- New server/config.mjs loads config.json, resolves secrets path relative
to config dir, returns users/smtp/mail_perms_path/bind/port
- server/secrets.mjs removed (logic absorbed into config.mjs)
- smtp moves from secrets.json to config.json
- secrets.json now contains only users (pure credentials)
- config.example.json added as reference template
- .gitignore/.npmignore updated to cover config.json and mail-perms.json
- README updated with new setup and flags
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New modules:
- server/mailer.mjs: nodemailer transport wrapper
- server/mail_perms.mjs: runtime permission store, persisted to disk
New actions:
- send-email: checks (caller, to, topic) permission before sending
- set-mail-permission: grant/revoke permissions, gated by canApprove
- get-mail-permissions: list current permissions
Handler signature extended to handler(params, ctx) where ctx carries
caller, users, mail_perm_store and mailer_send. Existing handlers
ignore ctx so the change is backwards-compatible.
SMTP config lives in secrets.json under optional 'smtp' key.
Mail permissions path via --mail-perms or CONDUIT_MAIL_PERMS.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
--create <names> generates secrets.json with random 32-byte hex secrets
--filter <names> extracts a subset of users into filtered-secrets.json
--input/--output override default file paths
Removes hardcoded user/agent assumptions from secrets.example.json.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each request is signed with HMAC-SHA256 over timestamp+body using a
per-user secret loaded from a --secrets file (never env vars or git).
Users have a canApprove list controlling who may approve queued actions.
Queue entries track submitted_by for permission checks on approve/deny.
Also renames all identifiers to snake_case throughout the codebase.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
