@agenticmail/enterprise 0.5.336 → 0.5.337

package/dist/cli-serve-DUUELMXK.js

@@ -0,0 +1,260 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/cli-serve.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function loadEnvFile() {
+  const candidates = [
+    join(process.cwd(), ".env"),
+    join(homedir(), ".agenticmail", ".env")
+  ];
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, "utf8");
+      for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) continue;
+        const eq = trimmed.indexOf("=");
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch {
+    }
+  }
+}
+async function ensureSecrets() {
+  const { randomUUID } = await import("crypto");
+  const envDir = join(homedir(), ".agenticmail");
+  const envPath = join(envDir, ".env");
+  let dirty = false;
+  if (!process.env.JWT_SECRET) {
+    process.env.JWT_SECRET = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new JWT_SECRET (existing sessions will need to re-login)");
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new AGENTICMAIL_VAULT_KEY");
+    console.log("[startup] \u26A0\uFE0F  Previously encrypted credentials will need to be re-entered in the dashboard");
+  }
+  if (dirty) {
+    try {
+      if (!existsSync(envDir)) {
+        const { mkdirSync } = await import("fs");
+        mkdirSync(envDir, { recursive: true });
+      }
+      const { appendFileSync } = await import("fs");
+      const lines = [];
+      let existing = "";
+      if (existsSync(envPath)) {
+        existing = readFileSync(envPath, "utf8");
+      }
+      if (!existing.includes("JWT_SECRET=")) {
+        lines.push(`JWT_SECRET=${process.env.JWT_SECRET}`);
+      }
+      if (!existing.includes("AGENTICMAIL_VAULT_KEY=")) {
+        lines.push(`AGENTICMAIL_VAULT_KEY=${process.env.AGENTICMAIL_VAULT_KEY}`);
+      }
+      if (lines.length) {
+        appendFileSync(envPath, "\n" + lines.join("\n") + "\n", { mode: 384 });
+        console.log(`[startup] Saved secrets to ${envPath}`);
+      }
+    } catch (e) {
+      console.warn(`[startup] Could not save secrets to ${envPath}: ${e.message}`);
+    }
+  }
+}
+async function runServe(_args) {
+  loadEnvFile();
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const PORT = parseInt(process.env.PORT || "8080", 10);
+  await ensureSecrets();
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const _VAULT_KEY = process.env.AGENTICMAIL_VAULT_KEY;
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required.");
+    console.error("");
+    console.error("Set it via environment variable or .env file:");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start");
+    console.error("");
+    console.error("Or create a .env file (in cwd or ~/.agenticmail/.env):");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db");
+    console.error("  JWT_SECRET=your-secret-here");
+    console.error("  PORT=3200");
+    process.exit(1);
+  }
+  const { createAdapter, smartDbConfig } = await import("./factory-RTZU2K54.js");
+  const { createServer } = await import("./server-ZFVGQJUL.js");
+  const db = await createAdapter(smartDbConfig(DATABASE_URL));
+  await db.migrate();
+  const server = createServer({
+    port: PORT,
+    db,
+    jwtSecret: JWT_SECRET,
+    corsOrigins: ["*"]
+  });
+  await server.start();
+  console.log(`AgenticMail Enterprise server running on :${PORT}`);
+  try {
+    const { startPreventSleep } = await import("./screen-unlock-4RPZBHOI.js");
+    const adminDb = server.getAdminDb?.() || server.adminDb;
+    if (adminDb) {
+      const settings = await adminDb.getSettings?.().catch(() => null);
+      const screenAccess = settings?.securityConfig?.screenAccess;
+      if (screenAccess?.enabled && screenAccess?.preventSleep) {
+        startPreventSleep();
+        console.log("[startup] Prevent-sleep enabled \u2014 system will stay awake while agents are active");
+      }
+    }
+  } catch {
+  }
+  try {
+    await setupSystemPersistence();
+  } catch (e) {
+    console.warn("[startup] System persistence setup skipped: " + e.message);
+  }
+  const tunnelToken = process.env.CLOUDFLARED_TOKEN;
+  if (tunnelToken) {
+    try {
+      const { execSync, spawn } = await import("child_process");
+      try {
+        execSync("which cloudflared", { timeout: 3e3 });
+      } catch {
+        console.log("[startup] cloudflared not found \u2014 skipping tunnel auto-start");
+        console.log("[startup] Install cloudflared to enable tunnel: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/");
+        return;
+      }
+      try {
+        execSync('pgrep -f "cloudflared.*tunnel.*run"', { timeout: 3e3 });
+        console.log("[startup] cloudflared tunnel already running");
+        return;
+      } catch {
+      }
+      const subdomain = process.env.AGENTICMAIL_SUBDOMAIN || process.env.AGENTICMAIL_DOMAIN || "";
+      console.log(`[startup] Starting cloudflared tunnel${subdomain ? ` for ${subdomain}.agenticmail.io` : ""}...`);
+      const child = spawn("cloudflared", ["tunnel", "--no-autoupdate", "run", "--token", tunnelToken], {
+        detached: true,
+        stdio: "ignore"
+      });
+      child.unref();
+      console.log("[startup] cloudflared tunnel started (pid " + child.pid + ")");
+    } catch (e) {
+      console.warn("[startup] Could not auto-start cloudflared: " + e.message);
+    }
+  }
+}
+async function setupSystemPersistence() {
+  const { execSync, spawnSync } = await import("child_process");
+  const { existsSync: exists, writeFileSync, mkdirSync } = await import("fs");
+  const { join: pathJoin } = await import("path");
+  const platform = process.platform;
+  if (!process.env.PM2_HOME && !process.env.pm_id) {
+    return;
+  }
+  const markerDir = pathJoin(homedir(), ".agenticmail");
+  const markerFile = pathJoin(markerDir, ".persistence-configured");
+  if (exists(markerFile)) {
+    try {
+      execSync("pm2 save --silent", { timeout: 1e4, stdio: "ignore" });
+    } catch {
+    }
+    return;
+  }
+  console.log("[startup] Configuring system persistence (one-time setup)...");
+  try {
+    if (platform === "darwin") {
+      const result = spawnSync("pm2", ["startup", "launchd", "--silent"], {
+        timeout: 15e3,
+        stdio: "pipe",
+        encoding: "utf-8"
+      });
+      const output = (result.stdout || "") + (result.stderr || "");
+      const sudoMatch = output.match(/sudo\s+env\s+.*pm2\s+startup.*/);
+      if (sudoMatch) {
+        console.log("[startup] PM2 startup requires sudo. Run this once:");
+        console.log("  " + sudoMatch[0]);
+      } else {
+        console.log("[startup] PM2 startup configured (launchd)");
+      }
+      const plistPath = pathJoin(homedir(), "Library", "LaunchAgents", `pm2.${process.env.USER || "user"}.plist`);
+      if (exists(plistPath)) {
+        try {
+          execSync(`launchctl load -w "${plistPath}"`, { timeout: 5e3, stdio: "ignore" });
+        } catch {
+        }
+      }
+    } else if (platform === "linux") {
+      const result = spawnSync("pm2", ["startup", "systemd", "--silent"], {
+        timeout: 15e3,
+        stdio: "pipe",
+        encoding: "utf-8"
+      });
+      const output = (result.stdout || "") + (result.stderr || "");
+      const sudoMatch = output.match(/sudo\s+env\s+.*pm2\s+startup.*/);
+      if (sudoMatch) {
+        try {
+          execSync(sudoMatch[0], { timeout: 15e3, stdio: "ignore" });
+          console.log("[startup] PM2 startup configured (systemd)");
+        } catch {
+          console.log("[startup] PM2 startup requires root. Run this once:");
+          console.log("  " + sudoMatch[0]);
+        }
+      } else {
+        console.log("[startup] PM2 startup configured (systemd)");
+      }
+    } else if (platform === "win32") {
+      try {
+        execSync("npm list -g pm2-windows-startup", { timeout: 1e4, stdio: "ignore" });
+      } catch {
+        console.log("[startup] Installing pm2-windows-startup...");
+        try {
+          execSync("npm install -g pm2-windows-startup", { timeout: 6e4, stdio: "ignore" });
+          execSync("pm2-startup install", { timeout: 15e3, stdio: "ignore" });
+          console.log("[startup] PM2 startup configured (Windows Service)");
+        } catch (e) {
+          console.warn("[startup] Could not install pm2-windows-startup: " + e.message);
+        }
+      }
+    }
+  } catch (e) {
+    console.warn("[startup] PM2 startup setup: " + e.message);
+  }
+  try {
+    const moduleList = execSync("pm2 ls --silent 2>/dev/null || true", { timeout: 1e4, encoding: "utf-8" });
+    if (!moduleList.includes("pm2-logrotate")) {
+      console.log("[startup] Installing pm2-logrotate...");
+      execSync("pm2 install pm2-logrotate --silent", { timeout: 6e4, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:max_size 10M --silent", { timeout: 5e3, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:retain 5 --silent", { timeout: 5e3, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:compress true --silent", { timeout: 5e3, stdio: "ignore" });
+      console.log("[startup] Log rotation configured (10MB, 5 files)");
+    }
+  } catch {
+  }
+  try {
+    execSync("pm2 save --silent", { timeout: 1e4, stdio: "ignore" });
+    console.log("[startup] Process list saved");
+  } catch {
+  }
+  try {
+    if (!exists(markerDir)) mkdirSync(markerDir, { recursive: true });
+    writeFileSync(markerFile, (/* @__PURE__ */ new Date()).toISOString() + `
+platform=${platform}
+`, { mode: 384 });
+    console.log("[startup] System persistence configured successfully");
+  } catch {
+  }
+}
+export {
+  runServe
+};

package/dist/cli-verify-7EMGBE46.js

@@ -0,0 +1,149 @@
+import {
+  DomainLock
+} from "./chunk-UPU23ZRG.js";
+import "./chunk-KFQGP6VL.js";
+
+// src/domain-lock/cli-verify.ts
+function getFlag(args, name) {
+  const idx = args.indexOf(name);
+  if (idx !== -1 && args[idx + 1]) return args[idx + 1];
+  return void 0;
+}
+function hasFlag(args, name) {
+  return args.includes(name);
+}
+function detectDbType(url) {
+  const u = url.toLowerCase().trim();
+  if (u.startsWith("postgres") || u.startsWith("pg:")) return "postgres";
+  if (u.startsWith("mysql")) return "mysql";
+  if (u.startsWith("mongodb")) return "mongodb";
+  if (u.startsWith("libsql") || u.includes(".turso.io")) return "turso";
+  if (u.endsWith(".db") || u.endsWith(".sqlite") || u.endsWith(".sqlite3") || u.startsWith("file:")) return "sqlite";
+  return "postgres";
+}
+async function runVerifyDomain(args) {
+  const { default: chalk } = await import("chalk");
+  const { default: ora } = await import("ora");
+  console.log("");
+  console.log(chalk.bold("  AgenticMail Enterprise \u2014 Domain Verification"));
+  console.log("");
+  let domain = getFlag(args, "--domain");
+  let dnsChallenge;
+  let db = null;
+  let dbConnected = false;
+  const envDbUrl = process.env.DATABASE_URL;
+  if (envDbUrl) {
+    const dbType = detectDbType(envDbUrl);
+    const spinner = ora(`Connecting to database (${dbType})...`).start();
+    try {
+      const { createAdapter } = await import("./factory-RTZU2K54.js");
+      db = await createAdapter({ type: dbType, connectionString: envDbUrl });
+      await db.migrate();
+      const settings = await db.getSettings();
+      if (!domain && settings?.domain) domain = settings.domain;
+      if (settings?.domainDnsChallenge) dnsChallenge = settings.domainDnsChallenge;
+      dbConnected = true;
+      spinner.succeed(`Connected to ${dbType} database` + (domain ? ` (domain: ${domain})` : ""));
+    } catch (err) {
+      spinner.warn(`Could not connect via DATABASE_URL: ${err.message}`);
+      db = null;
+    }
+  }
+  if (!dbConnected) {
+    const dbPath = getFlag(args, "--db");
+    const dbType = getFlag(args, "--db-type") || "sqlite";
+    if (dbPath) {
+      const spinner = ora(`Connecting to ${dbType} database...`).start();
+      try {
+        const { createAdapter } = await import("./factory-RTZU2K54.js");
+        db = await createAdapter({ type: dbType, connectionString: dbPath });
+        await db.migrate();
+        const settings = await db.getSettings();
+        if (!domain && settings?.domain) domain = settings.domain;
+        if (settings?.domainDnsChallenge) dnsChallenge = settings.domainDnsChallenge;
+        dbConnected = true;
+        spinner.succeed(`Connected to ${dbType} database`);
+      } catch {
+        spinner.warn("Could not read local database");
+      }
+    }
+  }
+  if (!domain) {
+    const { default: inquirer } = await import("inquirer");
+    const answer = await inquirer.prompt([{
+      type: "input",
+      name: "domain",
+      message: "Domain to verify:",
+      suffix: chalk.dim("  (e.g. agents.yourcompany.com)"),
+      validate: (v) => v.includes(".") || "Enter a valid domain",
+      filter: (v) => v.trim().toLowerCase()
+    }]);
+    domain = answer.domain;
+  }
+  const lock = new DomainLock();
+  const maxAttempts = hasFlag(args, "--poll") ? 5 : 1;
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    const spinner = ora(
+      maxAttempts > 1 ? `Checking DNS verification (attempt ${attempt}/${maxAttempts})...` : "Checking DNS verification..."
+    ).start();
+    try {
+      const result = await lock.checkVerification(domain);
+      if (!result.success) {
+        spinner.fail("Verification check failed");
+        console.log("");
+        console.error(chalk.red(`  ${result.error}`));
+        console.log("");
+        if (db) await db.disconnect();
+        process.exit(1);
+      }
+      if (result.verified) {
+        spinner.succeed("Domain verified!");
+        if (dbConnected && db) {
+          try {
+            await db.updateSettings({
+              domainStatus: "verified",
+              domainVerifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+            });
+            console.log(chalk.dim("  Database updated with verified status."));
+          } catch {
+          }
+        }
+        console.log("");
+        console.log(chalk.green.bold(`  \u2713 ${domain} is verified and protected.`));
+        console.log(chalk.dim("  Your deployment domain is locked. No other instance can claim it."));
+        console.log(chalk.dim("  The system now operates 100% offline \u2014 no outbound calls are made."));
+        console.log("");
+        if (db) await db.disconnect();
+        return;
+      }
+    } catch (err) {
+      spinner.warn(`Check failed: ${err.message}`);
+    }
+    if (attempt < maxAttempts) {
+      const waitSpinner = ora(`DNS record not found yet. Retrying in 10 seconds...`).start();
+      await new Promise((r) => setTimeout(r, 1e4));
+      waitSpinner.stop();
+    }
+  }
+  console.log("");
+  console.log(chalk.yellow("  DNS record not detected yet."));
+  console.log("");
+  console.log(chalk.bold("  Make sure this TXT record exists at your DNS provider:"));
+  console.log("");
+  console.log(`  ${chalk.bold("Host:")}   ${chalk.cyan(`_agenticmail-verify.${domain}`)}`);
+  console.log(`  ${chalk.bold("Type:")}   ${chalk.cyan("TXT")}`);
+  if (dnsChallenge) {
+    console.log(`  ${chalk.bold("Value:")}  ${chalk.cyan(dnsChallenge)}`);
+  } else {
+    console.log(`  ${chalk.bold("Value:")}  ${chalk.dim("(check your dashboard or setup output)")}`);
+  }
+  console.log("");
+  console.log(chalk.dim("  DNS propagation can take up to 48 hours."));
+  console.log(chalk.dim("  Run with --poll to retry automatically:"));
+  console.log(chalk.dim(`    npx @agenticmail/enterprise verify-domain --domain ${domain} --poll`));
+  console.log("");
+  if (db) await db.disconnect();
+}
+export {
+  runVerifyDomain
+};

package/dist/cli.js

@@ -14,10 +14,10 @@ switch (command) {
     import("./cli-submit-skill-SNGAHVB7.js").then((m) => m.runSubmitSkill(args.slice(1))).catch(fatal);
     break;
   case "recover":
-    import("./cli-recover-7UPG4QZ6.js").then((m) => m.runRecover(args.slice(1))).catch(fatal);
+    import("./cli-recover-K7A4IIQY.js").then((m) => m.runRecover(args.slice(1))).catch(fatal);
     break;
   case "verify-domain":
-    import("./cli-verify-WICBVLAM.js").then((m) => m.runVerifyDomain(args.slice(1))).catch(fatal);
+    import("./cli-verify-7EMGBE46.js").then((m) => m.runVerifyDomain(args.slice(1))).catch(fatal);
     break;
   case "reset-password":
     import("./cli-reset-password-SO5Y6MW7.js").then((m) => m.runResetPassword(args.slice(1))).catch(fatal);
@@ -57,14 +57,14 @@ Skill Development:
     break;
   case "serve":
   case "start":
-    import("./cli-serve-BQ7NJMGJ.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
+    import("./cli-serve-DUUELMXK.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
-    import("./cli-agent-HWEJ3REY.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
+    import("./cli-agent-35EZUQ4N.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:
-    import("./setup-2E6ZFVSS.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-3LZARKFD.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/factory-RTZU2K54.js

@@ -0,0 +1,11 @@
+import {
+  createAdapter,
+  getSupportedDatabases,
+  smartDbConfig
+} from "./chunk-Z3I6GNTS.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createAdapter,
+  getSupportedDatabases,
+  smartDbConfig
+};

package/dist/index.js

@@ -13,7 +13,7 @@ import {
 import {
   provision,
   runSetupWizard
-} from "./chunk-VIHOFXA4.js";
+} from "./chunk-KHYCWUTO.js";
 import {
   AgentRuntime,
   EmailChannel,
@@ -42,7 +42,7 @@ import {
   requireRole,
   securityHeaders,
   validate
-} from "./chunk-JH76GUKT.js";
+} from "./chunk-URC3SFYD.js";
 import "./chunk-DJBCRQTD.js";
 import {
   PROVIDER_REGISTRY,
@@ -139,7 +139,7 @@ import {
 import {
   createAdapter,
   getSupportedDatabases
-} from "./chunk-PAHT4ABL.js";
+} from "./chunk-Z3I6GNTS.js";
 import {
   AGENTICMAIL_TOOLS,
   ALL_TOOLS,