plan: refresh plan for issue #539

.fvmrc

@@ -1,3 +1,3 @@
 {
   "flutter": "3.44.0"
-}
+}

.gitignore

@@ -123,4 +123,3 @@ dagger-certs
 /go
 .last_deployed_sha
 .fail_count
-/*.kubeconfig

.pre-commit-config.yaml

@@ -26,13 +26,13 @@ repos:
       - id: forbidden-files-hook
         name: check for forbidden home-directory files
         language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && task check-hygiene'
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command task check-hygiene'
         pass_filenames: false
         always_run: true
       - id: dart-check
         name: dart format (autofix) + check-fast (parallel)
         language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && dagger call --progress=plain -q -m ci --source=. check-fast'
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command dagger call --progress=plain -q -m ci --source=. check-fast'
         pass_filenames: false
         always_run: true
       - id: ci-no-direct-dagger
@@ -50,12 +50,6 @@ repos:
       - id: ci-image-exists
         name: verify container images in ci/main.go are reachable
         language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && task check-ci-images'
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command task check-ci-images'
         pass_filenames: false
         files: ^(ci/main\.go|\.fvmrc)$
-      - id: dagger-versions-aligned
-        name: verify Dagger version is consistent across dagger.json, Dockerfile and DAGGER.md
-        language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && scripts/check_dagger_versions.sh'
-        pass_filenames: false
-        files: ^(ci/dagger\.json|\.forgejo/Dockerfile|DAGGER\.md)$

Dockerfile.dev

@@ -1,59 +0,0 @@
-# Development and Testing Container for SharedInbox
-# Replaces the Nix shell environment.
-FROM ghcr.io/cirruslabs/flutter:3.44.0
-
-# Install Linux desktop build and test dependencies, Go, NodeJS, python3, and utilities
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    clang \
-    cmake \
-    ninja-build \
-    pkg-config \
-    libgtk-3-dev \
-    liblzma-dev \
-    libsecret-1-dev \
-    libgcrypt20-dev \
-    libjsoncpp-dev \
-    sqlite3 \
-    iproute2 \
-    netcat-openbsd \
-    xvfb \
-    libosmesa6 \
-    libegl1 \
-    lld \
-    git \
-    curl \
-    jq \
-    python3-pip \
-    nodejs \
-    npm \
-    hugo \
-    lcov \
-    rsync \
-    openssh-client \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install Task runner
-RUN curl -fsSL https://taskfile.dev/install.sh \
-    | sh -s -- -b /usr/local/bin v3.48.0
-
-# Install Dagger CLI
-RUN curl -fsSL https://dl.dagger.io/dagger/install.sh \
-    | DAGGER_VERSION=0.20.8 BIN_DIR=/usr/local/bin sh
-
-# Install python packages (Play Store API clients + pre-commit)
-RUN pip install --break-system-packages --no-cache-dir \
-    google-api-python-client \
-    google-auth-httplib2 \
-    httplib2 \
-    pre-commit==4.5.1
-
-# Install acpx CLI globally
-RUN npm install -g acpx@0.10.0
-
-# Setup user "ci"
-RUN useradd -m -s /bin/bash ci
-USER ci
-ENV HOME=/home/ci
-ENV PATH=/home/ci/.pub-cache/bin:$PATH
-
-WORKDIR /src

ISSUE-539.md

@@ -0,0 +1,72 @@
+## Background
+
+The issue is real but the proposed mechanism (predicted-mail table + Message-ID match at next sync) is more complex than needed. Two IMAP facilities cover this directly:
+
+- **RFC 4315 / 6851 — `UIDPLUS` + `MOVE` response code `COPYUID`**: the server returns the destination UID(s) inline with the `MOVE` (or `COPY`+`EXPUNGE`) response. `enough_mail`'s `GenericImapResult.responseCodeCopyUid` already parses this (`/data/home/.pub-cache/hosted/pub.dev/enough_mail-2.1.7/lib/src/imap/response.dart:53`). Stalwart and every modern IMAP server advertise UIDPLUS. We currently throw this away — `client.uidMove(...)` is called for its side effect and the result is ignored (`lib/data/repositories/email_repository_impl.dart:2320,2335,2354`).
+- **Fallback — `UID SEARCH HEADER Message-ID …`**: bounded, deterministic, works on every IMAP server. Needed only when `responseCodeCopyUid` is missing.
+
+The undo path already attempts a Message-ID recovery (`lib/core/services/undo_service.dart:78-84`), and `findEmailByMessageId` exists (`lib/data/repositories/email_repository_impl.dart:1899`), so the building blocks are in place; we just need to remap on the write path instead of guessing on the read path.
+
+There is also a latent race: the row is optimistically moved (`mailbox_path = dest`) before the server flush, but the row still carries the source UID. If `_reconcileDeletedImap` runs against the **destination** mailbox between the optimistic write and the flush, it will not find that UID on the server and will hard-delete the row (`lib/data/repositories/email_repository_impl.dart:758-761`).
+
+## Goal
+
+After an IMAP move, the local email row keeps tracking the same physical message under its new UID, without orphaning, without re-fetching, and without breaking UndoLog references.
+
+## Concrete changes
+
+### 1. Capture the new UID inside the flush
+`lib/data/repositories/email_repository_impl.dart` — `_applyPendingChangeImap`, cases `move`, `snooze`, `unsnooze`:
+
+- Capture the `GenericImapResult` returned by `client.uidMove(...)`.
+- Read `result.responseCodeCopyUid`. If non-null, zip `sourceSequence` ↔ `targetSequence` to map `oldUid → newUid`.
+- If null (no UIDPLUS), look up the row's `messageId`. If present: `client.selectMailboxByPath(dest)` then `client.uidSearchMessages(searchCriteria: 'HEADER Message-ID "<id>"')` and take the highest UID. If `messageId` is also missing, log a warning and leave the row to be reconciled out on the next pass (worst case: cache miss, body refetch).
+- For each old/new pair, call a new helper `_remapEmailAfterMove(row, newUid, destPath)`.
+
+### 2. New helper `_remapEmailAfterMove` (same file)
+
+Composes `newId = "accountId:destPath:newUid"`, then in one Drift transaction:
+- `UPDATE email_bodies SET email_id = newId WHERE email_id = oldId`
+- `UPDATE emails SET id = newId, uid = newUid, mailbox_path = destPath WHERE id = oldId`
+- Patch any `threads.email_ids_json` containing `oldId` (reuse the JSON helper from the v41 migration path, or just rebuild affected threads via `_updateThread`).
+- `UPDATE pending_changes SET resource_id = newId WHERE resource_id = oldId` (in case multiple mutations are queued).
+- Call `UndoRepository.remapEmailId(oldId, newId)` (new method, see §3).
+
+`PRAGMA defer_foreign_keys = ON` for the transaction, mirroring the v41 migration pattern.
+
+### 3. UndoLog remap
+
+- `lib/data/repositories/undo_repository_impl.dart`: add `Future<void> remapEmailId(String oldId, String newId)` that loads each `undo_actions` row, rewrites `emailIds[]` entries equal to `oldId` and `originalEmails[].id` entries equal to `oldId`, and re-saves.
+- `lib/core/repositories/undo_repository.dart`: add the interface method.
+- Inject `UndoRepository` into `EmailRepositoryImpl` via DI (already a singleton in `lib/di.dart`) so `_remapEmailAfterMove` can call it.
+- The fallback path in `UndoService.undo` (the Message-ID lookup) becomes a defensive backstop and can stay as-is.
+
+### 4. Reconciliation guard
+
+`_reconcileDeletedImap` (`lib/data/repositories/email_repository_impl.dart:731`): before deleting a row whose UID is absent from the server, query `pending_changes` for a `move`/`snooze`/`unsnooze` row with `resource_id = row.id`. If one exists, skip the delete — the row is mid-flight. Since flush always runs before sync (`SYNC.md:199-200`) the race is narrow but real on retries when flush failed mid-cycle.
+
+### 5. Tests
+
+- `test/unit/fake_imap.dart`: make `uidMove` return a `GenericImapResult` whose `responseCode` is a configurable `"COPYUID <validity> <src> <dest>"` string; add a UIDPLUS-off mode that returns no response code and serves `uidSearchMessages` with a HEADER predicate.
+- New `test/unit/repositories/email_repository_move_test.dart`:
+  - Enqueue a move → flush → assert `emails`, `email_bodies`, `threads`, `pending_changes`, `undo_actions` all carry the new id.
+  - Same with UIDPLUS-off + HEADER-search fallback.
+  - Move with no Message-ID and no COPYUID → row is unchanged, warning logged, next reconciliation does not delete it because pending change is still queued.
+- New test in the same file: `_reconcileDeletedImap` skips a row that has a queued `move`.
+- Extend `test/integration/concurrent_sync_test.dart` (or sibling file) with a real Stalwart move-then-sync-then-undo cycle: assert the row keeps its body, the new UID matches what `UID SEARCH` returns, and undo restores it to the source mailbox.
+
+### 6. Docs
+
+- `SYNC.md` §3: note that IMAP moves remap the local id from the `COPYUID` response (UIDPLUS) or `UID SEARCH HEADER Message-ID` fallback, so `email_bodies` and `undo_actions` stay valid across moves.
+- `DB-SYNC.md` IMAP bullets: add "IMAP move remap: local row keeps its body/undo references via `COPYUID` (RFC 4315) or Message-ID header search."
+
+## Non-goals
+
+- No new "predicted mail" table — `COPYUID` + header search is reliable and stateless.
+- No change to JMAP moves (JMAP IDs are mailbox-independent).
+- No change to `uidValidity` handling — orthogonal.
+- No CONDSTORE/QRESYNC — already listed as future work in `DB-SYNC.md`.
+
+## Open question for review
+
+Should the fallback header-search be best-effort-quiet (current plan) or should it surface a `FailedMutation` when both `COPYUID` and `Message-ID` are missing? I lean quiet because the next full sync will still pull the message under its new UID — we'd just lose the cached body and any queued mutations on top of it. Happy to escalate to `FailedMutation` if you'd rather make the data loss visible.

Taskfile.yml

@@ -544,7 +544,7 @@ tasks:
       - sops exec-env secrets.enc.yaml 'bash scripts/build_android_bundle_local.sh'
 
   deploy-android-bundle:
-    desc: Build release AAB and upload to Play Store internal + closed-testing tracks (local/fvm)
+    desc: Build release AAB and upload to Play Store internal track (local/fvm)
     deps: [build-android-bundle-local]
     dotenv: [".env"]
     cmds:
@@ -712,11 +712,6 @@ tasks:
     cmds:
       - scripts/check_ci_images.sh
 
-  check-dagger-versions:
-    desc: Verify ci/dagger.json, flake.nix, .forgejo/Dockerfile and DAGGER.md pin the same Dagger version
-    cmds:
-      - scripts/check_dagger_versions.sh
-
   _integrations:
     internal: true
     run: once

ci/main.go

@@ -896,7 +896,7 @@ func withGoCache(c *dagger.Container) *dagger.Container {
 		WithEnvVariable("GOMODCACHE", "/home/ci/go/pkg/mod")
 }
 
-// UploadToPlayStore uploads a pre-built AAB to the Play Store internal and closed-testing (alpha) tracks.
+// UploadToPlayStore uploads a pre-built AAB to the Play Store internal track.
 func (m *Ci) UploadToPlayStore(
 	ctx context.Context,
 	aab *dagger.File,

flake.lock

@@ -0,0 +1,82 @@
+{
+  "nodes": {
+    "dagger": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1778107833,
+        "narHash": "sha256-q5XQep2mpgTPiWwuYB1+L2dsFeACT6sHx8J939iM+HE=",
+        "owner": "dagger",
+        "repo": "nix",
+        "rev": "873cc22ba46b73d4a6c1aa6c102ef3aabc736496",
+        "type": "github"
+      },
+      "original": {
+        "owner": "dagger",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1778737229,
+        "narHash": "sha256-6xWoytx8jFW4PF1GjRm/i/53trbpKGfz6zjzQGBr4cI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d7a713c0b7e47c908258e71cba7a2d77cc8d71d5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "dagger": "dagger",
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,164 @@
+{
+  description = "SharedInbox — IMAP/SMTP Flutter client";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    flake-utils.url = "github:numtide/flake-utils";
+    dagger.url = "github:dagger/nix";
+    dagger.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, dagger }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+
+        # All Linux desktop runtime libraries needed by flutter build linux and
+        # the UI integration tests (xvfb-run).  Kept as a list so we can reuse
+        # it for both buildInputs and LD_LIBRARY_PATH / PKG_CONFIG_PATH.
+        linuxDesktopLibs = with pkgs; [
+          gtk3
+          libsecret
+          fontconfig
+          libepoxy
+          mesa
+          libGL        # libglvnd — vendor-neutral GL/EGL/GLX dispatch layer
+          at-spi2-core
+          glib
+          pango
+          cairo
+          gdk-pixbuf
+          harfbuzz
+        # Dagger remote setup dependencies
+        stunnel
+        netcat
+        ];
+
+        fgj = pkgs.stdenv.mkDerivation {
+          pname = "fgj";
+          version = "0.4.0";
+          src = pkgs.fetchurl {
+            url = "https://codeberg.org/romaintb/fgj/releases/download/v0.4.0/fgj_linux_amd64";
+            sha256 = "07pia03facvvxq9i1dgl7p47ccv1iqj4drpkp45gvw26d4afkbj7";
+          };
+          dontUnpack = true;
+          installPhase = ''
+            mkdir -p $out/bin
+            cp $src $out/bin/fgj
+            chmod +x $out/bin/fgj
+          '';
+        };
+
+        # The dagger/nix flake pins 0.20.8, whose Nix wrapper is a broken self-exec
+        # loop.  Fetch 0.21.4 directly so the pre-commit dart-check hook can run.
+        dagger021 = pkgs.stdenv.mkDerivation {
+          pname = "dagger";
+          version = "0.21.4";
+          src = pkgs.fetchurl {
+            url = "https://dl.dagger.io/dagger/releases/0.21.4/dagger_v0.21.4_linux_amd64.tar.gz";
+            sha256 = "0wlnbr4g5069755131yjp2a6alacn64f1c8b27xn0cbynq3zicjd";
+          };
+          sourceRoot = ".";
+          installPhase = ''
+            mkdir -p $out/bin
+            cp dagger $out/bin/dagger
+            chmod +x $out/bin/dagger
+          '';
+        };
+      in {
+        devShells.default = pkgs.mkShell {
+          buildInputs = with pkgs; [
+            # Dagger CLI
+            dagger021
+
+            # Go compiler — for Dagger development
+            go
+
+            # Java JDK — required by Gradle for Android builds
+
+            # Task runner
+            go-task
+
+            # Flutter version manager — needed for host builds (task build-linux, task run)
+            fvm
+
+            # Git hooks
+            pre-commit
+
+            # Linux desktop build + runtime dependencies (flutter build linux / task run)
+          ] ++ linuxDesktopLibs ++ (with pkgs; [
+            pkg-config
+            clang
+            cmake
+            ninja
+
+            # Local IMAP/SMTP dev server for integration tests
+            stalwart-mail
+
+            # Headless display for UI integration tests
+            xvfb-run          # wraps Xvfb; xvfb-run --auto-servernum ...
+
+            # Coverage merging (flutter test --merge-coverage requires lcov)
+            lcov
+
+            # Website
+            hugo
+
+            # Utilities
+            git
+            curl
+            jq
+            sqlite
+            # python3 base + Google Play API client (for scripts/deploy_playstore.py)
+            (python3.withPackages (ps: with ps; [
+              google-api-python-client
+              google-auth-httplib2
+              httplib2
+            ]))  # used by stalwart-dev/start and deploy_playstore.py
+            fgj      # Codeberg/Forgejo CLI (like gh for GitHub)
+            skopeo   # inspect OCI image manifests without pulling layers (used by check-ci-images)
+            librsvg  # rsvg-convert — SVG→PNG for generate-icons task
+          ]);
+
+          shellHook = ''
+            # nix develop --command does not set IN_NIX_SHELL; set it so _preflight passes in CI
+            export IN_NIX_SHELL=1
+
+            # Point Dagger client at the running engine socket
+            export DAGGER_HOST=unix:///run/dagger/engine.sock
+
+            # Disable Flutter telemetry inside dev shell
+            export FLUTTER_SUPPRESS_ANALYTICS=true
+
+            # Expose dev headers to cmake's FindPkgConfig.
+            # The nix pkg-config wrapper works in bash but cmake invokes pkg-config
+            # as a subprocess and needs PKG_CONFIG_PATH set explicitly.
+            export PKG_CONFIG_PATH="${pkgs.gtk3.dev}/lib/pkgconfig:${pkgs.glib.dev}/lib/pkgconfig:${pkgs.pango.dev}/lib/pkgconfig:${pkgs.cairo.dev}/lib/pkgconfig:${pkgs.gdk-pixbuf.dev}/lib/pkgconfig:${pkgs.at-spi2-core.dev}/lib/pkgconfig:${pkgs.harfbuzz.dev}/lib/pkgconfig:${pkgs.libsecret}/lib/pkgconfig:${pkgs.fontconfig.dev}/lib/pkgconfig:${pkgs.libepoxy}/lib/pkgconfig:$PKG_CONFIG_PATH"
+
+            # Nix ld uses --no-copy-dt-needed-entries (strict mode): transitive shared-lib
+            # deps are not followed automatically, so link them explicitly.
+            export LDFLAGS="-L${pkgs.fontconfig.lib}/lib -lfontconfig $LDFLAGS"
+
+            # Make nix-built runtime libs visible to the dynamic linker so the
+            # Flutter Linux bundle and integration-ui tests can run.
+            export LD_LIBRARY_PATH="${pkgs.lib.makeLibraryPath linuxDesktopLibs}:$LD_LIBRARY_PATH"
+
+            # Wire the libglvnd dispatch to the nix mesa vendor ICDs so GTK/Flutter
+            # can create an OpenGL (EGL + GLX) context under Xvfb without a real GPU.
+            export __EGL_VENDOR_LIBRARY_DIRS="${pkgs.mesa}/share/glvnd/egl_vendor.d"
+            export __GLX_VENDOR_LIBRARY_DIRS="${pkgs.mesa}/lib"
+            export LIBGL_ALWAYS_SOFTWARE=1
+            export MESA_LOADER_DRIVER_OVERRIDE=softpipe
+
+            echo "SharedInbox Flutter dev environment ready."
+            echo "  Analyze        : task analyze"
+            echo "  Unit tests     : task test"
+            echo "  Integration    : task integration"
+            echo "  All checks     : task check"
+            echo "  Run (Linux)    : task run"
+            echo "  Start Stalwart : stalwart-dev/start"
+          '';
+        };
+      }
+    );
+}

scripts/check_dagger_versions.sh

@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-# Verify that the Dagger version is consistent across the project.
-#
-# The Dagger CLI must speak the same protocol as the engine it talks to.  We
-# pin the version in four places (engine image in DAGGER.md, the CLI in
-# flake.nix, the CLI in the Forgejo runner Dockerfile, and the module
-# engineVersion in ci/dagger.json).  This script fails if any of them drift.
-set -euo pipefail
-
-ROOT=$(git rev-parse --show-toplevel)
-
-# ci/dagger.json — strip leading "v" for comparison.
-dagger_json=$(grep -oE '"engineVersion"[[:space:]]*:[[:space:]]*"[^"]+"' "$ROOT/ci/dagger.json" \
-  | sed -E 's/.*"v?([^"]+)"$/\1/')
-
-# .forgejo/Dockerfile — DAGGER_VERSION env on the install line.
-dockerfile=$(grep -oE 'DAGGER_VERSION=[0-9]+\.[0-9]+\.[0-9]+' "$ROOT/.forgejo/Dockerfile" \
-  | head -n1 \
-  | cut -d= -f2)
-
-# DAGGER.md — engine image tag in the example systemd unit.
-dagger_md=$(grep -oE 'dagger/nix/v[0-9]+\.[0-9]+\.[0-9]+' "$ROOT/DAGGER.md" \
-  | head -n1 \
-  | sed -E 's@.*/v@@')
-
-printf 'ci/dagger.json    engineVersion = v%s\n' "$dagger_json"
-printf '.forgejo/Dockerf. DAGGER_VERSION= %s\n'  "$dockerfile"
-printf 'DAGGER.md         engine tag    = v%s\n' "$dagger_md"
-
-for v in "$dockerfile" "$dagger_md"; do
-  if [ -z "$v" ]; then
-    echo "ERROR: failed to parse a Dagger version reference." >&2
-    exit 1
-  fi
-  if [ "$v" != "$dagger_json" ]; then
-    echo "" >&2
-    echo "ERROR: Dagger versions are out of sync." >&2
-    echo "  Align ci/dagger.json, .forgejo/Dockerfile and DAGGER.md to the same version." >&2
-    exit 1
-  fi
-done
-
-echo "Dagger versions aligned (v$dagger_json)."

scripts/deploy_playstore.py

@@ -1,11 +1,5 @@
 #!/usr/bin/env python3
-"""Upload an Android App Bundle to the Google Play Store.
-
-The bundle is published to every track in ``TRACKS`` within a single Play edit,
-so internal testing and closed testing share the same version code. ``alpha``
-is what the Play Console labels "Closed testing"; publishing there removes the
-need to manually drag-and-drop the AAB into the closed-testing release form.
-"""
+"""Upload an Android App Bundle to the Google Play Store internal track."""
 
 import json
 import os
@@ -17,7 +11,7 @@ from google.oauth2 import service_account
 
 PACKAGE_NAME = "de.sharedinbox.mua"
 AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
-TRACKS = ("internal", "alpha")
+TRACK = "internal"
 _BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
 _UPLOAD_BASE = "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications"
 _MAX_UPLOAD_ATTEMPTS = 3
@@ -100,20 +94,19 @@ def main():
     version_code = bundle["versionCode"]
     print(f"Uploaded AAB, version code: {version_code}")
 
-    for track in TRACKS:
-        track_resp = session.put(
-            f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{track}",
-            json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
-            timeout=30,
-        )
-        track_resp.raise_for_status()
+    track_resp = session.put(
+        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
+        json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
+        timeout=30,
+    )
+    track_resp.raise_for_status()
 
     commit_resp = session.post(
         f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}:commit",
         timeout=30,
     )
     commit_resp.raise_for_status()
-    print(f"Deployed version {version_code} to tracks: {', '.join(TRACKS)}")
+    print(f"Deployed version {version_code} to {TRACK} track")
 
 
 if __name__ == "__main__":

scripts/test_deploy_playstore.py

@@ -95,30 +95,6 @@ class TestMainHappyPath(unittest.TestCase):
         track_call = session.put.call_args_list[0]
         self.assertIn("/tracks/", track_call[0][0])
 
-    def test_updates_all_configured_tracks(self):
-        session = self._run_main()
-        track_urls = [c[0][0] for c in session.put.call_args_list]
-        self.assertEqual(len(track_urls), len(deploy_playstore.TRACKS))
-        for track in deploy_playstore.TRACKS:
-            self.assertTrue(
-                any(url.endswith(f"/tracks/{track}") for url in track_urls),
-                f"no PUT to /tracks/{track} (saw {track_urls})",
-            )
-
-    def test_commits_after_all_track_updates(self):
-        session = self._run_main()
-        # All PUTs are track updates; commit is the second POST after the
-        # initial edit-create. Verify PUTs precede the commit by checking
-        # mock_calls order across both methods.
-        method_order = [c[0] for c in session.method_calls]
-        commit_idx = next(
-            i for i, m in enumerate(method_order)
-            if m == "post" and ":commit" in session.method_calls[i][1][0]
-        )
-        put_indices = [i for i, m in enumerate(method_order) if m == "put"]
-        self.assertEqual(len(put_indices), len(deploy_playstore.TRACKS))
-        self.assertTrue(all(i < commit_idx for i in put_indices))
-
 
 class TestUploadRetry(unittest.TestCase):
     def _run_main(self, upload_side_effects, sleep_mock=None):