steve/emcli
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 4 Wiki Activity
Files
5c7dd252db827a04b718cfa8ab90ec3b5608c4e2
emcli/internal/cli/send.go
T
steve c99eaedafd feat(send): Phase 2 send path — SMTP, MIME, reply threading, outbound policy 
Adds the `send` agent command and everything behind it:

- store: Account carries SMTP host/port/security (NULL-safe scan/insert/select);
  admin `account add` gains --smtp-* flags (applied for RW accounts).
- policy: OutboundRule.Check(recipients) → (ok, reason); RO ⇒ ro_mode,
  whitelist-out blocks the whole send if any recipient fails (no partial send).
- mail: Header.References; OutgoingMessage + BuildMIME (plain text + attachments,
  In-Reply-To/References threading, Bcc envelope-only); SendSMTP (tls/starttls,
  SASL PLAIN, envelope send) via emersion/go-smtp.
- cli: SendCmd gates outbound, resolves --reply-to under the inbound filter
  (filtered/absent source ⇒ not_found), reads attachments, audits, emits the
  JSON envelope; repeatable --to/--cc/--bcc/--attach flags wired into the router.

Implemented test-first; full suite passes incl -race. Validated live against
friday.mxlogin.com: real send to me@stevecliff.com, RO + whitelist-out blocks,
and --reply-to threading off a live INBOX message. test-creds.md gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 17:39:07 +01:00

93 lines
3.0 KiB
Go
Raw Blame History

package cli
import (
"mime"
"os"
"path/filepath"
"strings"
"git.dcglab.co.uk/steve/emcli/internal/mail"
"git.dcglab.co.uk/steve/emcli/internal/policy"
"git.dcglab.co.uk/steve/emcli/internal/store"
)
// SendCmd sends a plain-text message (with optional attachments) via the
// account's SMTP endpoint, enforcing outbound policy (RO rejection +
// whitelist-out). When replyToUID > 0, the source message is read from
// replyFolder (subject to inbound filtering) and its Message-ID/References are
// used to thread the reply.
func SendCmd(d Deps, account string, to, cc, bcc []string, subject, body string, attachPaths []string, replyToUID uint32, replyFolder string) error {
acc, err := d.Store.GetAccount(account)
if err != nil {
return d.emit(Failure(CodeNotFound, "account not found: "+account))
}
msg := mail.OutgoingMessage{
From: acc.Username, To: to, Cc: cc, Bcc: bcc,
Subject: subject, BodyText: body,
}
recipients := msg.Recipients()
if len(recipients) == 0 {
return d.emit(Failure(CodeUsage, "at least one recipient is required"))
}
// Outbound enforcement first — block before any network I/O.
wlOut, _ := d.Store.ListWhitelist(account, store.DirOut)
rule := policy.OutboundRule{
Mode: acc.Mode,
WhitelistOutEnabled: acc.WhitelistOutEnabled,
WhitelistOut: wlOut,
}
if ok, reason := rule.Check(recipients); !ok {
d.audit(account, "send", strings.Join(recipients, ","), "blocked", reason)
return d.emit(Failure(CodePolicy, "send blocked: "+reason))
}
// Reply threading: resolve the source's Message-ID/References, applying the
// inbound filter so a hidden source cannot be replied to.
if replyToUID > 0 {
_, irule, m, _, done, fail := d.setup(account, replyFolder)
if fail != nil {
return d.emit(*fail)
}
defer done()
hs, err := m.FetchHeaders(replyFolder, []uint32{replyToUID})
if err != nil {
return d.emit(Failure(CodeNetwork, err.Error()))
}
if len(hs) == 0 || !irule.Allows(hs[0].From, hs[0].Subject) {
d.audit(account, "send", uitoa(replyToUID), "blocked", "filtered")
return d.emit(Failure(CodeNotFound, "reply source not found"))
}
src := hs[0]
if src.MessageID != "" {
msg.InReplyTo = src.MessageID
msg.References = append(append([]string{}, src.References...), src.MessageID)
}
}
// Read attachments from disk.
for _, p := range attachPaths {
content, err := os.ReadFile(p)
if err != nil {
return d.emit(Failure(CodeUsage, "read attachment: "+err.Error()))
}
mimeType := mime.TypeByExtension(filepath.Ext(p))
if mimeType == "" {
mimeType = "application/octet-stream"
}
msg.Attachments = append(msg.Attachments, mail.Attachment{
Name: filepath.Base(p), Size: len(content), MIME: mimeType, Content: content,
})
}
if err := d.Send(acc, msg); err != nil {
d.audit(account, "send", strings.Join(recipients, ","), "blocked", "smtp_error")
return d.emit(Failure(CodeNetwork, err.Error()))
}
d.audit(account, "send", strings.Join(recipients, ","), "allowed", "")
return d.emit(Success(map[string]any{
"sent": true, "recipients": recipients,
}))
}
Reference in New Issue View Git Blame Copy Permalink