@agenticmail/enterprise 0.5.52 → 0.5.53

package/dist/index.js

@@ -626,6 +626,327 @@ ${original.body}`
   }
 };
 
+// src/agenticmail/providers/imap.ts
+var ImapEmailProvider = class {
+  provider = "imap";
+  identity = null;
+  // IMAP connection (lazy-loaded to avoid bundling the dep if not used)
+  imapClient = null;
+  smtpClient = null;
+  getIdentity() {
+    if (!this.identity) throw new Error("Not connected \u2014 call connect() first");
+    return this.identity;
+  }
+  // ─── Connection ─────────────────────────────────────
+  async connect(identity) {
+    const imapIdentity = identity;
+    if (!imapIdentity.imapHost) throw new Error("IMAP host is required");
+    if (!imapIdentity.smtpHost) throw new Error("SMTP host is required");
+    this.identity = imapIdentity;
+    try {
+      const { ImapFlow } = await import("imapflow");
+      this.imapClient = new ImapFlow({
+        host: imapIdentity.imapHost,
+        port: imapIdentity.imapPort || 993,
+        secure: true,
+        auth: {
+          user: imapIdentity.email,
+          pass: imapIdentity.password || imapIdentity.accessToken
+        },
+        logger: false
+      });
+      await this.imapClient.connect();
+    } catch (err) {
+      if (err.code === "ERR_MODULE_NOT_FOUND" || err.message?.includes("Cannot find")) {
+        console.warn("[imap-provider] imapflow not installed \u2014 IMAP operations will fail. Install with: npm install imapflow");
+        this.imapClient = null;
+      } else {
+        throw new Error(`Failed to connect to IMAP server ${imapIdentity.imapHost}: ${err.message}`);
+      }
+    }
+  }
+  async disconnect() {
+    if (this.imapClient) {
+      try {
+        await this.imapClient.logout();
+      } catch {
+      }
+      this.imapClient = null;
+    }
+    this.identity = null;
+  }
+  // ─── List / Read ────────────────────────────────────
+  async listMessages(folder, opts) {
+    if (!this.imapClient) throw new Error("IMAP not connected. Ensure imapflow is installed and connection succeeded.");
+    const limit = opts?.limit || 20;
+    const lock = await this.imapClient.getMailboxLock(folder || "INBOX");
+    try {
+      const envelopes = [];
+      const status = await this.imapClient.status(folder || "INBOX", { messages: true });
+      const total = status.messages || 0;
+      const start = Math.max(1, total - (opts?.offset || 0) - limit + 1);
+      const end = total - (opts?.offset || 0);
+      if (start > end || end < 1) return [];
+      for await (const msg of this.imapClient.fetch(`${start}:${end}`, { envelope: true, flags: true, bodyStructure: true })) {
+        envelopes.push({
+          uid: String(msg.uid),
+          from: {
+            name: msg.envelope?.from?.[0]?.name || void 0,
+            email: msg.envelope?.from?.[0]?.address || ""
+          },
+          to: (msg.envelope?.to || []).map((t) => ({
+            name: t.name || void 0,
+            email: t.address || ""
+          })),
+          subject: msg.envelope?.subject || "",
+          date: msg.envelope?.date?.toISOString() || "",
+          read: msg.flags?.has("\\Seen") || false,
+          flagged: msg.flags?.has("\\Flagged") || false,
+          hasAttachments: msg.bodyStructure?.childNodes?.length > 1 || false
+        });
+      }
+      return envelopes.reverse();
+    } finally {
+      lock.release();
+    }
+  }
+  async readMessage(uid, folder) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock(folder || "INBOX");
+    try {
+      const msg = await this.imapClient.fetchOne(uid, {
+        envelope: true,
+        flags: true,
+        source: true
+        // full RFC822 message
+      }, { uid: true });
+      if (!msg) throw new Error(`Message ${uid} not found`);
+      const source = msg.source?.toString("utf-8") || "";
+      const bodyMatch = source.match(/\r?\n\r?\n([\s\S]*)/);
+      const body = bodyMatch ? bodyMatch[1] : "";
+      return {
+        uid: String(msg.uid),
+        from: {
+          name: msg.envelope?.from?.[0]?.name || void 0,
+          email: msg.envelope?.from?.[0]?.address || ""
+        },
+        to: (msg.envelope?.to || []).map((t) => ({
+          name: t.name || void 0,
+          email: t.address || ""
+        })),
+        cc: (msg.envelope?.cc || []).map((c) => ({
+          name: c.name || void 0,
+          email: c.address || ""
+        })),
+        subject: msg.envelope?.subject || "",
+        body,
+        date: msg.envelope?.date?.toISOString() || "",
+        read: msg.flags?.has("\\Seen") || false,
+        flagged: msg.flags?.has("\\Flagged") || false,
+        folder: folder || "INBOX",
+        messageId: msg.envelope?.messageId || void 0,
+        inReplyTo: msg.envelope?.inReplyTo || void 0
+      };
+    } finally {
+      lock.release();
+    }
+  }
+  async searchMessages(criteria) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock("INBOX");
+    try {
+      const query = {};
+      if (criteria.from) query.from = criteria.from;
+      if (criteria.to) query.to = criteria.to;
+      if (criteria.subject) query.subject = criteria.subject;
+      if (criteria.text) query.body = criteria.text;
+      if (criteria.since) query.since = new Date(criteria.since);
+      if (criteria.before) query.before = new Date(criteria.before);
+      if (criteria.seen === true) query.seen = true;
+      if (criteria.seen === false) query.unseen = true;
+      const uids = await this.imapClient.search(query, { uid: true });
+      if (!uids.length) return [];
+      const envelopes = [];
+      const uidRange = uids.slice(-50).join(",");
+      for await (const msg of this.imapClient.fetch(uidRange, { envelope: true, flags: true }, { uid: true })) {
+        envelopes.push({
+          uid: String(msg.uid),
+          from: {
+            name: msg.envelope?.from?.[0]?.name || void 0,
+            email: msg.envelope?.from?.[0]?.address || ""
+          },
+          to: (msg.envelope?.to || []).map((t) => ({
+            name: t.name || void 0,
+            email: t.address || ""
+          })),
+          subject: msg.envelope?.subject || "",
+          date: msg.envelope?.date?.toISOString() || "",
+          read: msg.flags?.has("\\Seen") || false,
+          flagged: msg.flags?.has("\\Flagged") || false,
+          hasAttachments: false
+        });
+      }
+      return envelopes.reverse();
+    } finally {
+      lock.release();
+    }
+  }
+  async listFolders() {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const folders = [];
+    const mailboxes = await this.imapClient.list();
+    for (const mb of mailboxes) {
+      try {
+        const status = await this.imapClient.status(mb.path, { messages: true, unseen: true });
+        folders.push({
+          name: mb.name,
+          path: mb.path,
+          unread: status.unseen || 0,
+          total: status.messages || 0
+        });
+      } catch {
+        folders.push({ name: mb.name, path: mb.path, unread: 0, total: 0 });
+      }
+    }
+    return folders;
+  }
+  async createFolder(name) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    await this.imapClient.mailboxCreate(name);
+  }
+  // ─── Send (via SMTP) ───────────────────────────────
+  async send(options) {
+    const identity = this.getIdentity();
+    try {
+      const nodemailer = await import("nodemailer");
+      const transporter = nodemailer.createTransport({
+        host: identity.smtpHost,
+        port: identity.smtpPort || 587,
+        secure: (identity.smtpPort || 587) === 465,
+        auth: {
+          user: identity.email,
+          pass: identity.password || identity.accessToken
+        }
+      });
+      const result = await transporter.sendMail({
+        from: identity.email,
+        to: options.to,
+        cc: options.cc,
+        bcc: options.bcc,
+        subject: options.subject,
+        text: options.body,
+        html: options.html,
+        inReplyTo: options.inReplyTo,
+        references: options.references?.join(" "),
+        attachments: options.attachments?.map((a) => ({
+          filename: a.filename,
+          content: a.content,
+          contentType: a.contentType,
+          encoding: a.encoding
+        }))
+      });
+      return { messageId: result.messageId || `smtp-${Date.now()}` };
+    } catch (err) {
+      if (err.code === "ERR_MODULE_NOT_FOUND" || err.message?.includes("Cannot find")) {
+        throw new Error("nodemailer is required for SMTP sending. Install with: npm install nodemailer");
+      }
+      throw new Error(`SMTP send failed: ${err.message}`);
+    }
+  }
+  async reply(uid, body, replyAll = false) {
+    const original = await this.readMessage(uid);
+    const to = replyAll ? [original.from.email, ...(original.to || []).map((t) => t.email), ...(original.cc || []).map((c) => c.email)].filter((e) => e !== this.identity?.email).join(", ") : original.from.email;
+    return this.send({
+      to,
+      subject: original.subject.startsWith("Re:") ? original.subject : `Re: ${original.subject}`,
+      body,
+      inReplyTo: original.messageId,
+      references: original.references ? [...original.references, original.messageId] : original.messageId ? [original.messageId] : void 0
+    });
+  }
+  async forward(uid, to, body) {
+    const original = await this.readMessage(uid);
+    return this.send({
+      to,
+      subject: `Fwd: ${original.subject}`,
+      body: (body ? body + "\n\n" : "") + `---------- Forwarded message ----------
+From: ${original.from.email}
+Date: ${original.date}
+Subject: ${original.subject}
+
+` + original.body
+    });
+  }
+  // ─── Organize ───────────────────────────────────────
+  async moveMessage(uid, toFolder, _fromFolder) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock(_fromFolder || "INBOX");
+    try {
+      await this.imapClient.messageMove(uid, toFolder, { uid: true });
+    } finally {
+      lock.release();
+    }
+  }
+  async deleteMessage(uid, folder) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock(folder || "INBOX");
+    try {
+      await this.imapClient.messageDelete(uid, { uid: true });
+    } finally {
+      lock.release();
+    }
+  }
+  async markRead(uid, folder) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock(folder || "INBOX");
+    try {
+      await this.imapClient.messageFlagsAdd(uid, ["\\Seen"], { uid: true });
+    } finally {
+      lock.release();
+    }
+  }
+  async markUnread(uid, folder) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock(folder || "INBOX");
+    try {
+      await this.imapClient.messageFlagsRemove(uid, ["\\Seen"], { uid: true });
+    } finally {
+      lock.release();
+    }
+  }
+  async flagMessage(uid, folder) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock(folder || "INBOX");
+    try {
+      await this.imapClient.messageFlagsAdd(uid, ["\\Flagged"], { uid: true });
+    } finally {
+      lock.release();
+    }
+  }
+  async unflagMessage(uid, folder) {
+    if (!this.imapClient) throw new Error("IMAP not connected");
+    const lock = await this.imapClient.getMailboxLock(folder || "INBOX");
+    try {
+      await this.imapClient.messageFlagsRemove(uid, ["\\Flagged"], { uid: true });
+    } finally {
+      lock.release();
+    }
+  }
+  // ─── Batch ──────────────────────────────────────────
+  async batchMarkRead(uids, folder) {
+    for (const uid of uids) await this.markRead(uid, folder);
+  }
+  async batchMarkUnread(uids, folder) {
+    for (const uid of uids) await this.markUnread(uid, folder);
+  }
+  async batchMove(uids, toFolder, fromFolder) {
+    for (const uid of uids) await this.moveMessage(uid, toFolder, fromFolder);
+  }
+  async batchDelete(uids, folder) {
+    for (const uid of uids) await this.deleteMessage(uid, folder);
+  }
+};
+
 // src/agenticmail/providers/index.ts
 function createEmailProvider(provider) {
   switch (provider) {
@@ -634,7 +955,7 @@ function createEmailProvider(provider) {
     case "google":
       return new GoogleEmailProvider();
     case "imap":
-      throw new Error("Generic IMAP provider not yet implemented \u2014 use Microsoft or Google");
+      return new ImapEmailProvider();
     default:
       throw new Error(`Unknown email provider: ${provider}`);
   }

package/dist/managed-2CZ3CSGR.js

@@ -0,0 +1,17 @@
+import {
+  deployToCloud,
+  generateDockerCompose,
+  generateEnvFile,
+  generateFlyToml,
+  generateRailwayConfig
+} from "./chunk-7XMV4YKZ.js";
+import "./chunk-3SMTCIR4.js";
+import "./chunk-JLSQOQ5L.js";
+import "./chunk-GI5RMYH6.js";
+export {
+  deployToCloud,
+  generateDockerCompose,
+  generateEnvFile,
+  generateFlyToml,
+  generateRailwayConfig
+};

package/dist/mongodb-UEHZUXYD.js

@@ -0,0 +1,320 @@
+import {
+  DatabaseAdapter
+} from "./chunk-FLRYMSKY.js";
+import "./chunk-GI5RMYH6.js";
+
+// src/db/mongodb.ts
+import { randomUUID, createHash } from "crypto";
+var mongoMod;
+async function getMongo() {
+  if (!mongoMod) {
+    try {
+      const { resolveDriver } = await import("./resolve-driver-ZLJYEK72.js");
+      mongoMod = await resolveDriver("mongodb", "MongoDB driver not found. Install it: npm install mongodb");
+    } catch {
+      throw new Error("MongoDB driver not found. Install: npm install mongodb");
+    }
+  }
+  return mongoMod;
+}
+var MongoAdapter = class extends DatabaseAdapter {
+  type = "mongodb";
+  client = null;
+  db = null;
+  async connect(config) {
+    const { MongoClient } = await getMongo();
+    const uri = config.connectionString || `mongodb://${config.host || "localhost"}:${config.port || 27017}`;
+    this.client = new MongoClient(uri);
+    await this.client.connect();
+    const dbName = config.database || new URL(uri.replace("mongodb+srv://", "https://")).pathname.slice(1) || "agenticmail";
+    this.db = this.client.db(dbName);
+  }
+  async disconnect() {
+    if (this.client) await this.client.close();
+  }
+  isConnected() {
+    return this.client !== null;
+  }
+  col(name) {
+    return this.db.collection(name);
+  }
+  async migrate() {
+    await this.col("agents").createIndex({ name: 1 }, { unique: true });
+    await this.col("agents").createIndex({ email: 1 }, { unique: true });
+    await this.col("agents").createIndex({ status: 1 });
+    await this.col("users").createIndex({ email: 1 }, { unique: true });
+    await this.col("users").createIndex({ ssoProvider: 1, ssoSubject: 1 });
+    await this.col("audit_log").createIndex({ timestamp: -1 });
+    await this.col("audit_log").createIndex({ actor: 1 });
+    await this.col("audit_log").createIndex({ action: 1 });
+    await this.col("api_keys").createIndex({ keyHash: 1 }, { unique: true });
+    await this.col("email_rules").createIndex({ agentId: 1 });
+    await this.col("settings").updateOne(
+      { _id: "default" },
+      { $setOnInsert: { name: "", subdomain: "", plan: "free", primaryColor: "#6366f1", createdAt: /* @__PURE__ */ new Date(), updatedAt: /* @__PURE__ */ new Date() } },
+      { upsert: true }
+    );
+    await this.col("retention_policy").updateOne(
+      { _id: "default" },
+      { $setOnInsert: { enabled: false, retainDays: 365, excludeTags: [], archiveFirst: true } },
+      { upsert: true }
+    );
+  }
+  // ─── Company ─────────────────────────────────────────────
+  async getSettings() {
+    const r = await this.col("settings").findOne({ _id: "default" });
+    if (!r) return null;
+    return { id: "default", name: r.name, domain: r.domain, subdomain: r.subdomain, smtpHost: r.smtpHost, smtpPort: r.smtpPort, smtpUser: r.smtpUser, smtpPass: r.smtpPass, dkimPrivateKey: r.dkimPrivateKey, logoUrl: r.logoUrl, primaryColor: r.primaryColor, ssoConfig: r.ssoConfig, toolSecurityConfig: r.toolSecurityConfig || {}, firewallConfig: r.firewallConfig || {}, modelPricingConfig: r.modelPricingConfig || {}, plan: r.plan, deploymentKeyHash: r.deploymentKeyHash, domainRegistrationId: r.domainRegistrationId, domainDnsChallenge: r.domainDnsChallenge, domainVerifiedAt: r.domainVerifiedAt || void 0, domainRegisteredAt: r.domainRegisteredAt || void 0, domainStatus: r.domainStatus || "unregistered", createdAt: r.createdAt, updatedAt: r.updatedAt };
+  }
+  async updateSettings(updates) {
+    const { id, ...rest } = updates;
+    await this.col("settings").updateOne({ _id: "default" }, { $set: { ...rest, updatedAt: /* @__PURE__ */ new Date() } }, { upsert: true });
+    return this.getSettings();
+  }
+  // ─── Agents ──────────────────────────────────────────────
+  async createAgent(input) {
+    const doc = {
+      _id: input.id || randomUUID(),
+      name: input.name,
+      email: input.email || `${input.name.toLowerCase().replace(/\s+/g, "-")}@localhost`,
+      role: input.role || "assistant",
+      status: "active",
+      metadata: input.metadata || {},
+      createdBy: input.createdBy,
+      createdAt: /* @__PURE__ */ new Date(),
+      updatedAt: /* @__PURE__ */ new Date()
+    };
+    await this.col("agents").insertOne(doc);
+    return this.docToAgent(doc);
+  }
+  async getAgent(id) {
+    const r = await this.col("agents").findOne({ _id: id });
+    return r ? this.docToAgent(r) : null;
+  }
+  async getAgentByName(name) {
+    const r = await this.col("agents").findOne({ name });
+    return r ? this.docToAgent(r) : null;
+  }
+  async listAgents(opts) {
+    const filter = {};
+    if (opts?.status) filter.status = opts.status;
+    const cursor = this.col("agents").find(filter).sort({ createdAt: -1 });
+    if (opts?.offset) cursor.skip(opts.offset);
+    if (opts?.limit) cursor.limit(opts.limit);
+    return (await cursor.toArray()).map((r) => this.docToAgent(r));
+  }
+  async updateAgent(id, updates) {
+    const set = { updatedAt: /* @__PURE__ */ new Date() };
+    for (const key of ["name", "email", "role", "status", "metadata"]) {
+      if (updates[key] !== void 0) set[key] = updates[key];
+    }
+    await this.col("agents").updateOne({ _id: id }, { $set: set });
+    return await this.getAgent(id);
+  }
+  async archiveAgent(id) {
+    await this.col("agents").updateOne({ _id: id }, { $set: { status: "archived", updatedAt: /* @__PURE__ */ new Date() } });
+  }
+  async deleteAgent(id) {
+    await this.col("agents").deleteOne({ _id: id });
+  }
+  async countAgents(status) {
+    const filter = {};
+    if (status) filter.status = status;
+    return this.col("agents").countDocuments(filter);
+  }
+  // ─── Users ───────────────────────────────────────────────
+  async createUser(input) {
+    let passwordHash = null;
+    if (input.password) {
+      const { default: bcrypt } = await import("bcryptjs");
+      passwordHash = await bcrypt.hash(input.password, 12);
+    }
+    const doc = {
+      _id: randomUUID(),
+      email: input.email,
+      name: input.name,
+      role: input.role,
+      passwordHash,
+      ssoProvider: input.ssoProvider || null,
+      ssoSubject: input.ssoSubject || null,
+      createdAt: /* @__PURE__ */ new Date(),
+      updatedAt: /* @__PURE__ */ new Date(),
+      lastLoginAt: null
+    };
+    await this.col("users").insertOne(doc);
+    return this.docToUser(doc);
+  }
+  async getUser(id) {
+    const r = await this.col("users").findOne({ _id: id });
+    return r ? this.docToUser(r) : null;
+  }
+  async getUserByEmail(email) {
+    const r = await this.col("users").findOne({ email });
+    return r ? this.docToUser(r) : null;
+  }
+  async getUserBySso(provider, subject) {
+    const r = await this.col("users").findOne({ ssoProvider: provider, ssoSubject: subject });
+    return r ? this.docToUser(r) : null;
+  }
+  async listUsers(opts) {
+    const cursor = this.col("users").find({}).sort({ createdAt: -1 });
+    if (opts?.offset) cursor.skip(opts.offset);
+    if (opts?.limit) cursor.limit(opts.limit);
+    return (await cursor.toArray()).map((r) => this.docToUser(r));
+  }
+  async updateUser(id, updates) {
+    const set = { updatedAt: /* @__PURE__ */ new Date() };
+    for (const key of ["email", "name", "role", "lastLoginAt"]) {
+      if (updates[key] !== void 0) set[key] = updates[key];
+    }
+    await this.col("users").updateOne({ _id: id }, { $set: set });
+    return await this.getUser(id);
+  }
+  async deleteUser(id) {
+    await this.col("users").deleteOne({ _id: id });
+  }
+  // ─── Audit ───────────────────────────────────────────────
+  async logEvent(event) {
+    await this.col("audit_log").insertOne({
+      _id: randomUUID(),
+      timestamp: /* @__PURE__ */ new Date(),
+      actor: event.actor,
+      actorType: event.actorType,
+      action: event.action,
+      resource: event.resource,
+      details: event.details || {},
+      ip: event.ip || null
+    });
+  }
+  async queryAudit(filters) {
+    const filter = {};
+    if (filters.actor) filter.actor = filters.actor;
+    if (filters.action) filter.action = filters.action;
+    if (filters.resource) filter.resource = { $regex: filters.resource, $options: "i" };
+    if (filters.from || filters.to) {
+      filter.timestamp = {};
+      if (filters.from) filter.timestamp.$gte = filters.from;
+      if (filters.to) filter.timestamp.$lte = filters.to;
+    }
+    const total = await this.col("audit_log").countDocuments(filter);
+    const cursor = this.col("audit_log").find(filter).sort({ timestamp: -1 });
+    if (filters.offset) cursor.skip(filters.offset);
+    if (filters.limit) cursor.limit(filters.limit);
+    const rows = await cursor.toArray();
+    return {
+      events: rows.map((r) => ({
+        id: r._id,
+        timestamp: r.timestamp,
+        actor: r.actor,
+        actorType: r.actorType,
+        action: r.action,
+        resource: r.resource,
+        details: r.details,
+        ip: r.ip
+      })),
+      total
+    };
+  }
+  // ─── API Keys ────────────────────────────────────────────
+  async createApiKey(input) {
+    const id = randomUUID();
+    const plaintext = `ek_${randomUUID().replace(/-/g, "")}`;
+    const keyHash = createHash("sha256").update(plaintext).digest("hex");
+    const keyPrefix = plaintext.substring(0, 11);
+    const doc = {
+      _id: id,
+      name: input.name,
+      keyHash,
+      keyPrefix,
+      scopes: input.scopes,
+      createdBy: input.createdBy,
+      createdAt: /* @__PURE__ */ new Date(),
+      lastUsedAt: null,
+      expiresAt: input.expiresAt || null,
+      revoked: false
+    };
+    await this.col("api_keys").insertOne(doc);
+    return { key: this.docToApiKey(doc), plaintext };
+  }
+  async getApiKey(id) {
+    const r = await this.col("api_keys").findOne({ _id: id });
+    return r ? this.docToApiKey(r) : null;
+  }
+  async validateApiKey(plaintext) {
+    const keyHash = createHash("sha256").update(plaintext).digest("hex");
+    const r = await this.col("api_keys").findOne({ keyHash, revoked: false });
+    if (!r) return null;
+    const key = this.docToApiKey(r);
+    if (key.expiresAt && /* @__PURE__ */ new Date() > key.expiresAt) return null;
+    await this.col("api_keys").updateOne({ _id: r._id }, { $set: { lastUsedAt: /* @__PURE__ */ new Date() } });
+    return key;
+  }
+  async listApiKeys(opts) {
+    const filter = {};
+    if (opts?.createdBy) filter.createdBy = opts.createdBy;
+    return (await this.col("api_keys").find(filter).sort({ createdAt: -1 }).toArray()).map((r) => this.docToApiKey(r));
+  }
+  async revokeApiKey(id) {
+    await this.col("api_keys").updateOne({ _id: id }, { $set: { revoked: true } });
+  }
+  // ─── Rules ───────────────────────────────────────────────
+  async createRule(rule) {
+    const doc = {
+      _id: randomUUID(),
+      ...rule,
+      createdAt: /* @__PURE__ */ new Date(),
+      updatedAt: /* @__PURE__ */ new Date()
+    };
+    await this.col("email_rules").insertOne(doc);
+    return this.docToRule(doc);
+  }
+  async getRules(agentId) {
+    const filter = {};
+    if (agentId) filter.$or = [{ agentId }, { agentId: null }];
+    return (await this.col("email_rules").find(filter).sort({ priority: -1 }).toArray()).map((r) => this.docToRule(r));
+  }
+  async updateRule(id, updates) {
+    const { id: _id, createdAt, ...rest } = updates;
+    await this.col("email_rules").updateOne({ _id: id }, { $set: { ...rest, updatedAt: /* @__PURE__ */ new Date() } });
+    const r = await this.col("email_rules").findOne({ _id: id });
+    return this.docToRule(r);
+  }
+  async deleteRule(id) {
+    await this.col("email_rules").deleteOne({ _id: id });
+  }
+  // ─── Retention ───────────────────────────────────────────
+  async getRetentionPolicy() {
+    const r = await this.col("retention_policy").findOne({ _id: "default" });
+    if (!r) return { enabled: false, retainDays: 365, archiveFirst: true };
+    return { enabled: r.enabled, retainDays: r.retainDays, excludeTags: r.excludeTags || [], archiveFirst: r.archiveFirst };
+  }
+  async setRetentionPolicy(policy) {
+    await this.col("retention_policy").updateOne({ _id: "default" }, { $set: policy }, { upsert: true });
+  }
+  // ─── Stats ───────────────────────────────────────────────
+  async getStats() {
+    const [totalAgents, activeAgents, totalUsers, totalAuditEvents] = await Promise.all([
+      this.col("agents").countDocuments(),
+      this.col("agents").countDocuments({ status: "active" }),
+      this.col("users").countDocuments(),
+      this.col("audit_log").countDocuments()
+    ]);
+    return { totalAgents, activeAgents, totalUsers, totalEmails: 0, totalAuditEvents };
+  }
+  // ─── Mappers ─────────────────────────────────────────────
+  docToAgent(r) {
+    return { id: r._id, name: r.name, email: r.email, role: r.role, status: r.status, metadata: r.metadata || {}, createdBy: r.createdBy, createdAt: r.createdAt, updatedAt: r.updatedAt };
+  }
+  docToUser(r) {
+    return { id: r._id, email: r.email, name: r.name, role: r.role, passwordHash: r.passwordHash, ssoProvider: r.ssoProvider, ssoSubject: r.ssoSubject, createdAt: r.createdAt, updatedAt: r.updatedAt, lastLoginAt: r.lastLoginAt || void 0 };
+  }
+  docToApiKey(r) {
+    return { id: r._id, name: r.name, keyHash: r.keyHash, keyPrefix: r.keyPrefix, scopes: r.scopes || [], createdBy: r.createdBy, createdAt: r.createdAt, lastUsedAt: r.lastUsedAt || void 0, expiresAt: r.expiresAt || void 0, revoked: r.revoked };
+  }
+  docToRule(r) {
+    return { id: r._id, name: r.name, agentId: r.agentId, conditions: r.conditions || {}, actions: r.actions || {}, priority: r.priority, enabled: r.enabled, createdAt: r.createdAt, updatedAt: r.updatedAt };
+  }
+};
+export {
+  MongoAdapter
+};