><td>Keep the system awake using <code>caffeinate</code> (macOS) or <code>systemd-inhibit</code> (Linux). Prevents sleep while agents are active.</td></tr>
+</table>
+<h3>Platform Support</h3>
+<table>
+  <tr><th>Platform</th><th>Lock Detection</th><th>Unlock Method</th><th>Sleep Prevention</th></tr>
+  <tr><td>macOS</td><td>Quartz session check</td><td>AppleScript keystroke</td><td><code>caffeinate -u -t 2</code></td></tr>
+  <tr><td>Linux</td><td><code>loginctl</code> / <code>xdotool</code></td><td><code>loginctl unlock-session</code></td><td><code>systemd-inhibit</code></td></tr>
+  <tr><td>Windows</td><td>Not supported</td><td>Not supported</td><td>Not supported</td></tr>
+</table>
+<div class="warning"><strong>Security consideration:</strong> The password is stored in the server's encrypted security config. Only the server process has access — agents invoke the unlock via an API call and never handle the password directly. Still, ensure your server is properly secured.</div>
+<h2 id="audit-logging">Security Audit Log</h2>
+<p>Log and monitor security events across your instance.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Default</th><th>Description</th></tr>
+    <tr><td><strong>Enable Audit Logging</strong></td><td>On</td><td>Master toggle for security event logging</td></tr>
+    <tr><td><strong>Retention (days)</strong></td><td>90</td><td>How long to keep audit log entries before auto-deletion</td></tr>
+    <tr><td><strong>Log Prompt Injection Attempts</strong></td><td>On</td><td>Record detected prompt injection attempts</td></tr>
+    <tr><td><strong>Log All Tool Calls</strong></td><td>Off</td><td>Record every tool invocation by every agent. High volume — enable only for investigation.</td></tr>
+    <tr><td><strong>Log API Access</strong></td><td>Off</td><td>Record all API endpoint access. Very high volume.</td></tr>
+  </table>
+</div>
+<h3>Recent Security Events</h3>
+<p>The audit log section also displays the 10 most recent security events with severity levels (critical, high, medium, low). Click "Refresh" to fetch the latest events.</p>
+<h2 id="best-practices">Best Practices</h2>
+<div class="card">
+  <h3 style="margin-top: 0;">Recommended Configuration</h3>
+  <table>
+    <tr><th>Setting</th><th>Recommendation</th></tr>
+    <tr><td>Prompt Injection</td><td>Sanitize mode, Medium sensitivity</td></tr>
+    <tr><td>SQL Injection</td><td>Block mode, scan both tool inputs and API bodies</td></tr>
+    <tr><td>Input Validation</td><td>Enabled with defaults (100K max length, 20 JSON depth)</td></tr>
+    <tr><td>Output Filtering</td><td>Redact mode with both secret and PII scanning</td></tr>
+    <tr><td>Transport Encryption</td><td>Sensitive Only (or Encrypt All for high-security environments)</td></tr>
+    <tr><td>Dependency Management</td><td>Auto mode with blocked packages for security tools (nmap, metasploit)</td></tr>
+    <tr><td>Screen Unlock</td><td>Enabled only on dedicated agent machines, not shared workstations</td></tr>
+    <tr><td>Audit Logging</td><td>Enabled with 90-day retention, prompt injection logging on</td></tr>
+  </table>
+</div>
+<h2>Related Pages</h2>
+<div class="card">
+  <ul>
+    <li><a href="/docs/settings-network">Network &amp; Firewall</a> — IP filtering, egress rules, proxy, geo-blocking</li>
+    <li><a href="/docs/settings-tool-security">Tool Security</a> — Path sandbox, SSRF, command sanitizer</li>
+    <li><a href="/docs/transport-encryption">Transport Encryption</a> — Detailed technical documentation</li>
+    <li><a href="/docs/dlp">Data Loss Prevention</a> — Rule-based content scanning</li>
+    <li><a href="/docs/audit">Audit Log</a> — View and search all audit events</li>
+    <li><a href="/docs/agent-permissions">Agent Permissions</a> — Per-agent dependency and security settings</li>
+  </ul>
+</div>
+<div style="margin-top:40px;padding-top:16px;border-top:1px solid var(--border);display:flex;justify-content:space-between;align-items:center;font-size:12px;color:var(--text-muted)">
+  <span>AgenticMail Enterprise Documentation</span>
+  <a href="https://github.com/agenticmail/enterprise/issues" target="_blank" style="display:inline-flex;align-items:center;gap:4px;color:var(--text-muted);text-decoration:none"><svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z"/></svg> Report an issue</a>
+</div>
+</body>
+</html>

package/dist/dashboard/docs/settings-tool-security.html ADDED Viewed

@@ -0,0 +1,176 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Tool Security — AgenticMail Enterprise</title>
+<style>
+  :root {
+    --bg-primary: #0f1117; --bg-secondary: #161822; --bg-tertiary: #1c1f2e; --bg-card: #181b28;
+    --text-primary: #e8eaf0; --text-secondary: #9ca3b8; --text-muted: #6b7394;
+    --accent: #6366f1; --accent-soft: rgba(99,102,241,0.12);
+    --border: #2a2f45; --border-light: #353a52; --radius: 10px;
+    --success: #15803d; --warning: #eab308; --danger: #ef4444;
+    --info-soft: rgba(99,102,241,0.06);
+  }
+  [data-theme="light"] {
+    --bg-primary: #d0c5a0; --bg-secondary: #ddd3b2; --bg-tertiary: #c8bc94; --bg-card: #e5dcc0;
+    --text-primary: #2c2410; --text-secondary: #3d3520; --text-muted: #6b5e42;
+    --accent: #2563eb; --accent-soft: rgba(37,99,235,0.1);
+    --border: #b8ad8a; --border-light: #a89e7a; --info-soft: rgba(37,99,235,0.06);
+  }
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg-primary); color: var(--text-primary); line-height: 1.7; padding: 32px; max-width: 900px; margin: 0 auto; }
+  h1 { font-size: 28px; margin-bottom: 8px; }
+  h2 { font-size: 20px; margin: 32px 0 12px; padding-bottom: 8px; border-bottom: 1px solid var(--border); }
+  h3 { font-size: 16px; margin: 20px 0 8px; color: var(--accent); }
+  p { margin-bottom: 12px; color: var(--text-secondary); }
+  code { background: var(--bg-primary); border: 1px solid var(--border); padding: 2px 6px; border-radius: 4px; font-size: 13px; color: var(--accent); }
+  .card { background: var(--bg-card); border: 1px solid var(--border); border-radius: var(--radius); padding: 20px; margin: 16px 0; }
+  .tip { background: var(--info-soft); border: 1px solid rgba(59,130,246,0.3); padding: 12px 16px; border-radius: var(--radius); margin: 12px 0; font-size: 13px; color: var(--text-secondary); }
+  .warning { background: rgba(245,158,11,0.08); border: 1px solid rgba(245,158,11,0.3); padding: 12px 16px; border-radius: var(--radius); margin: 12px 0; font-size: 13px; color: var(--text-secondary); }
+  .danger { background: rgba(239,68,68,0.08); border: 1px solid rgba(239,68,68,0.3); padding: 12px 16px; border-radius: var(--radius); margin: 12px 0; font-size: 13px; color: var(--text-secondary); }
+  table { width: 100%; border-collapse: collapse; margin: 12px 0; font-size: 13px; }
+  th, td { text-align: left; padding: 8px 12px; border: 1px solid var(--border); color: var(--text-secondary); }
+  th { background: var(--bg-secondary); font-weight: 600; color: var(--text-primary); }
+  ul, ol { padding-left: 24px; margin-bottom: 12px; color: var(--text-secondary); }
+  li { margin-bottom: 6px; }
+  a { color: var(--accent); }
+  .back { display: inline-block; margin-bottom: 20px; font-size: 13px; color: var(--text-muted); text-decoration: none; }
+  .back:hover { color: var(--text-primary); }
+  strong { color: var(--text-primary); }
+  .toc { background: var(--bg-card); border: 1px solid var(--border); border-radius: var(--radius); padding: 16px 20px; margin: 16px 0; }
+  .toc h3 { margin: 0 0 8px; font-size: 14px; }
+  .toc ul { list-style: none; padding: 0; }
+  .toc li { margin: 4px 0; }
+  .toc a { font-size: 13px; text-decoration: none; }
+</style>
+<script>
+  var t = localStorage.getItem('em_theme') || 'dark';
+  document.documentElement.setAttribute('data-theme', t);
+</script>
+</head>
+<body>
+<a class="back" href="/dashboard/settings">&#8592; Back to Settings</a>
+<h1>Tool Security</h1>
+<p style="color: var(--text-muted); margin-bottom: 24px;">Fine-grained controls over what agents' tools can access — file paths, network endpoints, and shell commands.</p>
+<div class="toc">
+  <h3>On This Page</h3>
+  <ul>
+    <li><a href="#path-sandbox">Path Sandbox</a></li>
+    <li><a href="#ssrf">SSRF Protection</a></li>
+    <li><a href="#command-sanitizer">Command Sanitizer</a></li>
+    <li><a href="#audit-logging">Audit Logging</a></li>
+    <li><a href="#rate-limiting">Rate Limiting</a></li>
+    <li><a href="#circuit-breaker">Circuit Breaker</a></li>
+    <li><a href="#telemetry">Telemetry</a></li>
+  </ul>
+</div>
+<h2 id="path-sandbox">Path Sandbox</h2>
+<p>Restricts which file system paths agents can read from and write to. Prevents agents from accessing sensitive system files or other users' data.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable</strong></td><td>Toggle path sandboxing</td></tr>
+    <tr><td><strong>Allowed Paths</strong></td><td>Directories agents can access (e.g., <code>/home/agent/workspace</code>, <code>/tmp</code>)</td></tr>
+    <tr><td><strong>Blocked Paths</strong></td><td>Directories that are always blocked (e.g., <code>/etc/shadow</code>, <code>~/.ssh</code>)</td></tr>
+  </table>
+</div>
+<div class="tip"><strong>Default behavior:</strong> When disabled, agents can access any file the server process has permissions for. Enable sandboxing in production to enforce least-privilege file access.</div>
+<h2 id="ssrf">SSRF Protection</h2>
+<p>Prevents Server-Side Request Forgery — agents making network requests to internal services, cloud metadata endpoints, or private IP ranges.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable</strong></td><td>Toggle SSRF protection</td></tr>
+    <tr><td><strong>Block Private IPs</strong></td><td>Block requests to <code>10.x.x.x</code>, <code>172.16.x.x</code>, <code>192.168.x.x</code>, <code>127.x.x.x</code></td></tr>
+    <tr><td><strong>Block Cloud Metadata</strong></td><td>Block requests to <code>169.254.169.254</code> (AWS/GCP metadata endpoint)</td></tr>
+    <tr><td><strong>Allowed Internal Hosts</strong></td><td>Internal hosts that agents ARE allowed to reach (exceptions to the block rules)</td></tr>
+  </table>
+</div>
+<div class="danger"><strong>Critical for cloud deployments:</strong> Without SSRF protection, a compromised agent could query the cloud metadata endpoint to steal IAM credentials, access tokens, and instance identity documents.</div>
+<h2 id="command-sanitizer">Command Sanitizer</h2>
+<p>Controls which shell commands agents can execute via the <code>exec</code> tool.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable</strong></td><td>Toggle command sanitization</td></tr>
+    <tr><td><strong>Mode</strong></td><td><strong>Blocklist</strong> (block specific commands) or <strong>Allowlist</strong> (only allow specific commands)</td></tr>
+    <tr><td><strong>Blocked Commands</strong></td><td>Commands agents cannot run: <code>rm -rf</code>, <code>shutdown</code>, <code>reboot</code>, <code>mkfs</code></td></tr>
+    <tr><td><strong>Allowed Commands</strong></td><td>In allowlist mode, only these commands can be executed</td></tr>
+  </table>
+</div>
+<h2 id="audit-logging">Audit Logging</h2>
+<p>Log all tool usage with optional API key redaction. Provides a trail of every tool invocation for forensics and compliance.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable</strong></td><td>Toggle tool audit logging</td></tr>
+    <tr><td><strong>Redact API Keys</strong></td><td>Automatically redact API keys, tokens, and passwords from log entries</td></tr>
+  </table>
+</div>
+<h2 id="rate-limiting">Rate Limiting</h2>
+<p>Limits how frequently agents can invoke tools. Prevents runaway loops and resource exhaustion.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable</strong></td><td>Toggle tool rate limiting</td></tr>
+    <tr><td><strong>Calls per Minute</strong></td><td>Max tool calls per agent per minute</td></tr>
+    <tr><td><strong>Calls per Hour</strong></td><td>Max tool calls per agent per hour</td></tr>
+  </table>
+</div>
+<h2 id="circuit-breaker">Circuit Breaker</h2>
+<p>Automatically disables tools that are failing repeatedly. Prevents agents from wasting tokens retrying broken operations.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable</strong></td><td>Toggle circuit breaker</td></tr>
+    <tr><td><strong>Failure Threshold</strong></td><td>Number of consecutive failures before a tool is disabled</td></tr>
+    <tr><td><strong>Recovery Time</strong></td><td>How long before the tool is re-enabled for retry</td></tr>
+  </table>
+</div>
+<h2 id="telemetry">Telemetry</h2>
+<p>Collect anonymous usage metrics for tool performance monitoring.</p>
+<div class="card">
+  <table>
+    <tr><th>Setting</th><th>Description</th></tr>
+    <tr><td><strong>Enable</strong></td><td>Toggle telemetry collection</td></tr>
+    <tr><td><strong>Metrics</strong></td><td>Tool call counts, latency percentiles, error rates</td></tr>
+  </table>
+</div>
+<h2>Related Pages</h2>
+<div class="card">
+  <ul>
+    <li><a href="/docs/settings-security">Security System</a> — Prompt injection, encryption, audit logging</li>
+    <li><a href="/docs/settings-network">Network &amp; Firewall</a> — IP filtering, egress, proxy</li>
+    <li><a href="/docs/agent-permissions">Agent Permissions</a> — Per-agent tool access controls</li>
+    <li><a href="/docs/agent-tools">Agent Tools</a> — Available tools and their capabilities</li>
+  </ul>
+</div>
+<div style="margin-top:40px;padding-top:16px;border-top:1px solid var(--border);display:flex;justify-content:space-between;align-items:center;font-size:12px;color:var(--text-muted)">
+  <span>AgenticMail Enterprise Documentation</span>
+  <a href="https://github.com/agenticmail/enterprise/issues" target="_blank" style="display:inline-flex;align-items:center;gap:4px;color:var(--text-muted);text-decoration:none"><svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0C5.37 0 0 5.37 0 12c0 5.31 3.435 9.795 8.205 11.385.6.105.825-.255.825-.57 0-.285-.015-1.23-.015-2.235-3.015.555-3.795-.735-4.035-1.41-.135-.345-.72-1.41-1.23-1.695-.42-.225-1.02-.78-.015-.795.945-.015 1.62.87 1.845 1.23 1.08 1.815 2.805 1.305 3.495.99.105-.78.42-1.305.765-1.605-2.67-.3-5.46-1.335-5.46-5.925 0-1.305.465-2.385 1.23-3.225-.12-.3-.54-1.53.12-3.18 0 0 1.005-.315 3.3 1.23.96-.27 1.98-.405 3-.405s2.04.135 3 .405c2.295-1.56 3.3-1.23 3.3-1.23.66 1.65.24 2.88.12 3.18.765.84 1.23 1.905 1.23 3.225 0 4.605-2.805 5.625-5.475 5.925.435.375.81 1.095.81 2.22 0 1.605-.015 2.895-.015 3.3 0 .315.225.69.825.57A12.02 12.02 0 0024 12c0-6.63-5.37-12-12-12z"/></svg> Report an issue</a>
+</div>
+</body>
+</html>

package/dist/dashboard/docs/settings.html CHANGED Viewed

@@ -195,15 +195,23 @@
 <p>Manage deployment credentials for pushing agents to different environments (Docker, Kubernetes, cloud VMs). Create credentials with target-specific configuration.</p>
 <h2 id="security">Security</h2>
-<p>The Security tab provides system-level security configuration, event monitoring, and port scanning to check your instance's exposure.</p>
+<p>The Security tab provides comprehensive security configuration including prompt injection defense, SQL injection prevention, input/output filtering, transport encryption, dependency management, screen unlock, and audit logging. Each section has its own Edit/Save/Cancel buttons.</p>
-<h3>Transport Encryption</h3>
-<p>Encrypt API data in transit between the dashboard and server using AES-256-CBC. Choose to encrypt all API calls or select specific endpoint groups (API keys, database credentials, OAuth tokens, etc.). See the <a href="/docs/transport-encryption">Transport Encryption documentation</a> for full details.</p>
-<ul>
-<li><strong>Encrypt All:</strong> Every dashboard API call is encrypted</li>
-<li><strong>Sensitive Only:</strong> Pre-selected groups handling credentials and secrets</li>
-<li><strong>Custom:</strong> Toggle individual endpoint groups and add custom patterns</li>
-</ul>
+<div class="card">
+  <table>
+    <tr><th>Section</th><th>What It Controls</th></tr>
+    <tr><td><strong>Prompt Injection Defense</strong></td><td>Multi-layer detection: monitor, sanitize, or block injection attempts</td></tr>
+    <tr><td><strong>SQL Injection Prevention</strong></td><td>Scan tool inputs and API bodies for SQL injection patterns</td></tr>
+    <tr><td><strong>Input Validation</strong></td><td>Max input length, JSON depth, HTML stripping, Unicode sanitization</td></tr>
+    <tr><td><strong>Output Filtering</strong></td><td>Scan agent outputs for secrets and PII; redact or block</td></tr>
+    <tr><td><strong>Transport Encryption</strong></td><td>AES-256-CBC encryption of API data between dashboard and server</td></tr>
+    <tr><td><strong>Dependency Management</strong></td><td>Org-wide package install policy, allowed managers, blocked packages</td></tr>
+    <tr><td><strong>Screen Unlock</strong></td><td>Auto-unlock the machine when agents need desktop access</td></tr>
+    <tr><td><strong>Security Audit Log</strong></td><td>Log prompt injection attempts, tool calls, API access</td></tr>
+  </table>
+</div>
+<p><a href="/docs/settings-security">View full Security System documentation &rarr;</a></p>
 <h2 id="tool-security">Tool Security</h2>
 <p>Fine-grained control over what agents' tools can access:</p>
@@ -218,16 +226,28 @@
     <tr><td><strong>Circuit Breaker</strong></td><td>Auto-disable tools that are failing repeatedly.</td></tr>
   </table>
 </div>
+<p><a href="/docs/settings-tool-security">View full Tool Security documentation &rarr;</a></p>
 <h2 id="network">Network &amp; Firewall</h2>
-<p>Configure network-level security:</p>
-<ul>
-  <li><strong>IP Allowlist:</strong> Only allow access from specific IPs or CIDR ranges</li>
-  <li><strong>IP Blocklist:</strong> Block specific IPs</li>
-  <li><strong>Rate Limiting:</strong> Limit requests per minute per IP</li>
-  <li><strong>Geo-blocking:</strong> Restrict access by country</li>
-  <li><strong>Test IP:</strong> Check if a specific IP would be allowed or blocked</li>
-</ul>
+<p>Configure network-level security — who can access your instance and what agents can reach on the internet.</p>
+<div class="card">
+  <table>
+    <tr><th>Section</th><th>What It Controls</th></tr>
+    <tr><td><strong>Inbound IP Filtering</strong></td><td>Allowlist or blocklist IPs/CIDRs with test tool</td></tr>
+    <tr><td><strong>Egress Filtering</strong></td><td>Control outbound hosts and ports agents can reach</td></tr>
+    <tr><td><strong>Proxy Configuration</strong></td><td>HTTP/HTTPS proxy for corporate/air-gapped environments</td></tr>
+    <tr><td><strong>Trusted Proxies</strong></td><td>Reverse proxy IPs for correct X-Forwarded-For extraction</td></tr>
+    <tr><td><strong>CORS Origins</strong></td><td>Allowed cross-origin request domains</td></tr>
+    <tr><td><strong>Rate Limiting</strong></td><td>Per-IP requests per minute with skip paths</td></tr>
+    <tr><td><strong>HTTPS Enforcement</strong></td><td>Redirect HTTP to HTTPS in production</td></tr>
+    <tr><td><strong>Security Headers</strong></td><td>HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy</td></tr>
+    <tr><td><strong>DNS Rebinding Protection</strong></td><td>Host header validation against allowlist</td></tr>
+    <tr><td><strong>Request Body Limits</strong></td><td>Maximum payload size (default 10 MB)</td></tr>
+    <tr><td><strong>Geo-IP Restrictions</strong></td><td>Country-based access control with built-in geolocation</td></tr>
+    <tr><td><strong>Webhook Security</strong></td><td>HMAC validation and source IP filtering for webhooks</td></tr>
+  </table>
+</div>
+<p><a href="/docs/settings-network">View full Network &amp; Firewall documentation &rarr;</a></p>
 <h2 id="troubleshooting">Troubleshooting</h2>
 <table>