zele 0.3.14 → 0.3.16

package/src/commands/mail.ts

@@ -16,6 +16,23 @@ import * as out from '../output.js'
 import { handleCommandError } from '../output.js'
 import pc from 'picocolors'
 
+// ---------------------------------------------------------------------------
+// Label formatting — filter out system labels already represented by flags
+// ---------------------------------------------------------------------------
+
+const HIDDEN_LABELS = new Set([
+  'INBOX', 'SENT', 'TRASH', 'SPAM', 'DRAFT', 'UNREAD', 'STARRED',
+  'IMPORTANT', 'CHAT', 'CATEGORY_PERSONAL', 'CATEGORY_SOCIAL',
+  'CATEGORY_PROMOTIONS', 'CATEGORY_UPDATES', 'CATEGORY_FORUMS',
+])
+
+function formatLabels(labelIds: string[], labelMap?: Map<string, string>): string {
+  const visible = labelIds
+    .filter((id) => !HIDDEN_LABELS.has(id))
+    .map((id) => labelMap?.get(id) ?? id)
+  return visible.join(', ')
+}
+
 // ---------------------------------------------------------------------------
 // Register commands
 // ---------------------------------------------------------------------------
@@ -34,8 +51,9 @@ export function registerMailCommands(cli: Goke) {
     .command('mail list', 'List email threads')
     .option('--folder [folder]', 'Folder to list (inbox, sent, trash, spam, starred, drafts, archive, all) (default: inbox)')
     .option('--max [max]', 'Max results per page (default: 20)')
-    .option('--page <page>', 'Pagination token')
+    .option('--page <page>', 'Pagination token (requires --account, only works for a single account)')
     .option('--label <label>', 'Filter by label name')
+    .option('--filter <filter>', 'Gmail search filter (e.g. "is:unread", "from:github", "has:attachment")')
     .action(async (options) => {
       const folder = options.folder ?? 'inbox'
       const max = options.max ? Number(options.max) : 20
@@ -46,17 +64,22 @@ export function registerMailCommands(cli: Goke) {
         process.exit(1)
       }
 
-      // Fetch from all accounts concurrently
+      // Fetch threads and labels from all accounts concurrently
       const results = await Promise.all(
         clients.map(async ({ email, client }) => {
-          const result = await client.listThreads({
-            folder,
-            maxResults: max,
-            labelIds: options.label ? [options.label] : undefined,
-            pageToken: options.page,
-          })
+          const [result, labelsResult] = await Promise.all([
+            client.listThreads({
+              folder,
+              maxResults: max,
+              labelIds: options.label ? [options.label] : undefined,
+              pageToken: options.page,
+              query: options.filter,
+            }),
+            client.listLabels(),
+          ])
           if (result instanceof Error) return result
-          return { email, result }
+          const labelMap = labelsResult instanceof Error ? new Map<string, string>() : new Map(labelsResult.parsed.map((l) => [l.id, l.name]))
+          return { email, result, labelMap }
         }),
       )
 
@@ -66,6 +89,10 @@ export function registerMailCommands(cli: Goke) {
           return true
         })
 
+      // Merge label maps from all accounts
+      const labelMap = new Map<string, string>()
+      for (const r of allResults) for (const [id, name] of r.labelMap) labelMap.set(id, name)
+
       // Merge threads from all accounts, sorted by date descending, capped at max
       const merged = allResults
         .flatMap(({ email, result }) =>
@@ -81,16 +108,26 @@ export function registerMailCommands(cli: Goke) {
 
       const showAccount = clients.length > 1
       out.printList(
-        merged.map((t) => ({
-          ...(showAccount ? { account: t.account } : {}),
-          id: t.id,
-          flags: out.formatFlags(t),
-          from: out.formatSender(t.from),
-          subject: t.subject,
-          date: out.formatDate(t.date),
-          messages: t.messageCount,
-        })),
-        { summary: `${merged.length} threads (${folder})` },
+        merged.map((t) => {
+          const to = t.to.map((s) => out.formatSender(s)).join(', ')
+          const cc = t.cc.map((s) => out.formatSender(s)).join(', ')
+          const labels = formatLabels(t.labelIds, labelMap)
+          return {
+            ...(showAccount ? { account: t.account } : {}),
+            id: t.id,
+            flags: out.formatFlags(t),
+            from: out.formatSender(t.from),
+            ...(to ? { to } : {}),
+            ...(cc ? { cc } : {}),
+            subject: t.subject,
+            snippet: t.snippet,
+            date: out.formatDate(t.date),
+            messages: t.messageCount,
+            ...(labels ? { labels } : {}),
+            ...(t.listUnsubscribe ? { unsubscribe: t.listUnsubscribe } : {}),
+          }
+        }),
+        { summary: `${merged.length} threads (${folder})`, nextPage: allResults[0]?.result.nextPageToken },
       )
     })
 
@@ -101,7 +138,7 @@ export function registerMailCommands(cli: Goke) {
   cli
     .command('mail search <query>', 'Search email threads using Gmail query syntax (from:, to:, subject:, has:attachment, etc). See https://support.google.com/mail/answer/7190')
     .option('--max [max]', 'Max results (default: 20)')
-    .option('--page <page>', 'Pagination token')
+    .option('--page <page>', 'Pagination token (requires --account, only works for a single account)')
     .action(async (query, options) => {
       const max = options.max ? Number(options.max) : 20
       const clients = await getClients(options.account)
@@ -111,16 +148,20 @@ export function registerMailCommands(cli: Goke) {
         process.exit(1)
       }
 
-      // Search all accounts concurrently
+      // Search all accounts concurrently (fetch labels alongside for name resolution)
       const results = await Promise.all(
         clients.map(async ({ email, client }) => {
-          const result = await client.listThreads({
-            query,
-            maxResults: max,
-            pageToken: options.page,
-          })
+          const [result, labelsResult] = await Promise.all([
+            client.listThreads({
+              query,
+              maxResults: max,
+              pageToken: options.page,
+            }),
+            client.listLabels(),
+          ])
           if (result instanceof Error) return result
-          return { email, result }
+          const labelMap = labelsResult instanceof Error ? new Map<string, string>() : new Map(labelsResult.parsed.map((l) => [l.id, l.name]))
+          return { email, result, labelMap }
         }),
       )
 
@@ -130,6 +171,10 @@ export function registerMailCommands(cli: Goke) {
           return true
         })
 
+      // Merge label maps from all accounts
+      const labelMap = new Map<string, string>()
+      for (const r of allResults) for (const [id, name] of r.labelMap) labelMap.set(id, name)
+
       const merged = allResults
         .flatMap(({ email, result }) =>
           result.threads.map((t) => ({ ...t, account: email })),
@@ -144,16 +189,26 @@ export function registerMailCommands(cli: Goke) {
 
       const showAccount = clients.length > 1
       out.printList(
-        merged.map((t) => ({
-          ...(showAccount ? { account: t.account } : {}),
-          id: t.id,
-          flags: out.formatFlags(t),
-          from: out.formatSender(t.from),
-          subject: t.subject,
-          date: out.formatDate(t.date),
-          messages: t.messageCount,
-        })),
-        { summary: `${merged.length} results for "${query}"` },
+        merged.map((t) => {
+          const to = t.to.map((s) => out.formatSender(s)).join(', ')
+          const cc = t.cc.map((s) => out.formatSender(s)).join(', ')
+          const labels = formatLabels(t.labelIds, labelMap)
+          return {
+            ...(showAccount ? { account: t.account } : {}),
+            id: t.id,
+            flags: out.formatFlags(t),
+            from: out.formatSender(t.from),
+            ...(to ? { to } : {}),
+            ...(cc ? { cc } : {}),
+            subject: t.subject,
+            snippet: t.snippet,
+            date: out.formatDate(t.date),
+            messages: t.messageCount,
+            ...(labels ? { labels } : {}),
+            ...(t.listUnsubscribe ? { unsubscribe: t.listUnsubscribe } : {}),
+          }
+        }),
+        { summary: `${merged.length} results for "${query}"`, nextPage: allResults[0]?.result.nextPageToken },
       )
     })
 
@@ -162,10 +217,15 @@ export function registerMailCommands(cli: Goke) {
   // =========================================================================
 
   cli
-    .command('mail read <threadId>', 'Read a full email thread')
-    .option('--raw', 'Show raw message (first message only)')
+    .command('mail read [...threadIds]', 'Read full email threads (does not mark as read)')
+    .option('--raw', 'Show raw message (first message only, single thread)')
     .option('--raw-html', 'Show raw HTML body per message (no markdown conversion)')
-    .action(async (threadId, options) => {
+    .action(async (threadIds, options) => {
+      if (threadIds.length === 0) {
+        out.error('No thread IDs provided')
+        process.exit(1)
+      }
+
       const { client } = await getClient(options.account)
 
       if (options.raw && options.rawHtml) {
@@ -174,7 +234,11 @@ export function registerMailCommands(cli: Goke) {
       }
 
       if (options.raw) {
-        const { parsed: thread } = await client.getThread({ threadId })
+        if (threadIds.length > 1) {
+          out.error('--raw only supports a single thread ID')
+          process.exit(1)
+        }
+        const { parsed: thread } = await client.getThread({ threadId: threadIds[0]! })
         if (thread.messages.length === 0) {
           out.hint('No messages in thread')
           return
@@ -185,72 +249,96 @@ export function registerMailCommands(cli: Goke) {
         return
       }
 
-      const { parsed: thread } = await client.getThread({ threadId })
-
-      if (thread.messages.length === 0) {
-        out.hint('No messages in thread')
-        return
-      }
-
-      if (options.rawHtml) {
-        thread.messages.forEach((msg, index) => {
-          console.log(msg.body)
-          if (index < thread.messages.length - 1) {
-            console.log('\n<!-- ZELE_MESSAGE_SEPARATOR -->\n')
-          }
-        })
-        return
-      }
+      // Fetch all threads concurrently, tolerating individual failures
+      const settled = await Promise.allSettled(
+        threadIds.map((id) => client.getThread({ threadId: id })),
+      )
 
       const w = Math.min(process.stdout.columns || 72, 72)
       const rule = pc.dim('─'.repeat(w))
+      const multi = threadIds.length > 1
 
-      // Render thread header
-      console.log(pc.bold(thread.subject))
-      // Collect unique participants
-      const participants = new Map<string, string>()
-      for (const msg of thread.messages) {
-        participants.set(msg.from.email, msg.from.name || msg.from.email)
-        for (const r of msg.to) participants.set(r.email, r.name || r.email)
-      }
-      const participantStr = [...participants.values()].join(', ')
-      console.log(pc.dim(`${thread.messageCount} message(s) · ${participantStr}`))
-      console.log(pc.dim(`ID: ${thread.id}`))
-      console.log(rule + '\n')
-
-      // Render each message
-      for (const msg of thread.messages) {
-        const fromStr = out.formatSender(msg.from)
-        const dateStr = out.formatDate(msg.date)
-
-        // Flags as dim tags
-        const flagParts: string[] = []
-        if (msg.unread) flagParts.push(pc.yellow('[unread]'))
-        if (msg.starred) flagParts.push(pc.yellow('[starred]'))
-        const flagStr = flagParts.length > 0 ? ' ' + flagParts.join(' ') : ''
-
-        console.log(pc.bold(`From: `) + fromStr + flagStr)
-        console.log(pc.dim(`  To: ${msg.to.map((t) => t.email).join(', ')}`))
-        if (msg.cc && msg.cc.length > 0) {
-          console.log(pc.dim(`  Cc: ${msg.cc.map((c) => c.email).join(', ')}`))
+      for (let i = 0; i < settled.length; i++) {
+        const result = settled[i]!
+
+        if (multi) {
+          const doubleRule = pc.bold('━'.repeat(w))
+          console.log(doubleRule)
+          console.log(pc.bold(`Thread ${i + 1}/${settled.length}`) + pc.dim(` · ${threadIds[i]}`))
+          console.log(doubleRule)
+          console.log()
+        }
+
+        if (result.status === 'rejected') {
+          out.error(`Failed to read thread ${threadIds[i]}: ${String(result.reason)}`)
+          if (multi) console.log()
+          continue
         }
-        console.log(pc.dim(`Date: ${dateStr}`))
-
-        if (msg.attachments.length > 0) {
-          const attList = msg.attachments.map((a) => {
-            const size = a.size < 1024 ? `${a.size} B`
-              : a.size < 1048576 ? `${(a.size / 1024).toFixed(1)} KB`
-              : `${(a.size / 1048576).toFixed(1)} MB`
-            return `${a.filename} (${size})`
+
+        const { parsed: thread } = result.value
+
+        if (thread.messages.length === 0) {
+          out.hint('No messages in thread')
+          if (multi) console.log()
+          continue
+        }
+
+        if (options.rawHtml) {
+          thread.messages.forEach((msg, index) => {
+            console.log(msg.body)
+            if (index < thread.messages.length - 1) {
+              console.log('\n<!-- ZELE_MESSAGE_SEPARATOR -->\n')
+            }
           })
-          console.log(pc.dim(`Attachments: ${attList.join(', ')}`))
+          if (multi) console.log()
+          continue
         }
 
-        console.log()
+        // Render thread header
+        console.log(pc.bold(thread.subject))
+        const participants = new Map<string, string>()
+        for (const msg of thread.messages) {
+          participants.set(msg.from.email, msg.from.name || msg.from.email)
+          for (const r of msg.to) participants.set(r.email, r.name || r.email)
+        }
+        const participantStr = [...participants.values()].join(', ')
+        console.log(pc.dim(`${thread.messageCount} message(s) · ${participantStr}`))
+        console.log(pc.dim(`ID: ${thread.id}`))
+        console.log(rule + '\n')
+
+        // Render each message
+        for (const msg of thread.messages) {
+          const fromStr = out.formatSender(msg.from)
+          const dateStr = out.formatDate(msg.date)
+
+          const flagParts: string[] = []
+          if (msg.unread) flagParts.push(pc.yellow('[unread]'))
+          if (msg.starred) flagParts.push(pc.yellow('[starred]'))
+          const flagStr = flagParts.length > 0 ? ' ' + flagParts.join(' ') : ''
+
+          console.log(pc.bold(`From: `) + fromStr + flagStr)
+          console.log(pc.dim(`  To: ${msg.to.map((t) => t.email).join(', ')}`))
+          if (msg.cc && msg.cc.length > 0) {
+            console.log(pc.dim(`  Cc: ${msg.cc.map((c) => c.email).join(', ')}`))
+          }
+          console.log(pc.dim(`Date: ${dateStr}`))
+
+          if (msg.attachments.length > 0) {
+            const attList = msg.attachments.map((a) => {
+              const size = a.size < 1024 ? `${a.size} B`
+                : a.size < 1048576 ? `${(a.size / 1024).toFixed(1)} KB`
+                : `${(a.size / 1048576).toFixed(1)} MB`
+              return `${a.filename} (${size})`
+            })
+            console.log(pc.dim(`Attachments: ${attList.join(', ')}`))
+          }
 
-        const body = out.renderEmailBody(msg.body, msg.mimeType)
-        console.log(body)
-        console.log('\n' + rule + '\n')
+          console.log()
+
+          const body = out.renderEmailBody(msg.body, msg.mimeType)
+          console.log(body)
+          console.log('\n' + rule + '\n')
+        }
       }
     })
 

package/src/db.ts

@@ -37,8 +37,12 @@ export function getPrisma(): Promise<PrismaClient> {
 }
 
 async function initializePrisma(): Promise<PrismaClient> {
+  // Create directory with restrictive permissions (owner only)
   if (!fs.existsSync(ZELE_DIR)) {
-    fs.mkdirSync(ZELE_DIR, { recursive: true })
+    fs.mkdirSync(ZELE_DIR, { recursive: true, mode: 0o700 })
+  } else {
+    // Ensure existing directory has correct permissions
+    fs.chmodSync(ZELE_DIR, 0o700)
   }
 
   const adapter = new PrismaLibSql({ url: `file:${DB_PATH}` })
@@ -54,6 +58,9 @@ async function initializePrisma(): Promise<PrismaClient> {
   // Run schema.sql — uses CREATE TABLE IF NOT EXISTS so it's idempotent
   await applySchema(prisma)
 
+  // Secure database files (owner read/write only)
+  secureDatabase()
+
   prismaInstance = prisma
   return prisma
 }
@@ -86,6 +93,24 @@ async function applySchema(prisma: PrismaClient): Promise<void> {
   }
 }
 
+/**
+ * Set restrictive permissions on database files.
+ * SQLite WAL mode creates additional -wal and -shm files that also need protection.
+ */
+function secureDatabase(): void {
+  const filesToSecure = [
+    DB_PATH,
+    `${DB_PATH}-wal`,
+    `${DB_PATH}-shm`,
+  ]
+
+  for (const filePath of filesToSecure) {
+    if (fs.existsSync(filePath)) {
+      fs.chmodSync(filePath, 0o600)
+    }
+  }
+}
+
 /**
  * Close the Prisma connection.
  */