@agenticmail/mcp 0.9.5 → 0.9.6

package/dist/index.js

@@ -3105,6 +3105,9 @@ var require_utils = __commonJS({
     "use strict";
     var isUUID = RegExp.prototype.test.bind(/^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}$/iu);
     var isIPv4 = RegExp.prototype.test.bind(/^(?:(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)$/u);
+    var isHexPair = RegExp.prototype.test.bind(/^[\da-f]{2}$/iu);
+    var isUnreserved = RegExp.prototype.test.bind(/^[\da-z\-._~]$/iu);
+    var isPathCharacter = RegExp.prototype.test.bind(/^[\da-z\-._~!$&'()*+,;=:@/]$/iu);
     function stringArrayToHexStripped(input) {
       let acc = "";
       let code = 0;
@@ -3297,27 +3300,77 @@ var require_utils = __commonJS({
       }
       return output.join("");
     }
-    function normalizeComponentEncoding(component, esc2) {
-      const func = esc2 !== true ? escape : unescape;
-      if (component.scheme !== void 0) {
-        component.scheme = func(component.scheme);
-      }
-      if (component.userinfo !== void 0) {
-        component.userinfo = func(component.userinfo);
-      }
-      if (component.host !== void 0) {
-        component.host = func(component.host);
+    var HOST_DELIMS = { "@": "%40", "/": "%2F", "?": "%3F", "#": "%23", ":": "%3A" };
+    var HOST_DELIM_RE = /[@/?#:]/g;
+    var HOST_DELIM_NO_COLON_RE = /[@/?#]/g;
+    function reescapeHostDelimiters(host, isIP) {
+      const re = isIP ? HOST_DELIM_NO_COLON_RE : HOST_DELIM_RE;
+      re.lastIndex = 0;
+      return host.replace(re, (ch) => HOST_DELIMS[ch]);
+    }
+    function normalizePercentEncoding(input, decodeUnreserved = false) {
+      if (input.indexOf("%") === -1) {
+        return input;
       }
-      if (component.path !== void 0) {
-        component.path = func(component.path);
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex = input.slice(i + 1, i + 3);
+          if (isHexPair(hex)) {
+            const normalizedHex = hex.toUpperCase();
+            const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+            if (decodeUnreserved && isUnreserved(decoded)) {
+              output += decoded;
+            } else {
+              output += "%" + normalizedHex;
+            }
+            i += 2;
+            continue;
+          }
+        }
+        output += input[i];
       }
-      if (component.query !== void 0) {
-        component.query = func(component.query);
+      return output;
+    }
+    function normalizePathEncoding(input) {
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex = input.slice(i + 1, i + 3);
+          if (isHexPair(hex)) {
+            const normalizedHex = hex.toUpperCase();
+            const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+            if (decoded !== "." && isUnreserved(decoded)) {
+              output += decoded;
+            } else {
+              output += "%" + normalizedHex;
+            }
+            i += 2;
+            continue;
+          }
+        }
+        if (isPathCharacter(input[i])) {
+          output += input[i];
+        } else {
+          output += escape(input[i]);
+        }
       }
-      if (component.fragment !== void 0) {
-        component.fragment = func(component.fragment);
+      return output;
+    }
+    function escapePreservingEscapes(input) {
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex = input.slice(i + 1, i + 3);
+          if (isHexPair(hex)) {
+            output += "%" + hex.toUpperCase();
+            i += 2;
+            continue;
+          }
+        }
+        output += escape(input[i]);
       }
-      return component;
+      return output;
     }
     function recomposeAuthority(component) {
       const uriTokens = [];
@@ -3332,7 +3385,7 @@ var require_utils = __commonJS({
           if (ipV6res.isIPV6 === true) {
             host = `[${ipV6res.escapedHost}]`;
           } else {
-            host = component.host;
+            host = reescapeHostDelimiters(host, false);
           }
         }
         uriTokens.push(host);
@@ -3346,7 +3399,10 @@ var require_utils = __commonJS({
     module.exports = {
       nonSimpleDomain,
       recomposeAuthority,
-      normalizeComponentEncoding,
+      reescapeHostDelimiters,
+      normalizePercentEncoding,
+      normalizePathEncoding,
+      escapePreservingEscapes,
       removeDotSegments,
       isIPv4,
       isUUID,
@@ -3570,12 +3626,12 @@ var require_schemes = __commonJS({
 var require_fast_uri = __commonJS({
   "../../node_modules/fast-uri/index.js"(exports, module) {
     "use strict";
-    var { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizeComponentEncoding, isIPv4, nonSimpleDomain } = require_utils();
+    var { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizePercentEncoding, normalizePathEncoding, escapePreservingEscapes, reescapeHostDelimiters, isIPv4, nonSimpleDomain } = require_utils();
     var { SCHEMES, getSchemeHandler } = require_schemes();
     function normalize(uri, options) {
       if (typeof uri === "string") {
         uri = /** @type {T} */
-        serialize(parse3(uri, options), options);
+        normalizeString(uri, options);
       } else if (typeof uri === "object") {
         uri = /** @type {T} */
         parse3(serialize(uri, options), options);
@@ -3642,19 +3698,9 @@ var require_fast_uri = __commonJS({
       return target;
     }
     function equal(uriA, uriB, options) {
-      if (typeof uriA === "string") {
-        uriA = unescape(uriA);
-        uriA = serialize(normalizeComponentEncoding(parse3(uriA, options), true), { ...options, skipEscape: true });
-      } else if (typeof uriA === "object") {
-        uriA = serialize(normalizeComponentEncoding(uriA, true), { ...options, skipEscape: true });
-      }
-      if (typeof uriB === "string") {
-        uriB = unescape(uriB);
-        uriB = serialize(normalizeComponentEncoding(parse3(uriB, options), true), { ...options, skipEscape: true });
-      } else if (typeof uriB === "object") {
-        uriB = serialize(normalizeComponentEncoding(uriB, true), { ...options, skipEscape: true });
-      }
-      return uriA.toLowerCase() === uriB.toLowerCase();
+      const normalizedA = normalizeComparableURI(uriA, options);
+      const normalizedB = normalizeComparableURI(uriB, options);
+      return normalizedA !== void 0 && normalizedB !== void 0 && normalizedA.toLowerCase() === normalizedB.toLowerCase();
     }
     function serialize(cmpts, opts) {
       const component = {
@@ -3679,12 +3725,12 @@ var require_fast_uri = __commonJS({
       if (schemeHandler && schemeHandler.serialize) schemeHandler.serialize(component, options);
       if (component.path !== void 0) {
         if (!options.skipEscape) {
-          component.path = escape(component.path);
+          component.path = escapePreservingEscapes(component.path);
           if (component.scheme !== void 0) {
             component.path = component.path.split("%3A").join(":");
           }
         } else {
-          component.path = unescape(component.path);
+          component.path = normalizePercentEncoding(component.path);
         }
       }
       if (options.reference !== "suffix" && component.scheme) {
@@ -3719,7 +3765,16 @@ var require_fast_uri = __commonJS({
       return uriTokens.join("");
     }
     var URI_PARSE = /^(?:([^#/:?]+):)?(?:\/\/((?:([^#/?@]*)@)?(\[[^#/?\]]+\]|[^#/:?]*)(?::(\d*))?))?([^#?]*)(?:\?([^#]*))?(?:#((?:.|[\n\r])*))?/u;
-    function parse3(uri, opts) {
+    function getParseError(parsed, matches) {
+      if (matches[2] !== void 0 && parsed.path && parsed.path[0] !== "/") {
+        return 'URI path must start with "/" when authority is present.';
+      }
+      if (typeof parsed.port === "number" && (parsed.port < 0 || parsed.port > 65535)) {
+        return "URI port is malformed.";
+      }
+      return void 0;
+    }
+    function parseWithStatus(uri, opts) {
       const options = Object.assign({}, opts);
       const parsed = {
         scheme: void 0,
@@ -3730,6 +3785,7 @@ var require_fast_uri = __commonJS({
         query: void 0,
         fragment: void 0
       };
+      let malformedAuthorityOrPort = false;
       let isIP = false;
       if (options.reference === "suffix") {
         if (options.scheme) {
@@ -3750,6 +3806,11 @@ var require_fast_uri = __commonJS({
         if (isNaN(parsed.port)) {
           parsed.port = matches[5];
         }
+        const parseError = getParseError(parsed, matches);
+        if (parseError !== void 0) {
+          parsed.error = parsed.error || parseError;
+          malformedAuthorityOrPort = true;
+        }
         if (parsed.host) {
           const ipv4result = isIPv4(parsed.host);
           if (ipv4result === false) {
@@ -3788,14 +3849,18 @@ var require_fast_uri = __commonJS({
               parsed.scheme = unescape(parsed.scheme);
             }
             if (parsed.host !== void 0) {
-              parsed.host = unescape(parsed.host);
+              parsed.host = reescapeHostDelimiters(unescape(parsed.host), isIP);
             }
           }
           if (parsed.path) {
-            parsed.path = escape(unescape(parsed.path));
+            parsed.path = normalizePathEncoding(parsed.path);
           }
           if (parsed.fragment) {
-            parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+            try {
+              parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+            } catch {
+              parsed.error = parsed.error || "URI malformed";
+            }
           }
         }
         if (schemeHandler && schemeHandler.parse) {
@@ -3804,7 +3869,29 @@ var require_fast_uri = __commonJS({
       } else {
         parsed.error = parsed.error || "URI can not be parsed.";
       }
-      return parsed;
+      return { parsed, malformedAuthorityOrPort };
+    }
+    function parse3(uri, opts) {
+      return parseWithStatus(uri, opts).parsed;
+    }
+    function normalizeString(uri, opts) {
+      return normalizeStringWithStatus(uri, opts).normalized;
+    }
+    function normalizeStringWithStatus(uri, opts) {
+      const { parsed, malformedAuthorityOrPort } = parseWithStatus(uri, opts);
+      return {
+        normalized: malformedAuthorityOrPort ? uri : serialize(parsed, opts),
+        malformedAuthorityOrPort
+      };
+    }
+    function normalizeComparableURI(uri, opts) {
+      if (typeof uri === "string") {
+        const { normalized, malformedAuthorityOrPort } = normalizeStringWithStatus(uri, opts);
+        return malformedAuthorityOrPort ? void 0 : normalized;
+      }
+      if (typeof uri === "object") {
+        return serialize(uri, opts);
+      }
     }
     var fastUri = {
       SCHEMES,
@@ -3944,7 +4031,7 @@ var require_core = __commonJS({
       constructor(opts = {}) {
         this.schemas = {};
         this.refs = {};
-        this.formats = {};
+        this.formats = /* @__PURE__ */ Object.create(null);
         this._compilations = /* @__PURE__ */ new Set();
         this._loading = {};
         this._cache = /* @__PURE__ */ new Map();
@@ -4725,6 +4812,7 @@ var require_pattern = __commonJS({
     "use strict";
     Object.defineProperty(exports, "__esModule", { value: true });
     var code_1 = require_code2();
+    var util_1 = require_util();
     var codegen_1 = require_codegen();
     var error2 = {
       message: ({ schemaCode }) => (0, codegen_1.str)`must match pattern "${schemaCode}"`,
@@ -4737,10 +4825,18 @@ var require_pattern = __commonJS({
       $data: true,
       error: error2,
       code(cxt) {
-        const { data, $data, schema, schemaCode, it } = cxt;
+        const { gen, data, $data, schema, schemaCode, it } = cxt;
         const u = it.opts.unicodeRegExp ? "u" : "";
-        const regExp = $data ? (0, codegen_1._)`(new RegExp(${schemaCode}, ${u}))` : (0, code_1.usePattern)(cxt, schema);
-        cxt.fail$data((0, codegen_1._)`!${regExp}.test(${data})`);
+        if ($data) {
+          const { regExp } = it.opts.code;
+          const regExpCode = regExp.code === "new RegExp" ? (0, codegen_1._)`new RegExp` : (0, util_1.useFunc)(gen, regExp);
+          const valid = gen.let("valid");
+          gen.try(() => gen.assign(valid, (0, codegen_1._)`${regExpCode}(${schemaCode}, ${u}).test(${data})`), () => gen.assign(valid, false));
+          cxt.fail$data((0, codegen_1._)`!${valid}`);
+        } else {
+          const regExp = (0, code_1.usePattern)(cxt, schema);
+          cxt.fail$data((0, codegen_1._)`!${regExp}.test(${data})`);
+        }
       }
     };
     exports.default = def;
@@ -21004,7 +21100,7 @@ var StdioServerTransport = class {
 };
 
 // ../../node_modules/@hono/node-server/dist/index.mjs
-import { Http2ServerRequest as Http2ServerRequest2 } from "http2";
+import { Http2ServerRequest as Http2ServerRequest2, constants as h2constants } from "http2";
 import { Http2ServerRequest } from "http2";
 import { Readable } from "stream";
 import crypto2 from "crypto";
@@ -21152,6 +21248,17 @@ var requestPrototype = {
     }
   });
 });
+Object.defineProperty(requestPrototype, /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom"), {
+  value: function(depth, options, inspectFn) {
+    const props = {
+      method: this.method,
+      url: this.url,
+      headers: this.headers,
+      nativeRequest: this[requestCache]
+    };
+    return `Request (lightweight) ${inspectFn(props, { ...options, depth: depth == null ? null : depth - 1 })}`;
+  }
+});
 Object.setPrototypeOf(requestPrototype, Request.prototype);
 var newRequest = (incoming, defaultHostname) => {
   const req = Object.create(requestPrototype);
@@ -21218,15 +21325,17 @@ var Response2 = class _Response {
       this.#init = init;
     }
     if (typeof body === "string" || typeof body?.getReader !== "undefined" || body instanceof Blob || body instanceof Uint8Array) {
-      headers ||= init?.headers || { "content-type": "text/plain; charset=UTF-8" };
-      this[cacheKey] = [init?.status || 200, body, headers];
+      ;
+      this[cacheKey] = [init?.status || 200, body, headers || init?.headers];
     }
   }
   get headers() {
     const cache = this[cacheKey];
     if (cache) {
       if (!(cache[2] instanceof Headers)) {
-        cache[2] = new Headers(cache[2]);
+        cache[2] = new Headers(
+          cache[2] || { "content-type": "text/plain; charset=UTF-8" }
+        );
       }
       return cache[2];
     }
@@ -21254,6 +21363,17 @@ var Response2 = class _Response {
     }
   });
 });
+Object.defineProperty(Response2.prototype, /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom"), {
+  value: function(depth, options, inspectFn) {
+    const props = {
+      status: this.status,
+      headers: this.headers,
+      ok: this.ok,
+      nativeResponse: this[responseCache]
+    };
+    return `Response (lightweight) ${inspectFn(props, { ...options, depth: depth == null ? null : depth - 1 })}`;
+  }
+});
 Object.setPrototypeOf(Response2, GlobalResponse);
 Object.setPrototypeOf(Response2.prototype, GlobalResponse.prototype);
 async function readWithoutBlocking(readPromise) {
@@ -21325,6 +21445,50 @@ if (typeof global.crypto === "undefined") {
   global.crypto = crypto2;
 }
 var outgoingEnded = /* @__PURE__ */ Symbol("outgoingEnded");
+var incomingDraining = /* @__PURE__ */ Symbol("incomingDraining");
+var DRAIN_TIMEOUT_MS = 500;
+var MAX_DRAIN_BYTES = 64 * 1024 * 1024;
+var drainIncoming = (incoming) => {
+  const incomingWithDrainState = incoming;
+  if (incoming.destroyed || incomingWithDrainState[incomingDraining]) {
+    return;
+  }
+  incomingWithDrainState[incomingDraining] = true;
+  if (incoming instanceof Http2ServerRequest2) {
+    try {
+      ;
+      incoming.stream?.close?.(h2constants.NGHTTP2_NO_ERROR);
+    } catch {
+    }
+    return;
+  }
+  let bytesRead = 0;
+  const cleanup = () => {
+    clearTimeout(timer);
+    incoming.off("data", onData);
+    incoming.off("end", cleanup);
+    incoming.off("error", cleanup);
+  };
+  const forceClose = () => {
+    cleanup();
+    const socket = incoming.socket;
+    if (socket && !socket.destroyed) {
+      socket.destroySoon();
+    }
+  };
+  const timer = setTimeout(forceClose, DRAIN_TIMEOUT_MS);
+  timer.unref?.();
+  const onData = (chunk) => {
+    bytesRead += chunk.length;
+    if (bytesRead > MAX_DRAIN_BYTES) {
+      forceClose();
+    }
+  };
+  incoming.on("data", onData);
+  incoming.on("end", cleanup);
+  incoming.on("error", cleanup);
+  incoming.resume();
+};
 var handleRequestError = () => new Response(null, {
   status: 400
 });
@@ -21351,15 +21515,32 @@ var flushHeaders = (outgoing) => {
 };
 var responseViaCache = async (res, outgoing) => {
   let [status, body, header] = res[cacheKey];
-  if (header instanceof Headers) {
+  let hasContentLength = false;
+  if (!header) {
+    header = { "content-type": "text/plain; charset=UTF-8" };
+  } else if (header instanceof Headers) {
+    hasContentLength = header.has("content-length");
     header = buildOutgoingHttpHeaders(header);
+  } else if (Array.isArray(header)) {
+    const headerObj = new Headers(header);
+    hasContentLength = headerObj.has("content-length");
+    header = buildOutgoingHttpHeaders(headerObj);
+  } else {
+    for (const key in header) {
+      if (key.length === 14 && key.toLowerCase() === "content-length") {
+        hasContentLength = true;
+        break;
+      }
+    }
   }
-  if (typeof body === "string") {
-    header["Content-Length"] = Buffer.byteLength(body);
-  } else if (body instanceof Uint8Array) {
-    header["Content-Length"] = body.byteLength;
-  } else if (body instanceof Blob) {
-    header["Content-Length"] = body.size;
+  if (!hasContentLength) {
+    if (typeof body === "string") {
+      header["Content-Length"] = Buffer.byteLength(body);
+    } else if (body instanceof Uint8Array) {
+      header["Content-Length"] = body.byteLength;
+    } else if (body instanceof Blob) {
+      header["Content-Length"] = body.size;
+    }
   }
   outgoing.writeHead(status, header);
   if (typeof body === "string" || body instanceof Uint8Array) {
@@ -21479,14 +21660,18 @@ var getRequestListener = (fetchCallback, options = {}) => {
               setTimeout(() => {
                 if (!incomingEnded) {
                   setTimeout(() => {
-                    incoming.destroy();
-                    outgoing.destroy();
+                    drainIncoming(incoming);
                   });
                 }
               });
             }
           };
         }
+        outgoing.on("finish", () => {
+          if (!incomingEnded) {
+            drainIncoming(incoming);
+          }
+        });
       }
       outgoing.on("close", () => {
         const abortController = req[abortControllerKey];
@@ -21501,7 +21686,7 @@ var getRequestListener = (fetchCallback, options = {}) => {
           setTimeout(() => {
             if (!incomingEnded) {
               setTimeout(() => {
-                incoming.destroy();
+                drainIncoming(incoming);
               });
             }
           });
@@ -22527,6 +22712,27 @@ var ESSENTIAL_TOOLS = TOOL_SETS.essential;
 var API_URL = process.env.AGENTICMAIL_API_URL ?? "http://127.0.0.1:3829";
 var API_KEY = process.env.AGENTICMAIL_API_KEY ?? "";
 var MASTER_KEY = process.env.AGENTICMAIL_MASTER_KEY ?? "";
+var MCP_HOST = (process.env.AGENTICMAIL_MCP_HOST ?? "").trim().toLowerCase();
+function visibleToCallerHost(host) {
+  if (!MCP_HOST) return true;
+  if (!host) return true;
+  return host.toLowerCase() === MCP_HOST;
+}
+async function assertHostOwnsAgent(target) {
+  if (!MCP_HOST) return;
+  if (!target) return;
+  try {
+    const info = await apiRequest("GET", `/accounts/directory/${encodeURIComponent(target)}`);
+    const host = typeof info?.host === "string" ? info.host : null;
+    if (!visibleToCallerHost(host)) {
+      throw new Error(
+        `Agent "${target}" is owned by host "${host}", not "${MCP_HOST}". Each host's MCP server only talks to its own teammates + unclaimed accounts. If you want to transfer this agent: \`agenticmail-${host} claim ${target} --unclaim\` then \`agenticmail-${MCP_HOST} claim ${target}\`.`
+      );
+    }
+  } catch (err) {
+    if (err instanceof Error && err.message.includes("owned by host")) throw err;
+  }
+}
 var ACCOUNT_KEYS = /* @__PURE__ */ new Map();
 (() => {
   const raw = process.env.AGENTICMAIL_ACCOUNT_KEYS_JSON ?? "";
@@ -24204,15 +24410,23 @@ ${lines.join("\n")}`;
     }
     case "list_agents": {
       const result = await apiRequest("GET", "/accounts/directory");
-      const agents = result?.agents ?? [];
-      if (agents.length === 0) return "No agents found.";
-      const lines = agents.map((a) => `  ${a.name} (${a.email}) \u2014 ${a.role}`);
-      return `Agents in the system:
+      const allAgents = Array.isArray(result?.agents) ? result.agents : [];
+      const agents = allAgents.filter((a) => visibleToCallerHost(a.host));
+      if (agents.length === 0) {
+        return MCP_HOST ? `No agents owned by host "${MCP_HOST}" (or unclaimed) found. Use \`agenticmail-${MCP_HOST} claim --all\` to take ownership of legacy agents.` : "No agents found.";
+      }
+      const lines = agents.map((a) => {
+        const hostTag = a.host ? ` \xB7 host=${a.host}` : "";
+        return `  ${a.name} (${a.email}) \u2014 ${a.role}${hostTag}`;
+      });
+      const header = MCP_HOST ? `Agents on host "${MCP_HOST}" (+ unclaimed):` : "Agents in the system:";
+      return `${header}
 ${lines.join("\n")}`;
     }
     case "message_agent": {
       const agentName = String(args2.agent ?? "").toLowerCase().trim();
       if (!agentName) throw new Error("agent name is required");
+      await assertHostOwnsAgent(agentName);
       try {
         await apiRequest("GET", `/accounts/directory/${encodeURIComponent(agentName)}`);
       } catch {
@@ -24248,6 +24462,7 @@ ${details.join("\n")}${more}`;
     case "delete_agent": {
       const agentName = String(args2.name ?? "").trim();
       if (!agentName) throw new Error("name is required");
+      await assertHostOwnsAgent(agentName);
       const agents = await apiRequest("GET", "/accounts", void 0, true);
       const fullAgent = agents?.agents?.find((a) => a.name === agentName);
       if (!fullAgent) throw new Error(`Agent "${agentName}" not found`);
@@ -24610,26 +24825,54 @@ ${lines.join("\n")}`;
       throw new Error("Invalid action. Use: list, create, or delete");
     }
     case "cleanup_agents": {
+      let visibleNames = null;
+      if (MCP_HOST) {
+        try {
+          const dir = await apiRequest("GET", "/accounts/directory");
+          visibleNames = new Set(
+            (Array.isArray(dir?.agents) ? dir.agents : []).filter((a) => visibleToCallerHost(a.host)).map((a) => String(a.name ?? "").toLowerCase())
+          );
+        } catch {
+        }
+      }
+      const visibleAgent = (a) => !visibleNames || visibleNames.has(String(a.name ?? "").toLowerCase());
       if (args2.action === "list_inactive") {
         const qs = args2.hours ? `?hours=${args2.hours}` : "";
         const r = await apiRequest("GET", `/accounts/inactive${qs}`, void 0, true);
-        if (!r?.agents?.length) return "No inactive agents found. All agents are either active or persistent.";
-        return `${r.count} inactive agent(s):
-${r.agents.map(
+        const rows = (Array.isArray(r?.agents) ? r.agents : []).filter(visibleAgent);
+        if (rows.length === 0) return "No inactive agents found. All agents are either active or persistent.";
+        return `${rows.length} inactive agent(s):
+${rows.map(
           (a) => `  ${a.name} (${a.email}) \u2014 last active: ${a.last_activity_at || "never"}, persistent: ${a.persistent}`
         ).join("\n")}`;
       }
       if (args2.action === "cleanup") {
         const r = await apiRequest("POST", "/accounts/cleanup", { hours: args2.hours, dryRun: args2.dryRun }, true);
+        const candidates = (Array.isArray(r?.wouldDelete) ? r.wouldDelete : []).filter(visibleAgent);
+        const deleted = (Array.isArray(r?.deleted) ? r.deleted : []).filter(
+          (name2) => !visibleNames || visibleNames.has(String(name2).toLowerCase())
+        );
         if (r?.dryRun) {
-          if (!r.count) return "No inactive agents to clean up. All agents are either active or persistent.";
-          return `Would delete ${r.count} agent(s): ${r.wouldDelete.map((a) => a.name).join(", ")}`;
+          if (!candidates.length) return "No inactive agents to clean up. All agents are either active or persistent.";
+          return `Would delete ${candidates.length} agent(s): ${candidates.map((a) => a.name).join(", ")}`;
         }
-        if (!r?.count) return "No inactive agents to clean up. All agents are either active or persistent.";
-        return `Deleted ${r.count} agent(s): ${r.deleted.join(", ")}`;
+        if (!deleted.length) return "No inactive agents to clean up. All agents are either active or persistent.";
+        return `Deleted ${deleted.length} agent(s): ${deleted.join(", ")}`;
       }
       if (args2.action === "set_persistent") {
         if (!args2.agentId) throw new Error("agentId is required");
+        if (MCP_HOST) {
+          try {
+            const all = await apiRequest("GET", "/accounts", void 0, true);
+            const agent = (all?.agents ?? []).find((a) => a.id === args2.agentId);
+            const host = typeof agent?.metadata?.host === "string" ? agent.metadata.host : null;
+            if (agent && !visibleToCallerHost(host)) {
+              throw new Error(`Agent ${args2.agentId} (${agent.name}) is owned by host "${host}", not "${MCP_HOST}".`);
+            }
+          } catch (err) {
+            if (err instanceof Error && err.message.includes("owned by host")) throw err;
+          }
+        }
         await apiRequest("PATCH", `/accounts/${args2.agentId}/persistent`, { persistent: args2.persistent !== false }, true);
         return `Agent ${args2.agentId} persistent flag set to ${args2.persistent !== false}`;
       }
@@ -24667,8 +24910,23 @@ ${r.tail.join("\n")}`;
       const filterAgent = typeof args2.agent === "string" ? args2.agent.toLowerCase() : "";
       const includeRecent = args2.includeRecent !== false;
       const matchesFilter = (w) => !filterAgent || (w.agentName ?? "").toLowerCase().includes(filterAgent);
-      const activeList = Array.isArray(r?.active) ? r.active.filter(matchesFilter) : [];
-      const recentList = includeRecent && Array.isArray(r?.recent) ? r.recent.filter(matchesFilter) : [];
+      let visibleNames = null;
+      if (MCP_HOST) {
+        try {
+          const dir = await apiRequest("GET", "/accounts/directory");
+          visibleNames = new Set(
+            (Array.isArray(dir?.agents) ? dir.agents : []).filter((a) => visibleToCallerHost(a.host)).map((a) => String(a.name ?? "").toLowerCase())
+          );
+        } catch {
+        }
+      }
+      const visibleToHost = (w) => {
+        if (!visibleNames) return true;
+        return visibleNames.has(String(w.agentName ?? "").toLowerCase());
+      };
+      const matchesAll = (w) => matchesFilter(w) && visibleToHost(w);
+      const activeList = Array.isArray(r?.active) ? r.active.filter(matchesAll) : [];
+      const recentList = includeRecent && Array.isArray(r?.recent) ? r.recent.filter(matchesAll) : [];
       if (activeList.length === 0 && recentList.length === 0) {
         if (filterAgent) return `No dispatcher activity for "${args2.agent}" right now or in the last 2 minutes. Either the agent has not been woken on this thread yet, the dispatcher is not running, or mail to them is still in flight.`;
         return "No dispatcher activity right now or in the last 2 minutes. If you just sent mail and expected an agent to wake, give it a moment \u2014 the dispatcher subscribes to /system/events for sub-second wake. If nothing happens for 30s, check that the dispatcher process is running (`pm2 list`) and that the recipient is a real local agent (`list_agents`).";
@@ -24728,6 +24986,7 @@ ${r.tasks.map(
     }
     case "call_agent": {
       const timeoutSec = Math.min(Math.max(Number(args2.timeout) || 180, 5), 300);
+      await assertHostOwnsAgent(String(args2.target ?? ""));
       const created = await apiRequest("POST", "/tasks/assign", {
         assignee: args2.target,
         taskType: "rpc",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agenticmail/mcp",
-  "version": "0.9.5",
+  "version": "0.9.6",
   "mcpName": "io.github.agenticmail/mcp",
   "description": "MCP server for AgenticMail — give any AI client real email and SMS capabilities",
   "type": "module",