npm - emailengine-app - Versions diffs - 2.68.0 → 2.69.0 - Mend

emailengine-app 2.68.0 → 2.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (74) hide show

package/.github/codeql/codeql-config.yml +16 -0
package/.github/workflows/codeql.yml +102 -0
package/.github/workflows/deploy.yml +8 -0
package/.github/workflows/release.yaml +4 -0
package/.github/workflows/test.yml +3 -0
package/CHANGELOG.md +49 -0
package/SECURITY.md +80 -0
package/SECURITY.txt +27 -0
package/config/default.toml +2 -0
package/data/google-crawlers.json +13 -1
package/lib/account.js +62 -25
package/lib/api-routes/account-routes.js +493 -75
package/lib/api-routes/blocklist-routes.js +337 -0
package/lib/api-routes/delivery-test-routes.js +321 -0
package/lib/api-routes/export-routes.js +1 -12
package/lib/api-routes/gateway-routes.js +376 -0
package/lib/api-routes/license-routes.js +142 -0
package/lib/api-routes/mailbox-routes.js +318 -0
package/lib/api-routes/message-routes.js +21 -129
package/lib/api-routes/oauth2-app-routes.js +631 -0
package/lib/api-routes/outbox-routes.js +173 -0
package/lib/api-routes/pubsub-routes.js +98 -0
package/lib/api-routes/route-helpers.js +45 -0
package/lib/api-routes/settings-routes.js +331 -0
package/lib/api-routes/stats-routes.js +77 -0
package/lib/api-routes/submit-routes.js +472 -0
package/lib/api-routes/template-routes.js +7 -55
package/lib/api-routes/token-routes.js +297 -0
package/lib/api-routes/webhook-route-routes.js +152 -0
package/lib/email-client/gmail-client.js +14 -0
package/lib/email-client/imap/mailbox.js +34 -11
package/lib/email-client/imap/subconnection.js +20 -12
package/lib/email-client/imap/sync-operations.js +130 -2
package/lib/email-client/imap-client.js +116 -58
package/lib/email-client/outlook-client.js +85 -13
package/lib/export.js +60 -19
package/lib/imapproxy/imap-core/lib/commands/starttls.js +18 -0
package/lib/imapproxy/imap-core/lib/imap-command.js +7 -2
package/lib/imapproxy/imap-core/lib/imap-connection.js +113 -23
package/lib/imapproxy/imap-core/lib/imap-server.js +25 -1
package/lib/imapproxy/imap-core/lib/imap-stream.js +26 -0
package/lib/imapproxy/imap-server.js +92 -29
package/lib/message-port-stream.js +113 -16
package/lib/reject-worker-calls.js +42 -0
package/lib/routes-ui.js +37 -8778
package/lib/schemas.js +26 -1
package/lib/tools.js +73 -0
package/lib/ui-routes/account-routes.js +40 -210
package/lib/ui-routes/admin-config-routes.js +913 -487
package/lib/ui-routes/admin-entities-routes.js +1 -0
package/lib/ui-routes/auth-routes.js +1339 -0
package/lib/ui-routes/dashboard-routes.js +188 -0
package/lib/ui-routes/document-store-routes.js +800 -0
package/lib/ui-routes/export-routes.js +217 -0
package/lib/ui-routes/internals-routes.js +354 -0
package/lib/ui-routes/network-config-routes.js +759 -0
package/lib/ui-routes/{oauth-routes.js → oauth-config-routes.js} +371 -91
package/lib/ui-routes/route-helpers.js +316 -0
package/lib/ui-routes/smtp-test-routes.js +236 -0
package/lib/ui-routes/unsubscribe-routes.js +234 -0
package/lib/webhook-request.js +36 -0
package/package.json +17 -17
package/sbom.json +1 -1
package/server.js +217 -19
package/static/licenses.html +52 -182
package/translations/messages.pot +131 -151
package/views/dashboard.hbs +7 -26
package/views/internals/index.hbs +15 -0
package/views/tokens/index.hbs +9 -0
package/workers/api.js +198 -4401
package/workers/export.js +87 -54
package/workers/imap.js +29 -13
package/workers/submit.js +20 -11
package/workers/webhooks.js +6 -20

package/lib/ui-routes/admin-config-routes.js CHANGED Viewed

@@ -1,34 +1,53 @@
 'use strict';
+// NB! This file is processed by the gettext parser (npm run gettext) and can not use newer syntax like ?.
+// Admin UI routes for the remaining /admin/config/* pages: webhooks, service URL/branding,
+// AI (OpenAI) settings, logging, and license. Extracted verbatim from lib/routes-ui.js.
+// The notificationTypes / configWebhooksSchema / configLoggingSchema consts, the
+// getOpenAiError helper, and the getDefaultPrompt helper move with the routes (only these
+// config pages use them).
 const Joi = require('joi');
 const crypto = require('crypto');
+const config = require('@zone-eu/wild-config');
+const libmime = require('libmime');
 const he = require('he');
+const os = require('os');
+const packageData = require('../../package.json');
 const { simpleParser } = require('mailparser');
-const libmime = require('libmime');
+const { fetch: fetchCmd } = require('undici');
 const settings = require('../settings');
-const { redis, submitQueue, notifyQueue, documentsQueue } = require('../db');
+const consts = require('../consts');
 const getSecret = require('../get-secret');
+const timezonesList = require('timezones-list').default;
+const { redis, submitQueue, notifyQueue, documentsQueue } = require('../db');
+const { getByteSize, formatByteSize, getDuration, failAction, hasEnvValue, readEnvValue, httpAgent } = require('../tools');
 const { llmPreProcess } = require('../llm-pre-process');
 const { locales } = require('../translations');
-const consts = require('../consts');
-const packageData = require('../../package.json');
-const timezonesList = require('timezones-list').default;
+const { settingsSchema } = require('../schemas');
+const { getOpenAiModels, OPEN_AI_MODELS, getExampleDocumentsPayloads } = require('./route-helpers');
-const { failAction, getByteSize, formatByteSize, getDuration, readEnvValue, hasEnvValue, httpAgent } = require('../tools');
+const { REDIS_PREFIX, DEFAULT_MAX_LOG_LINES, DEFAULT_DELIVERY_ATTEMPTS, DEFAULT_MAX_BODY_SIZE, DEFAULT_MAX_PAYLOAD_TIMEOUT, NONCE_BYTES } = consts;
-const { settingsSchema } = require('../schemas');
+const LICENSE_HOST = 'https://postalsys.com';
-const { DEFAULT_MAX_LOG_LINES, DEFAULT_DELIVERY_ATTEMPTS, REDIS_PREFIX, NONCE_BYTES, DEFAULT_GMAIL_EXPORT_BATCH_SIZE, DEFAULT_OUTLOOK_EXPORT_BATCH_SIZE } =
-    consts;
+config.api = config.api || {
+    port: 3000,
+    host: '127.0.0.1',
+    proxy: false
+};
-const { fetch: fetchCmd } = require('undici');
+const MAX_BODY_SIZE = getByteSize(readEnvValue('EENGINE_MAX_BODY_SIZE') || config.api.maxBodySize) || DEFAULT_MAX_BODY_SIZE;
+const MAX_PAYLOAD_TIMEOUT = getDuration(readEnvValue('EENGINE_MAX_PAYLOAD_TIMEOUT') || config.api.maxPayloadTimeout) || DEFAULT_MAX_PAYLOAD_TIMEOUT;
-const OPEN_AI_MODELS = [
-    { name: 'GPT-3 (instruct)', id: 'gpt-3.5-turbo-instruct' },
-    { name: 'GPT-3 (chat)', id: 'gpt-3.5-turbo' },
-    { name: 'GPT-4', id: 'gpt-4' }
-];
+const ADMIN_ACCESS_ADDRESSES = hasEnvValue('EENGINE_ADMIN_ACCESS_ADDRESSES')
+    ? readEnvValue('EENGINE_ADMIN_ACCESS_ADDRESSES')
+          .split(',')
+          .map(v => v.trim())
+          .filter(v => v)
+    : null;
 const IMAP_INDEXERS = [
     {
@@ -55,30 +74,25 @@ const notificationTypes = Object.keys(consts)
         description: consts[`${key}_DESCRIPTION`]
     }));
-const ADMIN_ACCESS_ADDRESSES = hasEnvValue('EENGINE_ADMIN_ACCESS_ADDRESSES')
-    ? readEnvValue('EENGINE_ADMIN_ACCESS_ADDRESSES')
-          .split(',')
-          .map(v => v.trim())
-          .filter(v => v)
-    : null;
-const MAX_BODY_SIZE = getByteSize(readEnvValue('EENGINE_MAX_BODY_SIZE')) || consts.DEFAULT_MAX_BODY_SIZE;
-const MAX_PAYLOAD_TIMEOUT = getDuration(readEnvValue('EENGINE_MAX_PAYLOAD_TIMEOUT')) || consts.DEFAULT_MAX_PAYLOAD_TIMEOUT;
-// Validation schemas
 const configWebhooksSchema = {
-    webhooksEnabled: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
+    webhooksEnabled: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false).description('Enable Webhooks'),
     webhooks: Joi.string()
-        .uri({ scheme: ['http', 'https'], allowRelative: false })
+        .uri({
+            scheme: ['http', 'https'],
+            allowRelative: false
+        })
         .allow('')
-        .example('https://myservice.com/imap/webhooks'),
+        .example('https://myservice.com/imap/webhooks')
+        .description('Webhook URL'),
     notifyAll: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
     headersAll: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
     notifyHeaders: Joi.string().empty('').trim(),
     notifyText: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
     notifyWebSafeHtml: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
     notifyTextSize: Joi.alternatives().try(
         Joi.number().empty('').integer().min(0),
+        // If it's a string, parse and convert it to bytes
         Joi.string().custom((value, helpers) => {
             let nr = getByteSize(value);
             if (typeof nr !== 'number' || nr < 0) {
@@ -87,11 +101,14 @@ const configWebhooksSchema = {
             return nr;
         }, 'Byte size conversion')
     ),
     notifyCalendarEvents: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
     inboxNewOnly: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
     notifyAttachments: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
     notifyAttachmentSize: Joi.alternatives().try(
         Joi.number().empty('').integer().min(0),
+        // If it's a string, parse and convert it to bytes
         Joi.string().custom((value, helpers) => {
             let nr = getByteSize(value);
             if (typeof nr !== 'number' || nr < 0) {
@@ -100,10 +117,12 @@ const configWebhooksSchema = {
             return nr;
         }, 'Byte size conversion')
     ),
     customHeaders: Joi.string()
         .allow('')
         .trim()
         .max(10 * 1024)
+        .description('Custom request headers')
 };
 for (let type of notificationTypes) {
@@ -111,47 +130,25 @@ for (let type of notificationTypes) {
 }
 const configLoggingSchema = {
-    all: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
+    all: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false).description('Enable logs for all accounts'),
     maxLogLines: Joi.number().integer().empty('').min(0).max(10000000).default(DEFAULT_MAX_LOG_LINES)
 };
-// Helper functions
-async function getOpenAiModels(models, selectedModel) {
-    let modelList = (await settings.get('openAiModels')) || structuredClone(models);
-    if (selectedModel && !modelList.find(model => model.id === selectedModel)) {
-        modelList.unshift({ name: selectedModel, id: selectedModel });
-    }
-    return modelList.map(model => {
-        model.selected = model.id === selectedModel;
-        return model;
-    });
-}
 async function getOpenAiError(gt) {
-    let openAiErrorData = await redis.get(`${REDIS_PREFIX}:openai:error`);
-    if (openAiErrorData) {
+    let openAiError = await redis.get(`${REDIS_PREFIX}:openai:error`);
+    if (openAiError) {
         try {
-            let { error, time } = JSON.parse(openAiErrorData);
-            return { error, time: (gt && gt.dateFns.formatDistance(new Date(time), new Date(), { addSuffix: true })) || time };
+            openAiError = JSON.parse(openAiError);
+            switch (openAiError.code) {
+                case 'invalid_api_key':
+                    openAiError.message = gt.gettext('Invalid API key for OpenAI');
+                    break;
+            }
         } catch (err) {
-            return false;
-        }
-    }
-    return false;
-}
-async function getExampleDocumentsPayloads() {
-    const exampleDocumentsPayloads = require('../payload-examples-documents.json');
-    let examples = structuredClone(exampleDocumentsPayloads);
-    let serviceUrl = await settings.get('serviceUrl');
-    for (let example of examples) {
-        if (example.serviceUrl) {
-            example.serviceUrl = serviceUrl || example.serviceUrl;
+            openAiError = null;
         }
     }
-    return examples;
+    return openAiError;
 }
 function init(args) {
@@ -162,7 +159,6 @@ function init(args) {
             cmd: 'openAiDefaultPrompt'
         });
-    // Webhooks config routes
     server.route({
         method: 'GET',
         path: '/admin/config/webhooks',
@@ -173,8 +169,10 @@ function init(args) {
             const notifyWebSafeHtml = (await settings.get('notifyWebSafeHtml')) || false;
             const notifyTextSize = Number(await settings.get('notifyTextSize')) || 0;
             const notifyCalendarEvents = (await settings.get('notifyCalendarEvents')) || false;
             const notifyAttachments = (await settings.get('notifyAttachments')) || false;
             const notifyAttachmentSize = Number(await settings.get('notifyAttachmentSize')) || 0;
             const inboxNewOnly = (await settings.get('inboxNewOnly')) || false;
             const customHeaders = (await settings.get('webhooksCustomHeaders')) || [];
@@ -182,8 +180,10 @@ function init(args) {
             let values = {
                 webhooksEnabled: webhooksEnabled !== null ? !!webhooksEnabled : false,
                 webhooks: (await settings.get('webhooks')) || '',
                 notifyAll: webhookEvents.includes('*'),
                 inboxNewOnly,
                 headersAll: notifyHeaders.includes('*'),
                 notifyHeaders: notifyHeaders
                     .filter(entry => entry !== '*')
@@ -193,8 +193,10 @@ function init(args) {
                 notifyWebSafeHtml,
                 notifyTextSize: notifyTextSize ? formatByteSize(notifyTextSize) : '',
                 notifyCalendarEvents,
                 notifyAttachments,
                 notifyAttachmentSize: notifyAttachmentSize ? formatByteSize(notifyAttachmentSize) : '',
                 customHeaders: []
                     .concat(customHeaders || [])
                     .map(entry => `${entry.key}: ${entry.value}`.trim())
@@ -207,14 +209,19 @@ function init(args) {
                     pageTitle: 'Webhooks',
                     menuConfig: true,
                     menuConfigWebhooks: true,
                     notificationTypes: notificationTypes.map(type =>
                         Object.assign({}, type, { checked: webhookEvents.includes(type.name), isMessageNew: type.name === 'messageNew' })
                     ),
                     values,
                     webhookErrorFlag: await settings.get('webhookErrorFlag'),
                     documentStoreEnabled: (await settings.get('documentStoreEnabled')) || false
                 },
-                { layout: 'app' }
+                {
+                    layout: 'app'
+                }
             );
         }
     });
@@ -231,9 +238,15 @@ function init(args) {
                     .map(line => {
                         let sep = line.indexOf(':');
                         if (sep >= 0) {
-                            return { key: line.substring(0, sep).trim(), value: line.substring(sep + 1).trim() };
+                            return {
+                                key: line.substring(0, sep).trim(),
+                                value: line.substring(sep + 1).trim()
+                            };
                         }
-                        return { key: line, value: '' };
+                        return {
+                            key: line,
+                            value: ''
+                        };
                     });
                 const data = {
@@ -243,14 +256,18 @@ function init(args) {
                     notifyWebSafeHtml: request.payload.notifyWebSafeHtml,
                     notifyTextSize: request.payload.notifyTextSize || 0,
                     notifyCalendarEvents: request.payload.notifyCalendarEvents,
                     notifyAttachments: request.payload.notifyAttachments,
                     notifyAttachmentSize: request.payload.notifyAttachmentSize,
                     inboxNewOnly: request.payload.inboxNewOnly,
                     webhookEvents: notificationTypes.filter(type => !!request.payload[`notify_${type.name}`]).map(type => type.name),
                     notifyHeaders: (request.payload.notifyHeaders || '')
                         .split(/\r?\n/)
                         .map(line => line.toLowerCase().trim())
                         .filter(line => line),
                     webhooksCustomHeaders: customHeaders
                 };
@@ -267,10 +284,12 @@ function init(args) {
                 }
                 if (!data.webhooksEnabled) {
+                    // clear error message (if exists)
                     await settings.clear('webhookErrorFlag');
                 }
                 await request.flash({ type: 'info', message: `Configuration updated` });
                 return h.redirect('/admin/config/webhooks');
             } catch (err) {
                 await request.flash({ type: 'danger', message: `Couldn't save settings. Try again.` });
@@ -282,21 +301,31 @@ function init(args) {
                         pageTitle: 'Webhooks',
                         menuConfig: true,
                         menuConfigWebhooks: true,
                         notificationTypes: notificationTypes.map(type =>
                             Object.assign({}, type, { checked: !!request.payload[`notify_${type.name}`], isMessageNew: type.name === 'messageNew' })
                         ),
                         webhookErrorFlag: await settings.get('webhookErrorFlag'),
                         documentStoreEnabled: (await settings.get('documentStoreEnabled')) || false
                     },
-                    { layout: 'app' }
+                    {
+                        layout: 'app'
+                    }
                 );
             }
         },
         options: {
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
                 async failAction(request, h, err) {
                     let errors = {};
                     if (err.details) {
                         err.details.forEach(detail => {
                             if (!errors[detail.path]) {
@@ -315,6 +344,7 @@ function init(args) {
                                 pageTitle: 'Webhooks',
                                 menuConfig: true,
                                 menuConfigWebhooks: true,
                                 notificationTypes: notificationTypes.map(type =>
                                     Object.assign({}, type, {
                                         checked: !!request.payload[`notify_${type.name}`],
@@ -322,20 +352,24 @@ function init(args) {
                                         error: errors[`notify_${type.name}`]
                                     })
                                 ),
                                 errors,
                                 webhookErrorFlag: await settings.get('webhookErrorFlag'),
                                 documentStoreEnabled: (await settings.get('documentStoreEnabled')) || false
                             },
-                            { layout: 'app' }
+                            {
+                                layout: 'app'
+                            }
                         )
                         .takeover();
                 },
                 payload: Joi.object(configWebhooksSchema)
             }
         }
     });
-    // Service config routes
     server.route({
         method: 'GET',
         path: '/admin/config/service',
@@ -347,22 +381,26 @@ function init(args) {
                 serviceSecret: (await settings.get('serviceSecret')) || null,
                 queueKeep: (await settings.get('queueKeep')) || 0,
                 deliveryAttempts: await settings.get('deliveryAttempts'),
                 imapIndexer: (await settings.get('imapIndexer')) || 'full',
                 pageBrandName: (await settings.get('pageBrandName')) || '',
                 templateHeader: (await settings.get('templateHeader')) || '',
                 templateHtmlHead: (await settings.get('templateHtmlHead')) || '',
                 scriptEnv: (await settings.get('scriptEnv')) || '',
                 enableTokens: !(await settings.get('disableTokens')),
                 enableApiProxy: (await settings.get('enableApiProxy')) || false,
                 trackClicks: await settings.get('trackClicks'),
                 trackOpens: await settings.get('trackOpens'),
                 resolveGmailCategories: (await settings.get('resolveGmailCategories')) || false,
                 enableOAuthTokensApi: (await settings.get('enableOAuthTokensApi')) || false,
                 ignoreMailCertErrors: (await settings.get('ignoreMailCertErrors')) || false,
                 locale: (await settings.get('locale')) || false,
-                timezone: (await settings.get('timezone')) || false,
-                gmailExportBatchSize: (await settings.get('gmailExportBatchSize')) || DEFAULT_GMAIL_EXPORT_BATCH_SIZE,
-                outlookExportBatchSize: (await settings.get('outlookExportBatchSize')) || DEFAULT_OUTLOOK_EXPORT_BATCH_SIZE
+                timezone: (await settings.get('timezone')) || false
             };
             if (typeof values.trackClicks !== 'boolean') {
@@ -385,21 +423,27 @@ function init(args) {
                     menuConfigService: true,
                     encryption: await getSecret(),
                     locales: locales.map(locale => Object.assign({ selected: locale.locale === values.locale }, locale)),
                     timezones: timezonesList.map(entry => ({
                         name: entry.label,
                         timezone: entry.tzCode,
                         selected: entry.tzCode === values.timezone
                     })),
                     imapIndexers: structuredClone(IMAP_INDEXERS).map(entry => {
                         if (entry.id === values.imapIndexer) {
                             entry.selected = true;
                         }
                         return entry;
                     }),
                     adminAccessLimit: ADMIN_ACCESS_ADDRESSES && ADMIN_ACCESS_ADDRESSES.length,
                     values
                 },
-                { layout: 'app' }
+                {
+                    layout: 'app'
+                }
             );
         }
     });
@@ -426,9 +470,7 @@ function init(args) {
                     locale: request.payload.locale,
                     timezone: request.payload.timezone,
                     deliveryAttempts: request.payload.deliveryAttempts,
-                    imapIndexer: request.payload.imapIndexer,
-                    gmailExportBatchSize: request.payload.gmailExportBatchSize,
-                    outlookExportBatchSize: request.payload.outlookExportBatchSize
+                    imapIndexer: request.payload.imapIndexer
                 };
                 if (request.payload.serviceUrl) {
@@ -441,6 +483,7 @@ function init(args) {
                 }
                 await request.flash({ type: 'info', message: `Configuration updated` });
                 return h.redirect('/admin/config/service');
             } catch (err) {
                 await request.flash({ type: 'danger', message: `Couldn't save settings. Try again.` });
@@ -454,28 +497,39 @@ function init(args) {
                         menuConfigService: true,
                         locales: locales.map(locale => Object.assign({ selected: locale.locale === request.payload.locale }, locale)),
                         encryption: await getSecret(),
                         timezones: timezonesList.map(entry => ({
                             name: entry.label,
                             timezone: entry.tzCode,
                             selected: entry.tzCode === request.payload.timezone
                         })),
                         imapIndexers: structuredClone(IMAP_INDEXERS).map(entry => {
                             if (entry.id === request.payload.imapIndexer) {
                                 entry.selected = true;
                             }
                             return entry;
                         }),
                         adminAccessLimit: ADMIN_ACCESS_ADDRESSES && ADMIN_ACCESS_ADDRESSES.length
                     },
-                    { layout: 'app' }
+                    {
+                        layout: 'app'
+                    }
                 );
             }
         },
         options: {
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
                 async failAction(request, h, err) {
                     let errors = {};
                     if (err.details) {
                         err.details.forEach(detail => {
                             if (!errors[detail.path]) {
@@ -496,24 +550,31 @@ function init(args) {
                                 menuConfigService: true,
                                 locales: locales.map(locale => Object.assign({ selected: locale.locale === request.payload.locale }, locale)),
                                 encryption: await getSecret(),
                                 timezones: timezonesList.map(entry => ({
                                     name: entry.label,
                                     timezone: entry.tzCode,
                                     selected: entry.tzCode === request.payload.timezone
                                 })),
                                 imapIndexers: structuredClone(IMAP_INDEXERS).map(entry => {
                                     if (entry.id === request.payload.imapIndexer) {
                                         entry.selected = true;
                                     }
                                     return entry;
                                 }),
                                 adminAccessLimit: ADMIN_ACCESS_ADDRESSES && ADMIN_ACCESS_ADDRESSES.length,
                                 errors
                             },
-                            { layout: 'app' }
+                            {
+                                layout: 'app'
+                            }
                         )
                         .takeover();
                 },
                 payload: Joi.object({
                     serviceUrl: settingsSchema.serviceUrl,
                     serviceSecret: settingsSchema.serviceSecret,
@@ -529,143 +590,558 @@ function init(args) {
                     trackClicks: settingsSchema.trackClicks.default(false),
                     resolveGmailCategories: settingsSchema.resolveGmailCategories.default(false),
                     ignoreMailCertErrors: settingsSchema.ignoreMailCertErrors.default(false),
-                    enableOAuthTokensApi: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
+                    // Following options can only be changed via the UI
+                    enableOAuthTokensApi: Joi.boolean()
+                        .truthy('Y', 'true', '1', 'on')
+                        .falsy('N', 'false', 0, '')
+                        .description('If true, then allow using using the OAuth tokens API endpoint')
+                        .default(false),
                     enableTokens: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false),
                     locale: settingsSchema.locale
                         .empty('')
                         .valid(...locales.map(locale => locale.locale))
                         .default('en'),
-                    timezone: settingsSchema.timezone.empty(''),
-                    gmailExportBatchSize: settingsSchema.gmailExportBatchSize.default(DEFAULT_GMAIL_EXPORT_BATCH_SIZE),
-                    outlookExportBatchSize: settingsSchema.outlookExportBatchSize.default(DEFAULT_OUTLOOK_EXPORT_BATCH_SIZE)
+                    timezone: settingsSchema.timezone.empty('')
                 })
             }
         }
     });
-    // Service preview route
     server.route({
-        method: 'POST',
-        path: '/admin/config/service/preview',
+        method: 'GET',
+        path: '/admin/config/ai',
         async handler(request, h) {
-            return h.view(
-                'config/service-preview',
-                {
-                    pageBrandName: request.payload.pageBrandName,
-                    embeddedTemplateHeader: request.payload.templateHeader,
-                    embeddedTemplateHtmlHead: request.payload.templateHtmlHead
-                },
-                { layout: 'public' }
-            );
-        },
-        options: {
-            validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
-                async failAction(request, h, err) {
-                    request.logger.error({ msg: 'Failed to process preview', err });
-                    return h.redirect('/admin').takeover();
-                },
-                payload: Joi.object({
-                    pageBrandName: settingsSchema.pageBrandName.default(''),
-                    templateHeader: settingsSchema.templateHeader.default(''),
-                    templateHtmlHead: settingsSchema.templateHtmlHead.default('')
-                })
-            }
-        }
-    });
+            const errorLog = ((await llmPreProcess.getErrorLog()) || []).map(entry => {
+                if (entry.error && typeof entry.error === 'string') {
+                    entry.error = entry.error
+                        .replace(/\r?\n/g, '\n')
+                        .replace(/^\s+at\s+.*$/gm, '')
+                        .replace(/\n+/g, '\n')
+                        .trim()
+                        .replace(/(evalmachine.<anonymous>:)(\d+)/, (o, p, n) => p + (Number(n) - 1));
+                }
+                return entry;
+            });
-    // Clear error route
-    server.route({
-        method: 'POST',
-        path: '/admin/config/clear-error',
-        async handler(request) {
-            switch (request.payload.alert) {
-                case 'open-ai':
-                    await redis.del(`${REDIS_PREFIX}:openai:error`);
-                    break;
-                case 'webhook-default':
-                    await settings.clear('webhookErrorFlag');
-                    break;
-                case 'webhook-route':
-                    if (request.payload.entry) {
-                        await redis.hdel(`${REDIS_PREFIX}wh:c`, `${request.payload.entry}:webhookErrorFlag`);
-                    }
-                    break;
-            }
-            return { success: true };
-        },
-        options: {
-            validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
-                failAction,
-                payload: Joi.object({
-                    alert: Joi.string().required().max(1024),
-                    entry: Joi.string().empty('').max(1024).trim()
-                })
-            }
-        }
-    });
+            const values = {
+                generateEmailSummary: (await settings.get('generateEmailSummary')) || false,
+                openAiPrompt: ((await settings.get('openAiPrompt')) || '').toString(),
+                contentFnJson: JSON.stringify(
+                    ((await settings.get(`openAiPreProcessingFn`)) || '').toString() ||
+                        `// Pass all emails
+return true;`
+                ),
-    // Service clean route
-    server.route({
-        method: 'POST',
-        path: '/admin/config/service/clean',
-        async handler(request) {
-            let errors = [];
-            for (let queue of [submitQueue, notifyQueue, documentsQueue]) {
-                for (let type of ['failed', 'completed']) {
-                    try {
-                        await queue.clean(1000, 100000, type);
-                        request.logger.trace({ msg: 'Queue cleaned', queue: queue.name, type });
-                    } catch (err) {
-                        request.logger.error({ msg: 'Failed to clean queue', queue: queue.name, type, err });
-                        errors.push(err.message);
-                    }
-                }
-            }
+                openAiAPIUrl: ((await settings.get('openAiAPIUrl')) || '').toString(),
-            if (errors.length) {
-                return { success: false, error: 'Cleaning failed for some queues' };
-            }
-            return { success: true };
-        },
-        options: {
-            validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true }
-            }
-        }
-    });
+                openAiTemperature: ((await settings.get('openAiTemperature')) || '').toString(),
+                openAiTopP: ((await settings.get('openAiTopP')) || '').toString(),
+                openAiMaxTokens: ((await settings.get('openAiMaxTokens')) || '').toString()
+            };
-    // Logging config routes
-    server.route({
-        method: 'GET',
-        path: '/admin/config/logging',
-        async handler(request, h) {
-            let values = (await settings.get('logs')) || {};
-            if (typeof values.maxLogLines === 'undefined') {
-                values.maxLogLines = DEFAULT_MAX_LOG_LINES;
+            if (!values.openAiPrompt.trim()) {
+                values.openAiPrompt = await getDefaultPrompt();
             }
-            values.accounts = [].concat(values.accounts || []).join('\n');
+            let hasOpenAiAPIKey = !!(await settings.get('openAiAPIKey'));
+            let openAiModel = await settings.get('openAiModel');
+            let openAiError = await getOpenAiError(request.app.gt);
             return h.view(
-                'config/logging',
+                'config/ai',
                 {
-                    pageTitle: 'Logging',
+                    pageTitle: 'AI Processing',
                     menuConfig: true,
-                    menuConfigLogging: true,
-                    values
+                    menuConfigAi: true,
+                    errorLog,
+                    defaultPromptJson: JSON.stringify({ prompt: await getDefaultPrompt() }),
+                    values,
+                    hasOpenAiAPIKey,
+                    openAiError,
+                    openAiModels: await getOpenAiModels(OPEN_AI_MODELS, openAiModel),
+                    scriptEnvJson: JSON.stringify((await settings.get('scriptEnv')) || '{}'),
+                    examplePayloadsJson: JSON.stringify(
+                        (await getExampleDocumentsPayloads()).map(entry =>
+                            Object.assign({}, entry, { summary: undefined, riskAssessment: undefined, preview: undefined })
+                        )
+                    )
                 },
-                { layout: 'app' }
+                {
+                    layout: 'app'
+                }
             );
         }
     });
     server.route({
         method: 'POST',
-        path: '/admin/config/logging',
+        path: '/admin/config/ai',
         async handler(request, h) {
             try {
-                const data = {
+                let contentFn;
+                try {
+                    if (request.payload.contentFnJson === '') {
+                        contentFn = null;
+                    } else {
+                        contentFn = JSON.parse(request.payload.contentFnJson);
+                        if (typeof contentFn !== 'string') {
+                            throw new Error('Invalid Format');
+                        }
+                    }
+                } catch (err) {
+                    err.details = {
+                        contentFnJson: 'Invalid JSON'
+                    };
+                    throw err;
+                }
+                let data = {
+                    generateEmailSummary: request.payload.generateEmailSummary,
+                    openAiModel: request.payload.openAiModel,
+                    openAiAPIUrl: request.payload.openAiAPIUrl,
+                    openAiPrompt: (request.payload.openAiPrompt || '').toString(),
+                    openAiPreProcessingFn: contentFn,
+                    openAiTemperature: request.payload.openAiTemperature,
+                    openAiTopP: request.payload.openAiTopP,
+                    openAiMaxTokens: request.payload.openAiMaxTokens
+                };
+                let defaultUserPrompt = await getDefaultPrompt();
+                if (!data.openAiPrompt.trim() || data.openAiPrompt.trim() === defaultUserPrompt.trim()) {
+                    data.openAiPrompt = '';
+                }
+                if (typeof request.payload.openAiAPIKey === 'string') {
+                    data.openAiAPIKey = request.payload.openAiAPIKey;
+                }
+                if (typeof request.payload.openAiAPIUrl === 'string') {
+                    data.openAiAPIUrl = request.payload.openAiAPIUrl;
+                }
+                for (let key of Object.keys(data)) {
+                    await settings.set(key, data[key]);
+                }
+                await request.flash({ type: 'info', message: `Configuration updated` });
+                return h.redirect('/admin/config/ai');
+            } catch (err) {
+                await request.flash({ type: 'danger', message: `Couldn't save settings. Try again.` });
+                request.logger.error({ msg: 'Failed to update configuration', err });
+                let hasOpenAiAPIKey = !!(await settings.get('openAiAPIKey'));
+                let openAiError = await getOpenAiError(request.app.gt);
+                const errorLog = ((await llmPreProcess.getErrorLog()) || []).map(entry => {
+                    if (entry.error && typeof entry.error === 'string') {
+                        entry.error = entry.error
+                            .replace(/\r?\n/g, '\n')
+                            .replace(/^\s+at\s+.*$/gm, '')
+                            .replace(/\n+/g, '\n')
+                            .trim()
+                            .replace(/(evalmachine.<anonymous>:)(\d+)/, (o, p, n) => p + (Number(n) - 1));
+                    }
+                    return entry;
+                });
+                return h.view(
+                    'config/ai',
+                    {
+                        pageTitle: 'AI Processing',
+                        menuConfig: true,
+                        menuConfigAi: true,
+                        errorLog,
+                        defaultPromptJson: JSON.stringify({ prompt: await getDefaultPrompt() }),
+                        hasOpenAiAPIKey,
+                        openAiError,
+                        openAiModels: await getOpenAiModels(OPEN_AI_MODELS, request.payload.openAiModel),
+                        scriptEnvJson: JSON.stringify((await settings.get('scriptEnv')) || '{}'),
+                        examplePayloadsJson: JSON.stringify(
+                            (await getExampleDocumentsPayloads()).map(entry =>
+                                Object.assign({}, entry, { summary: undefined, riskAssessment: undefined, preview: undefined })
+                            )
+                        )
+                    },
+                    {
+                        layout: 'app'
+                    }
+                );
+            }
+        },
+        options: {
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+                async failAction(request, h, err) {
+                    let errors = {};
+                    if (err.details) {
+                        err.details.forEach(detail => {
+                            if (!errors[detail.path]) {
+                                errors[detail.path] = detail.message;
+                            }
+                        });
+                    }
+                    await request.flash({ type: 'danger', message: `Couldn't save settings. Try again.` });
+                    request.logger.error({ msg: 'Failed to update configuration', err });
+                    let hasOpenAiAPIKey = !!(await settings.get('openAiAPIKey'));
+                    let openAiError = await getOpenAiError(request.app.gt);
+                    const errorLog = ((await llmPreProcess.getErrorLog()) || []).map(entry => {
+                        if (entry.error && typeof entry.error === 'string') {
+                            entry.error = entry.error
+                                .replace(/\r?\n/g, '\n')
+                                .replace(/^\s+at\s+.*$/gm, '')
+                                .replace(/\n+/g, '\n')
+                                .trim()
+                                .replace(/(evalmachine.<anonymous>:)(\d+)/, (o, p, n) => p + (Number(n) - 1));
+                        }
+                        return entry;
+                    });
+                    return h
+                        .view(
+                            'config/ai',
+                            {
+                                pageTitle: 'AI Processing',
+                                menuConfig: true,
+                                menuConfigAi: true,
+                                errorLog,
+                                defaultPromptJson: JSON.stringify({ prompt: await getDefaultPrompt() }),
+                                hasOpenAiAPIKey,
+                                openAiError,
+                                openAiModels: await getOpenAiModels(OPEN_AI_MODELS, request.payload.openAiModel),
+                                scriptEnvJson: JSON.stringify((await settings.get('scriptEnv')) || '{}'),
+                                examplePayloadsJson: JSON.stringify(
+                                    (await getExampleDocumentsPayloads()).map(entry =>
+                                        Object.assign({}, entry, { summary: undefined, riskAssessment: undefined, preview: undefined })
+                                    )
+                                ),
+                                errors
+                            },
+                            {
+                                layout: 'app'
+                            }
+                        )
+                        .takeover();
+                },
+                payload: Joi.object({
+                    generateEmailSummary: settingsSchema.generateEmailSummary.default(false),
+                    openAiAPIKey: settingsSchema.openAiAPIKey.empty(''),
+                    openAiModel: settingsSchema.openAiModel.empty(''),
+                    openAiAPIUrl: settingsSchema.openAiAPIUrl.default(''),
+                    openAiPrompt: settingsSchema.openAiPrompt.default(''),
+                    contentFnJson: Joi.string()
+                        .max(1024 * 1024)
+                        .default('')
+                        .allow('')
+                        .trim()
+                        .description('Filter function'),
+                    openAiTemperature: settingsSchema.openAiTemperature.default(''),
+                    openAiTopP: settingsSchema.openAiTopP.default(''),
+                    openAiMaxTokens: settingsSchema.openAiMaxTokens.default('')
+                })
+            }
+        }
+    });
+    server.route({
+        method: 'POST',
+        path: '/admin/config/ai/test-prompt',
+        async handler(request) {
+            try {
+                request.logger.info({ msg: 'Prompt test' });
+                const parsed = await simpleParser(Buffer.from(request.payload.emailFile, 'base64'));
+                const response = {};
+                response.summary = await call({
+                    cmd: 'generateSummary',
+                    data: {
+                        message: {
+                            headers: parsed.headerLines.map(header => libmime.decodeHeader(header.line)),
+                            attachments: parsed.attachments,
+                            html: parsed.html,
+                            text: parsed.text
+                        },
+                        openAiAPIKey: request.payload.openAiAPIKey,
+                        openAiModel: request.payload.openAiModel,
+                        openAiAPIUrl: request.payload.openAiAPIUrl,
+                        openAiPrompt: request.payload.openAiPrompt,
+                        openAiTemperature: request.payload.openAiTemperature,
+                        openAiTopP: request.payload.openAiTopP,
+                        openAiMaxTokens: request.payload.openAiMaxTokens
+                    },
+                    timeout: 2 * 60 * 1000
+                });
+                // crux from olden times
+                for (let key of Object.keys(response.summary)) {
+                    // remove meta keys from output
+                    if (key.charAt(0) === '_' || response.summary[key] === '') {
+                        delete response.summary[key];
+                    }
+                    if (key === 'riskAssessment') {
+                        response.riskAssessment = response.summary.riskAssessment;
+                        delete response.summary.riskAssessment;
+                    }
+                }
+                return { success: true, response };
+            } catch (err) {
+                request.logger.error({ msg: 'Failed to test prompt', err });
+                return { success: false, error: err.message };
+            }
+        },
+        options: {
+            payload: {
+                maxBytes: MAX_BODY_SIZE,
+                timeout: MAX_PAYLOAD_TIMEOUT
+            },
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+                payload: Joi.object({
+                    emailFile: Joi.string().base64({ paddingRequired: false }).required(),
+                    openAiAPIKey: settingsSchema.openAiAPIKey.empty(''),
+                    openAiModel: settingsSchema.openAiModel.empty(''),
+                    openAiAPIUrl: settingsSchema.openAiAPIUrl.default(''),
+                    openAiPrompt: settingsSchema.openAiPrompt.default(''),
+                    openAiTemperature: settingsSchema.openAiTemperature.empty(''),
+                    openAiTopP: settingsSchema.openAiTopP.empty(''),
+                    openAiMaxTokens: settingsSchema.openAiMaxTokens.empty('')
+                })
+            }
+        }
+    });
+    server.route({
+        method: 'POST',
+        path: '/admin/config/ai/reload-models',
+        async handler(request) {
+            try {
+                request.logger.info({ msg: 'Reload models' });
+                const { models } = await call({
+                    cmd: 'openAiListModels',
+                    data: {
+                        openAiAPIKey: request.payload.openAiAPIKey,
+                        openAiAPIUrl: request.payload.openAiAPIUrl
+                    },
+                    timeout: 2 * 60 * 1000
+                });
+                if (models && models.length) {
+                    await settings.set('openAiModels', models);
+                }
+                return { success: true, models };
+            } catch (err) {
+                request.logger.error({ msg: 'Failed reloading OpenAI models', err });
+                return {
+                    success: false,
+                    error: err.message
+                };
+            }
+        },
+        options: {
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+                payload: Joi.object({
+                    openAiAPIKey: settingsSchema.openAiAPIKey.empty(''),
+                    openAiAPIUrl: settingsSchema.openAiAPIUrl.default('')
+                })
+            }
+        }
+    });
+    server.route({
+        method: 'POST',
+        path: '/admin/config/service/preview',
+        async handler(request, h) {
+            return h.view(
+                'config/service-preview',
+                {
+                    pageBrandName: request.payload.pageBrandName,
+                    embeddedTemplateHeader: request.payload.templateHeader,
+                    embeddedTemplateHtmlHead: request.payload.templateHtmlHead
+                },
+                {
+                    layout: 'public'
+                }
+            );
+        },
+        options: {
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+                async failAction(request, h, err) {
+                    request.logger.error({ msg: 'Failed to process preview', err });
+                    return h.redirect('/admin').takeover();
+                },
+                payload: Joi.object({
+                    pageBrandName: settingsSchema.pageBrandName.default(''),
+                    templateHeader: settingsSchema.templateHeader.default(''),
+                    templateHtmlHead: settingsSchema.templateHtmlHead.default('')
+                })
+            }
+        }
+    });
+    server.route({
+        method: 'POST',
+        path: '/admin/config/clear-error',
+        async handler(request) {
+            switch (request.payload.alert) {
+                case 'open-ai':
+                    await redis.del(`${REDIS_PREFIX}:openai:error`);
+                    break;
+                case 'webhook-default':
+                    await settings.clear('webhookErrorFlag');
+                    break;
+                case 'webhook-route':
+                    if (request.payload.entry) {
+                        await redis.hdel(`${REDIS_PREFIX}wh:c`, `${request.payload.entry}:webhookErrorFlag`);
+                    }
+                    break;
+            }
+            return { success: true };
+        },
+        options: {
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction,
+                payload: Joi.object({
+                    alert: Joi.string().required().max(1024),
+                    entry: Joi.string().empty('').max(1024).trim()
+                })
+            }
+        }
+    });
+    server.route({
+        method: 'POST',
+        path: '/admin/config/service/clean',
+        async handler(request) {
+            let errors = [];
+            for (let queue of [submitQueue, notifyQueue, documentsQueue]) {
+                for (let type of ['failed', 'completed']) {
+                    try {
+                        await queue.clean(1000, 100000, type);
+                        request.logger.trace({ msg: 'Queue cleaned', queue: queue.name, type });
+                    } catch (err) {
+                        request.logger.error({ msg: 'Failed to clean queue', queue: queue.name, type, err });
+                        errors.push(err.message);
+                    }
+                }
+            }
+            if (errors.length) {
+                return { success: false, error: 'Cleaning failed for some queues' };
+            }
+            return { success: true };
+        },
+        options: {
+            validate: {
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                }
+            }
+        }
+    });
+    server.route({
+        method: 'GET',
+        path: '/admin/config/logging',
+        async handler(request, h) {
+            let values = (await settings.get('logs')) || {};
+            if (typeof values.maxLogLines === 'undefined') {
+                values.maxLogLines = DEFAULT_MAX_LOG_LINES;
+            }
+            values.accounts = [].concat(values.accounts || []).join('\n');
+            return h.view(
+                'config/logging',
+                {
+                    pageTitle: 'Logging',
+                    menuConfig: true,
+                    menuConfigLogging: true,
+                    values
+                },
+                {
+                    layout: 'app'
+                }
+            );
+        }
+    });
+    server.route({
+        method: 'POST',
+        path: '/admin/config/logging',
+        async handler(request, h) {
+            try {
+                const data = {
                     logs: {
                         all: !!request.payload.all,
                         maxLogLines: request.payload.maxLogLines || 0
@@ -677,6 +1153,7 @@ function init(args) {
                 }
                 await request.flash({ type: 'info', message: `Configuration updated` });
                 return h.redirect('/admin/config/logging');
             } catch (err) {
                 await request.flash({ type: 'danger', message: `Couldn't save settings. Try again.` });
@@ -689,15 +1166,23 @@ function init(args) {
                         menuConfig: true,
                         menuConfigWebhooks: true
                     },
-                    { layout: 'app' }
+                    {
+                        layout: 'app'
+                    }
                 );
             }
         },
         options: {
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
                 async failAction(request, h, err) {
                     let errors = {};
                     if (err.details) {
                         err.details.forEach(detail => {
                             if (!errors[detail.path]) {
@@ -716,18 +1201,21 @@ function init(args) {
                                 pageTitle: 'Logging',
                                 menuConfig: true,
                                 menuConfigWebhooks: true,
                                 errors
                             },
-                            { layout: 'app' }
+                            {
+                                layout: 'app'
+                            }
                         )
                         .takeover();
                 },
                 payload: Joi.object(configLoggingSchema)
             }
         }
     });
-    // Logging reconnect route
     server.route({
         method: 'POST',
         path: '/admin/config/logging/reconnect',
@@ -744,7 +1232,10 @@ function init(args) {
                     }
                 }
-                return { success: true, accounts: requested };
+                return {
+                    success: true,
+                    accounts: requested
+                };
             } catch (err) {
                 request.logger.error({ msg: 'Failed to request reconnect', err, accounts: request.payload.accounts });
                 return { success: false, error: err.message };
@@ -752,16 +1243,26 @@ function init(args) {
         },
         options: {
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
                 failAction,
                 payload: Joi.object({
-                    accounts: Joi.array().items(Joi.string().max(256)).default([]).label('LoggedAccounts')
+                    accounts: Joi.array()
+                        .items(Joi.string().max(256))
+                        .default([])
+                        .example(['account-id-1', 'account-id-2'])
+                        .description('Request reconnect for listed accounts')
+                        .label('LoggedAccounts')
                 })
             }
         }
     });
-    // Webhooks test route
     server.route({
         method: 'POST',
         path: '/admin/config/webhooks/test',
@@ -773,7 +1274,11 @@ function init(args) {
             const webhooks = request.payload.webhooks;
             if (!webhooks) {
-                return { success: false, target: webhooks, error: 'Webhook URL is not set' };
+                return {
+                    success: false,
+                    target: webhooks,
+                    error: 'Webhook URL is not set'
+                };
             }
             let parsed = new URL(webhooks);
@@ -800,9 +1305,15 @@ function init(args) {
                 .map(line => {
                     let sep = line.indexOf(':');
                     if (sep >= 0) {
-                        return { key: line.substring(0, sep).trim(), value: line.substring(sep + 1).trim() };
+                        return {
+                            key: line.substring(0, sep).trim(),
+                            value: line.substring(sep + 1).trim()
+                        };
                     }
-                    return { key: line, value: '' };
+                    return {
+                        key: line,
+                        value: ''
+                    };
                 });
             customHeaders.forEach(header => {
@@ -813,6 +1324,7 @@ function init(args) {
             let duration;
             try {
                 let res;
                 let serviceUrl = await settings.get('serviceUrl');
                 try {
@@ -825,7 +1337,9 @@ function init(args) {
                                 account: null,
                                 date: new Date().toISOString(),
                                 event: 'test',
-                                data: { nonce: crypto.randomBytes(NONCE_BYTES).toString('base64url') }
+                                data: {
+                                    nonce: crypto.randomBytes(NONCE_BYTES).toString('base64url')
+                                }
                             }),
                         headers,
                         dispatcher: httpAgent.retry
@@ -842,194 +1356,151 @@ function init(args) {
                     throw err;
                 }
-                return { success: true, target: webhooks, duration };
+                return {
+                    success: true,
+                    target: webhooks,
+                    duration
+                };
             } catch (err) {
                 request.logger.error({ msg: 'Failed posting webhook', webhooks, event: 'test', err });
-                return { success: false, target: webhooks, duration, error: err.message, code: err.code };
+                return {
+                    success: false,
+                    target: webhooks,
+                    duration,
+                    error: err.message,
+                    code: err.code
+                };
             }
         },
         options: {
             tags: ['test'],
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
                 failAction,
                 payload: Joi.object({
                     webhooks: Joi.string()
-                        .uri({ scheme: ['http', 'https'], allowRelative: false })
-                        .allow(''),
+                        .uri({
+                            scheme: ['http', 'https'],
+                            allowRelative: false
+                        })
+                        .allow('')
+                        .example('https://myservice.com/imap/webhooks')
+                        .description('Webhook URL'),
                     customHeaders: Joi.string()
                         .allow('')
                         .trim()
                         .max(10 * 1024)
-                        .default(''),
+                        .default('')
+                        .description('Custom request headers'),
                     payload: Joi.string()
                         .max(1024 * 1024)
                         .empty('')
                         .trim()
+                        .description('Example JSON payload')
                 })
             }
         }
     });
-    // AI config routes
-    server.route({
-        method: 'GET',
-        path: '/admin/config/ai',
-        async handler(request, h) {
-            const errorLog = ((await llmPreProcess.getErrorLog()) || []).map(entry => {
-                if (entry.error && typeof entry.error === 'string') {
-                    entry.error = entry.error
-                        .replace(/\r?\n/g, '\n')
-                        .replace(/^\s+at\s+.*$/gm, '')
-                        .replace(/\n+/g, '\n')
-                        .trim()
-                        .replace(/(evalmachine.<anonymous>:)(\d+)/, (o, p, n) => p + (Number(n) - 1));
-                }
-                return entry;
-            });
+    // Webhook, template, gateway, and token routes are in admin-entities-routes.js
-            const values = {
-                generateEmailSummary: (await settings.get('generateEmailSummary')) || false,
-                openAiPrompt: ((await settings.get('openAiPrompt')) || '').toString(),
-                contentFnJson: JSON.stringify(
-                    ((await settings.get(`openAiPreProcessingFn`)) || '').toString() ||
-                        `// Pass all emails
-return true;`
-                ),
-                openAiAPIUrl: ((await settings.get('openAiAPIUrl')) || '').toString(),
-                openAiTemperature: ((await settings.get('openAiTemperature')) || '').toString(),
-                openAiTopP: ((await settings.get('openAiTopP')) || '').toString(),
-                openAiMaxTokens: ((await settings.get('openAiMaxTokens')) || '').toString()
-            };
-            if (!values.openAiPrompt.trim()) {
-                values.openAiPrompt = await getDefaultPrompt();
-            }
-            let hasOpenAiAPIKey = !!(await settings.get('openAiAPIKey'));
-            let openAiModel = await settings.get('openAiModel');
-            let openAiError = await getOpenAiError(request.app.gt);
-            return h.view(
-                'config/ai',
-                {
-                    pageTitle: 'AI Processing',
-                    menuConfig: true,
-                    menuConfigAi: true,
-                    errorLog,
-                    defaultPromptJson: JSON.stringify({ prompt: await getDefaultPrompt() }),
-                    values,
-                    hasOpenAiAPIKey,
-                    openAiError,
-                    openAiModels: await getOpenAiModels(OPEN_AI_MODELS, openAiModel),
-                    scriptEnvJson: JSON.stringify((await settings.get('scriptEnv')) || '{}'),
-                    examplePayloadsJson: JSON.stringify(
-                        (await getExampleDocumentsPayloads()).map(entry =>
-                            Object.assign({}, entry, { summary: undefined, riskAssessment: undefined, preview: undefined })
-                        )
-                    )
+    server.route({
+        method: 'GET',
+        path: '/admin/config/license',
+        async handler(request, h) {
+            await call({ cmd: 'checkLicense' });
+            let subexp = await settings.get('subexp');
+            let expiresDays;
+            if (subexp && !(request.app.licenseInfo && request.app.licenseInfo.details && request.app.licenseInfo.details.lt)) {
+                let delayMs = new Date(subexp) - Date.now();
+                expiresDays = Math.max(Math.ceil(delayMs / (24 * 3600 * 1000)), 0);
+            }
+            return h.view(
+                'config/license',
+                {
+                    pageTitle: 'License',
+                    menuLicense: true,
+                    hideLicenseWarning: true,
+                    menuConfig: true,
+                    menuConfigLicense: true,
+                    subexp,
+                    expiresDays,
+                    showLicenseText:
+                        !request.app.licenseInfo ||
+                        !request.app.licenseInfo.active ||
+                        (request.app.licenseInfo.details && request.app.licenseInfo.details.trial)
                 },
-                { layout: 'app' }
+                {
+                    layout: 'app'
+                }
             );
         }
     });
     server.route({
         method: 'POST',
-        path: '/admin/config/ai',
+        path: '/admin/config/license',
         async handler(request, h) {
             try {
-                let contentFn;
-                try {
-                    if (request.payload.contentFnJson === '') {
-                        contentFn = null;
-                    } else {
-                        contentFn = JSON.parse(request.payload.contentFnJson);
-                        if (typeof contentFn !== 'string') {
-                            throw new Error('Invalid Format');
-                        }
-                    }
-                } catch (err) {
-                    err.details = { contentFnJson: 'Invalid JSON' };
+                // update license
+                const licenseInfo = await call({ cmd: 'updateLicense', license: request.payload.license });
+                if (!licenseInfo) {
+                    let err = new Error('Failed to update license. Check license file contents.');
+                    err.statusCode = 403;
+                    err.details = { license: err.message };
                     throw err;
                 }
-                let data = {
-                    generateEmailSummary: request.payload.generateEmailSummary,
-                    openAiModel: request.payload.openAiModel,
-                    openAiAPIUrl: request.payload.openAiAPIUrl,
-                    openAiPrompt: (request.payload.openAiPrompt || '').toString(),
-                    openAiPreProcessingFn: contentFn,
-                    openAiTemperature: request.payload.openAiTemperature,
-                    openAiTopP: request.payload.openAiTopP,
-                    openAiMaxTokens: request.payload.openAiMaxTokens
-                };
-                let defaultUserPrompt = await getDefaultPrompt();
-                if (!data.openAiPrompt.trim() || data.openAiPrompt.trim() === defaultUserPrompt.trim()) {
-                    data.openAiPrompt = '';
-                }
-                if (typeof request.payload.openAiAPIKey === 'string') {
-                    data.openAiAPIKey = request.payload.openAiAPIKey;
-                }
-                if (typeof request.payload.openAiAPIUrl === 'string') {
-                    data.openAiAPIUrl = request.payload.openAiAPIUrl;
-                }
-                for (let key of Object.keys(data)) {
-                    await settings.set(key, data[key]);
+                if (licenseInfo.active) {
+                    await request.flash({ type: 'info', message: `License activated` });
                 }
-                await request.flash({ type: 'info', message: `Configuration updated` });
-                return h.redirect('/admin/config/ai');
+                return h.redirect('/admin/config/license');
             } catch (err) {
-                await request.flash({ type: 'danger', message: `Couldn't save settings. Try again.` });
-                request.logger.error({ msg: 'Failed to update configuration', err });
-                let hasOpenAiAPIKey = !!(await settings.get('openAiAPIKey'));
-                let openAiError = await getOpenAiError(request.app.gt);
-                const errorLog = ((await llmPreProcess.getErrorLog()) || []).map(entry => {
-                    if (entry.error && typeof entry.error === 'string') {
-                        entry.error = entry.error
-                            .replace(/\r?\n/g, '\n')
-                            .replace(/^\s+at\s+.*$/gm, '')
-                            .replace(/\n+/g, '\n')
-                            .trim()
-                            .replace(/(evalmachine.<anonymous>:)(\d+)/, (o, p, n) => p + (Number(n) - 1));
-                    }
-                    return entry;
-                });
+                await request.flash({ type: 'danger', message: `Couldn't register license. Check the key and try again.` });
+                request.logger.error({ msg: 'Failed to register license key', err });
                 return h.view(
-                    'config/ai',
+                    'config/license',
                     {
-                        pageTitle: 'AI Processing',
+                        pageTitle: 'License',
                         menuConfig: true,
-                        menuConfigAi: true,
-                        errorLog,
-                        defaultPromptJson: JSON.stringify({ prompt: await getDefaultPrompt() }),
-                        hasOpenAiAPIKey,
-                        openAiError,
-                        openAiModels: await getOpenAiModels(OPEN_AI_MODELS, request.payload.openAiModel),
-                        scriptEnvJson: JSON.stringify((await settings.get('scriptEnv')) || '{}'),
-                        examplePayloadsJson: JSON.stringify(
-                            (await getExampleDocumentsPayloads()).map(entry =>
-                                Object.assign({}, entry, { summary: undefined, riskAssessment: undefined, preview: undefined })
-                            )
-                        )
+                        menuConfigWebhooks: true,
+                        errors: err.details,
+                        showLicenseText:
+                            (err.details && !!err.details.license) ||
+                            !request.app.licenseInfo ||
+                            !request.app.licenseInfo.active ||
+                            (request.app.licenseInfo.details && request.app.licenseInfo.details.trial)
                     },
-                    { layout: 'app' }
+                    {
+                        layout: 'app'
+                    }
                 );
             }
         },
         options: {
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
                 async failAction(request, h, err) {
                     let errors = {};
                     if (err.details) {
                         err.details.forEach(detail => {
                             if (!errors[detail.path]) {
@@ -1038,200 +1509,155 @@ return true;`
                         });
                     }
-                    await request.flash({ type: 'danger', message: `Couldn't save settings. Try again.` });
-                    request.logger.error({ msg: 'Failed to update configuration', err });
-                    let hasOpenAiAPIKey = !!(await settings.get('openAiAPIKey'));
-                    let openAiError = await getOpenAiError(request.app.gt);
-                    const errorLog = ((await llmPreProcess.getErrorLog()) || []).map(entry => {
-                        if (entry.error && typeof entry.error === 'string') {
-                            entry.error = entry.error
-                                .replace(/\r?\n/g, '\n')
-                                .replace(/^\s+at\s+.*$/gm, '')
-                                .replace(/\n+/g, '\n')
-                                .trim()
-                                .replace(/(evalmachine.<anonymous>:)(\d+)/, (o, p, n) => p + (Number(n) - 1));
-                        }
-                        return entry;
-                    });
+                    await request.flash({ type: 'danger', message: `Couldn't register license. Check the key and try again.` });
+                    request.logger.error({ msg: 'Failed to register license key', err });
                     return h
                         .view(
-                            'config/ai',
+                            'config/license',
                             {
-                                pageTitle: 'AI Processing',
+                                pageTitle: 'License',
                                 menuConfig: true,
-                                menuConfigAi: true,
-                                errorLog,
-                                defaultPromptJson: JSON.stringify({ prompt: await getDefaultPrompt() }),
-                                hasOpenAiAPIKey,
-                                openAiError,
-                                openAiModels: await getOpenAiModels(OPEN_AI_MODELS, request.payload.openAiModel),
-                                scriptEnvJson: JSON.stringify((await settings.get('scriptEnv')) || '{}'),
-                                examplePayloadsJson: JSON.stringify(
-                                    (await getExampleDocumentsPayloads()).map(entry =>
-                                        Object.assign({}, entry, { summary: undefined, riskAssessment: undefined, preview: undefined })
-                                    )
-                                ),
-                                errors
+                                menuConfigWebhooks: true,
+                                errors,
+                                showLicenseText:
+                                    (errors && !!errors.license) ||
+                                    !request.app.licenseInfo ||
+                                    !request.app.licenseInfo.active ||
+                                    (request.app.licenseInfo.details && request.app.licenseInfo.details.trial)
                             },
-                            { layout: 'app' }
+                            {
+                                layout: 'app'
+                            }
                         )
                         .takeover();
                 },
                 payload: Joi.object({
-                    generateEmailSummary: settingsSchema.generateEmailSummary.default(false),
-                    openAiAPIKey: settingsSchema.openAiAPIKey.empty(''),
-                    openAiModel: settingsSchema.openAiModel.empty(''),
-                    openAiAPIUrl: settingsSchema.openAiAPIUrl.default(''),
-                    openAiPrompt: settingsSchema.openAiPrompt.default(''),
-                    contentFnJson: Joi.string()
-                        .max(1024 * 1024)
-                        .default('')
-                        .allow('')
-                        .trim(),
-                    openAiTemperature: settingsSchema.openAiTemperature.default(''),
-                    openAiTopP: settingsSchema.openAiTopP.default(''),
-                    openAiMaxTokens: settingsSchema.openAiMaxTokens.default('')
-                })
+                    license: Joi.string()
+                        .max(10 * 1024)
+                        .required()
+                        .example('-----BEGIN LICENSE-----\r\n...')
+                        .description('License file')
+                }).label('RegisterLicense')
             }
         }
     });
-    // AI test prompt route
     server.route({
         method: 'POST',
-        path: '/admin/config/ai/test-prompt',
-        async handler(request) {
+        path: '/admin/config/license/delete',
+        async handler(request, h) {
             try {
-                request.logger.info({ msg: 'Prompt test' });
-                const parsed = await simpleParser(Buffer.from(request.payload.emailFile, 'base64'));
-                const response = {};
-                response.summary = await call({
-                    cmd: 'generateSummary',
-                    data: {
-                        message: {
-                            headers: parsed.headerLines.map(header => libmime.decodeHeader(header.line)),
-                            attachments: parsed.attachments,
-                            html: parsed.html,
-                            text: parsed.text
-                        },
-                        openAiAPIKey: request.payload.openAiAPIKey,
-                        openAiModel: request.payload.openAiModel,
-                        openAiAPIUrl: request.payload.openAiAPIUrl,
-                        openAiPrompt: request.payload.openAiPrompt,
-                        openAiTemperature: request.payload.openAiTemperature,
-                        openAiTopP: request.payload.openAiTopP,
-                        openAiMaxTokens: request.payload.openAiMaxTokens
-                    },
-                    timeout: 2 * 60 * 1000
-                });
-                for (let key of Object.keys(response.summary)) {
-                    if (key.charAt(0) === '_' || response.summary[key] === '') {
-                        delete response.summary[key];
-                    }
-                    if (key === 'riskAssessment') {
-                        response.riskAssessment = response.summary.riskAssessment;
-                        delete response.summary.riskAssessment;
-                    }
+                const licenseInfo = await call({ cmd: 'removeLicense' });
+                if (!licenseInfo) {
+                    let err = new Error('Failed to clear license info');
+                    err.statusCode = 403;
+                    throw err;
+                } else {
+                    await request.flash({ type: 'info', message: `License removed` });
                 }
-                return { success: true, response };
+                return h.redirect('/admin/config/license');
             } catch (err) {
-                request.logger.error({ msg: 'Failed to test prompt', err });
-                return { success: false, error: err.message };
+                await request.flash({ type: 'danger', message: `Couldn't remove license. Try again.` });
+                request.logger.error({ msg: 'Failed to unregister license key', err, token: request.payload.token, remoteAddress: request.app.ip });
+                return h.redirect('/admin/config/license');
             }
         },
         options: {
-            payload: { maxBytes: MAX_BODY_SIZE, timeout: MAX_PAYLOAD_TIMEOUT },
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
-                failAction,
-                payload: Joi.object({
-                    emailFile: Joi.string().base64({ paddingRequired: false }).required(),
-                    openAiAPIKey: settingsSchema.openAiAPIKey.empty(''),
-                    openAiModel: settingsSchema.openAiModel.empty(''),
-                    openAiAPIUrl: settingsSchema.openAiAPIUrl.default(''),
-                    openAiPrompt: settingsSchema.openAiPrompt.default(''),
-                    openAiTemperature: settingsSchema.openAiTemperature.empty(''),
-                    openAiTopP: settingsSchema.openAiTopP.empty(''),
-                    openAiMaxTokens: settingsSchema.openAiMaxTokens.empty('')
-                })
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+                async failAction(request, h, err) {
+                    await request.flash({ type: 'danger', message: `Couldn't remove license. Try again.` });
+                    request.logger.error({ msg: 'Failed to unregister license key', err });
+                    return h.redirect('/admin/config/license').takeover();
+                },
+                payload: Joi.object({})
             }
         }
     });
-    // AI reload models route
     server.route({
         method: 'POST',
-        path: '/admin/config/ai/reload-models',
+        path: '/admin/config/license/trial',
         async handler(request) {
             try {
-                request.logger.info({ msg: 'Reload models' });
+                // provision new trial license
-                const { models } = await call({
-                    cmd: 'openAiListModels',
-                    data: {
-                        openAiAPIKey: request.payload.openAiAPIKey,
-                        openAiAPIUrl: request.payload.openAiAPIUrl
-                    },
-                    timeout: 2 * 60 * 1000
+                let headers = {
+                    'Content-Type': 'application/json',
+                    'User-Agent': `${packageData.name}/${packageData.version} (+${packageData.homepage})`
+                };
+                let res = await fetchCmd(`${LICENSE_HOST}/licenses/trial`, {
+                    method: 'post',
+                    body: JSON.stringify({
+                        version: packageData.version,
+                        app: '@postalsys/emailengine-app',
+                        hostname: os.hostname() || 'localhost',
+                        url: (await settings.get('serviceUrl')) || ''
+                    }),
+                    headers,
+                    dispatcher: httpAgent.retry
                 });
-                if (models && models.length) {
-                    await settings.set('openAiModels', models);
+                if (!res.ok) {
+                    let err = new Error(res.statusText || `Invalid response: ${res.status} ${res.statusText}`);
+                    err.statusCode = res.status;
+                    try {
+                        err.response = await res.json();
+                    } catch (err) {
+                        // ignore
+                    }
+                    throw err;
                 }
-                return { success: true, models };
-            } catch (err) {
-                request.logger.error({ msg: 'Failed reloading OpenAI models', err });
-                return { success: false, error: err.message };
-            }
-        },
-        options: {
-            validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
-                failAction,
-                payload: Joi.object({
-                    openAiAPIKey: settingsSchema.openAiAPIKey.empty(''),
-                    openAiAPIUrl: settingsSchema.openAiAPIUrl.default('')
-                })
-            }
-        }
-    });
+                const data = await res.json();
-    // Browser config route
-    server.route({
-        method: 'POST',
-        path: '/admin/config/browser',
-        async handler(request) {
-            for (let key of ['serviceUrl', 'language', 'timezone']) {
-                if (request.payload[key]) {
-                    let existingValue = await settings.get(key);
-                    if (existingValue === null) {
-                        await settings.set(key, request.payload[key]);
-                    }
+                let licenseFile = `-----BEGIN LICENSE-----
+${Buffer.from(data.content, 'base64url').toString('base64')}
+-----END LICENSE-----`;
+                const licenseInfo = await call({ cmd: 'updateLicense', license: licenseFile });
+                if (!licenseInfo) {
+                    let err = new Error('Failed to update license. Check license file contents.');
+                    err.statusCode = 403;
+                    err.details = { license: err.message };
+                    throw err;
+                }
+                if (licenseInfo.active) {
+                    await request.flash({ type: 'info', message: `Trial activated` });
+                    return { success: true, message: `Trial activated` };
                 }
+                throw new Error('Failed to activate provisioned trial license');
+            } catch (err) {
+                request.logger.error({ msg: 'Failed to provision a trial license key', err, remoteAddress: request.app.ip });
+                return { success: false, error: (err.response && err.response.error) || err.message };
             }
-            return { success: true };
         },
         options: {
             validate: {
-                options: { stripUnknown: true, abortEarly: false, convert: true },
-                failAction,
-                payload: Joi.object({
-                    serviceUrl: settingsSchema.serviceUrl.empty('').allow(false),
-                    language: Joi.string()
-                        .empty('')
-                        .lowercase()
-                        .regex(/^[a-z0-9]{1,5}([-_][a-z0-9]{1,15})?$/)
-                        .allow(false),
-                    timezone: Joi.string().empty('').allow(false).max(255)
-                })
+                options: {
+                    stripUnknown: true,
+                    abortEarly: false,
+                    convert: true
+                },
+                failAction
             }
         }
     });