steve/emcli
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 4 Wiki Activity

feat(admin): Phase 4 — doctor, admin completeness, and bubbletea TUI

Browse Source 
Adds the admin/diagnostics surface from SPEC §7.2:

- doctor [--account]: per-account IMAP + (RW) SMTP connectivity/auth checks via
  new mail.CheckIMAP/CheckSMTP (connect+auth only, no mail). Exit non-zero on any
  failure; secrets never printed.
- store.UpdateAccount: partial edit, re-encrypts password/secrets only when a
  non-empty value is supplied (blank keeps existing). RecentAuditFor(account).
- config set/get (validates audit_retention_days), audit list [--account][--limit],
  account edit (flag partial-update) / remove [--yes].
- internal/tui: bubbletea AccountForm with pure, fully-tested Fields (validation +
  store.Account assembly + edit prefill). init / bare `account add` / `account edit
  --name X` drop into the TUI; flag forms remain for scripting.

Built test-first; full suite green incl -race. Validated live against the mxlogin
(password) and Gmail (app-password) accounts. Live validation caught a real bug:
doctor authenticated with empty passwords because it iterated ListAccounts (which
strips secrets) — fixed to re-fetch via GetAccount, locked in by a regression test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Steve Cliff
2026-06-22 20:09:43 +01:00
parent 193815dd25
commit a837b25d73
20 changed files with 1535 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/cli/admin.go
+179
View File
@@ -4,8 +4,10 @@ import (
"flag"
"fmt"
"io"
"strconv"
"git.dcglab.co.uk/steve/emcli/internal/store"
"git.dcglab.co.uk/steve/emcli/internal/tui"
)
// runAccount handles `account add|list`. Human-readable output (never JSON).
@@ -24,6 +26,9 @@ func runAccount(args []string, out, errOut io.Writer) int {
switch sub {
case "add":
if len(rest) == 0 { // no flags → interactive TUI form
return addInteractive(st, tui.Fields{}, out, errOut)
}
fs := flag.NewFlagSet("account add", flag.ContinueOnError)
fs.SetOutput(errOut)
name := fs.String("name", "", "account name")
@@ -63,6 +68,91 @@ func runAccount(args []string, out, errOut io.Writer) int {
}
fmt.Fprintf(out, "account %q added (%s)\n", *name, *mode)
return 0
case "edit":
fs := flag.NewFlagSet("account edit", flag.ContinueOnError)
fs.SetOutput(errOut)
name := fs.String("name", "", "account name (required)")
mode := fs.String("mode", "", "RO|RW")
host := fs.String("imap-host", "", "IMAP host")
port := fs.Int("imap-port", 0, "IMAP port")
sec := fs.String("imap-security", "", "tls|starttls")
smtpHost := fs.String("smtp-host", "", "SMTP host")
smtpPort := fs.Int("smtp-port", 0, "SMTP port")
smtpSec := fs.String("smtp-security", "", "tls|starttls")
user := fs.String("username", "", "login username")
pass := fs.String("password", "", "login password (blank keeps existing)")
subj := fs.String("subject-regex", "", "inbound subject filter")
if err := fs.Parse(rest); err != nil {
return 2
}
if *name == "" {
fmt.Fprintln(errOut, "--name is required")
return 2
}
if fs.NFlag() == 1 { // only --name → interactive TUI form, prefilled
return editInteractive(st, *name, out, errOut)
}
acc, err := st.GetAccount(*name)
if err != nil {
fmt.Fprintf(errOut, "edit: %v\n", err)
return 1
}
// Overlay only the flags the user actually set.
fs.Visit(func(f *flag.Flag) {
switch f.Name {
case "mode":
acc.Mode = *mode
case "imap-host":
acc.IMAPHost = *host
case "imap-port":
acc.IMAPPort = *port
case "imap-security":
acc.IMAPSecurity = *sec
case "smtp-host":
acc.SMTPHost = *smtpHost
case "smtp-port":
acc.SMTPPort = *smtpPort
case "smtp-security":
acc.SMTPSecurity = *smtpSec
case "username":
acc.Username = *user
case "password":
acc.Password = *pass
case "subject-regex":
acc.SubjectRegex = *subj
}
})
// acc.Password holds the existing (decrypted) password from GetAccount; the
// Visit above overwrites it only when --password was passed. UpdateAccount
// re-seals whatever non-empty value is present, so the password is preserved.
if err := st.UpdateAccount(acc); err != nil {
fmt.Fprintf(errOut, "edit: %v\n", err)
return 1
}
fmt.Fprintf(out, "account %q updated\n", *name)
return 0
case "remove":
fs := flag.NewFlagSet("account remove", flag.ContinueOnError)
fs.SetOutput(errOut)
name := fs.String("name", "", "account name (required)")
yes := fs.Bool("yes", false, "skip confirmation")
if err := fs.Parse(rest); err != nil {
return 2
}
if *name == "" {
fmt.Fprintln(errOut, "--name is required")
return 2
}
if !*yes {
fmt.Fprintf(errOut, "refusing to remove %q without --yes\n", *name)
return 2
}
if err := st.DeleteAccount(*name); err != nil {
fmt.Fprintf(errOut, "remove: %v\n", err)
return 1
}
fmt.Fprintf(out, "account %q removed\n", *name)
return 0
case "list":
accs, err := st.ListAccounts()
if err != nil {
@@ -81,6 +171,95 @@ func runAccount(args []string, out, errOut io.Writer) int {
}
}
// auditList renders recent audit entries (account "" = all) to out.
func auditList(st *store.Store, account string, limit int, out io.Writer) error {
entries, err := st.RecentAuditFor(account, limit)
if err != nil {
return err
}
fmt.Fprintf(out, "%-20s %-12s %-8s %-8s %-20s %s\n",
"TS", "ACCOUNT", "ACTION", "RESULT", "TARGET", "REASON")
for _, e := range entries {
fmt.Fprintf(out, "%-20s %-12s %-8s %-8s %-20s %s\n",
e.TS, e.Account, e.Action, e.Result, e.Target, e.Reason)
}
return nil
}
// runConfig handles `config set <key> <value>` and `config get <key>`.
func runConfig(args []string, out, errOut io.Writer) int {
if len(args) < 2 {
fmt.Fprintln(errOut, "usage: emcli config <set|get> <key> [value]")
return 2
}
sub, key := args[0], args[1]
st, err := openStore()
if err != nil {
fmt.Fprintf(errOut, "emcli: %v\n", err)
return 1
}
defer st.Close()
switch sub {
case "set":
if len(args) < 3 {
fmt.Fprintln(errOut, "usage: emcli config set <key> <value>")
return 2
}
value := args[2]
if key == "audit_retention_days" {
n, err := strconv.Atoi(value)
if err != nil || n < 0 {
fmt.Fprintf(errOut, "audit_retention_days must be an integer >= 0, got %q\n", value)
return 2
}
}
if err := st.SetSetting(key, value); err != nil {
fmt.Fprintf(errOut, "config set: %v\n", err)
return 1
}
fmt.Fprintf(out, "%s = %s\n", key, value)
return 0
case "get":
v, err := st.GetSetting(key)
if err != nil {
fmt.Fprintf(errOut, "config get: %s not set\n", key)
return 1
}
fmt.Fprintf(out, "%s = %s\n", key, v)
return 0
default:
fmt.Fprintf(errOut, "unknown config subcommand %q\n", sub)
return 2
}
}
// runAudit handles `audit list [--account <name>] [--limit N]`.
func runAudit(args []string, out, errOut io.Writer) int {
if len(args) == 0 || args[0] != "list" {
fmt.Fprintln(errOut, "usage: emcli audit list [--account <name>] [--limit N]")
return 2
}
fs := flag.NewFlagSet("audit list", flag.ContinueOnError)
fs.SetOutput(errOut)
account := fs.String("account", "", "filter by account")
limit := fs.Int("limit", 50, "max rows")
if err := fs.Parse(args[1:]); err != nil {
return 2
}
st, err := openStore()
if err != nil {
fmt.Fprintf(errOut, "emcli: %v\n", err)
return 1
}
defer st.Close()
if err := auditList(st, *account, *limit, out); err != nil {
fmt.Fprintf(errOut, "audit list: %v\n", err)
return 1
}
return 0
}
// runWhitelist handles `whitelist <in|out> add --account NAME --address A`.
func runWhitelist(args []string, out, errOut io.Writer) int {
if len(args) < 2 {
internal/cli/admin_test.go
+115
View File
@@ -0,0 +1,115 @@
package cli
import (
"bytes"
"path/filepath"
"strings"
"testing"
"time"
"git.dcglab.co.uk/steve/emcli/internal/store"
)
// adminEnv points EMCLI_KEY/EMCLI_DB at a fresh temp DB and returns its path.
func adminEnv(t *testing.T) string {
t.Helper()
db := filepath.Join(t.TempDir(), "emcli.db")
t.Setenv("EMCLI_KEY", b64Key())
t.Setenv("EMCLI_DB", db)
return db
}
func run(t *testing.T, args ...string) (int, string, string) {
t.Helper()
var out, errOut bytes.Buffer
code := Run(args, &out, &errOut)
return code, out.String(), errOut.String()
}
func TestConfigSetGet(t *testing.T) {
adminEnv(t)
if code, _, e := run(t, "config", "set", "audit_retention_days", "30"); code != 0 {
t.Fatalf("config set failed: %s", e)
}
code, out, _ := run(t, "config", "get", "audit_retention_days")
if code != 0 || !strings.Contains(out, "30") {
t.Fatalf("config get: code=%d out=%q", code, out)
}
}
func TestConfigSetRejectsBadRetention(t *testing.T) {
adminEnv(t)
if code, _, _ := run(t, "config", "set", "audit_retention_days", "-5"); code == 0 {
t.Fatal("negative retention must be rejected")
}
if code, _, _ := run(t, "config", "set", "audit_retention_days", "abc"); code == 0 {
t.Fatal("non-integer retention must be rejected")
}
}
func TestAccountRemove(t *testing.T) {
adminEnv(t)
run(t, "account", "add", "--name", "gone", "--imap-host", "h", "--username", "u@x.com")
if code, _, e := run(t, "account", "remove", "--name", "gone", "--yes"); code != 0 {
t.Fatalf("remove failed: %s", e)
}
_, out, _ := run(t, "account", "list")
if strings.Contains(out, "gone") {
t.Fatalf("account still listed after remove:\n%s", out)
}
}
func TestAccountRemoveMissing(t *testing.T) {
adminEnv(t)
if code, _, _ := run(t, "account", "remove", "--name", "nope", "--yes"); code == 0 {
t.Fatal("removing a missing account must be non-zero")
}
}
func TestAccountEditPartialPreservesOtherFields(t *testing.T) {
db := adminEnv(t)
run(t, "account", "add", "--name", "ed", "--mode", "RO",
"--imap-host", "imap.x.com", "--username", "u@x.com", "--password", "orig")
// Edit only mode + add SMTP; imap-host, username, password must be preserved.
if code, _, e := run(t, "account", "edit", "--name", "ed", "--mode", "RW",
"--smtp-host", "smtp.x.com", "--smtp-port", "587", "--smtp-security", "starttls"); code != 0 {
t.Fatalf("edit failed: %s", e)
}
st, err := store.Open(db, mustKey())
if err != nil {
t.Fatalf("open: %v", err)
}
defer st.Close()
got, err := st.GetAccount("ed")
if err != nil {
t.Fatalf("GetAccount: %v", err)
}
if got.Mode != "RW" || got.SMTPHost != "smtp.x.com" || got.SMTPPort != 587 {
t.Fatalf("edit didn't apply: %+v", got)
}
if got.IMAPHost != "imap.x.com" || got.Username != "u@x.com" || got.Password != "orig" {
t.Fatalf("edit clobbered preserved fields: %+v", got)
}
}
func TestAuditListCoreRenders(t *testing.T) {
st, err := store.Open(filepath.Join(t.TempDir(), "e.db"), testKey())
if err != nil {
t.Fatalf("open: %v", err)
}
defer st.Close()
now := time.Date(2026, 6, 22, 0, 0, 0, 0, time.UTC)
_ = st.Audit(now, store.AuditEntry{Account: "a", Action: "list", Target: "INBOX", Result: "allowed"})
_ = st.Audit(now, store.AuditEntry{Account: "a", Action: "send", Target: "x@y.com", Result: "blocked", Reason: "whitelist_out"})
var buf bytes.Buffer
if err := auditList(st, "", 50, &buf); err != nil {
t.Fatalf("auditList: %v", err)
}
out := buf.String()
if !strings.Contains(out, "list") || !strings.Contains(out, "whitelist_out") {
t.Fatalf("audit rows not rendered:\n%s", out)
}
}
// mustKey decodes the same 32-zero-byte key used by b64Key for store reopen.
func mustKey() []byte { return make([]byte, 32) }
internal/cli/agent.go
+7 -5
View File
@@ -25,11 +25,13 @@ type Mailer interface {
}
type Deps struct {
Store *store.Store
Dial func(store.Account) (Mailer, error)
Send func(store.Account, mail.OutgoingMessage) error
Now func() time.Time
Out io.Writer
Store *store.Store
Dial func(store.Account) (Mailer, error)
Send func(store.Account, mail.OutgoingMessage) error
CheckIMAP func(store.Account) error
CheckSMTP func(store.Account) error
Now func() time.Time
Out io.Writer
}
func (d Deps) emit(e Envelope) error {
internal/cli/agent_test.go
+3 -1
View File
@@ -18,7 +18,9 @@ type fakeMailer struct {
full map[uint32]mail.Message
}
func (f *fakeMailer) SelectFolder(string) (uint32, uint32, error) { return f.uidValidity, f.maxUID, nil }
func (f *fakeMailer) SelectFolder(string) (uint32, uint32, error) {
return f.uidValidity, f.maxUID, nil
}
func (f *fakeMailer) FetchHeaders(_ string, uids []uint32) ([]mail.Header, error) {
if len(uids) == 0 {
return f.headers, nil
internal/cli/doctor.go
+61
View File
@@ -0,0 +1,61 @@
package cli
import "fmt"
// DoctorCmd runs connectivity/auth diagnostics. For each account (optionally
// filtered to one), it checks IMAP and — for RW accounts with an SMTP host —
// SMTP, printing a human-readable per-check result. It returns errCommandFailed
// if any check fails so the process can exit non-zero. Secrets are never printed.
func DoctorCmd(d Deps, account string) error {
accounts, err := d.Store.ListAccounts()
if err != nil {
fmt.Fprintf(d.Out, "FAIL: cannot list accounts: %v\n", err)
return errCommandFailed
}
anyFail := false
checked := 0
for _, listed := range accounts {
if account != "" && listed.Name != account {
continue
}
checked++
// ListAccounts strips secrets; re-fetch to get decrypted credentials.
a, err := d.Store.GetAccount(listed.Name)
if err != nil {
fmt.Fprintf(d.Out, "%s\n FAIL: %v\n", listed.Name, err)
anyFail = true
continue
}
fmt.Fprintf(d.Out, "%s (%s)\n", a.Name, a.Mode)
if err := d.CheckIMAP(a); err != nil {
fmt.Fprintf(d.Out, " IMAP FAIL: %v\n", err)
anyFail = true
} else {
fmt.Fprintf(d.Out, " IMAP ok\n")
}
switch {
case a.Mode != "RW":
fmt.Fprintf(d.Out, " SMTP n/a (read-only)\n")
case a.SMTPHost == "":
fmt.Fprintf(d.Out, " SMTP n/a (no smtp host configured)\n")
default:
if err := d.CheckSMTP(a); err != nil {
fmt.Fprintf(d.Out, " SMTP FAIL: %v\n", err)
anyFail = true
} else {
fmt.Fprintf(d.Out, " SMTP ok\n")
}
}
}
if account != "" && checked == 0 {
fmt.Fprintf(d.Out, "FAIL: account not found: %s\n", account)
return errCommandFailed
}
if anyFail {
return errCommandFailed
}
return nil
}
internal/cli/doctor_test.go
+107
View File
@@ -0,0 +1,107 @@
package cli
import (
"errors"
"path/filepath"
"strings"
"testing"
"git.dcglab.co.uk/steve/emcli/internal/store"
)
func doctorDeps(t *testing.T, accounts []store.Account, imap, smtp func(store.Account) error) (Deps, *[]byte) {
t.Helper()
st, err := store.Open(filepath.Join(t.TempDir(), "e.db"), testKey())
if err != nil {
t.Fatalf("store: %v", err)
}
t.Cleanup(func() { st.Close() })
for _, a := range accounts {
if _, err := st.AddAccount(a); err != nil {
t.Fatalf("AddAccount %s: %v", a.Name, err)
}
}
buf := &[]byte{}
d := Deps{Store: st, CheckIMAP: imap, CheckSMTP: smtp, Out: bufWriter{buf}}
return d, buf
}
func roAcc(name string) store.Account {
return store.Account{Name: name, Mode: "RO", IMAPHost: "h", IMAPPort: 993, IMAPSecurity: "tls",
AuthType: "password", Username: "u@x.com", Password: "p"}
}
func rwAcc(name string) store.Account {
a := roAcc(name)
a.Mode = "RW"
a.SMTPHost, a.SMTPPort, a.SMTPSecurity = "h", 465, "tls"
return a
}
func TestDoctorAllOK(t *testing.T) {
ok := func(store.Account) error { return nil }
d, buf := doctorDeps(t, []store.Account{rwAcc("work")}, ok, ok)
if err := DoctorCmd(d, ""); err != nil {
t.Fatalf("DoctorCmd returned error when all checks pass: %v", err)
}
out := string(*buf)
if !strings.Contains(out, "work") || strings.Contains(strings.ToLower(out), "fail") {
t.Fatalf("unexpected report:\n%s", out)
}
}
func TestDoctorReportsSMTPFailure(t *testing.T) {
ok := func(store.Account) error { return nil }
bad := func(store.Account) error { return errors.New("auth rejected") }
d, buf := doctorDeps(t, []store.Account{rwAcc("work")}, ok, bad)
err := DoctorCmd(d, "")
if err == nil {
t.Fatal("DoctorCmd must return error when a check fails (non-zero exit)")
}
out := string(*buf)
if !strings.Contains(strings.ToLower(out), "fail") || !strings.Contains(out, "auth rejected") {
t.Fatalf("failure not reported:\n%s", out)
}
}
func TestDoctorSkipsSMTPForRO(t *testing.T) {
ok := func(store.Account) error { return nil }
smtpCalled := false
smtp := func(store.Account) error { smtpCalled = true; return nil }
d, _ := doctorDeps(t, []store.Account{roAcc("ro")}, ok, smtp)
if err := DoctorCmd(d, ""); err != nil {
t.Fatalf("DoctorCmd: %v", err)
}
if smtpCalled {
t.Fatal("SMTP check must be skipped for RO accounts")
}
}
func TestDoctorUsesDecryptedCredentials(t *testing.T) {
// roAcc has Password "p". ListAccounts strips secrets, so doctor must
// re-fetch the decrypted account before checking — otherwise the live
// check runs with an empty password.
var gotPassword string
imap := func(a store.Account) error { gotPassword = a.Password; return nil }
ok := func(store.Account) error { return nil }
d, _ := doctorDeps(t, []store.Account{roAcc("work")}, imap, ok)
if err := DoctorCmd(d, ""); err != nil {
t.Fatalf("DoctorCmd: %v", err)
}
if gotPassword != "p" {
t.Fatalf("check received password %q, want decrypted \"p\"", gotPassword)
}
}
func TestDoctorFiltersByAccount(t *testing.T) {
ok := func(store.Account) error { return nil }
checked := map[string]bool{}
imap := func(a store.Account) error { checked[a.Name] = true; return nil }
d, _ := doctorDeps(t, []store.Account{roAcc("a"), roAcc("b")}, imap, ok)
if err := DoctorCmd(d, "b"); err != nil {
t.Fatalf("DoctorCmd: %v", err)
}
if checked["a"] || !checked["b"] {
t.Fatalf("account filter wrong: %v", checked)
}
}
internal/cli/interactive.go
+93
View File
@@ -0,0 +1,93 @@
package cli
import (
"fmt"
"io"
tea "github.com/charmbracelet/bubbletea"
"git.dcglab.co.uk/steve/emcli/internal/store"
"git.dcglab.co.uk/steve/emcli/internal/tui"
)
// runForm launches the bubbletea account form and returns the final model.
// This is interactive terminal glue (not unit-tested); all logic it relies on
// lives in the tui and store packages, which are tested.
func runForm(initial tui.Fields, editing bool) (tui.AccountForm, error) {
p := tea.NewProgram(tui.NewAccountForm(initial, editing))
m, err := p.Run()
if err != nil {
return tui.AccountForm{}, err
}
return m.(tui.AccountForm), nil
}
// addInteractive runs the form for a new account and persists it.
func addInteractive(st *store.Store, initial tui.Fields, out, errOut io.Writer) int {
form, err := runForm(initial, false)
if err != nil {
fmt.Fprintf(errOut, "form: %v\n", err)
return 1
}
if form.Cancelled() {
fmt.Fprintln(out, "cancelled")
return 1
}
acc := form.Account()
if _, err := st.AddAccount(acc); err != nil {
fmt.Fprintf(errOut, "add account: %v\n", err)
return 1
}
fmt.Fprintf(out, "account %q added (%s)\n", acc.Name, acc.Mode)
return 0
}
// editInteractive runs the form prefilled from an existing account and saves it.
func editInteractive(st *store.Store, name string, out, errOut io.Writer) int {
acc, err := st.GetAccount(name)
if err != nil {
fmt.Fprintf(errOut, "edit: %v\n", err)
return 1
}
form, err := runForm(tui.FieldsFromAccount(acc), true)
if err != nil {
fmt.Fprintf(errOut, "form: %v\n", err)
return 1
}
if form.Cancelled() {
fmt.Fprintln(out, "cancelled")
return 1
}
updated := form.Account()
if !form.PasswordSet() {
updated.Password = "" // blank ⇒ UpdateAccount keeps the existing password
}
if err := st.UpdateAccount(updated); err != nil {
fmt.Fprintf(errOut, "edit: %v\n", err)
return 1
}
fmt.Fprintf(out, "account %q updated\n", name)
return 0
}
// runInit creates/opens the DB and adds the first account via the TUI form,
// seeding a default audit retention if unset.
func runInit(args []string, out, errOut io.Writer) int {
st, err := openStore()
if err != nil {
fmt.Fprintf(errOut, "emcli: %v\n", err)
return 1
}
defer st.Close()
if _, err := st.GetSetting("audit_retention_days"); err != nil {
_ = st.SetSetting("audit_retention_days", "90")
}
accs, _ := st.ListAccounts()
if len(accs) > 0 {
fmt.Fprintf(out, "emcli is already initialized (%d account(s)); adding another.\n", len(accs))
} else {
fmt.Fprintln(out, "Initializing emcli — add your first account.")
}
return addInteractive(st, tui.Fields{}, out, errOut)
}
internal/cli/run.go
+48 -1
View File
@@ -44,8 +44,47 @@ func realSender(acc store.Account, m mail.OutgoingMessage) error {
}, m)
}
func realCheckIMAP(acc store.Account) error {
return mail.CheckIMAP(mail.IMAPConfig{
Host: acc.IMAPHost, Port: acc.IMAPPort, Security: acc.IMAPSecurity,
Username: acc.Username, Password: acc.Password,
})
}
func realCheckSMTP(acc store.Account) error {
return mail.CheckSMTP(mail.SMTPConfig{
Host: acc.SMTPHost, Port: acc.SMTPPort, Security: acc.SMTPSecurity,
Username: acc.Username, Password: acc.Password,
})
}
func newDepsLive(st *store.Store, out io.Writer) Deps {
return Deps{Store: st, Dial: realMailer, Send: realSender, Now: time.Now, Out: out}
return Deps{
Store: st, Dial: realMailer, Send: realSender,
CheckIMAP: realCheckIMAP, CheckSMTP: realCheckSMTP,
Now: time.Now, Out: out,
}
}
// runDoctor handles `doctor [--account <name>]` (human-readable diagnostics).
func runDoctor(args []string, out, errOut io.Writer) int {
fs := flag.NewFlagSet("doctor", flag.ContinueOnError)
fs.SetOutput(errOut)
account := fs.String("account", "", "check only this account")
if err := fs.Parse(args); err != nil {
return 2
}
st, err := openStore()
if err != nil {
fmt.Fprintf(errOut, "emcli: %v\n", err)
return 1
}
defer st.Close()
d := newDepsLive(st, out)
if err := DoctorCmd(d, *account); err != nil {
return 1
}
return 0
}
// Run routes a command line and returns an exit code.
@@ -64,6 +103,14 @@ func Run(args []string, out, errOut io.Writer) int {
return runAccount(rest, out, errOut)
case "whitelist":
return runWhitelist(rest, out, errOut)
case "config":
return runConfig(rest, out, errOut)
case "audit":
return runAudit(rest, out, errOut)
case "doctor":
return runDoctor(rest, out, errOut)
case "init":
return runInit(rest, out, errOut)
default:
fmt.Fprintf(errOut, "emcli: unknown command %q\n", cmd)
return 2
internal/cli/run_test.go
+1 -1
View File
@@ -36,7 +36,7 @@ func TestListUsageErrorIsJSON(t *testing.T) {
// Agent command with a missing required flag emits a JSON error envelope.
var out, errOut bytes.Buffer
t.Setenv("EMCLI_KEY", b64Key())
t.Setenv("EMCLI_DB", "") // default path is fine; command fails before connecting
t.Setenv("EMCLI_DB", "") // default path is fine; command fails before connecting
code := Run([]string{"list"}, &out, &errOut) // missing --account
if code == 0 {
t.Fatal("missing --account should be non-zero")
internal/mail/check.go
+50
View File
@@ -0,0 +1,50 @@
package mail
import (
"crypto/tls"
"fmt"
"github.com/emersion/go-sasl"
"github.com/emersion/go-smtp"
)
// CheckIMAP verifies that the IMAP endpoint connects and the credentials
// authenticate, then logs out. It transfers no mail. A nil return means the
// account can read.
func CheckIMAP(cfg IMAPConfig) error {
c, err := Dial(cfg) // Dial connects and logs in
if err != nil {
return err
}
return c.Logout()
}
// CheckSMTP verifies that the SMTP endpoint connects and the credentials
// authenticate (SASL PLAIN), then quits. It sends no mail. A nil return means
// the account can send.
func CheckSMTP(cfg SMTPConfig) error {
addr := fmt.Sprintf("%s:%d", cfg.Host, cfg.Port)
tlsConf := &tls.Config{ServerName: cfg.Host}
var (
c *smtp.Client
err error
)
switch cfg.Security {
case "tls":
c, err = smtp.DialTLS(addr, tlsConf)
case "starttls":
c, err = smtp.DialStartTLS(addr, tlsConf)
default:
return fmt.Errorf("unknown smtp security %q", cfg.Security)
}
if err != nil {
return fmt.Errorf("smtp connect: %w", err)
}
defer c.Close()
if err := c.Auth(sasl.NewPlainClient("", cfg.Username, cfg.Password)); err != nil {
return fmt.Errorf("smtp auth: %w", err)
}
return c.Quit()
}
internal/mail/check_test.go
+30
View File
@@ -0,0 +1,30 @@
package mail
import (
"strings"
"testing"
)
// Both checks must fail cleanly (error, no panic) against an unroutable host.
// 127.0.0.1:1 has nothing listening, so the dial fails fast.
func TestCheckIMAPFailsCleanly(t *testing.T) {
err := CheckIMAP(IMAPConfig{Host: "127.0.0.1", Port: 1, Security: "tls", Username: "u", Password: "p"})
if err == nil {
t.Fatal("expected connection error")
}
}
func TestCheckSMTPFailsCleanly(t *testing.T) {
err := CheckSMTP(SMTPConfig{Host: "127.0.0.1", Port: 1, Security: "tls", Username: "u", Password: "p"})
if err == nil {
t.Fatal("expected connection error")
}
}
func TestCheckSMTPRejectsUnknownSecurity(t *testing.T) {
err := CheckSMTP(SMTPConfig{Host: "127.0.0.1", Port: 1, Security: "bogus"})
if err == nil || !strings.Contains(err.Error(), "security") {
t.Fatalf("want security error, got %v", err)
}
}
internal/store/account.go
+36
View File
@@ -100,6 +100,42 @@ func (s *Store) ListAccounts() ([]Account, error) {
return out, rows.Err()
}
// UpdateAccount updates an existing account's mutable fields, matched by Name.
// The password and OAuth secrets are re-encrypted only when a non-empty value is
// supplied; a blank value preserves whatever is already stored. Returns
// ErrAccountNotFound if no account has that name.
func (s *Store) UpdateAccount(a Account) error {
// Build the SET clause, conditionally including secret columns.
set := `mode=?, imap_host=?, imap_port=?, imap_security=?,
smtp_host=?, smtp_port=?, smtp_security=?,
auth_type=?, username=?,
whitelist_in_enabled=?, whitelist_out_enabled=?, subject_regex=?, process_backlog=?`
args := []any{
a.Mode, a.IMAPHost, a.IMAPPort, a.IMAPSecurity,
nullStr(a.SMTPHost), nullInt(a.SMTPPort), nullStr(a.SMTPSecurity),
a.AuthType, a.Username,
b2i(a.WhitelistInEnabled), b2i(a.WhitelistOutEnabled),
nullStr(a.SubjectRegex), b2i(a.ProcessBacklog),
}
if a.Password != "" {
enc, err := crypto.Seal(s.key, []byte(a.Password))
if err != nil {
return err
}
set += ", enc_password=?"
args = append(args, enc)
}
args = append(args, a.Name)
res, err := s.db.Exec("UPDATE accounts SET "+set+" WHERE name=?", args...)
if err != nil {
return fmt.Errorf("update account: %w", err)
}
if n, _ := res.RowsAffected(); n == 0 {
return ErrAccountNotFound
}
return nil
}
func (s *Store) DeleteAccount(name string) error {
res, err := s.db.Exec("DELETE FROM accounts WHERE name = ?", name)
if err != nil {
internal/store/audit.go
+15 -2
View File
@@ -43,8 +43,21 @@ func (s *Store) PurgeAudit(now time.Time) (int64, error) {
}
func (s *Store) RecentAudit(limit int) ([]AuditEntry, error) {
rows, err := s.db.Query(
"SELECT ts,account,action,target,result,COALESCE(reason,'') FROM audit_log ORDER BY id DESC LIMIT ?", limit)
return s.RecentAuditFor("", limit)
}
// RecentAuditFor returns recent audit entries, newest first. An empty account
// returns entries for all accounts; otherwise only that account's entries.
func (s *Store) RecentAuditFor(account string, limit int) ([]AuditEntry, error) {
q := "SELECT ts,account,action,target,result,COALESCE(reason,'') FROM audit_log"
var args []any
if account != "" {
q += " WHERE account=?"
args = append(args, account)
}
q += " ORDER BY id DESC LIMIT ?"
args = append(args, limit)
rows, err := s.db.Query(q, args...)
if err != nil {
return nil, err
}
internal/store/update_test.go
+82
View File
@@ -0,0 +1,82 @@
package store
import (
"testing"
"time"
)
func TestUpdateAccountChangesFieldsKeepsPasswordWhenBlank(t *testing.T) {
s := openTemp(t)
if _, err := s.AddAccount(sampleAccount()); err != nil { // RO, password "s3cr3t"
t.Fatalf("AddAccount: %v", err)
}
upd := sampleAccount()
upd.Mode = "RW"
upd.IMAPPort = 143
upd.SMTPHost = "smtp.example.com"
upd.SMTPPort = 587
upd.SMTPSecurity = "starttls"
upd.Password = "" // blank => keep existing password
if err := s.UpdateAccount(upd); err != nil {
t.Fatalf("UpdateAccount: %v", err)
}
got, err := s.GetAccount("work")
if err != nil {
t.Fatalf("GetAccount: %v", err)
}
if got.Mode != "RW" || got.IMAPPort != 143 || got.SMTPHost != "smtp.example.com" || got.SMTPPort != 587 {
t.Fatalf("fields not updated: %+v", got)
}
if got.Password != "s3cr3t" {
t.Fatalf("blank password should preserve existing, got %q", got.Password)
}
}
func TestUpdateAccountReEncryptsNewPassword(t *testing.T) {
s := openTemp(t)
_, _ = s.AddAccount(sampleAccount())
upd := sampleAccount()
upd.Password = "n3wpass"
if err := s.UpdateAccount(upd); err != nil {
t.Fatalf("UpdateAccount: %v", err)
}
got, _ := s.GetAccount("work")
if got.Password != "n3wpass" {
t.Fatalf("password not updated: %q", got.Password)
}
// And it is encrypted at rest.
var blob []byte
_ = s.db.QueryRow("SELECT enc_password FROM accounts WHERE name='work'").Scan(&blob)
if string(blob) == "n3wpass" || len(blob) == 0 {
t.Fatalf("new password not encrypted at rest")
}
}
func TestUpdateAccountMissing(t *testing.T) {
s := openTemp(t)
if err := s.UpdateAccount(sampleAccount()); err == nil {
t.Fatal("updating a non-existent account must error")
}
}
func TestRecentAuditForFiltersByAccount(t *testing.T) {
s := openTemp(t)
now := time.Date(2026, 6, 22, 0, 0, 0, 0, time.UTC)
_ = s.Audit(now, AuditEntry{Account: "a", Action: "list", Target: "INBOX", Result: "allowed"})
_ = s.Audit(now, AuditEntry{Account: "b", Action: "send", Target: "x@y.com", Result: "allowed"})
_ = s.Audit(now, AuditEntry{Account: "a", Action: "get", Target: "1", Result: "allowed"})
all, err := s.RecentAuditFor("", 50)
if err != nil || len(all) != 3 {
t.Fatalf("RecentAuditFor all: len=%d err=%v", len(all), err)
}
onlyA, err := s.RecentAuditFor("a", 50)
if err != nil || len(onlyA) != 2 {
t.Fatalf("RecentAuditFor a: len=%d err=%v", len(onlyA), err)
}
for _, e := range onlyA {
if e.Account != "a" {
t.Fatalf("filter leaked account %q", e.Account)
}
}
}
internal/tui/account.go
+333
View File
@@ -0,0 +1,333 @@
// Package tui holds the bubbletea admin forms (init / interactive account
// add/edit). The form's validation and assembly logic lives in the pure Fields
// type so it can be unit-tested without a terminal.
package tui
import (
"errors"
"fmt"
"strconv"
"strings"
"github.com/charmbracelet/bubbles/textinput"
tea "github.com/charmbracelet/bubbletea"
"github.com/charmbracelet/lipgloss"
"git.dcglab.co.uk/steve/emcli/internal/store"
)
// Fields is the string/bool form state for an account, independent of bubbletea.
type Fields struct {
Name, Mode string
IMAPHost, IMAPPort, IMAPSecurity string
SMTPHost, SMTPPort, SMTPSecurity string
Username, Password string
WhitelistIn, WhitelistOut, ProcessBacklog bool
SubjectRegex string
}
func validSecurity(s string) bool { return s == "tls" || s == "starttls" }
// Validate checks required fields, enum fields, and numeric ports. RW accounts
// additionally require a valid SMTP host/port/security.
func (f Fields) Validate() error {
if strings.TrimSpace(f.Name) == "" {
return errors.New("name is required")
}
if strings.TrimSpace(f.IMAPHost) == "" {
return errors.New("imap host is required")
}
if strings.TrimSpace(f.Username) == "" {
return errors.New("username is required")
}
if f.Mode != "RO" && f.Mode != "RW" {
return errors.New("mode must be RO or RW")
}
if !validSecurity(f.IMAPSecurity) {
return errors.New("imap security must be tls or starttls")
}
if _, err := strconv.Atoi(f.IMAPPort); err != nil {
return errors.New("imap port must be a number")
}
if f.Mode == "RW" {
if strings.TrimSpace(f.SMTPHost) == "" {
return errors.New("RW account requires an smtp host")
}
if !validSecurity(f.SMTPSecurity) {
return errors.New("smtp security must be tls or starttls")
}
if _, err := strconv.Atoi(f.SMTPPort); err != nil {
return errors.New("smtp port must be a number")
}
}
return nil
}
// ToAccount assembles a store.Account. The second return is whether a password
// was supplied (false ⇒ an edit should keep the existing password).
func (f Fields) ToAccount() (store.Account, bool) {
ip, _ := strconv.Atoi(f.IMAPPort)
a := store.Account{
Name: strings.TrimSpace(f.Name), Mode: f.Mode,
IMAPHost: f.IMAPHost, IMAPPort: ip, IMAPSecurity: f.IMAPSecurity,
AuthType: "password", Username: f.Username, Password: f.Password,
WhitelistInEnabled: f.WhitelistIn, WhitelistOutEnabled: f.WhitelistOut,
SubjectRegex: f.SubjectRegex, ProcessBacklog: f.ProcessBacklog,
}
if f.Mode == "RW" {
sp, _ := strconv.Atoi(f.SMTPPort)
a.SMTPHost, a.SMTPPort, a.SMTPSecurity = f.SMTPHost, sp, f.SMTPSecurity
}
return a, f.Password != ""
}
func itoaPort(p int) string {
if p == 0 {
return ""
}
return strconv.Itoa(p)
}
// FieldsFromAccount prefills a form from an existing account. The password is
// never read back (it stays blank; a blank password on save keeps the existing).
func FieldsFromAccount(a store.Account) Fields {
return Fields{
Name: a.Name, Mode: a.Mode,
IMAPHost: a.IMAPHost, IMAPPort: itoaPort(a.IMAPPort), IMAPSecurity: a.IMAPSecurity,
SMTPHost: a.SMTPHost, SMTPPort: itoaPort(a.SMTPPort), SMTPSecurity: a.SMTPSecurity,
Username: a.Username,
WhitelistIn: a.WhitelistInEnabled,
WhitelistOut: a.WhitelistOutEnabled,
ProcessBacklog: a.ProcessBacklog,
SubjectRegex: a.SubjectRegex,
}
}
// ---- bubbletea model ----
type fieldDef struct {
key string
label string
isBool bool
password bool
}
var fieldDefs = []fieldDef{
{key: "name", label: "Name"},
{key: "mode", label: "Mode (RO/RW)"},
{key: "imap_host", label: "IMAP host"},
{key: "imap_port", label: "IMAP port"},
{key: "imap_security", label: "IMAP security (tls/starttls)"},
{key: "smtp_host", label: "SMTP host (RW)"},
{key: "smtp_port", label: "SMTP port (RW)"},
{key: "smtp_security", label: "SMTP security (tls/starttls)"},
{key: "username", label: "Username"},
{key: "password", label: "Password", password: true},
{key: "whitelist_in", label: "Whitelist inbound (y/n)", isBool: true},
{key: "whitelist_out", label: "Whitelist outbound (y/n)", isBool: true},
{key: "process_backlog", label: "Process backlog (y/n)", isBool: true},
{key: "subject_regex", label: "Subject regex (optional)"},
}
func boolStr(b bool) string {
if b {
return "y"
}
return "n"
}
func parseBool(s string) bool {
switch strings.ToLower(strings.TrimSpace(s)) {
case "y", "yes", "true", "1":
return true
}
return false
}
func fieldValue(f Fields, key string) string {
switch key {
case "name":
return f.Name
case "mode":
return f.Mode
case "imap_host":
return f.IMAPHost
case "imap_port":
return f.IMAPPort
case "imap_security":
return f.IMAPSecurity
case "smtp_host":
return f.SMTPHost
case "smtp_port":
return f.SMTPPort
case "smtp_security":
return f.SMTPSecurity
case "username":
return f.Username
case "password":
return f.Password
case "whitelist_in":
return boolStr(f.WhitelistIn)
case "whitelist_out":
return boolStr(f.WhitelistOut)
case "process_backlog":
return boolStr(f.ProcessBacklog)
case "subject_regex":
return f.SubjectRegex
}
return ""
}
// AccountForm is the bubbletea Model for adding/editing an account.
type AccountForm struct {
inputs []textinput.Model
focus int
editing bool
done bool
cancelled bool
err error
result store.Account
pwSet bool
}
// NewAccountForm builds a form pre-populated from initial. editing only affects
// the displayed hint (password may be left blank to keep the existing one).
func NewAccountForm(initial Fields, editing bool) AccountForm {
// Sensible defaults for a fresh form.
if initial.Mode == "" {
initial.Mode = "RO"
}
if initial.IMAPPort == "" {
initial.IMAPPort = "993"
}
if initial.IMAPSecurity == "" {
initial.IMAPSecurity = "tls"
}
if initial.SMTPSecurity == "" {
initial.SMTPSecurity = "tls"
}
inputs := make([]textinput.Model, len(fieldDefs))
for i, d := range fieldDefs {
ti := textinput.New()
ti.Prompt = ""
ti.SetValue(fieldValue(initial, d.key))
if d.password {
ti.EchoMode = textinput.EchoPassword
}
if i == 0 {
ti.Focus()
}
inputs[i] = ti
}
return AccountForm{inputs: inputs, editing: editing}
}
func (m AccountForm) collect() Fields {
get := func(i int) string { return strings.TrimSpace(m.inputs[i].Value()) }
f := Fields{}
for i, d := range fieldDefs {
v := get(i)
switch d.key {
case "name":
f.Name = v
case "mode":
f.Mode = strings.ToUpper(v)
case "imap_host":
f.IMAPHost = v
case "imap_port":
f.IMAPPort = v
case "imap_security":
f.IMAPSecurity = strings.ToLower(v)
case "smtp_host":
f.SMTPHost = v
case "smtp_port":
f.SMTPPort = v
case "smtp_security":
f.SMTPSecurity = strings.ToLower(v)
case "username":
f.Username = v
case "password":
f.Password = m.inputs[i].Value() // do not trim a password
case "whitelist_in":
f.WhitelistIn = parseBool(v)
case "whitelist_out":
f.WhitelistOut = parseBool(v)
case "process_backlog":
f.ProcessBacklog = parseBool(v)
case "subject_regex":
f.SubjectRegex = v
}
}
return f
}
func (m AccountForm) Init() tea.Cmd { return textinput.Blink }
// Update implements tea.Model.
func (m AccountForm) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
if key, ok := msg.(tea.KeyMsg); ok {
switch key.String() {
case "ctrl+c", "esc":
m.cancelled = true
return m, tea.Quit
case "enter":
f := m.collect()
if err := f.Validate(); err != nil {
m.err = err
return m, nil
}
m.result, m.pwSet = f.ToAccount()
m.done = true
return m, tea.Quit
case "tab", "down":
m.focusNext(1)
return m, nil
case "shift+tab", "up":
m.focusNext(-1)
return m, nil
}
}
// Delegate other messages (typing) to the focused input.
var cmd tea.Cmd
m.inputs[m.focus], cmd = m.inputs[m.focus].Update(msg)
return m, cmd
}
func (m *AccountForm) focusNext(delta int) {
m.inputs[m.focus].Blur()
m.focus = (m.focus + delta + len(m.inputs)) % len(m.inputs)
m.inputs[m.focus].Focus()
}
var labelStyle = lipgloss.NewStyle().Bold(true)
// View implements tea.Model.
func (m AccountForm) View() string {
if m.done || m.cancelled {
return ""
}
var b strings.Builder
title := "Add account"
if m.editing {
title = "Edit account (blank password keeps existing)"
}
b.WriteString(labelStyle.Render(title) + "\n\n")
for i, d := range fieldDefs {
cursor := " "
if i == m.focus {
cursor = "> "
}
b.WriteString(fmt.Sprintf("%s%-32s %s\n", cursor, d.label+":", m.inputs[i].View()))
}
b.WriteString("\n[tab] next [shift+tab] prev [enter] save [esc] cancel\n")
if m.err != nil {
b.WriteString("\nerror: " + m.err.Error() + "\n")
}
return b.String()
}
func (m AccountForm) Done() bool { return m.done }
func (m AccountForm) Cancelled() bool { return m.cancelled }
func (m AccountForm) Err() error { return m.err }
func (m AccountForm) Account() store.Account { return m.result }
func (m AccountForm) PasswordSet() bool { return m.pwSet }
internal/tui/account_test.go
+148
View File
@@ -0,0 +1,148 @@
package tui
import (
"testing"
tea "github.com/charmbracelet/bubbletea"
"git.dcglab.co.uk/steve/emcli/internal/store"
)
func validFields() Fields {
return Fields{
Name: "work", Mode: "RW",
IMAPHost: "imap.x.com", IMAPPort: "993", IMAPSecurity: "tls",
SMTPHost: "smtp.x.com", SMTPPort: "465", SMTPSecurity: "tls",
Username: "u@x.com", Password: "pw",
}
}
func TestFieldsValidateRequired(t *testing.T) {
f := validFields()
f.Name = ""
if err := f.Validate(); err == nil {
t.Fatal("missing name must fail validation")
}
f = validFields()
f.Username = ""
if err := f.Validate(); err == nil {
t.Fatal("missing username must fail validation")
}
f = validFields()
f.IMAPHost = ""
if err := f.Validate(); err == nil {
t.Fatal("missing imap host must fail validation")
}
}
func TestFieldsValidateEnums(t *testing.T) {
f := validFields()
f.Mode = "XX"
if err := f.Validate(); err == nil {
t.Fatal("mode must be RO or RW")
}
f = validFields()
f.IMAPSecurity = "ssl"
if err := f.Validate(); err == nil {
t.Fatal("security must be tls or starttls")
}
f = validFields()
f.IMAPPort = "notnum"
if err := f.Validate(); err == nil {
t.Fatal("port must be numeric")
}
}
func TestFieldsValidateRWNeedsSMTP(t *testing.T) {
f := validFields()
f.SMTPHost = ""
if err := f.Validate(); err == nil {
t.Fatal("RW account requires an SMTP host")
}
// RO without SMTP is fine.
f = validFields()
f.Mode = "RO"
f.SMTPHost, f.SMTPPort, f.SMTPSecurity = "", "", ""
if err := f.Validate(); err != nil {
t.Fatalf("RO without SMTP should validate: %v", err)
}
}
func TestFieldsToAccount(t *testing.T) {
f := validFields()
f.WhitelistIn = true
f.SubjectRegex = "^urgent"
acc, pwSet := f.ToAccount()
if !pwSet {
t.Fatal("password was provided, PasswordSet should be true")
}
if acc.Name != "work" || acc.Mode != "RW" || acc.IMAPPort != 993 || acc.SMTPPort != 465 {
t.Fatalf("account not assembled: %+v", acc)
}
if acc.AuthType != "password" || !acc.WhitelistInEnabled || acc.SubjectRegex != "^urgent" {
t.Fatalf("account flags wrong: %+v", acc)
}
if acc.Password != "pw" {
t.Fatalf("password not carried: %q", acc.Password)
}
}
func TestFieldsToAccountBlankPassword(t *testing.T) {
f := validFields()
f.Password = ""
_, pwSet := f.ToAccount()
if pwSet {
t.Fatal("blank password should report PasswordSet=false (edit keeps existing)")
}
}
func TestFieldsFromAccountRoundTrip(t *testing.T) {
a := store.Account{
Name: "g", Mode: "RW", IMAPHost: "i", IMAPPort: 993, IMAPSecurity: "tls",
SMTPHost: "s", SMTPPort: 587, SMTPSecurity: "starttls",
Username: "u@x.com", WhitelistOutEnabled: true, SubjectRegex: "re:",
}
f := FieldsFromAccount(a)
if f.Name != "g" || f.IMAPPort != "993" || f.SMTPPort != "587" || !f.WhitelistOut || f.SubjectRegex != "re:" {
t.Fatalf("FieldsFromAccount wrong: %+v", f)
}
// Password is never read back from an account.
if f.Password != "" {
t.Fatalf("password must not be prefilled: %q", f.Password)
}
}
func TestAccountFormSubmitValid(t *testing.T) {
m := NewAccountForm(validFields(), false)
// Enter submits; with valid fields the form completes.
nm, _ := m.Update(tea.KeyMsg{Type: tea.KeyEnter})
m = nm.(AccountForm)
if !m.Done() || m.Cancelled() {
t.Fatalf("valid submit should be Done, not cancelled (err=%v)", m.Err())
}
if m.Account().Name != "work" {
t.Fatalf("submitted account wrong: %+v", m.Account())
}
}
func TestAccountFormSubmitInvalidStays(t *testing.T) {
f := validFields()
f.Name = ""
m := NewAccountForm(f, false)
nm, _ := m.Update(tea.KeyMsg{Type: tea.KeyEnter})
m = nm.(AccountForm)
if m.Done() {
t.Fatal("invalid submit must not complete the form")
}
if m.Err() == nil {
t.Fatal("invalid submit should set an error to show the user")
}
}
func TestAccountFormCancel(t *testing.T) {
m := NewAccountForm(validFields(), false)
nm, _ := m.Update(tea.KeyMsg{Type: tea.KeyEsc})
m = nm.(AccountForm)
if !m.Cancelled() {
t.Fatal("esc should cancel the form")
}
}