Current compile-time approach is correct for bootstrap architecture:
- Credentials only used during build
- Agent never sees them after
- No binary distribution
- Strings extraction is irrelevant threat
Obfuscation was over-engineering for this use case.
- build-obfuscated.sh: XOR encryption with random 256-bit key
- obfuscation/obfuscation.go: Runtime de-obfuscation package
- OBFUSCATION.md: Documentation and security comparison
- Prevents casual extraction with 'strings' command
- Medium security: Good for personal use, env vars for production
- TEST-PLAN.md: 38 detailed tests covering all features
- quick-test.sh: Automated quick test for basic functionality
- Tests include IMAP, SMTP, attachments, SSL/TLS, error handling
- CLI tools: nextcloud-client, nextcloud-contacts, nextcloud-calendar, nextcloud-mail
- Build script with compile-time credentials
- Skills for all four tools
- Full documentation and examples
- Email tool supports IMAP/SMTP with attachment download
- SSL/TLS support with optional certificate validation
