@bobfrankston/mailx 1.0.386 → 1.0.389

package/bin/mailx.js

@@ -15,6 +15,8 @@
  *   mailx -test              Test IMAP/SMTP connectivity
  *   mailx -rebuild           Wipe local cache, re-sync from IMAP
  *   mailx -repair            Re-sync metadata (fix corrupt subjects) keeping .eml files
+ *   mailx -reauth            Clear cached OAuth tokens; next start re-consents
+ *                             (use when new Google scopes have been added)
  */
 import fs from "node:fs";
 import path from "node:path";
@@ -87,7 +89,7 @@ function pidAlive(pid) {
 // on an old UI with no indication that the install has been upgraded.
 // Skip this logic for command-only flags (kill, rebuild, setup, ...) and for
 // the internal --daemon respawn.
-const __commandFlags = ["kill", "v", "version", "setup", "add", "test", "rebuild", "repair", "import", "log"];
+const __commandFlags = ["kill", "v", "version", "setup", "add", "test", "rebuild", "repair", "import", "log", "reauth"];
 const __isCommandInvocation = process.argv.slice(2).some(a => __commandFlags.includes(a.replace(/^--?/, "")));
 if (!isDaemon && !__isCommandInvocation) {
     const inst = readInstanceFile();
@@ -278,6 +280,39 @@ if (hasFlag("kill")) {
         console.log("No mailx processes found");
     process.exit(0);
 }
+// Re-auth: clear cached OAuth tokens so the next start forces a fresh
+// consent flow. Needed when scopes change (e.g. Google Tasks was added
+// 2026-04-23 but existing tokens were issued against the older scope
+// set, so tasks API calls 403ed with "insufficient authentication
+// scopes"). Safe — tokens are only a cache; fresh consent re-issues.
+if (hasFlag("reauth")) {
+    const { getConfigDir } = await import("@bobfrankston/mailx-settings");
+    const tokensDir = path.join(getConfigDir(), "tokens");
+    if (!fs.existsSync(tokensDir)) {
+        console.log("No tokens directory — nothing to clear.");
+        process.exit(0);
+    }
+    let cleared = 0;
+    for (const entry of fs.readdirSync(tokensDir)) {
+        const userDir = path.join(tokensDir, entry);
+        try {
+            const stat = fs.statSync(userDir);
+            if (!stat.isDirectory())
+                continue;
+            const tokenFile = path.join(userDir, "oauth-token.json");
+            if (fs.existsSync(tokenFile)) {
+                fs.unlinkSync(tokenFile);
+                console.log(`  Cleared token for ${entry}`);
+                cleared++;
+            }
+        }
+        catch { /* skip */ }
+    }
+    console.log(cleared === 0
+        ? "No cached tokens found."
+        : `Cleared ${cleared} cached token(s). Next 'mailx' start will open a browser OAuth consent so the new scopes (tasks, full contacts) get granted.`);
+    process.exit(0);
+}
 // Rebuild: wipe DB + message store, keep accounts/settings
 if (rebuildMode) {
     const { getConfigDir, getStorePath } = await import("@bobfrankston/mailx-settings");
@@ -1222,6 +1257,9 @@ RFC 5322 with CRLF line endings. Bodies are quoted-printable encoded (readable i
     imapManager.on("tasksUpdated", (payload) => {
         handle.send({ _event: "tasksUpdated", type: "tasksUpdated", ...payload });
     });
+    imapManager.on("authScopeError", (payload) => {
+        handle.send({ _event: "authScopeError", type: "authScopeError", ...payload });
+    });
     imapManager.on("bodyCached", (accountId, uid) => {
         pendingCached.push({ accountId, uid });
         if (!cachedTimer) {
@@ -1303,6 +1341,18 @@ RFC 5322 with CRLF line endings. Bodies are quoted-printable encoded (readable i
     // initial sync finishes so IMAP accounts get instant-push new-mail (the
     // 5-min STATUS poll is only a safety net).
     if (settings.accounts.some(a => a.enabled)) {
+        // Fast-path: fire a quick INBOX check on every account IMMEDIATELY,
+        // parallel to the full syncAll. quickInboxCheckAccount uses a fresh
+        // client + a cached folder list from the DB, so it skips the
+        // folder-list fetch that syncAll's step 1 does. On a cold Dovecot
+        // session that folder LIST can take several seconds on big trees
+        // (bobma = ~105 folders) — no reason the user should wait for it
+        // before seeing mail that arrived overnight in INBOX.
+        for (const acct of settings.accounts) {
+            if (!acct.enabled)
+                continue;
+            imapManager.quickInboxCheckAccount(acct.id).catch(e => console.error(`  [startup-check] ${acct.id}: ${e?.message || e}`));
+        }
         imapManager.syncAll()
             .then(() => imapManager.startWatching())
             .then(() => {

package/client/components/calendar-sidebar.js

@@ -16,6 +16,7 @@
 import { getCalendarEvents, createCalendarEvent, getTasks, createTask, updateTask, deleteTask, } from "../lib/api-client.js";
 const SIDEBAR_PREF = "mailx-calendar-sidebar-on";
 const SHOW_RECURRING_PREF = "mailx-cal-show-recurring";
+const SHOW_DONE_PREF = "mailx-task-show-done";
 const HORIZON_DAYS_PREF = "mailx-cal-horizon-days";
 const HORIZON_DEFAULT_DAYS = 30;
 let viewYear = new Date().getFullYear();
@@ -131,7 +132,8 @@ function renderEvents(events) {
     });
 }
 async function renderTasks() {
-    const showDone = document.getElementById("cal-side-show-done")?.checked || false;
+    const cb = document.getElementById("cal-side-show-done");
+    const showDone = cb?.checked ?? false;
     const tasks = await getTasks(showDone);
     const host = document.getElementById("cal-side-tasks");
     if (!host)
@@ -248,7 +250,18 @@ export function initCalendarSidebar() {
     const showDoneCb = document.getElementById("cal-side-show-done");
     if (showDoneCb && !showDoneCb.__wired) {
         showDoneCb.__wired = true;
-        showDoneCb.addEventListener("change", () => renderTasks());
+        // Sticky: restore prior state and persist on change. Default off.
+        try {
+            showDoneCb.checked = localStorage.getItem(SHOW_DONE_PREF) === "true";
+        }
+        catch { /* */ }
+        showDoneCb.addEventListener("change", () => {
+            try {
+                localStorage.setItem(SHOW_DONE_PREF, String(showDoneCb.checked));
+            }
+            catch { /* */ }
+            renderTasks();
+        });
     }
     // Recurring-events filter toggle — hides expanded recurring-series
     // instances when unchecked. Default on so new users see everything.
@@ -295,6 +308,17 @@ export function initCalendarSidebar() {
                     refresh();
                 else if (event?.type === "tasksUpdated")
                     renderTasks();
+                else if (event?.type === "authScopeError") {
+                    // Surface a visible hint right in the affected pane so the
+                    // user doesn't stare at an empty list wondering why. Only
+                    // writes to the matching pane; other panes keep rendering.
+                    const host = event.feature === "tasks"
+                        ? document.getElementById("cal-side-tasks")
+                        : document.getElementById("cal-side-body");
+                    if (host) {
+                        host.innerHTML = `<div class="cal-side-empty cal-side-auth-error">${escapeHtml(event.message || "Google access needs re-consent.")}</div>`;
+                    }
+                }
             });
         }
     }

package/client/styles/components.css

@@ -1024,6 +1024,17 @@ body.calendar-sidebar-on .calendar-sidebar { display: flex; }
 }
 .cal-side-opt input[type=number] { margin-left: 4px; }
 .cal-side-event { cursor: pointer; }
+.cal-side-auth-error {
+    color: oklch(0.55 0.18 25);
+    font-weight: 600;
+    padding: var(--gap-sm);
+    background: oklch(0.96 0.04 25);
+    border: 1px solid oklch(0.80 0.12 25);
+    border-radius: var(--radius-sm);
+    font-style: normal !important;
+    line-height: 1.4;
+    text-align: left !important;
+}
 .cal-side-empty {
     padding: var(--gap-md) var(--gap-sm);
     color: var(--color-text-muted);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/mailx",
-  "version": "1.0.386",
+  "version": "1.0.389",
   "description": "Local-first email client with IMAP sync and standalone native app",
   "type": "module",
   "main": "bin/mailx.js",

package/packages/mailx-imap/index.js

@@ -1020,23 +1020,41 @@ export class ImapManager extends EventEmitter {
         }
         if (newCount > 0)
             console.log(`    stored ${newCount} new messages`);
-        // Remove messages deleted on the server (skip on first sync — nothing to reconcile)
+        // Remove messages deleted on the server (skip on first sync — nothing to reconcile).
+        //
+        // SAFETY (same three guards the Gmail API path uses, see ~line 1388):
+        //   1. Skip if server returned an empty list but we have local messages
+        //      (transient Dovecot error / connection hiccup returning empty UID SEARCH
+        //      must not wipe the folder).
+        //   2. Refuse to delete more than 50% in one pass — indicates a sync bug,
+        //      never a real user action. User can fix with `mailx -rebuild` if real.
+        //   3. Log every deletion with Message-ID + subject so future reports have
+        //      data (the "ubiquiti letter disappeared after reply" case had no trace).
         let deletedCount = 0;
         if (!firstSync) {
             try {
-                // Reuse the passed-in client instead of opening a new connection
-                const serverUids = new Set(await client.getUids(folder.path));
+                const serverUidsArr = await client.getUids(folder.path);
+                const serverUids = new Set(serverUidsArr);
                 const localUids = this.db.getUidsForFolder(accountId, folderId);
-                for (const uid of localUids) {
-                    if (!serverUids.has(uid)) {
-                        // Read body_path BEFORE deleting the row, then unlink.
+                const toDelete = localUids.filter(uid => !serverUids.has(uid));
+                if (serverUidsArr.length === 0 && localUids.length > 0) {
+                    console.log(`  [sync] ${accountId}/${folder.path}: reconcile skipped — server UID list empty but local has ${localUids.length} (treating as transient)`);
+                }
+                else if (localUids.length > 0 && toDelete.length / localUids.length > 0.5) {
+                    console.log(`  [sync] ${accountId}/${folder.path}: reconcile REFUSED — would delete ${toDelete.length}/${localUids.length} (${Math.round(toDelete.length / localUids.length * 100)}%) — probably a sync bug, skipping`);
+                }
+                else {
+                    for (const uid of toDelete) {
+                        const env = this.db.getMessageByUid(accountId, uid);
+                        const tag = env ? `msgid=${env.messageId || "?"} subj="${(env.subject || "").slice(0, 60)}"` : "unknown";
+                        console.log(`  [reconcile-delete] ${accountId}/${folder.path} uid=${uid} ${tag}`);
                         this.unlinkBodyFile(accountId, uid, folderId).catch(() => { });
                         this.db.deleteMessage(accountId, uid);
                         deletedCount++;
                     }
+                    if (deletedCount > 0)
+                        console.log(`    removed ${deletedCount} deleted messages`);
                 }
-                if (deletedCount > 0)
-                    console.log(`    removed ${deletedCount} deleted messages`);
             }
             catch (e) {
                 console.error(`    deletion sync error: ${e.message}`);
@@ -1394,6 +1412,9 @@ export class ImapManager extends EventEmitter {
                 }
                 else {
                     for (const uid of toDelete) {
+                        const env = this.db.getMessageByUid(accountId, uid);
+                        const tag = env ? `msgid=${env.messageId || "?"} subj="${(env.subject || "").slice(0, 60)}"` : "unknown";
+                        console.log(`  [reconcile-delete] ${accountId}/${folder.path} uid=${uid} ${tag}`);
                         this.unlinkBodyFile(accountId, uid, folder.id).catch(() => { });
                         this.db.deleteMessage(accountId, uid);
                     }
@@ -3323,7 +3344,11 @@ export class ImapManager extends EventEmitter {
             // After each full tick, refresh the UI indicator.
             this.emitOutboxStatus();
         };
-        setTimeout(() => processAll(), 3000);
+        // First tick at 500ms so any stale .sending-HOST-DEAD_PID claim file
+        // left behind by a prior crash gets recovered (renamed back to .ltr)
+        // within half a second of startup — otherwise the status-queue pill
+        // shows a red "1 queued" to the user until the first 10s tick passes.
+        setTimeout(() => processAll(), 500);
         this.outboxInterval = setInterval(processAll, 10000);
     }
     /** Stop Outbox worker */

package/packages/mailx-service/index.js

@@ -472,7 +472,16 @@ export class MailxService {
             if (changed)
                 this.imapManager.emit("calendarUpdated", { accountId: acct.id });
         })
-            .catch(e => console.error(`[calendar] refresh failed: ${e.message}`));
+            .catch(e => {
+            const msg = String(e?.message || e);
+            console.error(`[calendar] refresh failed: ${msg}`);
+            if (/insufficient (authentication )?scope|PERMISSION_DENIED|403/i.test(msg)) {
+                this.imapManager.emit("authScopeError", {
+                    feature: "calendar",
+                    message: "Google Calendar access needs re-consent. Run `mailx -reauth` then restart.",
+                });
+            }
+        });
         return this.db.getCalendarEvents(acct.id, fromMs, toMs);
     }
     /** Pull events in [fromMs..toMs) from Google, upsert locally, reconcile
@@ -481,6 +490,7 @@ export class MailxService {
     async refreshCalendarEvents(accountId, fromMs, toMs) {
         const tp = await this.primaryTokenProvider("calendar");
         const events = await gsync.listCalendarEvents(tp, fromMs, toMs);
+        console.log(`  [calendar] pulled ${events.length} events from ${new Date(fromMs).toISOString().slice(0, 10)} to ${new Date(toMs).toISOString().slice(0, 10)}`);
         let changed = false;
         // Upsert by provider_id — dedup globally, not just within the window,
         // so an event whose start moves outside the prior query range doesn't
@@ -563,12 +573,24 @@ export class MailxService {
             if (changed)
                 this.imapManager.emit("tasksUpdated", { accountId: acct.id });
         })
-            .catch(e => console.error(`[tasks] refresh failed: ${e.message}`));
+            .catch(e => {
+            const msg = String(e?.message || e);
+            console.error(`[tasks] refresh failed: ${msg}`);
+            if (/insufficient (authentication )?scope|PERMISSION_DENIED|403/i.test(msg)) {
+                console.error(`[tasks] Your cached OAuth token doesn't include the 'tasks' scope.`);
+                console.error(`[tasks] Run 'mailx -reauth' then 'mailx' to re-consent and pick up the new scope.`);
+                this.imapManager.emit("authScopeError", {
+                    feature: "tasks",
+                    message: "Google Tasks access needs re-consent. Run `mailx -reauth` then restart.",
+                });
+            }
+        });
         return this.db.getTasks(acct.id, includeCompleted);
     }
     async refreshTasks(accountId, includeCompleted) {
         const tp = await this.primaryTokenProvider("tasks");
         const tasks = await gsync.listTasks(tp, "@default", includeCompleted);
+        console.log(`  [tasks] pulled ${tasks.length} tasks`);
         const existing = this.db.getTasks(accountId, true);
         let changed = false;
         const seen = new Set();
@@ -730,11 +752,40 @@ export class MailxService {
             for (const f of fs.readdirSync(dir)) {
                 if (!f.endsWith(".ltr") && !f.endsWith(".eml") && !/\.sending-/.test(f))
                     continue;
+                const fp = path.join(dir, f);
                 try {
-                    const raw = fs.readFileSync(path.join(dir, f), "utf-8");
+                    const raw = fs.readFileSync(fp, "utf-8");
                     out.push(parseEnv(raw, f, dir, accountId));
                 }
-                catch { /* unreadable — skip */ }
+                catch (err) {
+                    // Unreadable file — still show it so the user can cancel.
+                    // Previously silently skipped, which produced the user-reported
+                    // "outbox badge shows 1 but the modal is empty" symptom:
+                    // getOutboxStatus counted the file, listQueuedOutgoing dropped it.
+                    const st = (() => { try {
+                        return fs.statSync(fp);
+                    }
+                    catch {
+                        return null;
+                    } })();
+                    out.push({
+                        accountId,
+                        file: f,
+                        path: fp,
+                        dir,
+                        from: "",
+                        to: "",
+                        cc: "",
+                        bcc: "",
+                        subject: `[unreadable: ${err?.code || err?.message || "read failed"}]`,
+                        date: "",
+                        messageId: "",
+                        attempts: 0,
+                        sizeBytes: st?.size || 0,
+                        createdAt: st?.mtimeMs || 0,
+                        claimed: /\.sending-[^-]+-\d+$/.test(f),
+                    });
+                }
             }
         };
         try {