agent-inbox 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. package/AGENTS.md +18 -0
  2. package/CLAUDE.md +92 -1
  3. package/README.md +73 -6
  4. package/bench/inbox-growth.bench.ts +224 -0
  5. package/dist/federation/connection-manager.d.ts +8 -0
  6. package/dist/federation/connection-manager.d.ts.map +1 -1
  7. package/dist/federation/connection-manager.js +12 -0
  8. package/dist/federation/connection-manager.js.map +1 -1
  9. package/dist/federation/delivery-queue.d.ts +11 -3
  10. package/dist/federation/delivery-queue.d.ts.map +1 -1
  11. package/dist/federation/delivery-queue.js +38 -8
  12. package/dist/federation/delivery-queue.js.map +1 -1
  13. package/dist/federation/queue-store.d.ts +42 -0
  14. package/dist/federation/queue-store.d.ts.map +1 -0
  15. package/dist/federation/queue-store.js +87 -0
  16. package/dist/federation/queue-store.js.map +1 -0
  17. package/dist/index.d.mts +2 -0
  18. package/dist/index.d.ts +29 -0
  19. package/dist/index.d.ts.map +1 -1
  20. package/dist/index.js +124 -1
  21. package/dist/index.js.map +1 -1
  22. package/dist/index.mjs +1 -0
  23. package/dist/index.mjs.map +1 -0
  24. package/dist/jsonrpc/mail-push-types.d.ts +9 -0
  25. package/dist/jsonrpc/mail-push-types.d.ts.map +1 -1
  26. package/dist/jsonrpc/mail-push-types.js +1 -0
  27. package/dist/jsonrpc/mail-push-types.js.map +1 -1
  28. package/dist/jsonrpc/mail-server.d.ts +8 -1
  29. package/dist/jsonrpc/mail-server.d.ts.map +1 -1
  30. package/dist/jsonrpc/mail-server.js +42 -1
  31. package/dist/jsonrpc/mail-server.js.map +1 -1
  32. package/dist/mail/address-book.d.ts +43 -0
  33. package/dist/mail/address-book.d.ts.map +1 -0
  34. package/dist/mail/address-book.js +95 -0
  35. package/dist/mail/address-book.js.map +1 -0
  36. package/dist/mail/attachment-store.d.ts +31 -0
  37. package/dist/mail/attachment-store.d.ts.map +1 -0
  38. package/dist/mail/attachment-store.js +74 -0
  39. package/dist/mail/attachment-store.js.map +1 -0
  40. package/dist/mail/email-mapper.d.ts +41 -0
  41. package/dist/mail/email-mapper.d.ts.map +1 -0
  42. package/dist/mail/email-mapper.js +216 -0
  43. package/dist/mail/email-mapper.js.map +1 -0
  44. package/dist/mail/fs-attachment-store.d.ts +38 -0
  45. package/dist/mail/fs-attachment-store.d.ts.map +1 -0
  46. package/dist/mail/fs-attachment-store.js +165 -0
  47. package/dist/mail/fs-attachment-store.js.map +1 -0
  48. package/dist/mail/mail-gateway.d.ts +114 -0
  49. package/dist/mail/mail-gateway.d.ts.map +1 -0
  50. package/dist/mail/mail-gateway.js +402 -0
  51. package/dist/mail/mail-gateway.js.map +1 -0
  52. package/dist/mail/provider-transport.d.ts +138 -0
  53. package/dist/mail/provider-transport.d.ts.map +1 -0
  54. package/dist/mail/provider-transport.js +434 -0
  55. package/dist/mail/provider-transport.js.map +1 -0
  56. package/dist/mail/rate-limiter.d.ts +20 -0
  57. package/dist/mail/rate-limiter.d.ts.map +1 -0
  58. package/dist/mail/rate-limiter.js +56 -0
  59. package/dist/mail/rate-limiter.js.map +1 -0
  60. package/dist/mail/smtp-transport.d.ts +141 -0
  61. package/dist/mail/smtp-transport.d.ts.map +1 -0
  62. package/dist/mail/smtp-transport.js +415 -0
  63. package/dist/mail/smtp-transport.js.map +1 -0
  64. package/dist/mail/types.d.ts +177 -0
  65. package/dist/mail/types.d.ts.map +1 -0
  66. package/dist/mail/types.js +11 -0
  67. package/dist/mail/types.js.map +1 -0
  68. package/dist/push/notifier.d.ts +21 -0
  69. package/dist/push/notifier.d.ts.map +1 -1
  70. package/dist/push/notifier.js +84 -2
  71. package/dist/push/notifier.js.map +1 -1
  72. package/dist/router/destination.d.ts +69 -0
  73. package/dist/router/destination.d.ts.map +1 -0
  74. package/dist/router/destination.js +106 -0
  75. package/dist/router/destination.js.map +1 -0
  76. package/dist/router/message-router.d.ts +15 -0
  77. package/dist/router/message-router.d.ts.map +1 -1
  78. package/dist/router/message-router.js +25 -3
  79. package/dist/router/message-router.js.map +1 -1
  80. package/dist/storage/interface.d.ts +21 -0
  81. package/dist/storage/interface.d.ts.map +1 -1
  82. package/dist/storage/memory.d.ts +12 -0
  83. package/dist/storage/memory.d.ts.map +1 -1
  84. package/dist/storage/memory.js +50 -0
  85. package/dist/storage/memory.js.map +1 -1
  86. package/dist/storage/sqlite.d.ts +14 -0
  87. package/dist/storage/sqlite.d.ts.map +1 -1
  88. package/dist/storage/sqlite.js +79 -1
  89. package/dist/storage/sqlite.js.map +1 -1
  90. package/dist/traceability/traceability.d.ts.map +1 -1
  91. package/dist/traceability/traceability.js +7 -17
  92. package/dist/traceability/traceability.js.map +1 -1
  93. package/dist/types.d.ts +80 -0
  94. package/dist/types.d.ts.map +1 -1
  95. package/docs/DESIGN.md +15 -0
  96. package/docs/MAIL-INTEROP-PLAN.md +660 -0
  97. package/package.json +29 -3
  98. package/renovate.json5 +6 -0
  99. package/rules/agent-inbox.md +1 -0
  100. package/src/federation/connection-manager.ts +12 -0
  101. package/src/federation/delivery-queue.ts +38 -8
  102. package/src/federation/queue-store.ts +124 -0
  103. package/src/index.ts +186 -1
  104. package/src/jsonrpc/mail-push-types.ts +10 -0
  105. package/src/jsonrpc/mail-server.ts +48 -1
  106. package/src/mail/address-book.ts +111 -0
  107. package/src/mail/attachment-store.ts +90 -0
  108. package/src/mail/email-mapper.ts +288 -0
  109. package/src/mail/fs-attachment-store.ts +163 -0
  110. package/src/mail/mail-gateway.ts +505 -0
  111. package/src/mail/provider-transport.ts +577 -0
  112. package/src/mail/rate-limiter.ts +51 -0
  113. package/src/mail/smtp-transport.ts +589 -0
  114. package/src/mail/types.ts +221 -0
  115. package/src/push/notifier.ts +98 -2
  116. package/src/router/destination.ts +140 -0
  117. package/src/router/message-router.ts +41 -4
  118. package/src/storage/interface.ts +22 -0
  119. package/src/storage/memory.ts +59 -0
  120. package/src/storage/sqlite.ts +114 -1
  121. package/src/traceability/traceability.ts +7 -16
  122. package/src/types.ts +74 -0
  123. package/test/federation/delivery-queue-sqlite.test.ts +158 -0
  124. package/test/load.test.ts +288 -0
  125. package/test/mail/address-book.test.ts +111 -0
  126. package/test/mail/attachment-store-contract.test.ts +92 -0
  127. package/test/mail/attachment-store.test.ts +69 -0
  128. package/test/mail/destination.test.ts +115 -0
  129. package/test/mail/dsn-parse.test.ts +239 -0
  130. package/test/mail/email-mapper.test.ts +341 -0
  131. package/test/mail/external-id.test.ts +43 -0
  132. package/test/mail/fs-attachment-store.test.ts +134 -0
  133. package/test/mail/full-flow-e2e.test.ts +200 -0
  134. package/test/mail/mail-gateway.test.ts +419 -0
  135. package/test/mail/mail-transport-contract.test.ts +134 -0
  136. package/test/mail/mock-mail.ts +161 -0
  137. package/test/mail/mock-postmark.ts +66 -0
  138. package/test/mail/provider-transport.test.ts +381 -0
  139. package/test/mail/rate-limiter.test.ts +48 -0
  140. package/test/mail/router-mail-integration.test.ts +138 -0
  141. package/test/mail/smtp-e2e.test.ts +98 -0
  142. package/test/mail/smtp-transport.test.ts +138 -0
  143. package/test/mail-presence.test.ts +149 -0
  144. package/test/mail-push.test.ts +44 -0
  145. package/test/mail-server.test.ts +25 -0
  146. package/test/push-notifier.test.ts +81 -0
  147. package/test/sqlite-storage.test.ts +106 -0
  148. package/test/storage.test.ts +92 -0
  149. package/vitest.bench.config.ts +8 -0
@@ -0,0 +1,221 @@
1
+ /**
2
+ * Mail interop type contract.
3
+ *
4
+ * Defines the `MailTransport` interface and its envelope types — the backend-
5
+ * agnostic contract every mail backend (self-hosted SMTP, managed provider)
6
+ * must satisfy. See docs/MAIL-INTEROP-PLAN.md for the design rationale.
7
+ *
8
+ * Phase 1 lands the types only; no backend, gateway, or router wiring yet.
9
+ */
10
+
11
+ // ---------------------------------------------------------------------------
12
+ // Capabilities & lifecycle
13
+ // ---------------------------------------------------------------------------
14
+
15
+ /** What a backend can do. The gateway adapts to these instead of assuming. */
16
+ export interface MailCapabilities {
17
+ /**
18
+ * How outbound mail leaves: direct to arbitrary public MX (self-hosted SMTP),
19
+ * via a configured smarthost relay, or via the backend's own API. Informational.
20
+ */
21
+ outbound: "mx" | "relay" | "api";
22
+ /** Backend signs DKIM itself (provider) or we must sign before handing off. */
23
+ signsDkim: boolean;
24
+ /** Backend verifies SPF/DKIM/DMARC on inbound and reports results. */
25
+ verifiesInboundAuth: boolean;
26
+ /** Inbound arrives via a long-lived listener (SMTP) or a push webhook. */
27
+ inbound: "listener" | "webhook" | "none";
28
+ /** Max message size the backend will accept, bytes. */
29
+ maxMessageBytes: number;
30
+ }
31
+
32
+ export type MailTransportState =
33
+ | "stopped"
34
+ | "starting"
35
+ | "ready"
36
+ | "degraded"
37
+ | "stopping";
38
+
39
+ export interface MailHealth {
40
+ state: MailTransportState;
41
+ /** Human-readable detail for health endpoints / logs. */
42
+ detail?: string;
43
+ }
44
+
45
+ // ---------------------------------------------------------------------------
46
+ // Addresses & attachments
47
+ // ---------------------------------------------------------------------------
48
+
49
+ export interface MailAddress {
50
+ /** RFC 5322 addr-spec, e.g. "bob@example.com". */
51
+ address: string;
52
+ /** Optional display name. */
53
+ name?: string;
54
+ }
55
+
56
+ export interface MailAttachment {
57
+ filename?: string;
58
+ contentType: string;
59
+ /** Content-ID for inline html parts. */
60
+ contentId?: string;
61
+ /** Opaque handle into an AttachmentStore — the envelope carries a ref, not bytes. */
62
+ contentRef: string;
63
+ sizeBytes: number;
64
+ }
65
+
66
+ // ---------------------------------------------------------------------------
67
+ // Outbound
68
+ // ---------------------------------------------------------------------------
69
+
70
+ export interface OutboundMail {
71
+ /** Stable key for idempotent send. Derived from the inbox Message.id. */
72
+ idempotencyKey: string;
73
+ from: MailAddress;
74
+ to: MailAddress[];
75
+ cc?: MailAddress[];
76
+ bcc?: MailAddress[];
77
+ subject?: string;
78
+ /** Rendered bodies. At least one of text/html should be present. */
79
+ text?: string;
80
+ html?: string;
81
+ /** RFC 5322 threading headers, already computed by the mapper. */
82
+ headers: {
83
+ messageId: string;
84
+ inReplyTo?: string;
85
+ references?: string[];
86
+ };
87
+ attachments?: MailAttachment[];
88
+ /** Opaque passthrough for backend-specific knobs (provider tags, etc.). */
89
+ backendHints?: Record<string, unknown>;
90
+ }
91
+
92
+ export type MailSendDisposition = "delivered" | "transient" | "permanent";
93
+
94
+ /**
95
+ * Result of a send attempt. Backends collapse their native failure modes into
96
+ * these three dispositions so the retry/queue layer needs no backend knowledge.
97
+ */
98
+ export interface MailSendResult {
99
+ disposition: MailSendDisposition;
100
+ /** Provider/SMTP id when delivered, for correlating DSNs/bounces. */
101
+ remoteMessageId?: string;
102
+ /** Numeric SMTP-style code when available (e.g. 250, 451, 550). */
103
+ code?: number;
104
+ /** Human-readable, for logs only — never parsed for control flow. */
105
+ detail?: string;
106
+ /** For transient failures: hint for next attempt (e.g. greylist retry-after). */
107
+ retryAfterMs?: number;
108
+ }
109
+
110
+ // ---------------------------------------------------------------------------
111
+ // Inbound
112
+ // ---------------------------------------------------------------------------
113
+
114
+ export interface InboundAuthResults {
115
+ spf: "pass" | "fail" | "softfail" | "neutral" | "none";
116
+ dkim: "pass" | "fail" | "none";
117
+ dmarc: "pass" | "fail" | "none";
118
+ }
119
+
120
+ /**
121
+ * Bounce/DSN classification, parsed from RFC 3464 delivery-status reports.
122
+ * Present when an inbound message is a bounce, so the gateway can correlate it
123
+ * to the failed outbound send instead of treating it as a fresh message.
124
+ */
125
+ export interface InboundBounce {
126
+ /** "failed" (permanent), "delayed" (transient), "delivered" (positive DSN). */
127
+ action: "failed" | "delayed" | "delivered";
128
+ /** The address that bounced. */
129
+ recipient: string;
130
+ /** RFC 3463 status code, e.g. "5.1.1". */
131
+ status?: string;
132
+ /** Message-ID of the original outbound mail, when the DSN echoes it. */
133
+ originalMessageId?: string;
134
+ diagnostic?: string;
135
+ }
136
+
137
+ export interface InboundMail {
138
+ /** Peer-asserted SMTP envelope (MAIL FROM / RCPT TO), distinct from headers. */
139
+ envelopeFrom: string;
140
+ envelopeTo: string[];
141
+ from: MailAddress;
142
+ to: MailAddress[];
143
+ cc?: MailAddress[];
144
+ subject?: string;
145
+ text?: string;
146
+ html?: string;
147
+ headers: {
148
+ messageId?: string;
149
+ inReplyTo?: string;
150
+ references?: string[];
151
+ /** Everything else, lower-cased keys, for the mapper to mine. */
152
+ raw: Record<string, string | string[]>;
153
+ };
154
+ attachments?: MailAttachment[];
155
+ /** Auth verdict — present iff capabilities.verifiesInboundAuth. */
156
+ authResults?: InboundAuthResults;
157
+ /** Peer IP / hostname, for allow-listing and abuse control. */
158
+ remote?: { ip?: string; reverseDns?: string };
159
+ /** Set when this inbound mail is a bounce/DSN (see InboundBounce). */
160
+ bounce?: InboundBounce;
161
+ sizeBytes: number;
162
+ receivedAt: string; // ISO
163
+ }
164
+
165
+ // ---------------------------------------------------------------------------
166
+ // The transport contract
167
+ // ---------------------------------------------------------------------------
168
+
169
+ /**
170
+ * Ingress handler. The transport awaits this; resolution means "durably
171
+ * accepted" and only then is the peer MTA / webhook ACKed. A thrown handler
172
+ * means NACK so the sender retries — never a silent drop.
173
+ */
174
+ export type InboundHandler = (mail: InboundMail) => Promise<void>;
175
+
176
+ export interface MailTransport {
177
+ readonly capabilities: MailCapabilities;
178
+ readonly state: MailTransportState;
179
+
180
+ /**
181
+ * Idempotent. Resolves only when inbound is actually accepting (port bound /
182
+ * webhook registered) so callers don't ACK before we can receive.
183
+ */
184
+ start(): Promise<void>;
185
+
186
+ /** Graceful: stop accepting new inbound, finish in-flight, then release. */
187
+ stop(): Promise<void>;
188
+
189
+ /**
190
+ * Send one already-rendered outbound message.
191
+ * MUST be idempotent on `envelope.idempotencyKey`.
192
+ * MUST NOT throw for delivery failures — return a classified result instead.
193
+ * MAY throw only for programmer error (e.g. called while stopped).
194
+ */
195
+ send(envelope: OutboundMail): Promise<MailSendResult>;
196
+
197
+ /** Register the single ingress handler. See InboundHandler. */
198
+ onReceive(handler: InboundHandler): void;
199
+
200
+ /** Liveness for health endpoints and the degraded → ready transition. */
201
+ health(): Promise<MailHealth>;
202
+ }
203
+
204
+ // ---------------------------------------------------------------------------
205
+ // Attachment storage (opaque contentRef backing store)
206
+ // ---------------------------------------------------------------------------
207
+
208
+ /**
209
+ * Swappable attachment byte store. `contentRef` values on MailAttachment are
210
+ * opaque handles produced by `put`. Mirrors the Storage two-impl pattern:
211
+ * SqliteAttachmentStore (default) and FsAttachmentStore (opt-in) land later.
212
+ */
213
+ export interface AttachmentStore {
214
+ /** Returns a content-addressed ref (sha256-based). Dedups identical bytes. */
215
+ put(
216
+ bytes: Buffer,
217
+ meta: { contentType: string; filename?: string }
218
+ ): Promise<string>;
219
+ get(ref: string): Promise<Buffer>;
220
+ delete(ref: string): Promise<void>;
221
+ }
@@ -21,8 +21,19 @@ export interface NotifierConfig {
21
21
  inboxDir: string;
22
22
  /** Optional webhook URLs to POST new messages to */
23
23
  webhooks?: string[];
24
+ /** Soft cap on entries per per-agent inbox file. The file is allowed to
25
+ * grow ~10% over this before being trimmed back, to amortize trim cost
26
+ * across many appends. Defaults to 1000. Set to 0 to disable. */
27
+ maxEntriesPerInbox?: number;
28
+ /** Soft cap (in bytes) on per-agent inbox file size, with the same ~10%
29
+ * amortization headroom as `maxEntriesPerInbox`. Defaults to 5 MiB. Set
30
+ * to 0 to disable. */
31
+ maxBytesPerInbox?: number;
24
32
  }
25
33
 
34
+ const DEFAULT_MAX_ENTRIES = 1000;
35
+ const DEFAULT_MAX_BYTES = 5 * 1024 * 1024;
36
+
26
37
  export interface InboxFileEntry {
27
38
  messageId: string;
28
39
  from: string;
@@ -43,6 +54,11 @@ export interface InboxMessageEvent {
43
54
 
44
55
  export class PushNotifier {
45
56
  private webhooks: string[];
57
+ private maxEntries: number;
58
+ private maxBytes: number;
59
+ /** In-memory tracking so we can decide when to trim without stat/read. */
60
+ private entryCounts = new Map<string, number>();
61
+ private fileSizes = new Map<string, number>();
46
62
 
47
63
  constructor(
48
64
  private config: NotifierConfig,
@@ -50,6 +66,9 @@ export class PushNotifier {
50
66
  private events: EventEmitter
51
67
  ) {
52
68
  this.webhooks = config.webhooks ?? [];
69
+ this.maxEntries =
70
+ config.maxEntriesPerInbox ?? DEFAULT_MAX_ENTRIES;
71
+ this.maxBytes = config.maxBytesPerInbox ?? DEFAULT_MAX_BYTES;
53
72
 
54
73
  // Subscribe to message.created events
55
74
  events.on("message.created", (msg: Message) => this.onMessage(msg));
@@ -91,11 +110,86 @@ export class PushNotifier {
91
110
  importance: message.importance,
92
111
  timestamp: message.created_at,
93
112
  };
113
+ const line = JSON.stringify(entry) + "\n";
94
114
  try {
95
- fs.appendFileSync(filePath, JSON.stringify(entry) + "\n");
115
+ fs.appendFileSync(filePath, line);
96
116
  } catch {
97
- // Best-effort write
117
+ return; // Best-effort write
118
+ }
119
+
120
+ if (this.maxEntries <= 0 && this.maxBytes <= 0) return;
121
+ this.bumpCounters(filePath, line.length);
122
+ this.maybeEnforceCap(filePath);
123
+ }
124
+
125
+ /** Update in-memory entry/size counters after an append. Lazy-inits from
126
+ * the file when first seen so caps still apply across process restarts. */
127
+ private bumpCounters(filePath: string, addedBytes: number): void {
128
+ let count = this.entryCounts.get(filePath);
129
+ let size = this.fileSizes.get(filePath);
130
+ if (count === undefined || size === undefined) {
131
+ try {
132
+ const raw = fs.readFileSync(filePath, "utf-8");
133
+ count = raw.split("\n").filter((l) => l.length > 0).length;
134
+ size = raw.length;
135
+ } catch {
136
+ count = 1;
137
+ size = addedBytes;
138
+ }
139
+ } else {
140
+ count++;
141
+ size += addedBytes;
142
+ }
143
+ this.entryCounts.set(filePath, count);
144
+ this.fileSizes.set(filePath, size);
145
+ }
146
+
147
+ /** Trim the file when soft caps (~1.1× the configured limits) are exceeded.
148
+ * This amortizes the cost of read+rewrite across many appends. */
149
+ private maybeEnforceCap(filePath: string): void {
150
+ const count = this.entryCounts.get(filePath) ?? 0;
151
+ const size = this.fileSizes.get(filePath) ?? 0;
152
+
153
+ const overEntries =
154
+ this.maxEntries > 0 && count > this.maxEntries * 1.1;
155
+ const overBytes =
156
+ this.maxBytes > 0 && size > this.maxBytes * 1.1;
157
+
158
+ if (!overEntries && !overBytes) return;
159
+
160
+ const result = this.trimFile(filePath);
161
+ this.entryCounts.set(filePath, result.lines);
162
+ this.fileSizes.set(filePath, result.bytes);
163
+ }
164
+
165
+ /** Trim the file to maxEntries / maxBytes. Returns counts of what's left. */
166
+ private trimFile(filePath: string): { lines: number; bytes: number } {
167
+ let raw: string;
168
+ try {
169
+ raw = fs.readFileSync(filePath, "utf-8");
170
+ } catch {
171
+ return { lines: 0, bytes: 0 };
172
+ }
173
+ let kept = raw.split("\n").filter((l) => l.length > 0);
174
+
175
+ if (this.maxEntries > 0 && kept.length > this.maxEntries) {
176
+ kept = kept.slice(kept.length - this.maxEntries);
177
+ }
178
+ let bytes = kept.reduce((acc, l) => acc + l.length + 1, 0);
179
+ if (this.maxBytes > 0) {
180
+ while (kept.length > 1 && bytes > this.maxBytes) {
181
+ bytes -= kept[0].length + 1;
182
+ kept.shift();
183
+ }
184
+ }
185
+
186
+ const out = kept.length ? kept.join("\n") + "\n" : "";
187
+ try {
188
+ fs.writeFileSync(filePath, out);
189
+ } catch {
190
+ // Best-effort
98
191
  }
192
+ return { lines: kept.length, bytes: out.length };
99
193
  }
100
194
 
101
195
  /** Read and format an agent's pending inbox as markdown (for hook injection) */
@@ -126,6 +220,8 @@ export class PushNotifier {
126
220
  // Clear the file
127
221
  try {
128
222
  fs.writeFileSync(filePath, "");
223
+ this.entryCounts.set(filePath, 0);
224
+ this.fileSizes.set(filePath, 0);
129
225
  } catch {
130
226
  // Best-effort clear
131
227
  }
@@ -0,0 +1,140 @@
1
+ /**
2
+ * Destination classification.
3
+ *
4
+ * Email addresses are syntactically identical to federation addresses
5
+ * (`bob@example.com` vs `bob@system-2`), so before routing we must classify a
6
+ * recipient as one of: local agent, federation peer, or external mail.
7
+ *
8
+ * Classification is explicit-list driven — nothing is guessed from "looks like
9
+ * a domain". An unknown `@x` is a hard error rather than a silent misroute.
10
+ * Federation peers may declare their own domains, in which case they win over
11
+ * mail config for that domain. See docs/MAIL-INTEROP-PLAN.md §1.
12
+ *
13
+ * This layer sits *above* `parseAddress`, which is left untouched.
14
+ */
15
+
16
+ import { parseAddress } from "../federation/address.js";
17
+ import type { FederatedAddress } from "../types.js";
18
+
19
+ export type Destination =
20
+ | { class: "local"; agentId: string }
21
+ | { class: "federation"; agentId: string; address: FederatedAddress }
22
+ | { class: "mail"; email: string };
23
+
24
+ export interface DestinationPeer {
25
+ systemId: string;
26
+ /** Dotted addresses routed to this peer instead of being treated as mail. */
27
+ domains?: string[];
28
+ }
29
+
30
+ export interface DestinationContext {
31
+ /** Returns true if `id` is a known local agent. */
32
+ isLocalAgent: (id: string) => boolean;
33
+ /** Configured federation peers (system ids + optionally declared domains). */
34
+ federationPeers: DestinationPeer[];
35
+ /** Mail domains we recognize (identity.localDomains ∪ routableDomains). */
36
+ mailDomains: string[];
37
+ }
38
+
39
+ /** Thrown when a recipient matches neither a federation peer nor a mail domain. */
40
+ export class UnknownDestinationError extends Error {
41
+ constructor(public readonly agentId: string) {
42
+ super(
43
+ `Cannot classify destination "${agentId}": its domain is not a configured ` +
44
+ `federation peer or mail domain. Declare it explicitly to route it.`
45
+ );
46
+ this.name = "UnknownDestinationError";
47
+ }
48
+ }
49
+
50
+ /**
51
+ * Classify a recipient address into local / federation / mail.
52
+ *
53
+ * Priority order (deterministic):
54
+ * 1. No `@` → local
55
+ * 2. `@x` matches a peer systemId or domain → federation
56
+ * 3. `@x` (or parent domain) in mailDomains → mail
57
+ * 4. otherwise → throw UnknownDestinationError
58
+ *
59
+ * @throws UnknownDestinationError for rule-4 misses.
60
+ */
61
+ export function classifyDestination(
62
+ agentId: string,
63
+ ctx: DestinationContext
64
+ ): Destination {
65
+ const atIdx = agentId.indexOf("@");
66
+
67
+ // Rule 1: no @ — local agent (no domain to disambiguate).
68
+ if (atIdx === -1) {
69
+ return { class: "local", agentId };
70
+ }
71
+
72
+ const addr = parseAddress(agentId);
73
+ const system = addr.system; // the part after @ (before any /scope)
74
+
75
+ // Defensive: parseAddress yielded no system (e.g. trailing-only @) — treat
76
+ // the whole string as a local agent id rather than guessing a domain.
77
+ if (!system) {
78
+ return { class: "local", agentId };
79
+ }
80
+
81
+ // Rule 2: federation peer by systemId or declared domain (wins over mail).
82
+ for (const peer of ctx.federationPeers) {
83
+ if (peer.systemId === system || domainMatches(system, peer.domains)) {
84
+ return { class: "federation", agentId, address: addr };
85
+ }
86
+ }
87
+
88
+ // Rule 3: configured mail domain (exact or parent-domain suffix match).
89
+ if (domainMatches(system, ctx.mailDomains)) {
90
+ return { class: "mail", email: stripScope(agentId) };
91
+ }
92
+
93
+ // Rule 4: explicit-list miss — never guess.
94
+ throw new UnknownDestinationError(agentId);
95
+ }
96
+
97
+ /**
98
+ * True if `domain` equals, or is a subdomain of, any entry in `candidates`.
99
+ * Matching is case-insensitive. `mail.example.com` matches a candidate of
100
+ * `example.com`; `notexample.com` does not match `example.com`.
101
+ */
102
+ export function domainMatches(
103
+ domain: string,
104
+ candidates: string[] | undefined
105
+ ): boolean {
106
+ if (!candidates || candidates.length === 0) return false;
107
+ const d = domain.toLowerCase();
108
+ for (const c of candidates) {
109
+ const cand = c.toLowerCase();
110
+ if (d === cand || d.endsWith(`.${cand}`)) return true;
111
+ }
112
+ return false;
113
+ }
114
+
115
+ /**
116
+ * Drop a trailing `/scope` qualifier from an address, leaving a bare email.
117
+ * `bob@example.com/work` → `bob@example.com`.
118
+ */
119
+ function stripScope(agentId: string): string {
120
+ const atIdx = agentId.indexOf("@");
121
+ if (atIdx === -1) return agentId;
122
+ const slashIdx = agentId.indexOf("/", atIdx);
123
+ return slashIdx === -1 ? agentId : agentId.slice(0, slashIdx);
124
+ }
125
+
126
+ /**
127
+ * Detect domains claimed by both a federation peer and mail config. Federation
128
+ * wins (see classifyDestination), but callers should surface this at startup
129
+ * via a `mail.config.conflict` warning. Returns the conflicting domains.
130
+ */
131
+ export function findDomainConflicts(ctx: DestinationContext): string[] {
132
+ const mail = new Set(ctx.mailDomains.map((d) => d.toLowerCase()));
133
+ const conflicts: string[] = [];
134
+ for (const peer of ctx.federationPeers) {
135
+ for (const dom of peer.domains ?? []) {
136
+ if (mail.has(dom.toLowerCase())) conflicts.push(dom);
137
+ }
138
+ }
139
+ return conflicts;
140
+ }
@@ -11,6 +11,17 @@ import type { Storage } from "../storage/interface.js";
11
11
  import type { ConnectionManager } from "../federation/connection-manager.js";
12
12
  import { parseAddress, isRemoteAddress } from "../federation/address.js";
13
13
 
14
+ /**
15
+ * Outbound mail sink. Implemented by MailGateway; kept as a local interface so
16
+ * the router does not depend on the mail module (avoids a cycle).
17
+ */
18
+ export interface MailEgress {
19
+ /** True if this recipient's domain is one the mail gateway routes for. */
20
+ ownsRecipient(agentId: string): boolean;
21
+ /** Render and deliver the mail-class recipients of a message. */
22
+ send(message: Message): Promise<void>;
23
+ }
24
+
14
25
  export interface SendOptions {
15
26
  from: string;
16
27
  to: string | string[] | { agent_id: string; kind?: RecipientKind }[];
@@ -26,6 +37,7 @@ export interface SendOptions {
26
37
 
27
38
  export class MessageRouter {
28
39
  private federation: ConnectionManager | null = null;
40
+ private mail: MailEgress | null = null;
29
41
 
30
42
  constructor(
31
43
  private storage: Storage,
@@ -40,6 +52,13 @@ export class MessageRouter {
40
52
  this.federation = federation;
41
53
  }
42
54
 
55
+ /**
56
+ * Attach a mail gateway for routing to external email recipients.
57
+ */
58
+ setMail(mail: MailEgress): void {
59
+ this.mail = mail;
60
+ }
61
+
43
62
  async routeMessage(opts: SendOptions): Promise<Message> {
44
63
  const recipients = this.resolveRecipients(opts.to);
45
64
  const content = normalizeContent(opts.payload);
@@ -72,8 +91,11 @@ export class MessageRouter {
72
91
  created_at: now,
73
92
  };
74
93
 
75
- // Mark local recipients as delivered; route remote ones via federation
94
+ // Classify recipients: mail (external email) takes precedence over the
95
+ // federation interpretation of "agent@domain"; remaining remote recipients
96
+ // go to federation; everything else local.
76
97
  for (const r of message.recipients) {
98
+ if (this.mail?.ownsRecipient(r.agent_id)) continue; // mail — see below
77
99
  const addr = parseAddress(r.agent_id);
78
100
  if (!isRemoteAddress(addr) && this.isLocal(r.agent_id)) {
79
101
  r.delivered_at = now;
@@ -91,10 +113,25 @@ export class MessageRouter {
91
113
 
92
114
  this.events.emit("message.created", message);
93
115
 
94
- // Route remote recipients via federation
116
+ // Route external mail recipients via the mail gateway.
117
+ if (this.mail) {
118
+ const hasMail = message.recipients.some((r) =>
119
+ this.mail!.ownsRecipient(r.agent_id)
120
+ );
121
+ if (hasMail) {
122
+ // Fire-and-forget; transient failures are queued inside the gateway.
123
+ this.mail.send(message).catch(() => {
124
+ // Mail delivery failures are handled by the gateway's retry queue
125
+ });
126
+ }
127
+ }
128
+
129
+ // Route remaining remote recipients via federation (excluding mail).
95
130
  if (this.federation) {
96
- const hasRemote = message.recipients.some((r) =>
97
- isRemoteAddress(parseAddress(r.agent_id))
131
+ const hasRemote = message.recipients.some(
132
+ (r) =>
133
+ isRemoteAddress(parseAddress(r.agent_id)) &&
134
+ !this.mail?.ownsRecipient(r.agent_id)
98
135
  );
99
136
  if (hasRemote) {
100
137
  // Fire-and-forget federation routing (results tracked via events)
@@ -27,14 +27,36 @@ export interface Storage {
27
27
  // Messages
28
28
  getMessage(id: string): Message | undefined;
29
29
  putMessage(message: Message): Message;
30
+ /** Set the conversation_id on an existing message without rewriting the row. */
31
+ setMessageConversationId(messageId: string, conversationId: string): void;
30
32
  getInbox(agentId: string, opts?: InboxQuery): Message[];
31
33
  getThread(query: ThreadQuery): Message[];
32
34
  getSentMessages(agentId: string, limit?: number): Message[];
33
35
  searchMessages(query: string, scope?: string): Message[];
36
+ /** Delete messages older than `cutoff` (ISO timestamp). Returns the count removed. */
37
+ pruneMessagesOlderThan(cutoff: string): number;
38
+
39
+ // External-id mapping (mail dedup + bounce correlation)
40
+ /**
41
+ * Record that an external message id (e.g. an RFC 5322 Message-ID) maps to a
42
+ * stored inbox message. Idempotent: re-recording the same external id is a no-op.
43
+ */
44
+ recordExternalId(externalId: string, messageId: string): void;
45
+ /** Look up the inbox message id previously recorded for an external id. */
46
+ getMessageIdByExternalId(externalId: string): string | undefined;
47
+ /** Convenience: whether an external id has already been recorded. */
48
+ hasSeenExternalId(externalId: string): boolean;
34
49
 
35
50
  // Conversations
36
51
  getConversation(id: string): Conversation | undefined;
37
52
  putConversation(conversation: Conversation): Conversation;
53
+ /** Bump conversation updated_at without rewriting participants. */
54
+ touchConversation(conversationId: string, updatedAt: string): void;
55
+ /** Add a participant if not already present. No-op if already a participant. */
56
+ addParticipant(
57
+ conversationId: string,
58
+ participant: { agent_id: string; role?: string; joined_at: string }
59
+ ): void;
38
60
  listConversations(scope?: string): Conversation[];
39
61
 
40
62
  // Turns
@@ -13,6 +13,7 @@ export class InMemoryStorage implements Storage {
13
13
  private conversations = new Map<string, Conversation>();
14
14
  private turns: Turn[] = [];
15
15
  private threads = new Map<string, Thread>();
16
+ private externalIds = new Map<string, string>();
16
17
 
17
18
  // --- Agents ---
18
19
 
@@ -45,6 +46,43 @@ export class InMemoryStorage implements Storage {
45
46
  return message;
46
47
  }
47
48
 
49
+ setMessageConversationId(messageId: string, conversationId: string): void {
50
+ const msg = this.messages.get(messageId);
51
+ if (msg) msg.conversation_id = conversationId;
52
+ }
53
+
54
+ recordExternalId(externalId: string, messageId: string): void {
55
+ if (!this.externalIds.has(externalId)) {
56
+ this.externalIds.set(externalId, messageId);
57
+ }
58
+ }
59
+
60
+ getMessageIdByExternalId(externalId: string): string | undefined {
61
+ return this.externalIds.get(externalId);
62
+ }
63
+
64
+ hasSeenExternalId(externalId: string): boolean {
65
+ return this.externalIds.has(externalId);
66
+ }
67
+
68
+ pruneMessagesOlderThan(cutoff: string): number {
69
+ let removed = 0;
70
+ const removedIds = new Set<string>();
71
+ for (const [id, msg] of this.messages) {
72
+ if (msg.created_at < cutoff) {
73
+ this.messages.delete(id);
74
+ removedIds.add(id);
75
+ removed++;
76
+ }
77
+ }
78
+ if (removedIds.size > 0) {
79
+ this.turns = this.turns.filter(
80
+ (t) => !t.source_message_id || !removedIds.has(t.source_message_id)
81
+ );
82
+ }
83
+ return removed;
84
+ }
85
+
48
86
  getInbox(agentId: string, opts?: InboxQuery): Message[] {
49
87
  const results: Message[] = [];
50
88
  for (const msg of this.messages.values()) {
@@ -108,6 +146,27 @@ export class InMemoryStorage implements Storage {
108
146
  return conversation;
109
147
  }
110
148
 
149
+ touchConversation(conversationId: string, updatedAt: string): void {
150
+ const conv = this.conversations.get(conversationId);
151
+ if (conv) conv.updated_at = updatedAt;
152
+ }
153
+
154
+ addParticipant(
155
+ conversationId: string,
156
+ participant: { agent_id: string; role?: string; joined_at: string }
157
+ ): void {
158
+ const conv = this.conversations.get(conversationId);
159
+ if (!conv) return;
160
+ if (conv.participants.some((p) => p.agent_id === participant.agent_id)) {
161
+ return;
162
+ }
163
+ conv.participants.push({
164
+ agent_id: participant.agent_id,
165
+ role: participant.role,
166
+ joined_at: participant.joined_at,
167
+ });
168
+ }
169
+
111
170
  listConversations(scope?: string): Conversation[] {
112
171
  const all = Array.from(this.conversations.values());
113
172
  if (!scope) return all;