zubo 0.1.28 → 0.1.29

package/README.md

@@ -98,9 +98,10 @@ User Message
 All config lives in `~/.zubo/config.json`. Run `zubo setup` for interactive configuration, or set values directly:
 
 ```bash
-zubo config set activeProvider anthropic
-zubo config set smartRouting.enabled true
+zubo config set activeProvider anthropic
+zubo config set smartRouting.enabled true
 zubo config set budget.monthlyLimitUsd 50
+zubo config set approvals.autoApproveFirstPartyTools true
 ```
 
 See the full [configuration reference](https://zubo.bot/docs/config.html) for all options.
@@ -167,6 +168,7 @@ Across WebChat, Telegram, Discord, Slack, and other channels:
   - `/permissions set <tool> <auto|confirm|deny>` — override tool permission
   - `/budget` — view budget usage and limits
   - `/budget pause|resume` — pause/resume budget enforcement
+  - `/sent [n]` — show latest outbound email delivery records
 
 ## Contributing
 

package/migrations/025_sent_messages.sql

@@ -0,0 +1,18 @@
+CREATE TABLE IF NOT EXISTS sent_messages (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  provider TEXT NOT NULL, -- smtp | gmail | email_channel
+  recipient TEXT NOT NULL,
+  subject TEXT NOT NULL,
+  body_preview TEXT,
+  attachments_json TEXT,
+  status TEXT NOT NULL, -- sent | failed
+  error_message TEXT,
+  external_id TEXT,
+  created_at TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_sent_messages_created_at
+  ON sent_messages(created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_sent_messages_recipient
+  ON sent_messages(recipient);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zubo",
-  "version": "0.1.28",
+  "version": "0.1.29",
   "description": "Your AI agent that never forgets. Persistent memory, 25+ tools, 7 channels, 11+ LLM providers — runs entirely on your machine.",
   "license": "MIT",
   "author": "thomaskanze",

package/src/agent/loop.ts

@@ -41,12 +41,33 @@ function resolveOptions(memoriesOrOptions: string | AgentLoopOptions): AgentLoop
 }
 
 /** Detect standalone greetings that don't need tool definitions in context. */
-function looksConversational(text: string): boolean {
+function looksConversational(text: string): boolean {
   const t = text.trim().toLowerCase().replace(/[!?.,:;]+$/g, "");
   // Only match messages that are PURELY a greeting — no follow-up request
   const standaloneGreetings = /^(h(ello|i|ey|owdy|ola)|yo|sup|good\s*(morning|afternoon|evening|night)|what'?s\s*up|gm|thanks|thank\s*you|ok(ay)?|bye|see\s*ya|cool|nice|wow|lol|haha)$/;
-  return standaloneGreetings.test(t);
-}
+  return standaloneGreetings.test(t);
+}
+
+export function hasEmailSendIntent(text: string): boolean {
+  const t = text.trim().toLowerCase();
+  if (!t) return false;
+  if (/\bdraft\b/.test(t) && !/\bsend\b/.test(t)) return false;
+  if (/\b(send|email|mail)\b/.test(t) && /\b(to|recipient)\b/.test(t)) return true;
+  if (/\b(write|compose)\b.*\b(email|mail)\b/.test(t)) return true;
+  return false;
+}
+
+export function canSendEmailWithTools(tools: any[]): boolean {
+  const names = new Set(tools.map((t) => t.name));
+  return names.has("email_send") || names.has("gmail");
+}
+
+function hasEmailSendCapability(allowedTools?: string[]): boolean {
+  const defs = getAllToolDefs();
+  if (!allowedTools) return canSendEmailWithTools(defs);
+  const allowed = new Set(allowedTools);
+  return canSendEmailWithTools(defs.filter((d) => allowed.has(d.name)));
+}
 
 async function prepareLoop(
   llm: LlmProvider,
@@ -214,10 +235,12 @@ export async function agentLoop(
   memoriesOrOptions: string | AgentLoopOptions = ""
 ): Promise<LoopResult> {
   const options = resolveOptions(memoriesOrOptions);
-  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
-  const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
-
-  let totalToolCalls = 0;
+  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
+  const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
+  const emailIntentLock = hasEmailSendIntent(userMessage) && canSendEmailWithTools(tools);
+  let emailIntentRetries = 0;
+
+  let totalToolCalls = 0;
 
   for (let round = 0; round < maxRounds; round++) {
     const llmStartTime = Date.now();
@@ -246,15 +269,40 @@ export async function agentLoop(
 
     const toolUseBlocks = extractToolUseBlocks(response.content);
 
-    // No tool calls — done
-    if (toolUseBlocks.length === 0) {
-      const reply = response.content
-        .filter((b) => b.type === "text")
-        .map((b) => b.text ?? "")
-        .join("\n") || "";
-      finishLoop(sessionId, reply);
-      triggerPostLoopCompaction(llm, sessionId);
-      return { reply, toolCalls: totalToolCalls };
+    // No tool calls — done
+    if (toolUseBlocks.length === 0) {
+      const reply = response.content
+        .filter((b) => b.type === "text")
+        .map((b) => b.text ?? "")
+        .join("\n") || "";
+
+      if (emailIntentLock && totalToolCalls === 0 && emailIntentRetries < 1) {
+        emailIntentRetries += 1;
+        messages.push({ role: "assistant", content: response.content });
+        messages.push({
+          role: "user",
+          content: [{
+            type: "text",
+            text:
+              "Policy guard: The user asked you to SEND an email. You must execute an email tool now (email_send or gmail action send/reply). " +
+              "Do not return a draft-only response.",
+          }],
+        });
+        continue;
+      }
+
+      if (emailIntentLock && totalToolCalls === 0 && emailIntentRetries >= 1) {
+        const lockedReply =
+          "I couldn't complete that because no email send tool was executed. " +
+          "Please try again and I'll send it directly.";
+        finishLoop(sessionId, lockedReply);
+        triggerPostLoopCompaction(llm, sessionId);
+        return { reply: lockedReply, toolCalls: totalToolCalls };
+      }
+
+      finishLoop(sessionId, reply);
+      triggerPostLoopCompaction(llm, sessionId);
+      return { reply, toolCalls: totalToolCalls };
     }
 
     // Execute tools
@@ -272,18 +320,30 @@ export async function agentLoop(
   return { reply: MAX_ROUNDS_FALLBACK, toolCalls: totalToolCalls };
 }
 
-export async function agentLoopStream(
-  llm: LlmProvider,
-  sessionId: string,
-  userMessage: string,
+export async function agentLoopStream(
+  llm: LlmProvider,
+  sessionId: string,
+  userMessage: string,
   callbacks: StreamCallbacks,
   memoriesOrOptions: string | AgentLoopOptions = ""
-): Promise<void> {
-  const options = resolveOptions(memoriesOrOptions);
-  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
-
-  // Fall back to non-streaming if provider doesn't support it
-  if (!llm.chatStream) {
+): Promise<void> {
+  const options = resolveOptions(memoriesOrOptions);
+  const maxRounds = options.maxRounds ?? MAX_TOOL_ROUNDS;
+  const emailIntentLock = hasEmailSendIntent(userMessage) && hasEmailSendCapability(options.allowedTools);
+
+  if (emailIntentLock) {
+    try {
+      const result = await agentLoop(llm, sessionId, userMessage, options);
+      callbacks.onTextDelta(result.reply);
+      callbacks.onDone(result);
+    } catch (err: any) {
+      callbacks.onError(err);
+    }
+    return;
+  }
+
+  // Fall back to non-streaming if provider doesn't support it
+  if (!llm.chatStream) {
     try {
       const result = await agentLoop(llm, sessionId, userMessage, memoriesOrOptions);
       callbacks.onTextDelta(result.reply);
@@ -294,10 +354,10 @@ export async function agentLoopStream(
     return;
   }
 
-  try {
-    const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
-
-    let totalToolCalls = 0;
+  try {
+    const { system, messages, tools } = await prepareLoop(llm, sessionId, userMessage, options);
+
+    let totalToolCalls = 0;
     let fullReply = "";
 
     for (let round = 0; round < maxRounds; round++) {

package/src/agent/prompts.ts

@@ -55,6 +55,7 @@ const DEFAULT_PERSONALITY = `You are Zubo, a personal AI agent. You are friendly
 
 - If the user asks you to send/write an email to someone, you must actually send it using a tool ("email_send" or "gmail"). Do not only draft text unless the user explicitly asks for a draft.
 - If required fields are missing, ask only for what's missing ("to", "subject", or "body") and send immediately once provided.
+- When files are mentioned for an outgoing email, include them via the email tool's attachments input (workspace paths or upload IDs like "upload:123").
 
 ## Preferences
 

package/src/channels/email.ts

@@ -1,8 +1,11 @@
-import { connect, type Socket } from "net";
-import * as tls from "tls";
-import type { ChannelAdapter, InboundMessage } from "./adapter";
-import type { MessageRouter } from "./router";
-import { logger } from "../util/logger";
+import { connect, type Socket } from "net";
+import * as tls from "tls";
+import { readFileSync, statSync } from "fs";
+import { basename } from "path";
+import type { ChannelAdapter, InboundMessage } from "./adapter";
+import type { MessageRouter } from "./router";
+import { logSentMessage } from "../email/sent-log";
+import { logger } from "../util/logger";
 
 export interface EmailConfig {
   enabled: boolean;
@@ -192,8 +195,19 @@ class SmtpClient {
 
   constructor(private config: EmailConfig["smtp"], private fromName?: string) {}
 
+  private repairMojibake(value: string): string {
+    if (!/[ÃÂ]/.test(value)) return value;
+    try {
+      const repaired = Buffer.from(value, "latin1").toString("utf8");
+      return repaired.includes("�") ? value : repaired;
+    } catch {
+      return value;
+    }
+  }
+
   private encodeMimeHeader(value: string): string {
-    const sanitized = value.replace(/[\r\n]+/g, " ").trim();
+    const repaired = this.repairMojibake(value);
+    const sanitized = repaired.replace(/[\r\n]+/g, " ").trim();
     if (!sanitized) return "";
     // RFC 2047 encoded-word for non-ASCII header values (emoji, accents, etc.).
     if (/^[\x00-\x7F]*$/.test(sanitized)) return sanitized;
@@ -201,12 +215,78 @@ class SmtpClient {
   }
 
   private toCrlfBody(body: string): string {
-    const normalized = body.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
+    const repaired = this.repairMojibake(body);
+    const normalized = repaired.replace(/\r\n/g, "\n").replace(/\r/g, "\n");
     return normalized
       .split("\n")
       .map((line) => (line.startsWith(".") ? `.${line}` : line))
       .join("\r\n");
   }
+
+  private buildMimeMessage(
+    fromAddr: string,
+    to: string,
+    subject: string,
+    body: string,
+    attachments: string[] = [],
+  ): string {
+    const displayName = this.fromName || "Zubo";
+    const encodedFromName = this.encodeMimeHeader(displayName);
+    const encodedSubject = this.encodeMimeHeader(subject);
+    const safeBody = this.toCrlfBody(body || "");
+    if (!attachments.length) {
+      return [
+        `From: ${encodedFromName} <${fromAddr}>`,
+        `To: ${to}`,
+        `Subject: ${encodedSubject}`,
+        `Date: ${new Date().toUTCString()}`,
+        `MIME-Version: 1.0`,
+        `Content-Type: text/plain; charset=utf-8`,
+        `Content-Transfer-Encoding: 8bit`,
+        ``,
+        safeBody,
+      ].join("\r\n");
+    }
+
+    const boundary = `zubo-${crypto.randomUUID()}`;
+    const lines: string[] = [
+      `From: ${encodedFromName} <${fromAddr}>`,
+      `To: ${to}`,
+      `Subject: ${encodedSubject}`,
+      `Date: ${new Date().toUTCString()}`,
+      `MIME-Version: 1.0`,
+      `Content-Type: multipart/mixed; boundary="${boundary}"`,
+      ``,
+      `--${boundary}`,
+      `Content-Type: text/plain; charset=utf-8`,
+      `Content-Transfer-Encoding: 8bit`,
+      ``,
+      safeBody,
+      ``,
+    ];
+
+    for (const attachmentPath of attachments) {
+      const size = statSync(attachmentPath).size;
+      if (size > 10 * 1024 * 1024) {
+        throw new Error(`Attachment too large (>10MB): ${attachmentPath}`);
+      }
+      const filename = basename(attachmentPath);
+      const encodedFilename = this.encodeMimeHeader(filename);
+      const content = readFileSync(attachmentPath);
+      const b64 = content.toString("base64").replace(/(.{76})/g, "$1\r\n");
+      lines.push(
+        `--${boundary}`,
+        `Content-Type: application/octet-stream; name="${encodedFilename}"`,
+        `Content-Disposition: attachment; filename="${encodedFilename}"`,
+        `Content-Transfer-Encoding: base64`,
+        ``,
+        b64,
+        ``,
+      );
+    }
+    lines.push(`--${boundary}--`);
+    return lines.join("\r\n");
+  }
 
   private async connectRaw(): Promise<Socket | tls.TLSSocket> {
     return new Promise((resolve, reject) => {
@@ -253,7 +333,7 @@ class SmtpClient {
     });
   }
 
-  async sendEmail(to: string, subject: string, body: string, from?: string): Promise<void> {
+  async sendEmail(to: string, subject: string, body: string, from?: string, attachments: string[] = []): Promise<void> {
     const rawSocket = await this.connectRaw();
     let socket: Socket | tls.TLSSocket = rawSocket;
 
@@ -297,22 +377,8 @@ class SmtpClient {
       // DATA
       await this.sendCmd(socket, "DATA");
 
-      // Message content — write directly to socket, not via sendCmd
-      const displayName = this.fromName || "Zubo";
-      const encodedFromName = this.encodeMimeHeader(displayName);
-      const encodedSubject = this.encodeMimeHeader(subject);
-      const safeBody = this.toCrlfBody(body || "");
-      const message = [
-        `From: ${encodedFromName} <${fromAddr}>`,
-        `To: ${to}`,
-        `Subject: ${encodedSubject}`,
-        `Date: ${new Date().toUTCString()}`,
-        `MIME-Version: 1.0`,
-        `Content-Type: text/plain; charset=utf-8`,
-        `Content-Transfer-Encoding: 8bit`,
-        ``,
-        safeBody,
-      ].join("\r\n");
+      // Message content — write directly to socket, not via sendCmd
+      const message = this.buildMimeMessage(fromAddr, to, subject, body, attachments);
 
       // Send body then terminator, wait for 250 OK
       await new Promise<void>((resolve, reject) => {
@@ -325,13 +391,21 @@ class SmtpClient {
       });
 
       // QUIT
-      try {
-        await this.sendCmd(socket, "QUIT");
-      } catch {}
-    } finally {
-      socket.destroy();
-    }
-  }
+      try {
+        await this.sendCmd(socket, "QUIT");
+      } catch {}
+      logSentMessage({
+        provider: "smtp",
+        recipient: to,
+        subject,
+        body,
+        attachments,
+        status: "sent",
+      });
+    } finally {
+      socket.destroy();
+    }
+  }
 }
 
 export async function sendSmtpEmail(
@@ -341,9 +415,23 @@ export async function sendSmtpEmail(
   body: string,
   fromName?: string,
   from?: string,
+  attachments: string[] = [],
 ): Promise<void> {
   const smtp = new SmtpClient(config, fromName);
-  await smtp.sendEmail(to, subject, body, from);
+  try {
+    await smtp.sendEmail(to, subject, body, from, attachments);
+  } catch (err: any) {
+    logSentMessage({
+      provider: "smtp",
+      recipient: to,
+      subject,
+      body,
+      attachments,
+      status: "failed",
+      errorMessage: err?.message ?? String(err),
+    });
+    throw err;
+  }
 }
 
 // --- Email channel adapter ---
@@ -419,13 +507,21 @@ export function createEmailAdapter(
               ? (msg.subject.startsWith("Re:") ? msg.subject : `Re: ${msg.subject}`)
               : "Re: your message";
 
-            try {
-              await smtp.sendEmail(senderEmail, replySubject, reply);
-              logger.info(`Email: replied to ${senderEmail}`);
-            } catch (err: any) {
-              logger.error("Email: failed to send reply", { error: err.message, to: senderEmail });
-            }
-          });
+            try {
+              await smtp.sendEmail(senderEmail, replySubject, reply);
+              logger.info(`Email: replied to ${senderEmail}`);
+            } catch (err: any) {
+              logger.error("Email: failed to send reply", { error: err.message, to: senderEmail });
+              logSentMessage({
+                provider: "email_channel",
+                recipient: senderEmail,
+                subject: replySubject,
+                body: reply,
+                status: "failed",
+                errorMessage: err?.message ?? String(err),
+              });
+            }
+          });
 
           await imap.markSeen(uid);
         } catch (err: any) {
@@ -470,12 +566,20 @@ export function createEmailAdapter(
         return;
       }
 
-      try {
-        await smtp.sendEmail(to, "Message from Zubo", text);
-        logger.info(`Email: sent proactive message to ${to}`);
-      } catch (err: any) {
-        logger.error("Email: failed to send proactive message", { error: err.message, to });
-      }
+      try {
+        await smtp.sendEmail(to, "Message from Zubo", text);
+        logger.info(`Email: sent proactive message to ${to}`);
+      } catch (err: any) {
+        logger.error("Email: failed to send proactive message", { error: err.message, to });
+        logSentMessage({
+          provider: "email_channel",
+          recipient: to,
+          subject: "Message from Zubo",
+          body: text,
+          status: "failed",
+          errorMessage: err?.message ?? String(err),
+        });
+      }
     },
   };
 }

package/src/channels/router.ts

@@ -223,6 +223,7 @@ export function createRouter(
     "/permissions set <tool> <auto|confirm|deny>\n" +
     "/budget\n" +
     "/budget pause|resume\n" +
+    "/sent [n]\n" +
     "\n" +
     "Docs: https://zubo.bot/docs/";
 
@@ -313,6 +314,31 @@ export function createRouter(
         `monthly: $${monthly.total.toFixed(4)} / ${row.monthly_limit_usd ? `$${row.monthly_limit_usd.toFixed(2)}` : "unlimited"}`
       );
     }
+    if (command.name === "sent") {
+      const limitRaw = Number(command.args.trim() || "10");
+      const limit = Number.isFinite(limitRaw) ? Math.max(1, Math.min(50, Math.floor(limitRaw))) : 10;
+      try {
+        const rows = db.query(
+          "SELECT provider, recipient, subject, status, error_message, created_at FROM sent_messages ORDER BY id DESC LIMIT ?"
+        ).all(limit) as Array<{
+          provider: string;
+          recipient: string;
+          subject: string;
+          status: string;
+          error_message: string | null;
+          created_at: string;
+        }>;
+        if (!rows.length) return "No sent email records yet.";
+        return rows
+          .map((r, i) =>
+            `[${i + 1}] ${r.created_at} ${r.status.toUpperCase()} via ${r.provider} -> ${r.recipient}\n` +
+            `Subject: ${r.subject}${r.error_message ? `\nError: ${r.error_message}` : ""}`
+          )
+          .join("\n\n");
+      } catch {
+        return "Sent log is not available yet. Restart Zubo to apply latest DB migrations.";
+      }
+    }
     return null;
   }
 

package/src/channels/webchat.ts

@@ -360,12 +360,29 @@ async function handleDashboardApi(url: URL, req: Request): Promise<Response | nu
     return Response.json({ content: lines.slice(-100).join("\n") });
   }
 
-  // GET /api/dashboard/skills
-  if (path === "/skills" && req.method === "GET") {
-    return Response.json({ skills: getSkillsData() });
-  }
-
-  // ── TODOS ──
+  // GET /api/dashboard/skills
+  if (path === "/skills" && req.method === "GET") {
+    return Response.json({ skills: getSkillsData() });
+  }
+
+  // GET /api/dashboard/sent-messages?limit=20
+  if (path === "/sent-messages" && req.method === "GET") {
+    const db = getDb();
+    const limitRaw = Number(url.searchParams.get("limit") || "20");
+    const limit = Number.isFinite(limitRaw) ? Math.max(1, Math.min(100, Math.floor(limitRaw))) : 20;
+    try {
+      const rows = db.query(
+        `SELECT id, provider, recipient, subject, body_preview, attachments_json, status, error_message, external_id, created_at
+         FROM sent_messages
+         ORDER BY id DESC LIMIT ?`
+      ).all(limit);
+      return Response.json({ rows });
+    } catch (err: any) {
+      return Response.json({ rows: [], error: err.message });
+    }
+  }
+
+  // ── TODOS ──
 
   // GET /api/dashboard/todos?filter=pending|done|all
   if (path === "/todos" && req.method === "GET") {

package/src/config/schema.ts

@@ -144,6 +144,12 @@ export const configSchema = z.object({
   // Tool permission overrides
   toolPermissions: z.record(z.string(), z.enum(["auto", "confirm", "deny"])).optional(),
 
+  // Approval behavior
+  approvals: z.object({
+    // If true, built-in first-party tools never require secondary confirmation prompts.
+    autoApproveFirstPartyTools: z.boolean().default(false),
+  }).optional(),
+
   // Memory retrieval tuning for router context injection
   memoryRetrieval: z.object({
     contextTopK: z.number().int().min(1).max(10).default(3),

package/src/email/sent-log.ts

@@ -0,0 +1,37 @@
+import { getDb } from "../db/connection";
+import { logger } from "../util/logger";
+
+export interface SentMessageLogEntry {
+  provider: string;
+  recipient: string;
+  subject: string;
+  body?: string;
+  attachments?: string[];
+  status: "sent" | "failed";
+  errorMessage?: string;
+  externalId?: string;
+}
+
+export function logSentMessage(entry: SentMessageLogEntry): void {
+  try {
+    const db = getDb();
+    const preview = (entry.body ?? "").slice(0, 500);
+    const attachmentsJson = entry.attachments?.length ? JSON.stringify(entry.attachments) : null;
+    db.prepare(
+      `INSERT INTO sent_messages
+       (provider, recipient, subject, body_preview, attachments_json, status, error_message, external_id)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)`
+    ).run(
+      entry.provider,
+      entry.recipient,
+      entry.subject,
+      preview || null,
+      attachmentsJson,
+      entry.status,
+      entry.errorMessage ?? null,
+      entry.externalId ?? null,
+    );
+  } catch (err: any) {
+    logger.warn("Failed to log sent message", { error: err?.message ?? String(err) });
+  }
+}

package/src/tools/builtin/email-send.ts

@@ -1,6 +1,8 @@
-import { readFileSync } from "fs";
+import { existsSync, readFileSync } from "fs";
+import { resolve } from "path";
 import { registerTool } from "../registry";
 import { paths } from "../../config/paths";
+import { getDb } from "../../db/connection";
 import { sendSmtpEmail, type EmailConfig } from "../../channels/email";
 
 function isValidEmail(value: string): boolean {
@@ -8,6 +10,30 @@ function isValidEmail(value: string): boolean {
   return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(trimmed);
 }
 
+function resolveAttachmentRef(ref: string): string | null {
+  const trimmed = ref.trim();
+  if (!trimmed) return null;
+  if (trimmed.startsWith("upload:")) {
+    const id = Number(trimmed.slice("upload:".length));
+    if (!Number.isFinite(id) || id <= 0) return null;
+    try {
+      const db = getDb();
+      const row = db.query("SELECT filename FROM uploads WHERE id = ?").get(id) as { filename: string } | null;
+      if (!row?.filename) return null;
+      return row.filename;
+    } catch {
+      return null;
+    }
+  }
+  return trimmed;
+}
+
+function isAllowedAttachmentPath(filePath: string): boolean {
+  const absolute = resolve(filePath);
+  const roots = [resolve(process.cwd()), resolve(paths.uploads)];
+  return roots.some((root) => absolute.startsWith(root + "/") || absolute === root);
+}
+
 export function registerEmailSendTool(): void {
   registerTool({
     definition: {
@@ -21,6 +47,12 @@ export function registerEmailSendTool(): void {
           to: { type: "string", description: "Recipient email address" },
           subject: { type: "string", description: "Email subject" },
           body: { type: "string", description: "Email body content" },
+          attachments: {
+            type: "array",
+            items: { type: "string" },
+            description:
+              "Optional attachment references. Use absolute/relative file paths in workspace, or upload IDs via `upload:<id>`.",
+          },
         },
         required: ["to", "subject", "body"],
       },
@@ -29,6 +61,9 @@ export function registerEmailSendTool(): void {
       const to = String(input.to ?? "").trim();
       const subject = String(input.subject ?? "").trim();
       const body = String(input.body ?? "");
+      const attachmentRefs = Array.isArray(input.attachments)
+        ? input.attachments.map((x) => String(x))
+        : [];
 
       if (!to || !isValidEmail(to)) {
         return "Invalid recipient email address. Please provide a valid `to` address.";
@@ -52,9 +87,23 @@ export function registerEmailSendTool(): void {
         );
       }
 
+      const attachments: string[] = [];
+      for (const ref of attachmentRefs) {
+        const resolvedRef = resolveAttachmentRef(ref);
+        if (!resolvedRef) return `Invalid attachment reference: ${ref}`;
+        const absolute = resolve(resolvedRef);
+        if (!existsSync(absolute)) return `Attachment not found: ${ref}`;
+        if (!isAllowedAttachmentPath(absolute)) {
+          return `Attachment path is outside allowed roots (workspace/uploads): ${ref}`;
+        }
+        attachments.push(absolute);
+      }
+
       try {
-        await sendSmtpEmail(smtpCfg, to, subject, body, emailCfg?.fromName);
-        return `Email sent to ${to} with subject "${subject}".`;
+        await sendSmtpEmail(smtpCfg, to, subject, body, emailCfg?.fromName, undefined, attachments);
+        return attachments.length
+          ? `Email sent to ${to} with ${attachments.length} attachment(s).`
+          : `Email sent to ${to} with subject "${subject}".`;
       } catch (err: any) {
         return `Failed to send email: ${err?.message ?? String(err)}`;
       }

package/src/tools/builtin-integrations/google/gmail/handler.ts

@@ -1,7 +1,18 @@
+import { logSentMessage } from "../../../../email/sent-log";
 const API = "https://gmail.googleapis.com/gmail/v1/users/me";
 
 function encodeMimeHeader(value: string): string {
-  const sanitized = String(value || "").replace(/[\r\n]+/g, " ").trim();
+  const raw = String(value || "");
+  let repaired = raw;
+  if (/[ÃÂ]/.test(raw)) {
+    try {
+      const candidate = Buffer.from(raw, "latin1").toString("utf8");
+      repaired = candidate.includes("�") ? raw : candidate;
+    } catch {
+      repaired = raw;
+    }
+  }
+  const sanitized = repaired.replace(/[\r\n]+/g, " ").trim();
   if (!sanitized) return "";
   if (/^[\x00-\x7F]*$/.test(sanitized)) return sanitized;
   return `=?UTF-8?B?${Buffer.from(sanitized, "utf8").toString("base64")}?=`;
@@ -98,11 +109,30 @@ export default async function (input: Record<string, unknown>): Promise<string>
         const res = await fetch(`${API}/messages/send`, {
           method: "POST", headers,
           body: JSON.stringify({ raw }),
-        });
-        if (!res.ok) return await safeApiErr(res, "Gmail");
-        const data = (await res.json()) as any;
-        return JSON.stringify({ sent: true, id: data.id });
-      }
+        });
+        if (!res.ok) {
+          const error = await safeApiErr(res, "Gmail");
+          logSentMessage({
+            provider: "gmail",
+            recipient: to,
+            subject,
+            body: body || "",
+            status: "failed",
+            errorMessage: error,
+          });
+          return error;
+        }
+        const data = (await res.json()) as any;
+        logSentMessage({
+          provider: "gmail",
+          recipient: to,
+          subject,
+          body: body || "",
+          status: "sent",
+          externalId: data.id,
+        });
+        return JSON.stringify({ sent: true, id: data.id });
+      }
       case "search": {
         if (!query) return JSON.stringify({ error: "query is required" });
         const res = await fetch(`${API}/messages?q=${encodeURIComponent(query)}&maxResults=${max_results || 10}`, { headers });
@@ -126,16 +156,45 @@ export default async function (input: Record<string, unknown>): Promise<string>
         const res = await fetch(`${API}/messages/send`, {
           method: "POST", headers,
           body: JSON.stringify({ raw, threadId: origData.threadId }),
-        });
-        if (!res.ok) return await safeApiErr(res, "Gmail");
-        const data = (await res.json()) as any;
-        return JSON.stringify({ replied: true, id: data.id });
-      }
-      default:
-        return JSON.stringify({ error: `Unknown action: ${action}` });
-    }
-  } catch (err: any) {
-    console.error(`[Gmail] Request failed: ${err.message}`);
-    return JSON.stringify({ error: "Gmail request failed. Check logs for details." });
-  }
-}
+        });
+        if (!res.ok) {
+          const error = await safeApiErr(res, "Gmail");
+          logSentMessage({
+            provider: "gmail",
+            recipient: replyTo,
+            subject: subj,
+            body,
+            status: "failed",
+            errorMessage: error,
+          });
+          return error;
+        }
+        const data = (await res.json()) as any;
+        logSentMessage({
+          provider: "gmail",
+          recipient: replyTo,
+          subject: subj,
+          body,
+          status: "sent",
+          externalId: data.id,
+        });
+        return JSON.stringify({ replied: true, id: data.id });
+      }
+      default:
+        return JSON.stringify({ error: `Unknown action: ${action}` });
+    }
+  } catch (err: any) {
+    console.error(`[Gmail] Request failed: ${err.message}`);
+    if (action === "send" || action === "reply") {
+      logSentMessage({
+        provider: "gmail",
+        recipient: String(to || ""),
+        subject: String(subject || ""),
+        body: body || "",
+        status: "failed",
+        errorMessage: err?.message ?? String(err),
+      });
+    }
+    return JSON.stringify({ error: "Gmail request failed. Check logs for details." });
+  }
+}

package/src/tools/executor.ts

@@ -1,4 +1,4 @@
-import { getTool } from "./registry";
+import { getTool, isUserInstalledSkill } from "./registry";
 import { getToolPermission, getToolScopes, hasRiskyScope } from "./permissions";
 import { logger } from "../util/logger";
 import { recordError } from "../util/error-buffer";
@@ -21,6 +21,7 @@ const BUILTIN_INTEGRATION_TOOLS = new Set([
 interface ToolScopePolicy {
   allowed?: string[];
   dryRunByDefault: boolean;
+  autoApproveFirstPartyTools: boolean;
 }
 
 const toolScopePolicyCache: {
@@ -28,7 +29,7 @@ const toolScopePolicyCache: {
   value: ToolScopePolicy;
 } = {
   mtimeMs: -1,
-  value: { dryRunByDefault: false },
+  value: { dryRunByDefault: false, autoApproveFirstPartyTools: false },
 };
 
 export interface ToolResult {
@@ -77,14 +78,20 @@ function readToolScopePolicy(): ToolScopePolicy {
     const parsed = {
       allowed: Array.isArray(cfg?.toolScopes?.allowed) ? cfg.toolScopes.allowed : undefined,
       dryRunByDefault: Boolean(cfg?.toolScopes?.dryRunByDefault),
+      autoApproveFirstPartyTools: cfg?.approvals?.autoApproveFirstPartyTools === true,
     };
     toolScopePolicyCache.mtimeMs = mtimeMs;
     toolScopePolicyCache.value = parsed;
     return parsed;
   } catch {
-    return { dryRunByDefault: false };
+    return { dryRunByDefault: false, autoApproveFirstPartyTools: false };
   }
 }
+
+function isFirstPartyTool(name: string): boolean {
+  if (name.includes("__")) return false; // MCP tools
+  return !isUserInstalledSkill(name);
+}
 
 // Determine if a tool should run in the sandbox (user-installed skills only)
 async function shouldSandbox(
@@ -235,6 +242,9 @@ export async function executeTool(
   }
 
   if (permission === "confirm") {
+    if (scopePolicy.autoApproveFirstPartyTools && isFirstPartyTool(name)) {
+      logger.info(`Auto-approving first-party tool: ${name}`);
+    } else
     // For direct user requests, don't require a second explicit approval round.
     if (options.directUserRequest) {
       logger.info(`Bypassing confirmation for direct user request: ${name}`);

package/src/tools/permissions.ts

@@ -17,7 +17,8 @@ export type ToolScope =
 
 const DEFAULT_PERMISSIONS: Record<string, ToolPermission> = {
   // Built-in tools — always safe
-  datetime: "auto",
+  datetime: "auto",
+  get_current_datetime: "auto",
   memory_write: "auto",
   memory_search: "auto",
   memory_prune: "confirm",
@@ -121,6 +122,7 @@ function getPermissionOverrides(): Record<string, ToolPermission> {
 
 const TOOL_SCOPES: Record<string, ToolScope[]> = {
   datetime: ["memory"],
+  get_current_datetime: ["memory"],
   memory_write: ["memory"],
   memory_search: ["memory"],
   memory_prune: ["memory"],