Email System Runbook
Email System Runbook
Overview
Centralized email system for ALAI/BasicAS. All outbound email goes through IMAP/SMTP (one.com + domeneshop), with a single audit database tracking everything.
Accounts
| Account | Provider | Usage | |
|---|---|---|---|
| john | [email protected] | one.com | Primary business email |
| info | [email protected] | one.com | General inquiries |
| alai | [email protected] | domeneshop | ALAI branded, signing emails |
Credentials stored in Vaultwarden (bw get item "Email - [email protected]").
How to Send Email
Option 1: MCP (from Claude session — PREFERRED)
mcp__email__email_send({
account_name: "john",
to: "[email protected]",
subject: "Subject",
body: "Body text",
body_type: "html", // or "plain"
attachments: [{path: "/absolute/path/file.pdf"}] // optional
})
Option 2: CLI (from scripts, daemons, agents)
node ~/system/tools/mail-native.js send \
--to [email protected] \
--subject "Subject" \
--body "Body text" \
--account john \
--attachment /path/to/file.pdf # optional, comma-separated for multiple
Option 3: Signing Emails (DocuSeal)
node ~/system/tools/send-signing-email.js send <template_id> '<signer_json>' --test
How to Read Email
MCP (preferred)
mcp__email__emails_find({account_name: "john", query: "invoice", limit: 10})
mcp__email__email_respond({email_id: "12345", body: "Reply text"})
CLI
node ~/system/tools/mail-native.js search "invoice" --account john --limit 20
node ~/system/tools/mail-native.js read <uid> --account john
node ~/system/tools/mail-native.js unread --account john
node ~/system/tools/mail-native.js reply <uid> --body "Reply text"
node ~/system/tools/mail-native.js forward <uid> --to [email protected]
node ~/system/tools/mail-native.js attachment <uid> --save /tmp/downloads
Email Audit (Single Source of Truth)
Database: ~/system/databases/email-audit.db
Every outbound email is logged here, regardless of send path:
- mail-native.js — hard require, logs on every send/reply/forward
- MCP bridge — logs via JS module + Python hook (dedup by message_id)
- signing email — logs via JS module
- Hook safety net —
email-outbox-logger.pycatches MCP sends even if JS fails
Quick Commands
node ~/system/tools/email-audit.js recent # Last 10 sent emails
node ~/system/tools/email-audit.js find "client name" # Search all emails
node ~/system/tools/email-audit.js find "invoice" --days 30 # Last 30 days
node ~/system/tools/email-audit.js stats --days 7 # Stats by tool/account
node ~/system/tools/email-audit.js health # System health check
node ~/system/tools/mail-native.js audit --days 30 # Audit from CLI
node ~/system/tools/mail-native.js sent --account john # IMAP Sent folder
Architecture
Send paths:
MCP (email_send/respond) ──┐
mail-native.js CLI ────────┤──→ email-audit.db (single source of truth)
send-signing-email.js ─────┤
Hook (email-outbox-logger) ─┘ (safety net, dedup by message_id)
DEPRECATED Tools (DO NOT USE)
| Tool | Replacement |
|---|---|
| email.js | mail-native.js |
| email-monitor.js | MCP bridge |
| email-outbox.db | email-audit.db |
| Inline SMTP scripts | BLOCKED by bash-security-gate.py |
Troubleshooting
Email not in audit
- Check
node email-audit.js recent— is it really missing? - Check MCP bridge log:
tail ~/system/logs/email-mcp-bridge.log - Check mail-native log:
tail ~/system/logs/mail-native.log - Run
node email-audit.js health— any warnings?
SMTP connection fails
- Check vault:
bw get item "Email - [email protected]" --session $(cat /tmp/bw-session) | jq .login.username - Test:
node mail-native.js test --account john - one.com rate limits: wait 5 min, retry
Attachments not working
- Verify file exists:
ls -la /path/to/file - Use absolute paths only
- Max attachment size: ~25MB (one.com limit)
- CLI:
--attachment /path/file1.pdf,/path/file2.pdf(comma-separated) - MCP:
attachments: [{path: "/abs/path"}](array of objects)