npm - @open-mercato/channel-imap - Versions diffs - 0.6.4 - Mend

@open-mercato/channel-imap 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

package/.turbo/turbo-build.log ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [build:channel-imap] found 33 entry points
2	+ [build:channel-imap] built successfully

package/AGENTS.md ADDED Viewed

@@ -0,0 +1,56 @@
+# `@open-mercato/channel-imap` — Agent Guidelines
+IMAP + SMTP email channel provider for the Communications Hub (`communication_channels`). Connects any IMAP-capable mailbox (Fastmail, Proton Bridge, generic IMAP host) for inbound polling and outbound SMTP delivery.
+- **Package**: `@open-mercato/channel-imap` ⇒ **module id**: `channel_imap`
+- **Provider key**: `imap` (registered in the hub's channel adapter registry)
+- This is an integration provider package — keep all IMAP/SMTP-specific logic here. Do NOT add it to `packages/core`.
+## Key Files (`src/modules/channel_imap/`)
+| File | Purpose |
+|------|---------|
+| `integration.ts` | `IntegrationDefinition` (IMAP/SMTP credential fields, `healthCheck.service`, detail widget spot) |
+| `di.ts` | `register(container)` — registers the adapter AND `channelImapHealthCheck` under the exact `healthCheck.service` name |
+| `setup.ts` | Registers the adapter at import time; declares `defaultRoleFeatures` |
+| `acl.ts` | `channel_imap.view`, `channel_imap.configure` |
+| `lib/adapter.ts` | `ImapChannelAdapter` — implements the `ChannelAdapter` contract |
+| `lib/credentials.ts` | Zod schemas: IMAP/SMTP credentials (+ SSRF host guard) + channel sync state |
+| `lib/validate-credentials.ts` | Live LOGIN validation; rejects cleartext transport by default (M5) |
+| `lib/imap-client.ts` | `ImapClient` (`imapflow`-backed); `credentialsToConnection(credentials)` |
+| `lib/smtp-client.ts` | `SmtpClient` (`nodemailer`-backed); `credentialsToSmtpConnection(credentials)` |
+| `lib/health.ts` | `channelImapHealthCheck` liveness probe (real IMAP LOGIN) |
+| `lib/convert-outbound.ts` / `lib/normalize-inbound.ts` | RFC2822 outbound build / inbound MIME normalization |
+| `lib/capabilities.ts` | `ChannelCapabilities` (`realtimePush: false`) |
+## Adapter Contract
+`lib/adapter.ts` implements `ChannelAdapter` from `@open-mercato/core/modules/communication_channels/lib/adapter`. Key methods: `sendMessage`, `normalizeInbound`, `convertOutbound`, `validateCredentials`, `fetchHistory`, `importHistory`, `resolveContact`.
+- Credentials are a plain IMAP/SMTP blob on `IntegrationCredentials` (per-user scoped). No OAuth.
+- `fetchHistory` is cursor-driven via UIDVALIDITY + UIDNEXT on `channelState`. Bootstrap persists the cursor and fetches zero messages; backlog import is explicit via `importHistory`. Each poll is bounded by `HARD_CAP` (`hasMore: true` re-enqueues).
+- The clients are swappable via `setImapClient` / `setSmtpClient` (test-only hooks).
+## Security Rules (MUST)
+- **Reject cleartext transport.** `imapTls`/`smtpTls: 'none'` is rejected by `validateImapCredentials` unless `OM_CHANNEL_IMAP_ALLOW_INSECURE_TRANSPORT` is truthy. STARTTLS/implicit TLS always allowed.
+- **SSRF guard.** Host strings are attacker-controlled; `credentials.ts` rejects private/loopback hosts unless `OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS` is truthy.
+- Never log credential values.
+## Health Check
+`lib/health.ts` exports `channelImapHealthCheck`, registered in `di.ts` under the name declared in `integration.ts` (`healthCheck.service`). IMAP credentials carry everything needed for a real probe, so it does a cheap IMAP LOGIN (`connectAndValidate`) and skips the SMTP round-trip to stay within the hub's 10s budget. Invalid creds or a failed LOGIN ⇒ `unhealthy`.
+## Env Vars
+| Var | Default | Purpose |
+|-----|---------|---------|
+| `OM_CHANNEL_IMAP_ALLOW_INSECURE_TRANSPORT` | `false` | Permit `'none'` (cleartext) TLS mode in credential validation |
+| `OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS` | `false` | Permit private/loopback IMAP/SMTP hosts (bypasses SSRF guard) |
+| `OM_CHANNEL_IMAP_HARD_CAP_PER_POLL` | `200` | Max UIDs fetched per `fetchHistory` poll |
+## After Changes
+- Run `yarn generate` after adding/modifying module files (DI, setup, acl, integration).
+- Run unit tests: `yarn test` (jest specs live under `lib/__tests__/`).
+- If you change the `healthCheck.service` name, update both `integration.ts` AND `di.ts` so the hub can resolve it.

package/build.mjs ADDED Viewed

@@ -0,0 +1,7 @@
+import { dirname } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { buildPackage } from '../../scripts/build-package.mjs'
+const packageDir = dirname(fileURLToPath(import.meta.url))
+await buildPackage(packageDir, { name: 'channel-imap' })

package/dist/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+import { metadata } from "./modules/channel_imap/index.js";
+export {
+  metadata
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/index.ts"],
+  "sourcesContent": ["export { metadata } from './modules/channel_imap/index'\n"],
+  "mappings": "AAAA,SAAS,gBAAgB;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-001.spec.js ADDED Viewed

@@ -0,0 +1,62 @@
+import { expect, test } from "@playwright/test";
+import { getAuthToken } from "@open-mercato/core/helpers/integration/authFixtures";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+import { readJsonSafe } from "@open-mercato/core/helpers/integration/generalFixtures";
+test.describe("TC-CHANNEL-EMAIL-001: IMAP provider registration", () => {
+  test("POST connect/credentials with providerKey=imap reaches the adapter", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/channels/connect/credentials",
+      {
+        token,
+        data: {
+          providerKey: "imap",
+          displayName: "IMAP \u2014 integration test",
+          credentials: {
+            imapHost: "invalid.test.example",
+            imapPort: 993,
+            imapTls: "tls",
+            imapUser: "fake@example.test",
+            imapPassword: "wrong-password",
+            smtpHost: "invalid.test.example",
+            smtpPort: 465,
+            smtpTls: "tls",
+            smtpUser: "fake@example.test",
+            smtpPassword: "wrong-password",
+            fromAddress: "fake@example.test"
+          }
+        }
+      }
+    );
+    expect(response.status(), "route should not 5xx").toBeLessThan(500);
+    expect(response.status(), "IMAP provider should be registered").not.toBe(404);
+  });
+  test("POST connect/credentials with providerKey=imap and malformed credentials returns 422", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/channels/connect/credentials",
+      {
+        token,
+        data: {
+          providerKey: "imap",
+          displayName: "IMAP \u2014 malformed",
+          credentials: {
+            // Missing required imap/smtp fields entirely.
+            fromAddress: "not-an-email"
+          }
+        }
+      }
+    );
+    expect(response.status()).toBeLessThan(500);
+    expect([401, 422, 400]).toContain(response.status());
+    if (response.status() === 422) {
+      const body = await readJsonSafe(response);
+      expect(body?.fieldErrors ?? body?.error).toBeTruthy();
+    }
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-001.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-001.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-001.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { getAuthToken } from '@open-mercato/core/helpers/integration/authFixtures'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\nimport { readJsonSafe } from '@open-mercato/core/helpers/integration/generalFixtures'\n\n/**\n * TC-CHANNEL-EMAIL-001 \u2014 IMAP provider visible to the hub's per-user channel API.\n *\n * After Slice 3e registers the `imap` adapter inside `@open-mercato/channel-imap`,\n * the per-user channel routes must accept `providerKey: 'imap'` as a known provider.\n * Without a live IMAP test server we exercise the routing-and-validation surface only;\n * actual credential validation against a real IMAP host is covered by the unit tests\n * in `lib/__tests__/validate-credentials.test.ts`.\n *\n * The route should NOT 404 the provider (proves registration), and should NOT 500\n * (proves the request reaches the adapter and rejects cleanly when no live server\n * is reachable).\n */\ntest.describe('TC-CHANNEL-EMAIL-001: IMAP provider registration', () => {\n  test('POST connect/credentials with providerKey=imap reaches the adapter', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/channels/connect/credentials',\n      {\n        token,\n        data: {\n          providerKey: 'imap',\n          displayName: 'IMAP \u2014 integration test',\n          credentials: {\n            imapHost: 'invalid.test.example',\n            imapPort: 993,\n            imapTls: 'tls',\n            imapUser: 'fake@example.test',\n            imapPassword: 'wrong-password',\n            smtpHost: 'invalid.test.example',\n            smtpPort: 465,\n            smtpTls: 'tls',\n            smtpUser: 'fake@example.test',\n            smtpPassword: 'wrong-password',\n            fromAddress: 'fake@example.test',\n          },\n        },\n      },\n    )\n    expect(response.status(), 'route should not 5xx').toBeLessThan(500)\n    // 401 (no auth seeded) / 422 (validation failure surfaced via createCrudFormError) /\n    // 502 ish \u2014 but never 404, which would indicate the provider isn't registered.\n    expect(response.status(), 'IMAP provider should be registered').not.toBe(404)\n  })\n\n  test('POST connect/credentials with providerKey=imap and malformed credentials returns 422', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/channels/connect/credentials',\n      {\n        token,\n        data: {\n          providerKey: 'imap',\n          displayName: 'IMAP \u2014 malformed',\n          credentials: {\n            // Missing required imap/smtp fields entirely.\n            fromAddress: 'not-an-email',\n          },\n        },\n      },\n    )\n    expect(response.status()).toBeLessThan(500)\n    expect([401, 422, 400]).toContain(response.status())\n    if (response.status() === 422) {\n      // The route surfaces credential-validation failures as { error, fieldErrors }\n      // (see api/post/channels/connect/credentials/route.ts).\n      const body = await readJsonSafe<{ error?: string; fieldErrors?: Record<string, string> }>(response)\n      expect(body?.fieldErrors ?? body?.error).toBeTruthy()\n    }\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAC3B,SAAS,oBAAoB;AAe7B,KAAK,SAAS,oDAAoD,MAAM;AACtE,OAAK,sEAAsE,OAAO,EAAE,QAAQ,MAAM;AAChG,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,QACE;AAAA,QACA,MAAM;AAAA,UACJ,aAAa;AAAA,UACb,aAAa;AAAA,UACb,aAAa;AAAA,YACX,UAAU;AAAA,YACV,UAAU;AAAA,YACV,SAAS;AAAA,YACT,UAAU;AAAA,YACV,cAAc;AAAA,YACd,UAAU;AAAA,YACV,UAAU;AAAA,YACV,SAAS;AAAA,YACT,UAAU;AAAA,YACV,cAAc;AAAA,YACd,aAAa;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO,SAAS,OAAO,GAAG,sBAAsB,EAAE,aAAa,GAAG;AAGlE,WAAO,SAAS,OAAO,GAAG,oCAAoC,EAAE,IAAI,KAAK,GAAG;AAAA,EAC9E,CAAC;AAED,OAAK,wFAAwF,OAAO,EAAE,QAAQ,MAAM;AAClH,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,QACE;AAAA,QACA,MAAM;AAAA,UACJ,aAAa;AAAA,UACb,aAAa;AAAA,UACb,aAAa;AAAA;AAAA,YAEX,aAAa;AAAA,UACf;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,aAAa,GAAG;AAC1C,WAAO,CAAC,KAAK,KAAK,GAAG,CAAC,EAAE,UAAU,SAAS,OAAO,CAAC;AACnD,QAAI,SAAS,OAAO,MAAM,KAAK;AAG7B,YAAM,OAAO,MAAM,aAAuE,QAAQ;AAClG,aAAO,MAAM,eAAe,MAAM,KAAK,EAAE,WAAW;AAAA,IACtD;AAAA,EACF,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-002.spec.js ADDED Viewed

@@ -0,0 +1,19 @@
+import { expect, test } from "@playwright/test";
+import { getAuthToken } from "@open-mercato/core/helpers/integration/authFixtures";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+test.describe("TC-CHANNEL-EMAIL-002: IMAP webhook is a no-op", () => {
+  test("POST /api/communication_channels/webhook/imap does not 5xx", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/webhook/imap",
+      {
+        token,
+        data: { ping: true }
+      }
+    );
+    expect(response.status(), "webhook route should not 5xx").toBeLessThan(500);
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-002.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-002.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-002.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { getAuthToken } from '@open-mercato/core/helpers/integration/authFixtures'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\n\n/**\n * TC-CHANNEL-EMAIL-002 \u2014 IMAP webhook endpoint stays disabled.\n *\n * IMAP has no webhook flow; the polling worker drives inbound. We still expose\n * the standard `/api/communication_channels/webhook/[provider]` URL because the\n * hub's route is generic. The IMAP adapter's `verifyWebhook` returns an\n * `eventType: 'other'` event so the route MUST respond 2xx (not handled) instead\n * of 5xx-ing or 404-ing.\n */\ntest.describe('TC-CHANNEL-EMAIL-002: IMAP webhook is a no-op', () => {\n  test('POST /api/communication_channels/webhook/imap does not 5xx', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/webhook/imap',\n      {\n        token,\n        data: { ping: true },\n      },\n    )\n    expect(response.status(), 'webhook route should not 5xx').toBeLessThan(500)\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAW3B,KAAK,SAAS,iDAAiD,MAAM;AACnE,OAAK,8DAA8D,OAAO,EAAE,QAAQ,MAAM;AACxF,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,QACE;AAAA,QACA,MAAM,EAAE,MAAM,KAAK;AAAA,MACrB;AAAA,IACF;AACA,WAAO,SAAS,OAAO,GAAG,8BAA8B,EAAE,aAAa,GAAG;AAAA,EAC5E,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-003.spec.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { expect, test } from "@playwright/test";
+import { getAuthToken } from "@open-mercato/core/helpers/integration/authFixtures";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+test.describe("TC-CHANNEL-EMAIL-003: profile page with IMAP provider installed", () => {
+  test("GET /backend/profile/communication-channels does not 5xx", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "GET",
+      "/backend/profile/communication-channels",
+      { token }
+    );
+    expect(response.status(), "profile page should not 5xx").toBeLessThan(500);
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-003.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-003.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-003.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { getAuthToken } from '@open-mercato/core/helpers/integration/authFixtures'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\n\n/**\n * TC-CHANNEL-EMAIL-003 \u2014 Profile page renders with the IMAP provider installed.\n *\n * Confirms `@open-mercato/channel-imap` does not break the per-user profile page\n * (`/backend/profile/communication-channels`). Empty-state still renders even\n * when the IMAP provider is the only one registered.\n */\ntest.describe('TC-CHANNEL-EMAIL-003: profile page with IMAP provider installed', () => {\n  test('GET /backend/profile/communication-channels does not 5xx', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'GET',\n      '/backend/profile/communication-channels',\n      { token },\n    )\n    expect(response.status(), 'profile page should not 5xx').toBeLessThan(500)\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAS3B,KAAK,SAAS,mEAAmE,MAAM;AACrF,OAAK,4DAA4D,OAAO,EAAE,QAAQ,MAAM;AACtF,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AACA,WAAO,SAAS,OAAO,GAAG,6BAA6B,EAAE,aAAa,GAAG;AAAA,EAC3E,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-021.spec.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { expect, test } from "@playwright/test";
+import { getAuthToken } from "@open-mercato/core/helpers/integration/authFixtures";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+test.describe("TC-CHANNEL-EMAIL-021: IMAP bootstrap", () => {
+  test("poll-now endpoint requires authentication", async ({ request }) => {
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/channels/00000000-0000-4000-8000-000000000021/poll-now",
+      // Intentionally empty token — this assertion is the 401 unauth path.
+      { token: "" }
+    );
+    expect(response.status()).toBe(401);
+  });
+  test("poll-now endpoint returns 400 for invalid UUID", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/channels/not-a-uuid/poll-now",
+      { token }
+    );
+    expect(response.status()).toBe(400);
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-021.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-021.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-021.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { getAuthToken } from '@open-mercato/core/helpers/integration/authFixtures'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\n\n/**\n * TC-CHANNEL-EMAIL-021 \u2014 IMAP zero-history bootstrap\n *\n * Verifies that the polling worker surface exists and that the\n * `/poll-now` operator endpoint is reachable. The full happy path \u2014\n * a freshly-connected channel persists `UIDVALIDITY` + `UIDNEXT` and\n * fetches ZERO historical messages \u2014 is captured in the QA scenario\n * markdown `TC-CHANNEL-EMAIL-021-imap-bootstrap.md`.\n *\n * Unit-level coverage of the bootstrap branch lives in\n * `packages/channel-imap/.../lib/__tests__/adapter.test.ts`\n * (`fetchHistory` describe block, \"bootstrap\" case).\n */\ntest.describe('TC-CHANNEL-EMAIL-021: IMAP bootstrap', () => {\n  test('poll-now endpoint requires authentication', async ({ request }) => {\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/channels/00000000-0000-4000-8000-000000000021/poll-now',\n      // Intentionally empty token \u2014 this assertion is the 401 unauth path.\n      { token: '' },\n    )\n    expect(response.status()).toBe(401)\n  })\n\n  test('poll-now endpoint returns 400 for invalid UUID', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/channels/not-a-uuid/poll-now',\n      { token },\n    )\n    expect(response.status()).toBe(400)\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAe3B,KAAK,SAAS,wCAAwC,MAAM;AAC1D,OAAK,6CAA6C,OAAO,EAAE,QAAQ,MAAM;AACvE,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA;AAAA,MAEA,EAAE,OAAO,GAAG;AAAA,IACd;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EACpC,CAAC;AAED,OAAK,kDAAkD,OAAO,EAAE,QAAQ,MAAM;AAC5E,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EACpC,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-022.spec.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { expect, test } from "@playwright/test";
+import { getAuthToken } from "@open-mercato/core/helpers/integration/authFixtures";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+test.describe("TC-CHANNEL-EMAIL-022: IMAP incremental polling", () => {
+  test("me/channels endpoint requires authentication", async ({ request }) => {
+    const response = await apiRequest(
+      request,
+      "GET",
+      "/api/communication_channels/me/channels",
+      { token: "" }
+    );
+    expect(response.status()).toBe(401);
+  });
+  test("me/channels returns items array when authenticated", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "GET",
+      "/api/communication_channels/me/channels",
+      { token }
+    );
+    expect(response.status()).toBe(200);
+    const body = await response.json();
+    expect(Array.isArray(body.items)).toBe(true);
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-022.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-022.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-022.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { getAuthToken } from '@open-mercato/core/helpers/integration/authFixtures'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\n\n/**\n * TC-CHANNEL-EMAIL-022 \u2014 IMAP incremental ingest within 90s\n *\n * Verifies the channels-list endpoint is reachable (which proves the\n * poll-tick scheduler + per-channel polling pipeline is wired). Full\n * E2E (new mail arrives \u2192 polling worker picks it up within 60s tick \u2192\n * ingest-inbound-message creates a CRM interaction within 90s) is in\n * the QA scenario markdown `TC-CHANNEL-EMAIL-022-imap-incremental.md`.\n */\ntest.describe('TC-CHANNEL-EMAIL-022: IMAP incremental polling', () => {\n  test('me/channels endpoint requires authentication', async ({ request }) => {\n    // Intentionally empty token \u2014 this assertion is the 401 unauth path.\n    const response = await apiRequest(\n      request,\n      'GET',\n      '/api/communication_channels/me/channels',\n      { token: '' },\n    )\n    expect(response.status()).toBe(401)\n  })\n\n  test('me/channels returns items array when authenticated', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'GET',\n      '/api/communication_channels/me/channels',\n      { token },\n    )\n    expect(response.status()).toBe(200)\n    const body = (await response.json()) as { items?: unknown }\n    expect(Array.isArray(body.items)).toBe(true)\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAW3B,KAAK,SAAS,kDAAkD,MAAM;AACpE,OAAK,gDAAgD,OAAO,EAAE,QAAQ,MAAM;AAE1E,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,EAAE,OAAO,GAAG;AAAA,IACd;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EACpC,CAAC;AAED,OAAK,sDAAsD,OAAO,EAAE,QAAQ,MAAM;AAChF,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAClC,UAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,WAAO,MAAM,QAAQ,KAAK,KAAK,CAAC,EAAE,KAAK,IAAI;AAAA,EAC7C,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-023.spec.js ADDED Viewed

@@ -0,0 +1,15 @@
+import { expect, test } from "@playwright/test";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+test.describe("TC-CHANNEL-EMAIL-023: References-token threading", () => {
+  test("send-as-user endpoint requires authentication", async ({ request }) => {
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/send-as-user",
+      // Intentionally empty token — this test asserts the 401 unauth path.
+      { token: "", data: { channelId: "00000000-0000-4000-8000-000000000023" } }
+    );
+    expect(response.status()).toBe(401);
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-023.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-023.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-023.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\n\n/**\n * TC-CHANNEL-EMAIL-023 \u2014 Threading via References token\n *\n * Smoke: the layered thread matcher prefers `token-references`\n * (highest-confidence strategy) when an inbound message carries our\n * synthetic `<om_TOKEN@open-mercato.invalid>` Message-ID in\n * `References`. The 5-strategy fallthrough order is unit-tested in\n * `packages/core/.../lib/__tests__/thread-matcher.test.ts`; the\n * end-to-end \"send \u2192 reply preserves References \u2192 CRM threads back\"\n * path is in the QA scenario markdown.\n *\n * Webhook-less providers have no public endpoint to assert against,\n * so this smoke test is intentionally minimal \u2014 it just confirms the\n * platform's send-as-user route is reachable (used by the outbound\n * test setup in the QA scenario).\n */\ntest.describe('TC-CHANNEL-EMAIL-023: References-token threading', () => {\n  test('send-as-user endpoint requires authentication', async ({ request }) => {\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/send-as-user',\n      // Intentionally empty token \u2014 this test asserts the 401 unauth path.\n      { token: '', data: { channelId: '00000000-0000-4000-8000-000000000023' } },\n    )\n    expect(response.status()).toBe(401)\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,kBAAkB;AAkB3B,KAAK,SAAS,oDAAoD,MAAM;AACtE,OAAK,iDAAiD,OAAO,EAAE,QAAQ,MAAM;AAC3E,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA;AAAA,MAEA,EAAE,OAAO,IAAI,MAAM,EAAE,WAAW,uCAAuC,EAAE;AAAA,IAC3E;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EACpC,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-024.spec.js ADDED Viewed

@@ -0,0 +1,15 @@
+import { expect, test } from "@playwright/test";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+test.describe("TC-CHANNEL-EMAIL-024: Body-footer threading", () => {
+  test("send-as-user endpoint exists at the expected path", async ({ request }) => {
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/send-as-user",
+      // Intentionally empty token — the 401 / 400 branch is what we assert.
+      { token: "", data: {} }
+    );
+    expect([400, 401]).toContain(response.status());
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-024.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-024.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-024.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\n\n/**\n * TC-CHANNEL-EMAIL-024 \u2014 Threading via body footer\n *\n * When the recipient's MUA strips RFC5322 References on reply, our\n * hidden body-footer marker (`<span style=\"display:none\">[OM:TOKEN]</span>`\n * for HTML; `[OM:TOKEN]` bracketed marker for plain text) still\n * survives quoting and the layered matcher's `token-body` strategy\n * threads the reply correctly.\n *\n * Full E2E in the QA scenario markdown. This smoke test confirms the\n * send-as-user endpoint exists (same shape as TC-023).\n */\ntest.describe('TC-CHANNEL-EMAIL-024: Body-footer threading', () => {\n  test('send-as-user endpoint exists at the expected path', async ({ request }) => {\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/send-as-user',\n      // Intentionally empty token \u2014 the 401 / 400 branch is what we assert.\n      { token: '', data: {} },\n    )\n    expect([400, 401]).toContain(response.status())\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,kBAAkB;AAc3B,KAAK,SAAS,+CAA+C,MAAM;AACjE,OAAK,qDAAqD,OAAO,EAAE,QAAQ,MAAM;AAC/E,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA;AAAA,MAEA,EAAE,OAAO,IAAI,MAAM,CAAC,EAAE;AAAA,IACxB;AACA,WAAO,CAAC,KAAK,GAAG,CAAC,EAAE,UAAU,SAAS,OAAO,CAAC;AAAA,EAChD,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-025.spec.js ADDED Viewed

@@ -0,0 +1,6 @@
+import { test } from "@playwright/test";
+test.describe("TC-CHANNEL-EMAIL-025: JWZ-headers fallback", () => {
+  test.skip("behavioral coverage: thread-matcher.test.ts Strategy 3 (jwz-headers). Playwright E2E is infeasible \u2014 provider mock seams are process-local (see TC-CHANNEL-EMAIL-031 / TC-CRM-EMAIL-001).", () => {
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-025.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-025.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-025.spec.ts"],
+  "sourcesContent": ["import { test } from '@playwright/test'\n\n/**\n * TC-CHANNEL-EMAIL-025 \u2014 JWZ-headers fallback threading\n *\n * Verifies the `jwz-headers` strategy (Spec B \u00A7 thread-matcher,\n * confidence: medium) \u2014 when an inbound reply has no `om_*` token\n * but carries `In-Reply-To` / `References` pointing at one of our\n * outbound `Message-Id`s, the matcher walks the conventional JWZ\n * algorithm against the existing `external_messages` table.\n *\n * This path is exercised end-to-end by the QA scenario markdown\n * `TC-CHANNEL-EMAIL-025-jwz-fallback.md`. The unit-level coverage\n * lives in `packages/core/.../lib/__tests__/thread-matcher.test.ts`\n * (Strategy 3 \u2014 jwz-headers describe block).\n *\n * No additional API surface to assert at the integration layer\n * beyond the smoke tests already in TC-023/024 \u2014 this spec file\n * documents the existence of the JWZ pathway for QA-tracking purposes.\n */\ntest.describe('TC-CHANNEL-EMAIL-025: JWZ-headers fallback', () => {\n  test.skip('behavioral coverage: thread-matcher.test.ts Strategy 3 (jwz-headers). Playwright E2E is infeasible \u2014 provider mock seams are process-local (see TC-CHANNEL-EMAIL-031 / TC-CRM-EMAIL-001).', () => {})\n})\n"],
+  "mappings": "AAAA,SAAS,YAAY;AAoBrB,KAAK,SAAS,8CAA8C,MAAM;AAChE,OAAK,KAAK,kMAA6L,MAAM;AAAA,EAAC,CAAC;AACjN,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-026.spec.js ADDED Viewed

@@ -0,0 +1,6 @@
+import { test } from "@playwright/test";
+test.describe("TC-CHANNEL-EMAIL-026: Subject + participants fallback", () => {
+  test.skip("behavioral coverage: thread-matcher.test.ts Strategy 4 (subject + participants). Playwright E2E is infeasible \u2014 provider mock seams are process-local (see TC-CHANNEL-EMAIL-031 / TC-CRM-EMAIL-001).", () => {
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-026.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-026.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-026.spec.ts"],
+  "sourcesContent": ["import { test } from '@playwright/test'\n\n/**\n * TC-CHANNEL-EMAIL-026 \u2014 Subject + participants fallback threading\n *\n * Last-ditch matcher strategy: when neither `om_*` token nor JWZ\n * headers are present, the matcher normalises the inbound subject\n * (`Re:`, `Fwd:`, `[EXTERNAL]` stripped) and checks for an existing\n * thread whose participants overlap >= 50% with the inbound's\n * sender/to/cc. Confidence: low.\n *\n * Unit-tested in `packages/core/.../lib/__tests__/thread-matcher.test.ts`\n * (Strategy 4 \u2014 subject-participants). End-to-end is the QA scenario\n * markdown.\n */\ntest.describe('TC-CHANNEL-EMAIL-026: Subject + participants fallback', () => {\n  test.skip('behavioral coverage: thread-matcher.test.ts Strategy 4 (subject + participants). Playwright E2E is infeasible \u2014 provider mock seams are process-local (see TC-CHANNEL-EMAIL-031 / TC-CRM-EMAIL-001).', () => {})\n})\n"],
+  "mappings": "AAAA,SAAS,YAAY;AAerB,KAAK,SAAS,yDAAyD,MAAM;AAC3E,OAAK,KAAK,6MAAwM,MAAM;AAAA,EAAC,CAAC;AAC5N,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-027.spec.js ADDED Viewed

@@ -0,0 +1,6 @@
+import { test } from "@playwright/test";
+test.describe("TC-CHANNEL-EMAIL-027: Auto-recovery sweep", () => {
+  test.skip("behavioral coverage: workers/__tests__/poll-tick.test.ts (auto-recovery sweep). Playwright E2E is infeasible \u2014 provider mock seams are process-local + needs scheduler fast-forward.", () => {
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-027.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-027.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-027.spec.ts"],
+  "sourcesContent": ["import { test } from '@playwright/test'\n\n/**\n * TC-CHANNEL-EMAIL-027 \u2014 Auto-recovery from `status='error'`\n *\n * Spec B \u00A7 Phase B5 \u2014 `poll-tick.ts` enumerates two channel pools per\n * tick: (a) `status='connected'` and due for polling, (b) `status='error'`\n * whose `lastFailureAt` is older than `OM_CHANNEL_AUTO_RECOVER_MINUTES`\n * (default 30). A successful poll in pool (b) flips status back to\n * 'connected' via `poll-channel.ts`.\n *\n * Unit-tested in `packages/core/.../workers/__tests__/poll-tick.test.ts`\n * (auto-recovery describe block). Full E2E (force a transient error \u2192\n * fast-forward 30 min \u2192 next tick recovers) is in the QA scenario.\n */\ntest.describe('TC-CHANNEL-EMAIL-027: Auto-recovery sweep', () => {\n  test.skip('behavioral coverage: workers/__tests__/poll-tick.test.ts (auto-recovery sweep). Playwright E2E is infeasible \u2014 provider mock seams are process-local + needs scheduler fast-forward.', () => {})\n})\n"],
+  "mappings": "AAAA,SAAS,YAAY;AAerB,KAAK,SAAS,6CAA6C,MAAM;AAC/D,OAAK,KAAK,6LAAwL,MAAM;AAAA,EAAC,CAAC;AAC5M,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-028.spec.js ADDED Viewed

@@ -0,0 +1,6 @@
+import { test } from "@playwright/test";
+test.describe("TC-CHANNEL-EMAIL-028: Malformed MIME \u2192 dead-letter", () => {
+  test.skip("behavioral coverage: workers/__tests__/poll-channel.test.ts (permanent ingest failure \u2192 dead-letter + cursor advances; transient \u2192 cursor held). Playwright E2E is infeasible \u2014 provider mock seams are process-local.", () => {
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-028.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-028.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-028.spec.ts"],
+  "sourcesContent": ["import { test } from '@playwright/test'\n\n/**\n * TC-CHANNEL-EMAIL-028 \u2014 Malformed MIME \u2192 dead-letter, cursor advances\n *\n * Spec B \u00A7 Phase B4 \u2014 `poll-channel.ts` classifies per-message ingest\n * failures: transient failures abort the loop without advancing the\n * cursor (idempotent retry on next tick), permanent failures write the\n * raw MIME blob + error metadata to `ChannelIngestDeadLetter`\n * (encrypted at rest via `defaultEncryptionMaps`) and the cursor\n * advances anyway so the bad blob never re-stalls the channel.\n *\n * Unit-tested via the `ChannelIngestDeadLetter row shape (Spec B \u00A7 B4)`\n * describe in `ingest-inbound-message.test.ts` plus the implementation\n * paths in `poll-channel.test.ts`. Full E2E in the QA scenario.\n */\ntest.describe('TC-CHANNEL-EMAIL-028: Malformed MIME \u2192 dead-letter', () => {\n  test.skip('behavioral coverage: workers/__tests__/poll-channel.test.ts (permanent ingest failure \u2192 dead-letter + cursor advances; transient \u2192 cursor held). Playwright E2E is infeasible \u2014 provider mock seams are process-local.', () => {})\n})\n"],
+  "mappings": "AAAA,SAAS,YAAY;AAgBrB,KAAK,SAAS,2DAAsD,MAAM;AACxE,OAAK,KAAK,yOAA0N,MAAM;AAAA,EAAC,CAAC;AAC9O,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-029.spec.js ADDED Viewed

@@ -0,0 +1,48 @@
+import { expect, test } from "@playwright/test";
+import { getAuthToken } from "@open-mercato/core/helpers/integration/authFixtures";
+import { apiRequest } from "@open-mercato/core/helpers/integration/api";
+test.describe("TC-CHANNEL-EMAIL-029: import-history route wiring", () => {
+  const FAKE_CHANNEL_ID = "00000000-0000-0000-0000-000000000029";
+  test("rejects unauthenticated requests", async ({ request }) => {
+    const response = await apiRequest(
+      request,
+      "POST",
+      `/api/communication_channels/channels/${FAKE_CHANNEL_ID}/import-history`,
+      // Intentionally empty token — this test asserts the 401 unauth path.
+      { token: "", data: { sinceDays: 14 } }
+    );
+    expect(response.status()).toBe(401);
+  });
+  test("returns 400 on invalid channel id", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "POST",
+      "/api/communication_channels/channels/not-a-uuid/import-history",
+      { token, data: { sinceDays: 14 } }
+    );
+    expect(response.status()).toBe(400);
+  });
+  test("returns 400 when body fails Zod validation (sinceDays out of range)", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "POST",
+      `/api/communication_channels/channels/${FAKE_CHANNEL_ID}/import-history`,
+      { token, data: { sinceDays: 9999 } }
+    );
+    expect(response.status()).toBe(400);
+  });
+  test("returns 404 for a channel the caller does not own", async ({ request }) => {
+    const token = await getAuthToken(request);
+    const response = await apiRequest(
+      request,
+      "POST",
+      `/api/communication_channels/channels/${FAKE_CHANNEL_ID}/import-history`,
+      { token, data: { sinceDays: 14, maxMessages: 100 } }
+    );
+    expect(response.status(), "route should not 5xx").toBeLessThan(500);
+    expect([400, 403, 404]).toContain(response.status());
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-029.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-029.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-029.spec.ts"],
+  "sourcesContent": ["import { expect, test } from '@playwright/test'\nimport { getAuthToken } from '@open-mercato/core/helpers/integration/authFixtures'\nimport { apiRequest } from '@open-mercato/core/helpers/integration/api'\n\n/**\n * TC-CHANNEL-EMAIL-029 \u2014 operator-triggered backlog import (Spec B \u00A7 Phase B6).\n *\n * Verifies that the `/api/communication_channels/channels/{id}/import-history`\n * route is reachable, requires authentication, validates the body, and 404s\n * for non-existent / not-owned channels (the access-control branch).\n *\n * Concurrency guard (429), the ProgressJob lifecycle, and the IMAP SEARCH +\n * fetch loop are exercised by the unit-test layer:\n *   - packages/core/src/modules/communication_channels/commands/__tests__/queue-import-history.test.ts\n *   - packages/core/src/modules/communication_channels/workers/__tests__/channel-import-history.test.ts\n *   - packages/channel-imap/src/modules/channel_imap/lib/__tests__/adapter.test.ts (importHistory cases)\n *\n * The full end-to-end (connect a mailbox \u2192 POST /import-history \u2192 ProgressJob\n * completes \u2192 imported messages visible on Person timeline) is captured in\n * `.ai/qa/scenarios/TC-CHANNEL-EMAIL-029-import-history.md` for manual QA.\n */\ntest.describe('TC-CHANNEL-EMAIL-029: import-history route wiring', () => {\n  const FAKE_CHANNEL_ID = '00000000-0000-0000-0000-000000000029'\n\n  test('rejects unauthenticated requests', async ({ request }) => {\n    const response = await apiRequest(\n      request,\n      'POST',\n      `/api/communication_channels/channels/${FAKE_CHANNEL_ID}/import-history`,\n      // Intentionally empty token \u2014 this test asserts the 401 unauth path.\n      { token: '', data: { sinceDays: 14 } },\n    )\n    expect(response.status()).toBe(401)\n  })\n\n  test('returns 400 on invalid channel id', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'POST',\n      '/api/communication_channels/channels/not-a-uuid/import-history',\n      { token, data: { sinceDays: 14 } },\n    )\n    expect(response.status()).toBe(400)\n  })\n\n  test('returns 400 when body fails Zod validation (sinceDays out of range)', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'POST',\n      `/api/communication_channels/channels/${FAKE_CHANNEL_ID}/import-history`,\n      { token, data: { sinceDays: 9999 } },\n    )\n    expect(response.status()).toBe(400)\n  })\n\n  test('returns 404 for a channel the caller does not own', async ({ request }) => {\n    const token = await getAuthToken(request)\n    const response = await apiRequest(\n      request,\n      'POST',\n      `/api/communication_channels/channels/${FAKE_CHANNEL_ID}/import-history`,\n      { token, data: { sinceDays: 14, maxMessages: 100 } },\n    )\n    // A caller without an organization scope is rejected with 400 (\"No\n    // organization scope\") before the channel lookup; a scoped caller reaches\n    // the channel-not-found branch (404, same shape as access-denied for parity).\n    expect(response.status(), 'route should not 5xx').toBeLessThan(500)\n    expect([400, 403, 404]).toContain(response.status())\n  })\n})\n"],
+  "mappings": "AAAA,SAAS,QAAQ,YAAY;AAC7B,SAAS,oBAAoB;AAC7B,SAAS,kBAAkB;AAmB3B,KAAK,SAAS,qDAAqD,MAAM;AACvE,QAAM,kBAAkB;AAExB,OAAK,oCAAoC,OAAO,EAAE,QAAQ,MAAM;AAC9D,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA,wCAAwC,eAAe;AAAA;AAAA,MAEvD,EAAE,OAAO,IAAI,MAAM,EAAE,WAAW,GAAG,EAAE;AAAA,IACvC;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EACpC,CAAC;AAED,OAAK,qCAAqC,OAAO,EAAE,QAAQ,MAAM;AAC/D,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA,EAAE,OAAO,MAAM,EAAE,WAAW,GAAG,EAAE;AAAA,IACnC;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EACpC,CAAC;AAED,OAAK,uEAAuE,OAAO,EAAE,QAAQ,MAAM;AACjG,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA,wCAAwC,eAAe;AAAA,MACvD,EAAE,OAAO,MAAM,EAAE,WAAW,KAAK,EAAE;AAAA,IACrC;AACA,WAAO,SAAS,OAAO,CAAC,EAAE,KAAK,GAAG;AAAA,EACpC,CAAC;AAED,OAAK,qDAAqD,OAAO,EAAE,QAAQ,MAAM;AAC/E,UAAM,QAAQ,MAAM,aAAa,OAAO;AACxC,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA,wCAAwC,eAAe;AAAA,MACvD,EAAE,OAAO,MAAM,EAAE,WAAW,IAAI,aAAa,IAAI,EAAE;AAAA,IACrD;AAIA,WAAO,SAAS,OAAO,GAAG,sBAAsB,EAAE,aAAa,GAAG;AAClE,WAAO,CAAC,KAAK,KAAK,GAAG,CAAC,EAAE,UAAU,SAAS,OAAO,CAAC;AAAA,EACrD,CAAC;AACH,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-030.spec.js ADDED Viewed

@@ -0,0 +1,6 @@
+import { test } from "@playwright/test";
+test.describe("TC-CHANNEL-EMAIL-030: Sent-folder dedup", () => {
+  test.skip("behavioral coverage: ingest-inbound-message.test.ts (sent-folder dedup contract + dedup \u2192 status=duplicate). Playwright E2E is infeasible \u2014 provider mock seams are process-local.", () => {
+  });
+});
+//# sourceMappingURL=TC-CHANNEL-EMAIL-030.spec.js.map

package/dist/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-030.spec.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/__integration__/TC-CHANNEL-EMAIL-030.spec.ts"],
+  "sourcesContent": ["import { test } from '@playwright/test'\n\n/**\n * TC-CHANNEL-EMAIL-030 \u2014 Sent-folder dedup\n *\n * Spec B \u00A7 Phase B3 \u2014 `ingest-inbound-message.ts` short-circuits when\n * the inbound message's `messageId` matches an outbound\n * `MessageChannelLink.channelMetadata.messageId` we already sent. This\n * prevents IMAP polls of the Sent folder from creating duplicate\n * inbound rows for every outbound the user sent.\n *\n * Contract unit-tested in `ingest-inbound-message.test.ts` (sent-folder\n * dedup describe block). Full E2E in the QA scenario markdown \u2014 send\n * an outbound, observe Sent folder surfaces it, confirm no duplicate\n * `MessageChannelLink` row appears for the inbound direction.\n */\ntest.describe('TC-CHANNEL-EMAIL-030: Sent-folder dedup', () => {\n  test.skip('behavioral coverage: ingest-inbound-message.test.ts (sent-folder dedup contract + dedup \u2192 status=duplicate). Playwright E2E is infeasible \u2014 provider mock seams are process-local.', () => {})\n})\n"],
+  "mappings": "AAAA,SAAS,YAAY;AAgBrB,KAAK,SAAS,2CAA2C,MAAM;AAC7D,OAAK,KAAK,gMAAsL,MAAM;AAAA,EAAC,CAAC;AAC1M,CAAC;",
+  "names": []
+}

package/dist/modules/channel_imap/acl.js ADDED Viewed

@@ -0,0 +1,10 @@
+const features = [
+  { id: "channel_imap.view", title: "View IMAP channel configuration", module: "channel_imap" },
+  { id: "channel_imap.configure", title: "Configure IMAP channel defaults", module: "channel_imap" }
+];
+var acl_default = features;
+export {
+  acl_default as default,
+  features
+};
+//# sourceMappingURL=acl.js.map

package/dist/modules/channel_imap/acl.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/channel_imap/acl.ts"],
+  "sourcesContent": ["export const features = [\n  { id: 'channel_imap.view', title: 'View IMAP channel configuration', module: 'channel_imap' },\n  { id: 'channel_imap.configure', title: 'Configure IMAP channel defaults', module: 'channel_imap' },\n]\n\nexport default features\n"],
+  "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,EAAE,IAAI,qBAAqB,OAAO,mCAAmC,QAAQ,eAAe;AAAA,EAC5F,EAAE,IAAI,0BAA0B,OAAO,mCAAmC,QAAQ,eAAe;AACnG;AAEA,IAAO,cAAQ;",
+  "names": []
+}

package/dist/modules/channel_imap/di.js ADDED Viewed

@@ -0,0 +1,23 @@
+import { asValue } from "awilix";
+import {
+  hasChannelAdapter,
+  registerChannelAdapter
+} from "@open-mercato/core/modules/communication_channels/lib/adapter-registry-singleton";
+import { getImapChannelAdapter } from "./lib/adapter.js";
+import { channelImapHealthCheck } from "./lib/health.js";
+function register(container) {
+  if (!hasChannelAdapter("imap")) {
+    registerChannelAdapter(getImapChannelAdapter());
+  }
+  container.register({
+    channelImapAdapter: asValue(getImapChannelAdapter()),
+    // Registered under the exact service name declared in `integration.ts`
+    // (`healthCheck.service`). Without this, the hub's `container.resolve(...)`
+    // throws and the channel reports permanently 'unhealthy'.
+    channelImapHealthCheck: asValue(channelImapHealthCheck)
+  });
+}
+export {
+  register
+};
+//# sourceMappingURL=di.js.map

package/dist/modules/channel_imap/di.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/channel_imap/di.ts"],
+  "sourcesContent": ["import { asValue } from 'awilix'\nimport type { AppContainer } from '@open-mercato/shared/lib/di/container'\nimport {\n  hasChannelAdapter,\n  registerChannelAdapter,\n} from '@open-mercato/core/modules/communication_channels/lib/adapter-registry-singleton'\nimport { getImapChannelAdapter } from './lib/adapter'\nimport { channelImapHealthCheck } from './lib/health'\n\n/**\n * Re-register the adapter on container creation as a safety net for runtime\n * environments that bypass module setup (worker-only nodes, ad-hoc CLI). The\n * underlying registry is process-wide so the registration is idempotent.\n */\nexport function register(container: AppContainer): void {\n  if (!hasChannelAdapter('imap')) {\n    registerChannelAdapter(getImapChannelAdapter())\n  }\n  container.register({\n    channelImapAdapter: asValue(getImapChannelAdapter()),\n    // Registered under the exact service name declared in `integration.ts`\n    // (`healthCheck.service`). Without this, the hub's `container.resolve(...)`\n    // throws and the channel reports permanently 'unhealthy'.\n    channelImapHealthCheck: asValue(channelImapHealthCheck),\n  })\n}\n"],
+  "mappings": "AAAA,SAAS,eAAe;AAExB;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,6BAA6B;AACtC,SAAS,8BAA8B;AAOhC,SAAS,SAAS,WAA+B;AACtD,MAAI,CAAC,kBAAkB,MAAM,GAAG;AAC9B,2BAAuB,sBAAsB,CAAC;AAAA,EAChD;AACA,YAAU,SAAS;AAAA,IACjB,oBAAoB,QAAQ,sBAAsB,CAAC;AAAA;AAAA;AAAA;AAAA,IAInD,wBAAwB,QAAQ,sBAAsB;AAAA,EACxD,CAAC;AACH;",
+  "names": []
+}

package/dist/modules/channel_imap/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+const metadata = {
+  id: "channel_imap",
+  title: "IMAP + SMTP Email Channel",
+  description: "Connect personal mailboxes via IMAP for inbound polling and SMTP for outbound delivery. Pairs with the Communications Hub (SPEC-045d)."
+};
+export {
+  metadata
+};
+//# sourceMappingURL=index.js.map

package/dist/modules/channel_imap/index.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/channel_imap/index.ts"],
+  "sourcesContent": ["export const metadata = {\n  id: 'channel_imap',\n  title: 'IMAP + SMTP Email Channel',\n  description:\n    'Connect personal mailboxes via IMAP for inbound polling and SMTP for outbound delivery. Pairs with the Communications Hub (SPEC-045d).',\n}\n"],
+  "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,IAAI;AAAA,EACJ,OAAO;AAAA,EACP,aACE;AACJ;",
+  "names": []
+}