Initial commit: PRD and SPEC for emcli

emcli is a Go CLI that mediates an AI agent's email access, enforcing
per-account read/send restrictions so credentials never reach the agent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

specifications/PRD.md

@@ -0,0 +1,27 @@
+# emcli - PRD
+
+A CLI utility to allows an agent skill to send and receive IMAP emails *but* with only with enforced restrictions configured by the user
+Agent never has access directly to IMAP account - everything filters through emcli
+Email credentials are never exposed to Agent
+
+## The reason is exists
+
+Even with strong mandatory instructions, AI can still hallucinate - there is a need to protect against these hallucinations when using live emails
+
+## Required Functionality
+
+- single cross platform binary
+- config in encrypted SQLite file (to ensure email credentials don't leak)
+- encryption key held as ENV variable - should never be exposed to calling Agent
+- multiple email account support
+- mark an account as "RO" (read only) or "RW" (read and send)
+- whitelist-in toggle (false = allow emails from anybody to be read, true = process only emails from whitelisted inbound email addresses)
+- whitelist-out toggle (false = allow emails to be sent to anybody, true = send emails only to those in whitelisted outbound email addresses)
+- subject filtering - blank to ignore subject, regex to only read specific emails matching a subject
+- CLI output generally as structured JSON only (for Agentic use)
+- Structured JSON would likely be boolean for error (true/false), JSON blob for error details (or empty if no error), JSON blob for returned data
+- Admin functions (CRUD of email accounts, white lists and other config) would be human readable output and may be interactive
+- "Pointer" to last read email per account held in config - Agent can ask for only new emails
+- No graphical UI needed
+- TUI used for init and (re)configuration
+- TUI not used for reading emails etc. - we are not building a full email client