feat(send): Phase 2 send path — SMTP, MIME, reply threading, outbound policy

Adds the `send` agent command and everything behind it:

- store: Account carries SMTP host/port/security (NULL-safe scan/insert/select);
  admin `account add` gains --smtp-* flags (applied for RW accounts).
- policy: OutboundRule.Check(recipients) → (ok, reason); RO ⇒ ro_mode,
  whitelist-out blocks the whole send if any recipient fails (no partial send).
- mail: Header.References; OutgoingMessage + BuildMIME (plain text + attachments,
  In-Reply-To/References threading, Bcc envelope-only); SendSMTP (tls/starttls,
  SASL PLAIN, envelope send) via emersion/go-smtp.
- cli: SendCmd gates outbound, resolves --reply-to under the inbound filter
  (filtered/absent source ⇒ not_found), reads attachments, audits, emits the
  JSON envelope; repeatable --to/--cc/--bcc/--attach flags wired into the router.

Implemented test-first; full suite passes incl -race. Validated live against
friday.mxlogin.com: real send to me@stevecliff.com, RO + whitelist-out blocks,
and --reply-to threading off a live INBOX message. test-creds.md gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

internal/cli/run.go

@@ -37,8 +37,15 @@ func openStore() (*store.Store, error) {
 	return store.Open(path, key)
 }
 
+func realSender(acc store.Account, m mail.OutgoingMessage) error {
+	return mail.SendSMTP(mail.SMTPConfig{
+		Host: acc.SMTPHost, Port: acc.SMTPPort, Security: acc.SMTPSecurity,
+		Username: acc.Username, Password: acc.Password,
+	}, m)
+}
+
 func newDepsLive(st *store.Store, out io.Writer) Deps {
-	return Deps{Store: st, Dial: realMailer, Now: time.Now, Out: out}
+	return Deps{Store: st, Dial: realMailer, Send: realSender, Now: time.Now, Out: out}
 }
 
 // Run routes a command line and returns an exit code.
@@ -51,6 +58,8 @@ func Run(args []string, out, errOut io.Writer) int {
 	switch cmd {
 	case "list", "get", "search", "ack":
 		return runAgent(cmd, rest, out, errOut)
+	case "send":
+		return runSend(rest, out, errOut)
 	case "account":
 		return runAccount(rest, out, errOut)
 	case "whitelist":
@@ -139,6 +148,56 @@ func runAgent(cmd string, args []string, out, errOut io.Writer) int {
 	return 0
 }
 
+// stringSlice is a repeatable string flag that also splits comma-separated
+// values, so `--to a@x --to b@x` and `--to a@x,b@x` both yield two recipients.
+type stringSlice []string
+
+func (s *stringSlice) String() string { return strings.Join(*s, ",") }
+func (s *stringSlice) Set(v string) error {
+	for _, part := range strings.Split(v, ",") {
+		if p := strings.TrimSpace(part); p != "" {
+			*s = append(*s, p)
+		}
+	}
+	return nil
+}
+
+// runSend handles the `send` agent command (JSON envelope output).
+func runSend(args []string, out, errOut io.Writer) int {
+	fs := flag.NewFlagSet("send", flag.ContinueOnError)
+	fs.SetOutput(errOut)
+	account := fs.String("account", "", "account name")
+	var to, cc, bcc, attach stringSlice
+	fs.Var(&to, "to", "recipient (repeatable / comma-separated)")
+	fs.Var(&cc, "cc", "cc recipient (repeatable / comma-separated)")
+	fs.Var(&bcc, "bcc", "bcc recipient (repeatable / comma-separated)")
+	fs.Var(&attach, "attach", "attachment file path (repeatable)")
+	subject := fs.String("subject", "", "subject")
+	body := fs.String("body", "", "plain-text body")
+	replyTo := fs.Uint("reply-to", 0, "source UID to reply to (threading)")
+	folder := fs.String("folder", "INBOX", "folder of the reply source")
+	if err := fs.Parse(args); err != nil {
+		_ = Failure(CodeUsage, err.Error()).Write(out)
+		return 2
+	}
+	if *account == "" {
+		_ = Failure(CodeUsage, "--account is required").Write(out)
+		return 2
+	}
+	st, err := openStore()
+	if err != nil {
+		_ = Failure(CodeConfig, err.Error()).Write(out)
+		return 1
+	}
+	defer st.Close()
+	_, _ = st.PurgeAudit(time.Now())
+	d := newDepsLive(st, out)
+	if err := SendCmd(d, *account, to, cc, bcc, *subject, *body, attach, u32(*replyTo), *folder); err != nil {
+		return 1
+	}
+	return 0
+}
+
 func u32(u uint) uint32 { return uint32(u) }
 
 func parseUIDList(s string) ([]uint32, error) {