fix: disable Save button when no password available, fix changelog fetch-depth (#246 , #229 )

- Disable Save button (alongside Try connection) when no stored password and password field is empty, making both buttons consistent (#246) - Update deploy-apk and build-linux CI jobs to use fetch-depth: 100 so generate-changelog produces a full 50-entry log, matching deploy-playstore (#229) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: disable Try connection button when no password is available (#235 ) (#247 )
2026-05-25 14:42:46 +02:00 · 2026-05-25 14:30:13 +02:00 · 2026-05-25 13:00:44 +02:00 · 2026-05-25 12:49:29 +02:00 · 2026-05-25 12:49:29 +02:00 · 2026-05-25 12:48:45 +02:00
46 changed files with 2233 additions and 315 deletions
@@ -3,7 +3,41 @@ name: CI
 on:
  push:
    branches: [main]
    paths:
      - 'lib/**'
      - 'test/**'
      - 'integration_test/**'
      - 'android/**'
      - 'linux/**'
      - 'assets/**'
      - '!assets/changelog.txt'
      - 'pubspec.yaml'
      - 'pubspec.lock'
      - 'analysis_options.yaml'
      - 'scripts/**'
      - 'stalwart-dev/**'
      - 'ci/**'
      - 'Taskfile.yml'
      - 'drift_schemas/**'
      - '.forgejo/workflows/ci.yml'
  pull_request:
    paths:
      - 'lib/**'
      - 'test/**'
      - 'integration_test/**'
      - 'android/**'
      - 'linux/**'
      - 'assets/**'
      - '!assets/changelog.txt'
      - 'pubspec.yaml'
      - 'pubspec.lock'
      - 'analysis_options.yaml'
      - 'scripts/**'
      - 'stalwart-dev/**'
      - 'ci/**'
      - 'Taskfile.yml'
      - 'drift_schemas/**'
      - '.forgejo/workflows/ci.yml'
 jobs:
  check:
@@ -30,11 +64,48 @@ jobs:
          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
        run: scripts/setup_dagger_remote.sh
      - name: Locate Docker daemon for local Dagger engine
        run: |
          # Skip if remote Dagger engine is already configured (preferred path)
          if [ -n "${_DAGGER_RUNNER_HOST:-}" ]; then
            echo "Remote Dagger engine configured, no local Docker needed."
            exit 0
          fi
          # Try host Docker socket (DooD) if runner mounts it
          if [ -S /var/run/docker.sock ]; then
            if DOCKER_HOST=unix:///var/run/docker.sock docker info >/dev/null 2>&1; then
              echo "Docker available via host socket."
              echo "DOCKER_HOST=unix:///var/run/docker.sock" >> "$GITHUB_ENV"
              exit 0
            fi
          fi
          echo "WARNING: No remote Dagger engine and no local Docker found." >&2
          echo "  - Remote engine: check DAGGER_STUNNEL_URL secret and that the host proxy is running." >&2
          echo "  - Local Docker: runner does not expose /var/run/docker.sock." >&2
          echo "CI will likely fail at the Dagger step." >&2
      - name: Prune Dagger cache before check
        env:
          DAGGER_NO_NAG: "1"
        # prune(maxUsedSpace) also reclaims named cache volumes (gradle-cache, go-build-cache, etc.)
        # when total cache exceeds the limit; without args only unreferenced entries are removed.
        run: |
          dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }' || true
      - name: Run Full Check Suite
        env:
          DAGGER_NO_NAG: "1"
        run: task check-dagger
      - name: Prune Dagger cache after check
        if: always()
        env:
          DAGGER_NO_NAG: "1"
        run: |
          dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }' || true
      - name: Cleanup TLS credentials
        if: always()
        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
@@ -6,15 +6,60 @@ on:
  workflow_dispatch:
 jobs:
-  test-android-firebase:
+  check-changes:
-    name: Android Instrumented Tests (Firebase Test Lab)
+    name: Detect Changed Files
    runs-on: ubuntu-latest
-    timeout-minutes: 60
+    timeout-minutes: 5
    outputs:
      android: ${{ steps.diff.outputs.android }}
      linux: ${{ steps.diff.outputs.linux }}
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 2
      - name: Detect Android and Linux changes
        id: diff
        shell: bash
        run: |
          # On workflow_dispatch always build everything
          if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
            echo "android=true" >> "$GITHUB_OUTPUT"
            echo "linux=true"   >> "$GITHUB_OUTPUT"
            exit 0
          fi
          # Diff the HEAD commit against its parent; fall back to listing HEAD's files
          # when the parent is unavailable (initial commit, shallow clone).
          CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null \
            || git show --name-only --format= HEAD)
          echo "Changed files:"
          echo "$CHANGED"
          android_re='^(android/|integration_test/|lib/|pubspec\.yaml|pubspec\.lock|drift_schemas/|scripts/deploy_playstore\.py)'
          linux_re='^(linux/|lib/|pubspec\.yaml|pubspec\.lock)'
          echo "$CHANGED" | grep -qE "$android_re" \
            && echo "android=true" >> "$GITHUB_OUTPUT" \
            || echo "android=false" >> "$GITHUB_OUTPUT"
          echo "$CHANGED" | grep -qE "$linux_re" \
            && echo "linux=true"   >> "$GITHUB_OUTPUT" \
            || echo "linux=false"  >> "$GITHUB_OUTPUT"
  test-android-firebase:
    name: Android Instrumented Tests (Firebase Test Lab)
    runs-on: ubuntu-latest
    timeout-minutes: 60
    needs: [check-changes]
    if: needs.check-changes.outputs.android == 'true'
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 1
      - name: Check runner tools
        run: |
@@ -31,6 +76,7 @@ jobs:
        run: scripts/setup_dagger_remote.sh
      - name: Run Android Tests on Firebase Test Lab
        if: ${{ secrets.FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY != '' }}
        env:
          FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY: ${{ secrets.FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY }}
          FIREBASE_PROJECT_ID: ${{ vars.FIREBASE_PROJECT_ID }}
@@ -45,11 +91,13 @@ jobs:
    name: Build & Deploy to Play Store
    runs-on: ubuntu-latest
    timeout-minutes: 60
    needs: [check-changes]
    if: needs.check-changes.outputs.android == 'true'
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 100
      - name: Check runner tools
        run: |
@@ -66,6 +114,7 @@ jobs:
        run: scripts/setup_dagger_remote.sh
      - name: Publish Android to Play Store
        if: ${{ secrets.PLAY_STORE_CONFIG_JSON != '' }}
        env:
          ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
@@ -73,14 +122,41 @@ jobs:
          DAGGER_NO_NAG: "1"
        run: task publish-android
      - name: Cleanup TLS credentials
        if: always()
        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
  deploy-apk:
    name: Build & Deploy APK to Server
    runs-on: ubuntu-latest
    timeout-minutes: 60
    needs: [check-changes]
    if: needs.check-changes.outputs.android == 'true'
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 100
      - name: Check runner tools
        run: |
          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
      - name: Setup Dagger Remote Engine (via stunnel)
        env:
          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
        run: scripts/setup_dagger_remote.sh
      - name: Build & Deploy APK to server
-        # continue-on-error: step requires SSH_PRIVATE_KEY secret; if unset the task
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        # precondition fails, but we don't want that to fail the whole job — the Play
        # Store publish above already succeeded.  The overall job stays green even
        # though this step shows as failed/orange in the UI.
        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
@@ -96,11 +172,13 @@ jobs:
    name: Build Linux Release
    runs-on: ubuntu-latest
    timeout-minutes: 60
    needs: [check-changes]
    if: needs.check-changes.outputs.linux == 'true'
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 100
      - name: Check runner tools
        run: |
@@ -117,14 +195,10 @@ jobs:
        run: scripts/setup_dagger_remote.sh
      - name: Build & Deploy Linux to server
-        # continue-on-error: step requires SSH_PRIVATE_KEY secret; if unset the task
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        # precondition fails, but the build step that precedes this (done via Dagger)
        # already succeeded.  Deployment is best-effort; a missing secret should not
        # turn the job red.  The step will show as failed/orange in the UI even though
        # the overall job is green — this is intentional.
        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          DAGGER_NO_NAG: "1"
@@ -137,16 +211,16 @@ jobs:
  publish-website:
    name: Publish Website Build History
    runs-on: ubuntu-latest
-    needs: [build-linux, deploy-playstore]
+    needs: [build-linux, deploy-playstore, deploy-apk]
    if: |
      always() &&
-      (needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success')
+      (needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success' || needs.deploy-apk.result == 'success')
    timeout-minutes: 60
    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 1
      - name: Check runner tools
        run: |
@@ -163,11 +237,10 @@ jobs:
        run: scripts/setup_dagger_remote.sh
      - name: Generate build history and deploy website
-        # continue-on-error: website publish is best-effort; a missing SSH_PRIVATE_KEY
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        # should not block the overall workflow status.
        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          DAGGER_NO_NAG: "1"
@@ -180,8 +253,14 @@ jobs:
  label-deploy-health:
    name: Update Deploy Health Label
    runs-on: ubuntu-latest
-    needs: [test-android-firebase, deploy-playstore, build-linux]
+    needs: [test-android-firebase, deploy-playstore, deploy-apk, build-linux]
-    if: always() && vars.DEPLOY_HEALTH_ISSUE != ''
+    if: |
      always() && vars.DEPLOY_HEALTH_ISSUE != '' && (
        needs.test-android-firebase.result == 'success' || needs.test-android-firebase.result == 'failure' ||
        needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'failure' ||
        needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'failure' ||
        needs.build-linux.result == 'success' || needs.build-linux.result == 'failure'
      )
    timeout-minutes: 5
    steps:
@@ -190,7 +269,7 @@ jobs:
          FORGEJO_TOKEN: ${{ github.token }}
          FORGEJO_URL: ${{ github.server_url }}
          DEPLOY_HEALTH_ISSUE: ${{ vars.DEPLOY_HEALTH_ISSUE }}
-          ALL_SUCCEEDED: ${{ needs.test-android-firebase.result == 'success' && needs.deploy-playstore.result == 'success' && needs.build-linux.result == 'success' }}
+          ALL_SUCCEEDED: ${{ (needs.test-android-firebase.result == 'success' || needs.test-android-firebase.result == 'skipped') && (needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'skipped') && (needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'skipped') && (needs.build-linux.result == 'success' || needs.build-linux.result == 'skipped') }}
        run: |
          python3 - << 'PYEOF'
          import os, json, urllib.request, urllib.error
@@ -0,0 +1,18 @@
 name: Monitor Agent Loop
 on:
  schedule:
    - cron: '0 */2 * * *'  # every 2 hours
  workflow_dispatch:
 jobs:
  monitor:
    name: Check Agent Loop Health
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - uses: actions/checkout@v4
      - name: Check agent loop heartbeat
        run: python3 scripts/agent_loop.py monitor
@@ -11,7 +11,6 @@ jobs:
    name: Build & Deploy Windows (Nightly)
    runs-on: windows-runner
    if: false
    continue-on-error: true
    steps:
      - uses: actions/checkout@v4
@@ -32,7 +31,6 @@ jobs:
      - name: Set up SSH key
        if: env.SKIP_BUILD != 'true'
        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
        run: |
@@ -42,7 +40,6 @@ jobs:
      - name: Deploy Windows to server
        if: env.SKIP_BUILD != 'true'
        continue-on-error: true
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
@@ -202,6 +202,8 @@ jobs:
          mkdir -p ~/.ssh
          printf '%s\n' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          printf '%s\n' "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
          chmod 644 ~/.ssh/known_hosts
      - name: Build Linux release
        run: |
@@ -215,20 +217,20 @@ jobs:
          REMOTE_DIR="public_html/builds/$DATE_PATH"
          TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
          tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-          ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+          ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-          scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+          scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
          DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
-          EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" \
+          EXISTING=$(ssh "$SSH_USER@$SSH_HOST" \
            "cat public_html/latest.json 2>/dev/null || echo '{}'")
          WINDOWS_URL=$(echo "$EXISTING" | \
            python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" \
            2>/dev/null || true)
          if [ -n "$WINDOWS_URL" ]; then
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          else
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          fi
      - name: Generate build history pages
@@ -244,6 +246,5 @@ jobs:
          rsync -avz --delete \
            --exclude='*.apk' \
            --exclude='*.tar.gz' \
            -e "ssh -o StrictHostKeyChecking=no" \
            website/public/ \
            "$SSH_USER@$SSH_HOST:public_html/"
@@ -28,7 +28,8 @@ android/.gradle/
 android/local.properties
 android/app/google-services.json
 android/key.properties
-android/app/src/main/java/io/flutter/plugins/
+# android/app/src/main/java/io/flutter/plugins/ intentionally tracked so that
 # GeneratedPluginRegistrant.java (catch Throwable) is committed and used by CI.
 .android/
 Android/
 .gradle/
@@ -10,9 +10,21 @@ CLI tool `fgj` is available to query issues/PRs/actions.
 We use issues, follow this label state machine:
- **State/Ready** — Issue is available to pick up
+- **State/ToPlan** — Issue needs a plan written by an agent before implementation
- **State/InProgress** — Set this when you start working on an issue
+- **State/Planned** — Plan has been posted as a comment; awaiting human review
- **State/Question** — Set this when you hit a blocker or need clarification
+- **State/Ready** — Issue is approved and ready for implementation
 - **State/InProgress** — Set while an agent (or human) is actively working
 - **State/Question** — Agent hit a blocker or needs clarification
 Full lifecycle:
 ```
 State/ToPlan → State/Planned   (automated: agent_loop.py runs a planning agent)
 State/Planned → State/Ready    (manual: human reviews the plan and approves)
 State/Ready → State/InProgress (automated: agent_loop.py before starting implementation)
 State/InProgress → closed      (automated: after PR is merged and CI passes)
 any state → State/Question     (automated or manual: when blocked)
 ```
 List open issues ready to pick up:
@@ -22,9 +34,11 @@ fgj issue list --json --state open | jq '[.[] | select(.labels[].name == "State/
 Rules:
- Never start work on an issue without `State/Ready`
+- Never start implementation on an issue without `State/Ready`
- When working via the agent loop: `State/Ready` → `State/InProgress` is set automatically
+- Planning agents only post a plan comment — they do NOT write code or open PRs
-  by `agent_loop.py` before the agent starts — do **not** set it yourself.
+- After `State/Planned`, a human must review the plan and manually add `State/Ready`
 - When working via the agent loop: label transitions are set automatically
  by `agent_loop.py` — do **not** set them yourself.
 - When working manually: switch to `State/InProgress` as your **first action**:
  ```bash
  fgj issue edit <NUMBER> --remove-label "State/Ready" --add-label "State/InProgress"
@@ -215,8 +215,10 @@ tasks:
    preconditions:
      - sh: test -n "$SSH_PRIVATE_KEY"
        msg: "SSH_PRIVATE_KEY is not set"
      - sh: test -n "$SSH_KNOWN_HOSTS"
        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
  build-android-bundle:
    desc: Build AAB via Dagger (cached, versionCode=1 placeholder) and export locally
@@ -236,6 +238,7 @@ tasks:
  publish-android:
    desc: Build cached AAB, stamp versionCode, sign, and publish to Play Store via Dagger
    deps: [generate-changelog]
    preconditions:
      - sh: test -n "$PLAY_STORE_CONFIG_JSON"
        msg: "PLAY_STORE_CONFIG_JSON is not set"
@@ -251,17 +254,24 @@ tasks:
    preconditions:
      - sh: test -n "$SSH_PRIVATE_KEY"
        msg: "SSH_PRIVATE_KEY is not set"
      - sh: test -n "$SSH_KNOWN_HOSTS"
        msg: "SSH_KNOWN_HOSTS is not set"
      - sh: test -n "$ANDROID_KEYSTORE_BASE64"
        msg: "ANDROID_KEYSTORE_BASE64 is not set"
      - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
        msg: "ANDROID_KEYSTORE_PASSWORD is not set"
    cmds:
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
  publish-website:
    desc: Build and publish website via Dagger
    preconditions:
      - sh: test -n "$SSH_PRIVATE_KEY"
        msg: "SSH_PRIVATE_KEY is not set"
      - sh: test -n "$SSH_KNOWN_HOSTS"
        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
-      - dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key file:$HOME/.ssh/id_ed25519 --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
+      - dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
  check-dagger:
    desc: Run full check suite via Dagger (with OTEL timing report if python3 is available)
@@ -284,8 +294,13 @@ tasks:
          for attempt in 1 2 3; do
            run_dagger "$@" && return 0
            RC=$?
-            if [ "$attempt" -lt 3 ] && grep -qE "connection reset|context canceled|connection refused" "$DAGGER_OUT"; then
+            if [ "$attempt" -lt 3 ] && grep -qE "connection reset|context canceled|connection refused|invalid return status code" "$DAGGER_OUT"; then
              echo "$(_ts) dagger: network error on attempt $attempt/3, retrying..." >&2
            elif [ "$attempt" -lt 3 ] && grep -q "No space left on device" "$DAGGER_OUT"; then
              echo "$(_ts) dagger: disk space error on attempt $attempt/3, pruning Dagger cache..." >&2
              dagger query '{ engine { localCache { prune(targetSpace: "20gb") } } }' 2>/dev/null || true
              echo "$(_ts) dagger: waiting 90s for freed space to settle..." >&2
              sleep 90
            else
              return "$RC"
            fi
@@ -315,6 +330,12 @@ tasks:
        wait "$RECV_PID" 2>/dev/null || true
        exit $RC
  dagger-prune:
    desc: Prune the Dagger engine cache (keeps named volumes unless total exceeds 75 GB, then targets 50 GB)
    cmds:
      - |
        dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }'
  integration-android:
    desc: UI integration tests on a connected Android emulator (Stalwart on host, emulator reaches it via 10.0.2.2)
    deps: [_preflight, _android-sdk-check, _android-avd-setup]
@@ -362,25 +383,29 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
      - sh: test -n "$SSH_KNOWN_HOSTS"
        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
        mkdir -p ~/.ssh
        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
        tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+        scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
        # Merge with any existing latest.json so we don't overwrite the windows key
-        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        WINDOWS_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" 2>/dev/null || true)
        if [ -n "$WINDOWS_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $TARBALL and updated latest.json"
@@ -405,24 +430,28 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
      - sh: test -n "$SSH_KNOWN_HOSTS"
        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
        mkdir -p ~/.ssh
        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        ZIPFILE="sharedinbox-windows-x64-$HASH.zip"
        cd build/windows/x64/runner && zip -r /tmp/$ZIPFILE Release/ && cd -
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
+        scp /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$ZIPFILE"
-        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        LINUX_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('linux',''))" 2>/dev/null || true)
        if [ -n "$LINUX_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$LINUX_URL\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $ZIPFILE and updated latest.json"
@@ -572,14 +601,18 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
      - sh: test -n "$SSH_KNOWN_HOSTS"
        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
        mkdir -p ~/.ssh
        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        APK_NAME="sharedinbox-mua-$HASH.apk"
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no \
+        scp \
          build/app/outputs/flutter-apk/app-release.apk \
          "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$APK_NAME"
        echo "Uploaded $APK_NAME to $REMOTE_DIR"
@@ -608,12 +641,16 @@ tasks:
  website-deploy:
    desc: Deploy the website via rsync to public_html
    deps: [website-build]
    preconditions:
      - sh: test -n "$SSH_KNOWN_HOSTS"
        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
        mkdir -p ~/.ssh
        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        rsync -avz --delete \
          --exclude='*.apk' \
          --exclude='*.tar.gz' \
          -e "ssh -o StrictHostKeyChecking=no" \
          website/public/ \
          ${SSH_USER}@${SSH_HOST}:public_html/
@@ -4,7 +4,6 @@ gradle-wrapper.jar
 /gradlew
 /gradlew.bat
 /local.properties
 GeneratedPluginRegistrant.java
 .cxx/
 # Remember to never publicly share your keystore.
@@ -0,0 +1,84 @@
 package io.flutter.plugins;
 import androidx.annotation.Keep;
 import androidx.annotation.NonNull;
 import io.flutter.Log;
 import io.flutter.embedding.engine.FlutterEngine;
 /**
 * Generated file. Do not edit.
 * This file is generated by the Flutter tool based on the
 * plugins that support the Android platform.
 */
@Keep
 public final class GeneratedPluginRegistrant {
  private static final String TAG = "GeneratedPluginRegistrant";
  public static void registerWith(@NonNull FlutterEngine flutterEngine) {
    try {
      flutterEngine.getPlugins().add(new com.mr.flutter.plugin.filepicker.FilePickerPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin file_picker, com.mr.flutter.plugin.filepicker.FilePickerPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new com.dexterous.flutterlocalnotifications.FlutterLocalNotificationsPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin flutter_local_notifications, com.dexterous.flutterlocalnotifications.FlutterLocalNotificationsPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new io.flutter.plugins.flutter_plugin_android_lifecycle.FlutterAndroidLifecyclePlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin flutter_plugin_android_lifecycle, io.flutter.plugins.flutter_plugin_android_lifecycle.FlutterAndroidLifecyclePlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin flutter_secure_storage, com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new dev.flutter.plugins.integration_test.IntegrationTestPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin integration_test, dev.flutter.plugins.integration_test.IntegrationTestPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new dev.steenbakker.mobile_scanner.MobileScannerPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin mobile_scanner, dev.steenbakker.mobile_scanner.MobileScannerPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new com.crazecoder.openfile.OpenFilePlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin open_filex, com.crazecoder.openfile.OpenFilePlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.packageinfo.PackageInfoPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin package_info_plus, dev.fluttercommunity.plus.packageinfo.PackageInfoPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new io.flutter.plugins.pathprovider.PathProviderPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin path_provider_android, io.flutter.plugins.pathprovider.PathProviderPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.share.SharePlusPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin share_plus, dev.fluttercommunity.plus.share.SharePlusPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new io.flutter.plugins.urllauncher.UrlLauncherPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin url_launcher_android, io.flutter.plugins.urllauncher.UrlLauncherPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new io.flutter.plugins.webviewflutter.WebViewFlutterPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin webview_flutter_android, io.flutter.plugins.webviewflutter.WebViewFlutterPlugin", e);
    }
    try {
      flutterEngine.getPlugins().add(new dev.fluttercommunity.workmanager.WorkmanagerPlugin());
    } catch (Exception e) {
      Log.e(TAG, "Error registering plugin workmanager_android, dev.fluttercommunity.workmanager.WorkmanagerPlugin", e);
    }
  }
 }
@@ -195,7 +195,8 @@ func (m *Ci) toolchain() *dagger.Container {
 		WithUser("ci").
 		WithExec([]string{"/bin/sh", "-c",
 			`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
-				`yes | sdkmanager "ndk;28.2.13676358" "cmake;3.22.1" "build-tools;35.0.0" "platforms;android-34" >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }`})
+				`yes | sdkmanager "ndk;28.2.13676358" "cmake;3.22.1" "build-tools;35.0.0" "platforms;android-34" >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }`}).
 		WithExec([]string{"flutter", "precache", "--linux", "--no-android", "--no-ios"})
 }
 // Base is the Flutter toolchain container with mutable cache mounts attached.
@@ -318,12 +319,13 @@ func (m *Ci) Hugo() *dagger.Container {
 }
 // Deploy container for rsync/ssh
-func (m *Ci) Deployer(sshKey *dagger.Secret) *dagger.Container {
+func (m *Ci) Deployer(sshKey *dagger.Secret, knownHosts *dagger.Secret) *dagger.Container {
 	return dag.Container().
 		From("alpine:3.21").
 		WithExec([]string{"apk", "--no-cache", "add", "rsync", "openssh-client", "python3", "tar"}).
 		WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
-		WithEnvVariable("RSYNC_RSH", "ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519")
+		WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
 		WithEnvVariable("RSYNC_RSH", "ssh -i /root/.ssh/id_ed25519")
 }
 // Stalwart mail server service for backend and integration tests.
@@ -514,6 +516,7 @@ func (m *Ci) Check(ctx context.Context) (string, error) {
 func (m *Ci) GenerateBuildHistory(
 	ctx context.Context,
 	sshKey *dagger.Secret,
 	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) *dagger.Directory {
@@ -525,7 +528,7 @@ func (m *Ci) GenerateBuildHistory(
 		From("python:3.12-alpine").
 		WithExec([]string{"apk", "add", "--no-cache", "openssh-client"}).
 		WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
-		WithExec([]string{"chmod", "700", "/root/.ssh"}).
+		WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
 		WithEnvVariable("SSH_USER", sshUser).
 		WithEnvVariable("SSH_HOST", sshHost).
 		WithDirectory("/src", scriptSource).
@@ -538,10 +541,11 @@ func (m *Ci) GenerateBuildHistory(
 func (m *Ci) BuildWebsite(
 	ctx context.Context,
 	sshKey *dagger.Secret,
 	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) *dagger.Directory {
-	buildHistory := m.GenerateBuildHistory(ctx, sshKey, sshUser, sshHost)
+	buildHistory := m.GenerateBuildHistory(ctx, sshKey, knownHosts, sshUser, sshHost)
 	websiteSource := m.Source.Filter(dagger.DirectoryFilterOpts{
 		Include: []string{"website/"},
@@ -558,12 +562,13 @@ func (m *Ci) BuildWebsite(
 func (m *Ci) PublishWebsite(
 	ctx context.Context,
 	sshKey *dagger.Secret,
 	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) (string, error) {
-	public := m.BuildWebsite(ctx, sshKey, sshUser, sshHost)
+	public := m.BuildWebsite(ctx, sshKey, knownHosts, sshUser, sshHost)
-	return m.Deployer(sshKey).
+	return m.Deployer(sshKey, knownHosts).
 		WithDirectory("/public", public).
 		WithExec([]string{"rsync", "-avz", "--delete",
 			"--exclude=*.apk", "--exclude=*.tar.gz",
@@ -589,6 +594,7 @@ func (m *Ci) BuildLinuxRelease() *dagger.Directory {
 func (m *Ci) DeployLinux(
 	ctx context.Context,
 	sshKey *dagger.Secret,
 	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 	commitHash string,
@@ -599,11 +605,11 @@ func (m *Ci) DeployLinux(
 	remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
 	tarball := fmt.Sprintf("sharedinbox-linux-amd64-%s.tar.gz", commitHash)
-	return m.Deployer(sshKey).
+	return m.Deployer(sshKey, knownHosts).
 		WithDirectory("/bundle", bundle).
 		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("tar -czf /tmp/%s -C /bundle .", tarball)}).
-		WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
+		WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
-		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
+		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
 		Stdout(ctx)
 }
@@ -626,6 +632,7 @@ func (m *Ci) BuildAndroidApk(keystoreBase64 *dagger.Secret, keystorePassword *da
 func (m *Ci) DeployApk(
 	ctx context.Context,
 	sshKey *dagger.Secret,
 	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 	commitHash string,
@@ -639,10 +646,10 @@ func (m *Ci) DeployApk(
 	remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
 	apkName := fmt.Sprintf("sharedinbox-mua-%s.apk", commitHash)
-	return m.Deployer(sshKey).
+	return m.Deployer(sshKey, knownHosts).
 		WithFile("/tmp/app.apk", apk).
-		WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
+		WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
-		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
+		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
 		Stdout(ctx)
 }
@@ -739,7 +746,7 @@ func (m *Ci) UploadToPlayStore(
 		From("python:3.12-alpine").
 		WithExec([]string{"apk", "add", "--no-cache", "curl"}).
 		WithMountedCache("/root/.cache/pip", dag.CacheVolume("pip-cache")).
-		WithExec([]string{"pip", "install", "requests", "google-auth"}).
+		WithExec([]string{"pip", "install", "google-auth", "requests"}).
 		WithFile("/src/build/app/outputs/bundle/release/app-release.aab", aab).
 		WithFile("/src/scripts/deploy_playstore.py", scriptSource.File("scripts/deploy_playstore.py")).
 		WithSecretVariable("PLAY_STORE_CONFIG_JSON", playStoreConfig).
@@ -804,7 +811,7 @@ func (m *Ci) Graph() string {
 ` + "```" + `mermaid
 flowchart TD
    subgraph dagger ["Dagger · Check pipeline"]
-        toolchain["toolchain\nflutter:3.41.6 + NDK + apt"]
+        toolchain["toolchain\nflutter:3.41.6 + NDK + apt + precache"]
        pubGet["pubGetLayer\nflutter pub get"]
        codegen["codegenBase\nbuild_runner build\n(shared cache)"]
        stalwart(["Stalwart service\nIMAP · JMAP · SMTP · Sieve"])
@@ -835,16 +842,25 @@ flowchart TD
        integration --> check
    end
-    subgraph forgejo ["Codeberg CI · .forgejo/workflows/ci.yml"]
+    subgraph forgejo_ci ["Codeberg CI · ci.yml (push/PR, source paths only)"]
        ciCheck["check"]
-        buildLinux["build-linux\n(main only)"]
+    end
        deployPS["deploy-playstore\n(main only)"]
        pubWeb["publish-website\n(main only)"]
-        ciCheck --> buildLinux
+    subgraph forgejo_deploy ["Codeberg CI · deploy.yml (hourly schedule + workflow_dispatch)"]
-        ciCheck --> deployPS
+        detectChanges["check-changes\ndetect android / linux diff"]
        buildLinux["build-linux\n(linux changed)"]
        deployPS["deploy-playstore\n(android changed)"]
        deployApk["deploy-apk\n(android changed)"]
        fbTest["test-android-firebase\n(android changed)"]
        pubWeb["publish-website\n(any build succeeded)"]
        detectChanges --> buildLinux
        detectChanges --> deployPS
        detectChanges --> deployApk
        detectChanges --> fbTest
        buildLinux  --> pubWeb
        deployPS    --> pubWeb
        deployApk   --> pubWeb
    end
    check -- "task check-dagger" --> ciCheck
@@ -13,7 +13,7 @@ export SSH_PRIVATE_KEY=$(cat "$HOME/.ssh/id_ed25519")
 # Add nix profile and nix store tools (task, dagger) to PATH
 export PATH="$HOME/.nix-profile/bin:$PATH"
-for pkg in "*go-task-*/bin/task" "*dagger-*/bin/dagger"; do
+for pkg in "*go-task-*/bin/task" "*dagger-*/bin/dagger" "*fgj-*/bin/fgj"; do
    bin=$(ls -d /nix/store/$pkg 2>/dev/null | sort -V | tail -1)
    [ -n "$bin" ] && export PATH="$(dirname "$bin"):$PATH"
 done
@@ -94,8 +94,9 @@
            sqlite
            # python3 base + Google Play API client (for scripts/deploy_playstore.py)
            (python3.withPackages (ps: with ps; [
-              google-auth
+              google-api-python-client
-              requests
+              google-auth-httplib2
              httplib2
            ]))  # used by stalwart-dev/start and deploy_playstore.py
            fgj      # Codeberg/Forgejo CLI (like gh for GitHub)
          ]);
@@ -4,38 +4,39 @@ import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
 import 'package:sharedinbox/di.dart';
-class UndoService extends StateNotifier<List<UndoAction>> {
+class UndoService extends Notifier<List<UndoAction>> {
  UndoService(this._ref) : super([]);
  final Ref _ref;
  static const int _maxHistory = 10;
-  // Resolves once init() has loaded persisted history. Default to an already-
+  // Resolves once build() has loaded persisted history.
-  // resolved future so operations are safe even if init() is never called.
+  late Future<void> _ready;
  Future<void> _ready = Future.value();
-  Future<void> init() async {
+  @override
-    _ready = _ref.read(undoRepositoryProvider).getHistory().then((history) {
+  List<UndoAction> build() {
-      if (mounted) state = history;
+    _ready = ref.read(undoRepositoryProvider).getHistory().then((history) {
      if (ref.mounted) state = history;
    });
-    await _ready;
+    return [];
  }
  /// Waits for the persisted history to finish loading. Called by tests to
  /// ensure the provider is ready before asserting state.
  Future<void> init() => _ready;
  Future<void> pushAction(UndoAction action) async {
    await _ready;
    final newList = [...state, action];
    if (newList.length > _maxHistory) {
      final removed = newList.removeAt(0);
-      await _ref.read(undoRepositoryProvider).deleteAction(removed.id);
+      await ref.read(undoRepositoryProvider).deleteAction(removed.id);
    }
    state = newList;
-    await _ref.read(undoRepositoryProvider).saveAction(action);
+    await ref.read(undoRepositoryProvider).saveAction(action);
  }
  Future<void> clear() async {
    await _ready;
    state = [];
-    unawaited(_ref.read(undoRepositoryProvider).clearHistory());
+    unawaited(ref.read(undoRepositoryProvider).clearHistory());
  }
  Future<void> undo({String? actionId}) async {
@@ -57,7 +58,7 @@ class UndoService extends StateNotifier<List<UndoAction>> {
    // happened and retry if the undo failed (e.g. after an IMAP sync reverted
    // the local change). The inverse action added below allows undoing the undo.
-    final repo = _ref.read(emailRepositoryProvider);
+    final repo = ref.read(emailRepositoryProvider);
    for (final id in action.emailIds) {
      // 1. Try to cancel the original change (if not started yet).
@@ -1,6 +1,7 @@
 import 'dart:async';
 import 'package:enough_mail/enough_mail.dart' as imap;
 import 'package:flutter/services.dart' show MissingPluginException;
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/models/email.dart' show SyncEmailsResult;
 import 'package:sharedinbox/core/repositories/account_repository.dart';
@@ -294,6 +295,7 @@ class _AccountSync implements _SyncLoop {
  bool _isPermanentError(Object e) {
    if (isTlsConfigError(e)) return true;
    if (e is MissingPluginException) return true;
    final s = e.toString().toLowerCase();
    // enough_mail doesn't always have typed exceptions for auth, so we check strings.
    return s.contains('invalid credentials') ||
@@ -546,6 +548,7 @@ class _JmapAccountSync implements _SyncLoop {
  bool _isPermanentError(Object e) {
    if (isTlsConfigError(e)) return true;
    if (e is MissingPluginException) return true;
    final s = e.toString().toLowerCase();
    return s.contains('invalid credentials') ||
        s.contains('authentication failed') ||
@@ -6,6 +6,7 @@ import 'package:drift/drift.dart';
 import 'package:drift/native.dart';
 import 'package:enough_mail/enough_mail.dart' as imap;
 import 'package:flutter/services.dart';
 import 'package:flutter/widgets.dart';
 import 'package:path/path.dart' as p;
 import 'package:path_provider/path_provider.dart';
@@ -24,6 +25,9 @@ const _kResourceType = 'background_check';
@pragma('vm:entry-point')
 void callbackDispatcher() {
  // Required so that path_provider and other plugins are available in this
  // background isolate (issue #192).
  WidgetsFlutterBinding.ensureInitialized();
  Workmanager().executeTask((_, __) async {
    try {
      await _doBackgroundSync();
@@ -609,6 +609,17 @@ Future<String> _resolveDatabasePath() async {
      await Future<void>.delayed(Duration(milliseconds: ms));
    }
  }
  // On Android, path_provider can be permanently broken on some devices
  // regardless of how long we wait (issue #192).  Derive the path from
  // /proc/self/cmdline (the Android process name == package name) without
  // a platform channel as a last resort so the app can still open its DB.
  if (Platform.isAndroid) {
    final fallback = await _androidFallbackPath();
    if (fallback != null) {
      _dbPath = fallback;
      return _dbPath!;
    }
  }
  throw PlatformException(
    code: 'channel-error',
    message: 'path_provider unavailable after ${delays.length + 1} attempts — '
@@ -616,6 +627,45 @@ Future<String> _resolveDatabasePath() async {
  );
 }
 // Reads /proc/self/cmdline to extract the Android package name, then
 // constructs the standard app files-dir path without a platform channel.
 // Returns null when the path cannot be determined or created.
 Future<String?> _androidFallbackPath() async {
  try {
    final bytes = await File('/proc/self/cmdline').readAsBytes();
    final end = bytes.indexOf(0);
    final packageName = String.fromCharCodes(
      end >= 0 ? bytes.sublist(0, end) : bytes,
    ).trim();
    // A valid Android package name contains dots but not slashes.
    if (packageName.isEmpty ||
        !packageName.contains('.') ||
        packageName.contains('/')) {
      return null;
    }
    for (final base in [
      '/data/user/0/$packageName/files',
      '/data/data/$packageName/files',
    ]) {
      try {
        await Directory(base).create(recursive: true);
        return p.join(base, 'sharedinbox.db');
      } catch (_) {
        continue;
      }
    }
    return null;
  } catch (_) {
    return null;
  }
 }
 // These functions are only called from unit tests (database_path_test.dart).
 // They expose internals that cannot be reached via the public API.
 Future<String> resolveDatabasePathForTesting() => _resolveDatabasePath();
 void resetDatabasePathForTesting() => _dbPath = null;
 Future<String?> androidFallbackPathForTesting() => _androidFallbackPath();
 LazyDatabase _openConnection() {
  return LazyDatabase(() async {
    final file = File(await _resolveDatabasePath());
@@ -11,6 +11,7 @@ import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
 import 'package:sharedinbox/core/repositories/search_history_repository.dart';
 import 'package:sharedinbox/core/repositories/share_key_repository.dart';
 import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
 import 'package:sharedinbox/core/repositories/undo_repository.dart';
 import 'package:sharedinbox/core/services/account_discovery_service.dart';
 import 'package:sharedinbox/core/services/connection_test_service.dart';
@@ -101,7 +102,7 @@ final searchHistoryRepositoryProvider =
  return SearchHistoryRepositoryImpl(ref.watch(dbProvider));
 });
-final syncLogRepositoryProvider = Provider((ref) {
+final syncLogRepositoryProvider = Provider<SyncLogRepository>((ref) {
  return SyncLogRepositoryImpl(ref.watch(dbProvider));
 });
@@ -181,11 +182,7 @@ final manageSieveProbeServiceProvider = Provider<ManageSieveProbeService>((
 });
 final undoServiceProvider =
-    StateNotifierProvider<UndoService, List<UndoAction>>((ref) {
+    NotifierProvider<UndoService, List<UndoAction>>(UndoService.new);
  final service = UndoService(ref);
  unawaited(service.init());
  return service;
 });
 /// Loads email header + body and marks the email as seen.
 /// Owned by [EmailDetailScreen]; decouples data loading from the widget tree.
@@ -194,16 +191,18 @@ final emailDetailProvider = AsyncNotifierProvider.autoDispose
  EmailDetailNotifier.new,
 );
-class EmailDetailNotifier
+class EmailDetailNotifier extends AsyncNotifier<(Email?, EmailBody)> {
-    extends AutoDisposeFamilyAsyncNotifier<(Email?, EmailBody), String> {
+  EmailDetailNotifier(this._emailId);
  final String _emailId;
  @override
-  Future<(Email?, EmailBody)> build(String emailId) async {
+  Future<(Email?, EmailBody)> build() async {
    final repo = ref.read(emailRepositoryProvider);
    final results = await Future.wait([
-      repo.getEmail(emailId),
+      repo.getEmail(_emailId),
-      repo.getEmailBody(emailId),
+      repo.getEmailBody(_emailId),
    ]);
-    unawaited(repo.setFlag(emailId, seen: true));
+    unawaited(repo.setFlag(_emailId, seen: true));
    return (results[0] as Email?, results[1] as EmailBody);
  }
 }
@@ -3,6 +3,7 @@ import 'dart:io';
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:sharedinbox/core/services/notification_service.dart';
 import 'package:sharedinbox/core/sync/background_sync.dart';
@@ -47,10 +47,14 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    final osName = _capitalize(Platform.operatingSystem);
    final isDark = MediaQuery.of(context).platformBrightness == Brightness.dark;
-    return '## sharedinbox.de\n\n'
+    final gitCommitLine = _gitHash.isNotEmpty
        ? '| Git Commit | [$_gitHash](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash) |\n'
        : '';
    return '## [sharedinbox.de](https://sharedinbox.de)\n\n'
        '| Property | Value |\n'
        '|----------|-------|\n'
        '| App Version | $versionDisplay |\n'
        '$gitCommitLine'
        '| Platform | ${Platform.operatingSystem} |\n'
        '| $osName Version | ${Platform.operatingSystemVersion} |\n'
        '| Resolution | ${physW}x$physH px'
@@ -91,6 +95,30 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    }
  }
  Future<void> _launchUrl(BuildContext context, Uri url) async {
    try {
      final launched =
          await launchUrl(url, mode: LaunchMode.externalApplication);
      if (!launched && context.mounted) {
        ScaffoldMessenger.of(context).showSnackBar(
          const SnackBar(
            duration: Duration(seconds: 5),
            content: Text('Could not open browser.'),
          ),
        );
      }
    } catch (e) {
      if (context.mounted) {
        ScaffoldMessenger.of(context).showSnackBar(
          SnackBar(
            duration: const Duration(seconds: 5),
            content: Text('Error: $e'),
          ),
        );
      }
    }
  }
  Future<void> _createIssue(
    BuildContext context,
    int imapCount,
@@ -163,10 +191,7 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
                      onTapLink: (text, href, title) {
                        if (href != null) {
                          unawaited(
-                            launchUrl(
+                            _launchUrl(context, Uri.parse(href)),
                              Uri.parse(href),
                              mode: LaunchMode.externalApplication,
                            ),
                          );
                        }
                      },
@@ -32,11 +32,15 @@ enum _Step { generatingKey, showingPubKey, scanning, importing, done, error }
 class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
  _Step _step = _Step.generatingKey;
  ShareKeyMaterial? _keyMaterial;
  DateTime? _keyExpiresAt;
  String? _pubKeyQr;
  String? _errorMessage;
  bool _scannerActive = false;
  MobileScannerController? _scannerController;
  // True when the scanner plugin fails to initialise at runtime (e.g.
  // MissingPluginException on some Android builds).
  bool _scannerFailed = false;
  @override
  void initState() {
@@ -61,6 +65,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
      );
      setState(() {
        _keyMaterial = material;
        _keyExpiresAt = DateTime.now().toUtc().add(const Duration(minutes: 20));
        _pubKeyQr = qr;
        _step = _Step.showingPubKey;
      });
@@ -76,8 +81,37 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
    setState(() {
      _step = _Step.scanning;
      _scannerActive = true;
      _scannerController = MobileScannerController();
    });
    if (_cameraScanSupported()) {
      unawaited(_initScanner());
    }
  }
  // Pre-flight: probe the scanner's permission-state method to verify the
  // plugin is registered.  MissingPluginException is thrown on Android builds
  // where the plugin is not linked (issue #204).  All other exceptions mean
  // the plugin exists but something else failed — the MobileScanner widget
  // will surface those via its own error builder.
  Future<void> _initScanner() async {
    bool available = false;
    try {
      await const MethodChannel(
        'dev.steenbakker.mobile_scanner/scanner/method',
      ).invokeMethod<int>('state');
      available = true;
    } on MissingPluginException {
      // Plugin not registered on this device; text fallback will be shown.
    } catch (_) {
      // Plugin registered but state check failed; let the scanner widget
      // handle it via its errorBuilder.
      available = true;
    }
    if (!mounted) return;
    if (available) {
      setState(() => _scannerController = MobileScannerController());
    } else {
      setState(() => _scannerFailed = true);
    }
  }
  Future<void> _onScanned(String rawValue) async {
@@ -244,7 +278,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
            },
          ),
          const SizedBox(height: 8),
-          const _ExpiryHint(),
+          _ExpiryHint(expiresAt: _keyExpiresAt!),
          const SizedBox(height: 32),
          if (_errorMessage != null) ...[
            Text(
@@ -266,11 +300,14 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
  }
  Widget _buildScannerView(BuildContext context) {
-    // On platforms where the camera scanner is not available (Linux desktop),
+    // Fall back to text input when the platform has no camera support or when
-    // fall back to a text-input field.
+    // the scanner plugin fails to initialise at runtime (MissingPluginException).
-    if (!_cameraScanSupported()) {
+    if (!_cameraScanSupported() || _scannerFailed) {
      return _buildTextFallbackView(context);
    }
    if (_scannerController == null) {
      return const Center(child: CircularProgressIndicator());
    }
    return Stack(
      children: [
@@ -371,8 +408,37 @@ bool _cameraScanSupported() =>
    Platform.isMacOS ||
    Platform.isWindows;
-class _ExpiryHint extends StatelessWidget {
+class _ExpiryHint extends StatefulWidget {
-  const _ExpiryHint();
+  const _ExpiryHint({required this.expiresAt});
  final DateTime expiresAt;
  @override
  State<_ExpiryHint> createState() => _ExpiryHintState();
 }
 class _ExpiryHintState extends State<_ExpiryHint> {
  late Timer _timer;
  @override
  void initState() {
    super.initState();
    _timer = Timer.periodic(const Duration(seconds: 1), (_) => setState(() {}));
  }
  @override
  void dispose() {
    _timer.cancel();
    super.dispose();
  }
  String _formatRemaining() {
    final remaining = widget.expiresAt.difference(DateTime.now().toUtc());
    if (remaining.isNegative) return 'expired';
    final minutes = remaining.inMinutes;
    final seconds = remaining.inSeconds % 60;
    return '${minutes.toString().padLeft(2, '0')}:${seconds.toString().padLeft(2, '0')}';
  }
  @override
  Widget build(BuildContext context) {
@@ -382,7 +448,7 @@ class _ExpiryHint extends StatelessWidget {
        Icon(Icons.timer_outlined, size: 14, color: Colors.grey[600]),
        const SizedBox(width: 4),
        Text(
-          'This key expires in 20 minutes',
+          'This key expires in ${_formatRemaining()}',
          style: TextStyle(fontSize: 12, color: Colors.grey[600]),
        ),
      ],
@@ -45,12 +45,42 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
  bool _scannerActive = true;
  MobileScannerController? _scannerController;
  // True when the scanner plugin fails to initialise at runtime (e.g.
  // MissingPluginException on some Android builds).
  bool _scannerFailed = false;
  @override
  void initState() {
    super.initState();
    if (_cameraScanSupported()) {
-      _scannerController = MobileScannerController();
+      unawaited(_initScanner());
    }
  }
  // Pre-flight: probe the scanner's permission-state method to verify the
  // plugin is registered.  MissingPluginException is thrown on Android builds
  // where the plugin is not linked (issue #204).  All other exceptions mean
  // the plugin exists but something else failed — the MobileScanner widget
  // will surface those via its own error builder.
  Future<void> _initScanner() async {
    bool available = false;
    try {
      await const MethodChannel(
        'dev.steenbakker.mobile_scanner/scanner/method',
      ).invokeMethod<int>('state');
      available = true;
    } on MissingPluginException {
      // Plugin not registered on this device; text fallback will be shown.
    } catch (_) {
      // Plugin registered but state check failed; let the scanner widget
      // handle it via its errorBuilder.
      available = true;
    }
    if (!mounted) return;
    if (available) {
      setState(() => _scannerController = MobileScannerController());
    } else {
      setState(() => _scannerFailed = true);
    }
  }
@@ -178,9 +208,12 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
  }
  Widget _buildScanStep(BuildContext context) {
-    if (!_cameraScanSupported()) {
+    if (!_cameraScanSupported() || _scannerFailed) {
      return _buildTextFallbackView(context);
    }
    if (_scannerController == null) {
      return const Center(child: CircularProgressIndicator());
    }
    return Stack(
      children: [
@@ -1,7 +1,6 @@
 import 'dart:async';
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart' show rootBundle;
 import 'package:flutter_markdown_plus/flutter_markdown_plus.dart';
 import 'package:url_launcher/url_launcher.dart';
@@ -13,7 +12,8 @@ class ChangeLogScreen extends StatelessWidget {
    return Scaffold(
      appBar: AppBar(title: const Text('ChangeLog')),
      body: FutureBuilder<String>(
-        future: rootBundle.loadString('assets/changelog.txt'),
+        future:
            DefaultAssetBundle.of(context).loadString('assets/changelog.txt'),
        builder: (context, snapshot) {
          if (snapshot.connectionState == ConnectionState.waiting) {
            return const Center(child: CircularProgressIndicator());
@@ -1,5 +1,6 @@
 import 'dart:io';
 import 'package:flutter/foundation.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
 import 'package:package_info_plus/package_info_plus.dart';
@@ -10,27 +11,45 @@ class CrashScreen extends StatelessWidget {
    super.key,
    required this.exception,
    required this.stackTrace,
    this.gitHash = const String.fromEnvironment('GIT_HASH'),
  });
  final Object exception;
  final StackTrace? stackTrace;
  final String gitHash;
-  static const _gitHash = String.fromEnvironment('GIT_HASH');
+  String get _buildMode {
    if (kDebugMode) return 'debug';
    if (kProfileMode) return 'profile';
    return 'release';
  }
-  Future<String> _buildReport() async {
+  Future<String> _fetchVersion() async {
    String version = 'unknown';
    try {
      final info = await PackageInfo.fromPlatform();
-      version = '${info.version}+${info.buildNumber}';
+      return '${info.version}+${info.buildNumber}';
-    } catch (_) {}
+    } catch (_) {
      return 'unknown';
    }
  }
  Future<String> _buildReport() async {
    final version = await _fetchVersion();
    final platform =
        '${Platform.operatingSystem} ${Platform.operatingSystemVersion}';
-    final gitLine = _gitHash.isNotEmpty
+    final versionDisplay = gitHash.isNotEmpty
-        ? 'Git Commit: [$_gitHash](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash)\n'
+        ? '[$version](https://codeberg.org/guettli/sharedinbox/commit/$gitHash)'
        : version;
    final gitLine = gitHash.isNotEmpty
        ? 'Git Commit: [$gitHash](https://codeberg.org/guettli/sharedinbox/commit/$gitHash)\n'
        : '';
-    return 'App Version: $version\n'
+    final timestamp = DateTime.now().toUtc().toIso8601String();
    return 'App Version: $versionDisplay\n'
        'Build Mode: $_buildMode\n'
        '$gitLine'
-        'Platform: $platform\n\n'
+        'Platform: $platform\n'
        'Dart: ${Platform.version}\n'
        'Timestamp: $timestamp\n\n'
        'Error:\n```\n$exception\n```\n\n'
        'Stack Trace:\n```\n$stackTrace\n```';
  }
@@ -56,13 +75,69 @@ class CrashScreen extends StatelessWidget {
                  style: Theme.of(ctx).textTheme.titleMedium,
                  textAlign: TextAlign.center,
                ),
-                if (_gitHash.isNotEmpty) ...[
+                const SizedBox(height: 4),
-                  const SizedBox(height: 8),
+                FutureBuilder<String>(
-                  const Text(
+                  future: _fetchVersion(),
-                    'Git Commit: $_gitHash',
+                  builder: (context, snapshot) => Text(
-                    style: TextStyle(fontSize: 12, color: Colors.grey),
+                    'v${snapshot.data ?? '…'}  •  $_buildMode  •  '
                    '${Platform.operatingSystem} ${Platform.operatingSystemVersion}',
                    style: Theme.of(context).textTheme.bodySmall?.copyWith(
                          color: Colors.grey[600],
                        ),
                    textAlign: TextAlign.center,
                  ),
                ),
                if (gitHash.isNotEmpty) ...[
                  const SizedBox(height: 8),
                  FutureBuilder<PackageInfo>(
                    future: PackageInfo.fromPlatform(),
                    builder: (_, snapshot) {
                      if (!snapshot.hasData) return const SizedBox.shrink();
                      final version =
                          '${snapshot.data!.version}+${snapshot.data!.buildNumber}';
                      return GestureDetector(
                        onTap: () async {
                          final url = Uri.parse(
                            'https://codeberg.org/guettli/sharedinbox/commit/$gitHash',
                          );
                          await launchUrl(
                            url,
                            mode: LaunchMode.externalApplication,
                          );
                        },
                        child: Text(
                          'App Version: $version',
                          style: const TextStyle(
                            fontSize: 12,
                            color: Colors.blue,
                            decoration: TextDecoration.underline,
                          ),
                          textAlign: TextAlign.center,
                        ),
                      );
                    },
                  ),
                  const SizedBox(height: 4),
                  GestureDetector(
                    onTap: () async {
                      final url = Uri.parse(
                        'https://codeberg.org/guettli/sharedinbox/commit/$gitHash',
                      );
                      await launchUrl(
                        url,
                        mode: LaunchMode.externalApplication,
                      );
                    },
                    child: Text(
                      'Git Commit: $gitHash',
                      style: const TextStyle(
                        fontSize: 12,
                        color: Colors.blue,
                        decoration: TextDecoration.underline,
                      ),
                      textAlign: TextAlign.center,
                    ),
                  ),
                ],
                const SizedBox(height: 24),
                const Text(
@@ -106,32 +181,6 @@ class CrashScreen extends StatelessWidget {
                    ),
                  ),
                ],
                if (_gitHash.isNotEmpty) ...[
                  const SizedBox(height: 16),
                  const Text(
                    'Git Commit:',
                    style: TextStyle(fontWeight: FontWeight.bold),
                  ),
                  const SizedBox(height: 4),
                  GestureDetector(
                    onTap: () async {
                      final url = Uri.parse(
                        'https://codeberg.org/guettli/sharedinbox/commit/$_gitHash',
                      );
                      await launchUrl(
                        url,
                        mode: LaunchMode.externalApplication,
                      );
                    },
                    child: const Text(
                      _gitHash,
                      style: TextStyle(
                        color: Colors.blue,
                        decoration: TextDecoration.underline,
                      ),
                    ),
                  ),
                ],
                const SizedBox(height: 24),
                FilledButton.icon(
                  onPressed: () async {
@@ -38,6 +38,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
  var _sieveSsl = true;
  var _verbose = false;
  final _jmapUrlCtrl = TextEditingController();
  bool _hasStoredPassword = false;
  // -- "Try connection" state ------------------------------------------------
  bool _tryTesting = false;
@@ -50,6 +51,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
    _smtpHostCtrl.addListener(_rebuild);
    _sieveHostCtrl.addListener(_rebuild);
    _imapHostCtrl.addListener(_rebuild);
    _passwordCtrl.addListener(_rebuild);
    unawaited(_load());
  }
@@ -63,6 +65,11 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
      context.pop();
      return;
    }
    try {
      await repo.getPassword(account.id);
      _hasStoredPassword = true;
    } catch (_) {}
    if (!mounted) return;
    _account = account;
    _displayNameCtrl.text = account.displayName;
    _usernameCtrl.text = account.username;
@@ -84,6 +91,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
    _smtpHostCtrl.removeListener(_rebuild);
    _sieveHostCtrl.removeListener(_rebuild);
    _imapHostCtrl.removeListener(_rebuild);
    _passwordCtrl.removeListener(_rebuild);
    for (final c in [
      _displayNameCtrl,
      _usernameCtrl,
@@ -267,10 +275,12 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
            ),
            _field(
              _passwordCtrl,
-              'New password (leave blank to keep)',
+              _hasStoredPassword
                  ? 'New password (leave blank to keep)'
                  : 'Password',
              key: const Key('editPasswordField'),
              obscure: true,
-              required: false,
+              required: !_hasStoredPassword,
            ),
            if (account.type == AccountType.jmap) ...[
              const Divider(height: 32),
@@ -345,10 +355,17 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
              testing: _tryTesting,
              okMessage: _tryOk,
              errorMessage: _tryErr,
-              onPressed: _tryConnection,
+              onPressed: _hasStoredPassword || _passwordCtrl.text.isNotEmpty
                  ? _tryConnection
                  : null,
            ),
            const SizedBox(height: 8),
-            FilledButton(onPressed: _save, child: const Text('Save')),
+            FilledButton(
              onPressed: _hasStoredPassword || _passwordCtrl.text.isNotEmpty
                  ? _save
                  : null,
              child: const Text('Save'),
            ),
          ],
        ),
      ),
@@ -43,15 +43,15 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    ref.listen<AsyncValue<(Email?, EmailBody)>>(
      emailDetailProvider(widget.emailId),
      (_, next) {
-        final email = next.valueOrNull?.$1;
+        final email = next.value?.$1;
        if (email != null && mounted) {
          setState(() => _isFlagged = email.isFlagged);
        }
      },
    );
-    final header = detail.valueOrNull?.$1;
+    final header = detail.value?.$1;
-    final body = detail.valueOrNull?.$2;
+    final body = detail.value?.$2;
    final isMobile = defaultTargetPlatform == TargetPlatform.android ||
        defaultTargetPlatform == TargetPlatform.iOS;
@@ -261,9 +261,9 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
  Widget _buildSyncButton(EmailRepository emailRepo) {
    final isSyncing =
-        ref.watch(isSyncingProvider(widget.accountId)).valueOrNull ?? false;
+        ref.watch(isSyncingProvider(widget.accountId)).value ?? false;
    final hasError =
-        ref.watch(syncLastErrorProvider(widget.accountId)).valueOrNull != null;
+        ref.watch(syncLastErrorProvider(widget.accountId)).value != null;
    return IconButton(
      tooltip: isSyncing
          ? 'Syncing…'
@@ -350,7 +350,7 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
  Widget _buildSyncErrorBanner() {
    final errorAsync = ref.watch(syncLastErrorProvider(widget.accountId));
-    final error = errorAsync.valueOrNull;
+    final error = errorAsync.value;
    if (error == null || error == _dismissedError) {
      return const SizedBox.shrink();
    }
@@ -415,10 +415,10 @@ packages:
    dependency: "direct main"
    description:
      name: flutter_riverpod
-      sha256: "9532ee6db4a943a1ed8383072a2e3eeda041db5657cdf6d2acecf3c21ecbe7e1"
+      sha256: "4e166be88e1dbbaa34a280bdb744aeae73b7ef25fdf8db7a3bb776760a3648e2"
      url: "https://pub.dev"
    source: hosted
-    version: "2.6.1"
+    version: "3.3.1"
  flutter_secure_storage:
    dependency: "direct main"
    description:
@@ -891,10 +891,10 @@ packages:
    dependency: transitive
    description:
      name: riverpod
-      sha256: "59062512288d3056b2321804332a13ffdd1bf16df70dcc8e506e411280a72959"
+      sha256: "8c22216be8ad3ef2b44af3a329693558c98eca7b8bd4ef495c92db0bba279f83"
      url: "https://pub.dev"
    source: hosted
-    version: "2.6.1"
+    version: "3.2.1"
  share_plus:
    dependency: "direct main"
    description:
@@ -1117,13 +1117,13 @@ packages:
    source: hosted
    version: "6.3.2"
  url_launcher_android:
-    dependency: transitive
+    dependency: "direct overridden"
    description:
      name: url_launcher_android
-      sha256: "17bc677f0b301615530dd1d67e0a9828cafa2d0b6b6eae4cd3679b7eac4a273c"
+      sha256: "5c8b6c2d89a78f5a1cca70a73d9d5f86c701b36b42f9c9dac7bad592113c28e9"
      url: "https://pub.dev"
    source: hosted
-    version: "6.3.30"
+    version: "6.3.24"
  url_launcher_ios:
    dependency: transitive
    description:
@@ -24,7 +24,7 @@ dependencies:
  path: ^1.9.1
  # State management
-  flutter_riverpod: ^2.6.1
+  flutter_riverpod: ^3.0.0
  # Navigation
  go_router: ^17.2.3
@@ -89,3 +89,7 @@ dependency_overrides:
  # (SIGSEGV in libdartjni.so FindClassUnchecked). Pin to 2.2.20 which uses
  # stable Pigeon and is known to work reliably.
  path_provider_android: ">=2.2.0 <2.2.21"
  # url_launcher_android 6.3.25 updated to Pigeon 26, which causes a
  # channel-error on launchUrl on some Android devices (same root cause as
  # path_provider_android). Pin to <6.3.25 which uses stable Pigeon.
  url_launcher_android: ">=6.3.0 <6.3.25"
@@ -8,18 +8,25 @@ Flow
   a. Age > 1 h  → kill it, set its issue to State/Question, exit 1
   b. Age ≤ 1 h  → print status, exit 0  (let it keep working)
 2. No agent running → extract pending_issue from state (if any), then check CI
-   a. CI is running         → save pending-ci state, exit 0
+   a. pending_issue type=="plan" → post resume comment, set State/Planned, exit 0
-   b. Latest CI failed      → start fix-CI agent (preserving pending_issue), exit 0
+   b. pending_issue + open PR → check PR branch CI, merge/fix/wait as needed
-   c. CI ok + pending_issue → close the issue (CI passed), exit 0
+   c. Catch-up: orphaned issue-N-fix PRs with passing CI → merge them
-   d. CI ok (or no run yet) → find oldest Ready issue, start issue agent,
+   d. Main CI running         → save pending-ci state, exit 0
-                              save state, exit 0
+   e. Main CI failed          → start fix-CI agent (pushes fix to main), exit 0
-   e. No Ready issues       → print "nothing to do", exit 0
+   f. Main CI ok + pending_issue → close the issue, exit 0  (dead code path —
                                   section 2b always returns first)
   g. Main CI ok (or no run yet) → find oldest ToPlan issue, start plan agent,
                                   save state, exit 0
   h. No ToPlan issues        → find oldest Ready issue, start issue agent,
                                   save state, exit 0
   i. No Ready issues         → print "nothing to do", exit 0
 Issue agents must NOT close the issue themselves; the loop closes it after CI passes.
 Plan agents must NOT write any code or create PRs; they only post a plan comment.
 State file: ~/.sharedinbox-agent-state.json
  { "pid": 12345, "issue": 91,
-    "started_at": "2026-05-15T12:00:00+00:00", "type": "issue" }
+    "started_at": "2026-05-15T12:00:00+00:00", "type": "issue|plan|ci-fix|pending-ci" }
 Output is written to ~/.sharedinbox-agent-logs/<session>-<timestamp>.log.
 To resume the Claude conversation, look up the session UUID first:
@@ -31,6 +38,7 @@ To resume the Claude conversation, look up the session UUID first:
 import argparse
 import json
 import os
 import re
 import shlex
 import subprocess
 import sys
@@ -49,7 +57,9 @@ os.environ["PATH"] = (
 REPO = "guettli/sharedinbox"
 REPO_URL = f"https://codeberg.org/{REPO}"
 STATE_FILE = Path.home() / ".sharedinbox-agent-state.json"
 HEARTBEAT_FILE = Path.home() / ".sharedinbox-agent-heartbeat"
 MAX_AGENT_AGE_SECONDS = 3600  # 1 hour
 MAX_HEARTBEAT_AGE_SECONDS = 7200  # 2 hours
 CLAUDE_PROJECTS_DIR = Path.home() / ".claude" / "projects" / (
    "-" + str(Path.home())[1:].replace("/", "-")
 )
@@ -59,6 +69,8 @@ LABEL_READY = "State/Ready"
 LABEL_IN_PROGRESS = "State/InProgress"
 LABEL_QUESTION = "State/Question"
 LABEL_PRIO_HIGH = "Prio/High"
 LABEL_TO_PLAN = "State/ToPlan"
 LABEL_PLANNED = "State/Planned"
 # Only pick up issues filed by these accounts.
 ALLOWED_ISSUE_AUTHORS = {"guettli", "guettlibot", "guettlibot2"}
@@ -141,10 +153,41 @@ def _ready_issues() -> list[dict]:
    return ready
-def _latest_ci_run() -> dict | None:
+def _to_plan_issues() -> list[dict]:
-    data = _tea_get(f"repos/{REPO}/actions/runs?limit=1")
+    """Return open issues with State/ToPlan, Prio/High first, then oldest."""
    result = subprocess.run(
        ["fgj", "--hostname", "codeberg.org", "issue", "list",
         "--repo", REPO, "--state", "open", "--json"],
        capture_output=True, text=True, check=True,
    )
    data = json.loads(result.stdout) if result.stdout.strip() else []
    to_plan = [
        i for i in data
        if any(lbl["name"] == LABEL_TO_PLAN for lbl in i.get("labels", []))
        and i.get("user", {}).get("login", "") in ALLOWED_ISSUE_AUTHORS
    ]
    to_plan.sort(key=lambda i: (
        0 if any(lbl["name"] == LABEL_PRIO_HIGH for lbl in i.get("labels", [])) else 1,
        i["number"],
    ))
    return to_plan
 def _latest_main_ci_run() -> dict | None:
    """Return the latest ci.yml run on the main branch.
    Forgejo reports scheduled/dispatch workflows (e.g. deploy.yml) with
    event=push and prettyref=main, so filtering by event alone is not enough.
    We also require workflow_id == "ci.yml".
    """
    data = _tea_get(f"repos/{REPO}/actions/runs?limit=20")
    runs = (data or {}).get("workflow_runs", [])
-    return runs[0] if runs else None
+    for run in runs:
        if (run.get("event") == "push"
                and run.get("prettyref") == "main"
                and run.get("workflow_id") == "ci.yml"):
            return run
    return None
 def _latest_ci_run_for_branch(branch: str) -> dict | None:
@@ -164,7 +207,7 @@ def _latest_ci_run_for_branch(branch: str) -> dict | None:
                    return run
            except (json.JSONDecodeError, AttributeError):
                pass
-        else:
+        elif run.get("event") == "push":
            if run.get("prettyref") == branch:
                return run
    return None
@@ -188,6 +231,48 @@ def _find_pr_for_branch(branch: str, state: str = "open") -> dict | None:
    return None
 def _open_issue_prs() -> list[dict]:
    """Return all open PRs with issue-{N}-fix branches, oldest-first."""
    result = subprocess.run(
        ["fgj", "--hostname", "codeberg.org", "pr", "list",
         "--repo", REPO, "--state", "open", "--json"],
        capture_output=True, text=True,
    )
    if result.returncode != 0 or not result.stdout.strip():
        return []
    prs = json.loads(result.stdout)
    issue_prs = []
    for pr in prs:
        head = pr.get("head", {})
        ref = head.get("ref") or head.get("label", "").split(":")[-1]
        if re.match(r"^issue-\d+-fix$", ref or ""):
            issue_prs.append(pr)
    issue_prs.sort(key=lambda p: p["number"])
    return issue_prs
 def _latest_ci_run_for_pr(pr_number: int) -> dict | None:
    """Return the latest CI run triggered by a pull_request event for the given PR number."""
    data = _tea_get(f"repos/{REPO}/actions/runs?event=pull_request&limit=50")
    runs = (data or {}).get("workflow_runs", [])
    for run in runs:
        try:
            payload = json.loads(run.get("event_payload", "{}"))
            if payload.get("pull_request", {}).get("number") == pr_number:
                return run
        except (json.JSONDecodeError, AttributeError):
            pass
    return None
 def _get_issue_labels(issue: int) -> list[str]:
    """Return label names for an issue."""
    data = _tea_get(f"repos/{REPO}/issues/{issue}")
    if not data:
        return []
    return [lbl["name"] for lbl in data.get("labels", [])]
 def _merge_pr(pr_number: int) -> None:
    """Squash-merge a PR via fgj."""
    _fgj("pr", "merge", str(pr_number), "--repo", REPO, "--merge-method", "squash")
@@ -226,6 +311,12 @@ def _clear_state() -> None:
    STATE_FILE.unlink(missing_ok=True)
 def _update_heartbeat() -> None:
    """Record that the agent loop ran right now."""
    HEARTBEAT_FILE.write_text(datetime.now(timezone.utc).isoformat())
    HEARTBEAT_FILE.chmod(0o600)
 def _find_session_uuid(session_name: str) -> str | None:
    """Return the Claude session UUID for *session_name*, or None if not found.
@@ -298,6 +389,15 @@ def _agent_alive(state: dict) -> bool:
        return True
 def _is_claude_process(pid: int) -> bool:
    """Return True if pid's comm name indicates it is a claude/node process."""
    try:
        comm = Path(f"/proc/{pid}/comm").read_text().strip()
        return comm in ("claude", "node")
    except OSError:
        return False
 def _agent_age_seconds(state: dict) -> float:
    """Seconds elapsed since the agent was launched, from the state file timestamp."""
    try:
@@ -332,11 +432,13 @@ def _git_summary() -> str:
 def _kill_agent(state: dict) -> None:
    """Forcefully stop the running agent."""
    pid = state.get("pid")
-    if pid:
+    if pid and _is_claude_process(pid):
        try:
            os.kill(pid, 9)
        except ProcessLookupError:
            pass
    elif pid:
        print(f"WARNING: pid {pid} is not a claude process — skipping kill to avoid hitting recycled PID")
 # ── subcommands ───────────────────────────────────────────────────────────────
@@ -384,12 +486,44 @@ def cmd_list() -> int:
    return 0
 # ── monitor subcommand ────────────────────────────────────────────────────────
 def cmd_monitor() -> int:
    """Check that the agent loop has run within the last 2 hours.
    Exits 0 if healthy, 1 if the heartbeat is missing or stale.
    Intended to be called from a scheduled CI job or cron every 2 hours.
    """
    if not HEARTBEAT_FILE.exists():
        print(
            f"WARNING: Agent loop heartbeat file missing — "
            f"the loop may not have run yet or the file was deleted ({HEARTBEAT_FILE})."
        )
        return 1
    try:
        last_run = datetime.fromisoformat(HEARTBEAT_FILE.read_text().strip())
    except ValueError:
        print(f"WARNING: Agent loop heartbeat file is corrupted: {HEARTBEAT_FILE}")
        return 1
    age = (datetime.now(timezone.utc) - last_run).total_seconds()
    if age > MAX_HEARTBEAT_AGE_SECONDS:
        print(
            f"WARNING: Agent loop last ran {age / 3600:.1f}h ago "
            f"(limit: {MAX_HEARTBEAT_AGE_SECONDS // 3600}h) — the loop may be stalled."
        )
        return 1
    print(f"Agent loop is healthy. Last run: {age / 60:.0f} min ago.")
    return 0
 # ── main flow ─────────────────────────────────────────────────────────────────
 def _run_loop() -> int:
    now = datetime.now(timezone.utc)
    print(f"---------------------- Starting {now.strftime('%Y-%m-%d %H:%MZ')}")
    _update_heartbeat()
    state = _read_state()
@@ -444,13 +578,29 @@ def _run_loop() -> int:
    # Agent not running (or no state) — extract any pending issue, then clean up.
    pending_issue: int | None = None
    pending_type: str | None = None
    ci_run_id_at_start: int | None = None
    if state:
        pending_issue = state.get("issue")
        pending_type = state.get("type")
        ci_run_id_at_start = state.get("ci_run_id_at_start")
        _clear_state()
-    # ── 2. Check for a PR opened by the agent ────────────────────────────────
+    # ── 2a. Finished planning agent ───────────────────────────────────────────
    if pending_issue and pending_type == "plan":
        session_name = f"plan-issue-{pending_issue}"
        uuid = _find_session_uuid(session_name)
        if uuid:
            resume_cmd = f"claude --resume {shlex.quote(uuid)}"
            _comment_issue(
                pending_issue,
                f"Planning complete. To resume this session:\n\n```\n{resume_cmd}\n```",
            )
        _set_labels(pending_issue, add=[LABEL_PLANNED], remove=[LABEL_IN_PROGRESS])
        print(f"Planning done for {_issue_url(pending_issue)} — set State/Planned.")
        return 0
    # ── 2b. Check for a PR opened by the agent ───────────────────────────────
    if pending_issue:
        branch = f"issue-{pending_issue}-fix"
        pr = _find_pr_for_branch(branch)
@@ -474,6 +624,9 @@ def _run_loop() -> int:
                    "Fetch the CI logs using the task ci-logs command or the Codeberg API. "
                    "Identify the failure, fix it, commit, and push to the same branch. "
                    "Do NOT push to main, do NOT close the issue, do NOT merge the PR. "
                    "Do NOT reference any issue numbers in commit messages "
                    "(no 'closes #N', 'fixes #N', or similar) — auto-closing the wrong "
                    "issue via a commit message would be a bug. "
                    "Verify locally with 'task check' before pushing. "
                    "When done, stop."
                )
@@ -512,7 +665,25 @@ def _run_loop() -> int:
            # CI passed on the PR branch — squash-merge and close.
            print(f"CI passed {_ci_run_url(pr_run['id'])} on branch {branch!r} — merging PR #{pr_number}.")
-            _merge_pr(pr_number)
+            try:
                _merge_pr(pr_number)
            except RuntimeError as e:
                print(f"Merge of PR #{pr_number} failed: {e} — setting to State/Question.")
                _set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
                _comment_issue(
                    pending_issue,
                    f"Automatic merge of PR #{pr_number} failed: {e}. Please merge manually.",
                )
                return 0
            if _find_pr_for_branch(branch):
                print(f"PR #{pr_number} is still open after merge attempt — setting to State/Question.")
                _set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
                _comment_issue(
                    pending_issue,
                    f"Automatic merge of PR #{pr_number} failed (PR is still open after the "
                    "merge command). Please merge manually.",
                )
                return 0
            _close_issue(pending_issue)
            print(f"Merged PR #{pr_number} and closed {_issue_url(pending_issue)}.")
            return 0
@@ -538,8 +709,62 @@ def _run_loop() -> int:
        )
        return 0
-    # ── 3. Global CI check (agent pushed to main, or no pending issue) ────────
+    # ── 2b. Catch-up: scan open issue-N-fix PRs orphaned by a cleared state ─────
-    run = _latest_ci_run()
+    # This handles PRs whose CI has passed but were never merged because the
    # state file was cleared (loop restart, killed agent, manual intervention).
    open_prs = _open_issue_prs()
    for pr in open_prs:
        pr_number = pr["number"]
        pr_url = f"{REPO_URL}/pulls/{pr_number}"
        head = pr.get("head", {})
        branch = head.get("ref") or head.get("label", "").split(":")[-1]
        m = re.match(r"^issue-(\d+)-fix$", branch or "")
        issue_num = int(m.group(1)) if m else None
        pr_run = _latest_ci_run_for_pr(pr_number)
        if pr_run and pr_run.get("status") == "running":
            print(f"Catch-up: CI {_ci_run_url(pr_run['id'])} on PR #{pr_number} still running. Waiting.")
            _write_state(None, issue_num, "pending-ci")
            return 0
        if pr_run and pr_run.get("status") in ("failure", "error"):
            print(f"Catch-up: CI {_ci_run_url(pr_run['id'])} on PR #{pr_number} failed — skipping.")
            continue
        if pr_run and pr_run.get("status") == "success":
            if issue_num and LABEL_QUESTION in _get_issue_labels(issue_num):
                print(f"Catch-up: PR #{pr_number} — issue #{issue_num} is State/Question, skipping.")
                continue
            print(f"Catch-up: CI passed on PR #{pr_number} ({pr_url}) — merging.")
            try:
                _merge_pr(pr_number)
            except RuntimeError as e:
                print(f"Catch-up: merge of PR #{pr_number} failed: {e} — skipping.")
                continue
            # Verify the merge actually happened; fgj can exit 0 without merging
            # (e.g. branch-protection rules not satisfied).
            if _find_pr_for_branch(branch):
                print(
                    f"Catch-up: PR #{pr_number} is still open after merge attempt "
                    "— skipping to avoid infinite retry."
                )
                if issue_num:
                    _set_labels(issue_num, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
                    _comment_issue(
                        issue_num,
                        f"Automatic merge of PR #{pr_number} failed (PR is still open "
                        "after the merge command). Please merge manually.",
                    )
                continue
            if issue_num:
                _close_issue(issue_num)
                print(f"Merged PR #{pr_number} and closed issue #{issue_num}.")
            else:
                print(f"Merged PR #{pr_number}.")
            return 0
    # ── 3. Global CI check (main branch only) ────────────────────────────────
    run = _latest_main_ci_run()
    if run and run.get("status") == "running":
        print(f"CI run {_ci_run_url(run['id'])} is still running. Waiting.")
@@ -548,17 +773,39 @@ def _run_loop() -> int:
        return 0
    if run and run.get("status") in ("failure", "error"):
        # Guard: if the same main CI run has been failing since the last ci-fix
        # agent started, that agent pushed to a branch instead of main.  Before
        # spawning another agent, check whether any CI run is currently in
        # progress (the branch run) and wait if so.
        if ci_run_id_at_start is not None and run["id"] == ci_run_id_at_start:
            check = _tea_get(f"repos/{REPO}/actions/runs?limit=5")
            in_flight = [
                r for r in (check or {}).get("workflow_runs", [])
                if r.get("status") == "running"
            ]
            if in_flight:
                print(
                    f"Main CI still shows the same failed run {run['id']}; "
                    f"{_ci_run_url(in_flight[0]['id'])} is running "
                    "(previous ci-fix pushed to a branch). Waiting."
                )
                return 0
        print(f"CI run {_ci_run_url(run['id'])} failed — starting fix agent.")
        prompt = (
-            "The Codeberg CI for guettli/sharedinbox just failed. "
+            "The Codeberg CI for guettli/sharedinbox just failed on the main branch. "
            f"The CI run ID is {run['id']}. "
            "Fetch the CI logs using the task ci-logs command or the Codeberg API. "
-            "Identify the failure, fix it, commit, and push. "
+            "Identify the failure, fix it, commit, and push directly to main. "
            "Verify locally with 'task check' before pushing. "
            "Do NOT reference any issue numbers in commit messages "
            "(no 'closes #N', 'fixes #N', or similar) — this is a CI fix, "
            "not an issue fix, and auto-closing an issue via a commit message would be a bug. "
            "Do NOT close any issues. "
            "When done, stop."
        )
        pid = _start_agent(prompt, "ci-fix")
-        _write_state(pid, pending_issue, "ci-fix", session_name="ci-fix")
+        _write_state(pid, pending_issue, "ci-fix", session_name="ci-fix",
                     ci_run_id=run["id"] if run else None)
        return 0
    # CI is ok (or no run).
@@ -584,10 +831,44 @@ def _run_loop() -> int:
        print(f"CI passed{ci_run_part} — closed {_issue_url(pending_issue)}.")
        return 0
    # Find a ToPlan issue — planning takes priority over implementation.
    to_plan = _to_plan_issues()
    if to_plan:
        issue = to_plan[0]
        issue_number = issue["number"]
        issue_title = issue["title"]
        issue_body = issue.get("body", "")
        print(f"Starting planning agent for {_issue_url(issue_number)} {issue_title}")
        _set_labels(issue_number, add=[LABEL_IN_PROGRESS], remove=[LABEL_TO_PLAN])
        plan_prompt = f"""Analyze Codeberg issue #{issue_number} in the guettli/sharedinbox repository and write a detailed implementation plan.
 Issue title: {issue_title}
 Issue body:
 {issue_body}
 Instructions:
 - Read and understand the issue thoroughly.
 - Explore the relevant parts of the codebase to understand the current structure.
 - Write a detailed implementation plan as a comment on the issue using:
      fgj issue comment {issue_number} --repo {REPO} --body "..."
  The plan should cover: which files to change, what approach to take, and any risks or open questions.
 - Do NOT write any code, do NOT create any branches or PRs, do NOT modify any files.
 - If the issue is unclear or you need more information, set the label to State/Question
  and stop (do NOT close the issue).
 - When you have posted the plan as an issue comment, stop.
 """
        session_name = f"plan-issue-{issue_number}"
        pid = _start_agent(plan_prompt, session_name)
        _write_state(pid, issue_number, "plan", issue_title, session_name=session_name)
        return 0
    # Find a Ready issue.
    issues = _ready_issues()
    if not issues:
-        print("No issues with State/Ready. Nothing to do.")
+        print("No issues with State/ToPlan or State/Ready. Nothing to do.")
        return 0
    issue = issues[0]
@@ -617,7 +898,10 @@ Instructions:
 - Implement the required change, following the existing code style.
 - Write or update tests as appropriate.
 - Run 'task check' locally and fix any failures before committing.
- Commit with a descriptive message referencing the issue number (e.g. "feat: ... (#{issue_number})").
+- Commit with a descriptive message and include (#{issue_number}) in the title,
  e.g. "feat: description (#{issue_number})".
  Do NOT use "Closes #N" or "Fixes #N" keywords — the loop closes the issue
  after CI passes; using those keywords would close it prematurely or wrongly.
 - Create a branch named `issue-{issue_number}-fix`, push your changes there, and open a PR against main:
      git checkout -b issue-{issue_number}-fix
      git push -u origin issue-{issue_number}-fix
@@ -640,10 +924,13 @@ def main() -> int:
    parser = argparse.ArgumentParser(prog="agent_loop")
    sub = parser.add_subparsers(dest="cmd")
    sub.add_parser("list", help="List recent agent sessions")
    sub.add_parser("monitor", help="Check that the loop ran within the last 2 hours")
    args = parser.parse_args()
    if args.cmd == "list":
        return cmd_list()
    if args.cmd == "monitor":
        return cmd_monitor()
    return _run_loop()
@@ -6,76 +6,49 @@ import os
 import sys
 import time
 import requests
 from google.auth.transport.requests import AuthorizedSession
 from google.oauth2 import service_account
 PACKAGE_NAME = "de.sharedinbox.mua"
 AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
 TRACK = "internal"
 _TIMEOUT = 300  # seconds — AAB uploads can be large
 _MAX_UPLOAD_ATTEMPTS = 3
 _BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
 _UPLOAD_BASE = "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications"
 _MAX_UPLOAD_ATTEMPTS = 3
-def _make_session(config_json: str) -> AuthorizedSession:
+def _upload_aab_resumable(session, package, edit_id, aab_path):
-    creds = service_account.Credentials.from_service_account_info(
+    """Upload AAB using the Google resumable upload protocol."""
-        json.loads(config_json),
+    file_size = os.path.getsize(aab_path)
-        scopes=["https://www.googleapis.com/auth/androidpublisher"],
+    init_url = f"{_UPLOAD_BASE}/{package}/edits/{edit_id}/bundles"
    # Step 1: initiate the resumable upload session
    init_resp = session.post(
        init_url,
        params={"uploadType": "resumable"},
        headers={
            "X-Upload-Content-Type": "application/octet-stream",
            "X-Upload-Content-Length": str(file_size),
            "Content-Length": "0",
        },
        timeout=60,
    )
-    return AuthorizedSession(creds)
+    init_resp.raise_for_status()
    upload_url = init_resp.headers["Location"]
-
+    # Step 2: upload the file in a single PUT to the session URI
-def _upload_aab(session: AuthorizedSession, edit_id: str) -> int:
+    with open(aab_path, "rb") as f:
-    """Resumable upload of the AAB. Returns the version code."""
+        upload_resp = session.put(
-    file_size = os.path.getsize(AAB_PATH)
+            upload_url,
-
+            data=f,
-    with open(AAB_PATH, "rb") as f:
+            headers={
-        data = f.read()
+                "Content-Type": "application/octet-stream",
-
+                "Content-Length": str(file_size),
-    last_exc = None
+            },
-    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
+            timeout=600,
-        try:
+        )
-            # Each attempt needs a fresh resumable upload URL — the previous URL expires on failure.
+    upload_resp.raise_for_status()
-            init_resp = session.post(
+    return upload_resp.json()
                f"{_UPLOAD_BASE}/{PACKAGE_NAME}/edits/{edit_id}/bundles",
                params={"uploadType": "resumable"},
                headers={
                    "X-Upload-Content-Type": "application/octet-stream",
                    "X-Upload-Content-Length": str(file_size),
                },
                json={},
                timeout=30,
            )
            if not init_resp.ok:
                print(f"Init attempt {attempt + 1} failed: HTTP {init_resp.status_code}: {init_resp.text[:500]}")
                init_resp.raise_for_status()
            upload_url = init_resp.headers["Location"]
            upload_resp = session.put(
                upload_url,
                data=data,
                headers={
                    "Content-Type": "application/octet-stream",
                    "Content-Length": str(file_size),
                },
                timeout=_TIMEOUT,
            )
            if not upload_resp.ok:
                print(f"Upload attempt {attempt + 1} failed: HTTP {upload_resp.status_code}: {upload_resp.text[:500]}")
                upload_resp.raise_for_status()
            return upload_resp.json()["versionCode"]
        except requests.RequestException as exc:
            last_exc = exc
            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
                delay = 10 * (2 ** attempt)
                print(f"Attempt {attempt + 1} failed ({exc}), retrying in {delay}s…")
                time.sleep(delay)
    raise RuntimeError(
        f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
    ) from last_exc
 def main():
@@ -88,25 +61,45 @@ def main():
        print(f"Error: AAB not found at {AAB_PATH}", file=sys.stderr)
        sys.exit(1)
-    session = _make_session(config_json)
+    creds = service_account.Credentials.from_service_account_info(
-
+        json.loads(config_json),
-    edit_resp = session.post(
+        scopes=["https://www.googleapis.com/auth/androidpublisher"],
        f"{_BASE}/{PACKAGE_NAME}/edits",
        json={},
        timeout=30,
    )
    session = AuthorizedSession(creds)
    edit_resp = session.post(f"{_BASE}/{PACKAGE_NAME}/edits", json={}, timeout=30)
    edit_resp.raise_for_status()
    edit_id = edit_resp.json()["id"]
-    version_code = _upload_aab(session, edit_id)
+    last_exc = None
    bundle = None
    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
        try:
            bundle = _upload_aab_resumable(session, PACKAGE_NAME, edit_id, AAB_PATH)
            break
        except Exception as exc:
            last_exc = exc
            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
                delay = 10 * (2 ** attempt)
                print(
                    f"Upload attempt {attempt + 1} failed ({type(exc).__name__}: {exc}), "
                    f"retrying in {delay}s…"
                )
                time.sleep(delay)
    if bundle is None:
        raise RuntimeError(
            f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
        ) from last_exc
    version_code = bundle["versionCode"]
    print(f"Uploaded AAB, version code: {version_code}")
-    tracks_resp = session.put(
+    track_resp = session.put(
        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
        json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
        timeout=30,
    )
-    tracks_resp.raise_for_status()
+    track_resp.raise_for_status()
    commit_resp = session.post(
        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}:commit",
@@ -33,9 +33,6 @@ def list_remote_files(ssh_user: str, ssh_host: str, pattern: str) -> list[str]:
    result = subprocess.run(
        [
            "ssh",
            "-v",
            "-o", "StrictHostKeyChecking=no",
            "-i", "/root/.ssh/id_ed25519",
            f"{ssh_user}@{ssh_host}",
            f"find {REMOTE_BUILDS_DIR} -name '{pattern}' -type f | sort",
        ],
@@ -14,14 +14,42 @@ if [ "$host" == "$port" ]; then
    port="8774"
 fi
-echo "Probing $host:$port..."
+MAX_PROBE_ATTEMPTS=5
-if ! nc -zw 3 "$host" "$port" 2>/dev/null; then
+PROBE_DELAY=30
-    echo "Error: No Dagger server responded on $host:$port"
+for attempt in $(seq 1 $MAX_PROBE_ATTEMPTS); do
-    exit 1
+    echo "Probing $host:$port (attempt $attempt/$MAX_PROBE_ATTEMPTS)..."
-fi
+    if nc -zw 5 "$host" "$port" 2>/dev/null; then
-echo "Found active Dagger server on $host:$port"
+        echo "Found active server on $host:$port"
        break
    fi
    if [ "$attempt" -eq "$MAX_PROBE_ATTEMPTS" ]; then
        echo "Warning: No Dagger server responded on $host:$port after $MAX_PROBE_ATTEMPTS attempts"
        echo "Remote engine unavailable — CI will use the local Dagger engine."
        exit 0
    fi
    echo "Dagger server not responding, waiting ${PROBE_DELAY}s before retry..."
    sleep $PROBE_DELAY
 done
-# 2. Setup TLS credentials (passed as env vars from secrets)
+# 2a. Try plain TCP connection first (works when server is a plain TCP proxy, no TLS)
 echo "Trying plain TCP Dagger connection at tcp://$host:$port..."
 if _DAGGER_RUNNER_HOST="tcp://$host:$port" \
   _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port" \
   timeout 8 dagger version >/dev/null 2>&1; then
    echo "Plain TCP Dagger connection succeeded — no TLS stunnel needed."
    if [ -n "${GITHUB_ENV:-}" ]; then
        echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV"
        echo "_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV"
    else
        export _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port"
        export _DAGGER_RUNNER_HOST="tcp://$host:$port"
        echo "Dagger configured at tcp://$host:$port (plain TCP)"
    fi
    exit 0
 fi
 echo "Plain TCP connection not available; trying TLS stunnel..."
 # 2b. Setup TLS credentials (passed as env vars from secrets)
 mkdir -p /tmp/dagger-tls
 echo "$DAGGER_CA_CERT" > /tmp/dagger-tls/ca.crt
 echo "$DAGGER_CLIENT_CERT" > /tmp/dagger-tls/client.crt
@@ -6,6 +6,7 @@ import json
 import os
 import tempfile
 import unittest
 from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from unittest.mock import MagicMock, patch
@@ -88,21 +89,47 @@ class TestAgentAlive(unittest.TestCase):
        self.assertFalse(agent_loop._agent_alive({"pid": None}))
 class TestIsClaudeProcess(unittest.TestCase):
    def test_returns_true_for_claude_comm(self):
        with patch.object(agent_loop.Path, "read_text", return_value="claude\n"):
            self.assertTrue(agent_loop._is_claude_process(1234))
    def test_returns_true_for_node_comm(self):
        with patch.object(agent_loop.Path, "read_text", return_value="node\n"):
            self.assertTrue(agent_loop._is_claude_process(1234))
    def test_returns_false_for_other_process(self):
        with patch.object(agent_loop.Path, "read_text", return_value="bash\n"):
            self.assertFalse(agent_loop._is_claude_process(1234))
    def test_returns_false_when_proc_missing(self):
        with patch.object(agent_loop.Path, "read_text", side_effect=OSError):
            self.assertFalse(agent_loop._is_claude_process(1234))
 class TestKillAgent(unittest.TestCase):
    def test_kill_sends_sigkill(self):
-        with patch("agent_loop.os.kill") as mock_kill:
+        with patch("agent_loop._is_claude_process", return_value=True):
-            agent_loop._kill_agent({"pid": 1234})
+            with patch("agent_loop.os.kill") as mock_kill:
-            mock_kill.assert_called_once_with(1234, 9)
+                agent_loop._kill_agent({"pid": 1234})
                mock_kill.assert_called_once_with(1234, 9)
    def test_kill_ignores_missing_process(self):
-        with patch("agent_loop.os.kill", side_effect=ProcessLookupError):
+        with patch("agent_loop._is_claude_process", return_value=True):
-            agent_loop._kill_agent({"pid": 1234})  # Should not raise.
+            with patch("agent_loop.os.kill", side_effect=ProcessLookupError):
                agent_loop._kill_agent({"pid": 1234})  # Should not raise.
    def test_kill_noop_when_no_pid(self):
        with patch("agent_loop.os.kill") as mock_kill:
            agent_loop._kill_agent({})
            mock_kill.assert_not_called()
    def test_kill_skips_recycled_pid(self):
        with patch("agent_loop._is_claude_process", return_value=False):
            with patch("agent_loop.os.kill") as mock_kill:
                agent_loop._kill_agent({"pid": 1234})
                mock_kill.assert_not_called()
 class TestStartAgent(unittest.TestCase):
    def _make_mock_proc(self, pid=42):
@@ -174,7 +201,8 @@ class TestMain(unittest.TestCase):
            return 55
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[self._make_issue(10)]), \
             patch("agent_loop._set_labels", side_effect=fake_set_labels), \
             patch("agent_loop._start_agent", side_effect=fake_start_agent), \
@@ -200,7 +228,8 @@ class TestMain(unittest.TestCase):
            captured["remove"] = remove
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[self._make_issue(7)]), \
             patch("agent_loop._set_labels", side_effect=fake_set_labels), \
             patch("agent_loop._start_agent", return_value=99), \
@@ -213,7 +242,8 @@ class TestMain(unittest.TestCase):
    def test_no_ready_issues_does_nothing(self):
        """main() exits cleanly with 0 when there are no ready issues."""
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[]), \
             patch("agent_loop._set_labels") as mock_labels, \
             patch("agent_loop._start_agent") as mock_start:
@@ -232,7 +262,8 @@ class TestMain(unittest.TestCase):
            return 77
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[self._make_issue(42)]), \
             patch("agent_loop._set_labels"), \
             patch("agent_loop._start_agent", side_effect=fake_start_agent), \
@@ -266,8 +297,9 @@ class TestPendingCi(unittest.TestCase):
    def test_closes_issue_when_ci_passes_after_agent_finishes(self):
        """After issue agent finishes, loop merges the PR and closes the issue once CI is green."""
        # First call: PR found open. Second call (post-merge verification): PR closed.
        with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
-             patch("agent_loop._find_pr_for_branch", side_effect=self._find_pr_open), \
+             patch("agent_loop._find_pr_for_branch", side_effect=[self._open_pr(), None]), \
             patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 1, "status": "success"}), \
             patch("agent_loop._merge_pr") as mock_merge, \
             patch("agent_loop._close_issue") as mock_close, \
@@ -282,7 +314,7 @@ class TestPendingCi(unittest.TestCase):
        """'CI passed' line includes the CI run URL when a run is available."""
        buf = io.StringIO()
        with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
-             patch("agent_loop._find_pr_for_branch", side_effect=self._find_pr_open), \
+             patch("agent_loop._find_pr_for_branch", side_effect=[self._open_pr(), None]), \
             patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 4145144, "status": "success"}), \
             patch("agent_loop._merge_pr"), \
             patch("agent_loop._close_issue"), \
@@ -392,7 +424,7 @@ class TestPendingCi(unittest.TestCase):
    def test_closes_issue_after_ci_fix_and_ci_passes(self):
        """After ci-fix agent finishes and CI passes on PR branch, the pending issue is closed."""
        with patch("agent_loop._read_state", return_value=self._dead_state(10, "ci-fix")), \
-             patch("agent_loop._find_pr_for_branch", side_effect=self._find_pr_open), \
+             patch("agent_loop._find_pr_for_branch", side_effect=[self._open_pr(), None]), \
             patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 1, "status": "success"}), \
             patch("agent_loop._merge_pr") as mock_merge, \
             patch("agent_loop._close_issue") as mock_close, \
@@ -409,7 +441,8 @@ class TestPendingCi(unittest.TestCase):
            "pid": 999999999, "issue": None, "started_at": "2026-01-01T00:00:00+00:00",
            "type": "ci-fix",
        }), \
-             patch("agent_loop._latest_ci_run", return_value={"id": 1, "status": "success"}), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value={"id": 1, "status": "success"}), \
             patch("agent_loop._close_issue") as mock_close, \
             patch("agent_loop._ready_issues", return_value=[]), \
             patch("agent_loop._clear_state"):
@@ -425,7 +458,8 @@ class TestOutputFormat(unittest.TestCase):
    def test_output_starts_with_header(self):
        buf = io.StringIO()
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[]), \
             contextlib.redirect_stdout(buf):
            agent_loop._run_loop()
@@ -436,7 +470,8 @@ class TestOutputFormat(unittest.TestCase):
    def test_no_agent_loop_prefix_in_output(self):
        buf = io.StringIO()
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[]), \
             contextlib.redirect_stdout(buf):
            agent_loop._run_loop()
@@ -446,7 +481,8 @@ class TestOutputFormat(unittest.TestCase):
        run = {"id": 4145144, "status": "running"}
        buf = io.StringIO()
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=run), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=run), \
             contextlib.redirect_stdout(buf):
            agent_loop._run_loop()
        self.assertIn("https://codeberg.org/guettli/sharedinbox/actions/runs/4145144",
@@ -456,7 +492,8 @@ class TestOutputFormat(unittest.TestCase):
        issue = {"number": 128, "title": "Fix something", "body": "", "labels": []}
        buf = io.StringIO()
        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
+             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[issue]), \
             patch("agent_loop._set_labels"), \
             patch("agent_loop._start_agent", return_value=99), \
@@ -468,6 +505,47 @@ class TestOutputFormat(unittest.TestCase):
        self.assertIn("Fix something", output)
 class TestLatestMainCiRun(unittest.TestCase):
    """_latest_main_ci_run() must return only ci.yml push-to-main runs."""
    def _ci_run(self, run_id, status="success"):
        return {"event": "push", "prettyref": "main", "workflow_id": "ci.yml",
                "status": status, "id": run_id}
    def _deploy_run(self, run_id, status="success"):
        return {"event": "push", "prettyref": "main", "workflow_id": "deploy.yml",
                "status": status, "id": run_id}
    def test_skips_deploy_run_returns_ci_run(self):
        # Forgejo reports deploy.yml schedule runs as event=push/prettyref=main;
        # must be excluded by workflow_id filter.
        runs = [self._deploy_run(1), self._ci_run(2)]
        with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
            result = agent_loop._latest_main_ci_run()
        self.assertIsNotNone(result)
        self.assertEqual(result["id"], 2)
    def test_returns_none_when_only_deploy_runs_exist(self):
        runs = [self._deploy_run(1)]
        with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
            result = agent_loop._latest_main_ci_run()
        self.assertIsNone(result)
    def test_returns_none_when_only_schedule_runs_exist(self):
        runs = [{"event": "schedule", "prettyref": "main", "workflow_id": "deploy.yml",
                 "status": "success", "id": 1}]
        with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
            result = agent_loop._latest_main_ci_run()
        self.assertIsNone(result)
    def test_returns_ci_push_to_main_run(self):
        runs = [self._ci_run(42, status="running")]
        with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
            result = agent_loop._latest_main_ci_run()
        self.assertIsNotNone(result)
        self.assertEqual(result["id"], 42)
 class TestLatestCiRunForBranch(unittest.TestCase):
    """Tests for _latest_ci_run_for_branch — Forgejo API field mapping."""
@@ -667,5 +745,110 @@ class TestRunLoopResumeCommand(unittest.TestCase):
        self.assertNotIn("Resume:", output)
 class TestCatchupSkipsQuestionIssues(unittest.TestCase):
    """Catch-up must not retry merging a PR whose issue is already State/Question."""
    def _make_pr(self, pr_number=50, branch="issue-10-fix"):
        return {"number": pr_number, "head": {"ref": branch}}
    def test_skips_merge_when_issue_has_question_label(self):
        pr = self._make_pr()
        ci_run = {"id": 999, "status": "success"}
        with patch("agent_loop._read_state", return_value=None), \
             patch("agent_loop._open_issue_prs", return_value=[pr]), \
             patch("agent_loop._latest_ci_run_for_pr", return_value=ci_run), \
             patch("agent_loop._get_issue_labels", return_value=[agent_loop.LABEL_QUESTION]), \
             patch("agent_loop._merge_pr") as mock_merge, \
             patch("agent_loop._comment_issue") as mock_comment, \
             patch("agent_loop._set_labels") as mock_labels, \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[]):
            result = agent_loop._run_loop()
        self.assertEqual(result, 0)
        mock_merge.assert_not_called()
        mock_comment.assert_not_called()
        mock_labels.assert_not_called()
    def test_proceeds_with_merge_when_issue_lacks_question_label(self):
        pr = self._make_pr()
        ci_run = {"id": 999, "status": "success"}
        with patch("agent_loop._read_state", return_value=None), \
             patch("agent_loop._open_issue_prs", return_value=[pr]), \
             patch("agent_loop._latest_ci_run_for_pr", return_value=ci_run), \
             patch("agent_loop._get_issue_labels", return_value=[agent_loop.LABEL_IN_PROGRESS]), \
             patch("agent_loop._merge_pr") as mock_merge, \
             patch("agent_loop._find_pr_for_branch", return_value=None), \
             patch("agent_loop._close_issue"):
            result = agent_loop._run_loop()
        self.assertEqual(result, 0)
        mock_merge.assert_called_once_with(50)
 class TestHeartbeat(unittest.TestCase):
    """Tests for _update_heartbeat() and cmd_monitor()."""
    def setUp(self):
        self._tmp = tempfile.NamedTemporaryFile(delete=False, suffix=".heartbeat")
        self._tmp.close()
        self._orig = agent_loop.HEARTBEAT_FILE
        agent_loop.HEARTBEAT_FILE = Path(self._tmp.name)
        Path(self._tmp.name).unlink()  # Start with no heartbeat file.
    def tearDown(self):
        agent_loop.HEARTBEAT_FILE = self._orig
        Path(self._tmp.name).unlink(missing_ok=True)
    def test_update_heartbeat_writes_timestamp(self):
        agent_loop._update_heartbeat()
        content = Path(self._tmp.name).read_text().strip()
        dt = datetime.fromisoformat(content)
        age = (datetime.now(timezone.utc) - dt).total_seconds()
        self.assertLess(age, 5)
    def test_update_heartbeat_creates_file(self):
        self.assertFalse(Path(self._tmp.name).exists())
        agent_loop._update_heartbeat()
        self.assertTrue(Path(self._tmp.name).exists())
    def test_monitor_healthy_when_recent(self):
        agent_loop._update_heartbeat()
        result = agent_loop.cmd_monitor()
        self.assertEqual(result, 0)
    def test_monitor_warns_when_heartbeat_missing(self):
        buf = io.StringIO()
        with contextlib.redirect_stdout(buf):
            result = agent_loop.cmd_monitor()
        self.assertEqual(result, 1)
        self.assertIn("WARNING", buf.getvalue())
    def test_monitor_warns_when_stale(self):
        stale = (datetime.now(timezone.utc) - timedelta(hours=3)).isoformat()
        Path(self._tmp.name).write_text(stale)
        buf = io.StringIO()
        with contextlib.redirect_stdout(buf):
            result = agent_loop.cmd_monitor()
        self.assertEqual(result, 1)
        self.assertIn("WARNING", buf.getvalue())
    def test_monitor_warns_when_corrupted(self):
        Path(self._tmp.name).write_text("not-a-timestamp")
        buf = io.StringIO()
        with contextlib.redirect_stdout(buf):
            result = agent_loop.cmd_monitor()
        self.assertEqual(result, 1)
        self.assertIn("WARNING", buf.getvalue())
    def test_run_loop_updates_heartbeat(self):
        self.assertFalse(Path(self._tmp.name).exists())
        with patch("agent_loop._read_state", return_value=None), \
             patch("agent_loop._open_issue_prs", return_value=[]), \
             patch("agent_loop._latest_main_ci_run", return_value=None), \
             patch("agent_loop._ready_issues", return_value=[]):
            agent_loop._run_loop()
        self.assertTrue(Path(self._tmp.name).exists())
 if __name__ == "__main__":
    unittest.main()
@@ -0,0 +1,200 @@
 #!/usr/bin/env python3
 """Tests for deploy_playstore.py."""
 import os
 import sys
 import unittest
 from pathlib import Path
 from unittest.mock import MagicMock, call, patch
 sys.path.insert(0, str(Path(__file__).parent))
 import deploy_playstore
 def _make_session(
    edit_id="edit-42",
    version_code=7,
    upload_side_effects=None,
 ):
    """Return a mock AuthorizedSession with sensible defaults."""
    session = MagicMock()
    # POST /edits → create edit
    edit_resp = MagicMock()
    edit_resp.json.return_value = {"id": edit_id}
    session.post.return_value = edit_resp
    # POST resumable-init → Location header
    init_resp = MagicMock()
    init_resp.headers = {"Location": "https://upload.example.com/session"}
    # PUT upload → bundle JSON
    upload_resp = MagicMock()
    upload_resp.json.return_value = {"versionCode": version_code}
    if upload_side_effects is not None:
        # Use side_effect list: first call is edit create, rest are upload inits
        # We override the PUT side effects via _upload_aab_resumable mock instead
        pass
    return session, init_resp, upload_resp
 class TestMainEnvChecks(unittest.TestCase):
    def test_missing_env_exits(self):
        with patch.dict(os.environ, {}, clear=True):
            with self.assertRaises(SystemExit) as ctx:
                deploy_playstore.main()
        self.assertEqual(ctx.exception.code, 1)
    def test_missing_aab_exits(self):
        fake_config = '{"type": "service_account"}'
        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
            with patch("deploy_playstore.os.path.exists", return_value=False):
                with self.assertRaises(SystemExit) as ctx:
                    deploy_playstore.main()
        self.assertEqual(ctx.exception.code, 1)
 class TestMainHappyPath(unittest.TestCase):
    def _run_main(self, fake_config='{"type":"service_account"}'):
        mock_session = MagicMock()
        # POST for edit create and commit
        post_responses = [
            MagicMock(**{"json.return_value": {"id": "edit-42"}}),  # create edit
            MagicMock(),  # commit
        ]
        mock_session.post.side_effect = post_responses
        # PUT for track update
        mock_session.put.return_value = MagicMock()
        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
            with patch("deploy_playstore.os.path.exists", return_value=True):
                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
                    with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
                        with patch(
                            "deploy_playstore._upload_aab_resumable",
                            return_value={"versionCode": 7},
                        ):
                            deploy_playstore.main()
        return mock_session
    def test_creates_edit(self):
        session = self._run_main()
        create_call = session.post.call_args_list[0]
        self.assertIn("/edits", create_call[0][0])
    def test_commits_edit(self):
        session = self._run_main()
        commit_call = session.post.call_args_list[1]
        self.assertIn(":commit", commit_call[0][0])
    def test_updates_track(self):
        session = self._run_main()
        track_call = session.put.call_args_list[0]
        self.assertIn("/tracks/", track_call[0][0])
 class TestUploadRetry(unittest.TestCase):
    def _run_main(self, upload_side_effects, sleep_mock=None):
        mock_session = MagicMock()
        post_responses = [
            MagicMock(**{"json.return_value": {"id": "edit-1"}}),
            MagicMock(),
        ]
        mock_session.post.side_effect = post_responses
        mock_session.put.return_value = MagicMock()
        patches = [
            patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}),
            patch("deploy_playstore.os.path.exists", return_value=True),
            patch("deploy_playstore.service_account.Credentials.from_service_account_info"),
            patch("deploy_playstore.AuthorizedSession", return_value=mock_session),
            patch("deploy_playstore._upload_aab_resumable", side_effect=upload_side_effects),
            patch("deploy_playstore.time.sleep"),
        ]
        for p in patches:
            p.start()
        try:
            deploy_playstore.main()
        finally:
            for p in patches:
                p.stop()
    def test_succeeds_on_first_attempt(self):
        with patch("deploy_playstore._upload_aab_resumable", return_value={"versionCode": 5}) as mock_upload:
            with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
                with patch("deploy_playstore.os.path.exists", return_value=True):
                    with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
                        mock_session = MagicMock()
                        mock_session.post.side_effect = [
                            MagicMock(**{"json.return_value": {"id": "e1"}}),
                            MagicMock(),
                        ]
                        mock_session.put.return_value = MagicMock()
                        with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
                            deploy_playstore.main()
            mock_upload.assert_called_once()
    def test_retries_once_on_error_then_succeeds(self):
        self._run_main([ValueError("transient"), {"versionCode": 9}])
    def test_raises_after_all_attempts_exhausted(self):
        with self.assertRaises(RuntimeError) as ctx:
            self._run_main([ValueError("err"), ValueError("err"), ValueError("err")])
        self.assertIn(str(deploy_playstore._MAX_UPLOAD_ATTEMPTS), str(ctx.exception))
    def test_backoff_delays_are_10s_then_20s(self):
        mock_session = MagicMock()
        mock_session.post.side_effect = [
            MagicMock(**{"json.return_value": {"id": "e1"}}),
            MagicMock(),
        ]
        mock_session.put.return_value = MagicMock()
        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
            with patch("deploy_playstore.os.path.exists", return_value=True):
                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
                    with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
                        with patch(
                            "deploy_playstore._upload_aab_resumable",
                            side_effect=[ValueError("e"), ValueError("e"), {"versionCode": 3}],
                        ):
                            with patch("deploy_playstore.time.sleep") as mock_sleep:
                                deploy_playstore.main()
        mock_sleep.assert_has_calls([call(10), call(20)])
 class TestUploadAabResumable(unittest.TestCase):
    def test_initiates_and_uploads(self):
        mock_session = MagicMock()
        init_resp = MagicMock()
        init_resp.headers = {"Location": "https://upload.example.com/sess"}
        upload_resp = MagicMock()
        upload_resp.json.return_value = {"versionCode": 42}
        mock_session.post.return_value = init_resp
        mock_session.put.return_value = upload_resp
        import tempfile
        with tempfile.NamedTemporaryFile(delete=False) as f:
            f.write(b"fake-aab-content")
            aab_path = f.name
        try:
            result = deploy_playstore._upload_aab_resumable(
                mock_session, "com.example.app", "edit-1", aab_path
            )
        finally:
            os.unlink(aab_path)
        self.assertEqual(result["versionCode"], 42)
        mock_session.post.assert_called_once()
        mock_session.put.assert_called_once()
        put_call = mock_session.put.call_args
        self.assertEqual(put_call[0][0], "https://upload.example.com/sess")
 if __name__ == "__main__":
    unittest.main()
@@ -1,6 +1,8 @@
 import 'dart:async';
 import 'package:flutter/services.dart' show MissingPluginException;
 import 'package:mockito/annotations.dart';
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/mailbox.dart';
 import 'package:sharedinbox/core/repositories/account_repository.dart';
@@ -30,6 +32,40 @@ void main() {
    // This is hard to test without real loops, but we can verify it doesn't crash.
    manager.syncNow('unknown');
  });
  // Regression test for issue #200: when flutter_secure_storage throws
  // MissingPluginException (channel unavailable on the device), the IMAP sync
  // loop must stop permanently instead of retrying indefinitely with backoff.
  test(
      'MissingPluginException from secure storage stops IMAP sync loop permanently',
      () async {
    final syncLog = FakeSyncLogRepository();
    final m = AccountSyncManager(
      _AccountRepositoryWithMissingPlugin(),
      FakeMailboxRepositoryWithInbox(),
      FakeEmailRepository(),
      syncLog: syncLog,
    );
    m.start();
    // Allow the first sync cycle to run and fail.
    await Future<void>.delayed(const Duration(milliseconds: 100));
    expect(syncLog.logs, hasLength(1));
    expect(syncLog.logs.first.success, isFalse);
    // Kicking the loop should have no effect once it has stopped permanently.
    m.syncNow('1');
    await Future<void>.delayed(const Duration(milliseconds: 100));
    // Before the fix: kick triggers a retry → 2 log entries.
    // After the fix: loop is permanently stopped → still exactly 1 entry.
    expect(syncLog.logs, hasLength(1));
    m.dispose();
  });
 }
 class FakeEmailRepository implements EmailRepository {
@@ -187,3 +223,34 @@ class FakeMailboxRepositoryWithInbox implements MailboxRepository {
  @override
  Future<void> clearForResync(String accountId) async {}
 }
 class _AccountRepositoryWithMissingPlugin implements AccountRepository {
  static const _account = Account(
    id: '1',
    displayName: 'Test',
    email: 'test@example.com',
  );
  @override
  Stream<List<Account>> observeAccounts() => Stream.value([_account]);
  @override
  Future<Account?> getAccount(String id) async => _account;
  @override
  Future<String> getPassword(String accountId) => Future.error(
        MissingPluginException(
          'No implementation found for method read on channel '
          'plugins.it.nomads.com/flutter_secure_storage',
        ),
      );
  @override
  Future<void> addAccount(Account account, String password) async {}
  @override
  Future<void> updateAccount(Account account, {String? password}) async {}
  @override
  Future<void> removeAccount(String id) async {}
 }
@@ -1,3 +1,7 @@
 import 'dart:async';
 import 'dart:io';
 import 'package:fake_async/fake_async.dart';
 import 'package:flutter/services.dart';
 import 'package:flutter_test/flutter_test.dart';
 import 'package:path_provider_platform_interface/path_provider_platform_interface.dart';
@@ -19,6 +23,30 @@ class _UnavailablePathProvider extends Fake
  }
 }
 // Fake PathProviderPlatform that fails the first [failCount] calls, then
 // returns a fixed path.  Used to exercise the retry loop in
 // _resolveDatabasePath() without waiting for real timers.
 class _SucceedAfterNPathProvider extends Fake
    with MockPlatformInterfaceMixin
    implements PathProviderPlatform {
  _SucceedAfterNPathProvider({required this.failCount});
  final int failCount;
  int _callCount = 0;
  @override
  Future<String?> getApplicationSupportPath() async {
    _callCount++;
    if (_callCount <= failCount) {
      throw PlatformException(
        code: 'channel-error',
        message: 'Simulated: path_provider channel not ready',
      );
    }
    return '/tmp/test_app_support';
  }
 }
 void main() {
  TestWidgetsFlutterBinding.ensureInitialized();
@@ -38,4 +66,91 @@ void main() {
      await expectLater(initDatabasePath(), completes);
    },
  );
  // Tests for _resolveDatabasePath() — the lazy retry path called on first DB
  // access when initDatabasePath() already failed.  fake_async lets us advance
  // the back-off timers without waiting real-world milliseconds.
  test(
    '_resolveDatabasePath retries and eventually succeeds after transient failures',
    () {
      resetDatabasePathForTesting();
      final prev = PathProviderPlatform.instance;
      // Fail 3 times, succeed on the 4th call.  The delays in
      // _resolveDatabasePath are [200, 500, 1000, 2000, 4000] ms, so three
      // failures cost 200+500+1000 = 1700 ms before the fourth attempt.
      PathProviderPlatform.instance = _SucceedAfterNPathProvider(failCount: 3);
      addTearDown(() {
        PathProviderPlatform.instance = prev;
        resetDatabasePathForTesting();
      });
      fakeAsync((fake) {
        String? result;
        unawaited(resolveDatabasePathForTesting().then((r) => result = r));
        // Advance fake time through the three back-off delays.
        fake.elapse(const Duration(milliseconds: 200 + 500 + 1000 + 1));
        expect(result, isNotNull);
        expect(result, endsWith('sharedinbox.db'));
      });
    },
  );
  test(
    '_resolveDatabasePath throws PlatformException after exhausting all retries',
    () {
      resetDatabasePathForTesting();
      final prev = PathProviderPlatform.instance;
      PathProviderPlatform.instance = _UnavailablePathProvider();
      addTearDown(() {
        PathProviderPlatform.instance = prev;
        resetDatabasePathForTesting();
      });
      fakeAsync((fake) {
        Object? caughtError;
        unawaited(
          resolveDatabasePathForTesting().catchError((Object e) {
            caughtError = e;
            return ''; // ignored; satisfies the Future<String> return type
          }),
        );
        // Advance past all five back-off delays: 200+500+1000+2000+4000 ms.
        fake.elapse(
          const Duration(milliseconds: 200 + 500 + 1000 + 2000 + 4000 + 1),
        );
        expect(caughtError, isA<PlatformException>());
        expect(
          (caughtError! as PlatformException).message,
          contains('cannot open database'),
        );
      });
    },
    // The Android fallback runs only on Android, so on the host machine the
    // exception is still thrown after all retries.  Skip on Android to avoid
    // depending on /data/user/0/... being absent in the test environment.
    skip: Platform.isAndroid,
  );
  // Regression test for issue #192: _androidFallbackPath must return null when
  // the process cmdline does not look like an Android package name (e.g. on
  // the host test machine where the process is the Dart executable).
  test(
    '_androidFallbackPath returns null when process name is not a package name',
    () async {
      // On non-Android platforms the host process cmdline is a file-system path
      // (starts with '/'), which the fallback correctly rejects.  On Android
      // the process IS named after the package — the fallback is free to
      // succeed or return null depending on the device state; we do not assert
      // here so as not to constrain Android behaviour.
      if (!Platform.isAndroid) {
        final result = await androidFallbackPathForTesting();
        expect(result, isNull);
      }
    },
  );
 }
@@ -27,6 +27,22 @@ class MockUrlLauncher extends Mock
  }
 }
 class ThrowingUrlLauncher extends Mock
    with MockPlatformInterfaceMixin
    implements UrlLauncherPlatform {
  @override
  Future<bool> canLaunch(String? url) async => true;
  @override
  Future<bool> launchUrl(String? url, LaunchOptions? options) async {
    throw PlatformException(
      code: 'channel-error',
      message: 'Unable to establish connection on channel: '
          '"dev.flutter.pigeon.url_launcher_android.UrlLauncherApi.launchUrl".',
    );
  }
 }
 Widget _buildScreen({List<Account> accounts = const []}) {
  return ProviderScope(
    overrides: [
@@ -151,6 +167,10 @@ void main() {
    expect(clipboardText, contains('Dark Mode'));
    expect(clipboardText, contains('IMAP Accounts'));
    expect(clipboardText, contains('JMAP Accounts'));
    expect(
      clipboardText,
      contains('[sharedinbox.de](https://sharedinbox.de)'),
    );
  });
  testWidgets('AboutScreen create-issue button opens Codeberg URL', (
@@ -176,4 +196,24 @@ void main() {
    );
    expect(mock.launchedUrl, contains('1.2.3%2B99'));
  });
  testWidgets(
    'AboutScreen link tap with failed url_launcher shows error snackbar',
    (tester) async {
      tester.view.physicalSize = const Size(800, 1200);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(tester.view.resetPhysicalSize);
      addTearDown(tester.view.resetDevicePixelRatio);
      UrlLauncherPlatform.instance = ThrowingUrlLauncher();
      await tester.pumpWidget(_buildScreen());
      await tester.pumpAndSettle();
      await tester.tap(find.textContaining('sharedinbox.de').first);
      await tester.pumpAndSettle();
      expect(find.textContaining('Error:'), findsOneWidget);
    },
  );
 }
@@ -23,7 +23,7 @@ void main() {
      expect(find.byKey(const Key('scanEncryptedButton')), findsOneWidget);
    });
-    testWidgets('shows 20-minute expiry hint', (tester) async {
+    testWidgets('shows expiry countdown hint', (tester) async {
      await tester.pumpWidget(
        buildApp(
          initialLocation: '/accounts/receive',
@@ -32,8 +32,106 @@ void main() {
      );
      await tester.pumpAndSettle();
-      expect(find.textContaining('20 minutes'), findsOneWidget);
+      expect(find.textContaining('expires in'), findsOneWidget);
    });
    testWidgets(
      'step 2 button shows text-input fallback on platforms without camera',
      (tester) async {
        await tester.pumpWidget(
          buildApp(
            initialLocation: '/accounts/receive',
            overrides: baseOverrides(),
          ),
        );
        await tester.pumpAndSettle();
        await tester.tap(find.byKey(const Key('scanEncryptedButton')));
        await tester.pumpAndSettle();
        // On Linux (desktop, no camera) the text fallback field must appear.
        expect(find.byKey(const Key('encryptedCodeField')), findsOneWidget);
      },
    );
    testWidgets(
      'step 2 — valid encrypted QR imports account via text fallback',
      (tester) async {
        // Pre-generate a key pair so we can encrypt a QR code with the same
        // material the screen will use for decryption.
        final material = await ShareEncryptionService.generateKeyPair();
        final repo = FakeShareKeyRepository(material: material);
        const account = Account(
          id: 'src-1',
          displayName: 'Alice',
          email: 'alice@example.com',
          imapHost: 'imap.example.com',
          smtpHost: 'smtp.example.com',
        );
        final encryptedQr = await ShareEncryptionService.encryptAccounts(
          recipientKeyId: material.keyId,
          recipientPublicKeyBytes: material.publicKeyBytes,
          accounts: [
            AccountPayload(
              accountJson: account.toJson(),
              password: 'secret',
            ),
          ],
        );
        await tester.pumpWidget(
          buildApp(
            initialLocation: '/accounts/receive',
            overrides: baseOverrides(shareKeyRepository: repo),
          ),
        );
        await tester.pumpAndSettle(); // key generation completes
        await tester.tap(find.byKey(const Key('scanEncryptedButton')));
        await tester.pumpAndSettle();
        await tester.enterText(
          find.byKey(const Key('encryptedCodeField')),
          encryptedQr,
        );
        await tester.tap(find.text('Import'));
        await tester.pumpAndSettle();
        expect(
          find.text('Imported 1 account successfully.'),
          findsOneWidget,
        );
      },
    );
    testWidgets(
      'step 2 — invalid encrypted QR shows error and returns to pub-key step',
      (tester) async {
        await tester.pumpWidget(
          buildApp(
            initialLocation: '/accounts/receive',
            overrides: baseOverrides(),
          ),
        );
        await tester.pumpAndSettle();
        await tester.tap(find.byKey(const Key('scanEncryptedButton')));
        await tester.pumpAndSettle();
        await tester.enterText(
          find.byKey(const Key('encryptedCodeField')),
          'not-a-valid-qr-code',
        );
        await tester.tap(find.text('Import'));
        await tester.pumpAndSettle();
        // Screen returns to the pub-key step with an error message visible.
        expect(find.byKey(const Key('pubKeyQrCode')), findsOneWidget);
        expect(find.textContaining('Import failed:'), findsWidgets);
      },
    );
  });
  group('AccountSendScreen', () {
@@ -0,0 +1,54 @@
 import 'dart:convert';
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
 import 'package:flutter_test/flutter_test.dart';
 import 'package:sharedinbox/ui/screens/changelog_screen.dart';
 class _FakeAssetBundle extends CachingAssetBundle {
  final Map<String, String> _assets;
  _FakeAssetBundle(this._assets);
  @override
  Future<ByteData> load(String key) async {
    if (_assets.containsKey(key)) {
      final encoded = utf8.encode(_assets[key]!);
      return ByteData.view(Uint8List.fromList(encoded).buffer);
    }
    throw FlutterError('Asset not found: "$key"');
  }
 }
 const _fakeChangelog =
    '* 2024-01-01 feat: initial release\n* 2024-01-02 fix: resolve crash\n';
 void main() {
  testWidgets('ChangeLogScreen shows changelog content', (tester) async {
    await tester.pumpWidget(
      DefaultAssetBundle(
        bundle: _FakeAssetBundle({'assets/changelog.txt': _fakeChangelog}),
        child: const MaterialApp(home: ChangeLogScreen()),
      ),
    );
    await tester.pumpAndSettle();
    expect(find.text('ChangeLog'), findsOneWidget);
    expect(find.textContaining('initial release'), findsOneWidget);
    expect(find.textContaining('resolve crash'), findsOneWidget);
    expect(find.textContaining('Error loading changelog'), findsNothing);
  });
  testWidgets('ChangeLogScreen shows error when asset is missing', (
    tester,
  ) async {
    await tester.pumpWidget(
      DefaultAssetBundle(
        bundle: _FakeAssetBundle({}),
        child: const MaterialApp(home: ChangeLogScreen()),
      ),
    );
    await tester.pumpAndSettle();
    expect(find.textContaining('Error loading changelog'), findsOneWidget);
  });
 }
@@ -1,5 +1,6 @@
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:flutter_test/flutter_test.dart';
 import 'package:go_router/go_router.dart';
@@ -116,13 +116,193 @@ void main() {
      expect(clipboardText, isNotNull);
      expect(clipboardText, contains('App Version: 1.0.0+42'));
      expect(clipboardText, contains('Build Mode:'));
      expect(clipboardText, contains('Platform:'));
      expect(clipboardText, contains('Dart:'));
      expect(clipboardText, contains('Timestamp:'));
      expect(clipboardText, contains('TestException: clipboard test'));
      // GIT_HASH is empty in test builds — no Git Commit line expected
      expect(clipboardText, isNot(contains('Git Commit:')));
    },
  );
  testWidgets(
    'CrashScreen shows git hash as clickable link above stacktrace',
    (tester) async {
      tester.view.physicalSize = const Size(800, 1200);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(() => tester.view.resetPhysicalSize());
      final mock = MockUrlLauncher();
      UrlLauncherPlatform.instance = mock;
      const exception = 'TestException: git hash test';
      final stackTrace = StackTrace.current;
      const testHash = 'abc1234';
      await tester.pumpWidget(
        CrashScreen(
          exception: exception,
          stackTrace: stackTrace,
          gitHash: testHash,
        ),
      );
      await tester.pumpAndSettle();
      // Git hash link should be present
      final gitLinkFinder = find.textContaining('Git Commit: abc1234');
      expect(gitLinkFinder, findsOneWidget);
      // Link must appear above the stack trace
      final stackTraceFinder = find.text('Stack Trace:');
      expect(
        tester.getTopLeft(gitLinkFinder).dy,
        lessThan(tester.getTopLeft(stackTraceFinder).dy),
      );
      // Tapping the link should open the Codeberg commit URL
      await tester.tap(gitLinkFinder);
      await tester.pumpAndSettle();
      expect(
        mock.launchedUrl,
        equals('https://codeberg.org/guettli/sharedinbox/commit/abc1234'),
      );
    },
  );
  testWidgets(
    'CrashScreen shows version, build mode, and platform in the UI',
    (tester) async {
      tester.view.physicalSize = const Size(800, 1200);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(() => tester.view.resetPhysicalSize());
      const exception = 'TestException: info row test';
      final stackTrace = StackTrace.current;
      await tester.pumpWidget(
        MaterialApp(
          home: CrashScreen(exception: exception, stackTrace: stackTrace),
        ),
      );
      await tester.pumpAndSettle();
      // Info row shows app version (from mock), build mode, and platform OS.
      expect(find.textContaining('1.0.0+42'), findsWidgets);
      // In test builds kDebugMode is true.
      expect(find.textContaining('debug'), findsOneWidget);
      // Platform OS is always present (linux in CI, android/ios on device).
      expect(
        find.textContaining(RegExp(r'linux|android|ios|windows|macos')),
        findsWidgets,
      );
    },
  );
  testWidgets(
    'CrashScreen shows app version as clickable link when git hash is set',
    (tester) async {
      tester.view.physicalSize = const Size(800, 1200);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(() => tester.view.resetPhysicalSize());
      final mock = MockUrlLauncher();
      UrlLauncherPlatform.instance = mock;
      const exception = 'TestException: version link test';
      final stackTrace = StackTrace.current;
      const testHash = 'abc1234';
      await tester.pumpWidget(
        CrashScreen(
          exception: exception,
          stackTrace: stackTrace,
          gitHash: testHash,
        ),
      );
      await tester.pumpAndSettle();
      // App version link should be present (mocked as 1.0.0+42)
      final versionLinkFinder = find.textContaining('App Version: 1.0.0+42');
      expect(versionLinkFinder, findsOneWidget);
      // It must appear above the git hash link
      final gitLinkFinder = find.textContaining('Git Commit: abc1234');
      expect(
        tester.getTopLeft(versionLinkFinder).dy,
        lessThan(tester.getTopLeft(gitLinkFinder).dy),
      );
      // Tapping it should open the Codeberg commit URL
      await tester.tap(versionLinkFinder);
      await tester.pumpAndSettle();
      expect(
        mock.launchedUrl,
        equals('https://codeberg.org/guettli/sharedinbox/commit/abc1234'),
      );
    },
  );
  testWidgets(
    'CrashScreen copy-to-clipboard includes app version as markdown link when git hash is set',
    (tester) async {
      tester.view.physicalSize = const Size(800, 1200);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(() => tester.view.resetPhysicalSize());
      String? clipboardText;
      tester.binding.defaultBinaryMessenger.setMockMethodCallHandler(
        SystemChannels.platform,
        (MethodCall call) async {
          if (call.method == 'Clipboard.setData') {
            clipboardText =
                (call.arguments as Map<dynamic, dynamic>)['text'] as String?;
          }
          return null;
        },
      );
      addTearDown(
        () => tester.binding.defaultBinaryMessenger
            .setMockMethodCallHandler(SystemChannels.platform, null),
      );
      const exception = 'TestException: version link clipboard test';
      final stackTrace = StackTrace.current;
      const testHash = 'abc1234';
      await tester.pumpWidget(
        CrashScreen(
          exception: exception,
          stackTrace: stackTrace,
          gitHash: testHash,
        ),
      );
      await tester.pumpAndSettle();
      await tester.tap(find.text('Copy to Clipboard'));
      await tester.pump();
      await tester.pump();
      await tester.pumpAndSettle();
      expect(clipboardText, isNotNull);
      // App Version must be a markdown link pointing to the commit
      expect(
        clipboardText,
        contains(
          'App Version: [1.0.0+42](https://codeberg.org/guettli/sharedinbox/commit/abc1234)',
        ),
      );
      expect(
        clipboardText,
        contains(
          'Git Commit: [abc1234](https://codeberg.org/guettli/sharedinbox/commit/abc1234)',
        ),
      );
    },
  );
  testWidgets(
    'CrashScreen used as root widget — buttons work without ScaffoldMessenger crash',
    (tester) async {
@@ -105,6 +105,88 @@ void main() {
      expect(find.text('Edit account'), findsNothing);
    });
    testWidgets(
        'try connection button is disabled when no password stored or entered',
        (
      tester,
    ) async {
      tester.view.physicalSize = const Size(800, 1400);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(tester.view.resetPhysicalSize);
      addTearDown(tester.view.resetDevicePixelRatio);
      await tester.pumpWidget(
        buildApp(
          initialLocation: '/accounts/acc-1/edit',
          overrides: baseOverrides(
            accounts: [kTestAccount],
            hasStoredPassword: false,
          ),
        ),
      );
      await tester.pumpAndSettle();
      final button = tester.widget<OutlinedButton>(
        find.byKey(const Key('editTryConnectionButton')),
      );
      expect(button.onPressed, isNull);
    });
    testWidgets(
        'try connection button is enabled after typing password with no stored password',
        (tester) async {
      tester.view.physicalSize = const Size(800, 1400);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(tester.view.resetPhysicalSize);
      addTearDown(tester.view.resetDevicePixelRatio);
      await tester.pumpWidget(
        buildApp(
          initialLocation: '/accounts/acc-1/edit',
          overrides: baseOverrides(
            accounts: [kTestAccount],
            hasStoredPassword: false,
          ),
        ),
      );
      await tester.pumpAndSettle();
      await tester.enterText(
        find.byKey(const Key('editPasswordField')),
        'mypassword',
      );
      await tester.pump();
      final button = tester.widget<OutlinedButton>(
        find.byKey(const Key('editTryConnectionButton')),
      );
      expect(button.onPressed, isNotNull);
    });
    testWidgets('save button is disabled when no password stored or entered', (
      tester,
    ) async {
      tester.view.physicalSize = const Size(800, 1400);
      tester.view.devicePixelRatio = 1.0;
      addTearDown(tester.view.resetPhysicalSize);
      addTearDown(tester.view.resetDevicePixelRatio);
      await tester.pumpWidget(
        buildApp(
          initialLocation: '/accounts/acc-1/edit',
          overrides: baseOverrides(
            accounts: [kTestAccount],
            hasStoredPassword: false,
          ),
        ),
      );
      await tester.pumpAndSettle();
      final button = tester
          .widget<FilledButton>(find.widgetWithText(FilledButton, 'Save'));
      expect(button.onPressed, isNull);
    });
    testWidgets('connection error shows error message', (tester) async {
      tester.view.physicalSize = const Size(800, 1400);
      tester.view.devicePixelRatio = 1.0;
@@ -3,7 +3,7 @@ import 'dart:convert';
 import 'dart:io';
 import 'package:flutter/material.dart';
-import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:flutter_test/flutter_test.dart';
 import 'package:path_provider_platform_interface/path_provider_platform_interface.dart';
@@ -1,5 +1,5 @@
 import 'package:flutter/material.dart';
-import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:flutter_test/flutter_test.dart';
 import 'package:sharedinbox/core/models/email.dart';
@@ -6,6 +6,7 @@
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:go_router/go_router.dart';
 import 'package:sharedinbox/core/models/account.dart';
@@ -19,6 +20,7 @@ import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
 import 'package:sharedinbox/core/repositories/search_history_repository.dart';
 import 'package:sharedinbox/core/repositories/share_key_repository.dart';
 import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
 import 'package:sharedinbox/core/services/account_discovery_service.dart';
 import 'package:sharedinbox/core/services/connection_test_service.dart';
 import 'package:sharedinbox/core/services/managesieve_probe_service.dart';
@@ -42,11 +44,12 @@ import 'package:sharedinbox/ui/screens/thread_detail_screen.dart';
 // ---------------------------------------------------------------------------
 class FakeAccountRepository implements AccountRepository {
  final List<Account> _accounts;
  FakeAccountRepository([List<Account>? accounts])
      : _accounts = List.of(accounts ?? []);
  final List<Account> _accounts;
  bool hasPassword = true;
  @override
  Stream<List<Account>> observeAccounts() => Stream.value(List.of(_accounts));
@@ -73,15 +76,22 @@ class FakeAccountRepository implements AccountRepository {
      _accounts.removeWhere((a) => a.id == id);
  @override
-  Future<String> getPassword(String accountId) async => 'test-password';
+  Future<String> getPassword(String accountId) async {
    if (!hasPassword) {
      throw StateError('No password stored for account $accountId');
    }
    return 'test-password';
  }
 }
 class FakeShareKeyRepository implements ShareKeyRepository {
  FakeShareKeyRepository({ShareKeyMaterial? material}) : _material = material;
  ShareKeyMaterial? _material;
  @override
  Future<ShareKeyMaterial> createKeyPair() async {
-    _material = await ShareEncryptionService.generateKeyPair();
+    _material ??= await ShareEncryptionService.generateKeyPair();
    return _material!;
  }
@@ -473,10 +483,18 @@ Widget buildApp({
  );
  return ProviderScope(
-    // Always neutralise the ManageSieve probe so widget tests never open a
+    // Defaults come first so tests can override them via [overrides].
-    // real socket. Tests that need to assert on probe behaviour should supply
+    //
-    // their own override before this default in [overrides].
+    // syncHealthProvider and syncLogRepositoryProvider are backed by Drift
    // StreamQueries. When a StreamProvider that wraps a Drift query is disposed,
    // Drift schedules a Timer.run() for cache debouncing. Flutter's test
    // framework then fails the test with "A Timer is still pending". Replacing
    // these with simple synchronous streams avoids the pending-timer assertion.
    overrides: [
      syncHealthProvider.overrideWith((ref, _) => Stream.value(null)),
      syncLogRepositoryProvider.overrideWithValue(
        const NoOpSyncLogRepository(),
      ),
      ...overrides,
      manageSieveProbeServiceProvider.overrideWith(
        (ref) => _NoOpManageSieveProbeService(),
@@ -501,10 +519,13 @@ List<Override> baseOverrides({
  List<Mailbox>? mailboxes,
  DiscoveryResult? discovery,
  Exception? connectionError,
  ShareKeyRepository? shareKeyRepository,
  bool hasStoredPassword = true,
 }) =>
    [
-      accountRepositoryProvider
+      accountRepositoryProvider.overrideWithValue(
-          .overrideWithValue(FakeAccountRepository(accounts)),
+        FakeAccountRepository(accounts)..hasPassword = hasStoredPassword,
      ),
      mailboxRepositoryProvider
          .overrideWithValue(FakeMailboxRepository(mailboxes)),
      emailRepositoryProvider.overrideWithValue(FakeEmailRepository()),
@@ -515,7 +536,9 @@ List<Override> baseOverrides({
      connectionTestServiceProvider.overrideWithValue(
        FakeConnectionTestService(error: connectionError),
      ),
-      shareKeyRepositoryProvider.overrideWithValue(FakeShareKeyRepository()),
+      shareKeyRepositoryProvider.overrideWithValue(
        shareKeyRepository ?? FakeShareKeyRepository(),
      ),
    ];
 // ---------------------------------------------------------------------------
Author	SHA1	Message	Date
Thomas SharedInboxandClaude Sonnet 4.6	004aa9e837	fix: disable Save button when no password available, fix changelog fetch-depth (#246 , #229 ) - Disable Save button (alongside Try connection) when no stored password and password field is empty, making both buttons consistent (#246) - Update deploy-apk and build-linux CI jobs to use fetch-depth: 100 so generate-changelog produces a full 50-entry log, matching deploy-playstore (#229) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-25 14:42:46 +02:00
Bot of Thomas Güttler	3868c160d3	fix: disable Try connection button when no password is available (#235 ) (#247 )	2026-05-25 14:30:13 +02:00
Bot of Thomas Güttler	50fc012e81	Merge pull request 'fix: show password required error instead of crashing when no stored password (#235 )' (#238 ) from issue-235-fix into main	2026-05-25 13:00:44 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	94b20f50be	style: format edit_account_screen_test.dart Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-25 12:49:29 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	885906b204	fix: show password required error instead of crashing when no stored password (#235 ) During _load(), check whether a password exists in secure storage and track the result in _hasStoredPassword. The password field validator now requires user input when no password is stored, so _tryConnection() fails fast at form validation instead of throwing an unhandled StateError. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-25 12:49:29 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	06df3ee200	feat: monitor agent loop health every 2 hours (#217 ) - Track a heartbeat timestamp in ~/.sharedinbox-agent-heartbeat at the start of each _run_loop() invocation so we can tell when it last ran. - Add `agent_loop.py monitor` subcommand that exits 1 with a WARNING message if the heartbeat is missing, corrupted, or older than 2 hours. - Add .forgejo/workflows/monitor.yml scheduled workflow that runs the monitor check every 2 hours on the self-hosted runner; a CI failure serves as the warning when the loop is stalled. - Add 7 unit tests covering all monitor / heartbeat scenarios. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-25 12:48:45 +02:00
Bot of Thomas Güttler	e03c7708ba	feat: show app version as link on crash screen and in MD report (#236 ) (#245 )	2026-05-25 11:40:53 +02:00
Bot of Thomas Güttler guettli Thomas SharedInbox	27bef3356e	fix: skip catch-up merge retry when issue has State/Question (#239 ) (#242 ) When a catch-up PR merge fails (PR stays open after the merge command), the loop sets the issue to State/Question and comments on it. But on the next cron tick the same PR is still open with passing CI, so it tries again — spamming the issue with identical comments every minute. Fix: before attempting a catch-up merge, fetch the issue's current labels via `_get_issue_labels()`. If `State/Question` is already set, skip the PR entirely. Closes #239 Co-authored-by: Thomas SharedInbox <sharedinbox@thomas-guettler.de> Reviewed-on: https://codeberg.org/guettli/sharedinbox/pulls/242	2026-05-25 09:21:23 +02:00
Bot of Thomas Güttler	32ba916cbf	fix: trigger deploy on script changes, add changelog dep, deepen fetch (#228 ) (#233 )	2026-05-24 21:05:10 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	86e12ffe72	fix: add fgj to nix store PATH in deploy.sh fgj is in the nix store but was not included in the PATH glob loop, causing `FileNotFoundError: 'fgj'` on every cron run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 19:02:13 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	f4a052bedc	feat: add State/ToPlan planning phase to agent loop Issues labelled State/ToPlan are now picked up by a dedicated planning agent before any implementation happens. The agent posts a plan as an issue comment, then the loop transitions the label to State/Planned and leaves a resume command in a follow-up comment. A human reviews the plan and manually promotes the issue to State/Ready to trigger implementation. Planning agents run at higher priority than Ready issues. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 18:56:46 +02:00
Thomas SharedInbox	b2c11e0c63	Revert "feat: keep secrets in sync via age-encrypted master key (#208 ) (#223 )" This reverts commit `96b1660b59`.	2026-05-24 18:39:23 +02:00
Bot of Thomas Güttler	09c90c244b	fix: load changelog via DefaultAssetBundle for testability (#214 ) (#225 )	2026-05-24 17:50:10 +02:00
Bot of Thomas Güttler	357ed9af31	fix: about page version unknown and link crash on Android (#213 ) (#224 )	2026-05-24 17:20:09 +02:00
Bot of Thomas Güttler	96b1660b59	feat: keep secrets in sync via age-encrypted master key (#208 ) (#223 )	2026-05-24 16:35:10 +02:00
Bot of Thomas Güttler	e7ff9243c9	feat: add build mode, Dart version, timestamp to crash report (#205 ) (#222 )	2026-05-24 16:10:09 +02:00
Bot of Thomas Güttler	d51e67ddcc	fix: probe scanner method channel to detect MissingPluginException (#204 ) (#221 )	2026-05-24 15:55:08 +02:00
Bot of Thomas Güttler	43068509d2	fix: show live countdown with seconds on receive account screen (#203 ) (#220 )	2026-05-24 15:15:12 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	d9b8748631	fix: filter _latest_main_ci_run by workflow_id == ci.yml Forgejo reports deploy.yml (scheduled/dispatch) runs with event=push and prettyref=main, identical to ci.yml push runs. The event-only filter was insufficient — adding workflow_id == "ci.yml" prevents deploy.yml runs from blocking or triggering false CI fix agents. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 15:07:00 +02:00
Bot of Thomas Güttler	50ae7df8a3	fix: fall back to text input when mobile_scanner plugin is unavailable (#202 ) (#219 )	2026-05-24 14:55:07 +02:00
Bot of Thomas Güttler	7dd5800064	perf: cache Linux engine artifacts via flutter precache --linux (#129 ) (#218 )	2026-05-24 14:30:07 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	77e581299d	fix: filter out schedule/deploy workflow runs in CI checks _latest_main_ci_run() was using event != pull_request which still matched deploy.yml schedule runs when their prettyref == "main", blocking the loop from picking up new issues. _latest_ci_run_for_branch() had the same issue: the else branch matched any non-pull_request event including schedule runs. Both functions now explicitly filter for event == "push" only. Tests updated: rename _latest_ci_run → _latest_main_ci_run, mock _open_issue_prs to prevent real API calls in unit tests, and update _find_pr_for_branch side_effect to reflect the upstream post-merge PR-still-open verification check. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 14:08:13 +02:00
Bot of Thomas Güttler	37eca207c6	fix: pin SSH host key via known_hosts instead of StrictHostKeyChecking=no (#161 ) (#181 )	2026-05-24 13:00:04 +02:00
Bot of Thomas Güttler	5925cee4f2	fix: show git hash as clickable link above stacktrace (#201 ) (#211 )	2026-05-24 12:56:27 +02:00
Bot of Thomas Güttler	a8603edfc3	fix: verify PID belongs to claude before SIGKILL (#160 ) (#163 )	2026-05-24 12:55:08 +02:00
Bot of Thomas Güttler	0293cb5845	fix: stop retrying on MissingPluginException from flutter_secure_storage (#200 ) (#209 )	2026-05-24 08:50:06 +02:00
Bot of Thomas Güttler	30bcc8a314	fix: skip CI jobs when unrelated files change (#144 ) (#207 )	2026-05-24 08:30:10 +02:00
Bot of Thomas Güttler	ac0e16adcb	feat: about page - sharedinbox.de heading link and git commit row (#199 ) (#206 )	2026-05-24 08:10:07 +02:00
Thomas SharedInbox	3f946dfca0	fix: switch Play Store upload from httplib2 to requests The Play Store AAB upload was failing with httplib2.error.RedirectMissingLocation when Google's API returned a redirect during the resumable upload initiation. Switched from google-api-python-client (which uses httplib2 internally) to pure requests-based AuthorizedSession, which handles redirects correctly. Closes #198	2026-05-24 07:52:12 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	c517f604e0	test: update deploy_playstore tests for requests-based transport The previous tests patched google_auth_httplib2 and googleapiclient which no longer exist in the new implementation. Rewrite to mock AuthorizedSession and _upload_aab_resumable, covering the same scenarios: happy path, retry on transient errors, backoff delays, and exhausted attempts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 07:40:17 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	7d393ec818	fix: switch Play Store upload from httplib2 to requests httplib2 treats 308 Resume Incomplete responses (used by Google's resumable upload API) as redirects and raises RedirectMissingLocation when the response lacks a Location header. Switch to google.auth.transport.requests.AuthorizedSession + direct HTTP calls so the upload uses the requests library, which handles 308 correctly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 07:32:22 +02:00
Bot of Thomas Güttler	5c38357033	fix: limit dagger-data volume growth by pruning named caches (#193 ) (#197 )	2026-05-24 06:00:14 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	7715190cbf	fix: retry AAB upload on RedirectMissingLocation with exponential backoff Adds a 3-attempt retry loop around the resumable AAB upload that catches httplib2.error.RedirectMissingLocation (a transient network error) and retries with exponential backoff (10s, 20s). A fresh MediaFileUpload is created on each attempt because resumable upload objects cannot be reused after failure. Also adds TestUploadRetry covering the retry path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 05:30:24 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	80cde04d87	fix: retry AAB upload on RedirectMissingLocation with exponential backoff (#186 ) Wrap the resumable bundle upload in a loop of up to _MAX_UPLOAD_ATTEMPTS (3) attempts. On httplib2.error.RedirectMissingLocation, recreate MediaFileUpload (resumable uploads cannot reuse the same object) and wait 10 s / 20 s before retrying. After all attempts are exhausted, raise RuntimeError chained to the last exception. Add tests covering the retry path, backoff delays, fresh MediaFileUpload on each attempt, and exhaustion. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 04:59:05 +02:00
Bot of Thomas Güttler	83060bc1bf	fix: add timeout and retries to Play Store upload (#185 ) (#195 )	2026-05-24 04:45:07 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	fb6f2cca68	fix: add timeout and retries to Play Store upload (#185 ) Switch deploy_playstore.py from requests/AuthorizedSession to the googleapiclient.discovery client with google-auth-httplib2, so that AuthorizedHttp(timeout=300) enforces a hard socket timeout on all requests and num_retries=3 on every .execute() call enables automatic retries for transient failures. Update flake.nix and ci/main.go to install the new dependencies (google-api-python-client, google-auth-httplib2, httplib2) instead of the old google-auth + requests pair. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 04:38:36 +02:00
Bot of Thomas Güttler	71ccf24d0c	fix: survive permanently broken path_provider channel on Android (#192 ) (#194 )	2026-05-24 03:50:07 +02:00
Bot of Thomas Güttler	4f6f1d9437	fix: migrate to Riverpod 3.x and update dependencies (#175 ) (#190 )	2026-05-23 19:50:11 +02:00
Bot of Thomas Güttler	833e8d49b0	fix: remove continue-on-error from CI workflows (#172 ) (#189 )	2026-05-23 19:05:08 +02:00
Bot of Thomas Güttler	6adba9b001	perf: parallelize APK deploy and reduce fetch-depth in deploy.yml (#171 ) (#188 )	2026-05-23 18:55:08 +02:00
Bot of Thomas Güttler	11d9805fca	test: cover _resolveDatabasePath retry logic (#167 ) (#187 )	2026-05-23 18:35:15 +02:00