@ouro.bot/cli 0.1.0-alpha.450 → 0.1.0-alpha.452

package/changelog.json

@@ -1,6 +1,22 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.452",
+      "changes": [
+        "`ouro doctor` now checks the canonical bundle-local daemon log directory for each agent instead of the obsolete `~/.ouro-cli/logs` path.",
+        "Disk health output now names the owning agent for daemon log-size checks, so humans and agents can connect the warning directly to the right bundle and `ouro logs prune` target.",
+        "Doctor coverage now locks the bundle-local log path, missing-log-dir warning, and per-agent log-size thresholds."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.451",
+      "changes": [
+        "Agent Mail is now a first-class sense: agent identity, prompt truth, status/doctor surfaces, friend channel capabilities, and the base tool registry all understand `mail` alongside CLI, Teams, and BlueBubbles.",
+        "`ouro connect mail --agent <agent>` provisions a vault-coupled Mailroom identity with private mail keys stored in the agent vault, a non-secret bundle registry, a canonical `@ouro.bot` mailbox, and delegated source aliases such as HEY shadow imbox addresses.",
+        "The Mailroom substrate can accept SMTP, screen unknown recipients, import MBOX exports, store encrypted message/raw payloads in file or Azure Blob backends, and expose bounded read/audit tools for agents to read mail as mail."
+      ]
+    },
     {
       "version": "0.1.0-alpha.450",
       "changes": [

package/dist/heart/daemon/cli-exec.js

@@ -79,6 +79,9 @@ const provider_models_1 = require("../provider-models");
 const ouro_version_manager_1 = require("../versioning/ouro-version-manager");
 const update_checker_1 = require("../versioning/update-checker");
 const sync_1 = require("../sync");
+const core_1 = require("../../mailroom/core");
+const file_store_1 = require("../../mailroom/file-store");
+const mbox_import_1 = require("../../mailroom/mbox-import");
 const cli_parse_1 = require("./cli-parse");
 const cli_parse_2 = require("./cli-parse");
 const cli_help_1 = require("./cli-help");
@@ -323,6 +326,7 @@ function agentResolutionFailureMode(command) {
         case "vault.config.set":
         case "vault.config.status":
         case "connect":
+        case "mail.import-mbox":
         case "auth.run":
         case "auth.verify":
         case "auth.switch":
@@ -2030,6 +2034,8 @@ function enableAgentSense(agent, sense, deps) {
         ...senses,
         cli: senses.cli ?? { enabled: true },
         teams: senses.teams ?? { enabled: false },
+        bluebubbles: senses.bluebubbles ?? { enabled: false },
+        mail: senses.mail ?? { enabled: false },
         [sense]: { ...existing, enabled: true },
     };
     fs.writeFileSync(configPath, `${JSON.stringify(raw, null, 2)}\n`, "utf-8");
@@ -2044,6 +2050,7 @@ function readConnectBaySenseFlags(agent, deps) {
     return {
         teamsEnabled: parsed.senses?.teams?.enabled === true,
         blueBubblesEnabled: parsed.senses?.bluebubbles?.enabled === true,
+        mailEnabled: parsed.senses?.mail?.enabled === true,
     };
 }
 async function buildConnectMenu(agent, deps, onProgress) {
@@ -2073,7 +2080,7 @@ async function buildConnectMenu(agent, deps, onProgress) {
     const runtimeConfig = await (0, runtime_credentials_1.refreshRuntimeCredentialConfig)(agent, { preserveCachedOnFailure: true });
     onProgress?.("loading this machine's settings");
     const machineRuntime = await (0, runtime_credentials_1.refreshMachineRuntimeCredentialConfig)(agent, currentMachineId(deps), { preserveCachedOnFailure: true });
-    const { teamsEnabled, blueBubblesEnabled } = readConnectBaySenseFlags(agent, deps);
+    const { teamsEnabled, blueBubblesEnabled, mailEnabled } = readConnectBaySenseFlags(agent, deps);
     const perplexityApiKey = runtimeConfig.ok
         ? readRuntimeConfigString(runtimeConfig.config, "integrations.perplexityApiKey")
         : null;
@@ -2150,6 +2157,18 @@ async function buildConnectMenu(agent, deps, onProgress) {
             ? "attached"
             : "not attached"
         : machineRuntimeReadStatus(machineRuntime);
+    const mailroomConfig = runtimeConfig.ok && runtimeConfig.config.mailroom && typeof runtimeConfig.config.mailroom === "object" && !Array.isArray(runtimeConfig.config.mailroom)
+        ? runtimeConfig.config.mailroom
+        : {};
+    const mailPrivateKeys = mailroomConfig.privateKeys;
+    const hasMailPrivateKeys = !!mailPrivateKeys && typeof mailPrivateKeys === "object" && !Array.isArray(mailPrivateKeys) && Object.values(mailPrivateKeys).some((value) => typeof value === "string" && value.trim().length > 0);
+    const mailStatus = runtimeConfig.ok
+        ? hasRuntimeConfigValue(runtimeConfig.config, "mailroom.mailboxAddress")
+            && hasMailPrivateKeys
+            && mailEnabled
+            ? "ready"
+            : "missing"
+        : runtimeConfigReadStatus(runtimeConfig);
     const entries = [
         {
             option: "1",
@@ -2215,6 +2234,19 @@ async function buildConnectMenu(agent, deps, onProgress) {
                 status: blueBubblesStatus,
             }) ? `ouro connect bluebubbles --agent ${agent}` : undefined,
         },
+        {
+            option: "6",
+            name: "Agent Mail",
+            section: "Portable",
+            status: mailStatus,
+            description: "Vault-coupled Mailroom mailbox and delegated source aliases.",
+            nextAction: (0, connect_bay_1.connectEntryNeedsAttention)({
+                option: "6",
+                name: "Agent Mail",
+                section: "Portable",
+                status: mailStatus,
+            }) ? `ouro connect mail --agent ${agent}` : undefined,
+        },
     ];
     const isTTY = connectMenuIsTTY(deps);
     return (0, connect_bay_1.renderConnectBay)(entries, {
@@ -2649,6 +2681,185 @@ async function executeConnectBlueBubbles(agent, deps) {
         ],
     });
 }
+async function executeConnectMail(agent, deps) {
+    if (agent === "SerpentGuide") {
+        throw new Error("SerpentGuide has no persistent runtime credentials. Connect mail on the hatchling agent instead.");
+    }
+    const promptInput = requirePromptInput(deps, "Agent Mail setup");
+    writeConnectorIntro(deps, {
+        title: "Connect Agent Mail",
+        subtitle: `${agent} gets a private Mailroom identity and delegated source lane.`,
+        summary: "Provision a vault-coupled mailbox, source alias, encrypted local store, and Mail sense.",
+        sections: [
+            {
+                title: "Unlocks",
+                lines: [
+                    "Private agent mail at the agent's canonical @ouro.bot address.",
+                    "HEY/source aliases that stay labeled as delegated human mail.",
+                    "Bounded read tools with access logging.",
+                ],
+            },
+            {
+                title: "What you need",
+                lines: [
+                    "Optional owner email for the first delegated source alias.",
+                    "No mail password is printed or pasted; Ouro generates mail keys and stores private keys in the agent vault.",
+                ],
+            },
+            {
+                title: "Where it lives",
+                lines: [
+                    `${agent}'s vault runtime/config item for private keys and Mailroom coordinates.`,
+                    `${agent}'s bundle state for non-secret registry and local encrypted mail cache.`,
+                ],
+            },
+        ],
+        fallbackLines: [
+            `Connect Agent Mail for ${agent}`,
+            "Ouro generates mail keys and stores private keys in the agent vault.",
+            "The registry and encrypted local store live under the agent bundle state.",
+        ],
+    });
+    const ownerEmail = (await promptInput("Delegated owner email for first source alias [blank to skip]: ")).trim();
+    const source = ownerEmail
+        ? ((await promptInput("Delegated source label [hey]: ")).trim() || "hey")
+        : "";
+    const agentRoot = providerCliAgentRoot({ agent }, deps);
+    const mailStateDir = path.join(agentRoot, "state", "mailroom");
+    const registryPath = path.join(mailStateDir, "registry.json");
+    const storePath = mailStateDir;
+    const progress = createHumanCommandProgress(deps, "connect mail");
+    let stored;
+    let mailboxAddress = `${agent.toLowerCase()}@ouro.bot`;
+    let sourceAlias = null;
+    try {
+        progress.startPhase("provisioning Mailroom identity");
+        const provisioned = (0, core_1.provisionMailboxRegistry)({
+            agentId: agent,
+            ownerEmail: ownerEmail || undefined,
+            source: source || undefined,
+        });
+        mailboxAddress = provisioned.registry.mailboxes[0].canonicalAddress;
+        sourceAlias = provisioned.registry.sourceGrants[0]?.aliasAddress ?? null;
+        fs.mkdirSync(mailStateDir, { recursive: true });
+        fs.writeFileSync(registryPath, `${JSON.stringify(provisioned.registry, null, 2)}\n`, "utf-8");
+        progress.updateDetail("checking existing runtime config");
+        const current = await (0, runtime_credentials_1.refreshRuntimeCredentialConfig)(agent, { preserveCachedOnFailure: true });
+        if (!current.ok && current.reason !== "missing") {
+            progress.end();
+            throw new Error(`cannot read existing runtime credentials from ${current.itemPath}: ${current.error}`);
+        }
+        const nextConfig = {
+            ...(current.ok ? current.config : {}),
+            mailroom: {
+                mailboxAddress,
+                registryPath,
+                storePath,
+                privateKeys: provisioned.keys,
+            },
+        };
+        progress.updateDetail("storing private mail keys in vault");
+        stored = await (0, runtime_credentials_1.upsertRuntimeCredentialConfig)(agent, nextConfig, providerCliNow(deps));
+        progress.updateDetail("enabling Mail sense in agent.json");
+        enableAgentSense(agent, "mail", deps);
+        progress.completePhase("provisioning Mailroom identity", "mail ready");
+        progress.end();
+    }
+    catch (error) {
+        progress.end();
+        throw error;
+    }
+    const syncSummary = pushAgentBundleAfterCliMutation(agent, deps);
+    return writeCapabilityOutcome(deps, {
+        subtitle: `${agent}'s Mail sense is configured.`,
+        summary: `Agent Mail is ready for ${agent}.`,
+        whatChanged: [
+            `Mailbox: ${mailboxAddress}`,
+            ...(sourceAlias ? [`Delegated alias: ${sourceAlias}`] : []),
+            `Registry: ${registryPath}`,
+            `Encrypted store: ${storePath}`,
+            `Stored: ${stored.itemPath}`,
+            "agent.json: senses.mail.enabled = true",
+            "private mail keys were not printed",
+            ...(syncSummary ? [syncSummary] : []),
+        ],
+        nextMoves: [
+            "Run ouro up so the daemon picks up the Mail sense.",
+            sourceAlias
+                ? `Use ${sourceAlias} for HEY forwarding or Extensions after the SMTP ingress proof is accepted.`
+                : "Add delegated source aliases when you are ready to mirror human mail.",
+        ],
+        fallbackLines: [
+            `Agent Mail connected for ${agent}`,
+            `mailbox: ${mailboxAddress}`,
+            ...(sourceAlias ? [`delegated alias: ${sourceAlias}`] : []),
+            `registry: ${registryPath}`,
+            `encrypted store: ${storePath}`,
+            `stored: ${stored.itemPath}`,
+            "agent.json: senses.mail.enabled = true",
+            "private mail keys were not printed",
+            "",
+            "Next: run `ouro up` so the daemon picks up the Mail sense.",
+            ...(syncSummary ? [syncSummary] : []),
+        ],
+    });
+}
+function stringField(record, key) {
+    const value = record[key];
+    return typeof value === "string" ? value.trim() : "";
+}
+async function executeMailImportMbox(command, deps) {
+    const progress = createHumanCommandProgress(deps, "mail import");
+    try {
+        progress.startPhase("reading Mailroom config");
+        const runtime = await (0, runtime_credentials_1.refreshRuntimeCredentialConfig)(command.agent, { preserveCachedOnFailure: true });
+        if (!runtime.ok) {
+            progress.end();
+            throw new Error(`cannot read Mailroom config from ${runtime.itemPath}: ${runtime.error}`);
+        }
+        const mailroom = runtime.config.mailroom;
+        if (!mailroom || typeof mailroom !== "object" || Array.isArray(mailroom)) {
+            progress.end();
+            throw new Error(`missing mailroom config for ${command.agent}; run 'ouro connect mail --agent ${command.agent}' first`);
+        }
+        const registryPath = stringField(mailroom, "registryPath");
+        const storePath = stringField(mailroom, "storePath");
+        if (!registryPath || !storePath) {
+            progress.end();
+            throw new Error(`mailroom config for ${command.agent} is missing registryPath/storePath; run 'ouro connect mail --agent ${command.agent}' again`);
+        }
+        progress.updateDetail("reading registry and MBOX");
+        const registry = JSON.parse(fs.readFileSync(registryPath, "utf-8"));
+        const filePath = path.resolve(command.filePath);
+        const rawMbox = fs.readFileSync(filePath);
+        progress.updateDetail("importing delegated mail");
+        const result = await (0, mbox_import_1.importMboxToStore)({
+            registry,
+            store: new file_store_1.FileMailroomStore({ rootDir: storePath }),
+            agentId: command.agent,
+            rawMbox,
+            ownerEmail: command.ownerEmail,
+            source: command.source,
+        });
+        progress.completePhase("reading Mailroom config", "imported");
+        progress.end();
+        const message = [
+            `Imported MBOX for ${command.agent}`,
+            `file: ${filePath}`,
+            `grant: ${result.sourceGrant.grantId} (${result.sourceGrant.source}; ${result.sourceGrant.ownerEmail})`,
+            `scanned: ${result.scanned}`,
+            `imported: ${result.imported}`,
+            `duplicates: ${result.duplicates}`,
+            "body reads remain explicit through mail_recent/mail_search/mail_thread and are access-logged.",
+        ].join("\n");
+        deps.writeStdout(message);
+        return message;
+    }
+    catch (error) {
+        progress.end();
+        throw error;
+    }
+}
 async function executeConnectProviders(agent, deps) {
     const promptInput = deps.promptInput;
     if (!promptInput) {
@@ -2690,6 +2901,8 @@ function connectMenuTarget(answer) {
         return "teams";
     if (normalized === "5" || normalized === "bluebubbles" || normalized === "imessage" || normalized === "messages")
         return "bluebubbles";
+    if (normalized === "6" || normalized === "mail" || normalized === "email" || normalized === "mailroom")
+        return "mail";
     return "cancel";
 }
 async function executeConnect(command, deps) {
@@ -2703,6 +2916,8 @@ async function executeConnect(command, deps) {
         return executeConnectTeams(command.agent, deps);
     if (command.target === "bluebubbles")
         return executeConnectBlueBubbles(command.agent, deps);
+    if (command.target === "mail")
+        return executeConnectMail(command.agent, deps);
     const progress = createHumanCommandProgress(deps, "connect");
     let menu;
     try {
@@ -2721,6 +2936,7 @@ async function executeConnect(command, deps) {
             `Run: ouro connect embeddings --agent ${command.agent}`,
             `Run: ouro connect teams --agent ${command.agent}`,
             `Run: ouro connect bluebubbles --agent ${command.agent}`,
+            `Run: ouro connect mail --agent ${command.agent}`,
         ].join("\n");
         deps.writeStdout(message);
         return message;
@@ -2736,6 +2952,8 @@ async function executeConnect(command, deps) {
         return executeConnectTeams(command.agent, deps);
     if (answer === "bluebubbles")
         return executeConnectBlueBubbles(command.agent, deps);
+    if (answer === "mail")
+        return executeConnectMail(command.agent, deps);
     const message = "connect cancelled.";
     deps.writeStdout(message);
     return message;
@@ -4056,6 +4274,9 @@ async function runOuroCli(args, deps = (0, cli_defaults_1.createDefaultOuroCliDe
     if (command.kind === "connect") {
         return executeConnect(command, deps);
     }
+    if (command.kind === "mail.import-mbox") {
+        return executeMailImportMbox(command, deps);
+    }
     if (command.kind === "daemon.up") {
         // ── dev mode cleanup: delete dev-config.json so the wrapper stops dispatching to dev repo ──
         /* v8 ignore start -- dev-config cleanup: requires real filesystem state @preserve */

package/dist/heart/daemon/cli-help.js

@@ -166,9 +166,16 @@ exports.COMMAND_REGISTRY = {
     connect: {
         category: "Auth",
         description: "Set up providers, portable integrations, and local senses from one guided screen",
-        usage: "ouro connect [providers|perplexity|embeddings|teams|bluebubbles] [--agent <name>]",
+        usage: "ouro connect [providers|perplexity|embeddings|teams|bluebubbles|mail] [--agent <name>]",
         example: "ouro connect",
-        subcommands: ["providers", "perplexity", "embeddings", "teams", "bluebubbles"],
+        subcommands: ["providers", "perplexity", "embeddings", "teams", "bluebubbles", "mail"],
+    },
+    mail: {
+        category: "Auth",
+        description: "Import delegated mail into the agent Mailroom substrate",
+        usage: "ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]",
+        example: "ouro mail import-mbox --file ~/Downloads/hey.mbox --owner-email ari@mendelow.me --source hey --agent slugger",
+        subcommands: ["import-mbox"],
     },
     use: {
         category: "Auth",
@@ -297,6 +304,16 @@ const SUBCOMMAND_HELP = {
         usage: "ouro connect bluebubbles [--agent <name>]",
         example: "ouro connect bluebubbles",
     },
+    "connect mail": {
+        description: "Provision portable Agent Mail / Mailroom access and enable the Mail sense",
+        usage: "ouro connect mail [--agent <name>]",
+        example: "ouro connect mail",
+    },
+    "mail import-mbox": {
+        description: "Import a HEY or other MBOX export into an existing delegated Mailroom source grant",
+        usage: "ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]",
+        example: "ouro mail import-mbox --file ~/Downloads/hey.mbox --owner-email ari@mendelow.me --source hey --agent slugger",
+    },
     "provider refresh": {
         description: "Reload this agent's provider credentials from its vault into daemon memory",
         usage: "ouro provider refresh [--agent <name>]",

package/dist/heart/daemon/cli-parse.js

@@ -83,7 +83,8 @@ function usage() {
         "  ouro config model [--agent <name>] <model-name>",
         "  ouro config models [--agent <name>]",
         "  ouro auth [--agent <name>] [--provider <provider>]",
-        "  ouro connect [providers|perplexity|embeddings|teams|bluebubbles] [--agent <name>]",
+        "  ouro connect [providers|perplexity|embeddings|teams|bluebubbles|mail] [--agent <name>]",
+        "  ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]",
         "  ouro auth verify [--agent <name>] [--provider <provider>]",
         "  ouro auth switch [--agent <name>] --provider <provider>",
         "  ouro vault create [--agent <name>] --email <email> [--server <url>] [--store <store>]",
@@ -600,15 +601,53 @@ function normalizeConnectTarget(value) {
         return "teams";
     if (value === "bluebubbles" || value === "imessage" || value === "messages")
         return "bluebubbles";
-    throw new Error("Usage: ouro connect [providers|perplexity|embeddings|teams|bluebubbles] [--agent <name>]");
+    if (value === "mail" || value === "email" || value === "mailroom")
+        return "mail";
+    throw new Error("Usage: ouro connect [providers|perplexity|embeddings|teams|bluebubbles|mail] [--agent <name>]");
 }
 function parseConnectCommand(args) {
     const { agent, rest } = extractAgentFlag(args);
     if (rest.length > 1)
-        throw new Error("Usage: ouro connect [providers|perplexity|embeddings|teams|bluebubbles] [--agent <name>]");
+        throw new Error("Usage: ouro connect [providers|perplexity|embeddings|teams|bluebubbles|mail] [--agent <name>]");
     const target = normalizeConnectTarget(rest[0]);
     return { kind: "connect", ...(agent ? { agent } : {}), ...(target ? { target } : {}) };
 }
+function parseMailCommand(args) {
+    const [sub, ...subArgs] = args;
+    if (sub !== "import-mbox") {
+        throw new Error("Usage: ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]");
+    }
+    const { agent, rest } = extractAgentFlag(subArgs);
+    let filePath;
+    let ownerEmail;
+    let source;
+    for (let i = 0; i < rest.length; i += 1) {
+        const token = rest[i];
+        if (token === "--file" && rest[i + 1]) {
+            filePath = rest[++i];
+            continue;
+        }
+        if (token === "--owner-email" && rest[i + 1]) {
+            ownerEmail = rest[++i];
+            continue;
+        }
+        if (token === "--source" && rest[i + 1]) {
+            source = rest[++i];
+            continue;
+        }
+        throw new Error("Usage: ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]");
+    }
+    if (!filePath) {
+        throw new Error("Usage: ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]");
+    }
+    return {
+        kind: "mail.import-mbox",
+        ...(agent ? { agent } : {}),
+        filePath,
+        ...(ownerEmail ? { ownerEmail } : {}),
+        ...(source ? { source } : {}),
+    };
+}
 function parseProviderUseCommand(args) {
     const { agent, rest: afterAgent } = extractAgentFlag(args);
     const { facing, rest: afterFacing } = extractFacingFlag(afterAgent);
@@ -1078,6 +1117,8 @@ function parseOuroCommand(args) {
     }
     if (head === "provider")
         return parseProviderCommand(args.slice(1));
+    if (head === "mail")
+        return parseMailCommand(args.slice(1));
     if (head === "logs") {
         if (second === "prune")
             return { kind: "daemon.logs.prune" };

package/dist/heart/daemon/doctor.js

@@ -181,7 +181,7 @@ async function checkSenses(deps) {
             continue;
         }
         const senses = config.senses;
-        const senseNames = ["cli", "teams", "bluebubbles"];
+        const senseNames = ["cli", "teams", "bluebubbles", "mail"];
         for (const sense of senseNames) {
             if (!(sense in senses))
                 continue;
@@ -329,12 +329,7 @@ function checkSecurity(deps) {
 }
 function checkDisk(deps) {
     const checks = [];
-    // Check daemon logs directory
-    const logsDir = `${deps.homedir}/.ouro-cli/logs`;
-    if (!deps.existsSync(logsDir)) {
-        checks.push({ label: "daemon logs dir", status: "warn", detail: `${logsDir} not found` });
-    }
-    else {
+    const addLogSizeCheck = (labelPrefix, logsDir) => {
         let totalSize = 0;
         try {
             const files = deps.readdirSync(logsDir);
@@ -353,13 +348,26 @@ function checkDisk(deps) {
         }
         const sizeMB = totalSize / (1024 * 1024);
         if (sizeMB > 500) {
-            checks.push({ label: "daemon log size", status: "fail", detail: `${sizeMB.toFixed(1)}MB — exceeds 500MB limit` });
+            checks.push({ label: `${labelPrefix} daemon log size`, status: "fail", detail: `${sizeMB.toFixed(1)}MB — exceeds 500MB limit` });
         }
         else if (sizeMB > 100) {
-            checks.push({ label: "daemon log size", status: "warn", detail: `${sizeMB.toFixed(1)}MB — consider pruning with \`ouro logs prune\`` });
+            checks.push({ label: `${labelPrefix} daemon log size`, status: "warn", detail: `${sizeMB.toFixed(1)}MB — consider pruning with \`ouro logs prune\`` });
+        }
+        else {
+            checks.push({ label: `${labelPrefix} daemon log size`, status: "pass", detail: `${sizeMB.toFixed(1)}MB` });
+        }
+    };
+    const agents = discoverAgents(deps);
+    if (agents.length === 0) {
+        checks.push({ label: "daemon logs dir", status: "warn", detail: "no agent bundles found for bundle-local logs" });
+    }
+    for (const agentDir of agents) {
+        const logsDir = `${deps.bundlesRoot}/${agentDir}/state/daemon/logs`;
+        if (!deps.existsSync(logsDir)) {
+            checks.push({ label: `${agentDir} daemon logs dir`, status: "warn", detail: `${logsDir} not found` });
         }
         else {
-            checks.push({ label: "daemon log size", status: "pass", detail: `${sizeMB.toFixed(1)}MB` });
+            addLogSizeCheck(agentDir, logsDir);
         }
     }
     // Check AgentBundles root

package/dist/heart/daemon/sense-manager.js

@@ -52,6 +52,7 @@ function defaultSenses() {
         cli: { ...identity_1.DEFAULT_AGENT_SENSES.cli },
         teams: { ...identity_1.DEFAULT_AGENT_SENSES.teams },
         bluebubbles: { ...identity_1.DEFAULT_AGENT_SENSES.bluebubbles },
+        mail: { ...identity_1.DEFAULT_AGENT_SENSES.mail },
     };
 }
 function readAgentSenses(agentJsonPath) {
@@ -77,7 +78,7 @@ function readAgentSenses(agentJsonPath) {
     if (!rawSenses || typeof rawSenses !== "object" || Array.isArray(rawSenses)) {
         return defaults;
     }
-    for (const sense of ["cli", "teams", "bluebubbles"]) {
+    for (const sense of ["cli", "teams", "bluebubbles", "mail"]) {
         const rawSense = rawSenses[sense];
         if (!rawSense || typeof rawSense !== "object" || Array.isArray(rawSense)) {
             continue;
@@ -117,6 +118,7 @@ function senseFactsFromRuntimeConfig(agent, senses, runtimeConfig, machineRuntim
         cli: { configured: true, detail: "local interactive terminal" },
         teams: { configured: false, detail: "not enabled in agent.json" },
         bluebubbles: { configured: false, detail: "not enabled in agent.json" },
+        mail: { configured: false, detail: "not enabled in agent.json" },
     };
     const payload = runtimeConfig.ok ? runtimeConfig.config : {};
     const unavailableDetail = runtimeConfigUnavailableDetail(agent, runtimeConfig);
@@ -125,6 +127,7 @@ function senseFactsFromRuntimeConfig(agent, senses, runtimeConfig, machineRuntim
     const machinePayload = machineRuntimeConfig.ok ? machineRuntimeConfig.config : {};
     const bluebubbles = machinePayload.bluebubbles;
     const bluebubblesChannel = machinePayload.bluebubblesChannel;
+    const mailroom = payload.mailroom;
     if (senses.teams.enabled) {
         const missing = [];
         if (!textField(teams, "clientId"))
@@ -166,12 +169,33 @@ function senseFactsFromRuntimeConfig(agent, senses, runtimeConfig, machineRuntim
                         : runtimeConfigUnavailableDetail(agent, machineRuntimeConfig),
             };
     }
+    if (senses.mail.enabled) {
+        const privateKeys = mailroom?.privateKeys;
+        const hasPrivateKeys = !!privateKeys && typeof privateKeys === "object" && !Array.isArray(privateKeys) && Object.values(privateKeys).some((value) => typeof value === "string" && value.trim().length > 0);
+        const mailboxAddress = textField(mailroom, "mailboxAddress");
+        const missing = [];
+        if (!mailboxAddress)
+            missing.push("mailroom.mailboxAddress");
+        if (!hasPrivateKeys)
+            missing.push("mailroom.privateKeys");
+        base.mail = missing.length === 0
+            ? { configured: true, detail: mailboxAddress }
+            : {
+                configured: false,
+                detail: runtimeConfig.ok
+                    ? `missing ${missing.join("/")}`
+                    : unavailableDetail,
+            };
+    }
     return base;
 }
 function senseRepairHint(agent, sense) {
     if (sense === "teams") {
         return `Run 'ouro vault config set --agent ${agent} --key teams.clientId', teams.clientSecret, and teams.tenantId; then run 'ouro up' again.`;
     }
+    if (sense === "mail") {
+        return `Run 'ouro connect mail --agent ${agent}' to provision Mailroom access; then run 'ouro up' again.`;
+    }
     return `Run 'ouro connect bluebubbles --agent ${agent}' to attach BlueBubbles on this machine; then run 'ouro up' again.`;
 }
 function currentMachineId() {
@@ -182,7 +206,7 @@ function parseSenseSnapshotName(name) {
     if (parts.length !== 2)
         return null;
     const [agent, sense] = parts;
-    if (sense !== "teams" && sense !== "bluebubbles")
+    if (sense !== "teams" && sense !== "bluebubbles" && sense !== "mail")
         return null;
     return { agent, sense };
 }
@@ -345,6 +369,9 @@ class DaemonSenseManager {
                     optional: context.facts.bluebubbles.optional,
                     ...blueBubblesRuntimeFacts,
                 },
+                mail: {
+                    configured: context.facts.mail.configured,
+                },
             };
             const inventory = (0, sense_truth_1.getSenseInventory)({ senses: context.senses }, runtimeInfo);
             return inventory.map((entry) => ({

package/dist/heart/identity.js

@@ -134,12 +134,14 @@ exports.DEFAULT_AGENT_SENSES = {
     cli: { enabled: true },
     teams: { enabled: false },
     bluebubbles: { enabled: false },
+    mail: { enabled: false },
 };
 function normalizeSenses(value, configFile) {
     const defaults = {
         cli: { ...exports.DEFAULT_AGENT_SENSES.cli },
         teams: { ...exports.DEFAULT_AGENT_SENSES.teams },
         bluebubbles: { ...exports.DEFAULT_AGENT_SENSES.bluebubbles },
+        mail: { ...exports.DEFAULT_AGENT_SENSES.mail },
     };
     if (value === undefined) {
         return defaults;
@@ -155,7 +157,7 @@ function normalizeSenses(value, configFile) {
         throw new Error(`agent.json at ${configFile} must include senses as an object when present.`);
     }
     const raw = value;
-    const senseNames = ["cli", "teams", "bluebubbles"];
+    const senseNames = ["cli", "teams", "bluebubbles", "mail"];
     for (const senseName of senseNames) {
         const rawSense = raw[senseName];
         if (rawSense === undefined) {
@@ -197,6 +199,7 @@ function buildDefaultAgentTemplate(_agentName) {
             cli: { ...exports.DEFAULT_AGENT_SENSES.cli },
             teams: { ...exports.DEFAULT_AGENT_SENSES.teams },
             bluebubbles: { ...exports.DEFAULT_AGENT_SENSES.bluebubbles },
+            mail: { ...exports.DEFAULT_AGENT_SENSES.mail },
         },
         phrases: {
             thinking: [...exports.DEFAULT_AGENT_PHRASES.thinking],

package/dist/heart/outlook/outlook-http-hooks.js

@@ -56,6 +56,8 @@ function createOutlookHttpReadHooks(options) {
         readAgentSelfFix: options.readAgentSelfFix ?? ((agentName) => (0, outlook_read_1.readSelfFixView)(agentRoot(agentName))),
         readAgentNoteDecisions: options.readAgentNoteDecisions ?? ((agentName) => (0, outlook_read_1.readNoteDecisionView)(agentRoot(agentName))),
         readAgentHabits: options.readAgentHabits ?? ((agentName) => (0, outlook_read_1.readHabitView)(agentRoot(agentName))),
+        readAgentMail: options.readAgentMail ?? ((agentName) => (0, outlook_read_1.readMailView)(agentName)),
+        readAgentMailMessage: options.readAgentMailMessage ?? ((agentName, messageId) => (0, outlook_read_1.readMailMessageView)(agentName, messageId)),
         readDaemonHealth: options.readDaemonHealth ?? (() => (0, outlook_read_1.readDaemonHealthDeep)(options.healthPath)),
         readLogs: options.readLogs ?? (() => (0, outlook_read_1.readLogView)(options.logPath ?? null)),
         readDeskPrefs: (agentName) => (0, outlook_read_1.readDeskPrefs)(agentRoot(agentName)),

package/dist/heart/outlook/outlook-http-routes.js

@@ -82,10 +82,12 @@ function createOutlookHttpRequestHandler(options) {
         }
         const agentMatch = /^\/api\/agents\/([^/]+)(?:\/(.+))?$/.exec(pathname);
         if (agentMatch) {
-            handleAgentRoute(request, response, {
+            void handleAgentRoute(request, response, {
                 agent: decodeURIComponent(agentMatch[1]),
                 surface: agentMatch[2] ?? null,
                 options,
+            }).catch((error) => {
+                (0, outlook_http_response_1.writeJson)(response, 500, { ok: false, error: error instanceof Error ? error.message : String(error) });
             });
             return;
         }
@@ -97,7 +99,7 @@ function createOutlookHttpRequestHandler(options) {
         (0, outlook_http_response_1.writeJson)(response, 404, { ok: false, error: `not found: ${pathname}` });
     };
 }
-function handleAgentRoute(request, response, context) {
+async function handleAgentRoute(request, response, context) {
     const { agent, surface, options } = context;
     if (!surface) {
         const view = options.readAgentView?.(agent);
@@ -190,6 +192,16 @@ function handleAgentRoute(request, response, context) {
         (0, outlook_http_response_1.writeJson)(response, 200, options.hooks.readAgentHabits(agent));
         return;
     }
+    if (surface === "mail") {
+        (0, outlook_http_response_1.writeJson)(response, 200, await options.hooks.readAgentMail(agent));
+        return;
+    }
+    const mailMessageMatch = /^mail\/([^/]+)$/.exec(surface);
+    if (mailMessageMatch) {
+        const messageId = decodeURIComponent(mailMessageMatch[1]);
+        (0, outlook_http_response_1.writeJson)(response, 200, await options.hooks.readAgentMailMessage(agent, messageId));
+        return;
+    }
     if (surface === "inner-transcript") {
         const transcript = options.hooks.readAgentTranscript(agent, "self", "inner", "dialog");
         (0, outlook_http_response_1.writeJson)(response, 200, transcript ?? { messageCount: 0, messages: [] });