@mcinteerj/openclaw-gmail 1.2.0

package/src/outbound.ts

@@ -0,0 +1,176 @@
+import { spawn } from "node:child_process";
+import { marked } from "marked";
+import sanitizeHtml from "sanitize-html";
+import { type OutboundContext, type OpenClawConfig } from "openclaw/plugin-sdk";
+import { resolveGmailAccount } from "./accounts.js";
+import { isGmailThreadId } from "./normalize.js";
+import { fetchQuotedContext } from "./quoting.js";
+import { validateThreadReply, isEmailAllowed } from "./outbound-check.js";
+import type { GmailConfig } from "./config.js";
+
+export interface GmailOutboundContext extends OutboundContext {
+  subject?: string;
+  threadId?: string;
+  replyToId?: string;
+}
+
+async function spawnGog(args: string[], retries = 3): Promise<void> {
+    for (let i = 0; i < retries; i++) {
+        try {
+            await new Promise<void>((resolve, reject) => {
+                const proc = spawn("gog", args, { stdio: "pipe" });
+                let err = "";
+                let out = "";
+                proc.stderr.on("data", (d) => err += d.toString());
+                proc.stdout.on("data", (d) => out += d.toString());
+                proc.on("error", (e) => reject(new Error(`gog failed to spawn: ${e.message}`)));
+                proc.on("close", (code) => {
+                    if (code === 0) resolve();
+                    else reject(new Error(`gog failed (code ${code}): ${err || out}`));
+                });
+
+                // Add a timeout
+                setTimeout(() => {
+                    proc.kill();
+                    reject(new Error("gog timed out after 30s"));
+                }, 30000);
+            });
+            return;
+        } catch (err) {
+            if (i === retries - 1) throw err;
+            await new Promise(resolve => setTimeout(resolve, 1000 * (i + 1)));
+        }
+    }
+}
+
+export async function sendGmailText(ctx: GmailOutboundContext) {
+  const { to, text, accountId, cfg, threadId, replyToId, subject: explicitSubject } = ctx;
+  const account = resolveGmailAccount(cfg, accountId);
+  const gmailCfg = cfg.channels?.gmail as GmailConfig | undefined;
+  
+  // Validate we have a target - prioritize threadId if it's valid
+  const effectiveThreadId = isGmailThreadId(String(threadId)) ? String(threadId) : undefined;
+  const toValue = effectiveThreadId || to || "";
+  
+  if (!toValue) {
+    throw new Error("Gmail send requires a valid 'to' address or thread ID");
+  }
+
+  const args = ["gmail", "send"];
+  
+  if (account.email) {
+      args.push("--account", account.email);
+  }
+
+  // Determine if quoted replies are enabled (default: true)
+  const accountCfg = gmailCfg?.accounts?.[accountId || "default"];
+  const includeQuotedReplies = accountCfg?.includeQuotedReplies 
+    ?? gmailCfg?.defaults?.includeQuotedReplies 
+    ?? true;
+
+  // Determine outbound restrictions
+  const allowOutboundTo = accountCfg?.allowOutboundTo 
+    ?? gmailCfg?.defaults?.allowOutboundTo 
+    ?? account.allowFrom 
+    ?? [];
+  const threadReplyPolicy = accountCfg?.threadReplyPolicy 
+    ?? gmailCfg?.defaults?.threadReplyPolicy 
+    ?? "open"; // Default: open for backwards compatibility
+
+  // Build the body, potentially with quoted thread context
+  let body = text;
+  const subject = explicitSubject || "(no subject)";
+
+  const isThread = isGmailThreadId(toValue);
+
+  // Validate outbound recipients
+  if (isThread && threadReplyPolicy !== "open" && account.email) {
+    const validation = await validateThreadReply(
+      toValue,
+      account.email,
+      allowOutboundTo,
+      threadReplyPolicy
+    );
+    
+    if (!validation.ok) {
+      const blockedList = validation.blocked?.join(", ") || "unknown";
+      throw new Error(
+        `Thread reply blocked by policy (${threadReplyPolicy}): ${validation.reason}. ` +
+        `Blocked recipients: ${blockedList}. ` +
+        `Add them to allowOutboundTo or change threadReplyPolicy to "open".`
+      );
+    }
+  } else if (!isThread && allowOutboundTo.length > 0) {
+    // Direct email: check allowOutboundTo
+    if (!isEmailAllowed(toValue, allowOutboundTo)) {
+      throw new Error(
+        `Direct email to ${toValue} blocked: not in allowOutboundTo list.`
+      );
+    }
+  }
+
+  if (!isThread) {
+      args.push("--to", toValue);
+      args.push("--subject", subject);
+  } else {
+      // Reply to thread
+      if (replyToId) {
+          args.push("--reply-to-message-id", String(replyToId));
+      } else {
+          args.push("--thread-id", toValue);
+      }
+      
+      args.push("--subject", subject);
+      args.push("--reply-all");
+
+      // Fetch and append quoted thread context if enabled
+      if (includeQuotedReplies && account.email) {
+        try {
+          const quotedContext = await fetchQuotedContext(
+            toValue,
+            account.email,
+            account.email
+          );
+          if (quotedContext) {
+            body = `${text}\n\n${quotedContext}`;
+          }
+        } catch (err) {
+          // Non-fatal: proceed without quoted context
+          console.error(`[gmail] Failed to fetch quoted context: ${err}`);
+        }
+      }
+  }
+
+  // Convert body to HTML and sanitize
+  try {
+      const rawHtml = await marked.parse(body);
+      const cleanHtml = sanitizeHtml(rawHtml, {
+          allowedTags: sanitizeHtml.defaults.allowedTags.concat(['img']),
+          allowedAttributes: {
+              ...sanitizeHtml.defaults.allowedAttributes,
+              '*': ['style', 'class']
+          }
+      });
+      args.push("--body-html", cleanHtml);
+      args.push("--body", body);
+  } catch (err) {
+      console.error("Markdown parsing or sanitization failed, sending plain text", err);
+      args.push("--body", body);
+  }
+
+  await spawnGog(args);
+
+  // Archive if it was a thread (Reply = Archive)
+  if (isThread) {
+    const archiveArgs = ["gmail", "labels", "modify", toValue];
+    if (account.email) archiveArgs.push("--account", account.email);
+    archiveArgs.push("--remove", "INBOX");
+    
+    // Best effort archive
+    spawnGog(archiveArgs).catch((err) => {
+        console.error(`Failed to archive thread ${toValue}: ${err.message}`);
+    });
+  }
+
+  return { id: "sent" };
+}

package/src/quoting.ts

@@ -0,0 +1,230 @@
+import { spawn } from "node:child_process";
+
+export interface ThreadMessage {
+  id: string;
+  threadId: string;
+  date: string;
+  from: string;
+  to?: string;
+  cc?: string;
+  subject: string;
+  body: string;
+  labels: string[];
+}
+
+export interface ThreadResponse {
+  id: string;
+  historyId: string;
+  messages: ThreadMessage[];
+}
+
+// Raw gog output types
+interface GogThreadOutput {
+  downloaded: unknown;
+  thread: {
+    id: string;
+    historyId: string;
+    messages: GogRawMessage[];
+  };
+}
+
+interface GogRawMessage {
+  id: string;
+  threadId: string;
+  internalDate: string;
+  labelIds: string[];
+  payload: {
+    headers: { name: string; value: string }[];
+    parts?: { body?: { data?: string }; mimeType: string }[];
+    body?: { data?: string };
+  };
+}
+
+/**
+ * Extract header value from gog message payload
+ */
+function getHeader(msg: GogRawMessage, name: string): string | undefined {
+  return msg.payload.headers.find(
+    (h) => h.name.toLowerCase() === name.toLowerCase()
+  )?.value;
+}
+
+/**
+ * Extract plain text body from gog message
+ */
+function extractBody(msg: GogRawMessage): string {
+  // Try multipart first
+  if (msg.payload.parts) {
+    const plainPart = msg.payload.parts.find((p) => p.mimeType === "text/plain");
+    if (plainPart?.body?.data) {
+      return Buffer.from(plainPart.body.data, "base64").toString("utf-8");
+    }
+  }
+  // Fallback to direct body
+  if (msg.payload.body?.data) {
+    return Buffer.from(msg.payload.body.data, "base64").toString("utf-8");
+  }
+  return "";
+}
+
+/**
+ * Convert gog raw message to our ThreadMessage format
+ */
+function parseGogMessage(raw: GogRawMessage): ThreadMessage {
+  const from = getHeader(raw, "From") || "";
+  const date = getHeader(raw, "Date") || new Date(parseInt(raw.internalDate)).toISOString();
+  const subject = getHeader(raw, "Subject") || "";
+  const body = extractBody(raw);
+
+  return {
+    id: raw.id,
+    threadId: raw.threadId,
+    date,
+    from,
+    subject,
+    body,
+    labels: raw.labelIds || [],
+  };
+}
+
+/**
+ * Fetch thread data from gog CLI
+ */
+async function fetchThread(threadId: string, account?: string): Promise<ThreadResponse | null> {
+  const args = ["gmail", "thread", "get", threadId, "--full", "--json"];
+  if (account) {
+    args.push("--account", account);
+  }
+
+  return new Promise((resolve) => {
+    const proc = spawn("gog", args, { stdio: "pipe" });
+    let stdout = "";
+    let stderr = "";
+
+    proc.stdout.on("data", (d) => (stdout += d.toString()));
+    proc.stderr.on("data", (d) => (stderr += d.toString()));
+
+    proc.on("error", (e) => {
+      console.error(`[gmail] Failed to spawn gog for thread fetch: ${e.message}`);
+      resolve(null);
+    });
+
+    proc.on("close", (code) => {
+      if (code !== 0) {
+        console.error(`[gmail] gog thread get failed (code ${code}): ${stderr}`);
+        resolve(null);
+        return;
+      }
+      try {
+        const parsed = JSON.parse(stdout) as GogThreadOutput;
+        // gog wraps the thread in { downloaded, thread }
+        const thread = parsed.thread;
+        if (!thread || !thread.messages) {
+          resolve(null);
+          return;
+        }
+        resolve({
+          id: thread.id,
+          historyId: thread.historyId,
+          messages: thread.messages.map(parseGogMessage),
+        });
+      } catch (e) {
+        console.error(`[gmail] Failed to parse thread JSON: ${e}`);
+        resolve(null);
+      }
+    });
+
+    // Timeout after 15s
+    setTimeout(() => {
+      proc.kill();
+      console.error(`[gmail] gog thread get timed out`);
+      resolve(null);
+    }, 15000);
+  });
+}
+
+/**
+ * Format a date string for the quote header
+ */
+function formatQuoteDate(dateStr: string): string {
+  try {
+    const date = new Date(dateStr);
+    return date.toLocaleString("en-US", {
+      weekday: "short",
+      year: "numeric",
+      month: "short",
+      day: "numeric",
+      hour: "numeric",
+      minute: "2-digit",
+      timeZoneName: "short",
+    });
+  } catch {
+    return dateStr;
+  }
+}
+
+/**
+ * Extract display name or email from "Name <email>" format
+ */
+function extractSenderDisplay(from: string): string {
+  const match = from.match(/^(.*?)\s*<(.*)>$/);
+  if (match) {
+    const name = match[1].replace(/^"|"$/g, "").trim();
+    return name || match[2];
+  }
+  return from;
+}
+
+/**
+ * Include message body as-is (flat, no ">" prefix to avoid staggered indentation)
+ */
+function quoteBody(body: string): string {
+  return body;
+}
+
+/**
+ * Build quoted context from the most recent non-self message.
+ * Gmail standard: only quote the last message (which itself contains older quotes).
+ * This avoids nested/staggered quoting.
+ */
+export function buildQuotedThread(
+  messages: ThreadMessage[],
+  accountEmail: string
+): string {
+  // Filter out messages from the account itself
+  const otherMessages = messages.filter((msg) => {
+    const emailMatch = msg.from.match(/<(.*)>/);
+    const senderEmail = emailMatch ? emailMatch[1] : msg.from;
+    return senderEmail.toLowerCase() !== accountEmail.toLowerCase();
+  });
+
+  if (otherMessages.length === 0) {
+    return "";
+  }
+
+  // Only quote the most recent message from others (last in array = newest)
+  const lastMsg = otherMessages[otherMessages.length - 1];
+  const sender = extractSenderDisplay(lastMsg.from);
+  const date = formatQuoteDate(lastMsg.date);
+  const header = `On ${date}, ${sender} wrote:`;
+  const quoted = quoteBody(lastMsg.body.trim());
+
+  return `${header}\n\n${quoted}`;
+}
+
+/**
+ * Fetch and format quoted context for a thread reply.
+ * Returns the formatted quote block or empty string if unavailable.
+ */
+export async function fetchQuotedContext(
+  threadId: string,
+  accountEmail: string,
+  accountArg?: string
+): Promise<string> {
+  const thread = await fetchThread(threadId, accountArg);
+  if (!thread || !thread.messages || thread.messages.length === 0) {
+    return "";
+  }
+
+  return buildQuotedThread(thread.messages, accountEmail);
+}

package/src/runtime.ts

@@ -0,0 +1,14 @@
+import type { PluginRuntime } from "openclaw/plugin-sdk";
+
+let runtime: PluginRuntime | null = null;
+
+export function setGmailRuntime(next: PluginRuntime) {
+  runtime = next;
+}
+
+export function getGmailRuntime(): PluginRuntime {
+  if (!runtime) {
+    throw new Error("Gmail runtime not initialized");
+  }
+  return runtime;
+}

package/src/sanitize.test.ts

@@ -0,0 +1,239 @@
+import { describe, it, expect } from "vitest";
+import {
+  htmlToText,
+  stripFooterJunk,
+  cleanWhitespace,
+  sanitizeEmailBody,
+} from "./sanitize.js";
+
+// ── htmlToText ─────────────────────────────────────────────────────────────
+
+describe("htmlToText", () => {
+  it("strips <style> blocks", () => {
+    const html = `<style>.foo{color:red}</style><p>Hello</p>`;
+    expect(htmlToText(html)).toContain("Hello");
+    expect(htmlToText(html)).not.toContain("color");
+  });
+
+  it("strips <script> blocks", () => {
+    const html = `<script>alert("x")</script><p>Hello</p>`;
+    expect(htmlToText(html)).toContain("Hello");
+    expect(htmlToText(html)).not.toContain("alert");
+  });
+
+  it("strips <head> blocks", () => {
+    const html = `<head><meta charset="utf-8"><title>Email</title></head><body>Content</body>`;
+    expect(htmlToText(html)).toContain("Content");
+    expect(htmlToText(html)).not.toContain("charset");
+  });
+
+  it("removes HTML comments", () => {
+    const html = `<!-- tracking comment -->Hello`;
+    expect(htmlToText(html)).toBe("Hello");
+  });
+
+  it("removes 1×1 tracking pixels", () => {
+    const html = `<img width="1" height="1" src="https://track.example.com/open.gif" />Visible`;
+    expect(htmlToText(html)).toBe("Visible");
+  });
+
+  it("removes tracking pixels when value is followed by > (no trailing space)", () => {
+    // width="1"> with no space before closing bracket
+    expect(htmlToText(`<img width="1" height="1">Visible`)).toBe("Visible");
+    expect(htmlToText(`<img width='1' height='1'>Visible`)).toBe("Visible");
+    expect(htmlToText(`<img width=1 height=1>Visible`)).toBe("Visible");
+    // Single dimension should still match
+    expect(htmlToText(`<img width="1" src="https://t.co/px.gif">Visible`)).toBe("Visible");
+    expect(htmlToText(`<img height="1" src="https://t.co/px.gif">Visible`)).toBe("Visible");
+  });
+
+  it("removes display:none images", () => {
+    const html = `<img style="display:none" src="https://example.com/img.png" />Visible`;
+    expect(htmlToText(html)).toBe("Visible");
+  });
+
+  it("removes base64 data URI images", () => {
+    const html = `<img src="data:image/png;base64,iVBORw0KGgo=" />Visible`;
+    expect(htmlToText(html)).toBe("Visible");
+  });
+
+  it("converts <br> to newlines", () => {
+    const html = `Line 1<br>Line 2<br/>Line 3`;
+    expect(htmlToText(html)).toBe("Line 1\nLine 2\nLine 3");
+  });
+
+  it("converts block elements to newlines", () => {
+    const html = `<div>Block 1</div><div>Block 2</div>`;
+    const text = htmlToText(html);
+    expect(text).toContain("Block 1");
+    expect(text).toContain("Block 2");
+    expect(text).toMatch(/Block 1\n+Block 2/);
+  });
+
+  it("extracts link text with URL when different", () => {
+    const html = `<a href="https://example.com">Click here</a>`;
+    expect(htmlToText(html)).toBe("Click here (https://example.com)");
+  });
+
+  it("shows only link text when URL matches text", () => {
+    const html = `<a href="https://example.com">https://example.com</a>`;
+    expect(htmlToText(html)).toBe("https://example.com");
+  });
+
+  it("shows only link text for mailto links", () => {
+    const html = `<a href="mailto:test@example.com">test@example.com</a>`;
+    expect(htmlToText(html)).toBe("test@example.com");
+  });
+
+  it("strips remaining HTML tags", () => {
+    const html = `<span class="foo"><strong>Bold</strong> text</span>`;
+    expect(htmlToText(html)).toBe("Bold text");
+  });
+
+  it("decodes named HTML entities", () => {
+    expect(htmlToText("&amp; &lt; &gt; &quot; &apos;")).toBe('& < > " \'');
+  });
+
+  it("decodes numeric HTML entities", () => {
+    expect(htmlToText("&#39;")).toBe("'");
+    expect(htmlToText("&#x27;")).toBe("'");
+  });
+
+  it("decodes &nbsp; to regular space", () => {
+    expect(htmlToText("Hello&nbsp;World")).toBe("Hello World");
+  });
+});
+
+// ── stripFooterJunk ────────────────────────────────────────────────────────
+
+describe("stripFooterJunk", () => {
+  it("removes 'Sent from my iPhone'", () => {
+    const text = "Actual message\n\nSent from my iPhone";
+    expect(stripFooterJunk(text).trim()).toBe("Actual message");
+  });
+
+  it("removes 'Sent from my Galaxy' (case-insensitive)", () => {
+    const text = "Body\nSent from my Galaxy S24";
+    expect(stripFooterJunk(text).trim()).toBe("Body");
+  });
+
+  it("removes 'Get Outlook for iOS'", () => {
+    const text = "Body\n\nGet Outlook for iOS";
+    expect(stripFooterJunk(text).trim()).toBe("Body");
+  });
+
+  it("removes unsubscribe lines", () => {
+    const text = "Content\n\nTo unsubscribe click here";
+    expect(stripFooterJunk(text).trim()).toBe("Content");
+  });
+
+  it("removes confidentiality disclaimers", () => {
+    const text =
+      "Content\n\nThis email is confidential and intended only for the intended recipient.";
+    expect(stripFooterJunk(text).trim()).toBe("Content");
+  });
+
+  it("chops everything after signature separator '--'", () => {
+    const text = "Real content\n--\nJohn Doe\nCEO, Example Corp";
+    expect(stripFooterJunk(text).trim()).toBe("Real content");
+  });
+
+  it("preserves signature block when stripSignature is false", () => {
+    const text = "Real content\n--\nJohn Doe\nCEO, Example Corp";
+    const result = stripFooterJunk(text, false);
+    expect(result).toContain("Real content");
+    expect(result).toContain("John Doe");
+    expect(result).toContain("CEO, Example Corp");
+  });
+
+  it("removes copyright footers", () => {
+    const text = "Content\n\n© 2024 Example Corp. All rights reserved.";
+    const result = stripFooterJunk(text).trim();
+    expect(result).not.toContain("©");
+    expect(result).toContain("Content");
+  });
+
+  it("preserves normal content", () => {
+    const text = "This is a normal email with no junk.";
+    expect(stripFooterJunk(text)).toBe(text);
+  });
+});
+
+// ── cleanWhitespace ────────────────────────────────────────────────────────
+
+describe("cleanWhitespace", () => {
+  it("trims each line", () => {
+    expect(cleanWhitespace("  hello  \n  world  ")).toBe("hello\nworld");
+  });
+
+  it("collapses 3+ newlines to 2", () => {
+    expect(cleanWhitespace("a\n\n\n\nb")).toBe("a\n\nb");
+  });
+
+  it("trims leading/trailing whitespace", () => {
+    expect(cleanWhitespace("\n\n  hello  \n\n")).toBe("hello");
+  });
+
+  it("handles empty string", () => {
+    expect(cleanWhitespace("")).toBe("");
+  });
+});
+
+// ── sanitizeEmailBody (full pipeline) ──────────────────────────────────────
+
+describe("sanitizeEmailBody", () => {
+  it("converts a full HTML email to clean text", () => {
+    const html = `
+      <html>
+        <head><style>.x{color:red}</style></head>
+        <body>
+          <div>Hi there,</div>
+          <p>This is the <strong>important</strong> message.</p>
+          <br>
+          <p>Check out <a href="https://example.com">our site</a>.</p>
+          <img width="1" height="1" src="https://track.example.com/pixel.gif" />
+          <p>Sent from my iPhone</p>
+        </body>
+      </html>
+    `;
+    const result = sanitizeEmailBody(html);
+    expect(result).toContain("Hi there,");
+    expect(result).toContain("important");
+    expect(result).toContain("our site (https://example.com)");
+    expect(result).not.toContain("<");
+    expect(result).not.toContain("style");
+    expect(result).not.toContain("track.example.com");
+    expect(result).not.toContain("Sent from my iPhone");
+  });
+
+  it("handles plain text HTML (no real tags)", () => {
+    const html = "Just a plain string with no HTML.";
+    expect(sanitizeEmailBody(html)).toBe("Just a plain string with no HTML.");
+  });
+
+  it("handles empty string", () => {
+    expect(sanitizeEmailBody("")).toBe("");
+  });
+
+  it("strips base64 inline images from newsletters", () => {
+    const html = `<p>Hello</p><img src="data:image/png;base64,abc123=" /><p>Bye</p>`;
+    const result = sanitizeEmailBody(html);
+    expect(result).not.toContain("data:");
+    expect(result).toContain("Hello");
+    expect(result).toContain("Bye");
+  });
+
+  it("handles deeply nested HTML", () => {
+    const html = `
+      <div><div><div><span>Deep content</span></div></div></div>
+    `;
+    expect(sanitizeEmailBody(html)).toContain("Deep content");
+  });
+
+  it("preserves signature when stripSignature option is false", () => {
+    const html = `<p>Hello</p><p>--</p><p>John Doe</p>`;
+    const result = sanitizeEmailBody(html, { stripSignature: false });
+    expect(result).toContain("Hello");
+    expect(result).toContain("John Doe");
+  });
+});