npm - nothumanallowed - Versions diffs - 15.1.44 → 15.1.45 - Mend

nothumanallowed 15.1.44 → 15.1.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/constants.mjs +1 -1
package/src/services/email-imap.mjs +54 -17

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "15.1.44",
+  "version": "15.1.45",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/constants.mjs CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-export const VERSION = '15.1.44';
+export const VERSION = '15.1.45';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';

package/src/services/email-imap.mjs CHANGED Viewed

@@ -85,37 +85,50 @@ function createImapClient(label, creds, accountId, secureOverride) {
   return client;
 }
-// Match the most common "wrong TLS mode" failure modes from ImapFlow.
+// Match the most common "wrong TLS mode" failure modes from ImapFlow / node
+// tls. Errors can surface as cleartext OpenSSL output ("wrong version
+// number"), as ImapFlow strings ("Failed to receive greeting"), or as plain
+// socket errors when the server closed the connection mid-handshake.
 function _looksLikeTlsMismatch(err) {
   const msg = (err && err.message ? err.message : String(err)).toLowerCase();
-  return /greeting|tls|ssl|wrong version number|protocol|enotconn|econnreset|handshake/.test(msg);
+  return /(greeting|tls|ssl|wrong\s*version|version\s*number|protocol|enotconn|econnreset|epipe|handshake|record_header|tlsany|alert|cert|disconnected|connection\s*closed)/i.test(msg);
 }
-export async function getImapClient(accountId) {
+// Per-account memory of which TLS mode worked last time. This avoids paying
+// the fallback cost on every sync once we've discovered the correct mode for
+// a given server, and ensures the cached `syncClients` entry stays usable.
+const lastGoodSecure = new Map();   // accountId → boolean
+export async function getImapClient(accountId, override) {
   const existing = syncClients.get(accountId);
-  if (existing?.usable) return existing;
+  if (existing?.usable && override === undefined) return existing;
   if (existing) { syncClients.delete(accountId); try { await existing.logout(); } catch {} }
   const creds = getAccountCredentials(accountId);
   if (!creds || !creds.imap_host) throw new Error(`No IMAP credentials for account ${accountId}`);
   const label = `sync:${accountId.slice(0, 8)}`;
-  // First attempt with the heuristic-derived TLS mode.
-  let client = createImapClient(label, creds, accountId);
+  // Pick initial TLS mode: explicit override > remembered-good > port heuristic.
+  const port = parseInt(creds.imap_port, 10) || 993;
+  const heuristicSecure = port === 993 || port === 465;
+  const remembered = lastGoodSecure.get(accountId);
+  const firstSecure = (typeof override === 'boolean')
+    ? override
+    : (typeof remembered === 'boolean' ? remembered : heuristicSecure);
+  // First attempt.
+  let client = createImapClient(label, creds, accountId, firstSecure);
   try {
     await client.connect();
+    lastGoodSecure.set(accountId, firstSecure);
   } catch (err) {
-    // Auto-fallback: if the failure smells like a TLS-mode mismatch, retry
-    // with the opposite mode before bubbling the error up to the user. The
-    // most common case is port 993 misclassified (or a non-standard port
-    // with implicit TLS) — the second try usually succeeds.
-    if (_looksLikeTlsMismatch(err)) {
+    if (_looksLikeTlsMismatch(err) && override === undefined) {
       try { await client.logout(); } catch {}
-      const port = parseInt(creds.imap_port, 10) || 993;
-      const fallbackSecure = !(port === 993 || port === 465);
-      console.warn(`[email:imap] ${label} TLS mismatch (${err.message}). Retrying with secure=${fallbackSecure}`);
+      const fallbackSecure = !firstSecure;
+      console.warn(`[email:imap] ${label} TLS mismatch (${err.message.slice(0, 100)}). Retrying with secure=${fallbackSecure}`);
       client = createImapClient(label, creds, accountId, fallbackSecure);
       await client.connect();
+      lastGoodSecure.set(accountId, fallbackSecure);
     } else {
       throw err;
     }
@@ -392,12 +405,25 @@ export async function syncFolder(accountId, folderPath, fullResync, limitMessage
   }
 }
-// First sync: cap to last 200 messages per folder to avoid blocking for minutes
-const FIRST_SYNC_LIMIT = 200;
+// Download EVERY message on the server by default. Previously capped at 200
+// to keep first-sync fast, but that surprised users who expected an Outlook-
+// style "give me my whole mailbox". The sync still streams messages
+// incrementally (headers → bodies) so the UI keeps updating, and never
+// modifies the server — only the local SQLite mirror.
+const FIRST_SYNC_LIMIT = 0;
 export async function syncAccount(accountId, opts = {}) {
   setSyncStatus(accountId, 'syncing', null);
+  // _retried is set by the recursion below — it forces the *opposite* TLS
+  // mode on the second attempt so we never spin twice on the same setting.
+  const tlsOverride = (typeof opts._forceSecure === 'boolean') ? opts._forceSecure : undefined;
   try {
+    // Prime the connection with the (optional) explicit TLS mode so any
+    // cached `syncClients` entry uses it for the whole sync.
+    if (tlsOverride !== undefined) {
+      await closeImapClient(accountId);
+      await getImapClient(accountId, tlsOverride);
+    }
     const folders = await listImapFolders(accountId);
     const priority = ['inbox', 'sent'];
     const toSync = [
@@ -408,17 +434,28 @@ export async function syncAccount(accountId, opts = {}) {
     let totalSynced = 0;
     for (const f of toSync) {
       try {
-        const limit = opts.full ? 0 : FIRST_SYNC_LIMIT;
+        const limit = opts.full === false ? 200 : FIRST_SYNC_LIMIT;
         const result = await syncFolder(accountId, f.path, false, limit, f.folderType);
         totalSynced += result.synced;
         console.log(`[email:sync] ${f.path}: ${result.synced} new messages (total on server: ${result.total})`);
       } catch (err) {
         console.warn(`[email:imap] Sync folder ${f.path} failed:`, err.message);
+        // Per-folder TLS mismatch propagates up so the outer catch can
+        // restart the whole sync with the opposite secure mode.
+        if (_looksLikeTlsMismatch(err) && opts._retried !== true) throw err;
       }
     }
     setSyncStatus(accountId, 'idle', null);
     return { synced: totalSynced };
   } catch (err) {
+    if (_looksLikeTlsMismatch(err) && opts._retried !== true) {
+      const port = parseInt(getAccountCredentials(accountId)?.imap_port, 10) || 993;
+      const heuristic = port === 993 || port === 465;
+      const opposite = (typeof tlsOverride === 'boolean') ? !tlsOverride : !heuristic;
+      console.warn(`[email:imap] sync ${accountId.slice(0, 8)} TLS mismatch — retrying entire sync with secure=${opposite}`);
+      await closeImapClient(accountId);
+      return syncAccount(accountId, { ...opts, _retried: true, _forceSecure: opposite });
+    }
     setSyncStatus(accountId, 'error', err.message);
     throw err;
   }