feat(send): Phase 2 send path — SMTP, MIME, reply threading, outbound policy

Adds the `send` agent command and everything behind it: - store: Account carries SMTP host/port/security (NULL-safe scan/insert/select); admin `account add` gains --smtp-* flags (applied for RW accounts). - policy: OutboundRule.Check(recipients) → (ok, reason); RO ⇒ ro_mode, whitelist-out blocks the whole send if any recipient fails (no partial send). - mail: Header.References; OutgoingMessage + BuildMIME (plain text + attachments, In-Reply-To/References threading, Bcc envelope-only); SendSMTP (tls/starttls, SASL PLAIN, envelope send) via emersion/go-smtp. - cli: SendCmd gates outbound, resolves --reply-to under the inbound filter (filtered/absent source ⇒ not_found), reads attachments, audits, emits the JSON envelope; repeatable --to/--cc/--bcc/--attach flags wired into the router. Implemented test-first; full suite passes incl -race. Validated live against friday.mxlogin.com: real send to me@stevecliff.com, RO + whitelist-out blocks, and --reply-to threading off a live INBOX message. test-creds.md gitignored. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 17:39:07 +01:00
parent 3224a87b6e
commit c99eaedafd
17 changed files with 923 additions and 15 deletions
@@ -18,6 +18,9 @@ type Account struct {
 	IMAPHost            string
 	IMAPPort            int
 	IMAPSecurity        string // tls | starttls
+	SMTPHost            string // nullable for RO accounts
+	SMTPPort            int
+	SMTPSecurity        string // tls | starttls
 	AuthType            string // password | oauth2
 	Username            string
 	Password            string // decrypted; empty in ListAccounts
@@ -38,10 +41,13 @@ func (s *Store) AddAccount(a Account) (int64, error) {
 	}
 	res, err := s.db.Exec(`
 		INSERT INTO accounts
-		  (name,mode,imap_host,imap_port,imap_security,auth_type,username,
+		  (name,mode,imap_host,imap_port,imap_security,smtp_host,smtp_port,smtp_security,
+		   auth_type,username,
 		   enc_password,whitelist_in_enabled,whitelist_out_enabled,subject_regex,process_backlog)
-		VALUES (?,?,?,?,?,?,?,?,?,?,?,?)`,
-		a.Name, a.Mode, a.IMAPHost, a.IMAPPort, a.IMAPSecurity, a.AuthType, a.Username,
+		VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)`,
+		a.Name, a.Mode, a.IMAPHost, a.IMAPPort, a.IMAPSecurity,
+		nullStr(a.SMTPHost), nullInt(a.SMTPPort), nullStr(a.SMTPSecurity),
+		a.AuthType, a.Username,
 		encPw, b2i(a.WhitelistInEnabled), b2i(a.WhitelistOutEnabled),
 		nullStr(a.SubjectRegex), b2i(a.ProcessBacklog))
 	if err != nil {
@@ -52,7 +58,8 @@ func (s *Store) AddAccount(a Account) (int64, error) {

 func (s *Store) GetAccount(name string) (Account, error) {
 	row := s.db.QueryRow(`
-		SELECT id,name,mode,imap_host,imap_port,imap_security,auth_type,username,
+		SELECT id,name,mode,imap_host,imap_port,imap_security,smtp_host,smtp_port,smtp_security,
+		       auth_type,username,
 		       enc_password,whitelist_in_enabled,whitelist_out_enabled,subject_regex,process_backlog
 		FROM accounts WHERE name = ?`, name)
 	a, encPw, err := scanAccount(row)
@@ -74,7 +81,8 @@ func (s *Store) GetAccount(name string) (Account, error) {

 func (s *Store) ListAccounts() ([]Account, error) {
 	rows, err := s.db.Query(`
-		SELECT id,name,mode,imap_host,imap_port,imap_security,auth_type,username,
+		SELECT id,name,mode,imap_host,imap_port,imap_security,smtp_host,smtp_port,smtp_security,
+		       auth_type,username,
 		       enc_password,whitelist_in_enabled,whitelist_out_enabled,subject_regex,process_backlog
 		FROM accounts ORDER BY name`)
 	if err != nil {
@@ -108,17 +116,22 @@ type scanner interface{ Scan(dest ...any) error }

 func scanAccount(sc scanner) (Account, []byte, error) {
 	var (
-		a            Account
-		encPw        []byte
-		subj         sql.NullString
-		wlIn, wlOut  int
-		backlog      int
+		a                       Account
+		encPw                   []byte
+		subj, smtpHost, smtpSec sql.NullString
+		smtpPort                sql.NullInt64
+		wlIn, wlOut             int
+		backlog                 int
 	)
 	err := sc.Scan(&a.ID, &a.Name, &a.Mode, &a.IMAPHost, &a.IMAPPort, &a.IMAPSecurity,
+		&smtpHost, &smtpPort, &smtpSec,
 		&a.AuthType, &a.Username, &encPw, &wlIn, &wlOut, &subj, &backlog)
 	if err != nil {
 		return Account{}, nil, err
 	}
+	a.SMTPHost = smtpHost.String
+	a.SMTPPort = int(smtpPort.Int64)
+	a.SMTPSecurity = smtpSec.String
 	a.WhitelistInEnabled = wlIn != 0
 	a.WhitelistOutEnabled = wlOut != 0
 	a.ProcessBacklog = backlog != 0
@@ -139,3 +152,10 @@ func nullStr(s string) any {
 	}
 	return s
 }
+
+func nullInt(n int) any {
+	if n == 0 {
+		return nil
+	}
+	return n
+}
@@ -35,6 +35,25 @@ func TestAddGetAccountDecryptsSecret(t *testing.T) {
 	}
 }

+func TestAddGetAccountRoundTripsSMTP(t *testing.T) {
+	s := openTemp(t)
+	a := sampleAccount()
+	a.Mode = "RW"
+	a.SMTPHost = "smtp.example.com"
+	a.SMTPPort = 465
+	a.SMTPSecurity = "tls"
+	if _, err := s.AddAccount(a); err != nil {
+		t.Fatalf("AddAccount: %v", err)
+	}
+	got, err := s.GetAccount("work")
+	if err != nil {
+		t.Fatalf("GetAccount: %v", err)
+	}
+	if got.SMTPHost != "smtp.example.com" || got.SMTPPort != 465 || got.SMTPSecurity != "tls" {
+		t.Fatalf("SMTP fields not round-tripped: %+v", got)
+	}
+}
+
 func TestPasswordStoredEncrypted(t *testing.T) {
 	s := openTemp(t)
 	_, _ = s.AddAccount(sampleAccount())