@ouro.bot/cli 0.1.0-alpha.454 → 0.1.0-alpha.456

package/changelog.json

@@ -1,6 +1,22 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.456",
+      "changes": [
+        "Ouro Outlook session transcripts now respect the reader's scroll position during live refresh: if a human has scrolled up to inspect older iMessage/Teams/CLI history, background transcript updates no longer yank the pane back to the bottom.",
+        "Open transcripts no longer insert a transient loading row over already-rendered messages during refresh, removing the visible stutter that made long iMessage transcripts feel unstable.",
+        "Inner-dialog transcript panes now use the same bottom-stickiness behavior, so loading earlier messages or jumping to landmarks does not immediately undo the user's navigation."
+      ]
+    },
+    {
+      "version": "0.1.0-alpha.455",
+      "changes": [
+        "Agent Mail now has a complete all-agent onboarding runbook around `ouro account ensure --agent <agent>`, including native `@ouro.bot` mailbox setup, optional delegated human-mail aliases, vault-coupled private keys, bundle-local encrypted Mailroom state, HEY MBOX import, live forwarding boundaries, and golden-path verification.",
+        "Screener decisions now persist family-authorized sender policies for discard and quarantine as well as allow decisions, so future mail from a discarded sender goes directly to the retained recovery drawer instead of repeatedly interrupting the agent.",
+        "The system prompt now points agents at `docs/agent-mail-setup.md` and distinguishes full work-substrate account setup from mail-only repair/provisioning, while docs contract coverage locks the native-vs-delegated trust model, recovery semantics, human-only DNS/HEY/MX gates, confirmed outbound sends, and Ouro Outlook audit expectations."
+      ]
+    },
     {
       "version": "0.1.0-alpha.454",
       "changes": [

package/dist/heart/daemon/cli-exec.js

@@ -326,6 +326,7 @@ function agentResolutionFailureMode(command) {
         case "vault.config.set":
         case "vault.config.status":
         case "connect":
+        case "account.ensure":
         case "mail.import-mbox":
         case "auth.run":
         case "auth.verify":
@@ -2681,11 +2682,93 @@ async function executeConnectBlueBubbles(agent, deps) {
         ],
     });
 }
-async function executeConnectMail(agent, deps) {
+function isPlainRecord(value) {
+    return !!value && typeof value === "object" && !Array.isArray(value);
+}
+function readMailroomRegistryFromDisk(registryPath) {
+    if (!fs.existsSync(registryPath))
+        return undefined;
+    const parsed = JSON.parse(fs.readFileSync(registryPath, "utf-8"));
+    if (!isPlainRecord(parsed) || parsed.schemaVersion !== 1 || !Array.isArray(parsed.mailboxes) || !Array.isArray(parsed.sourceGrants)) {
+        throw new Error(`mailroom registry at ${registryPath} is not a valid Mailroom registry`);
+    }
+    return parsed;
+}
+function mailroomPrivateKeys(mailroom) {
+    const keys = isPlainRecord(mailroom?.privateKeys) ? mailroom.privateKeys : {};
+    return Object.fromEntries(Object.entries(keys).filter((entry) => typeof entry[1] === "string"));
+}
+async function promptDelegatedMailSource(deps) {
+    const promptInput = requirePromptInput(deps, "Agent Mail setup");
+    const ownerEmail = (await promptInput("Delegated owner email for first source alias [blank to skip]: ")).trim();
+    const source = ownerEmail
+        ? ((await promptInput("Delegated source label [hey]: ")).trim() || "hey")
+        : "";
+    return { ownerEmail, source };
+}
+async function ensureAgentMailroom(agent, input, deps, progressLabel) {
     if (agent === "SerpentGuide") {
         throw new Error("SerpentGuide has no persistent runtime credentials. Connect mail on the hatchling agent instead.");
     }
-    const promptInput = requirePromptInput(deps, "Agent Mail setup");
+    const agentRoot = providerCliAgentRoot({ agent }, deps);
+    const mailStateDir = path.join(agentRoot, "state", "mailroom");
+    const progress = createHumanCommandProgress(deps, progressLabel);
+    let stored;
+    let mailboxAddress = `${agent.toLowerCase()}@ouro.bot`;
+    let sourceAlias = null;
+    let registryPath = path.join(mailStateDir, "registry.json");
+    let storePath = mailStateDir;
+    try {
+        progress.startPhase("checking Mailroom runtime config");
+        const current = await (0, runtime_credentials_1.refreshRuntimeCredentialConfig)(agent, { preserveCachedOnFailure: true });
+        if (!current.ok && current.reason !== "missing") {
+            throw new Error(`cannot read existing runtime credentials from ${current.itemPath}: ${current.error}`);
+        }
+        const currentConfig = current.ok ? current.config : {};
+        const existingMailroom = isPlainRecord(currentConfig.mailroom) ? currentConfig.mailroom : undefined;
+        registryPath = stringField(existingMailroom ?? {}, "registryPath") || registryPath;
+        storePath = stringField(existingMailroom ?? {}, "storePath") || storePath;
+        progress.updateDetail("ensuring Mailroom identity");
+        const ensured = (0, core_1.ensureMailboxRegistry)({
+            agentId: agent,
+            registry: readMailroomRegistryFromDisk(registryPath),
+            keys: mailroomPrivateKeys(existingMailroom),
+            ownerEmail: input.ownerEmail || undefined,
+            source: input.source || undefined,
+        });
+        mailboxAddress = ensured.mailboxAddress;
+        sourceAlias = ensured.sourceAlias;
+        fs.mkdirSync(path.dirname(registryPath), { recursive: true });
+        fs.mkdirSync(storePath, { recursive: true });
+        fs.writeFileSync(registryPath, `${JSON.stringify(ensured.registry, null, 2)}\n`, "utf-8");
+        const nextConfig = {
+            ...currentConfig,
+            mailroom: {
+                ...(existingMailroom ?? {}),
+                mailboxAddress,
+                registryPath,
+                storePath,
+                privateKeys: ensured.keys,
+            },
+        };
+        progress.updateDetail("storing private mail keys in vault");
+        stored = await (0, runtime_credentials_1.upsertRuntimeCredentialConfig)(agent, nextConfig, providerCliNow(deps));
+        progress.updateDetail("enabling Mail sense in agent.json");
+        enableAgentSense(agent, "mail", deps);
+        progress.completePhase("checking Mailroom runtime config", "mail ready");
+        progress.end();
+    }
+    catch (error) {
+        progress.end();
+        throw error;
+    }
+    /* v8 ignore next -- defensive: successful setup always stores before leaving the guarded block. @preserve */
+    if (!stored)
+        throw new Error("Mailroom setup did not store runtime credentials");
+    const syncSummary = pushAgentBundleAfterCliMutation(agent, deps);
+    return { mailboxAddress, sourceAlias, registryPath, storePath, stored, syncSummary };
+}
+async function executeConnectMail(agent, deps) {
     writeConnectorIntro(deps, {
         title: "Connect Agent Mail",
         subtitle: `${agent} gets a private Mailroom identity and delegated source lane.`,
@@ -2720,87 +2803,96 @@ async function executeConnectMail(agent, deps) {
             "The registry and encrypted local store live under the agent bundle state.",
         ],
     });
-    const ownerEmail = (await promptInput("Delegated owner email for first source alias [blank to skip]: ")).trim();
-    const source = ownerEmail
-        ? ((await promptInput("Delegated source label [hey]: ")).trim() || "hey")
-        : "";
-    const agentRoot = providerCliAgentRoot({ agent }, deps);
-    const mailStateDir = path.join(agentRoot, "state", "mailroom");
-    const registryPath = path.join(mailStateDir, "registry.json");
-    const storePath = mailStateDir;
-    const progress = createHumanCommandProgress(deps, "connect mail");
-    let stored;
-    let mailboxAddress = `${agent.toLowerCase()}@ouro.bot`;
-    let sourceAlias = null;
-    try {
-        progress.startPhase("provisioning Mailroom identity");
-        const provisioned = (0, core_1.provisionMailboxRegistry)({
-            agentId: agent,
-            ownerEmail: ownerEmail || undefined,
-            source: source || undefined,
-        });
-        mailboxAddress = provisioned.registry.mailboxes[0].canonicalAddress;
-        sourceAlias = provisioned.registry.sourceGrants[0]?.aliasAddress ?? null;
-        fs.mkdirSync(mailStateDir, { recursive: true });
-        fs.writeFileSync(registryPath, `${JSON.stringify(provisioned.registry, null, 2)}\n`, "utf-8");
-        progress.updateDetail("checking existing runtime config");
-        const current = await (0, runtime_credentials_1.refreshRuntimeCredentialConfig)(agent, { preserveCachedOnFailure: true });
-        if (!current.ok && current.reason !== "missing") {
-            progress.end();
-            throw new Error(`cannot read existing runtime credentials from ${current.itemPath}: ${current.error}`);
-        }
-        const nextConfig = {
-            ...(current.ok ? current.config : {}),
-            mailroom: {
-                mailboxAddress,
-                registryPath,
-                storePath,
-                privateKeys: provisioned.keys,
-            },
-        };
-        progress.updateDetail("storing private mail keys in vault");
-        stored = await (0, runtime_credentials_1.upsertRuntimeCredentialConfig)(agent, nextConfig, providerCliNow(deps));
-        progress.updateDetail("enabling Mail sense in agent.json");
-        enableAgentSense(agent, "mail", deps);
-        progress.completePhase("provisioning Mailroom identity", "mail ready");
-        progress.end();
-    }
-    catch (error) {
-        progress.end();
-        throw error;
-    }
-    const syncSummary = pushAgentBundleAfterCliMutation(agent, deps);
+    const setup = await promptDelegatedMailSource(deps);
+    const outcome = await ensureAgentMailroom(agent, setup, deps, "connect mail");
     return writeCapabilityOutcome(deps, {
         subtitle: `${agent}'s Mail sense is configured.`,
         summary: `Agent Mail is ready for ${agent}.`,
         whatChanged: [
-            `Mailbox: ${mailboxAddress}`,
-            ...(sourceAlias ? [`Delegated alias: ${sourceAlias}`] : []),
-            `Registry: ${registryPath}`,
-            `Encrypted store: ${storePath}`,
-            `Stored: ${stored.itemPath}`,
+            `Mailbox: ${outcome.mailboxAddress}`,
+            ...(outcome.sourceAlias ? [`Delegated alias: ${outcome.sourceAlias}`] : []),
+            `Registry: ${outcome.registryPath}`,
+            `Encrypted store: ${outcome.storePath}`,
+            `Stored: ${outcome.stored.itemPath}`,
             "agent.json: senses.mail.enabled = true",
             "private mail keys were not printed",
-            ...(syncSummary ? [syncSummary] : []),
+            ...(outcome.syncSummary ? [outcome.syncSummary] : []),
         ],
         nextMoves: [
             "Run ouro up so the daemon picks up the Mail sense.",
-            sourceAlias
-                ? `Use ${sourceAlias} for HEY forwarding or Extensions after the SMTP ingress proof is accepted.`
+            outcome.sourceAlias
+                ? `Use ${outcome.sourceAlias} for HEY forwarding or Extensions after the SMTP ingress proof is accepted.`
                 : "Add delegated source aliases when you are ready to mirror human mail.",
         ],
         fallbackLines: [
             `Agent Mail connected for ${agent}`,
-            `mailbox: ${mailboxAddress}`,
-            ...(sourceAlias ? [`delegated alias: ${sourceAlias}`] : []),
-            `registry: ${registryPath}`,
-            `encrypted store: ${storePath}`,
-            `stored: ${stored.itemPath}`,
+            `mailbox: ${outcome.mailboxAddress}`,
+            ...(outcome.sourceAlias ? [`delegated alias: ${outcome.sourceAlias}`] : []),
+            `registry: ${outcome.registryPath}`,
+            `encrypted store: ${outcome.storePath}`,
+            `stored: ${outcome.stored.itemPath}`,
             "agent.json: senses.mail.enabled = true",
             "private mail keys were not printed",
             "",
             "Next: run `ouro up` so the daemon picks up the Mail sense.",
-            ...(syncSummary ? [syncSummary] : []),
+            ...(outcome.syncSummary ? [outcome.syncSummary] : []),
+        ],
+    });
+}
+async function executeAccountEnsure(command, deps) {
+    writeConnectorIntro(deps, {
+        title: "Ensure Agent Account",
+        subtitle: `${command.agent}'s Ouro work substrate gets its vault-backed coordinates.`,
+        summary: "Prepare the portable runtime account shape that couples vault, Mailroom, and enabled senses.",
+        sections: [
+            {
+                title: "Account substrate",
+                lines: [
+                    "runtime/config remains the private vault item for portable integration secrets.",
+                    "Mailroom gets a private native mailbox and optional delegated source alias.",
+                    "agent.json records that the Mail sense is enabled.",
+                ],
+            },
+            {
+                title: "Human-only edges",
+                lines: [
+                    "This command does not perform browser auth, HEY forwarding, DNS edits, MX cutover, or autonomous sending enablement.",
+                ],
+            },
+        ],
+        fallbackLines: [
+            `Ensure Ouro work substrate for ${command.agent}`,
+            "This creates or preserves runtime/config Mailroom coordinates and enables the Mail sense.",
+        ],
+    });
+    const setup = await promptDelegatedMailSource(deps);
+    const outcome = await ensureAgentMailroom(command.agent, setup, deps, "account ensure");
+    return writeCapabilityOutcome(deps, {
+        subtitle: `${command.agent}'s work substrate account is configured.`,
+        summary: `Ouro work substrate is ready for ${command.agent}.`,
+        whatChanged: [
+            "Vault item: runtime/config",
+            `Mailbox: ${outcome.mailboxAddress}`,
+            ...(outcome.sourceAlias ? [`Delegated alias: ${outcome.sourceAlias}`] : []),
+            `Registry: ${outcome.registryPath}`,
+            `Encrypted store: ${outcome.storePath}`,
+            "agent.json: senses.mail.enabled = true",
+            ...(outcome.syncSummary ? [outcome.syncSummary] : []),
+        ],
+        nextMoves: [
+            "Run ouro up so the daemon picks up the Mail sense.",
+            "Import HEY MBOX mail only after the human has exported the file.",
+            "Keep production MX and autonomous send disabled until the final explicit confirmation.",
+        ],
+        fallbackLines: [
+            `Ouro work substrate ready for ${command.agent}`,
+            "vault: runtime/config",
+            `mailbox: ${outcome.mailboxAddress}`,
+            ...(outcome.sourceAlias ? [`delegated alias: ${outcome.sourceAlias}`] : []),
+            `registry: ${outcome.registryPath}`,
+            `encrypted store: ${outcome.storePath}`,
+            "agent.json: senses.mail.enabled = true",
+            ...(outcome.syncSummary ? [outcome.syncSummary] : []),
         ],
     });
 }
@@ -4274,6 +4366,9 @@ async function runOuroCli(args, deps = (0, cli_defaults_1.createDefaultOuroCliDe
     if (command.kind === "connect") {
         return executeConnect(command, deps);
     }
+    if (command.kind === "account.ensure") {
+        return executeAccountEnsure(command, deps);
+    }
     if (command.kind === "mail.import-mbox") {
         return executeMailImportMbox(command, deps);
     }

package/dist/heart/daemon/cli-help.js

@@ -163,6 +163,13 @@ exports.COMMAND_REGISTRY = {
         example: "ouro auth",
         subcommands: ["verify", "switch"],
     },
+    account: {
+        category: "Auth",
+        description: "Ensure the agent's vault-backed work substrate account, including Mailroom setup",
+        usage: "ouro account ensure [--agent <name>]",
+        example: "ouro account ensure --agent slugger",
+        subcommands: ["ensure"],
+    },
     connect: {
         category: "Auth",
         description: "Set up providers, portable integrations, and local senses from one guided screen",
@@ -309,6 +316,11 @@ const SUBCOMMAND_HELP = {
         usage: "ouro connect mail [--agent <name>]",
         example: "ouro connect mail",
     },
+    "account ensure": {
+        description: "Idempotently prepare an agent's vault-backed work substrate account and private Mailroom mailbox",
+        usage: "ouro account ensure [--agent <name>]",
+        example: "ouro account ensure --agent slugger",
+    },
     "mail import-mbox": {
         description: "Import a HEY or other MBOX export into an existing delegated Mailroom source grant",
         usage: "ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]",

package/dist/heart/daemon/cli-parse.js

@@ -83,6 +83,7 @@ function usage() {
         "  ouro config model [--agent <name>] <model-name>",
         "  ouro config models [--agent <name>]",
         "  ouro auth [--agent <name>] [--provider <provider>]",
+        "  ouro account ensure [--agent <name>]",
         "  ouro connect [providers|perplexity|embeddings|teams|bluebubbles|mail] [--agent <name>]",
         "  ouro mail import-mbox --file <path> [--owner-email <email>] [--source <label>] [--agent <name>]",
         "  ouro auth verify [--agent <name>] [--provider <provider>]",
@@ -648,6 +649,16 @@ function parseMailCommand(args) {
         ...(source ? { source } : {}),
     };
 }
+function parseAccountCommand(args) {
+    const [sub, ...subArgs] = args;
+    if (sub !== "ensure") {
+        throw new Error("Usage: ouro account ensure [--agent <name>]");
+    }
+    const { agent, rest } = extractAgentFlag(subArgs);
+    if (rest.length > 0)
+        throw new Error("Usage: ouro account ensure [--agent <name>]");
+    return { kind: "account.ensure", ...(agent ? { agent } : {}) };
+}
 function parseProviderUseCommand(args) {
     const { agent, rest: afterAgent } = extractAgentFlag(args);
     const { facing, rest: afterFacing } = extractFacingFlag(afterAgent);
@@ -1130,6 +1141,8 @@ function parseOuroCommand(args) {
         return parseHatchCommand(args.slice(1));
     if (head === "auth")
         return parseAuthCommand(args.slice(1));
+    if (head === "account")
+        return parseAccountCommand(args.slice(1));
     if (head === "connect")
         return parseConnectCommand(args.slice(1));
     if (head === "vault")

package/dist/heart/daemon/runtime-logging.js

@@ -50,7 +50,7 @@ function defaultLoggingForProcess(processName) {
             sinks: ["ndjson"],
         };
     }
-    if (processName === "bluebubbles") {
+    if (processName === "bluebubbles" || processName === "mail") {
         return {
             level: "warn",
             sinks: ["terminal", "ndjson"],

package/dist/heart/daemon/sense-manager.js

@@ -215,6 +215,13 @@ function runtimeInfoFor(status) {
         return { runtime: "running" };
     return { runtime: "error" };
 }
+function managedSenseEntry(sense) {
+    if (sense === "teams")
+        return "senses/teams-entry.js";
+    if (sense === "bluebubbles")
+        return "senses/bluebubbles/entry.js";
+    return "senses/mail-entry.js";
+}
 function blueBubblesRuntimeStateIsFresh(lastCheckedAt, now = Date.now()) {
     if (!lastCheckedAt) {
         return false;
@@ -281,12 +288,12 @@ class DaemonSenseManager {
             return [agent, { senses, facts }];
         }));
         const managedSenseAgents = [...this.contexts.entries()].flatMap(([agent, context]) => {
-            return ["teams", "bluebubbles"]
+            return ["teams", "bluebubbles", "mail"]
                 .filter((sense) => context.senses[sense].enabled)
                 .map((sense) => ({
                 name: `${agent}:${sense}`,
                 agentArg: agent,
-                entry: sense === "teams" ? "senses/teams-entry.js" : "senses/bluebubbles/entry.js",
+                entry: managedSenseEntry(sense),
                 channel: sense,
                 autoStart: true,
             }));
@@ -371,6 +378,7 @@ class DaemonSenseManager {
                 },
                 mail: {
                     configured: context.facts.mail.configured,
+                    ...(runtime.get(agent)?.mail ?? {}),
                 },
             };
             const inventory = (0, sense_truth_1.getSenseInventory)({ senses: context.senses }, runtimeInfo);

package/dist/heart/outlook/readers/mail.js

@@ -12,10 +12,17 @@ function emptyFolders() {
     return [
         { id: "imbox", label: "Imbox", count: 0 },
         { id: "screener", label: "Screener", count: 0 },
+        { id: "discarded", label: "Discarded", count: 0 },
+        { id: "quarantine", label: "Quarantine", count: 0 },
+        { id: "draft", label: "Drafts", count: 0 },
+        { id: "sent", label: "Sent", count: 0 },
         { id: "delegated", label: "Delegated", count: 0 },
         { id: "native", label: "Native", count: 0 },
     ];
 }
+function emptyRecovery() {
+    return { discardedCount: 0, quarantineCount: 0 };
+}
 function unavailableMailView(agentName, status, error) {
     return {
         status,
@@ -25,6 +32,9 @@ function unavailableMailView(agentName, status, error) {
         store: null,
         folders: emptyFolders(),
         messages: [],
+        screener: [],
+        outbound: [],
+        recovery: emptyRecovery(),
         accessLog: [],
         error,
     };
@@ -41,6 +51,16 @@ function unavailableMessageView(agentName, status, error) {
     };
 }
 function mailSummary(message) {
+    const provenance = {
+        placement: message.placement,
+        compartmentKind: message.compartmentKind,
+        ownerEmail: message.ownerEmail ?? null,
+        source: message.source ?? null,
+        recipient: message.recipient,
+        mailboxId: message.mailboxId,
+        grantId: message.grantId ?? null,
+        trustReason: message.trustReason,
+    };
     return {
         id: message.id,
         subject: message.private.subject,
@@ -57,12 +77,17 @@ function mailSummary(message) {
         recipient: message.recipient,
         attachmentCount: message.private.attachments.length,
         untrustedContentWarning: message.private.untrustedContentWarning,
+        provenance,
     };
 }
-function buildFolders(messages) {
+function buildFolders(messages, outbound) {
     const folders = [
         { id: "imbox", label: "Imbox", count: messages.filter((message) => message.placement === "imbox").length },
         { id: "screener", label: "Screener", count: messages.filter((message) => message.placement === "screener").length },
+        { id: "discarded", label: "Discarded", count: messages.filter((message) => message.placement === "discarded").length },
+        { id: "quarantine", label: "Quarantine", count: messages.filter((message) => message.placement === "quarantine").length },
+        { id: "draft", label: "Drafts", count: outbound.filter((record) => record.status === "draft").length },
+        { id: "sent", label: "Sent", count: outbound.filter((record) => record.status === "sent").length },
         { id: "delegated", label: "Delegated", count: messages.filter((message) => message.compartmentKind === "delegated").length },
         { id: "native", label: "Native", count: messages.filter((message) => message.compartmentKind === "native").length },
     ];
@@ -77,6 +102,45 @@ function buildFolders(messages) {
     }
     return folders;
 }
+function screenerCandidate(candidate) {
+    return {
+        id: candidate.id,
+        messageId: candidate.messageId,
+        senderEmail: candidate.senderEmail,
+        senderDisplay: candidate.senderDisplay,
+        recipient: candidate.recipient,
+        source: candidate.source ?? null,
+        ownerEmail: candidate.ownerEmail ?? null,
+        status: candidate.status,
+        placement: candidate.placement,
+        trustReason: candidate.trustReason,
+        firstSeenAt: candidate.firstSeenAt,
+        lastSeenAt: candidate.lastSeenAt,
+        messageCount: candidate.messageCount,
+    };
+}
+function outboundRecord(record) {
+    return {
+        id: record.id,
+        status: record.status,
+        from: record.from,
+        to: record.to,
+        cc: record.cc,
+        bcc: record.bcc,
+        subject: record.subject,
+        createdAt: record.createdAt,
+        updatedAt: record.updatedAt,
+        sentAt: record.sentAt ?? null,
+        transport: record.transport ?? null,
+        reason: record.reason,
+    };
+}
+function buildRecovery(messages) {
+    return {
+        discardedCount: messages.filter((message) => message.placement === "discarded").length,
+        quarantineCount: messages.filter((message) => message.placement === "quarantine").length,
+    };
+}
 function accessEntries(entries) {
     return entries
         .slice()
@@ -113,6 +177,9 @@ async function readMailView(agentName) {
         const stored = await resolved.store.listMessages({ agentId: agentName, limit: OUTLOOK_MAIL_COUNT_LIMIT });
         const decrypted = (0, file_store_1.decryptMessages)(stored, resolved.config.privateKeys);
         const summaries = decrypted.map(mailSummary);
+        const screener = (await resolved.store.listScreenerCandidates({ agentId: agentName, status: "pending", limit: 100 }))
+            .map(screenerCandidate);
+        const outbound = (await resolved.store.listMailOutbound(agentName)).map(outboundRecord);
         await resolved.store.recordAccess({
             agentId: agentName,
             tool: "outlook_mail_list",
@@ -129,8 +196,11 @@ async function readMailView(agentName) {
                 kind: resolved.storeKind,
                 label: resolved.storeLabel,
             },
-            folders: buildFolders(summaries),
+            folders: buildFolders(summaries, outbound),
             messages: summaries.slice(0, OUTLOOK_MAIL_LIST_LIMIT),
+            screener,
+            outbound,
+            recovery: buildRecovery(summaries),
             accessLog,
             error: null,
         };