@agenticmail/enterprise 0.5.4 → 0.5.6

package/dist/cidr-O6T7HDUD.js

@@ -0,0 +1,17 @@
+import {
+  compileIpMatcher,
+  hostMatchesPattern,
+  ipMatchesCidr,
+  ipToNumber,
+  isValidIpOrCidr,
+  parseCidr
+} from "./chunk-DRXMYYKN.js";
+import "./chunk-2ESYSVXG.js";
+export {
+  compileIpMatcher,
+  hostMatchesPattern,
+  ipMatchesCidr,
+  ipToNumber,
+  isValidIpOrCidr,
+  parseCidr
+};

package/dist/cli-build-skill-AE7QC5C5.js

@@ -0,0 +1,235 @@
+import {
+  VALID_CATEGORIES,
+  VALID_RISK_LEVELS,
+  validateSkillManifest
+} from "./chunk-TY7NVD4U.js";
+import "./chunk-KFQGP6VL.js";
+
+// src/engine/cli-build-skill.ts
+async function runBuildSkill(_args) {
+  const chalk = (await import("chalk")).default;
+  const ora = (await import("ora")).default;
+  const inquirer = (await import("inquirer")).default;
+  const fs = await import("fs/promises");
+  const path = await import("path");
+  console.log("");
+  console.log(chalk.bold("\u{1F6E0}\uFE0F  AgenticMail Community Skill Builder"));
+  console.log(chalk.dim("  Generate a valid agenticmail-skill.json for any application"));
+  console.log("");
+  const answers = await inquirer.prompt([
+    {
+      type: "input",
+      name: "application",
+      message: "What application or service should this skill integrate with?",
+      validate: (v) => v.trim().length > 0 || "Application name is required"
+    },
+    {
+      type: "input",
+      name: "operations",
+      message: "What operations should it support? (comma-separated)",
+      default: "read, create, update, delete, list"
+    },
+    {
+      type: "list",
+      name: "category",
+      message: "Category:",
+      choices: [...VALID_CATEGORIES],
+      default: "productivity"
+    },
+    {
+      type: "list",
+      name: "risk",
+      message: "Risk level:",
+      choices: [...VALID_RISK_LEVELS],
+      default: "medium"
+    },
+    {
+      type: "input",
+      name: "author",
+      message: "Your GitHub username:",
+      validate: (v) => /^[a-zA-Z0-9_-]+$/.test(v.trim()) || "Must be a valid GitHub username"
+    },
+    {
+      type: "input",
+      name: "outputDir",
+      message: "Output directory:",
+      default: (a) => `./community-skills/${a.application.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "")}`
+    }
+  ]);
+  const appSlug = answers.application.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+  const toolPrefix = appSlug.replace(/-/g, "_");
+  const operations = answers.operations.split(",").map((s) => s.trim()).filter(Boolean);
+  let manifest = null;
+  const spinner = ora("Generating skill manifest...").start();
+  try {
+    const res = await fetch("http://localhost:3000/health", { signal: AbortSignal.timeout(2e3) });
+    if (res.ok) {
+      spinner.text = "Agent runtime detected \u2014 using AI to generate manifest...";
+      const aiRes = await fetch("http://localhost:3000/api/chat", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          message: buildAIPrompt(answers.application, operations, answers.category, answers.risk, answers.author, appSlug, toolPrefix),
+          system: "You are a skill manifest generator. Respond with ONLY valid JSON, no markdown, no explanation."
+        }),
+        signal: AbortSignal.timeout(3e4)
+      });
+      if (aiRes.ok) {
+        const aiData = await aiRes.json();
+        const content = aiData.response || aiData.message || "";
+        const jsonMatch = content.match(/\{[\s\S]*\}/);
+        if (jsonMatch) {
+          manifest = JSON.parse(jsonMatch[0]);
+        }
+      }
+    }
+  } catch {
+  }
+  if (!manifest) {
+    spinner.text = "Generating from template...";
+    manifest = generateFromTemplate(answers.application, operations, answers.category, answers.risk, answers.author, appSlug, toolPrefix);
+  }
+  spinner.succeed("Manifest generated");
+  const validation = validateSkillManifest(manifest);
+  if (!validation.valid) {
+    console.log(chalk.yellow("\n  Validation warnings (auto-fixing)..."));
+    if (!manifest.category) manifest.category = answers.category;
+    if (!manifest.risk) manifest.risk = answers.risk;
+    if (!manifest.license) manifest.license = "MIT";
+    if (!manifest.description || manifest.description.length < 20) {
+      manifest.description = `Integrates with ${answers.application} to ${operations.slice(0, 3).join(", ")} and more.`;
+    }
+  }
+  const outDir = path.resolve(answers.outputDir);
+  await fs.mkdir(outDir, { recursive: true });
+  const manifestPath = path.join(outDir, "agenticmail-skill.json");
+  await fs.writeFile(manifestPath, JSON.stringify(manifest, null, 2) + "\n");
+  console.log(chalk.green("  \u2714") + ` Written: ${manifestPath}`);
+  const readmePath = path.join(outDir, "README.md");
+  await fs.writeFile(readmePath, generateReadme(manifest));
+  console.log(chalk.green("  \u2714") + ` Written: ${readmePath}`);
+  const finalCheck = validateSkillManifest(manifest);
+  if (finalCheck.valid) {
+    console.log(chalk.green("\n  \u2714 Manifest is valid!"));
+  } else {
+    console.log(chalk.yellow("\n  \u26A0 Manifest has issues:"));
+    for (const err of finalCheck.errors) console.log(chalk.red("    " + err));
+  }
+  for (const warn of finalCheck.warnings) console.log(chalk.yellow("    \u26A0 " + warn));
+  console.log("");
+  const { submit } = await inquirer.prompt([{
+    type: "confirm",
+    name: "submit",
+    message: "Submit this skill as a PR to agenticmail/enterprise?",
+    default: false
+  }]);
+  if (submit) {
+    const { runSubmitSkill } = await import("./cli-submit-skill-LDFJGSKO.js");
+    await runSubmitSkill([outDir]);
+  } else {
+    console.log(chalk.dim("\n  To submit later: npx @agenticmail/enterprise submit-skill " + answers.outputDir));
+  }
+}
+function generateFromTemplate(app, operations, category, risk, author, slug, prefix) {
+  const tools = operations.map((op) => {
+    const opSlug = op.toLowerCase().replace(/[^a-z0-9]+/g, "_").replace(/^_|_$/g, "");
+    const isRead = ["read", "get", "list", "search", "fetch", "view", "query"].some((r) => opSlug.includes(r));
+    const isDelete = ["delete", "remove", "destroy"].some((r) => opSlug.includes(r));
+    const toolCategory = isDelete ? "destroy" : isRead ? "read" : "write";
+    const toolRisk = isDelete ? "high" : isRead ? "low" : "medium";
+    const sideEffects = [];
+    if (!isRead) sideEffects.push("network-request");
+    if (isDelete) sideEffects.push("deletes-data");
+    return {
+      id: `${prefix}_${opSlug}`,
+      name: op.charAt(0).toUpperCase() + op.slice(1),
+      description: `${op.charAt(0).toUpperCase() + op.slice(1)} in ${app}`,
+      category: toolCategory,
+      riskLevel: toolRisk,
+      sideEffects,
+      parameters: {}
+    };
+  });
+  return {
+    id: slug,
+    name: app,
+    description: `Integrates with ${app} to ${operations.slice(0, 3).join(", ")}${operations.length > 3 ? " and more" : ""}. Community-contributed skill for AgenticMail agents.`,
+    version: "1.0.0",
+    author,
+    repository: `https://github.com/${author}/${slug}`,
+    license: "MIT",
+    category,
+    risk,
+    tags: [slug, category],
+    tools,
+    configSchema: {
+      apiKey: { type: "secret", label: "API Key", description: `Your ${app} API key`, required: true }
+    },
+    minEngineVersion: "0.3.0",
+    homepage: `https://github.com/${author}/${slug}`
+  };
+}
+function buildAIPrompt(app, operations, category, risk, author, slug, prefix) {
+  return `Generate a valid agenticmail-skill.json manifest for "${app}".
+
+Requirements:
+- id: "${slug}"
+- name: "${app}"
+- Operations: ${operations.join(", ")}
+- category: "${category}"
+- risk: "${risk}"
+- author: "${author}"
+- repository: "https://github.com/${author}/${slug}"
+- license: "MIT"
+- Each tool needs: id (${prefix}_<action>), name, description, category (read/write/execute/communicate/destroy), riskLevel (low/medium/high/critical), sideEffects array
+- Valid sideEffects: sends-email, sends-message, sends-sms, posts-social, runs-code, modifies-files, deletes-data, network-request, controls-device, accesses-secrets, financial
+- Include a configSchema with any API keys or settings needed
+- version: "1.0.0"
+- minEngineVersion: "0.3.0"
+- description must be 20-500 chars
+
+Output ONLY the JSON object, no explanation.`;
+}
+function generateReadme(manifest) {
+  const tools = (manifest.tools || []).map(
+    (t) => `| \`${t.id}\` | ${t.name} | ${t.description} | ${t.riskLevel || "medium"} |`
+  ).join("\n");
+  return `# ${manifest.name}
+
+${manifest.description}
+
+## Tools
+
+| ID | Name | Description | Risk |
+|----|------|-------------|------|
+${tools}
+
+## Configuration
+
+${manifest.configSchema ? Object.entries(manifest.configSchema).map(
+    ([k, v]) => `- **${k}** (${v.type || "string"}): ${v.description || k}${v.required ? " *(required)*" : ""}`
+  ).join("\n") : "No configuration required."}
+
+## Installation
+
+Install this skill from the AgenticMail Enterprise dashboard:
+
+1. Go to **Community Skills** in the sidebar
+2. Search for "${manifest.name}"
+3. Click **Install**
+
+Or via the API:
+\`\`\`bash
+curl -X POST /api/engine/community/skills/${manifest.id}/install \\
+  -H "Content-Type: application/json" \\
+  -d '{"orgId": "your-org-id"}'
+\`\`\`
+
+## License
+
+${manifest.license || "MIT"}
+`;
+}
+export {
+  runBuildSkill
+};

package/dist/cli-build-skill-MP6K4ZXO.js

@@ -0,0 +1,235 @@
+import {
+  VALID_CATEGORIES,
+  VALID_RISK_LEVELS,
+  validateSkillManifest
+} from "./chunk-TY7NVD4U.js";
+import "./chunk-2ESYSVXG.js";
+
+// src/engine/cli-build-skill.ts
+async function runBuildSkill(_args) {
+  const chalk = (await import("chalk")).default;
+  const ora = (await import("ora")).default;
+  const inquirer = (await import("inquirer")).default;
+  const fs = await import("fs/promises");
+  const path = await import("path");
+  console.log("");
+  console.log(chalk.bold("\u{1F6E0}\uFE0F  AgenticMail Community Skill Builder"));
+  console.log(chalk.dim("  Generate a valid agenticmail-skill.json for any application"));
+  console.log("");
+  const answers = await inquirer.prompt([
+    {
+      type: "input",
+      name: "application",
+      message: "What application or service should this skill integrate with?",
+      validate: (v) => v.trim().length > 0 || "Application name is required"
+    },
+    {
+      type: "input",
+      name: "operations",
+      message: "What operations should it support? (comma-separated)",
+      default: "read, create, update, delete, list"
+    },
+    {
+      type: "list",
+      name: "category",
+      message: "Category:",
+      choices: [...VALID_CATEGORIES],
+      default: "productivity"
+    },
+    {
+      type: "list",
+      name: "risk",
+      message: "Risk level:",
+      choices: [...VALID_RISK_LEVELS],
+      default: "medium"
+    },
+    {
+      type: "input",
+      name: "author",
+      message: "Your GitHub username:",
+      validate: (v) => /^[a-zA-Z0-9_-]+$/.test(v.trim()) || "Must be a valid GitHub username"
+    },
+    {
+      type: "input",
+      name: "outputDir",
+      message: "Output directory:",
+      default: (a) => `./community-skills/${a.application.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "")}`
+    }
+  ]);
+  const appSlug = answers.application.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+  const toolPrefix = appSlug.replace(/-/g, "_");
+  const operations = answers.operations.split(",").map((s) => s.trim()).filter(Boolean);
+  let manifest = null;
+  const spinner = ora("Generating skill manifest...").start();
+  try {
+    const res = await fetch("http://localhost:3000/health", { signal: AbortSignal.timeout(2e3) });
+    if (res.ok) {
+      spinner.text = "Agent runtime detected \u2014 using AI to generate manifest...";
+      const aiRes = await fetch("http://localhost:3000/api/chat", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          message: buildAIPrompt(answers.application, operations, answers.category, answers.risk, answers.author, appSlug, toolPrefix),
+          system: "You are a skill manifest generator. Respond with ONLY valid JSON, no markdown, no explanation."
+        }),
+        signal: AbortSignal.timeout(3e4)
+      });
+      if (aiRes.ok) {
+        const aiData = await aiRes.json();
+        const content = aiData.response || aiData.message || "";
+        const jsonMatch = content.match(/\{[\s\S]*\}/);
+        if (jsonMatch) {
+          manifest = JSON.parse(jsonMatch[0]);
+        }
+      }
+    }
+  } catch {
+  }
+  if (!manifest) {
+    spinner.text = "Generating from template...";
+    manifest = generateFromTemplate(answers.application, operations, answers.category, answers.risk, answers.author, appSlug, toolPrefix);
+  }
+  spinner.succeed("Manifest generated");
+  const validation = validateSkillManifest(manifest);
+  if (!validation.valid) {
+    console.log(chalk.yellow("\n  Validation warnings (auto-fixing)..."));
+    if (!manifest.category) manifest.category = answers.category;
+    if (!manifest.risk) manifest.risk = answers.risk;
+    if (!manifest.license) manifest.license = "MIT";
+    if (!manifest.description || manifest.description.length < 20) {
+      manifest.description = `Integrates with ${answers.application} to ${operations.slice(0, 3).join(", ")} and more.`;
+    }
+  }
+  const outDir = path.resolve(answers.outputDir);
+  await fs.mkdir(outDir, { recursive: true });
+  const manifestPath = path.join(outDir, "agenticmail-skill.json");
+  await fs.writeFile(manifestPath, JSON.stringify(manifest, null, 2) + "\n");
+  console.log(chalk.green("  \u2714") + ` Written: ${manifestPath}`);
+  const readmePath = path.join(outDir, "README.md");
+  await fs.writeFile(readmePath, generateReadme(manifest));
+  console.log(chalk.green("  \u2714") + ` Written: ${readmePath}`);
+  const finalCheck = validateSkillManifest(manifest);
+  if (finalCheck.valid) {
+    console.log(chalk.green("\n  \u2714 Manifest is valid!"));
+  } else {
+    console.log(chalk.yellow("\n  \u26A0 Manifest has issues:"));
+    for (const err of finalCheck.errors) console.log(chalk.red("    " + err));
+  }
+  for (const warn of finalCheck.warnings) console.log(chalk.yellow("    \u26A0 " + warn));
+  console.log("");
+  const { submit } = await inquirer.prompt([{
+    type: "confirm",
+    name: "submit",
+    message: "Submit this skill as a PR to agenticmail/enterprise?",
+    default: false
+  }]);
+  if (submit) {
+    const { runSubmitSkill } = await import("./cli-submit-skill-6AAQWZWW.js");
+    await runSubmitSkill([outDir]);
+  } else {
+    console.log(chalk.dim("\n  To submit later: npx @agenticmail/enterprise submit-skill " + answers.outputDir));
+  }
+}
+function generateFromTemplate(app, operations, category, risk, author, slug, prefix) {
+  const tools = operations.map((op) => {
+    const opSlug = op.toLowerCase().replace(/[^a-z0-9]+/g, "_").replace(/^_|_$/g, "");
+    const isRead = ["read", "get", "list", "search", "fetch", "view", "query"].some((r) => opSlug.includes(r));
+    const isDelete = ["delete", "remove", "destroy"].some((r) => opSlug.includes(r));
+    const toolCategory = isDelete ? "destroy" : isRead ? "read" : "write";
+    const toolRisk = isDelete ? "high" : isRead ? "low" : "medium";
+    const sideEffects = [];
+    if (!isRead) sideEffects.push("network-request");
+    if (isDelete) sideEffects.push("deletes-data");
+    return {
+      id: `${prefix}_${opSlug}`,
+      name: op.charAt(0).toUpperCase() + op.slice(1),
+      description: `${op.charAt(0).toUpperCase() + op.slice(1)} in ${app}`,
+      category: toolCategory,
+      riskLevel: toolRisk,
+      sideEffects,
+      parameters: {}
+    };
+  });
+  return {
+    id: slug,
+    name: app,
+    description: `Integrates with ${app} to ${operations.slice(0, 3).join(", ")}${operations.length > 3 ? " and more" : ""}. Community-contributed skill for AgenticMail agents.`,
+    version: "1.0.0",
+    author,
+    repository: `https://github.com/${author}/${slug}`,
+    license: "MIT",
+    category,
+    risk,
+    tags: [slug, category],
+    tools,
+    configSchema: {
+      apiKey: { type: "secret", label: "API Key", description: `Your ${app} API key`, required: true }
+    },
+    minEngineVersion: "0.3.0",
+    homepage: `https://github.com/${author}/${slug}`
+  };
+}
+function buildAIPrompt(app, operations, category, risk, author, slug, prefix) {
+  return `Generate a valid agenticmail-skill.json manifest for "${app}".
+
+Requirements:
+- id: "${slug}"
+- name: "${app}"
+- Operations: ${operations.join(", ")}
+- category: "${category}"
+- risk: "${risk}"
+- author: "${author}"
+- repository: "https://github.com/${author}/${slug}"
+- license: "MIT"
+- Each tool needs: id (${prefix}_<action>), name, description, category (read/write/execute/communicate/destroy), riskLevel (low/medium/high/critical), sideEffects array
+- Valid sideEffects: sends-email, sends-message, sends-sms, posts-social, runs-code, modifies-files, deletes-data, network-request, controls-device, accesses-secrets, financial
+- Include a configSchema with any API keys or settings needed
+- version: "1.0.0"
+- minEngineVersion: "0.3.0"
+- description must be 20-500 chars
+
+Output ONLY the JSON object, no explanation.`;
+}
+function generateReadme(manifest) {
+  const tools = (manifest.tools || []).map(
+    (t) => `| \`${t.id}\` | ${t.name} | ${t.description} | ${t.riskLevel || "medium"} |`
+  ).join("\n");
+  return `# ${manifest.name}
+
+${manifest.description}
+
+## Tools
+
+| ID | Name | Description | Risk |
+|----|------|-------------|------|
+${tools}
+
+## Configuration
+
+${manifest.configSchema ? Object.entries(manifest.configSchema).map(
+    ([k, v]) => `- **${k}** (${v.type || "string"}): ${v.description || k}${v.required ? " *(required)*" : ""}`
+  ).join("\n") : "No configuration required."}
+
+## Installation
+
+Install this skill from the AgenticMail Enterprise dashboard:
+
+1. Go to **Community Skills** in the sidebar
+2. Search for "${manifest.name}"
+3. Click **Install**
+
+Or via the API:
+\`\`\`bash
+curl -X POST /api/engine/community/skills/${manifest.id}/install \\
+  -H "Content-Type: application/json" \\
+  -d '{"orgId": "your-org-id"}'
+\`\`\`
+
+## License
+
+${manifest.license || "MIT"}
+`;
+}
+export {
+  runBuildSkill
+};

package/dist/cli-recover-5M74V7V4.js

@@ -0,0 +1,97 @@
+import {
+  DomainLock
+} from "./chunk-UPU23ZRG.js";
+import "./chunk-KFQGP6VL.js";
+
+// src/domain-lock/cli-recover.ts
+function getFlag(args, name) {
+  const idx = args.indexOf(name);
+  if (idx !== -1 && args[idx + 1]) return args[idx + 1];
+  return void 0;
+}
+async function runRecover(args) {
+  const { default: inquirer } = await import("inquirer");
+  const { default: chalk } = await import("chalk");
+  const { default: ora } = await import("ora");
+  console.log("");
+  console.log(chalk.bold("  AgenticMail Enterprise \u2014 Domain Recovery"));
+  console.log(chalk.dim("  Recover your domain registration on a new machine."));
+  console.log("");
+  let domain = getFlag(args, "--domain");
+  if (!domain) {
+    const answer = await inquirer.prompt([{
+      type: "input",
+      name: "domain",
+      message: "Domain to recover:",
+      suffix: chalk.dim("  (e.g. agents.agenticmail.io)"),
+      validate: (v) => v.includes(".") || "Enter a valid domain"
+    }]);
+    domain = answer.domain;
+  }
+  let key = getFlag(args, "--key");
+  if (!key) {
+    const answer = await inquirer.prompt([{
+      type: "password",
+      name: "key",
+      message: "Deployment key:",
+      mask: "*",
+      validate: (v) => {
+        if (v.length !== 64) return "Deployment key should be 64 hex characters";
+        if (!/^[0-9a-fA-F]+$/.test(v)) return "Deployment key should be hexadecimal";
+        return true;
+      }
+    }]);
+    key = answer.key;
+  }
+  const spinner = ora("Contacting AgenticMail registry...").start();
+  const lock = new DomainLock();
+  const result = await lock.recover(domain, key);
+  if (!result.success) {
+    spinner.fail("Recovery failed");
+    console.log("");
+    console.error(chalk.red(`  ${result.error}`));
+    console.log("");
+    process.exit(1);
+  }
+  spinner.succeed("Domain recovery initiated");
+  const { default: bcrypt } = await import("bcryptjs");
+  const keyHash = await bcrypt.hash(key, 12);
+  const dbPath = getFlag(args, "--db");
+  const dbType = getFlag(args, "--db-type") || "sqlite";
+  if (dbPath) {
+    try {
+      const spinnerDb = ora("Saving to local database...").start();
+      const { createAdapter } = await import("./factory-FVJH5RRY.js");
+      const db = await createAdapter({ type: dbType, connectionString: dbPath });
+      await db.migrate();
+      await db.updateSettings({
+        domain,
+        deploymentKeyHash: keyHash,
+        domainRegistrationId: result.registrationId,
+        domainDnsChallenge: result.dnsChallenge,
+        domainRegisteredAt: (/* @__PURE__ */ new Date()).toISOString(),
+        domainStatus: "pending_dns"
+      });
+      spinnerDb.succeed("Local database updated");
+      await db.disconnect();
+    } catch (err) {
+      console.log(chalk.yellow(`
+  Could not update local DB: ${err.message}`));
+      console.log(chalk.dim("  You can manually update settings after setup."));
+    }
+  }
+  console.log("");
+  console.log(chalk.green.bold("  Domain recovery successful!"));
+  console.log("");
+  console.log(chalk.bold("  Update your DNS TXT record:"));
+  console.log("");
+  console.log(`  ${chalk.bold("Host:")}   ${chalk.cyan(`_agenticmail-verify.${domain}`)}`);
+  console.log(`  ${chalk.bold("Type:")}   ${chalk.cyan("TXT")}`);
+  console.log(`  ${chalk.bold("Value:")}  ${chalk.cyan(result.dnsChallenge)}`);
+  console.log("");
+  console.log(chalk.dim("  Then run: npx @agenticmail/enterprise verify-domain"));
+  console.log("");
+}
+export {
+  runRecover
+};

package/dist/cli-recover-5VWKSBTE.js

@@ -0,0 +1,97 @@
+import {
+  DomainLock
+} from "./chunk-UPU23ZRG.js";
+import "./chunk-2ESYSVXG.js";
+
+// src/domain-lock/cli-recover.ts
+function getFlag(args, name) {
+  const idx = args.indexOf(name);
+  if (idx !== -1 && args[idx + 1]) return args[idx + 1];
+  return void 0;
+}
+async function runRecover(args) {
+  const { default: inquirer } = await import("inquirer");
+  const { default: chalk } = await import("chalk");
+  const { default: ora } = await import("ora");
+  console.log("");
+  console.log(chalk.bold("  AgenticMail Enterprise \u2014 Domain Recovery"));
+  console.log(chalk.dim("  Recover your domain registration on a new machine."));
+  console.log("");
+  let domain = getFlag(args, "--domain");
+  if (!domain) {
+    const answer = await inquirer.prompt([{
+      type: "input",
+      name: "domain",
+      message: "Domain to recover:",
+      suffix: chalk.dim("  (e.g. agents.agenticmail.io)"),
+      validate: (v) => v.includes(".") || "Enter a valid domain"
+    }]);
+    domain = answer.domain;
+  }
+  let key = getFlag(args, "--key");
+  if (!key) {
+    const answer = await inquirer.prompt([{
+      type: "password",
+      name: "key",
+      message: "Deployment key:",
+      mask: "*",
+      validate: (v) => {
+        if (v.length !== 64) return "Deployment key should be 64 hex characters";
+        if (!/^[0-9a-fA-F]+$/.test(v)) return "Deployment key should be hexadecimal";
+        return true;
+      }
+    }]);
+    key = answer.key;
+  }
+  const spinner = ora("Contacting AgenticMail registry...").start();
+  const lock = new DomainLock();
+  const result = await lock.recover(domain, key);
+  if (!result.success) {
+    spinner.fail("Recovery failed");
+    console.log("");
+    console.error(chalk.red(`  ${result.error}`));
+    console.log("");
+    process.exit(1);
+  }
+  spinner.succeed("Domain recovery initiated");
+  const { default: bcrypt } = await import("bcryptjs");
+  const keyHash = await bcrypt.hash(key, 12);
+  const dbPath = getFlag(args, "--db");
+  const dbType = getFlag(args, "--db-type") || "sqlite";
+  if (dbPath) {
+    try {
+      const spinnerDb = ora("Saving to local database...").start();
+      const { createAdapter } = await import("./factory-X6SKUEDX.js");
+      const db = await createAdapter({ type: dbType, connectionString: dbPath });
+      await db.migrate();
+      await db.updateSettings({
+        domain,
+        deploymentKeyHash: keyHash,
+        domainRegistrationId: result.registrationId,
+        domainDnsChallenge: result.dnsChallenge,
+        domainRegisteredAt: (/* @__PURE__ */ new Date()).toISOString(),
+        domainStatus: "pending_dns"
+      });
+      spinnerDb.succeed("Local database updated");
+      await db.disconnect();
+    } catch (err) {
+      console.log(chalk.yellow(`
+  Could not update local DB: ${err.message}`));
+      console.log(chalk.dim("  You can manually update settings after setup."));
+    }
+  }
+  console.log("");
+  console.log(chalk.green.bold("  Domain recovery successful!"));
+  console.log("");
+  console.log(chalk.bold("  Update your DNS TXT record:"));
+  console.log("");
+  console.log(`  ${chalk.bold("Host:")}   ${chalk.cyan(`_agenticmail-verify.${domain}`)}`);
+  console.log(`  ${chalk.bold("Type:")}   ${chalk.cyan("TXT")}`);
+  console.log(`  ${chalk.bold("Value:")}  ${chalk.cyan(result.dnsChallenge)}`);
+  console.log("");
+  console.log(chalk.dim("  Then run: npx @agenticmail/enterprise verify-domain"));
+  console.log("");
+}
+export {
+  runRecover
+};