@ouro.bot/cli 0.1.0-alpha.469 → 0.1.0-alpha.470

package/changelog.json

@@ -1,6 +1,14 @@
 {
   "_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
   "versions": [
+    {
+      "version": "0.1.0-alpha.470",
+      "changes": [
+        "Agent Mail native sending now enforces autonomy policy, confirmation fallback, recipient/rate limits, delegated send-as-human refusal, audit records, and kill switch state.",
+        "Outbound Mail now records provider submission and delivery state through ACS/Event Grid while keeping status summaries and Outlook audit output body-safe.",
+        "Mail recovery docs and `ouro doctor` now check mailbox identity, vault-held mail keys, hosted Blob reader coordinates, and autonomy kill switch state without treating generic vault item notes as machine contracts."
+      ]
+    },
     {
       "version": "0.1.0-alpha.469",
       "changes": [

package/dist/heart/daemon/doctor.js

@@ -89,6 +89,16 @@ function numberField(record, key, fallback) {
     const value = record?.[key];
     return typeof value === "number" && Number.isFinite(value) ? value : fallback;
 }
+function hasStringRecordValue(value) {
+    const record = asRecord(value);
+    return !!record && Object.values(record).some((entry) => typeof entry === "string" && entry.trim().length > 0);
+}
+function mailAutonomyDetail(mailroom) {
+    const policy = asRecord(mailroom?.autonomousSendPolicy);
+    const autonomy = policy?.enabled === true ? "autonomy enabled" : "autonomy disabled";
+    const killSwitch = policy?.killSwitch === true ? "kill switch on" : "kill switch off";
+    return `${autonomy}; ${killSwitch}`;
+}
 const SENSITIVE_CONFIG_KEYS = ["apiKey", "token", "secret", "password"];
 function credentialKeyLeaks(raw) {
     return SENSITIVE_CONFIG_KEYS.filter((key) => raw.includes(`"${key}"`));
@@ -256,6 +266,47 @@ async function checkSenses(deps) {
                     });
                 }
             }
+            if (sense === "mail" && senseObj.enabled === true) {
+                const runtimeConfig = await (0, runtime_credentials_1.refreshRuntimeCredentialConfig)(agentName, { preserveCachedOnFailure: true });
+                if (!runtimeConfig.ok) {
+                    checks.push({
+                        label: `${agentDir} mail config`,
+                        status: "fail",
+                        detail: `runtime config unavailable: ${runtimeConfig.error}`,
+                    });
+                    continue;
+                }
+                const mailroom = asRecord(runtimeConfig.config.mailroom);
+                const workSubstrate = asRecord(runtimeConfig.config.workSubstrate);
+                const mailboxAddress = textField(mailroom, "mailboxAddress");
+                const hosted = textField(workSubstrate, "mode") === "hosted";
+                const azureAccountUrl = textField(mailroom, "azureAccountUrl");
+                const azureContainer = textField(mailroom, "azureContainer") || "mailroom";
+                const missing = [];
+                if (!mailboxAddress)
+                    missing.push("mailroom.mailboxAddress");
+                if (!hasStringRecordValue(mailroom?.privateKeys))
+                    missing.push("mailroom.privateKeys");
+                if (hosted && !azureAccountUrl)
+                    missing.push("mailroom.azureAccountUrl for hosted Blob reader");
+                if (missing.length > 0) {
+                    checks.push({
+                        label: `${agentDir} mail config`,
+                        status: "fail",
+                        detail: `missing ${missing.join("/")}`,
+                    });
+                    continue;
+                }
+                checks.push({
+                    label: `${agentDir} mail config`,
+                    status: "pass",
+                    detail: [
+                        mailboxAddress,
+                        hosted ? `hosted azure-blob ${azureAccountUrl}/${azureContainer}` : "local file Mailroom",
+                        mailAutonomyDetail(mailroom),
+                    ].join("; "),
+                });
+            }
         }
     }
     if (checks.length === 0) {

package/dist/heart/outlook/readers/mail.js

@@ -88,7 +88,7 @@ function buildFolders(messages, outbound) {
         { id: "discarded", label: "Discarded", count: messages.filter((message) => message.placement === "discarded").length },
         { id: "quarantine", label: "Quarantine", count: messages.filter((message) => message.placement === "quarantine").length },
         { id: "draft", label: "Drafts", count: outbound.filter((record) => record.status === "draft").length },
-        { id: "sent", label: "Sent", count: outbound.filter((record) => record.status === "sent").length },
+        { id: "sent", label: "Sent", count: outbound.filter((record) => record.status !== "draft").length },
         { id: "delegated", label: "Delegated", count: messages.filter((message) => message.compartmentKind === "delegated").length },
         { id: "native", label: "Native", count: messages.filter((message) => message.compartmentKind === "native").length },
     ];
@@ -135,6 +135,7 @@ function screenerCandidate(candidate) {
     };
 }
 function outboundRecord(record) {
+    const policyDecision = record.policyDecision;
     return {
         id: record.id,
         status: record.status,
@@ -150,6 +151,39 @@ function outboundRecord(record) {
         createdAt: record.createdAt,
         updatedAt: record.updatedAt,
         sentAt: record.sentAt ?? null,
+        submittedAt: record.submittedAt ?? null,
+        acceptedAt: record.acceptedAt ?? null,
+        deliveredAt: record.deliveredAt ?? null,
+        failedAt: record.failedAt ?? null,
+        sendMode: record.sendMode ?? null,
+        policyDecision: policyDecision
+            ? {
+                allowed: policyDecision.allowed,
+                mode: policyDecision.mode,
+                code: policyDecision.code,
+                reason: policyDecision.reason,
+                evaluatedAt: policyDecision.evaluatedAt,
+                recipients: policyDecision.recipients,
+                fallback: policyDecision.fallback,
+                policyId: policyDecision.policyId ?? null,
+                remainingSendsInWindow: policyDecision.remainingSendsInWindow ?? null,
+            }
+            : null,
+        provider: record.provider ?? null,
+        providerMessageId: record.providerMessageId ?? null,
+        providerRequestId: record.providerRequestId ?? null,
+        operationLocation: record.operationLocation ?? null,
+        deliveryEvents: (record.deliveryEvents ?? []).map((event) => ({
+            provider: event.provider,
+            providerEventId: event.providerEventId,
+            providerMessageId: event.providerMessageId,
+            outcome: event.outcome,
+            recipient: event.recipient ?? null,
+            occurredAt: event.occurredAt,
+            receivedAt: event.receivedAt,
+            bodySafeSummary: event.bodySafeSummary,
+            providerStatus: event.providerStatus ?? null,
+        })),
         transport: record.transport ?? null,
         reason: record.reason,
     };

package/dist/mailroom/autonomy.js

@@ -0,0 +1,209 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildNativeMailAutonomyPolicy = buildNativeMailAutonomyPolicy;
+exports.evaluateNativeMailSendPolicy = evaluateNativeMailSendPolicy;
+exports.buildConfirmedMailSendDecision = buildConfirmedMailSendDecision;
+const crypto = __importStar(require("node:crypto"));
+const runtime_1 = require("../nerves/runtime");
+const core_1 = require("./core");
+function stableJson(value) {
+    if (Array.isArray(value))
+        return `[${value.map(stableJson).join(",")}]`;
+    if (value && typeof value === "object") {
+        const record = value;
+        return `{${Object.keys(record).sort().map((key) => `${JSON.stringify(key)}:${stableJson(record[key])}`).join(",")}}`;
+    }
+    return JSON.stringify(value);
+}
+function safeAddressPart(value) {
+    return value
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, "-")
+        .replace(/^-+|-+$/g, "");
+}
+function normalizeDomain(value) {
+    return value.trim().toLowerCase().replace(/^@/, "");
+}
+function autonomyPolicyId(input) {
+    return `mail_auto_${crypto.createHash("sha256").update(stableJson(input)).digest("hex").slice(0, 16)}`;
+}
+function recipientsForDecision(record) {
+    return [...record.to, ...record.cc, ...record.bcc].map(core_1.normalizeMailAddress);
+}
+function decision(input) {
+    return { schemaVersion: 1, ...input };
+}
+function recipientDomain(recipient) {
+    return recipient.slice(recipient.indexOf("@") + 1).toLowerCase();
+}
+function isRecipientAllowed(policy, recipient) {
+    return policy.allowedRecipients.includes(recipient) || policy.allowedDomains.includes(recipientDomain(recipient));
+}
+function autonomousSentAt(record) {
+    if (record.status !== "sent" || record.sendMode !== "autonomous")
+        return null;
+    return record.sentAt ?? record.updatedAt;
+}
+function countRecentAutonomousSends(input) {
+    const startsAt = input.nowMs - input.windowMs;
+    return input.recentOutbound.filter((record) => {
+        const sentAt = autonomousSentAt(record);
+        if (!sentAt)
+            return false;
+        const sentMs = Date.parse(sentAt);
+        return Number.isFinite(sentMs) && sentMs >= startsAt && sentMs <= input.nowMs;
+    }).length;
+}
+function buildNativeMailAutonomyPolicy(input) {
+    const normalized = {
+        agentId: safeAddressPart(input.agentId) || "agent",
+        mailboxAddress: (0, core_1.normalizeMailAddress)(input.mailboxAddress),
+        enabled: input.enabled,
+        killSwitch: input.killSwitch,
+        allowedRecipients: [...new Set((input.allowedRecipients ?? []).map(core_1.normalizeMailAddress))].sort(),
+        allowedDomains: [...new Set((input.allowedDomains ?? []).map(normalizeDomain).filter(Boolean))].sort(),
+        maxRecipientsPerMessage: Math.max(1, Math.floor(input.maxRecipientsPerMessage)),
+        rateLimit: {
+            maxSends: Math.max(0, Math.floor(input.rateLimit.maxSends)),
+            windowMs: Math.max(1, Math.floor(input.rateLimit.windowMs)),
+        },
+        ...(input.actor ? { actor: input.actor } : {}),
+        ...(input.reason ? { reason: input.reason } : {}),
+        ...(input.updatedAt ? { updatedAt: input.updatedAt } : {}),
+    };
+    const policy = {
+        schemaVersion: 1,
+        policyId: autonomyPolicyId(normalized),
+        ...normalized,
+    };
+    (0, runtime_1.emitNervesEvent)({
+        component: "senses",
+        event: "senses.mail_native_autonomy_policy_built",
+        message: "native mail autonomy policy built",
+        meta: { agentId: policy.agentId, policyId: policy.policyId, enabled: policy.enabled, killSwitch: policy.killSwitch },
+    });
+    return policy;
+}
+function evaluateNativeMailSendPolicy(input) {
+    const now = input.now ?? new Date();
+    const evaluatedAt = now.toISOString();
+    const recipients = recipientsForDecision(input.draft);
+    const policyId = input.policy.policyId;
+    const blocked = (code, reason, mode = "blocked", fallback = "none") => decision({
+        allowed: false,
+        mode,
+        code,
+        reason,
+        evaluatedAt,
+        recipients,
+        fallback,
+        policyId,
+    });
+    if (input.draft.status !== "draft") {
+        return blocked("draft-not-sendable", `Draft ${input.draft.id} is already ${input.draft.status}`);
+    }
+    if (input.draft.mailboxRole === "delegated-human-mailbox" || input.draft.ownerEmail || input.draft.source || input.draft.sendAuthority !== "agent-native") {
+        return blocked("delegated-send-as-human-not-authorized", "Delegated human mail does not grant send-as-human authority");
+    }
+    if (safeAddressPart(input.draft.agentId) !== input.policy.agentId) {
+        return blocked("agent-mismatch", `Draft belongs to ${input.draft.agentId}, not ${input.policy.agentId}`);
+    }
+    if ((0, core_1.normalizeMailAddress)(input.draft.from) !== input.policy.mailboxAddress) {
+        return blocked("native-mailbox-mismatch", `${input.draft.from} is not the native mailbox ${input.policy.mailboxAddress}`);
+    }
+    if (!input.policy.enabled) {
+        return blocked("autonomy-policy-disabled", "Autonomous native-agent mail policy is disabled", "confirmation-required", "CONFIRM_SEND");
+    }
+    if (input.policy.killSwitch) {
+        return blocked("autonomy-kill-switch", "Autonomous native-agent mail kill switch is enabled", "confirmation-required", "CONFIRM_SEND");
+    }
+    if (recipients.length > input.policy.maxRecipientsPerMessage) {
+        return blocked("recipient-limit-exceeded", `Autonomous native-agent mail is limited to ${input.policy.maxRecipientsPerMessage} recipient(s)`);
+    }
+    const unallowed = recipients.find((recipient) => !isRecipientAllowed(input.policy, recipient));
+    if (unallowed) {
+        return blocked("recipient-not-allowed", `${unallowed} is not allowed for autonomous native-agent mail`, "confirmation-required", "CONFIRM_SEND");
+    }
+    const recentCount = countRecentAutonomousSends({
+        recentOutbound: input.recentOutbound,
+        nowMs: now.getTime(),
+        windowMs: input.policy.rateLimit.windowMs,
+    });
+    if (recentCount >= input.policy.rateLimit.maxSends) {
+        return blocked("autonomous-rate-limit", "Autonomous native-agent mail rate limit is exhausted");
+    }
+    const allowed = decision({
+        allowed: true,
+        mode: "autonomous",
+        code: "allowed",
+        reason: "Autonomous native-agent mail policy allowed this send",
+        evaluatedAt,
+        recipients,
+        fallback: "none",
+        policyId,
+        remainingSendsInWindow: Math.max(0, input.policy.rateLimit.maxSends - recentCount - 1),
+    });
+    (0, runtime_1.emitNervesEvent)({
+        component: "senses",
+        event: "senses.mail_native_autonomy_allowed",
+        message: "native mail autonomy policy allowed send",
+        meta: { agentId: input.policy.agentId, policyId, recipientCount: recipients.length },
+    });
+    return allowed;
+}
+function buildConfirmedMailSendDecision(input) {
+    const decisionValue = decision({
+        allowed: true,
+        mode: "confirmed",
+        code: "explicit-confirmation",
+        reason: "Explicit confirmation authorized this native-agent send",
+        evaluatedAt: (input.now ?? new Date()).toISOString(),
+        recipients: recipientsForDecision(input.draft),
+        fallback: "none",
+        ...(input.policy ? { policyId: input.policy.policyId } : {}),
+    });
+    (0, runtime_1.emitNervesEvent)({
+        component: "senses",
+        event: "senses.mail_native_send_confirmed",
+        message: "native mail send confirmed",
+        meta: {
+            agentId: input.draft.agentId,
+            recipientCount: decisionValue.recipients.length,
+            ...(input.policy ? { policyId: input.policy.policyId } : {}),
+        },
+    });
+    return decisionValue;
+}

package/dist/mailroom/core.js

@@ -34,6 +34,9 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.normalizeMailAddress = normalizeMailAddress;
+exports.buildMailProviderSubmission = buildMailProviderSubmission;
+exports.parseAcsEmailDeliveryReportEvent = parseAcsEmailDeliveryReportEvent;
+exports.reconcileMailDeliveryEvent = reconcileMailDeliveryEvent;
 exports.reverseEmailRoute = reverseEmailRoute;
 exports.sourceAliasForOwner = sourceAliasForOwner;
 exports.generateMailKeyPair = generateMailKeyPair;
@@ -79,6 +82,91 @@ function normalizeMailAddress(address) {
     }
     return normalized;
 }
+function buildMailProviderSubmission(input) {
+    return {
+        ...input.draft,
+        status: "submitted",
+        provider: input.provider,
+        providerMessageId: input.providerMessageId,
+        ...(input.providerRequestId ? { providerRequestId: input.providerRequestId } : {}),
+        ...(input.operationLocation ? { operationLocation: input.operationLocation } : {}),
+        submittedAt: input.submittedAt,
+        updatedAt: input.submittedAt,
+        deliveryEvents: [],
+    };
+}
+function recordField(value, key) {
+    return value && typeof value === "object" && !Array.isArray(value)
+        ? value[key]
+        : undefined;
+}
+function stringField(value, key) {
+    const field = recordField(value, key);
+    return typeof field === "string" ? field : "";
+}
+function acsOutcome(status) {
+    switch (status) {
+        case "Delivered": return "delivered";
+        case "Suppressed": return "suppressed";
+        case "Bounced": return "bounced";
+        case "Quarantined": return "quarantined";
+        case "FilteredSpam": return "spam-filtered";
+        case "Expanded": return "accepted";
+        case "Failed": return "failed";
+        default: throw new Error(`unsupported ACS delivery status: ${status || "unknown"}`);
+    }
+}
+function parseAcsEmailDeliveryReportEvent(event) {
+    const providerEventId = stringField(event, "id");
+    const eventType = stringField(event, "eventType");
+    const data = recordField(event, "data");
+    if (!providerEventId)
+        throw new Error("ACS delivery event is missing id");
+    if (eventType !== "Microsoft.Communication.EmailDeliveryReportReceived") {
+        throw new Error(`unsupported ACS event type: ${eventType || "unknown"}`);
+    }
+    const providerMessageId = stringField(data, "messageId");
+    const status = stringField(data, "status");
+    if (!providerMessageId)
+        throw new Error("ACS delivery event is missing messageId");
+    const recipient = stringField(data, "recipient");
+    const eventTime = stringField(event, "eventTime");
+    const occurredAt = stringField(data, "deliveryAttemptTimeStamp") || eventTime || new Date().toISOString();
+    const normalizedRecipient = recipient ? normalizeMailAddress(recipient) : "";
+    return {
+        schemaVersion: 1,
+        provider: "azure-communication-services",
+        providerEventId,
+        providerMessageId,
+        outcome: acsOutcome(status),
+        ...(normalizedRecipient ? { recipient: normalizedRecipient } : {}),
+        occurredAt,
+        receivedAt: eventTime || occurredAt,
+        bodySafeSummary: `ACS delivery report ${status} for ${normalizedRecipient || "unknown recipient"}`,
+        providerStatus: status,
+    };
+}
+function reconcileMailDeliveryEvent(input) {
+    if (input.outbound.providerMessageId && input.outbound.providerMessageId !== input.event.providerMessageId) {
+        throw new Error("delivery event providerMessageId does not match outbound record");
+    }
+    const existingEvents = input.outbound.deliveryEvents ?? [];
+    if (existingEvents.some((event) => event.providerEventId === input.event.providerEventId)) {
+        return input.outbound;
+    }
+    const timestampKey = input.event.outcome === "delivered"
+        ? "deliveredAt"
+        : input.event.outcome === "accepted"
+            ? "acceptedAt"
+            : "failedAt";
+    return {
+        ...input.outbound,
+        status: input.event.outcome,
+        updatedAt: input.event.occurredAt,
+        deliveryEvents: [...existingEvents, input.event],
+        [timestampKey]: input.event.occurredAt,
+    };
+}
 function safeAddressPart(value) {
     return value
         .toLowerCase()