IMAP Email Reader

intent

read, search, and manage email via IMAP protocol. supports ProtonMail Bridge, Gmail IMAP, and any standard IMAP server. use this skill when you need to check for new messages, fetch full email content, search across mailboxes with filters, or change message flags (read/unread). works in isolation or integrated into cron jobs and agent workflows for periodic email monitoring and digests.

inputs

environment variables (required):

• IMAP_HOST: server hostname (e.g., 127.0.0.1, imap.gmail.com)
• IMAP_PORT: server port (e.g., 1143 for ProtonMail Bridge, 993 for Gmail SSL)
• IMAP_USER: email address or account username
• IMAP_PASS: IMAP password or app-specific password
• IMAP_TLS: boolean, use TLS/SSL connection (true for SSL on port 993, false for STARTTLS on port 143)
• IMAP_REJECT_UNAUTHORIZED: boolean, validate server certificate (set false for self-signed certs like ProtonMail Bridge, omit or true for public servers)
• IMAP_MAILBOX: default mailbox name (default: INBOX)

setup file location: .env in skill folder, copy from .env.example, never commit to git.

external dependencies: imap-simple (npm package), mailparser (npm package), dotenv (npm package). run npm install in skill folder.

external connections:

• IMAP server (Gmail, ProtonMail Bridge, Outlook, custom server)
• ProtonMail Bridge (if using ProtonMail): must be running locally on 127.0.0.1:1143

common server configs:

• ProtonMail Bridge: host 127.0.0.1, port 1143, TLS false, reject-unauthorized false
• Gmail: host imap.gmail.com, port 993, TLS true, reject-unauthorized true (default), requires app password if 2FA enabled
• Outlook: host imap-mail.outlook.com, port 993, TLS true, reject-unauthorized true

procedure

1. set up environment: copy .env.example to .env in skill folder, fill in IMAP credentials for your server (use ProtonMail Bridge password, not account password, for ProtonMail; use app-specific password for Gmail with 2FA).

2. verify connection: run node scripts/imap.js list-mailboxes to confirm IMAP server responds and authentication succeeds. if connection fails, check host, port, TLS setting, and reject-unauthorized flag.

3. check for new emails: run node scripts/imap.js check [--limit N] [--mailbox NAME] [--recent TIME] to list unread/new messages. default limit 10, default mailbox INBOX. optional --recent flag (e.g., 2h, 7d) filters to emails in last X time. outputs JSON array with uid, from, subject, date, snippet, flags.

4. search emails: run node scripts/imap.js search [options] with filters: --unseen (unread only), --seen (read only), --from (sender), --subject (text), --since (YYYY-MM-DD), --before (YYYY-MM-DD), --recent (time format), --limit (max results, default 20), --mailbox (folder name). returns JSON array of matching message UIDs and metadata.

5. fetch full email: run node scripts/imap.js fetch <uid> [--mailbox NAME] to retrieve complete email body (text + HTML), headers, and attachment info. requires valid UID from check or search step.

6. mark message flags: run node scripts/imap.js mark-read <uid> [uid2 uid3...] to flag message(s) as read, or node scripts/imap.js mark-unread <uid> [uid2 uid3...] to flag as unread. accepts multiple UIDs in single command.

7. list mailboxes: run node scripts/imap.js list-mailboxes to enumerate all available folders/labels (e.g., INBOX, Sent, Drafts, custom folders). useful for verifying mailbox names before search/check operations.

decision points

• if using ProtonMail Bridge: run Bridge locally first, set host to 127.0.0.1, port 1143, TLS to false, reject-unauthorized to false, use Bridge-generated password (not account password).
• if using Gmail with 2FA enabled: generate app-specific password in Google Account settings, use that password in IMAP_PASS (not your regular Gmail password).
• if search returns empty results: verify mailbox name is case-sensitive and exists (use list-mailboxes to confirm), check search criteria match actual emails, try broadening date range or removing filters.
• if connection times out: confirm IMAP server is running and reachable (test with telnet <host> <port>), verify host and port are correct in .env, check firewall does not block port.
• if authentication fails: re-check username (usually full email address), verify password is correct, for ProtonMail Bridge confirm Bridge is running and password is from Bridge (not account password), for Gmail confirm app password is generated if 2FA enabled.
• if TLS/SSL error occurs: match IMAP_TLS to server requirement (true for SSL port 993, false for STARTTLS port 143), for self-signed certs set reject-unauthorized to false, verify port matches TLS mode.
• if rate limit is hit: IMAP servers (especially Gmail) may throttle rapid sequential commands; add delays between requests or batch operations, check server documentation for rate limits.
• if auth token expires: for OAuth-based servers (Gmail), renew app password or re-authenticate; for API keys, rotate and update .env; ProtonMail Bridge requires Bridge process to stay running.

output contract

check command output: JSON array, each object contains:

• uid (integer): message unique identifier
• from (string): sender email address
• subject (string): email subject line
• date (ISO 8601 string): received timestamp
• snippet (string, truncated): preview of message body
• flags (array): IMAP flags (e.g., ["\Seen", "\Flagged"])

search command output: JSON array, each object contains:

• uid (integer): message unique identifier
• from (string): sender email
• subject (string): subject line
• date (ISO 8601 string): received timestamp
• flags (array): IMAP flags matching filter criteria

fetch command output: JSON object containing:

• uid (integer): message unique identifier
• from (string): sender email and name
• to (string): recipient addresses
• subject (string): email subject
• text (string): plain text body
• html (string): HTML body (if present)
• headers (object): full IMAP headers
• attachments (array): metadata for any attachments (name, mimetype, size)

mark-read / mark-unread output: JSON object:

• success (boolean): true if flags updated
• uids (array): list of UIDs modified
• error (string, optional): error message if failed

list-mailboxes output: JSON array of mailbox objects:

• name (string): mailbox folder name
• attribs (array): IMAP attributes (e.g., ["\All", "\HasNoChildren"])
• delimiter (string): path separator (usually / or .)

all outputs are UTF-8 JSON written to stdout.

outcome signal

• check succeeds: receives JSON array with at least one message object (or empty array if no unread emails); subject and from fields are readable and non-empty.
• search succeeds: receives JSON array matching filter criteria; if no results, returns empty array (not an error).
• fetch succeeds: receives JSON object with text or html body field populated; attachments array present even if empty.
• mark-read / mark-unread succeeds: receives JSON with success=true and uids array listing modified messages.
• list-mailboxes succeeds: receives JSON array with at least one mailbox object; name field contains folder names matching server (INBOX always present for standard IMAP).
• connection fails gracefully: error message printed to stderr indicating auth failure, timeout, or TLS mismatch (not a crash or hang).
• periodic cron job succeeds: cron integration delivers email check result to specified channel (e.g., iMessage) on schedule; no manual intervention required after setup.