hypermail-mcp 0.4.3 → 0.6.0

package/dist/cli.js

@@ -1,85 +1,36 @@
 #!/usr/bin/env node
 
+// src/cli.ts
+import { randomBytes as randomBytes2 } from "crypto";
+
 // src/server.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { randomUUID as randomUUID6 } from "crypto";
 import { createServer as createHttpServer } from "http";
+import path4 from "path";
 
 // src/store/account-store.ts
+import { promises as fs2 } from "fs";
+import path2 from "path";
+
+// src/store/crypto.ts
 import {
   createCipheriv,
   createDecipheriv,
   randomBytes,
-  createHash
+  createHash,
+  scryptSync,
+  timingSafeEqual
 } from "crypto";
 import { promises as fs } from "fs";
 import { homedir } from "os";
 import path from "path";
-var FILE_NAME = "accounts.json.enc";
 var ALGO = "aes-256-gcm";
 var KEY_LEN = 32;
-var AccountStore = class _AccountStore {
-  constructor(filePath, key, data) {
-    this.filePath = filePath;
-    this.key = key;
-    this.data = data;
-  }
-  filePath;
-  key;
-  data;
-  static async open(opts = {}) {
-    const dataDir = resolveDataDir(opts.dataDir);
-    await fs.mkdir(dataDir, { recursive: true, mode: 448 });
-    const filePath = path.join(dataDir, FILE_NAME);
-    const key = opts.key ?? await resolveKey(dataDir);
-    let data;
-    try {
-      const buf = await fs.readFile(filePath);
-      data = decrypt(buf, key);
-    } catch (err) {
-      if (err.code === "ENOENT") {
-        data = { version: 1, accounts: [] };
-      } else {
-        throw err;
-      }
-    }
-    return new _AccountStore(filePath, key, data);
-  }
-  listAccounts() {
-    return this.data.accounts.map((a) => ({ ...a }));
-  }
-  getAccount(email) {
-    const norm = email.trim().toLowerCase();
-    const rec = this.data.accounts.find((a) => a.email.toLowerCase() === norm);
-    return rec ? { ...rec } : void 0;
-  }
-  async upsertAccount(rec) {
-    const norm = rec.email.trim().toLowerCase();
-    const next = { ...rec, email: norm };
-    const idx = this.data.accounts.findIndex((a) => a.email.toLowerCase() === norm);
-    if (idx >= 0) this.data.accounts[idx] = next;
-    else this.data.accounts.push(next);
-    await this.flush();
-    return { ...next };
-  }
-  async removeAccount(email) {
-    const norm = email.trim().toLowerCase();
-    const before = this.data.accounts.length;
-    this.data.accounts = this.data.accounts.filter((a) => a.email.toLowerCase() !== norm);
-    if (this.data.accounts.length === before) return false;
-    await this.flush();
-    return true;
-  }
-  async flush() {
-    const buf = encrypt(this.data, this.key);
-    const tmp = `${this.filePath}.${process.pid}.${Date.now()}.tmp`;
-    await fs.writeFile(tmp, buf, { mode: 384 });
-    await fs.rename(tmp, this.filePath);
-  }
-};
 function encrypt(data, key) {
+  if (key.length !== KEY_LEN) throw new Error(`key must be ${KEY_LEN} bytes`);
   const iv = randomBytes(12);
   const cipher = createCipheriv(ALGO, key, iv);
   const plaintext = Buffer.from(JSON.stringify(data), "utf8");
@@ -88,20 +39,17 @@ function encrypt(data, key) {
   return Buffer.concat([Buffer.from([1]), iv, tag, ct]);
 }
 function decrypt(buf, key) {
-  if (buf.length < 1 + 12 + 16 + 1) throw new Error("accounts file truncated");
+  if (key.length !== KEY_LEN) throw new Error(`key must be ${KEY_LEN} bytes`);
+  if (buf.length < 1 + 12 + 16 + 1) throw new Error("encrypted data truncated");
   const v = buf[0];
-  if (v !== 1) throw new Error(`unsupported accounts file version: ${v}`);
+  if (v !== 1) throw new Error(`unsupported data version: ${v}`);
   const iv = buf.subarray(1, 13);
   const tag = buf.subarray(13, 29);
   const ct = buf.subarray(29);
   const decipher = createDecipheriv(ALGO, key, iv);
   decipher.setAuthTag(tag);
   const pt = Buffer.concat([decipher.update(ct), decipher.final()]);
-  const parsed = JSON.parse(pt.toString("utf8"));
-  if (parsed.version !== 1 || !Array.isArray(parsed.accounts)) {
-    throw new Error("accounts file is malformed");
-  }
-  return parsed;
+  return JSON.parse(pt.toString("utf8"));
 }
 function resolveDataDir(explicit) {
   if (explicit && explicit.length > 0) return path.resolve(explicit);
@@ -138,6 +86,28 @@ async function resolveKey(dataDir) {
   await tryKeytarSet(gen);
   return gen;
 }
+function hashApiKey(apiKey) {
+  const salt = randomBytes(16).toString("hex");
+  const hash = scryptSync(apiKey, salt, 32).toString("hex");
+  return `${salt}:${hash}`;
+}
+function verifyApiKey(apiKey, stored) {
+  const [salt, hash] = stored.split(":");
+  if (!salt || !hash) return false;
+  try {
+    const computed = scryptSync(apiKey, salt, 32);
+    const expected = Buffer.from(hash, "hex");
+    if (computed.length !== expected.length) return false;
+    return timingSafeEqual(computed, expected);
+  } catch {
+    return false;
+  }
+}
+async function writeAtomic(filePath, data) {
+  const tmp = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+  await fs.writeFile(tmp, data, { mode: 384 });
+  await fs.rename(tmp, filePath);
+}
 async function tryKeytarGet() {
   try {
     const mod = await import("keytar");
@@ -158,6 +128,188 @@ async function tryKeytarSet(key) {
   }
 }
 
+// src/store/account-store.ts
+var FILE_NAME = "accounts.json.enc";
+var AccountStore = class _AccountStore {
+  constructor(filePath, key, data) {
+    this.filePath = filePath;
+    this.key = key;
+    this.data = data;
+  }
+  filePath;
+  key;
+  data;
+  static async open(opts = {}) {
+    const dataDir = resolveDataDir(opts.dataDir);
+    await fs2.mkdir(dataDir, { recursive: true, mode: 448 });
+    const filePath = path2.join(dataDir, FILE_NAME);
+    const key = opts.key ?? await resolveKey(dataDir);
+    let data;
+    try {
+      const buf = await fs2.readFile(filePath);
+      data = decrypt(buf, key);
+    } catch (err) {
+      if (err.code === "ENOENT") {
+        data = { version: 1, accounts: [] };
+      } else {
+        throw err;
+      }
+    }
+    return new _AccountStore(filePath, key, data);
+  }
+  listAccounts() {
+    return this.data.accounts.map((a) => ({ ...a }));
+  }
+  getAccount(email) {
+    const norm = email.trim().toLowerCase();
+    const rec = this.data.accounts.find((a) => a.email.toLowerCase() === norm);
+    return rec ? { ...rec } : void 0;
+  }
+  async upsertAccount(rec) {
+    const norm = rec.email.trim().toLowerCase();
+    const next = { ...rec, email: norm };
+    const idx = this.data.accounts.findIndex((a) => a.email.toLowerCase() === norm);
+    if (idx >= 0) this.data.accounts[idx] = next;
+    else this.data.accounts.push(next);
+    await this.flush();
+    return { ...next };
+  }
+  async removeAccount(email) {
+    const norm = email.trim().toLowerCase();
+    const before = this.data.accounts.length;
+    this.data.accounts = this.data.accounts.filter((a) => a.email.toLowerCase() !== norm);
+    if (this.data.accounts.length === before) return false;
+    await this.flush();
+    return true;
+  }
+  async flush() {
+    const buf = encrypt(this.data, this.key);
+    await writeAtomic(this.filePath, buf);
+  }
+};
+
+// src/store/agent-store.ts
+import path3 from "path";
+import { promises as fs3 } from "fs";
+var FILE_NAME2 = "agents.json.enc";
+var AgentStore = class _AgentStore {
+  constructor(filePath, key, data) {
+    this.filePath = filePath;
+    this.key = key;
+    this.data = data;
+  }
+  filePath;
+  key;
+  data;
+  static async open(opts = {}) {
+    const dataDir = resolveDataDir(opts.dataDir);
+    await fs3.mkdir(dataDir, { recursive: true, mode: 448 });
+    const filePath = path3.join(dataDir, FILE_NAME2);
+    const key = opts.key ?? await resolveKey(dataDir);
+    let data;
+    try {
+      const buf = await fs3.readFile(filePath);
+      data = decrypt(buf, key);
+    } catch (err) {
+      if (err.code === "ENOENT") {
+        data = { version: 1, agents: [] };
+      } else {
+        throw err;
+      }
+    }
+    return new _AgentStore(filePath, key, data);
+  }
+  // ── queries ──
+  listAgents() {
+    return this.data.agents.map((a) => ({ ...a }));
+  }
+  getAgent(id) {
+    const rec = this.data.agents.find((a) => a.id === id);
+    return rec ? { ...rec } : void 0;
+  }
+  /**
+   * Look up an agent by plaintext API key. Hashes the incoming key and
+   * compares against stored hashes with constant-time comparison.
+   * Returns undefined if no agent matches.
+   */
+  findAgentByApiKey(apiKey) {
+    for (const agent of this.data.agents) {
+      if (verifyApiKey(apiKey, agent.apiKeyHash)) {
+        return { ...agent };
+      }
+    }
+    return void 0;
+  }
+  // ── mutations ──
+  /**
+   * Add or update an agent. If `plaintextApiKey` is provided, it is hashed
+   * and stored; if omitted, the existing hash is preserved (useful for
+   * updates that don't change the key).
+   */
+  async upsertAgent(rec) {
+    const idx = this.data.agents.findIndex((a) => a.id === rec.id);
+    const existing = idx >= 0 ? this.data.agents[idx] : void 0;
+    const apiKeyHash = rec.plaintextApiKey ? hashApiKey(rec.plaintextApiKey) : existing?.apiKeyHash;
+    if (!apiKeyHash) {
+      throw new Error(
+        `agent ${rec.id}: must provide plaintextApiKey for new agents`
+      );
+    }
+    const next = {
+      id: rec.id,
+      apiKeyHash,
+      name: rec.name,
+      accounts: [...rec.accounts ?? []],
+      provisioning: rec.provisioning ?? false,
+      createdAt: existing?.createdAt ?? (/* @__PURE__ */ new Date()).toISOString()
+    };
+    if (idx >= 0) {
+      this.data.agents[idx] = next;
+    } else {
+      this.data.agents.push(next);
+    }
+    await this.flush();
+    return { ...next };
+  }
+  async removeAgent(id) {
+    const before = this.data.agents.length;
+    this.data.agents = this.data.agents.filter((a) => a.id !== id);
+    if (this.data.agents.length === before) return false;
+    await this.flush();
+    return true;
+  }
+  /**
+   * Assign an email account to an agent. Idempotent — no error if already
+   * assigned. Auto-assignment from `add_account` in HTTP mode calls this.
+   */
+  async assignAccount(agentId, email) {
+    const norm = email.trim().toLowerCase();
+    const agent = this.data.agents.find((a) => a.id === agentId);
+    if (!agent) throw new Error(`agent ${agentId} not found`);
+    if (!agent.accounts.includes(norm)) {
+      agent.accounts.push(norm);
+      await this.flush();
+    }
+    return { ...agent };
+  }
+  /**
+   * Remove an email account from an agent's assignments. Idempotent.
+   */
+  async unassignAccount(agentId, email) {
+    const norm = email.trim().toLowerCase();
+    const agent = this.data.agents.find((a) => a.id === agentId);
+    if (!agent) throw new Error(`agent ${agentId} not found`);
+    agent.accounts = agent.accounts.filter((a) => a !== norm);
+    await this.flush();
+    return { ...agent };
+  }
+  // ── persistence ──
+  async flush() {
+    const buf = encrypt(this.data, this.key);
+    await writeAtomic(this.filePath, buf);
+  }
+};
+
 // src/providers/outlook/index.ts
 import { randomUUID as randomUUID2 } from "crypto";
 import { writeFileSync } from "fs";
@@ -338,34 +490,52 @@ var OutlookClientFactory = class {
   clientId;
   tenantId;
   cache = /* @__PURE__ */ new Map();
+  /** Serialize token refreshes per email to prevent concurrent-refresh races. */
+  refreshLocks = /* @__PURE__ */ new Map();
   get(account) {
     const key = account.email.toLowerCase();
     const existing = this.cache.get(key);
     if (existing) return existing;
     const store = this.store;
+    const refreshLocks = this.refreshLocks;
     const provider = {
       getAccessToken: async () => {
-        const fresh = store.getAccount(account.email) ?? account;
-        if (!isSerializedTokens(fresh.tokens)) {
-          throw new Error(
-            "Outlook account tokens are missing or corrupted \u2014 re-run add_account"
-          );
+        const existing2 = refreshLocks.get(key);
+        if (existing2) {
+          try {
+            return await existing2;
+          } catch {
+          }
         }
-        const tokens = fresh.tokens;
-        const { accessToken, tokens: nextTokens } = await acquireAccessToken(
-          tokens,
-          void 0,
-          this.clientId,
-          this.tenantId
-        );
-        if (nextTokens.msalCache !== tokens.msalCache) {
-          store.upsertAccount({
-            ...fresh,
-            tokens: nextTokens
-          }).catch(() => {
-          });
+        const promise = (async () => {
+          const fresh = store.getAccount(account.email) ?? account;
+          if (!isSerializedTokens(fresh.tokens)) {
+            throw new Error(
+              "Outlook account tokens are missing or corrupted \u2014 re-run add_account"
+            );
+          }
+          const tokens = fresh.tokens;
+          const { accessToken, tokens: nextTokens } = await acquireAccessToken(
+            tokens,
+            void 0,
+            this.clientId,
+            this.tenantId
+          );
+          if (nextTokens.msalCache !== tokens.msalCache) {
+            store.upsertAccount({
+              ...fresh,
+              tokens: nextTokens
+            }).catch(() => {
+            });
+          }
+          return accessToken;
+        })();
+        refreshLocks.set(key, promise);
+        try {
+          return await promise;
+        } finally {
+          refreshLocks.delete(key);
         }
-        return accessToken;
       }
     };
     const client = Client.initWithMiddleware({ authProvider: provider });
@@ -1395,8 +1565,8 @@ async function markRead(clients, account, id, isRead) {
 async function createFolder(clients, account, input) {
   const client = clients.get(account);
   const imap = await client.getImap();
-  const path2 = input.parentFolderId ? `${input.parentFolderId}/${input.displayName}` : input.displayName;
-  const result = await imap.mailboxCreate(path2);
+  const path5 = input.parentFolderId ? `${input.parentFolderId}/${input.displayName}` : input.displayName;
+  const result = await imap.mailboxCreate(path5);
   return {
     id: result.path,
     displayName: result.path,
@@ -1713,6 +1883,8 @@ var GmailClientFactory = class {
   clientId;
   clientSecret;
   cache = /* @__PURE__ */ new Map();
+  /** Serialize token-persist per email to prevent concurrent upsert races. */
+  persistLocks = /* @__PURE__ */ new Map();
   get(account) {
     const key = account.email.toLowerCase();
     const existing = this.cache.get(key);
@@ -1731,21 +1903,29 @@ var GmailClientFactory = class {
       clientSecret: resolvedSecret
     });
     const store = this.store;
+    const persistLocks = this.persistLocks;
     auth.on("tokens", (updated) => {
       if (!updated.refresh_token && !updated.access_token) return;
-      const fresh = store.getAccount(account.email) ?? account;
-      const currentTokens = isSerializedGmailTokens(fresh.tokens) ? fresh.tokens : tokens;
-      const nextTokens = {
-        ...currentTokens,
-        accessToken: updated.access_token ?? currentTokens.accessToken,
-        refreshToken: updated.refresh_token ?? currentTokens.refreshToken,
-        expiryDate: updated.expiry_date ?? currentTokens.expiryDate,
-        scopes: updated.scope ? updated.scope.split(" ") : currentTokens.scopes
-      };
-      store.upsertAccount({
-        ...fresh,
-        tokens: nextTokens
-      }).catch(() => {
+      const existing2 = persistLocks.get(key);
+      const chain = (existing2 ?? Promise.resolve()).then(async () => {
+        const fresh = store.getAccount(account.email) ?? account;
+        const currentTokens = isSerializedGmailTokens(fresh.tokens) ? fresh.tokens : tokens;
+        const nextTokens = {
+          ...currentTokens,
+          accessToken: updated.access_token ?? currentTokens.accessToken,
+          refreshToken: updated.refresh_token ?? currentTokens.refreshToken,
+          expiryDate: updated.expiry_date ?? currentTokens.expiryDate,
+          scopes: updated.scope ? updated.scope.split(" ") : currentTokens.scopes
+        };
+        await store.upsertAccount({
+          ...fresh,
+          tokens: nextTokens
+        }).catch(() => {
+        });
+      });
+      persistLocks.set(key, chain);
+      chain.finally(() => {
+        if (persistLocks.get(key) === chain) persistLocks.delete(key);
       });
     });
     const gmail = google.gmail({ version: "v1", auth });
@@ -2459,6 +2639,14 @@ function buildRegistry(opts) {
 
 // src/tools/shared.ts
 import { z } from "zod";
+
+// src/markdown-to-html.ts
+import { marked } from "marked";
+function markdownToHtml(md) {
+  return marked.parse(md, { async: false });
+}
+
+// src/tools/shared.ts
 function ok(data, structuredContent) {
   const result = {
     content: [{ type: "text", text: JSON.stringify(data, null, 2) }]
@@ -2535,21 +2723,15 @@ var folderInfoOutputSchema = z.object({
   unreadItemCount: z.number()
 });
 function composeBody(input) {
-  const { body, isHtml = false, signature, style, includeSignature } = input;
+  const { body, format, signature, style, includeSignature } = input;
+  const htmlBody = format === "markdown" ? markdownToHtml(body) : body;
   const hasSignature = includeSignature && !!signature;
   const hasStyle = !!(style && (style.fontFamily || style.fontSize || style.fontColor));
   if (!hasSignature && !hasStyle) {
-    return { body, isHtml };
+    return { body: htmlBody, isHtml: true };
   }
   const styleAttr = hasStyle ? buildStyleAttr(style) : "";
-  if (isHtml) {
-    let result2 = hasStyle ? `<div style="${styleAttr}">${body}</div>` : body;
-    if (hasSignature) result2 += `
-<div class="signature">${signature}</div>`;
-    return { body: result2, isHtml: true };
-  }
-  const escaped = escapeHtml(body);
-  let result = `<div style="${styleAttr}">${escaped}</div>`;
+  let result = hasStyle ? `<div style="${styleAttr}">${htmlBody}</div>` : htmlBody;
   if (hasSignature) result += `
 <div class="signature">${signature}</div>`;
   return { body: result, isHtml: true };
@@ -2561,9 +2743,6 @@ function buildStyleAttr(style) {
   if (style.fontColor) parts.push(`color: ${style.fontColor}`);
   return parts.join("; ");
 }
-function escapeHtml(text) {
-  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/\n/g, "<br>");
-}
 function shouldRegister(name, tools) {
   if (tools.enabledTools) {
     return tools.enabledTools.has(name);
@@ -2575,9 +2754,27 @@ function shouldRegister(name, tools) {
 }
 
 // src/tools/accounts.ts
+import { promises as fs4 } from "fs";
 import { z as z2 } from "zod";
+
+// src/tools/agent-context.ts
+function checkAccountAccess(agentContext, accountEmail) {
+  if (!agentContext) return null;
+  const norm = accountEmail.trim().toLowerCase();
+  if (agentContext.accounts.some((a) => a.toLowerCase() === norm)) {
+    return null;
+  }
+  return `Agent "${agentContext.agentId}" is not authorized for account "${accountEmail}"`;
+}
+function checkProvisioning(agentContext) {
+  if (!agentContext) return null;
+  if (agentContext.provisioning) return null;
+  return `Agent "${agentContext.agentId}" does not have provisioning permission`;
+}
+
+// src/tools/accounts.ts
 function registerAccountTools(server, ctx) {
-  const { store, registry, tools } = ctx;
+  const { store, registry, tools, agentContext, agentStore } = ctx;
   const listAccountsOutputSchema = z2.object({
     accounts: z2.array(accountSummaryOutputSchema)
   });
@@ -2631,6 +2828,8 @@ function registerAccountTools(server, ctx) {
         outputSchema: addAccountOutputSchema
       },
       async (args) => {
+        const permErr = checkProvisioning(agentContext ?? null);
+        if (permErr) return fail(permErr);
         const provider = registry.get(args.provider);
         try {
           const res = await provider.addAccount({
@@ -2661,6 +2860,8 @@ function registerAccountTools(server, ctx) {
         outputSchema: completeAddAccountOutputSchema
       },
       async (args) => {
+        const permErr = checkProvisioning(agentContext ?? null);
+        if (permErr) return fail(permErr);
         const provider = registry.get(args.provider);
         if (!provider.completeAddAccount) {
           return fail(
@@ -2669,6 +2870,10 @@ function registerAccountTools(server, ctx) {
         }
         try {
           const res = await provider.completeAddAccount(args.handle);
+          if (res.status === "ready" && res.account && agentContext && agentStore) {
+            agentStore.assignAccount(agentContext.agentId, res.account.email).catch(() => {
+            });
+          }
           return ok(res, res);
         } catch (err) {
           return fail(errMsg(err));
@@ -2690,6 +2895,8 @@ function registerAccountTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const acct = store.getAccount(args.account);
           if (!acct)
             return fail(`no account registered for "${args.account}"`);
@@ -2708,11 +2915,14 @@ function registerAccountTools(server, ctx) {
     server.registerTool(
       "set_account_settings",
       {
-        description: "Set signature (HTML snippet) and/or style preferences for an account. Disabled in --read-only mode.",
+        description: "Set signature (HTML snippet) and/or style preferences for an account. Use `signaturePath` to load a signature from a file (useful for signatures with base64 images). `signature` and `signaturePath` are mutually exclusive. Disabled in --read-only mode.",
         inputSchema: z2.object({
           account: z2.string().email(),
           signature: z2.string().optional().describe(
-            "HTML snippet \u2014 may contain formatting, images, links. Pass null to clear."
+            "HTML snippet \u2014 may contain formatting, images, links. Pass an empty string to clear. Mutually exclusive with `signaturePath`."
+          ),
+          signaturePath: z2.string().optional().describe(
+            "Path to a file containing the signature HTML. The file content is read and stored as the signature. Useful when the signature contains large base64 images. Mutually exclusive with `signature`."
           ),
           style: z2.object({
             fontFamily: z2.string().optional(),
@@ -2721,17 +2931,30 @@ function registerAccountTools(server, ctx) {
           }).optional().describe(
             "Font preferences applied to outgoing HTML emails. Pass null to clear."
           )
-        }),
+        }).refine(
+          (data) => !(data.signature !== void 0 && data.signaturePath),
+          {
+            message: "signature and signaturePath are mutually exclusive \u2014 use one or the other"
+          }
+        ),
         outputSchema: accountSettingsOutputSchema
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const acct = store.getAccount(args.account);
           if (!acct)
             return fail(`no account registered for "${args.account}"`);
+          let resolvedSignature = acct.signature;
+          if (args.signaturePath) {
+            resolvedSignature = await fs4.readFile(args.signaturePath, "utf-8");
+          } else if (args.signature !== void 0) {
+            resolvedSignature = args.signature || void 0;
+          }
           const updated = await store.upsertAccount({
             ...acct,
-            signature: args.signature ?? acct.signature,
+            signature: resolvedSignature,
             style: args.style ?? acct.style
           });
           const data = {
@@ -2758,6 +2981,8 @@ function registerAccountTools(server, ctx) {
         outputSchema: removeAccountOutputSchema
       },
       async (args) => {
+        const permErr = checkProvisioning(agentContext ?? null);
+        if (permErr) return fail(permErr);
         const removed = await store.removeAccount(args.email);
         const data = { removed, email: args.email };
         return ok(data, data);
@@ -2797,7 +3022,7 @@ function selectBody(msg, format) {
 
 // src/tools/browse.ts
 function registerBrowseTools(server, ctx) {
-  const { registry, tools } = ctx;
+  const { registry, tools, agentContext } = ctx;
   const emailListOutputSchema = z3.object({
     account: z3.string(),
     count: z3.number(),
@@ -2826,6 +3051,8 @@ function registerBrowseTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const { items, hasMore } = await provider.listEmails(account, {
             folder: args.folder,
@@ -2861,6 +3088,8 @@ function registerBrowseTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const items = await provider.searchEmails(account, args.query, {
             limit: args.limit
@@ -2909,6 +3138,8 @@ function registerBrowseTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const msg = await provider.readEmail(account, args.id);
           const format = args.format ?? "markdown";
@@ -2955,6 +3186,8 @@ function registerBrowseTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const res = await provider.readAttachment(
             account,
@@ -2973,7 +3206,7 @@ function registerBrowseTools(server, ctx) {
 // src/tools/folders.ts
 import { z as z4 } from "zod";
 function registerFolderTools(server, ctx) {
-  const { registry, tools } = ctx;
+  const { registry, tools, agentContext } = ctx;
   const listFoldersOutputSchema = z4.object({
     account: z4.string(),
     count: z4.number(),
@@ -2994,6 +3227,8 @@ function registerFolderTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const items = await provider.listFolders(account, {
             parentFolderId: args.parentFolderId
@@ -3030,6 +3265,8 @@ function registerFolderTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const folder = await provider.createFolder(account, {
             displayName: args.displayName,
@@ -3060,6 +3297,8 @@ function registerFolderTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           await provider.deleteFolder(account, args.folderId);
           const data = { deleted: true, id: args.folderId };
@@ -3088,6 +3327,8 @@ function registerFolderTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const folder = await provider.renameFolder(
             account,
@@ -3107,7 +3348,7 @@ function registerFolderTools(server, ctx) {
 // src/tools/organize.ts
 import { z as z5 } from "zod";
 function registerOrganizeTools(server, ctx) {
-  const { registry, tools } = ctx;
+  const { registry, tools, agentContext } = ctx;
   async function moveToWellKnown(args, destination, resultKey) {
     const { provider, account } = registry.resolveByEmail(args.account);
     await provider.moveEmail(account, args.id, destination);
@@ -3139,6 +3380,8 @@ function registerOrganizeTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           return await moveToWellKnown(args, "archive", "archived");
         } catch (err) {
           return fail(errMsg(err));
@@ -3160,6 +3403,8 @@ function registerOrganizeTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           return await moveToWellKnown(args, "deleteditems", "trashed");
         } catch (err) {
           return fail(errMsg(err));
@@ -3188,6 +3433,8 @@ function registerOrganizeTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           await provider.moveEmail(account, args.id, args.destination);
           const data = {
@@ -3221,6 +3468,8 @@ function registerOrganizeTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           return await markReadState(args, true);
         } catch (err) {
           return fail(errMsg(err));
@@ -3238,6 +3487,8 @@ function registerOrganizeTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           return await markReadState(args, false);
         } catch (err) {
           return fail(errMsg(err));
@@ -3250,7 +3501,7 @@ function registerOrganizeTools(server, ctx) {
 // src/tools/compose.ts
 import { z as z6 } from "zod";
 function registerComposeTools(server, ctx) {
-  const { store, registry, tools } = ctx;
+  const { store, registry, tools, agentContext } = ctx;
   const sendEmailSchema = z6.object({
     account: z6.string().email(),
     to: z6.array(emailAddrSchema).min(1),
@@ -3258,7 +3509,9 @@ function registerComposeTools(server, ctx) {
     bcc: z6.array(emailAddrSchema).optional(),
     subject: z6.string(),
     body: z6.string(),
-    isHtml: z6.boolean().optional(),
+    format: z6.enum(["html", "markdown"]).describe(
+      "Body format. 'html' sends the body as-is (must be valid HTML). 'markdown' converts the body from Markdown to HTML for clean rendering on the recipient side."
+    ),
     include_signature: z6.boolean().describe(
       "Whether to append the account's saved HTML signature to the email. If true, don't include a signature in the body param to avoid double signature. Returns an error if true but no signature is configured for this account."
     ),
@@ -3274,6 +3527,8 @@ function registerComposeTools(server, ctx) {
   });
   async function handleSendOrDraft(args, action, resultKey, toolName) {
     try {
+      const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+      if (accessErr) return fail(accessErr);
       const { provider, account } = registry.resolveByEmail(args.account);
       if (args.include_signature && !account.signature) {
         return fail(
@@ -3282,7 +3537,7 @@ function registerComposeTools(server, ctx) {
       }
       const composed = composeBody({
         body: args.body,
-        isHtml: args.isHtml,
+        format: args.format,
         signature: account.signature,
         style: account.style,
         includeSignature: args.include_signature
@@ -3362,7 +3617,9 @@ function registerComposeTools(server, ctx) {
     bcc: z6.array(emailAddrSchema).optional(),
     subject: z6.string().optional(),
     body: z6.string().optional(),
-    isHtml: z6.boolean().optional(),
+    format: z6.enum(["html", "markdown"]).optional().describe(
+      "Body format. Only meaningful when `body` is also provided. 'html' sends the body as-is (must be valid HTML). 'markdown' converts the body from Markdown to HTML for clean rendering on the recipient side."
+    ),
     include_signature: z6.boolean().optional().describe(
       "Whether to re-apply the account's saved HTML signature to the body. If true, don't include a signature in the body param. Only meaningful when `body` is also provided. Returns an error if true but no signature is configured for this account."
     )
@@ -3383,6 +3640,8 @@ function registerComposeTools(server, ctx) {
       async (args) => {
         const a = args;
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, a.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(a.account);
           if (a.include_signature && !account.signature) {
             return fail(
@@ -3394,7 +3653,7 @@ function registerComposeTools(server, ctx) {
           if (a.body !== void 0) {
             const composed = composeBody({
               body: a.body,
-              isHtml: a.isHtml,
+              format: a.format ?? "html",
               signature: account.signature,
               style: account.style,
               includeSignature: !!a.include_signature
@@ -3440,6 +3699,8 @@ function registerComposeTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const res = await provider.sendDraft(account, args.id);
           const data = { sent: true, id: res.id };
@@ -3475,6 +3736,8 @@ function registerComposeTools(server, ctx) {
       },
       async (args) => {
         try {
+          const accessErr = checkAccountAccess(agentContext ?? null, args.account);
+          if (accessErr) return fail(accessErr);
           const { provider, account } = registry.resolveByEmail(args.account);
           const res = await provider.addAttachmentToDraft(
             account,
@@ -3497,14 +3760,63 @@ function registerComposeTools(server, ctx) {
   }
 }
 
+// src/tools/notifications.ts
+import { z as z7 } from "zod";
+function registerNotificationTools(server, ctx) {
+  const { tools, notificationBuffer, agentContext } = ctx;
+  const notifyOutputSchema = z7.object({
+    count: z7.number(),
+    items: z7.array(
+      z7.object({
+        type: z7.enum(["new_emails", "auth_failure"]),
+        account: z7.string(),
+        emails: z7.array(z7.unknown()).optional(),
+        error: z7.string().optional(),
+        timestamp: z7.string()
+      })
+    )
+  });
+  if (shouldRegister("check_notifications", tools)) {
+    server.registerTool(
+      "check_notifications",
+      {
+        description: "Check for pending email watch notifications. Returns new-email alerts and auth-failure warnings that the inbox watcher has accumulated since the last call. Drains the notification buffer on read.",
+        inputSchema: z7.object({}),
+        outputSchema: notifyOutputSchema
+      },
+      async () => {
+        try {
+          const pending = notificationBuffer.splice(0);
+          const filtered = agentContext ? pending.filter(
+            (n) => agentContext.accounts.some(
+              (a) => a.toLowerCase() === n.account.toLowerCase()
+            )
+          ) : pending;
+          const data = { count: filtered.length, items: filtered };
+          return ok(data, data);
+        } catch (err) {
+          return fail(errMsg(err));
+        }
+      }
+    );
+  }
+}
+
 // src/tools/index.ts
 function registerTools(server, opts) {
-  const { store, registry, tools } = opts;
-  registerAccountTools(server, { store, registry, tools });
-  registerBrowseTools(server, { registry, tools });
-  registerFolderTools(server, { registry, tools });
-  registerOrganizeTools(server, { registry, tools });
-  registerComposeTools(server, { store, registry, tools });
+  const { store, registry, tools, agentContext, agentStore } = opts;
+  registerAccountTools(server, { store, registry, tools, agentContext, agentStore });
+  registerBrowseTools(server, { registry, tools, agentContext });
+  registerFolderTools(server, { registry, tools, agentContext });
+  registerOrganizeTools(server, { registry, tools, agentContext });
+  registerComposeTools(server, { store, registry, tools, agentContext });
+  if (opts.notificationBuffer) {
+    registerNotificationTools(server, {
+      tools,
+      notificationBuffer: opts.notificationBuffer,
+      agentContext
+    });
+  }
 }
 
 // src/version.ts
@@ -3512,33 +3824,38 @@ var VERSION = "0.4.1";
 
 // src/config.ts
 import { readFileSync } from "fs";
-import { z as z7 } from "zod";
-var httpConfigSchema = z7.object({
-  enabled: z7.boolean().default(false),
-  port: z7.number().int().min(1).max(65535).default(3e3),
-  host: z7.string().default("127.0.0.1")
+import { z as z8 } from "zod";
+var httpConfigSchema = z8.object({
+  enabled: z8.boolean().default(false),
+  port: z8.number().int().min(1).max(65535).default(3e3),
+  host: z8.string().default("127.0.0.1")
 });
-var toolsConfigSchema = z7.object({
-  disabled: z7.array(z7.string()).optional(),
-  enabled: z7.array(z7.string()).optional()
+var toolsConfigSchema = z8.object({
+  disabled: z8.array(z8.string()).optional(),
+  enabled: z8.array(z8.string()).optional()
 });
-var outlookProviderSchema = z7.object({
-  clientId: z7.string().optional(),
-  tenantId: z7.string().optional()
+var outlookProviderSchema = z8.object({
+  clientId: z8.string().optional(),
+  tenantId: z8.string().optional()
 });
-var gmailProviderSchema = z7.object({
-  clientId: z7.string().optional(),
-  clientSecret: z7.string().optional()
+var gmailProviderSchema = z8.object({
+  clientId: z8.string().optional(),
+  clientSecret: z8.string().optional()
 });
-var providersConfigSchema = z7.object({
+var providersConfigSchema = z8.object({
   outlook: outlookProviderSchema.optional(),
   gmail: gmailProviderSchema.optional()
 });
-var rawConfigSchema = z7.object({
-  dataDir: z7.string().optional(),
+var watchConfigSchema = z8.object({
+  enabled: z8.boolean().default(true),
+  pollIntervalSeconds: z8.number().int().min(10).max(3600).default(60)
+});
+var rawConfigSchema = z8.object({
+  dataDir: z8.string().optional(),
   http: httpConfigSchema.optional(),
   tools: toolsConfigSchema.optional(),
-  providers: providersConfigSchema.optional()
+  providers: providersConfigSchema.optional(),
+  watch: watchConfigSchema.optional()
 });
 var KNOWN_TOOLS = [
   "list_accounts",
@@ -3564,7 +3881,8 @@ var KNOWN_TOOLS = [
   "draft_email",
   "edit_draft",
   "send_draft",
-  "add_attachment_to_draft"
+  "add_attachment_to_draft",
+  "check_notifications"
 ];
 var ENV_VAR_RE = /\$\{([A-Z_][A-Z0-9_]*)\}/g;
 function resolveEnvVars(value) {
@@ -3630,7 +3948,9 @@ function loadConfig(configPath, cliOverrides = {}) {
     dataDir: cliOverrides.dataDir ?? parsed.dataDir ?? process.env.HYPERMAIL_MCP_DATA_DIR,
     http,
     tools: parsed.tools ? { disabled: parsed.tools.disabled, enabled: parsed.tools.enabled } : void 0,
-    providers: parsed.providers
+    providers: parsed.providers,
+    watch: parsed.watch,
+    agentsConfigPath: cliOverrides.agentsConfig ?? process.env.HYPERMAIL_AGENTS_CONFIG
   };
 }
 function resolveTools(config) {
@@ -3643,25 +3963,284 @@ function resolveTools(config) {
   };
 }
 
+// src/watcher/manager.ts
+var WatcherManager = class {
+  opts;
+  timers = [];
+  running = false;
+  /** Per-account inflight guards to prevent overlapping polls. */
+  inflight = /* @__PURE__ */ new Map();
+  constructor(opts) {
+    this.opts = opts;
+  }
+  start() {
+    if (this.running) return;
+    this.running = true;
+    let accounts = this.opts.store.listAccounts();
+    if (this.opts.accountFilter) {
+      const filter = new Set(this.opts.accountFilter.map((e) => e.toLowerCase()));
+      accounts = accounts.filter((a) => filter.has(a.email.toLowerCase()));
+    }
+    for (const account of accounts) {
+      this.schedulePoll(account);
+    }
+  }
+  stop() {
+    this.running = false;
+    for (const t of this.timers) clearInterval(t);
+    this.timers = [];
+  }
+  // ── internals ──
+  schedulePoll(account) {
+    this.pollAccount(account).catch(() => {
+    });
+    const timer = setInterval(() => {
+      if (!this.running) return;
+      this.pollAccount(account).catch(() => {
+      });
+    }, this.opts.pollIntervalSeconds * 1e3);
+    this.timers.push(timer);
+  }
+  async pollAccount(account) {
+    const key = account.email.toLowerCase();
+    if (this.inflight.get(key)) return;
+    this.inflight.set(key, true);
+    try {
+      const { provider } = this.opts.registry.resolveByEmail(account.email);
+      const lastSeen = account.lastSeenAt;
+      const limit = 25;
+      let skip = 0;
+      const newEmails = [];
+      let newestTimestamp = lastSeen ?? "";
+      let hitBoundary = false;
+      while (true) {
+        const { items, hasMore } = await provider.listEmails(account, {
+          folder: "inbox",
+          limit,
+          skip
+        });
+        for (const item of items) {
+          if (!item.receivedAt) continue;
+          if (lastSeen && item.receivedAt <= lastSeen) {
+            hitBoundary = true;
+            break;
+          }
+          newEmails.push(item);
+          if (item.receivedAt > newestTimestamp) {
+            newestTimestamp = item.receivedAt;
+          }
+        }
+        if (hitBoundary || !hasMore) break;
+        skip += limit;
+      }
+      if (!lastSeen) {
+        if (newEmails.length > 0) {
+          newestTimestamp = newEmails[0].receivedAt;
+        }
+      } else if (newEmails.length > 0) {
+        this.enqueue({
+          type: "new_emails",
+          account: account.email,
+          emails: newEmails,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      }
+      if (newestTimestamp !== (lastSeen ?? "")) {
+        await this.opts.store.upsertAccount({
+          ...account,
+          lastSeenAt: newestTimestamp || void 0
+        });
+      }
+    } catch (err) {
+      this.enqueue({
+        type: "auth_failure",
+        account: account.email,
+        error: err instanceof Error ? err.message : String(err),
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    } finally {
+      this.inflight.delete(key);
+    }
+  }
+  enqueue(notification) {
+    this.opts.buffer.push(notification);
+    try {
+      this.opts.onNotification(notification);
+    } catch {
+    }
+  }
+};
+
+// src/config/agents-config.ts
+import { readFileSync as readFileSync2, watch } from "fs";
+import { load as loadYaml } from "js-yaml";
+import { z as z9 } from "zod";
+var agentDefSchema = z9.object({
+  id: z9.string().min(1).regex(
+    /^[a-z0-9_-]+$/,
+    "agent id must contain only lowercase letters, digits, hyphens, and underscores"
+  ),
+  api_key: z9.string().min(1).regex(
+    /^hm_sk_[a-f0-9]{64}$/,
+    "api_key must match hm_sk_ prefix + 64 hex chars (use `hypermail-mcp generate-key`)"
+  ),
+  name: z9.string().min(1),
+  accounts: z9.array(z9.string().email()).optional().default([]),
+  provisioning: z9.boolean().optional().default(false)
+});
+var emailAccountDefSchema = z9.object({
+  provider: z9.enum(["outlook", "imap", "gmail"]),
+  display_name: z9.string().optional()
+});
+var agentsConfigSchema = z9.object({
+  agents: z9.array(agentDefSchema).optional().default([]),
+  email_accounts: z9.record(z9.string().email(), emailAccountDefSchema).optional().default({})
+});
+function loadAgentsConfig(configPath) {
+  let raw;
+  try {
+    raw = loadYaml(readFileSync2(configPath, "utf-8"));
+  } catch (err) {
+    if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+      throw new Error(
+        `Agents config file not found: ${configPath}. Create an agents.yaml with at least one agent to enable HTTP multi-tenant mode.`
+      );
+    }
+    const detail = err instanceof Error ? err.message : String(err);
+    throw new Error(`Failed to parse agents config "${configPath}": ${detail}`);
+  }
+  const parsed = agentsConfigSchema.parse(raw ?? {});
+  const ids = /* @__PURE__ */ new Set();
+  for (const a of parsed.agents) {
+    if (ids.has(a.id)) {
+      throw new Error(`Duplicate agent id "${a.id}" in agents config`);
+    }
+    ids.add(a.id);
+  }
+  return {
+    agents: parsed.agents.map((a) => ({
+      id: a.id,
+      api_key: a.api_key,
+      name: a.name,
+      accounts: a.accounts,
+      provisioning: a.provisioning
+    })),
+    email_accounts: parsed.email_accounts
+  };
+}
+async function syncAgentsToStore(config, store) {
+  const configAgentIds = new Set(config.agents.map((a) => a.id));
+  const storedAgents = store.listAgents();
+  for (const def of config.agents) {
+    await store.upsertAgent({
+      id: def.id,
+      plaintextApiKey: def.api_key,
+      name: def.name,
+      accounts: def.accounts,
+      provisioning: def.provisioning
+    });
+  }
+  const removed = [];
+  for (const stored of storedAgents) {
+    if (!configAgentIds.has(stored.id)) {
+      await store.removeAgent(stored.id);
+      removed.push(stored.id);
+    }
+  }
+  return removed;
+}
+function watchAgentsConfig(configPath, store, onChange, onError) {
+  let timer = null;
+  let watcher = null;
+  const reload = async () => {
+    try {
+      const config = loadAgentsConfig(configPath);
+      const removed = await syncAgentsToStore(config, store);
+      onChange(removed);
+    } catch (err) {
+      onError(err instanceof Error ? err : new Error(String(err)));
+    }
+  };
+  reload().catch((err) => onError(err));
+  try {
+    watcher = watch(configPath, (_eventType) => {
+      if (timer) clearTimeout(timer);
+      timer = setTimeout(() => {
+        timer = null;
+        reload().catch((err) => onError(err));
+      }, 200);
+    });
+  } catch (err) {
+  }
+  return {
+    close() {
+      if (timer) clearTimeout(timer);
+      if (watcher) watcher.close();
+    }
+  };
+}
+
 // src/server.ts
 async function startServer(opts) {
   const { config } = opts;
   const store = await AccountStore.open({ dataDir: config.dataDir });
   const registry = buildRegistry({ store, providers: config.providers });
   const tools = resolveTools(config);
-  const server = new McpServer(
-    { name: "hypermail-mcp", version: VERSION },
-    { capabilities: { tools: {}, logging: {} } }
-  );
-  registerTools(server, { store, registry, tools });
+  const notificationBuffer = config.http.enabled ? [] : void 0;
+  let agentStoreForFactory;
+  const createServer = (agentContext = null) => {
+    const s = new McpServer(
+      { name: "hypermail-mcp", version: VERSION },
+      { capabilities: { tools: {}, logging: {} } }
+    );
+    registerTools(s, { store, registry, tools, notificationBuffer, agentContext, agentStore: agentStoreForFactory });
+    return s;
+  };
   if (config.http.enabled) {
-    await startHttp(server, config.http.host, config.http.port);
+    let liveReloadHandle;
+    if (config.agentsConfigPath) {
+      agentStoreForFactory = await AgentStore.open({ dataDir: config.dataDir });
+      liveReloadHandle = watchAgentsConfig(
+        path4.resolve(config.agentsConfigPath),
+        agentStoreForFactory,
+        (_removedIds) => {
+        },
+        (err) => {
+          console.error("[hypermail-mcp] agents.yaml reload error:", err.message);
+        }
+      );
+    }
+    const notifyTargets = /* @__PURE__ */ new Set();
+    const watcher = new WatcherManager({
+      registry,
+      store,
+      pollIntervalSeconds: config.watch?.pollIntervalSeconds ?? 60,
+      onNotification: (notification) => {
+        for (const fn of notifyTargets) {
+          fn(notification);
+        }
+      },
+      buffer: notificationBuffer
+    });
+    watcher.start();
+    await startHttp(
+      createServer,
+      config.http.host,
+      config.http.port,
+      notifyTargets,
+      agentStoreForFactory
+    );
+    if (liveReloadHandle) {
+      process.on("SIGINT", () => liveReloadHandle.close());
+      process.on("SIGTERM", () => liveReloadHandle.close());
+    }
   } else {
+    const server = createServer();
     const transport = new StdioServerTransport();
     await server.connect(transport);
   }
 }
-async function startHttp(server, host, port) {
+async function startHttp(createServer, host, port, notifyTargets, agentStore) {
   const sessions = /* @__PURE__ */ new Map();
   const http = createHttpServer(async (req, res) => {
     try {
@@ -3671,18 +4250,59 @@ async function startHttp(server, host, port) {
         return;
       }
       const sessionId = req.headers["mcp-session-id"] ?? void 0;
-      let transport = sessionId ? sessions.get(sessionId) : void 0;
-      if (!transport) {
-        transport = new StreamableHTTPServerTransport({
+      let session = sessionId ? sessions.get(sessionId) : void 0;
+      if (!session) {
+        let agentContext = null;
+        if (agentStore) {
+          const apiKey = req.headers["x-api-key"]?.trim();
+          if (!apiKey) {
+            res.statusCode = 401;
+            res.setHeader("Content-Type", "application/json");
+            res.end(JSON.stringify({ error: "Missing x-api-key header" }));
+            return;
+          }
+          const agent = agentStore.findAgentByApiKey(apiKey);
+          if (!agent) {
+            res.statusCode = 401;
+            res.setHeader("Content-Type", "application/json");
+            res.end(JSON.stringify({ error: "Invalid API key" }));
+            return;
+          }
+          agentContext = {
+            agentId: agent.id,
+            accounts: agent.accounts,
+            provisioning: agent.provisioning
+          };
+        }
+        const server = createServer(agentContext);
+        const transport = new StreamableHTTPServerTransport({
           sessionIdGenerator: () => randomUUID6(),
           onsessioninitialized: (sid) => {
-            sessions.set(sid, transport);
+            sessions.set(sid, { transport, server, agentContext });
+            const agentAccounts = agentContext ? new Set(agentContext.accounts.map((a) => a.toLowerCase())) : null;
+            const notifyFn = (n) => {
+              if (agentAccounts && !agentAccounts.has(n.account.toLowerCase())) {
+                return;
+              }
+              server.server.notification({
+                method: "notifications/message",
+                params: {
+                  level: n.type === "new_emails" ? "notice" : "warning",
+                  logger: "hypermail-watch",
+                  data: n
+                }
+              }).catch(() => {
+              });
+            };
+            notifyTargets.add(notifyFn);
+            transport.onclose = () => {
+              if (transport.sessionId) sessions.delete(transport.sessionId);
+              notifyTargets.delete(notifyFn);
+            };
           }
         });
-        transport.onclose = () => {
-          if (transport.sessionId) sessions.delete(transport.sessionId);
-        };
         await server.connect(transport);
+        session = { transport, server, agentContext };
       }
       let body = void 0;
       if (req.method === "POST" || req.method === "DELETE") {
@@ -3691,7 +4311,7 @@ async function startHttp(server, host, port) {
         const raw = Buffer.concat(chunks).toString("utf8");
         body = raw ? JSON.parse(raw) : void 0;
       }
-      await transport.handleRequest(req, res, body);
+      await session.transport.handleRequest(req, res, body);
     } catch (err) {
       console.error("[hypermail-mcp] http error:", err);
       if (!res.headersSent) {
@@ -3730,6 +4350,9 @@ function parseArgs(argv) {
       case "--config":
         out.config = String(argv[++i] ?? "");
         break;
+      case "--agents-config":
+        out.agentsConfig = String(argv[++i] ?? "");
+        break;
       case "-h":
       case "--help":
         out.help = true;
@@ -3774,7 +4397,13 @@ Example hypermail-config.json:
   process.stdout.write(msg);
 }
 async function main() {
-  const opts = parseArgs(process.argv.slice(2));
+  const rawArgs = process.argv.slice(2);
+  if (rawArgs[0] === "generate-key") {
+    const key = `hm_sk_${randomBytes2(32).toString("hex")}`;
+    process.stdout.write(key + "\n");
+    return;
+  }
+  const opts = parseArgs(rawArgs);
   if (opts.help) {
     printHelp();
     return;
@@ -3783,7 +4412,8 @@ async function main() {
     http: opts.http,
     port: opts.port,
     host: opts.host,
-    dataDir: opts.dataDir
+    dataDir: opts.dataDir,
+    agentsConfig: opts.agentsConfig
   });
   await startServer({ config });
 }