@agenticmail/enterprise 0.5.475 → 0.5.477

package/dist/cli-serve-ZSDGJTHH.js

@@ -0,0 +1,322 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/cli-serve.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function loadEnvFile() {
+  const candidates = [
+    join(process.cwd(), ".env"),
+    join(homedir(), ".agenticmail", ".env")
+  ];
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, "utf8");
+      for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) continue;
+        const eq = trimmed.indexOf("=");
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch {
+    }
+  }
+}
+async function ensureSecrets() {
+  const { randomUUID } = await import("crypto");
+  const envDir = join(homedir(), ".agenticmail");
+  const envPath = join(envDir, ".env");
+  let dirty = false;
+  if (!process.env.JWT_SECRET) {
+    process.env.JWT_SECRET = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new JWT_SECRET (existing sessions will need to re-login)");
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new AGENTICMAIL_VAULT_KEY");
+    console.log("[startup] \u26A0\uFE0F  Previously encrypted credentials will need to be re-entered in the dashboard");
+  }
+  if (dirty) {
+    try {
+      if (!existsSync(envDir)) {
+        const { mkdirSync } = await import("fs");
+        mkdirSync(envDir, { recursive: true });
+      }
+      const { appendFileSync } = await import("fs");
+      const lines = [];
+      let existing = "";
+      if (existsSync(envPath)) {
+        existing = readFileSync(envPath, "utf8");
+      }
+      if (!existing.includes("JWT_SECRET=")) {
+        lines.push(`JWT_SECRET=${process.env.JWT_SECRET}`);
+      }
+      if (!existing.includes("AGENTICMAIL_VAULT_KEY=")) {
+        lines.push(`AGENTICMAIL_VAULT_KEY=${process.env.AGENTICMAIL_VAULT_KEY}`);
+      }
+      if (lines.length) {
+        appendFileSync(envPath, "\n" + lines.join("\n") + "\n", { mode: 384 });
+        console.log(`[startup] Saved secrets to ${envPath}`);
+      }
+    } catch (e) {
+      console.warn(`[startup] Could not save secrets to ${envPath}: ${e.message}`);
+    }
+  }
+}
+async function runServe(_args) {
+  loadEnvFile();
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const PORT = parseInt(process.env.PORT || "8080", 10);
+  await ensureSecrets();
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const _VAULT_KEY = process.env.AGENTICMAIL_VAULT_KEY;
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required.");
+    console.error("");
+    console.error("Set it via environment variable or .env file:");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start");
+    console.error("");
+    console.error("Or create a .env file (in cwd or ~/.agenticmail/.env):");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db");
+    console.error("  JWT_SECRET=your-secret-here");
+    console.error("  PORT=3200");
+    process.exit(1);
+  }
+  const { createAdapter, smartDbConfig } = await import("./factory-R6MMSC2X.js");
+  const { createServer } = await import("./server-QEZAMZEU.js");
+  const db = await createAdapter(smartDbConfig(DATABASE_URL));
+  await db.migrate();
+  const server = createServer({
+    port: PORT,
+    db,
+    jwtSecret: JWT_SECRET,
+    corsOrigins: ["*"]
+  });
+  await server.start();
+  console.log(`AgenticMail Enterprise server running on :${PORT}`);
+  try {
+    const { startWatcherEngine, initWatcherTables, setWatcherRuntime } = await import("./polymarket-watcher-4H6Z37OA.js");
+    const edb = db.getEngineDB?.();
+    if (edb) {
+      await initWatcherTables(edb);
+      startWatcherEngine(db, {
+        log: (...args) => console.log(...args),
+        onEvent: (agentId, event) => {
+          if (event.severity === "critical") {
+            console.log(`[poly-watcher] CRITICAL signal for agent ${agentId}: ${event.title}`);
+          }
+        }
+      });
+      setTimeout(async () => {
+        try {
+          const routes = await import("./routes-ZIQX65BT.js");
+          setWatcherRuntime(
+            () => routes.getRuntime?.() || null
+          );
+        } catch (e) {
+          console.warn("[poly-watcher] Could not inject runtime:", e.message);
+        }
+      }, 5e3);
+      console.log("[startup] Polymarket watcher engine started");
+    }
+    setTimeout(async () => {
+      try {
+        const { autoConnectProxy } = await import("./polymarket-runtime-NH3NSZ5Y.js");
+        const pdb = db.getEngineDB?.();
+        if (pdb) await autoConnectProxy(pdb);
+      } catch {
+      }
+    }, 8e3);
+  } catch (e) {
+    console.warn("[startup] Polymarket watcher engine skipped:", e.message);
+  }
+  try {
+    const { startBackgroundUpdateCheck } = await import("./cli-update-SX7GACL3.js");
+    startBackgroundUpdateCheck();
+  } catch {
+  }
+  try {
+    const { startPreventSleep } = await import("./screen-unlock-4RPZBHOI.js");
+    const adminDb = server.getAdminDb?.() || server.adminDb;
+    if (adminDb) {
+      const settings = await adminDb.getSettings?.().catch(() => null);
+      const screenAccess = settings?.securityConfig?.screenAccess;
+      if (screenAccess?.enabled && screenAccess?.preventSleep) {
+        startPreventSleep();
+        console.log("[startup] Prevent-sleep enabled \u2014 system will stay awake while agents are active");
+      }
+    }
+  } catch {
+  }
+  try {
+    await setupSystemPersistence();
+  } catch (e) {
+    console.warn("[startup] System persistence setup skipped: " + e.message);
+  }
+  const tunnelToken = process.env.CLOUDFLARED_TOKEN;
+  if (tunnelToken) {
+    try {
+      const { execSync, spawn } = await import("child_process");
+      try {
+        execSync(process.platform === "win32" ? "where cloudflared" : "which cloudflared", { timeout: 3e3 });
+      } catch {
+        console.log("[startup] cloudflared not found \u2014 skipping tunnel auto-start");
+        console.log("[startup] Install cloudflared to enable tunnel: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/");
+        return;
+      }
+      try {
+        if (process.platform === "win32") {
+          const tasklist = execSync('tasklist /FI "IMAGENAME eq cloudflared.exe" /NH', { encoding: "utf8", timeout: 5e3 });
+          if (tasklist.includes("cloudflared.exe")) {
+            console.log("[startup] cloudflared tunnel already running");
+            return;
+          }
+        } else {
+          execSync('pgrep -f "cloudflared.*tunnel.*run"', { timeout: 3e3 });
+          console.log("[startup] cloudflared tunnel already running");
+          return;
+        }
+      } catch {
+      }
+      const subdomain = process.env.AGENTICMAIL_SUBDOMAIN || process.env.AGENTICMAIL_DOMAIN || "";
+      console.log(`[startup] Starting cloudflared tunnel${subdomain ? ` for ${subdomain}.agenticmail.io` : ""}...`);
+      let cfBin = "cloudflared";
+      if (process.platform === "win32") {
+        try {
+          cfBin = execSync("where cloudflared", { encoding: "utf8", timeout: 3e3 }).trim().split("\n")[0].trim();
+        } catch {
+          const candidate = `${process.env.LOCALAPPDATA || ""}\\cloudflared\\cloudflared.exe`;
+          try {
+            (await import("fs")).statSync(candidate);
+            cfBin = candidate;
+          } catch {
+          }
+        }
+      }
+      const child = spawn(cfBin, ["tunnel", "--no-autoupdate", "run", "--token", tunnelToken], {
+        detached: true,
+        stdio: "ignore"
+      });
+      child.unref();
+      console.log("[startup] cloudflared tunnel started (pid " + child.pid + ")");
+    } catch (e) {
+      console.warn("[startup] Could not auto-start cloudflared: " + e.message);
+    }
+  }
+}
+async function setupSystemPersistence() {
+  const { execSync, spawnSync } = await import("child_process");
+  const { existsSync: exists, writeFileSync, mkdirSync } = await import("fs");
+  const { join: pathJoin } = await import("path");
+  const platform = process.platform;
+  if (!process.env.PM2_HOME && !process.env.pm_id) {
+    return;
+  }
+  const markerDir = pathJoin(homedir(), ".agenticmail");
+  const markerFile = pathJoin(markerDir, ".persistence-configured");
+  if (exists(markerFile)) {
+    try {
+      execSync("pm2 save --silent", { timeout: 1e4, stdio: "ignore" });
+    } catch {
+    }
+    return;
+  }
+  console.log("[startup] Configuring system persistence (one-time setup)...");
+  try {
+    if (platform === "darwin") {
+      const result = spawnSync("pm2", ["startup", "launchd", "--silent"], {
+        timeout: 15e3,
+        stdio: "pipe",
+        encoding: "utf-8"
+      });
+      const output = (result.stdout || "") + (result.stderr || "");
+      const sudoMatch = output.match(/sudo\s+env\s+.*pm2\s+startup.*/);
+      if (sudoMatch) {
+        console.log("[startup] PM2 startup requires sudo. Run this once:");
+        console.log("  " + sudoMatch[0]);
+      } else {
+        console.log("[startup] PM2 startup configured (launchd)");
+      }
+      const plistPath = pathJoin(homedir(), "Library", "LaunchAgents", `pm2.${process.env.USER || "user"}.plist`);
+      if (exists(plistPath)) {
+        try {
+          execSync(`launchctl load -w "${plistPath}"`, { timeout: 5e3, stdio: "ignore" });
+        } catch {
+        }
+      }
+    } else if (platform === "linux") {
+      const result = spawnSync("pm2", ["startup", "systemd", "--silent"], {
+        timeout: 15e3,
+        stdio: "pipe",
+        encoding: "utf-8"
+      });
+      const output = (result.stdout || "") + (result.stderr || "");
+      const sudoMatch = output.match(/sudo\s+env\s+.*pm2\s+startup.*/);
+      if (sudoMatch) {
+        try {
+          execSync(sudoMatch[0], { timeout: 15e3, stdio: "ignore" });
+          console.log("[startup] PM2 startup configured (systemd)");
+        } catch {
+          console.log("[startup] PM2 startup requires root. Run this once:");
+          console.log("  " + sudoMatch[0]);
+        }
+      } else {
+        console.log("[startup] PM2 startup configured (systemd)");
+      }
+    } else if (platform === "win32") {
+      try {
+        execSync("npm list -g pm2-windows-startup", { timeout: 1e4, stdio: "ignore" });
+      } catch {
+        console.log("[startup] Installing pm2-windows-startup...");
+        try {
+          execSync("npm install -g pm2-windows-startup", { timeout: 6e4, stdio: "ignore" });
+          execSync("pm2-startup install", { timeout: 15e3, stdio: "ignore" });
+          console.log("[startup] PM2 startup configured (Windows Service)");
+        } catch (e) {
+          console.warn("[startup] Could not install pm2-windows-startup: " + e.message);
+        }
+      }
+    }
+  } catch (e) {
+    console.warn("[startup] PM2 startup setup: " + e.message);
+  }
+  try {
+    const moduleList = execSync("pm2 ls --silent 2>/dev/null || true", { timeout: 1e4, encoding: "utf-8" });
+    if (!moduleList.includes("pm2-logrotate")) {
+      console.log("[startup] Installing pm2-logrotate...");
+      execSync("pm2 install pm2-logrotate --silent", { timeout: 6e4, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:max_size 10M --silent", { timeout: 5e3, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:retain 5 --silent", { timeout: 5e3, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:compress true --silent", { timeout: 5e3, stdio: "ignore" });
+      console.log("[startup] Log rotation configured (10MB, 5 files)");
+    }
+  } catch {
+  }
+  try {
+    execSync("pm2 save --silent", { timeout: 1e4, stdio: "ignore" });
+    console.log("[startup] Process list saved");
+  } catch {
+  }
+  try {
+    if (!exists(markerDir)) mkdirSync(markerDir, { recursive: true });
+    writeFileSync(markerFile, (/* @__PURE__ */ new Date()).toISOString() + `
+platform=${platform}
+`, { mode: 384 });
+    console.log("[startup] System persistence configured successfully");
+  } catch {
+  }
+}
+export {
+  runServe
+};

package/dist/cli.js

@@ -65,14 +65,14 @@ Skill Development:
     break;
   case "serve":
   case "start":
-    import("./cli-serve-V4Z4RCMT.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
+    import("./cli-serve-HDZAJG2F.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
-    import("./cli-agent-YUG7TRUU.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
+    import("./cli-agent-P2U4ZUD3.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:
-    import("./setup-FHFQQ4LK.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-2VCHQGNM.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/dashboard/pages/settings.js

@@ -138,7 +138,8 @@ export function SettingsPage() {
       var cfg = d.toolSecurityConfig || {};
       setToolSec({
         security: cfg.security || { pathSandbox: { enabled: true, allowedDirs: [], blockedPatterns: [] }, ssrf: { enabled: true, allowedHosts: [], blockedCidrs: [] }, commandSanitizer: { enabled: true, mode: 'blocklist', allowedCommands: [], blockedPatterns: [] } },
-        middleware: cfg.middleware || { audit: { enabled: true, redactKeys: [] }, rateLimit: { enabled: true, overrides: {} }, circuitBreaker: { enabled: true }, telemetry: { enabled: true } }
+        middleware: cfg.middleware || { audit: { enabled: true, redactKeys: [] }, rateLimit: { enabled: true, overrides: {} }, circuitBreaker: { enabled: true }, telemetry: { enabled: true } },
+        toolConfig: cfg.toolConfig || {}
       });
     }).catch(() => {});
     apiCall('/settings/firewall').then(function(d) {
@@ -1014,7 +1015,7 @@ export function SettingsPage() {
     tab === 'tool-security' && h(ToolSecurityTab, { toolSec: toolSec, setToolSec: function(v) { setToolSec(v); setToolSecDirty(true); }, saving: toolSecSaving, dirty: toolSecDirty, onSave: function() {
       setToolSecSaving(true);
       apiCall('/settings/tool-security', { method: 'PUT', body: JSON.stringify(toolSec) })
-        .then(function(d) { setToolSec({ security: (d.toolSecurityConfig || {}).security || toolSec.security, middleware: (d.toolSecurityConfig || {}).middleware || toolSec.middleware }); setToolSecDirty(false); toast('Tool security settings saved', 'success'); })
+        .then(function(d) { var c = d.toolSecurityConfig || {}; setToolSec({ security: c.security || toolSec.security, middleware: c.middleware || toolSec.middleware, toolConfig: c.toolConfig || toolSec.toolConfig }); setToolSecDirty(false); toast('Tool security settings saved', 'success'); })
         .catch(function(e) { toast(e.message, 'error'); })
         .finally(function() { setToolSecSaving(false); });
     } }),
@@ -1347,17 +1348,29 @@ function ToolSecurityTab(props) {
 
   var sec = toolSec.security || {};
   var mw = toolSec.middleware || {};
+  var tc = toolSec.toolConfig || {};
+  var ws = (tc.web && tc.web.search) || {};
 
   var setSec = function(key, value) {
     var next = Object.assign({}, sec);
     next[key] = value;
-    setToolSec({ security: next, middleware: mw });
+    setToolSec({ security: next, middleware: mw, toolConfig: tc });
   };
 
   var setMw = function(key, value) {
     var next = Object.assign({}, mw);
     next[key] = value;
-    setToolSec({ security: sec, middleware: next });
+    setToolSec({ security: sec, middleware: next, toolConfig: tc });
+  };
+
+  var setWebSearch = function(field, value) {
+    var nextWs = Object.assign({}, ws);
+    nextWs[field] = value;
+    var nextWeb = Object.assign({}, tc.web || {});
+    nextWeb.search = nextWs;
+    var nextTc = Object.assign({}, tc);
+    nextTc.web = nextWeb;
+    setToolSec({ security: sec, middleware: mw, toolConfig: nextTc });
   };
 
   var patchSec = function(section, field, value) {
@@ -1399,6 +1412,78 @@ function ToolSecurityTab(props) {
       }, saving ? 'Saving...' : 'Save Settings')
     ),
 
+    // ── WEB SEARCH CONFIG ──
+    h('div', { style: _sectionTitleStyle }, 'Web Search'),
+    h('div', { style: _gridStyle },
+      h('div', { style: Object.assign({}, _cardStyle, { gridColumn: '1 / -1' }) },
+        h('div', { style: _cardTitleStyle }, I.globe(), ' Web Search API Keys'),
+        h('div', { style: _cardDescStyle }, 'Configure API keys for agent web search. Without a key, agents fall back to DuckDuckGo (free but limited). Brave is recommended for best results.'),
+        h('div', { style: { display: 'grid', gridTemplateColumns: '1fr 1fr', gap: 16, marginTop: 12 } },
+          h('div', null,
+            h('label', { style: { fontSize: 13, fontWeight: 500 } }, 'Search Provider'),
+            h('select', {
+              style: { width: '100%', padding: '8px 12px', borderRadius: 8, border: '1px solid var(--border)', background: 'var(--bg-secondary)', color: 'var(--text-primary)', marginTop: 4 },
+              value: ws.provider || 'brave',
+              onChange: function(e) { setWebSearch('provider', e.target.value); }
+            },
+              h('option', { value: 'brave' }, 'Brave Search (recommended)'),
+              h('option', { value: 'perplexity' }, 'Perplexity Sonar'),
+              h('option', { value: 'grok' }, 'xAI Grok')
+            )
+          ),
+          h('div', null,
+            h('label', { style: { fontSize: 13, fontWeight: 500 } }, 'Max Results'),
+            h('input', {
+              type: 'number', min: 1, max: 10,
+              style: { width: '100%', padding: '8px 12px', borderRadius: 8, border: '1px solid var(--border)', background: 'var(--bg-secondary)', color: 'var(--text-primary)', marginTop: 4 },
+              value: ws.maxResults || 5,
+              onChange: function(e) { setWebSearch('maxResults', parseInt(e.target.value) || 5); }
+            })
+          )
+        ),
+        h('div', { style: { display: 'grid', gridTemplateColumns: '1fr 1fr 1fr', gap: 16, marginTop: 16 } },
+          h('div', null,
+            h('label', { style: { fontSize: 13, fontWeight: 500 } }, 'Brave API Key'),
+            h('input', {
+              type: 'password', placeholder: 'BSA...',
+              style: { width: '100%', padding: '8px 12px', borderRadius: 8, border: '1px solid var(--border)', background: 'var(--bg-secondary)', color: 'var(--text-primary)', marginTop: 4 },
+              value: ws.apiKey || '',
+              onChange: function(e) { setWebSearch('apiKey', e.target.value); }
+            }),
+            h('div', { style: { fontSize: 11, color: 'var(--text-muted)', marginTop: 4 } }, 'Get key at api.search.brave.com')
+          ),
+          h('div', null,
+            h('label', { style: { fontSize: 13, fontWeight: 500 } }, 'Perplexity API Key'),
+            h('input', {
+              type: 'password', placeholder: 'pplx-...',
+              style: { width: '100%', padding: '8px 12px', borderRadius: 8, border: '1px solid var(--border)', background: 'var(--bg-secondary)', color: 'var(--text-primary)', marginTop: 4 },
+              value: (ws.perplexity && ws.perplexity.apiKey) || '',
+              onChange: function(e) {
+                var nextP = Object.assign({}, ws.perplexity || {});
+                nextP.apiKey = e.target.value;
+                setWebSearch('perplexity', nextP);
+              }
+            }),
+            h('div', { style: { fontSize: 11, color: 'var(--text-muted)', marginTop: 4 } }, 'Get key at perplexity.ai')
+          ),
+          h('div', null,
+            h('label', { style: { fontSize: 13, fontWeight: 500 } }, 'xAI / Grok API Key'),
+            h('input', {
+              type: 'password', placeholder: 'xai-...',
+              style: { width: '100%', padding: '8px 12px', borderRadius: 8, border: '1px solid var(--border)', background: 'var(--bg-secondary)', color: 'var(--text-primary)', marginTop: 4 },
+              value: (ws.grok && ws.grok.apiKey) || '',
+              onChange: function(e) {
+                var nextG = Object.assign({}, ws.grok || {});
+                nextG.apiKey = e.target.value;
+                setWebSearch('grok', nextG);
+              }
+            }),
+            h('div', { style: { fontSize: 11, color: 'var(--text-muted)', marginTop: 4 } }, 'Get key at console.x.ai')
+          )
+        )
+      )
+    ),
+
     // ── SECURITY SECTION ──
     h('div', { style: _sectionTitleStyle }, 'Security Sandboxes'),
     h('div', { style: _gridStyle },

package/dist/index.js

@@ -7,7 +7,7 @@ import {
 import {
   provision,
   runSetupWizard
-} from "./chunk-EUXDCTOG.js";
+} from "./chunk-PP37VRLO.js";
 import {
   AgenticMailManager,
   GoogleEmailProvider,
@@ -28,7 +28,7 @@ import {
   executeTool,
   runAgentLoop,
   toolsToDefinitions
-} from "./chunk-3S6BEAWO.js";
+} from "./chunk-XZIERFHK.js";
 import "./chunk-CFR5OSMI.js";
 import {
   ValidationError,
@@ -43,7 +43,7 @@ import {
   requireRole,
   securityHeaders,
   validate
-} from "./chunk-JDZHIZHW.js";
+} from "./chunk-67TC5JOS.js";
 import "./chunk-DJBCRQTD.js";
 import {
   PROVIDER_REGISTRY,
@@ -117,18 +117,18 @@ import {
   init_agent_config,
   init_deployer
 } from "./chunk-PSZU6FMQ.js";
-import "./chunk-XFM5P2LE.js";
-import "./chunk-ZB3VC2MR.js";
+import "./chunk-6MLEOPNF.js";
+import "./chunk-PLIE3LOT.js";
 import "./chunk-I5IGHBXW.js";
-import "./chunk-FWA7OIDL.js";
+import "./chunk-CTF2NLZK.js";
 import {
   SecureVault,
   init_vault
 } from "./chunk-WUAWWKTN.js";
-import "./chunk-SDETR7MX.js";
-import "./chunk-SP6ZE3MA.js";
+import "./chunk-YWK66HN4.js";
+import "./chunk-722P53KA.js";
 import "./chunk-CVFIM72Q.js";
-import "./chunk-7JDCMIZM.js";
+import "./chunk-TMCTJWUB.js";
 import {
   CircuitBreaker,
   CircuitOpenError,