@agenticmail/enterprise 0.5.320 → 0.5.322

package/dist/runtime-OVGSOTAH.js

@@ -0,0 +1,45 @@
+import {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  runAgentLoop,
+  toolsToDefinitions
+} from "./chunk-7HBGXW7Z.js";
+import {
+  PROVIDER_REGISTRY,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider
+} from "./chunk-UF3ZJMJO.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  AgentRuntime,
+  EmailChannel,
+  FollowUpScheduler,
+  PROVIDER_REGISTRY,
+  SessionManager,
+  SubAgentManager,
+  ToolRegistry,
+  callLLM,
+  createAgentRuntime,
+  createNoopHooks,
+  createRuntimeHooks,
+  estimateMessageTokens,
+  estimateTokens,
+  executeTool,
+  listAllProviders,
+  resolveApiKeyForProvider,
+  resolveProvider,
+  runAgentLoop,
+  toolsToDefinitions
+};

package/dist/server-6NDO2S52.js

@@ -0,0 +1,28 @@
+import {
+  createServer
+} from "./chunk-YCWOCIPH.js";
+import "./chunk-DJBCRQTD.js";
+import "./chunk-UF3ZJMJO.js";
+import "./chunk-CAHNZGGK.js";
+import "./chunk-Z7NVD3OQ.js";
+import "./chunk-VSBC4SWO.js";
+import "./chunk-AF3WSNVX.js";
+import "./chunk-74ZCQKYU.js";
+import "./chunk-Z6K5FKAB.js";
+import "./chunk-C6JP5NR6.js";
+import "./chunk-BQM7MBPS.js";
+import "./chunk-3UAFHUEC.js";
+import "./chunk-6C5PKREN.js";
+import "./chunk-3FMK32KQ.js";
+import "./chunk-YDD5TC5Q.js";
+import "./chunk-37ABTUFU.js";
+import "./chunk-NU657BBQ.js";
+import "./chunk-PGAU3W3M.js";
+import "./chunk-FLQ5FLHW.js";
+import "./chunk-WUAWWKTN.js";
+import "./chunk-ZGYVXYQQ.js";
+import "./chunk-22U7TZPN.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-T6KYFR7O.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-RF2LGX3E.js";
+import "./chunk-4EKXYIJF.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.320",
+  "version": "0.5.322",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {
@@ -28,10 +28,31 @@
     "saml",
     "oidc",
     "scim",
-    "identity"
+    "identity",
+    "ai-agents",
+    "agent-platform",
+    "microsoft-365",
+    "google-workspace",
+    "compliance",
+    "soc2",
+    "gdpr",
+    "dlp",
+    "data-loss-prevention",
+    "oauth",
+    "multi-tenant",
+    "workforce-management",
+    "task-pipeline",
+    "telegram-bot",
+    "whatsapp-bot",
+    "voice-ai",
+    "google-meet",
+    "dependency-management",
+    "audit-log",
+    "rbac",
+    "encryption"
   ],
   "author": "Ope Olatunji (https://github.com/ope-olatunji)",
-  "homepage": "https://github.com/agenticmail/enterprise",
+  "homepage": "https://agenticmail.io",
   "repository": {
     "type": "git",
     "url": "https://github.com/agenticmail/enterprise.git"
@@ -90,5 +111,12 @@
     "mongodb": "^6.3.0",
     "mysql2": "^3.9.0",
     "postgres": "^3.4.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "funding": {
+    "type": "individual",
+    "url": "https://agenticmail.io"
   }
 }

package/src/agent-tools/tools/enterprise-database.ts

@@ -107,7 +107,7 @@ export function createDatabaseTools(options?: ToolCreationOptions): AnyAgentTool
   var entDbSchema: AnyAgentTool = {
     name: 'ent_db_schema',
     label: 'Database Schema',
-    description: 'Get the schema (columns, types, primary keys) for a specific table in the dat...',
+    description: 'Get the schema of a table in a LOCAL SQLite database file. For external/cloud databases granted via dashboard, use db_describe_table instead.',
     category: 'utility',
     risk: 'low',
     parameters: {
@@ -169,7 +169,7 @@ export function createDatabaseTools(options?: ToolCreationOptions): AnyAgentTool
   var entDbExplain: AnyAgentTool = {
     name: 'ent_db_explain',
     label: 'Explain Query Plan',
-    description: 'Run EXPLAIN QUERY PLAN on a SQL query to understand how the database will exe...',
+    description: 'Run EXPLAIN QUERY PLAN on a LOCAL SQLite database file. For external/cloud databases granted via dashboard, use db_explain instead.',
     category: 'utility',
     risk: 'low',
     parameters: {

package/src/agent-tools/tools/microsoft/onedrive.ts

@@ -210,17 +210,218 @@ export function createOneDriveTools(config: MicrosoftToolsConfig, _options?: Too
           itemId: { type: 'string', description: 'Item ID to share' },
           type: { type: 'string', description: 'view or edit (default: view)' },
           scope: { type: 'string', description: 'anonymous (anyone) or organization (default: organization)' },
+          expirationDateTime: { type: 'string', description: 'Link expiry (ISO 8601). Only for anonymous links.' },
+          password: { type: 'string', description: 'Password-protect the link (only for anonymous links).' },
         },
         required: ['itemId'],
       },
       async execute(_id: string, params: any) {
         try {
           const token = await tp.getAccessToken();
+          const body: any = { type: params.type || 'view', scope: params.scope || 'organization' };
+          if (params.expirationDateTime) body.expirationDateTime = params.expirationDateTime;
+          if (params.password) body.password = params.password;
           const link = await graph(token, `/me/drive/items/${params.itemId}/createLink`, {
+            method: 'POST', body,
+          });
+          return jsonResult({ url: link.link?.webUrl, type: link.link?.type, scope: link.link?.scope, expiration: link.link?.expirationDateTime });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+
+    {
+      name: 'onedrive_move',
+      description: 'Move or rename a file/folder in OneDrive.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          itemId: { type: 'string', description: 'Item ID to move/rename' },
+          newName: { type: 'string', description: 'New name (optional, for rename)' },
+          destinationFolderId: { type: 'string', description: 'Destination folder ID (optional, for move)' },
+          destinationPath: { type: 'string', description: 'Destination folder path (alternative to ID, e.g., "/Documents/Archive")' },
+        },
+        required: ['itemId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const body: any = {};
+          if (params.newName) body.name = params.newName;
+          if (params.destinationFolderId) {
+            body.parentReference = { id: params.destinationFolderId };
+          } else if (params.destinationPath) {
+            // Resolve destination folder ID first
+            const dest = await graph(token, `/me/drive/root:${params.destinationPath}`, {
+              query: { '$select': 'id' },
+            });
+            body.parentReference = { id: dest.id };
+          }
+          if (!body.name && !body.parentReference) {
+            return errorResult('Provide newName (rename), destinationFolderId or destinationPath (move), or both.');
+          }
+          const updated = await graph(token, `/me/drive/items/${params.itemId}`, {
+            method: 'PATCH', body,
+          });
+          return jsonResult({ id: updated.id, name: updated.name, webUrl: updated.webUrl, path: updated.parentReference?.path });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+
+    {
+      name: 'onedrive_copy',
+      description: 'Copy a file or folder to a new location in OneDrive. Returns a monitor URL for large copies.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          itemId: { type: 'string', description: 'Item ID to copy' },
+          destinationFolderId: { type: 'string', description: 'Destination folder ID' },
+          destinationPath: { type: 'string', description: 'Destination folder path (alternative to ID)' },
+          newName: { type: 'string', description: 'New name for the copy (optional)' },
+        },
+        required: ['itemId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const body: any = {};
+          if (params.newName) body.name = params.newName;
+          if (params.destinationFolderId) {
+            body.parentReference = { driveId: 'me', id: params.destinationFolderId };
+          } else if (params.destinationPath) {
+            const dest = await graph(token, `/me/drive/root:${params.destinationPath}`, { query: { '$select': 'id,parentReference' } });
+            body.parentReference = { driveId: dest.parentReference?.driveId || 'me', id: dest.id };
+          } else {
+            return errorResult('Provide destinationFolderId or destinationPath.');
+          }
+          // Copy returns 202 with Location header (async operation)
+          const res = await fetch(`https://graph.microsoft.com/v1.0/me/drive/items/${params.itemId}/copy`, {
             method: 'POST',
-            body: { type: params.type || 'view', scope: params.scope || 'organization' },
+            headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
+            body: JSON.stringify(body),
           });
-          return jsonResult({ url: link.link?.webUrl, type: link.link?.type, scope: link.link?.scope });
+          if (res.status === 202) {
+            return jsonResult({ status: 'copying', monitorUrl: res.headers.get('Location'), message: 'Copy started. Large files may take time.' });
+          }
+          if (!res.ok) throw new Error(`Copy failed: ${res.status} ${await res.text()}`);
+          const data = await res.json();
+          return jsonResult({ id: data.id, name: data.name, webUrl: data.webUrl });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+
+    {
+      name: 'onedrive_versions',
+      description: 'List version history of a file in OneDrive.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          itemId: { type: 'string', description: 'File item ID' },
+          path: { type: 'string', description: 'File path (alternative to itemId)' },
+        },
+        required: [],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const base = params.itemId ? `/me/drive/items/${params.itemId}` : `/me/drive/root:${params.path}:`;
+          const data = await graph(token, `${base}/versions`);
+          const versions = (data.value || []).map((v: any) => ({
+            id: v.id,
+            size: v.size,
+            modified: v.lastModifiedDateTime,
+            modifiedBy: v.lastModifiedBy?.user?.displayName || v.lastModifiedBy?.user?.email,
+          }));
+          return jsonResult({ versions, count: versions.length });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+
+    {
+      name: 'onedrive_recent',
+      description: 'List recently accessed files in OneDrive.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          maxResults: { type: 'number', description: 'Max items (default: 20)' },
+        },
+        required: [],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const data = await graph(token, '/me/drive/recent', {
+            query: { '$top': String(params.maxResults || 20), '$select': 'id,name,size,webUrl,lastModifiedDateTime,file,remoteItem' },
+          });
+          const items = (data.value || []).map((i: any) => {
+            const item = i.remoteItem || i;
+            return {
+              id: item.id, name: item.name || i.name, size: item.size,
+              mimeType: item.file?.mimeType,
+              modified: item.lastModifiedDateTime || i.lastModifiedDateTime,
+              webUrl: item.webUrl || i.webUrl,
+            };
+          });
+          return jsonResult({ items, count: items.length });
+        } catch (e: any) { return errorResult(e.message); }
+      },
+    },
+
+    {
+      name: 'onedrive_permissions',
+      description: 'List or manage sharing permissions on a file/folder.',
+      category: 'utility' as const,
+      parameters: {
+        type: 'object' as const,
+        properties: {
+          itemId: { type: 'string', description: 'Item ID' },
+          action: { type: 'string', description: 'list (default), revoke, or invite' },
+          permissionId: { type: 'string', description: 'Permission ID to revoke (for action=revoke)' },
+          email: { type: 'string', description: 'Email to invite (for action=invite)' },
+          role: { type: 'string', description: 'read or write (for action=invite, default: read)' },
+          message: { type: 'string', description: 'Optional message for invite' },
+        },
+        required: ['itemId'],
+      },
+      async execute(_id: string, params: any) {
+        try {
+          const token = await tp.getAccessToken();
+          const action = params.action || 'list';
+
+          if (action === 'revoke') {
+            if (!params.permissionId) return errorResult('permissionId required for revoke');
+            await graph(token, `/me/drive/items/${params.itemId}/permissions/${params.permissionId}`, { method: 'DELETE' });
+            return jsonResult({ revoked: true, permissionId: params.permissionId });
+          }
+
+          if (action === 'invite') {
+            if (!params.email) return errorResult('email required for invite');
+            const invite = await graph(token, `/me/drive/items/${params.itemId}/invite`, {
+              method: 'POST',
+              body: {
+                recipients: [{ email: params.email }],
+                roles: [params.role || 'read'],
+                requireSignIn: true,
+                sendInvitation: true,
+                message: params.message || '',
+              },
+            });
+            return jsonResult({ invited: true, email: params.email, permissions: invite.value });
+          }
+
+          // Default: list
+          const data = await graph(token, `/me/drive/items/${params.itemId}/permissions`);
+          const perms = (data.value || []).map((p: any) => ({
+            id: p.id,
+            roles: p.roles,
+            grantedTo: p.grantedToV2?.user?.displayName || p.grantedTo?.user?.displayName,
+            email: p.grantedToV2?.user?.email || p.invitation?.email,
+            link: p.link ? { type: p.link.type, scope: p.link.scope, webUrl: p.link.webUrl } : undefined,
+          }));
+          return jsonResult({ permissions: perms, count: perms.length });
         } catch (e: any) { return errorResult(e.message); }
       },
     },

package/.github/CODEOWNERS

@@ -1,23 +0,0 @@
-# ─── AgenticMail Enterprise Code Owners ───────────────
-#
-# These owners are automatically requested for review
-# when a PR touches matching paths.
-#
-# IMPORTANT: Enable "Require review from Code Owners" in
-# GitHub repo Settings → Branches → Branch protection rules
-# for the `main` branch to enforce this.
-
-# Core engine — requires core team review
-src/engine/     @agenticmail/core-team
-src/server.ts   @agenticmail/core-team
-src/auth/       @agenticmail/core-team
-src/admin/      @agenticmail/core-team
-
-# Community skills — ALL submissions require maintainer review
-# No community skill can be merged without explicit approval
-community-skills/   @agenticmail/skill-reviewers
-
-# CI/CD and repo config — requires admin review
-.github/        @agenticmail/core-team
-CLAUDE.md       @agenticmail/core-team
-package.json    @agenticmail/core-team

package/.github/workflows/publish-community-skills.yml

@@ -1,121 +0,0 @@
-name: Publish Community Skills
-
-# IMPORTANT: This workflow only runs AFTER code is merged into main.
-# It does NOT auto-approve or auto-merge PRs.
-# All community skill PRs must be reviewed and approved by a maintainer
-# (enforced by CODEOWNERS + branch protection rules) before this runs.
-#
-# After a maintainer-approved merge:
-# 1. Rebuilds community-skills/index.json (the registry index deployed instances fetch)
-# 2. Optionally pushes each skill to a live registry API
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - 'community-skills/**'
-
-permissions:
-  contents: write
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      # ── Generate index.json ─────────────────────────
-      # This is the file that deployed instances fetch to discover new skills.
-      # Every community-skills/<id>/agenticmail-skill.json gets listed here.
-
-      - name: Generate community-skills/index.json
-        run: |
-          node -e "
-            const fs = require('fs');
-            const path = require('path');
-            const dir = 'community-skills';
-            const skills = [];
-
-            for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
-              if (!entry.isDirectory() || entry.name.startsWith('_') || entry.name.startsWith('.')) continue;
-              const manifestPath = path.join(dir, entry.name, 'agenticmail-skill.json');
-              try {
-                const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));
-                skills.push({
-                  id: manifest.id,
-                  name: manifest.name,
-                  version: manifest.version,
-                  author: manifest.author,
-                  category: manifest.category,
-                  risk: manifest.risk,
-                  description: manifest.description,
-                });
-              } catch (err) {
-                console.error('Skipping ' + entry.name + ': ' + err.message);
-              }
-            }
-
-            const index = {
-              generatedAt: new Date().toISOString(),
-              count: skills.length,
-              skills,
-            };
-
-            fs.writeFileSync(path.join(dir, 'index.json'), JSON.stringify(index, null, 2) + '\n');
-            console.log('Generated index.json with ' + skills.length + ' skills');
-          "
-
-      - name: Commit index.json
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git add community-skills/index.json
-          git diff --cached --quiet && echo "No changes to index.json" && exit 0
-          git commit -m "chore: update community-skills index [skip ci]"
-          git push
-
-      # ── Publish to live registry (optional) ─────────
-      # If ENTERPRISE_REGISTRY_URL is configured, also push directly to a live server.
-
-      - name: Find changed skill directories
-        id: changed
-        run: |
-          CHANGED=$(git diff --name-only HEAD~1 HEAD -- community-skills/ || true)
-          DIRS=$(echo "$CHANGED" | grep -oP 'community-skills/[^/]+' | sort -u | grep -v '_template' || true)
-          echo "dirs<<EOF" >> $GITHUB_OUTPUT
-          echo "$DIRS" >> $GITHUB_OUTPUT
-          echo "EOF" >> $GITHUB_OUTPUT
-          COUNT=$(echo "$DIRS" | grep -c '.' || echo "0")
-          echo "count=$COUNT" >> $GITHUB_OUTPUT
-
-      - name: Publish to live registry
-        if: steps.changed.outputs.count != '0' && env.REGISTRY_URL != ''
-        env:
-          REGISTRY_URL: ${{ secrets.ENTERPRISE_REGISTRY_URL }}
-          REGISTRY_TOKEN: ${{ secrets.ENTERPRISE_API_KEY }}
-        run: |
-          while IFS= read -r dir; do
-            [ -z "$dir" ] && continue
-            SKILL_ID=$(basename "$dir")
-            MANIFEST="$dir/agenticmail-skill.json"
-            [ ! -f "$MANIFEST" ] && continue
-
-            echo "Publishing $SKILL_ID..."
-            HTTP_CODE=$(curl -s -o /tmp/response.json -w "%{http_code}" \
-              -X POST "${REGISTRY_URL}/api/engine/community/skills/publish" \
-              -H "Content-Type: application/json" \
-              -H "Authorization: Bearer ${REGISTRY_TOKEN}" \
-              -d @"$MANIFEST")
-
-            if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
-              echo "Published $SKILL_ID (HTTP $HTTP_CODE)"
-            else
-              echo "::warning::Failed to publish $SKILL_ID (HTTP $HTTP_CODE)"
-            fi
-          done <<< "${{ steps.changed.outputs.dirs }}"