npm - hypermail-mcp - Versions diffs - 0.3.0 → 0.4.1 - Mend

hypermail-mcp 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js CHANGED Viewed

@@ -182,9 +182,9 @@ var DEFAULT_SCOPES = [
   "Mail.ReadWrite",
   "Mail.Send"
 ];
-function makeConfig(prevCacheJson) {
-  const clientId = process.env.MS_CLIENT_ID || DEFAULT_CLIENT_ID;
-  const tenant = process.env.MS_TENANT_ID || "common";
+function makeConfig(prevCacheJson, clientIdOverride, tenantOverride) {
+  const clientId = clientIdOverride || process.env.MS_CLIENT_ID || DEFAULT_CLIENT_ID;
+  const tenant = tenantOverride || process.env.MS_TENANT_ID || "common";
   return {
     auth: {
       clientId,
@@ -196,15 +196,15 @@ function makeConfig(prevCacheJson) {
     } : void 0
   };
 }
-function buildPca(prevCacheJson) {
-  const pca = new PublicClientApplication(makeConfig(prevCacheJson));
+function buildPca(prevCacheJson, clientIdOverride, tenantOverride) {
+  const pca = new PublicClientApplication(makeConfig(prevCacheJson, clientIdOverride, tenantOverride));
   if (prevCacheJson) {
     pca.getTokenCache().deserialize(prevCacheJson);
   }
   return pca;
 }
-function beginDeviceCode(scopes = DEFAULT_SCOPES) {
-  const pca = buildPca();
+function beginDeviceCode(scopes = DEFAULT_SCOPES, clientIdOverride, tenantOverride) {
+  const pca = buildPca(void 0, clientIdOverride, tenantOverride);
   let resolve;
   let reject;
   const result = new Promise(
@@ -284,8 +284,8 @@ async function awaitDeviceCodeReady(b) {
   const r = b._ready;
   await r;
 }
-async function acquireAccessToken(tokens, scopes = DEFAULT_SCOPES) {
-  const pca = buildPca(tokens.msalCache);
+async function acquireAccessToken(tokens, scopes = DEFAULT_SCOPES, clientIdOverride, tenantOverride) {
+  const pca = buildPca(tokens.msalCache, clientIdOverride, tenantOverride);
   const cache = pca.getTokenCache();
   const account = await cache.getAccountByHomeId(tokens.homeAccountId) ?? (await cache.getAllAccounts()).find((a) => a.username === tokens.username);
   if (!account) {
@@ -305,10 +305,14 @@ async function acquireAccessToken(tokens, scopes = DEFAULT_SCOPES) {
 // src/providers/outlook/client.ts
 var OutlookClientFactory = class {
-  constructor(store) {
+  constructor(store, clientId, tenantId) {
     this.store = store;
+    this.clientId = clientId;
+    this.tenantId = tenantId;
   }
   store;
+  clientId;
+  tenantId;
   cache = /* @__PURE__ */ new Map();
   get(account) {
     const key = account.email.toLowerCase();
@@ -319,7 +323,12 @@ var OutlookClientFactory = class {
       getAccessToken: async () => {
         const fresh = store.getAccount(account.email) ?? account;
         const tokens = fresh.tokens;
-        const { accessToken, tokens: nextTokens } = await acquireAccessToken(tokens);
+        const { accessToken, tokens: nextTokens } = await acquireAccessToken(
+          tokens,
+          void 0,
+          this.clientId,
+          this.tenantId
+        );
         if (nextTokens.msalCache !== tokens.msalCache) {
           store.upsertAccount({
             ...fresh,
@@ -362,15 +371,19 @@ function convertInlineImages(body) {
 var OutlookProvider = class {
   constructor(opts) {
     this.opts = opts;
-    this.clients = new OutlookClientFactory(opts.store);
+    this.clientId = opts.clientId;
+    this.tenantId = opts.tenantId;
+    this.clients = new OutlookClientFactory(opts.store, opts.clientId, opts.tenantId);
   }
   opts;
   id = "outlook";
   clients;
   pending = /* @__PURE__ */ new Map();
+  clientId;
+  tenantId;
   // ---------- account lifecycle ----------
   async addAccount(input) {
-    const begin = beginDeviceCode();
+    const begin = beginDeviceCode(void 0, this.clientId, this.tenantId);
     await awaitDeviceCodeReady(begin);
     const handle = randomUUID();
     const flow = {
@@ -440,7 +453,7 @@ var OutlookProvider = class {
     const folder = opts.folder ?? "inbox";
     const filterParts = [];
     if (opts.unreadOnly) filterParts.push("isRead eq false");
-    let req = client.api(`/me/mailFolders/${encodeURIComponent(folder)}/messages`).top(limit).select([
+    let req = client.api(`/me/mailFolders/${encodeURIComponent(folder)}/messages`).top(limit).skip(opts.skip ?? 0).select([
       "id",
       "subject",
       "from",
@@ -452,7 +465,10 @@ var OutlookProvider = class {
     ].join(",")).orderby("receivedDateTime DESC");
     if (filterParts.length > 0) req = req.filter(filterParts.join(" and "));
     const res = await req.get();
-    return res.value.map((m) => mapSummary(m, folder));
+    return {
+      items: res.value.map((m) => mapSummary(m, folder)),
+      hasMore: !!res["@odata.nextLink"]
+    };
   }
   async searchEmails(account, query, opts) {
     const client = this.clients.get(account);
@@ -648,11 +664,99 @@ var OutlookProvider = class {
     const draft = await client.api("/me/messages").post(draftPayload);
     return { id: draft.id };
   }
+  async updateDraft(account, id, update) {
+    const client = this.clients.get(account);
+    const payload = {};
+    if (update.subject !== void 0) {
+      payload.subject = update.subject;
+    }
+    if (update.to !== void 0) {
+      payload.toRecipients = update.to.map(toRecipient);
+    }
+    if (update.cc !== void 0) {
+      payload.ccRecipients = update.cc.map(toRecipient);
+    }
+    if (update.bcc !== void 0) {
+      payload.bccRecipients = update.bcc.map(toRecipient);
+    }
+    if (update.body !== void 0) {
+      const converted = convertInlineImages(update.body);
+      payload.body = {
+        contentType: update.isHtml ? "HTML" : "Text",
+        content: converted.body
+      };
+      if (converted.attachments.length > 0) {
+        payload.attachments = converted.attachments;
+      }
+    }
+    await client.api(`/me/messages/${encodeURIComponent(id)}`).patch(payload);
+    return { id };
+  }
   async moveEmail(account, id, destinationId) {
     const client = this.clients.get(account);
     await client.api(`/me/messages/${encodeURIComponent(id)}/move`).post({ destinationId });
   }
+  async sendDraft(account, id) {
+    const client = this.clients.get(account);
+    await client.api(`/me/messages/${encodeURIComponent(id)}/send`).post({});
+    return { id };
+  }
+  async addAttachmentToDraft(account, draftId, name, contentBytes, contentType) {
+    const client = this.clients.get(account);
+    const att = await client.api(`/me/messages/${encodeURIComponent(draftId)}/attachments`).post({
+      "@odata.type": "#microsoft.graph.fileAttachment",
+      name,
+      contentType: contentType ?? "application/octet-stream",
+      contentBytes
+    });
+    return {
+      id: draftId,
+      attachment: { id: att.id, name: att.name, contentType: att.contentType }
+    };
+  }
+  async markRead(account, id, isRead) {
+    const client = this.clients.get(account);
+    await client.api(`/me/messages/${encodeURIComponent(id)}`).patch({ isRead });
+  }
+  async listFolders(account, opts) {
+    const client = this.clients.get(account);
+    const endpoint = opts.parentFolderId ? `/me/mailFolders/${encodeURIComponent(opts.parentFolderId)}/childFolders` : "/me/mailFolders";
+    const res = await client.api(endpoint).select([
+      "id",
+      "displayName",
+      "parentFolderId",
+      "childFolderCount",
+      "totalItemCount",
+      "unreadItemCount"
+    ].join(",")).get();
+    return (res.value ?? []).map(mapFolder);
+  }
+  async createFolder(account, input) {
+    const client = this.clients.get(account);
+    const parentId = input.parentFolderId ?? "msgfolderroot";
+    const created = await client.api(`/me/mailFolders/${encodeURIComponent(parentId)}/childFolders`).post({ displayName: input.displayName });
+    return mapFolder(created);
+  }
+  async renameFolder(account, folderId, newName) {
+    const client = this.clients.get(account);
+    const updated = await client.api(`/me/mailFolders/${encodeURIComponent(folderId)}`).patch({ displayName: newName });
+    return mapFolder(updated);
+  }
+  async deleteFolder(account, folderId) {
+    const client = this.clients.get(account);
+    await client.api(`/me/mailFolders/${encodeURIComponent(folderId)}`).delete();
+  }
 };
+function mapFolder(f) {
+  return {
+    id: f.id,
+    displayName: f.displayName,
+    parentFolderId: f.parentFolderId,
+    childFolderCount: f.childFolderCount,
+    totalItemCount: f.totalItemCount,
+    unreadItemCount: f.unreadItemCount
+  };
+}
 function mapRecipient(r) {
   return {
     name: r.emailAddress?.name,
@@ -710,15 +814,46 @@ var ImapProvider = class {
   async saveDraft(_account, _msg) {
     throw new Error(NOT_IMPLEMENTED);
   }
+  async updateDraft(_account, _id, _update) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
   async moveEmail(_account, _id, _destinationId) {
     throw new Error(NOT_IMPLEMENTED);
   }
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  async sendDraft(_account, _id) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  async addAttachmentToDraft(_account, _draftId, _name, _contentBytes, _contentType) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
+  async markRead(_account, _id, _isRead) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
+  async listFolders(_account, _opts) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
+  async createFolder(_account, _input) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
+  async renameFolder(_account, _folderId, _newName) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
+  async deleteFolder(_account, _folderId) {
+    throw new Error(NOT_IMPLEMENTED);
+  }
 };
 // src/providers/registry.ts
 function buildRegistry(opts) {
+  const outlookCfg = opts.providers?.outlook;
   const providers = /* @__PURE__ */ new Map();
-  providers.set("outlook", new OutlookProvider({ store: opts.store }));
+  providers.set("outlook", new OutlookProvider({
+    store: opts.store,
+    clientId: outlookCfg?.clientId,
+    tenantId: outlookCfg?.tenantId
+  }));
   providers.set("imap", new ImapProvider());
   function get(id) {
     const p = providers.get(id);
@@ -741,41 +876,11 @@ function buildRegistry(opts) {
   };
 }
-// src/tools/index.ts
+// src/tools/shared.ts
 import { z } from "zod";
-// src/html-to-markdown.ts
-import TurndownService from "turndown";
-var turndown = new TurndownService();
-function htmlToMarkdown(html) {
-  return turndown.turndown(html);
-}
-function selectBody(msg, format) {
-  switch (format) {
-    case "markdown": {
-      if (msg.bodyHtml) return htmlToMarkdown(msg.bodyHtml);
-      if (msg.bodyText) return msg.bodyText;
-      return "";
-    }
-    case "html": {
-      if (msg.bodyHtml) return msg.bodyHtml;
-      if (msg.bodyText) return msg.bodyText;
-      return "";
-    }
-    case "text": {
-      if (msg.bodyText) return msg.bodyText;
-      if (msg.bodyHtml) return msg.bodyHtml.replace(/<[^>]*>/g, "");
-      return "";
-    }
-  }
-}
-// src/tools/index.ts
 function ok(data, structuredContent) {
   const result = {
-    content: [
-      { type: "text", text: JSON.stringify(data, null, 2) }
-    ]
+    content: [{ type: "text", text: JSON.stringify(data, null, 2) }]
   };
   if (structuredContent !== void 0) {
     result.structuredContent = structuredContent;
@@ -788,6 +893,10 @@ function fail(message) {
     content: [{ type: "text", text: message }]
   };
 }
+function errMsg(err) {
+  if (err instanceof Error) return err.message;
+  return String(err);
+}
 var emailAddrSchema = z.object({
   address: z.string().email(),
   name: z.string().optional()
@@ -826,369 +935,239 @@ var styleOutputSchema = z.object({
   fontSize: z.string().optional(),
   fontColor: z.string().optional()
 });
-function registerTools(server, opts) {
-  const { store, registry, readOnly = false, draftOnly = false } = opts;
+var folderInfoOutputSchema = z.object({
+  id: z.string(),
+  displayName: z.string(),
+  parentFolderId: z.string().optional(),
+  childFolderCount: z.number(),
+  totalItemCount: z.number(),
+  unreadItemCount: z.number()
+});
+function composeBody(input) {
+  const { body, isHtml = false, signature, style, includeSignature } = input;
+  const hasSignature = includeSignature && !!signature;
+  const hasStyle = !!(style && (style.fontFamily || style.fontSize || style.fontColor));
+  if (!hasSignature && !hasStyle) {
+    return { body, isHtml };
+  }
+  const styleAttr = hasStyle ? buildStyleAttr(style) : "";
+  if (isHtml) {
+    let result2 = hasStyle ? `<div style="${styleAttr}">${body}</div>` : body;
+    if (hasSignature) result2 += `
+<div class="signature">${signature}</div>`;
+    return { body: result2, isHtml: true };
+  }
+  const escaped = escapeHtml(body);
+  let result = `<div style="${styleAttr}">${escaped}</div>`;
+  if (hasSignature) result += `
+<div class="signature">${signature}</div>`;
+  return { body: result, isHtml: true };
+}
+function buildStyleAttr(style) {
+  const parts = [];
+  if (style.fontFamily) parts.push(`font-family: ${style.fontFamily}`);
+  if (style.fontSize) parts.push(`font-size: ${style.fontSize}`);
+  if (style.fontColor) parts.push(`color: ${style.fontColor}`);
+  return parts.join("; ");
+}
+function escapeHtml(text) {
+  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/\n/g, "<br>");
+}
+function shouldRegister(name, tools) {
+  if (tools.enabledTools) {
+    return tools.enabledTools.has(name);
+  }
+  if (tools.disabledTools) {
+    return !tools.disabledTools.has(name);
+  }
+  return true;
+}
+// src/tools/accounts.ts
+import { z as z2 } from "zod";
+function registerAccountTools(server, ctx) {
+  const { store, registry, tools } = ctx;
   const listAccountsOutputSchema = {
-    accounts: z.array(accountSummaryOutputSchema)
+    accounts: z2.array(accountSummaryOutputSchema)
   };
-  server.registerTool(
-    "list_accounts",
-    {
-      description: "List all email accounts known to this server (no secrets). Use the returned `email` value as the `account` argument to other tools.",
-      inputSchema: {},
-      outputSchema: listAccountsOutputSchema
-    },
-    async () => {
-      const rows = store.listAccounts().map((a) => ({
-        email: a.email,
-        provider: a.provider,
-        displayName: a.displayName,
-        addedAt: a.addedAt,
-        hasSignature: !!a.signature,
-        hasStyle: !!(a.style && (a.style.fontFamily || a.style.fontSize || a.style.fontColor))
-      }));
-      const data = { accounts: rows };
-      return ok(data, data);
-    }
-  );
-  const addAccountOutputSchema = z.discriminatedUnion("status", [
-    z.object({
-      status: z.literal("pending"),
-      handle: z.string(),
-      verification: z.object({
-        userCode: z.string(),
-        verificationUri: z.string(),
-        expiresAt: z.string(),
-        message: z.string()
+  if (shouldRegister("list_accounts", tools)) {
+    server.registerTool(
+      "list_accounts",
+      {
+        description: "List all email accounts known to this server (no secrets). Use the returned `email` value as the `account` argument to other tools.",
+        inputSchema: {},
+        outputSchema: listAccountsOutputSchema
+      },
+      async () => {
+        const rows = store.listAccounts().map((a) => ({
+          email: a.email,
+          provider: a.provider,
+          displayName: a.displayName,
+          addedAt: a.addedAt,
+          hasSignature: !!a.signature,
+          hasStyle: !!(a.style && (a.style.fontFamily || a.style.fontSize || a.style.fontColor))
+        }));
+        const data = { accounts: rows };
+        return ok(data, data);
+      }
+    );
+  }
+  const addAccountOutputSchema = z2.discriminatedUnion("status", [
+    z2.object({
+      status: z2.literal("pending"),
+      handle: z2.string(),
+      verification: z2.object({
+        userCode: z2.string(),
+        verificationUri: z2.string(),
+        expiresAt: z2.string(),
+        message: z2.string()
       })
     }),
-    z.object({
-      status: z.literal("ready"),
-      account: z.object({
-        email: z.string(),
-        provider: z.enum(["outlook", "imap", "gmail"]),
-        displayName: z.string().optional(),
-        tokens: z.record(z.unknown()),
-        addedAt: z.string(),
-        signature: z.string().optional(),
+    z2.object({
+      status: z2.literal("ready"),
+      account: z2.object({
+        email: z2.string(),
+        provider: z2.enum(["outlook", "imap", "gmail"]),
+        displayName: z2.string().optional(),
+        tokens: z2.record(z2.unknown()),
+        addedAt: z2.string(),
+        signature: z2.string().optional(),
         style: styleOutputSchema.optional()
       })
     })
   ]);
-  server.registerTool(
-    "add_account",
-    {
-      description: "Start adding an email account. For Outlook this returns a device code the user must enter at the verification URL; then call `complete_add_account` with the returned `handle` to finalize. Disabled in --read-only mode.",
-      inputSchema: {
-        provider: z.enum(["outlook", "imap", "gmail"]).describe("Email backend. v1 only fully implements 'outlook'."),
-        email: z.string().email().optional().describe("Optional hint \u2014 the provider will verify it against the auth result."),
-        config: z.record(z.unknown()).optional().describe("Provider-specific config (e.g. IMAP host/port). Unused for Outlook.")
+  if (shouldRegister("add_account", tools)) {
+    server.registerTool(
+      "add_account",
+      {
+        description: "Start adding an email account. For Outlook this returns a device code the user must enter at the verification URL; then call `complete_add_account` with the returned `handle` to finalize. Disabled in --read-only mode.",
+        inputSchema: {
+          provider: z2.enum(["outlook", "imap", "gmail"]).describe("Email backend. v1 only fully implements 'outlook'."),
+          email: z2.string().email().optional().describe(
+            "Optional hint \u2014 the provider will verify it against the auth result."
+          ),
+          config: z2.record(z2.unknown()).optional().describe(
+            "Provider-specific config (e.g. IMAP host/port). Unused for Outlook."
+          )
+        },
+        outputSchema: addAccountOutputSchema
       },
-      outputSchema: addAccountOutputSchema
-    },
-    async (args) => {
-      if (readOnly) return fail("server is in --read-only mode; add_account is disabled");
-      const provider = registry.get(args.provider);
-      try {
-        const res = await provider.addAccount({ email: args.email, config: args.config });
-        return ok(res, res);
-      } catch (err) {
-        return fail(errMsg(err));
+      async (args) => {
+        const provider = registry.get(args.provider);
+        try {
+          const res = await provider.addAccount({
+            email: args.email,
+            config: args.config
+          });
+          return ok(res, res);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
       }
-    }
-  );
-  const completeAddAccountOutputSchema = z.object({
-    status: z.enum(["pending", "ready", "expired", "error"]),
-    account: z.object({
-      email: z.string(),
-      provider: z.enum(["outlook", "imap", "gmail"]),
-      displayName: z.string().optional(),
-      tokens: z.record(z.unknown()),
-      addedAt: z.string(),
-      signature: z.string().optional(),
+    );
+  }
+  const completeAddAccountOutputSchema = z2.object({
+    status: z2.enum(["pending", "ready", "expired", "error"]),
+    account: z2.object({
+      email: z2.string(),
+      provider: z2.enum(["outlook", "imap", "gmail"]),
+      displayName: z2.string().optional(),
+      tokens: z2.record(z2.unknown()),
+      addedAt: z2.string(),
+      signature: z2.string().optional(),
       style: styleOutputSchema.optional()
     }).optional(),
-    error: z.string().optional()
+    error: z2.string().optional()
   });
-  server.registerTool(
-    "complete_add_account",
-    {
-      description: "Poll/finalize a pending add_account flow. Returns `pending` until the user completes the device-code step, then `ready` with the persisted account.",
-      inputSchema: {
-        provider: z.enum(["outlook", "imap", "gmail"]),
-        handle: z.string().min(1)
+  if (shouldRegister("complete_add_account", tools)) {
+    server.registerTool(
+      "complete_add_account",
+      {
+        description: "Poll/finalize a pending add_account flow. Returns `pending` until the user completes the device-code step, then `ready` with the persisted account.",
+        inputSchema: {
+          provider: z2.enum(["outlook", "imap", "gmail"]),
+          handle: z2.string().min(1)
+        },
+        outputSchema: completeAddAccountOutputSchema
       },
-      outputSchema: completeAddAccountOutputSchema
-    },
-    async (args) => {
-      const provider = registry.get(args.provider);
-      if (!provider.completeAddAccount) {
-        return fail(`provider ${args.provider} has no async add-account flow`);
-      }
-      try {
-        const res = await provider.completeAddAccount(args.handle);
-        return ok(res, res);
-      } catch (err) {
-        return fail(errMsg(err));
+      async (args) => {
+        const provider = registry.get(args.provider);
+        if (!provider.completeAddAccount) {
+          return fail(
+            `provider ${args.provider} has no async add-account flow`
+          );
+        }
+        try {
+          const res = await provider.completeAddAccount(args.handle);
+          return ok(res, res);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
       }
-    }
-  );
+    );
+  }
   const accountSettingsOutputSchema = {
-    signature: z.string().nullable(),
+    signature: z2.string().nullable(),
     style: styleOutputSchema.nullable()
   };
-  server.registerTool(
-    "get_account_settings",
-    {
-      description: "Get signature (HTML) and style preferences for an account.",
-      inputSchema: { account: z.string().email() },
-      outputSchema: accountSettingsOutputSchema
-    },
-    async (args) => {
-      try {
-        const acct = store.getAccount(args.account);
-        if (!acct) return fail(`no account registered for "${args.account}"`);
-        const data = { signature: acct.signature ?? null, style: acct.style ?? null };
-        return ok(data, data);
-      } catch (err) {
-        return fail(errMsg(err));
-      }
-    }
-  );
-  server.registerTool(
-    "set_account_settings",
-    {
-      description: "Set signature (HTML snippet) and/or style preferences for an account. Disabled in --read-only mode.",
-      inputSchema: {
-        account: z.string().email(),
-        signature: z.string().optional().describe("HTML snippet \u2014 may contain formatting, images, links. Pass null to clear."),
-        style: z.object({
-          fontFamily: z.string().optional(),
-          fontSize: z.string().optional(),
-          fontColor: z.string().optional()
-        }).optional().describe("Font preferences applied to outgoing HTML emails. Pass null to clear.")
-      },
-      outputSchema: accountSettingsOutputSchema
-    },
-    async (args) => {
-      if (readOnly) return fail("server is in --read-only mode; set_account_settings is disabled");
-      try {
-        const acct = store.getAccount(args.account);
-        if (!acct) return fail(`no account registered for "${args.account}"`);
-        const updated = await store.upsertAccount({
-          ...acct,
-          signature: args.signature ?? acct.signature,
-          style: args.style ?? acct.style
-        });
-        const data = { signature: updated.signature ?? null, style: updated.style ?? null };
-        return ok(data, data);
-      } catch (err) {
-        return fail(errMsg(err));
-      }
-    }
-  );
-  const removeAccountOutputSchema = {
-    removed: z.boolean(),
-    email: z.string()
-  };
-  server.registerTool(
-    "remove_account",
-    {
-      description: "Forget an account and delete its stored tokens. Disabled in --read-only mode.",
-      inputSchema: { email: z.string().email() },
-      outputSchema: removeAccountOutputSchema
-    },
-    async (args) => {
-      if (readOnly) return fail("server is in --read-only mode; remove_account is disabled");
-      const removed = await store.removeAccount(args.email);
-      const data = { removed, email: args.email };
-      return ok(data, data);
-    }
-  );
-  const emailListOutputSchema = {
-    account: z.string(),
-    count: z.number(),
-    items: z.array(emailSummaryOutputSchema)
-  };
-  server.registerTool(
-    "list_emails",
-    {
-      description: "List recent emails in a folder of the given account. Pass the user's email address as `account`; the server routes to the correct backend automatically.",
-      inputSchema: {
-        account: z.string().email(),
-        folder: z.string().default("inbox").optional(),
-        limit: z.number().int().positive().max(100).optional(),
-        unreadOnly: z.boolean().optional()
-      },
-      outputSchema: emailListOutputSchema
-    },
-    async (args) => {
-      try {
-        const { provider, account } = registry.resolveByEmail(args.account);
-        const items = await provider.listEmails(account, {
-          folder: args.folder,
-          limit: args.limit,
-          unreadOnly: args.unreadOnly
-        });
-        const data = { account: account.email, count: items.length, items };
-        return ok(data, data);
-      } catch (err) {
-        return fail(errMsg(err));
-      }
-    }
-  );
-  server.registerTool(
-    "search_emails",
-    {
-      description: "Search emails by free-text query (KQL on Outlook). Returns lightweight summaries.",
-      inputSchema: {
-        account: z.string().email(),
-        query: z.string().min(1),
-        limit: z.number().int().positive().max(100).optional()
-      },
-      outputSchema: emailListOutputSchema
-    },
-    async (args) => {
-      try {
-        const { provider, account } = registry.resolveByEmail(args.account);
-        const items = await provider.searchEmails(account, args.query, {
-          limit: args.limit
-        });
-        const data = { account: account.email, count: items.length, items };
-        return ok(data, data);
-      } catch (err) {
-        return fail(errMsg(err));
-      }
-    }
-  );
-  const readEmailOutputSchema = {
-    id: z.string(),
-    subject: z.string(),
-    from: emailAddrOutputSchema.optional(),
-    to: z.array(emailAddrOutputSchema).optional(),
-    cc: z.array(emailAddrOutputSchema).optional(),
-    bcc: z.array(emailAddrOutputSchema).optional(),
-    receivedAt: z.string().optional(),
-    preview: z.string().optional(),
-    isRead: z.boolean().optional(),
-    hasAttachments: z.boolean().optional(),
-    folder: z.string().optional(),
-    attachments: z.array(attachmentMetaOutputSchema).optional(),
-    body: z.string(),
-    bodyFormat: z.enum(["markdown", "html", "text"])
-  };
-  server.registerTool(
-    "read_email",
-    {
-      description: "Fetch a single email with full body and recipients by id. Body is returned as `body` with `bodyFormat` indicating the format. Default format is 'markdown' \u2014 HTML is automatically converted to save context tokens.",
-      inputSchema: {
-        account: z.string().email(),
-        id: z.string().min(1),
-        format: z.enum(["markdown", "html", "text"]).default("markdown").optional().describe(
-          "Output body format. 'markdown' converts HTML to Markdown (default), 'html' returns the raw HTML, 'text' returns plain text."
-        )
-      },
-      outputSchema: readEmailOutputSchema
-    },
-    async (args) => {
-      try {
-        const { provider, account } = registry.resolveByEmail(args.account);
-        const msg = await provider.readEmail(account, args.id);
-        const format = args.format ?? "markdown";
-        const body = selectBody(msg, format);
-        const data = {
-          id: msg.id,
-          subject: msg.subject,
-          from: msg.from,
-          to: msg.to,
-          cc: msg.cc,
-          bcc: msg.bcc,
-          receivedAt: msg.receivedAt,
-          preview: msg.preview,
-          isRead: msg.isRead,
-          hasAttachments: msg.hasAttachments,
-          folder: msg.folder,
-          attachments: msg.attachments,
-          body,
-          bodyFormat: format
-        };
-        return ok(data, data);
-      } catch (err) {
-        return fail(errMsg(err));
-      }
-    }
-  );
-  const readAttachmentOutputSchema = {
-    name: z.string(),
-    contentType: z.string().optional(),
-    path: z.string()
-  };
-  server.registerTool(
-    "read_attachment",
-    {
-      description: "Download an email attachment to a temporary file and return its path. Use messageId and attachmentId from a prior read_email call.",
-      inputSchema: {
-        account: z.string().email(),
-        messageId: z.string().min(1),
-        attachmentId: z.string().min(1)
-      },
-      outputSchema: readAttachmentOutputSchema
-    },
-    async (args) => {
-      try {
-        const { provider, account } = registry.resolveByEmail(args.account);
-        const res = await provider.readAttachment(account, args.messageId, args.attachmentId);
-        return ok(res, res);
-      } catch (err) {
-        return fail(errMsg(err));
-      }
-    }
-  );
-  {
-    const schema = {
-      account: z.string().email(),
-      id: z.string().min(1).describe("Message ID to move")
-    };
-    const archiveOutputSchema = {
-      archived: z.literal(true),
-      id: z.string()
-    };
+  if (shouldRegister("get_account_settings", tools)) {
     server.registerTool(
-      "archive_email",
+      "get_account_settings",
       {
-        description: "Move a message to the Archive folder. Disabled in --read-only mode.",
-        inputSchema: schema,
-        outputSchema: archiveOutputSchema
+        description: "Get signature (HTML) and style preferences for an account.",
+        inputSchema: { account: z2.string().email() },
+        outputSchema: accountSettingsOutputSchema
       },
       async (args) => {
-        if (readOnly) return fail("server is in --read-only mode; archive_email is disabled");
         try {
-          const { provider, account } = registry.resolveByEmail(args.account);
-          await provider.moveEmail(account, args.id, "archive");
-          const data = { archived: true, id: args.id };
+          const acct = store.getAccount(args.account);
+          if (!acct)
+            return fail(`no account registered for "${args.account}"`);
+          const data = {
+            signature: acct.signature ?? null,
+            style: acct.style ?? null
+          };
           return ok(data, data);
         } catch (err) {
           return fail(errMsg(err));
         }
       }
     );
-    const trashOutputSchema = {
-      trashed: z.literal(true),
-      id: z.string()
-    };
+  }
+  if (shouldRegister("set_account_settings", tools)) {
     server.registerTool(
-      "trash_email",
+      "set_account_settings",
       {
-        description: "Move a message to the Deleted Items (trash) folder. Disabled in --read-only mode.",
-        inputSchema: schema,
-        outputSchema: trashOutputSchema
+        description: "Set signature (HTML snippet) and/or style preferences for an account. Disabled in --read-only mode.",
+        inputSchema: {
+          account: z2.string().email(),
+          signature: z2.string().optional().describe(
+            "HTML snippet \u2014 may contain formatting, images, links. Pass null to clear."
+          ),
+          style: z2.object({
+            fontFamily: z2.string().optional(),
+            fontSize: z2.string().optional(),
+            fontColor: z2.string().optional()
+          }).optional().describe(
+            "Font preferences applied to outgoing HTML emails. Pass null to clear."
+          )
+        },
+        outputSchema: accountSettingsOutputSchema
       },
       async (args) => {
-        if (readOnly) return fail("server is in --read-only mode; trash_email is disabled");
         try {
-          const { provider, account } = registry.resolveByEmail(args.account);
-          await provider.moveEmail(account, args.id, "deleteditems");
-          const data = { trashed: true, id: args.id };
+          const acct = store.getAccount(args.account);
+          if (!acct)
+            return fail(`no account registered for "${args.account}"`);
+          const updated = await store.upsertAccount({
+            ...acct,
+            signature: args.signature ?? acct.signature,
+            style: args.style ?? acct.style
+          });
+          const data = {
+            signature: updated.signature ?? null,
+            style: updated.style ?? null
+          };
           return ok(data, data);
         } catch (err) {
           return fail(errMsg(err));
@@ -1196,59 +1175,536 @@ function registerTools(server, opts) {
       }
     );
   }
-  const moveEmailOutputSchema = {
-    moved: z.literal(true),
-    id: z.string(),
-    destination: z.string()
+  const removeAccountOutputSchema = {
+    removed: z2.boolean(),
+    email: z2.string()
   };
-  server.registerTool(
-    "move_email",
-    {
-      description: "Move a message to any folder by well-known name (e.g. 'inbox', 'drafts', 'junkemail', 'sentitems', 'outbox') or custom folder ID. Disabled in --read-only mode.",
-      inputSchema: {
-        account: z.string().email(),
-        id: z.string().min(1).describe("Message ID to move"),
-        destination: z.string().min(1).describe(
-          "Destination folder \u2014 a well-known folder name ('archive', 'deleteditems', 'inbox', 'drafts', 'junkemail', 'sentitems', 'outbox') or a raw folder ID."
-        )
+  if (shouldRegister("remove_account", tools)) {
+    server.registerTool(
+      "remove_account",
+      {
+        description: "Forget an account and delete its stored tokens. Disabled in --read-only mode.",
+        inputSchema: { email: z2.string().email() },
+        outputSchema: removeAccountOutputSchema
       },
-      outputSchema: moveEmailOutputSchema
-    },
-    async (args) => {
-      if (readOnly) return fail("server is in --read-only mode; move_email is disabled");
-      try {
-        const { provider, account } = registry.resolveByEmail(args.account);
-        await provider.moveEmail(account, args.id, args.destination);
-        const data = { moved: true, id: args.id, destination: args.destination };
+      async (args) => {
+        const removed = await store.removeAccount(args.email);
+        const data = { removed, email: args.email };
         return ok(data, data);
-      } catch (err) {
-        return fail(errMsg(err));
       }
-    }
-  );
-  const sendEmailSchema = z.object({
-    account: z.string().email(),
-    to: z.array(emailAddrSchema).min(1),
-    cc: z.array(emailAddrSchema).optional(),
-    bcc: z.array(emailAddrSchema).optional(),
-    subject: z.string(),
-    body: z.string(),
-    isHtml: z.boolean().optional(),
-    include_signature: z.boolean().describe(
-      "Whether to append the account's saved HTML signature to the email. If true, don't include a signature in the body param to avoid double signature. Returns an error if true but no signature is configured for this account."
-    ),
-    inReplyTo: z.string().optional().describe(
-      "Message ID to reply to. When set, sends as a threaded reply which includes the quoted thread history automatically."
-    ),
-    replyAll: z.boolean().default(false).optional().describe(
-      "When true and `inReplyTo` is set, reply to all recipients instead of just the sender."
-    ),
-    forwardMessageId: z.string().optional().describe(
+    );
+  }
+}
+// src/tools/browse.ts
+import { z as z3 } from "zod";
+// src/html-to-markdown.ts
+import TurndownService from "turndown";
+var turndown = new TurndownService();
+function htmlToMarkdown(html) {
+  return turndown.turndown(html);
+}
+function selectBody(msg, format) {
+  switch (format) {
+    case "markdown": {
+      if (msg.bodyHtml) return htmlToMarkdown(msg.bodyHtml);
+      if (msg.bodyText) return msg.bodyText;
+      return "";
+    }
+    case "html": {
+      if (msg.bodyHtml) return msg.bodyHtml;
+      if (msg.bodyText) return msg.bodyText;
+      return "";
+    }
+    case "text": {
+      if (msg.bodyText) return msg.bodyText;
+      if (msg.bodyHtml) return msg.bodyHtml.replace(/<[^>]*>/g, "");
+      return "";
+    }
+  }
+}
+// src/tools/browse.ts
+function registerBrowseTools(server, ctx) {
+  const { registry, tools } = ctx;
+  const emailListOutputSchema = {
+    account: z3.string(),
+    count: z3.number(),
+    items: z3.array(emailSummaryOutputSchema),
+    skip: z3.number(),
+    hasMore: z3.boolean()
+  };
+  if (shouldRegister("list_emails", tools)) {
+    server.registerTool(
+      "list_emails",
+      {
+        description: "List recent emails in a folder of the given account. Pass the user's email address as `account`; the server routes to the correct backend automatically.",
+        inputSchema: {
+          account: z3.string().email(),
+          folder: z3.string().default("inbox").optional(),
+          limit: z3.number().int().positive().max(100).optional(),
+          unreadOnly: z3.boolean().optional(),
+          skip: z3.number().int().min(0).optional()
+        },
+        outputSchema: emailListOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const { items, hasMore } = await provider.listEmails(account, {
+            folder: args.folder,
+            limit: args.limit,
+            unreadOnly: args.unreadOnly,
+            skip: args.skip
+          });
+          const data = {
+            account: account.email,
+            count: items.length,
+            items,
+            skip: args.skip ?? 0,
+            hasMore
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  if (shouldRegister("search_emails", tools)) {
+    server.registerTool(
+      "search_emails",
+      {
+        description: "Search emails by free-text query (KQL on Outlook). Returns lightweight summaries.",
+        inputSchema: {
+          account: z3.string().email(),
+          query: z3.string().min(1),
+          limit: z3.number().int().positive().max(100).optional()
+        },
+        outputSchema: emailListOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const items = await provider.searchEmails(account, args.query, {
+            limit: args.limit
+          });
+          const data = {
+            account: account.email,
+            count: items.length,
+            items
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const readEmailOutputSchema = {
+    id: z3.string(),
+    subject: z3.string(),
+    from: emailAddrOutputSchema.optional(),
+    to: z3.array(emailAddrOutputSchema).optional(),
+    cc: z3.array(emailAddrOutputSchema).optional(),
+    bcc: z3.array(emailAddrOutputSchema).optional(),
+    receivedAt: z3.string().optional(),
+    preview: z3.string().optional(),
+    isRead: z3.boolean().optional(),
+    hasAttachments: z3.boolean().optional(),
+    folder: z3.string().optional(),
+    attachments: z3.array(attachmentMetaOutputSchema).optional(),
+    body: z3.string(),
+    bodyFormat: z3.enum(["markdown", "html", "text"])
+  };
+  if (shouldRegister("read_email", tools)) {
+    server.registerTool(
+      "read_email",
+      {
+        description: "Fetch a single email with full body and recipients by id. Body is returned as `body` with `bodyFormat` indicating the format. Default format is 'markdown' \u2014 HTML is automatically converted to save context tokens.",
+        inputSchema: {
+          account: z3.string().email(),
+          id: z3.string().min(1),
+          format: z3.enum(["markdown", "html", "text"]).default("markdown").optional().describe(
+            "Output body format. 'markdown' converts HTML to Markdown (default), 'html' returns the raw HTML, 'text' returns plain text."
+          )
+        },
+        outputSchema: readEmailOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const msg = await provider.readEmail(account, args.id);
+          const format = args.format ?? "markdown";
+          const body = selectBody(msg, format);
+          const data = {
+            id: msg.id,
+            subject: msg.subject,
+            from: msg.from,
+            to: msg.to,
+            cc: msg.cc,
+            bcc: msg.bcc,
+            receivedAt: msg.receivedAt,
+            preview: msg.preview,
+            isRead: msg.isRead,
+            hasAttachments: msg.hasAttachments,
+            folder: msg.folder,
+            attachments: msg.attachments,
+            body,
+            bodyFormat: format
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const readAttachmentOutputSchema = {
+    name: z3.string(),
+    contentType: z3.string().optional(),
+    path: z3.string()
+  };
+  if (shouldRegister("read_attachment", tools)) {
+    server.registerTool(
+      "read_attachment",
+      {
+        description: "Download an email attachment to a temporary file and return its path. Use messageId and attachmentId from a prior read_email call.",
+        inputSchema: {
+          account: z3.string().email(),
+          messageId: z3.string().min(1),
+          attachmentId: z3.string().min(1)
+        },
+        outputSchema: readAttachmentOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const res = await provider.readAttachment(
+            account,
+            args.messageId,
+            args.attachmentId
+          );
+          return ok(res, res);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+}
+// src/tools/folders.ts
+import { z as z4 } from "zod";
+function registerFolderTools(server, ctx) {
+  const { registry, tools } = ctx;
+  const listFoldersOutputSchema = {
+    account: z4.string(),
+    count: z4.number(),
+    items: z4.array(folderInfoOutputSchema)
+  };
+  if (shouldRegister("list_folders", tools)) {
+    server.registerTool(
+      "list_folders",
+      {
+        description: "List available mail folders. Returns top-level folders by default, or child folders of the given parent when `parentFolderId` is provided.",
+        inputSchema: {
+          account: z4.string().email(),
+          parentFolderId: z4.string().optional().describe(
+            "When provided, lists child folders of this folder. When omitted, lists top-level folders (children of the root)."
+          )
+        },
+        outputSchema: listFoldersOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const items = await provider.listFolders(account, {
+            parentFolderId: args.parentFolderId
+          });
+          const data = {
+            account: account.email,
+            count: items.length,
+            items
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const createFolderOutputSchema = {
+    created: z4.literal(true),
+    folder: folderInfoOutputSchema
+  };
+  if (shouldRegister("create_folder", tools)) {
+    server.registerTool(
+      "create_folder",
+      {
+        description: "Create a new mail folder. Creates under the root folder by default, or under the specified parent when `parentFolderId` is provided. Disabled in --read-only mode.",
+        inputSchema: {
+          account: z4.string().email(),
+          displayName: z4.string().min(1).describe("Name of the new folder"),
+          parentFolderId: z4.string().optional().describe(
+            "When provided, creates the folder as a child of this folder. When omitted, creates under the root folder."
+          )
+        },
+        outputSchema: createFolderOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const folder = await provider.createFolder(account, {
+            displayName: args.displayName,
+            parentFolderId: args.parentFolderId
+          });
+          const data = { created: true, folder };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const deleteFolderOutputSchema = {
+    deleted: z4.literal(true),
+    id: z4.string()
+  };
+  if (shouldRegister("delete_folder", tools)) {
+    server.registerTool(
+      "delete_folder",
+      {
+        description: "Delete a mail folder by ID. Disabled in --read-only mode.",
+        inputSchema: {
+          account: z4.string().email(),
+          folderId: z4.string().min(1).describe("ID of the folder to delete")
+        },
+        outputSchema: deleteFolderOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          await provider.deleteFolder(account, args.folderId);
+          const data = { deleted: true, id: args.folderId };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const renameFolderOutputSchema = {
+    renamed: z4.literal(true),
+    folder: folderInfoOutputSchema
+  };
+  if (shouldRegister("rename_folder", tools)) {
+    server.registerTool(
+      "rename_folder",
+      {
+        description: "Rename an existing mail folder. Disabled in --read-only mode.",
+        inputSchema: {
+          account: z4.string().email(),
+          folderId: z4.string().min(1).describe("ID of the folder to rename"),
+          newName: z4.string().min(1).describe("New display name for the folder")
+        },
+        outputSchema: renameFolderOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const folder = await provider.renameFolder(
+            account,
+            args.folderId,
+            args.newName
+          );
+          const data = { renamed: true, folder };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+}
+// src/tools/organize.ts
+import { z as z5 } from "zod";
+function registerOrganizeTools(server, ctx) {
+  const { registry, tools } = ctx;
+  const archiveMoveSchema = {
+    account: z5.string().email(),
+    id: z5.string().min(1).describe("Message ID to move")
+  };
+  const archiveOutputSchema = {
+    archived: z5.literal(true),
+    id: z5.string()
+  };
+  if (shouldRegister("archive_email", tools)) {
+    server.registerTool(
+      "archive_email",
+      {
+        description: "Move a message to the Archive folder. Disabled in --read-only mode.",
+        inputSchema: archiveMoveSchema,
+        outputSchema: archiveOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          await provider.moveEmail(account, args.id, "archive");
+          const data = { archived: true, id: args.id };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const trashOutputSchema = {
+    trashed: z5.literal(true),
+    id: z5.string()
+  };
+  if (shouldRegister("trash_email", tools)) {
+    server.registerTool(
+      "trash_email",
+      {
+        description: "Move a message to the Deleted Items (trash) folder. Disabled in --read-only mode.",
+        inputSchema: archiveMoveSchema,
+        outputSchema: trashOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          await provider.moveEmail(account, args.id, "deleteditems");
+          const data = { trashed: true, id: args.id };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const moveEmailOutputSchema = {
+    moved: z5.literal(true),
+    id: z5.string(),
+    destination: z5.string()
+  };
+  if (shouldRegister("move_email", tools)) {
+    server.registerTool(
+      "move_email",
+      {
+        description: "Move a message to any folder by well-known name (e.g. 'inbox', 'drafts', 'junkemail', 'sentitems', 'outbox') or custom folder ID. Disabled in --read-only mode.",
+        inputSchema: {
+          account: z5.string().email(),
+          id: z5.string().min(1).describe("Message ID to move"),
+          destination: z5.string().min(1).describe(
+            "Destination folder \u2014 a well-known folder name ('archive', 'deleteditems', 'inbox', 'drafts', 'junkemail', 'sentitems', 'outbox') or a raw folder ID."
+          )
+        },
+        outputSchema: moveEmailOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          await provider.moveEmail(account, args.id, args.destination);
+          const data = {
+            moved: true,
+            id: args.id,
+            destination: args.destination
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const markReadInputSchema = {
+    account: z5.string().email(),
+    id: z5.string().min(1).describe("Message ID to mark as read")
+  };
+  const markReadOutputSchema = {
+    marked: z5.literal(true),
+    id: z5.string(),
+    isRead: z5.boolean()
+  };
+  if (shouldRegister("mark_read", tools)) {
+    server.registerTool(
+      "mark_read",
+      {
+        description: "Mark a message as read. Disabled in --read-only mode.",
+        inputSchema: markReadInputSchema,
+        outputSchema: markReadOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          await provider.markRead(account, args.id, true);
+          const data = {
+            marked: true,
+            id: args.id,
+            isRead: true
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  if (shouldRegister("mark_unread", tools)) {
+    server.registerTool(
+      "mark_unread",
+      {
+        description: "Mark a message as unread. Disabled in --read-only mode.",
+        inputSchema: markReadInputSchema,
+        outputSchema: markReadOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          await provider.markRead(account, args.id, false);
+          const data = {
+            marked: true,
+            id: args.id,
+            isRead: false
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+}
+// src/tools/compose.ts
+import { z as z6 } from "zod";
+function registerComposeTools(server, ctx) {
+  const { store, registry, tools } = ctx;
+  const sendEmailSchema = z6.object({
+    account: z6.string().email(),
+    to: z6.array(emailAddrSchema).min(1),
+    cc: z6.array(emailAddrSchema).optional(),
+    bcc: z6.array(emailAddrSchema).optional(),
+    subject: z6.string(),
+    body: z6.string(),
+    isHtml: z6.boolean().optional(),
+    include_signature: z6.boolean().describe(
+      "Whether to append the account's saved HTML signature to the email. If true, don't include a signature in the body param to avoid double signature. Returns an error if true but no signature is configured for this account."
+    ),
+    inReplyTo: z6.string().optional().describe(
+      "Message ID to reply to. When set, sends as a threaded reply which includes the quoted thread history automatically."
+    ),
+    replyAll: z6.boolean().default(false).optional().describe(
+      "When true and `inReplyTo` is set, reply to all recipients instead of just the sender."
+    ),
+    forwardMessageId: z6.string().optional().describe(
       "Message ID to forward. When set, sends as a forward of the specified message, preserving the original content. Mutually exclusive with `inReplyTo`."
     )
   });
   async function handleSendOrDraft(args, action, resultKey, toolName) {
-    if (readOnly) return fail(`server is in --read-only mode; ${toolName} is disabled`);
     try {
       const { provider, account } = registry.resolveByEmail(args.account);
       if (args.include_signature && !account.signature) {
@@ -1290,10 +1746,10 @@ function registerTools(server, opts) {
     }
   }
   const sendEmailOutputSchema = {
-    sent: z.literal(true),
-    id: z.string()
+    sent: z6.literal(true),
+    id: z6.string()
   };
-  if (!draftOnly) {
+  if (shouldRegister("send_email", tools)) {
     server.registerTool(
       "send_email",
       {
@@ -1310,74 +1766,323 @@ function registerTools(server, opts) {
     );
   }
   const draftEmailOutputSchema = {
-    draft: z.literal(true),
-    id: z.string(),
-    draftHtml: z.string().optional()
+    draft: z6.literal(true),
+    id: z6.string(),
+    draftHtml: z6.string().optional()
   };
-  server.registerTool(
-    "draft_email",
-    {
-      description: "Create a draft email from the given account without sending it. Works identically to send_email \u2014 appends signature when `include_signature` is true, applies style, and supports replies and forwards \u2014 but saves the message to the Drafts folder instead of sending. Returns the draft message ID and the draft's HTML body content (`draftHtml`). Before sending the draft, inspect `draftHtml` to verify the draft looks correct: no duplicate signature blocks, no broken or missing inline images, no malformed HTML, and no other formatting issues. Disabled in --read-only mode.",
-      inputSchema: sendEmailSchema,
-      outputSchema: draftEmailOutputSchema
-    },
-    async (args) => handleSendOrDraft(
-      args,
-      (p, a, m) => p.saveDraft(a, m),
-      "draft",
-      "draft_email"
+  if (shouldRegister("draft_email", tools)) {
+    server.registerTool(
+      "draft_email",
+      {
+        description: "Create a draft email from the given account without sending it. Works identically to send_email \u2014 appends signature when `include_signature` is true, applies style, and supports replies and forwards \u2014 but saves the message to the Drafts folder instead of sending. Returns the draft message ID and the draft's HTML body content (`draftHtml`). Before sending the draft, inspect `draftHtml` to verify the draft looks correct: no duplicate signature blocks, no broken or missing inline images, no malformed HTML, and no other formatting issues. Disabled in --read-only mode.",
+        inputSchema: sendEmailSchema,
+        outputSchema: draftEmailOutputSchema
+      },
+      async (args) => handleSendOrDraft(
+        args,
+        (p, a, m) => p.saveDraft(a, m),
+        "draft",
+        "draft_email"
+      )
+    );
+  }
+  const editDraftSchema = z6.object({
+    account: z6.string().email(),
+    id: z6.string().min(1).describe("Draft message ID to edit"),
+    to: z6.array(emailAddrSchema).optional(),
+    cc: z6.array(emailAddrSchema).optional(),
+    bcc: z6.array(emailAddrSchema).optional(),
+    subject: z6.string().optional(),
+    body: z6.string().optional(),
+    isHtml: z6.boolean().optional(),
+    include_signature: z6.boolean().optional().describe(
+      "Whether to re-apply the account's saved HTML signature to the body. If true, don't include a signature in the body param. Only meaningful when `body` is also provided. Returns an error if true but no signature is configured for this account."
     )
-  );
-}
-function composeBody(input) {
-  const { body, isHtml = false, signature, style, includeSignature } = input;
-  const hasSignature = includeSignature && !!signature;
-  const hasStyle = !!(style && (style.fontFamily || style.fontSize || style.fontColor));
-  if (!hasSignature && !hasStyle) {
-    return { body, isHtml };
+  });
+  const editDraftOutputSchema = {
+    edited: z6.literal(true),
+    id: z6.string(),
+    draftHtml: z6.string().optional()
+  };
+  if (shouldRegister("edit_draft", tools)) {
+    server.registerTool(
+      "edit_draft",
+      {
+        description: "Edit an existing draft email by ID. Only the fields you provide are updated \u2014 unmentioned fields stay unchanged. When `body` is provided and `include_signature` is true, the account's signature is re-applied. Returns the draft ID and the draft's updated HTML body content (`draftHtml`). Before sending, inspect `draftHtml` to verify the draft looks correct. Does not support changing `inReplyTo` or `forwardMessageId` \u2014 those are set at creation time via `draft_email`. Disabled in --read-only mode.",
+        inputSchema: editDraftSchema,
+        outputSchema: editDraftOutputSchema
+      },
+      async (args) => {
+        const a = args;
+        try {
+          const { provider, account } = registry.resolveByEmail(a.account);
+          if (a.include_signature && !account.signature) {
+            return fail(
+              "include_signature is true but no signature is configured for this account. Set up a signature first with set_account_settings."
+            );
+          }
+          let bodyPayload;
+          let isHtmlPayload;
+          if (a.body !== void 0) {
+            const composed = composeBody({
+              body: a.body,
+              isHtml: a.isHtml,
+              signature: account.signature,
+              style: account.style,
+              includeSignature: !!a.include_signature
+            });
+            bodyPayload = composed.body;
+            isHtmlPayload = composed.isHtml;
+          }
+          const res = await provider.updateDraft(account, a.id, {
+            to: a.to,
+            cc: a.cc,
+            bcc: a.bcc,
+            subject: a.subject,
+            body: bodyPayload,
+            isHtml: isHtmlPayload
+          });
+          const draft = await provider.readEmail(account, res.id);
+          const result = {
+            edited: true,
+            id: res.id,
+            draftHtml: draft.bodyHtml
+          };
+          return ok(result, result);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
   }
-  const styleAttr = hasStyle ? buildStyleAttr(style) : "";
-  if (isHtml) {
-    let result2 = hasStyle ? `<div style="${styleAttr}">${body}</div>` : body;
-    if (hasSignature) result2 += `
-<div class="signature">${signature}</div>`;
-    return { body: result2, isHtml: true };
+  const sendDraftOutputSchema = {
+    sent: z6.literal(true),
+    id: z6.string()
+  };
+  if (shouldRegister("send_draft", tools)) {
+    server.registerTool(
+      "send_draft",
+      {
+        description: "Send an existing draft email by ID. Use this with draft IDs returned by `draft_email` or `edit_draft`. Disabled in --read-only mode.",
+        inputSchema: {
+          account: z6.string().email(),
+          id: z6.string().min(1).describe("Draft message ID to send")
+        },
+        outputSchema: sendDraftOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const res = await provider.sendDraft(account, args.id);
+          const data = { sent: true, id: res.id };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+  const addAttachmentOutputSchema = {
+    attached: z6.literal(true),
+    id: z6.string(),
+    attachment: z6.object({
+      id: z6.string(),
+      name: z6.string(),
+      contentType: z6.string().optional()
+    })
+  };
+  if (shouldRegister("add_attachment_to_draft", tools)) {
+    server.registerTool(
+      "add_attachment_to_draft",
+      {
+        description: "Add a file attachment to an existing draft email by ID. `contentBytes` must be base64-encoded file content. `contentType` is the MIME type (e.g. 'application/pdf'); defaults to 'application/octet-stream' if omitted. Disabled in --read-only mode.",
+        inputSchema: {
+          account: z6.string().email(),
+          id: z6.string().min(1).describe("Draft message ID"),
+          name: z6.string().min(1).describe("Attachment filename (e.g. 'report.pdf')"),
+          contentBytes: z6.string().min(1).describe("Base64-encoded file content"),
+          contentType: z6.string().optional().describe("MIME type (e.g. 'application/pdf')")
+        },
+        outputSchema: addAttachmentOutputSchema
+      },
+      async (args) => {
+        try {
+          const { provider, account } = registry.resolveByEmail(args.account);
+          const res = await provider.addAttachmentToDraft(
+            account,
+            args.id,
+            args.name,
+            args.contentBytes,
+            args.contentType
+          );
+          const data = {
+            attached: true,
+            id: res.id,
+            attachment: res.attachment
+          };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
   }
-  const escaped = escapeHtml(body);
-  let result = `<div style="${styleAttr}">${escaped}</div>`;
-  if (hasSignature) result += `
-<div class="signature">${signature}</div>`;
-  return { body: result, isHtml: true };
-}
-function buildStyleAttr(style) {
-  const parts = [];
-  if (style.fontFamily) parts.push(`font-family: ${style.fontFamily}`);
-  if (style.fontSize) parts.push(`font-size: ${style.fontSize}`);
-  if (style.fontColor) parts.push(`color: ${style.fontColor}`);
-  return parts.join("; ");
-}
-function escapeHtml(text) {
-  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/\n/g, "<br>");
 }
-function errMsg(err) {
-  if (err instanceof Error) return err.message;
-  return String(err);
+// src/tools/index.ts
+function registerTools(server, opts) {
+  const { store, registry, tools } = opts;
+  registerAccountTools(server, { store, registry, tools });
+  registerBrowseTools(server, { store, registry, tools });
+  registerFolderTools(server, { registry, tools });
+  registerOrganizeTools(server, { registry, tools });
+  registerComposeTools(server, { store, registry, tools });
 }
 // src/version.ts
 var VERSION = "0.3.0";
+// src/config.ts
+import { readFileSync } from "fs";
+import { z as z7 } from "zod";
+var httpConfigSchema = z7.object({
+  enabled: z7.boolean().default(false),
+  port: z7.number().int().min(1).max(65535).default(3e3),
+  host: z7.string().default("127.0.0.1")
+});
+var toolsConfigSchema = z7.object({
+  disabled: z7.array(z7.string()).optional(),
+  enabled: z7.array(z7.string()).optional()
+});
+var outlookProviderSchema = z7.object({
+  clientId: z7.string().optional(),
+  tenantId: z7.string().optional()
+});
+var providersConfigSchema = z7.object({
+  outlook: outlookProviderSchema.optional()
+});
+var rawConfigSchema = z7.object({
+  dataDir: z7.string().optional(),
+  http: httpConfigSchema.optional(),
+  tools: toolsConfigSchema.optional(),
+  providers: providersConfigSchema.optional()
+});
+var KNOWN_TOOLS = [
+  "list_accounts",
+  "add_account",
+  "complete_add_account",
+  "get_account_settings",
+  "set_account_settings",
+  "remove_account",
+  "list_emails",
+  "search_emails",
+  "read_email",
+  "read_attachment",
+  "archive_email",
+  "trash_email",
+  "move_email",
+  "mark_read",
+  "mark_unread",
+  "list_folders",
+  "create_folder",
+  "delete_folder",
+  "rename_folder",
+  "send_email",
+  "draft_email",
+  "edit_draft",
+  "send_draft",
+  "add_attachment_to_draft"
+];
+var ENV_VAR_RE = /\$\{([A-Z_][A-Z0-9_]*)\}/g;
+function resolveEnvVars(value) {
+  return value.replace(ENV_VAR_RE, (_match, name) => {
+    return process.env[name] ?? "";
+  });
+}
+function deepResolve(obj) {
+  if (typeof obj === "string") return resolveEnvVars(obj);
+  if (Array.isArray(obj)) return obj.map(deepResolve);
+  if (obj && typeof obj === "object") {
+    const out = {};
+    for (const [key, val] of Object.entries(obj)) {
+      out[key] = deepResolve(val);
+    }
+    return out;
+  }
+  return obj;
+}
+function validateToolNames(toolNames, listName) {
+  if (!toolNames || toolNames.length === 0) return;
+  const known = new Set(KNOWN_TOOLS);
+  for (const name of toolNames) {
+    if (!known.has(name)) {
+      throw new Error(
+        `Unknown tool "${name}" in ${listName}. Known tools: ${KNOWN_TOOLS.join(", ")}`
+      );
+    }
+  }
+}
+function loadConfig(configPath, cliOverrides = {}) {
+  let raw = {};
+  if (configPath) {
+    try {
+      raw = JSON.parse(readFileSync(configPath, "utf-8"));
+    } catch (err) {
+      const detail = err instanceof SyntaxError ? "Invalid JSON" : err instanceof Error ? err.message : String(err);
+      throw new Error(`Failed to read config file "${configPath}": ${detail}`);
+    }
+  }
+  raw = deepResolve(raw);
+  const parsed = rawConfigSchema.parse(raw);
+  if (parsed.tools) {
+    if (parsed.tools.disabled && parsed.tools.enabled) {
+      throw new Error(
+        "tools.disabled and tools.enabled are mutually exclusive \u2014 use one or the other"
+      );
+    }
+    if (parsed.tools.enabled !== void 0 && parsed.tools.enabled.length === 0) {
+      throw new Error(
+        "tools.enabled is empty \u2014 at least one tool must be listed. To enable all tools, omit the tools section entirely."
+      );
+    }
+    validateToolNames(parsed.tools.disabled, "tools.disabled");
+    validateToolNames(parsed.tools.enabled, "tools.enabled");
+  }
+  const http = {
+    enabled: cliOverrides.http ?? parsed.http?.enabled ?? false,
+    port: cliOverrides.port ?? parsed.http?.port ?? 3e3,
+    host: cliOverrides.host ?? parsed.http?.host ?? "127.0.0.1"
+  };
+  return {
+    dataDir: cliOverrides.dataDir ?? parsed.dataDir ?? process.env.HYPERMAIL_MCP_DATA_DIR,
+    http,
+    tools: parsed.tools ? { disabled: parsed.tools.disabled, enabled: parsed.tools.enabled } : void 0,
+    providers: parsed.providers
+  };
+}
+function resolveTools(config) {
+  if (!config.tools) {
+    return { enabledTools: null, disabledTools: null };
+  }
+  return {
+    enabledTools: config.tools.enabled ? new Set(config.tools.enabled) : null,
+    disabledTools: config.tools.disabled ? new Set(config.tools.disabled) : null
+  };
+}
 // src/server.ts
-async function startServer(opts = {}) {
-  const store = await AccountStore.open({ dataDir: opts.dataDir });
-  const registry = buildRegistry({ store });
+async function startServer(opts) {
+  const { config } = opts;
+  const store = await AccountStore.open({ dataDir: config.dataDir });
+  const registry = buildRegistry({ store, providers: config.providers });
+  const tools = resolveTools(config);
   const server = new McpServer(
     { name: "hypermail-mcp", version: VERSION },
     { capabilities: { tools: {}, logging: {} } }
   );
-  registerTools(server, { store, registry, readOnly: !!opts.readOnly, draftOnly: !!opts.draftOnly });
-  if (opts.http) {
-    await startHttp(server, opts.host ?? "127.0.0.1", opts.port ?? 3e3);
+  registerTools(server, { store, registry, tools });
+  if (config.http.enabled) {
+    await startHttp(server, config.http.host, config.http.port);
   } else {
     const transport = new StdioServerTransport();
     await server.connect(transport);
@@ -1432,7 +2137,6 @@ function parseArgs(argv) {
     http: false,
     port: 3e3,
     host: "127.0.0.1",
-    readOnly: false,
     help: false
   };
   for (let i = 0; i < argv.length; i++) {
@@ -1450,8 +2154,8 @@ function parseArgs(argv) {
       case "--data-dir":
         out.dataDir = String(argv[++i] ?? "");
         break;
-      case "--read-only":
-        out.readOnly = true;
+      case "--config":
+        out.config = String(argv[++i] ?? "");
         break;
       case "-h":
       case "--help":
@@ -1476,14 +2180,22 @@ Options:
   --host <addr>       HTTP bind address (default: 127.0.0.1)
   --data-dir <path>   Where to store the encrypted accounts file
                       (default: $HYPERMAIL_MCP_DATA_DIR or ~/.hypermail-mcp)
-  --read-only         Disable tools that modify state (send_email, remove_account, add_account)
+  --config <path>     Path to hypermail-config.json
   -h, --help          Show this help
-Environment:
-  HYPERMAIL_MCP_DATA_DIR   Same as --data-dir
-  HYPERMAIL_MCP_KEY        32-byte key (base64 or hex) for at-rest encryption
-  MS_CLIENT_ID               Azure AD public client (application) ID
-  MS_TENANT_ID               Tenant (default: "common")
+Configuration:
+  All server settings (data dir, HTTP, tool filtering, provider credentials)
+  live in hypermail-config.json. Pass it via --config.
+Example hypermail-config.json:
+  {
+    "dataDir": "/path/to/data",
+    "http": { "enabled": false },
+    "tools": { "disabled": ["send_email"] },
+    "providers": {
+      "outlook": { "clientId": "\${MS_CLIENT_ID}", "tenantId": "\${MS_TENANT_ID}" }
+    }
+  }
 `;
   process.stdout.write(msg);
 }
@@ -1493,15 +2205,13 @@ async function main() {
     printHelp();
     return;
   }
-  const draftOnly = process.env.HYPERMAIL_DRAFT_ONLY === "true";
-  await startServer({
+  const config = loadConfig(opts.config, {
     http: opts.http,
     port: opts.port,
     host: opts.host,
-    dataDir: opts.dataDir,
-    readOnly: opts.readOnly,
-    draftOnly
+    dataDir: opts.dataDir
   });
+  await startServer({ config });
 }
 main().catch((err) => {
   console.error("[hypermail-mcp] fatal:", err);