@bobfrankston/rmfmail 1.1.137 → 1.1.138

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/npmchanges.md +22 -0
  2. package/package.json +1 -1
  3. package/.commitmsg +0 -19
  4. /package/packages/mailx-imap/{node_modules.npmglobalize-stash-40000 → node_modules.npmglobalize-stash-47880}/.package-lock.json +0 -0
package/npmchanges.md CHANGED
@@ -479,3 +479,25 @@ feat: periodic Sent sweep + body-fetch wallclock timeout
479
479
  with the elapsed-time wait indicator (1.1.135) — the indicator
480
480
  surfaces a wedge, the timeout breaks one.
481
481
 
482
+ ## v1.1.137 — 2026-05-24
483
+
484
+ fix: defensive IMAP-command-leak detection at body-store boundary
485
+
486
+ When iflow-direct's response parser desyncs on a literal byte count, the
487
+ "body" it returns can begin with one of mailx's own pipelined IMAP
488
+ commands (e.g. `A24624 UID FETCH 52 (UID FLAGS ENVELOPE ...)`). Until
489
+ now those bytes were silently written to disk as the message body and
490
+ rendered as broken (the a39…eml corruption from 2026-05-23).
491
+
492
+ mailx-store/file-store.putMessage now sniffs the first ≤512 bytes for a
493
+ tag+UPPERCASE-command pattern and throws rather than persist. The
494
+ reconciler treats the rejection as transient so the next fetch (on a
495
+ freshly-acquired connection) re-attempts cleanly, within the 3-attempt
496
+ body-fetch budget.
497
+
498
+ This doesn't FIX the iflow desync itself — it catches the leak at the
499
+ disk boundary so corrupt bodies never persist and the wedged message
500
+ gets retried instead of staying broken until the next -repair. Pairs
501
+ with the elapsed-time wait indicator (1.1.135) which surfaces the
502
+ in-progress retry to the user.
503
+
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bobfrankston/rmfmail",
3
- "version": "1.1.137",
3
+ "version": "1.1.138",
4
4
  "description": "Local-first email client with IMAP sync and standalone native app",
5
5
  "type": "module",
6
6
  "main": "bin/mailx.js",
package/.commitmsg DELETED
@@ -1,19 +0,0 @@
1
- fix: defensive IMAP-command-leak detection at body-store boundary
2
-
3
- When iflow-direct's response parser desyncs on a literal byte count, the
4
- "body" it returns can begin with one of mailx's own pipelined IMAP
5
- commands (e.g. `A24624 UID FETCH 52 (UID FLAGS ENVELOPE ...)`). Until
6
- now those bytes were silently written to disk as the message body and
7
- rendered as broken (the a39…eml corruption from 2026-05-23).
8
-
9
- mailx-store/file-store.putMessage now sniffs the first ≤512 bytes for a
10
- tag+UPPERCASE-command pattern and throws rather than persist. The
11
- reconciler treats the rejection as transient so the next fetch (on a
12
- freshly-acquired connection) re-attempts cleanly, within the 3-attempt
13
- body-fetch budget.
14
-
15
- This doesn't FIX the iflow desync itself — it catches the leak at the
16
- disk boundary so corrupt bodies never persist and the wedged message
17
- gets retried instead of staying broken until the next -repair. Pairs
18
- with the elapsed-time wait indicator (1.1.135) which surfaces the
19
- in-progress retry to the user.