@agenticmail/enterprise 0.5.53 → 0.5.54

package/src/engine/agent-routes.ts

@@ -389,5 +389,313 @@ export function createAgentRoutes(opts: {
     });
   });
 
+  // ─── Email Configuration ──────────────────────────────
+
+  /**
+   * GET /bridge/agents/:id/email-config — Get agent's email configuration (without password).
+   */
+  router.get('/bridge/agents/:id/email-config', (c) => {
+    const agentId = c.req.param('id');
+    const managed = lifecycle.getAgent(agentId);
+    if (!managed) return c.json({ error: 'Agent not found' }, 404);
+
+    const emailConfig = managed.config?.emailConfig || null;
+    if (!emailConfig) return c.json({ configured: false });
+
+    // Return config without sensitive data
+    return c.json({
+      configured: true,
+      provider: emailConfig.provider,
+      email: emailConfig.email,
+      status: emailConfig.status || 'unknown',
+      // IMAP details (no password)
+      imapHost: emailConfig.imapHost,
+      imapPort: emailConfig.imapPort,
+      smtpHost: emailConfig.smtpHost,
+      smtpPort: emailConfig.smtpPort,
+      // OAuth details (no tokens)
+      oauthProvider: emailConfig.oauthProvider,
+      oauthClientId: emailConfig.oauthClientId,
+      oauthConfigured: !!emailConfig.oauthAccessToken,
+      lastConnected: emailConfig.lastConnected,
+      lastError: emailConfig.lastError,
+    });
+  });
+
+  /**
+   * PUT /bridge/agents/:id/email-config — Set or update agent's email configuration.
+   *
+   * Supports three modes:
+   *   1. IMAP/SMTP: { provider: 'imap', email, password, imapHost, smtpHost, ... }
+   *   2. Microsoft OAuth: { provider: 'microsoft', oauthClientId, oauthClientSecret, oauthTenantId }
+   *   3. Google OAuth: { provider: 'google', oauthClientId, oauthClientSecret }
+   *
+   * For IMAP, auto-detects settings for known providers (Microsoft 365, Gmail, etc.)
+   */
+  router.put('/bridge/agents/:id/email-config', async (c) => {
+    const agentId = c.req.param('id');
+    const managed = lifecycle.getAgent(agentId);
+    if (!managed) return c.json({ error: 'Agent not found' }, 404);
+
+    const body = await c.req.json();
+    const { provider, email, password, imapHost, imapPort, smtpHost, smtpPort, preset,
+            oauthClientId, oauthClientSecret, oauthTenantId, oauthRedirectUri } = body;
+
+    if (!provider) return c.json({ error: 'provider is required (imap, microsoft, or google)' }, 400);
+    if (!email && provider === 'imap') return c.json({ error: 'email is required' }, 400);
+
+    const emailConfig: any = {
+      provider,
+      email: email || managed.config?.identity?.email || managed.config?.email,
+      updatedAt: new Date().toISOString(),
+    };
+
+    if (provider === 'imap') {
+      // Auto-detect IMAP/SMTP from well-known providers
+      if (preset && !imapHost) {
+        const PRESETS: Record<string, any> = {
+          'microsoft365': { imapHost: 'outlook.office365.com', imapPort: 993, smtpHost: 'smtp.office365.com', smtpPort: 587 },
+          'gmail': { imapHost: 'imap.gmail.com', imapPort: 993, smtpHost: 'smtp.gmail.com', smtpPort: 587 },
+          'yahoo': { imapHost: 'imap.mail.yahoo.com', imapPort: 993, smtpHost: 'smtp.mail.yahoo.com', smtpPort: 465 },
+          'zoho': { imapHost: 'imap.zoho.com', imapPort: 993, smtpHost: 'smtp.zoho.com', smtpPort: 587 },
+          'fastmail': { imapHost: 'imap.fastmail.com', imapPort: 993, smtpHost: 'smtp.fastmail.com', smtpPort: 587 },
+          'icloud': { imapHost: 'imap.mail.me.com', imapPort: 993, smtpHost: 'smtp.mail.me.com', smtpPort: 587 },
+        };
+        const presetConfig = PRESETS[preset];
+        if (presetConfig) Object.assign(emailConfig, presetConfig);
+        else return c.json({ error: `Unknown preset: ${preset}. Valid: ${Object.keys(PRESETS).join(', ')}` }, 400);
+      } else {
+        emailConfig.imapHost = imapHost;
+        emailConfig.imapPort = imapPort || 993;
+        emailConfig.smtpHost = smtpHost;
+        emailConfig.smtpPort = smtpPort || 587;
+      }
+
+      if (!emailConfig.imapHost || !emailConfig.smtpHost) {
+        return c.json({ error: 'imapHost and smtpHost are required (or use a preset)' }, 400);
+      }
+
+      if (password) {
+        emailConfig.password = password; // stored encrypted in production
+      }
+
+      emailConfig.status = 'configured';
+
+    } else if (provider === 'microsoft') {
+      // Microsoft OAuth (Azure AD / Entra ID)
+      emailConfig.oauthProvider = 'microsoft';
+      emailConfig.oauthClientId = oauthClientId;
+      emailConfig.oauthClientSecret = oauthClientSecret;
+      emailConfig.oauthTenantId = oauthTenantId || 'common';
+      emailConfig.oauthRedirectUri = oauthRedirectUri || '';
+      emailConfig.oauthScopes = ['https://graph.microsoft.com/Mail.ReadWrite', 'https://graph.microsoft.com/Mail.Send', 'offline_access'];
+
+      if (!oauthClientId) return c.json({ error: 'oauthClientId is required for Microsoft OAuth' }, 400);
+
+      // Build the authorization URL
+      const authUrl = `https://login.microsoftonline.com/${emailConfig.oauthTenantId}/oauth2/v2.0/authorize?` +
+        `client_id=${encodeURIComponent(oauthClientId)}&response_type=code&` +
+        `redirect_uri=${encodeURIComponent(emailConfig.oauthRedirectUri)}&` +
+        `scope=${encodeURIComponent(emailConfig.oauthScopes.join(' '))}&` +
+        `state=${agentId}&prompt=consent`;
+      emailConfig.oauthAuthUrl = authUrl;
+      emailConfig.status = 'awaiting_oauth';
+
+    } else if (provider === 'google') {
+      // Google OAuth (Google Workspace)
+      emailConfig.oauthProvider = 'google';
+      emailConfig.oauthClientId = oauthClientId;
+      emailConfig.oauthClientSecret = oauthClientSecret;
+      emailConfig.oauthRedirectUri = oauthRedirectUri || '';
+      emailConfig.oauthScopes = ['https://www.googleapis.com/auth/gmail.modify', 'https://www.googleapis.com/auth/gmail.send'];
+
+      if (!oauthClientId) return c.json({ error: 'oauthClientId is required for Google OAuth' }, 400);
+
+      const authUrl = `https://accounts.google.com/o/oauth2/v2/auth?` +
+        `client_id=${encodeURIComponent(oauthClientId)}&response_type=code&` +
+        `redirect_uri=${encodeURIComponent(emailConfig.oauthRedirectUri)}&` +
+        `scope=${encodeURIComponent(emailConfig.oauthScopes.join(' '))}&` +
+        `access_type=offline&prompt=consent&state=${agentId}`;
+      emailConfig.oauthAuthUrl = authUrl;
+      emailConfig.status = 'awaiting_oauth';
+    } else {
+      return c.json({ error: `Unknown provider: ${provider}. Valid: imap, microsoft, google` }, 400);
+    }
+
+    // Save to agent config
+    const _managed = lifecycle.getAgent(agentId); if (_managed) { _managed.config.emailConfig = emailConfig; _managed.updatedAt = new Date().toISOString(); }
+
+    return c.json({
+      success: true,
+      emailConfig: {
+        provider: emailConfig.provider,
+        email: emailConfig.email,
+        status: emailConfig.status,
+        oauthAuthUrl: emailConfig.oauthAuthUrl || undefined,
+      },
+    });
+  });
+
+  /**
+   * POST /bridge/agents/:id/email-config/oauth-callback — Exchange OAuth code for tokens.
+   * Called after user completes the OAuth consent flow.
+   */
+  router.post('/bridge/agents/:id/email-config/oauth-callback', async (c) => {
+    const agentId = c.req.param('id');
+    const managed = lifecycle.getAgent(agentId);
+    if (!managed) return c.json({ error: 'Agent not found' }, 404);
+
+    const { code } = await c.req.json();
+    if (!code) return c.json({ error: 'OAuth authorization code is required' }, 400);
+
+    const emailConfig = managed.config?.emailConfig;
+    if (!emailConfig) return c.json({ error: 'No email config found — configure email first' }, 400);
+
+    try {
+      if (emailConfig.oauthProvider === 'microsoft') {
+        const tokenRes = await fetch(`https://login.microsoftonline.com/${emailConfig.oauthTenantId || 'common'}/oauth2/v2.0/token`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+          body: new URLSearchParams({
+            client_id: emailConfig.oauthClientId,
+            client_secret: emailConfig.oauthClientSecret,
+            code,
+            redirect_uri: emailConfig.oauthRedirectUri,
+            grant_type: 'authorization_code',
+            scope: emailConfig.oauthScopes.join(' '),
+          }),
+        });
+
+        if (!tokenRes.ok) {
+          const errText = await tokenRes.text();
+          return c.json({ error: `Microsoft token exchange failed: ${errText}` }, 400);
+        }
+
+        const tokens = await tokenRes.json() as any;
+        emailConfig.oauthAccessToken = tokens.access_token;
+        emailConfig.oauthRefreshToken = tokens.refresh_token;
+        emailConfig.oauthTokenExpiry = new Date(Date.now() + (tokens.expires_in * 1000)).toISOString();
+
+        // Get the user's email from Graph
+        try {
+          const profileRes = await fetch('https://graph.microsoft.com/v1.0/me?$select=mail,displayName', {
+            headers: { Authorization: `Bearer ${tokens.access_token}` },
+          });
+          if (profileRes.ok) {
+            const profile = await profileRes.json() as any;
+            if (profile.mail) emailConfig.email = profile.mail;
+          }
+        } catch {}
+
+      } else if (emailConfig.oauthProvider === 'google') {
+        const tokenRes = await fetch('https://oauth2.googleapis.com/token', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+          body: new URLSearchParams({
+            client_id: emailConfig.oauthClientId,
+            client_secret: emailConfig.oauthClientSecret,
+            code,
+            redirect_uri: emailConfig.oauthRedirectUri,
+            grant_type: 'authorization_code',
+          }),
+        });
+
+        if (!tokenRes.ok) {
+          const errText = await tokenRes.text();
+          return c.json({ error: `Google token exchange failed: ${errText}` }, 400);
+        }
+
+        const tokens = await tokenRes.json() as any;
+        emailConfig.oauthAccessToken = tokens.access_token;
+        emailConfig.oauthRefreshToken = tokens.refresh_token;
+        emailConfig.oauthTokenExpiry = new Date(Date.now() + (tokens.expires_in * 1000)).toISOString();
+
+        // Get the user's email from Gmail
+        try {
+          const profileRes = await fetch('https://gmail.googleapis.com/gmail/v1/users/me/profile', {
+            headers: { Authorization: `Bearer ${tokens.access_token}` },
+          });
+          if (profileRes.ok) {
+            const profile = await profileRes.json() as any;
+            if (profile.emailAddress) emailConfig.email = profile.emailAddress;
+          }
+        } catch {}
+      }
+
+      emailConfig.status = 'connected';
+      emailConfig.lastConnected = new Date().toISOString();
+      emailConfig.lastError = null;
+      const _managed = lifecycle.getAgent(agentId); if (_managed) { _managed.config.emailConfig = emailConfig; _managed.updatedAt = new Date().toISOString(); }
+
+      return c.json({ success: true, email: emailConfig.email, status: 'connected' });
+    } catch (err: any) {
+      emailConfig.status = 'error';
+      emailConfig.lastError = err.message;
+      const _managed = lifecycle.getAgent(agentId); if (_managed) { _managed.config.emailConfig = emailConfig; _managed.updatedAt = new Date().toISOString(); }
+      return c.json({ error: err.message }, 500);
+    }
+  });
+
+  /**
+   * POST /bridge/agents/:id/email-config/test — Test email connection.
+   */
+  router.post('/bridge/agents/:id/email-config/test', async (c) => {
+    const agentId = c.req.param('id');
+    const managed = lifecycle.getAgent(agentId);
+    if (!managed) return c.json({ error: 'Agent not found' }, 404);
+
+    const emailConfig = managed.config?.emailConfig;
+    if (!emailConfig) return c.json({ error: 'No email config found' }, 400);
+
+    try {
+      if (emailConfig.provider === 'imap') {
+        // Test IMAP connection
+        const { ImapFlow } = await import('imapflow');
+        const client = new (ImapFlow as any)({
+          host: emailConfig.imapHost,
+          port: emailConfig.imapPort || 993,
+          secure: true,
+          auth: { user: emailConfig.email, pass: emailConfig.password },
+          logger: false,
+        });
+        await client.connect();
+        const status = await client.status('INBOX', { messages: true, unseen: true });
+        await client.logout();
+
+        return c.json({ success: true, inbox: { total: status.messages, unread: status.unseen } });
+      } else if (emailConfig.provider === 'microsoft' && emailConfig.oauthAccessToken) {
+        const res = await fetch('https://graph.microsoft.com/v1.0/me/mailFolders/inbox?$select=totalItemCount,unreadItemCount', {
+          headers: { Authorization: `Bearer ${emailConfig.oauthAccessToken}` },
+        });
+        if (!res.ok) throw new Error(`Graph API ${res.status}`);
+        const data = await res.json() as any;
+        return c.json({ success: true, inbox: { total: data.totalItemCount, unread: data.unreadItemCount } });
+      } else if (emailConfig.provider === 'google' && emailConfig.oauthAccessToken) {
+        const res = await fetch('https://gmail.googleapis.com/gmail/v1/users/me/profile', {
+          headers: { Authorization: `Bearer ${emailConfig.oauthAccessToken}` },
+        });
+        if (!res.ok) throw new Error(`Gmail API ${res.status}`);
+        const data = await res.json() as any;
+        return c.json({ success: true, email: data.emailAddress, totalMessages: data.messagesTotal });
+      } else {
+        return c.json({ error: 'Provider not fully configured or unsupported' }, 400);
+      }
+    } catch (err: any) {
+      return c.json({ success: false, error: err.message }, 200);
+    }
+  });
+
+  /**
+   * DELETE /bridge/agents/:id/email-config — Disconnect email.
+   */
+  router.delete('/bridge/agents/:id/email-config', (c) => {
+    const agentId = c.req.param('id');
+    const managed = lifecycle.getAgent(agentId);
+    if (!managed) return c.json({ error: 'Agent not found' }, 404);
+
+    const _m = lifecycle.getAgent(agentId); if (_m) { _m.config.emailConfig = null; _m.updatedAt = new Date().toISOString(); }
+    return c.json({ success: true });
+  });
+
   return router;
 }