jerob 1.0.0

package/email_ops/email_functions.ts

@@ -0,0 +1,443 @@
+import { isAuth, isAccessTokenFresh, removeConfig } from "./email_pass_store";
+import { oauth2Client } from "./email_server";
+import { authenticate } from "./email_init";
+import { google } from "googleapis";
+import chalk from "chalk";
+import { generateText } from "ai";
+import { getAgentModel } from "../config/ai.config";
+import { withLLMRetry } from "../utils/llm-error";
+import type {
+  SendMailInput,
+  ReadMailInput,
+  SearchMailInput,
+  ReplyMailInput,
+  DraftMailInput,
+  DeleteMailInput,
+  ArchiveMailInput,
+  LabelMailInput,
+  WatchInput,
+  ClassifyInput,
+  ExtractTasksInput,
+  BulkActionInput,
+  DigestInput,
+  ScheduleSendInput,
+  ThreadInput,
+  EmailMessage,
+} from "./types";
+
+// ─── Gmail client ────────────────────────────────────────────────────────────
+
+/** Returns a token string, triggering OAuth if not stored. */
+const getRefreshToken = async (): Promise<string> => {
+  let ref = isAuth();
+  if (ref === null) {
+    console.log(chalk.green.bold("Gmail not authenticated — starting OAuth flow..."));
+    try {
+      const result = (await authenticate()) as any;
+      ref = result?.refresh_token ?? result?.tokens?.refresh_token ?? null;
+    } catch (err) {
+      throw new Error(
+        `Gmail OAuth failed: ${err instanceof Error ? err.message : String(err)}. ` +
+          `Make sure GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET are set in .env.`
+      );
+    }
+    if (!ref)
+      throw new Error(
+        "Gmail OAuth completed but no refresh token was returned. Try revoking access at myaccount.google.com/permissions and re-authenticating."
+      );
+  }
+  return ref;
+};
+
+const getGmailClient = async () => {
+  const ref = await getRefreshToken();
+  oauth2Client.setCredentials({ refresh_token: ref });
+
+  // Skip the network probe if the stored access token is still fresh
+  if (!isAccessTokenFresh()) {
+    try {
+      await oauth2Client.getAccessToken();
+    } catch (err: any) {
+      const msg: string = err?.message ?? String(err);
+      const isRevoked =
+        msg.includes("invalid_grant") ||
+        msg.includes("Token has been expired") ||
+        msg.includes("revoked");
+
+      if (isRevoked) {
+        console.log(chalk.yellow("⚠ Refresh token rejected by Google — clearing stored credentials and re-authenticating..."));
+        removeConfig();
+        try {
+          const result = (await authenticate()) as any;
+          const newRef = result?.refresh_token ?? null;
+          if (!newRef) throw new Error("No refresh token returned after re-authentication.");
+          oauth2Client.setCredentials({ refresh_token: newRef });
+        } catch (authErr) {
+          throw new Error(
+            `Re-authentication failed: ${authErr instanceof Error ? authErr.message : String(authErr)}`
+          );
+        }
+      } else {
+        // Network error or transient failure — don't wipe credentials
+        throw new Error(`Gmail token refresh failed: ${msg}`);
+      }
+    }
+  }
+
+  return google.gmail({ version: "v1", auth: oauth2Client });
+};
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+/** Base64url-encode a raw RFC 2822 message string */
+function encodeMessage(raw: string): string {
+  return Buffer.from(raw)
+    .toString("base64")
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "");
+}
+
+/** Build a raw RFC 2822 message */
+function buildRawMessage(
+  to: string | string[],
+  subject: string,
+  body: string,
+  extra: { cc?: string[]; bcc?: string[]; replyTo?: string; inReplyTo?: string; references?: string } = {}
+): string {
+  const lines: string[] = [];
+  lines.push(`To: ${Array.isArray(to) ? to.join(", ") : to}`);
+  if (extra.cc?.length) lines.push(`Cc: ${extra.cc.join(", ")}`);
+  if (extra.bcc?.length) lines.push(`Bcc: ${extra.bcc.join(", ")}`);
+  if (extra.inReplyTo) lines.push(`In-Reply-To: ${extra.inReplyTo}`);
+  if (extra.references) lines.push(`References: ${extra.references}`);
+  lines.push(`Subject: ${subject}`);
+  lines.push("Content-Type: text/plain; charset=utf-8");
+  lines.push("");
+  lines.push(body);
+  return lines.join("\n");
+}
+
+/** Decode a Gmail message payload into plain text */
+function decodeMessageBody(payload: any): string {
+  if (!payload) return "";
+  const tryDecode = (data: string) =>
+    Buffer.from(data.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString("utf8");
+
+  if (payload.mimeType === "text/plain" && payload.body?.data) {
+    return tryDecode(payload.body.data);
+  }
+  if (payload.parts) {
+    for (const part of payload.parts) {
+      if (part.mimeType === "text/plain" && part.body?.data) {
+        return tryDecode(part.body.data);
+      }
+    }
+    // fallback: first part with data
+    for (const part of payload.parts) {
+      if (part.body?.data) return tryDecode(part.body.data);
+    }
+  }
+  return "";
+}
+
+/** Extract a header value from a message */
+function getHeader(headers: any[], name: string): string {
+  return headers?.find((h: any) => h.name.toLowerCase() === name.toLowerCase())?.value ?? "";
+}
+
+/** Map a Gmail message resource to our EmailMessage type */
+function mapMessage(msg: any): EmailMessage {
+  const headers = msg.payload?.headers ?? [];
+  return {
+    id: msg.id,
+    threadId: msg.threadId,
+    from: getHeader(headers, "from"),
+    to: getHeader(headers, "to"),
+    subject: getHeader(headers, "subject"),
+    body: decodeMessageBody(msg.payload),
+    date: getHeader(headers, "date"),
+    labelIds: msg.labelIds ?? [],
+  };
+}
+
+// ─── Functions ───────────────────────────────────────────────────────────────
+
+/** Send an email */
+export async function sendMail(input: SendMailInput) {
+  const gmail = await getGmailClient();
+  const raw = buildRawMessage(input.to, input.subject, input.body, {
+    cc: input.cc,
+    bcc: input.bcc,
+  });
+  try {
+    const res = await gmail.users.messages.send({
+      userId: "me",
+      requestBody: { raw: encodeMessage(raw) },
+    });
+    return res.data;
+  } catch (e: any) {
+    const status = e?.response?.status ?? e?.code;
+    const detail = e?.response?.data?.error?.message ?? e?.message ?? String(e);
+    if (status === 401 || status === 403) {
+      throw new Error(`Gmail auth error (${status}): ${detail}. Re-authenticate by running an email operation again.`);
+    }
+    if (status === 429) {
+      throw new Error(`Gmail rate limit hit. Wait a moment and try again.`);
+    }
+    throw new Error(`sendMail failed: ${detail}`);
+  }
+}
+
+/** Read a single message by ID */
+export async function readMail(input: ReadMailInput): Promise<EmailMessage> {
+  const gmail = await getGmailClient();
+  const res = await gmail.users.messages.get({
+    userId: "me",
+    id: input.messageId,
+    format: "full",
+  });
+  return mapMessage(res.data);
+}
+
+/** Search messages using Gmail query syntax */
+export async function searchMail(input: SearchMailInput): Promise<EmailMessage[]> {
+  const gmail = await getGmailClient();
+  const listRes = await gmail.users.messages.list({
+    userId: "me",
+    q: input.query,
+    maxResults: input.maxResults ?? 10,
+  });
+
+  const ids = listRes.data.messages ?? [];
+  const messages = await Promise.all(
+    ids.map((m) =>
+      gmail.users.messages.get({ userId: "me", id: m.id!, format: "full" }).then((r) => mapMessage(r.data))
+    )
+  );
+  return messages;
+}
+
+/** Summarize a message using LLM */
+export async function summarizeMail(input: ReadMailInput): Promise<string> {
+  const msg = await readMail(input);
+  const { text } = await withLLMRetry(
+    () => generateText({
+      model: getAgentModel(),
+      prompt: `Summarize this email concisely in 2-3 sentences:\n\nFrom: ${msg.from}\nSubject: ${msg.subject}\n\n${msg.body}`,
+    }),
+    { maxRetries: 2, context: "summarizeMail" }
+  );
+  return text;
+}
+
+/** Reply to a message */
+export async function replyMail(input: ReplyMailInput) {
+  const gmail = await getGmailClient();
+  const original = await readMail({ messageId: input.messageId });
+
+  // Get the original message resource for Message-ID header
+  const msgRes = await gmail.users.messages.get({ userId: "me", id: input.messageId, format: "metadata" });
+  const messageIdHeader = getHeader(msgRes.data.payload?.headers ?? [], "message-id");
+
+  const raw = buildRawMessage(
+    original.from,
+    original.subject.startsWith("Re:") ? original.subject : `Re: ${original.subject}`,
+    input.body,
+    { inReplyTo: messageIdHeader, references: messageIdHeader }
+  );
+
+  const res = await gmail.users.messages.send({
+    userId: "me",
+    requestBody: {
+      raw: encodeMessage(raw),
+      threadId: original.threadId,
+    },
+  });
+  return res.data;
+}
+
+/** Save a draft */
+export async function draftMail(input: DraftMailInput) {
+  const gmail = await getGmailClient();
+  const raw = buildRawMessage(input.to, input.subject, input.body, {
+    cc: input.cc,
+    bcc: input.bcc,
+  });
+  const res = await gmail.users.drafts.create({
+    userId: "me",
+    requestBody: { message: { raw: encodeMessage(raw) } },
+  });
+  return res.data;
+}
+
+/** Permanently delete a message */
+export async function deleteMail(input: DeleteMailInput) {
+  const gmail = await getGmailClient();
+  await gmail.users.messages.delete({ userId: "me", id: input.messageId });
+  return { deleted: input.messageId };
+}
+
+/** Archive a message (remove INBOX label) */
+export async function archiveMail(input: ArchiveMailInput) {
+  const gmail = await getGmailClient();
+  const res = await gmail.users.messages.modify({
+    userId: "me",
+    id: input.messageId,
+    requestBody: { removeLabelIds: ["INBOX"] },
+  });
+  return res.data;
+}
+
+/** Add/remove labels on a message */
+export async function labelMail(input: LabelMailInput) {
+  const gmail = await getGmailClient();
+  const res = await gmail.users.messages.modify({
+    userId: "me",
+    id: input.messageId,
+    requestBody: {
+      addLabelIds: input.labelIds,
+      removeLabelIds: input.removeLabelIds ?? [],
+    },
+  });
+  return res.data;
+}
+
+/** Set up Gmail push notifications via Pub/Sub */
+export async function watchMail(input: WatchInput) {
+  const gmail = await getGmailClient();
+  const res = await gmail.users.watch({
+    userId: "me",
+    requestBody: {
+      topicName: input.topicName,
+      labelIds: input.labelIds ?? ["INBOX"],
+    },
+  });
+  return res.data;
+}
+
+/** Classify a message into a category using LLM */
+export async function classifyMail(input: ClassifyInput): Promise<string> {
+  const msg = await readMail({ messageId: input.messageId });
+  const { text } = await withLLMRetry(
+    () => generateText({
+      model: getAgentModel(),
+      prompt: `Classify this email into exactly one category from: [work, personal, newsletter, spam, finance, travel, support, social, other].
+Reply with only the category name.
+
+From: ${msg.from}
+Subject: ${msg.subject}
+Body: ${msg.body.slice(0, 500)}`,
+    }),
+    { maxRetries: 2, context: "classifyMail" }
+  );
+  return text.trim().toLowerCase();
+}
+
+/** Extract action items / tasks from a message using LLM */
+export async function extractTasks(input: ExtractTasksInput): Promise<string[]> {
+  const msg = await readMail({ messageId: input.messageId });
+  const { text } = await withLLMRetry(
+    () => generateText({
+      model: getAgentModel(),
+      prompt: `Extract all action items or tasks from this email. Return one task per line, no numbering or bullets.
+If there are no tasks, return "NONE".
+
+From: ${msg.from}
+Subject: ${msg.subject}
+Body: ${msg.body}`,
+    }),
+    { maxRetries: 2, context: "extractTasks" }
+  );
+  const lines = text
+    .split("\n")
+    .map((l) => l.trim())
+    .filter((l) => l && l !== "NONE");
+  return lines;
+}
+
+/** Perform an action on multiple messages */
+export async function bulkAction(input: BulkActionInput) {
+  const results = await Promise.allSettled(
+    input.messageIds.map((id) => {
+      switch (input.action) {
+        case "delete":
+          return deleteMail({ messageId: id });
+        case "archive":
+          return archiveMail({ messageId: id });
+        case "markRead":
+          return labelMail({ messageId: id, labelIds: [], removeLabelIds: ["UNREAD"] });
+        case "markUnread":
+          return labelMail({ messageId: id, labelIds: ["UNREAD"] });
+        case "label":
+          return labelMail({ messageId: id, labelIds: input.labelIds ?? [] });
+      }
+    })
+  );
+  return results.map((r, i) => ({
+    messageId: input.messageIds[i],
+    status: r.status,
+    ...(r.status === "rejected" ? { error: String((r as any).reason) } : {}),
+  }));
+}
+
+/** Generate a digest summary of recent/queried emails using LLM */
+export async function digest(input: DigestInput): Promise<string> {
+  const messages = await searchMail({
+    query: input.query ?? "is:unread in:inbox",
+    maxResults: input.maxResults ?? 10,
+  });
+
+  if (messages.length === 0) return "No messages found.";
+
+  const summary = messages
+    .map((m, i) => `${i + 1}. From: ${m.from} | Subject: ${m.subject} | ${m.body.slice(0, 100)}`)
+    .join("\n");
+
+  const { text } = await withLLMRetry(
+    () => generateText({
+      model: getAgentModel(),
+      prompt: `Create a brief digest of these emails. Group by topic where relevant, highlight anything urgent.\n\n${summary}`,
+    }),
+    { maxRetries: 2, context: "digest" }
+  );
+  return text;
+}
+
+/** Schedule a send (stores draft + returns a reminder — true scheduling needs a job queue) */
+export async function scheduleSend(input: ScheduleSendInput): Promise<{ draftId: string; scheduledFor: string }> {
+  // Gmail API doesn't natively support scheduled send via REST yet.
+  // We save a draft and return the scheduled time so the caller can handle the trigger.
+  const draft = await draftMail({
+    to: input.to,
+    cc: input.cc,
+    bcc: input.bcc,
+    subject: input.subject,
+    body: input.body,
+  });
+  console.log(
+    chalk.yellow(`[scheduleSend] Draft saved. Trigger sendDraft("${draft.id}") at ${input.sendAt.toISOString()}`)
+  );
+  return { draftId: draft.id!, scheduledFor: input.sendAt.toISOString() };
+}
+
+/** Send a saved draft by draft ID */
+export async function sendDraft(draftId: string) {
+  const gmail = await getGmailClient();
+  const res = await gmail.users.drafts.send({
+    userId: "me",
+    requestBody: { id: draftId },
+  });
+  return res.data;
+}
+
+/** Get all messages in a thread */
+export async function getThread(input: ThreadInput): Promise<EmailMessage[]> {
+  const gmail = await getGmailClient();
+  const res = await gmail.users.threads.get({
+    userId: "me",
+    id: input.threadId,
+    format: "full",
+  });
+  return (res.data.messages ?? []).map(mapMessage);
+}

package/email_ops/email_init.ts

@@ -0,0 +1,92 @@
+import app, { oauth2Client } from "./email_server";
+import chalk from "chalk";
+import open from "open";
+import { saveConfig, loadConfig, type GoogleConfig } from "./email_pass_store";
+import { syncGoogleRefreshToken } from "../scheduler/config-sync";
+
+
+export const authenticate = async () => {
+  return await new Promise((resolve, reject) => {
+    let server: ReturnType<typeof app.listen>;
+
+    try {
+      server = app.listen(8787, async () => {
+        console.log(chalk.green.bold("✅ OAuth Started — opening browser..."));
+        try {
+          await open("http://localhost:8787/auth/google");
+        } catch {
+          console.log(chalk.yellow("Could not open browser automatically. Visit: http://localhost:8787/auth/google"));
+        }
+      });
+
+      server.on("error", (err: NodeJS.ErrnoException) => {
+        if (err.code === "EADDRINUSE") {
+          reject(new Error(`Port 8787 is already in use. Stop any other process using it and try again.`));
+        } else {
+          reject(new Error(`OAuth server failed to start: ${err.message}`));
+        }
+      });
+    } catch (err) {
+      reject(err);
+      return;
+    }
+
+    app.get("/auth/google/callback", async (req, res) => {
+      try {
+        const code = req.query.code as string;
+        if (!code) {
+          res.status(400).send("Missing authorization code");
+          reject(new Error("OAuth callback received no authorization code"));
+          server.close();
+          return;
+        }
+
+        const { tokens } = await oauth2Client.getToken(code);
+
+        // In production Google only sends refresh_token on first-ever authorization.
+        // Fall back to the previously stored token if one exists.
+        const storedConfig = loadConfig();
+        const refreshToken = tokens.refresh_token ?? storedConfig?.refresh_token;
+
+        if (!refreshToken) {
+          res.status(400).send("No refresh token available. Please revoke app access in your Google account and re-authorize.");
+          reject(new Error("No refresh token returned and none stored. User must revoke and re-authorize."));
+          server.close();
+          return;
+        }
+
+        if (!tokens.refresh_token) {
+          console.log(chalk.yellow("⚠ No refresh token returned by Google — reusing stored token."));
+        }
+
+        const googleConfig: GoogleConfig = {
+          access_token: tokens.access_token ?? undefined,
+          refresh_token: refreshToken,
+          scope: tokens.scope!,
+          token_type: tokens.token_type!,
+          expiry_date: tokens.expiry_date ?? undefined,
+          createdAt: storedConfig?.createdAt ?? Date.now(),
+        };
+
+        saveConfig(googleConfig);
+
+        // Auto-sync to Supabase — non-fatal if it fails
+        syncGoogleRefreshToken(refreshToken).catch(() => {});
+
+        res.send(`<!DOCTYPE html><html><head><meta charset="UTF-8"><title>Auth</title>
+<style>body{font-family:Arial,sans-serif;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;margin:0;background:#f4f4f9}</style>
+</head><body><h1>✅ Authentication Successful</h1><p>Google Connected. You can close this window.</p>
+<script>window.open('','_self','');window.close();</script></body></html>`);
+
+        resolve(tokens);
+        server.close();
+      } catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        console.error(chalk.red(`OAuth callback error: ${msg}`));
+        res.status(500).send(`Authentication failed: ${msg}`);
+        reject(error);
+        server.close();
+      }
+    });
+  });
+};

package/email_ops/email_pass_store.ts

@@ -0,0 +1,61 @@
+import { homedir } from "node:os";
+import path from "node:path";
+import fs from "node:fs";
+
+const GOOGLE_CONFIG_DIR = path.join(homedir(), ".cccontrol", "/googleAuth");
+const GOOGLE_CONFIG_FILE = path.join(GOOGLE_CONFIG_DIR, "google_config.json");
+
+export type GoogleConfig = {
+  access_token?: string;
+  refresh_token: string;
+  scope: string;
+  token_type: string;
+  /** Access token expiry as ms epoch timestamp (from Google's expiry_date field) */
+  expiry_date?: number;
+  createdAt: number;
+};
+
+export function ensureConfigDir(): void {
+  if (!fs.existsSync(GOOGLE_CONFIG_DIR)) {
+    fs.mkdirSync(GOOGLE_CONFIG_DIR, { recursive: true });
+  }
+}
+
+export function saveConfig(config: GoogleConfig): void {
+  ensureConfigDir();
+  fs.writeFileSync(GOOGLE_CONFIG_FILE, JSON.stringify(config, null, 2), "utf8");
+  fs.chmodSync(GOOGLE_CONFIG_FILE, 0o600);
+}
+
+export function loadConfig(): GoogleConfig | null {
+  ensureConfigDir();
+  if (!fs.existsSync(GOOGLE_CONFIG_FILE)) return null;
+  try {
+    const raw = fs.readFileSync(GOOGLE_CONFIG_FILE, "utf8");
+    return JSON.parse(raw) as GoogleConfig;
+  } catch {
+    return null;
+  }
+}
+
+/** Returns the refresh token if auth looks valid, null if re-auth is needed. */
+export const isAuth = (): string | null => {
+  const config = loadConfig();
+  if (!config?.refresh_token) return null;
+  // Standard prod: Google doesn't expose refresh token expiry — rely on invalid_grant at use time
+  return config.refresh_token;
+};
+
+/** Returns true if the stored access token is still valid (saves a network call). */
+export const isAccessTokenFresh = (): boolean => {
+  const config = loadConfig();
+  if (!config?.access_token || !config.expiry_date) return false;
+  // Give a 60s buffer before actual expiry
+  return config.expiry_date > Date.now() + 60_000;
+};
+
+export function removeConfig(): void {
+  if (fs.existsSync(GOOGLE_CONFIG_FILE)) {
+    fs.unlinkSync(GOOGLE_CONFIG_FILE);
+  }
+}

package/email_ops/email_server.ts

@@ -0,0 +1,29 @@
+import express from "express";
+import { google } from "googleapis";
+
+const CLIENT_ID = process.env.GOOGLE_CLIENT_ID!;
+const CLIENT_SECRET = process.env.GOOGLE_CLIENT_SECRET!;
+
+const REDIRECT_URI = "http://localhost:8787/auth/google/callback";
+
+export const oauth2Client = new google.auth.OAuth2(
+  CLIENT_ID,
+  CLIENT_SECRET,
+  REDIRECT_URI
+);
+
+const app = express();
+
+app.get("/auth/google", async (req, res) => {
+  const authUrl = oauth2Client.generateAuthUrl({
+    access_type: "offline",
+    prompt: "consent",
+    scope: [
+      "https://www.googleapis.com/auth/gmail.readonly",
+      "https://www.googleapis.com/auth/gmail.send",
+    ],
+  });
+  res.redirect(authUrl);
+});
+
+export default app;