@agenticmail/enterprise 0.5.520 → 0.5.522

package/dist/cli-serve-6WVHPRYG.js

@@ -0,0 +1,322 @@
+import "./chunk-KFQGP6VL.js";
+
+// src/cli-serve.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function loadEnvFile() {
+  const candidates = [
+    join(process.cwd(), ".env"),
+    join(homedir(), ".agenticmail", ".env")
+  ];
+  for (const envPath of candidates) {
+    if (!existsSync(envPath)) continue;
+    try {
+      const content = readFileSync(envPath, "utf8");
+      for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#")) continue;
+        const eq = trimmed.indexOf("=");
+        if (eq < 0) continue;
+        const key = trimmed.slice(0, eq).trim();
+        let val = trimmed.slice(eq + 1).trim();
+        if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
+          val = val.slice(1, -1);
+        }
+        if (!process.env[key]) process.env[key] = val;
+      }
+      console.log(`Loaded config from ${envPath}`);
+      return;
+    } catch {
+    }
+  }
+}
+async function ensureSecrets() {
+  const { randomUUID } = await import("crypto");
+  const envDir = join(homedir(), ".agenticmail");
+  const envPath = join(envDir, ".env");
+  let dirty = false;
+  if (!process.env.JWT_SECRET) {
+    process.env.JWT_SECRET = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new JWT_SECRET (existing sessions will need to re-login)");
+  }
+  if (!process.env.AGENTICMAIL_VAULT_KEY) {
+    process.env.AGENTICMAIL_VAULT_KEY = randomUUID() + randomUUID();
+    dirty = true;
+    console.log("[startup] Generated new AGENTICMAIL_VAULT_KEY");
+    console.log("[startup] \u26A0\uFE0F  Previously encrypted credentials will need to be re-entered in the dashboard");
+  }
+  if (dirty) {
+    try {
+      if (!existsSync(envDir)) {
+        const { mkdirSync } = await import("fs");
+        mkdirSync(envDir, { recursive: true });
+      }
+      const { appendFileSync } = await import("fs");
+      const lines = [];
+      let existing = "";
+      if (existsSync(envPath)) {
+        existing = readFileSync(envPath, "utf8");
+      }
+      if (!existing.includes("JWT_SECRET=")) {
+        lines.push(`JWT_SECRET=${process.env.JWT_SECRET}`);
+      }
+      if (!existing.includes("AGENTICMAIL_VAULT_KEY=")) {
+        lines.push(`AGENTICMAIL_VAULT_KEY=${process.env.AGENTICMAIL_VAULT_KEY}`);
+      }
+      if (lines.length) {
+        appendFileSync(envPath, "\n" + lines.join("\n") + "\n", { mode: 384 });
+        console.log(`[startup] Saved secrets to ${envPath}`);
+      }
+    } catch (e) {
+      console.warn(`[startup] Could not save secrets to ${envPath}: ${e.message}`);
+    }
+  }
+}
+async function runServe(_args) {
+  loadEnvFile();
+  const DATABASE_URL = process.env.DATABASE_URL;
+  const PORT = parseInt(process.env.PORT || "8080", 10);
+  await ensureSecrets();
+  const JWT_SECRET = process.env.JWT_SECRET;
+  const _VAULT_KEY = process.env.AGENTICMAIL_VAULT_KEY;
+  if (!DATABASE_URL) {
+    console.error("ERROR: DATABASE_URL is required.");
+    console.error("");
+    console.error("Set it via environment variable or .env file:");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db npx @agenticmail/enterprise start");
+    console.error("");
+    console.error("Or create a .env file (in cwd or ~/.agenticmail/.env):");
+    console.error("  DATABASE_URL=postgresql://user:pass@host:5432/db");
+    console.error("  JWT_SECRET=your-secret-here");
+    console.error("  PORT=3200");
+    process.exit(1);
+  }
+  const { createAdapter, smartDbConfig } = await import("./factory-6KTIEZYC.js");
+  const { createServer } = await import("./server-CDNUA6Y5.js");
+  const db = await createAdapter(smartDbConfig(DATABASE_URL));
+  await db.migrate();
+  const server = createServer({
+    port: PORT,
+    db,
+    jwtSecret: JWT_SECRET,
+    corsOrigins: ["*"]
+  });
+  await server.start();
+  console.log(`AgenticMail Enterprise server running on :${PORT}`);
+  try {
+    const { startWatcherEngine, initWatcherTables, setWatcherRuntime } = await import("./polymarket-watcher-UI7SIZDF.js");
+    const edb = db.getEngineDB?.();
+    if (edb) {
+      await initWatcherTables(edb);
+      startWatcherEngine(db, {
+        log: (...args) => console.log(...args),
+        onEvent: (agentId, event) => {
+          if (event.severity === "critical") {
+            console.log(`[poly-watcher] CRITICAL signal for agent ${agentId}: ${event.title}`);
+          }
+        }
+      });
+      setTimeout(async () => {
+        try {
+          const routes = await import("./routes-F3ZKYQBO.js");
+          setWatcherRuntime(
+            () => routes.getRuntime?.() || null
+          );
+        } catch (e) {
+          console.warn("[poly-watcher] Could not inject runtime:", e.message);
+        }
+      }, 5e3);
+      console.log("[startup] Polymarket watcher engine started");
+    }
+    setTimeout(async () => {
+      try {
+        const { autoConnectProxy } = await import("./polymarket-runtime-5MZSMBLF.js");
+        const pdb = db.getEngineDB?.();
+        if (pdb) await autoConnectProxy(pdb);
+      } catch {
+      }
+    }, 8e3);
+  } catch (e) {
+    console.warn("[startup] Polymarket watcher engine skipped:", e.message);
+  }
+  try {
+    const { startBackgroundUpdateCheck } = await import("./cli-update-SX7GACL3.js");
+    startBackgroundUpdateCheck();
+  } catch {
+  }
+  try {
+    const { startPreventSleep } = await import("./screen-unlock-4RPZBHOI.js");
+    const adminDb = server.getAdminDb?.() || server.adminDb;
+    if (adminDb) {
+      const settings = await adminDb.getSettings?.().catch(() => null);
+      const screenAccess = settings?.securityConfig?.screenAccess;
+      if (screenAccess?.enabled && screenAccess?.preventSleep) {
+        startPreventSleep();
+        console.log("[startup] Prevent-sleep enabled \u2014 system will stay awake while agents are active");
+      }
+    }
+  } catch {
+  }
+  try {
+    await setupSystemPersistence();
+  } catch (e) {
+    console.warn("[startup] System persistence setup skipped: " + e.message);
+  }
+  const tunnelToken = process.env.CLOUDFLARED_TOKEN;
+  if (tunnelToken) {
+    try {
+      const { execSync, spawn } = await import("child_process");
+      try {
+        execSync(process.platform === "win32" ? "where cloudflared" : "which cloudflared", { timeout: 3e3 });
+      } catch {
+        console.log("[startup] cloudflared not found \u2014 skipping tunnel auto-start");
+        console.log("[startup] Install cloudflared to enable tunnel: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/");
+        return;
+      }
+      try {
+        if (process.platform === "win32") {
+          const tasklist = execSync('tasklist /FI "IMAGENAME eq cloudflared.exe" /NH', { encoding: "utf8", timeout: 5e3 });
+          if (tasklist.includes("cloudflared.exe")) {
+            console.log("[startup] cloudflared tunnel already running");
+            return;
+          }
+        } else {
+          execSync('pgrep -f "cloudflared.*tunnel.*run"', { timeout: 3e3 });
+          console.log("[startup] cloudflared tunnel already running");
+          return;
+        }
+      } catch {
+      }
+      const subdomain = process.env.AGENTICMAIL_SUBDOMAIN || process.env.AGENTICMAIL_DOMAIN || "";
+      console.log(`[startup] Starting cloudflared tunnel${subdomain ? ` for ${subdomain}.agenticmail.io` : ""}...`);
+      let cfBin = "cloudflared";
+      if (process.platform === "win32") {
+        try {
+          cfBin = execSync("where cloudflared", { encoding: "utf8", timeout: 3e3 }).trim().split("\n")[0].trim();
+        } catch {
+          const candidate = `${process.env.LOCALAPPDATA || ""}\\cloudflared\\cloudflared.exe`;
+          try {
+            (await import("fs")).statSync(candidate);
+            cfBin = candidate;
+          } catch {
+          }
+        }
+      }
+      const child = spawn(cfBin, ["tunnel", "--no-autoupdate", "run", "--token", tunnelToken], {
+        detached: true,
+        stdio: "ignore"
+      });
+      child.unref();
+      console.log("[startup] cloudflared tunnel started (pid " + child.pid + ")");
+    } catch (e) {
+      console.warn("[startup] Could not auto-start cloudflared: " + e.message);
+    }
+  }
+}
+async function setupSystemPersistence() {
+  const { execSync, spawnSync } = await import("child_process");
+  const { existsSync: exists, writeFileSync, mkdirSync } = await import("fs");
+  const { join: pathJoin } = await import("path");
+  const platform = process.platform;
+  if (!process.env.PM2_HOME && !process.env.pm_id) {
+    return;
+  }
+  const markerDir = pathJoin(homedir(), ".agenticmail");
+  const markerFile = pathJoin(markerDir, ".persistence-configured");
+  if (exists(markerFile)) {
+    try {
+      execSync("pm2 save --silent", { timeout: 1e4, stdio: "ignore" });
+    } catch {
+    }
+    return;
+  }
+  console.log("[startup] Configuring system persistence (one-time setup)...");
+  try {
+    if (platform === "darwin") {
+      const result = spawnSync("pm2", ["startup", "launchd", "--silent"], {
+        timeout: 15e3,
+        stdio: "pipe",
+        encoding: "utf-8"
+      });
+      const output = (result.stdout || "") + (result.stderr || "");
+      const sudoMatch = output.match(/sudo\s+env\s+.*pm2\s+startup.*/);
+      if (sudoMatch) {
+        console.log("[startup] PM2 startup requires sudo. Run this once:");
+        console.log("  " + sudoMatch[0]);
+      } else {
+        console.log("[startup] PM2 startup configured (launchd)");
+      }
+      const plistPath = pathJoin(homedir(), "Library", "LaunchAgents", `pm2.${process.env.USER || "user"}.plist`);
+      if (exists(plistPath)) {
+        try {
+          execSync(`launchctl load -w "${plistPath}"`, { timeout: 5e3, stdio: "ignore" });
+        } catch {
+        }
+      }
+    } else if (platform === "linux") {
+      const result = spawnSync("pm2", ["startup", "systemd", "--silent"], {
+        timeout: 15e3,
+        stdio: "pipe",
+        encoding: "utf-8"
+      });
+      const output = (result.stdout || "") + (result.stderr || "");
+      const sudoMatch = output.match(/sudo\s+env\s+.*pm2\s+startup.*/);
+      if (sudoMatch) {
+        try {
+          execSync(sudoMatch[0], { timeout: 15e3, stdio: "ignore" });
+          console.log("[startup] PM2 startup configured (systemd)");
+        } catch {
+          console.log("[startup] PM2 startup requires root. Run this once:");
+          console.log("  " + sudoMatch[0]);
+        }
+      } else {
+        console.log("[startup] PM2 startup configured (systemd)");
+      }
+    } else if (platform === "win32") {
+      try {
+        execSync("npm list -g pm2-windows-startup", { timeout: 1e4, stdio: "ignore" });
+      } catch {
+        console.log("[startup] Installing pm2-windows-startup...");
+        try {
+          execSync("npm install -g pm2-windows-startup", { timeout: 6e4, stdio: "ignore" });
+          execSync("pm2-startup install", { timeout: 15e3, stdio: "ignore" });
+          console.log("[startup] PM2 startup configured (Windows Service)");
+        } catch (e) {
+          console.warn("[startup] Could not install pm2-windows-startup: " + e.message);
+        }
+      }
+    }
+  } catch (e) {
+    console.warn("[startup] PM2 startup setup: " + e.message);
+  }
+  try {
+    const moduleList = execSync("pm2 ls --silent 2>/dev/null || true", { timeout: 1e4, encoding: "utf-8" });
+    if (!moduleList.includes("pm2-logrotate")) {
+      console.log("[startup] Installing pm2-logrotate...");
+      execSync("pm2 install pm2-logrotate --silent", { timeout: 6e4, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:max_size 10M --silent", { timeout: 5e3, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:retain 5 --silent", { timeout: 5e3, stdio: "ignore" });
+      execSync("pm2 set pm2-logrotate:compress true --silent", { timeout: 5e3, stdio: "ignore" });
+      console.log("[startup] Log rotation configured (10MB, 5 files)");
+    }
+  } catch {
+  }
+  try {
+    execSync("pm2 save --silent", { timeout: 1e4, stdio: "ignore" });
+    console.log("[startup] Process list saved");
+  } catch {
+  }
+  try {
+    if (!exists(markerDir)) mkdirSync(markerDir, { recursive: true });
+    writeFileSync(markerFile, (/* @__PURE__ */ new Date()).toISOString() + `
+platform=${platform}
+`, { mode: 384 });
+    console.log("[startup] System persistence configured successfully");
+  } catch {
+  }
+}
+export {
+  runServe
+};

package/dist/cli.js

@@ -65,14 +65,14 @@ Skill Development:
     break;
   case "serve":
   case "start":
-    import("./cli-serve-UXM6AFZI.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
+    import("./cli-serve-6WVHPRYG.js").then((m) => m.runServe(args.slice(1))).catch(fatal);
     break;
   case "agent":
-    import("./cli-agent-334IT2RU.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
+    import("./cli-agent-HPLSQ3SO.js").then((m) => m.runAgent(args.slice(1))).catch(fatal);
     break;
   case "setup":
   default:
-    import("./setup-3L3CLBW4.js").then((m) => m.runSetupWizard()).catch(fatal);
+    import("./setup-CCOBENHY.js").then((m) => m.runSetupWizard()).catch(fatal);
     break;
 }
 function fatal(err) {

package/dist/dashboard/pages/polymarket.js

@@ -1787,9 +1787,19 @@ export function PolymarketPage() {
           h('div', { style: _tip }, h('strong', null, 'Tip: '), 'Create an agent with the "Polymarket Trader" template (Finance category) to get started.')
         )
       ),
+      wallet && wallet.mismatch && h('div', { style: { padding: '12px 16px', marginBottom: 16, background: 'rgba(239,68,68,0.1)', border: '2px solid rgba(239,68,68,0.4)', borderRadius: 8, color: '#dc2626' } },
+        h('strong', null, '\u26A0 WALLET KEY MISMATCH — '),
+        'The private key in the database derives address ',
+        h('code', { style: { fontSize: 12 } }, shortAddr(wallet.signerAddress)),
+        ' but your funded wallet is ',
+        h('code', { style: { fontSize: 12 } }, shortAddr(wallet.address)),
+        '. The agent cannot access funds at the stored address. ',
+        h('strong', null, 'This is likely caused by a VAULT_KEY change. '),
+        'Check your VAULT_KEY environment variable matches the one used when the wallet was created, then restart.'
+      ),
       h('div', { className: 'stats-grid', style: { display: "grid", gridTemplateColumns: "repeat(auto-fill,minmax(160px,1fr))", gap: "12px", marginBottom: "24px" } },
-        statCard('Funder', wallet ? shortAddr(wallet.address) : 'Not set', wallet ? 'Connected' : null),
-        wallet && wallet.signerAddress && wallet.signerAddress !== wallet.address ? statCard('Signer', shortAddr(wallet.signerAddress), 'Trading key') : null,
+        statCard('Funder', wallet ? shortAddr(wallet.address) : 'Not set', wallet ? (wallet.mismatch ? 'KEY MISMATCH' : 'Connected') : null),
+        wallet && wallet.signerAddress && wallet.signerAddress !== wallet.address ? statCard('Signer', shortAddr(wallet.signerAddress), wallet.mismatch ? 'Wrong key!' : 'Trading key') : null,
         statCard('Mode', config?.mode || 'N/A'),
         statCard('Pending', pendingTrades.length),
         statCard('Live Positions', livePositions.length),
@@ -2950,9 +2960,20 @@ export function PolymarketPage() {
               h('strong', null, '\u26A0 SECURITY WARNING'), h('br'),
               'Anyone with this key has FULL CONTROL of this wallet and all funds. Never share it. Never paste it into untrusted sites.'
             ),
+            exportedKey.mismatch && h('div', { style: { padding: 12, background: 'rgba(239,68,68,0.15)', border: '2px solid rgba(239,68,68,0.5)', borderRadius: 8, marginBottom: 16, fontSize: 12, color: '#dc2626', lineHeight: 1.6 } },
+              h('strong', null, '\u26A0 CRITICAL: KEY MISMATCH'), h('br'),
+              'This private key derives address ', h('code', null, exportedKey.address),
+              ' but your funded wallet is ', h('code', null, exportedKey.storedFunderAddress), '. ',
+              h('br'), h('strong', null, 'The agent CANNOT access funds at the stored address. '),
+              'This is likely caused by a VAULT_KEY environment variable change. Restore the original VAULT_KEY and restart to recover access.'
+            ),
             h('div', { style: { marginBottom: 16 } },
-              h('label', { style: _labelStyle }, 'Wallet Address'),
-              h('div', { style: { fontFamily: 'var(--font-mono)', fontSize: 13, padding: '10px 12px', background: 'var(--bg-secondary)', borderRadius: 6, wordBreak: 'break-all', userSelect: 'all' } }, exportedKey.address)
+              h('label', { style: _labelStyle }, exportedKey.mismatch ? 'Derived Address (from private key)' : 'Wallet Address'),
+              h('div', { style: { fontFamily: 'var(--font-mono)', fontSize: 13, padding: '10px 12px', background: 'var(--bg-secondary)', borderRadius: 6, wordBreak: 'break-all', userSelect: 'all' } }, exportedKey.address),
+              exportedKey.mismatch && h('div', { style: { marginTop: 8 } },
+                h('label', { style: _labelStyle }, 'Stored Funder Address (has funds)'),
+                h('div', { style: { fontFamily: 'var(--font-mono)', fontSize: 13, padding: '10px 12px', background: 'rgba(239,68,68,0.06)', borderRadius: 6, wordBreak: 'break-all', userSelect: 'all', border: '1px solid rgba(239,68,68,0.2)' } }, exportedKey.storedFunderAddress)
+              )
             ),
             h('div', { style: { marginBottom: 16 } },
               h('label', { style: _labelStyle }, 'Private Key'),

package/dist/index.js

@@ -7,7 +7,7 @@ import {
 import {
   provision,
   runSetupWizard
-} from "./chunk-43TMKHKH.js";
+} from "./chunk-OW7QTPAQ.js";
 import {
   AgenticMailManager,
   GoogleEmailProvider,
@@ -43,7 +43,7 @@ import {
   requireRole,
   securityHeaders,
   validate
-} from "./chunk-TVYI4NSK.js";
+} from "./chunk-ALQ4KGMS.js";
 import "./chunk-DJBCRQTD.js";
 import {
   PROVIDER_REGISTRY,

package/dist/server-CDNUA6Y5.js

@@ -0,0 +1,36 @@
+import {
+  createServer
+} from "./chunk-ALQ4KGMS.js";
+import "./chunk-DJBCRQTD.js";
+import "./chunk-UF3ZJMJO.js";
+import "./chunk-UEUOUZOD.js";
+import "./chunk-TK55CSBH.js";
+import "./chunk-Z7NVD3OQ.js";
+import "./chunk-VSBC4SWO.js";
+import "./chunk-AF3WSNVX.js";
+import "./chunk-74ZCQKYU.js";
+import "./chunk-ET6WZFPS.js";
+import "./chunk-FQWJMPKW.js";
+import "./chunk-ZW7JLXWZ.js";
+import "./chunk-NCODRQSS.js";
+import "./chunk-PSZU6FMQ.js";
+import "./chunk-PV334IXV.js";
+import "./chunk-X5IZUXDC.js";
+import "./chunk-I5IGHBXW.js";
+import "./chunk-3OB247K5.js";
+import "./chunk-WUAWWKTN.js";
+import "./chunk-2CDGYMJK.js";
+import "./chunk-V3LPIDTL.js";
+import "./chunk-A4CX3XQS.js";
+import "./chunk-BUJVI44B.js";
+import "./chunk-YDD5TC5Q.js";
+import "./chunk-37ABTUFU.js";
+import "./chunk-NU657BBQ.js";
+import "./chunk-PGAU3W3M.js";
+import "./chunk-FLQ5FLHW.js";
+import "./chunk-TOGMCQSJ.js";
+import "./chunk-22U7TZPN.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  createServer
+};

package/dist/setup-CCOBENHY.js

@@ -0,0 +1,20 @@
+import {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+} from "./chunk-OW7QTPAQ.js";
+import "./chunk-5KB5MAZK.js";
+import "./chunk-KFQGP6VL.js";
+export {
+  promptCompanyInfo,
+  promptDatabase,
+  promptDeployment,
+  promptDomain,
+  promptRegistration,
+  provision,
+  runSetupWizard
+};

package/logs/cloudflared-error.log

@@ -82,3 +82,7 @@
 2026-03-15 01:46:09: 2026-03-15T00:46:09Z ERR Request failed error="stream 8165 canceled by remote with error code 0" connIndex=3 dest=https://enterprise.agenticmail.io/api/polymarket/67ba24f1-c8af-40b4-9df5-c05b81fc1e7a/price-stream event=0 ip=198.41.200.23 type=http
 2026-03-15 01:46:15: 2026-03-15T00:46:15Z ERR  error="stream 405 canceled by remote with error code 0" connIndex=2 event=1 ingressRule=0 originService=http://localhost:3100
 2026-03-15 01:46:15: 2026-03-15T00:46:15Z ERR Request failed error="stream 405 canceled by remote with error code 0" connIndex=2 dest=https://enterprise.agenticmail.io/api/polymarket/stream?agentId=67ba24f1-c8af-40b4-9df5-c05b81fc1e7a event=0 ip=198.41.192.167 type=http
+2026-03-15 02:06:35: 2026-03-15T01:06:35Z ERR  error="stream 8853 canceled by remote with error code 0" connIndex=3 event=1 ingressRule=0 originService=http://localhost:3100
+2026-03-15 02:06:35: 2026-03-15T01:06:35Z ERR Request failed error="stream 8853 canceled by remote with error code 0" connIndex=3 dest=https://enterprise.agenticmail.io/api/polymarket/67ba24f1-c8af-40b4-9df5-c05b81fc1e7a/price-stream event=0 ip=198.41.200.23 type=http
+2026-03-15 02:06:41: 2026-03-15T01:06:41Z ERR  error="stream 8857 canceled by remote with error code 0" connIndex=3 event=1 ingressRule=0 originService=http://localhost:3100
+2026-03-15 02:06:41: 2026-03-15T01:06:41Z ERR Request failed error="stream 8857 canceled by remote with error code 0" connIndex=3 dest=https://enterprise.agenticmail.io/api/polymarket/stream?agentId=67ba24f1-c8af-40b4-9df5-c05b81fc1e7a event=0 ip=198.41.200.23 type=http

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/enterprise",
-  "version": "0.5.520",
+  "version": "0.5.522",
   "description": "AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations",
   "type": "module",
   "bin": {