zele 0.3.16 → 0.3.17

package/src/auth.ts

@@ -16,7 +16,51 @@ import { getPrisma } from './db.js'
 import { GmailClient } from './gmail-client.js'
 import { CalendarClient } from './calendar-client.js'
 import * as errore from 'errore'
-import { AuthError } from './api-utils.js'
+import { AuthError, ApiError, UnsupportedError } from './api-utils.js'
+import { ImapSmtpClient } from './imap-smtp-client.js'
+
+// ---------------------------------------------------------------------------
+// Account types
+// ---------------------------------------------------------------------------
+
+export type AccountType = 'google' | 'imap_smtp'
+
+export const IMAP_SMTP_APP_ID = 'imap_smtp' as const
+
+export interface ImapCredentials {
+  host: string
+  port: number
+  user: string
+  password: string
+  tls: boolean
+}
+
+export interface SmtpCredentials {
+  host: string
+  port: number
+  user: string
+  password: string
+  tls: boolean
+}
+
+/** Stored in the `tokens` column for imap_smtp accounts. */
+export interface ImapSmtpCredentials {
+  imap?: ImapCredentials
+  smtp?: SmtpCredentials
+}
+
+/** Capabilities an account can have. */
+export type AccountCapability = 'gmail' | 'calendar' | 'smtp' | 'imap'
+
+export function parseCapabilities(raw: string): AccountCapability[] {
+  if (!raw) return []
+  return raw.split(',').map((s) => s.trim()).filter(Boolean) as AccountCapability[]
+}
+
+export function hasCapability(capabilities: string | AccountCapability[], cap: AccountCapability): boolean {
+  const list = typeof capabilities === 'string' ? parseCapabilities(capabilities) : capabilities
+  return list.includes(cap)
+}
 
 // ---------------------------------------------------------------------------
 // Known open-source Google OAuth clients (Desktop app type).
@@ -123,6 +167,8 @@ export function createOAuth2Client(appId?: string): OAuth2Client {
 export interface AccountId {
   email: string
   appId: string
+  accountType: AccountType
+  capabilities: AccountCapability[]
 }
 
 // ---------------------------------------------------------------------------
@@ -530,6 +576,7 @@ export async function login(
 
   // Upsert account in DB
   const prisma = await getPrisma()
+  const googleCapabilities = 'gmail,calendar,smtp'
   const upsertResult = await errore.tryAsync({
     try: () =>
       prisma.account.upsert({
@@ -537,12 +584,14 @@ export async function login(
         create: {
           email,
           appId: resolved.clientId,
+          accountType: 'google',
+          capabilities: googleCapabilities,
           accountStatus: 'active',
           tokens: JSON.stringify(tokens),
           createdAt: new Date(),
           updatedAt: new Date(),
         },
-        update: { tokens: JSON.stringify(tokens), updatedAt: new Date() },
+        update: { tokens: JSON.stringify(tokens), capabilities: googleCapabilities, updatedAt: new Date() },
       }),
     catch: (err) => new Error(`Failed to save account ${email}`, { cause: err }),
   })
@@ -551,6 +600,143 @@ export async function login(
   return { email, appId: resolved.clientId, client }
 }
 
+// ---------------------------------------------------------------------------
+// Login: IMAP/SMTP credentials → save to DB
+// ---------------------------------------------------------------------------
+
+export interface LoginImapOptions {
+  email: string
+  imapHost: string
+  imapPort?: number
+  smtpHost?: string
+  smtpPort?: number
+  password?: string
+  imapUser?: string
+  imapPassword?: string
+  smtpUser?: string
+  smtpPassword?: string
+  tls?: boolean
+}
+
+/**
+ * Login with IMAP/SMTP credentials. Tests connections before saving.
+ * Returns an error value if validation or connection test fails.
+ */
+export async function loginImap(
+  options: LoginImapOptions,
+): Promise<{ email: string; appId: string } | Error> {
+  const {
+    email,
+    imapHost,
+    imapPort = 993,
+    smtpHost,
+    smtpPort = 465,
+    password,
+    imapUser,
+    imapPassword,
+    smtpUser,
+    smtpPassword,
+    tls = true,
+  } = options
+
+  const imapPass = imapPassword ?? password
+  if (!imapPass) {
+    return new Error('IMAP password is required (--password or --imap-password)')
+  }
+
+  const credentials: ImapSmtpCredentials = {
+    imap: {
+      host: imapHost,
+      port: imapPort,
+      user: imapUser ?? email,
+      password: imapPass,
+      tls,
+    },
+  }
+
+  // Test IMAP connection
+  const { ImapFlow } = await import('imapflow')
+  const testClient = new ImapFlow({
+    host: imapHost,
+    port: imapPort,
+    secure: tls,
+    auth: { user: imapUser ?? email, pass: imapPass },
+    logger: false,
+  })
+
+  const imapTest = await errore.tryAsync({
+    try: async () => {
+      await testClient.connect()
+      await testClient.logout()
+    },
+    catch: (err) => new AuthError({ email, reason: `IMAP connection failed: ${String(err)}` }),
+  })
+  if (imapTest instanceof Error) return imapTest
+
+  // Configure SMTP if provided
+  const capabilities: AccountCapability[] = ['imap']
+
+  if (smtpHost) {
+    const smtpPass = smtpPassword ?? password
+    if (!smtpPass) {
+      return new Error('SMTP password is required when --smtp-host is provided (--password or --smtp-password)')
+    }
+
+    credentials.smtp = {
+      host: smtpHost,
+      port: smtpPort,
+      user: smtpUser ?? email,
+      password: smtpPass,
+      tls: smtpPort === 465,
+    }
+
+    // Test SMTP connection
+    const nodemailer = await import('nodemailer')
+    const transporter = nodemailer.default.createTransport({
+      host: smtpHost,
+      port: smtpPort,
+      secure: smtpPort === 465,
+      auth: { user: smtpUser ?? email, pass: smtpPass },
+    })
+
+    const smtpTest = await errore.tryAsync({
+      try: () => transporter.verify(),
+      catch: (err) => new AuthError({ email, reason: `SMTP connection failed: ${String(err)}` }),
+    })
+    if (smtpTest instanceof Error) return smtpTest
+
+    capabilities.push('smtp')
+  }
+
+  // Save to DB
+  const prisma = await getPrisma()
+  const upsertResult = await errore.tryAsync({
+    try: () =>
+      prisma.account.upsert({
+        where: { email_appId: { email, appId: IMAP_SMTP_APP_ID } },
+        create: {
+          email,
+          appId: IMAP_SMTP_APP_ID,
+          accountType: 'imap_smtp',
+          capabilities: capabilities.join(','),
+          accountStatus: 'active',
+          tokens: JSON.stringify(credentials),
+          createdAt: new Date(),
+          updatedAt: new Date(),
+        },
+        update: {
+          capabilities: capabilities.join(','),
+          tokens: JSON.stringify(credentials),
+          updatedAt: new Date(),
+        },
+      }),
+    catch: (err) => new Error(`Failed to save account ${email}`, { cause: err }),
+  })
+  if (upsertResult instanceof Error) return upsertResult
+
+  return { email, appId: IMAP_SMTP_APP_ID }
+}
+
 // ---------------------------------------------------------------------------
 // Logout: remove account from DB
 // ---------------------------------------------------------------------------
@@ -571,8 +757,13 @@ export async function logout(email: string): Promise<void | Error> {
 
 export async function listAccounts(): Promise<AccountId[]> {
   const prisma = await getPrisma()
-  const rows = await prisma.account.findMany({ select: { email: true, appId: true } })
-  return rows.map((r) => ({ email: r.email, appId: r.appId }))
+  const rows = await prisma.account.findMany({ select: { email: true, appId: true, accountType: true, capabilities: true } })
+  return rows.map((r) => ({
+    email: r.email,
+    appId: r.appId,
+    accountType: r.accountType as AccountType,
+    capabilities: parseCapabilities(r.capabilities),
+  }))
 }
 
 // ---------------------------------------------------------------------------
@@ -613,13 +804,23 @@ async function authenticateAccount(account: AccountId): Promise<OAuth2Client> {
   return oauth2Client
 }
 
+/** Entry returned by getClients — client is GmailClient for Google accounts, ImapSmtpClient for IMAP/SMTP. */
+export interface ClientEntry {
+  email: string
+  appId: string
+  accountType: AccountType
+  capabilities: AccountCapability[]
+  client: GmailClient | ImapSmtpClient
+}
+
 /**
- * Get authenticated GmailClient instances for all accounts (or filtered by email list).
+ * Get authenticated client instances for all accounts (or filtered by email list).
+ * Returns GmailClient for Google accounts and ImapSmtpClient for IMAP/SMTP accounts.
  * If no accounts are registered, throws with a helpful message.
  */
 export async function getClients(
   accounts?: string[],
-): Promise<Array<{ email: string; appId: string; client: GmailClient }>> {
+): Promise<ClientEntry[]> {
   const allAccounts = await listAccounts()
   if (allAccounts.length === 0) {
     throw new Error('No accounts registered. Run: zele login')
@@ -634,10 +835,33 @@ export async function getClients(
     throw new Error(`No matching accounts. Available: ${available}`)
   }
 
+  const prisma = await getPrisma()
   const results = await Promise.all(
-    filtered.map(async (account) => {
+    filtered.map(async (account): Promise<ClientEntry> => {
+      if (account.accountType === 'imap_smtp') {
+        const row = await prisma.account.findUnique({
+          where: { email_appId: { email: account.email, appId: account.appId } },
+        })
+        if (!row) throw new Error(`No account found for ${account.email}. Run: zele login`)
+        const credentials: ImapSmtpCredentials = JSON.parse(row.tokens)
+        return {
+          email: account.email,
+          appId: account.appId,
+          accountType: 'imap_smtp',
+          capabilities: account.capabilities,
+          client: new ImapSmtpClient({ credentials, account }),
+        }
+      }
+
+      // Google account
       const auth = await authenticateAccount(account)
-      return { email: account.email, appId: account.appId, client: new GmailClient({ auth, account }) }
+      return {
+        email: account.email,
+        appId: account.appId,
+        accountType: 'google',
+        capabilities: account.capabilities,
+        client: new GmailClient({ auth, account }),
+      }
     }),
   )
 
@@ -645,12 +869,12 @@ export async function getClients(
 }
 
 /**
- * Get a single authenticated GmailClient. Errors if multiple accounts exist
+ * Get a single authenticated client. Errors if multiple accounts exist
  * and no --account filter was provided.
  */
 export async function getClient(
   accounts?: string[],
-): Promise<{ email: string; appId: string; client: GmailClient }> {
+): Promise<ClientEntry> {
   const clients = await getClients(accounts)
   if (clients.length === 1) {
     return clients[0]!
@@ -662,12 +886,31 @@ export async function getClient(
   )
 }
 
+/**
+ * Get a single authenticated GmailClient. Errors if account is not a Google account.
+ * Use this for commands that require Gmail-specific features.
+ */
+export async function getGmailClient(
+  accounts?: string[],
+): Promise<{ email: string; appId: string; client: GmailClient }> {
+  const entry = await getClient(accounts)
+  if (entry.accountType !== 'google') {
+    throw new UnsupportedError({
+      feature: 'This command',
+      accountType: 'IMAP/SMTP',
+      hint: 'It requires a Google account.',
+    })
+  }
+  return { email: entry.email, appId: entry.appId, client: entry.client as GmailClient }
+}
+
 // ---------------------------------------------------------------------------
 // Calendar client helpers
 // ---------------------------------------------------------------------------
 
 /**
- * Get authenticated CalendarClient instances for all accounts (or filtered by email list).
+ * Get authenticated CalendarClient instances for Google accounts only.
+ * IMAP/SMTP accounts are silently skipped (calendar requires Google OAuth).
  */
 export async function getCalendarClients(
   accounts?: string[],
@@ -686,8 +929,18 @@ export async function getCalendarClients(
     throw new Error(`No matching accounts. Available: ${available}`)
   }
 
+  // Only Google accounts support calendar
+  const googleAccounts = filtered.filter((a) => a.accountType === 'google')
+  if (googleAccounts.length === 0) {
+    throw new UnsupportedError({
+      feature: 'Calendar',
+      accountType: 'IMAP/SMTP',
+      hint: 'Calendar requires a Google account.',
+    })
+  }
+
   const results = await Promise.all(
-    filtered.map(async (account) => {
+    googleAccounts.map(async (account) => {
       const auth = await authenticateAccount(account)
       const { token } = await auth.getAccessToken()
       if (!token) throw new Error(`Failed to get access token for ${account.email}`)
@@ -723,6 +976,8 @@ export async function getCalendarClient(
 export interface AuthStatus {
   email: string
   appId: string
+  accountType: AccountType
+  capabilities: AccountCapability[]
   expiresAt?: Date
 }
 
@@ -731,11 +986,24 @@ export async function getAuthStatuses(): Promise<AuthStatus[]> {
   const rows = await prisma.account.findMany()
 
   return rows.map((row) => {
-    const tokens: Credentials = JSON.parse(row.tokens)
+    const accountType = row.accountType as AccountType
+    const capabilities = parseCapabilities(row.capabilities)
+    if (accountType === 'google') {
+      const tokens: Credentials = JSON.parse(row.tokens)
+      return {
+        email: row.email,
+        appId: row.appId,
+        accountType,
+        capabilities,
+        expiresAt: tokens.expiry_date ? new Date(tokens.expiry_date) : undefined,
+      }
+    }
+    // IMAP/SMTP — no expiry
     return {
       email: row.email,
       appId: row.appId,
-      expiresAt: tokens.expiry_date ? new Date(tokens.expiry_date) : undefined,
+      accountType,
+      capabilities,
     }
   })
 }

package/src/commands/attachment.ts

@@ -86,6 +86,7 @@ export function registerAttachmentCommands(cli: Goke) {
 
       // Download
       const base64Data = await client.getAttachment({ messageId, attachmentId })
+      if (base64Data instanceof Error) return handleCommandError(base64Data)
       const buffer = Buffer.from(base64Data, 'base64')
 
       // Ensure output directory exists

package/src/commands/auth-cmd.ts

@@ -1,17 +1,72 @@
-// Auth commands: login, logout, whoami.
-// Manages OAuth2 authentication for zele.
+// Auth commands: login, login imap, logout, whoami.
+// Manages authentication for zele (Google OAuth and IMAP/SMTP credentials).
 // Supports multiple accounts: login adds accounts, logout removes one.
 
 import type { Goke } from 'goke'
-import { login, logout, listAccounts, getAuthStatuses } from '../auth.js'
+import { z } from 'zod'
+import pc from 'picocolors'
+import { login, loginImap, logout, listAccounts, getAuthStatuses } from '../auth.js'
 import { closePrisma } from '../db.js'
 import * as out from '../output.js'
 import { handleCommandError } from '../output.js'
 
 export function registerAuthCommands(cli: Goke) {
   cli
-    .command('login', 'Authenticate with Google (opens browser). For headless/agent environments, run inside tmux: the command prints an authorization URL to open in a browser, then waits for the localhost redirect URL to be pasted back.')
+    .command('login', 'Authenticate with Google (opens browser) or show IMAP/SMTP login instructions')
     .action(async () => {
+      // In a TTY, ask if they want Google or Other
+      if (process.stdin.isTTY) {
+        const readline = await import('node:readline')
+        const rl = readline.createInterface({ input: process.stdin, output: process.stderr })
+
+        console.error(pc.bold('\nChoose authentication method:\n'))
+        console.error('  ' + pc.cyan('1') + ' Google (opens browser for OAuth)')
+        console.error('  ' + pc.cyan('2') + ' Other (IMAP/SMTP with password)\n')
+
+        const answer = await new Promise<string>((resolve) => {
+          rl.question('Enter choice [1]: ', resolve)
+        })
+        rl.close()
+
+        const choice = answer.trim() || '1'
+
+        if (choice === '2') {
+          console.error(pc.bold('\nTo add an IMAP/SMTP account, run:\n'))
+          console.error(pc.dim('  # Fastmail'))
+          console.error(`  zele login imap \\`)
+          console.error(`    --email you@fastmail.com \\`)
+          console.error(`    --imap-host imap.fastmail.com --imap-port 993 \\`)
+          console.error(`    --smtp-host smtp.fastmail.com --smtp-port 465 \\`)
+          console.error(`    --password "your-app-password"`)
+          console.error()
+          console.error(pc.dim('  # Gmail (app password)'))
+          console.error(`  zele login imap \\`)
+          console.error(`    --email you@gmail.com \\`)
+          console.error(`    --imap-host imap.gmail.com --imap-port 993 \\`)
+          console.error(`    --smtp-host smtp.gmail.com --smtp-port 465 \\`)
+          console.error(`    --password "your-app-password"`)
+          console.error()
+          console.error(pc.dim('  # Outlook/Hotmail'))
+          console.error(`  zele login imap \\`)
+          console.error(`    --email you@outlook.com \\`)
+          console.error(`    --imap-host outlook.office365.com --imap-port 993 \\`)
+          console.error(`    --smtp-host smtp-mail.outlook.com --smtp-port 587 \\`)
+          console.error(`    --password "your-password"`)
+          console.error()
+          console.error(pc.dim('  # Generic (any IMAP/SMTP provider)'))
+          console.error(`  zele login imap \\`)
+          console.error(`    --email you@example.com \\`)
+          console.error(`    --imap-host imap.example.com --imap-port 993 \\`)
+          console.error(`    --smtp-host smtp.example.com --smtp-port 465 \\`)
+          console.error(`    --password "your-password"`)
+          console.error()
+          console.error(pc.dim('Omit --smtp-host for read-only (IMAP only, no sending).'))
+          console.error(pc.dim('Use --imap-user/--smtp-user if the login username differs from your email.'))
+          return
+        }
+      }
+
+      // Default: Google OAuth flow
       const result = await login()
       if (result instanceof Error) handleCommandError(result)
       const { email } = result
@@ -20,6 +75,56 @@ export function registerAuthCommands(cli: Goke) {
       process.exit(0)
     })
 
+  cli
+    .command('login imap', 'Add an IMAP/SMTP email account (non-interactive, designed for agents)')
+    .option('--email <email>', z.string().describe('Email address'))
+    .option('--imap-host <imapHost>', z.string().describe('IMAP server hostname'))
+    .option('--imap-port <imapPort>', z.string().describe('IMAP server port (default: 993)'))
+    .option('--smtp-host <smtpHost>', z.string().describe('SMTP server hostname (optional, enables sending)'))
+    .option('--smtp-port <smtpPort>', z.string().describe('SMTP server port (default: 465)'))
+    .option('--password <password>', z.string().describe('Password (shared for IMAP and SMTP unless overridden)'))
+    .option('--imap-user <imapUser>', z.string().describe('IMAP username (defaults to --email)'))
+    .option('--imap-password <imapPassword>', z.string().describe('IMAP password (overrides --password)'))
+    .option('--smtp-user <smtpUser>', z.string().describe('SMTP username (defaults to --email)'))
+    .option('--smtp-password <smtpPassword>', z.string().describe('SMTP password (overrides --password)'))
+    .option('--no-tls', 'Disable TLS (not recommended)')
+    .action(async (options) => {
+      if (!options.email) {
+        out.error('--email is required')
+        process.exit(1)
+      }
+      if (!options.imapHost) {
+        out.error('--imap-host is required')
+        process.exit(1)
+      }
+      if (!options.password && !options.imapPassword) {
+        out.error('--password or --imap-password is required')
+        process.exit(1)
+      }
+
+      out.hint('Testing IMAP connection...')
+
+      const result = await loginImap({
+        email: options.email,
+        imapHost: options.imapHost,
+        imapPort: options.imapPort ? Number(options.imapPort) : undefined,
+        smtpHost: options.smtpHost,
+        smtpPort: options.smtpPort ? Number(options.smtpPort) : undefined,
+        password: options.password,
+        imapUser: options.imapUser,
+        imapPassword: options.imapPassword,
+        smtpUser: options.smtpUser,
+        smtpPassword: options.smtpPassword,
+        tls: options.noTls !== true,
+      })
+      if (result instanceof Error) handleCommandError(result)
+
+      const caps = options.smtpHost ? 'IMAP + SMTP' : 'IMAP only'
+      out.success(`Authenticated ${result.email} (${caps})`)
+      await closePrisma()
+      process.exit(0)
+    })
+
   cli
     .command('logout [email]', 'Remove stored credentials for an account')
     .option('--force', 'Skip confirmation')
@@ -88,9 +193,10 @@ export function registerAuthCommands(cli: Goke) {
       out.printList(
         statuses.map((s) => ({
           email: s.email,
-          app_id: s.appId,
+          type: s.accountType,
+          capabilities: s.capabilities.join(', '),
           status: 'Authenticated',
-          expires: s.expiresAt?.toISOString() ?? 'unknown',
+          ...(s.expiresAt ? { expires: s.expiresAt.toISOString() } : {}),
         })),
         { summary: `${statuses.length} account(s)` },
       )

package/src/commands/draft.ts

@@ -8,6 +8,7 @@ import { z } from 'zod'
 import fs from 'node:fs'
 import { getClients, getClient } from '../auth.js'
 import type { GmailClient } from '../gmail-client.js'
+import type { ImapSmtpClient } from '../imap-smtp-client.js'
 import { AuthError } from '../api-utils.js'
 import * as out from '../output.js'
 import { handleCommandError } from '../output.js'
@@ -154,6 +155,7 @@ export function registerDraftCommands(cli: Goke) {
         threadId: options.thread,
         fromEmail: options.from,
       })
+      if (result instanceof Error) handleCommandError(result)
 
       out.printYaml(result)
       out.success('Draft created')
@@ -168,6 +170,7 @@ export function registerDraftCommands(cli: Goke) {
     .action(async (draftId, options) => {
       const { client } = await getClient(options.account)
       const result = await client.sendDraft({ draftId })
+      if (result instanceof Error) handleCommandError(result)
 
       out.printYaml(result)
       out.success('Draft sent')
@@ -197,7 +200,8 @@ export function registerDraftCommands(cli: Goke) {
 
       const { client } = await getClient(options.account)
 
-      await client.deleteDraft({ draftId })
+      const deleteResult = await client.deleteDraft({ draftId })
+      if (deleteResult instanceof Error) handleCommandError(deleteResult)
 
       out.printYaml({ draft_id: draftId, deleted: true })
     })

package/src/commands/filter.ts

@@ -3,8 +3,10 @@
 
 import type { Goke } from 'goke'
 import { getClients } from '../auth.js'
-import { AuthError, isScopeError } from '../api-utils.js'
+import { AuthError, UnsupportedError, isScopeError } from '../api-utils.js'
+import type { GmailClient } from '../gmail-client.js'
 import * as out from '../output.js'
+import { handleCommandError } from '../output.js'
 
 export function registerFilterCommands(cli: Goke) {
   // =========================================================================
@@ -15,10 +17,14 @@ export function registerFilterCommands(cli: Goke) {
     .command('mail filter list', 'List all Gmail filters')
     .action(async (options) => {
       const clients = await getClients(options.account)
+      const googleClients = clients.filter((c) => c.accountType === 'google')
+      if (googleClients.length === 0) {
+        handleCommandError(new UnsupportedError({ feature: 'Filters', accountType: 'IMAP/SMTP', hint: 'Filters are a Gmail-specific feature.' }))
+      }
 
       const results = await Promise.all(
-        clients.map(async ({ email, client }) => {
-          const res = await client.listFilters()
+        googleClients.map(async ({ email, client }) => {
+          const res = await (client as GmailClient).listFilters()
           if (res instanceof Error) return res
           return { email, filters: res.parsed }
         }),