A custom Gmail orchestration app that keeps customer-facing email unified while routing conversations internally. This app treats Dream-X and PlayerXchange as separate tenants with isolated data.
- Install dependencies:
npm install- Copy env vars:
cp .env.example .env- Run the dev server:
npm run dev- Agent login: http://localhost:8080/login
- Inbox: http://localhost:8080/inbox
- Admin portal: http://localhost:8080/admin
- Create a Google Cloud project and enable Gmail API + Pub/Sub.
- Create a service account and enable Domain-Wide Delegation.
- In Google Workspace Admin, authorize the service account with scopes:
- Add the service account email + private key to
.env. - Ensure MAILBOX_BOARD and MAILBOX_GENERAL match your Workspace mailbox addresses.
- Build command:
npm install && npm run build - Start command:
npm run start - Add env vars from
.envto Render service settings.
- Set
OPENAI_API_KEYand enable per-action flags:AI_TRIAGE_ENABLED=truefor inbound triage notesAI_DRAFT_ENABLED=truefor "Suggest reply"AI_REVIEW_ENABLED=truefor pre-send review (blocks send on failures)
POST /api/auth/login-> agent login (returns token)GET /api/auth/me-> current agentPOST /api/auth/logout-> revoke tokenGET /api/threads-> list inbox summariesGET /api/threads/:id-> fetch a full threadPATCH /api/threads/:id/triage-> status, priority, tags, assignment, internal notesPOST /api/threads/:id/reply-> send a reply as the shared mailboxPOST /api/threads/:id/suggest-reply-> GPT-4o draft suggestion (opt-in)GET /api/threads/:id/attachments/:attachmentId-> download a message attachmentPOST /api/sync-> trigger Gmail sync forboardorgeneralPOST /api/watch-> register Gmail watch forboardorgeneralPOST /api/push-> Pub/Sub push endpoint for Gmail updatesGET /api/stream-> SSE stream for live UI updatesGET /api/agents-> list agents for assignmentGET /api/admin/agents-> admin agent managementPOST /api/admin/agents/:id/reset-> create password reset tokenPOST /api/admin/agents/:id/mfa-> enable MFA + return QRGET /api/admin/settings-> tenant AI policyGET /api/admin/theme-> tenant brand themePATCH /api/admin/theme-> update tenant brand themeGET /api/admin/ai-usage-> AI usage + spend summaryGET /api/admin/storage-health-> Azure Blob container healthGET /api/admin/jobs-> view tenant jobsPOST /api/admin/jobs/run-> run queued jobsGET /api/templates-> list reply templatesPOST /api/templates/render-> render builder blocks (HTML + text)GET /api/audit-> admin audit log
- Tenants are isolated:
board@dream-x.appmaps todream-x,general@playerxchange.orgmaps toplayerxchange. - Admins and agents only see data inside their tenant.
- Gmail watch uses Pub/Sub. Configure the topic and point the push subscription to
/api/push. - Pub/Sub pushes are rate limited and optionally verified with Google JWT (
GMAIL_PUBSUB_JWT_AUDIENCE). - Incremental sync uses Gmail History API based on the latest
historyIdfrom watch/push. - Full sync uses Gmail list pagination via
POST /api/syncwithmode: "full". - The UI listens to
/api/streamfor live updates and falls back to polling if SSE fails. - Threading is based on Gmail thread IDs; message headers are stored for auditing.
- Data is stored in SQLite (
data/app.db). - Default demo agent passwords are set to
changemein the SQLite seed data (hashed at insert). - GPT-4o support is opt-in per action and returns structured JSON only.
- AI usage must be enabled both in env flags and per-tenant admin policy.
- Attachments are stored in Azure Blob Storage and served via SAS URLs.
- MFA can be enabled per agent from the admin portal.
- Password resets are manual: admin generates a token link from the admin portal.
- Email Builder lives at
/admin/builderand uses the tenant theme for branded HTML.
All current TODOs are complete.