@bobfrankston/mailx 1.0.443 → 1.0.445

package/README.md

@@ -258,6 +258,7 @@ mailx -repair                 Re-sync message metadata (fix garbled subjects)
 mailx -rebuild                Wipe local cache and re-download everything from IMAP
 mailx -setup                  Interactive first-time setup (CLI)
 mailx -test                   Test IMAP/SMTP connectivity for all accounts
+mailx -reauth                 Clear cached OAuth tokens; next start re-consents
 mailx -v                      Show version
 ```
 

package/bin/lean-accounts.js

@@ -0,0 +1,172 @@
+#!/usr/bin/env node
+/**
+ * lean-accounts.js — strip default-valued fields from an accounts.jsonc.
+ *
+ * Reads any accounts.jsonc (the one mailx writes when it bloats it with
+ * port: 993, tls: true, auth: "password", enabled: true, sig.html: false,
+ * etc.) and emits a compact form. Same logic as the Lean button in the
+ * config editor, but standalone so it works without mailx running.
+ *
+ * Usage:
+ *   node lean-accounts.js <path>           prints lean output to stdout
+ *   node lean-accounts.js <path> --inplace overwrites the file
+ *
+ * Drops:
+ *   - imap/smtp host/port/tls/auth that match the email's provider defaults
+ *   - imap/smtp user when it equals the email
+ *   - enabled: true (default)
+ *   - sig.html: false (default)
+ *   - per-account name when it matches the file-level "name"
+ *
+ * Promotes a shared "name" to file-level when every account has the same.
+ *
+ * Requires: jsonc-parser (any version that exports `parse` with comment+
+ * trailing-comma tolerance). The mailx repo's node_modules has it.
+ */
+
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath, pathToFileURL } from "node:url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+// ── Provider defaults: same set mailx-settings uses ────────────────────────
+const PROVIDERS = {
+    "gmail.com": {
+        label: "Gmail",
+        imap: { host: "imap.gmail.com", port: 993, tls: true, auth: "oauth2" },
+        smtp: { host: "smtp.gmail.com", port: 587, tls: true, auth: "oauth2" },
+    },
+    "googlemail.com": {
+        label: "Gmail",
+        imap: { host: "imap.gmail.com", port: 993, tls: true, auth: "oauth2" },
+        smtp: { host: "smtp.gmail.com", port: 587, tls: true, auth: "oauth2" },
+    },
+    "outlook.com": {
+        label: "Outlook",
+        imap: { host: "outlook.office365.com", port: 993, tls: true, auth: "oauth2" },
+        smtp: { host: "smtp.office365.com", port: 587, tls: true, auth: "oauth2" },
+    },
+    "hotmail.com": {
+        label: "Outlook",
+        imap: { host: "outlook.office365.com", port: 993, tls: true, auth: "oauth2" },
+        smtp: { host: "smtp.office365.com", port: 587, tls: true, auth: "oauth2" },
+    },
+    "yahoo.com": {
+        label: "Yahoo",
+        imap: { host: "imap.mail.yahoo.com", port: 993, tls: true, auth: "oauth2" },
+        smtp: { host: "smtp.mail.yahoo.com", port: 587, tls: true, auth: "oauth2" },
+    },
+    "icloud.com": {
+        label: "iCloud",
+        imap: { host: "imap.mail.me.com", port: 993, tls: true, auth: "oauth2" },
+        smtp: { host: "smtp.mail.me.com", port: 587, tls: true, auth: "oauth2" },
+    },
+};
+
+function denormalizeAccount(acct, globalName) {
+    const domain = (acct.email || "").split("@")[1]?.toLowerCase() || "";
+    const provider = PROVIDERS[domain];
+    const out = {};
+    out.id = acct.id;
+    if (acct.label && acct.label !== provider?.label && acct.label !== acct.id) out.label = acct.label;
+    out.email = acct.email;
+    if (acct.name && acct.name !== globalName) out.name = acct.name;
+    if (acct.primary) out.primary = true;
+    if (acct.primaryCalendar !== undefined) out.primaryCalendar = acct.primaryCalendar;
+    if (acct.primaryTasks !== undefined) out.primaryTasks = acct.primaryTasks;
+    if (acct.primaryContacts !== undefined) out.primaryContacts = acct.primaryContacts;
+
+    const imapOut = {};
+    if (acct.imap?.host && acct.imap.host !== provider?.imap.host) imapOut.host = acct.imap.host;
+    if (acct.imap?.user && acct.imap.user !== acct.email) imapOut.user = acct.imap.user;
+    if (acct.imap?.password) imapOut.password = acct.imap.password;
+    if (acct.imap?.port && acct.imap.port !== (provider?.imap.port ?? 993)) imapOut.port = acct.imap.port;
+    if (acct.imap?.tls !== undefined && acct.imap.tls !== (provider?.imap.tls ?? true)) imapOut.tls = acct.imap.tls;
+    if (acct.imap?.auth && acct.imap.auth !== (provider?.imap.auth ?? "password")) imapOut.auth = acct.imap.auth;
+    if (Object.keys(imapOut).length > 0) out.imap = imapOut;
+
+    const smtpOut = {};
+    if (acct.smtp?.host && acct.smtp.host !== provider?.smtp.host) smtpOut.host = acct.smtp.host;
+    if (acct.smtp?.user && acct.smtp.user !== acct.email && acct.smtp.user !== acct.imap?.user) smtpOut.user = acct.smtp.user;
+    if (acct.smtp?.password) smtpOut.password = acct.smtp.password;
+    if (acct.smtp?.port && acct.smtp.port !== (provider?.smtp.port ?? 587)) smtpOut.port = acct.smtp.port;
+    if (acct.smtp?.tls !== undefined && acct.smtp.tls !== (provider?.smtp.tls ?? true)) smtpOut.tls = acct.smtp.tls;
+    if (acct.smtp?.auth && acct.smtp.auth !== (provider?.smtp.auth ?? "password")) smtpOut.auth = acct.smtp.auth;
+    if (Object.keys(smtpOut).length > 0) out.smtp = smtpOut;
+
+    if (acct.defaultSend) out.defaultSend = true;
+    if (acct.enabled === false) out.enabled = false;
+    if (acct.relayDomains?.length > 0) out.relayDomains = acct.relayDomains;
+    if (acct.deliveredToPrefix?.length > 0) out.deliveredToPrefix = acct.deliveredToPrefix;
+    if (acct.identityDomains?.length > 0) out.identityDomains = acct.identityDomains;
+
+    const syncContactsDefault = provider?.imap.auth === "oauth2";
+    if (acct.syncContacts !== undefined && acct.syncContacts !== syncContactsDefault) {
+        out.syncContacts = acct.syncContacts;
+    }
+    if (acct.signature) out.signature = acct.signature;
+    if (acct.sig?.text) {
+        out.sig = acct.sig.html ? { text: acct.sig.text, html: true } : { text: acct.sig.text };
+    }
+    return out;
+}
+
+async function main() {
+    const args = process.argv.slice(2);
+    const inputPath = args.find(a => !a.startsWith("--"));
+    const inplace = args.includes("--inplace");
+    if (!inputPath) {
+        console.error("Usage: node lean-accounts.js <path-to-accounts.jsonc> [--inplace]");
+        process.exit(2);
+    }
+    if (!fs.existsSync(inputPath)) {
+        console.error(`File not found: ${inputPath}`);
+        process.exit(1);
+    }
+
+    // Resolve jsonc-parser from the local mailx repo's node_modules so the
+    // script doesn't require a global install. The repo root is two levels
+    // up from bin/ — and we walk up further if invoked from elsewhere.
+    let parseJsonc;
+    for (const dir of [
+        path.join(__dirname, "..", "node_modules", "jsonc-parser"),
+        path.join(__dirname, "..", "..", "node_modules", "jsonc-parser"),
+        path.join(process.cwd(), "node_modules", "jsonc-parser"),
+    ]) {
+        if (fs.existsSync(path.join(dir, "package.json"))) {
+            const mod = await import(pathToFileURL(path.join(dir, "lib", "esm", "main.js")).href).catch(() => null) ||
+                        await import("jsonc-parser").catch(() => null);
+            if (mod) { parseJsonc = mod.parse; break; }
+        }
+    }
+    if (!parseJsonc) {
+        try { parseJsonc = (await import("jsonc-parser")).parse; }
+        catch { console.error("jsonc-parser not found. Install or run from inside the mailx repo."); process.exit(1); }
+    }
+
+    const raw = fs.readFileSync(inputPath, "utf-8");
+    const errors = [];
+    const cfg = parseJsonc(raw, errors, { allowTrailingComma: true });
+    if (errors.length) {
+        console.error(`JSONC parse error: ${errors.map(e => JSON.stringify(e)).join(", ")}`);
+        process.exit(1);
+    }
+
+    const accounts = cfg?.accounts || (Array.isArray(cfg) ? cfg : []);
+    // Promote shared name to file-level when every entry has the same.
+    const names = new Set(accounts.map(a => a.name).filter(Boolean));
+    const sharedName = names.size === 1 ? [...names][0] : cfg?.name;
+    const lean = accounts.map(a => denormalizeAccount(a, sharedName));
+    const payload = sharedName ? { name: sharedName, accounts: lean } : { accounts: lean };
+    const output = JSON.stringify(payload, null, 2) + "\n";
+
+    if (inplace) {
+        fs.writeFileSync(inputPath, output);
+        console.error(`Wrote lean ${inputPath}`);
+    } else {
+        process.stdout.write(output);
+    }
+}
+
+main().catch(e => { console.error(e); process.exit(1); });

package/client/app.js

@@ -1924,23 +1924,22 @@ document.addEventListener("keydown", (e) => {
         e.preventDefault();
         openCompose("new");
     }
-    // Ctrl+F = Forward
-    if (e.ctrlKey && e.key === "f") {
-        e.preventDefault();
-        openCompose("forward");
-    }
-    // Ctrl+R = Reply
-    if (e.ctrlKey && e.key === "r" && !e.shiftKey) {
+    // Ctrl+R = Reply (without Shift)
+    if (e.ctrlKey && e.key === "r" && !e.shiftKey && !e.altKey && !e.metaKey) {
         e.preventDefault();
         openCompose("reply");
     }
     // Ctrl+Shift+R = Reply All
-    if (e.ctrlKey && e.shiftKey && e.key === "R") {
+    if (e.ctrlKey && e.shiftKey && e.key === "R" && !e.altKey && !e.metaKey) {
         e.preventDefault();
         openCompose("replyAll");
     }
-    // Ctrl+F = Forward
-    if (e.ctrlKey && e.key.toLowerCase() === "f" && !e.shiftKey) {
+    // Ctrl+F = Forward (without Shift). Use toLowerCase so a Caps-Lock or
+    // shifted state doesn't bypass us. Single handler — the previous
+    // duplicate fired openCompose twice, which double-loaded the compose
+    // iframe and the second copy got an empty sessionStorage (the first
+    // had already consumed it), producing an empty Forward form.
+    if (e.ctrlKey && !e.shiftKey && !e.altKey && !e.metaKey && (e.key === "f" || e.key === "F")) {
         e.preventDefault();
         openCompose("forward");
     }
@@ -2243,7 +2242,7 @@ document.getElementById("btn-open-log")?.addEventListener("click", async () => {
     }
 });
 async function openJsoncEditor(initialFile) {
-    const { readJsoncFile, writeJsoncFile, readConfigHelp, formatJsonc, leanAccountsJsonc } = await import("./lib/api-client.js");
+    const { readJsoncFile, writeJsoncFile, readConfigHelp, formatJsonc } = await import("./lib/api-client.js");
     const backdrop = document.createElement("div");
     backdrop.className = "mailx-modal-backdrop";
     const panel = document.createElement("div");
@@ -2279,7 +2278,6 @@ async function openJsoncEditor(initialFile) {
         <div class="mailx-modal-error" id="jsonc-error" hidden></div>
         <div class="mailx-modal-buttons">
             <button type="button" class="mailx-modal-btn" data-action="format" title="Reformat indentation while preserving comments and trailing commas">Format</button>
-            <button type="button" class="mailx-modal-btn" data-action="lean" title="accounts.jsonc only — strip default-valued fields (port, tls, auth, etc.) so the file stays compact. Comments are dropped (the lean output is regenerated from values, not the original text)">Lean</button>
             <span class="mailx-modal-spacer"></span>
             <button type="button" class="mailx-modal-btn" data-action="cancel">Cancel</button>
             <button type="button" class="mailx-modal-btn mailx-modal-btn-primary" data-action="save">Save</button>
@@ -2446,38 +2444,6 @@ async function openJsoncEditor(initialFile) {
                 }
                 return;
             }
-            if (action === "lean") {
-                // accounts.jsonc-only: strip defaulted fields and re-emit
-                // a compact form. User reviews it in the editor, then Save
-                // commits. Lean drops comments because the output is
-                // regenerated from canonical values, not the original text.
-                if (fileSelect.value !== "accounts.jsonc") {
-                    errorEl.textContent = "Lean is only available for accounts.jsonc.";
-                    errorEl.hidden = false;
-                    return;
-                }
-                btn.disabled = true;
-                const orig = btn.textContent;
-                btn.textContent = "Leaning…";
-                try {
-                    const r = await leanAccountsJsonc(textarea.value);
-                    if (r?.content !== undefined) {
-                        textarea.value = r.content;
-                        renderGutter();
-                        scheduleValidate();
-                        errorEl.hidden = true;
-                    }
-                }
-                catch (e) {
-                    errorEl.textContent = `Lean failed: ${e.message}`;
-                    errorEl.hidden = false;
-                }
-                finally {
-                    btn.disabled = false;
-                    btn.textContent = orig || "Lean";
-                }
-                return;
-            }
             if (action === "save") {
                 // Final sync-check; refuse to save if it doesn't parse
                 const err = validateJsonc(textarea.value);

package/client/components/message-viewer.js

@@ -1113,6 +1113,17 @@ ${csp}
         if (t && (t.isContentEditable || /^(INPUT|TEXTAREA|SELECT)$/.test(t.tagName))) return;
         // Zoom keys handled by parent-side installPreviewControls; don't double-send.
         if (e.ctrlKey && (e.key === "=" || e.key === "+" || e.key === "-" || e.key === "0")) return;
+        // Preventing the iframe's default for keys we forward to the parent
+        // is essential — the parent's preventDefault on the synthetic
+        // keydown can't suppress the browser's reaction to the ORIGINAL
+        // event (Ctrl+R reload, Ctrl+F find, etc.). Suppress here so the
+        // browser doesn't act before the parent processes the action.
+        var k = (e.key || "").toLowerCase();
+        var isShortcut = e.ctrlKey && !e.altKey && !e.metaKey && (
+            k === "r" || k === "f" || k === "n" || k === "a" || k === "d" ||
+            k === "z" || k === "y" || k === "k"
+        );
+        if (isShortcut) e.preventDefault();
         window.parent.postMessage({
             type: "previewKey",
             key: e.key, code: e.code,

package/client/compose/compose.js

@@ -92,23 +92,26 @@ catch { /* private-mode / SecurityError — default quill */ }
     }
     catch { /* non-fatal */ }
 })();
-// Whatever happens in editor init, surface failures to the mailx log.
-// Until this round the failures were swallowed silently — Quill CDN
-// timing out or createEditor throwing left the iframe with empty body
-// + dead buttons (because the rest of the script after the await never
-// ran). With logClientEvent here, the failure mode is visible in the
-// service log instead of "Reply just shows blank compose".
+// Whatever happens in editor init, surface failures to the mailx log
+// AND fall through to a plain-contenteditable fallback so the rest of
+// the compose script (Discard, X, Send, save-draft) still runs. Earlier
+// versions re-threw asset-load failures, which left compose with dead
+// buttons and the user with no recourse — exactly the "Reply window
+// won't close" symptom we hit when Quill's CDN was unreachable.
 let editor;
+let editorAssetError = null;
 try {
     await loadEditorAssets(editorType);
 }
 catch (e) {
+    editorAssetError = e;
     logClientEvent("compose-editor-assets-failed", { type: editorType, error: String(e?.message || e) });
-    throw e;
 }
 const container = document.getElementById("compose-editor");
 container.classList.add(editorType === "tiptap" ? "editor-tiptap" : "editor-quill");
 try {
+    if (editorAssetError)
+        throw editorAssetError;
     editor = await createEditor(container, editorType);
 }
 catch (e) {

package/client/lib/api-client.js

@@ -351,9 +351,6 @@ export function readConfigHelp(name) {
 export function unsubscribeOneClick(url) {
     return ipc().unsubscribeOneClick?.(url);
 }
-export function leanAccountsJsonc(content) {
-    return ipc().leanAccountsJsonc?.(content) ?? Promise.resolve({ content });
-}
 export function openInWord(editId, html) {
     return ipc().openInWord?.(editId, html) ?? Promise.resolve({ ok: false, path: "", opener: "none" });
 }

package/client/lib/mailxapi.js

@@ -134,9 +134,6 @@
         formatJsonc: function(content) {
             return callNode("formatJsonc", { content: content });
         },
-        leanAccountsJsonc: function(content) {
-            return callNode("leanAccountsJsonc", { content: content });
-        },
         readConfigHelp: function(name) {
             return callNode("readConfigHelp", { name: name });
         },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/mailx",
-  "version": "1.0.443",
+  "version": "1.0.445",
   "description": "Local-first email client with IMAP sync and standalone native app",
   "type": "module",
   "main": "bin/mailx.js",
@@ -36,7 +36,7 @@
     "@bobfrankston/iflow-node": "^0.1.8",
     "@bobfrankston/miscinfo": "^1.0.10",
     "@bobfrankston/oauthsupport": "^1.0.25",
-    "@bobfrankston/msger": "^0.1.366",
+    "@bobfrankston/msger": "^0.1.367",
     "@bobfrankston/mailx-host": "^0.1.8",
     "@capacitor/android": "^8.3.0",
     "@capacitor/cli": "^8.3.0",
@@ -100,7 +100,7 @@
       "@bobfrankston/iflow-node": "^0.1.8",
       "@bobfrankston/miscinfo": "^1.0.10",
       "@bobfrankston/oauthsupport": "^1.0.25",
-      "@bobfrankston/msger": "^0.1.366",
+      "@bobfrankston/msger": "^0.1.367",
       "@bobfrankston/mailx-host": "^0.1.8",
       "@capacitor/android": "^8.3.0",
       "@capacitor/cli": "^8.3.0",

package/packages/mailx-service/index.d.ts

@@ -316,16 +316,6 @@ export declare class MailxService {
      *  `config.jsonc` is the local per-machine config (not cloud-synced). */
     readJsoncFile(name: string): Promise<string | null>;
     formatJsonc(content: string): Promise<string>;
-    /** Strip default-valued fields from accounts.jsonc and return the lean
-     *  form. Called from the JSONC editor's "Lean" button so the user can
-     *  see the tidy version before saving. Round-trips through normalize→
-     *  denormalize so the canonicalization rules stay in one place
-     *  (mailx-settings). Drops port: 993, tls: true, auth: "password",
-     *  enabled: true, sig.html: false, etc. when they match the defaults
-     *  for the email's provider. Promotes a shared `name` to the file
-     *  level when every account has the same name. Only handles
-     *  accounts.jsonc — other JSONC files have hand-curated shapes. */
-    leanAccountsJsonc(content: string): Promise<string>;
     /** Return the help section for a named config file, extracted from docs/config-help.md.
      *  Matches a level-2 heading whose text equals the filename. Returns markdown. */
     readConfigHelp(name: string): Promise<string>;

package/packages/mailx-service/index.js

@@ -9,7 +9,7 @@ import * as path from "node:path";
 import { fileURLToPath } from "node:url";
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 import * as gsync from "./google-sync.js";
-import { loadSettings, saveSettings, loadAccounts, loadAccountsAsync, saveAccounts, initCloudConfig, loadAllowlist, saveAllowlist, loadAutocomplete, saveAutocomplete, getStorageInfo, getConfigDir, normalizeAccount, denormalizeAccount } from "@bobfrankston/mailx-settings";
+import { loadSettings, saveSettings, loadAccounts, loadAccountsAsync, saveAccounts, initCloudConfig, loadAllowlist, saveAllowlist, loadAutocomplete, saveAutocomplete, getStorageInfo, getConfigDir } from "@bobfrankston/mailx-settings";
 import { sanitizeHtml, encodeQuotedPrintable, htmlToPlainText } from "@bobfrankston/mailx-types";
 import { simpleParser } from "mailparser";
 /** Parse `List-Unsubscribe` (RFC 2369) and `List-Unsubscribe-Post` (RFC 8058).
@@ -2053,30 +2053,6 @@ export class MailxService {
         });
         return applyEdits(content, edits);
     }
-    /** Strip default-valued fields from accounts.jsonc and return the lean
-     *  form. Called from the JSONC editor's "Lean" button so the user can
-     *  see the tidy version before saving. Round-trips through normalize→
-     *  denormalize so the canonicalization rules stay in one place
-     *  (mailx-settings). Drops port: 993, tls: true, auth: "password",
-     *  enabled: true, sig.html: false, etc. when they match the defaults
-     *  for the email's provider. Promotes a shared `name` to the file
-     *  level when every account has the same name. Only handles
-     *  accounts.jsonc — other JSONC files have hand-curated shapes. */
-    async leanAccountsJsonc(content) {
-        const { parse: parseJsonc } = await import("jsonc-parser");
-        const errors = [];
-        const cfg = parseJsonc(content, errors, { allowTrailingComma: true });
-        if (errors.length)
-            throw new Error(`JSONC parse error: ${errors.map((e) => e.error).join(", ")}`);
-        const raw = cfg?.accounts || (Array.isArray(cfg) ? cfg : []);
-        const globalName = cfg?.name;
-        const normalized = raw.map((a) => normalizeAccount(a, globalName));
-        const names = new Set(normalized.map((a) => a.name).filter(Boolean));
-        const sharedName = names.size === 1 ? [...names][0] : globalName;
-        const lean = normalized.map((a) => denormalizeAccount(a, sharedName));
-        const payload = sharedName ? { name: sharedName, accounts: lean } : { accounts: lean };
-        return JSON.stringify(payload, null, 2);
-    }
     /** Return the help section for a named config file, extracted from docs/config-help.md.
      *  Matches a level-2 heading whose text equals the filename. Returns markdown. */
     async readConfigHelp(name) {

package/packages/mailx-service/jsonrpc.js

@@ -177,8 +177,6 @@ async function dispatchAction(svc, action, p) {
             return await svc.unsubscribeOneClick(p.url);
         case "openInWord":
             return await svc.openInWord(p.editId, p.html);
-        case "leanAccountsJsonc":
-            return { content: await svc.leanAccountsJsonc(p.content) };
         case "closeWordEdit":
             return await svc.closeWordEdit(p.editId);
         // Client-side tracing — lets webview / iframe code ship events to the

package/packages/mailx-store-web/android-bootstrap.js

@@ -533,36 +533,64 @@ class AndroidSyncManager {
             }
         }
     }
-    queueOutgoingLocal(accountId, rawMessage) {
+    /** In-flight send tracker keyed by queueUid. Prevents
+     *  processSendQueue from re-firing the same row when it overlaps
+     *  with an in-progress attempt (e.g., the periodic tick fires while
+     *  the original attemptSend's promise is still pending). Without
+     *  this, a slow Gmail/SMTP send race-conditions into a double-send. */
+    sendInFlight = new Set();
+    async queueOutgoingLocal(accountId, rawMessage) {
         // Local-first: PERSIST to sync_actions before attempting the network
         // send, so a crash / offline / process kill between now and SMTP ACK
         // doesn't drop the message. Desktop parity — PC writes `.ltr` to disk
-        // before calling SMTP; Android writes a sync_actions row to sql.js +
-        // IndexedDB (which saveDbToIdb persists on scheduleSave). Unique neg
-        // uid = Date.now() to avoid colliding with real message UIDs and to
-        // give us a stable tracking key through the async send pipeline.
+        // synchronously; Android writes a sync_actions row and now FLUSHES
+        // sql.js → IndexedDB before returning. The previous version relied on
+        // the 1-second scheduleSave debounce, so a tab-close inside the debounce
+        // window erased the row before it was persisted — the "letter just
+        // disappeared" symptom user-reported 2026-04-30.
         //
-        // User-flagged 2026-04-23: "sending on android, like on the PC must
-        // be queued." Equivalent of PC's `~/.mailx/outbox/<acct>/*.ltr`.
+        // Equivalent of PC's `~/.mailx/outbox/<acct>/*.ltr` durable write.
         const queueUid = -Date.now();
         this.db.queueSyncAction(accountId, "send", queueUid, -1, { rawMessage });
+        await this.db.flush();
         this.attemptSend(accountId, queueUid, rawMessage);
     }
     /** Kick off a send for a message that's already in the queue. Called by
      *  queueOutgoingLocal on a fresh submit AND by processSendQueue on
-     *  startup / periodic tick for anything stranded from a prior run. */
+     *  startup / periodic tick for anything stranded from a prior run.
+     *  Guards against double-send via sendInFlight. */
     attemptSend(accountId, queueUid, rawMessage) {
+        if (this.sendInFlight.has(queueUid))
+            return;
+        this.sendInFlight.add(queueUid);
+        // Helper to mark complete + flush + clear in-flight — used on every
+        // success/failure exit. Flush ensures the row deletion or attempt
+        // counter actually reaches IndexedDB before the next process-kill,
+        // matching the "persist before network" rule for the post-network
+        // outcome too. Without flushing on completion, a successful send
+        // followed by a fast app-close left the row in the queue, which
+        // looked like a "stuck" message on next launch.
+        const finishSend = (success, error) => {
+            if (success) {
+                this.db.completeSyncActionByUid(accountId, "send", queueUid);
+            }
+            else {
+                this.db.failSyncActionByUid(accountId, "send", queueUid, error || "send failed");
+            }
+            this.db.flush().catch(() => { });
+            this.sendInFlight.delete(queueUid);
+        };
         const provider = this.getProvider(accountId);
         if (provider && typeof provider.sendRaw === "function") {
             provider.sendRaw(rawMessage)
                 .then((result) => {
                 console.log(`[send] ${accountId}: sent via Gmail API (id=${result.id})`);
-                this.db.completeSyncActionByUid(accountId, "send", queueUid);
+                finishSend(true);
                 emitEvent({ type: "sendComplete", accountId, messageId: result.id });
             })
                 .catch((e) => {
                 console.error(`[send] ${accountId}: Gmail send failed: ${e.message}`);
-                this.db.failSyncActionByUid(accountId, "send", queueUid, e.message || String(e));
+                finishSend(false, e.message || String(e));
                 emitEvent({ type: "sendError", accountId, error: e.message });
             });
             return;
@@ -574,7 +602,7 @@ class AndroidSyncManager {
         if (!row) {
             const e = "Unknown account";
             console.error(`[send] ${accountId}: ${e}`);
-            this.db.failSyncActionByUid(accountId, "send", queueUid, e);
+            finishSend(false, e);
             emitEvent({ type: "sendError", accountId, error: e });
             return;
         }
@@ -584,26 +612,26 @@ class AndroidSyncManager {
         }
         catch {
             const e = "Account config malformed";
-            this.db.failSyncActionByUid(accountId, "send", queueUid, e);
+            finishSend(false, e);
             emitEvent({ type: "sendError", accountId, error: e });
             return;
         }
         if (!account.smtp) {
             const e = "No SMTP config for this account";
             console.error(`[send] ${accountId}: ${e}`);
-            this.db.failSyncActionByUid(accountId, "send", queueUid, e);
+            finishSend(false, e);
             emitEvent({ type: "sendError", accountId, error: e });
             return;
         }
         this.sendViaSmtpDirect(accountId, account, rawMessage)
             .then((result) => {
             console.log(`[send] ${accountId}: sent via SMTP (${result.accepted.length} accepted, ${result.rejected.length} rejected)`);
-            this.db.completeSyncActionByUid(accountId, "send", queueUid);
+            finishSend(true);
             emitEvent({ type: "sendComplete", accountId });
         })
             .catch((e) => {
             console.error(`[send] ${accountId}: SMTP send failed: ${e.message}`);
-            this.db.failSyncActionByUid(accountId, "send", queueUid, e.message || String(e));
+            finishSend(false, e.message || String(e));
             emitEvent({ type: "sendError", accountId, error: e.message });
         });
     }

package/packages/mailx-store-web/web-service.d.ts

@@ -30,7 +30,7 @@ export interface WebSyncManager {
     }[], targetFolderId: number): Promise<void>;
     moveMessageCrossAccount(accountId: string, uid: number, folderId: number, targetAccountId: string, targetFolderId: number): Promise<void>;
     undeleteMessage(accountId: string, uid: number, folderId: number): Promise<void>;
-    queueOutgoingLocal(accountId: string, rawMessage: string): void;
+    queueOutgoingLocal(accountId: string, rawMessage: string): void | Promise<void>;
     saveDraft(accountId: string, raw: string, previousDraftUid?: number, draftId?: string): Promise<number | null>;
     deleteDraft(accountId: string, draftUid: number): Promise<void>;
     reauthenticate(accountId: string): Promise<boolean>;

package/packages/mailx-store-web/web-service.js

@@ -394,7 +394,12 @@ export class WebMailxService {
             ].join("\r\n");
             rawMessage = `${headers}\r\n\r\n${textEncoded}`;
         }
-        this.syncManager.queueOutgoingLocal(account.id, rawMessage);
+        // queueOutgoingLocal on the Android bridge is async (it flushes
+        // sql.js → IndexedDB before returning so a tab-close in the
+        // debounce window can't lose the row). On the web-worker
+        // SyncManager it's synchronous and returns void; awaiting an
+        // undefined value is benign, so this works for both.
+        await this.syncManager.queueOutgoingLocal(account.id, rawMessage);
         for (const addr of msg.to)
             this.db.recordSentAddress(addr.name, addr.address);
         if (msg.cc)