@bobfrankston/mailx 1.0.355 → 1.0.361

package/client/app.js

@@ -1178,6 +1178,30 @@ window.addEventListener("message", (e) => {
         })();
         return;
     }
+    // Generic IPC relay: the iframe's api-client routes every IPC call through
+    // postMessage when it's running in a child frame. Same reason as the
+    // compose-send relay — sendMessage wasn't the only method the iframe's
+    // bridge dropped; saveDraft hit the same wall ("Draft save failed: mailxapi
+    // timeout"). This handler invokes the named method on THIS window's
+    // mailxapi and posts the result back to the iframe.
+    if (e.data?.type === "mailx-ipc" && e.data.id && e.data.method) {
+        const src = e.source;
+        const { id, method, args } = e.data;
+        const bridge = window.mailxapi;
+        const fn = bridge?.[method];
+        if (typeof fn !== "function") {
+            src?.postMessage({ type: "mailx-ipc-result", id, ok: false, error: `parent bridge has no method "${method}"` }, "*");
+            return;
+        }
+        try {
+            const result = fn.apply(bridge, args || []);
+            Promise.resolve(result).then((value) => src?.postMessage({ type: "mailx-ipc-result", id, ok: true, result: value }, "*"), (err) => src?.postMessage({ type: "mailx-ipc-result", id, ok: false, error: err?.message || String(err) }, "*"));
+        }
+        catch (err) {
+            src?.postMessage({ type: "mailx-ipc-result", id, ok: false, error: err?.message || String(err) }, "*");
+        }
+        return;
+    }
     if (e.data?.type === "openLink" && e.data.url) {
         window.open(e.data.url, "_blank", "noopener,noreferrer");
     }

package/client/compose/editor.js

@@ -220,10 +220,24 @@ function createQuillEditor(container) {
     document.querySelectorAll(".ql-toolbar button, .ql-toolbar select, .ql-toolbar .ql-picker-label").forEach(el => el.setAttribute("tabindex", "-1"));
     // Native spell-check: WebView2 / Chromium underlines misspellings and the
     // right-click menu offers "Add to dictionary". Quill clears spellcheck on
-    // its root by default, so we turn it back on explicitly.
-    q.root.setAttribute("spellcheck", "true");
-    q.root.setAttribute("autocorrect", "on");
-    q.root.setAttribute("autocapitalize", "on");
+    // its root by default AND may re-clear it asynchronously as part of its
+    // setup (user-reported "spell-check broken again" with the one-shot set).
+    // Set once now, again after the frame flushes so post-init clears can't
+    // win, and install a MutationObserver to re-assert if anything later
+    // strips the attribute. Cheap — fires at most on each clear.
+    const applySpellcheck = () => {
+        if (q.root.getAttribute("spellcheck") !== "true")
+            q.root.setAttribute("spellcheck", "true");
+        if (q.root.getAttribute("autocorrect") !== "on")
+            q.root.setAttribute("autocorrect", "on");
+        if (q.root.getAttribute("autocapitalize") !== "on")
+            q.root.setAttribute("autocapitalize", "on");
+    };
+    applySpellcheck();
+    requestAnimationFrame(applySpellcheck);
+    setTimeout(applySpellcheck, 100);
+    const spellObs = new MutationObserver(() => applySpellcheck());
+    spellObs.observe(q.root, { attributes: true, attributeFilter: ["spellcheck", "autocorrect", "autocapitalize"] });
     // Toolbar link button: open our modal instead of Quill's built-in URL prompt.
     const toolbar = q.getModule("toolbar");
     toolbar?.addHandler("link", function () {
@@ -288,17 +302,30 @@ function createQuillEditor(container) {
         }
         catch { /* fall through to native menu */ }
     });
+    // IMPORTANT: register on the capture phase AND use stopImmediatePropagation
+    // when we handle the paste ourselves. Quill 2.x's clipboard module attaches
+    // its own listener on the same root element; preventDefault only stops the
+    // browser's default contenteditable insertion, NOT Quill's parallel listener.
+    // Without stopImmediatePropagation the two handlers fire independently and
+    // both insert — user sees the URL twice. Capture phase guarantees we run
+    // before Quill so stopImmediatePropagation actually blocks it.
     q.root.addEventListener("paste", (e) => {
         const cb = e.clipboardData;
         if (!cb)
             return;
+        // Helper: call when we've handled the paste ourselves. Stops Quill's
+        // own listener from also processing the same event.
+        const consume = () => {
+            e.preventDefault();
+            e.stopImmediatePropagation();
+        };
         // Q3: image-on-clipboard → inline as data: URL.
         for (const item of Array.from(cb.items)) {
             if (item.kind === "file" && item.type.startsWith("image/")) {
                 const file = item.getAsFile();
                 if (!file)
                     continue;
-                e.preventDefault();
+                consume();
                 const reader = new FileReader();
                 reader.onload = () => {
                     const dataUrl = String(reader.result || "");
@@ -337,7 +364,7 @@ function createQuillEditor(container) {
                     const href = a.getAttribute("href") || "";
                     const text = (a.textContent || "").trim();
                     if (href && text) {
-                        e.preventDefault();
+                        consume();
                         const range = q.getSelection(true);
                         if (!range)
                             return;
@@ -350,12 +377,35 @@ function createQuillEditor(container) {
                         return;
                     }
                 }
+                // Single text-node wrapping the URL — common when copying from
+                // browser address bar (Chrome ships text/html as
+                // `<meta><span>URL</span>` alongside text/plain). Fall through
+                // to the plain-URL path below instead of letting Quill insert
+                // the bare URL text AND our handler insert it linked — which
+                // is exactly the double-paste the user reported.
+                const textOnly = (root.textContent || "").trim();
+                if (textOnly && looksLikeUrl(textOnly) && !root.querySelector("a")) {
+                    consume();
+                    const range = q.getSelection(true);
+                    if (!range)
+                        return;
+                    const url = normalizeUrl(textOnly);
+                    if (range.length > 0) {
+                        q.formatText(range.index, range.length, "link", url);
+                        q.setSelection(range.index + range.length, 0);
+                    }
+                    else {
+                        q.insertText(range.index, textOnly, { link: url });
+                        q.setSelection(range.index + textOnly.length, 0);
+                    }
+                    return;
+                }
             }
             catch { /* fall through to Quill default */ }
-            return; // Quill handles richer HTML clipboard
+            return; // Quill handles richer HTML clipboard (no consume → Quill runs)
         }
         if (plain && looksLikeUrl(plain)) {
-            e.preventDefault();
+            consume();
             const range = q.getSelection(true);
             if (!range)
                 return;
@@ -370,7 +420,7 @@ function createQuillEditor(container) {
                 q.setSelection(range.index + plain.trim().length, 0);
             }
         }
-    });
+    }, true); // capture=true — run before Quill's own paste listener
     // Hover preview: show the target URL in a floating tooltip when the
     // pointer is over a link. Built on top of native mouseover/mouseout
     // rather than Quill's ql-tooltip (which is keyboard-triggered).

package/client/lib/api-client.js

@@ -12,7 +12,76 @@ function getIpc() {
         return window.parent.mailxapi;
     return null;
 }
+/** Build a proxy bridge that forwards every method call to the parent window
+ *  via postMessage. Used when the compose iframe's own attempt to reach
+ *  msger's IPC silently drops messages — empirically, `sendMessage` and
+ *  `saveDraft` both hit this (user-visible: "Sending…" spinner forever;
+ *  "Draft save failed: mailxapi timeout"). The main window's bridge is
+ *  provably fine, so the iframe routes through it. */
+function buildRelayBridge() {
+    const pending = new Map();
+    window.addEventListener("message", (ev) => {
+        if (!ev.data || ev.data.type !== "mailx-ipc-result" || !ev.data.id)
+            return;
+        const entry = pending.get(ev.data.id);
+        if (!entry)
+            return;
+        pending.delete(ev.data.id);
+        clearTimeout(entry.timer);
+        if (ev.data.ok)
+            entry.resolve(ev.data.result);
+        else
+            entry.reject(new Error(ev.data.error || "parent-relay ipc error"));
+    });
+    const call = (method, args) => {
+        const id = `ipc-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+        return new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                pending.delete(id);
+                reject(new Error(`parent-relay timeout: ${method}`));
+            }, 120000);
+            pending.set(id, { resolve, reject, timer });
+            try {
+                window.parent.postMessage({ type: "mailx-ipc", id, method, args }, "*");
+            }
+            catch (e) {
+                clearTimeout(timer);
+                pending.delete(id);
+                reject(e);
+            }
+        });
+    };
+    // Proxy: any property access returns a function that forwards to parent.
+    // `isApp` / `platform` / other non-function reads return sensible defaults
+    // so existing getIpc-style checks still work.
+    return new Proxy({}, {
+        get(_t, prop) {
+            if (prop === "isApp")
+                return true;
+            if (prop === "platform")
+                return window.parent?.mailxapi?.platform || "webview2";
+            if (prop === "onEvent") {
+                // Event subscription can't be relayed simply — iframes that need
+                // events are rare. Fall back to direct parent bridge for onEvent
+                // since the subscription path doesn't hit the broken send path.
+                return (handler) => window.parent?.mailxapi?.onEvent?.(handler);
+            }
+            return (...args) => call(prop, args);
+        }
+    });
+}
+let cachedRelayBridge = null;
 function ipc() {
+    // Direct bridge is fine for the top window (main mailx app). The iframe
+    // (compose) can't trust its own bridge resolution because msger-routed
+    // sendMessage / saveDraft IPCs disappear without trace. So when we're in
+    // a child frame with a parent bridge, go through the parent.
+    const inIframe = window.parent && window.parent !== window;
+    if (inIframe && window.parent?.mailxapi?.isApp) {
+        if (!cachedRelayBridge)
+            cachedRelayBridge = buildRelayBridge();
+        return cachedRelayBridge;
+    }
     const bridge = getIpc();
     if (!bridge)
         throw new Error("IPC bridge not available");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/mailx",
-  "version": "1.0.355",
+  "version": "1.0.361",
   "description": "Local-first email client with IMAP sync and standalone native app",
   "type": "module",
   "main": "bin/mailx.js",

package/packages/mailx-imap/index.js

@@ -689,6 +689,14 @@ export class ImapManager extends EventEmitter {
                 }
                 if (msg.uid <= highestUid)
                     continue; // already have it
+                // Tombstone check: if the user locally deleted this Message-ID,
+                // don't re-import it. Server-side EXPUNGE may lag, or reconcile
+                // may find the message in an old list snapshot. Without this,
+                // deleted messages reappear on the next sync pass.
+                if (msg.messageId && this.db.hasTombstone(accountId, msg.messageId)) {
+                    console.log(`  [tombstone] ${accountId}: skipping ${msg.messageId} (locally deleted)`);
+                    continue;
+                }
                 const source = msg.source || "";
                 let bodyPath = "";
                 let preview = "";
@@ -1581,6 +1589,17 @@ export class ImapManager extends EventEmitter {
             this.syncIntervals.set("prefetch", prefetchInterval);
             console.log(`  [periodic] body prefetch every 60s (independent of sync)`);
         }
+        // Tombstone prune: age out local-delete records older than 30 days.
+        // Runs hourly — cheap (one indexed DELETE).
+        const TOMBSTONE_RETENTION_DAYS = 30;
+        const pruneTombstones = () => {
+            const cutoff = Date.now() - TOMBSTONE_RETENTION_DAYS * 86400_000;
+            const n = this.db.pruneTombstones(cutoff);
+            if (n > 0)
+                console.log(`  [tombstones] pruned ${n} older than ${TOMBSTONE_RETENTION_DAYS} days`);
+        };
+        setTimeout(pruneTombstones, 30_000); // first run after startup settles
+        this.syncIntervals.set("tombstone-prune", setInterval(pruneTombstones, 3600_000));
         // Full sync (all folders + IDLE restart) at configured interval
         const fullInterval = setInterval(async () => {
             console.log(`  [periodic] Full sync at ${new Date().toLocaleTimeString()}`);

package/packages/mailx-service/index.js

@@ -102,7 +102,7 @@ export class MailxService {
         for (const cfg of cfgs) {
             const a = dbAccounts.find(d => d.id === cfg.id);
             if (a)
-                ordered.push({ ...a, label: cfg.label, defaultSend: cfg.defaultSend || false, identityDomains: cfg.identityDomains || [], spam: cfg.spam || "" });
+                ordered.push({ ...a, label: cfg.label, defaultSend: cfg.defaultSend || false, identityDomains: cfg.identityDomains || [] });
         }
         // Append any DB accounts not in settings
         for (const a of dbAccounts) {
@@ -646,6 +646,11 @@ export class MailxService {
         const envelope = this.db.getMessageByUid(accountId, uid);
         if (!envelope)
             throw new Error("Message not found");
+        // Tombstone the Message-ID so a subsequent sync pass can't resurrect
+        // the row if the server's EXPUNGE hasn't propagated yet. `undelete`
+        // removes the tombstone.
+        if (envelope.messageId)
+            this.db.addTombstone(accountId, envelope.messageId, envelope.subject || "");
         await this.imapManager.trashMessage(accountId, envelope.folderId, envelope.uid);
     }
     async deleteMessages(accountId, uids) {
@@ -653,6 +658,9 @@ export class MailxService {
             const env = this.db.getMessageByUid(accountId, uid);
             if (!env)
                 return null;
+            // Tombstone each — same reason as single-delete above.
+            if (env.messageId)
+                this.db.addTombstone(accountId, env.messageId, env.subject || "");
             return { uid: env.uid, folderId: env.folderId };
         }).filter(m => m !== null);
         await this.imapManager.trashMessages(accountId, messages);
@@ -711,6 +719,12 @@ export class MailxService {
         return { targetFolderId: target.id, moved: uids.length };
     }
     async undeleteMessage(accountId, uid, folderId) {
+        // Clear the tombstone first so a subsequent sync can re-import if
+        // the server still has the row. Messages with no Message-ID just
+        // didn't get a tombstone — this is a no-op for them.
+        const envelope = this.db.getMessageByUid(accountId, uid, folderId);
+        if (envelope?.messageId)
+            this.db.removeTombstone(accountId, envelope.messageId);
         await this.imapManager.undeleteMessage(accountId, uid, folderId);
     }
     async deleteOnServer(accountId, folderPath, uid) {

package/packages/mailx-settings/index.js

@@ -307,43 +307,36 @@ const PROVIDERS = {
         label: "Gmail",
         imap: { host: "imap.gmail.com", port: 993, tls: true, auth: "oauth2" },
         smtp: { host: "smtp.gmail.com", port: 587, tls: true, auth: "oauth2" },
-        spam: "SPAM", // Gmail labels, mailx tree shows as "SPAM"
     },
     "googlemail.com": {
         label: "Gmail",
         imap: { host: "imap.gmail.com", port: 993, tls: true, auth: "oauth2" },
         smtp: { host: "smtp.gmail.com", port: 587, tls: true, auth: "oauth2" },
-        spam: "SPAM",
     },
     "outlook.com": {
         label: "Outlook",
         imap: { host: "outlook.office365.com", port: 993, tls: true, auth: "oauth2" },
         smtp: { host: "smtp.office365.com", port: 587, tls: true, auth: "oauth2" },
-        spam: "Junk Email",
     },
     "hotmail.com": {
         label: "Hotmail",
         imap: { host: "outlook.office365.com", port: 993, tls: true, auth: "oauth2" },
         smtp: { host: "smtp.office365.com", port: 587, tls: true, auth: "oauth2" },
-        spam: "Junk Email",
     },
     "yahoo.com": {
         label: "Yahoo",
         imap: { host: "imap.mail.yahoo.com", port: 993, tls: true, auth: "password" },
         smtp: { host: "smtp.mail.yahoo.com", port: 587, tls: true, auth: "password" },
-        spam: "Bulk Mail",
     },
     "aol.com": {
         label: "AOL",
         imap: { host: "imap.aol.com", port: 993, tls: true, auth: "password" },
         smtp: { host: "smtp.aol.com", port: 587, tls: true, auth: "password" },
-        spam: "Bulk Mail",
     },
     "icloud.com": {
         label: "iCloud",
         imap: { host: "imap.mail.me.com", port: 993, tls: true, auth: "password" },
         smtp: { host: "smtp.mail.me.com", port: 587, tls: true, auth: "password" },
-        spam: "Junk",
     },
 };
 /** Fill in provider defaults for an account based on email domain */
@@ -388,13 +381,10 @@ function normalizeAccount(acct, globalName) {
         relayDomains: acct.relayDomains,
         deliveredToPrefix: acct.deliveredToPrefix,
         identityDomains: acct.identityDomains,
-        // Spam folder: explicit account config wins; otherwise fall back to
-        // the provider default (e.g. Gmail ships with built-in SPAM; Outlook
-        // with "Junk Email"). Before 2026-04-21 this field was dropped by
-        // normalizeAccount entirely — silent regression even for accounts
-        // that had it configured. `acct.spam` first so a user-set value on
-        // a recognized provider still overrides the default.
-        spam: acct.spam !== undefined ? acct.spam : provider?.spam,
+        // `spam` passthrough retired 2026-04-22 — markAsSpamMessages now finds
+        // the junk folder via `specialUse === "junk"` on the DB folder record
+        // (populated by mailx-imap from iflow's getSpecialFolders()). Authoritative
+        // per-server info beats per-domain guesses.
         // `signature` is on AccountConfig in mailx-types but the workspace
         // build order sometimes leaves a stale .d.ts for type-check; using
         // `as any` is the minimum-blast-radius way to add the field without

package/packages/mailx-store/db.d.ts

@@ -12,6 +12,20 @@ export declare class MailxDB {
     hasSentMessage(messageId: string): boolean;
     /** Record a successfully sent message so future attempts are skipped. */
     recordSent(messageId: string, accountId: string, subject: string, recipients: string[]): void;
+    /** Mark a Message-ID as locally-deleted for an account. No-op if messageId
+     *  is empty (e.g. provider stripped the header) — without a stable id we
+     *  can't check against future sync results anyway. */
+    addTombstone(accountId: string, messageId: string, subject?: string): void;
+    /** Is this Message-ID tombstoned for this account? */
+    hasTombstone(accountId: string, messageId: string): boolean;
+    /** Remove a tombstone — used by "undelete" (Ctrl-Z) so a subsequent sync
+     *  re-imports the message as normal. Also lets the user recover from a
+     *  mistaken local delete. */
+    removeTombstone(accountId: string, messageId: string): void;
+    /** Age-out tombstones older than the given cutoff. Keeps the table from
+     *  growing unboundedly. Default retention is 30 days; caller passes the
+     *  actual cutoff in ms since epoch. */
+    pruneTombstones(olderThanMs: number): number;
     /** Idempotently add a column to a table if it's missing. */
     private addColumnIfMissing;
     /** Compute a thread id for an incoming message. Strategy:

package/packages/mailx-store/db.js

@@ -126,6 +126,21 @@ const SCHEMA = `
         last_error TEXT,
         UNIQUE(account_id, action, uid, folder_id)
     );
+
+    -- Tombstones: messages the user deleted locally. Sync checks this table
+    -- before inserting a new row so a server-side delete that hasn't yet
+    -- propagated (or a stale server listing during the EXPUNGE race) can't
+    -- resurrect a message the user already removed. Keyed by Message-ID
+    -- because that's the only identifier stable across UID renumbers,
+    -- UIDVALIDITY bumps, and cross-folder moves.
+    CREATE TABLE IF NOT EXISTS tombstones (
+        account_id TEXT NOT NULL,
+        message_id TEXT NOT NULL,
+        deleted_at INTEGER NOT NULL,
+        subject TEXT DEFAULT '',
+        PRIMARY KEY (account_id, message_id)
+    );
+    CREATE INDEX IF NOT EXISTS idx_tombstones_deleted_at ON tombstones(deleted_at);
 `;
 export class MailxDB {
     db;
@@ -172,6 +187,53 @@ export class MailxDB {
             console.error(`  [sent_log] failed to record ${messageId}: ${e.message}`);
         }
     }
+    // ── Tombstones (local-delete record so server echo can't resurrect) ──
+    /** Mark a Message-ID as locally-deleted for an account. No-op if messageId
+     *  is empty (e.g. provider stripped the header) — without a stable id we
+     *  can't check against future sync results anyway. */
+    addTombstone(accountId, messageId, subject = "") {
+        if (!messageId)
+            return;
+        try {
+            this.db.prepare("INSERT INTO tombstones (account_id, message_id, deleted_at, subject) VALUES (?, ?, ?, ?) ON CONFLICT(account_id, message_id) DO UPDATE SET deleted_at = excluded.deleted_at").run(accountId, messageId, Date.now(), subject || "");
+        }
+        catch (e) {
+            console.error(`  [tombstones] failed to record ${messageId}: ${e.message}`);
+        }
+    }
+    /** Is this Message-ID tombstoned for this account? */
+    hasTombstone(accountId, messageId) {
+        if (!messageId)
+            return false;
+        const row = this.db.prepare("SELECT 1 FROM tombstones WHERE account_id = ? AND message_id = ? LIMIT 1").get(accountId, messageId);
+        return !!row;
+    }
+    /** Remove a tombstone — used by "undelete" (Ctrl-Z) so a subsequent sync
+     *  re-imports the message as normal. Also lets the user recover from a
+     *  mistaken local delete. */
+    removeTombstone(accountId, messageId) {
+        if (!messageId)
+            return;
+        try {
+            this.db.prepare("DELETE FROM tombstones WHERE account_id = ? AND message_id = ?").run(accountId, messageId);
+        }
+        catch (e) {
+            console.error(`  [tombstones] failed to remove ${messageId}: ${e.message}`);
+        }
+    }
+    /** Age-out tombstones older than the given cutoff. Keeps the table from
+     *  growing unboundedly. Default retention is 30 days; caller passes the
+     *  actual cutoff in ms since epoch. */
+    pruneTombstones(olderThanMs) {
+        try {
+            const res = this.db.prepare("DELETE FROM tombstones WHERE deleted_at < ?").run(olderThanMs);
+            return Number(res.changes || 0);
+        }
+        catch (e) {
+            console.error(`  [tombstones] prune failed: ${e.message}`);
+            return 0;
+        }
+    }
     /** Idempotently add a column to a table if it's missing. */
     addColumnIfMissing(table, column, sqlType) {
         try {