@bobfrankston/mailx 1.0.436 → 1.0.438

package/packages/mailx-service/index.d.ts

@@ -59,8 +59,35 @@ export declare class MailxService {
         status: number;
         statusText: string;
     }>;
+    /** Per-session map: editId → temp file path + watcher cleanup.
+     *  Lives in memory only — cleared when the user closes compose or sends. */
+    private wordEdits;
+    /** Hand the current compose body off to Microsoft Word for editing. Writes
+     *  the HTML to `~/.mailx/external-edit/<editId>.html`, opens it via the
+     *  default OS handler (Word on Windows when .html is associated; otherwise
+     *  the user's chosen editor for HTML), and starts an fs.watch that emits
+     *  `wordEditUpdated` when Word saves. The compose UI listens for that
+     *  event and reloads the editor.
+     *
+     *  Windows-only by current default — on Mac/Linux there's no equivalent
+     *  reliable round-trip. The compose toolbar should hide the button on
+     *  non-win32 platforms. */
+    openInWord(editId: string, html: string): Promise<{
+        ok: boolean;
+        path: string;
+        opener: string;
+    }>;
+    /** End external editing. Stops the watcher, removes the temp file.
+     *  Caller is the compose UI when the user closes the window or sends. */
+    closeWordEdit(editId: string): Promise<void>;
     updateFlags(accountId: string, uid: number, flags: string[]): Promise<void>;
     allowRemoteContent(type: "sender" | "domain" | "recipient", value: string): Promise<void>;
+    /** Mark a sender or domain as suspect. Surfaced in the remote-content
+     *  banner as a red warning on subsequent messages. Toggle: calling with
+     *  the same value removes it. Returns the new state for UI feedback. */
+    flagSenderOrDomain(type: "sender" | "domain", value: string): Promise<{
+        flagged: boolean;
+    }>;
     search(q: string, page?: number, pageSize?: number, scope?: string, accountId?: string, folderId?: number): Promise<any>;
     rebuildSearchIndex(): number;
     getSyncPending(): {

package/packages/mailx-service/index.js

@@ -460,10 +460,19 @@ export class MailxService {
         // hides the Source button on every just-opened message.
         const refreshed = this.db.getMessageByUid(accountId, uid, folderId);
         const emlPath = refreshed?.bodyPath || envelope.bodyPath || "";
+        // Flag check — surfaced in the remote-content banner as a red
+        // warning when the sender's address or domain is on the user's
+        // flagged list. Cheap lookup; loadAllowlist is already cached.
+        const allowList = loadAllowlist();
+        const senderAddr = (envelope.from?.address || "").toLowerCase();
+        const senderDomain = senderAddr.split("@")[1] || "";
+        const isFlagged = !!((allowList.flaggedSenders || []).some((s) => (s || "").toLowerCase() === senderAddr) ||
+            (allowList.flaggedDomains || []).some((d) => (d || "").toLowerCase() === senderDomain));
         return {
             ...envelope, bodyHtml, bodyText, hasRemoteContent, remoteAllowed: allowRemote,
             attachments, emlPath, deliveredTo, returnPath,
             listUnsubscribe, listUnsubscribeMail, listUnsubscribeHttp, listUnsubscribeOneClick,
+            isFlagged,
         };
     }
     /** RFC 8058 one-click unsubscribe: POST `List-Unsubscribe=One-Click` to the
@@ -506,6 +515,158 @@ export class MailxService {
         }
         return { ok: resp.ok, status: resp.status, statusText: resp.statusText };
     }
+    // ── External edit in Microsoft Word ──
+    /** Per-session map: editId → temp file path + watcher cleanup.
+     *  Lives in memory only — cleared when the user closes compose or sends. */
+    wordEdits = new Map();
+    /** Hand the current compose body off to Microsoft Word for editing. Writes
+     *  the HTML to `~/.mailx/external-edit/<editId>.html`, opens it via the
+     *  default OS handler (Word on Windows when .html is associated; otherwise
+     *  the user's chosen editor for HTML), and starts an fs.watch that emits
+     *  `wordEditUpdated` when Word saves. The compose UI listens for that
+     *  event and reloads the editor.
+     *
+     *  Windows-only by current default — on Mac/Linux there's no equivalent
+     *  reliable round-trip. The compose toolbar should hide the button on
+     *  non-win32 platforms. */
+    async openInWord(editId, html) {
+        const dir = path.join(getConfigDir(), "external-edit");
+        fs.mkdirSync(dir, { recursive: true });
+        const filePath = path.join(dir, `${editId}.html`);
+        // Wrap in a minimal HTML doc so Word picks up encoding + treats the
+        // body content as the document. Word imports the <body> contents and
+        // converts them to its own model; saving HTML preserves enough of
+        // the structure for re-import (paragraphs, links, basic formatting).
+        const wrapped = `<!doctype html>
+<html><head><meta charset="utf-8"><title>mailx draft</title></head>
+<body>${html || "<p></p>"}</body></html>
+`;
+        fs.writeFileSync(filePath, wrapped, "utf-8");
+        // Stop any existing watcher for this edit (re-open re-arms cleanly).
+        this.wordEdits.get(editId)?.stop();
+        // Try Word explicitly first; on failure (Word not installed, exec not
+        // in PATH) fall back to the OS default handler so the user still gets
+        // *some* editor. Report which one ran so the UI can say "Opening in
+        // Word…" vs "Opening in default editor…".
+        const { spawnSync, spawn } = await import("node:child_process");
+        const tryLaunch = (cmd, args) => {
+            try {
+                const r = spawnSync(cmd, args, { stdio: "ignore", windowsHide: true });
+                return r.status === 0 && !r.error;
+            }
+            catch {
+                return false;
+            }
+        };
+        // Editor preference: settings.externalEditor in `~/.mailx/config.jsonc`
+        // can be "word" | "libreoffice" | "auto" (default). Auto means try
+        // Word first, then LibreOffice, then OS default — gives Word users the
+        // expected experience while still working when Word isn't installed.
+        // LibreOffice tends to round-trip email-shaped HTML cleaner than
+        // Word, so users on either platform may want to flip it via the
+        // config editor.
+        const settings = loadSettings() || {};
+        const pref = (settings.externalEditor || "auto");
+        const tryWord = () => {
+            if (process.platform === "win32")
+                return tryLaunch("cmd", ["/c", "start", "", "/B", "winword.exe", filePath]);
+            if (process.platform === "darwin")
+                return tryLaunch("open", ["-a", "Microsoft Word", filePath]);
+            return false; // no MS Word on Linux
+        };
+        const tryLibreOffice = () => {
+            if (process.platform === "win32")
+                return tryLaunch("cmd", ["/c", "start", "", "/B", "soffice.exe", "--writer", filePath]);
+            if (process.platform === "darwin")
+                return tryLaunch("open", ["-a", "LibreOffice", filePath]);
+            return tryLaunch("soffice", ["--writer", filePath]) || tryLaunch("libreoffice", ["--writer", filePath]);
+        };
+        const tryDefault = () => {
+            if (process.platform === "win32")
+                return tryLaunch("cmd", ["/c", "start", "", filePath]);
+            if (process.platform === "darwin")
+                return tryLaunch("open", [filePath]);
+            return tryLaunch("xdg-open", [filePath]);
+        };
+        let opener = "none";
+        const order = pref === "libreoffice"
+            ? [["libreoffice", tryLibreOffice], ["word", tryWord], ["default", tryDefault]]
+            : pref === "word"
+                ? [["word", tryWord], ["default", tryDefault]]
+                : [["word", tryWord], ["libreoffice", tryLibreOffice], ["default", tryDefault]]; // auto
+        for (const [name, fn] of order) {
+            if (fn()) {
+                opener = name;
+                break;
+            }
+        }
+        if (opener === "none") {
+            console.error(`  [word-edit] no editor found on this platform — file written to ${filePath}`);
+        }
+        else {
+            console.log(`  [word-edit] opened ${filePath} via ${opener}`);
+        }
+        // Watch for save events. fs.watch on Windows fires multiple events
+        // per save (rename + change for atomic replacement); debounce so the
+        // UI only reloads once per save. Watch the directory rather than the
+        // file directly because Word writes via temp-file rename, which can
+        // invalidate a file-level watch.
+        let debounce = null;
+        let lastSize = -1;
+        const watcher = fs.watch(dir, (eventType, name) => {
+            if (name !== `${editId}.html`)
+                return;
+            if (debounce)
+                clearTimeout(debounce);
+            debounce = setTimeout(() => {
+                let stat;
+                try {
+                    stat = fs.statSync(filePath);
+                }
+                catch {
+                    return;
+                }
+                // Skip duplicate events with the same size — Word fires several
+                // change notifications per save and we only want one reload.
+                if (stat.size === lastSize)
+                    return;
+                lastSize = stat.size;
+                try {
+                    const updatedHtml = fs.readFileSync(filePath, "utf-8");
+                    // Strip the wrapper to extract just the body content.
+                    const bodyMatch = updatedHtml.match(/<body[^>]*>([\s\S]*?)<\/body>/i);
+                    const inner = bodyMatch ? bodyMatch[1] : updatedHtml;
+                    this.imapManager.emit("wordEditUpdated", { editId, html: inner });
+                }
+                catch (e) {
+                    console.error(`  [word-edit] read after save failed: ${e.message}`);
+                }
+            }, 300);
+        });
+        const stop = () => {
+            try {
+                watcher.close();
+            }
+            catch { /* */ }
+            if (debounce)
+                clearTimeout(debounce);
+        };
+        this.wordEdits.set(editId, { path: filePath, stop });
+        return { ok: opener !== "none", path: filePath, opener };
+    }
+    /** End external editing. Stops the watcher, removes the temp file.
+     *  Caller is the compose UI when the user closes the window or sends. */
+    async closeWordEdit(editId) {
+        const entry = this.wordEdits.get(editId);
+        if (!entry)
+            return;
+        entry.stop();
+        this.wordEdits.delete(editId);
+        try {
+            fs.unlinkSync(entry.path);
+        }
+        catch { /* file already gone — fine */ }
+    }
     async updateFlags(accountId, uid, flags) {
         const envelope = this.db.getMessageByUid(accountId, uid);
         await this.imapManager.updateFlagsLocal(accountId, uid, envelope?.folderId || 0, flags);
@@ -526,6 +687,27 @@ export class MailxService {
         await saveAllowlist(list);
         console.log(`  [allow] Added ${type}: ${value}`);
     }
+    /** Mark a sender or domain as suspect. Surfaced in the remote-content
+     *  banner as a red warning on subsequent messages. Toggle: calling with
+     *  the same value removes it. Returns the new state for UI feedback. */
+    async flagSenderOrDomain(type, value) {
+        const list = loadAllowlist();
+        const key = type === "sender" ? "flaggedSenders" : "flaggedDomains";
+        if (!Array.isArray(list[key]))
+            list[key] = [];
+        const lower = (value || "").toLowerCase();
+        const idx = list[key].findIndex((v) => (v || "").toLowerCase() === lower);
+        if (idx >= 0) {
+            list[key].splice(idx, 1);
+            await saveAllowlist(list);
+            console.log(`  [flag] Removed ${type}: ${value}`);
+            return { flagged: false };
+        }
+        list[key].push(value);
+        await saveAllowlist(list);
+        console.log(`  [flag] Added ${type}: ${value}`);
+        return { flagged: true };
+    }
     // ── Search ──
     async search(q, page = 1, pageSize = 50, scope = "all", accountId, folderId) {
         q = (q || "").trim();
@@ -1454,7 +1636,7 @@ export class MailxService {
     // ── Folder management ──
     async createFolder(accountId, parentPath, name) {
         const fullPath = parentPath ? `${parentPath}.${name}` : name;
-        const client = this.imapManager.createPublicClient(accountId);
+        const client = await this.imapManager.createPublicClient(accountId);
         try {
             await client.createmailbox(fullPath);
             await this.imapManager.syncFolders(accountId, client);
@@ -1474,7 +1656,7 @@ export class MailxService {
         const parts = folder.path.split(folder.delimiter || ".");
         parts[parts.length - 1] = newName;
         const newPath = parts.join(folder.delimiter || ".");
-        const client = this.imapManager.createPublicClient(accountId);
+        const client = await this.imapManager.createPublicClient(accountId);
         try {
             if (client.renameMailbox) {
                 await client.renameMailbox(folder.path, newPath);
@@ -1498,7 +1680,7 @@ export class MailxService {
         const folder = this.db.getFolders(accountId).find(f => f.id === folderId);
         if (!folder)
             throw new Error("Folder not found");
-        const client = this.imapManager.createPublicClient(accountId);
+        const client = await this.imapManager.createPublicClient(accountId);
         try {
             try {
                 if (client.deleteMailbox) {
@@ -1551,7 +1733,7 @@ export class MailxService {
             this.imapManager.emit?.("folderCountsChanged", accountId, {});
         }
         catch { /* non-fatal */ }
-        const client = this.imapManager.createPublicClient(accountId);
+        const client = await this.imapManager.createPublicClient(accountId);
         try {
             const uids = await client.getUids(folder.path);
             for (const uid of uids)

package/packages/mailx-service/jsonrpc.js

@@ -175,6 +175,10 @@ async function dispatchAction(svc, action, p) {
             return { content: await svc.readConfigHelp(p.name) };
         case "unsubscribeOneClick":
             return await svc.unsubscribeOneClick(p.url);
+        case "openInWord":
+            return await svc.openInWord(p.editId, p.html);
+        case "closeWordEdit":
+            return await svc.closeWordEdit(p.editId);
         // Client-side tracing — lets webview / iframe code ship events to the
         // Node log so a "compose→send→vanished" report can be diagnosed without
         // opening devtools. Every call shows up as `[client] <tag> <data>` in
@@ -192,6 +196,8 @@ async function dispatchAction(svc, action, p) {
         case "allowRemoteContent":
             svc.allowRemoteContent(p.type, p.value);
             return { ok: true };
+        case "flagSenderOrDomain":
+            return await svc.flagSenderOrDomain(p.type, p.value);
         case "getVersion": {
             try {
                 const settings = svc.getSettings();

package/packages/mailx-settings/index.d.ts

@@ -69,6 +69,8 @@ declare const DEFAULT_ALLOWLIST: {
     senders: string[];
     domains: string[];
     recipients: string[];
+    flaggedSenders: string[];
+    flaggedDomains: string[];
 };
 /** Load account configs */
 export declare function loadAccounts(): AccountConfig[];

package/packages/mailx-settings/index.js

@@ -439,6 +439,14 @@ const DEFAULT_ALLOWLIST = {
     senders: [],
     domains: [],
     recipients: [],
+    // Flagged senders/domains — surfaced as a red warning on the
+    // remote-content banner. Distinct from the positive lists above:
+    // these don't auto-allow anything, they make the banner louder when
+    // a known-suspicious correspondent's mail shows up. Future: a shared
+    // GitHub list users can opt in to (community-flagged phishing /
+    // tracker-heavy senders) — see TODO.md.
+    flaggedSenders: [],
+    flaggedDomains: [],
 };
 // ── Public API ──
 /** Load account configs */
@@ -620,6 +628,8 @@ export async function saveAllowlist(list) {
                     senders: mergeArrays(list.senders || [], cloud.senders || []),
                     domains: mergeArrays(list.domains || [], cloud.domains || []),
                     recipients: mergeArrays(list.recipients || [], cloud.recipients || []),
+                    flaggedSenders: mergeArrays(list.flaggedSenders || [], cloud.flaggedSenders || []),
+                    flaggedDomains: mergeArrays(list.flaggedDomains || [], cloud.flaggedDomains || []),
                 };
             }
         }

package/packages/mailx-store/db.js

@@ -287,6 +287,10 @@ export class MailxDB {
             this.db.exec("CREATE UNIQUE INDEX IF NOT EXISTS idx_messages_uuid ON messages(uuid)");
         }
         catch { /* already exists */ }
+        // bcc_json: pre-existing DBs predate this column. Without the migration
+        // every contacts seed pass throws "no such column: m.bcc_json" and the
+        // local autocomplete corpus stays empty.
+        this.addColumnIfMissing("messages", "bcc_json", "TEXT DEFAULT '[]'");
         // calendar_events: recurring_event_id carries the Google Calendar
         // series id when the event is an expanded instance of a recurrence.
         // Filters like "hide recurring events" check this column.
@@ -343,7 +347,7 @@ export class MailxDB {
      *  runs at startup). The user-facing message names the recovery command. */
     verifySchema() {
         const required = {
-            messages: ["thread_id", "provider_id", "uuid"],
+            messages: ["thread_id", "provider_id", "uuid", "bcc_json"],
             calendar_events: ["recurring_event_id", "html_link"],
         };
         for (const [table, cols] of Object.entries(required)) {
@@ -1434,10 +1438,21 @@ export class MailxDB {
         query = (query || "").trim();
         if (!query)
             return [];
-        const substr = `%${query}%`;
+        // Split into whitespace-separated tokens. Each token must appear in
+        // name or email — order- and adjacency-independent. So "eleanor elkin"
+        // matches "Eleanor Elkin", "Elkin, Eleanor", "Eleanor M Elkin", and
+        // "elkin@eleanor.example". The first token gets the prefix bonus for
+        // ranking; remaining tokens just have to be present.
+        const tokens = query.split(/\s+/).filter(Boolean);
+        const firstSubstr = `%${tokens[0]}%`;
+        const firstPrefix = `${tokens[0]}%`;
+        const tokenWhere = tokens.map(() => "(name LIKE ? OR email LIKE ?)").join(" AND ");
+        const tokenParams = [];
+        for (const t of tokens) {
+            tokenParams.push(`%${t}%`, `%${t}%`);
+        }
         let rows;
         try {
-            const prefixQ = `${query}%`;
             // Source tier: anything not in the two reserved system sources
             // ('google', 'discovered') is preferred-tier — i.e. came out of
             // contacts.jsonc#preferred[]. The user's `source: "work"` /
@@ -1456,17 +1471,17 @@ export class MailxDB {
                             ELSE 40
                          END) AS match_rank
                  FROM contacts
-                 WHERE email LIKE ? OR name LIKE ?
+                 WHERE ${tokenWhere}
                  ORDER BY match_rank DESC, use_count DESC, last_used DESC
-                 LIMIT ?`).all(prefixQ, prefixQ, substr, substr, substr, substr, limit * 2);
+                 LIMIT ?`).all(firstPrefix, firstPrefix, firstSubstr, firstSubstr, ...tokenParams, limit * 2);
         }
         catch (e) {
             console.error(`  [searchContacts] ranked query failed (${e?.message}) — falling back to simple LIKE`);
             rows = this.db.prepare(`SELECT name, email, source, use_count, last_used, 0 AS match_rank
                  FROM contacts
-                 WHERE email LIKE ? OR name LIKE ?
+                 WHERE ${tokenWhere}
                  ORDER BY use_count DESC, last_used DESC
-                 LIMIT ?`).all(substr, substr, limit * 2);
+                 LIMIT ?`).all(...tokenParams, limit * 2);
         }
         // Filter out denylisted emails as a defense-in-depth — applyContactsConfig
         // already purges discovered rows on denylist, but a Google sync that