@haex-space/vault-sdk 3.1.0 → 3.2.0

package/dist/{client-C0DPNG62.d.mts → client-GeColu97.d.mts}

@@ -1,4 +1,4 @@
-import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, f as EventCallback, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, g as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult } from './types-DmCSegdY.mjs';
+import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, f as EventCallback, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, g as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult } from './types-CDMBvvjl.mjs';
 import { SqliteRemoteDatabase } from 'drizzle-orm/sqlite-proxy';
 
 /**
@@ -1187,6 +1187,264 @@ declare class ShellAPI {
     offExit(callback: EventCallback): void;
 }
 
+/**
+ * Types for the core passwords vault.
+ *
+ * Mirrors the Rust types in `src-tauri/src/passwords/commands.rs`. The
+ * extension's view is scoped by the `passwords` permission's `target`
+ * field — items outside the granted tag scope are not visible.
+ */
+interface PasswordKeyValue {
+    id: string;
+    key?: string;
+    value?: string;
+}
+/** Lean view returned by `list` — no secret fields. */
+interface PasswordItemSummary {
+    id: string;
+    title?: string;
+    username?: string;
+    url?: string;
+    icon?: string;
+    color?: string;
+    tags: string[];
+    createdAt?: string;
+    updatedAt?: string;
+}
+/** Full item with secrets, returned by `read`. */
+interface PasswordItemFull {
+    id: string;
+    title?: string;
+    username?: string;
+    password?: string;
+    note?: string;
+    icon?: string;
+    color?: string;
+    url?: string;
+    otpSecret?: string;
+    otpDigits?: number;
+    otpPeriod?: number;
+    otpAlgorithm?: string;
+    /** Maps canonical field names to autofill aliases. */
+    autofillAliases?: Record<string, string[]>;
+    tags: string[];
+    keyValues: PasswordKeyValue[];
+    expiresAt?: string;
+    createdAt?: string;
+    updatedAt?: string;
+}
+interface PasswordKeyValueInput {
+    key?: string;
+    value?: string;
+}
+/** Input for `create` and `update`. `tags` must contain >=1 in scope. */
+interface PasswordInput {
+    title?: string;
+    username?: string;
+    password?: string;
+    note?: string;
+    icon?: string;
+    color?: string;
+    url?: string;
+    otpSecret?: string;
+    otpDigits?: number;
+    otpPeriod?: number;
+    otpAlgorithm?: string;
+    autofillAliases?: Record<string, string[]>;
+    expiresAt?: string;
+    tags: string[];
+    keyValues?: PasswordKeyValueInput[];
+}
+
+/**
+ * Access to the core passwords vault, scoped by the extension's
+ * `passwords` permissions (target = tag or "*").
+ */
+declare class PasswordsAPI {
+    private client;
+    constructor(client: HaexVaultSdk);
+    /** List items in scope — summaries only, no secrets. */
+    listAsync(): Promise<PasswordItemSummary[]>;
+    /** Read a single item by id with full secrets. */
+    readAsync(itemId: string): Promise<PasswordItemFull>;
+    /**
+     * Create a new password item. `input.tags` must contain at least one
+     * tag within the extension's permission scope, otherwise the write
+     * is rejected as a security violation.
+     *
+     * Returns the new item id.
+     */
+    createAsync(input: PasswordInput): Promise<string>;
+    /**
+     * Update an existing item. The item must already be in scope, and
+     * the new tag set must keep at least one tag in scope (extensions
+     * cannot orphan an item out of their own reach).
+     */
+    updateAsync(itemId: string, input: PasswordInput): Promise<void>;
+    /** Delete an item by id. Item must be in scope. */
+    deleteAsync(itemId: string): Promise<void>;
+}
+
+/**
+ * Mail types — IMAP fetch + SMTP send.
+ *
+ * Mirrors the Rust types in `src-tauri/src/mail/types.rs`. Permission
+ * is scoped by the `mail` resource type with `target` = mail-server
+ * hostname (subdomain match supported, so target="gmail.com" matches
+ * "imap.gmail.com" and "smtp.gmail.com").
+ */
+type ConnectionSecurity = "tls" | "startTls" | "none";
+interface ImapConfig {
+    host: string;
+    port: number;
+    security: ConnectionSecurity;
+    username: string;
+    password: string;
+}
+interface SmtpConfig {
+    host: string;
+    port: number;
+    security: ConnectionSecurity;
+    username: string;
+    password: string;
+}
+/** A mail account. SMTP is optional (fetch-only is valid). */
+interface MailAccount {
+    id: string;
+    imap: ImapConfig;
+    smtp?: SmtpConfig;
+}
+interface MailAddress {
+    name?: string;
+    email: string;
+}
+interface MailboxInfo {
+    name: string;
+    delimiter?: string;
+    flags: string[];
+    exists?: number;
+    unseen?: number;
+    uidValidity?: number;
+    uidNext?: number;
+}
+interface MessageEnvelope {
+    uid: number;
+    flags: string[];
+    /** Server-side internal date as Unix timestamp (seconds). */
+    internalDate?: number;
+    subject?: string;
+    from: MailAddress[];
+    to: MailAddress[];
+    cc: MailAddress[];
+    messageId?: string;
+    inReplyTo?: string;
+    references: string[];
+    size?: number;
+}
+interface Attachment {
+    partIndex: number;
+    filename?: string;
+    contentType: string;
+    size: number;
+    contentId?: string;
+    isInline: boolean;
+}
+interface MailMessage {
+    envelope: MessageEnvelope;
+    bodyText?: string;
+    bodyHtml?: string;
+    attachments: Attachment[];
+}
+/** Selector for fetch operations. */
+type FetchRange = {
+    type: "latest";
+    count: number;
+} | {
+    type: "uidRange";
+    start: number;
+    end: number;
+} | {
+    type: "uidList";
+    uids: number[];
+};
+interface OutgoingAttachment {
+    filename: string;
+    contentType: string;
+    /** Base64-encoded bytes (standard alphabet, with padding). */
+    data: string;
+    /** If set, the part is marked inline and referenced via `cid:` in HTML. */
+    contentId?: string;
+}
+interface OutgoingMessage {
+    from: MailAddress;
+    to: MailAddress[];
+    cc?: MailAddress[];
+    bcc?: MailAddress[];
+    replyTo?: MailAddress;
+    subject: string;
+    bodyText?: string;
+    bodyHtml?: string;
+    attachments?: OutgoingAttachment[];
+    /** Message-ID being replied to. Sets `In-Reply-To` header. */
+    inReplyTo?: string;
+    /** Threading chain. Sets `References` header. */
+    references?: string[];
+}
+
+/**
+ * Mail operations through the host vault.
+ *
+ * Permission model:
+ *  - All IMAP operations require `mail` permission with action `fetch`
+ *    on `imap.host`.
+ *  - SMTP send requires `mail` permission with action `send` on `smtp.host`.
+ *  - target="gmail.com" matches "imap.gmail.com" / "smtp.gmail.com".
+ *
+ * Credentials live with the caller (typically loaded from
+ * `client.passwords` and passed in per call). The SDK never persists
+ * credentials.
+ */
+declare class MailAPI {
+    private client;
+    constructor(client: HaexVaultSdk);
+    /**
+     * LIST mailboxes for an IMAP account. Pass `includeStatus=true` for
+     * EXISTS/UNSEEN/UIDVALIDITY/UIDNEXT per box (one extra round-trip
+     * per mailbox — fine for typical accounts, expensive for large
+     * trees).
+     */
+    listMailboxesAsync(imap: ImapConfig, options?: {
+        reference?: string;
+        pattern?: string;
+        includeStatus?: boolean;
+    }): Promise<MailboxInfo[]>;
+    /** Fetch lightweight envelopes for a mailbox + range (for list views). */
+    fetchEnvelopesAsync(imap: ImapConfig, mailbox: string, range: FetchRange): Promise<MessageEnvelope[]>;
+    /** Fetch a full message (envelope + body + attachment metadata) by UID. */
+    fetchMessageAsync(imap: ImapConfig, mailbox: string, uid: number): Promise<MailMessage>;
+    /**
+     * Set or unset IMAP flags. Use `flags=["\\Seen"]` + `add=true` to
+     * mark messages as read; `add=false` removes the flag(s).
+     */
+    setFlagsAsync(imap: ImapConfig, mailbox: string, uids: number[], flags: string[], add: boolean): Promise<void>;
+    /** Move messages between mailboxes. Falls back to COPY+EXPUNGE on servers without MOVE. */
+    moveMessagesAsync(imap: ImapConfig, sourceMailbox: string, destinationMailbox: string, uids: number[]): Promise<void>;
+    /**
+     * APPEND a base64-encoded RFC822 message into a mailbox. Combine
+     * with `buildRfc822Async` to save drafts, or with the bytes returned
+     * after `sendMessageAsync` to mirror the sent copy into "Sent".
+     */
+    appendMessageAsync(imap: ImapConfig, mailbox: string, rfc822Base64: string, flags?: string[]): Promise<void>;
+    /** Send a message via SMTP. Returns the assigned Message-ID (no angle brackets). */
+    sendMessageAsync(smtp: SmtpConfig, message: OutgoingMessage): Promise<string>;
+    /**
+     * Build RFC822 bytes for a message without sending — useful for
+     * drafts that get APPENDed to a "Drafts" folder. Permission-wise
+     * this is a fetch operation (no SMTP host involved).
+     */
+    buildRfc822Async(imapHost: string, message: OutgoingMessage): Promise<string>;
+}
+
 /**
  * HaexVault Client
  *
@@ -1216,6 +1474,7 @@ declare class HaexVaultSdk {
     private hostPort;
     private readyPromise;
     private resolveReady;
+    private rejectReady;
     private setupPromise;
     private setupHook;
     orm: SqliteRemoteDatabase<Record<string, unknown>> | null;
@@ -1228,6 +1487,8 @@ declare class HaexVaultSdk {
     readonly localsend: LocalSendAPI;
     readonly spaces: SpacesAPI;
     readonly shell: ShellAPI;
+    readonly passwords: PasswordsAPI;
+    readonly mail: MailAPI;
     /** Unified action system - register handlers that work for both Bridge and AI requests */
     readonly actions: {
         register: (action: string, handler: ExternalRequestHandler) => (() => void);
@@ -1276,4 +1537,4 @@ declare class HaexVaultSdk {
     private log;
 }
 
-export { type SpaceKeyGrantInfo as $, type AuthorizedClient as A, type BlockedClient as B, type RequestedExtension as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type SelectFileOptions as G, HaexVaultSdk as H, type SelectFolderOptions as I, type ServerInfo as J, KnownPath as K, LOCALSEND_EVENTS as L, type ServerStatus as M, type SessionAuthorization as N, type SharedSpace as O, type PendingAuthorization as P, ShellAPI as Q, RemoteStorageAPI as R, StorageAPI as S, type ShellCreateOptions as T, type UpdateBackendRequest as U, type ShellCreateResponse as V, type ShellExitEvent as W, type ShellOutputEvent as X, type SpaceAccessTokenInfo as Y, type SpaceAssignment as Z, type SpaceInvite as _, type DecryptedSpace as a, type SpaceMemberInfo as a0, SpacesAPI as a1, type SyncBackendInfo as a2, type TransferDirection as a3, type TransferProgress as a4, type TransferState as a5, WebAPI as a6, canExternalClientSendRequests as a7, isExternalClientConnected as a8, type Device as b, type DeviceInfo as c, type DeviceType as d, type DirEntry as e, type ExternalConnection as f, ExternalConnectionErrorCode as g, ExternalConnectionState as h, type ExternalRequest as i, type ExternalRequestEvent as j, type ExternalRequestHandler as k, type ExternalRequestPayload as l, type ExternalResponse as m, FilesystemAPI as n, type KnownPaths as o, LocalSendAPI as p, type LocalSendEvent as q, type FileInfo as r, type LocalSendSettings as s, type PendingTransfer as t, PermissionsAPI as u, type AddBackendRequest as v, type S3Config as w, type S3PublicConfig as x, type StorageBackendInfo as y, type StorageObjectInfo as z };
+export { type StorageBackendInfo as $, type AuthorizedClient as A, type BlockedClient as B, type ConnectionSecurity as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type OutgoingMessage as G, HaexVaultSdk as H, type ImapConfig as I, type PasswordItemFull as J, KnownPath as K, LOCALSEND_EVENTS as L, MailAPI as M, type PasswordItemSummary as N, type OutgoingAttachment as O, type PasswordInput as P, type PasswordKeyValue as Q, type PasswordKeyValueInput as R, StorageAPI as S, PasswordsAPI as T, type PendingAuthorization as U, type PendingTransfer as V, PermissionsAPI as W, type AddBackendRequest as X, type S3Config as Y, type S3PublicConfig as Z, RemoteStorageAPI as _, type DecryptedSpace as a, type StorageObjectInfo as a0, type UpdateBackendRequest as a1, type RequestedExtension as a2, type SelectFileOptions as a3, type SelectFolderOptions as a4, type ServerInfo as a5, type ServerStatus as a6, type SessionAuthorization as a7, type SharedSpace as a8, ShellAPI as a9, type ShellCreateOptions as aa, type ShellCreateResponse as ab, type ShellExitEvent as ac, type ShellOutputEvent as ad, type SmtpConfig as ae, type SpaceAccessTokenInfo as af, type SpaceAssignment as ag, type SpaceInvite as ah, type SpaceKeyGrantInfo as ai, type SpaceMemberInfo as aj, SpacesAPI as ak, type SyncBackendInfo as al, type TransferDirection as am, type TransferProgress as an, type TransferState as ao, WebAPI as ap, canExternalClientSendRequests as aq, isExternalClientConnected as ar, type Device as b, type DeviceInfo as c, type DeviceType as d, type DirEntry as e, type ExternalConnection as f, ExternalConnectionErrorCode as g, ExternalConnectionState as h, type ExternalRequest as i, type ExternalRequestEvent as j, type ExternalRequestHandler as k, type ExternalRequestPayload as l, type ExternalResponse as m, FilesystemAPI as n, type KnownPaths as o, LocalSendAPI as p, type LocalSendEvent as q, type FileInfo as r, type LocalSendSettings as s, type MailAccount as t, type MailAddress as u, type Attachment as v, type FetchRange as w, type MailMessage as x, type MailboxInfo as y, type MessageEnvelope as z };

package/dist/{client-B_B6rLIw.d.ts → client-z1jTcuQE.d.ts}

@@ -1,4 +1,4 @@
-import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, f as EventCallback, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, g as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult } from './types-DmCSegdY.js';
+import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, f as EventCallback, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, g as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult } from './types-CDMBvvjl.js';
 import { SqliteRemoteDatabase } from 'drizzle-orm/sqlite-proxy';
 
 /**
@@ -1187,6 +1187,264 @@ declare class ShellAPI {
     offExit(callback: EventCallback): void;
 }
 
+/**
+ * Types for the core passwords vault.
+ *
+ * Mirrors the Rust types in `src-tauri/src/passwords/commands.rs`. The
+ * extension's view is scoped by the `passwords` permission's `target`
+ * field — items outside the granted tag scope are not visible.
+ */
+interface PasswordKeyValue {
+    id: string;
+    key?: string;
+    value?: string;
+}
+/** Lean view returned by `list` — no secret fields. */
+interface PasswordItemSummary {
+    id: string;
+    title?: string;
+    username?: string;
+    url?: string;
+    icon?: string;
+    color?: string;
+    tags: string[];
+    createdAt?: string;
+    updatedAt?: string;
+}
+/** Full item with secrets, returned by `read`. */
+interface PasswordItemFull {
+    id: string;
+    title?: string;
+    username?: string;
+    password?: string;
+    note?: string;
+    icon?: string;
+    color?: string;
+    url?: string;
+    otpSecret?: string;
+    otpDigits?: number;
+    otpPeriod?: number;
+    otpAlgorithm?: string;
+    /** Maps canonical field names to autofill aliases. */
+    autofillAliases?: Record<string, string[]>;
+    tags: string[];
+    keyValues: PasswordKeyValue[];
+    expiresAt?: string;
+    createdAt?: string;
+    updatedAt?: string;
+}
+interface PasswordKeyValueInput {
+    key?: string;
+    value?: string;
+}
+/** Input for `create` and `update`. `tags` must contain >=1 in scope. */
+interface PasswordInput {
+    title?: string;
+    username?: string;
+    password?: string;
+    note?: string;
+    icon?: string;
+    color?: string;
+    url?: string;
+    otpSecret?: string;
+    otpDigits?: number;
+    otpPeriod?: number;
+    otpAlgorithm?: string;
+    autofillAliases?: Record<string, string[]>;
+    expiresAt?: string;
+    tags: string[];
+    keyValues?: PasswordKeyValueInput[];
+}
+
+/**
+ * Access to the core passwords vault, scoped by the extension's
+ * `passwords` permissions (target = tag or "*").
+ */
+declare class PasswordsAPI {
+    private client;
+    constructor(client: HaexVaultSdk);
+    /** List items in scope — summaries only, no secrets. */
+    listAsync(): Promise<PasswordItemSummary[]>;
+    /** Read a single item by id with full secrets. */
+    readAsync(itemId: string): Promise<PasswordItemFull>;
+    /**
+     * Create a new password item. `input.tags` must contain at least one
+     * tag within the extension's permission scope, otherwise the write
+     * is rejected as a security violation.
+     *
+     * Returns the new item id.
+     */
+    createAsync(input: PasswordInput): Promise<string>;
+    /**
+     * Update an existing item. The item must already be in scope, and
+     * the new tag set must keep at least one tag in scope (extensions
+     * cannot orphan an item out of their own reach).
+     */
+    updateAsync(itemId: string, input: PasswordInput): Promise<void>;
+    /** Delete an item by id. Item must be in scope. */
+    deleteAsync(itemId: string): Promise<void>;
+}
+
+/**
+ * Mail types — IMAP fetch + SMTP send.
+ *
+ * Mirrors the Rust types in `src-tauri/src/mail/types.rs`. Permission
+ * is scoped by the `mail` resource type with `target` = mail-server
+ * hostname (subdomain match supported, so target="gmail.com" matches
+ * "imap.gmail.com" and "smtp.gmail.com").
+ */
+type ConnectionSecurity = "tls" | "startTls" | "none";
+interface ImapConfig {
+    host: string;
+    port: number;
+    security: ConnectionSecurity;
+    username: string;
+    password: string;
+}
+interface SmtpConfig {
+    host: string;
+    port: number;
+    security: ConnectionSecurity;
+    username: string;
+    password: string;
+}
+/** A mail account. SMTP is optional (fetch-only is valid). */
+interface MailAccount {
+    id: string;
+    imap: ImapConfig;
+    smtp?: SmtpConfig;
+}
+interface MailAddress {
+    name?: string;
+    email: string;
+}
+interface MailboxInfo {
+    name: string;
+    delimiter?: string;
+    flags: string[];
+    exists?: number;
+    unseen?: number;
+    uidValidity?: number;
+    uidNext?: number;
+}
+interface MessageEnvelope {
+    uid: number;
+    flags: string[];
+    /** Server-side internal date as Unix timestamp (seconds). */
+    internalDate?: number;
+    subject?: string;
+    from: MailAddress[];
+    to: MailAddress[];
+    cc: MailAddress[];
+    messageId?: string;
+    inReplyTo?: string;
+    references: string[];
+    size?: number;
+}
+interface Attachment {
+    partIndex: number;
+    filename?: string;
+    contentType: string;
+    size: number;
+    contentId?: string;
+    isInline: boolean;
+}
+interface MailMessage {
+    envelope: MessageEnvelope;
+    bodyText?: string;
+    bodyHtml?: string;
+    attachments: Attachment[];
+}
+/** Selector for fetch operations. */
+type FetchRange = {
+    type: "latest";
+    count: number;
+} | {
+    type: "uidRange";
+    start: number;
+    end: number;
+} | {
+    type: "uidList";
+    uids: number[];
+};
+interface OutgoingAttachment {
+    filename: string;
+    contentType: string;
+    /** Base64-encoded bytes (standard alphabet, with padding). */
+    data: string;
+    /** If set, the part is marked inline and referenced via `cid:` in HTML. */
+    contentId?: string;
+}
+interface OutgoingMessage {
+    from: MailAddress;
+    to: MailAddress[];
+    cc?: MailAddress[];
+    bcc?: MailAddress[];
+    replyTo?: MailAddress;
+    subject: string;
+    bodyText?: string;
+    bodyHtml?: string;
+    attachments?: OutgoingAttachment[];
+    /** Message-ID being replied to. Sets `In-Reply-To` header. */
+    inReplyTo?: string;
+    /** Threading chain. Sets `References` header. */
+    references?: string[];
+}
+
+/**
+ * Mail operations through the host vault.
+ *
+ * Permission model:
+ *  - All IMAP operations require `mail` permission with action `fetch`
+ *    on `imap.host`.
+ *  - SMTP send requires `mail` permission with action `send` on `smtp.host`.
+ *  - target="gmail.com" matches "imap.gmail.com" / "smtp.gmail.com".
+ *
+ * Credentials live with the caller (typically loaded from
+ * `client.passwords` and passed in per call). The SDK never persists
+ * credentials.
+ */
+declare class MailAPI {
+    private client;
+    constructor(client: HaexVaultSdk);
+    /**
+     * LIST mailboxes for an IMAP account. Pass `includeStatus=true` for
+     * EXISTS/UNSEEN/UIDVALIDITY/UIDNEXT per box (one extra round-trip
+     * per mailbox — fine for typical accounts, expensive for large
+     * trees).
+     */
+    listMailboxesAsync(imap: ImapConfig, options?: {
+        reference?: string;
+        pattern?: string;
+        includeStatus?: boolean;
+    }): Promise<MailboxInfo[]>;
+    /** Fetch lightweight envelopes for a mailbox + range (for list views). */
+    fetchEnvelopesAsync(imap: ImapConfig, mailbox: string, range: FetchRange): Promise<MessageEnvelope[]>;
+    /** Fetch a full message (envelope + body + attachment metadata) by UID. */
+    fetchMessageAsync(imap: ImapConfig, mailbox: string, uid: number): Promise<MailMessage>;
+    /**
+     * Set or unset IMAP flags. Use `flags=["\\Seen"]` + `add=true` to
+     * mark messages as read; `add=false` removes the flag(s).
+     */
+    setFlagsAsync(imap: ImapConfig, mailbox: string, uids: number[], flags: string[], add: boolean): Promise<void>;
+    /** Move messages between mailboxes. Falls back to COPY+EXPUNGE on servers without MOVE. */
+    moveMessagesAsync(imap: ImapConfig, sourceMailbox: string, destinationMailbox: string, uids: number[]): Promise<void>;
+    /**
+     * APPEND a base64-encoded RFC822 message into a mailbox. Combine
+     * with `buildRfc822Async` to save drafts, or with the bytes returned
+     * after `sendMessageAsync` to mirror the sent copy into "Sent".
+     */
+    appendMessageAsync(imap: ImapConfig, mailbox: string, rfc822Base64: string, flags?: string[]): Promise<void>;
+    /** Send a message via SMTP. Returns the assigned Message-ID (no angle brackets). */
+    sendMessageAsync(smtp: SmtpConfig, message: OutgoingMessage): Promise<string>;
+    /**
+     * Build RFC822 bytes for a message without sending — useful for
+     * drafts that get APPENDed to a "Drafts" folder. Permission-wise
+     * this is a fetch operation (no SMTP host involved).
+     */
+    buildRfc822Async(imapHost: string, message: OutgoingMessage): Promise<string>;
+}
+
 /**
  * HaexVault Client
  *
@@ -1216,6 +1474,7 @@ declare class HaexVaultSdk {
     private hostPort;
     private readyPromise;
     private resolveReady;
+    private rejectReady;
     private setupPromise;
     private setupHook;
     orm: SqliteRemoteDatabase<Record<string, unknown>> | null;
@@ -1228,6 +1487,8 @@ declare class HaexVaultSdk {
     readonly localsend: LocalSendAPI;
     readonly spaces: SpacesAPI;
     readonly shell: ShellAPI;
+    readonly passwords: PasswordsAPI;
+    readonly mail: MailAPI;
     /** Unified action system - register handlers that work for both Bridge and AI requests */
     readonly actions: {
         register: (action: string, handler: ExternalRequestHandler) => (() => void);
@@ -1276,4 +1537,4 @@ declare class HaexVaultSdk {
     private log;
 }
 
-export { type SpaceKeyGrantInfo as $, type AuthorizedClient as A, type BlockedClient as B, type RequestedExtension as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type SelectFileOptions as G, HaexVaultSdk as H, type SelectFolderOptions as I, type ServerInfo as J, KnownPath as K, LOCALSEND_EVENTS as L, type ServerStatus as M, type SessionAuthorization as N, type SharedSpace as O, type PendingAuthorization as P, ShellAPI as Q, RemoteStorageAPI as R, StorageAPI as S, type ShellCreateOptions as T, type UpdateBackendRequest as U, type ShellCreateResponse as V, type ShellExitEvent as W, type ShellOutputEvent as X, type SpaceAccessTokenInfo as Y, type SpaceAssignment as Z, type SpaceInvite as _, type DecryptedSpace as a, type SpaceMemberInfo as a0, SpacesAPI as a1, type SyncBackendInfo as a2, type TransferDirection as a3, type TransferProgress as a4, type TransferState as a5, WebAPI as a6, canExternalClientSendRequests as a7, isExternalClientConnected as a8, type Device as b, type DeviceInfo as c, type DeviceType as d, type DirEntry as e, type ExternalConnection as f, ExternalConnectionErrorCode as g, ExternalConnectionState as h, type ExternalRequest as i, type ExternalRequestEvent as j, type ExternalRequestHandler as k, type ExternalRequestPayload as l, type ExternalResponse as m, FilesystemAPI as n, type KnownPaths as o, LocalSendAPI as p, type LocalSendEvent as q, type FileInfo as r, type LocalSendSettings as s, type PendingTransfer as t, PermissionsAPI as u, type AddBackendRequest as v, type S3Config as w, type S3PublicConfig as x, type StorageBackendInfo as y, type StorageObjectInfo as z };
+export { type StorageBackendInfo as $, type AuthorizedClient as A, type BlockedClient as B, type ConnectionSecurity as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type OutgoingMessage as G, HaexVaultSdk as H, type ImapConfig as I, type PasswordItemFull as J, KnownPath as K, LOCALSEND_EVENTS as L, MailAPI as M, type PasswordItemSummary as N, type OutgoingAttachment as O, type PasswordInput as P, type PasswordKeyValue as Q, type PasswordKeyValueInput as R, StorageAPI as S, PasswordsAPI as T, type PendingAuthorization as U, type PendingTransfer as V, PermissionsAPI as W, type AddBackendRequest as X, type S3Config as Y, type S3PublicConfig as Z, RemoteStorageAPI as _, type DecryptedSpace as a, type StorageObjectInfo as a0, type UpdateBackendRequest as a1, type RequestedExtension as a2, type SelectFileOptions as a3, type SelectFolderOptions as a4, type ServerInfo as a5, type ServerStatus as a6, type SessionAuthorization as a7, type SharedSpace as a8, ShellAPI as a9, type ShellCreateOptions as aa, type ShellCreateResponse as ab, type ShellExitEvent as ac, type ShellOutputEvent as ad, type SmtpConfig as ae, type SpaceAccessTokenInfo as af, type SpaceAssignment as ag, type SpaceInvite as ah, type SpaceKeyGrantInfo as ai, type SpaceMemberInfo as aj, SpacesAPI as ak, type SyncBackendInfo as al, type TransferDirection as am, type TransferProgress as an, type TransferState as ao, WebAPI as ap, canExternalClientSendRequests as aq, isExternalClientConnected as ar, type Device as b, type DeviceInfo as c, type DeviceType as d, type DirEntry as e, type ExternalConnection as f, ExternalConnectionErrorCode as g, ExternalConnectionState as h, type ExternalRequest as i, type ExternalRequestEvent as j, type ExternalRequestHandler as k, type ExternalRequestPayload as l, type ExternalResponse as m, FilesystemAPI as n, type KnownPaths as o, LocalSendAPI as p, type LocalSendEvent as q, type FileInfo as r, type LocalSendSettings as s, type MailAccount as t, type MailAddress as u, type Attachment as v, type FetchRange as w, type MailMessage as x, type MailboxInfo as y, type MessageEnvelope as z };