security: disable email integrations by default

[benvinegar]

Summary

• disable email integration prompts by default in baudbot config
• gate email setup/usage behind experimental mode (--experimental / BAUDBOT_EXPERIMENTAL=1)
• prevent non-experimental deploys from shipping agentmail and email-monitor extensions
• skip installing email extension dependencies during setup unless experimental mode is enabled
• update docs, control-agent skill guidance, and CI installer inputs to reflect the new default

Why

Email tooling is currently too risky to keep enabled in the default installation path. This change makes email opt-in and explicit while preserving it for controlled experimental usage.

Validation

• bash -n bin/config.sh bin/deploy.sh setup.sh install.sh bin/baudbot bin/ci/setup-ubuntu.sh bin/ci/setup-arch.sh
• bash bin/config.test.sh (15 passed)
• npm run test:js could not run in this environment (vitest: command not found)

[greptile-apps]

Greptile Summary

Disables email integration by default and gates it behind an experimental feature flag (BAUDBOT_EXPERIMENTAL=1). The change prevents email setup prompts during baudbot config unless experimental mode is enabled, removes agentmail and email-monitor extensions during deployment when experimental mode is disabled, and skips installing email extension dependencies during setup. All documentation, skill guidance, CI tests, and example configs have been updated to reflect email as experimental-only.

• Added BAUDBOT_EXPERIMENTAL flag parsing to install.sh, setup.sh, bin/config.sh, and bin/deploy.sh with consistent normalization (1/true/yes → 1, else → 0)
• bin/deploy.sh actively removes experimental extensions from agent runtime when BAUDBOT_EXPERIMENTAL != 1
• setup.sh persists the experimental flag to admin config (~/.baudbot/.env) when --experimental is passed
• bin/config.sh skips email prompts entirely unless experimental mode is enabled, showing an informational message instead
• Updated CI test inputs to remove the email prompt (3 prompts → 2 prompts)
• Updated all agent skill files to conditionally check experimental flag before starting email monitoring
• Documentation comprehensively updated across README, CONFIGURATION.md, and all relevant skill/docs files

Confidence Score: 5/5

• Safe to merge - comprehensive security hardening with thorough testing and documentation
• Implementation is clean, well-tested (15 config tests passed), and follows the project's security-first conventions. The change systematically gates a risky feature behind an opt-in flag across all entry points (install, setup, config, deploy), with proper cleanup of experimental extensions during deployment. Documentation updates are comprehensive and consistent.
• No files require special attention

Important Files Changed

Filename	Overview
.env.schema	Added BAUDBOT_EXPERIMENTAL flag and marked all email vars as experimental-only with inline comments
bin/config.sh	Gates email setup prompts behind experimental mode check, parses experimental flag from env/config, clears email keys when not experimental
bin/deploy.sh	Reads experimental flag from admin config, removes agentmail/email-monitor extensions when experimental mode is disabled, skips deploying experimental extensions
setup.sh	Adds --experimental flag parsing, persists flag to admin config, skips installing email extension deps when not experimental
install.sh	Adds --experimental flag parsing and propagates it to setup.sh, config.sh, and update-release.sh
pi/skills/control-agent/SKILL.md	Updated behavior section to gate email monitoring behind experimental flag check, updated startup checklist to skip email unless experimental

_{Last reviewed commit: 4f5251f}