npm - @open-mercato/channel-imap - Versions diffs - 0.6.4 - Mend

@open-mercato/channel-imap 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

package/dist/modules/channel_imap/lib/credentials.js ADDED Viewed

@@ -0,0 +1,104 @@
+import { z } from "zod";
+import { parseBooleanWithDefault } from "@open-mercato/shared/lib/boolean";
+const FORBIDDEN_HOST_NAMES = /* @__PURE__ */ new Set([
+  "localhost",
+  "localhost6",
+  "ip6-localhost",
+  "ip6-loopback",
+  "metadata.google.internal"
+]);
+const PRIVATE_IPV4_PATTERNS = [
+  /^(127|10)\./,
+  // 127/8 loopback, 10/8 private
+  /^172\.(1[6-9]|2[0-9]|3[01])\./,
+  // 172.16/12 private
+  /^192\.168\./,
+  // 192.168/16 private
+  /^169\.254\./,
+  // link-local + cloud metadata (169.254.169.254)
+  /^100\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\./,
+  // CGNAT 100.64/10
+  /^0\./
+  // 0.0.0.0/8 reserved
+];
+const PRIVATE_IPV6_PATTERNS = [
+  /^::$/,
+  // unspecified
+  /^::1$/,
+  // loopback
+  /^::ffff:/,
+  // IPv4-mapped (hex-group form; dotted form is unwrapped first)
+  /^(fc|fd)[0-9a-f]{0,2}:/,
+  // unique-local fc00::/7
+  /^fe80:/,
+  // link-local
+  /^(0{1,4}:){7}0{0,3}1$/,
+  // fully-expanded loopback
+  /^(0{1,4}:){7}0{1,4}$/
+  // fully-expanded unspecified
+];
+function isDottedDecimalQuad(host) {
+  const parts = host.split(".");
+  return parts.length === 4 && parts.every((part) => /^\d{1,3}$/.test(part) && Number(part) <= 255);
+}
+function isObfuscatedIpv4(host) {
+  if (host.includes(":")) return false;
+  if (/^\d+$/.test(host)) return true;
+  if (/(^|\.)0x[0-9a-f]+/.test(host)) return true;
+  const labels = host.split(".");
+  if (!labels.every((label) => /^[0-9a-f]+$/.test(label))) return false;
+  if (isDottedDecimalQuad(host) && !labels.some((label) => label.length > 1 && label.startsWith("0"))) return false;
+  return true;
+}
+function normalizeHost(raw) {
+  let host = raw.trim().toLowerCase();
+  if (host.startsWith("[") && host.endsWith("]")) host = host.slice(1, -1);
+  const mappedIpv4 = host.match(/^::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/);
+  if (mappedIpv4) return mappedIpv4[1];
+  return host;
+}
+function isInternalHost(rawHost) {
+  const host = normalizeHost(rawHost);
+  if (!host) return false;
+  if (FORBIDDEN_HOST_NAMES.has(host) || host.endsWith(".localhost")) return true;
+  if (host.includes(":")) return PRIVATE_IPV6_PATTERNS.some((pattern) => pattern.test(host));
+  if (isObfuscatedIpv4(host)) return true;
+  return isDottedDecimalQuad(host) && PRIVATE_IPV4_PATTERNS.some((pattern) => pattern.test(host));
+}
+function assertSafeHost(host, ctx) {
+  if (parseBooleanWithDefault(process.env.OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS, false)) return;
+  if (!host.trim()) return;
+  if (isInternalHost(host)) {
+    ctx.addIssue({
+      code: "custom",
+      message: "Host appears to point at a private or loopback address. If this is intentional, an operator must set OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS=true."
+    });
+  }
+}
+function hostnameSchema(label) {
+  return z.string().min(1, `${label} host required`).max(253, `${label} host too long`).superRefine((value, ctx) => assertSafeHost(value, ctx));
+}
+const imapCredentialsSchema = z.object({
+  imapHost: hostnameSchema("IMAP"),
+  imapPort: z.coerce.number().int().min(1, "IMAP port must be a positive integer").max(65535, "IMAP port must be <= 65535"),
+  imapTls: z.enum(["tls", "starttls", "none"]),
+  imapUser: z.string().min(1, "IMAP username required"),
+  imapPassword: z.string().min(1, "IMAP password required"),
+  smtpHost: hostnameSchema("SMTP"),
+  smtpPort: z.coerce.number().int().min(1, "SMTP port must be a positive integer").max(65535, "SMTP port must be <= 65535"),
+  smtpTls: z.enum(["tls", "starttls", "none"]),
+  smtpUser: z.string().min(1, "SMTP username required"),
+  smtpPassword: z.string().min(1, "SMTP password required"),
+  fromAddress: z.string().email("From address must be a valid email")
+}).passthrough();
+const imapChannelStateSchema = z.object({
+  uidValidity: z.union([z.number(), z.string()]).optional(),
+  uidNext: z.union([z.number(), z.string()]).optional(),
+  lastFolder: z.string().optional()
+}).partial().passthrough();
+export {
+  imapChannelStateSchema,
+  imapCredentialsSchema,
+  isInternalHost
+};
+//# sourceMappingURL=credentials.js.map

package/dist/modules/channel_imap/lib/credentials.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/lib/credentials.ts"],
+  "sourcesContent": ["import { z } from 'zod'\nimport { parseBooleanWithDefault } from '@open-mercato/shared/lib/boolean'\n\n/**\n * SSRF guard: reject hostnames that resolve to internal networks. Operators\n * configure their own IMAP/SMTP server, so the host string is attacker-controlled\n * in a per-user-channel context. Blocking these prevents the credential-validation\n * flow from acting as a port scanner or leaking the platform's outbound IP to\n * internal infrastructure (cloud metadata endpoints, kube-apiserver, RDS, etc).\n *\n * The check is string-based: it rejects literal internal IPs, `localhost`, and\n * the obfuscated encodings that exist to evade such filters (IPv4-mapped IPv6,\n * decimal/hex/octal/short-form IPv4, bracketed and expanded IPv6). It does NOT\n * by itself catch a public hostname that resolves \u2014 or is DNS-rebound \u2014 to a\n * private address; that gap is closed at connect time by `resolveSafeHostAddress`\n * (`host-pinning.ts`), which resolves the host, rejects any internal resolved\n * address, and pins the connection to the validated IP. Operators with a\n * genuinely private IMAP host set `OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS=true`.\n */\nconst FORBIDDEN_HOST_NAMES = new Set([\n  'localhost',\n  'localhost6',\n  'ip6-localhost',\n  'ip6-loopback',\n  'metadata.google.internal',\n])\n\nconst PRIVATE_IPV4_PATTERNS: RegExp[] = [\n  /^(127|10)\\./,                                    // 127/8 loopback, 10/8 private\n  /^172\\.(1[6-9]|2[0-9]|3[01])\\./,                  // 172.16/12 private\n  /^192\\.168\\./,                                    // 192.168/16 private\n  /^169\\.254\\./,                                    // link-local + cloud metadata (169.254.169.254)\n  /^100\\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\\./, // CGNAT 100.64/10\n  /^0\\./,                                           // 0.0.0.0/8 reserved\n]\n\nconst PRIVATE_IPV6_PATTERNS: RegExp[] = [\n  /^::$/,                                            // unspecified\n  /^::1$/,                                           // loopback\n  /^::ffff:/,                                        // IPv4-mapped (hex-group form; dotted form is unwrapped first)\n  /^(fc|fd)[0-9a-f]{0,2}:/,                          // unique-local fc00::/7\n  /^fe80:/,                                          // link-local\n  /^(0{1,4}:){7}0{0,3}1$/,                           // fully-expanded loopback\n  /^(0{1,4}:){7}0{1,4}$/,                            // fully-expanded unspecified\n]\n\nfunction isDottedDecimalQuad(host: string): boolean {\n  const parts = host.split('.')\n  return parts.length === 4 && parts.every((part) => /^\\d{1,3}$/.test(part) && Number(part) <= 255)\n}\n\n/**\n * True when `host` is an obfuscated IPv4 encoding \u2014 decimal integer\n * (`2130706433`), hex (`0x7f.0.0.1`), octal (`0177.0.0.1`) or short form\n * (`127.1`). These forms exist almost exclusively to bypass SSRF string filters,\n * so we reject them outright; legitimate operators use a hostname or a standard\n * dotted-decimal quad.\n */\nfunction isObfuscatedIpv4(host: string): boolean {\n  if (host.includes(':')) return false\n  if (/^\\d+$/.test(host)) return true\n  if (/(^|\\.)0x[0-9a-f]+/.test(host)) return true\n  const labels = host.split('.')\n  if (!labels.every((label) => /^[0-9a-f]+$/.test(label))) return false\n  if (isDottedDecimalQuad(host) && !labels.some((label) => label.length > 1 && label.startsWith('0'))) return false\n  return true\n}\n\nfunction normalizeHost(raw: string): string {\n  let host = raw.trim().toLowerCase()\n  if (host.startsWith('[') && host.endsWith(']')) host = host.slice(1, -1)\n  const mappedIpv4 = host.match(/^::ffff:(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})$/)\n  if (mappedIpv4) return mappedIpv4[1]\n  return host\n}\n\n/**\n * Classify a host as internal/loopback/metadata, ignoring the operator escape\n * hatch. Exported so the SSRF guard can be asserted directly in unit tests.\n */\nexport function isInternalHost(rawHost: string): boolean {\n  const host = normalizeHost(rawHost)\n  if (!host) return false\n  if (FORBIDDEN_HOST_NAMES.has(host) || host.endsWith('.localhost')) return true\n  if (host.includes(':')) return PRIVATE_IPV6_PATTERNS.some((pattern) => pattern.test(host))\n  if (isObfuscatedIpv4(host)) return true\n  // Only treat the private-range patterns as internal for a real dotted-decimal\n  // quad. Otherwise a hostname whose first label merely looks like a private\n  // range (e.g. `0.mx.example.com`, `10.example.com`) is wrongly rejected.\n  // Obfuscated/short IPv4 forms were already caught above, so anything reaching\n  // here is either a quad or a genuine hostname.\n  return isDottedDecimalQuad(host) && PRIVATE_IPV4_PATTERNS.some((pattern) => pattern.test(host))\n}\n\nfunction assertSafeHost(host: string, ctx: { addIssue: (issue: { code: 'custom'; message: string }) => void }): void {\n  if (parseBooleanWithDefault(process.env.OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS, false)) return\n  if (!host.trim()) return\n  if (isInternalHost(host)) {\n    ctx.addIssue({\n      code: 'custom',\n      message:\n        'Host appears to point at a private or loopback address. If this is intentional, an operator must set OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS=true.',\n    })\n  }\n}\n\nfunction hostnameSchema(label: 'IMAP' | 'SMTP') {\n  return z\n    .string()\n    .min(1, `${label} host required`)\n    .max(253, `${label} host too long`)\n    .superRefine((value, ctx) => assertSafeHost(value, ctx))\n}\n\n/**\n * Per-user IMAP+SMTP credentials. Validated whenever a user connects a new\n * channel (`POST /api/communication_channels/channels/connect/credentials`) and\n * before every outbound send / inbound poll.\n *\n * The hub persists this blob inside `IntegrationCredentials.credentials` (encrypted\n * at rest). Do not log credential values; the adapter logs `<redacted>` for any\n * password-shaped key.\n */\nexport const imapCredentialsSchema = z\n  .object({\n    imapHost: hostnameSchema('IMAP'),\n    imapPort: z.coerce\n      .number()\n      .int()\n      .min(1, 'IMAP port must be a positive integer')\n      .max(65535, 'IMAP port must be <= 65535'),\n    imapTls: z.enum(['tls', 'starttls', 'none']),\n    imapUser: z.string().min(1, 'IMAP username required'),\n    imapPassword: z.string().min(1, 'IMAP password required'),\n\n    smtpHost: hostnameSchema('SMTP'),\n    smtpPort: z.coerce\n      .number()\n      .int()\n      .min(1, 'SMTP port must be a positive integer')\n      .max(65535, 'SMTP port must be <= 65535'),\n    smtpTls: z.enum(['tls', 'starttls', 'none']),\n    smtpUser: z.string().min(1, 'SMTP username required'),\n    smtpPassword: z.string().min(1, 'SMTP password required'),\n\n    fromAddress: z.string().email('From address must be a valid email'),\n  })\n  // `.passthrough()` (not `.strict()`) so the connect-credential-channel command\n  // can stash bookkeeping fields like `userId` alongside the user-entered\n  // credentials. Strict was rejecting any extra key with \"Unrecognized key\" and\n  // blocking outbound SMTP after a real user connected via the per-user flow.\n  .passthrough()\n\nexport type ImapCredentials = z.infer<typeof imapCredentialsSchema>\n\n/**\n * Internal poll-state stored on `CommunicationChannel.channelState` so we can\n * resume polling without re-scanning the entire mailbox each tick.\n *\n *   uidValidity \u2014 IMAP UIDVALIDITY for INBOX; if it changes we must full-resync.\n *   uidNext     \u2014 UIDNEXT for INBOX; subsequent polls fetch `<previous uidNext>:*`.\n */\nexport const imapChannelStateSchema = z\n  .object({\n    uidValidity: z.union([z.number(), z.string()]).optional(),\n    uidNext: z.union([z.number(), z.string()]).optional(),\n    lastFolder: z.string().optional(),\n  })\n  .partial()\n  .passthrough()\n\nexport type ImapChannelState = z.infer<typeof imapChannelStateSchema>\n"],
+  "mappings": "AAAA,SAAS,SAAS;AAClB,SAAS,+BAA+B;AAkBxC,MAAM,uBAAuB,oBAAI,IAAI;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,MAAM,wBAAkC;AAAA,EACtC;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAEA,MAAM,wBAAkC;AAAA,EACtC;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAEA,SAAS,oBAAoB,MAAuB;AAClD,QAAM,QAAQ,KAAK,MAAM,GAAG;AAC5B,SAAO,MAAM,WAAW,KAAK,MAAM,MAAM,CAAC,SAAS,YAAY,KAAK,IAAI,KAAK,OAAO,IAAI,KAAK,GAAG;AAClG;AASA,SAAS,iBAAiB,MAAuB;AAC/C,MAAI,KAAK,SAAS,GAAG,EAAG,QAAO;AAC/B,MAAI,QAAQ,KAAK,IAAI,EAAG,QAAO;AAC/B,MAAI,oBAAoB,KAAK,IAAI,EAAG,QAAO;AAC3C,QAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,MAAI,CAAC,OAAO,MAAM,CAAC,UAAU,cAAc,KAAK,KAAK,CAAC,EAAG,QAAO;AAChE,MAAI,oBAAoB,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC,UAAU,MAAM,SAAS,KAAK,MAAM,WAAW,GAAG,CAAC,EAAG,QAAO;AAC5G,SAAO;AACT;AAEA,SAAS,cAAc,KAAqB;AAC1C,MAAI,OAAO,IAAI,KAAK,EAAE,YAAY;AAClC,MAAI,KAAK,WAAW,GAAG,KAAK,KAAK,SAAS,GAAG,EAAG,QAAO,KAAK,MAAM,GAAG,EAAE;AACvE,QAAM,aAAa,KAAK,MAAM,+CAA+C;AAC7E,MAAI,WAAY,QAAO,WAAW,CAAC;AACnC,SAAO;AACT;AAMO,SAAS,eAAe,SAA0B;AACvD,QAAM,OAAO,cAAc,OAAO;AAClC,MAAI,CAAC,KAAM,QAAO;AAClB,MAAI,qBAAqB,IAAI,IAAI,KAAK,KAAK,SAAS,YAAY,EAAG,QAAO;AAC1E,MAAI,KAAK,SAAS,GAAG,EAAG,QAAO,sBAAsB,KAAK,CAAC,YAAY,QAAQ,KAAK,IAAI,CAAC;AACzF,MAAI,iBAAiB,IAAI,EAAG,QAAO;AAMnC,SAAO,oBAAoB,IAAI,KAAK,sBAAsB,KAAK,CAAC,YAAY,QAAQ,KAAK,IAAI,CAAC;AAChG;AAEA,SAAS,eAAe,MAAc,KAA+E;AACnH,MAAI,wBAAwB,QAAQ,IAAI,sCAAsC,KAAK,EAAG;AACtF,MAAI,CAAC,KAAK,KAAK,EAAG;AAClB,MAAI,eAAe,IAAI,GAAG;AACxB,QAAI,SAAS;AAAA,MACX,MAAM;AAAA,MACN,SACE;AAAA,IACJ,CAAC;AAAA,EACH;AACF;AAEA,SAAS,eAAe,OAAwB;AAC9C,SAAO,EACJ,OAAO,EACP,IAAI,GAAG,GAAG,KAAK,gBAAgB,EAC/B,IAAI,KAAK,GAAG,KAAK,gBAAgB,EACjC,YAAY,CAAC,OAAO,QAAQ,eAAe,OAAO,GAAG,CAAC;AAC3D;AAWO,MAAM,wBAAwB,EAClC,OAAO;AAAA,EACN,UAAU,eAAe,MAAM;AAAA,EAC/B,UAAU,EAAE,OACT,OAAO,EACP,IAAI,EACJ,IAAI,GAAG,sCAAsC,EAC7C,IAAI,OAAO,4BAA4B;AAAA,EAC1C,SAAS,EAAE,KAAK,CAAC,OAAO,YAAY,MAAM,CAAC;AAAA,EAC3C,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACpD,cAAc,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EAExD,UAAU,eAAe,MAAM;AAAA,EAC/B,UAAU,EAAE,OACT,OAAO,EACP,IAAI,EACJ,IAAI,GAAG,sCAAsC,EAC7C,IAAI,OAAO,4BAA4B;AAAA,EAC1C,SAAS,EAAE,KAAK,CAAC,OAAO,YAAY,MAAM,CAAC;AAAA,EAC3C,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EACpD,cAAc,EAAE,OAAO,EAAE,IAAI,GAAG,wBAAwB;AAAA,EAExD,aAAa,EAAE,OAAO,EAAE,MAAM,oCAAoC;AACpE,CAAC,EAKA,YAAY;AAWR,MAAM,yBAAyB,EACnC,OAAO;AAAA,EACN,aAAa,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,SAAS;AAAA,EACxD,SAAS,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC,EAAE,SAAS;AAAA,EACpD,YAAY,EAAE,OAAO,EAAE,SAAS;AAClC,CAAC,EACA,QAAQ,EACR,YAAY;",
+  "names": []
+}

package/dist/modules/channel_imap/lib/health.js ADDED Viewed

@@ -0,0 +1,39 @@
+import { imapCredentialsSchema } from "./credentials.js";
+import { credentialsToConnection, getImapClient } from "./imap-client.js";
+const channelImapHealthCheck = {
+  async check(credentials, _scope) {
+    const parsed = imapCredentialsSchema.safeParse(credentials ?? {});
+    if (!parsed.success) {
+      const first = parsed.error.issues[0];
+      return {
+        status: "unhealthy",
+        message: `IMAP credentials invalid: ${first?.message ?? "unknown validation error"}`,
+        details: { reason: "invalid_credentials" }
+      };
+    }
+    try {
+      const result = await getImapClient().connectAndValidate({
+        ...credentialsToConnection(parsed.data),
+        connectTimeoutMs: 8e3
+      });
+      return {
+        status: "healthy",
+        message: "IMAP login succeeded",
+        details: { capabilities: result.capabilities }
+      };
+    } catch (error) {
+      const raw = error instanceof Error ? error.message : "IMAP login failed";
+      const message = raw.replace(/^\[internal\]\s*/, "");
+      const isTransportPolicy = /cleartext transport/i.test(message);
+      return {
+        status: "unhealthy",
+        message: isTransportPolicy ? `IMAP transport not allowed: ${message}` : `IMAP login failed: ${message}`,
+        details: { reason: isTransportPolicy ? "insecure_transport" : "imap_login_failed" }
+      };
+    }
+  }
+};
+export {
+  channelImapHealthCheck
+};
+//# sourceMappingURL=health.js.map

package/dist/modules/channel_imap/lib/health.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/lib/health.ts"],
+  "sourcesContent": ["import type { IntegrationScope } from '@open-mercato/shared/modules/integrations/types'\nimport { imapCredentialsSchema } from './credentials'\nimport { credentialsToConnection, getImapClient } from './imap-client'\n\nexport type HealthCheckStatus = 'healthy' | 'degraded' | 'unhealthy'\n\nexport interface HealthCheckResult {\n  status: HealthCheckStatus\n  message?: string\n  details?: Record<string, unknown>\n}\n\n/**\n * Liveness probe for the IMAP/SMTP integration. The hub resolves it by the\n * service name declared in `integration.ts` (`channelImapHealthCheck`) and\n * passes the tenant/user-scoped `IntegrationCredentials` row \u2014 the full\n * IMAP+SMTP connection blob.\n *\n * Unlike the OAuth channels, IMAP credentials carry everything needed for a\n * real probe, so we do a cheap LOGIN: open the IMAP connection, read\n * capabilities, log out. We deliberately probe IMAP only (the inbound side) and\n * skip the SMTP `verify` round-trip to keep the check cheap. The probe passes a\n * tighter 8s connect/greeting timeout (below the hub's 10s health-check budget)\n * so a slow/unreachable host fails fast as `unhealthy` here with an actionable\n * reason, rather than losing the race to the hub's generic timeout; polling is\n * unaffected (it uses the default 15s connect + 60s socket timeouts).\n * Auth/connection failures surface as `unhealthy`; a clean LOGIN is `healthy`.\n */\nexport const channelImapHealthCheck = {\n  async check(\n    credentials: Record<string, unknown> | null,\n    _scope: IntegrationScope,\n  ): Promise<HealthCheckResult> {\n    const parsed = imapCredentialsSchema.safeParse(credentials ?? {})\n    if (!parsed.success) {\n      const first = parsed.error.issues[0]\n      return {\n        status: 'unhealthy',\n        message: `IMAP credentials invalid: ${first?.message ?? 'unknown validation error'}`,\n        details: { reason: 'invalid_credentials' },\n      }\n    }\n    try {\n      const result = await getImapClient().connectAndValidate({\n        ...credentialsToConnection(parsed.data),\n        connectTimeoutMs: 8_000,\n      })\n      return {\n        status: 'healthy',\n        message: 'IMAP login succeeded',\n        details: { capabilities: result.capabilities },\n      }\n    } catch (error) {\n      const raw = error instanceof Error ? error.message : 'IMAP login failed'\n      // Strip the internal-only marker so a policy/diagnostic string never\n      // reaches an operator-facing health message, and distinguish a\n      // transport-policy rejection (cleartext not opted in) from a real login\n      // failure so operators get an actionable reason code.\n      const message = raw.replace(/^\\[internal\\]\\s*/, '')\n      const isTransportPolicy = /cleartext transport/i.test(message)\n      return {\n        status: 'unhealthy',\n        message: isTransportPolicy\n          ? `IMAP transport not allowed: ${message}`\n          : `IMAP login failed: ${message}`,\n        details: { reason: isTransportPolicy ? 'insecure_transport' : 'imap_login_failed' },\n      }\n    }\n  },\n}\n"],
+  "mappings": "AACA,SAAS,6BAA6B;AACtC,SAAS,yBAAyB,qBAAqB;AA0BhD,MAAM,yBAAyB;AAAA,EACpC,MAAM,MACJ,aACA,QAC4B;AAC5B,UAAM,SAAS,sBAAsB,UAAU,eAAe,CAAC,CAAC;AAChE,QAAI,CAAC,OAAO,SAAS;AACnB,YAAM,QAAQ,OAAO,MAAM,OAAO,CAAC;AACnC,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,6BAA6B,OAAO,WAAW,0BAA0B;AAAA,QAClF,SAAS,EAAE,QAAQ,sBAAsB;AAAA,MAC3C;AAAA,IACF;AACA,QAAI;AACF,YAAM,SAAS,MAAM,cAAc,EAAE,mBAAmB;AAAA,QACtD,GAAG,wBAAwB,OAAO,IAAI;AAAA,QACtC,kBAAkB;AAAA,MACpB,CAAC;AACD,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,SAAS,EAAE,cAAc,OAAO,aAAa;AAAA,MAC/C;AAAA,IACF,SAAS,OAAO;AACd,YAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU;AAKrD,YAAM,UAAU,IAAI,QAAQ,oBAAoB,EAAE;AAClD,YAAM,oBAAoB,uBAAuB,KAAK,OAAO;AAC7D,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,oBACL,+BAA+B,OAAO,KACtC,sBAAsB,OAAO;AAAA,QACjC,SAAS,EAAE,QAAQ,oBAAoB,uBAAuB,oBAAoB;AAAA,MACpF;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/modules/channel_imap/lib/host-pinning.js ADDED Viewed

@@ -0,0 +1,34 @@
+import { lookup as dnsLookup } from "node:dns/promises";
+import { isIP } from "node:net";
+import { parseBooleanWithDefault } from "@open-mercato/shared/lib/boolean";
+import { isInternalHost } from "./credentials.js";
+const INTERNAL_RESOLVED_MESSAGE = "Host resolves to a private or loopback address. If this is intentional, an operator must set OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS=true.";
+const UNRESOLVABLE_MESSAGE = "Host did not resolve to any address.";
+function stripBrackets(host) {
+  return host.startsWith("[") && host.endsWith("]") ? host.slice(1, -1) : host;
+}
+async function resolveSafeHostAddress(host, options = {}) {
+  const trimmed = host.trim();
+  if (parseBooleanWithDefault(process.env.OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS, false)) {
+    return { host: trimmed };
+  }
+  if (isIP(stripBrackets(trimmed)) !== 0) {
+    if (isInternalHost(trimmed)) throw new Error(`[internal] ${INTERNAL_RESOLVED_MESSAGE}`);
+    return { host: trimmed };
+  }
+  const resolve = options.lookup ?? ((hostname) => dnsLookup(hostname, { all: true, verbatim: true }));
+  const records = await resolve(trimmed);
+  if (!Array.isArray(records) || records.length === 0) {
+    throw new Error(`[internal] ${UNRESOLVABLE_MESSAGE}`);
+  }
+  for (const record of records) {
+    if (isInternalHost(record.address)) {
+      throw new Error(`[internal] ${INTERNAL_RESOLVED_MESSAGE}`);
+    }
+  }
+  return { host: records[0].address, servername: trimmed };
+}
+export {
+  resolveSafeHostAddress
+};
+//# sourceMappingURL=host-pinning.js.map

package/dist/modules/channel_imap/lib/host-pinning.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/lib/host-pinning.ts"],
+  "sourcesContent": ["import { lookup as dnsLookup } from 'node:dns/promises'\nimport { isIP } from 'node:net'\nimport { parseBooleanWithDefault } from '@open-mercato/shared/lib/boolean'\nimport { isInternalHost } from './credentials'\n\nexport type HostLookup = (hostname: string) => Promise<Array<{ address: string; family: number }>>\n\nconst INTERNAL_RESOLVED_MESSAGE =\n  'Host resolves to a private or loopback address. If this is intentional, an operator must set OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS=true.'\n\nconst UNRESOLVABLE_MESSAGE = 'Host did not resolve to any address.'\n\nfunction stripBrackets(host: string): string {\n  return host.startsWith('[') && host.endsWith(']') ? host.slice(1, -1) : host\n}\n\n/**\n * Resolve `host` to an IP and assert every resolved address is public, then pin\n * the connection to that IP. Closes the DNS-rebinding gap the string-only SSRF\n * guard (`isInternalHost`) leaves open: a public hostname that resolves \u2014 or is\n * rebound between validation and connect \u2014 to an internal address is rejected\n * here, and the returned IP is what the caller actually connects to (no second\n * lookup the attacker could race).\n *\n * - Literal IPs (already SSRF-checked by the credential schema) are returned\n *   unchanged with no `servername`.\n * - Hostnames are resolved to every A/AAAA record; if ANY resolved address is\n *   internal the call throws. The validated IP is returned as `host` and the\n *   original hostname as `servername`, so TLS SNI + certificate hostname\n *   verification still target the real host even though we dial the IP.\n * - Honors `OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS`: when set, resolution is\n *   skipped and the host is used verbatim (operators with a genuinely internal\n *   mail server).\n */\nexport async function resolveSafeHostAddress(\n  host: string,\n  options: { lookup?: HostLookup } = {},\n): Promise<{ host: string; servername?: string }> {\n  const trimmed = host.trim()\n  if (parseBooleanWithDefault(process.env.OM_CHANNEL_IMAP_ALLOW_INTERNAL_HOSTS, false)) {\n    return { host: trimmed }\n  }\n  if (isIP(stripBrackets(trimmed)) !== 0) {\n    if (isInternalHost(trimmed)) throw new Error(`[internal] ${INTERNAL_RESOLVED_MESSAGE}`)\n    return { host: trimmed }\n  }\n  const resolve =\n    options.lookup ?? ((hostname: string) => dnsLookup(hostname, { all: true, verbatim: true }))\n  const records = await resolve(trimmed)\n  if (!Array.isArray(records) || records.length === 0) {\n    throw new Error(`[internal] ${UNRESOLVABLE_MESSAGE}`)\n  }\n  for (const record of records) {\n    if (isInternalHost(record.address)) {\n      throw new Error(`[internal] ${INTERNAL_RESOLVED_MESSAGE}`)\n    }\n  }\n  return { host: records[0].address, servername: trimmed }\n}\n"],
+  "mappings": "AAAA,SAAS,UAAU,iBAAiB;AACpC,SAAS,YAAY;AACrB,SAAS,+BAA+B;AACxC,SAAS,sBAAsB;AAI/B,MAAM,4BACJ;AAEF,MAAM,uBAAuB;AAE7B,SAAS,cAAc,MAAsB;AAC3C,SAAO,KAAK,WAAW,GAAG,KAAK,KAAK,SAAS,GAAG,IAAI,KAAK,MAAM,GAAG,EAAE,IAAI;AAC1E;AAoBA,eAAsB,uBACpB,MACA,UAAmC,CAAC,GACY;AAChD,QAAM,UAAU,KAAK,KAAK;AAC1B,MAAI,wBAAwB,QAAQ,IAAI,sCAAsC,KAAK,GAAG;AACpF,WAAO,EAAE,MAAM,QAAQ;AAAA,EACzB;AACA,MAAI,KAAK,cAAc,OAAO,CAAC,MAAM,GAAG;AACtC,QAAI,eAAe,OAAO,EAAG,OAAM,IAAI,MAAM,cAAc,yBAAyB,EAAE;AACtF,WAAO,EAAE,MAAM,QAAQ;AAAA,EACzB;AACA,QAAM,UACJ,QAAQ,WAAW,CAAC,aAAqB,UAAU,UAAU,EAAE,KAAK,MAAM,UAAU,KAAK,CAAC;AAC5F,QAAM,UAAU,MAAM,QAAQ,OAAO;AACrC,MAAI,CAAC,MAAM,QAAQ,OAAO,KAAK,QAAQ,WAAW,GAAG;AACnD,UAAM,IAAI,MAAM,cAAc,oBAAoB,EAAE;AAAA,EACtD;AACA,aAAW,UAAU,SAAS;AAC5B,QAAI,eAAe,OAAO,OAAO,GAAG;AAClC,YAAM,IAAI,MAAM,cAAc,yBAAyB,EAAE;AAAA,IAC3D;AAAA,EACF;AACA,SAAO,EAAE,MAAM,QAAQ,CAAC,EAAE,SAAS,YAAY,QAAQ;AACzD;",
+  "names": []
+}

package/dist/modules/channel_imap/lib/imap-client.js ADDED Viewed

@@ -0,0 +1,210 @@
+import { resolveSafeHostAddress } from "./host-pinning.js";
+import { assertTransportAllowed } from "./transport.js";
+class ImapflowClient {
+  async openConnection(options) {
+    const { ImapFlow } = await loadImapFlow();
+    const pinned = await resolveSafeHostAddress(options.host);
+    const client = new ImapFlow({
+      host: pinned.host,
+      port: options.port,
+      secure: options.transport === "tls",
+      auth: { user: options.user, pass: options.pass },
+      // Enforce certificate verification on every encrypted transport (implicit
+      // TLS and STARTTLS). Only cleartext ('none', gated behind an env opt-in)
+      // omits the TLS options. Mirrors the SMTP client so an upstream default
+      // change can't silently disable cert checks.
+      tls: options.transport === "none" ? void 0 : { rejectUnauthorized: true, ...pinned.servername ? { servername: pinned.servername } : {} },
+      logger: false,
+      // Gmail's IMAP can take 15-30s to respond to NAMESPACE under load even
+      // after a successful AUTHENTICATE — observed during demo with valid
+      // credentials and clean TLS. A 10s socket timeout aborts the command
+      // mid-stream and surfaces as "NoConnection"/"Unexpected close" to the
+      // worker, which then marks the channel as 'error'. 60s is enough for
+      // any reasonable IMAP server while still bailing on truly dead hosts.
+      socketTimeout: options.timeoutMs ?? 6e4,
+      // Initial TCP+TLS handshake is usually fast; cap at 15s so a non-responsive
+      // host bails before the UI flow stalls. Greeting can be slow on some
+      // providers (Gmail occasionally takes 5-10s), so allow 15s there too.
+      connectionTimeout: options.connectTimeoutMs ?? 15e3,
+      greetingTimeout: options.connectTimeoutMs ?? 15e3
+    });
+    const eventClient = client;
+    if (typeof eventClient.on === "function") {
+      eventClient.on("error", () => {
+      });
+    }
+    await client.connect();
+    if (options.transport === "starttls") {
+      const secured = client.secureConnection === true;
+      if (!secured) {
+        await client.logout().catch(() => void 0);
+        throw new Error(
+          "IMAP server did not advertise STARTTLS \u2014 cannot authenticate over cleartext. Switch transport to tls (port 993) or contact the mailbox provider."
+        );
+      }
+    }
+    return client;
+  }
+  async connectAndValidate(options) {
+    const client = await this.openConnection(options);
+    try {
+      const capabilityKeys = extractCapabilityKeys(client);
+      return { capabilities: capabilityKeys };
+    } finally {
+      await client.logout().catch(() => void 0);
+    }
+  }
+  async selectInbox(options) {
+    const client = await this.openConnection(options);
+    try {
+      const lock = await client.getMailboxLock("INBOX");
+      try {
+        const mailbox = client.mailbox;
+        if (!mailbox) return {};
+        return {
+          uidValidity: typeof mailbox.uidValidity === "bigint" ? Number(mailbox.uidValidity) : mailbox.uidValidity,
+          uidNext: typeof mailbox.uidNext === "bigint" ? Number(mailbox.uidNext) : mailbox.uidNext,
+          exists: mailbox.exists
+        };
+      } finally {
+        lock.release();
+      }
+    } finally {
+      await client.logout().catch(() => void 0);
+    }
+  }
+  async fetchUidRange(options, range, opts = {}) {
+    const client = await this.openConnection(options);
+    const out = [];
+    try {
+      const lock = await client.getMailboxLock("INBOX");
+      try {
+        const iterator = client.fetch(
+          range,
+          { uid: true, source: true, internalDate: true, flags: true },
+          { uid: true }
+        );
+        for await (const message of iterator) {
+          if (!message.source) continue;
+          out.push({
+            uid: Number(message.uid),
+            rawBody: Buffer.isBuffer(message.source) ? message.source : Buffer.from(message.source),
+            internalDate: message.internalDate ? new Date(message.internalDate) : void 0,
+            flags: message.flags ? Array.from(message.flags) : void 0
+          });
+          if (opts.limit && out.length >= opts.limit) break;
+        }
+      } finally {
+        lock.release();
+      }
+    } finally {
+      await client.logout().catch(() => void 0);
+    }
+    return out;
+  }
+  async searchUidsByFromAndSince(options, criteria) {
+    const client = await this.openConnection(options);
+    try {
+      const lock = await client.getMailboxLock("INBOX");
+      try {
+        const query = {};
+        const addresses = (criteria.fromAddresses ?? []).map((s) => typeof s === "string" ? s.trim() : "").filter((s) => s.length > 0);
+        if (addresses.length === 1) {
+          query.from = addresses[0];
+        } else if (addresses.length > 1) {
+          let acc = { from: addresses[addresses.length - 1] };
+          for (let i = addresses.length - 2; i >= 0; i--) {
+            acc = { or: [{ from: addresses[i] }, acc] };
+          }
+          Object.assign(query, acc);
+        }
+        if (criteria.sinceDate instanceof Date && !Number.isNaN(criteria.sinceDate.getTime())) {
+          query.since = criteria.sinceDate;
+        }
+        if (Object.keys(query).length === 0) return [];
+        const searchFn = client.search;
+        if (typeof searchFn !== "function") return [];
+        const raw = await searchFn.call(client, query, { uid: true });
+        if (raw === false || !Array.isArray(raw)) return [];
+        return raw.map((u) => typeof u === "bigint" ? Number(u) : u).filter((u) => Number.isFinite(u));
+      } finally {
+        lock.release();
+      }
+    } finally {
+      await client.logout().catch(() => void 0);
+    }
+  }
+  async appendSent(options, rawMessage) {
+    const client = await this.openConnection(options);
+    try {
+      const sentMailbox = await resolveSentMailbox(client);
+      await client.append(sentMailbox, rawMessage, ["\\Seen"]);
+    } finally {
+      await client.logout().catch(() => void 0);
+    }
+  }
+}
+function pickSentMailbox(mailboxes) {
+  if (Array.isArray(mailboxes)) {
+    const sent = mailboxes.find(
+      (mailbox) => mailbox?.specialUse === "\\Sent" && typeof mailbox.path === "string" && mailbox.path.length > 0
+    );
+    if (sent?.path) return sent.path;
+  }
+  return "Sent";
+}
+async function resolveSentMailbox(client) {
+  try {
+    const mailboxes = typeof client.list === "function" ? await client.list() : void 0;
+    return pickSentMailbox(mailboxes);
+  } catch {
+    return "Sent";
+  }
+}
+function extractCapabilityKeys(client) {
+  const fromServerInfo = client.serverInfo?.capability;
+  if (fromServerInfo) {
+    return Array.from(fromServerInfo).map((value) => String(value).toUpperCase());
+  }
+  const caps = client.capabilities;
+  if (!caps) return [];
+  if (caps instanceof Map) {
+    return Array.from(caps.keys()).map((value) => String(value).toUpperCase());
+  }
+  return Array.from(caps).map((value) => String(value).toUpperCase());
+}
+async function loadImapFlow() {
+  const mod = await import("imapflow");
+  return { ImapFlow: mod.ImapFlow };
+}
+let cachedClient = null;
+function getImapClient() {
+  if (!cachedClient) cachedClient = new ImapflowClient();
+  return cachedClient;
+}
+function setImapClient(client) {
+  cachedClient = client;
+}
+function credentialsToConnection(credentials) {
+  assertTransportAllowed(credentials);
+  const timeoutMs = resolveSocketTimeoutMs();
+  return {
+    host: credentials.imapHost,
+    port: Number(credentials.imapPort),
+    user: credentials.imapUser,
+    pass: credentials.imapPassword,
+    transport: credentials.imapTls,
+    ...timeoutMs !== void 0 ? { timeoutMs } : {}
+  };
+}
+function resolveSocketTimeoutMs() {
+  const raw = Number.parseInt(process.env.OM_CHANNEL_IMAP_SOCKET_TIMEOUT_MS ?? "", 10);
+  return Number.isFinite(raw) && raw > 0 ? raw : void 0;
+}
+export {
+  credentialsToConnection,
+  getImapClient,
+  pickSentMailbox,
+  setImapClient
+};
+//# sourceMappingURL=imap-client.js.map

package/dist/modules/channel_imap/lib/imap-client.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/lib/imap-client.ts"],
+  "sourcesContent": ["import type { ImapCredentials } from './credentials'\nimport { resolveSafeHostAddress } from './host-pinning'\nimport { assertTransportAllowed } from './transport'\n\n/**\n * Thin wrapper around `imapflow` so the adapter and tests can stay agnostic of\n * the SDK shape. We only expose the operations the adapter actually performs:\n *   - `connectAndValidate` \u2014 open + LOGIN + LIST capabilities (used by `validateCredentials`)\n *   - `selectInbox` \u2014 open the INBOX mailbox and read UIDVALIDITY / UIDNEXT\n *   - `fetchUidRange` \u2014 fetch RFC822 bodies for a UID range (used by polling worker)\n *   - `appendSent` \u2014 append a sent message to the Sent folder if available\n *\n * The wrapper avoids leaking `imapflow` types to callers so we can swap to\n * `node-imap` or a mock without touching adapter code.\n */\n\nexport type ImapTransport = 'tls' | 'starttls' | 'none'\n\nexport interface ImapConnectionOptions {\n  host: string\n  port: number\n  user: string\n  pass: string\n  transport: ImapTransport\n  /** Connection + greeting timeout (ms). Default 60000 (Spec B). */\n  timeoutMs?: number\n  /**\n   * TCP+TLS connect + greeting timeout (ms). Default 15000. The health probe\n   * passes a tighter value so it fails fast within the hub's 10s budget.\n   */\n  connectTimeoutMs?: number\n}\n\nexport interface ImapFolderState {\n  uidValidity?: number\n  uidNext?: number\n  exists?: number\n}\n\nexport interface ImapFetchedMessage {\n  uid: number\n  rawBody: Buffer\n  /** Server-reported INTERNALDATE \u2014 fallback when MIME date headers are missing. */\n  internalDate?: Date\n  /** Server flags (`\\Seen`, `\\Answered`, \u2026). */\n  flags?: string[]\n}\n\nexport interface ImapClient {\n  connectAndValidate(options: ImapConnectionOptions): Promise<{ capabilities: string[] }>\n  selectInbox(\n    options: ImapConnectionOptions,\n  ): Promise<ImapFolderState>\n  fetchUidRange(\n    options: ImapConnectionOptions,\n    range: string,\n    opts?: { limit?: number },\n  ): Promise<ImapFetchedMessage[]>\n  /**\n   * Run an IMAP `SEARCH` (with `UID` flag) and return matching UIDs.\n   * Supports `OR FROM` chaining (server-side sender filter) and `SINCE` date\n   * narrowing. Used by the inbound poll path to avoid pulling the entire\n   * mailbox when the hub only cares about messages from known CRM contacts.\n   *\n   * `fromAddresses` is OR'd: `OR FROM \"a@x.com\" OR FROM \"b@y.com\" FROM \"c@z.com\"`.\n   * `sinceDate` is formatted as IMAP date (`DD-Mon-YYYY`) for the SINCE clause.\n   * Returns UIDs in mailbox order (typically ascending). Empty array = no match.\n   */\n  searchUidsByFromAndSince(\n    options: ImapConnectionOptions,\n    criteria: { fromAddresses?: string[]; sinceDate?: Date },\n  ): Promise<number[]>\n  appendSent(\n    options: ImapConnectionOptions,\n    rawMessage: Buffer,\n  ): Promise<void>\n}\n\n/**\n * Default IMAP client backed by `imapflow`. Imported lazily so test environments\n * that don't install `imapflow` (the unit tests use a hand-rolled mock) keep working.\n */\nclass ImapflowClient implements ImapClient {\n  private async openConnection(options: ImapConnectionOptions): Promise<ImapflowConnection> {\n    const { ImapFlow } = await loadImapFlow()\n    // Resolve + pin the host to a validated public IP at connect time, so a\n    // hostname that (re)resolves to an internal address can't be abused for\n    // SSRF. We dial the IP but keep the hostname as the TLS servername so SNI +\n    // certificate hostname verification still target the real host.\n    const pinned = await resolveSafeHostAddress(options.host)\n    const client = new ImapFlow({\n      host: pinned.host,\n      port: options.port,\n      secure: options.transport === 'tls',\n      auth: { user: options.user, pass: options.pass },\n      // Enforce certificate verification on every encrypted transport (implicit\n      // TLS and STARTTLS). Only cleartext ('none', gated behind an env opt-in)\n      // omits the TLS options. Mirrors the SMTP client so an upstream default\n      // change can't silently disable cert checks.\n      tls:\n        options.transport === 'none'\n          ? undefined\n          : { rejectUnauthorized: true, ...(pinned.servername ? { servername: pinned.servername } : {}) },\n      logger: false,\n      // Gmail's IMAP can take 15-30s to respond to NAMESPACE under load even\n      // after a successful AUTHENTICATE \u2014 observed during demo with valid\n      // credentials and clean TLS. A 10s socket timeout aborts the command\n      // mid-stream and surfaces as \"NoConnection\"/\"Unexpected close\" to the\n      // worker, which then marks the channel as 'error'. 60s is enough for\n      // any reasonable IMAP server while still bailing on truly dead hosts.\n      socketTimeout: options.timeoutMs ?? 60_000,\n      // Initial TCP+TLS handshake is usually fast; cap at 15s so a non-responsive\n      // host bails before the UI flow stalls. Greeting can be slow on some\n      // providers (Gmail occasionally takes 5-10s), so allow 15s there too.\n      connectionTimeout: options.connectTimeoutMs ?? 15_000,\n      greetingTimeout: options.connectTimeoutMs ?? 15_000,\n    } as Record<string, unknown>)\n    // Attach a defensive 'error' listener so tcp-level errors emitted on the\n    // EventEmitter (e.g. socket reset during an idle lock) don't crash the\n    // Node process via `unhandledError`. The error still bubbles up through\n    // the awaited operation; the listener exists purely to satisfy Node's\n    // EventEmitter contract.\n    const eventClient = client as unknown as { on?: (event: string, listener: (err: unknown) => void) => void }\n    if (typeof eventClient.on === 'function') {\n      eventClient.on('error', () => {\n        // Swallow \u2014 surfaced to the caller via the awaited promise.\n      })\n    }\n    await client.connect()\n    if (options.transport === 'starttls') {\n      // Verify STARTTLS actually upgraded the connection. ImapFlow exposes the\n      // negotiated state via `secureConnection` (true after STARTTLS) \u2014 refuse\n      // to proceed if the server didn't advertise it.\n      const secured = (client as unknown as { secureConnection?: boolean }).secureConnection === true\n      if (!secured) {\n        await client.logout().catch(() => undefined)\n        throw new Error(\n          'IMAP server did not advertise STARTTLS \u2014 cannot authenticate over cleartext. Switch transport to tls (port 993) or contact the mailbox provider.',\n        )\n      }\n    }\n    return client\n  }\n\n  async connectAndValidate(options: ImapConnectionOptions): Promise<{ capabilities: string[] }> {\n    const client = await this.openConnection(options)\n    try {\n      // imapflow exposes capabilities as a `Map<string, boolean | string>` \u2014\n      // iterating yields `[key, value]` tuples which break `.map(String)`.\n      // Read the keys explicitly so consumers get the capability names.\n      const capabilityKeys = extractCapabilityKeys(client)\n      return { capabilities: capabilityKeys }\n    } finally {\n      await client.logout().catch(() => undefined)\n    }\n  }\n\n  async selectInbox(options: ImapConnectionOptions): Promise<ImapFolderState> {\n    const client = await this.openConnection(options)\n    try {\n      const lock = await client.getMailboxLock('INBOX')\n      try {\n        const mailbox = client.mailbox as { uidValidity?: number | bigint; uidNext?: number | bigint; exists?: number } | null\n        if (!mailbox) return {}\n        return {\n          uidValidity: typeof mailbox.uidValidity === 'bigint' ? Number(mailbox.uidValidity) : mailbox.uidValidity,\n          uidNext: typeof mailbox.uidNext === 'bigint' ? Number(mailbox.uidNext) : mailbox.uidNext,\n          exists: mailbox.exists,\n        }\n      } finally {\n        lock.release()\n      }\n    } finally {\n      await client.logout().catch(() => undefined)\n    }\n  }\n\n  async fetchUidRange(\n    options: ImapConnectionOptions,\n    range: string,\n    opts: { limit?: number } = {},\n  ): Promise<ImapFetchedMessage[]> {\n    const client = await this.openConnection(options)\n    const out: ImapFetchedMessage[] = []\n    try {\n      const lock = await client.getMailboxLock('INBOX')\n      try {\n        // `{ uid: true }` as the THIRD arg (FetchOptions) makes imapflow treat\n        // `range` as a UID range. Without it the range is read as message-sequence\n        // numbers, and a sequence range like \"200:*\" collapses to the single newest\n        // message (\"*\") \u2014 so each poll would fetch only the latest mail and silently\n        // skip every other message that arrived in the same gap. The `uid: true` in\n        // the SECOND arg (FetchQueryObject) is unrelated: it only asks to include the\n        // UID field in each response row.\n        const iterator = client.fetch(\n          range,\n          { uid: true, source: true, internalDate: true, flags: true },\n          { uid: true },\n        )\n        for await (const message of iterator) {\n          if (!message.source) continue\n          out.push({\n            uid: Number(message.uid),\n            rawBody: Buffer.isBuffer(message.source) ? message.source : Buffer.from(message.source),\n            internalDate: message.internalDate ? new Date(message.internalDate) : undefined,\n            flags: message.flags ? Array.from(message.flags as Iterable<string>) : undefined,\n          })\n          if (opts.limit && out.length >= opts.limit) break\n        }\n      } finally {\n        lock.release()\n      }\n    } finally {\n      await client.logout().catch(() => undefined)\n    }\n    return out\n  }\n\n  async searchUidsByFromAndSince(\n    options: ImapConnectionOptions,\n    criteria: { fromAddresses?: string[]; sinceDate?: Date },\n  ): Promise<number[]> {\n    const client = await this.openConnection(options)\n    try {\n      const lock = await client.getMailboxLock('INBOX')\n      try {\n        // imapflow's search() takes a SearchQuery object. We construct one that\n        // mirrors `SEARCH (OR FROM ... FROM ...) SINCE DD-Mon-YYYY` using its\n        // documented shapes:\n        //   - `from` accepts a single string; for multiple we use `or: [{from}, {from}]`\n        //     (recursive \u2014 imapflow flattens to `OR (FROM a) (FROM b)` IMAP syntax).\n        //   - `since` accepts a Date and imapflow formats as `SINCE DD-Mon-YYYY`.\n        const query: Record<string, unknown> = {}\n        const addresses = (criteria.fromAddresses ?? [])\n          .map((s) => (typeof s === 'string' ? s.trim() : ''))\n          .filter((s) => s.length > 0)\n        if (addresses.length === 1) {\n          query.from = addresses[0]\n        } else if (addresses.length > 1) {\n          // Build nested OR: imapflow's `or` field expects an array of SearchQuery\n          // objects. With 2 entries: `OR (FROM a) (FROM b)`. With N > 2 entries\n          // we chain right-associatively: `OR (FROM a) (OR (FROM b) (FROM c) ...)`.\n          let acc: Record<string, unknown> = { from: addresses[addresses.length - 1] }\n          for (let i = addresses.length - 2; i >= 0; i--) {\n            acc = { or: [{ from: addresses[i] }, acc] }\n          }\n          Object.assign(query, acc)\n        }\n        if (criteria.sinceDate instanceof Date && !Number.isNaN(criteria.sinceDate.getTime())) {\n          query.since = criteria.sinceDate\n        }\n        if (Object.keys(query).length === 0) return []\n\n        const searchFn = (client as unknown as {\n          search?: (q: Record<string, unknown>, opts?: { uid?: boolean }) => Promise<Array<number | bigint> | false>\n        }).search\n        if (typeof searchFn !== 'function') return []\n        const raw = await searchFn.call(client, query, { uid: true })\n        if (raw === false || !Array.isArray(raw)) return []\n        return raw.map((u) => (typeof u === 'bigint' ? Number(u) : u)).filter((u) => Number.isFinite(u))\n      } finally {\n        lock.release()\n      }\n    } finally {\n      await client.logout().catch(() => undefined)\n    }\n  }\n\n  async appendSent(options: ImapConnectionOptions, rawMessage: Buffer): Promise<void> {\n    const client = await this.openConnection(options)\n    try {\n      const sentMailbox = await resolveSentMailbox(client)\n      await client.append(sentMailbox, rawMessage, ['\\\\Seen'])\n    } finally {\n      await client.logout().catch(() => undefined)\n    }\n  }\n}\n\n/**\n * Pick the server's Sent folder from a `LIST` response. Providers expose it\n * under different paths ('[Gmail]/Sent Mail', localized names, \u2026) so we match\n * the RFC 6154 SPECIAL-USE `\\Sent` attribute rather than assuming 'Sent'.\n */\nexport function pickSentMailbox(\n  mailboxes: Array<{ path?: string; specialUse?: string }> | null | undefined,\n): string {\n  if (Array.isArray(mailboxes)) {\n    const sent = mailboxes.find(\n      (mailbox) =>\n        mailbox?.specialUse === '\\\\Sent' && typeof mailbox.path === 'string' && mailbox.path.length > 0,\n    )\n    if (sent?.path) return sent.path\n  }\n  return 'Sent'\n}\n\nasync function resolveSentMailbox(client: ImapflowConnection): Promise<string> {\n  // Discover the real Sent folder via SPECIAL-USE; fall back to the conventional\n  // 'Sent' when listing is unsupported or no \\Sent mailbox is advertised.\n  try {\n    const mailboxes = typeof client.list === 'function' ? await client.list() : undefined\n    return pickSentMailbox(mailboxes)\n  } catch {\n    // LIST failed (server quirk / transient) \u2014 fall back to the conventional folder.\n    return 'Sent'\n  }\n}\n\nfunction extractCapabilityKeys(client: ImapflowConnection): string[] {\n  // imapflow's `client.capabilities` is a `Map<string, boolean | string>`\n  // (see imapflow/lib/imap-flow.js \u2014 `this.capabilities = new Map()`). The\n  // legacy `serverInfo?.capability` (set by the ID response) may be an\n  // iterable of strings; prefer it when present, otherwise read the Map keys.\n  const fromServerInfo = client.serverInfo?.capability\n  if (fromServerInfo) {\n    return Array.from(fromServerInfo).map((value) => String(value).toUpperCase())\n  }\n  const caps = client.capabilities\n  if (!caps) return []\n  if (caps instanceof Map) {\n    return Array.from(caps.keys()).map((value) => String(value).toUpperCase())\n  }\n  // Fallback for non-Map iterables (test mocks).\n  return Array.from(caps as Iterable<string>).map((value) => String(value).toUpperCase())\n}\n\ninterface ImapflowConnection {\n  serverInfo?: { capability?: Iterable<string> }\n  capabilities?: Iterable<string> | Map<string, unknown>\n  mailbox: unknown\n  connect(): Promise<void>\n  logout(): Promise<void>\n  getMailboxLock(name: string): Promise<{ release(): void }>\n  fetch(range: string, query: Record<string, unknown>, options?: Record<string, unknown>): AsyncIterable<{ uid: number; source?: Buffer | string; internalDate?: Date | string; flags?: Iterable<string> }>\n  append(mailbox: string, rawMessage: Buffer, flags?: string[]): Promise<void>\n  list?(): Promise<Array<{ path?: string; specialUse?: string }>>\n}\n\nasync function loadImapFlow(): Promise<{ ImapFlow: new (options: Record<string, unknown>) => ImapflowConnection }> {\n  // Dynamic import so unit tests that mock the client don't require `imapflow` installed.\n  const mod = (await import('imapflow')) as unknown as { ImapFlow: new (options: Record<string, unknown>) => ImapflowConnection }\n  return { ImapFlow: mod.ImapFlow }\n}\n\nlet cachedClient: ImapClient | null = null\n\nexport function getImapClient(): ImapClient {\n  if (!cachedClient) cachedClient = new ImapflowClient()\n  return cachedClient\n}\n\n/**\n * Test-only hook to swap the default IMAP client with a mock implementation.\n * Production code never calls this.\n */\nexport function setImapClient(client: ImapClient | null): void {\n  cachedClient = client\n}\n\nexport function credentialsToConnection(credentials: ImapCredentials): ImapConnectionOptions {\n  assertTransportAllowed(credentials)\n  const timeoutMs = resolveSocketTimeoutMs()\n  return {\n    host: credentials.imapHost,\n    port: Number(credentials.imapPort),\n    user: credentials.imapUser,\n    pass: credentials.imapPassword,\n    transport: credentials.imapTls,\n    ...(timeoutMs !== undefined ? { timeoutMs } : {}),\n  }\n}\n\n/**\n * Operator override for the IMAP socket timeout. Defaults (when unset/invalid)\n * to `undefined` so the client falls back to its 60s default; the previous 10s\n * flaked under real-world IMAP latency. Spec \u00A7 Configuration documents this knob.\n */\nfunction resolveSocketTimeoutMs(): number | undefined {\n  const raw = Number.parseInt(process.env.OM_CHANNEL_IMAP_SOCKET_TIMEOUT_MS ?? '', 10)\n  return Number.isFinite(raw) && raw > 0 ? raw : undefined\n}\n"],
+  "mappings": "AACA,SAAS,8BAA8B;AACvC,SAAS,8BAA8B;AAgFvC,MAAM,eAAqC;AAAA,EACzC,MAAc,eAAe,SAA6D;AACxF,UAAM,EAAE,SAAS,IAAI,MAAM,aAAa;AAKxC,UAAM,SAAS,MAAM,uBAAuB,QAAQ,IAAI;AACxD,UAAM,SAAS,IAAI,SAAS;AAAA,MAC1B,MAAM,OAAO;AAAA,MACb,MAAM,QAAQ;AAAA,MACd,QAAQ,QAAQ,cAAc;AAAA,MAC9B,MAAM,EAAE,MAAM,QAAQ,MAAM,MAAM,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,MAK/C,KACE,QAAQ,cAAc,SAClB,SACA,EAAE,oBAAoB,MAAM,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,WAAW,IAAI,CAAC,EAAG;AAAA,MAClG,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAOR,eAAe,QAAQ,aAAa;AAAA;AAAA;AAAA;AAAA,MAIpC,mBAAmB,QAAQ,oBAAoB;AAAA,MAC/C,iBAAiB,QAAQ,oBAAoB;AAAA,IAC/C,CAA4B;AAM5B,UAAM,cAAc;AACpB,QAAI,OAAO,YAAY,OAAO,YAAY;AACxC,kBAAY,GAAG,SAAS,MAAM;AAAA,MAE9B,CAAC;AAAA,IACH;AACA,UAAM,OAAO,QAAQ;AACrB,QAAI,QAAQ,cAAc,YAAY;AAIpC,YAAM,UAAW,OAAqD,qBAAqB;AAC3F,UAAI,CAAC,SAAS;AACZ,cAAM,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAC3C,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,SAAqE;AAC5F,UAAM,SAAS,MAAM,KAAK,eAAe,OAAO;AAChD,QAAI;AAIF,YAAM,iBAAiB,sBAAsB,MAAM;AACnD,aAAO,EAAE,cAAc,eAAe;AAAA,IACxC,UAAE;AACA,YAAM,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAAA,IAC7C;AAAA,EACF;AAAA,EAEA,MAAM,YAAY,SAA0D;AAC1E,UAAM,SAAS,MAAM,KAAK,eAAe,OAAO;AAChD,QAAI;AACF,YAAM,OAAO,MAAM,OAAO,eAAe,OAAO;AAChD,UAAI;AACF,cAAM,UAAU,OAAO;AACvB,YAAI,CAAC,QAAS,QAAO,CAAC;AACtB,eAAO;AAAA,UACL,aAAa,OAAO,QAAQ,gBAAgB,WAAW,OAAO,QAAQ,WAAW,IAAI,QAAQ;AAAA,UAC7F,SAAS,OAAO,QAAQ,YAAY,WAAW,OAAO,QAAQ,OAAO,IAAI,QAAQ;AAAA,UACjF,QAAQ,QAAQ;AAAA,QAClB;AAAA,MACF,UAAE;AACA,aAAK,QAAQ;AAAA,MACf;AAAA,IACF,UAAE;AACA,YAAM,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAAA,IAC7C;AAAA,EACF;AAAA,EAEA,MAAM,cACJ,SACA,OACA,OAA2B,CAAC,GACG;AAC/B,UAAM,SAAS,MAAM,KAAK,eAAe,OAAO;AAChD,UAAM,MAA4B,CAAC;AACnC,QAAI;AACF,YAAM,OAAO,MAAM,OAAO,eAAe,OAAO;AAChD,UAAI;AAQF,cAAM,WAAW,OAAO;AAAA,UACtB;AAAA,UACA,EAAE,KAAK,MAAM,QAAQ,MAAM,cAAc,MAAM,OAAO,KAAK;AAAA,UAC3D,EAAE,KAAK,KAAK;AAAA,QACd;AACA,yBAAiB,WAAW,UAAU;AACpC,cAAI,CAAC,QAAQ,OAAQ;AACrB,cAAI,KAAK;AAAA,YACP,KAAK,OAAO,QAAQ,GAAG;AAAA,YACvB,SAAS,OAAO,SAAS,QAAQ,MAAM,IAAI,QAAQ,SAAS,OAAO,KAAK,QAAQ,MAAM;AAAA,YACtF,cAAc,QAAQ,eAAe,IAAI,KAAK,QAAQ,YAAY,IAAI;AAAA,YACtE,OAAO,QAAQ,QAAQ,MAAM,KAAK,QAAQ,KAAyB,IAAI;AAAA,UACzE,CAAC;AACD,cAAI,KAAK,SAAS,IAAI,UAAU,KAAK,MAAO;AAAA,QAC9C;AAAA,MACF,UAAE;AACA,aAAK,QAAQ;AAAA,MACf;AAAA,IACF,UAAE;AACA,YAAM,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAAA,IAC7C;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,yBACJ,SACA,UACmB;AACnB,UAAM,SAAS,MAAM,KAAK,eAAe,OAAO;AAChD,QAAI;AACF,YAAM,OAAO,MAAM,OAAO,eAAe,OAAO;AAChD,UAAI;AAOF,cAAM,QAAiC,CAAC;AACxC,cAAM,aAAa,SAAS,iBAAiB,CAAC,GAC3C,IAAI,CAAC,MAAO,OAAO,MAAM,WAAW,EAAE,KAAK,IAAI,EAAG,EAClD,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;AAC7B,YAAI,UAAU,WAAW,GAAG;AAC1B,gBAAM,OAAO,UAAU,CAAC;AAAA,QAC1B,WAAW,UAAU,SAAS,GAAG;AAI/B,cAAI,MAA+B,EAAE,MAAM,UAAU,UAAU,SAAS,CAAC,EAAE;AAC3E,mBAAS,IAAI,UAAU,SAAS,GAAG,KAAK,GAAG,KAAK;AAC9C,kBAAM,EAAE,IAAI,CAAC,EAAE,MAAM,UAAU,CAAC,EAAE,GAAG,GAAG,EAAE;AAAA,UAC5C;AACA,iBAAO,OAAO,OAAO,GAAG;AAAA,QAC1B;AACA,YAAI,SAAS,qBAAqB,QAAQ,CAAC,OAAO,MAAM,SAAS,UAAU,QAAQ,CAAC,GAAG;AACrF,gBAAM,QAAQ,SAAS;AAAA,QACzB;AACA,YAAI,OAAO,KAAK,KAAK,EAAE,WAAW,EAAG,QAAO,CAAC;AAE7C,cAAM,WAAY,OAEf;AACH,YAAI,OAAO,aAAa,WAAY,QAAO,CAAC;AAC5C,cAAM,MAAM,MAAM,SAAS,KAAK,QAAQ,OAAO,EAAE,KAAK,KAAK,CAAC;AAC5D,YAAI,QAAQ,SAAS,CAAC,MAAM,QAAQ,GAAG,EAAG,QAAO,CAAC;AAClD,eAAO,IAAI,IAAI,CAAC,MAAO,OAAO,MAAM,WAAW,OAAO,CAAC,IAAI,CAAE,EAAE,OAAO,CAAC,MAAM,OAAO,SAAS,CAAC,CAAC;AAAA,MACjG,UAAE;AACA,aAAK,QAAQ;AAAA,MACf;AAAA,IACF,UAAE;AACA,YAAM,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAAA,IAC7C;AAAA,EACF;AAAA,EAEA,MAAM,WAAW,SAAgC,YAAmC;AAClF,UAAM,SAAS,MAAM,KAAK,eAAe,OAAO;AAChD,QAAI;AACF,YAAM,cAAc,MAAM,mBAAmB,MAAM;AACnD,YAAM,OAAO,OAAO,aAAa,YAAY,CAAC,QAAQ,CAAC;AAAA,IACzD,UAAE;AACA,YAAM,OAAO,OAAO,EAAE,MAAM,MAAM,MAAS;AAAA,IAC7C;AAAA,EACF;AACF;AAOO,SAAS,gBACd,WACQ;AACR,MAAI,MAAM,QAAQ,SAAS,GAAG;AAC5B,UAAM,OAAO,UAAU;AAAA,MACrB,CAAC,YACC,SAAS,eAAe,YAAY,OAAO,QAAQ,SAAS,YAAY,QAAQ,KAAK,SAAS;AAAA,IAClG;AACA,QAAI,MAAM,KAAM,QAAO,KAAK;AAAA,EAC9B;AACA,SAAO;AACT;AAEA,eAAe,mBAAmB,QAA6C;AAG7E,MAAI;AACF,UAAM,YAAY,OAAO,OAAO,SAAS,aAAa,MAAM,OAAO,KAAK,IAAI;AAC5E,WAAO,gBAAgB,SAAS;AAAA,EAClC,QAAQ;AAEN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,sBAAsB,QAAsC;AAKnE,QAAM,iBAAiB,OAAO,YAAY;AAC1C,MAAI,gBAAgB;AAClB,WAAO,MAAM,KAAK,cAAc,EAAE,IAAI,CAAC,UAAU,OAAO,KAAK,EAAE,YAAY,CAAC;AAAA,EAC9E;AACA,QAAM,OAAO,OAAO;AACpB,MAAI,CAAC,KAAM,QAAO,CAAC;AACnB,MAAI,gBAAgB,KAAK;AACvB,WAAO,MAAM,KAAK,KAAK,KAAK,CAAC,EAAE,IAAI,CAAC,UAAU,OAAO,KAAK,EAAE,YAAY,CAAC;AAAA,EAC3E;AAEA,SAAO,MAAM,KAAK,IAAwB,EAAE,IAAI,CAAC,UAAU,OAAO,KAAK,EAAE,YAAY,CAAC;AACxF;AAcA,eAAe,eAAoG;AAEjH,QAAM,MAAO,MAAM,OAAO,UAAU;AACpC,SAAO,EAAE,UAAU,IAAI,SAAS;AAClC;AAEA,IAAI,eAAkC;AAE/B,SAAS,gBAA4B;AAC1C,MAAI,CAAC,aAAc,gBAAe,IAAI,eAAe;AACrD,SAAO;AACT;AAMO,SAAS,cAAc,QAAiC;AAC7D,iBAAe;AACjB;AAEO,SAAS,wBAAwB,aAAqD;AAC3F,yBAAuB,WAAW;AAClC,QAAM,YAAY,uBAAuB;AACzC,SAAO;AAAA,IACL,MAAM,YAAY;AAAA,IAClB,MAAM,OAAO,YAAY,QAAQ;AAAA,IACjC,MAAM,YAAY;AAAA,IAClB,MAAM,YAAY;AAAA,IAClB,WAAW,YAAY;AAAA,IACvB,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,EACjD;AACF;AAOA,SAAS,yBAA6C;AACpD,QAAM,MAAM,OAAO,SAAS,QAAQ,IAAI,qCAAqC,IAAI,EAAE;AACnF,SAAO,OAAO,SAAS,GAAG,KAAK,MAAM,IAAI,MAAM;AACjD;",
+  "names": []
+}

package/dist/modules/channel_imap/lib/normalize-inbound.js ADDED Viewed

@@ -0,0 +1,19 @@
+import {
+  normalizeMimeInbound
+} from "@open-mercato/core/modules/communication_channels/lib/email-mime";
+async function normalizeInboundImapMessage(options) {
+  const mailparser = await import("mailparser");
+  const parsed = await mailparser.simpleParser(options.rawMessage);
+  return normalizeMimeInbound({
+    parsed,
+    accountIdentifier: options.accountIdentifier,
+    fallbackMessageId: `imap:${options.uid ?? "unknown"}@${options.accountIdentifier}`,
+    resolveConversationId: ({ messageId, references }) => references[0] ?? messageId,
+    fallbackDate: options.fallbackDate,
+    channelMetadata: () => ({ uid: options.uid })
+  });
+}
+export {
+  normalizeInboundImapMessage
+};
+//# sourceMappingURL=normalize-inbound.js.map

package/dist/modules/channel_imap/lib/normalize-inbound.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/channel_imap/lib/normalize-inbound.ts"],
+  "sourcesContent": ["import type { NormalizedInboundMessage } from '@open-mercato/core/modules/communication_channels/lib/adapter'\nimport {\n  normalizeMimeInbound,\n  type ParsedMail,\n} from '@open-mercato/core/modules/communication_channels/lib/email-mime'\n\n/**\n * Convert a raw RFC2822 MIME buffer (delivered by IMAP fetch) to the hub's\n * canonical `NormalizedInboundMessage`. Parses with `mailparser`, then delegates\n * threading / attachments / headers to the shared `normalizeMimeInbound` helper.\n *\n * Threading:\n *   - `externalMessageId`     := MIME `Message-ID` header (RFC2822). Required by\n *     IMAP/SMTP; if missing we fall back to `imap:<uid>@<account>` so downstream\n *     idempotency still has a deterministic key.\n *   - `replyToExternalId`     := `In-Reply-To` header (single value).\n *   - `externalConversationId` := the root of the References chain when present,\n *     otherwise the message id itself (single-message thread).\n */\n\nexport interface NormalizeInboundOptions {\n  rawMessage: Buffer\n  /** UID from the IMAP fetch \u2014 embedded into `channelMetadata.uid` for diagnostics. */\n  uid?: number\n  /** External identifier of the receiving channel (typically the account's email). */\n  accountIdentifier: string\n  /** Fallback timestamp if the parsed message has no Date header. */\n  fallbackDate?: Date\n}\n\nexport async function normalizeInboundImapMessage(\n  options: NormalizeInboundOptions,\n): Promise<NormalizedInboundMessage> {\n  const mailparser = (await import('mailparser')) as unknown as {\n    simpleParser: (buf: Buffer | string) => Promise<ParsedMail>\n  }\n  const parsed = await mailparser.simpleParser(options.rawMessage)\n\n  return normalizeMimeInbound({\n    parsed,\n    accountIdentifier: options.accountIdentifier,\n    fallbackMessageId: `imap:${options.uid ?? 'unknown'}@${options.accountIdentifier}`,\n    resolveConversationId: ({ messageId, references }) => references[0] ?? messageId,\n    fallbackDate: options.fallbackDate,\n    channelMetadata: () => ({ uid: options.uid }),\n  })\n}\n"],
+  "mappings": "AACA;AAAA,EACE;AAAA,OAEK;AA0BP,eAAsB,4BACpB,SACmC;AACnC,QAAM,aAAc,MAAM,OAAO,YAAY;AAG7C,QAAM,SAAS,MAAM,WAAW,aAAa,QAAQ,UAAU;AAE/D,SAAO,qBAAqB;AAAA,IAC1B;AAAA,IACA,mBAAmB,QAAQ;AAAA,IAC3B,mBAAmB,QAAQ,QAAQ,OAAO,SAAS,IAAI,QAAQ,iBAAiB;AAAA,IAChF,uBAAuB,CAAC,EAAE,WAAW,WAAW,MAAM,WAAW,CAAC,KAAK;AAAA,IACvE,cAAc,QAAQ;AAAA,IACtB,iBAAiB,OAAO,EAAE,KAAK,QAAQ,IAAI;AAAA,EAC7C,CAAC;AACH;",
+  "names": []
+}

package/dist/modules/channel_imap/lib/smtp-client.js ADDED Viewed

@@ -0,0 +1,113 @@
+import { resolveSafeHostAddress } from "./host-pinning.js";
+import { assertTransportAllowed } from "./transport.js";
+class NodemailerClient {
+  async verify(options) {
+    const { transporter } = await this.createTransporter(options);
+    try {
+      await transporter.verify();
+    } finally {
+      transporter.close();
+    }
+  }
+  async send(options, message) {
+    const { transporter, MailComposer } = await this.createTransporter(options);
+    try {
+      const mailOptions = {
+        from: message.from,
+        to: message.to,
+        cc: message.cc,
+        bcc: message.bcc,
+        subject: message.subject,
+        text: message.text,
+        html: message.html,
+        messageId: message.messageId,
+        inReplyTo: message.inReplyTo,
+        references: message.references,
+        attachments: message.attachments?.map((a) => ({
+          filename: a.filename,
+          content: a.content,
+          contentType: a.contentType,
+          cid: a.cid,
+          contentDisposition: a.inline ? "inline" : "attachment"
+        })),
+        headers: message.headers
+      };
+      let raw = Buffer.alloc(0);
+      let composedMessageId = message.messageId;
+      if (typeof MailComposer === "function") {
+        try {
+          const composed = new MailComposer(mailOptions);
+          const compiled = composed.compile();
+          raw = await new Promise((resolve, reject) => {
+            compiled.build((err, output) => {
+              if (err) reject(err);
+              else resolve(output);
+            });
+          });
+          const messageIdFn = compiled.messageId;
+          if (typeof messageIdFn === "function") {
+            composedMessageId = messageIdFn.call(compiled) ?? composedMessageId;
+          }
+        } catch (composeError) {
+          raw = Buffer.alloc(0);
+          console.warn(
+            "[internal] channel_imap: failed to build RFC2822 bytes for Sent-folder append:",
+            composeError instanceof Error ? composeError.message : composeError
+          );
+        }
+      }
+      const info = await transporter.sendMail(mailOptions);
+      const id = info.messageId ?? composedMessageId ?? info.envelope?.messageId;
+      if (!id) throw new Error("[internal] SMTP server did not return a Message-ID");
+      return { messageId: id, raw, response: info.response };
+    } finally {
+      transporter.close();
+    }
+  }
+  async createTransporter(options) {
+    const mod = await import("nodemailer");
+    const createTransport = mod.createTransport ?? mod.default?.createTransport;
+    if (typeof createTransport !== "function") {
+      throw new Error("nodemailer.createTransport is unavailable");
+    }
+    const MailComposer = mod.MailComposer ?? mod.default?.MailComposer;
+    const pinned = await resolveSafeHostAddress(options.host);
+    const transporter = createTransport({
+      host: pinned.host,
+      port: options.port,
+      secure: options.transport === "tls",
+      requireTLS: options.transport === "starttls",
+      auth: { user: options.user, pass: options.pass },
+      connectionTimeout: options.timeoutMs ?? 1e4,
+      // Reject downgrade attacks: only allow cleartext when the operator
+      // explicitly opts into `transport: 'none'`. Even then, refuse to skip
+      // certificate verification on STARTTLS / TLS.
+      tls: options.transport === "none" ? void 0 : { rejectUnauthorized: true, ...pinned.servername ? { servername: pinned.servername } : {} }
+    });
+    return { transporter, MailComposer };
+  }
+}
+let cachedClient = null;
+function getSmtpClient() {
+  if (!cachedClient) cachedClient = new NodemailerClient();
+  return cachedClient;
+}
+function setSmtpClient(client) {
+  cachedClient = client;
+}
+function credentialsToSmtpConnection(credentials) {
+  assertTransportAllowed(credentials);
+  return {
+    host: credentials.smtpHost,
+    port: Number(credentials.smtpPort),
+    user: credentials.smtpUser,
+    pass: credentials.smtpPassword,
+    transport: credentials.smtpTls
+  };
+}
+export {
+  credentialsToSmtpConnection,
+  getSmtpClient,
+  setSmtpClient
+};
+//# sourceMappingURL=smtp-client.js.map