inboxctl 0.1.0

package/dist/chunk-EY6VV43S.js

@@ -0,0 +1,4744 @@
+#!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/mcp/server.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z as z2 } from "zod";
+
+// src/core/actions/audit.ts
+import { randomUUID } from "crypto";
+
+// src/config.ts
+import { config as dotenvConfig } from "dotenv";
+import { existsSync, mkdirSync, readFileSync } from "fs";
+import { homedir } from "os";
+import { dirname, isAbsolute, join, resolve } from "path";
+dotenvConfig();
+var DEFAULT_GOOGLE_REDIRECT_URI = "http://127.0.0.1:3456/callback";
+function resolveHome(filepath) {
+  if (filepath.startsWith("~")) {
+    return join(homedir(), filepath.slice(1));
+  }
+  return filepath;
+}
+function ensureDir(dir) {
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+}
+function readJsonConfig(configPath) {
+  if (!existsSync(configPath)) {
+    return {};
+  }
+  const raw = readFileSync(configPath, "utf8");
+  const parsed = JSON.parse(raw);
+  if (!parsed || typeof parsed !== "object") {
+    throw new Error(`Invalid config file at ${configPath}: expected JSON object`);
+  }
+  return parsed;
+}
+function parseNumber(value) {
+  if (!value) {
+    return void 0;
+  }
+  const parsed = Number(value);
+  if (Number.isNaN(parsed)) {
+    throw new Error(`Invalid numeric configuration value: ${value}`);
+  }
+  return parsed;
+}
+function resolvePath(value, baseDir) {
+  if (!value) {
+    return void 0;
+  }
+  const expanded = resolveHome(value);
+  return isAbsolute(expanded) ? expanded : resolve(baseDir, expanded);
+}
+function getDefaultDataDir() {
+  return resolveHome(process.env.INBOXCTL_DATA_DIR || "~/.config/inboxctl");
+}
+function getConfigFilePath(dataDir = getDefaultDataDir()) {
+  return join(dataDir, "config.json");
+}
+function getGoogleCredentialStatus(config) {
+  const missing = [];
+  if (!config.google.clientId) {
+    missing.push("GOOGLE_CLIENT_ID");
+  }
+  if (!config.google.clientSecret) {
+    missing.push("GOOGLE_CLIENT_SECRET");
+  }
+  return {
+    configured: missing.length === 0,
+    missing
+  };
+}
+function requireGoogleCredentials(config) {
+  const status = getGoogleCredentialStatus(config);
+  if (!status.configured) {
+    throw new Error(
+      `Missing Google OAuth credentials: ${status.missing.join(", ")}. Set them in the environment or in config.json before live Gmail operations.`
+    );
+  }
+  return {
+    clientId: config.google.clientId,
+    clientSecret: config.google.clientSecret,
+    redirectUri: config.google.redirectUri
+  };
+}
+function loadConfig() {
+  const dataDir = getDefaultDataDir();
+  ensureDir(dataDir);
+  const fileConfig = readJsonConfig(getConfigFilePath(dataDir));
+  const configBaseDir = dirname(getConfigFilePath(dataDir));
+  const dbPath = resolvePath(process.env.INBOXCTL_DB_PATH, configBaseDir) || resolvePath(fileConfig.dbPath, configBaseDir) || join(dataDir, "emails.db");
+  const tokensPath = resolvePath(process.env.INBOXCTL_TOKENS_PATH, configBaseDir) || resolvePath(fileConfig.tokensPath, configBaseDir) || join(dataDir, "tokens.json");
+  const rulesDir = resolvePath(process.env.INBOXCTL_RULES_DIR, configBaseDir) || resolvePath(fileConfig.rulesDir, configBaseDir) || resolve("./rules");
+  ensureDir(dirname(dbPath));
+  ensureDir(dirname(tokensPath));
+  ensureDir(rulesDir);
+  return {
+    dataDir,
+    dbPath,
+    rulesDir,
+    tokensPath,
+    google: {
+      clientId: process.env.GOOGLE_CLIENT_ID || fileConfig.google?.clientId || null,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET || fileConfig.google?.clientSecret || null,
+      redirectUri: process.env.GOOGLE_REDIRECT_URI || fileConfig.google?.redirectUri || DEFAULT_GOOGLE_REDIRECT_URI
+    },
+    sync: {
+      pageSize: parseNumber(process.env.INBOXCTL_SYNC_PAGE_SIZE) || fileConfig.sync?.pageSize || 500,
+      maxMessages: parseNumber(process.env.INBOXCTL_SYNC_MAX_MESSAGES) ?? fileConfig.sync?.maxMessages ?? null
+    }
+  };
+}
+
+// src/core/db/client.ts
+import Database from "better-sqlite3";
+import { drizzle } from "drizzle-orm/better-sqlite3";
+import { dirname as dirname2, resolve as resolve2 } from "path";
+
+// src/core/db/schema.ts
+var schema_exports = {};
+__export(schema_exports, {
+  emails: () => emails,
+  executionItems: () => executionItems,
+  executionRuns: () => executionRuns,
+  newsletterSenders: () => newsletterSenders,
+  rules: () => rules,
+  syncState: () => syncState
+});
+import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
+var emails = sqliteTable(
+  "emails",
+  {
+    id: text("id").primaryKey(),
+    // Gmail message ID
+    threadId: text("thread_id"),
+    fromAddress: text("from_address"),
+    fromName: text("from_name"),
+    toAddresses: text("to_addresses"),
+    // JSON array
+    subject: text("subject"),
+    snippet: text("snippet"),
+    date: integer("date"),
+    // Unix timestamp
+    isRead: integer("is_read"),
+    // 0/1
+    isStarred: integer("is_starred"),
+    // 0/1
+    labelIds: text("label_ids"),
+    // JSON array
+    sizeEstimate: integer("size_estimate"),
+    hasAttachments: integer("has_attachments"),
+    // 0/1
+    listUnsubscribe: text("list_unsubscribe"),
+    // List-Unsubscribe header
+    syncedAt: integer("synced_at")
+    // Unix timestamp
+  },
+  (table) => [
+    index("idx_emails_from_address").on(table.fromAddress),
+    index("idx_emails_date").on(table.date),
+    index("idx_emails_thread_id").on(table.threadId),
+    index("idx_emails_is_read").on(table.isRead)
+  ]
+);
+var rules = sqliteTable("rules", {
+  id: text("id").primaryKey(),
+  // UUID
+  name: text("name").unique().notNull(),
+  description: text("description"),
+  enabled: integer("enabled").default(1),
+  // 0/1
+  yamlHash: text("yaml_hash"),
+  // SHA-256 of source YAML
+  conditions: text("conditions").notNull(),
+  // JSON
+  actions: text("actions").notNull(),
+  // JSON
+  priority: integer("priority").default(50),
+  deployedAt: integer("deployed_at"),
+  createdAt: integer("created_at")
+});
+var executionRuns = sqliteTable(
+  "execution_runs",
+  {
+    id: text("id").primaryKey(),
+    // UUID
+    sourceType: text("source_type").notNull(),
+    // manual | rule
+    ruleId: text("rule_id"),
+    // FK to rules.id (null for manual actions)
+    dryRun: integer("dry_run").default(0),
+    // 0/1
+    requestedActions: text("requested_actions").notNull(),
+    // JSON
+    query: text("query"),
+    status: text("status").notNull(),
+    // planned | applied | partial | error | undone
+    createdAt: integer("created_at"),
+    undoneAt: integer("undone_at")
+  },
+  (table) => [
+    index("idx_execution_runs_rule_id").on(table.ruleId),
+    index("idx_execution_runs_created_at").on(table.createdAt)
+  ]
+);
+var executionItems = sqliteTable(
+  "execution_items",
+  {
+    id: text("id").primaryKey(),
+    // UUID
+    runId: text("run_id").notNull(),
+    // FK to execution_runs.id
+    emailId: text("email_id").notNull(),
+    // Gmail message ID
+    status: text("status").notNull(),
+    // planned | applied | warning | error | undone
+    appliedActions: text("applied_actions").notNull(),
+    // JSON
+    beforeLabelIds: text("before_label_ids").notNull(),
+    // JSON array
+    afterLabelIds: text("after_label_ids").notNull(),
+    // JSON array
+    errorMessage: text("error_message"),
+    executedAt: integer("executed_at"),
+    undoneAt: integer("undone_at")
+  },
+  (table) => [
+    index("idx_execution_items_run_id").on(table.runId),
+    index("idx_execution_items_email_id").on(table.emailId),
+    index("idx_execution_items_executed_at").on(table.executedAt)
+  ]
+);
+var syncState = sqliteTable("sync_state", {
+  id: integer("id").primaryKey(),
+  // Always 1
+  accountEmail: text("account_email"),
+  historyId: text("history_id"),
+  lastFullSync: integer("last_full_sync"),
+  lastIncrementalSync: integer("last_incremental_sync"),
+  totalMessages: integer("total_messages"),
+  fullSyncCursor: text("full_sync_cursor"),
+  fullSyncProcessed: integer("full_sync_processed"),
+  fullSyncTotal: integer("full_sync_total")
+});
+var newsletterSenders = sqliteTable(
+  "newsletter_senders",
+  {
+    id: text("id").primaryKey(),
+    // UUID
+    email: text("email").unique().notNull(),
+    name: text("name"),
+    messageCount: integer("message_count").default(0),
+    unreadCount: integer("unread_count").default(0),
+    status: text("status").default("active"),
+    // active | unsubscribed | archived
+    unsubscribeLink: text("unsubscribe_link"),
+    detectionReason: text("detection_reason"),
+    firstSeen: integer("first_seen"),
+    lastSeen: integer("last_seen")
+  },
+  (table) => [index("idx_newsletter_senders_email").on(table.email)]
+);
+
+// src/core/db/client.ts
+var dbCache = /* @__PURE__ */ new Map();
+var sqliteCache = /* @__PURE__ */ new Map();
+var SCHEMA_SQL = `
+CREATE TABLE IF NOT EXISTS emails (
+  id TEXT PRIMARY KEY,
+  thread_id TEXT,
+  from_address TEXT,
+  from_name TEXT,
+  to_addresses TEXT,
+  subject TEXT,
+  snippet TEXT,
+  date INTEGER,
+  is_read INTEGER,
+  is_starred INTEGER,
+  label_ids TEXT,
+  size_estimate INTEGER,
+  has_attachments INTEGER,
+  list_unsubscribe TEXT,
+  synced_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_emails_from_address ON emails(from_address);
+CREATE INDEX IF NOT EXISTS idx_emails_date ON emails(date);
+CREATE INDEX IF NOT EXISTS idx_emails_thread_id ON emails(thread_id);
+CREATE INDEX IF NOT EXISTS idx_emails_is_read ON emails(is_read);
+
+CREATE TABLE IF NOT EXISTS rules (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  enabled INTEGER DEFAULT 1,
+  yaml_hash TEXT,
+  conditions TEXT NOT NULL,
+  actions TEXT NOT NULL,
+  priority INTEGER DEFAULT 50,
+  deployed_at INTEGER,
+  created_at INTEGER
+);
+
+CREATE TABLE IF NOT EXISTS execution_runs (
+  id TEXT PRIMARY KEY,
+  source_type TEXT NOT NULL,
+  rule_id TEXT,
+  dry_run INTEGER DEFAULT 0,
+  requested_actions TEXT NOT NULL,
+  query TEXT,
+  status TEXT NOT NULL,
+  created_at INTEGER,
+  undone_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_execution_runs_rule_id ON execution_runs(rule_id);
+CREATE INDEX IF NOT EXISTS idx_execution_runs_created_at ON execution_runs(created_at);
+
+CREATE TABLE IF NOT EXISTS execution_items (
+  id TEXT PRIMARY KEY,
+  run_id TEXT NOT NULL,
+  email_id TEXT NOT NULL,
+  status TEXT NOT NULL,
+  applied_actions TEXT NOT NULL,
+  before_label_ids TEXT NOT NULL,
+  after_label_ids TEXT NOT NULL,
+  error_message TEXT,
+  executed_at INTEGER,
+  undone_at INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_execution_items_run_id ON execution_items(run_id);
+CREATE INDEX IF NOT EXISTS idx_execution_items_email_id ON execution_items(email_id);
+CREATE INDEX IF NOT EXISTS idx_execution_items_executed_at ON execution_items(executed_at);
+
+CREATE TABLE IF NOT EXISTS sync_state (
+  id INTEGER PRIMARY KEY,
+  account_email TEXT,
+  history_id TEXT,
+  last_full_sync INTEGER,
+  last_incremental_sync INTEGER,
+  total_messages INTEGER,
+  full_sync_cursor TEXT,
+  full_sync_processed INTEGER,
+  full_sync_total INTEGER
+);
+
+CREATE TABLE IF NOT EXISTS newsletter_senders (
+  id TEXT PRIMARY KEY,
+  email TEXT NOT NULL UNIQUE,
+  name TEXT,
+  message_count INTEGER DEFAULT 0,
+  unread_count INTEGER DEFAULT 0,
+  status TEXT DEFAULT 'active',
+  unsubscribe_link TEXT,
+  detection_reason TEXT,
+  first_seen INTEGER,
+  last_seen INTEGER
+);
+
+CREATE INDEX IF NOT EXISTS idx_newsletter_senders_email ON newsletter_senders(email);
+
+INSERT OR IGNORE INTO sync_state (id, history_id, last_full_sync, last_incremental_sync, total_messages)
+VALUES (1, NULL, NULL, NULL, 0);
+`;
+function ensureSyncStateColumns(sqlite) {
+  const columns = sqlite.prepare("PRAGMA table_info(sync_state)").all();
+  const columnNames = new Set(columns.map((column) => column.name));
+  if (!columnNames.has("account_email")) {
+    sqlite.exec("ALTER TABLE sync_state ADD COLUMN account_email TEXT");
+  }
+  if (!columnNames.has("full_sync_cursor")) {
+    sqlite.exec("ALTER TABLE sync_state ADD COLUMN full_sync_cursor TEXT");
+  }
+  if (!columnNames.has("full_sync_processed")) {
+    sqlite.exec("ALTER TABLE sync_state ADD COLUMN full_sync_processed INTEGER");
+  }
+  if (!columnNames.has("full_sync_total")) {
+    sqlite.exec("ALTER TABLE sync_state ADD COLUMN full_sync_total INTEGER");
+  }
+}
+function getResolvedPath(dbPath) {
+  return resolve2(dbPath);
+}
+function getSqlite(dbPath) {
+  const resolvedPath = getResolvedPath(dbPath);
+  const cached = sqliteCache.get(resolvedPath);
+  if (cached) {
+    return cached;
+  }
+  ensureDir(dirname2(resolvedPath));
+  const sqlite = new Database(resolvedPath);
+  sqlite.pragma("journal_mode = WAL");
+  sqlite.pragma("foreign_keys = ON");
+  sqlite.pragma("busy_timeout = 5000");
+  sqlite.exec(SCHEMA_SQL);
+  ensureSyncStateColumns(sqlite);
+  sqliteCache.set(resolvedPath, sqlite);
+  return sqlite;
+}
+function getDb(dbPath) {
+  const resolvedPath = getResolvedPath(dbPath);
+  const cached = dbCache.get(resolvedPath);
+  if (cached) {
+    return cached;
+  }
+  const sqlite = getSqlite(resolvedPath);
+  const db = drizzle(sqlite, { schema: schema_exports });
+  dbCache.set(resolvedPath, db);
+  return db;
+}
+function initializeDb(dbPath) {
+  return getDb(dbPath);
+}
+function closeDb(dbPath) {
+  const resolvedPath = getResolvedPath(dbPath);
+  const sqlite = sqliteCache.get(resolvedPath);
+  if (sqlite) {
+    sqlite.close();
+    sqliteCache.delete(resolvedPath);
+  }
+  dbCache.delete(resolvedPath);
+}
+
+// src/core/actions/audit.ts
+function getDatabase() {
+  const config = loadConfig();
+  return getSqlite(config.dbPath);
+}
+function ensureValidSourceType(sourceType) {
+  if (sourceType !== "manual" && sourceType !== "rule") {
+    throw new Error(`Invalid execution source type: ${sourceType}`);
+  }
+}
+function ensureValidRunStatus(status) {
+  if (status !== "planned" && status !== "applied" && status !== "partial" && status !== "error" && status !== "undone") {
+    throw new Error(`Invalid execution run status: ${status}`);
+  }
+}
+function ensureValidItemStatus(status) {
+  if (status !== "planned" && status !== "applied" && status !== "warning" && status !== "error" && status !== "undone") {
+    throw new Error(`Invalid execution item status: ${status}`);
+  }
+}
+function parseJsonArray(raw, fallback) {
+  if (!raw) {
+    return fallback;
+  }
+  try {
+    const parsed = JSON.parse(raw);
+    return Array.isArray(parsed) ? parsed : fallback;
+  } catch {
+    return fallback;
+  }
+}
+function parseJsonObjectArray(raw) {
+  return parseJsonArray(raw, []);
+}
+function serializeJson(value) {
+  return JSON.stringify(value ?? []);
+}
+function rowToExecutionRun(row) {
+  ensureValidSourceType(row.sourceType);
+  ensureValidRunStatus(row.status);
+  return {
+    id: row.id,
+    sourceType: row.sourceType,
+    ruleId: row.ruleId,
+    dryRun: row.dryRun === 1,
+    requestedActions: parseJsonObjectArray(row.requestedActions),
+    query: row.query,
+    status: row.status,
+    createdAt: row.createdAt ?? 0,
+    undoneAt: row.undoneAt ?? null,
+    itemCount: row.itemCount,
+    plannedItemCount: row.plannedItemCount,
+    appliedItemCount: row.appliedItemCount,
+    warningItemCount: row.warningItemCount,
+    errorItemCount: row.errorItemCount,
+    undoneItemCount: row.undoneItemCount
+  };
+}
+function rowToExecutionItem(row) {
+  ensureValidItemStatus(row.status);
+  return {
+    id: row.id,
+    runId: row.runId,
+    emailId: row.emailId,
+    status: row.status,
+    appliedActions: parseJsonObjectArray(row.appliedActions),
+    beforeLabelIds: parseJsonArray(row.beforeLabelIds, []),
+    afterLabelIds: parseJsonArray(row.afterLabelIds, []),
+    errorMessage: row.errorMessage,
+    executedAt: row.executedAt ?? 0,
+    undoneAt: row.undoneAt ?? null
+  };
+}
+function queryRuns(whereClause = "", params = [], limit) {
+  const sqlite = getDatabase();
+  const sql = `
+    SELECT
+      r.id AS id,
+      r.source_type AS sourceType,
+      r.rule_id AS ruleId,
+      r.dry_run AS dryRun,
+      r.requested_actions AS requestedActions,
+      r.query AS query,
+      r.status AS status,
+      r.created_at AS createdAt,
+      r.undone_at AS undoneAt,
+      COUNT(i.id) AS itemCount,
+      COALESCE(SUM(CASE WHEN i.status = 'planned' THEN 1 ELSE 0 END), 0) AS plannedItemCount,
+      COALESCE(SUM(CASE WHEN i.status = 'applied' THEN 1 ELSE 0 END), 0) AS appliedItemCount,
+      COALESCE(SUM(CASE WHEN i.status = 'warning' THEN 1 ELSE 0 END), 0) AS warningItemCount,
+      COALESCE(SUM(CASE WHEN i.status = 'error' THEN 1 ELSE 0 END), 0) AS errorItemCount,
+      COALESCE(SUM(CASE WHEN i.status = 'undone' THEN 1 ELSE 0 END), 0) AS undoneItemCount
+    FROM execution_runs r
+    LEFT JOIN execution_items i ON i.run_id = r.id
+    ${whereClause}
+    GROUP BY r.id
+    ORDER BY COALESCE(r.created_at, 0) DESC, r.id DESC
+    ${limit ? "LIMIT ?" : ""}
+  `;
+  const rows = limit === void 0 ? sqlite.prepare(sql).all(...params) : sqlite.prepare(sql).all(...params, limit);
+  return rows.map(rowToExecutionRun);
+}
+async function createExecutionRun(input) {
+  ensureValidSourceType(input.sourceType);
+  const sqlite = getDatabase();
+  const now2 = input.createdAt ?? Date.now();
+  const id = input.id ?? randomUUID();
+  const status = input.status ?? "planned";
+  ensureValidRunStatus(status);
+  sqlite.prepare(
+    `
+      INSERT INTO execution_runs (
+        id, source_type, rule_id, dry_run, requested_actions, query, status, created_at, undone_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      `
+  ).run(
+    id,
+    input.sourceType,
+    input.ruleId ?? null,
+    input.dryRun ? 1 : 0,
+    serializeJson(input.requestedActions ?? []),
+    input.query ?? null,
+    status,
+    now2,
+    input.undoneAt ?? null
+  );
+  return await getRun(id);
+}
+async function appendExecutionItem(runId, input) {
+  const sqlite = getDatabase();
+  const runExists = sqlite.prepare(`SELECT id FROM execution_runs WHERE id = ?`).get(runId);
+  if (!runExists) {
+    throw new Error(`Execution run not found: ${runId}`);
+  }
+  ensureValidItemStatus(input.status);
+  const id = input.id ?? randomUUID();
+  const executedAt = input.executedAt ?? Date.now();
+  sqlite.prepare(
+    `
+      INSERT INTO execution_items (
+        id, run_id, email_id, status, applied_actions, before_label_ids,
+        after_label_ids, error_message, executed_at, undone_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      `
+  ).run(
+    id,
+    runId,
+    input.emailId,
+    input.status,
+    serializeJson(input.appliedActions ?? []),
+    serializeJson(input.beforeLabelIds),
+    serializeJson(input.afterLabelIds),
+    input.errorMessage ?? null,
+    executedAt,
+    input.undoneAt ?? null
+  );
+  const item = sqlite.prepare(
+    `
+      SELECT
+        id,
+        run_id AS runId,
+        email_id AS emailId,
+        status,
+        applied_actions AS appliedActions,
+        before_label_ids AS beforeLabelIds,
+        after_label_ids AS afterLabelIds,
+        error_message AS errorMessage,
+        executed_at AS executedAt,
+        undone_at AS undoneAt
+      FROM execution_items
+      WHERE id = ?
+      `
+  ).get(id);
+  if (!item) {
+    throw new Error(`Failed to load inserted execution item: ${id}`);
+  }
+  return rowToExecutionItem(item);
+}
+async function addExecutionItems(runId, items) {
+  const inserted = [];
+  for (const item of items) {
+    inserted.push(await appendExecutionItem(runId, item));
+  }
+  return inserted;
+}
+async function getRecentRuns(limit = 20) {
+  if (!Number.isInteger(limit) || limit <= 0) {
+    throw new Error(`Invalid limit: ${limit}`);
+  }
+  return queryRuns("", [], limit);
+}
+async function getRun(runId) {
+  const runs = queryRuns("WHERE r.id = ?", [runId], 1);
+  return runs[0] ?? null;
+}
+async function getRunItems(runId) {
+  const sqlite = getDatabase();
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        id,
+        run_id AS runId,
+        email_id AS emailId,
+        status,
+        applied_actions AS appliedActions,
+        before_label_ids AS beforeLabelIds,
+        after_label_ids AS afterLabelIds,
+        error_message AS errorMessage,
+        executed_at AS executedAt,
+        undone_at AS undoneAt
+      FROM execution_items
+      WHERE run_id = ?
+      ORDER BY COALESCE(executed_at, 0) ASC, id ASC
+      `
+  ).all(runId);
+  return rows.map(rowToExecutionItem);
+}
+async function getRunsByEmail(emailId) {
+  return queryRuns(
+    "WHERE EXISTS (SELECT 1 FROM execution_items i2 WHERE i2.run_id = r.id AND i2.email_id = ?)",
+    [emailId]
+  );
+}
+async function getRunsByRule(ruleId) {
+  return queryRuns("WHERE r.rule_id = ?", [ruleId]);
+}
+
+// src/core/gmail/transport_google_api.ts
+import { gmail } from "@googleapis/gmail";
+
+// src/core/auth/tokens.ts
+import { OAuth2Client } from "google-auth-library";
+import { existsSync as existsSync2 } from "fs";
+import { mkdir, readFile, writeFile } from "fs/promises";
+import { dirname as dirname3 } from "path";
+async function saveTokens(tokensPath, tokens) {
+  await mkdir(dirname3(tokensPath), { recursive: true });
+  await writeFile(tokensPath, `${JSON.stringify(tokens, null, 2)}
+`, "utf8");
+}
+async function loadTokens(tokensPath) {
+  if (!existsSync2(tokensPath)) {
+    return null;
+  }
+  const raw = await readFile(tokensPath, "utf8");
+  const parsed = JSON.parse(raw);
+  if (typeof parsed.accessToken !== "string" || typeof parsed.refreshToken !== "string" || typeof parsed.expiryDate !== "number" || typeof parsed.email !== "string") {
+    throw new Error(`Invalid token file at ${tokensPath}`);
+  }
+  return {
+    accessToken: parsed.accessToken,
+    refreshToken: parsed.refreshToken,
+    expiryDate: parsed.expiryDate,
+    email: parsed.email,
+    scope: parsed.scope,
+    tokenType: parsed.tokenType
+  };
+}
+function isTokenExpired(tokens, skewMs = 6e4) {
+  return Date.now() >= tokens.expiryDate - skewMs;
+}
+async function refreshAccessToken(tokens, clientId, clientSecret) {
+  const client = new OAuth2Client({
+    clientId,
+    clientSecret
+  });
+  client.setCredentials({
+    access_token: tokens.accessToken,
+    refresh_token: tokens.refreshToken,
+    expiry_date: tokens.expiryDate
+  });
+  const { credentials } = await client.refreshAccessToken();
+  if (!credentials.access_token || !credentials.expiry_date) {
+    throw new Error("Google token refresh did not return a new access token");
+  }
+  return {
+    ...tokens,
+    accessToken: credentials.access_token,
+    refreshToken: credentials.refresh_token || tokens.refreshToken,
+    expiryDate: credentials.expiry_date,
+    scope: credentials.scope || tokens.scope,
+    tokenType: credentials.token_type || tokens.tokenType
+  };
+}
+
+// src/core/auth/oauth.ts
+import { OAuth2Client as OAuth2Client2 } from "google-auth-library";
+import { createServer } from "http";
+import { URL } from "url";
+import open from "open";
+var GMAIL_SCOPES = [
+  "https://www.googleapis.com/auth/gmail.modify",
+  "https://www.googleapis.com/auth/gmail.labels",
+  "https://www.googleapis.com/auth/gmail.settings.basic",
+  "https://www.googleapis.com/auth/userinfo.email"
+];
+function getOAuthReadiness(config) {
+  const status = getGoogleCredentialStatus(config);
+  return {
+    ready: status.configured,
+    missing: status.missing
+  };
+}
+function createOAuthClient(config, redirectUri) {
+  const credentials = requireGoogleCredentials(config);
+  return new OAuth2Client2({
+    clientId: credentials.clientId,
+    clientSecret: credentials.clientSecret,
+    redirectUri: redirectUri || credentials.redirectUri
+  });
+}
+function waitForAuthorizationCode(server) {
+  return new Promise((resolve3, reject) => {
+    server.on("request", (request, response) => {
+      if (!request.url) {
+        response.statusCode = 400;
+        response.end("Missing callback URL.");
+        reject(new Error("Missing callback URL."));
+        return;
+      }
+      const url = new URL(request.url, "http://127.0.0.1");
+      const error = url.searchParams.get("error");
+      const code = url.searchParams.get("code");
+      if (error) {
+        if (error === "access_denied") {
+          const guidance = [
+            "Google blocked the sign-in. Common causes:",
+            "",
+            "- Your Gmail address is not listed as a test user",
+            "  Go to Google Auth Platform > Audience in Cloud Console",
+            "  and add your email under Test Users.",
+            "",
+            "- You selected Internal but are using a personal Gmail account",
+            "  Go to Audience and switch User Type to External.",
+            "",
+            "- You clicked Cancel on the Google consent page",
+            "  Just retry: inboxctl auth login"
+          ].join("\n");
+          response.statusCode = 403;
+          response.end(`Access denied.
+
+${guidance}`);
+          reject(new Error(`OAuth access denied.
+
+${guidance}`));
+          return;
+        }
+        response.statusCode = 400;
+        response.end(`OAuth failed: ${error}`);
+        reject(new Error(`OAuth failed: ${error}`));
+        return;
+      }
+      if (!code) {
+        response.statusCode = 400;
+        response.end("Missing OAuth code.");
+        reject(new Error("Missing OAuth code."));
+        return;
+      }
+      response.statusCode = 200;
+      response.setHeader("content-type", "text/plain; charset=utf-8");
+      response.end("Authentication complete. You can close this tab and return to inboxctl.");
+      resolve3(code);
+    });
+    server.on("error", reject);
+  });
+}
+async function listen(server, port) {
+  return new Promise((resolve3, reject) => {
+    server.listen(port, "127.0.0.1", () => {
+      resolve3(server.address());
+    });
+    server.on("error", reject);
+  });
+}
+async function getAuthenticatedEmail(accessToken) {
+  const response = await fetch("https://gmail.googleapis.com/gmail/v1/users/me/profile", {
+    headers: {
+      Authorization: `Bearer ${accessToken}`
+    }
+  });
+  if (!response.ok) {
+    throw new Error(await response.text());
+  }
+  const profile = await response.json();
+  return profile.emailAddress || "unknown";
+}
+async function startOAuthFlow(config) {
+  const readiness = getOAuthReadiness(config);
+  if (!readiness.ready) {
+    throw new Error(
+      `Google OAuth credentials are not configured yet. Missing: ${readiness.missing.join(", ")}.`
+    );
+  }
+  const requestedRedirectUri = config.google.redirectUri || DEFAULT_GOOGLE_REDIRECT_URI;
+  const server = createServer();
+  const redirectUrl = new URL(requestedRedirectUri);
+  const address = await listen(server, Number(redirectUrl.port) || 80);
+  const redirectUri = `${redirectUrl.protocol}//${redirectUrl.hostname}:${address.port}${redirectUrl.pathname}`;
+  const client = createOAuthClient(config, redirectUri);
+  const codePromise = waitForAuthorizationCode(server);
+  try {
+    const authUrl = client.generateAuthUrl({
+      access_type: "offline",
+      prompt: "consent",
+      scope: GMAIL_SCOPES
+    });
+    console.log(`Open this URL if your browser does not launch automatically:
+${authUrl}
+`);
+    await open(authUrl);
+    const code = await codePromise;
+    const { tokens } = await client.getToken(code);
+    if (!tokens.access_token || !tokens.refresh_token || !tokens.expiry_date) {
+      throw new Error(
+        "Google OAuth did not return the access token, refresh token, and expiry date we need."
+      );
+    }
+    await saveTokens(config.tokensPath, {
+      accessToken: tokens.access_token,
+      refreshToken: tokens.refresh_token,
+      expiryDate: tokens.expiry_date,
+      email: "unknown",
+      scope: tokens.scope,
+      tokenType: tokens.token_type ?? void 0
+    });
+    let email = "unknown";
+    try {
+      email = await getAuthenticatedEmail(tokens.access_token);
+      await saveTokens(config.tokensPath, {
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiryDate: tokens.expiry_date,
+        email,
+        scope: tokens.scope,
+        tokenType: tokens.token_type ?? void 0
+      });
+    } catch (error) {
+      console.warn(
+        `OAuth completed but fetching the Gmail profile failed: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+    return {
+      email,
+      redirectUri
+    };
+  } finally {
+    await new Promise((resolve3) => server.close(() => resolve3()));
+  }
+}
+
+// src/core/gmail/client.ts
+var GMAIL_API_BASE_URL = "https://gmail.googleapis.com/gmail/v1/users/me";
+var MAX_GMAIL_RETRIES = 5;
+function getGmailReadiness(config, tokens) {
+  const missing = [];
+  try {
+    requireGoogleCredentials(config);
+  } catch {
+    missing.push("google_credentials");
+  }
+  if (!tokens) {
+    missing.push("tokens");
+  }
+  return {
+    ready: missing.length === 0,
+    missing
+  };
+}
+async function getAuthenticatedGmailClient(config) {
+  const tokens = await getAuthenticatedTokens(config);
+  return {
+    accessToken: tokens.accessToken,
+    tokens
+  };
+}
+async function getAuthenticatedTokens(config) {
+  let tokens = await loadTokens(config.tokensPath);
+  if (!tokens) {
+    throw new Error("No Gmail tokens found. Run `inboxctl auth login` first.");
+  }
+  if (isTokenExpired(tokens)) {
+    const credentials = requireGoogleCredentials(config);
+    tokens = await refreshAccessToken(
+      tokens,
+      credentials.clientId,
+      credentials.clientSecret
+    );
+    await saveTokens(config.tokensPath, tokens);
+  }
+  return tokens;
+}
+async function getAuthenticatedOAuthClient(config) {
+  const tokens = await getAuthenticatedTokens(config);
+  const auth = createOAuthClient(config);
+  auth.setCredentials({
+    access_token: tokens.accessToken,
+    refresh_token: tokens.refreshToken,
+    expiry_date: tokens.expiryDate,
+    token_type: tokens.tokenType,
+    scope: tokens.scope
+  });
+  return auth;
+}
+async function gmailApiRequest(config, path, init) {
+  let attempt = 0;
+  while (true) {
+    attempt += 1;
+    const { accessToken } = await getAuthenticatedGmailClient(config);
+    const response = await fetch(`${GMAIL_API_BASE_URL}${path}`, {
+      ...init,
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+        ...init?.headers || {}
+      }
+    });
+    if (response.ok) {
+      if (response.status === 204) {
+        return void 0;
+      }
+      const text3 = await response.text();
+      if (!text3.trim()) {
+        return void 0;
+      }
+      return JSON.parse(text3);
+    }
+    const text2 = await response.text();
+    const retryable = response.status === 429 || response.status === 500 || response.status === 502 || response.status === 503 || response.status === 504;
+    if (retryable && attempt < MAX_GMAIL_RETRIES) {
+      const retryAfterHeader = response.headers.get("retry-after");
+      const retryAfterSeconds = retryAfterHeader ? Number.parseInt(retryAfterHeader, 10) : Number.NaN;
+      const delayMs = Number.isNaN(retryAfterSeconds) ? Math.min(1e3 * 2 ** (attempt - 1), 1e4) : retryAfterSeconds * 1e3;
+      await new Promise((resolve3) => setTimeout(resolve3, delayMs));
+      continue;
+    }
+    const error = new Error(
+      `Gmail API request failed: ${response.status} ${response.statusText} ${text2}`
+    );
+    error.code = response.status;
+    error.status = response.status;
+    throw error;
+  }
+}
+
+// src/core/gmail/transport_google_api.ts
+function createGoogleApiTransport(config) {
+  async function getClient() {
+    const auth = await getAuthenticatedOAuthClient(config);
+    return gmail({
+      version: "v1",
+      auth
+    });
+  }
+  return {
+    kind: "google-api",
+    async getProfile() {
+      const client = await getClient();
+      const response = await client.users.getProfile({ userId: "me" });
+      return response.data;
+    },
+    async listLabels() {
+      const client = await getClient();
+      const response = await client.users.labels.list({ userId: "me" });
+      return response.data;
+    },
+    async getLabel(id) {
+      const client = await getClient();
+      const response = await client.users.labels.get({ userId: "me", id });
+      return response.data;
+    },
+    async createLabel(input) {
+      const client = await getClient();
+      const response = await client.users.labels.create({
+        userId: "me",
+        requestBody: {
+          name: input.name,
+          color: input.color,
+          type: "user"
+        }
+      });
+      return response.data;
+    },
+    async batchModifyMessages(input) {
+      const client = await getClient();
+      await client.users.messages.batchModify({
+        userId: "me",
+        requestBody: {
+          ids: input.ids,
+          addLabelIds: input.addLabelIds,
+          removeLabelIds: input.removeLabelIds
+        }
+      });
+    },
+    async sendMessage(raw) {
+      const client = await getClient();
+      const response = await client.users.messages.send({
+        userId: "me",
+        requestBody: {
+          raw
+        }
+      });
+      return response.data;
+    },
+    async listMessages(options) {
+      const client = await getClient();
+      const response = await client.users.messages.list({
+        userId: "me",
+        q: options.query,
+        maxResults: options.maxResults,
+        pageToken: options.pageToken
+      });
+      return response.data;
+    },
+    async getMessage(options) {
+      const client = await getClient();
+      const response = await client.users.messages.get({
+        userId: "me",
+        id: options.id,
+        format: options.format,
+        metadataHeaders: options.metadataHeaders
+      });
+      return response.data;
+    },
+    async getThread(id) {
+      const client = await getClient();
+      const response = await client.users.threads.get({
+        userId: "me",
+        id,
+        format: "full"
+      });
+      return response.data;
+    },
+    async listHistory(options) {
+      const client = await getClient();
+      const response = await client.users.history.list({
+        userId: "me",
+        startHistoryId: options.startHistoryId,
+        maxResults: options.maxResults,
+        historyTypes: options.historyTypes
+      });
+      return response.data;
+    },
+    async listFilters() {
+      const client = await getClient();
+      const response = await client.users.settings.filters.list({ userId: "me" });
+      return response.data;
+    },
+    async getFilter(id) {
+      const client = await getClient();
+      const response = await client.users.settings.filters.get({ userId: "me", id });
+      return response.data;
+    },
+    async createFilter(filter) {
+      const client = await getClient();
+      const response = await client.users.settings.filters.create({
+        userId: "me",
+        requestBody: filter
+      });
+      return response.data;
+    },
+    async deleteFilter(id) {
+      const client = await getClient();
+      await client.users.settings.filters.delete({ userId: "me", id });
+    }
+  };
+}
+
+// src/core/gmail/transport_rest.ts
+function jsonRequestInit(body) {
+  return {
+    method: "POST",
+    headers: {
+      "content-type": "application/json"
+    },
+    body: JSON.stringify(body)
+  };
+}
+function createRestTransport(config) {
+  return {
+    kind: "rest",
+    getProfile() {
+      return gmailApiRequest(config, "/profile");
+    },
+    listLabels() {
+      return gmailApiRequest(config, "/labels");
+    },
+    getLabel(id) {
+      return gmailApiRequest(config, `/labels/${id}`);
+    },
+    createLabel(input) {
+      return gmailApiRequest(
+        config,
+        "/labels",
+        jsonRequestInit({
+          name: input.name,
+          color: input.color,
+          type: "user"
+        })
+      );
+    },
+    batchModifyMessages(input) {
+      return gmailApiRequest(
+        config,
+        "/messages/batchModify",
+        jsonRequestInit({
+          ids: input.ids,
+          addLabelIds: input.addLabelIds,
+          removeLabelIds: input.removeLabelIds
+        })
+      );
+    },
+    sendMessage(raw) {
+      return gmailApiRequest(
+        config,
+        "/messages/send",
+        jsonRequestInit({
+          raw
+        })
+      );
+    },
+    listMessages(options) {
+      const params = new URLSearchParams();
+      if (options.query) {
+        params.set("q", options.query);
+      }
+      if (options.maxResults) {
+        params.set("maxResults", String(options.maxResults));
+      }
+      if (options.pageToken) {
+        params.set("pageToken", options.pageToken);
+      }
+      const suffix = params.size > 0 ? `?${params.toString()}` : "";
+      return gmailApiRequest(config, `/messages${suffix}`);
+    },
+    getMessage(options) {
+      const params = new URLSearchParams();
+      if (options.format) {
+        params.set("format", options.format);
+      }
+      for (const header of options.metadataHeaders || []) {
+        params.append("metadataHeaders", header);
+      }
+      const suffix = params.size > 0 ? `?${params.toString()}` : "";
+      return gmailApiRequest(config, `/messages/${options.id}${suffix}`);
+    },
+    getThread(id) {
+      return gmailApiRequest(config, `/threads/${id}?format=full`);
+    },
+    listHistory(options) {
+      const params = new URLSearchParams({
+        startHistoryId: options.startHistoryId,
+        maxResults: String(options.maxResults)
+      });
+      for (const historyType of options.historyTypes) {
+        params.append("historyTypes", historyType);
+      }
+      return gmailApiRequest(config, `/history?${params.toString()}`);
+    },
+    listFilters() {
+      return gmailApiRequest(config, "/settings/filters");
+    },
+    getFilter(id) {
+      return gmailApiRequest(config, `/settings/filters/${id}`);
+    },
+    createFilter(filter) {
+      return gmailApiRequest(config, "/settings/filters", jsonRequestInit(filter));
+    },
+    deleteFilter(id) {
+      return gmailApiRequest(config, `/settings/filters/${id}`, { method: "DELETE" });
+    }
+  };
+}
+
+// src/core/gmail/transport.ts
+var transportKindCache = /* @__PURE__ */ new Map();
+var transportOverrides = /* @__PURE__ */ new Map();
+function getConfiguredTransportKind() {
+  const value = process.env.INBOXCTL_GMAIL_TRANSPORT;
+  if (value === "google-api" || value === "rest" || value === "auto") {
+    return value;
+  }
+  return "auto";
+}
+function isAuthTransportFailure(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  const status = error.code || error.status;
+  return status === 401 || /Login Required/i.test(message) || /UNAUTHENTICATED/i.test(message) || /CREDENTIALS_MISSING/i.test(message);
+}
+async function getGmailTransport(config) {
+  const override = transportOverrides.get(config.dataDir);
+  if (override) {
+    return typeof override === "function" ? await override() : override;
+  }
+  const configured = getConfiguredTransportKind();
+  if (configured === "rest") {
+    return createRestTransport(config);
+  }
+  if (configured === "google-api") {
+    return createGoogleApiTransport(config);
+  }
+  const cached = transportKindCache.get(config.dataDir);
+  if (cached === "rest") {
+    return createRestTransport(config);
+  }
+  if (cached === "google-api") {
+    return createGoogleApiTransport(config);
+  }
+  const googleTransport = createGoogleApiTransport(config);
+  try {
+    await googleTransport.getProfile();
+    transportKindCache.set(config.dataDir, "google-api");
+    return googleTransport;
+  } catch (error) {
+    if (!isAuthTransportFailure(error)) {
+      throw error;
+    }
+    transportKindCache.set(config.dataDir, "rest");
+    return createRestTransport(config);
+  }
+}
+function setGmailTransportOverride(dataDir, transport) {
+  transportOverrides.set(dataDir, transport);
+  transportKindCache.delete(dataDir);
+}
+function clearGmailTransportOverride(dataDir) {
+  transportOverrides.delete(dataDir);
+  transportKindCache.delete(dataDir);
+}
+
+// src/core/gmail/messages.ts
+var MESSAGE_FETCH_CONCURRENCY = 5;
+function getHeaders(message) {
+  return message.payload?.headers || [];
+}
+function getHeader(message, name) {
+  const header = getHeaders(message).find(
+    (entry) => entry.name?.toLowerCase() === name.toLowerCase()
+  );
+  return header?.value || null;
+}
+function parseAddressList(value) {
+  if (!value) {
+    return [];
+  }
+  return value.split(",").map((part) => part.trim()).filter(Boolean).map((part) => {
+    const match = part.match(/<([^>]+)>/);
+    return match?.[1] || part.replace(/^"|"$/g, "");
+  });
+}
+function parseFromHeader(value) {
+  if (!value) {
+    return { fromName: "", fromAddress: "" };
+  }
+  const match = value.match(/^(.*?)(?:\s*<([^>]+)>)?$/);
+  if (!match) {
+    return { fromName: "", fromAddress: value };
+  }
+  const rawName = match[1]?.trim().replace(/^"|"$/g, "") || "";
+  const rawAddress = match[2]?.trim() || rawName;
+  return {
+    fromName: rawAddress === rawName ? "" : rawName,
+    fromAddress: rawAddress
+  };
+}
+function decodeBase64Url(value) {
+  if (!value) {
+    return "";
+  }
+  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
+  return Buffer.from(normalized, "base64").toString("utf8");
+}
+function findParts(part, mimeType) {
+  if (!part) {
+    return [];
+  }
+  const matches = part.mimeType === mimeType ? [part] : [];
+  const nested = (part.parts || []).flatMap((child) => findParts(child, mimeType));
+  return [...matches, ...nested];
+}
+function extractTextBody(message) {
+  const textParts = findParts(message.payload, "text/plain");
+  const text2 = textParts.map((part) => decodeBase64Url(part.body?.data)).join("\n").trim();
+  if (text2) {
+    return text2;
+  }
+  return decodeBase64Url(message.payload?.body?.data).trim();
+}
+function extractHtmlBody(message) {
+  const html = findParts(message.payload, "text/html").map((part) => decodeBase64Url(part.body?.data)).join("\n").trim();
+  return html || null;
+}
+function hasAttachments(part) {
+  if (!part) {
+    return false;
+  }
+  if (part.filename) {
+    return true;
+  }
+  return (part.parts || []).some((child) => hasAttachments(child));
+}
+function parseMessage(message) {
+  const { fromName, fromAddress } = parseFromHeader(getHeader(message, "From"));
+  const dateHeader = getHeader(message, "Date");
+  const internalDate = message.internalDate ? Number(message.internalDate) : null;
+  const parsedDate = dateHeader ? Date.parse(dateHeader) : NaN;
+  return {
+    id: message.id || "",
+    threadId: message.threadId || "",
+    fromAddress,
+    fromName,
+    toAddresses: parseAddressList(getHeader(message, "To")),
+    subject: getHeader(message, "Subject") || "",
+    snippet: message.snippet || "",
+    date: internalDate && !Number.isNaN(internalDate) ? internalDate : Number.isNaN(parsedDate) ? Date.now() : parsedDate,
+    isRead: !(message.labelIds || []).includes("UNREAD"),
+    isStarred: (message.labelIds || []).includes("STARRED"),
+    labelIds: message.labelIds || [],
+    sizeEstimate: message.sizeEstimate || 0,
+    hasAttachments: hasAttachments(message.payload),
+    listUnsubscribe: getHeader(message, "List-Unsubscribe")
+  };
+}
+function parseMessageDetail(message) {
+  const base = parseMessage(message);
+  const textPlain = extractTextBody(message);
+  const bodyHtml = extractHtmlBody(message);
+  return {
+    ...base,
+    textPlain,
+    body: textPlain || bodyHtml || "",
+    bodyHtml
+  };
+}
+async function listMessages(query, maxResults = 20) {
+  const config = loadConfig();
+  const transport = await getGmailTransport(config);
+  const response = await transport.listMessages({
+    query,
+    maxResults
+  });
+  const ids = (response.messages || []).map((message) => message.id).filter(Boolean);
+  return batchGetMessages(ids);
+}
+async function getMessage(id) {
+  const config = loadConfig();
+  const transport = await getGmailTransport(config);
+  const response = await transport.getMessage({
+    id,
+    format: "full"
+  });
+  if (!response.id) {
+    throw new Error(`Gmail message not found: ${id}`);
+  }
+  return parseMessageDetail(response);
+}
+async function batchGetMessages(ids, onProgress) {
+  if (ids.length === 0) {
+    return [];
+  }
+  const config = loadConfig();
+  const transport = await getGmailTransport(config);
+  const pending = ids.map((id, index2) => ({ id, index: index2 }));
+  const messages = new Array(ids.length).fill(null);
+  let completed = 0;
+  async function worker() {
+    while (pending.length > 0) {
+      const next = pending.shift();
+      if (!next) {
+        return;
+      }
+      const response = await transport.getMessage({
+        id: next.id,
+        format: "metadata",
+        metadataHeaders: ["From", "To", "Subject", "Date", "List-Unsubscribe"]
+      });
+      if (!response.id) {
+        messages[next.index] = null;
+        completed += 1;
+        onProgress?.(completed, ids.length);
+        continue;
+      }
+      messages[next.index] = parseMessage(response);
+      completed += 1;
+      onProgress?.(completed, ids.length);
+    }
+  }
+  await Promise.all(
+    Array.from({
+      length: Math.min(MESSAGE_FETCH_CONCURRENCY, ids.length)
+    }, () => worker())
+  );
+  return messages.filter((message) => message !== null);
+}
+
+// src/core/gmail/labels.ts
+var SYSTEM_LABEL_ALIASES = /* @__PURE__ */ new Map([
+  ["INBOX", "INBOX"],
+  ["SENT", "SENT"],
+  ["DRAFT", "DRAFT"],
+  ["TRASH", "TRASH"],
+  ["SPAM", "SPAM"],
+  ["STARRED", "STARRED"],
+  ["IMPORTANT", "IMPORTANT"],
+  ["UNREAD", "UNREAD"],
+  ["SNOOZED", "SNOOZED"],
+  ["ALL_MAIL", "ALL_MAIL"],
+  ["CATEGORY_PERSONAL", "CATEGORY_PERSONAL"],
+  ["CATEGORY_SOCIAL", "CATEGORY_SOCIAL"],
+  ["CATEGORY_PROMOTIONS", "CATEGORY_PROMOTIONS"],
+  ["CATEGORY_UPDATES", "CATEGORY_UPDATES"],
+  ["CATEGORY_FORUMS", "CATEGORY_FORUMS"],
+  ["CHAT", "CHAT"]
+]);
+var labelCache = /* @__PURE__ */ new Map();
+function normalizeKey(value) {
+  return value.trim().toLowerCase();
+}
+function getCacheKey(config) {
+  return config.dataDir;
+}
+function getCachedLabelName(labelId, config = loadConfig()) {
+  return labelCache.get(getCacheKey(config))?.byId.get(labelId)?.name || null;
+}
+function toLabel(raw) {
+  const id = raw.id?.trim() || raw.name?.trim();
+  const name = raw.name?.trim() || raw.id?.trim();
+  if (!id || !name) {
+    return null;
+  }
+  return {
+    id,
+    name,
+    type: raw.type === "system" ? "system" : "user",
+    color: raw.color || null,
+    labelListVisibility: raw.labelListVisibility ?? null,
+    messageListVisibility: raw.messageListVisibility ?? null,
+    messagesTotal: raw.messagesTotal ?? 0,
+    messagesUnread: raw.messagesUnread ?? 0,
+    threadsTotal: raw.threadsTotal ?? 0,
+    threadsUnread: raw.threadsUnread ?? 0
+  };
+}
+function setCache(config, labels) {
+  const byId = /* @__PURE__ */ new Map();
+  const byName = /* @__PURE__ */ new Map();
+  for (const label of labels) {
+    byId.set(label.id, label);
+    byName.set(normalizeKey(label.name), label);
+    byName.set(normalizeKey(label.id), label);
+  }
+  labelCache.set(getCacheKey(config), {
+    labels,
+    byId,
+    byName,
+    loadedAt: Date.now()
+  });
+}
+function updateCacheLabel(config, label) {
+  const key = getCacheKey(config);
+  const existing = labelCache.get(key);
+  if (!existing) {
+    setCache(config, [label]);
+    return;
+  }
+  const nextLabels = existing.labels.filter((entry) => entry.id !== label.id);
+  nextLabels.push(label);
+  setCache(config, nextLabels);
+}
+async function resolveContext(options) {
+  const config = options?.config || loadConfig();
+  const transport = options?.transport || await getGmailTransport(config);
+  return { config, transport };
+}
+function resolveSystemLabelId(name) {
+  const normalized = name.trim().replace(/[\s-]+/g, "_").toUpperCase();
+  return SYSTEM_LABEL_ALIASES.get(normalized) || null;
+}
+async function refreshLabels(context) {
+  const response = await context.transport.listLabels();
+  const rawLabels = response.labels || [];
+  const detailed = await Promise.all(
+    rawLabels.map(async (raw) => {
+      const id = raw.id?.trim() || raw.name?.trim();
+      if (!id) {
+        return null;
+      }
+      const detailedLabel = await context.transport.getLabel(id);
+      return toLabel(detailedLabel);
+    })
+  );
+  const labels = detailed.filter((label) => label !== null);
+  setCache(context.config, labels);
+  return labels;
+}
+async function getCachedLabels(context, forceRefresh) {
+  const cached = labelCache.get(getCacheKey(context.config));
+  if (!forceRefresh && cached) {
+    return cached.labels;
+  }
+  return refreshLabels(context);
+}
+async function syncLabels(options) {
+  const context = await resolveContext(options);
+  return getCachedLabels(context, options?.forceRefresh ?? false);
+}
+async function listLabels(options) {
+  return syncLabels({ ...options, forceRefresh: true });
+}
+async function getLabelId(name, options) {
+  const trimmed = name.trim();
+  if (!trimmed) {
+    return null;
+  }
+  const systemLabelId = resolveSystemLabelId(trimmed);
+  if (systemLabelId) {
+    return systemLabelId;
+  }
+  const context = await resolveContext(options);
+  const labels = await getCachedLabels(context, false);
+  const key = normalizeKey(trimmed);
+  for (const label of labels) {
+    if (normalizeKey(label.name) === key || normalizeKey(label.id) === key) {
+      return label.id;
+    }
+  }
+  return null;
+}
+async function createLabel(name, color, options) {
+  const trimmed = name.trim();
+  if (!trimmed) {
+    throw new Error("Label name cannot be empty");
+  }
+  const context = await resolveContext(options);
+  const existingId = await getLabelId(trimmed, context);
+  if (existingId) {
+    const refreshed = await context.transport.getLabel(existingId);
+    const label2 = toLabel(refreshed);
+    if (!label2) {
+      throw new Error(`Unable to resolve label details for ${trimmed}`);
+    }
+    updateCacheLabel(context.config, label2);
+    return label2;
+  }
+  const created = toLabel(
+    await context.transport.createLabel({
+      name: trimmed,
+      color
+    })
+  );
+  if (!created) {
+    throw new Error(`Gmail did not return a usable label for ${trimmed}`);
+  }
+  const detailed = await context.transport.getLabel(created.id).catch(() => created);
+  const label = toLabel(detailed) || created;
+  updateCacheLabel(context.config, label);
+  return label;
+}
+
+// src/core/gmail/modify.ts
+var MESSAGE_FETCH_HEADERS = ["From", "To", "Subject", "Date", "List-Unsubscribe"];
+function now() {
+  return Date.now();
+}
+function normalizeLabelIds(labelIds) {
+  return Array.from(new Set((labelIds || []).filter(Boolean)));
+}
+function rowToEmail(row) {
+  return {
+    id: row.id,
+    threadId: row.thread_id || "",
+    fromAddress: row.from_address || "",
+    fromName: row.from_name || "",
+    toAddresses: row.to_addresses ? JSON.parse(row.to_addresses) : [],
+    subject: row.subject || "",
+    snippet: row.snippet || "",
+    date: row.date || 0,
+    isRead: (row.is_read || 0) === 1,
+    isStarred: (row.is_starred || 0) === 1,
+    labelIds: row.label_ids ? JSON.parse(row.label_ids) : [],
+    sizeEstimate: row.size_estimate || 0,
+    hasAttachments: (row.has_attachments || 0) === 1,
+    listUnsubscribe: row.list_unsubscribe
+  };
+}
+function emailToRow(email) {
+  return {
+    id: email.id,
+    thread_id: email.threadId,
+    from_address: email.fromAddress,
+    from_name: email.fromName,
+    to_addresses: JSON.stringify(email.toAddresses),
+    subject: email.subject,
+    snippet: email.snippet,
+    date: email.date,
+    is_read: email.isRead ? 1 : 0,
+    is_starred: email.isStarred ? 1 : 0,
+    label_ids: JSON.stringify(email.labelIds),
+    size_estimate: email.sizeEstimate,
+    has_attachments: email.hasAttachments ? 1 : 0,
+    list_unsubscribe: email.listUnsubscribe,
+    synced_at: now()
+  };
+}
+function applyLabelChange(labelIds, addLabelIds = [], removeLabelIds = []) {
+  const next = [...labelIds];
+  for (const labelId of removeLabelIds) {
+    const index2 = next.indexOf(labelId);
+    if (index2 >= 0) {
+      next.splice(index2, 1);
+    }
+  }
+  for (const labelId of addLabelIds) {
+    if (!next.includes(labelId)) {
+      next.push(labelId);
+    }
+  }
+  return next;
+}
+function getReadState(labelIds) {
+  return !labelIds.includes("UNREAD");
+}
+async function resolveContext2(options) {
+  const config = options?.config || loadConfig();
+  const transport = options?.transport || await getGmailTransport(config);
+  return { config, transport };
+}
+function makePlaceholders(values) {
+  return values.map(() => "?").join(", ");
+}
+function readSnapshots(config, ids) {
+  const sqlite = getSqlite(config.dbPath);
+  const rows = sqlite.prepare(
+    `
+      SELECT id, thread_id, from_address, from_name, to_addresses, subject, snippet, date,
+             is_read, is_starred, label_ids, size_estimate, has_attachments, list_unsubscribe
+      FROM emails
+      WHERE id IN (${makePlaceholders(ids)})
+      `
+  ).all(...ids);
+  const snapshots = /* @__PURE__ */ new Map();
+  for (const row of rows) {
+    snapshots.set(row.id, {
+      email: rowToEmail(row)
+    });
+  }
+  return snapshots;
+}
+async function fetchMissingSnapshots(transport, ids, snapshots) {
+  const missing = ids.filter((id) => !snapshots.has(id));
+  const fetched = await Promise.all(
+    missing.map(async (id) => {
+      const response = await transport.getMessage({
+        id,
+        format: "metadata",
+        metadataHeaders: MESSAGE_FETCH_HEADERS
+      });
+      if (!response.id) {
+        throw new Error(`Gmail message not found: ${id}`);
+      }
+      return parseMessage(response);
+    })
+  );
+  for (const email of fetched) {
+    snapshots.set(email.id, { email });
+  }
+}
+function upsertEmails(config, emails2) {
+  if (emails2.length === 0) {
+    return;
+  }
+  const sqlite = getSqlite(config.dbPath);
+  const statement = sqlite.prepare(`
+    INSERT INTO emails (
+      id, thread_id, from_address, from_name, to_addresses, subject, snippet, date,
+      is_read, is_starred, label_ids, size_estimate, has_attachments, list_unsubscribe, synced_at
+    ) VALUES (
+      @id, @thread_id, @from_address, @from_name, @to_addresses, @subject, @snippet, @date,
+      @is_read, @is_starred, @label_ids, @size_estimate, @has_attachments, @list_unsubscribe, @synced_at
+    )
+    ON CONFLICT(id) DO UPDATE SET
+      thread_id = excluded.thread_id,
+      from_address = excluded.from_address,
+      from_name = excluded.from_name,
+      to_addresses = excluded.to_addresses,
+      subject = excluded.subject,
+      snippet = excluded.snippet,
+      date = excluded.date,
+      is_read = excluded.is_read,
+      is_starred = excluded.is_starred,
+      label_ids = excluded.label_ids,
+      size_estimate = excluded.size_estimate,
+      has_attachments = excluded.has_attachments,
+      list_unsubscribe = excluded.list_unsubscribe,
+      synced_at = excluded.synced_at
+  `);
+  const transaction = sqlite.transaction((rows) => {
+    for (const email of rows) {
+      statement.run(emailToRow(email));
+    }
+  });
+  transaction(emails2);
+}
+function buildResult(action, items, metadata) {
+  return {
+    action,
+    affectedCount: items.length,
+    items,
+    nonReversible: action === "forward",
+    ...metadata
+  };
+}
+function buildAppliedActions(action, metadata) {
+  switch (action) {
+    case "archive":
+      return [{ type: "archive" }];
+    case "label":
+      return metadata?.labelName ? [{ type: "label", label: metadata.labelName }] : [];
+    case "mark_read":
+      return [{ type: "mark_read" }];
+    case "mark_spam":
+      return [{ type: "mark_spam" }];
+    case "forward":
+      return metadata?.toAddress ? [{ type: "forward", to: metadata.toAddress }] : [];
+    default:
+      return [];
+  }
+}
+async function performLabelMutation(action, ids, addLabelIds, removeLabelIds, options, metadata) {
+  const uniqueIds = Array.from(new Set(ids.filter(Boolean)));
+  if (uniqueIds.length === 0) {
+    return buildResult(action, [], metadata);
+  }
+  const context = await resolveContext2(options);
+  const snapshots = readSnapshots(context.config, uniqueIds);
+  await fetchMissingSnapshots(context.transport, uniqueIds, snapshots);
+  const orderedSnapshots = uniqueIds.map((id) => {
+    const snapshot = snapshots.get(id);
+    if (!snapshot) {
+      throw new Error(`Unable to resolve Gmail message snapshot for ${id}`);
+    }
+    return snapshot;
+  });
+  const batchSize = 1e3;
+  for (let index2 = 0; index2 < uniqueIds.length; index2 += batchSize) {
+    await context.transport.batchModifyMessages({
+      ids: uniqueIds.slice(index2, index2 + batchSize),
+      addLabelIds,
+      removeLabelIds
+    });
+  }
+  const updatedEmails = orderedSnapshots.map(({ email }) => {
+    const labelIds = applyLabelChange(email.labelIds, addLabelIds, removeLabelIds);
+    return {
+      ...email,
+      labelIds,
+      isRead: getReadState(labelIds)
+    };
+  });
+  upsertEmails(context.config, updatedEmails);
+  const items = orderedSnapshots.map(({ email }, index2) => {
+    const afterLabelIds = updatedEmails[index2]?.labelIds || [];
+    return {
+      emailId: email.id,
+      beforeLabelIds: [...email.labelIds],
+      afterLabelIds,
+      status: "applied",
+      appliedActions: buildAppliedActions(action, metadata)
+    };
+  });
+  return buildResult(action, items, metadata);
+}
+function encodeBase64Url(value) {
+  return Buffer.from(value, "utf8").toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+}
+function formatAddress(name, address) {
+  if (!name) {
+    return address;
+  }
+  return `"${name.replace(/"/g, '\\"')}" <${address}>`;
+}
+function normalizeForwardSubject(subject) {
+  if (/^fwd:/i.test(subject)) {
+    return subject;
+  }
+  return `Fwd: ${subject}`;
+}
+function buildForwardRawMessage(message, toAddress) {
+  const detail = parseMessageDetail(message);
+  const introLines = [
+    "---------- Forwarded message ---------",
+    `From: ${formatAddress(detail.fromName, detail.fromAddress)}`,
+    `Date: ${new Date(detail.date).toUTCString()}`,
+    `Subject: ${detail.subject}`,
+    `To: ${detail.toAddresses.join(", ")}`,
+    ""
+  ];
+  const forwardedBody = detail.body || detail.textPlain || detail.snippet || "";
+  const rawMessage = [
+    `To: ${toAddress}`,
+    `Subject: ${normalizeForwardSubject(detail.subject)}`,
+    'Content-Type: text/plain; charset="UTF-8"',
+    "",
+    [...introLines, forwardedBody].join("\r\n")
+  ].join("\r\n");
+  return {
+    raw: encodeBase64Url(rawMessage),
+    detail
+  };
+}
+async function restoreEmailLabels(emailId, beforeLabelIds) {
+  try {
+    const context = await resolveContext2();
+    const snapshots = readSnapshots(context.config, [emailId]);
+    await fetchMissingSnapshots(context.transport, [emailId], snapshots);
+    const snapshot = snapshots.get(emailId);
+    if (!snapshot) {
+      return {
+        status: "error",
+        errorMessage: `Unable to resolve Gmail message snapshot for ${emailId}`
+      };
+    }
+    const currentLabelIds = normalizeLabelIds(snapshot.email.labelIds);
+    const targetLabelIds = normalizeLabelIds(beforeLabelIds);
+    const addLabelIds = targetLabelIds.filter((labelId) => !currentLabelIds.includes(labelId));
+    const removeLabelIds = currentLabelIds.filter((labelId) => !targetLabelIds.includes(labelId));
+    if (addLabelIds.length === 0 && removeLabelIds.length === 0) {
+      return { status: "applied" };
+    }
+    await context.transport.batchModifyMessages({
+      ids: [emailId],
+      addLabelIds,
+      removeLabelIds
+    });
+    const restoredLabelIds = applyLabelChange(currentLabelIds, addLabelIds, removeLabelIds);
+    upsertEmails(context.config, [
+      {
+        ...snapshot.email,
+        labelIds: restoredLabelIds,
+        isRead: getReadState(restoredLabelIds)
+      }
+    ]);
+    return { status: "applied" };
+  } catch (error) {
+    return {
+      status: "error",
+      errorMessage: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function archiveEmails(ids, options) {
+  return performLabelMutation("archive", ids, [], ["INBOX"], options, {
+    labelId: "INBOX",
+    labelName: "INBOX"
+  });
+}
+async function labelEmails(ids, labelName, options) {
+  const context = await resolveContext2(options);
+  const labelId = await getLabelId(labelName, context);
+  if (!labelId) {
+    throw new Error(`Unknown Gmail label: ${labelName}`);
+  }
+  return performLabelMutation("label", ids, [labelId], [], context, {
+    labelId,
+    labelName
+  });
+}
+async function unlabelEmails(ids, labelName, options) {
+  const context = await resolveContext2(options);
+  const labelId = await getLabelId(labelName, context);
+  if (!labelId) {
+    throw new Error(`Unknown Gmail label: ${labelName}`);
+  }
+  return performLabelMutation("unlabel", ids, [], [labelId], context, {
+    labelId,
+    labelName
+  });
+}
+async function markRead(ids, options) {
+  return performLabelMutation("mark_read", ids, [], ["UNREAD"], options, {
+    labelId: "UNREAD",
+    labelName: "UNREAD"
+  });
+}
+async function markUnread(ids, options) {
+  return performLabelMutation("mark_unread", ids, ["UNREAD"], [], options, {
+    labelId: "UNREAD",
+    labelName: "UNREAD"
+  });
+}
+async function markSpam(ids, options) {
+  return performLabelMutation("mark_spam", ids, ["SPAM"], ["INBOX"], options, {
+    labelId: "SPAM",
+    labelName: "SPAM"
+  });
+}
+async function forwardEmail(id, toAddress, options) {
+  const context = await resolveContext2(options);
+  const response = await context.transport.getMessage({
+    id,
+    format: "full"
+  });
+  if (!response.id) {
+    throw new Error(`Gmail message not found: ${id}`);
+  }
+  const { raw, detail } = buildForwardRawMessage(response, toAddress);
+  const sent = await context.transport.sendMessage(raw);
+  const labelIds = normalizeLabelIds(response.labelIds || detail.labelIds);
+  return buildResult(
+    "forward",
+    [
+      {
+        emailId: response.id,
+        beforeLabelIds: labelIds,
+        afterLabelIds: labelIds,
+        status: "applied",
+        appliedActions: buildAppliedActions("forward", { toAddress })
+      }
+    ],
+    {
+      toAddress,
+      sentMessageId: sent.id || void 0,
+      sentThreadId: sent.threadId || void 0
+    }
+  );
+}
+
+// src/core/actions/undo.ts
+function getDatabase2() {
+  const config = loadConfig();
+  return getSqlite(config.dbPath);
+}
+function getActionType(action) {
+  return typeof action === "object" && action && "type" in action && typeof action.type === "string" ? action.type.toLowerCase() : null;
+}
+function hasNonReversibleAction(item) {
+  return item.appliedActions.some((action) => getActionType(action) === "forward");
+}
+function updateItem(sqlite, itemId, status, errorMessage, undoneAt) {
+  sqlite.prepare(
+    `
+      UPDATE execution_items
+      SET status = ?, error_message = ?, undone_at = ?
+      WHERE id = ?
+      `
+  ).run(status, errorMessage, undoneAt, itemId);
+}
+function updateRun(sqlite, runId, status, undoneAt) {
+  sqlite.prepare(
+    `
+      UPDATE execution_runs
+      SET status = ?, undone_at = ?
+      WHERE id = ?
+      `
+  ).run(status, undoneAt, runId);
+}
+async function undoRun(runId) {
+  const sqlite = getDatabase2();
+  const run = await getRun(runId);
+  if (!run) {
+    throw new Error(`Execution run not found: ${runId}`);
+  }
+  if (run.status === "undone" || run.undoneAt !== null) {
+    throw new Error(`Execution run is already undone: ${runId}`);
+  }
+  const items = await getRunItems(runId);
+  const warnings = [];
+  let undoneCount = 0;
+  let warningCount = 0;
+  let errorCount = 0;
+  const undoneAt = Date.now();
+  for (const item of items) {
+    const restored = await restoreEmailLabels(item.emailId, item.beforeLabelIds);
+    if (restored.status === "error") {
+      errorCount += 1;
+      updateItem(
+        sqlite,
+        item.id,
+        "error",
+        restored.errorMessage || "Failed to restore Gmail label snapshot.",
+        null
+      );
+      continue;
+    }
+    if (hasNonReversibleAction(item)) {
+      const message = `Email ${item.emailId}: label state was restored, but forward actions cannot be undone.`;
+      warnings.push(message);
+      warningCount += 1;
+      updateItem(sqlite, item.id, "warning", message, undoneAt);
+      continue;
+    }
+    undoneCount += 1;
+    updateItem(sqlite, item.id, "undone", null, undoneAt);
+  }
+  const status = errorCount > 0 || warningCount > 0 ? "partial" : "undone";
+  updateRun(sqlite, run.id, status, undoneAt);
+  const refreshedRun = await getRun(run.id);
+  if (!refreshedRun) {
+    throw new Error(`Failed to reload execution run after undo: ${run.id}`);
+  }
+  return {
+    runId: run.id,
+    run: refreshedRun,
+    warnings,
+    restoredItemCount: undoneCount + warningCount,
+    itemCount: items.length,
+    undoneCount,
+    warningCount,
+    errorCount,
+    status
+  };
+}
+
+// src/core/gmail/threads.ts
+async function getThread(id) {
+  const config = loadConfig();
+  const transport = await getGmailTransport(config);
+  const response = await transport.getThread(id);
+  const messages = (response.messages || []).map(
+    (message) => parseMessageDetail(message)
+  );
+  return {
+    id: response.id || id,
+    messages
+  };
+}
+
+// src/core/stats/common.ts
+var DAY_MS = 24 * 60 * 60 * 1e3;
+var SYSTEM_LABEL_NAMES = /* @__PURE__ */ new Map([
+  ["INBOX", "Inbox"],
+  ["UNREAD", "Unread"],
+  ["STARRED", "Starred"],
+  ["IMPORTANT", "Important"],
+  ["SENT", "Sent"],
+  ["DRAFT", "Drafts"],
+  ["TRASH", "Trash"],
+  ["SPAM", "Spam"],
+  ["ALL_MAIL", "All Mail"],
+  ["SNOOZED", "Snoozed"],
+  ["CHAT", "Chat"],
+  ["CATEGORY_PERSONAL", "Personal"],
+  ["CATEGORY_SOCIAL", "Social"],
+  ["CATEGORY_PROMOTIONS", "Promotions"],
+  ["CATEGORY_UPDATES", "Updates"],
+  ["CATEGORY_FORUMS", "Forums"]
+]);
+function getStatsSqlite() {
+  const config = loadConfig();
+  return getSqlite(config.dbPath);
+}
+function normalizeLimit(value, fallback) {
+  if (!value || Number.isNaN(value) || value < 1) {
+    return fallback;
+  }
+  return Math.floor(value);
+}
+function clampPercentage(value, fallback = 0) {
+  if (value === void 0 || Number.isNaN(value)) {
+    return fallback;
+  }
+  return Math.max(0, Math.min(100, value));
+}
+function roundPercent(numerator, denominator) {
+  if (!denominator) {
+    return 0;
+  }
+  return Math.round(numerator / denominator * 1e3) / 10;
+}
+function getPeriodStart(period = "all", now2 = Date.now()) {
+  switch (period) {
+    case "day":
+      return now2 - DAY_MS;
+    case "week":
+      return now2 - 7 * DAY_MS;
+    case "month":
+      return now2 - 30 * DAY_MS;
+    case "year":
+      return now2 - 365 * DAY_MS;
+    case "all":
+      return null;
+  }
+}
+function resolveLabelName(labelId) {
+  return SYSTEM_LABEL_NAMES.get(labelId) || getCachedLabelName(labelId) || labelId;
+}
+function startOfLocalDay(now2 = Date.now()) {
+  const date = new Date(now2);
+  date.setHours(0, 0, 0, 0);
+  return date.getTime();
+}
+function startOfLocalWeek(now2 = Date.now()) {
+  const date = new Date(startOfLocalDay(now2));
+  const day = date.getDay();
+  const diff = day === 0 ? 6 : day - 1;
+  date.setDate(date.getDate() - diff);
+  return date.getTime();
+}
+function startOfLocalMonth(now2 = Date.now()) {
+  const date = new Date(now2);
+  date.setDate(1);
+  date.setHours(0, 0, 0, 0);
+  return date.getTime();
+}
+
+// src/core/stats/labels.ts
+async function getLabelDistribution() {
+  const sqlite = getStatsSqlite();
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        label.value AS labelId,
+        COUNT(*) AS totalMessages,
+        SUM(CASE WHEN e.is_read = 0 THEN 1 ELSE 0 END) AS unreadMessages
+      FROM emails AS e, json_each(e.label_ids) AS label
+      GROUP BY label.value
+      ORDER BY totalMessages DESC, unreadMessages DESC, label.value ASC
+      `
+  ).all();
+  return rows.map((row) => ({
+    labelId: row.labelId,
+    labelName: resolveLabelName(row.labelId),
+    totalMessages: row.totalMessages,
+    unreadMessages: row.unreadMessages
+  }));
+}
+
+// src/core/stats/newsletters.ts
+import { randomUUID as randomUUID2 } from "crypto";
+var KNOWN_NEWSLETTER_LOCAL_PART = /^(newsletter|digest|noreply|no-reply|updates|news)([+._-].*)?$/i;
+function extractNewsletterReasons(row) {
+  const reasons = [];
+  const localPart = row.email.split("@")[0] || "";
+  const unreadRate = roundPercent(row.unreadCount, row.messageCount);
+  if (row.unsubscribeLink) {
+    reasons.push("list_unsubscribe");
+  }
+  if (row.messageCount > 5 && unreadRate > 50) {
+    reasons.push("high_volume_high_unread");
+  }
+  if (KNOWN_NEWSLETTER_LOCAL_PART.test(localPart)) {
+    reasons.push("known_sender_pattern");
+  }
+  if (row.recipientPatternCount > 1) {
+    reasons.push("bulk_sender_pattern");
+  }
+  return reasons;
+}
+function normalizeUnsubscribeLink(value) {
+  if (!value) {
+    return null;
+  }
+  const header = value.trim();
+  const match = header.match(/<([^>]+)>/);
+  return match?.[1]?.trim() || header.split(",")[0]?.trim() || null;
+}
+function mapNewsletterRow(row) {
+  return {
+    email: row.email,
+    name: row.name?.trim() || row.email,
+    messageCount: row.messageCount,
+    unreadCount: row.unreadCount,
+    unreadRate: roundPercent(row.unreadCount, row.messageCount),
+    status: row.status,
+    unsubscribeLink: row.unsubscribeLink,
+    firstSeen: new Date(row.firstSeen),
+    lastSeen: new Date(row.lastSeen),
+    detectionReason: row.detectionReason
+  };
+}
+async function detectNewsletters() {
+  const sqlite = getStatsSqlite();
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        from_address AS email,
+        COALESCE(MAX(NULLIF(TRIM(from_name), '')), from_address) AS name,
+        COUNT(*) AS messageCount,
+        SUM(CASE WHEN is_read = 0 THEN 1 ELSE 0 END) AS unreadCount,
+        MIN(date) AS firstSeen,
+        MAX(date) AS lastSeen,
+        MAX(NULLIF(TRIM(list_unsubscribe), '')) AS unsubscribeLink,
+        COUNT(DISTINCT to_addresses) AS recipientPatternCount
+      FROM emails
+      WHERE from_address IS NOT NULL
+        AND TRIM(from_address) <> ''
+      GROUP BY from_address
+      `
+  ).all();
+  const detected = [];
+  for (const row of rows) {
+    const reasons = extractNewsletterReasons(row);
+    if (reasons.length === 0) {
+      continue;
+    }
+    detected.push({
+      id: randomUUID2(),
+      email: row.email,
+      name: row.name?.trim() || row.email,
+      messageCount: row.messageCount,
+      unreadCount: row.unreadCount,
+      unsubscribeLink: normalizeUnsubscribeLink(row.unsubscribeLink),
+      detectionReason: reasons.join(", "),
+      firstSeen: row.firstSeen,
+      lastSeen: row.lastSeen
+    });
+  }
+  const upsert = sqlite.prepare(
+    `
+    INSERT INTO newsletter_senders (
+      id,
+      email,
+      name,
+      message_count,
+      unread_count,
+      status,
+      unsubscribe_link,
+      detection_reason,
+      first_seen,
+      last_seen
+    ) VALUES (?, ?, ?, ?, ?, 'active', ?, ?, ?, ?)
+    ON CONFLICT(email) DO UPDATE SET
+      name = excluded.name,
+      message_count = excluded.message_count,
+      unread_count = excluded.unread_count,
+      unsubscribe_link = excluded.unsubscribe_link,
+      detection_reason = excluded.detection_reason,
+      first_seen = excluded.first_seen,
+      last_seen = excluded.last_seen
+    `
+  );
+  const transaction = sqlite.transaction(
+    (entries) => {
+      for (const entry of entries) {
+        upsert.run(
+          entry.id,
+          entry.email,
+          entry.name,
+          entry.messageCount,
+          entry.unreadCount,
+          entry.unsubscribeLink,
+          entry.detectionReason,
+          entry.firstSeen,
+          entry.lastSeen
+        );
+      }
+    }
+  );
+  transaction(detected);
+  return detected.map((row) => ({
+    email: row.email,
+    name: row.name,
+    messageCount: row.messageCount,
+    unreadCount: row.unreadCount,
+    unreadRate: roundPercent(row.unreadCount, row.messageCount),
+    status: "active",
+    unsubscribeLink: row.unsubscribeLink,
+    firstSeen: new Date(row.firstSeen),
+    lastSeen: new Date(row.lastSeen),
+    detectionReason: row.detectionReason
+  }));
+}
+async function getNewsletters(options = {}) {
+  await detectNewsletters();
+  const sqlite = getStatsSqlite();
+  const minMessages = normalizeLimit(options.minMessages, 1);
+  const minUnreadRate = clampPercentage(options.minUnreadRate, 0);
+  const status = options.status || "active";
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        email,
+        name,
+        message_count AS messageCount,
+        unread_count AS unreadCount,
+        status,
+        unsubscribe_link AS unsubscribeLink,
+        first_seen AS firstSeen,
+        last_seen AS lastSeen,
+        detection_reason AS detectionReason
+      FROM newsletter_senders
+      WHERE message_count >= ?
+        AND (100.0 * unread_count / CASE WHEN message_count = 0 THEN 1 ELSE message_count END) >= ?
+        AND (? = 'all' OR status = ?)
+      ORDER BY message_count DESC, unreadCount DESC, lastSeen DESC, email ASC
+      `
+  ).all(minMessages, minUnreadRate, status, status);
+  return rows.map(mapNewsletterRow);
+}
+
+// src/core/stats/sender.ts
+function buildSenderWhereClause(period) {
+  const whereParts = [
+    "from_address IS NOT NULL",
+    "TRIM(from_address) <> ''"
+  ];
+  const params = [];
+  const periodStart = getPeriodStart(period);
+  if (periodStart !== null) {
+    whereParts.push("date >= ?");
+    params.push(periodStart);
+  }
+  return {
+    clause: whereParts.join(" AND "),
+    params
+  };
+}
+function mapAggregateRow(sqlite, row, whereClause, params) {
+  return {
+    email: row.email,
+    name: row.name?.trim() || row.email,
+    totalMessages: row.totalMessages,
+    unreadMessages: row.unreadMessages,
+    unreadRate: roundPercent(row.unreadMessages, row.totalMessages),
+    lastEmailDate: row.lastEmailDate,
+    firstEmailDate: row.firstEmailDate,
+    labels: getTopLabels(sqlite, whereClause, params)
+  };
+}
+function getTopLabels(sqlite, whereClause, params) {
+  const rows = sqlite.prepare(
+    `
+      SELECT label.value AS labelId, COUNT(*) AS totalMessages
+      FROM emails AS e, json_each(e.label_ids) AS label
+      WHERE ${whereClause}
+      GROUP BY label.value
+      ORDER BY totalMessages DESC, label.value ASC
+      LIMIT 5
+      `
+  ).all(...params);
+  return rows.map((row) => resolveLabelName(row.labelId));
+}
+function getRecentEmailsForMatch(sqlite, whereClause, params) {
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        id,
+        from_address AS fromAddress,
+        subject,
+        date,
+        is_read AS isRead
+      FROM emails
+      WHERE ${whereClause}
+      ORDER BY date DESC
+      LIMIT 10
+      `
+  ).all(...params);
+  return rows.map((row) => ({
+    id: row.id,
+    fromAddress: row.fromAddress,
+    subject: row.subject,
+    date: row.date,
+    isRead: row.isRead === 1
+  }));
+}
+function getMatchingSenders(sqlite, whereClause, params) {
+  const rows = sqlite.prepare(
+    `
+      SELECT from_address AS email, COUNT(*) AS totalMessages, MAX(date) AS lastEmailDate
+      FROM emails
+      WHERE ${whereClause}
+      GROUP BY from_address
+      ORDER BY totalMessages DESC, lastEmailDate DESC, email ASC
+      `
+  ).all(...params);
+  return rows.map((row) => row.email);
+}
+async function getTopSenders(options = {}) {
+  const sqlite = getStatsSqlite();
+  const limit = normalizeLimit(options.limit, 20);
+  const minMessages = normalizeLimit(options.minMessages, 1);
+  const minUnreadRate = clampPercentage(options.minUnreadRate, 0);
+  const { clause, params } = buildSenderWhereClause(options.period);
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        from_address AS email,
+        COALESCE(MAX(NULLIF(TRIM(from_name), '')), from_address) AS name,
+        COUNT(*) AS totalMessages,
+        SUM(CASE WHEN is_read = 0 THEN 1 ELSE 0 END) AS unreadMessages,
+        MAX(date) AS lastEmailDate,
+        MIN(date) AS firstEmailDate
+      FROM emails
+      WHERE ${clause}
+      GROUP BY from_address
+      HAVING COUNT(*) >= ?
+         AND (100.0 * SUM(CASE WHEN is_read = 0 THEN 1 ELSE 0 END) / COUNT(*)) >= ?
+      ORDER BY totalMessages DESC, lastEmailDate DESC, email ASC
+      LIMIT ?
+      `
+  ).all(...params, minMessages, minUnreadRate, limit);
+  return rows.map(
+    (row) => mapAggregateRow(
+      sqlite,
+      row,
+      `from_address = ?${clause.includes("date >= ?") ? " AND date >= ?" : ""}`,
+      clause.includes("date >= ?") ? [row.email, ...params] : [row.email]
+    )
+  );
+}
+async function getSenderStats(emailOrDomain) {
+  const sqlite = getStatsSqlite();
+  const query = emailOrDomain.trim().toLowerCase();
+  if (!query) {
+    return null;
+  }
+  const isDomain = query.startsWith("@");
+  const domain = isDomain ? query.slice(1) : "";
+  if (isDomain && !domain) {
+    return null;
+  }
+  const whereClause = isDomain ? "from_address IS NOT NULL AND INSTR(from_address, '@') > 0 AND LOWER(SUBSTR(from_address, INSTR(from_address, '@') + 1)) = ?" : "LOWER(from_address) = ?";
+  const params = [isDomain ? domain : query];
+  const row = sqlite.prepare(
+    `
+      SELECT
+        ${isDomain ? "? AS email" : "LOWER(from_address) AS email"},
+        ${isDomain ? "? AS name" : "COALESCE(MAX(NULLIF(TRIM(from_name), '')), LOWER(from_address)) AS name"},
+        COUNT(*) AS totalMessages,
+        SUM(CASE WHEN is_read = 0 THEN 1 ELSE 0 END) AS unreadMessages,
+        MAX(date) AS lastEmailDate,
+        MIN(date) AS firstEmailDate
+      FROM emails
+      WHERE ${whereClause}
+      `
+  ).get(
+    ...isDomain ? [`@${domain}`, domain] : [],
+    ...params
+  );
+  if (!row || row.totalMessages === 0) {
+    return null;
+  }
+  const displayQuery = isDomain ? `@${domain}` : query;
+  const detail = mapAggregateRow(
+    sqlite,
+    row,
+    whereClause,
+    params
+  );
+  return {
+    ...detail,
+    type: isDomain ? "domain" : "sender",
+    query: displayQuery,
+    matchingSenders: getMatchingSenders(sqlite, whereClause, params),
+    recentEmails: getRecentEmailsForMatch(sqlite, whereClause, params)
+  };
+}
+
+// src/core/stats/volume.ts
+function getBucketExpression(granularity) {
+  switch (granularity) {
+    case "hour":
+      return "strftime('%Y-%m-%d %H:00', date / 1000, 'unixepoch', 'localtime')";
+    case "day":
+      return "strftime('%Y-%m-%d', date / 1000, 'unixepoch', 'localtime')";
+    case "week":
+      return "printf('%s-W%02d', strftime('%Y', date / 1000, 'unixepoch', 'localtime'), CAST(strftime('%W', date / 1000, 'unixepoch', 'localtime') AS INTEGER))";
+    case "month":
+      return "strftime('%Y-%m', date / 1000, 'unixepoch', 'localtime')";
+  }
+}
+async function getVolumeByPeriod(granularity, range) {
+  const sqlite = getStatsSqlite();
+  const whereParts = [];
+  const params = [];
+  if (range?.start !== void 0) {
+    whereParts.push("date >= ?");
+    params.push(range.start);
+  }
+  if (range?.end !== void 0) {
+    whereParts.push("date <= ?");
+    params.push(range.end);
+  }
+  const whereClause = whereParts.length > 0 ? `WHERE ${whereParts.join(" AND ")}` : "";
+  const bucketExpression = getBucketExpression(granularity);
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        ${bucketExpression} AS period,
+        COUNT(*) AS received,
+        SUM(CASE WHEN is_read = 1 THEN 1 ELSE 0 END) AS read,
+        SUM(CASE WHEN is_read = 0 THEN 1 ELSE 0 END) AS unread,
+        SUM(
+          CASE
+            WHEN EXISTS (
+              SELECT 1
+              FROM json_each(emails.label_ids)
+              WHERE json_each.value = 'INBOX'
+            ) THEN 0
+            ELSE 1
+          END
+        ) AS archived
+      FROM emails
+      ${whereClause}
+      GROUP BY period
+      ORDER BY MIN(date) ASC
+      `
+  ).all(...params);
+  return rows.map((row) => ({
+    period: row.period,
+    received: row.received,
+    read: row.read,
+    unread: row.unread,
+    archived: row.archived
+  }));
+}
+async function getInboxOverview() {
+  const sqlite = getStatsSqlite();
+  const now2 = Date.now();
+  const todayStart = startOfLocalDay(now2);
+  const weekStart = startOfLocalWeek(now2);
+  const monthStart = startOfLocalMonth(now2);
+  const row = sqlite.prepare(
+    `
+      SELECT
+        COUNT(*) AS total,
+        SUM(CASE WHEN is_read = 0 THEN 1 ELSE 0 END) AS unread,
+        SUM(CASE WHEN is_starred = 1 THEN 1 ELSE 0 END) AS starred,
+        SUM(CASE WHEN date >= ? THEN 1 ELSE 0 END) AS todayReceived,
+        SUM(CASE WHEN date >= ? AND is_read = 0 THEN 1 ELSE 0 END) AS todayUnread,
+        SUM(CASE WHEN date >= ? THEN 1 ELSE 0 END) AS thisWeekReceived,
+        SUM(CASE WHEN date >= ? AND is_read = 0 THEN 1 ELSE 0 END) AS thisWeekUnread,
+        SUM(CASE WHEN date >= ? THEN 1 ELSE 0 END) AS thisMonthReceived,
+        SUM(CASE WHEN date >= ? AND is_read = 0 THEN 1 ELSE 0 END) AS thisMonthUnread,
+        MIN(CASE WHEN is_read = 0 THEN date ELSE NULL END) AS oldestUnread
+      FROM emails
+      `
+  ).get(
+    todayStart,
+    todayStart,
+    weekStart,
+    weekStart,
+    monthStart,
+    monthStart
+  );
+  return {
+    total: row?.total || 0,
+    unread: row?.unread || 0,
+    starred: row?.starred || 0,
+    today: {
+      received: row?.todayReceived || 0,
+      unread: row?.todayUnread || 0
+    },
+    thisWeek: {
+      received: row?.thisWeekReceived || 0,
+      unread: row?.thisWeekUnread || 0
+    },
+    thisMonth: {
+      received: row?.thisMonthReceived || 0,
+      unread: row?.thisMonthUnread || 0
+    },
+    oldestUnread: row?.oldestUnread ? new Date(row.oldestUnread) : null
+  };
+}
+
+// src/core/rules/history.ts
+async function getExecutionHistory(ruleId, limit = 20) {
+  const runs = ruleId ? await getRunsByRule(ruleId) : await getRecentRuns(limit);
+  return runs.slice(0, limit);
+}
+
+// src/core/rules/deploy.ts
+import { randomUUID as randomUUID3 } from "crypto";
+
+// src/core/rules/loader.ts
+import { createHash } from "crypto";
+import { readdir, readFile as readFile2 } from "fs/promises";
+import { join as join2 } from "path";
+import YAML from "yaml";
+
+// src/core/rules/types.ts
+import { z } from "zod";
+var RuleNameSchema = z.string().min(1, "Rule name is required").regex(
+  /^[a-z0-9]+(?:-[a-z0-9]+)*$/,
+  "Rule name must be kebab-case (lowercase letters, numbers, and single hyphens)"
+);
+var RuleFieldSchema = z.enum(["from", "to", "subject", "snippet", "labels"]);
+var RegexStringSchema = z.string().min(1, "Pattern must not be empty").superRefine((value, ctx) => {
+  try {
+    new RegExp(value);
+  } catch (error) {
+    ctx.addIssue({
+      code: z.ZodIssueCode.custom,
+      message: `Invalid regular expression: ${error instanceof Error ? error.message : String(error)}`
+    });
+  }
+});
+var MatcherSchema = z.object({
+  // `snippet` is the only cached free-text matcher in MVP.
+  field: RuleFieldSchema,
+  pattern: RegexStringSchema.optional(),
+  contains: z.array(z.string().min(1)).min(1).optional(),
+  values: z.array(z.string().min(1)).min(1).optional(),
+  exclude: z.boolean().default(false)
+}).strict().superRefine((value, ctx) => {
+  if (!value.pattern && !value.contains && !value.values) {
+    ctx.addIssue({
+      code: z.ZodIssueCode.custom,
+      message: "Matcher must provide at least one of pattern, contains, or values",
+      path: ["pattern"]
+    });
+  }
+});
+var ConditionsSchema = z.object({
+  operator: z.enum(["AND", "OR"]),
+  matchers: z.array(MatcherSchema).min(1, "At least one matcher is required")
+}).strict();
+var LabelActionSchema = z.object({
+  type: z.literal("label"),
+  label: z.string().min(1, "Label name is required")
+});
+var ArchiveActionSchema = z.object({ type: z.literal("archive") });
+var MarkReadActionSchema = z.object({ type: z.literal("mark_read") });
+var ForwardActionSchema = z.object({
+  type: z.literal("forward"),
+  to: z.string().email("Forward destination must be a valid email address")
+});
+var MarkSpamActionSchema = z.object({ type: z.literal("mark_spam") });
+var ActionSchema = z.discriminatedUnion("type", [
+  LabelActionSchema,
+  ArchiveActionSchema,
+  MarkReadActionSchema,
+  ForwardActionSchema,
+  MarkSpamActionSchema
+]);
+var RuleSchema = z.object({
+  name: RuleNameSchema,
+  description: z.string(),
+  enabled: z.boolean().default(true),
+  priority: z.number().int().min(0).default(50),
+  conditions: ConditionsSchema,
+  actions: z.array(ActionSchema).min(1, "At least one action is required")
+}).strict();
+
+// src/core/rules/loader.ts
+function isRuleFile(filename) {
+  const lower = filename.toLowerCase();
+  return lower.endsWith(".yaml") || lower.endsWith(".yml");
+}
+function formatZodError(path, error) {
+  return `${path}: ${error.message}`;
+}
+function formatYamlErrors(path, errors) {
+  const messages = errors.map((error) => {
+    if (error instanceof Error) {
+      return error.message;
+    }
+    return String(error);
+  });
+  return new Error(`${path}: invalid YAML - ${messages.join("; ")}`);
+}
+function hashRule(yamlContent) {
+  return createHash("sha256").update(yamlContent, "utf8").digest("hex");
+}
+function parseRuleYaml(yamlContent, path = "<rule>") {
+  const document = YAML.parseDocument(yamlContent, {
+    prettyErrors: true
+  });
+  if (document.errors.length > 0) {
+    throw formatYamlErrors(path, document.errors);
+  }
+  const parsed = document.toJS({
+    mapAsMap: false,
+    maxAliasCount: 50
+  });
+  const result = RuleSchema.safeParse(parsed);
+  if (!result.success) {
+    const message = result.error.issues.map((issue) => {
+      const issuePath = issue.path.length > 0 ? issue.path.join(".") : "root";
+      return `${issuePath}: ${issue.message}`;
+    }).join("; ");
+    throw new Error(formatZodError(path, new Error(message)));
+  }
+  return result.data;
+}
+async function loadRuleFile(path) {
+  const yaml = await readFile2(path, "utf8");
+  const rule = parseRuleYaml(yaml, path);
+  return {
+    ...rule,
+    path,
+    yaml,
+    yamlHash: hashRule(yaml),
+    rule
+  };
+}
+async function loadAllRules(rulesDir) {
+  const entries = await readdir(rulesDir, { withFileTypes: true });
+  const filePaths = entries.filter((entry) => entry.isFile() && isRuleFile(entry.name)).map((entry) => join2(rulesDir, entry.name)).sort((left, right) => left.localeCompare(right));
+  const loaded = await Promise.all(filePaths.map(async (path) => loadRuleFile(path)));
+  return loaded;
+}
+
+// src/core/rules/deploy.ts
+function getDatabase3() {
+  const config = loadConfig();
+  return getSqlite(config.dbPath);
+}
+function parseJson(value, fallback) {
+  if (!value) {
+    return fallback;
+  }
+  try {
+    return JSON.parse(value);
+  } catch {
+    return fallback;
+  }
+}
+function serializeJson2(value) {
+  return JSON.stringify(value);
+}
+function rowToRule(row) {
+  return {
+    id: row.id,
+    name: row.name,
+    description: row.description ?? "",
+    enabled: row.enabled !== 0,
+    yamlHash: row.yamlHash,
+    conditions: parseJson(row.conditions, { operator: "OR", matchers: [] }),
+    actions: parseJson(row.actions, []),
+    priority: row.priority ?? 50,
+    deployedAt: row.deployedAt,
+    createdAt: row.createdAt
+  };
+}
+function ruleSelectSql(whereClause = "", limitClause = "") {
+  return `
+      SELECT
+        id,
+        name,
+        description,
+        enabled,
+        yaml_hash AS yamlHash,
+        conditions,
+        actions,
+        priority,
+        deployed_at AS deployedAt,
+        created_at AS createdAt
+      FROM rules
+      ${whereClause}
+      ORDER BY COALESCE(priority, 50) ASC, name ASC
+      ${limitClause}
+    `;
+}
+async function loadRuleRows() {
+  const sqlite = getDatabase3();
+  const rows = sqlite.prepare(ruleSelectSql()).all();
+  return rows.map(rowToRule);
+}
+async function getRuleByName(name) {
+  const trimmed = name.trim();
+  if (!trimmed) {
+    return null;
+  }
+  const sqlite = getDatabase3();
+  const row = sqlite.prepare(ruleSelectSql("WHERE name = ? OR id = ?", "LIMIT 1")).get(trimmed, trimmed);
+  return row ? rowToRule(row) : null;
+}
+async function getAllRules() {
+  return loadRuleRows();
+}
+function upsertRule(rule, yamlHash) {
+  const sqlite = getDatabase3();
+  const existing = sqlite.prepare(ruleSelectSql("WHERE name = ?", "LIMIT 1")).get(rule.name);
+  if (existing && existing.yamlHash === yamlHash) {
+    return {
+      ...rowToRule(existing),
+      status: "unchanged"
+    };
+  }
+  const now2 = Date.now();
+  if (existing) {
+    sqlite.prepare(
+      `
+        UPDATE rules
+        SET description = ?, enabled = ?, yaml_hash = ?, conditions = ?, actions = ?, priority = ?, deployed_at = ?
+        WHERE id = ?
+        `
+    ).run(
+      rule.description,
+      rule.enabled ? 1 : 0,
+      yamlHash,
+      serializeJson2(rule.conditions),
+      serializeJson2(rule.actions),
+      rule.priority,
+      now2,
+      existing.id
+    );
+  } else {
+    sqlite.prepare(
+      `
+        INSERT INTO rules (
+          id, name, description, enabled, yaml_hash, conditions, actions, priority, deployed_at, created_at
+        ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+        `
+    ).run(
+      randomUUID3(),
+      rule.name,
+      rule.description,
+      rule.enabled ? 1 : 0,
+      yamlHash,
+      serializeJson2(rule.conditions),
+      serializeJson2(rule.actions),
+      rule.priority,
+      now2,
+      now2
+    );
+  }
+  const refreshed = sqlite.prepare(ruleSelectSql("WHERE name = ?", "LIMIT 1")).get(rule.name);
+  if (!refreshed) {
+    throw new Error(`Failed to load deployed rule: ${rule.name}`);
+  }
+  return {
+    ...rowToRule(refreshed),
+    status: existing ? "updated" : "created"
+  };
+}
+async function deployRule(rule, yamlHash) {
+  return upsertRule(rule, yamlHash);
+}
+async function deployLoadedRule(loaded) {
+  return deployRule(loaded.rule, loaded.yamlHash);
+}
+async function deployAllRules(rulesDir) {
+  const loadedRules = await loadAllRules(rulesDir);
+  const deployed = [];
+  for (const entry of loadedRules) {
+    deployed.push(await deployRule(entry.rule, entry.yamlHash));
+  }
+  return deployed;
+}
+async function getExecutionStatsByRuleId(ruleId) {
+  const sqlite = getDatabase3();
+  const counts = sqlite.prepare(
+    `
+      SELECT
+        COUNT(*) AS totalRuns,
+        COALESCE(SUM(CASE WHEN status = 'planned' THEN 1 ELSE 0 END), 0) AS plannedRuns,
+        COALESCE(SUM(CASE WHEN status = 'applied' THEN 1 ELSE 0 END), 0) AS appliedRuns,
+        COALESCE(SUM(CASE WHEN status = 'partial' THEN 1 ELSE 0 END), 0) AS partialRuns,
+        COALESCE(SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END), 0) AS errorRuns,
+        COALESCE(SUM(CASE WHEN status = 'undone' THEN 1 ELSE 0 END), 0) AS undoneRuns,
+        MAX(created_at) AS lastExecutionAt
+      FROM execution_runs
+      WHERE rule_id = ?
+      `
+  ).get(ruleId);
+  const lastRun = sqlite.prepare(
+    `
+      SELECT id, status, created_at AS createdAt
+      FROM execution_runs
+      WHERE rule_id = ?
+      ORDER BY COALESCE(created_at, 0) DESC, id DESC
+      LIMIT 1
+      `
+  ).get(ruleId);
+  return {
+    totalRuns: counts?.totalRuns ?? 0,
+    plannedRuns: counts?.plannedRuns ?? 0,
+    appliedRuns: counts?.appliedRuns ?? 0,
+    partialRuns: counts?.partialRuns ?? 0,
+    errorRuns: counts?.errorRuns ?? 0,
+    undoneRuns: counts?.undoneRuns ?? 0,
+    lastExecutionAt: counts?.lastExecutionAt ?? null,
+    lastExecutionStatus: lastRun?.status ?? null,
+    lastRunId: lastRun?.id ?? null
+  };
+}
+async function getRuleStatus(name) {
+  const rule = await getRuleByName(name);
+  if (!rule) {
+    return null;
+  }
+  const stats = await getExecutionStatsByRuleId(rule.id);
+  return {
+    ...rule,
+    ...stats
+  };
+}
+async function getAllRulesStatus() {
+  const rules2 = await loadRuleRows();
+  const statuses = await Promise.all(
+    rules2.map(async (rule) => ({
+      ...rule,
+      ...await getExecutionStatsByRuleId(rule.id)
+    }))
+  );
+  return statuses;
+}
+async function detectDrift(rulesDir) {
+  const loadedRules = await loadAllRules(rulesDir);
+  const deployedRules = await loadRuleRows();
+  const deployedByName = new Map(deployedRules.map((rule) => [rule.name, rule]));
+  const fileByName = new Map(loadedRules.map((entry) => [entry.rule.name, entry]));
+  const entries = [];
+  for (const entry of loadedRules) {
+    const deployed = deployedByName.get(entry.rule.name);
+    if (!deployed) {
+      entries.push({
+        name: entry.rule.name,
+        filePath: entry.path,
+        fileHash: entry.yamlHash,
+        deployedHash: null,
+        status: "not_deployed"
+      });
+      continue;
+    }
+    entries.push({
+      name: entry.rule.name,
+      filePath: entry.path,
+      fileHash: entry.yamlHash,
+      deployedHash: deployed.yamlHash,
+      status: deployed.yamlHash === entry.yamlHash ? "in_sync" : "changed"
+    });
+  }
+  for (const deployed of deployedRules) {
+    if (fileByName.has(deployed.name)) {
+      continue;
+    }
+    entries.push({
+      name: deployed.name,
+      deployedHash: deployed.yamlHash,
+      status: "missing_file"
+    });
+  }
+  return {
+    drifted: entries.some((entry) => entry.status !== "in_sync"),
+    entries
+  };
+}
+async function setRuleEnabled(name, enabled) {
+  const rule = await getRuleByName(name);
+  if (!rule) {
+    throw new Error(`Rule not found: ${name}`);
+  }
+  const sqlite = getDatabase3();
+  sqlite.prepare(
+    `
+      UPDATE rules
+      SET enabled = ?
+      WHERE id = ?
+      `
+  ).run(enabled ? 1 : 0, rule.id);
+  const refreshed = await getRuleByName(rule.id);
+  if (!refreshed) {
+    throw new Error(`Failed to refresh rule after update: ${name}`);
+  }
+  return refreshed;
+}
+async function enableRule(name) {
+  return setRuleEnabled(name, true);
+}
+async function disableRule(name) {
+  return setRuleEnabled(name, false);
+}
+
+// src/core/rules/matcher.ts
+function getDatabase4() {
+  const config = loadConfig();
+  return getSqlite(config.dbPath);
+}
+function parseJsonArray2(value) {
+  if (!value) {
+    return [];
+  }
+  try {
+    const parsed = JSON.parse(value);
+    return Array.isArray(parsed) ? parsed.filter((entry) => typeof entry === "string") : [];
+  } catch {
+    return [];
+  }
+}
+function rowToEmail2(row) {
+  return {
+    id: row.id,
+    threadId: row.thread_id ?? "",
+    fromAddress: row.from_address ?? "",
+    fromName: row.from_name ?? "",
+    toAddresses: parseJsonArray2(row.to_addresses),
+    subject: row.subject ?? "",
+    snippet: row.snippet ?? "",
+    date: row.date ?? 0,
+    isRead: row.is_read === 1,
+    isStarred: row.is_starred === 1,
+    labelIds: parseJsonArray2(row.label_ids),
+    sizeEstimate: row.size_estimate ?? 0,
+    hasAttachments: row.has_attachments === 1,
+    listUnsubscribe: row.list_unsubscribe
+  };
+}
+function getFieldValues(email, matcher) {
+  switch (matcher.field) {
+    case "from":
+      return [email.fromAddress, email.fromName].filter(Boolean);
+    case "to":
+      return email.toAddresses;
+    case "subject":
+      return [email.subject];
+    case "snippet":
+      return [email.snippet];
+    case "labels":
+      return email.labelIds;
+  }
+}
+function normalize(value) {
+  return value.trim().toLowerCase();
+}
+function exactMatch(values, candidates) {
+  if (values.length === 0 || candidates.length === 0) {
+    return false;
+  }
+  const normalizedCandidates = new Set(candidates.map(normalize));
+  return values.some((value) => normalizedCandidates.has(normalize(value)));
+}
+function containsMatch(values, candidates) {
+  if (values.length === 0 || candidates.length === 0) {
+    return false;
+  }
+  const normalizedCandidates = candidates.map(normalize);
+  return values.some((value) => {
+    const needle = normalize(value);
+    return normalizedCandidates.some((candidate) => candidate.includes(needle));
+  });
+}
+function patternMatch(pattern, candidates) {
+  if (!pattern || candidates.length === 0) {
+    return false;
+  }
+  const regex = new RegExp(pattern);
+  return candidates.some((candidate) => regex.test(candidate));
+}
+function matchField(email, matcher) {
+  const candidates = getFieldValues(email, matcher);
+  const matched = patternMatch(matcher.pattern, candidates) || containsMatch(matcher.contains ?? [], candidates) || exactMatch(matcher.values ?? [], candidates);
+  return matcher.exclude ? !matched : matched;
+}
+function matchEmail(email, conditions) {
+  const matchedFields = [];
+  if (conditions.operator === "AND") {
+    for (const matcher of conditions.matchers) {
+      const matched = matchField(email, matcher);
+      if (!matched) {
+        return {
+          matches: false,
+          matchedFields: []
+        };
+      }
+      matchedFields.push(matcher.field);
+    }
+    return {
+      matches: true,
+      matchedFields: Array.from(new Set(matchedFields))
+    };
+  }
+  for (const matcher of conditions.matchers) {
+    if (matchField(email, matcher)) {
+      matchedFields.push(matcher.field);
+    }
+  }
+  return {
+    matches: matchedFields.length > 0,
+    matchedFields: Array.from(new Set(matchedFields))
+  };
+}
+async function findMatchingEmails(ruleOrConditions, limit) {
+  const conditions = typeof ruleOrConditions === "string" ? (await getRuleByName(ruleOrConditions))?.conditions : "conditions" in ruleOrConditions ? ruleOrConditions.conditions : ruleOrConditions;
+  if (!conditions) {
+    throw new Error(`Rule not found: ${ruleOrConditions}`);
+  }
+  const sqlite = getDatabase4();
+  const rows = sqlite.prepare(
+    `
+      SELECT
+        id,
+        thread_id,
+        from_address,
+        from_name,
+        to_addresses,
+        subject,
+        snippet,
+        date,
+        is_read,
+        is_starred,
+        label_ids,
+        size_estimate,
+        has_attachments,
+        list_unsubscribe
+      FROM emails
+      ORDER BY COALESCE(date, 0) DESC, id DESC
+      `
+  ).all();
+  const matches = [];
+  for (const row of rows) {
+    const email = rowToEmail2(row);
+    const result = matchEmail(email, conditions);
+    if (!result.matches) {
+      continue;
+    }
+    matches.push({
+      email,
+      matchedFields: result.matchedFields
+    });
+    if (limit !== void 0 && matches.length >= limit) {
+      break;
+    }
+  }
+  return matches;
+}
+
+// src/core/rules/executor.ts
+function resolveRunStatus(items, dryRun) {
+  if (dryRun) {
+    return "planned";
+  }
+  if (items.length === 0) {
+    return "applied";
+  }
+  if (items.every((item) => item.status === "applied")) {
+    return "applied";
+  }
+  if (items.some((item) => item.status === "applied" || item.status === "warning")) {
+    return "partial";
+  }
+  return "error";
+}
+async function getQueryLimitedIds(query, maxEmails, options) {
+  if (options.transport) {
+    const response = await options.transport.listMessages({
+      query,
+      maxResults: maxEmails
+    });
+    return new Set(
+      (response.messages || []).map((message) => message.id).filter((id) => Boolean(id))
+    );
+  }
+  const emails2 = await listMessages(query, maxEmails);
+  return new Set(emails2.map((email) => email.id));
+}
+async function loadMatchedItems(rule, options) {
+  const matches = await findMatchingEmails(rule, options.maxEmails);
+  const allowedIds = options.query ? await getQueryLimitedIds(options.query, Math.max(options.maxEmails, 1), {
+    config: options.config,
+    transport: options.transport
+  }) : null;
+  const filtered = allowedIds ? matches.filter((match) => allowedIds.has(match.email.id)) : matches;
+  return filtered.slice(0, options.maxEmails).map((match) => ({
+    emailId: match.email.id,
+    fromAddress: match.email.fromAddress,
+    subject: match.email.subject,
+    date: match.email.date,
+    matchedFields: match.matchedFields,
+    status: options.dryRun ? "planned" : "applied",
+    appliedActions: options.dryRun ? [] : [...rule.actions],
+    beforeLabelIds: [...match.email.labelIds],
+    afterLabelIds: [...match.email.labelIds],
+    errorMessage: null
+  }));
+}
+async function executeAction(emailId, action, options) {
+  switch (action.type) {
+    case "archive":
+      return (await archiveEmails([emailId], options)).items[0];
+    case "label":
+      return (await labelEmails([emailId], action.label, options)).items[0];
+    case "mark_read":
+      return (await markRead([emailId], options)).items[0];
+    case "forward":
+      return (await forwardEmail(emailId, action.to, options)).items[0];
+    case "mark_spam":
+      return (await markSpam([emailId], options)).items[0];
+  }
+}
+async function applyRuleActions(item, actions, options) {
+  let current = {
+    ...item,
+    appliedActions: []
+  };
+  for (const action of actions) {
+    try {
+      const result = await executeAction(item.emailId, action, options);
+      current = {
+        ...current,
+        status: result.status,
+        appliedActions: [...current.appliedActions, ...result.appliedActions],
+        afterLabelIds: [...result.afterLabelIds],
+        errorMessage: result.errorMessage ?? null
+      };
+      if (result.status === "error") {
+        break;
+      }
+    } catch (error) {
+      current = {
+        ...current,
+        status: "error",
+        errorMessage: error instanceof Error ? error.message : String(error)
+      };
+      break;
+    }
+  }
+  return current;
+}
+async function recordRuleRun(rule, options, items) {
+  const status = resolveRunStatus(items, options.dryRun);
+  const run = await createExecutionRun({
+    sourceType: "rule",
+    ruleId: rule.id,
+    dryRun: options.dryRun,
+    requestedActions: rule.actions,
+    query: options.query ?? null,
+    status
+  });
+  await addExecutionItems(
+    run.id,
+    items.map((item) => ({
+      emailId: item.emailId,
+      status: item.status,
+      appliedActions: item.appliedActions,
+      beforeLabelIds: item.beforeLabelIds,
+      afterLabelIds: item.afterLabelIds,
+      errorMessage: item.errorMessage
+    }))
+  );
+  return {
+    runId: run.id,
+    run,
+    status
+  };
+}
+async function runRule(name, options) {
+  const dryRun = options.dryRun ?? true;
+  const maxEmails = options.maxEmails ?? 100;
+  const config = options.config ?? loadConfig();
+  const rule = await getRuleByName(name);
+  if (!rule) {
+    throw new Error(`Rule not found: ${name}`);
+  }
+  if (!rule.enabled) {
+    const run = await createExecutionRun({
+      sourceType: "rule",
+      ruleId: rule.id,
+      dryRun,
+      requestedActions: rule.actions,
+      query: options.query ?? null,
+      status: "planned"
+    });
+    return {
+      rule,
+      dryRun,
+      maxEmails,
+      query: options.query ?? null,
+      matchedCount: 0,
+      runId: run.id,
+      run,
+      status: "planned",
+      items: [],
+      skipped: true
+    };
+  }
+  const plannedItems = await loadMatchedItems(rule, {
+    dryRun,
+    maxEmails,
+    query: options.query,
+    config,
+    transport: options.transport
+  });
+  const items = dryRun ? plannedItems : await Promise.all(
+    plannedItems.map(
+      (item) => applyRuleActions(item, rule.actions, {
+        config,
+        transport: options.transport
+      })
+    )
+  );
+  const recorded = await recordRuleRun(
+    rule,
+    {
+      dryRun,
+      maxEmails,
+      query: options.query
+    },
+    items
+  );
+  return {
+    rule,
+    dryRun,
+    maxEmails,
+    query: options.query ?? null,
+    matchedCount: items.length,
+    runId: recorded.runId,
+    run: recorded.run,
+    status: recorded.status,
+    items
+  };
+}
+async function runAllRules(options) {
+  const rules2 = (await getAllRules()).filter((rule) => rule.enabled).sort((left, right) => left.priority - right.priority || left.name.localeCompare(right.name));
+  const results = [];
+  for (const rule of rules2) {
+    results.push(await runRule(rule.name, options));
+  }
+  return {
+    dryRun: options.dryRun ?? true,
+    results
+  };
+}
+
+// src/core/gmail/filters.ts
+async function resolveContext3(options) {
+  const config = options?.config ?? loadConfig();
+  const transport = options?.transport ?? await getGmailTransport(config);
+  return { config, transport };
+}
+function toFilterCriteria(raw) {
+  return {
+    from: raw?.from ?? null,
+    to: raw?.to ?? null,
+    subject: raw?.subject ?? null,
+    query: raw?.query ?? null,
+    negatedQuery: raw?.negatedQuery ?? null,
+    hasAttachment: raw?.hasAttachment ?? false,
+    excludeChats: raw?.excludeChats ?? false,
+    size: raw?.size ?? null,
+    sizeComparison: raw?.sizeComparison === "larger" || raw?.sizeComparison === "smaller" ? raw.sizeComparison : null
+  };
+}
+function toFilterActions(raw, labelMap) {
+  const addIds = raw?.addLabelIds ?? [];
+  const removeIds = raw?.removeLabelIds ?? [];
+  const addLabelNames = addIds.filter((id) => id !== "STARRED").map((id) => labelMap.get(id)?.name ?? id);
+  const removeLabelNames = removeIds.filter((id) => id !== "INBOX" && id !== "UNREAD").map((id) => labelMap.get(id)?.name ?? id);
+  return {
+    addLabelNames,
+    removeLabelNames,
+    forward: raw?.forward ?? null,
+    archive: removeIds.includes("INBOX"),
+    markRead: removeIds.includes("UNREAD"),
+    star: addIds.includes("STARRED")
+  };
+}
+function toGmailFilter(raw, labelMap) {
+  const id = raw.id?.trim();
+  if (!id) return null;
+  return {
+    id,
+    criteria: toFilterCriteria(raw.criteria),
+    actions: toFilterActions(raw.action, labelMap)
+  };
+}
+async function buildLabelMap(context) {
+  const labels = await syncLabels({ config: context.config, transport: context.transport });
+  const map = /* @__PURE__ */ new Map();
+  for (const label of labels) {
+    map.set(label.id, label);
+  }
+  return map;
+}
+async function listFilters(options) {
+  const context = await resolveContext3(options);
+  const [response, labelMap] = await Promise.all([
+    context.transport.listFilters(),
+    buildLabelMap(context)
+  ]);
+  const raw = response.filter ?? [];
+  return raw.map((f) => toGmailFilter(f, labelMap)).filter((f) => f !== null);
+}
+async function getFilter(id, options) {
+  const context = await resolveContext3(options);
+  const [raw, labelMap] = await Promise.all([
+    context.transport.getFilter(id),
+    buildLabelMap(context)
+  ]);
+  const filter = toGmailFilter(raw, labelMap);
+  if (!filter) {
+    throw new Error(`Filter ${id} returned an invalid response from Gmail`);
+  }
+  return filter;
+}
+async function createFilter(input, options) {
+  const hasCriteria = input.from != null || input.to != null || input.subject != null || input.query != null || input.negatedQuery != null || input.hasAttachment != null || input.excludeChats != null || input.size != null;
+  if (!hasCriteria) {
+    throw new Error(
+      "At least one criteria field is required (from, to, subject, query, negatedQuery, hasAttachment, excludeChats, or size)"
+    );
+  }
+  const hasAction = input.labelName != null || input.archive === true || input.markRead === true || input.star === true || input.forward != null;
+  if (!hasAction) {
+    throw new Error(
+      "At least one action is required (labelName, archive, markRead, star, or forward)"
+    );
+  }
+  const context = await resolveContext3(options);
+  const addLabelIds = [];
+  if (input.star) {
+    addLabelIds.push("STARRED");
+  }
+  if (input.labelName) {
+    let labelId = await getLabelId(input.labelName, context);
+    if (!labelId) {
+      const created = await createLabel(input.labelName, void 0, context);
+      labelId = created.id;
+    }
+    addLabelIds.push(labelId);
+  }
+  const removeLabelIds = [];
+  if (input.archive) removeLabelIds.push("INBOX");
+  if (input.markRead) removeLabelIds.push("UNREAD");
+  const criteria = {};
+  if (input.from) criteria.from = input.from;
+  if (input.to) criteria.to = input.to;
+  if (input.subject) criteria.subject = input.subject;
+  if (input.query) criteria.query = input.query;
+  if (input.negatedQuery) criteria.negatedQuery = input.negatedQuery;
+  if (input.hasAttachment != null) criteria.hasAttachment = input.hasAttachment;
+  if (input.excludeChats != null) criteria.excludeChats = input.excludeChats;
+  if (input.size != null) criteria.size = input.size;
+  if (input.sizeComparison) criteria.sizeComparison = input.sizeComparison;
+  const action = {};
+  if (addLabelIds.length > 0) action.addLabelIds = addLabelIds;
+  if (removeLabelIds.length > 0) action.removeLabelIds = removeLabelIds;
+  if (input.forward) action.forward = input.forward;
+  const raw = await context.transport.createFilter({ criteria, action });
+  const labelMap = await buildLabelMap(context);
+  const filter = toGmailFilter(raw, labelMap);
+  if (!filter) {
+    throw new Error("Gmail did not return a valid filter after creation");
+  }
+  return filter;
+}
+async function deleteFilter(id, options) {
+  const context = await resolveContext3(options);
+  await context.transport.deleteFilter(id);
+}
+
+// src/core/sync/cache.ts
+function mapRow(row) {
+  return {
+    id: row.id,
+    threadId: row.thread_id,
+    fromAddress: row.from_address,
+    fromName: row.from_name,
+    toAddresses: JSON.parse(row.to_addresses || "[]"),
+    subject: row.subject,
+    snippet: row.snippet,
+    date: row.date,
+    isRead: row.is_read === 1,
+    isStarred: row.is_starred === 1,
+    labelIds: JSON.parse(row.label_ids || "[]"),
+    sizeEstimate: row.size_estimate,
+    hasAttachments: row.has_attachments === 1,
+    listUnsubscribe: row.list_unsubscribe
+  };
+}
+async function getRecentEmails(limit = 20, offset = 0) {
+  const config = loadConfig();
+  const sqlite = getSqlite(config.dbPath);
+  const rows = sqlite.prepare(
+    `
+      SELECT id, thread_id, from_address, from_name, to_addresses, subject, snippet, date,
+             is_read, is_starred, label_ids, size_estimate, has_attachments, list_unsubscribe
+      FROM emails
+      ORDER BY date DESC
+      LIMIT ? OFFSET ?
+      `
+  ).all(limit, offset);
+  return rows.map(mapRow);
+}
+
+// src/core/sync/sync.ts
+function upsertEmails2(dbPath, messages) {
+  if (messages.length === 0) {
+    return;
+  }
+  const sqlite = getSqlite(dbPath);
+  const statement = sqlite.prepare(`
+    INSERT INTO emails (
+      id, thread_id, from_address, from_name, to_addresses, subject, snippet, date,
+      is_read, is_starred, label_ids, size_estimate, has_attachments, list_unsubscribe, synced_at
+    ) VALUES (
+      @id, @thread_id, @from_address, @from_name, @to_addresses, @subject, @snippet, @date,
+      @is_read, @is_starred, @label_ids, @size_estimate, @has_attachments, @list_unsubscribe, @synced_at
+    )
+    ON CONFLICT(id) DO UPDATE SET
+      thread_id = excluded.thread_id,
+      from_address = excluded.from_address,
+      from_name = excluded.from_name,
+      to_addresses = excluded.to_addresses,
+      subject = excluded.subject,
+      snippet = excluded.snippet,
+      date = excluded.date,
+      is_read = excluded.is_read,
+      is_starred = excluded.is_starred,
+      label_ids = excluded.label_ids,
+      size_estimate = excluded.size_estimate,
+      has_attachments = excluded.has_attachments,
+      list_unsubscribe = excluded.list_unsubscribe,
+      synced_at = excluded.synced_at
+  `);
+  const now2 = Date.now();
+  const transaction = sqlite.transaction((emails2) => {
+    for (const message of emails2) {
+      statement.run({
+        id: message.id,
+        thread_id: message.threadId,
+        from_address: message.fromAddress,
+        from_name: message.fromName,
+        to_addresses: JSON.stringify(message.toAddresses),
+        subject: message.subject,
+        snippet: message.snippet,
+        date: message.date,
+        is_read: message.isRead ? 1 : 0,
+        is_starred: message.isStarred ? 1 : 0,
+        label_ids: JSON.stringify(message.labelIds),
+        size_estimate: message.sizeEstimate,
+        has_attachments: message.hasAttachments ? 1 : 0,
+        list_unsubscribe: message.listUnsubscribe,
+        synced_at: now2
+      });
+    }
+  });
+  transaction(messages);
+}
+function deleteEmails(dbPath, ids) {
+  if (ids.length === 0) {
+    return;
+  }
+  const sqlite = getSqlite(dbPath);
+  const statement = sqlite.prepare(`DELETE FROM emails WHERE id = ?`);
+  const transaction = sqlite.transaction((messageIds) => {
+    for (const id of messageIds) {
+      statement.run(id);
+    }
+  });
+  transaction(ids);
+}
+function getSyncState(dbPath) {
+  const sqlite = getSqlite(dbPath);
+  const row = sqlite.prepare(
+    `SELECT account_email, history_id, last_full_sync, last_incremental_sync, total_messages, full_sync_cursor, full_sync_processed, full_sync_total FROM sync_state WHERE id = 1`
+  ).get();
+  return row || {
+    account_email: null,
+    history_id: null,
+    last_full_sync: null,
+    last_incremental_sync: null,
+    total_messages: 0,
+    full_sync_cursor: null,
+    full_sync_processed: 0,
+    full_sync_total: 0
+  };
+}
+function saveSyncState(dbPath, updates) {
+  const current = getSyncState(dbPath);
+  const sqlite = getSqlite(dbPath);
+  const next = {
+    account_email: Object.prototype.hasOwnProperty.call(updates, "account_email") ? updates.account_email ?? null : current.account_email,
+    history_id: Object.prototype.hasOwnProperty.call(updates, "history_id") ? updates.history_id ?? null : current.history_id,
+    last_full_sync: Object.prototype.hasOwnProperty.call(updates, "last_full_sync") ? updates.last_full_sync ?? null : current.last_full_sync,
+    last_incremental_sync: Object.prototype.hasOwnProperty.call(updates, "last_incremental_sync") ? updates.last_incremental_sync ?? null : current.last_incremental_sync,
+    total_messages: Object.prototype.hasOwnProperty.call(updates, "total_messages") ? updates.total_messages ?? 0 : current.total_messages,
+    full_sync_cursor: Object.prototype.hasOwnProperty.call(updates, "full_sync_cursor") ? updates.full_sync_cursor ?? null : current.full_sync_cursor,
+    full_sync_processed: Object.prototype.hasOwnProperty.call(updates, "full_sync_processed") ? updates.full_sync_processed ?? 0 : current.full_sync_processed,
+    full_sync_total: Object.prototype.hasOwnProperty.call(updates, "full_sync_total") ? updates.full_sync_total ?? 0 : current.full_sync_total
+  };
+  sqlite.prepare(
+    `
+      UPDATE sync_state
+      SET account_email = ?,
+          history_id = ?,
+          last_full_sync = ?,
+          last_incremental_sync = ?,
+          total_messages = ?,
+          full_sync_cursor = ?,
+          full_sync_processed = ?,
+          full_sync_total = ?
+      WHERE id = 1
+      `
+  ).run(
+    next.account_email,
+    next.history_id,
+    next.last_full_sync,
+    next.last_incremental_sync,
+    next.total_messages,
+    next.full_sync_cursor,
+    next.full_sync_processed,
+    next.full_sync_total
+  );
+}
+function clearCachedEmailData(dbPath) {
+  const sqlite = getSqlite(dbPath);
+  sqlite.exec(`
+    DELETE FROM emails;
+    DELETE FROM newsletter_senders;
+  `);
+}
+function clearAccountScopedState(dbPath, nextAccountEmail) {
+  const sqlite = getSqlite(dbPath);
+  sqlite.exec(`
+    DELETE FROM emails;
+    DELETE FROM newsletter_senders;
+    DELETE FROM execution_items;
+    DELETE FROM execution_runs;
+  `);
+  sqlite.prepare(
+    `
+      UPDATE sync_state
+      SET account_email = ?,
+          history_id = NULL,
+          last_full_sync = NULL,
+          last_incremental_sync = NULL,
+          total_messages = 0,
+          full_sync_cursor = NULL,
+          full_sync_processed = 0,
+          full_sync_total = 0
+      WHERE id = 1
+      `
+  ).run(nextAccountEmail);
+}
+function resetFullSyncProgress(dbPath) {
+  saveSyncState(dbPath, {
+    full_sync_cursor: null,
+    full_sync_processed: 0,
+    full_sync_total: 0
+  });
+}
+function reconcileCacheForAuthenticatedAccount(dbPath, authenticatedEmail, options) {
+  const normalizedEmail = authenticatedEmail && authenticatedEmail !== "unknown" ? authenticatedEmail : null;
+  const state = getSyncState(dbPath);
+  const sqlite = getSqlite(dbPath);
+  const cachedEmailCount = sqlite.prepare("SELECT COUNT(*) as count FROM emails").get().count;
+  if (!normalizedEmail) {
+    return {
+      cleared: false,
+      reason: null,
+      previousEmail: state.account_email
+    };
+  }
+  if (state.account_email && state.account_email !== normalizedEmail) {
+    clearAccountScopedState(dbPath, normalizedEmail);
+    return {
+      cleared: true,
+      reason: "account_switched",
+      previousEmail: state.account_email
+    };
+  }
+  if (!state.account_email && cachedEmailCount > 0 && options?.clearLegacyUnscoped) {
+    clearAccountScopedState(dbPath, normalizedEmail);
+    return {
+      cleared: true,
+      reason: "legacy_unscoped_cache",
+      previousEmail: null
+    };
+  }
+  if (state.account_email !== normalizedEmail) {
+    saveSyncState(dbPath, { account_email: normalizedEmail });
+  }
+  return {
+    cleared: false,
+    reason: null,
+    previousEmail: state.account_email
+  };
+}
+async function fullSync(onProgress, onEvent) {
+  const config = loadConfig();
+  const transport = await getGmailTransport(config);
+  const profile = await transport.getProfile();
+  const accountEmail = profile.emailAddress || null;
+  const priorState = getSyncState(config.dbPath);
+  const accountReconciliation = reconcileCacheForAuthenticatedAccount(
+    config.dbPath,
+    accountEmail,
+    { clearLegacyUnscoped: true }
+  );
+  const pageSize = Math.min(config.sync.pageSize, 100);
+  const maxMessages = config.sync.maxMessages;
+  const resumableSync = !accountReconciliation.cleared && priorState.account_email === accountEmail && !priorState.history_id && (priorState.full_sync_cursor && priorState.full_sync_cursor.length > 0 || (priorState.full_sync_processed || 0) > 0);
+  let pageToken = resumableSync ? priorState.full_sync_cursor || void 0 : void 0;
+  let processed = resumableSync ? priorState.full_sync_processed || 0 : 0;
+  let added = 0;
+  let updated = 0;
+  let latestHistoryId = profile.historyId || getSyncState(config.dbPath).history_id || "";
+  const knownTotalMessages = profile.messagesTotal ?? priorState.full_sync_total ?? null;
+  if (!resumableSync) {
+    clearCachedEmailData(config.dbPath);
+    resetFullSyncProgress(config.dbPath);
+  }
+  onEvent?.({
+    mode: "full",
+    phase: "starting",
+    synced: processed,
+    total: knownTotalMessages,
+    detail: resumableSync ? `Resuming full mailbox sync\u2026 ${processed}${knownTotalMessages ? ` / ${knownTotalMessages}` : ""}` : accountReconciliation.cleared ? "Starting full mailbox sync after resetting the local cache for this account\u2026" : "Starting full mailbox sync\u2026"
+  });
+  onProgress?.(processed, knownTotalMessages);
+  do {
+    const response = await transport.listMessages({
+      maxResults: pageSize,
+      pageToken
+    });
+    pageToken = response.nextPageToken || void 0;
+    const ids = (response.messages || []).map((message) => message.id).filter(Boolean);
+    if (ids.length === 0) {
+      break;
+    }
+    onEvent?.({
+      mode: "full",
+      phase: "fetching_messages",
+      synced: processed,
+      total: knownTotalMessages,
+      detail: "Fetching message metadata\u2026"
+    });
+    const processedBeforeBatch = processed;
+    const messages = await batchGetMessages(ids, (completedInBatch) => {
+      const synced = processedBeforeBatch + completedInBatch;
+      const total = knownTotalMessages !== null ? Math.max(knownTotalMessages, synced) : null;
+      onProgress?.(synced, total);
+      onEvent?.({
+        mode: "full",
+        phase: "fetching_messages",
+        synced,
+        total,
+        detail: `Fetching mailbox metadata\u2026 ${synced}${total ? ` / ${total}` : ""}`
+      });
+    });
+    upsertEmails2(config.dbPath, messages);
+    processed += messages.length;
+    updated += messages.length;
+    added += messages.length;
+    saveSyncState(config.dbPath, {
+      account_email: accountEmail,
+      total_messages: processed,
+      full_sync_cursor: pageToken || null,
+      full_sync_processed: processed,
+      full_sync_total: knownTotalMessages ?? processed
+    });
+    onProgress?.(
+      processed,
+      knownTotalMessages !== null ? Math.max(knownTotalMessages, processed) : null
+    );
+    if (maxMessages && processed >= maxMessages) {
+      pageToken = void 0;
+    }
+  } while (pageToken);
+  onEvent?.({
+    mode: "full",
+    phase: "finalizing",
+    synced: processed,
+    total: knownTotalMessages !== null ? Math.max(knownTotalMessages, processed) : processed,
+    detail: "Finalizing full sync\u2026"
+  });
+  saveSyncState(config.dbPath, {
+    account_email: accountEmail,
+    history_id: latestHistoryId,
+    last_full_sync: Date.now(),
+    total_messages: processed,
+    full_sync_cursor: null,
+    full_sync_processed: 0,
+    full_sync_total: 0
+  });
+  return {
+    messagesProcessed: processed,
+    messagesAdded: added,
+    messagesUpdated: updated,
+    historyId: latestHistoryId,
+    mode: "full",
+    usedHistoryFallback: false
+  };
+}
+function isStaleHistoryError(error) {
+  const status = error.code || error.status;
+  return status === 404;
+}
+async function incrementalSync(onProgress, onEvent) {
+  const config = loadConfig();
+  const transport = await getGmailTransport(config);
+  const profile = await transport.getProfile();
+  const accountReconciliation = reconcileCacheForAuthenticatedAccount(
+    config.dbPath,
+    profile.emailAddress || null,
+    { clearLegacyUnscoped: true }
+  );
+  const state = getSyncState(config.dbPath);
+  if (accountReconciliation.cleared || !state.history_id) {
+    return fullSync(onProgress, onEvent);
+  }
+  try {
+    onEvent?.({
+      mode: "incremental",
+      phase: "checking_history",
+      synced: 0,
+      total: null,
+      detail: "Checking Gmail history for changes\u2026"
+    });
+    const response = await transport.listHistory({
+      startHistoryId: state.history_id,
+      maxResults: config.sync.pageSize,
+      historyTypes: [
+        "messageAdded",
+        "labelAdded",
+        "labelRemoved",
+        "messageDeleted"
+      ]
+    });
+    const history = response.history || [];
+    const touchedIds = /* @__PURE__ */ new Set();
+    const deletedIds = /* @__PURE__ */ new Set();
+    for (const entry of history) {
+      for (const item of entry.messagesAdded || []) {
+        if (item.message?.id) {
+          touchedIds.add(item.message.id);
+        }
+      }
+      for (const item of entry.labelsAdded || []) {
+        if (item.message?.id) {
+          touchedIds.add(item.message.id);
+        }
+      }
+      for (const item of entry.labelsRemoved || []) {
+        if (item.message?.id) {
+          touchedIds.add(item.message.id);
+        }
+      }
+      for (const item of entry.messagesDeleted || []) {
+        if (item.message?.id) {
+          deletedIds.add(item.message.id);
+        }
+      }
+    }
+    for (const id of deletedIds) {
+      touchedIds.delete(id);
+    }
+    const totalChanges = touchedIds.size + deletedIds.size;
+    onEvent?.({
+      mode: "incremental",
+      phase: "fetching_messages",
+      synced: 0,
+      total: totalChanges,
+      detail: totalChanges === 0 ? "No changes found." : `Refreshing ${touchedIds.size} changed emails and ${deletedIds.size} deletions\u2026`
+    });
+    const refreshed = await batchGetMessages([...touchedIds], (completed) => {
+      onProgress?.(completed, totalChanges);
+      onEvent?.({
+        mode: "incremental",
+        phase: "fetching_messages",
+        synced: completed,
+        total: totalChanges,
+        detail: `Refreshing changed emails\u2026 ${completed}${totalChanges ? ` / ${totalChanges}` : ""}`
+      });
+    });
+    onEvent?.({
+      mode: "incremental",
+      phase: "applying_changes",
+      synced: refreshed.length,
+      total: totalChanges,
+      detail: "Applying Gmail changes to the local cache\u2026"
+    });
+    upsertEmails2(config.dbPath, refreshed);
+    deleteEmails(config.dbPath, [...deletedIds]);
+    onProgress?.(totalChanges, totalChanges || null);
+    onEvent?.({
+      mode: "incremental",
+      phase: "finalizing",
+      synced: totalChanges,
+      total: totalChanges || null,
+      detail: "Finalizing incremental sync\u2026"
+    });
+    const latestHistoryId = response.historyId || state.history_id;
+    const totalMessagesRow = getSqlite(config.dbPath).prepare(`SELECT COUNT(*) as count FROM emails`).get();
+    saveSyncState(config.dbPath, {
+      account_email: profile.emailAddress || null,
+      history_id: latestHistoryId,
+      last_incremental_sync: Date.now(),
+      total_messages: totalMessagesRow.count,
+      full_sync_cursor: null,
+      full_sync_processed: 0,
+      full_sync_total: 0
+    });
+    return {
+      messagesProcessed: refreshed.length + deletedIds.size,
+      messagesAdded: refreshed.length,
+      messagesUpdated: refreshed.length,
+      historyId: latestHistoryId,
+      mode: "incremental",
+      usedHistoryFallback: false
+    };
+  } catch (error) {
+    if (!isStaleHistoryError(error)) {
+      throw error;
+    }
+    console.warn(
+      `Stored Gmail historyId ${state.history_id} is stale; falling back to full sync.`
+    );
+    onEvent?.({
+      mode: "incremental",
+      phase: "fallback",
+      synced: 0,
+      total: null,
+      detail: "History checkpoint expired. Falling back to a full sync\u2026"
+    });
+    const result = await fullSync(onProgress, onEvent);
+    return {
+      ...result,
+      usedHistoryFallback: true
+    };
+  }
+}
+async function getSyncStatus() {
+  const config = loadConfig();
+  const state = getSyncState(config.dbPath);
+  return {
+    accountEmail: state.account_email,
+    historyId: state.history_id,
+    lastFullSync: state.last_full_sync,
+    lastIncrementalSync: state.last_incremental_sync,
+    totalMessages: state.total_messages || 0,
+    fullSyncProcessed: state.full_sync_processed || 0,
+    fullSyncTotal: state.full_sync_total || null,
+    fullSyncResumable: Boolean(state.full_sync_cursor && state.full_sync_cursor.length > 0 || (state.full_sync_processed || 0) > 0)
+  };
+}
+
+// src/mcp/server.ts
+var DAY_MS2 = 24 * 60 * 60 * 1e3;
+var MCP_VERSION = "0.1.0";
+var MCP_TOOLS = [
+  "search_emails",
+  "get_email",
+  "get_thread",
+  "sync_inbox",
+  "archive_emails",
+  "label_emails",
+  "mark_read",
+  "forward_email",
+  "undo_run",
+  "get_labels",
+  "create_label",
+  "get_inbox_stats",
+  "get_top_senders",
+  "get_sender_stats",
+  "get_newsletter_senders",
+  "deploy_rule",
+  "list_rules",
+  "run_rule",
+  "enable_rule",
+  "disable_rule",
+  "list_filters",
+  "get_filter",
+  "create_filter",
+  "delete_filter"
+];
+var MCP_RESOURCES = [
+  "inbox://recent",
+  "inbox://summary",
+  "rules://deployed",
+  "rules://history",
+  "stats://senders",
+  "stats://overview"
+];
+var MCP_PROMPTS = [
+  "summarize-inbox",
+  "review-senders",
+  "find-newsletters",
+  "suggest-rules",
+  "triage-inbox"
+];
+function toTextResult(value) {
+  return {
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify(value, null, 2)
+      }
+    ],
+    structuredContent: {
+      result: value
+    }
+  };
+}
+function toErrorResult(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  return {
+    content: [
+      {
+        type: "text",
+        text: message
+      }
+    ],
+    structuredContent: {
+      error: {
+        message
+      }
+    },
+    isError: true
+  };
+}
+function toolHandler(handler) {
+  return async (args) => {
+    try {
+      return toTextResult(await handler(args));
+    } catch (error) {
+      return toErrorResult(error);
+    }
+  };
+}
+function resourceText(uri, value) {
+  return {
+    contents: [
+      {
+        uri,
+        mimeType: "application/json",
+        text: JSON.stringify(value, null, 2)
+      }
+    ]
+  };
+}
+function promptResult(description, text2) {
+  return {
+    description,
+    messages: [
+      {
+        role: "user",
+        content: {
+          type: "text",
+          text: text2
+        }
+      }
+    ]
+  };
+}
+function buildSearchQuery(query, label) {
+  const trimmedQuery = query.trim();
+  const trimmedLabel = label?.trim();
+  if (trimmedLabel) {
+    return trimmedQuery ? `${trimmedQuery} label:${trimmedLabel}` : `label:${trimmedLabel}`;
+  }
+  return trimmedQuery;
+}
+function uniqueStrings(values) {
+  return Array.from(new Set((values || []).map((value) => value.trim()).filter(Boolean)));
+}
+function resolveResourceUri(uri, fallback) {
+  return typeof uri === "string" ? uri : fallback;
+}
+async function buildStartupWarnings() {
+  const config = loadConfig();
+  initializeDb(config.dbPath);
+  const warnings = [];
+  const tokens = await loadTokens(config.tokensPath);
+  const readiness = getGmailReadiness(config, tokens);
+  const googleStatus = getGoogleCredentialStatus(config);
+  const syncStatus = await getSyncStatus();
+  const latestSync = Math.max(syncStatus.lastIncrementalSync ?? 0, syncStatus.lastFullSync ?? 0);
+  if (!readiness.ready) {
+    const missing = [
+      ...googleStatus.missing,
+      ...tokens ? [] : ["gmail_tokens"]
+    ];
+    warnings.push(
+      `Gmail auth is incomplete (${missing.join(", ")}). Live Gmail MCP tools will fail until \`inboxctl auth login\` is complete.`
+    );
+  }
+  if (!latestSync) {
+    warnings.push("Inbox cache has not been synced yet. Stats and resources will be empty until `sync_inbox` runs.");
+  } else if (Date.now() - latestSync > DAY_MS2) {
+    warnings.push("Inbox cache appears stale (last sync older than 24 hours). Call `sync_inbox` if freshness matters.");
+  }
+  return warnings;
+}
+async function buildStatsOverview() {
+  return {
+    overview: await getInboxOverview(),
+    topSenders: await getTopSenders({ limit: 10 }),
+    labelDistribution: (await getLabelDistribution()).slice(0, 10),
+    dailyVolume: await getVolumeByPeriod("day", {
+      start: Date.now() - 30 * DAY_MS2,
+      end: Date.now()
+    })
+  };
+}
+async function buildRuleHistory() {
+  const runs = await getExecutionHistory(void 0, 20);
+  return {
+    runs,
+    recentRuns: await getRecentRuns(20)
+  };
+}
+async function createMcpServer() {
+  const warnings = await buildStartupWarnings();
+  const server = new McpServer({
+    name: "inboxctl",
+    version: MCP_VERSION
+  });
+  server.registerTool(
+    "search_emails",
+    {
+      description: "Search Gmail using Gmail query syntax and return matching email metadata.",
+      inputSchema: {
+        query: z2.string().min(1),
+        max_results: z2.number().int().positive().max(100).optional(),
+        label: z2.string().min(1).optional()
+      },
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async ({ query, max_results, label }) => {
+      return listMessages(buildSearchQuery(query, label), max_results ?? 20);
+    })
+  );
+  server.registerTool(
+    "get_email",
+    {
+      description: "Fetch a single email with full content by Gmail message ID.",
+      inputSchema: {
+        email_id: z2.string().min(1)
+      },
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async ({ email_id }) => getMessage(email_id))
+  );
+  server.registerTool(
+    "get_thread",
+    {
+      description: "Fetch a full Gmail thread by thread ID.",
+      inputSchema: {
+        thread_id: z2.string().min(1)
+      },
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async ({ thread_id }) => getThread(thread_id))
+  );
+  server.registerTool(
+    "sync_inbox",
+    {
+      description: "Run inbox sync. Uses incremental sync by default and full sync when requested.",
+      inputSchema: {
+        full: z2.boolean().optional()
+      },
+      annotations: {
+        readOnlyHint: false,
+        idempotentHint: false
+      }
+    },
+    toolHandler(async ({ full }) => full ? fullSync() : incrementalSync())
+  );
+  server.registerTool(
+    "archive_emails",
+    {
+      description: "Archive one or more Gmail messages by removing the INBOX label.",
+      inputSchema: {
+        email_ids: z2.array(z2.string().min(1)).min(1)
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ email_ids }) => archiveEmails(uniqueStrings(email_ids)))
+  );
+  server.registerTool(
+    "label_emails",
+    {
+      description: "Add and/or remove Gmail labels on one or more messages.",
+      inputSchema: {
+        email_ids: z2.array(z2.string().min(1)).min(1),
+        add_labels: z2.array(z2.string().min(1)).optional(),
+        remove_labels: z2.array(z2.string().min(1)).optional()
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ email_ids, add_labels, remove_labels }) => {
+      const ids = uniqueStrings(email_ids);
+      const addLabels = uniqueStrings(add_labels);
+      const removeLabels = uniqueStrings(remove_labels);
+      if (addLabels.length === 0 && removeLabels.length === 0) {
+        throw new Error("Provide at least one label to add or remove.");
+      }
+      const operations = [];
+      for (const label of addLabels) {
+        operations.push(await labelEmails(ids, label));
+      }
+      for (const label of removeLabels) {
+        operations.push(await unlabelEmails(ids, label));
+      }
+      return {
+        emailIds: ids,
+        addLabels,
+        removeLabels,
+        operations
+      };
+    })
+  );
+  server.registerTool(
+    "mark_read",
+    {
+      description: "Mark one or more Gmail messages as read or unread.",
+      inputSchema: {
+        email_ids: z2.array(z2.string().min(1)).min(1),
+        read: z2.boolean()
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ email_ids, read }) => {
+      const ids = uniqueStrings(email_ids);
+      return read ? markRead(ids) : markUnread(ids);
+    })
+  );
+  server.registerTool(
+    "forward_email",
+    {
+      description: "Forward a Gmail message to another address.",
+      inputSchema: {
+        email_id: z2.string().min(1),
+        to: z2.string().email()
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ email_id, to }) => forwardEmail(email_id, to))
+  );
+  server.registerTool(
+    "undo_run",
+    {
+      description: "Undo a prior inboxctl action run when the underlying Gmail mutations are reversible.",
+      inputSchema: {
+        run_id: z2.string().min(1)
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ run_id }) => undoRun(run_id))
+  );
+  server.registerTool(
+    "get_labels",
+    {
+      description: "List Gmail labels with message and unread counts.",
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async () => listLabels())
+  );
+  server.registerTool(
+    "create_label",
+    {
+      description: "Create a Gmail label if it does not already exist.",
+      inputSchema: {
+        name: z2.string().min(1),
+        color: z2.string().min(1).optional()
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ name, color }) => {
+      const label = await createLabel(name);
+      return {
+        label,
+        requestedColor: color ?? null,
+        colorApplied: false,
+        note: color ? "Color hints are not applied yet; the label was created with Gmail defaults." : null
+      };
+    })
+  );
+  server.registerTool(
+    "get_inbox_stats",
+    {
+      description: "Return inbox overview counts from the local SQLite cache.",
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async () => getInboxOverview())
+  );
+  server.registerTool(
+    "get_top_senders",
+    {
+      description: "Return top senders ranked by cached email volume.",
+      inputSchema: {
+        limit: z2.number().int().positive().max(100).optional(),
+        min_unread_rate: z2.number().min(0).max(100).optional(),
+        period: z2.enum(["day", "week", "month", "year", "all"]).optional()
+      },
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async ({ limit, min_unread_rate, period }) => getTopSenders({
+      limit,
+      minUnreadRate: min_unread_rate,
+      period
+    }))
+  );
+  server.registerTool(
+    "get_sender_stats",
+    {
+      description: "Return detailed stats for a sender email address or an @domain aggregate.",
+      inputSchema: {
+        email_or_domain: z2.string().min(1)
+      },
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async ({ email_or_domain }) => {
+      const result = await getSenderStats(email_or_domain);
+      return {
+        query: email_or_domain,
+        found: result !== null,
+        result
+      };
+    })
+  );
+  server.registerTool(
+    "get_newsletter_senders",
+    {
+      description: "Return senders that look like newsletters or mailing lists based on cached heuristics.",
+      inputSchema: {
+        min_messages: z2.number().int().positive().optional(),
+        min_unread_rate: z2.number().min(0).max(100).optional()
+      },
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async ({ min_messages, min_unread_rate }) => getNewsletters({
+      minMessages: min_messages,
+      minUnreadRate: min_unread_rate
+    }))
+  );
+  server.registerTool(
+    "deploy_rule",
+    {
+      description: "Validate and deploy a rule directly from YAML content.",
+      inputSchema: {
+        yaml_content: z2.string().min(1)
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ yaml_content }) => {
+      const rule = parseRuleYaml(yaml_content, "<mcp:deploy_rule>");
+      return deployRule(rule, hashRule(yaml_content));
+    })
+  );
+  server.registerTool(
+    "list_rules",
+    {
+      description: "List deployed inboxctl rules and their execution status.",
+      inputSchema: {
+        enabled_only: z2.boolean().optional()
+      },
+      annotations: {
+        readOnlyHint: true
+      }
+    },
+    toolHandler(async ({ enabled_only }) => {
+      const rules2 = await getAllRulesStatus();
+      return enabled_only ? rules2.filter((rule) => rule.enabled) : rules2;
+    })
+  );
+  server.registerTool(
+    "run_rule",
+    {
+      description: "Run a deployed rule in dry-run mode by default, or apply it when dry_run is false.",
+      inputSchema: {
+        rule_name: z2.string().min(1),
+        dry_run: z2.boolean().optional(),
+        max_emails: z2.number().int().positive().max(1e3).optional()
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ rule_name, dry_run, max_emails }) => runRule(rule_name, {
+      dryRun: dry_run,
+      maxEmails: max_emails
+    }))
+  );
+  server.registerTool(
+    "enable_rule",
+    {
+      description: "Enable a deployed rule by name.",
+      inputSchema: {
+        rule_name: z2.string().min(1)
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ rule_name }) => enableRule(rule_name))
+  );
+  server.registerTool(
+    "disable_rule",
+    {
+      description: "Disable a deployed rule by name.",
+      inputSchema: {
+        rule_name: z2.string().min(1)
+      },
+      annotations: {
+        readOnlyHint: false,
+        destructiveHint: false
+      }
+    },
+    toolHandler(async ({ rule_name }) => disableRule(rule_name))
+  );
+  server.registerResource(
+    "recent-inbox",
+    "inbox://recent",
+    {
+      description: "Recent cached inbox email metadata.",
+      mimeType: "application/json"
+    },
+    async (uri) => resourceText(resolveResourceUri(uri, "inbox://recent"), await getRecentEmails(50))
+  );
+  server.registerResource(
+    "inbox-summary",
+    "inbox://summary",
+    {
+      description: "Inbox overview counts from the local cache.",
+      mimeType: "application/json"
+    },
+    async (uri) => resourceText(resolveResourceUri(uri, "inbox://summary"), await getInboxOverview())
+  );
+  server.registerResource(
+    "deployed-rules",
+    "rules://deployed",
+    {
+      description: "All deployed rules with status and run counts.",
+      mimeType: "application/json"
+    },
+    async (uri) => resourceText(resolveResourceUri(uri, "rules://deployed"), await getAllRulesStatus())
+  );
+  server.registerResource(
+    "rules-history",
+    "rules://history",
+    {
+      description: "Recent execution run history across manual actions and rules.",
+      mimeType: "application/json"
+    },
+    async (uri) => resourceText(resolveResourceUri(uri, "rules://history"), await buildRuleHistory())
+  );
+  server.registerResource(
+    "stats-senders",
+    "stats://senders",
+    {
+      description: "Top cached senders ranked by message volume.",
+      mimeType: "application/json"
+    },
+    async (uri) => resourceText(resolveResourceUri(uri, "stats://senders"), await getTopSenders({ limit: 20 }))
+  );
+  server.registerResource(
+    "stats-overview",
+    "stats://overview",
+    {
+      description: "Combined inbox overview, sender, label, and volume stats from the local cache.",
+      mimeType: "application/json"
+    },
+    async (uri) => resourceText(resolveResourceUri(uri, "stats://overview"), await buildStatsOverview())
+  );
+  server.registerPrompt(
+    "summarize-inbox",
+    {
+      description: "Review inbox summary and recent mail, then suggest a short action plan."
+    },
+    async () => promptResult(
+      "Summarize the inbox using inboxctl resources and tools.",
+      [
+        "Use `inbox://summary` and `inbox://recent` first.",
+        "Summarize the current inbox state, call out anything urgent, and note sender or unread patterns.",
+        "If the cache looks stale, suggest calling `sync_inbox` before drawing conclusions.",
+        "Finish with 2-3 concrete actions the user could take now."
+      ].join("\n")
+    )
+  );
+  server.registerPrompt(
+    "review-senders",
+    {
+      description: "Review top senders and identify likely noise or cleanup opportunities."
+    },
+    async () => promptResult(
+      "Review top senders and recommend cleanup actions.",
+      [
+        "Use `get_top_senders` and `stats://senders`.",
+        "Focus on senders with high unread rates or high volume.",
+        "For each notable sender, classify them as important, FYI, newsletter, or noise.",
+        "Recommend one of: keep, unsubscribe, archive manually, or create a rule."
+      ].join("\n")
+    )
+  );
+  server.registerPrompt(
+    "find-newsletters",
+    {
+      description: "Find likely newsletters and low-value bulk senders."
+    },
+    async () => promptResult(
+      "Find newsletter-like senders and suggest which ones to keep versus clean up.",
+      [
+        "Use `get_newsletter_senders` and `get_top_senders` with a high unread threshold.",
+        "Highlight senders with unsubscribe links, high unread rates, or obvious newsletter patterns.",
+        "Separate likely keepers from likely unsubscribe/archive candidates.",
+        "Suggest follow-up actions such as `archive_emails`, `label_emails`, or a new rule."
+      ].join("\n")
+    )
+  );
+  server.registerPrompt(
+    "suggest-rules",
+    {
+      description: "Suggest inboxctl YAML automation rules from observed inbox patterns."
+    },
+    async () => promptResult(
+      "Analyze inbox patterns and propose valid inboxctl rule YAML.",
+      [
+        "Inspect `rules://deployed`, `stats://senders`, and `get_newsletter_senders` first.",
+        "Look for ignored senders, repetitive notifications, and obvious auto-label opportunities.",
+        "For each recommendation, explain why it is safe and include complete YAML the user could deploy with `deploy_rule`.",
+        "Avoid risky suggestions when the evidence is weak."
+      ].join("\n")
+    )
+  );
+  server.registerPrompt(
+    "triage-inbox",
+    {
+      description: "Help categorize unread mail into action required, FYI, and noise."
+    },
+    async () => promptResult(
+      "Triage unread mail using inboxctl data sources.",
+      [
+        "Use `inbox://recent`, `inbox://summary`, and `search_emails` for `is:unread` if needed.",
+        "Group unread mail into ACTION REQUIRED, FYI, and NOISE.",
+        "For NOISE, suggest batch actions or rules that would reduce future inbox load.",
+        "Call out any assumptions when message bodies are unavailable."
+      ].join("\n")
+    )
+  );
+  server.registerTool(
+    "list_filters",
+    {
+      description: "List all Gmail server-side filters. These run automatically on incoming mail at delivery time \u2014 no client needed. For complex matching (regex, AND/OR, snippet), historical mail, or auditable/undoable operations, use YAML rules (list_rules) instead."
+    },
+    toolHandler(async () => listFilters())
+  );
+  server.registerTool(
+    "get_filter",
+    {
+      description: "Get the details of a specific Gmail server-side filter by ID.",
+      inputSchema: {
+        filter_id: z2.string().min(1).describe("Gmail filter ID")
+      }
+    },
+    toolHandler(async ({ filter_id }) => getFilter(filter_id))
+  );
+  server.registerTool(
+    "create_filter",
+    {
+      description: "Create a Gmail server-side filter that applies automatically to all future incoming mail. Useful for simple, always-on rules (e.g. 'label all mail from newsletter@x.com and archive it'). At least one criteria field and one action field are required. Gmail does not support updating filters \u2014 to change one, delete it and create a new one. For regex matching, OR conditions, snippet matching, or processing existing mail, use YAML rules instead.",
+      inputSchema: {
+        from: z2.string().optional().describe("Match emails from this address"),
+        to: z2.string().optional().describe("Match emails sent to this address"),
+        subject: z2.string().optional().describe("Match emails with this text in the subject"),
+        query: z2.string().optional().describe("Match using Gmail search syntax (e.g. 'has:attachment')"),
+        negated_query: z2.string().optional().describe("Exclude emails matching this Gmail query"),
+        has_attachment: z2.boolean().optional().describe("Match emails with attachments"),
+        exclude_chats: z2.boolean().optional().describe("Exclude chat messages from matches"),
+        size: z2.number().int().positive().optional().describe("Size threshold in bytes"),
+        size_comparison: z2.enum(["larger", "smaller"]).optional().describe("Use with size: match emails larger or smaller than the threshold"),
+        label: z2.string().optional().describe("Apply this label to matching emails (auto-created if it does not exist)"),
+        archive: z2.boolean().optional().describe("Archive matching emails (remove from inbox)"),
+        mark_read: z2.boolean().optional().describe("Mark matching emails as read"),
+        star: z2.boolean().optional().describe("Star matching emails"),
+        forward: z2.string().email().optional().describe("Forward matching emails to this address (address must be verified in Gmail settings)")
+      }
+    },
+    toolHandler(
+      async (args) => createFilter({
+        from: args.from,
+        to: args.to,
+        subject: args.subject,
+        query: args.query,
+        negatedQuery: args.negated_query,
+        hasAttachment: args.has_attachment,
+        excludeChats: args.exclude_chats,
+        size: args.size,
+        sizeComparison: args.size_comparison,
+        labelName: args.label,
+        archive: args.archive,
+        markRead: args.mark_read,
+        star: args.star,
+        forward: args.forward
+      })
+    )
+  );
+  server.registerTool(
+    "delete_filter",
+    {
+      description: "Delete a Gmail server-side filter by ID. The filter stops processing future mail immediately. Already-processed mail is not affected. Use list_filters to find filter IDs.",
+      inputSchema: {
+        filter_id: z2.string().min(1).describe("Gmail filter ID to delete")
+      }
+    },
+    toolHandler(async ({ filter_id }) => {
+      await deleteFilter(filter_id);
+      return { deleted: true, filter_id };
+    })
+  );
+  return {
+    contract: {
+      transport: "stdio",
+      tools: MCP_TOOLS,
+      resources: MCP_RESOURCES,
+      prompts: MCP_PROMPTS,
+      ready: true,
+      warnings
+    },
+    server
+  };
+}
+async function startMcpServer() {
+  const { contract, server } = await createMcpServer();
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  for (const warning of contract.warnings) {
+    console.error(`[inboxctl:mcp] ${warning}`);
+  }
+  return contract;
+}
+
+export {
+  DEFAULT_GOOGLE_REDIRECT_URI,
+  ensureDir,
+  getDefaultDataDir,
+  getConfigFilePath,
+  getGoogleCredentialStatus,
+  loadConfig,
+  getSqlite,
+  initializeDb,
+  closeDb,
+  createExecutionRun,
+  addExecutionItems,
+  getRecentRuns,
+  getRunsByEmail,
+  saveTokens,
+  loadTokens,
+  isTokenExpired,
+  GMAIL_SCOPES,
+  getOAuthReadiness,
+  createOAuthClient,
+  startOAuthFlow,
+  getGmailReadiness,
+  getGmailTransport,
+  setGmailTransportOverride,
+  clearGmailTransportOverride,
+  listMessages,
+  getMessage,
+  syncLabels,
+  listLabels,
+  createLabel,
+  archiveEmails,
+  labelEmails,
+  markRead,
+  markUnread,
+  forwardEmail,
+  undoRun,
+  getLabelDistribution,
+  getNewsletters,
+  getTopSenders,
+  getSenderStats,
+  getVolumeByPeriod,
+  getInboxOverview,
+  loadRuleFile,
+  deployLoadedRule,
+  deployAllRules,
+  getRuleStatus,
+  getAllRulesStatus,
+  detectDrift,
+  enableRule,
+  disableRule,
+  runRule,
+  runAllRules,
+  listFilters,
+  getFilter,
+  createFilter,
+  deleteFilter,
+  getExecutionHistory,
+  getRecentEmails,
+  reconcileCacheForAuthenticatedAccount,
+  fullSync,
+  incrementalSync,
+  getSyncStatus,
+  MCP_TOOLS,
+  MCP_RESOURCES,
+  MCP_PROMPTS,
+  createMcpServer,
+  startMcpServer
+};
+//# sourceMappingURL=chunk-EY6VV43S.js.map