@atomicmail/mcp 0.1.0 → 0.2.0

package/esm/mcp/src/tools/jmap.js

@@ -1,145 +1,103 @@
-import { readFile } from "node:fs/promises";
-import { isAbsolute, resolve as resolvePath } from "node:path";
 import { z } from "zod";
-const DEFAULT_USING = [
-    "urn:ietf:params:jmap:core",
-    "urn:ietf:params:jmap:mail",
-];
-function parseEnvelope(raw, defaultUsing, source) {
-    let value;
-    try {
-        value = JSON.parse(raw);
-    }
-    catch (err) {
-        throw new Error(`${source} is not valid JSON: ${err.message}`);
-    }
-    if (Array.isArray(value)) {
-        return { using: defaultUsing, methodCalls: value };
-    }
-    if (value !== null &&
-        typeof value === "object" &&
-        Array.isArray(value.methodCalls)) {
-        const obj = value;
-        const using = Array.isArray(obj.using)
-            ? obj.using.filter((u) => typeof u === "string")
-            : defaultUsing;
-        return { using, methodCalls: obj.methodCalls };
-    }
-    throw new Error(`${source} must be a methodCalls array, e.g. ` +
-        '[["Mailbox/get",{...},"m0"]], or an object with a methodCalls array.');
-}
+import { DEFAULT_JMAP_USING, readOpsFile, runJmapRequest, } from "../../../lib/src/agent-jmap.js";
 export function registerJmapTool(server, session) {
-    const apiUrl = session.apiUrl;
     server.registerTool("jmap_request", {
         title: "Send a JMAP request",
-        description: "Send a JMAP request to your AtomicMail inbox. Auth (session and " +
-            "capability JWT rotation) is handled automatically — just provide " +
-            "the JMAP method calls.\n\n" +
-            "Provide exactly one request body:\n" +
-            "  • methodCalls — inline JMAP batch, an array of " +
-            "[methodName, args, callId] entries.\n" +
-            "  • opsFile     — path to a saved JSON preset. Relative paths " +
-            "resolve against the credential directory (the same directory " +
-            "the skill's --ops-file flag uses), so common requests can be " +
-            "saved once and reused.\n\n" +
-            "Tip: call jmap_session first to discover your accountId.\n\n" +
-            "Examples:\n" +
-            '  methodCalls: [["Mailbox/get", {"accountId": "..."}, "m0"]]\n' +
-            '  methodCalls: [["Email/query", {"accountId": "...", "filter": {"inMailbox": "..."}}, "q0"]]\n' +
-            "  opsFile:     fetch_last_100.json",
+        description: "Send a JMAP method-call batch. Auth and JWT rotation are automatic. " +
+            "Provide exactly one of: `ops` (JSON string — methodCalls array or full " +
+            "envelope) or `ops_file` (preset path; relative paths resolve against " +
+            "the credential directory). Tokens `$VAR_NAME` (uppercase `$FOO_BAR`) in " +
+            "either input are replaced: `$ACCOUNT_ID` and `$INBOX` come from the JMAP " +
+            "session; pass other names via `vars`.",
         inputSchema: z.object({
             using: z
                 .array(z.string())
-                .default(DEFAULT_USING)
-                .describe("JMAP capability URNs. Defaults to core + mail. Add " +
-                '"urn:ietf:params:jmap:submission" when sending email. ' +
-                "Ignored if the file/inline body already sets a 'using' field."),
-            methodCalls: z
-                .array(z.json())
+                .default([...DEFAULT_JMAP_USING])
+                .describe("JMAP capability URNs when `ops` omits `using`. Ignored if the " +
+                "JSON body already sets `using`."),
+            ops: z
+                .string()
                 .optional()
-                .describe("Inline JMAP method calls array. Each entry is " +
-                '[methodName, args, callId], e.g. ["Mailbox/get", {"accountId": "abc"}, "m0"]. ' +
-                "Mutually exclusive with opsFile."),
-            opsFile: z
+                .describe("Inline JSON: methodCalls array or { using, methodCalls }. " +
+                "Mutually exclusive with ops_file."),
+            ops_file: z
                 .string()
                 .optional()
-                .describe("Path to a saved JMAP preset file. Relative paths resolve " +
-                "against the credential directory. The file may contain " +
-                "either a methodCalls array or a full {using, methodCalls} " +
-                "envelope. Mutually exclusive with methodCalls."),
+                .describe("Path to a preset JSON file. Mutually exclusive with ops."),
+            vars: z
+                .record(z.string().regex(/^[A-Z][A-Z0-9_]*$/), z.string())
+                .optional()
+                .describe("Map of placeholder names (no `$`) to string values, e.g. " +
+                '{ "TO": "a@b.com", "SUBJECT": "Hi" } for `$TO` and `$SUBJECT` in ' +
+                "ops or ops_file. Overrides session values for `ACCOUNT_ID` / `INBOX` if set."),
         }),
-    }, async ({ using, methodCalls, opsFile }) => {
+    }, async ({ using, ops, ops_file, vars }) => {
         try {
-            if (methodCalls && opsFile) {
+            if (ops && ops_file) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: "ops and ops_file are mutually exclusive — provide one.",
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+            if (!ops && !ops_file) {
                 return {
                     content: [
                         {
                             type: "text",
-                            text: "methodCalls and opsFile are mutually exclusive — provide one.",
+                            text: "Provide either ops or ops_file.",
                         },
                     ],
                     isError: true,
                 };
             }
-            let envelope;
-            if (opsFile) {
-                const filePath = isAbsolute(opsFile)
-                    ? opsFile
-                    : resolvePath(session.credentialDir, opsFile);
-                let raw;
+            let raw;
+            let sourceLabel;
+            if (ops_file) {
                 try {
-                    raw = await readFile(filePath, "utf-8");
+                    raw = await readOpsFile(session.credentialDir, ops_file);
                 }
                 catch (err) {
                     return {
                         content: [
                             {
                                 type: "text",
-                                text: `Could not read opsFile '${filePath}': ${err.message}`,
+                                text: `Could not read ops_file: ${err.message}`,
                             },
                         ],
                         isError: true,
                     };
                 }
-                envelope = parseEnvelope(raw, using, `opsFile '${filePath}'`);
-            }
-            else if (methodCalls) {
-                envelope = { using, methodCalls };
+                sourceLabel = `ops_file '${ops_file}'`;
             }
             else {
-                return {
-                    content: [
-                        {
-                            type: "text",
-                            text: "Provide either methodCalls or opsFile.",
-                        },
-                    ],
-                    isError: true,
-                };
+                raw = ops;
+                sourceLabel = "ops";
             }
-            const capabilityJWT = await session.getCapabilityToken();
-            const res = await fetch(`${apiUrl}/jmap/`, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/json",
-                    Authorization: `Bearer ${capabilityJWT}`,
-                },
-                body: JSON.stringify(envelope),
+            const { ok, status, bodyText } = await runJmapRequest({
+                session,
+                opsJson: raw,
+                defaultUsing: using,
+                sourceLabel,
+                vars,
             });
-            const text = await res.text();
-            if (!res.ok) {
+            if (!ok) {
                 return {
                     content: [
                         {
                             type: "text",
-                            text: `JMAP request failed (HTTP ${res.status}): ${text}`,
+                            text: `JMAP request failed (HTTP ${status}): ${bodyText}`,
                         },
                     ],
                     isError: true,
                 };
             }
             return {
-                content: [{ type: "text", text }],
+                content: [{ type: "text", text: bodyText }],
             };
         }
         catch (error) {
@@ -154,49 +112,4 @@ export function registerJmapTool(server, session) {
             };
         }
     });
-    server.registerTool("jmap_session", {
-        title: "Get JMAP session",
-        description: "Fetch the JMAP session object via GET /.well-known/jmap. Returns " +
-            "your accountId, capabilities, and mailbox discovery URLs. Call " +
-            "this first to learn your accountId before issuing jmap_request " +
-            "method calls.",
-        inputSchema: {},
-        annotations: {
-            readOnlyHint: true,
-            idempotentHint: true,
-        },
-    }, async () => {
-        try {
-            const capabilityJWT = await session.getCapabilityToken();
-            const res = await fetch(`${apiUrl}/.well-known/jmap`, {
-                headers: { Authorization: `Bearer ${capabilityJWT}` },
-            });
-            const text = await res.text();
-            if (!res.ok) {
-                return {
-                    content: [
-                        {
-                            type: "text",
-                            text: `Session fetch failed (HTTP ${res.status}): ${text}`,
-                        },
-                    ],
-                    isError: true,
-                };
-            }
-            return {
-                content: [{ type: "text", text }],
-            };
-        }
-        catch (error) {
-            return {
-                content: [
-                    {
-                        type: "text",
-                        text: `Session fetch error: ${error instanceof Error ? error.message : String(error)}`,
-                    },
-                ],
-                isError: true,
-            };
-        }
-    });
 }

package/esm/mcp/src/tools/register.d.ts

@@ -1,4 +1,4 @@
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp";
-import type { AuthSession } from "../auth-session.js";
-export declare function registerRegisterTool(server: McpServer, session: AuthSession): void;
+import type { AgentSession } from "../../../lib/src/agent-session.js";
+export declare function registerRegisterTool(server: McpServer, session: AgentSession): void;
 //# sourceMappingURL=register.d.ts.map

package/esm/mcp/src/tools/register.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../src/mcp/src/tools/register.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AACtE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEtD,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,SAAS,EACjB,OAAO,EAAE,WAAW,GACnB,IAAI,CAuFN"}
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../src/mcp/src/tools/register.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,sCAAsC,CAAC;AAEtE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAC;AAEtE,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,SAAS,EACjB,OAAO,EAAE,YAAY,GACpB,IAAI,CAiDN"}

package/esm/mcp/src/tools/register.js

@@ -1,65 +1,29 @@
 import { z } from "zod";
 export function registerRegisterTool(server, session) {
     server.registerTool("register", {
-        title: "Register a new AtomicMail inbox",
-        description: "Create a new AtomicMail account. Performs a Proof-of-Work signup, " +
-            "fetches the first session and capability JWTs, and writes " +
-            "credentials.json + session.jwt + capability.jwt into the " +
-            "configured credential directory. After this returns, the agent " +
-            "can immediately call jmap_session and jmap_request without any " +
-            "further setup. Idempotent guard: if an API key is already " +
-            "configured, this tool will refuse to register a second account.",
+        title: "Register an Atomic Mail inbox",
+        description: "Proof-of-work signup; persists credentials. Idempotent when the same " +
+            "username matches the inbox already stored. A different username " +
+            "replaces credentials and creates a new inbox. Returns JSON with " +
+            "inbox, accountId, and apiKey on first signup only.",
         inputSchema: z.object({
             username: z
                 .string()
                 .min(1)
-                .describe("Desired username for the new inbox. Becomes the local-part of your email address."),
+                .describe("Desired username (local-part of your @atomicmail.ai address)."),
         }),
         annotations: {
-            idempotentHint: false,
+            idempotentHint: true,
             destructiveHint: false,
         },
     }, async ({ username }) => {
         try {
-            if (session.hasApiKey) {
-                return {
-                    content: [
-                        {
-                            type: "text",
-                            text: "An API key is already configured for this MCP server. " +
-                                "Refusing to register a second account. Use jmap_request " +
-                                "to interact with your existing inbox, or remove " +
-                                "credentials.json (and unset ATOMIC_MAIL_API_KEY) before " +
-                                "registering a new one.",
-                        },
-                    ],
-                };
-            }
-            const { apiKey, inboxId } = await session.signup(username);
+            const result = await session.register(username);
             return {
                 content: [
                     {
                         type: "text",
-                        text: [
-                            `Account created successfully for "${username}".`,
-                            "",
-                            `Inbox ID:  ${inboxId}`,
-                            `API Key:   ${apiKey}`,
-                            "",
-                            "Credentials persisted to:",
-                            `  ${session.files.credentialsFile}`,
-                            `  ${session.files.sessionFile}`,
-                            `  ${session.files.capabilityFile}`,
-                            "",
-                            "IMPORTANT: The API key is stored in credentials.json above. " +
-                                "Treat that file as a secret (mode 0600). To re-use this " +
-                                "account from another machine or a fresh MCP host, copy " +
-                                "credentials.json over, or set ATOMIC_MAIL_API_KEY in the " +
-                                "new environment.",
-                            "",
-                            "You are now logged in. Call jmap_session next to discover " +
-                                "your accountId, then use jmap_request for all email operations.",
-                        ].join("\n"),
+                        text: JSON.stringify(result, null, 2),
                     },
                 ],
             };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atomicmail/mcp",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "AtomicMail MCP server — local stdio proxy with PoW auth and JMAP, for AI agents.",
   "keywords": [
     "atomic-mail",

package/esm/mcp/src/auth-session.d.ts

@@ -1,88 +0,0 @@
-import { type SkillFiles } from "./credentials.js";
-export declare const SESSION_TTL_MS: number;
-export declare const CAPABILITY_TTL_MS: number;
-export declare const SESSION_SAFETY_MARGIN_MS = 60000;
-export declare const CAPABILITY_SAFETY_MARGIN_MS = 20000;
-export interface JwtPayload {
-    exp?: number;
-    iat?: number;
-    jti?: string;
-    inboxId?: string;
-    [key: string]: unknown;
-}
-export declare function decodeJwtPayload<T = JwtPayload>(jwt: string): T;
-export declare function isJwtExpired(jwt: string, marginMs: number): boolean;
-export type ConfigSource = "credentials-file" | "env" | "mixed" | "incomplete";
-export interface ResolvedConfig {
-    authUrl: string;
-    apiUrl: string;
-    scryptSalt: string;
-    apiKey?: string;
-    inboxId?: string;
-    credentialDir: string;
-    files: SkillFiles;
-    source: ConfigSource;
-}
-/**
- * Resolve credential directory from (in priority order):
- *   1. ATOMIC_MAIL_CREDENTIALS_DIR env var
- *   2. ~/.atomicmail/ (POSIX) or %USERPROFILE%/.atomicmail (Windows)
- */
-export declare function resolveCredentialDir(): string;
-/**
- * Resolve server configuration from:
- *   1. credentials.json in the credential directory (if present and valid).
- *   2. ATOMIC_MAIL_* environment variables (overlay on top of (1) so env
- *      always wins on a per-field basis).
- *
- * The auth and api base URLs MUST be resolvable from at least one source.
- * PoW scrypt salt defaults to the deployment constant when not set in env or
- * credentials.json.
- * The api key is optional; without it, the agent must call the register tool
- * before any JMAP request.
- */
-export declare function resolveConfig(): Promise<ResolvedConfig>;
-export interface AuthSessionConfig {
-    authUrl: string;
-    apiUrl: string;
-    scryptSalt: string;
-    apiKey?: string;
-    inboxId?: string;
-    credentialDir: string;
-    files: SkillFiles;
-}
-export declare class AuthSession {
-    private readonly authUrl;
-    readonly apiUrl: string;
-    private readonly scryptSalt;
-    private apiKey;
-    private inboxId;
-    readonly credentialDir: string;
-    readonly files: SkillFiles;
-    private sessionJWT;
-    private capabilityJWT;
-    constructor(cfg: AuthSessionConfig);
-    /** Construct a session and load any previously persisted JWTs from disk. */
-    static create(cfg: AuthSessionConfig): Promise<AuthSession>;
-    get hasApiKey(): boolean;
-    get currentInboxId(): string | undefined;
-    private loadFromDisk;
-    /**
-     * Full PoW signup. Persists credentials.json + session.jwt + capability.jwt
-     * to disk and updates in-memory state. Throws if an API key is already
-     * configured (refuse to clobber an existing account).
-     */
-    signup(username: string): Promise<{
-        apiKey: string;
-        inboxId: string;
-    }>;
-    /**
-     * Get a valid capability JWT, rotating session/capability tokens as needed.
-     * This is the primary method tool handlers call before every JMAP request.
-     */
-    getCapabilityToken(): Promise<string>;
-    private ensureSession;
-    /** Clean shutdown. No-op today; reserved for future cleanup. */
-    destroy(): void;
-}
-//# sourceMappingURL=auth-session.d.ts.map

package/esm/mcp/src/auth-session.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-session.d.ts","sourceRoot":"","sources":["../../../src/mcp/src/auth-session.ts"],"names":[],"mappings":"AAsBA,OAAO,EAGL,KAAK,UAAU,EAKhB,MAAM,kBAAkB,CAAC;AAO1B,eAAO,MAAM,cAAc,QAAqB,CAAC;AACjD,eAAO,MAAM,iBAAiB,QAAgB,CAAC;AAI/C,eAAO,MAAM,wBAAwB,QAAS,CAAC;AAC/C,eAAO,MAAM,2BAA2B,QAAS,CAAC;AAElD,MAAM,WAAW,UAAU;IACzB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,wBAAgB,gBAAgB,CAAC,CAAC,GAAG,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,CAc/D;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAQnE;AAgLD,MAAM,MAAM,YAAY,GACpB,kBAAkB,GAClB,KAAK,GACL,OAAO,GACP,YAAY,CAAC;AAEjB,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,YAAY,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAW7C;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,cAAc,CAAC,CAqD7D;AAID,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,UAAU,CAAC;CACnB;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,OAAO,CAAqB;IACpC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAE3B,OAAO,CAAC,UAAU,CAAqB;IACvC,OAAO,CAAC,aAAa,CAAqB;gBAE9B,GAAG,EAAE,iBAAiB;IAUlC,4EAA4E;WAC/D,MAAM,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC;IAMjE,IAAI,SAAS,IAAI,OAAO,CAEvB;IAED,IAAI,cAAc,IAAI,MAAM,GAAG,SAAS,CAEvC;YAEa,YAAY;IAK1B;;;;OAIG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QACtC,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IA6CF;;;OAGG;IACG,kBAAkB,IAAI,OAAO,CAAC,MAAM,CAAC;YA8B7B,aAAa;IA0B3B,gEAAgE;IAChE,OAAO,IAAI,IAAI;CAGhB"}