thinkwork-cli 0.5.4 → 0.6.0

package/dist/terraform/modules/app/agentcore-runtime/main.tf

@@ -38,6 +38,26 @@ variable "agentcore_memory_id" {
   default     = ""
 }
 
+variable "memory_engine" {
+  description = "Active long-term memory engine ('hindsight' or 'agentcore'). Surfaced to the runtime as MEMORY_ENGINE for telemetry/debugging only; engine selection itself happens in the API's normalized memory layer when memory-retain is invoked."
+  type        = string
+  default     = "hindsight"
+  validation {
+    condition     = contains(["hindsight", "agentcore"], var.memory_engine)
+    error_message = "memory_engine must be 'hindsight' or 'agentcore'."
+  }
+}
+
+# memory-retain Lambda name + ARN are constructed locally rather than
+# taken as inputs to avoid a circular dependency: the lambda-api module
+# already consumes this module's outputs (agentcore_function_name/arn).
+# The Lambda name follows the deterministic pattern from
+# lambda-api/handlers.tf: thinkwork-${stage}-api-${handler_name}.
+locals {
+  memory_retain_fn_name = "thinkwork-${var.stage}-api-memory-retain"
+  memory_retain_fn_arn  = "arn:aws:lambda:${var.region}:${var.account_id}:function:${local.memory_retain_fn_name}"
+}
+
 ################################################################################
 # ECR Repository
 ################################################################################
@@ -157,6 +177,17 @@ resource "aws_iam_role_policy" "agentcore" {
         Action   = ["ssm:GetParameter", "ssm:PutParameter"]
         Resource = "arn:aws:ssm:${var.region}:${var.account_id}:parameter/thinkwork/${var.stage}/agentcore/*"
       },
+      {
+        # Async-invoke the memory-retain Lambda after every chat turn so
+        # the API's normalized memory layer can run the active engine's
+        # retainTurn() path (Hindsight POST /memories or AgentCore
+        # CreateEvent). InvocationType=Event from the Python client; this
+        # Lambda is the only target.
+        Sid      = "MemoryRetainInvoke"
+        Effect   = "Allow"
+        Action   = ["lambda:InvokeFunction"]
+        Resource = local.memory_retain_fn_arn
+      },
     ]
   })
 }
@@ -192,6 +223,8 @@ resource "aws_lambda_function" "agentcore" {
       AWS_LWA_PORT           = "8080"
       AGENTCORE_MEMORY_ID    = var.agentcore_memory_id
       AGENTCORE_FILES_BUCKET = var.bucket_name
+      MEMORY_ENGINE          = var.memory_engine
+      MEMORY_RETAIN_FN_NAME  = local.memory_retain_fn_name
     }
   }
 

package/dist/terraform/modules/app/job-triggers/main.tf

@@ -55,6 +55,27 @@ resource "aws_iam_role" "job_scheduler" {
   })
 }
 
+# When job-schedule-manager creates a schedule, it sets this role as the
+# target RoleArn. EventBridge Scheduler assumes it and invokes the
+# job-trigger Lambda. ARN is constructed by naming convention so this
+# module doesn't have to import the lambda-api module's outputs.
+resource "aws_iam_role_policy" "job_scheduler_invoke" {
+  name = "invoke-job-trigger"
+  role = aws_iam_role.job_scheduler.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Action = ["lambda:InvokeFunction"]
+      Resource = [
+        "arn:aws:lambda:${var.region}:${var.account_id}:function:thinkwork-${var.stage}-api-job-trigger",
+        "arn:aws:lambda:${var.region}:${var.account_id}:function:thinkwork-${var.stage}-api-job-trigger:*",
+      ]
+    }]
+  })
+}
+
 ################################################################################
 # Outputs
 ################################################################################

package/dist/terraform/modules/app/lambda-api/handlers.tf

@@ -28,17 +28,40 @@ locals {
     GRAPHQL_API_KEY         = var.appsync_api_key
     API_AUTH_SECRET         = var.api_auth_secret
     THINKWORK_API_SECRET    = var.api_auth_secret
-    MANIFLOW_API_SECRET     = var.api_auth_secret
+    EMAIL_HMAC_SECRET       = var.api_auth_secret
+    THINKWORK_API_URL       = "https://${aws_apigatewayv2_api.main.id}.execute-api.${var.region}.amazonaws.com"
     AGENTCORE_FUNCTION_NAME = var.agentcore_function_name
     WORKSPACE_BUCKET        = var.bucket_name
     HINDSIGHT_ENDPOINT      = var.hindsight_endpoint
     AGENTCORE_MEMORY_ID     = var.agentcore_memory_id
-    ADMIN_URL               = var.admin_url
-    DOCS_URL                = var.docs_url
-    APPSYNC_REALTIME_URL    = var.appsync_realtime_url
-    ECR_REPOSITORY_URL      = var.ecr_repository_url
-    AWS_ACCOUNT_ID          = var.account_id
-    NODE_OPTIONS            = "--enable-source-maps"
+    MEMORY_ENGINE           = var.memory_engine
+    # Skip the SSM indirection for cross-function ARN lookup. Terraform
+    # already knows this ARN at apply time and the Lambda role's SSM
+    # permission has been a recurring source of silent failures where
+    # getChatAgentInvokeFnArn falls back to null and sendMessage loses
+    # message_history on the wakeup-processor fallback path.
+    CHAT_AGENT_INVOKE_FN_ARN = "arn:aws:lambda:${var.region}:${var.account_id}:function:thinkwork-${var.stage}-api-chat-agent-invoke"
+    ADMIN_URL                = var.admin_url
+    DOCS_URL                 = var.docs_url
+    APPSYNC_REALTIME_URL     = var.appsync_realtime_url
+    ECR_REPOSITORY_URL       = var.ecr_repository_url
+    AWS_ACCOUNT_ID           = var.account_id
+    NODE_OPTIONS             = "--enable-source-maps"
+    # LastMile Tasks REST API base URL — feature-flags the outbound sync
+    # path. When unset, syncExternalTaskOnCreate writes sync_status='local'
+    # and the workflow picker proxy returns 503. Set to the LMI develop /
+    # staging / prod base URL per stage to enable real cross-system sync.
+    LASTMILE_TASKS_API_URL   = var.lastmile_tasks_api_url
+  }
+
+  # Per-handler env-var overrides. ARNs are constructed from the naming
+  # pattern (same trick as lambda_api_cross_invoke in main.tf) so we don't
+  # introduce a self-referential dependency inside the handler for_each.
+  handler_extra_env = {
+    "job-schedule-manager" = {
+      JOB_TRIGGER_ARN      = "arn:aws:lambda:${var.region}:${var.account_id}:function:thinkwork-${var.stage}-api-job-trigger"
+      JOB_TRIGGER_ROLE_ARN = var.job_scheduler_role_arn
+    }
   }
 }
 
@@ -69,8 +92,11 @@ resource "aws_lambda_function" "handler" {
     "guardrails",
     "scheduled-jobs",
     "job-schedule-manager",
+    "job-trigger",
     "webhooks",
     "webhooks-admin",
+    "webhook-deliveries-cleanup",
+    "task-connectors",
     "workspace-files",
     "knowledge-base-manager",
     "knowledge-base-files",
@@ -79,10 +105,9 @@ resource "aws_lambda_function" "handler" {
     "github-app",
     "github-repos",
     "memory",
+    "memory-retain",
     "artifact-deliver",
     "recipe-refresh",
-    "connector-installs",
-    "connector-secrets",
     "agent-skills-list",
     "bootstrap-workspaces",
     "code-factory",
@@ -99,9 +124,11 @@ resource "aws_lambda_function" "handler" {
   source_code_hash = filebase64sha256("${var.lambda_zips_dir}/${each.key}.zip")
 
   environment {
-    variables = merge(local.common_env, {
-      FUNCTION_NAME = each.key
-    })
+    variables = merge(
+      local.common_env,
+      { FUNCTION_NAME = each.key },
+      lookup(local.handler_extra_env, each.key, {}),
+    )
   }
 
   tags = {
@@ -195,6 +222,10 @@ locals {
     "ANY /api/webhooks/{proxy+}" = "webhooks-admin"
     "ANY /api/webhooks"          = "webhooks-admin"
 
+    # Task Connectors admin
+    "ANY /api/task-connectors/{proxy+}" = "task-connectors"
+    "ANY /api/task-connectors"          = "task-connectors"
+
     # Workspace files
     "ANY /api/workspaces/{proxy+}" = "workspace-files"
 
@@ -216,10 +247,6 @@ locals {
     # GitHub App
     "ANY /api/github-app/{proxy+}" = "github-app"
     "POST /api/github/webhook"     = "github-app"
-
-    # Connectors
-    "ANY /api/connector-installs/{proxy+}" = "connector-installs"
-    "ANY /api/connector-secrets/{proxy+}"  = "connector-secrets"
   } : {}
 }
 
@@ -272,6 +299,28 @@ resource "aws_scheduler_schedule" "wakeup_processor" {
   }
 }
 
+# ---------------------------------------------------------------------------
+# webhook_deliveries retention cron — daily delete of rows older than 90 days
+# ---------------------------------------------------------------------------
+
+resource "aws_scheduler_schedule" "webhook_deliveries_cleanup" {
+  count = local.use_local_zips ? 1 : 0
+
+  name                = "thinkwork-${var.stage}-webhook-deliveries-cleanup"
+  group_name          = "default"
+  schedule_expression = "cron(0 4 * * ? *)" # daily at 04:00 UTC
+  state               = "ENABLED"
+
+  flexible_time_window {
+    mode = "OFF"
+  }
+
+  target {
+    arn      = aws_lambda_function.handler["webhook-deliveries-cleanup"].arn
+    role_arn = aws_iam_role.scheduler.arn
+  }
+}
+
 resource "aws_iam_role" "scheduler" {
   name = "thinkwork-${var.stage}-scheduler-role"
 
@@ -308,6 +357,7 @@ resource "aws_ssm_parameter" "lambda_arns" {
     "chat-agent-invoke-fn-arn"    = aws_lambda_function.handler["chat-agent-invoke"].arn
     "kb-manager-fn-arn"           = aws_lambda_function.handler["knowledge-base-manager"].arn
     "job-schedule-manager-fn-arn" = aws_lambda_function.handler["job-schedule-manager"].arn
+    "memory-retain-fn-arn"        = aws_lambda_function.handler["memory-retain"].arn
   } : {}
 
   name  = "/thinkwork/${var.stage}/${each.key}"

package/dist/terraform/modules/app/lambda-api/main.tf

@@ -28,7 +28,7 @@ resource "aws_apigatewayv2_api" "main" {
 
   cors_configuration {
     allow_headers = ["Content-Type", "Authorization", "x-api-key", "x-tenant-id", "x-tenant-slug", "x-principal-id"]
-    allow_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
+    allow_methods = ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"]
     allow_origins = var.cors_allowed_origins
     max_age       = 3600
   }
@@ -206,6 +206,30 @@ resource "aws_iam_role_policy" "lambda_bedrock" {
   })
 }
 
+# SES send permissions for the email-send handler. Scoped to any
+# verified identity in this account+region so the email-send Lambda
+# can SendRawEmail from agents.thinkwork.ai (and any other domain
+# identity a future deployment might add).
+resource "aws_iam_role_policy" "lambda_ses_send" {
+  name = "ses-send"
+  role = aws_iam_role.lambda.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Action = [
+        "ses:SendEmail",
+        "ses:SendRawEmail",
+      ]
+      Resource = [
+        "arn:aws:ses:${var.region}:${var.account_id}:identity/*",
+        "arn:aws:ses:${var.region}:${var.account_id}:configuration-set/*",
+      ]
+    }]
+  })
+}
+
 # Allow API Lambdas to directly invoke the AgentCore Lambda. Used by
 # chat-agent-invoke (and future wake-up/retry paths) via InvokeCommand.
 resource "aws_iam_role_policy" "lambda_agentcore_invoke" {
@@ -232,7 +256,7 @@ resource "aws_iam_role_policy" "lambda_agentcore_invoke" {
 # memoryRecords / memorySearch call ListMemoryRecordsCommand to fetch
 # records across the tenant's agents.
 resource "aws_iam_role_policy" "lambda_agentcore_memory" {
-  name = "agentcore-memory-read"
+  name = "agentcore-memory-rw"
   role = aws_iam_role.lambda.id
 
   policy = jsonencode({
@@ -243,12 +267,106 @@ resource "aws_iam_role_policy" "lambda_agentcore_memory" {
         "bedrock-agentcore:ListMemoryRecords",
         "bedrock-agentcore:RetrieveMemoryRecords",
         "bedrock-agentcore:GetMemoryRecord",
+        "bedrock-agentcore:BatchCreateMemoryRecords",
+        "bedrock-agentcore:BatchUpdateMemoryRecords",
+        "bedrock-agentcore:BatchDeleteMemoryRecords",
+        "bedrock-agentcore:DeleteMemoryRecord",
       ]
       Resource = "*"
     }]
   })
 }
 
+# graphql-http's sendMessage mutation reads SSM parameters like
+# /thinkwork/${stage}/chat-agent-invoke-fn-arn to discover the direct
+# Lambda targets for cross-function invocation. Without this, the SSM
+# GetParameter call fails with AccessDenied, the caller silently
+# catches the error, and sendMessage falls back to the wakeup-processor
+# path — which doesn't load messages_history from Aurora. That's why
+# multi-turn chat was losing prior context: history was only loaded on
+# the direct path, which never ran.
+resource "aws_iam_role_policy" "lambda_ssm_read" {
+  name = "ssm-param-read"
+  role = aws_iam_role.lambda.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Action = [
+        "ssm:GetParameter",
+        "ssm:GetParameters",
+      ]
+      Resource = "arn:aws:ssm:${var.region}:${var.account_id}:parameter/thinkwork/${var.stage}/*"
+    }]
+  })
+}
+
+# job-schedule-manager creates/updates/deletes EventBridge Scheduler
+# schedules (and the thinkwork-jobs schedule group on first use). Without
+# these permissions the manager Lambda threw silently and every scheduled
+# automation was orphaned with eb_schedule_name = null.
+resource "aws_iam_role_policy" "lambda_scheduler" {
+  name = "eventbridge-scheduler-rw"
+  role = aws_iam_role.lambda.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "scheduler:CreateSchedule",
+          "scheduler:UpdateSchedule",
+          "scheduler:DeleteSchedule",
+          "scheduler:GetSchedule",
+          "scheduler:ListSchedules",
+          "scheduler:CreateScheduleGroup",
+          "scheduler:GetScheduleGroup",
+          "scheduler:DeleteScheduleGroup",
+          "scheduler:TagResource",
+        ]
+        Resource = "*"
+      },
+      # Scheduler.CreateSchedule takes a RoleArn for the target; AWS requires
+      # the caller to have iam:PassRole on that role. Without this the
+      # CreateSchedule call fails with AccessDenied even if the scheduler
+      # permissions above are set.
+      {
+        Effect   = "Allow"
+        Action   = ["iam:PassRole"]
+        Resource = var.job_scheduler_role_arn != "" ? var.job_scheduler_role_arn : "*"
+      },
+    ]
+  })
+}
+
+# Allow API handler Lambdas to invoke each other directly. sendMessage
+# dispatches to chat-agent-invoke for instant chat response; the memory
+# resolvers reach knowledge-base-manager and job-schedule-manager for
+# admin-driven operations. The existing lambda_agentcore_invoke policy
+# covers the Strands runtime Lambda only — this one covers internal
+# api-to-api calls. ARNs are constructed deterministically from the
+# handler naming pattern so we don't create a dependency cycle with the
+# handler resource.
+resource "aws_iam_role_policy" "lambda_api_cross_invoke" {
+  name = "api-cross-function-invoke"
+  role = aws_iam_role.lambda.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Action = ["lambda:InvokeFunction"]
+      Resource = [
+        "arn:aws:lambda:${var.region}:${var.account_id}:function:thinkwork-${var.stage}-api-chat-agent-invoke",
+        "arn:aws:lambda:${var.region}:${var.account_id}:function:thinkwork-${var.stage}-api-knowledge-base-manager",
+        "arn:aws:lambda:${var.region}:${var.account_id}:function:thinkwork-${var.stage}-api-job-schedule-manager",
+      ]
+    }]
+  })
+}
+
 ################################################################################
 # Placeholder Lambda — proves the infrastructure works
 #

package/dist/terraform/modules/app/lambda-api/outputs.tf

@@ -22,3 +22,23 @@ output "lambda_role_name" {
   description = "Shared Lambda execution role name"
   value       = aws_iam_role.lambda.name
 }
+
+output "memory_retain_fn_name" {
+  description = "Memory-retain Lambda function name. Strands runtime invokes this directly to push conversational turns into the active memory engine."
+  value       = local.use_local_zips ? aws_lambda_function.handler["memory-retain"].function_name : ""
+}
+
+output "memory_retain_fn_arn" {
+  description = "Memory-retain Lambda ARN. Used to grant lambda:InvokeFunction to the agentcore-runtime role."
+  value       = local.use_local_zips ? aws_lambda_function.handler["memory-retain"].arn : ""
+}
+
+output "email_inbound_fn_arn" {
+  description = "email-inbound Lambda ARN. Used by the SES module to wire the receipt rule Lambda action."
+  value       = local.use_local_zips ? aws_lambda_function.handler["email-inbound"].arn : ""
+}
+
+output "email_inbound_fn_name" {
+  description = "email-inbound Lambda function name. Used by the SES module for lambda:InvokeFunction permissions."
+  value       = local.use_local_zips ? aws_lambda_function.handler["email-inbound"].function_name : ""
+}

package/dist/terraform/modules/app/lambda-api/variables.tf

@@ -146,6 +146,16 @@ variable "agentcore_memory_id" {
   default     = ""
 }
 
+variable "memory_engine" {
+  description = "Active long-term memory engine for this deployment. Exactly one engine is canonical for recall/inspect/export. Defaults to 'hindsight' for hosted ThinkWork; self-hosted/serverless deployments may choose 'agentcore'."
+  type        = string
+  default     = "hindsight"
+  validation {
+    condition     = contains(["hindsight", "agentcore"], var.memory_engine)
+    error_message = "memory_engine must be 'hindsight' or 'agentcore'."
+  }
+}
+
 variable "agentcore_function_name" {
   description = "AgentCore Lambda function name (for direct SDK invoke)"
   type        = string
@@ -187,3 +197,15 @@ variable "cors_allowed_origins" {
   type        = list(string)
   default     = ["*"]
 }
+
+variable "job_scheduler_role_arn" {
+  description = "IAM role ARN that EventBridge Scheduler assumes to invoke the job-trigger Lambda. Passed from the job-triggers module."
+  type        = string
+  default     = ""
+}
+
+variable "lastmile_tasks_api_url" {
+  description = "Base URL of the LastMile Tasks REST API used by the outbound sync path (POST /tasks, GET /workflows, etc). Leave blank to feature-flag the integration off; mobile-created tasks then land in sync_status='local' until the URL is set."
+  type        = string
+  default     = ""
+}

package/dist/terraform/modules/app/ses-email/main.tf

@@ -1,9 +1,17 @@
 ################################################################################
 # SES Email — App Module
 #
-# Configures SES for email inbound (receipt rules) and domain verification.
-# Full Lambda wiring comes in Phase 4 when email handlers are migrated.
-# Phase 1 creates the domain identity and DKIM records only.
+# Wires up inbound and outbound email for a delegated subdomain
+# (e.g. agents.thinkwork.ai). The module:
+#
+#   1. Creates a Route53 hosted zone for the subdomain (Option A — delegated
+#      subzone). The operator pastes the output name servers at whatever hosts
+#      the parent domain (Google, Squarespace, Cloudflare, etc.).
+#   2. Creates the SES domain identity + DKIM tokens.
+#   3. Writes the SES verification TXT, DKIM CNAMEs, and an MX record into the
+#      new subzone.
+#   4. Creates an SES receipt rule set that stores inbound mail in S3 at
+#      `email/inbound/<sesMessageId>` and invokes the email-inbound Lambda.
 ################################################################################
 
 variable "stage" {
@@ -16,36 +24,191 @@ variable "account_id" {
   type        = string
 }
 
+variable "region" {
+  description = "AWS region (determines the inbound SMTP endpoint)"
+  type        = string
+  default     = "us-east-1"
+}
+
 variable "email_domain" {
-  description = "Domain for SES email (e.g. thinkwork.ai)"
+  description = "Subdomain used for agent email (e.g. agents.thinkwork.ai). Leave empty to skip all SES resources."
+  type        = string
+  default     = ""
+}
+
+variable "inbound_bucket_name" {
+  description = "S3 bucket that SES writes raw inbound .eml files into. Its policy must already allow ses.amazonaws.com PutObject."
   type        = string
   default     = ""
 }
 
+variable "email_inbound_fn_arn" {
+  description = "ARN of the email-inbound Lambda. If empty, receipt rule is still created but without a Lambda action."
+  type        = string
+  default     = ""
+}
+
+variable "email_inbound_fn_name" {
+  description = "Function name of the email-inbound Lambda (for the Lambda permission)."
+  type        = string
+  default     = ""
+}
+
+variable "manage_active_rule_set" {
+  description = "Activate the receipt rule set. Only ONE rule set can be active per region per account, so set false in secondary stages that share an account."
+  type        = bool
+  default     = true
+}
+
+locals {
+  enabled       = var.email_domain != ""
+  inbound_smtp  = "inbound-smtp.${var.region}.amazonaws.com"
+  rule_set_name = "thinkwork-${var.stage}-email-rules"
+  has_lambda    = var.email_inbound_fn_arn != ""
+  has_bucket    = var.inbound_bucket_name != ""
+}
+
+################################################################################
+# Route53 — delegated subzone for the agent email subdomain
+################################################################################
+
+resource "aws_route53_zone" "agents" {
+  count = local.enabled ? 1 : 0
+  name  = var.email_domain
+
+  tags = {
+    Name  = "thinkwork-${var.stage}-email-zone"
+    Stage = var.stage
+  }
+}
+
 ################################################################################
-# SES Domain Identity (only if email_domain is provided)
+# SES Domain Identity + DKIM
 ################################################################################
 
 resource "aws_ses_domain_identity" "main" {
-  count  = var.email_domain != "" ? 1 : 0
+  count  = local.enabled ? 1 : 0
   domain = var.email_domain
 }
 
 resource "aws_ses_domain_dkim" "main" {
-  count  = var.email_domain != "" ? 1 : 0
+  count  = local.enabled ? 1 : 0
   domain = aws_ses_domain_identity.main[0].domain
 }
 
+################################################################################
+# DNS records in the subzone — verification TXT, DKIM CNAMEs, MX
+################################################################################
+
+resource "aws_route53_record" "ses_verification" {
+  count   = local.enabled ? 1 : 0
+  zone_id = aws_route53_zone.agents[0].zone_id
+  name    = "_amazonses.${var.email_domain}"
+  type    = "TXT"
+  ttl     = 600
+  records = [aws_ses_domain_identity.main[0].verification_token]
+}
+
+resource "aws_route53_record" "dkim" {
+  count   = local.enabled ? 3 : 0
+  zone_id = aws_route53_zone.agents[0].zone_id
+  name    = "${aws_ses_domain_dkim.main[0].dkim_tokens[count.index]}._domainkey.${var.email_domain}"
+  type    = "CNAME"
+  ttl     = 600
+  records = ["${aws_ses_domain_dkim.main[0].dkim_tokens[count.index]}.dkim.amazonses.com"]
+}
+
+resource "aws_route53_record" "mx" {
+  count   = local.enabled ? 1 : 0
+  zone_id = aws_route53_zone.agents[0].zone_id
+  name    = var.email_domain
+  type    = "MX"
+  ttl     = 600
+  records = ["10 ${local.inbound_smtp}"]
+}
+
+################################################################################
+# SES Receipt Rule Set + Rule → S3 + Lambda
+################################################################################
+
+resource "aws_ses_receipt_rule_set" "main" {
+  count         = local.enabled ? 1 : 0
+  rule_set_name = local.rule_set_name
+}
+
+resource "aws_ses_active_receipt_rule_set" "main" {
+  count         = local.enabled && var.manage_active_rule_set ? 1 : 0
+  rule_set_name = aws_ses_receipt_rule_set.main[0].rule_set_name
+}
+
+resource "aws_lambda_permission" "ses_invoke_email_inbound" {
+  count          = local.enabled && local.has_lambda ? 1 : 0
+  statement_id   = "AllowSESInvokeEmailInbound"
+  action         = "lambda:InvokeFunction"
+  function_name  = var.email_inbound_fn_name
+  principal      = "ses.amazonaws.com"
+  source_account = var.account_id
+}
+
+resource "aws_ses_receipt_rule" "inbound" {
+  count         = local.enabled ? 1 : 0
+  name          = "thinkwork-${var.stage}-inbound-email"
+  rule_set_name = aws_ses_receipt_rule_set.main[0].rule_set_name
+  recipients    = [var.email_domain]
+  enabled       = true
+  scan_enabled  = true
+
+  dynamic "s3_action" {
+    for_each = local.has_bucket ? [1] : []
+    content {
+      bucket_name       = var.inbound_bucket_name
+      object_key_prefix = "email/inbound/"
+      position          = 1
+    }
+  }
+
+  dynamic "lambda_action" {
+    for_each = local.has_lambda ? [1] : []
+    content {
+      function_arn    = var.email_inbound_fn_arn
+      invocation_type = "Event"
+      position        = local.has_bucket ? 2 : 1
+    }
+  }
+
+  depends_on = [aws_lambda_permission.ses_invoke_email_inbound]
+}
+
 ################################################################################
 # Outputs
 ################################################################################
 
 output "ses_domain_identity_arn" {
   description = "SES domain identity ARN"
-  value       = var.email_domain != "" ? aws_ses_domain_identity.main[0].arn : null
+  value       = local.enabled ? aws_ses_domain_identity.main[0].arn : null
 }
 
 output "dkim_tokens" {
-  description = "DKIM tokens for DNS verification"
-  value       = var.email_domain != "" ? aws_ses_domain_dkim.main[0].dkim_tokens : []
+  description = "DKIM tokens (already written as CNAMEs in the subzone)"
+  value       = local.enabled ? aws_ses_domain_dkim.main[0].dkim_tokens : []
+}
+
+output "zone_id" {
+  description = "Route53 hosted zone ID for the email subdomain"
+  value       = local.enabled ? aws_route53_zone.agents[0].zone_id : null
+}
+
+output "name_servers" {
+  description = "Name servers for the delegated email subzone. Paste these as NS records at the registrar that hosts the parent domain (e.g. Google Domains) before SES can verify."
+  value       = local.enabled ? aws_route53_zone.agents[0].name_servers : []
+}
+
+output "mx_target" {
+  description = "MX target host for the email subdomain"
+  value       = local.enabled ? local.inbound_smtp : null
+}
+
+output "rule_set_name" {
+  description = "SES receipt rule set name"
+  value       = local.enabled ? aws_ses_receipt_rule_set.main[0].rule_set_name : null
 }