@agenticmail/enterprise 0.5.78 → 0.5.79

package/dist/dashboard/pages/agent-detail.js

@@ -3974,7 +3974,319 @@ function ToolsSection(props) {
       })
     ),
 
-    filtered.length === 0 && h('div', { style: { textAlign: 'center', padding: 40, color: 'var(--text-muted)' } }, 'No tools match this filter.')
+    filtered.length === 0 && h('div', { style: { textAlign: 'center', padding: 40, color: 'var(--text-muted)' } }, 'No tools match this filter.'),
+
+    // ─── Browser Configuration ─────────────────────────
+    h(BrowserConfigCard, { agentId: agentId }),
+
+    // ─── Tool Restrictions ─────────────────────────────
+    h(ToolRestrictionsCard, { agentId: agentId })
+  );
+}
+
+// ════════════════════════════════════════════════════════════
+// BROWSER CONFIG CARD — Configurable browser settings per agent
+// ════════════════════════════════════════════════════════════
+
+function BrowserConfigCard(props) {
+  var agentId = props.agentId;
+  var _d = useApp(); var toast = _d.toast;
+  var _cfg = useState(null); var cfg = _cfg[0]; var setCfg = _cfg[1];
+  var _saving = useState(false); var saving = _saving[0]; var setSaving = _saving[1];
+  var _collapsed = useState(true); var collapsed = _collapsed[0]; var setCollapsed = _collapsed[1];
+
+  function load() {
+    engineCall('/bridge/agents/' + agentId + '/browser-config')
+      .then(function(d) { setCfg(d.config || {}); })
+      .catch(function() { setCfg({}); });
+  }
+
+  useEffect(function() { load(); }, [agentId]);
+
+  function save() {
+    setSaving(true);
+    engineCall('/bridge/agents/' + agentId + '/browser-config', {
+      method: 'PUT',
+      body: JSON.stringify(cfg),
+    }).then(function() { toast('Browser config saved', 'success'); setSaving(false); })
+      .catch(function(e) { toast(e.message, 'error'); setSaving(false); });
+  }
+
+  function update(key, value) {
+    setCfg(function(prev) { var n = Object.assign({}, prev); n[key] = value; return n; });
+  }
+
+  if (!cfg) return null;
+
+  var labelStyle = { display: 'block', fontSize: 12, fontWeight: 600, color: 'var(--text-secondary)', marginBottom: 4 };
+  var helpStyle = { fontSize: 11, color: 'var(--text-muted)', marginTop: 2 };
+
+  return h('div', { className: 'card', style: { marginTop: 16 } },
+    h('div', {
+      className: 'card-header',
+      style: { cursor: 'pointer', display: 'flex', alignItems: 'center', justifyContent: 'space-between' },
+      onClick: function() { setCollapsed(!collapsed); }
+    },
+      h('span', null, '\uD83C\uDF10 Browser Configuration'),
+      h('span', { style: { fontSize: 12, color: 'var(--text-muted)' } }, collapsed ? '\u25BC' : '\u25B2')
+    ),
+    !collapsed && h('div', { style: { padding: 16, display: 'grid', gap: 16 } },
+      // Headless mode
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Headless Mode'),
+        h('select', {
+          className: 'input', value: cfg.headless !== false ? 'true' : 'false',
+          onChange: function(e) { update('headless', e.target.value === 'true'); }
+        },
+          h('option', { value: 'true' }, 'Headless (no visible browser window)'),
+          h('option', { value: 'false' }, 'Headed (visible browser — needed for Meet/Teams)')
+        ),
+        h('div', { style: helpStyle }, 'Use headed mode for video calls (Google Meet, Teams) or visual debugging.')
+      ),
+
+      // SSRF Protection
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'URL Protection'),
+        h('select', {
+          className: 'input', value: cfg.ssrfProtection || 'permissive',
+          onChange: function(e) { update('ssrfProtection', e.target.value); }
+        },
+          h('option', { value: 'off' }, 'Off — No restrictions (full internet access)'),
+          h('option', { value: 'permissive' }, 'Permissive — Block known dangerous URLs only'),
+          h('option', { value: 'strict' }, 'Strict — Block private IPs, require allowlist')
+        ),
+        h('div', { style: helpStyle }, 'Controls which URLs the agent can navigate to.')
+      ),
+
+      // Allow JS Evaluation
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'JavaScript Evaluation'),
+        h('select', {
+          className: 'input', value: cfg.allowEvaluate !== false ? 'true' : 'false',
+          onChange: function(e) { update('allowEvaluate', e.target.value === 'true'); }
+        },
+          h('option', { value: 'true' }, 'Allowed — Agent can run JS in page context'),
+          h('option', { value: 'false' }, 'Blocked — No arbitrary JS execution')
+        )
+      ),
+
+      // Allow File URLs
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'File URLs (file://)'),
+        h('select', {
+          className: 'input', value: cfg.allowFileUrls ? 'true' : 'false',
+          onChange: function(e) { update('allowFileUrls', e.target.value === 'true'); }
+        },
+          h('option', { value: 'false' }, 'Blocked — Cannot access local files'),
+          h('option', { value: 'true' }, 'Allowed — Can open local file:// URLs')
+        )
+      ),
+
+      // Max Contexts
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Max Browser Contexts'),
+        h('input', {
+          className: 'input', type: 'number', min: 1, max: 50,
+          value: cfg.maxContexts || 10,
+          onChange: function(e) { update('maxContexts', parseInt(e.target.value) || 10); }
+        }),
+        h('div', { style: helpStyle }, 'Maximum concurrent browser windows/tabs.')
+      ),
+
+      // Navigation Timeout
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Navigation Timeout (ms)'),
+        h('input', {
+          className: 'input', type: 'number', min: 5000, max: 120000, step: 1000,
+          value: cfg.navigationTimeoutMs || 30000,
+          onChange: function(e) { update('navigationTimeoutMs', parseInt(e.target.value) || 30000); }
+        }),
+        h('div', { style: helpStyle }, 'Maximum time to wait for page loads.')
+      ),
+
+      // Idle Timeout
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Idle Timeout (minutes)'),
+        h('input', {
+          className: 'input', type: 'number', min: 1, max: 60,
+          value: Math.round((cfg.idleTimeoutMs || 300000) / 60000),
+          onChange: function(e) { update('idleTimeoutMs', (parseInt(e.target.value) || 5) * 60000); }
+        }),
+        h('div', { style: helpStyle }, 'Close browser after this many minutes of inactivity.')
+      ),
+
+      // Blocked URL Patterns
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Blocked URL Patterns'),
+        h('input', {
+          className: 'input', placeholder: '*://169.254.*, *://metadata.google.*',
+          value: (cfg.blockedUrlPatterns || []).join(', '),
+          onChange: function(e) { update('blockedUrlPatterns', e.target.value.split(',').map(function(s) { return s.trim(); }).filter(Boolean)); }
+        }),
+        h('div', { style: helpStyle }, 'Comma-separated URL patterns to block (supports *).')
+      ),
+
+      // Allowed URL Patterns (only for strict mode)
+      cfg.ssrfProtection === 'strict' && h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Allowed URL Patterns (Strict Mode)'),
+        h('input', {
+          className: 'input', placeholder: '*://example.com/*, *://api.service.com/*',
+          value: (cfg.allowedUrlPatterns || []).join(', '),
+          onChange: function(e) { update('allowedUrlPatterns', e.target.value.split(',').map(function(s) { return s.trim(); }).filter(Boolean)); }
+        }),
+        h('div', { style: helpStyle }, 'Only these URLs are allowed in strict mode.')
+      ),
+
+      // Save button
+      h('div', { style: { display: 'flex', justifyContent: 'flex-end', paddingTop: 8 } },
+        h('button', { className: 'btn', disabled: saving, onClick: save }, saving ? 'Saving...' : 'Save Browser Config')
+      )
+    )
+  );
+}
+
+// ════════════════════════════════════════════════════════════
+// TOOL RESTRICTIONS CARD — Per-agent restrictions
+// ════════════════════════════════════════════════════════════
+
+function ToolRestrictionsCard(props) {
+  var agentId = props.agentId;
+  var _d = useApp(); var toast = _d.toast;
+  var _cfg = useState(null); var cfg = _cfg[0]; var setCfg = _cfg[1];
+  var _saving = useState(false); var saving = _saving[0]; var setSaving = _saving[1];
+  var _collapsed = useState(true); var collapsed = _collapsed[0]; var setCollapsed = _collapsed[1];
+
+  function load() {
+    engineCall('/bridge/agents/' + agentId + '/tool-restrictions')
+      .then(function(d) { setCfg(d.restrictions || {}); })
+      .catch(function() { setCfg({}); });
+  }
+
+  useEffect(function() { load(); }, [agentId]);
+
+  function save() {
+    setSaving(true);
+    engineCall('/bridge/agents/' + agentId + '/tool-restrictions', {
+      method: 'PUT',
+      body: JSON.stringify(cfg),
+    }).then(function() { toast('Restrictions saved', 'success'); setSaving(false); })
+      .catch(function(e) { toast(e.message, 'error'); setSaving(false); });
+  }
+
+  function update(key, value) {
+    setCfg(function(prev) { var n = Object.assign({}, prev); n[key] = value; return n; });
+  }
+
+  if (!cfg) return null;
+
+  var labelStyle = { display: 'block', fontSize: 12, fontWeight: 600, color: 'var(--text-secondary)', marginBottom: 4 };
+  var helpStyle = { fontSize: 11, color: 'var(--text-muted)', marginTop: 2 };
+
+  return h('div', { className: 'card', style: { marginTop: 16 } },
+    h('div', {
+      className: 'card-header',
+      style: { cursor: 'pointer', display: 'flex', alignItems: 'center', justifyContent: 'space-between' },
+      onClick: function() { setCollapsed(!collapsed); }
+    },
+      h('span', null, '\uD83D\uDD12 Tool Restrictions'),
+      h('span', { style: { fontSize: 12, color: 'var(--text-muted)' } }, collapsed ? '\u25BC' : '\u25B2')
+    ),
+    !collapsed && h('div', { style: { padding: 16, display: 'grid', gap: 16 } },
+      // Max file size for read/write
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Max File Size (MB)'),
+        h('input', {
+          className: 'input', type: 'number', min: 1, max: 1000,
+          value: cfg.maxFileSizeMb || 50,
+          onChange: function(e) { update('maxFileSizeMb', parseInt(e.target.value) || 50); }
+        }),
+        h('div', { style: helpStyle }, 'Maximum file size the agent can read or write.')
+      ),
+
+      // Shell command execution
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Shell Command Execution'),
+        h('select', {
+          className: 'input', value: cfg.shellExecution || 'allowed',
+          onChange: function(e) { update('shellExecution', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Full shell access'),
+          h('option', { value: 'sandboxed' }, 'Sandboxed — Limited to safe commands'),
+          h('option', { value: 'blocked' }, 'Blocked — No shell execution')
+        ),
+        h('div', { style: helpStyle }, 'Controls whether the agent can run shell commands.')
+      ),
+
+      // Web fetch restrictions
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Web Fetch'),
+        h('select', {
+          className: 'input', value: cfg.webFetch || 'allowed',
+          onChange: function(e) { update('webFetch', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Can fetch any URL'),
+          h('option', { value: 'restricted' }, 'Restricted — Only allowed domains'),
+          h('option', { value: 'blocked' }, 'Blocked — No web fetching')
+        )
+      ),
+
+      // Email sending restrictions
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Email Sending'),
+        h('select', {
+          className: 'input', value: cfg.emailSending || 'allowed',
+          onChange: function(e) { update('emailSending', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Can send to anyone'),
+          h('option', { value: 'internal' }, 'Internal Only — Same domain only'),
+          h('option', { value: 'approval' }, 'Requires Approval — Manager must approve'),
+          h('option', { value: 'blocked' }, 'Blocked — No email sending')
+        ),
+        h('div', { style: helpStyle }, 'Controls who the agent can email.')
+      ),
+
+      // Database access
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Database Access'),
+        h('select', {
+          className: 'input', value: cfg.databaseAccess || 'readwrite',
+          onChange: function(e) { update('databaseAccess', e.target.value); }
+        },
+          h('option', { value: 'readwrite' }, 'Read + Write — Full database access'),
+          h('option', { value: 'readonly' }, 'Read Only — SELECT queries only'),
+          h('option', { value: 'blocked' }, 'Blocked — No database access')
+        )
+      ),
+
+      // Drive/file sharing
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'File Sharing (Drive)'),
+        h('select', {
+          className: 'input', value: cfg.fileSharing || 'allowed',
+          onChange: function(e) { update('fileSharing', e.target.value); }
+        },
+          h('option', { value: 'allowed' }, 'Allowed — Can share files externally'),
+          h('option', { value: 'internal' }, 'Internal Only — Share within org only'),
+          h('option', { value: 'blocked' }, 'Blocked — No file sharing')
+        )
+      ),
+
+      // Rate limiting
+      h('div', { className: 'form-group' },
+        h('label', { style: labelStyle }, 'Rate Limit (calls per minute)'),
+        h('input', {
+          className: 'input', type: 'number', min: 0, max: 1000,
+          value: cfg.rateLimit || 0,
+          onChange: function(e) { update('rateLimit', parseInt(e.target.value) || 0); }
+        }),
+        h('div', { style: helpStyle }, '0 = no limit. Applies across all tool calls.')
+      ),
+
+      // Save button
+      h('div', { style: { display: 'flex', justifyContent: 'flex-end', paddingTop: 8 } },
+        h('button', { className: 'btn', disabled: saving, onClick: save }, saving ? 'Saving...' : 'Save Restrictions')
+      )
+    )
   );
 }
 

package/dist/index.js

@@ -35,8 +35,9 @@ import {
   executeTool,
   runAgentLoop,
   toolsToDefinitions
-} from "./chunk-GINZ56GG.js";
+} from "./chunk-7RNT4O5T.js";
 import "./chunk-TYW5XTOW.js";
+import "./chunk-VX3VFMVB.js";
 import {
   ValidationError,
   auditLogger,
@@ -50,11 +51,11 @@ import {
   requireRole,
   securityHeaders,
   validate
-} from "./chunk-CYABMD5B.js";
+} from "./chunk-Q3V7VZFQ.js";
 import {
   provision,
   runSetupWizard
-} from "./chunk-NRKB2KGD.js";
+} from "./chunk-PZA7YOJE.js";
 import {
   ENGINE_TABLES,
   ENGINE_TABLES_POSTGRES,