@bobfrankston/mailx 1.0.306 → 1.0.313

package/README.md

@@ -123,11 +123,16 @@ Gmail OAuth requires a one-time Google Cloud setup:
 
 ## Usage
 
+### Layout
+
+A vertical **icon rail** sits on the far left (Thunderbird / Dovecot style) with one-click access to Compose, Inbox, All Inboxes, and Settings; Calendar / Tasks / Contacts slots are placeholders until those features land. The rail is always visible on wide and medium screens; it folds into the hamburger menu on narrow ones.
+
 ### Reading Mail
 
 - Click a **folder** to see its messages
 - Click a **message** to read it in the preview pane
 - **All Inboxes** combines inboxes from all accounts (appears with 2+ accounts)
+- A small filled teal dot before the date means the message body is downloaded locally (offline-ready); a hollow circle means not yet prefetched. Prefetch runs as a background task every ~60 s independent of folder sync.
 - Unread counts show on folders; sub-folder counts bubble up to collapsed parents
 - Use the **folder search** box to find folders by name
 
@@ -150,15 +155,18 @@ Gmail OAuth requires a one-time Google Cloud setup:
 
 ### Managing Messages
 
-- **Delete** or **Ctrl+D** -- Delete selected messages (moves to Trash)
+- **Delete** or **Ctrl+D** -- Delete selected messages (moves to Trash; second delete in Trash is a hard delete + EXPUNGE)
 - **Ctrl+Z** -- Undo the last **delete or move** (whichever came last, 60s window)
 - **Ctrl+A** -- Select all messages in the list
 - **Drag and drop** -- Move messages to a folder by dragging them
+- **Right-click a message → Move to folder…** -- Searchable folder picker; useful on narrow layouts where the folder tree is hidden
 - Click the **star** column to flag/unflag a message
-- **Unsubscribe** button appears when the message has a List-Unsubscribe header (one-click)
+- **Unsubscribe** button appears when the message has a List-Unsubscribe header. One-click (RFC 8058) when the sender advertises `List-Unsubscribe-Post: List-Unsubscribe=One-Click`; otherwise opens the URL or a pre-filled compose for `mailto:` lists.
 - **Right-click on a From/To/Cc address** -- Copy name, Copy address, Copy both, Add to contacts, or Reply/Reply All/Forward
+- **Right-click in the message body → Translate** (opt-in) -- Uses the configured AI provider; select text first to translate just the selection. Off by default; enable under **Settings → AI translate**.
 - **Preview pane zoom** -- Ctrl+wheel, Ctrl+= / Ctrl+- / Ctrl+0, or right-click menu (Zoom in/out/reset, Copy, Select all). Persisted across messages.
 - **Cross-folder search results** show the folder name for each hit
+- **Empty Trash / Empty Junk** -- Right-click the folder in the tree → Empty (confirmation prompt)
 
 ### Searching
 
@@ -191,6 +199,10 @@ Under **View** in the toolbar:
 Under **Settings** in the toolbar:
 - **Editor** -- Choose between Quill (default) and tiptap for compose
 - **AI autocomplete** -- Enable LLM-powered writing suggestions (Ollama, Claude, or OpenAI)
+- **AI translate** -- Enable the right-click Translate item in the message viewer (off by default; uses the same provider as autocomplete)
+- **AI proofread** -- Enable the proofread path (off by default; provider method available, UI wiring in progress)
+
+All AI features are opt-in. Provider + API key live in the autocomplete settings; toggling a feature only controls whether that specific capability calls out to the provider.
 
 ### Keyboard Shortcuts
 
@@ -402,6 +414,7 @@ Use `mailx --verbose` to see logs in the terminal instead.
 ## Architecture
 
 - **IPC-first** -- Default mode uses msger (Rust/WebView2) with bidirectional IPC. No TCP server, no CLOSE_WAIT zombies.
+- **Host abstraction** -- mailx talks to the WebView host through `@bobfrankston/mailx-host`, which picks msger (default) or msgview (Electron, planned for Mac and niche Linux) at runtime. Override with `MAILX_HOST=msger|msgview`.
 - **HTTP fallback** -- `--server` flag starts Express for browser/remote access.
 - **Local-first** -- Changes update local DB immediately; background worker syncs to IMAP.
 - **Offline reading** -- Full message bodies cached as .eml files.

package/bin/mailx.js

@@ -21,8 +21,9 @@ import path from "node:path";
 import os from "node:os";
 import net from "node:net";
 import { ports } from "@bobfrankston/miscinfo";
-import { showMessageBox, showService, setAppName } from "@bobfrankston/msger";
+import { showMessageBox, showService, setAppName, setAppIcon } from "@bobfrankston/mailx-host";
 setAppName("mailx");
+setAppIcon(path.resolve(import.meta.dirname, "..", "client", "icon.png"));
 const PORT = ports.mailx;
 const args = process.argv.slice(2);
 // Normalize: accept both -flag and --flag
@@ -146,6 +147,46 @@ for (const arg of args) {
 }
 function log(...msg) { if (verbose)
     console.log("[mailx]", ...msg); }
+/** Detect whether we're running with administrator / root privileges.
+ *  Windows: `net session` requires admin — succeeds silently when elevated,
+ *  errors "Access is denied" otherwise. Linux/Mac: check process uid.
+ *  Returns true only when positively detected as elevated; on ambiguity
+ *  (e.g. child_process spawn failed for non-privilege reasons), returns
+ *  false so we don't block users on false positives. */
+function isElevated() {
+    try {
+        if (process.platform === "win32") {
+            const { execSync } = require("node:child_process");
+            execSync("net session >nul 2>&1", { stdio: "ignore", windowsHide: true });
+            return true;
+        }
+        if (typeof process.getuid === "function") {
+            return process.getuid() === 0;
+        }
+    }
+    catch { /* non-admin → net session fails */ }
+    return false;
+}
+/** Put up a blocking warning dialog via showMessageBox. Returns the label
+ *  the user clicked. The default (Quit) is first so Enter dismisses to
+ *  safety. Caller decides what to do with "Continue anyway". */
+async function warnElevated() {
+    const res = await showMessageBox({
+        title: "mailx — elevated run not recommended",
+        message: "mailx is running with Administrator privileges.\n\n" +
+            "This can corrupt the per-user WebView2 profile at\n" +
+            "%LOCALAPPDATA%\\msger\\webview2\\ and create admin-owned files\n" +
+            "under ~/.mailx/ that later non-admin runs can't write to\n" +
+            "(SQLite db, tokens, config).\n\n" +
+            "Quit, relaunch from a normal shell, and only use admin if\n" +
+            "you specifically know you need it. To bypass this warning\n" +
+            "(for scripted admin use), pass --allow-elevated.",
+        buttons: ["Quit", "Continue anyway"],
+        size: { width: 540, height: 340 },
+        escapeCloses: true,
+    });
+    return res.button;
+}
 // Kill any running mailx server
 if (hasFlag("kill")) {
     log("Killing mailx processes...");
@@ -731,6 +772,20 @@ async function main() {
     log(`Platform: ${process.platform} ${process.arch}`);
     log(`Node: ${process.version}`);
     log(`Mode: ${setupMode ? "setup" : "auto"}`);
+    // Refuse to run elevated unless explicitly opted in. An elevated mailx
+    // can poison %LOCALAPPDATA%\msger\webview2\ (see msger/notes.md WebView2
+    // profile playbook) and create admin-owned files under ~/.mailx/ that
+    // later non-admin runs can't write to. `net session` requires admin on
+    // Windows; succeeds → admin, fails → non-admin. Linux/Mac use process
+    // uid (0 = root). --allow-elevated bypasses for scripted admin use.
+    if (!hasFlag("allow-elevated") && !isDaemon && isElevated()) {
+        const button = await warnElevated();
+        if (button !== "Continue anyway") {
+            log("User chose Quit on elevated-run warning. Exiting.");
+            process.exit(0);
+        }
+        log("User chose Continue anyway on elevated-run warning. Proceeding (will likely poison local state).");
+    }
     // Test connectivity
     if (testMode) {
         await runTest();