# emcli - PRD

A CLI utility to allows an agent skill to send and receive IMAP emails *but* with only with enforced restrictions configured by the user
Agent never has access directly to IMAP account - everything filters through emcli
Email credentials are never exposed to Agent

## The reason is exists

Even with strong mandatory instructions, AI can still hallucinate - there is a need to protect against these hallucinations when using live emails

## Required Functionality

- single cross platform binary
- config in encrypted SQLite file (to ensure email credentials don't leak)
- encryption key held as ENV variable - should never be exposed to calling Agent
- multiple email account support
- mark an account as "RO" (read only) or "RW" (read and send)
- whitelist-in toggle (false = allow emails from anybody to be read, true = process only emails from whitelisted inbound email addresses)
- whitelist-out toggle (false = allow emails to be sent to anybody, true = send emails only to those in whitelisted outbound email addresses)
- subject filtering - blank to ignore subject, regex to only read specific emails matching a subject
- CLI output generally as structured JSON only (for Agentic use)
- Structured JSON would likely be boolean for error (true/false), JSON blob for error details (or empty if no error), JSON blob for returned data
- Admin functions (CRUD of email accounts, white lists and other config) would be human readable output and may be interactive
- "Pointer" to last read email per account held in config - Agent can ask for only new emails
- No graphical UI needed
- TUI used for init and (re)configuration
- TUI not used for reading emails etc. - we are not building a full email client