zubo 0.1.27 → 0.1.29

package/README.md

@@ -98,9 +98,10 @@ User Message
 All config lives in `~/.zubo/config.json`. Run `zubo setup` for interactive configuration, or set values directly:
 
 ```bash
-zubo config set activeProvider anthropic
-zubo config set smartRouting.enabled true
+zubo config set activeProvider anthropic
+zubo config set smartRouting.enabled true
 zubo config set budget.monthlyLimitUsd 50
+zubo config set approvals.autoApproveFirstPartyTools true
 ```
 
 See the full [configuration reference](https://zubo.bot/docs/config.html) for all options.
@@ -167,6 +168,7 @@ Across WebChat, Telegram, Discord, Slack, and other channels:
   - `/permissions set <tool> <auto|confirm|deny>` — override tool permission
   - `/budget` — view budget usage and limits
   - `/budget pause|resume` — pause/resume budget enforcement
+  - `/sent [n]` — show latest outbound email delivery records
 
 ## Contributing
 

package/migrations/025_sent_messages.sql

@@ -0,0 +1,18 @@
+CREATE TABLE IF NOT EXISTS sent_messages (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  provider TEXT NOT NULL, -- smtp | gmail | email_channel
+  recipient TEXT NOT NULL,
+  subject TEXT NOT NULL,
+  body_preview TEXT,
+  attachments_json TEXT,
+  status TEXT NOT NULL, -- sent | failed
+  error_message TEXT,
+  external_id TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_sent_messages_created_at
+  ON sent_messages(created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_sent_messages_recipient
+  ON sent_messages(recipient);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zubo",
-  "version": "0.1.27",
+  "version": "0.1.29",
   "description": "Your AI agent that never forgets. Persistent memory, 25+ tools, 7 channels, 11+ LLM providers — runs entirely on your machine.",
   "license": "MIT",
   "author": "thomaskanze",

package/src/agent/loop.ts

@@ -41,12 +41,33 @@ function resolveOptions(memoriesOrOptions: string | AgentLoopOptions): AgentLoop
 }
 
 /** Detect standalone greetings that don't need tool definitions in context. */
-function looksConversational(text: string): boolean {
+function looksConversational(text: string): boolean {
   const t = text.trim().toLowerCase().replace(/[!?.,:;]+$/g, "");
   // Only match messages that are PURELY a greeting — no follow-up request
   const standaloneGreetings = /^(h(ello|i|ey|owdy|ola)|yo|sup|good\s*(morning|afternoon|evening|night)|what'?s\s*up|gm|thanks|thank\s*you|ok(ay)?|bye|see\s*ya|cool|nice|wow|lol|haha)$/;
-  return standaloneGreetings.test(t);
-}
+  return standaloneGreetings.test(t);
+}
+
+export function hasEmailSendIntent(text: string): boolean {
+  const t = text.trim().toLowerCase();
+  if (!t) return false;
+  if (/\bdraft\b/.test(t) && !/\bsend\b/.test(t)) return false;
+  if (/\b(send|email|mail)\b/.test(t) && /\b(to|recipient)\b/.test(t)) return true;
+  if (/\b(write|compose)\b.*\b(email|mail)\b/.test(t)) return true;
+  return false;
+}
+
+export function canSendEmailWithTools(tools: any[]): boolean {
+  const names = new Set(tools.map((t) => t.name));
+  return names.has("email_send") || names.has("gmail");
+}
+
+function hasEmailSendCapability(allowedTools?: string[]): boolean {
+  const defs = getAllToolDefs();
+  if (!allowedTools) return canSendEmailWithTools(defs);
+  const allowed = new Set(allowedTools);
+  return canSendEmailWithTools(defs.filter((d) => allowed.has(d.name)));
+}
 
 async function prepareLoop(
   llm: LlmProvider,
@@ -214,10 +235,12 @@ export async function agentLoop(
   memoriesOrOptions: string | AgentLoopOptions = ""
 ): Promise<LoopResult> {
   const options = resolveOptions(memoriesOrOptions);
-  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
-  const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
-
-  let totalToolCalls = 0;
+  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
+  const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
+  const emailIntentLock = hasEmailSendIntent(userMessage) && canSendEmailWithTools(tools);
+  let emailIntentRetries = 0;
+
+  let totalToolCalls = 0;
 
   for (let round = 0; round < maxRounds; round++) {
     const llmStartTime = Date.now();
@@ -246,15 +269,40 @@ export async function agentLoop(
 
     const toolUseBlocks = extractToolUseBlocks(response.content);
 
-    // No tool calls — done
-    if (toolUseBlocks.length === 0) {
-      const reply = response.content
-        .filter((b) => b.type === "text")
-        .map((b) => b.text ?? "")
-        .join("\n") || "";
-      finishLoop(sessionId, reply);
-      triggerPostLoopCompaction(llm, sessionId);
-      return { reply, toolCalls: totalToolCalls };
+    // No tool calls — done
+    if (toolUseBlocks.length === 0) {
+      const reply = response.content
+        .filter((b) => b.type === "text")
+        .map((b) => b.text ?? "")
+        .join("\n") || "";
+
+      if (emailIntentLock && totalToolCalls === 0 && emailIntentRetries < 1) {
+        emailIntentRetries += 1;
+        messages.push({ role: "assistant", content: response.content });
+        messages.push({
+          role: "user",
+          content: [{
+            type: "text",
+            text:
+              "Policy guard: The user asked you to SEND an email. You must execute an email tool now (email_send or gmail action send/reply). " +
+              "Do not return a draft-only response.",
+          }],
+        });
+        continue;
+      }
+
+      if (emailIntentLock && totalToolCalls === 0 && emailIntentRetries >= 1) {
+        const lockedReply =
+          "I couldn't complete that because no email send tool was executed. " +
+          "Please try again and I'll send it directly.";
+        finishLoop(sessionId, lockedReply);
+        triggerPostLoopCompaction(llm, sessionId);
+        return { reply: lockedReply, toolCalls: totalToolCalls };
+      }
+
+      finishLoop(sessionId, reply);
+      triggerPostLoopCompaction(llm, sessionId);
+      return { reply, toolCalls: totalToolCalls };
     }
 
     // Execute tools
@@ -272,18 +320,30 @@ export async function agentLoop(
   return { reply: MAX_ROUNDS_FALLBACK, toolCalls: totalToolCalls };
 }
 
-export async function agentLoopStream(
-  llm: LlmProvider,
-  sessionId: string,
-  userMessage: string,
+export async function agentLoopStream(
+  llm: LlmProvider,
+  sessionId: string,
+  userMessage: string,
   callbacks: StreamCallbacks,
   memoriesOrOptions: string | AgentLoopOptions = ""
-): Promise<void> {
-  const options = resolveOptions(memoriesOrOptions);
-  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
-
-  // Fall back to non-streaming if provider doesn't support it
-  if (!llm.chatStream) {
+): Promise<void> {
+  const options = resolveOptions(memoriesOrOptions);
+  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
+  const emailIntentLock = hasEmailSendIntent(userMessage) && hasEmailSendCapability(options.allowedTools);
+
+  if (emailIntentLock) {
+    try {
+      const result = await agentLoop(llm, sessionId, userMessage, options);
+      callbacks.onTextDelta(result.reply);
+      callbacks.onDone(result);
+    } catch (err: any) {
+      callbacks.onError(err);
+    }
+    return;
+  }
+
+  // Fall back to non-streaming if provider doesn't support it
+  if (!llm.chatStream) {
     try {
       const result = await agentLoop(llm, sessionId, userMessage, memoriesOrOptions);
       callbacks.onTextDelta(result.reply);
@@ -294,10 +354,10 @@ export async function agentLoopStream(
     return;
   }
 
-  try {
-    const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
-
-    let totalToolCalls = 0;
+  try {
+    const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
+
+    let totalToolCalls = 0;
     let fullReply = "";
 
     for (let round = 0; round < maxRounds; round++) {

package/src/agent/prompts.ts

@@ -45,11 +45,17 @@ const DEFAULT_PERSONALITY = `You are Zubo, a personal AI agent. You are friendly
 - When the user says "remind me", "ping me", "follow up" — create a reminder.
 - Use follow_ups to schedule check-ins: "follow up about the dentist tomorrow", "check in about the project in 3 days".
 
-## Todos & notes
-
-- Use the todos tool when the user asks to track tasks, create to-do lists, or manage action items. "Add buy groceries to my list" → todos with action "add".
-- Use the notes tool to save, search, and organize information. "Save this recipe" → notes with action "save". "Find my notes about React" → notes with action "search".
-- When the user mentions something they need to do, proactively offer to add it as a todo.
+## Todos & notes
+
+- Use the todos tool when the user asks to track tasks, create to-do lists, or manage action items. "Add buy groceries to my list" → todos with action "add".
+- Use the notes tool to save, search, and organize information. "Save this recipe" → notes with action "save". "Find my notes about React" → notes with action "search".
+- When the user mentions something they need to do, proactively offer to add it as a todo.
+
+## Email actions
+
+- If the user asks you to send/write an email to someone, you must actually send it using a tool ("email_send" or "gmail"). Do not only draft text unless the user explicitly asks for a draft.
+- If required fields are missing, ask only for what's missing ("to", "subject", or "body") and send immediately once provided.
+- When files are mentioned for an outgoing email, include them via the email tool's attachments input (workspace paths or upload IDs like "upload:123").
 
 ## Preferences
 

package/src/channels/email.ts

@@ -1,8 +1,11 @@
-import { connect, type Socket } from "net";
-import * as tls from "tls";
-import type { ChannelAdapter, InboundMessage } from "./adapter";
-import type { MessageRouter } from "./router";
-import { logger } from "../util/logger";
+import { connect, type Socket } from "net";
+import * as tls from "tls";
+import { readFileSync, statSync } from "fs";
+import { basename } from "path";
+import type { ChannelAdapter, InboundMessage } from "./adapter";
+import type { MessageRouter } from "./router";
+import { logSentMessage } from "../email/sent-log";
+import { logger } from "../util/logger";
 
 export interface EmailConfig {
   enabled: boolean;
@@ -186,11 +189,104 @@ class ImapClient {
 
 // --- Minimal SMTP client ---
 
-class SmtpClient {
+class SmtpClient {
   private socket: Socket | tls.TLSSocket | null = null;
   private buffer = "";
 
-  constructor(private config: EmailConfig["smtp"], private fromName?: string) {}
+  constructor(private config: EmailConfig["smtp"], private fromName?: string) {}
+
+  private repairMojibake(value: string): string {
+    if (!/[ÃÂ]/.test(value)) return value;
+    try {
+      const repaired = Buffer.from(value, "latin1").toString("utf8");
+      return repaired.includes("�") ? value : repaired;
+    } catch {
+      return value;
+    }
+  }
+
+  private encodeMimeHeader(value: string): string {
+    const repaired = this.repairMojibake(value);
+    const sanitized = repaired.replace(/[\r\n]+/g, " ").trim();
+    if (!sanitized) return "";
+    // RFC 2047 encoded-word for non-ASCII header values (emoji, accents, etc.).
+    if (/^[\x00-\x7F]*$/.test(sanitized)) return sanitized;
+    return `=?UTF-8?B?${Buffer.from(sanitized, "utf8").toString("base64")}?=`;
+  }
+
+  private toCrlfBody(body: string): string {
+    const repaired = this.repairMojibake(body);
+    const normalized = repaired.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
+    return normalized
+      .split("\n")
+      .map((line) => (line.startsWith(".") ? `.${line}` : line))
+      .join("\r\n");
+  }
+
+  private buildMimeMessage(
+    fromAddr: string,
+    to: string,
+    subject: string,
+    body: string,
+    attachments: string[] = [],
+  ): string {
+    const displayName = this.fromName || "Zubo";
+    const encodedFromName = this.encodeMimeHeader(displayName);
+    const encodedSubject = this.encodeMimeHeader(subject);
+    const safeBody = this.toCrlfBody(body || "");
+    if (!attachments.length) {
+      return [
+        `From: ${encodedFromName} <${fromAddr}>`,
+        `To: ${to}`,
+        `Subject: ${encodedSubject}`,
+        `Date: ${new Date().toUTCString()}`,
+        `MIME-Version: 1.0`,
+        `Content-Type: text/plain; charset=utf-8`,
+        `Content-Transfer-Encoding: 8bit`,
+        ``,
+        safeBody,
+      ].join("\r\n");
+    }
+
+    const boundary = `zubo-${crypto.randomUUID()}`;
+    const lines: string[] = [
+      `From: ${encodedFromName} <${fromAddr}>`,
+      `To: ${to}`,
+      `Subject: ${encodedSubject}`,
+      `Date: ${new Date().toUTCString()}`,
+      `MIME-Version: 1.0`,
+      `Content-Type: multipart/mixed; boundary="${boundary}"`,
+      ``,
+      `--${boundary}`,
+      `Content-Type: text/plain; charset=utf-8`,
+      `Content-Transfer-Encoding: 8bit`,
+      ``,
+      safeBody,
+      ``,
+    ];
+
+    for (const attachmentPath of attachments) {
+      const size = statSync(attachmentPath).size;
+      if (size > 10 * 1024 * 1024) {
+        throw new Error(`Attachment too large (>10MB): ${attachmentPath}`);
+      }
+      const filename = basename(attachmentPath);
+      const encodedFilename = this.encodeMimeHeader(filename);
+      const content = readFileSync(attachmentPath);
+      const b64 = content.toString("base64").replace(/(.{76})/g, "$1\r\n");
+      lines.push(
+        `--${boundary}`,
+        `Content-Type: application/octet-stream; name="${encodedFilename}"`,
+        `Content-Disposition: attachment; filename="${encodedFilename}"`,
+        `Content-Transfer-Encoding: base64`,
+        ``,
+        b64,
+        ``,
+      );
+    }
+    lines.push(`--${boundary}--`);
+    return lines.join("\r\n");
+  }
 
   private async connectRaw(): Promise<Socket | tls.TLSSocket> {
     return new Promise((resolve, reject) => {
@@ -237,7 +333,7 @@ class SmtpClient {
     });
   }
 
-  async sendEmail(to: string, subject: string, body: string, from?: string): Promise<void> {
+  async sendEmail(to: string, subject: string, body: string, from?: string, attachments: string[] = []): Promise<void> {
     const rawSocket = await this.connectRaw();
     let socket: Socket | tls.TLSSocket = rawSocket;
 
@@ -281,18 +377,8 @@ class SmtpClient {
       // DATA
       await this.sendCmd(socket, "DATA");
 
-      // Message content — write directly to socket, not via sendCmd
-      const displayName = this.fromName || "Zubo";
-      const message = [
-        `From: ${displayName} <${fromAddr}>`,
-        `To: ${to}`,
-        `Subject: ${subject}`,
-        `Date: ${new Date().toUTCString()}`,
-        `Content-Type: text/plain; charset=utf-8`,
-        `Content-Transfer-Encoding: 8bit`,
-        ``,
-        body,
-      ].join("\r\n");
+      // Message content — write directly to socket, not via sendCmd
+      const message = this.buildMimeMessage(fromAddr, to, subject, body, attachments);
 
       // Send body then terminator, wait for 250 OK
       await new Promise<void>((resolve, reject) => {
@@ -305,14 +391,48 @@ class SmtpClient {
       });
 
       // QUIT
-      try {
-        await this.sendCmd(socket, "QUIT");
-      } catch {}
-    } finally {
-      socket.destroy();
-    }
-  }
-}
+      try {
+        await this.sendCmd(socket, "QUIT");
+      } catch {}
+      logSentMessage({
+        provider: "smtp",
+        recipient: to,
+        subject,
+        body,
+        attachments,
+        status: "sent",
+      });
+    } finally {
+      socket.destroy();
+    }
+  }
+}
+
+export async function sendSmtpEmail(
+  config: EmailConfig["smtp"],
+  to: string,
+  subject: string,
+  body: string,
+  fromName?: string,
+  from?: string,
+  attachments: string[] = [],
+): Promise<void> {
+  const smtp = new SmtpClient(config, fromName);
+  try {
+    await smtp.sendEmail(to, subject, body, from, attachments);
+  } catch (err: any) {
+    logSentMessage({
+      provider: "smtp",
+      recipient: to,
+      subject,
+      body,
+      attachments,
+      status: "failed",
+      errorMessage: err?.message ?? String(err),
+    });
+    throw err;
+  }
+}
 
 // --- Email channel adapter ---
 
@@ -387,13 +507,21 @@ export function createEmailAdapter(
               ? (msg.subject.startsWith("Re:") ? msg.subject : `Re: ${msg.subject}`)
               : "Re: your message";
 
-            try {
-              await smtp.sendEmail(senderEmail, replySubject, reply);
-              logger.info(`Email: replied to ${senderEmail}`);
-            } catch (err: any) {
-              logger.error("Email: failed to send reply", { error: err.message, to: senderEmail });
-            }
-          });
+            try {
+              await smtp.sendEmail(senderEmail, replySubject, reply);
+              logger.info(`Email: replied to ${senderEmail}`);
+            } catch (err: any) {
+              logger.error("Email: failed to send reply", { error: err.message, to: senderEmail });
+              logSentMessage({
+                provider: "email_channel",
+                recipient: senderEmail,
+                subject: replySubject,
+                body: reply,
+                status: "failed",
+                errorMessage: err?.message ?? String(err),
+              });
+            }
+          });
 
           await imap.markSeen(uid);
         } catch (err: any) {
@@ -438,12 +566,20 @@ export function createEmailAdapter(
         return;
       }
 
-      try {
-        await smtp.sendEmail(to, "Message from Zubo", text);
-        logger.info(`Email: sent proactive message to ${to}`);
-      } catch (err: any) {
-        logger.error("Email: failed to send proactive message", { error: err.message, to });
-      }
+      try {
+        await smtp.sendEmail(to, "Message from Zubo", text);
+        logger.info(`Email: sent proactive message to ${to}`);
+      } catch (err: any) {
+        logger.error("Email: failed to send proactive message", { error: err.message, to });
+        logSentMessage({
+          provider: "email_channel",
+          recipient: to,
+          subject: "Message from Zubo",
+          body: text,
+          status: "failed",
+          errorMessage: err?.message ?? String(err),
+        });
+      }
     },
   };
 }

package/src/channels/router.ts

@@ -223,6 +223,7 @@ export function createRouter(
     "/permissions set <tool> <auto|confirm|deny>\n" +
     "/budget\n" +
     "/budget pause|resume\n" +
+    "/sent [n]\n" +
     "\n" +
     "Docs: https://zubo.bot/docs/";
 
@@ -313,6 +314,31 @@ export function createRouter(
         `monthly: $${monthly.total.toFixed(4)} / ${row.monthly_limit_usd ? `$${row.monthly_limit_usd.toFixed(2)}` : "unlimited"}`
       );
     }
+    if (command.name === "sent") {
+      const limitRaw = Number(command.args.trim() || "10");
+      const limit = Number.isFinite(limitRaw) ? Math.max(1, Math.min(50, Math.floor(limitRaw))) : 10;
+      try {
+        const rows = db.query(
+          "SELECT provider, recipient, subject, status, error_message, created_at FROM sent_messages ORDER BY id DESC LIMIT ?"
+        ).all(limit) as Array<{
+          provider: string;
+          recipient: string;
+          subject: string;
+          status: string;
+          error_message: string | null;
+          created_at: string;
+        }>;
+        if (!rows.length) return "No sent email records yet.";
+        return rows
+          .map((r, i) =>
+            `[${i + 1}] ${r.created_at} ${r.status.toUpperCase()} via ${r.provider} -> ${r.recipient}\n` +
+            `Subject: ${r.subject}${r.error_message ? `\nError: ${r.error_message}` : ""}`
+          )
+          .join("\n\n");
+      } catch {
+        return "Sent log is not available yet. Restart Zubo to apply latest DB migrations.";
+      }
+    }
     return null;
   }
 

package/src/channels/webchat.ts

@@ -360,12 +360,29 @@ async function handleDashboardApi(url: URL, req: Request): Promise<Response | nu
     return Response.json({ content: lines.slice(-100).join("\n") });
   }
 
-  // GET /api/dashboard/skills
-  if (path === "/skills" && req.method === "GET") {
-    return Response.json({ skills: getSkillsData() });
-  }
-
-  // ── TODOS ──
+  // GET /api/dashboard/skills
+  if (path === "/skills" && req.method === "GET") {
+    return Response.json({ skills: getSkillsData() });
+  }
+
+  // GET /api/dashboard/sent-messages?limit=20
+  if (path === "/sent-messages" && req.method === "GET") {
+    const db = getDb();
+    const limitRaw = Number(url.searchParams.get("limit") || "20");
+    const limit = Number.isFinite(limitRaw) ? Math.max(1, Math.min(100, Math.floor(limitRaw))) : 20;
+    try {
+      const rows = db.query(
+        `SELECT id, provider, recipient, subject, body_preview, attachments_json, status, error_message, external_id, created_at
+         FROM sent_messages
+         ORDER BY id DESC LIMIT ?`
+      ).all(limit);
+      return Response.json({ rows });
+    } catch (err: any) {
+      return Response.json({ rows: [], error: err.message });
+    }
+  }
+
+  // ── TODOS ──
 
   // GET /api/dashboard/todos?filter=pending|done|all
   if (path === "/todos" && req.method === "GET") {

package/src/config/schema.ts

@@ -144,6 +144,12 @@ export const configSchema = z.object({
   // Tool permission overrides
   toolPermissions: z.record(z.string(), z.enum(["auto", "confirm", "deny"])).optional(),
 
+  // Approval behavior
+  approvals: z.object({
+    // If true, built-in first-party tools never require secondary confirmation prompts.
+    autoApproveFirstPartyTools: z.boolean().default(false),
+  }).optional(),
+
   // Memory retrieval tuning for router context injection
   memoryRetrieval: z.object({
     contextTopK: z.number().int().min(1).max(10).default(3),

package/src/email/sent-log.ts

@@ -0,0 +1,37 @@
+import { getDb } from "../db/connection";
+import { logger } from "../util/logger";
+
+export interface SentMessageLogEntry {
+  provider: string;
+  recipient: string;
+  subject: string;
+  body?: string;
+  attachments?: string[];
+  status: "sent" | "failed";
+  errorMessage?: string;
+  externalId?: string;
+}
+
+export function logSentMessage(entry: SentMessageLogEntry): void {
+  try {
+    const db = getDb();
+    const preview = (entry.body ?? "").slice(0, 500);
+    const attachmentsJson = entry.attachments?.length ? JSON.stringify(entry.attachments) : null;
+    db.prepare(
+      `INSERT INTO sent_messages
+       (provider, recipient, subject, body_preview, attachments_json, status, error_message, external_id)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)`
+    ).run(
+      entry.provider,
+      entry.recipient,
+      entry.subject,
+      preview || null,
+      attachmentsJson,
+      entry.status,
+      entry.errorMessage ?? null,
+      entry.externalId ?? null,
+    );
+  } catch (err: any) {
+    logger.warn("Failed to log sent message", { error: err?.message ?? String(err) });
+  }
+}

package/src/start.ts

@@ -30,8 +30,9 @@ import { initMemory } from "./memory/engine";
 import { registerTodosTool } from "./tools/builtin/todos";
 import { registerNotesTool } from "./tools/builtin/notes";
 import { registerPreferencesTool } from "./tools/builtin/preferences";
-import { registerTopicsTool } from "./tools/builtin/topics";
-import { logger, enableFileLogging } from "./util/logger";
+import { registerTopicsTool } from "./tools/builtin/topics";
+import { registerEmailSendTool } from "./tools/builtin/email-send";
+import { logger, enableFileLogging } from "./util/logger";
 
 function openBrowser(url: string) {
   try {
@@ -234,12 +235,13 @@ export async function startZubo(isDaemon = false) {
   registerManageTriggersTool();
 
   // Register personal agent tools
-  registerTodosTool();
-  registerNotesTool();
-  registerPreferencesTool();
-  registerTopicsTool();
-  const { registerFollowUpsTool } = await import("./tools/builtin/follow-ups");
-  registerFollowUpsTool(db, router, config, llm);
+  registerTodosTool();
+  registerNotesTool();
+  registerPreferencesTool();
+  registerTopicsTool();
+  registerEmailSendTool();
+  const { registerFollowUpsTool } = await import("./tools/builtin/follow-ups");
+  registerFollowUpsTool(db, router, config, llm);
 
   // Register code interpreter tool
   if (config.codeInterpreter?.enabled !== false) {

package/src/tools/builtin/email-send.ts

@@ -0,0 +1,112 @@
+import { existsSync, readFileSync } from "fs";
+import { resolve } from "path";
+import { registerTool } from "../registry";
+import { paths } from "../../config/paths";
+import { getDb } from "../../db/connection";
+import { sendSmtpEmail, type EmailConfig } from "../../channels/email";
+
+function isValidEmail(value: string): boolean {
+  const trimmed = value.trim();
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(trimmed);
+}
+
+function resolveAttachmentRef(ref: string): string | null {
+  const trimmed = ref.trim();
+  if (!trimmed) return null;
+  if (trimmed.startsWith("upload:")) {
+    const id = Number(trimmed.slice("upload:".length));
+    if (!Number.isFinite(id) || id <= 0) return null;
+    try {
+      const db = getDb();
+      const row = db.query("SELECT filename FROM uploads WHERE id = ?").get(id) as { filename: string } | null;
+      if (!row?.filename) return null;
+      return row.filename;
+    } catch {
+      return null;
+    }
+  }
+  return trimmed;
+}
+
+function isAllowedAttachmentPath(filePath: string): boolean {
+  const absolute = resolve(filePath);
+  const roots = [resolve(process.cwd()), resolve(paths.uploads)];
+  return roots.some((root) => absolute.startsWith(root + "/") || absolute === root);
+}
+
+export function registerEmailSendTool(): void {
+  registerTool({
+    definition: {
+      name: "email_send",
+      description:
+        "Send an email using the configured SMTP account in channels.email.smtp. " +
+        "Use this when the user asks to send or write an email to someone.",
+      input_schema: {
+        type: "object",
+        properties: {
+          to: { type: "string", description: "Recipient email address" },
+          subject: { type: "string", description: "Email subject" },
+          body: { type: "string", description: "Email body content" },
+          attachments: {
+            type: "array",
+            items: { type: "string" },
+            description:
+              "Optional attachment references. Use absolute/relative file paths in workspace, or upload IDs via `upload:<id>`.",
+          },
+        },
+        required: ["to", "subject", "body"],
+      },
+    },
+    execute: async (input) => {
+      const to = String(input.to ?? "").trim();
+      const subject = String(input.subject ?? "").trim();
+      const body = String(input.body ?? "");
+      const attachmentRefs = Array.isArray(input.attachments)
+        ? input.attachments.map((x) => String(x))
+        : [];
+
+      if (!to || !isValidEmail(to)) {
+        return "Invalid recipient email address. Please provide a valid `to` address.";
+      }
+      if (!subject) return "Subject is required.";
+      if (!body.trim()) return "Body is required.";
+
+      let parsed: any;
+      try {
+        parsed = JSON.parse(readFileSync(paths.config, "utf-8"));
+      } catch {
+        return "Could not read config. Run `zubo setup` and configure Email first.";
+      }
+
+      const emailCfg = parsed?.channels?.email as EmailConfig | undefined;
+      const smtpCfg = emailCfg?.smtp;
+      if (!smtpCfg?.host || !smtpCfg?.user || !smtpCfg?.password) {
+        return (
+          "Email is not configured yet. Configure `channels.email.smtp` in Settings > Channels > Email " +
+          "or run `zubo setup`."
+        );
+      }
+
+      const attachments: string[] = [];
+      for (const ref of attachmentRefs) {
+        const resolvedRef = resolveAttachmentRef(ref);
+        if (!resolvedRef) return `Invalid attachment reference: ${ref}`;
+        const absolute = resolve(resolvedRef);
+        if (!existsSync(absolute)) return `Attachment not found: ${ref}`;
+        if (!isAllowedAttachmentPath(absolute)) {
+          return `Attachment path is outside allowed roots (workspace/uploads): ${ref}`;
+        }
+        attachments.push(absolute);
+      }
+
+      try {
+        await sendSmtpEmail(smtpCfg, to, subject, body, emailCfg?.fromName, undefined, attachments);
+        return attachments.length
+          ? `Email sent to ${to} with ${attachments.length} attachment(s).`
+          : `Email sent to ${to} with subject "${subject}".`;
+      } catch (err: any) {
+        return `Failed to send email: ${err?.message ?? String(err)}`;
+      }
+    },
+  });
+}

package/src/tools/builtin-integrations/google/gmail/handler.ts

@@ -1,4 +1,22 @@
-const API = "https://gmail.googleapis.com/gmail/v1/users/me";
+import { logSentMessage } from "../../../../email/sent-log";
+const API = "https://gmail.googleapis.com/gmail/v1/users/me";
+
+function encodeMimeHeader(value: string): string {
+  const raw = String(value || "");
+  let repaired = raw;
+  if (/[ÃÂ]/.test(raw)) {
+    try {
+      const candidate = Buffer.from(raw, "latin1").toString("utf8");
+      repaired = candidate.includes("�") ? raw : candidate;
+    } catch {
+      repaired = raw;
+    }
+  }
+  const sanitized = repaired.replace(/[\r\n]+/g, " ").trim();
+  if (!sanitized) return "";
+  if (/^[\x00-\x7F]*$/.test(sanitized)) return sanitized;
+  return `=?UTF-8?B?${Buffer.from(sanitized, "utf8").toString("base64")}?=`;
+}
 
 async function getToken(): Promise<string> {
   // Try the new multi-provider OAuth system first
@@ -82,18 +100,39 @@ export default async function (input: Record<string, unknown>): Promise<string>
         }
         return JSON.stringify({ id: data.id, subject: getHeader("Subject"), from: getHeader("From"), date: getHeader("Date"), body: emailBody });
       }
-      case "send": {
-        if (!to) return JSON.stringify({ error: "to is required" });
-        if (!subject) return JSON.stringify({ error: "subject is required" });
-        const raw = Buffer.from(`MIME-Version: 1.0\r\nTo: ${to}\r\nSubject: ${subject}\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n${body || ""}`).toString("base64url");
-        const res = await fetch(`${API}/messages/send`, {
-          method: "POST", headers,
-          body: JSON.stringify({ raw }),
-        });
-        if (!res.ok) return await safeApiErr(res, "Gmail");
-        const data = (await res.json()) as any;
-        return JSON.stringify({ sent: true, id: data.id });
-      }
+      case "send": {
+        if (!to) return JSON.stringify({ error: "to is required" });
+        if (!subject) return JSON.stringify({ error: "subject is required" });
+        const raw = Buffer.from(
+          `MIME-Version: 1.0\r\nTo: ${to}\r\nSubject: ${encodeMimeHeader(subject)}\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n${body || ""}`
+        ).toString("base64url");
+        const res = await fetch(`${API}/messages/send`, {
+          method: "POST", headers,
+          body: JSON.stringify({ raw }),
+        });
+        if (!res.ok) {
+          const error = await safeApiErr(res, "Gmail");
+          logSentMessage({
+            provider: "gmail",
+            recipient: to,
+            subject,
+            body: body || "",
+            status: "failed",
+            errorMessage: error,
+          });
+          return error;
+        }
+        const data = (await res.json()) as any;
+        logSentMessage({
+          provider: "gmail",
+          recipient: to,
+          subject,
+          body: body || "",
+          status: "sent",
+          externalId: data.id,
+        });
+        return JSON.stringify({ sent: true, id: data.id });
+      }
       case "search": {
         if (!query) return JSON.stringify({ error: "query is required" });
         const res = await fetch(`${API}/messages?q=${encodeURIComponent(query)}&maxResults=${max_results || 10}`, { headers });
@@ -107,24 +146,55 @@ export default async function (input: Record<string, unknown>): Promise<string>
         const orig = await fetch(`${API}/messages/${message_id}?format=metadata&metadataHeaders=Subject&metadataHeaders=From&metadataHeaders=Message-ID`, { headers });
         if (!orig.ok) return await safeApiErr(orig, "Gmail");
         const origData = (await orig.json()) as any;
-        const getHeader = (name: string) => origData.payload?.headers?.find((h: any) => h.name === name)?.value ?? "";
-        const replyTo = getHeader("From");
-        const subj = getHeader("Subject").startsWith("Re:") ? getHeader("Subject") : `Re: ${getHeader("Subject")}`;
-        const msgId = getHeader("Message-ID");
-        const raw = Buffer.from(`MIME-Version: 1.0\r\nTo: ${replyTo}\r\nSubject: ${subj}\r\nIn-Reply-To: ${msgId}\r\nReferences: ${msgId}\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n${body}`).toString("base64url");
-        const res = await fetch(`${API}/messages/send`, {
-          method: "POST", headers,
-          body: JSON.stringify({ raw, threadId: origData.threadId }),
-        });
-        if (!res.ok) return await safeApiErr(res, "Gmail");
-        const data = (await res.json()) as any;
-        return JSON.stringify({ replied: true, id: data.id });
-      }
-      default:
-        return JSON.stringify({ error: `Unknown action: ${action}` });
-    }
-  } catch (err: any) {
-    console.error(`[Gmail] Request failed: ${err.message}`);
-    return JSON.stringify({ error: "Gmail request failed. Check logs for details." });
-  }
-}
+        const getHeader = (name: string) => origData.payload?.headers?.find((h: any) => h.name === name)?.value ?? "";
+        const replyTo = getHeader("From");
+        const subj = getHeader("Subject").startsWith("Re:") ? getHeader("Subject") : `Re: ${getHeader("Subject")}`;
+        const msgId = getHeader("Message-ID");
+        const raw = Buffer.from(
+          `MIME-Version: 1.0\r\nTo: ${replyTo}\r\nSubject: ${encodeMimeHeader(subj)}\r\nIn-Reply-To: ${msgId}\r\nReferences: ${msgId}\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n${body}`
+        ).toString("base64url");
+        const res = await fetch(`${API}/messages/send`, {
+          method: "POST", headers,
+          body: JSON.stringify({ raw, threadId: origData.threadId }),
+        });
+        if (!res.ok) {
+          const error = await safeApiErr(res, "Gmail");
+          logSentMessage({
+            provider: "gmail",
+            recipient: replyTo,
+            subject: subj,
+            body,
+            status: "failed",
+            errorMessage: error,
+          });
+          return error;
+        }
+        const data = (await res.json()) as any;
+        logSentMessage({
+          provider: "gmail",
+          recipient: replyTo,
+          subject: subj,
+          body,
+          status: "sent",
+          externalId: data.id,
+        });
+        return JSON.stringify({ replied: true, id: data.id });
+      }
+      default:
+        return JSON.stringify({ error: `Unknown action: ${action}` });
+    }
+  } catch (err: any) {
+    console.error(`[Gmail] Request failed: ${err.message}`);
+    if (action === "send" || action === "reply") {
+      logSentMessage({
+        provider: "gmail",
+        recipient: String(to || ""),
+        subject: String(subject || ""),
+        body: body || "",
+        status: "failed",
+        errorMessage: err?.message ?? String(err),
+      });
+    }
+    return JSON.stringify({ error: "Gmail request failed. Check logs for details." });
+  }
+}

package/src/tools/executor.ts

@@ -1,4 +1,4 @@
-import { getTool } from "./registry";
+import { getTool, isUserInstalledSkill } from "./registry";
 import { getToolPermission, getToolScopes, hasRiskyScope } from "./permissions";
 import { logger } from "../util/logger";
 import { recordError } from "../util/error-buffer";
@@ -21,6 +21,7 @@ const BUILTIN_INTEGRATION_TOOLS = new Set([
 interface ToolScopePolicy {
   allowed?: string[];
   dryRunByDefault: boolean;
+  autoApproveFirstPartyTools: boolean;
 }
 
 const toolScopePolicyCache: {
@@ -28,7 +29,7 @@ const toolScopePolicyCache: {
   value: ToolScopePolicy;
 } = {
   mtimeMs: -1,
-  value: { dryRunByDefault: false },
+  value: { dryRunByDefault: false, autoApproveFirstPartyTools: false },
 };
 
 export interface ToolResult {
@@ -77,14 +78,20 @@ function readToolScopePolicy(): ToolScopePolicy {
     const parsed = {
       allowed: Array.isArray(cfg?.toolScopes?.allowed) ? cfg.toolScopes.allowed : undefined,
       dryRunByDefault: Boolean(cfg?.toolScopes?.dryRunByDefault),
+      autoApproveFirstPartyTools: cfg?.approvals?.autoApproveFirstPartyTools === true,
     };
     toolScopePolicyCache.mtimeMs = mtimeMs;
     toolScopePolicyCache.value = parsed;
     return parsed;
   } catch {
-    return { dryRunByDefault: false };
+    return { dryRunByDefault: false, autoApproveFirstPartyTools: false };
   }
 }
+
+function isFirstPartyTool(name: string): boolean {
+  if (name.includes("__")) return false; // MCP tools
+  return !isUserInstalledSkill(name);
+}
 
 // Determine if a tool should run in the sandbox (user-installed skills only)
 async function shouldSandbox(
@@ -235,6 +242,9 @@ export async function executeTool(
   }
 
   if (permission === "confirm") {
+    if (scopePolicy.autoApproveFirstPartyTools && isFirstPartyTool(name)) {
+      logger.info(`Auto-approving first-party tool: ${name}`);
+    } else
     // For direct user requests, don't require a second explicit approval round.
     if (options.directUserRequest) {
       logger.info(`Bypassing confirmation for direct user request: ${name}`);

package/src/tools/permissions.ts

@@ -17,7 +17,8 @@ export type ToolScope =
 
 const DEFAULT_PERMISSIONS: Record<string, ToolPermission> = {
   // Built-in tools — always safe
-  datetime: "auto",
+  datetime: "auto",
+  get_current_datetime: "auto",
   memory_write: "auto",
   memory_search: "auto",
   memory_prune: "confirm",
@@ -53,8 +54,9 @@ const DEFAULT_PERMISSIONS: Record<string, ToolPermission> = {
   todos: "auto",
   notes: "auto",
   preferences: "auto",
-  topics: "auto",
-  follow_ups: "auto",
+  topics: "auto",
+  follow_ups: "auto",
+  email_send: "confirm",
 
   // Built-in skills — safe (read-only or low risk)
   web_search: "auto",
@@ -120,6 +122,7 @@ function getPermissionOverrides(): Record<string, ToolPermission> {
 
 const TOOL_SCOPES: Record<string, ToolScope[]> = {
   datetime: ["memory"],
+  get_current_datetime: ["memory"],
   memory_write: ["memory"],
   memory_search: ["memory"],
   memory_prune: ["memory"],
@@ -145,6 +148,7 @@ const TOOL_SCOPES: Record<string, ToolScope[]> = {
   preferences: ["memory"],
   topics: ["memory"],
   follow_ups: ["memory"],
+  email_send: ["network_write"],
   web_search: ["network_read"],
   url_fetch: ["network_read"],
   file_read: ["filesystem_read"],