fix: wrap _measureHeight() in try-catch to prevent crashes when WebView is not ready

Closes #340 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat: replace agent_loop.py with agentloop
2026-06-01 17:55:36 +02:00 · 2026-05-31 09:20:48 +02:00 · 2026-05-29 23:19:14 +02:00 · 2026-05-29 21:52:56 +02:00 · 2026-05-29 19:08:12 +02:00 · 2026-05-29 17:34:21 +02:00
96 changed files with 5081 additions and 1943 deletions
@@ -3,7 +3,41 @@ name: CI
 on:
  push:
    branches: [main]
+    paths:
+      - 'lib/**'
+      - 'test/**'
+      - 'integration_test/**'
+      - 'android/**'
+      - 'linux/**'
+      - 'assets/**'
+      - '!assets/changelog.txt'
+      - 'pubspec.yaml'
+      - 'pubspec.lock'
+      - 'analysis_options.yaml'
+      - 'scripts/**'
+      - 'stalwart-dev/**'
+      - 'ci/**'
+      - 'Taskfile.yml'
+      - 'drift_schemas/**'
+      - '.forgejo/workflows/ci.yml'
  pull_request:
+    paths:
+      - 'lib/**'
+      - 'test/**'
+      - 'integration_test/**'
+      - 'android/**'
+      - 'linux/**'
+      - 'assets/**'
+      - '!assets/changelog.txt'
+      - 'pubspec.yaml'
+      - 'pubspec.lock'
+      - 'analysis_options.yaml'
+      - 'scripts/**'
+      - 'stalwart-dev/**'
+      - 'ci/**'
+      - 'Taskfile.yml'
+      - 'drift_schemas/**'
+      - '.forgejo/workflows/ci.yml'

 jobs:
  check:
@@ -30,11 +64,96 @@ jobs:
          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
        run: scripts/setup_dagger_remote.sh

+      - name: Locate Docker daemon for local Dagger engine
+        run: |
+          # Skip if remote Dagger engine is already configured (preferred path)
+          if [ -n "${_DAGGER_RUNNER_HOST:-}" ]; then
+            echo "Remote Dagger engine configured, no local Docker needed."
+            exit 0
+          fi
+
+          # Try host Docker socket (DooD) if runner mounts it
+          if [ -S /var/run/docker.sock ]; then
+            if DOCKER_HOST=unix:///var/run/docker.sock docker info >/dev/null 2>&1; then
+              echo "Docker available via host socket."
+              echo "DOCKER_HOST=unix:///var/run/docker.sock" >> "$GITHUB_ENV"
+              exit 0
+            fi
+          fi
+
+          echo "WARNING: No remote Dagger engine and no local Docker found." >&2
+          echo "  - Remote engine: check DAGGER_STUNNEL_URL secret and that the host proxy is running." >&2
+          echo "  - Local Docker: runner does not expose /var/run/docker.sock." >&2
+          echo "CI will likely fail at the Dagger step." >&2
+
+      - name: Prune Dagger cache before check
+        env:
+          DAGGER_NO_NAG: "1"
+        # prune(maxUsedSpace) also reclaims named cache volumes (gradle-cache, go-build-cache, etc.)
+        # when total cache exceeds the limit; without args only unreferenced entries are removed.
+        run: |
+          dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }' || true
+
      - name: Run Full Check Suite
        env:
          DAGGER_NO_NAG: "1"
        run: task check-dagger

+      - name: Prune Dagger cache after check
+        if: always()
+        env:
+          DAGGER_NO_NAG: "1"
+        run: |
+          dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }' || true
+
      - name: Cleanup TLS credentials
        if: always()
        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
+
+  merge-renovate:
+    name: Auto-merge Renovate PR
+    needs: [check]
+    if: github.event_name == 'pull_request' && startsWith(github.head_ref, 'renovate/')
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Merge if automerge label is set
+        env:
+          FORGEJO_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          python3 - << 'PYEOF'
+          import os, json, urllib.request, urllib.error, sys
+
+          token = os.environ["FORGEJO_TOKEN"]
+          url_base = os.environ.get("GITHUB_SERVER_URL", "").rstrip("/")
+          repo = os.environ.get("GITHUB_REPOSITORY", "")
+          pr_number = os.environ["PR_NUMBER"]
+          api = f"{url_base}/api/v1/repos/{repo}"
+          headers = {"Authorization": f"token {token}", "Content-Type": "application/json"}
+
+          req = urllib.request.Request(f"{api}/issues/{pr_number}/labels", headers=headers)
+          with urllib.request.urlopen(req) as r:
+              labels = [l["name"] for l in json.loads(r.read())]
+
+          if "automerge" not in labels:
+              print(f"PR #{pr_number}: no 'automerge' label — major update, skipping")
+              sys.exit(0)
+
+          body = json.dumps({"Do": "merge"}).encode()
+          req = urllib.request.Request(
+              f"{api}/pulls/{pr_number}/merge",
+              data=body, headers=headers, method="POST"
+          )
+          try:
+              with urllib.request.urlopen(req) as r:
+                  print(f"PR #{pr_number} merged successfully")
+          except urllib.error.HTTPError as e:
+              err = e.read().decode()
+              if "already been merged" in err or "has been merged" in err:
+                  print(f"PR #{pr_number} already merged — OK")
+              else:
+                  print(f"Merge failed: {err}")
+                  sys.exit(1)
+          PYEOF
@@ -6,50 +6,101 @@ on:
  workflow_dispatch:

 jobs:
-  test-android-firebase:
-    name: Android Instrumented Tests (Firebase Test Lab)
+  check-changes:
+    name: Detect Changed Files
    runs-on: ubuntu-latest
-    timeout-minutes: 60
+    timeout-minutes: 5
+    outputs:
+      android: ${{ steps.diff.outputs.android }}
+      linux: ${{ steps.diff.outputs.linux }}

    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 0

-      - name: Check runner tools
+      - name: Detect Android and Linux changes
+        id: diff
+        shell: bash
+        env:
+          FORGEJO_TOKEN: ${{ github.token }}
        run: |
-          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
-          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
-          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
+          # On workflow_dispatch always build everything
+          if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "linux=true"   >> "$GITHUB_OUTPUT"
+            exit 0
+          fi

-      - name: Setup Dagger Remote Engine (via stunnel)
-        env:
-          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
-          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
-          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
-          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
-        run: scripts/setup_dagger_remote.sh
+          HEAD_SHA=$(git rev-parse HEAD)

-      - name: Run Android Tests on Firebase Test Lab
-        env:
-          FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY: ${{ secrets.FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY }}
-          FIREBASE_PROJECT_ID: ${{ vars.FIREBASE_PROJECT_ID }}
-          DAGGER_NO_NAG: "1"
-        run: task test-android-firebase
+          # Skip if this exact commit was already successfully deployed (prevents
+          # hourly schedule from redeploying the same commit on every tick).
+          LAST_DEPLOYED_SHA=$(python3 - << 'PYEOF'
+          import json, os, sys, urllib.request
+          token = os.environ.get("FORGEJO_TOKEN", "")
+          server = os.environ.get("GITHUB_SERVER_URL", "").rstrip("/")
+          repo = os.environ.get("GITHUB_REPOSITORY", "")
+          url = f"{server}/api/v1/repos/{repo}/actions/runs?workflow_id=deploy.yml&status=success&limit=5"
+          req = urllib.request.Request(url, headers={"Authorization": f"token {token}"})
+          try:
+              with urllib.request.urlopen(req) as r:
+                  data = json.loads(r.read())
+              runs = [
+                  r for r in data.get("workflow_runs", [])
+                  if r.get("status") == "success"
+              ]
+              print(runs[0].get("commit_sha") or "")
+          except Exception as e:
+              print(f"API check failed: {e}", file=sys.stderr)
+              print("")
+          PYEOF
+          )

-      - name: Cleanup TLS credentials
-        if: always()
-        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
+          if [ -n "$LAST_DEPLOYED_SHA" ] && [ "$HEAD_SHA" = "$LAST_DEPLOYED_SHA" ]; then
+            echo "HEAD $HEAD_SHA already successfully deployed — skipping"
+            echo "android=false" >> "$GITHUB_OUTPUT"
+            echo "linux=false"   >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          # Diff from the last successfully deployed commit to catch all changes since
+          # that deploy, not just the most recent commit. Falls back to HEAD~1 when
+          # LAST_DEPLOYED_SHA is unknown or not in local history.
+          if [ -n "$LAST_DEPLOYED_SHA" ] && git cat-file -e "$LAST_DEPLOYED_SHA" 2>/dev/null; then
+            echo "Diffing from last deployed SHA $LAST_DEPLOYED_SHA"
+            CHANGED=$(git diff --name-only "$LAST_DEPLOYED_SHA" HEAD 2>/dev/null \
+              || git show --name-only --format= HEAD)
+          else
+            CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null \
+              || git show --name-only --format= HEAD)
+          fi
+
+          echo "Changed files:"
+          echo "$CHANGED"
+
+          android_re='^(android/|integration_test/|lib/|pubspec\.yaml|pubspec\.lock|drift_schemas/|scripts/deploy_playstore\.py)'
+          linux_re='^(linux/|lib/|pubspec\.yaml|pubspec\.lock)'
+
+          echo "$CHANGED" | grep -qE "$android_re" \
+            && echo "android=true" >> "$GITHUB_OUTPUT" \
+            || echo "android=false" >> "$GITHUB_OUTPUT"
+
+          echo "$CHANGED" | grep -qE "$linux_re" \
+            && echo "linux=true"   >> "$GITHUB_OUTPUT" \
+            || echo "linux=false"  >> "$GITHUB_OUTPUT"

  deploy-playstore:
    name: Build & Deploy to Play Store
    runs-on: ubuntu-latest
    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.android == 'true'

    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 100

      - name: Check runner tools
        run: |
@@ -66,6 +117,7 @@ jobs:
        run: scripts/setup_dagger_remote.sh

      - name: Publish Android to Play Store
+        if: ${{ secrets.PLAY_STORE_CONFIG_JSON != '' }}
        env:
          ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
@@ -73,10 +125,41 @@ jobs:
          DAGGER_NO_NAG: "1"
        run: task publish-android

+      - name: Cleanup TLS credentials
+        if: always()
+        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
+
+  deploy-apk:
+    name: Build & Deploy APK to Server
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.android == 'true'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 100
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine (via stunnel)
+        env:
+          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
+          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
+          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
+          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
      - name: Build & Deploy APK to server
-        continue-on-error: true
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
@@ -92,11 +175,13 @@ jobs:
    name: Build Linux Release
    runs-on: ubuntu-latest
    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.linux == 'true'

    steps:
      - uses: actions/checkout@v4
        with:
-          fetch-depth: 50
+          fetch-depth: 100

      - name: Check runner tools
        run: |
@@ -113,9 +198,10 @@ jobs:
        run: scripts/setup_dagger_remote.sh

      - name: Build & Deploy Linux to server
-        continue-on-error: true
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          DAGGER_NO_NAG: "1"
@@ -125,52 +211,16 @@ jobs:
        if: always()
        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid

-  publish-website:
-    name: Publish Website Build History
-    runs-on: ubuntu-latest
-    needs: [build-linux, deploy-playstore]
-    if: |
-      always() &&
-      (needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success')
-    timeout-minutes: 60
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 50
-
-      - name: Check runner tools
-        run: |
-          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
-          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
-          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
-
-      - name: Setup Dagger Remote Engine (via stunnel)
-        env:
-          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
-          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
-          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
-          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
-        run: scripts/setup_dagger_remote.sh
-
-      - name: Generate build history and deploy website
-        continue-on-error: true
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_USER: ${{ secrets.SSH_USER }}
-          SSH_HOST: ${{ secrets.SSH_HOST }}
-          DAGGER_NO_NAG: "1"
-        run: task publish-website
-
-      - name: Cleanup TLS credentials
-        if: always()
-        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
-
  label-deploy-health:
    name: Update Deploy Health Label
    runs-on: ubuntu-latest
-    needs: [test-android-firebase, deploy-playstore, build-linux]
-    if: always() && vars.DEPLOY_HEALTH_ISSUE != ''
+    needs: [deploy-playstore, deploy-apk, build-linux]
+    if: |
+      always() && vars.DEPLOY_HEALTH_ISSUE != '' && (
+        needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'failure' ||
+        needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'failure' ||
+        needs.build-linux.result == 'success' || needs.build-linux.result == 'failure'
+      )
    timeout-minutes: 5

    steps:
@@ -179,7 +229,7 @@ jobs:
          FORGEJO_TOKEN: ${{ github.token }}
          FORGEJO_URL: ${{ github.server_url }}
          DEPLOY_HEALTH_ISSUE: ${{ vars.DEPLOY_HEALTH_ISSUE }}
-          ALL_SUCCEEDED: ${{ needs.test-android-firebase.result == 'success' && needs.deploy-playstore.result == 'success' && needs.build-linux.result == 'success' }}
+          ALL_SUCCEEDED: ${{ (needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'skipped') && (needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'skipped') && (needs.build-linux.result == 'success' || needs.build-linux.result == 'skipped') }}
        run: |
          python3 - << 'PYEOF'
          import os, json, urllib.request, urllib.error
@@ -0,0 +1,132 @@
+name: Firebase Tests
+
+on:
+  schedule:
+    - cron: '0 3 * * *'   # once per day at 3 AM
+  workflow_dispatch:
+
+jobs:
+  check-changes:
+    name: Detect Firebase-Relevant Changes
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      has_changes: ${{ steps.diff.outputs.has_changes }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect Firebase-relevant changes in last 24 hours
+        id: diff
+        shell: bash
+        run: |
+          # On workflow_dispatch always run
+          if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
+            echo "has_changes=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          SINCE=$(date -u -d '24 hours ago' '+%Y-%m-%dT%H:%M:%S')
+          CHANGED=$(git log --since="$SINCE" --name-only --format= -- \
+            'android/' 'integration_test/' 'lib/' 'pubspec.yaml' 'pubspec.lock' 'drift_schemas/' \
+            | sort -u | grep -v '^$')
+
+          if [ -n "$CHANGED" ]; then
+            echo "Firebase-relevant files changed since $SINCE:"
+            echo "$CHANGED"
+            echo "has_changes=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "No Firebase-relevant changes in the last 24 hours — skipping tests"
+            echo "has_changes=false" >> "$GITHUB_OUTPUT"
+          fi
+
+  test-android-firebase:
+    name: Android Instrumented Tests (Firebase Test Lab)
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.has_changes == 'true'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine (via stunnel)
+        env:
+          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
+          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
+          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
+          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Run Android Tests on Firebase Test Lab
+        if: ${{ secrets.FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY != '' }}
+        env:
+          FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY: ${{ secrets.FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY }}
+          FIREBASE_PROJECT_ID: ${{ vars.FIREBASE_PROJECT_ID }}
+          DAGGER_NO_NAG: "1"
+        run: task test-android-firebase
+
+      - name: Cleanup TLS credentials
+        if: always()
+        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
+
+      - name: Create issue on test failure
+        if: failure()
+        env:
+          FORGEJO_TOKEN: ${{ github.token }}
+          FORGEJO_URL: ${{ github.server_url }}
+          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        run: |
+          python3 - << 'PYEOF'
+          import os, json, urllib.request, urllib.error
+
+          token = os.environ["FORGEJO_TOKEN"]
+          url_base = os.environ["FORGEJO_URL"].rstrip("/")
+          run_url = os.environ["RUN_URL"]
+
+          headers = {"Authorization": f"token {token}", "Content-Type": "application/json"}
+          api = f"{url_base}/api/v1/repos/guettli/sharedinbox"
+
+          def api_get(path):
+              req = urllib.request.Request(f"{api}{path}", headers=headers)
+              with urllib.request.urlopen(req) as r:
+                  return json.loads(r.read())
+
+          def api_post(path, body):
+              data = json.dumps(body).encode()
+              req = urllib.request.Request(f"{api}{path}", data=data, headers=headers, method="POST")
+              with urllib.request.urlopen(req) as r:
+                  return json.loads(r.read())
+
+          repo_labels = api_get("/labels")
+          label_map = {l["name"]: l["id"] for l in repo_labels}
+
+          label_ids = [label_map["Ready"]] if "Ready" in label_map else []
+
+          title = "Firebase Tests failed — find root cause and fix"
+          body = (
+              "Firebase instrumented tests failed in the daily run.\n\n"
+              f"**Failed run:** {run_url}\n\n"
+              "## Steps to resolve\n\n"
+              "1. **Find the root cause**: Check the test run logs linked above and identify which test(s) failed and why.\n"
+              "2. **Fix if possible**: If the failure is caused by a code bug, create a fix. If it is a flaky or infrastructure issue, document the findings.\n"
+              "3. Close this issue once the root cause is resolved and the tests pass.\n"
+          )
+
+          issue = api_post("/issues", {
+              "title": title,
+              "body": body,
+              "labels": label_ids,
+          })
+          print(f"Created issue #{issue['number']}: {issue['html_url']}")
+          PYEOF
@@ -0,0 +1,39 @@
+name: Renovate
+
+on:
+  schedule:
+    - cron: '0 6 * * *'
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    name: Renovate
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine (via stunnel)
+        env:
+          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
+          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
+          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
+          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Run Renovate
+        env:
+          DAGGER_NO_NAG: "1"
+          RENOVATE_FORGEJO_TOKEN: ${{ secrets.RENOVATE_FORGEJO_TOKEN }}
+        run: task renovate
+
+      - name: Cleanup TLS credentials
+        if: always()
+        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
@@ -1,6 +1,8 @@
-name: Deploy Website
+name: Update Website

 on:
+  schedule:
+    - cron: '0 * * * *'   # every hour on the hour
  push:
    branches: [main]
    paths:
@@ -11,22 +13,45 @@ on:

 jobs:
  deploy:
-    name: Build & Deploy Website
+    name: Build & Update Website
    runs-on: ubuntu-latest
+    timeout-minutes: 60

    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive

-      - name: Build & Deploy Website
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine (via stunnel)
+        env:
+          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
+          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
+          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
+          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Build & Update Website
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
-        run: task website-deploy
+          DAGGER_NO_NAG: "1"
+        run: task publish-website

      - name: Verify Website
+        if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
        env:
          SSH_HOST: ${{ secrets.WEBSITE_SSH_HOST }}
        run: scripts/website-verify.sh
+
+      - name: Cleanup TLS credentials
+        if: always()
+        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
@@ -11,7 +11,6 @@ jobs:
    name: Build & Deploy Windows (Nightly)
    runs-on: windows-runner
    if: false
-    continue-on-error: true

    steps:
      - uses: actions/checkout@v4
@@ -32,7 +31,6 @@ jobs:

      - name: Set up SSH key
        if: env.SKIP_BUILD != 'true'
-        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
        run: |
@@ -42,7 +40,6 @@ jobs:

      - name: Deploy Windows to server
        if: env.SKIP_BUILD != 'true'
-        continue-on-error: true
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
@@ -1,3 +1,3 @@
 {
-  "flutter": "3.41.6"
+  "flutter": "3.44.0"
 }
@@ -202,6 +202,8 @@ jobs:
          mkdir -p ~/.ssh
          printf '%s\n' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
+          printf '%s\n' "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+          chmod 644 ~/.ssh/known_hosts

      - name: Build Linux release
        run: |
@@ -215,20 +217,20 @@ jobs:
          REMOTE_DIR="public_html/builds/$DATE_PATH"
          TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
          tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-          ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-          scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+          ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+          scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
          DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
-          EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" \
+          EXISTING=$(ssh "$SSH_USER@$SSH_HOST" \
            "cat public_html/latest.json 2>/dev/null || echo '{}'")
          WINDOWS_URL=$(echo "$EXISTING" | \
            python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" \
            2>/dev/null || true)
          if [ -n "$WINDOWS_URL" ]; then
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          else
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          fi

      - name: Generate build history pages
@@ -244,6 +246,5 @@ jobs:
          rsync -avz --delete \
            --exclude='*.apk' \
            --exclude='*.tar.gz' \
-            -e "ssh -o StrictHostKeyChecking=no" \
            website/public/ \
            "$SSH_USER@$SSH_HOST:public_html/"
@@ -28,7 +28,8 @@ android/.gradle/
 android/local.properties
 android/app/google-services.json
 android/key.properties
-android/app/src/main/java/io/flutter/plugins/
+# android/app/src/main/java/io/flutter/plugins/ intentionally tracked so that
+# GeneratedPluginRegistrant.java (catch Throwable) is committed and used by CI.
 .android/
 Android/
 .gradle/
@@ -33,12 +33,12 @@ repos:
      - id: ci-no-direct-dagger
        name: check for direct dagger calls in workflows (use Task instead)
        language: system
-        entry: "bash -c 'git grep \"dagger call\" .forgejo/workflows/ && echo \"ERROR: Direct dagger calls found in workflows. Use Taskfile instead.\" && exit 1 || exit 0'"
+        entry: "bash -c 'git --no-pager grep \"dagger call\" .forgejo/workflows/ && echo \"ERROR: Direct dagger calls found in workflows. Use Taskfile instead.\" && exit 1 || exit 0'"
        pass_filenames: false
        always_run: true
      - id: dagger-progress-plain
        name: ensure all dagger calls use --progress=plain
        language: system
-        entry: "bash -c 'git grep \"dagger call\" -- \":!.pre-commit-config.yaml\" | grep -v \"\\-\\-progress=plain\" && echo \"ERROR: All dagger calls must include --progress=plain\" && exit 1 || exit 0'"
+        entry: "bash -c 'git --no-pager grep \"dagger call\" -- \":!.pre-commit-config.yaml\" | grep -v \"\\-\\-progress=plain\" && echo \"ERROR: All dagger calls must include --progress=plain\" && exit 1 || exit 0'"
        pass_filenames: false
        always_run: true
@@ -8,32 +8,41 @@ CLI tool `fgj` is available to query issues/PRs/actions.

 ## Issue Label Workflow

-We use issues, follow this label state machine:
+Automation is handled by [agentloop](https://github.com/guettli/agentloop) running every 5 minutes via cron. Add a label to trigger an agent:

- **State/Ready** — Issue is available to pick up
- **State/InProgress** — Set this when you start working on an issue
- **State/Question** — Set this when you hit a blocker or need clarification
+| Label | Trigger | Outcome |
+|---|---|---|
+| `loop/plan` | Planning agent reads the issue and writes an implementation plan as a comment | Issue moves to `loop/plan-done` |
+| `loop/code` | Coding agent implements the change, creates a branch + PR | Issue moves to `loop/code-done` |

-List open issues ready to pick up:
+**State machine:**

-```bash
-fgj issue list --json --state open | jq '[.[] | select(.labels[].name == "State/Ready")] | .[] | {number, title, html_url}'
+```
+loop/plan  →  loop/plan-in-progress  →  loop/plan-done
+                                      ↘  NeedSupervisor  (on failure)
+
+loop/code  →  loop/code-in-progress  →  loop/code-done
+                                      ↘  NeedSupervisor  (on failure)
 ```

-Rules:
+**Rules:**

- Never start work on an issue without `State/Ready`
- When working via the agent loop: `State/Ready` → `State/InProgress` is set automatically
-  by `agent_loop.py` before the agent starts — do **not** set it yourself.
- When working manually: switch to `State/InProgress` as your **first action**:
-  ```bash
-  fgj issue edit <NUMBER> --remove-label "State/Ready" --add-label "State/InProgress"
-  ```
- If blocked, replace current state label with `State/Question` and leave a comment explaining the blocker
- When done and CI is green, close the issue:
-  ```bash
-  fgj issue close <NUMBER>
-  ```
+- Only issues authored by allowed users are picked up (guettli, guettlibot, guettlibot2, forgejo-actions).
+- An issue with `NeedSupervisor` needs human attention — investigate, fix, then re-label.
+- The coding agent opens a PR but does NOT close the issue. A human reviews the PR and closes the issue after merging.
+- Planning agents only post a comment — they do NOT write code or open PRs.
+- `loop/*` labels are managed by agentloop — do not set them manually while an agent is active.
+
+**Typical lifecycle for a new feature:**
+
+```
+1. Create issue
+2. Add label loop/plan   → agent writes plan as comment
+3. Review plan, request changes or approve
+4. Add label loop/code   → agent implements + opens PR
+5. Review PR, merge
+6. Close issue
+```

 ## Code conventions

@@ -91,3 +91,93 @@ The CI workflow in `.forgejo/workflows/ci.yml` is configured to use the Dagger m
 - **Check Suite:** Runs analysis and tests in parallel.
 - **Builds:** Produces Linux and Android artifacts.
 - **Caching:** When using the shared engine, CI runners benefit from the persistent cache on the host.
+
+## Credential Security — Keeping Production Secrets Off Codeberg
+
+### Problem
+
+The current setup stores two categories of secrets in Codeberg repository secrets:
+
+1. **Dagger access credentials** — TLS certificates used to connect to the remote Dagger engine via stunnel (`DAGGER_CA_CERT`, `DAGGER_CLIENT_CERT`, `DAGGER_CLIENT_KEY`, `DAGGER_STUNNEL_URL`).
+2. **Production secrets** — actual credentials for external services: `ANDROID_KEYSTORE_BASE64`, `ANDROID_KEYSTORE_PASSWORD`, `PLAY_STORE_CONFIG_JSON`, `SSH_PRIVATE_KEY`, `FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY`.
+
+If Codeberg is compromised, both categories are leaked. The Dagger TLS certificates enable access only to the Dagger engine and have limited blast radius. But the production secrets give direct access to the Play Store, the Android signing key, the deployment server, and Firebase — a much larger blast radius.
+
+**Goal:** Keep only Dagger access credentials in Codeberg. Store all production secrets on the Dagger host machine so they never touch Codeberg.
+
+### Option 1: Runner-level environment variables
+
+Store production secrets as environment variables in the Forgejo runner's systemd service (e.g., via a `EnvironmentFile=` in the service override). The runner injects host env vars into job processes automatically. CI workflows drop the `${{ secrets.XYZ }}` references for production secrets entirely — the variables are already present in the job environment.
+
+**Pro:**
+- No new infrastructure required.
+- Works with the existing `dagger call --progress=plain --secret env:VAR_NAME` argument style.
+- Secrets never enter Codeberg.
+- Straightforward to set up on a single self-hosted runner.
+
+**Con:**
+- Env vars are visible to every process on the runner host (e.g., via `/proc/<pid>/environ`).
+- Rotating a secret requires host access (no API).
+- Does not scale cleanly to multiple runners without a shared secrets mechanism.
+
+### Option 2: Secret files on the CI host with restricted permissions
+
+Store production secrets as files owned by the runner user with mode `600` (e.g., `/home/forgejo-runner/secrets/play_store.json`). A small setup script reads the files and either exports them as env vars or passes them directly as file-type arguments to `dagger call --progress=plain`. CI workflows contain no secret references at all.
+
+**Pro:**
+- OS-level file permissions limit access to the runner user.
+- Natural format for JSON payloads and key files.
+- Easy to audit (list files, check mtime).
+- No new infrastructure.
+
+**Con:**
+- Plaintext files on disk; root or backup access exposes them.
+- Workflow must know file paths (either hardcoded or by convention).
+- Rotation still requires host filesystem access.
+
+### Option 3: Dagger host as pipeline orchestrator
+
+Instead of the CI runner invoking the Dagger CLI directly, the CI job sends a trigger to the Dagger host over SSH. The Dagger host runs the pipeline locally against its own environment, where secrets live as env vars or files. Codeberg only stores the SSH key to reach the Dagger host — not the production secrets.
+
+```yaml
+# CI job only does this:
+- name: Trigger pipeline on Dagger host
+  run: ssh dagger-host "cd sharedinbox && task publish-android"
+  env:
+    SSH_PRIVATE_KEY: ${{ secrets.DAGGER_TRIGGER_SSH_KEY }}
+```
+
+**Pro:**
+- Production secrets never leave the Dagger host.
+- Codeberg stores exactly one secret: the trigger SSH key.
+- All deployment logic and secrets are fully contained on the host.
+
+**Con:**
+- Harder to stream structured CI logs back to Codeberg Actions.
+- Dynamic context (commit SHA, PR branch) must be passed explicitly over SSH.
+- The trigger SSH key still grants shell access to the host, so its compromise has its own blast radius.
+- CI becomes a "fire-and-forget" call, making failure attribution harder.
+
+### Option 4: External secret manager (e.g., HashiCorp Vault)
+
+Run a secret manager co-located with the Dagger host. The CI job authenticates with a short-lived AppRole credential (stored in Codeberg) and retrieves secrets at runtime. Vault can also be configured with IP-allow-lists to further restrict who can authenticate.
+
+**Pro:**
+- Full audit trail: every secret read is logged with a timestamp and caller identity.
+- Fine-grained access control per secret.
+- Built-in versioning and rotation support.
+- Industry-standard approach; scales to team or multi-runner setups.
+
+**Con:**
+- Significant additional infrastructure to install, configure, and maintain.
+- Vault credentials (RoleID + SecretID) still need to be in Codeberg, though with a smaller blast radius than raw secrets.
+- Vault itself becomes a security-critical single point of failure.
+- Operational overhead likely disproportionate for a small single-developer project.
+
+### Recommendation
+
+**Option 1** (runner-level env vars) or **Option 2** (secret files) are the pragmatic starting point for a single self-hosted runner. They require no new infrastructure and move all production secrets off Codeberg immediately.
+
+**Option 3** (Dagger host as orchestrator) is worth considering once the trigger SSH key replaces all other secrets in Codeberg — it offers the cleanest security boundary at the cost of reduced CI observability.
+
+**Option 4** (Vault) becomes worthwhile if the project grows to multiple runners or team members who each need audited access to deploy credentials.
@@ -215,14 +215,16 @@ tasks:
    preconditions:
      - sh: test -n "$SSH_PRIVATE_KEY"
        msg: "SSH_PRIVATE_KEY is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"

  build-android-bundle:
    desc: Build AAB via Dagger (cached, versionCode=1 placeholder) and export locally
    cmds:
      - mkdir -p build/app/outputs/bundle/release
-      - dagger call --progress=plain -q -m ci --source=. build-android-release -o build/app/outputs/bundle/release/app-release.aab
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. build-android-release --commit-hash "$HASH" -o build/app/outputs/bundle/release/app-release.aab

  upload-android-bundle:
    desc: Upload AAB from build/ to Play Store via Dagger
@@ -236,6 +238,7 @@ tasks:

  publish-android:
    desc: Build cached AAB, stamp versionCode, sign, and publish to Play Store via Dagger
+    deps: [generate-changelog]
    preconditions:
      - sh: test -n "$PLAY_STORE_CONFIG_JSON"
        msg: "PLAY_STORE_CONFIG_JSON is not set"
@@ -244,24 +247,31 @@ tasks:
      - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
        msg: "ANDROID_KEYSTORE_PASSWORD is not set"
    cmds:
-      - dagger call --progress=plain -q -m ci --source=. publish-android --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. publish-android --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --commit-hash "$HASH"

  deploy-apk:
    desc: Build and deploy Android APK via Dagger
    preconditions:
      - sh: test -n "$SSH_PRIVATE_KEY"
        msg: "SSH_PRIVATE_KEY is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
      - sh: test -n "$ANDROID_KEYSTORE_BASE64"
        msg: "ANDROID_KEYSTORE_BASE64 is not set"
      - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
        msg: "ANDROID_KEYSTORE_PASSWORD is not set"
    cmds:
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"

  publish-website:
    desc: Build and publish website via Dagger
+    preconditions:
+      - sh: test -n "$SSH_PRIVATE_KEY"
+        msg: "SSH_PRIVATE_KEY is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
-      - dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key file:$HOME/.ssh/id_ed25519 --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
+      - dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"

  check-dagger:
    desc: Run full check suite via Dagger (with OTEL timing report if python3 is available)
@@ -284,8 +294,13 @@ tasks:
          for attempt in 1 2 3; do
            run_dagger "$@" && return 0
            RC=$?
-            if [ "$attempt" -lt 3 ] && grep -qE "connection reset|context canceled|connection refused" "$DAGGER_OUT"; then
+            if [ "$attempt" -lt 3 ] && { grep -qE "connection reset|context canceled|context deadline exceeded|connection refused|invalid return status code" "$DAGGER_OUT" || [ "$RC" -eq 2 ]; }; then
              echo "$(_ts) dagger: network error on attempt $attempt/3, retrying..." >&2
+            elif [ "$attempt" -lt 3 ] && grep -q "No space left on device" "$DAGGER_OUT"; then
+              echo "$(_ts) dagger: disk space error on attempt $attempt/3, pruning Dagger cache..." >&2
+              dagger query '{ engine { localCache { prune(targetSpace: "20gb") } } }' 2>/dev/null || true
+              echo "$(_ts) dagger: waiting 90s for freed space to settle..." >&2
+              sleep 90
            else
              return "$RC"
            fi
@@ -315,6 +330,20 @@ tasks:
        wait "$RECV_PID" 2>/dev/null || true
        exit $RC

+  dagger-prune:
+    desc: Prune the Dagger engine cache (keeps named volumes unless total exceeds 75 GB, then targets 50 GB)
+    cmds:
+      - |
+        dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }'
+
+  renovate:
+    desc: Run Renovate bot against the repository via Dagger
+    preconditions:
+      - sh: test -n "$RENOVATE_FORGEJO_TOKEN"
+        msg: "RENOVATE_FORGEJO_TOKEN is not set"
+    cmds:
+      - dagger call --progress=plain -q -m ci --source=. renovate --renovate-token env:RENOVATE_FORGEJO_TOKEN
+
  integration-android:
    desc: UI integration tests on a connected Android emulator (Stalwart on host, emulator reaches it via 10.0.2.2)
    deps: [_preflight, _android-sdk-check, _android-avd-setup]
@@ -362,25 +391,29 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
        tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
        # Merge with any existing latest.json so we don't overwrite the windows key
-        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        WINDOWS_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" 2>/dev/null || true)
        if [ -n "$WINDOWS_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $TARBALL and updated latest.json"

@@ -405,24 +438,28 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        ZIPFILE="sharedinbox-windows-x64-$HASH.zip"
        cd build/windows/x64/runner && zip -r /tmp/$ZIPFILE Release/ && cd -
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$ZIPFILE"
-        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        LINUX_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('linux',''))" 2>/dev/null || true)
        if [ -n "$LINUX_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$LINUX_URL\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $ZIPFILE and updated latest.json"

@@ -572,14 +609,18 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        APK_NAME="sharedinbox-mua-$HASH.apk"
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no \
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp \
          build/app/outputs/flutter-apk/app-release.apk \
          "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$APK_NAME"
        echo "Uploaded $APK_NAME to $REMOTE_DIR"
@@ -608,12 +649,16 @@ tasks:
  website-deploy:
    desc: Deploy the website via rsync to public_html
    deps: [website-build]
+    preconditions:
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        rsync -avz --delete \
          --exclude='*.apk' \
          --exclude='*.tar.gz' \
-          -e "ssh -o StrictHostKeyChecking=no" \
          website/public/ \
          ${SSH_USER}@${SSH_HOST}:public_html/

@@ -4,7 +4,6 @@ gradle-wrapper.jar
 /gradlew
 /gradlew.bat
 /local.properties
-GeneratedPluginRegistrant.java
 .cxx/

 # Remember to never publicly share your keystore.
@@ -67,7 +67,7 @@ flutter {

 dependencies {
    // Required for flutter_local_notifications and other plugins that need Java 8+ APIs on API < 26.
-    coreLibraryDesugaring("com.android.tools:desugar_jdk_libs:2.1.4")
+    coreLibraryDesugaring("com.android.tools:desugar_jdk_libs:2.1.5")
    // integration_test is a dev dependency; the Flutter plugin loader adds it as
    // debugImplementation only, but GeneratedPluginRegistrant.java (in src/main)
    // references its class in all variants. Make it available for release compilation
@@ -0,0 +1,89 @@
+package io.flutter.plugins;
+
+import androidx.annotation.Keep;
+import androidx.annotation.NonNull;
+import io.flutter.Log;
+
+import io.flutter.embedding.engine.FlutterEngine;
+
+/**
+ * Generated file. Do not edit.
+ * This file is generated by the Flutter tool based on the
+ * plugins that support the Android platform.
+ */
+@Keep
+public final class GeneratedPluginRegistrant {
+  private static final String TAG = "GeneratedPluginRegistrant";
+  public static void registerWith(@NonNull FlutterEngine flutterEngine) {
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.device_info.DeviceInfoPlusPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin device_info_plus, dev.fluttercommunity.plus.device_info.DeviceInfoPlusPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.mr.flutter.plugin.filepicker.FilePickerPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin file_picker, com.mr.flutter.plugin.filepicker.FilePickerPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.dexterous.flutterlocalnotifications.FlutterLocalNotificationsPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin flutter_local_notifications, com.dexterous.flutterlocalnotifications.FlutterLocalNotificationsPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.flutter_plugin_android_lifecycle.FlutterAndroidLifecyclePlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin flutter_plugin_android_lifecycle, io.flutter.plugins.flutter_plugin_android_lifecycle.FlutterAndroidLifecyclePlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin flutter_secure_storage, com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.flutter.plugins.integration_test.IntegrationTestPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin integration_test, dev.flutter.plugins.integration_test.IntegrationTestPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.steenbakker.mobile_scanner.MobileScannerPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin mobile_scanner, dev.steenbakker.mobile_scanner.MobileScannerPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.crazecoder.openfile.OpenFilePlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin open_filex, com.crazecoder.openfile.OpenFilePlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.packageinfo.PackageInfoPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin package_info_plus, dev.fluttercommunity.plus.packageinfo.PackageInfoPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.pathprovider.PathProviderPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin path_provider_android, io.flutter.plugins.pathprovider.PathProviderPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.share.SharePlusPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin share_plus, dev.fluttercommunity.plus.share.SharePlusPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.urllauncher.UrlLauncherPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin url_launcher_android, io.flutter.plugins.urllauncher.UrlLauncherPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.webviewflutter.WebViewFlutterPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin webview_flutter_android, io.flutter.plugins.webviewflutter.WebViewFlutterPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.workmanager.WorkmanagerPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin workmanager_android, dev.fluttercommunity.workmanager.WorkmanagerPlugin", e);
+    }
+  }
+}
@@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.5-all.zip
@@ -44,10 +44,10 @@ require (
 	google.golang.org/protobuf v1.36.11 // indirect
 )

-replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0
+replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0

-replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0
+replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.19.0

-replace go.opentelemetry.io/otel/log => go.opentelemetry.io/otel/log v0.16.0
+replace go.opentelemetry.io/otel/log => go.opentelemetry.io/otel/log v0.19.0

-replace go.opentelemetry.io/otel/sdk/log => go.opentelemetry.io/otel/sdk/log v0.16.0
+replace go.opentelemetry.io/otel/sdk/log => go.opentelemetry.io/otel/sdk/log v0.19.0
@@ -195,7 +195,8 @@ func (m *Ci) toolchain() *dagger.Container {
 		WithUser("ci").
 		WithExec([]string{"/bin/sh", "-c",
 			`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
-				`yes | sdkmanager "ndk;28.2.13676358" "cmake;3.22.1" "build-tools;35.0.0" "platforms;android-34" >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }`})
+				`yes | sdkmanager "ndk;28.2.13676358" "cmake;3.22.1" "build-tools;35.0.0" "platforms;android-34" >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }`}).
+		WithExec([]string{"flutter", "precache", "--linux", "--no-android", "--no-ios"})
 }

 // Base is the Flutter toolchain container with mutable cache mounts attached.
@@ -221,7 +222,7 @@ func (m *Ci) pubGetLayer() *dagger.Container {
 		WithExec([]string{"/bin/bash", "-c",
 			`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
 				`flutter pub get >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
-				`grep -vE '^[+~><] ' "$tmp" || true`}).
+				`grep -vE '^(\+|Downloading packages)' "$tmp" || true`}).
 		WithExec([]string{"python3", "-c",
 			"import json, os\n" +
 				"f='.dart_tool/package_config.json'; d=json.load(open(f)); [d.pop(k,None) for k in ('generated','generatorVersion')]; json.dump(d,open(f,'w'))\n" +
@@ -245,7 +246,7 @@ func (m *Ci) codegenBase() *dagger.Container {
 		WithExec([]string{"/bin/bash", "-c",
 			`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
 				`flutter pub run build_runner build --delete-conflicting-outputs >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
-				`grep -vE '^\[' "$tmp" || true`})
+				`grep -vE '^\[.*s\] \|' "$tmp" || true`})
 }

 // setup overlays platform-specific source files onto the shared codegen base.
@@ -285,6 +286,21 @@ func (m *Ci) firebaseSrc() *dagger.Directory {
 	})
 }

+// androidBase wraps setup(androidSrc()) with the Gradle named-cache so that
+// Gradle dependencies survive across Dagger execution-cache misses.
+func (m *Ci) androidBase() *dagger.Container {
+	return m.setup(m.androidSrc()).
+		WithMountedCache("/home/ci/.gradle", dag.CacheVolume("gradle-cache"),
+			dagger.ContainerWithMountedCacheOpts{Owner: "ci"})
+}
+
+// firebaseBase wraps setup(firebaseSrc()) with the Gradle named-cache.
+func (m *Ci) firebaseBase() *dagger.Container {
+	return m.setup(m.firebaseSrc()).
+		WithMountedCache("/home/ci/.gradle", dag.CacheVolume("gradle-cache"),
+			dagger.ContainerWithMountedCacheOpts{Owner: "ci"})
+}
+
 // linuxSrc is the source subset for Linux builds and integration tests.
 func (m *Ci) linuxSrc() *dagger.Directory {
 	return m.Source.Filter(dagger.DirectoryFilterOpts{
@@ -312,17 +328,19 @@ func (m *Ci) Hugo() *dagger.Container {
 		From("alpine:3.21").
 		WithExec([]string{"apk", "--no-cache", "add", "curl", "tar", "libc6-compat", "libstdc++", "gcompat"}).
 		WithExec([]string{"curl", "-sL", "https://github.com/gohugoio/hugo/releases/download/v0.152.2/hugo_extended_0.152.2_linux-amd64.tar.gz", "-o", "/tmp/hugo.tar.gz"}).
+		WithExec([]string{"sh", "-c", "echo '416bcfbdf5f68469ec9644dbe507da50fc21b94b69a125b059d64ed2cb4d8c27  /tmp/hugo.tar.gz' | sha256sum -c -"}).
 		WithExec([]string{"tar", "-xzf", "/tmp/hugo.tar.gz", "-C", "/usr/local/bin", "hugo"}).
 		WithExec([]string{"rm", "/tmp/hugo.tar.gz"})
 }

 // Deploy container for rsync/ssh
-func (m *Ci) Deployer(sshKey *dagger.Secret) *dagger.Container {
+func (m *Ci) Deployer(sshKey *dagger.Secret, knownHosts *dagger.Secret) *dagger.Container {
 	return dag.Container().
 		From("alpine:3.21").
 		WithExec([]string{"apk", "--no-cache", "add", "rsync", "openssh-client", "python3", "tar"}).
 		WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
-		WithEnvVariable("RSYNC_RSH", "ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519")
+		WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
+		WithEnvVariable("RSYNC_RSH", "ssh -i /root/.ssh/id_ed25519")
 }

 // Stalwart mail server service for backend and integration tests.
@@ -410,7 +428,7 @@ func (m *Ci) CheckMocks(ctx context.Context) (string, error) {
 		WithExec([]string{"/bin/bash", "-c",
 			`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
 				`flutter pub run build_runner build --delete-conflicting-outputs >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
-				`grep -vE '^\[' "$tmp" || true`}).
+				`grep -vE '^\[.*s\] \|' "$tmp" || true`}).
 		WithExec([]string{"/bin/bash", "-c", "CHANGED=$(find . -name '*.mocks.dart' | xargs -r git diff --exit-code); if [ $? -ne 0 ]; then echo \"ERROR: Mocks are out of date\"; exit 1; fi; echo \"Mocks are up to date.\""}).
 		Stdout(ctx)
 }
@@ -513,6 +531,7 @@ func (m *Ci) Check(ctx context.Context) (string, error) {
 func (m *Ci) GenerateBuildHistory(
 	ctx context.Context,
 	sshKey *dagger.Secret,
+	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) *dagger.Directory {
@@ -524,7 +543,7 @@ func (m *Ci) GenerateBuildHistory(
 		From("python:3.12-alpine").
 		WithExec([]string{"apk", "add", "--no-cache", "openssh-client"}).
 		WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
-		WithExec([]string{"chmod", "700", "/root/.ssh"}).
+		WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
 		WithEnvVariable("SSH_USER", sshUser).
 		WithEnvVariable("SSH_HOST", sshHost).
 		WithDirectory("/src", scriptSource).
@@ -537,10 +556,11 @@ func (m *Ci) GenerateBuildHistory(
 func (m *Ci) BuildWebsite(
 	ctx context.Context,
 	sshKey *dagger.Secret,
+	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) *dagger.Directory {
-	buildHistory := m.GenerateBuildHistory(ctx, sshKey, sshUser, sshHost)
+	buildHistory := m.GenerateBuildHistory(ctx, sshKey, knownHosts, sshUser, sshHost)

 	websiteSource := m.Source.Filter(dagger.DirectoryFilterOpts{
 		Include: []string{"website/"},
@@ -557,12 +577,13 @@ func (m *Ci) BuildWebsite(
 func (m *Ci) PublishWebsite(
 	ctx context.Context,
 	sshKey *dagger.Secret,
+	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 ) (string, error) {
-	public := m.BuildWebsite(ctx, sshKey, sshUser, sshHost)
+	public := m.BuildWebsite(ctx, sshKey, knownHosts, sshUser, sshHost)

-	return m.Deployer(sshKey).
+	return m.Deployer(sshKey, knownHosts).
 		WithDirectory("/public", public).
 		WithExec([]string{"rsync", "-avz", "--delete",
 			"--exclude=*.apk", "--exclude=*.tar.gz",
@@ -578,9 +599,17 @@ func (m *Ci) BuildLinux() *dagger.Directory {
 }

 // BuildLinuxRelease builds the Linux release bundle.
-func (m *Ci) BuildLinuxRelease() *dagger.Directory {
+func (m *Ci) BuildLinuxRelease(
+	// Git commit hash injected as GIT_HASH dart-define so the About page can display it.
+	// +optional
+	commitHash string,
+) *dagger.Directory {
+	args := []string{"flutter", "build", "linux", "--release"}
+	if commitHash != "" {
+		args = append(args, "--dart-define=GIT_HASH="+commitHash)
+	}
 	return m.setup(m.linuxSrc()).
-		WithExec([]string{"flutter", "build", "linux", "--release"}).
+		WithExec(args).
 		Directory("build/linux/x64/release/bundle")
 }

@@ -588,36 +617,48 @@ func (m *Ci) BuildLinuxRelease() *dagger.Directory {
 func (m *Ci) DeployLinux(
 	ctx context.Context,
 	sshKey *dagger.Secret,
+	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 	commitHash string,
 ) (string, error) {
-	bundle := m.BuildLinuxRelease()
+	bundle := m.BuildLinuxRelease(commitHash)

 	datePath := time.Now().Format("2006/01/02")
 	remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
 	tarball := fmt.Sprintf("sharedinbox-linux-amd64-%s.tar.gz", commitHash)

-	return m.Deployer(sshKey).
+	return m.Deployer(sshKey, knownHosts).
 		WithDirectory("/bundle", bundle).
 		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("tar -czf /tmp/%s -C /bundle .", tarball)}).
-		WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
-		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
+		WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
+		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
 		Stdout(ctx)
 }

 // setupKeystore decodes the base64 keystore into the android build container.
 func (m *Ci) setupKeystore(keystoreBase64 *dagger.Secret, keystorePassword *dagger.Secret) *dagger.Container {
-	return m.setup(m.androidSrc()).
+	return m.androidBase().
 		WithSecretVariable("ANDROID_KEYSTORE_BASE64", keystoreBase64).
 		WithSecretVariable("ANDROID_KEYSTORE_PASSWORD", keystorePassword).
 		WithExec([]string{"/bin/sh", "-c", `echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > android/app/upload-keystore.jks`})
 }

 // BuildAndroidApk builds a release APK signed with the upload key.
-func (m *Ci) BuildAndroidApk(keystoreBase64 *dagger.Secret, keystorePassword *dagger.Secret, buildNumber string) *dagger.File {
+func (m *Ci) BuildAndroidApk(
+	keystoreBase64 *dagger.Secret,
+	keystorePassword *dagger.Secret,
+	buildNumber string,
+	// Git commit hash injected as GIT_HASH dart-define so the About page can display it.
+	// +optional
+	commitHash string,
+) *dagger.File {
+	args := []string{"flutter", "build", "apk", "--release", "--no-pub", "--build-number", buildNumber}
+	if commitHash != "" {
+		args = append(args, "--dart-define=GIT_HASH="+commitHash)
+	}
 	return m.setupKeystore(keystoreBase64, keystorePassword).
-		WithExec([]string{"flutter", "build", "apk", "--release", "--no-pub", "--build-number", buildNumber}).
+		WithExec(args).
 		File("build/app/outputs/flutter-apk/app-release.apk")
 }

@@ -625,6 +666,7 @@ func (m *Ci) BuildAndroidApk(keystoreBase64 *dagger.Secret, keystorePassword *da
 func (m *Ci) DeployApk(
 	ctx context.Context,
 	sshKey *dagger.Secret,
+	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
 	commitHash string,
@@ -632,26 +674,28 @@ func (m *Ci) DeployApk(
 	keystorePassword *dagger.Secret,
 	buildNumber string,
 ) (string, error) {
-	apk := m.BuildAndroidApk(keystoreBase64, keystorePassword, buildNumber)
+	apk := m.BuildAndroidApk(keystoreBase64, keystorePassword, buildNumber, commitHash)

 	datePath := time.Now().Format("2006/01/02")
 	remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
 	apkName := fmt.Sprintf("sharedinbox-mua-%s.apk", commitHash)

-	return m.Deployer(sshKey).
+	return m.Deployer(sshKey, knownHosts).
 		WithFile("/tmp/app.apk", apk).
-		WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
-		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
+		WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
+		WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
 		Stdout(ctx)
 }

 // BuildAndroidDebugApks builds the debug app APK and the androidTest APK needed for Firebase Test Lab.
 // Returns a flat directory with app-debug.apk and app-debug-androidTest.apk.
 func (m *Ci) BuildAndroidDebugApks() *dagger.Directory {
-	built := m.setup(m.firebaseSrc()).
+	built := m.firebaseBase().
 		WithExec([]string{"flutter", "build", "apk", "--debug", "--no-pub"}).
 		WithWorkdir("/src/android").
-		WithExec([]string{"./gradlew", "app:assembleAndroidTest"}).
+		// --no-daemon avoids connecting to a stale daemon whose registry file was
+		// preserved in the Dagger layer snapshot but whose process no longer exists.
+		WithExec([]string{"./gradlew", "--no-daemon", "app:assembleAndroidTest"}).
 		WithWorkdir("/src").
 		WithExec([]string{"/bin/bash", "-c",
 			`apk=$(find /src -path "*androidTest*" -name "*.apk" -type f 2>/dev/null | head -1) && \
@@ -705,9 +749,17 @@ func (m *Ci) TestAndroidFirebase(

 // BuildAndroidRelease builds the AAB with a fixed build-number so Dagger can cache it.
 // versionCode and signing are applied separately via StampAndroidVersionCode + SignAndroidBundle.
-func (m *Ci) BuildAndroidRelease() *dagger.File {
-	return m.setup(m.androidSrc()).
-		WithExec([]string{"flutter", "build", "appbundle", "--release", "--no-pub", "--build-number", "1"}).
+func (m *Ci) BuildAndroidRelease(
+	// Git commit hash injected as GIT_HASH dart-define so the About page can display it.
+	// +optional
+	commitHash string,
+) *dagger.File {
+	args := []string{"flutter", "build", "appbundle", "--release", "--no-pub", "--build-number", "1"}
+	if commitHash != "" {
+		args = append(args, "--dart-define=GIT_HASH="+commitHash)
+	}
+	return m.androidBase().
+		WithExec(args).
 		File("build/app/outputs/bundle/release/app-release.aab")
 }

@@ -735,7 +787,7 @@ func (m *Ci) UploadToPlayStore(
 		From("python:3.12-alpine").
 		WithExec([]string{"apk", "add", "--no-cache", "curl"}).
 		WithMountedCache("/root/.cache/pip", dag.CacheVolume("pip-cache")).
-		WithExec([]string{"pip", "install", "requests", "google-auth"}).
+		WithExec([]string{"pip", "install", "google-auth", "requests"}).
 		WithFile("/src/build/app/outputs/bundle/release/app-release.aab", aab).
 		WithFile("/src/scripts/deploy_playstore.py", scriptSource.File("scripts/deploy_playstore.py")).
 		WithSecretVariable("PLAY_STORE_CONFIG_JSON", playStoreConfig).
@@ -779,14 +831,41 @@ func (m *Ci) PublishAndroid(
 	playStoreConfig *dagger.Secret,
 	keystoreBase64 *dagger.Secret,
 	keystorePassword *dagger.Secret,
+	// Git commit hash injected as GIT_HASH dart-define so the About page can display it.
+	// +optional
+	commitHash string,
 ) (string, error) {
 	versionCode := int(time.Now().Unix())
-	aab := m.BuildAndroidRelease()
+	aab := m.BuildAndroidRelease(commitHash)
 	stamped := m.StampAndroidVersionCode(aab, versionCode)
 	signed := m.SignAndroidBundle(stamped, keystoreBase64, keystorePassword)
 	return m.UploadToPlayStore(ctx, signed, playStoreConfig)
 }

+// Renovate runs Renovate bot against the repository on Forgejo/Codeberg.
+func (m *Ci) Renovate(ctx context.Context, renovateToken *dagger.Secret) (string, error) {
+	// Codeberg's GET /pulls?state=all&limit=100 times out with a 504, but limit=10
+	// completes in ~9 s. Patch the compiled pr-cache.js to use 10 instead of the
+	// hardcoded 20/100 values before launching renovate.
+	const patchCmd = `for f in \
+			/usr/local/renovate/dist/modules/platform/forgejo/pr-cache.js \
+			/usr/local/renovate/dist/modules/platform/gitea/pr-cache.js; do \
+		sed -i 's/limit: this\.items\.length ? 20 : 100/limit: this.items.length ? 10 : 10/' "$f" && echo "patched $f"; \
+		done`
+	return dag.Container().
+		From("renovate/renovate:43").
+		WithSecretVariable("RENOVATE_TOKEN", renovateToken).
+		WithEnvVariable("RENOVATE_PLATFORM", "forgejo").
+		WithEnvVariable("RENOVATE_ENDPOINT", "https://codeberg.org").
+		WithEnvVariable("RENOVATE_REPOSITORIES", "guettli/sharedinbox").
+		WithEnvVariable("LOG_LEVEL", "info").
+		WithUser("root").
+		WithExec([]string{"/bin/sh", "-c", patchCmd}).
+		WithUser("ubuntu").
+		WithExec([]string{"renovate"}).
+		Stdout(ctx)
+}
+
 // Graph returns a Mermaid diagram of the CI pipeline structure.
 // Paste the output into any Mermaid renderer (codeberg, github, mermaid.live)
 // or save it as a .md file to get a rendered diagram.
@@ -800,7 +879,7 @@ func (m *Ci) Graph() string {
 ` + "```" + `mermaid
 flowchart TD
    subgraph dagger ["Dagger · Check pipeline"]
-        toolchain["toolchain\nflutter:3.41.6 + NDK + apt"]
+        toolchain["toolchain\nflutter:3.41.6 + NDK + apt + precache"]
        pubGet["pubGetLayer\nflutter pub get"]
        codegen["codegenBase\nbuild_runner build\n(shared cache)"]
        stalwart(["Stalwart service\nIMAP · JMAP · SMTP · Sieve"])
@@ -831,16 +910,25 @@ flowchart TD
        integration --> check
    end

-    subgraph forgejo ["Codeberg CI · .forgejo/workflows/ci.yml"]
+    subgraph forgejo_ci ["Codeberg CI · ci.yml (push/PR, source paths only)"]
        ciCheck["check"]
-        buildLinux["build-linux\n(main only)"]
-        deployPS["deploy-playstore\n(main only)"]
-        pubWeb["publish-website\n(main only)"]
+    end

-        ciCheck --> buildLinux
-        ciCheck --> deployPS
+    subgraph forgejo_deploy ["Codeberg CI · deploy.yml (hourly schedule + workflow_dispatch)"]
+        detectChanges["check-changes\ndetect android / linux diff"]
+        buildLinux["build-linux\n(linux changed)"]
+        deployPS["deploy-playstore\n(android changed)"]
+        deployApk["deploy-apk\n(android changed)"]
+        fbTest["test-android-firebase\n(android changed)"]
+        pubWeb["publish-website\n(any build succeeded)"]
+
+        detectChanges --> buildLinux
+        detectChanges --> deployPS
+        detectChanges --> deployApk
+        detectChanges --> fbTest
        buildLinux  --> pubWeb
        deployPS    --> pubWeb
+        deployApk   --> pubWeb
    end

    check -- "task check-dagger" --> ciCheck
@@ -13,7 +13,7 @@ export SSH_PRIVATE_KEY=$(cat "$HOME/.ssh/id_ed25519")

 # Add nix profile and nix store tools (task, dagger) to PATH
 export PATH="$HOME/.nix-profile/bin:$PATH"
-for pkg in "*go-task-*/bin/task" "*dagger-*/bin/dagger"; do
+for pkg in "*go-task-*/bin/task" "*dagger-*/bin/dagger" "*fgj-*/bin/fgj"; do
    bin=$(ls -d /nix/store/$pkg 2>/dev/null | sort -V | tail -1)
    [ -n "$bin" ] && export PATH="$(dirname "$bin"):$PATH"
 done
@@ -1,24 +1,17 @@
 #!/usr/bin/env python3
 """
 Cron deploy script for sharedinbox website.
-Runs every 5 minutes; skips if origin/main has not changed since last successful deploy.
-Gives up and creates a Codeberg issue after 5 consecutive failures on the same commit.
+Runs every 5 minutes; skips if origin/main has not changed since last trigger.
+Triggers the 'Deploy Website' Forgejo Actions workflow via fgj on each new commit.
+Forgejo Actions handles failure reporting.
 """
 import subprocess
 import sys
-from datetime import datetime, timezone
 from pathlib import Path

 REPO_DIR = Path(__file__).parent.resolve()
-SHA_FILE        = REPO_DIR / '.last_deployed_sha'
-FAILED_SHA_FILE = REPO_DIR / '.last_failed_sha'
-FAIL_COUNT_FILE = REPO_DIR / '.fail_count'
-ERROR_FILE      = REPO_DIR / '.last_deploy_error'
-ISSUE_SHA_FILE  = REPO_DIR / '.last_issue_sha'
-
-MAX_FAILURES = 5
+SHA_FILE = REPO_DIR / '.last_deployed_sha'
 REPO = 'guettli/sharedinbox'
-CODEBERG = 'https://codeberg.org'


 def git(*args):
@@ -32,115 +25,30 @@ def read(path: Path) -> str:
    return path.read_text().strip() if path.exists() else ''


-def read_int(path: Path) -> int:
-    try:
-        return int(read(path))
-    except ValueError:
-        return 0
-
-
-def issue_exists_for(sha: str) -> bool:
-    """Check Codeberg for an open issue referencing this commit SHA."""
-    result = subprocess.run(
-        ['tea', 'issue', 'list', '--repo', REPO, '--state', 'open',
-         '--limit', '50', '--output', 'simple'],
-        capture_output=True, text=True,
-    )
-    return sha[:8] in result.stdout
-
-
-def create_issue(failed_sha: str, fail_count: int) -> None:
-    error_output = read(ERROR_FILE)
-    tail = '\n'.join(error_output.splitlines()[-40:]) if error_output else '(no output captured)'
-    commit_url = f'{CODEBERG}/{REPO}/commit/{failed_sha}'
-    script_url = f'{CODEBERG}/{REPO}/src/branch/main/deploy_cron.py'
-    timestamp = datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M UTC')
-
-    title = f'Deploy failed {fail_count}x on {failed_sha[:8]} — needs fix'
-    body = f"""\
-## Deploy failure — action needed
-
-The automated deploy cron failed **{fail_count} times** on commit \
-[{failed_sha[:8]}]({commit_url}) and has stopped retrying.
-
-| | |
-|---|---|
-| **Detected** | {timestamp} |
-| **Failing commit** | [{failed_sha}]({commit_url}) |
-| **Failures** | {fail_count} / {MAX_FAILURES} |
-| **Deploy script** | [deploy_cron.py]({script_url}) |
-| **Log file** | `~/si-deploy-cron/deploy.log` |
-
-### Last deploy output
-
-```
-{tail}
-```
-
-### Next steps
-
-Push a fix to `main` — the cron (every 5 min) will retry automatically on the next commit.
-"""
-
-    result = subprocess.run(
-        ['tea', 'issue', 'create',
-         '--repo', REPO,
-         '--title', title,
-         '--description', body,
-         '--labels', 'State/Ready,Prio/High'],
-        capture_output=True, text=True,
-    )
-    if result.returncode != 0:
-        print(f'Failed to create issue: {result.stderr}', file=sys.stderr)
-    else:
-        print(f'Issue created: {result.stdout.strip()}')
-
-
 def main():
-    git('fetch', 'origin', 'main')
+    try:
+        git('fetch', 'origin', 'main')
+    except subprocess.CalledProcessError as exc:
+        print(f'git fetch failed (transient?): {exc} — skipping this run.', file=sys.stderr)
+        return
    remote_sha = git('rev-parse', 'origin/main')
-
-    last_sha    = read(SHA_FILE)
-    last_failed = read(FAILED_SHA_FILE)
-    fail_count  = read_int(FAIL_COUNT_FILE) if remote_sha == last_failed else 0
-    last_issue  = read(ISSUE_SHA_FILE)
+    last_sha = read(SHA_FILE)

    if remote_sha == last_sha:
        print(f'No changes since {remote_sha[:8]}, skipping.')
        return

-    if fail_count >= MAX_FAILURES:
-        if remote_sha != last_issue and not issue_exists_for(remote_sha):
-            print(f'{remote_sha[:8]} failed {fail_count}x — creating issue.')
-            create_issue(remote_sha, fail_count)
-            ISSUE_SHA_FILE.write_text(remote_sha + '\n')
-        else:
-            print(f'{remote_sha[:8]} failed {fail_count}x, issue already exists, skipping.')
-        return
-
-    attempt = fail_count + 1
-    print(f'Deploying {remote_sha[:8]} (attempt {attempt}/{MAX_FAILURES}, was {last_sha[:8] or "none"})...')
-    git('pull', '--ff-only', 'origin', 'main')
-
+    print(f'New commit {remote_sha[:8]} (was {last_sha[:8] or "none"}) — triggering workflow...')
    result = subprocess.run(
-        ['task', 'publish-website'],
-        cwd=REPO_DIR,
+        ['fgj', 'actions', 'workflow', 'run', 'website.yml', '-R', REPO],
        capture_output=True, text=True,
    )
-    combined = result.stdout + result.stderr
-    print(combined, end='')
-
    if result.returncode != 0:
-        print(f'Deploy failed (exit {result.returncode}), attempt {attempt}/{MAX_FAILURES}', file=sys.stderr)
-        FAILED_SHA_FILE.write_text(remote_sha + '\n')
-        FAIL_COUNT_FILE.write_text(str(attempt) + '\n')
-        ERROR_FILE.write_text(combined)
+        print(f'fgj workflow run failed: {result.stderr}', file=sys.stderr)
        sys.exit(1)

    SHA_FILE.write_text(remote_sha + '\n')
-    for f in (FAILED_SHA_FILE, FAIL_COUNT_FILE, ERROR_FILE, ISSUE_SHA_FILE):
-        f.unlink(missing_ok=True)
-    print('Deploy complete.')
+    print('Workflow triggered.')


 if __name__ == '__main__':
@@ -4,6 +4,28 @@ This file contains tasks which got implemented.

 Tasks get moved from next.md to done.md

+## Tasks (2026-05-29)
+
+- **Merge PR #307 — user preferences and configurable navigation (Issue #315)**: Confirmed that
+  all features from PR #307 (issue #299) were already merged into main via separate PRs:
+  - Configurable menu bar position (bottom/top) for mailbox view — merged via #298/#303
+  - Configurable back button position for single mail view — merged via #299/#307 features in #300
+  - Configurable "after mail action" (next message / return to mailbox) — merged via #300/#308
+  - Archive button with `resolveMailboxByRole` helper — merged via #287/#291, #286/#290
+  - User preferences DB schema (v34–v36: `user_preferences` table) — in main
+  - PR #307 and issue #299 closed.
+  - Issue #315 closed.
+
+## Tasks (2026-05-26)
+
+- **Renovate Bot (Issue #257)**: Renovate Bot runs daily via Forgejo Actions to keep
+  dependencies up to date. All required components are in main:
+  - `renovate.json` — Renovate configuration covering pub, Dockerfile, and Forgejo Actions
+  - `ci/main.go` — `Renovate()` Dagger function using Forgejo platform and Codeberg endpoint
+  - `.forgejo/workflows/renovate.yml` — daily cron (06:00 UTC) workflow
+  - `Taskfile.yml` — `renovate` task
+  - Issue #257 closed.
+
 ## Tasks (2026-05-11)

 - **Stabilize Email List UI during Selection (Issue #14)**: Prevented layout shifts when entering
@@ -94,8 +94,9 @@
            sqlite
            # python3 base + Google Play API client (for scripts/deploy_playstore.py)
            (python3.withPackages (ps: with ps; [
-              google-auth
-              requests
+              google-api-python-client
+              google-auth-httplib2
+              httplib2
            ]))  # used by stalwart-dev/start and deploy_playstore.py
            fgj      # Codeberg/Forgejo CLI (like gh for GitHub)
          ]);
@@ -317,7 +317,7 @@ void main() {

      // ── Check Sent folder ──────────────────────────────────────────────────
      // Use the drawer to switch folders (no back button on Linux desktop).
-      await tester.tap(find.byTooltip('Open navigation menu'));
+      await tester.tap(find.byTooltip('Open folders'));
      await tester.pumpAndSettle();
      await tester.tap(find.text('Sent'));
      await tester.pumpAndSettle();
@@ -331,7 +331,7 @@ void main() {
      expect(find.text(subject), findsOneWidget);

      // ── Check Inbox ────────────────────────────────────────────────────────
-      await tester.tap(find.byTooltip('Open navigation menu'));
+      await tester.tap(find.byTooltip('Open folders'));
      await tester.pumpAndSettle();
      await tester.tap(find.text('INBOX'));
      await tester.pumpAndSettle();
@@ -0,0 +1 @@
+const int dbSchemaVersion = 36;
@@ -0,0 +1,14 @@
+enum MenuPosition { bottom, top }
+
+enum AfterMailViewAction { nextMessage, showMailbox }
+
+class UserPreferences {
+  const UserPreferences({
+    this.menuPosition = MenuPosition.bottom,
+    this.mailViewButtonPosition = MenuPosition.bottom,
+    this.afterMailViewAction = AfterMailViewAction.nextMessage,
+  });
+  final MenuPosition menuPosition;
+  final MenuPosition mailViewButtonPosition;
+  final AfterMailViewAction afterMailViewAction;
+}
@@ -11,4 +11,13 @@ abstract class MailboxRepository {

  /// Deletes all locally-cached mailbox rows for [accountId].
  Future<void> clearForResync(String accountId);
+
+  /// Creates a new mailbox named [name] for [accountId] and tags it with
+  /// [role] in the local database. For JMAP accounts the role is also sent
+  /// to the server. Returns the newly created [Mailbox].
+  Future<Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  );
 }
@@ -19,6 +19,8 @@ class SyncLogEntry {
    required this.id,
    required this.result,
    this.errorMessage,
+    this.stackTrace,
+    this.isPermanent = false,
    required this.protocol,
    required this.emailsFetched,
    required this.emailsSkipped,
@@ -34,6 +36,8 @@ class SyncLogEntry {
  final int id;
  final String result; // 'ok' or 'error'
  final String? errorMessage;
+  final String? stackTrace;
+  final bool isPermanent;
  final String protocol; // 'imap' or 'jmap'
  final int emailsFetched;
  final int emailsSkipped;
@@ -54,6 +58,8 @@ abstract class SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -81,6 +87,8 @@ class NoOpSyncLogRepository implements SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -0,0 +1,8 @@
+import 'package:sharedinbox/core/models/user_preferences.dart';
+
+abstract class UserPreferencesRepository {
+  Stream<UserPreferences> observePreferences();
+  Future<void> updateMenuPosition(MenuPosition position);
+  Future<void> updateMailViewButtonPosition(MenuPosition position);
+  Future<void> updateAfterMailViewAction(AfterMailViewAction action);
+}
@@ -13,7 +13,7 @@ Future<void> initNotifications() async {
  try {
    const android = AndroidInitializationSettings('@mipmap/ic_launcher');
    await _plugin.initialize(
-      const InitializationSettings(android: android),
+      settings: const InitializationSettings(android: android),
      onDidReceiveNotificationResponse: (_) {},
    );
    await _plugin
@@ -31,10 +31,10 @@ Future<void> initNotifications() async {
 Future<void> showNewMailNotification(String accountEmail) async {
  if (!Platform.isAndroid || !_initialized) return;
  await _plugin.show(
-    accountEmail.hashCode & 0x7FFFFFFF,
-    'New mail',
-    accountEmail,
-    const NotificationDetails(
+    id: accountEmail.hashCode & 0x7FFFFFFF,
+    title: 'New mail',
+    body: accountEmail,
+    notificationDetails: const NotificationDetails(
      android: AndroidNotificationDetails(
        _kChannelId,
        _kChannelName,
@@ -4,38 +4,39 @@ import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
 import 'package:sharedinbox/di.dart';

-class UndoService extends StateNotifier<List<UndoAction>> {
-  UndoService(this._ref) : super([]);
-
-  final Ref _ref;
+class UndoService extends Notifier<List<UndoAction>> {
  static const int _maxHistory = 10;

-  // Resolves once init() has loaded persisted history. Default to an already-
-  // resolved future so operations are safe even if init() is never called.
-  Future<void> _ready = Future.value();
+  // Resolves once build() has loaded persisted history.
+  late Future<void> _ready;

-  Future<void> init() async {
-    _ready = _ref.read(undoRepositoryProvider).getHistory().then((history) {
-      if (mounted) state = history;
+  @override
+  List<UndoAction> build() {
+    _ready = ref.read(undoRepositoryProvider).getHistory().then((history) {
+      if (ref.mounted) state = history;
    });
-    await _ready;
+    return [];
  }

+  /// Waits for the persisted history to finish loading. Called by tests to
+  /// ensure the provider is ready before asserting state.
+  Future<void> init() => _ready;
+
  Future<void> pushAction(UndoAction action) async {
    await _ready;
    final newList = [...state, action];
    if (newList.length > _maxHistory) {
      final removed = newList.removeAt(0);
-      await _ref.read(undoRepositoryProvider).deleteAction(removed.id);
+      await ref.read(undoRepositoryProvider).deleteAction(removed.id);
    }
    state = newList;
-    await _ref.read(undoRepositoryProvider).saveAction(action);
+    await ref.read(undoRepositoryProvider).saveAction(action);
  }

  Future<void> clear() async {
    await _ready;
    state = [];
-    unawaited(_ref.read(undoRepositoryProvider).clearHistory());
+    unawaited(ref.read(undoRepositoryProvider).clearHistory());
  }

  Future<void> undo({String? actionId}) async {
@@ -57,7 +58,7 @@ class UndoService extends StateNotifier<List<UndoAction>> {
    // happened and retry if the undo failed (e.g. after an IMAP sync reverted
    // the local change). The inverse action added below allows undoing the undo.

-    final repo = _ref.read(emailRepositoryProvider);
+    final repo = ref.read(emailRepositoryProvider);

    for (final id in action.emailIds) {
      // 1. Try to cancel the original change (if not started yet).
@@ -1,6 +1,7 @@
 import 'dart:async';

 import 'package:enough_mail/enough_mail.dart' as imap;
+import 'package:flutter/services.dart' show MissingPluginException;
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/models/email.dart' show SyncEmailsResult;
 import 'package:sharedinbox/core/repositories/account_repository.dart';
@@ -259,6 +260,8 @@ class _AccountSync implements _SyncLoop {
            accountId: account.id,
            success: false,
            errorMessage: e.toString(),
+            stackTrace: st.toString(),
+            isPermanent: isPermanent,
            protocol: 'imap',
            emailsFetched: 0,
            emailsSkipped: 0,
@@ -294,6 +297,7 @@ class _AccountSync implements _SyncLoop {

  bool _isPermanentError(Object e) {
    if (isTlsConfigError(e)) return true;
+    if (e is MissingPluginException) return true;
    final s = e.toString().toLowerCase();
    // enough_mail doesn't always have typed exceptions for auth, so we check strings.
    return s.contains('invalid credentials') ||
@@ -511,6 +515,8 @@ class _JmapAccountSync implements _SyncLoop {
            accountId: account.id,
            success: false,
            errorMessage: e.toString(),
+            stackTrace: st.toString(),
+            isPermanent: isPermanent,
            protocol: 'jmap',
            emailsFetched: 0,
            emailsSkipped: 0,
@@ -546,6 +552,7 @@ class _JmapAccountSync implements _SyncLoop {

  bool _isPermanentError(Object e) {
    if (isTlsConfigError(e)) return true;
+    if (e is MissingPluginException) return true;
    final s = e.toString().toLowerCase();
    return s.contains('invalid credentials') ||
        s.contains('authentication failed') ||
@@ -6,6 +6,7 @@ import 'package:drift/drift.dart';
 import 'package:drift/native.dart';
 import 'package:enough_mail/enough_mail.dart' as imap;
 import 'package:flutter/services.dart';
+import 'package:flutter/widgets.dart';
 import 'package:path/path.dart' as p;
 import 'package:path_provider/path_provider.dart';

@@ -24,6 +25,9 @@ const _kResourceType = 'background_check';

@pragma('vm:entry-point')
 void callbackDispatcher() {
+  // Required so that path_provider and other plugins are available in this
+  // background isolate (issue #192).
+  WidgetsFlutterBinding.ensureInitialized();
  Workmanager().executeTask((_, __) async {
    try {
      await _doBackgroundSync();
@@ -6,6 +6,7 @@ import 'package:drift/native.dart';
 import 'package:flutter/services.dart';
 import 'package:path/path.dart' as p;
 import 'package:path_provider/path_provider.dart';
+import 'package:sharedinbox/core/db_schema_version.dart';

 part 'database.g.dart';

@@ -192,6 +193,9 @@ class SyncLogs extends Table {
  DateTimeColumn get finishedAt => dateTime()();
  // Added in schema v13: raw protocol log when account.verbose == true.
  TextColumn get protocolLog => text().nullable()();
+  // Added in schema v33: stack trace and permanent flag for error entries.
+  TextColumn get errorStackTrace => text().nullable()();
+  BoolColumn get isPermanent => boolean().withDefault(const Constant(false))();
 }

 /// Per-mailbox breakdown for a single sync cycle.
@@ -303,6 +307,23 @@ class LocalSieveApplied extends Table {
  Set<Column> get primaryKey => {accountId, messageId};
 }

+/// App-wide user preferences, stored as a singleton row (id always 1).
+@DataClassName('UserPreferencesRow')
+class UserPreferences extends Table {
+  IntColumn get id => integer()();
+  // 'bottom' (default) | 'top'
+  TextColumn get menuPosition => text().withDefault(const Constant('bottom'))();
+  // Added in schema v35: 'bottom' (default) | 'top'
+  TextColumn get mailViewButtonPosition =>
+      text().withDefault(const Constant('bottom'))();
+  // Added in schema v36: 'nextMessage' (default) | 'showMailbox'
+  TextColumn get afterMailViewAction =>
+      text().withDefault(const Constant('nextMessage'))();
+
+  @override
+  Set<Column> get primaryKey => {id};
+}
+
 // ── Database ──────────────────────────────────────────────────────────────────

@DriftDatabase(
@@ -323,13 +344,14 @@ class LocalSieveApplied extends Table {
    LocalSieveScripts,
    LocalSieveApplied,
    ShareKeys,
+    UserPreferences,
  ],
 )
 class AppDatabase extends _$AppDatabase {
  AppDatabase([QueryExecutor? executor]) : super(executor ?? _openConnection());

  @override
-  int get schemaVersion => 32;
+  int get schemaVersion => dbSchemaVersion;

  Future<void> _createEmailFts() async {
    await customStatement('''
@@ -570,6 +592,25 @@ class AppDatabase extends _$AppDatabase {
          if (from < 32) {
            await m.createTable(localSieveApplied);
          }
+          if (from >= 7 && from < 33) {
+            await m.addColumn(syncLogs, syncLogs.errorStackTrace);
+            await m.addColumn(syncLogs, syncLogs.isPermanent);
+          }
+          if (from < 34) {
+            await m.createTable(userPreferences);
+          }
+          if (from >= 34 && from < 35) {
+            await m.addColumn(
+              userPreferences,
+              userPreferences.mailViewButtonPosition,
+            );
+          }
+          if (from >= 34 && from < 36) {
+            await m.addColumn(
+              userPreferences,
+              userPreferences.afterMailViewAction,
+            );
+          }
        },
      );
 }
@@ -596,8 +637,10 @@ Future<void> initDatabasePath() async {
 Future<String> _resolveDatabasePath() async {
  if (_dbPath != null) return _dbPath!;
  // initDatabasePath() failed (channel not ready before runApp). Retry now
-  // that the engine is fully initialised, with brief back-off.
-  const delays = [100, 300, 600];
+  // that the engine is fully initialised, with back-off. Some slow Android
+  // devices need several seconds for the Pigeon channel to become ready
+  // (issue #166), so use a longer schedule than the initial attempt.
+  const delays = [200, 500, 1000, 2000, 4000];
  for (final ms in delays) {
    try {
      final dir = await getApplicationSupportDirectory();
@@ -607,6 +650,17 @@ Future<String> _resolveDatabasePath() async {
      await Future<void>.delayed(Duration(milliseconds: ms));
    }
  }
+  // On Android, path_provider can be permanently broken on some devices
+  // regardless of how long we wait (issue #192).  Derive the path from
+  // /proc/self/cmdline (the Android process name == package name) without
+  // a platform channel as a last resort so the app can still open its DB.
+  if (Platform.isAndroid) {
+    final fallback = await _androidFallbackPath();
+    if (fallback != null) {
+      _dbPath = fallback;
+      return _dbPath!;
+    }
+  }
  throw PlatformException(
    code: 'channel-error',
    message: 'path_provider unavailable after ${delays.length + 1} attempts — '
@@ -614,6 +668,45 @@ Future<String> _resolveDatabasePath() async {
  );
 }

+// Reads /proc/self/cmdline to extract the Android package name, then
+// constructs the standard app files-dir path without a platform channel.
+// Returns null when the path cannot be determined or created.
+Future<String?> _androidFallbackPath() async {
+  try {
+    final bytes = await File('/proc/self/cmdline').readAsBytes();
+    final end = bytes.indexOf(0);
+    final packageName = String.fromCharCodes(
+      end >= 0 ? bytes.sublist(0, end) : bytes,
+    ).trim();
+    // A valid Android package name contains dots but not slashes.
+    if (packageName.isEmpty ||
+        !packageName.contains('.') ||
+        packageName.contains('/')) {
+      return null;
+    }
+    for (final base in [
+      '/data/user/0/$packageName/files',
+      '/data/data/$packageName/files',
+    ]) {
+      try {
+        await Directory(base).create(recursive: true);
+        return p.join(base, 'sharedinbox.db');
+      } catch (_) {
+        continue;
+      }
+    }
+    return null;
+  } catch (_) {
+    return null;
+  }
+}
+
+// These functions are only called from unit tests (database_path_test.dart).
+// They expose internals that cannot be reached via the public API.
+Future<String> resolveDatabasePathForTesting() => _resolveDatabasePath();
+void resetDatabasePathForTesting() => _dbPath = null;
+Future<String?> androidFallbackPathForTesting() => _androidFallbackPath();
+
 LazyDatabase _openConnection() {
  return LazyDatabase(() async {
    final file = File(await _resolveDatabasePath());
@@ -79,6 +79,14 @@ class MailboxRepositoryImpl implements MailboxRepository {
    );
    try {
      final mailboxes = await client.listMailboxes(recursive: true);
+
+      // Pre-load existing DB roles so we can preserve manually-set roles for
+      // folders the server doesn't tag with a special-use attribute.
+      final existingRows = await (_db.select(_db.mailboxes)
+            ..where((t) => t.accountId.equals(account.id)))
+          .get();
+      final existingRoles = {for (final r in existingRows) r.id: r.role};
+
      for (final mb in mailboxes) {
        final path = mb.path;
        final id = '${account.id}:$path';
@@ -96,6 +104,12 @@ class MailboxRepositoryImpl implements MailboxRepository {
          log('STATUS skipped for $path: $e');
        }

+        // Use the server-assigned role when available; fall back to the
+        // existing DB role so that manually-created folders (e.g. a user
+        // who just created their Archive folder) keep their role across syncs
+        // when the IMAP server does not expose a special-use attribute.
+        final role = _imapRole(mb) ?? existingRoles[id];
+
        await _db.into(_db.mailboxes).insertOnConflictUpdate(
              MailboxesCompanion.insert(
                id: id,
@@ -104,7 +118,7 @@ class MailboxRepositoryImpl implements MailboxRepository {
                name: mb.name,
                unreadCount: Value(unread),
                totalCount: Value(total),
-                role: Value(_imapRole(mb)),
+                role: Value(role),
              ),
            );
      }
@@ -310,4 +324,104 @@ class MailboxRepositoryImpl implements MailboxRepository {
          ..where((t) => t.accountId.equals(accountId)))
        .go();
  }
+
+  @override
+  Future<model.Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  ) async {
+    final account = (await _accounts.getAccount(accountId))!;
+    final password = await _accounts.getPassword(accountId);
+    switch (account.type) {
+      case account_model.AccountType.imap:
+        return _createMailboxWithRoleImap(account, password, name, role);
+      case account_model.AccountType.jmap:
+        return _createMailboxWithRoleJmap(account, password, name, role);
+    }
+  }
+
+  Future<model.Mailbox> _createMailboxWithRoleImap(
+    account_model.Account account,
+    String password,
+    String name,
+    String role,
+  ) async {
+    final client = await _imapConnect(
+      account,
+      _effectiveUsername(account),
+      password,
+    );
+    try {
+      await client.createMailbox(name);
+    } finally {
+      await client.logout();
+    }
+    final id = '${account.id}:$name';
+    await _db.into(_db.mailboxes).insertOnConflictUpdate(
+          MailboxesCompanion.insert(
+            id: id,
+            accountId: account.id,
+            path: name,
+            name: name,
+            role: Value(role),
+          ),
+        );
+    final row = await (_db.select(_db.mailboxes)..where((t) => t.id.equals(id)))
+        .getSingle();
+    return _toModel(row);
+  }
+
+  Future<model.Mailbox> _createMailboxWithRoleJmap(
+    account_model.Account account,
+    String password,
+    String name,
+    String role,
+  ) async {
+    final jmapUrl = account.jmapUrl;
+    if (jmapUrl == null || jmapUrl.isEmpty) {
+      throw Exception('JMAP account ${account.id} has no jmapUrl');
+    }
+    final jmap = await JmapClient.connect(
+      httpClient: _httpClient,
+      jmapUrl: Uri.parse(jmapUrl),
+      username: _effectiveUsername(account),
+      password: password,
+    );
+    final responses = await jmap.call([
+      [
+        'Mailbox/set',
+        {
+          'accountId': jmap.accountId,
+          'create': {
+            'new-mailbox': {'name': name, 'role': role},
+          },
+        },
+        '0',
+      ],
+    ]);
+    final result = _responseArgs(responses, 0, 'Mailbox/set');
+    final created = result['created'] as Map<String, dynamic>?;
+    final newId =
+        (created?['new-mailbox'] as Map<String, dynamic>?)?['id'] as String?;
+    if (newId == null) {
+      throw Exception(
+        'Failed to create mailbox "$name": server returned no ID',
+      );
+    }
+    final dbId = '${account.id}:$newId';
+    await _db.into(_db.mailboxes).insertOnConflictUpdate(
+          MailboxesCompanion.insert(
+            id: dbId,
+            accountId: account.id,
+            path: newId,
+            name: name,
+            role: Value(role),
+          ),
+        );
+    final row = await (_db.select(_db.mailboxes)
+          ..where((t) => t.id.equals(dbId)))
+        .getSingle();
+    return _toModel(row);
+  }
 }
@@ -13,6 +13,8 @@ class SyncLogRepositoryImpl implements SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -30,6 +32,8 @@ class SyncLogRepositoryImpl implements SyncLogRepository {
              accountId: accountId,
              result: success ? 'ok' : 'error',
              errorMessage: Value(errorMessage),
+              errorStackTrace: Value(stackTrace),
+              isPermanent: Value(isPermanent),
              protocol: Value(protocol),
              itemsSynced: Value(emailsFetched),
              emailsSkipped: Value(emailsSkipped),
@@ -75,6 +79,8 @@ class SyncLogRepositoryImpl implements SyncLogRepository {
            id: r.id,
            result: r.result,
            errorMessage: r.errorMessage,
+            stackTrace: r.errorStackTrace,
+            isPermanent: r.isPermanent,
            protocol: r.protocol,
            emailsFetched: r.itemsSynced,
            emailsSkipped: r.emailsSkipped,
@@ -0,0 +1,68 @@
+import 'package:drift/drift.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart' as pref;
+import 'package:sharedinbox/core/repositories/user_preferences_repository.dart';
+import 'package:sharedinbox/data/db/database.dart';
+
+class UserPreferencesRepositoryImpl implements UserPreferencesRepository {
+  UserPreferencesRepositoryImpl(this._db);
+
+  final AppDatabase _db;
+  static const _rowId = 1;
+
+  @override
+  Stream<pref.UserPreferences> observePreferences() {
+    return (_db.select(_db.userPreferences)..where((t) => t.id.equals(_rowId)))
+        .watchSingleOrNull()
+        .map(_rowToModel);
+  }
+
+  @override
+  Future<void> updateMenuPosition(pref.MenuPosition position) async {
+    await _db.into(_db.userPreferences).insertOnConflictUpdate(
+          UserPreferencesCompanion(
+            id: const Value(_rowId),
+            menuPosition: Value(position.name),
+          ),
+        );
+  }
+
+  @override
+  Future<void> updateMailViewButtonPosition(pref.MenuPosition position) async {
+    await _db.into(_db.userPreferences).insertOnConflictUpdate(
+          UserPreferencesCompanion(
+            id: const Value(_rowId),
+            mailViewButtonPosition: Value(position.name),
+          ),
+        );
+  }
+
+  @override
+  Future<void> updateAfterMailViewAction(
+    pref.AfterMailViewAction action,
+  ) async {
+    await _db.into(_db.userPreferences).insertOnConflictUpdate(
+          UserPreferencesCompanion(
+            id: const Value(_rowId),
+            afterMailViewAction: Value(action.name),
+          ),
+        );
+  }
+
+  static pref.UserPreferences _rowToModel(UserPreferencesRow? row) {
+    if (row == null) return const pref.UserPreferences();
+    return pref.UserPreferences(
+      menuPosition: pref.MenuPosition.values.firstWhere(
+        (e) => e.name == row.menuPosition,
+        orElse: () => pref.MenuPosition.bottom,
+      ),
+      mailViewButtonPosition: pref.MenuPosition.values.firstWhere(
+        (e) => e.name == row.mailViewButtonPosition,
+        orElse: () => pref.MenuPosition.bottom,
+      ),
+      afterMailViewAction: pref.AfterMailViewAction.values.firstWhere(
+        (e) => e.name == row.afterMailViewAction,
+        orElse: () => pref.AfterMailViewAction.nextMessage,
+      ),
+    );
+  }
+}
@@ -5,13 +5,16 @@ import 'package:http/http.dart' as http;
 import 'package:sharedinbox/core/models/account.dart' as model;
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/repositories/account_repository.dart';
 import 'package:sharedinbox/core/repositories/draft_repository.dart';
 import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
 import 'package:sharedinbox/core/repositories/search_history_repository.dart';
 import 'package:sharedinbox/core/repositories/share_key_repository.dart';
+import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
 import 'package:sharedinbox/core/repositories/undo_repository.dart';
+import 'package:sharedinbox/core/repositories/user_preferences_repository.dart';
 import 'package:sharedinbox/core/services/account_discovery_service.dart';
 import 'package:sharedinbox/core/services/connection_test_service.dart';
 import 'package:sharedinbox/core/services/managesieve_probe_service.dart';
@@ -20,7 +23,8 @@ import 'package:sharedinbox/core/services/undo_service.dart';
 import 'package:sharedinbox/core/storage/secure_storage.dart';
 import 'package:sharedinbox/core/sync/account_sync_manager.dart';
 import 'package:sharedinbox/core/sync/reliability_runner.dart';
-import 'package:sharedinbox/data/db/database.dart' hide Email, EmailBody;
+import 'package:sharedinbox/data/db/database.dart'
+    hide Email, EmailBody, UserPreferences;
 import 'package:sharedinbox/data/db/local_sieve_repository.dart';
 import 'package:sharedinbox/data/imap/imap_client_factory.dart';
 import 'package:sharedinbox/data/jmap/sieve_repository.dart';
@@ -32,6 +36,7 @@ import 'package:sharedinbox/data/repositories/search_history_repository_impl.dar
 import 'package:sharedinbox/data/repositories/share_key_repository_impl.dart';
 import 'package:sharedinbox/data/repositories/sync_log_repository_impl.dart';
 import 'package:sharedinbox/data/repositories/undo_repository_impl.dart';
+import 'package:sharedinbox/data/repositories/user_preferences_repository_impl.dart';
 import 'package:sharedinbox/data/storage/flutter_secure_storage_impl.dart';

 /// Swappable IMAP connection factory — override in tests to use plaintext.
@@ -101,7 +106,7 @@ final searchHistoryRepositoryProvider =
  return SearchHistoryRepositoryImpl(ref.watch(dbProvider));
 });

-final syncLogRepositoryProvider = Provider((ref) {
+final syncLogRepositoryProvider = Provider<SyncLogRepository>((ref) {
  return SyncLogRepositoryImpl(ref.watch(dbProvider));
 });

@@ -181,11 +186,7 @@ final manageSieveProbeServiceProvider = Provider<ManageSieveProbeService>((
 });

 final undoServiceProvider =
-    StateNotifierProvider<UndoService, List<UndoAction>>((ref) {
-  final service = UndoService(ref);
-  unawaited(service.init());
-  return service;
-});
+    NotifierProvider<UndoService, List<UndoAction>>(UndoService.new);

 /// Loads email header + body and marks the email as seen.
 /// Owned by [EmailDetailScreen]; decouples data loading from the widget tree.
@@ -194,16 +195,18 @@ final emailDetailProvider = AsyncNotifierProvider.autoDispose
  EmailDetailNotifier.new,
 );

-class EmailDetailNotifier
-    extends AutoDisposeFamilyAsyncNotifier<(Email?, EmailBody), String> {
+class EmailDetailNotifier extends AsyncNotifier<(Email?, EmailBody)> {
+  EmailDetailNotifier(this._emailId);
+  final String _emailId;
+
  @override
-  Future<(Email?, EmailBody)> build(String emailId) async {
+  Future<(Email?, EmailBody)> build() async {
    final repo = ref.read(emailRepositoryProvider);
    final results = await Future.wait([
-      repo.getEmail(emailId),
-      repo.getEmailBody(emailId),
+      repo.getEmail(_emailId),
+      repo.getEmailBody(_emailId),
    ]);
-    unawaited(repo.setFlag(emailId, seen: true));
+    unawaited(repo.setFlag(_emailId, seen: true));
    return (results[0] as Email?, results[1] as EmailBody);
  }
 }
@@ -228,3 +231,13 @@ final accountConnectionStatusProvider =
      .read(connectionTestServiceProvider)
      .testConnection(account, password);
 });
+
+final userPreferencesRepositoryProvider =
+    Provider<UserPreferencesRepository>((ref) {
+  return UserPreferencesRepositoryImpl(ref.watch(dbProvider));
+});
+
+final userPreferencesProvider =
+    StreamProvider.autoDispose<UserPreferences>((ref) {
+  return ref.watch(userPreferencesRepositoryProvider).observePreferences();
+});
@@ -3,6 +3,7 @@ import 'dart:io';

 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;

 import 'package:sharedinbox/core/services/notification_service.dart';
 import 'package:sharedinbox/core/sync/background_sync.dart';
@@ -20,6 +20,7 @@ import 'package:sharedinbox/ui/screens/sieve_scripts_screen.dart';
 import 'package:sharedinbox/ui/screens/sync_log_screen.dart';
 import 'package:sharedinbox/ui/screens/thread_detail_screen.dart';
 import 'package:sharedinbox/ui/screens/undo_log_screen.dart';
+import 'package:sharedinbox/ui/screens/user_preferences_screen.dart';
 import 'package:sharedinbox/ui/widgets/undo_shell.dart';

 final router = GoRouter(
@@ -56,6 +57,10 @@ final router = GoRouter(
              path: 'about',
              builder: (ctx, state) => const AboutScreen(),
            ),
+            GoRoute(
+              path: 'preferences',
+              builder: (ctx, state) => const UserPreferencesScreen(),
+            ),
            GoRoute(
              path: ':accountId/edit',
              builder: (ctx, state) => EditAccountScreen(
@@ -1,5 +1,4 @@
 import 'dart:async';
-import 'dart:io';

 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
@@ -8,6 +7,7 @@ import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:package_info_plus/package_info_plus.dart';
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/utils/about_markdown.dart';
 import 'package:url_launcher/url_launcher.dart';

 class AboutScreen extends ConsumerStatefulWidget {
@@ -19,53 +19,22 @@ class AboutScreen extends ConsumerStatefulWidget {

 class _AboutScreenState extends ConsumerState<AboutScreen> {
  final Future<PackageInfo> _packageInfoFuture = PackageInfo.fromPlatform();
+  late final Future<String?> _deviceModelFuture;
  late final Stream<List<Account>> _accountsStream;
-
-  static const _gitHash = String.fromEnvironment('GIT_HASH');
+  String? _deviceModel;

  @override
  void initState() {
    super.initState();
    _accountsStream = ref.read(accountRepositoryProvider).observeAccounts();
+    _deviceModelFuture = getDeviceModel();
+    unawaited(
+      _deviceModelFuture.then((model) {
+        if (mounted) setState(() => _deviceModel = model);
+      }),
+    );
  }

-  String _buildMarkdown(
-    BuildContext context,
-    PackageInfo? pkg,
-    int imapCount,
-    int jmapCount,
-  ) {
-    final size = MediaQuery.of(context).size;
-    final pixelRatio = MediaQuery.of(context).devicePixelRatio;
-    final physW = (size.width * pixelRatio).toInt();
-    final physH = (size.height * pixelRatio).toInt();
-    final version =
-        pkg != null ? '${pkg.version}+${pkg.buildNumber}' : 'unknown';
-    final versionDisplay = _gitHash.isNotEmpty
-        ? '[$version](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash)'
-        : version;
-    final osName = _capitalize(Platform.operatingSystem);
-    final isDark = MediaQuery.of(context).platformBrightness == Brightness.dark;
-
-    return '## sharedinbox.de\n\n'
-        '| Property | Value |\n'
-        '|----------|-------|\n'
-        '| App Version | $versionDisplay |\n'
-        '| Platform | ${Platform.operatingSystem} |\n'
-        '| $osName Version | ${Platform.operatingSystemVersion} |\n'
-        '| Resolution | ${physW}x$physH px'
-        ' (logical: ${size.width.toInt()}x${size.height.toInt()} pt,'
-        ' ratio: ${pixelRatio.toStringAsFixed(1)}x) |\n'
-        '| Dart Version | ${Platform.version.split(' ').first} |\n'
-        '| Processors | ${Platform.numberOfProcessors} |\n'
-        '| Dark Mode | ${isDark ? 'yes' : 'no'} |\n'
-        '| IMAP Accounts | $imapCount |\n'
-        '| JMAP Accounts | $jmapCount |\n';
-  }
-
-  static String _capitalize(String s) =>
-      s.isEmpty ? s : '${s[0].toUpperCase()}${s.substring(1)}';
-
  Future<void> _copyToClipboard(
    BuildContext context,
    int imapCount,
@@ -75,10 +44,20 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    try {
      pkg = await _packageInfoFuture;
    } catch (_) {}
+    String? deviceModel;
+    try {
+      deviceModel = await _deviceModelFuture;
+    } catch (_) {}
    if (!context.mounted) return;
    await Clipboard.setData(
      ClipboardData(
-        text: _buildMarkdown(context, pkg, imapCount, jmapCount),
+        text: buildAboutMarkdown(
+          context: context,
+          pkg: pkg,
+          imapCount: imapCount,
+          jmapCount: jmapCount,
+          deviceModel: deviceModel,
+        ),
      ),
    );
    if (context.mounted) {
@@ -91,6 +70,30 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    }
  }

+  Future<void> _launchUrl(BuildContext context, Uri url) async {
+    try {
+      final launched =
+          await launchUrl(url, mode: LaunchMode.externalApplication);
+      if (!launched && context.mounted) {
+        ScaffoldMessenger.of(context).showSnackBar(
+          const SnackBar(
+            duration: Duration(seconds: 5),
+            content: Text('Could not open browser.'),
+          ),
+        );
+      }
+    } catch (e) {
+      if (context.mounted) {
+        ScaffoldMessenger.of(context).showSnackBar(
+          SnackBar(
+            duration: const Duration(seconds: 5),
+            content: Text('Error: $e'),
+          ),
+        );
+      }
+    }
+  }
+
  Future<void> _createIssue(
    BuildContext context,
    int imapCount,
@@ -100,9 +103,19 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    try {
      pkg = await _packageInfoFuture;
    } catch (_) {}
+    String? deviceModel;
+    try {
+      deviceModel = await _deviceModelFuture;
+    } catch (_) {}
    if (!context.mounted) return;
    final body = Uri.encodeComponent(
-      _buildMarkdown(context, pkg, imapCount, jmapCount),
+      buildAboutMarkdown(
+        context: context,
+        pkg: pkg,
+        imapCount: imapCount,
+        jmapCount: jmapCount,
+        deviceModel: deviceModel,
+      ),
    );
    final url = Uri.parse(
      'https://codeberg.org/guettli/sharedinbox/issues/new?body=$body',
@@ -153,20 +166,18 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
                      return const Center(child: CircularProgressIndicator());
                    }
                    return Markdown(
-                      data: _buildMarkdown(
-                        context,
-                        snapshot.data,
-                        imapCount,
-                        jmapCount,
+                      data: buildAboutMarkdown(
+                        context: context,
+                        pkg: snapshot.data,
+                        imapCount: imapCount,
+                        jmapCount: jmapCount,
+                        deviceModel: _deviceModel,
                      ),
                      selectable: true,
                      onTapLink: (text, href, title) {
                        if (href != null) {
                          unawaited(
-                            launchUrl(
-                              Uri.parse(href),
-                              mode: LaunchMode.externalApplication,
-                            ),
+                            _launchUrl(context, Uri.parse(href)),
                          );
                        }
                      },
@@ -1,4 +1,5 @@
 import 'dart:async';
+import 'dart:convert';

 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
@@ -66,6 +67,14 @@ class AccountListScreen extends ConsumerWidget {
                unawaited(context.push('/accounts/about'));
              },
            ),
+            ListTile(
+              leading: const Icon(Icons.settings),
+              title: const Text('Preferences'),
+              onTap: () {
+                Navigator.pop(context); // Close drawer
+                unawaited(context.push('/accounts/preferences'));
+              },
+            ),
          ],
        ),
      ),
@@ -111,20 +120,80 @@ class _AccountTile extends ConsumerWidget {
    final health = ref.watch(syncHealthProvider(account.id));
    final typeLabel = account.type == AccountType.jmap ? 'JMAP' : 'IMAP';

-    return ListTile(
-      leading: const Icon(Icons.account_circle),
-      title: Text(account.displayName),
-      subtitle: Column(
-        crossAxisAlignment: CrossAxisAlignment.start,
-        children: [
-          Text('${account.email}\n$typeLabel'),
-          const SizedBox(height: 4),
-          health.when(
+    return Column(
+      crossAxisAlignment: CrossAxisAlignment.start,
+      children: [
+        ListTile(
+          leading: const Icon(Icons.account_circle),
+          title: Text(account.displayName),
+          subtitle: Text('${account.email}\n$typeLabel'),
+          isThreeLine: true,
+          trailing: Row(
+            mainAxisSize: MainAxisSize.min,
+            children: [
+              status.when(
+                loading: () => const SizedBox(
+                  width: 20,
+                  height: 20,
+                  child: CircularProgressIndicator(strokeWidth: 2),
+                ),
+                data: (_) =>
+                    const Icon(Icons.check_circle, color: Colors.green),
+                error: (e, _) => Tooltip(
+                  message: e.toString(),
+                  child: const Icon(Icons.error_outline, color: Colors.red),
+                ),
+              ),
+              PopupMenuButton<_AccountAction>(
+                onSelected: (action) => _onAction(context, action),
+                itemBuilder: (_) => [
+                  const PopupMenuItem(
+                    value: _AccountAction.syncLog,
+                    child: Text('Sync log'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.verifySync,
+                    child: Text('Verify sync health'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.forceSync,
+                    child: Text('Force full sync'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.edit,
+                    child: Text('Edit'),
+                  ),
+                  if (_sieveSupported(account))
+                    const PopupMenuItem(
+                      value: _AccountAction.emailFiltersRemote,
+                      child: Text('Server email filters'),
+                    ),
+                  const PopupMenuItem(
+                    value: _AccountAction.emailFiltersLocal,
+                    child: Text('Local email filters'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.send,
+                    child: Text('Send accounts'),
+                  ),
+                  const PopupMenuDivider(),
+                  const PopupMenuItem(
+                    value: _AccountAction.delete,
+                    child: Text('Delete'),
+                  ),
+                ],
+              ),
+            ],
+          ),
+          onTap: () => context.push('/accounts/${account.id}/mailboxes'),
+        ),
+        Padding(
+          padding: const EdgeInsets.fromLTRB(72, 0, 16, 8),
+          child: health.when(
            data: (h) {
              if (h == null) return const Text('Sync health: Not verified yet');
              final date = h.lastVerifiedAt.toLocal().toString().split('.')[0];
              return Row(
-                mainAxisSize: MainAxisSize.min,
                children: [
                  const Text('Sync health: '),
                  Icon(
@@ -133,7 +202,13 @@ class _AccountTile extends ConsumerWidget {
                    color: h.isHealthy ? Colors.green : Colors.orange,
                  ),
                  const SizedBox(width: 4),
-                  Text(h.isHealthy ? 'Healthy' : 'Discrepancies found'),
+                  Expanded(
+                    child: Text(
+                      h.isHealthy
+                          ? 'Healthy'
+                          : _formatDiscrepancies(h.discrepancySummary),
+                    ),
+                  ),
                  Text(' ($date)', style: const TextStyle(fontSize: 10)),
                ],
              );
@@ -141,66 +216,8 @@ class _AccountTile extends ConsumerWidget {
            loading: () => const Text('Sync health: checking...'),
            error: (e, _) => Text('Sync health error: $e'),
          ),
-        ],
-      ),
-      isThreeLine: true,
-      trailing: Row(
-        mainAxisSize: MainAxisSize.min,
-        children: [
-          status.when(
-            loading: () => const SizedBox(
-              width: 20,
-              height: 20,
-              child: CircularProgressIndicator(strokeWidth: 2),
-            ),
-            data: (_) => const Icon(Icons.check_circle, color: Colors.green),
-            error: (e, _) => Tooltip(
-              message: e.toString(),
-              child: const Icon(Icons.error_outline, color: Colors.red),
-            ),
-          ),
-          PopupMenuButton<_AccountAction>(
-            onSelected: (action) => _onAction(context, action),
-            itemBuilder: (_) => [
-              const PopupMenuItem(
-                value: _AccountAction.syncLog,
-                child: Text('Sync log'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.verifySync,
-                child: Text('Verify sync health'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.forceSync,
-                child: Text('Force full sync'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.edit,
-                child: Text('Edit'),
-              ),
-              if (_sieveSupported(account))
-                const PopupMenuItem(
-                  value: _AccountAction.emailFiltersRemote,
-                  child: Text('Server email filters'),
-                ),
-              const PopupMenuItem(
-                value: _AccountAction.emailFiltersLocal,
-                child: Text('Local email filters'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.send,
-                child: Text('Send accounts'),
-              ),
-              const PopupMenuDivider(),
-              const PopupMenuItem(
-                value: _AccountAction.delete,
-                child: Text('Delete'),
-              ),
-            ],
-          ),
-        ],
-      ),
-      onTap: () => context.push('/accounts/${account.id}/mailboxes'),
+        ),
+      ],
    );
  }

@@ -293,6 +310,30 @@ class _AccountTile extends ConsumerWidget {
  }
 }

+String _formatDiscrepancies(String? summary) {
+  if (summary == null) return 'Discrepancies found';
+  try {
+    final decoded = jsonDecode(summary) as Map<String, dynamic>;
+    var missingLocally = 0;
+    var missingOnServer = 0;
+    var flagMismatches = 0;
+    for (final v in decoded.values) {
+      final m = v as Map<String, dynamic>;
+      missingLocally += (m['missingLocally'] as int? ?? 0);
+      missingOnServer += (m['missingOnServer'] as int? ?? 0);
+      flagMismatches += (m['flagMismatches'] as int? ?? 0);
+    }
+    final parts = <String>[];
+    if (missingLocally > 0) parts.add('missing locally: $missingLocally');
+    if (missingOnServer > 0) parts.add('missing on server: $missingOnServer');
+    if (flagMismatches > 0) parts.add('flag mismatches: $flagMismatches');
+    if (parts.isEmpty) return 'Discrepancies found';
+    return 'Discrepancies found (${parts.join(', ')})';
+  } catch (_) {
+    return 'Discrepancies found';
+  }
+}
+
 class _OnboardingView extends StatelessWidget {
  const _OnboardingView();

@@ -32,11 +32,15 @@ enum _Step { generatingKey, showingPubKey, scanning, importing, done, error }
 class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
  _Step _step = _Step.generatingKey;
  ShareKeyMaterial? _keyMaterial;
+  DateTime? _keyExpiresAt;
  String? _pubKeyQr;
  String? _errorMessage;
  bool _scannerActive = false;

  MobileScannerController? _scannerController;
+  // True when the scanner plugin fails to initialise at runtime (e.g.
+  // MissingPluginException on some Android builds).
+  bool _scannerFailed = false;

  @override
  void initState() {
@@ -61,6 +65,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
      );
      setState(() {
        _keyMaterial = material;
+        _keyExpiresAt = DateTime.now().toUtc().add(const Duration(minutes: 20));
        _pubKeyQr = qr;
        _step = _Step.showingPubKey;
      });
@@ -76,8 +81,37 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
    setState(() {
      _step = _Step.scanning;
      _scannerActive = true;
-      _scannerController = MobileScannerController();
    });
+    if (_cameraScanSupported()) {
+      unawaited(_initScanner());
+    }
+  }
+
+  // Pre-flight: probe the scanner's permission-state method to verify the
+  // plugin is registered.  MissingPluginException is thrown on Android builds
+  // where the plugin is not linked (issue #204).  All other exceptions mean
+  // the plugin exists but something else failed — the MobileScanner widget
+  // will surface those via its own error builder.
+  Future<void> _initScanner() async {
+    bool available = false;
+    try {
+      await const MethodChannel(
+        'dev.steenbakker.mobile_scanner/scanner/method',
+      ).invokeMethod<int>('state');
+      available = true;
+    } on MissingPluginException {
+      // Plugin not registered on this device; text fallback will be shown.
+    } catch (_) {
+      // Plugin registered but state check failed; let the scanner widget
+      // handle it via its errorBuilder.
+      available = true;
+    }
+    if (!mounted) return;
+    if (available) {
+      setState(() => _scannerController = MobileScannerController());
+    } else {
+      setState(() => _scannerFailed = true);
+    }
  }

  Future<void> _onScanned(String rawValue) async {
@@ -244,7 +278,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
            },
          ),
          const SizedBox(height: 8),
-          const _ExpiryHint(),
+          _ExpiryHint(expiresAt: _keyExpiresAt!),
          const SizedBox(height: 32),
          if (_errorMessage != null) ...[
            Text(
@@ -266,11 +300,14 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
  }

  Widget _buildScannerView(BuildContext context) {
-    // On platforms where the camera scanner is not available (Linux desktop),
-    // fall back to a text-input field.
-    if (!_cameraScanSupported()) {
+    // Fall back to text input when the platform has no camera support or when
+    // the scanner plugin fails to initialise at runtime (MissingPluginException).
+    if (!_cameraScanSupported() || _scannerFailed) {
      return _buildTextFallbackView(context);
    }
+    if (_scannerController == null) {
+      return const Center(child: CircularProgressIndicator());
+    }

    return Stack(
      children: [
@@ -371,8 +408,37 @@ bool _cameraScanSupported() =>
    Platform.isMacOS ||
    Platform.isWindows;

-class _ExpiryHint extends StatelessWidget {
-  const _ExpiryHint();
+class _ExpiryHint extends StatefulWidget {
+  const _ExpiryHint({required this.expiresAt});
+
+  final DateTime expiresAt;
+
+  @override
+  State<_ExpiryHint> createState() => _ExpiryHintState();
+}
+
+class _ExpiryHintState extends State<_ExpiryHint> {
+  late Timer _timer;
+
+  @override
+  void initState() {
+    super.initState();
+    _timer = Timer.periodic(const Duration(seconds: 1), (_) => setState(() {}));
+  }
+
+  @override
+  void dispose() {
+    _timer.cancel();
+    super.dispose();
+  }
+
+  String _formatRemaining() {
+    final remaining = widget.expiresAt.difference(DateTime.now().toUtc());
+    if (remaining.isNegative) return 'expired';
+    final minutes = remaining.inMinutes;
+    final seconds = remaining.inSeconds % 60;
+    return '${minutes.toString().padLeft(2, '0')}:${seconds.toString().padLeft(2, '0')}';
+  }

  @override
  Widget build(BuildContext context) {
@@ -382,7 +448,7 @@ class _ExpiryHint extends StatelessWidget {
        Icon(Icons.timer_outlined, size: 14, color: Colors.grey[600]),
        const SizedBox(width: 4),
        Text(
-          'This key expires in 20 minutes',
+          'This key expires in ${_formatRemaining()}',
          style: TextStyle(fontSize: 12, color: Colors.grey[600]),
        ),
      ],
@@ -45,12 +45,42 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
  bool _scannerActive = true;

  MobileScannerController? _scannerController;
+  // True when the scanner plugin fails to initialise at runtime (e.g.
+  // MissingPluginException on some Android builds).
+  bool _scannerFailed = false;

  @override
  void initState() {
    super.initState();
    if (_cameraScanSupported()) {
-      _scannerController = MobileScannerController();
+      unawaited(_initScanner());
+    }
+  }
+
+  // Pre-flight: probe the scanner's permission-state method to verify the
+  // plugin is registered.  MissingPluginException is thrown on Android builds
+  // where the plugin is not linked (issue #204).  All other exceptions mean
+  // the plugin exists but something else failed — the MobileScanner widget
+  // will surface those via its own error builder.
+  Future<void> _initScanner() async {
+    bool available = false;
+    try {
+      await const MethodChannel(
+        'dev.steenbakker.mobile_scanner/scanner/method',
+      ).invokeMethod<int>('state');
+      available = true;
+    } on MissingPluginException {
+      // Plugin not registered on this device; text fallback will be shown.
+    } catch (_) {
+      // Plugin registered but state check failed; let the scanner widget
+      // handle it via its errorBuilder.
+      available = true;
+    }
+    if (!mounted) return;
+    if (available) {
+      setState(() => _scannerController = MobileScannerController());
+    } else {
+      setState(() => _scannerFailed = true);
    }
  }

@@ -178,9 +208,12 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
  }

  Widget _buildScanStep(BuildContext context) {
-    if (!_cameraScanSupported()) {
+    if (!_cameraScanSupported() || _scannerFailed) {
      return _buildTextFallbackView(context);
    }
+    if (_scannerController == null) {
+      return const Center(child: CircularProgressIndicator());
+    }

    return Stack(
      children: [
@@ -1,7 +1,6 @@
 import 'dart:async';

 import 'package:flutter/material.dart';
-import 'package:flutter/services.dart' show rootBundle;
 import 'package:flutter_markdown_plus/flutter_markdown_plus.dart';
 import 'package:url_launcher/url_launcher.dart';

@@ -13,7 +12,8 @@ class ChangeLogScreen extends StatelessWidget {
    return Scaffold(
      appBar: AppBar(title: const Text('ChangeLog')),
      body: FutureBuilder<String>(
-        future: rootBundle.loadString('assets/changelog.txt'),
+        future:
+            DefaultAssetBundle.of(context).loadString('assets/changelog.txt'),
        builder: (context, snapshot) {
          if (snapshot.connectionState == ConnectionState.waiting) {
            return const Center(child: CircularProgressIndicator());
@@ -162,7 +162,7 @@ class _ComposeScreenState extends ConsumerState<ComposeScreen> {
  }

  Future<void> _pickAttachments() async {
-    final result = await FilePicker.platform.pickFiles(allowMultiple: true);
+    final result = await FilePicker.pickFiles();
    if (result == null) return;
    final files = result.files.where((f) => f.path != null).toList();
    if (!mounted) return;
@@ -1,5 +1,6 @@
 import 'dart:io';

+import 'package:flutter/foundation.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
 import 'package:package_info_plus/package_info_plus.dart';
@@ -10,21 +11,45 @@ class CrashScreen extends StatelessWidget {
    super.key,
    required this.exception,
    required this.stackTrace,
+    this.gitHash = const String.fromEnvironment('GIT_HASH'),
  });

  final Object exception;
  final StackTrace? stackTrace;
+  final String gitHash;

-  Future<String> _buildReport() async {
-    String version = 'unknown';
+  String get _buildMode {
+    if (kDebugMode) return 'debug';
+    if (kProfileMode) return 'profile';
+    return 'release';
+  }
+
+  Future<String> _fetchVersion() async {
    try {
      final info = await PackageInfo.fromPlatform();
-      version = '${info.version}+${info.buildNumber}';
-    } catch (_) {}
+      return '${info.version}+${info.buildNumber}';
+    } catch (_) {
+      return 'unknown';
+    }
+  }
+
+  Future<String> _buildReport() async {
+    final version = await _fetchVersion();
    final platform =
        '${Platform.operatingSystem} ${Platform.operatingSystemVersion}';
-    return 'App Version: $version\n'
-        'Platform: $platform\n\n'
+    final versionDisplay = gitHash.isNotEmpty
+        ? '[$version](https://codeberg.org/guettli/sharedinbox/commit/$gitHash)'
+        : version;
+    final gitLine = gitHash.isNotEmpty
+        ? 'Git Commit: [$gitHash](https://codeberg.org/guettli/sharedinbox/commit/$gitHash)\n'
+        : '';
+    final timestamp = DateTime.now().toUtc().toIso8601String();
+    return 'App Version: $versionDisplay\n'
+        'Build Mode: $_buildMode\n'
+        '$gitLine'
+        'Platform: $platform\n'
+        'Dart: ${Platform.version}\n'
+        'Timestamp: $timestamp\n\n'
        'Error:\n```\n$exception\n```\n\n'
        'Stack Trace:\n```\n$stackTrace\n```';
  }
@@ -50,6 +75,70 @@ class CrashScreen extends StatelessWidget {
                  style: Theme.of(ctx).textTheme.titleMedium,
                  textAlign: TextAlign.center,
                ),
+                const SizedBox(height: 4),
+                FutureBuilder<String>(
+                  future: _fetchVersion(),
+                  builder: (context, snapshot) => Text(
+                    'v${snapshot.data ?? '…'}  •  $_buildMode  •  '
+                    '${Platform.operatingSystem} ${Platform.operatingSystemVersion}',
+                    style: Theme.of(context).textTheme.bodySmall?.copyWith(
+                          color: Colors.grey[600],
+                        ),
+                    textAlign: TextAlign.center,
+                  ),
+                ),
+                if (gitHash.isNotEmpty) ...[
+                  const SizedBox(height: 8),
+                  FutureBuilder<PackageInfo>(
+                    future: PackageInfo.fromPlatform(),
+                    builder: (_, snapshot) {
+                      if (!snapshot.hasData) return const SizedBox.shrink();
+                      final version =
+                          '${snapshot.data!.version}+${snapshot.data!.buildNumber}';
+                      return GestureDetector(
+                        onTap: () async {
+                          final url = Uri.parse(
+                            'https://codeberg.org/guettli/sharedinbox/commit/$gitHash',
+                          );
+                          await launchUrl(
+                            url,
+                            mode: LaunchMode.externalApplication,
+                          );
+                        },
+                        child: Text(
+                          'App Version: $version',
+                          style: const TextStyle(
+                            fontSize: 12,
+                            color: Colors.blue,
+                            decoration: TextDecoration.underline,
+                          ),
+                          textAlign: TextAlign.center,
+                        ),
+                      );
+                    },
+                  ),
+                  const SizedBox(height: 4),
+                  GestureDetector(
+                    onTap: () async {
+                      final url = Uri.parse(
+                        'https://codeberg.org/guettli/sharedinbox/commit/$gitHash',
+                      );
+                      await launchUrl(
+                        url,
+                        mode: LaunchMode.externalApplication,
+                      );
+                    },
+                    child: Text(
+                      'Git Commit: $gitHash',
+                      style: const TextStyle(
+                        fontSize: 12,
+                        color: Colors.blue,
+                        decoration: TextDecoration.underline,
+                      ),
+                      textAlign: TextAlign.center,
+                    ),
+                  ),
+                ],
                const SizedBox(height: 24),
                const Text(
                  'Error Details:',
@@ -38,6 +38,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
  var _sieveSsl = true;
  var _verbose = false;
  final _jmapUrlCtrl = TextEditingController();
+  bool _hasStoredPassword = false;

  // -- "Try connection" state ------------------------------------------------
  bool _tryTesting = false;
@@ -50,6 +51,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
    _smtpHostCtrl.addListener(_rebuild);
    _sieveHostCtrl.addListener(_rebuild);
    _imapHostCtrl.addListener(_rebuild);
+    _passwordCtrl.addListener(_rebuild);
    unawaited(_load());
  }

@@ -63,6 +65,11 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
      context.pop();
      return;
    }
+    try {
+      await repo.getPassword(account.id);
+      _hasStoredPassword = true;
+    } catch (_) {}
+    if (!mounted) return;
    _account = account;
    _displayNameCtrl.text = account.displayName;
    _usernameCtrl.text = account.username;
@@ -84,6 +91,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
    _smtpHostCtrl.removeListener(_rebuild);
    _sieveHostCtrl.removeListener(_rebuild);
    _imapHostCtrl.removeListener(_rebuild);
+    _passwordCtrl.removeListener(_rebuild);
    for (final c in [
      _displayNameCtrl,
      _usernameCtrl,
@@ -267,10 +275,12 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
            ),
            _field(
              _passwordCtrl,
-              'New password (leave blank to keep)',
+              _hasStoredPassword
+                  ? 'New password (leave blank to keep)'
+                  : 'Password',
              key: const Key('editPasswordField'),
              obscure: true,
-              required: false,
+              required: !_hasStoredPassword,
            ),
            if (account.type == AccountType.jmap) ...[
              const Divider(height: 32),
@@ -345,10 +355,17 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
              testing: _tryTesting,
              okMessage: _tryOk,
              errorMessage: _tryErr,
-              onPressed: _tryConnection,
+              onPressed: _hasStoredPassword || _passwordCtrl.text.isNotEmpty
+                  ? _tryConnection
+                  : null,
            ),
            const SizedBox(height: 8),
-            FilledButton(onPressed: _save, child: const Text('Save')),
+            FilledButton(
+              onPressed: _hasStoredPassword || _passwordCtrl.text.isNotEmpty
+                  ? _save
+                  : null,
+              child: const Text('Save'),
+            ),
          ],
        ),
      ),
@@ -0,0 +1,79 @@
+import 'package:flutter/material.dart';
+
+import 'package:sharedinbox/core/models/mailbox.dart';
+import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
+
+enum _MissingFolderChoice { chooseExisting, createNew }
+
+/// Resolves a mailbox by role, prompting the user to choose or create one when
+/// the role is not found.  Returns the target [Mailbox], or null if cancelled.
+Future<Mailbox?> resolveMailboxByRole(
+  BuildContext context,
+  MailboxRepository mailboxRepo,
+  String accountId,
+  String currentMailboxPath,
+  String role, {
+  required String dialogTitle,
+  required String createFolderName,
+}) async {
+  Mailbox? mailbox = await mailboxRepo.findMailboxByRole(accountId, role);
+  if (!context.mounted) return null;
+  if (mailbox != null) return mailbox;
+
+  final choice = await showDialog<_MissingFolderChoice>(
+    context: context,
+    builder: (ctx) => AlertDialog(
+      title: Text(dialogTitle),
+      actions: [
+        TextButton(
+          onPressed: () =>
+              Navigator.pop(ctx, _MissingFolderChoice.chooseExisting),
+          child: const Text('Choose existing folder'),
+        ),
+        FilledButton(
+          onPressed: () => Navigator.pop(ctx, _MissingFolderChoice.createNew),
+          child: Text('Create "$createFolderName"'),
+        ),
+      ],
+    ),
+  );
+  if (!context.mounted || choice == null) return null;
+
+  switch (choice) {
+    case _MissingFolderChoice.chooseExisting:
+      final mailboxes = await mailboxRepo.observeMailboxes(accountId).first;
+      if (!context.mounted) return null;
+      final chosen = await showModalBottomSheet<String>(
+        context: context,
+        builder: (ctx) => ListView(
+          shrinkWrap: true,
+          children: [
+            const ListTile(
+              title: Text(
+                'Move to…',
+                style: TextStyle(fontWeight: FontWeight.bold),
+              ),
+            ),
+            for (final m
+                in mailboxes.where((m) => m.path != currentMailboxPath))
+              ListTile(
+                leading: const Icon(Icons.folder_outlined),
+                title: Text(m.name),
+                onTap: () => Navigator.pop(ctx, m.path),
+              ),
+          ],
+        ),
+      );
+      if (chosen == null || !context.mounted) return null;
+      mailbox = mailboxes.firstWhere((m) => m.path == chosen);
+    case _MissingFolderChoice.createNew:
+      mailbox = await mailboxRepo.createMailboxWithRole(
+        accountId,
+        createFolderName,
+        role,
+      );
+      if (!context.mounted) return null;
+  }
+
+  return mailbox;
+}
@@ -13,9 +13,11 @@ import 'package:share_plus/share_plus.dart';

 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/utils/format_utils.dart';
 import 'package:sharedinbox/core/utils/html_utils.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/screens/email_action_helpers.dart';
 import 'package:sharedinbox/ui/widgets/secure_email_webview.dart';
 import 'package:sharedinbox/ui/widgets/snooze_picker.dart';
 import 'package:url_launcher/url_launcher.dart';
@@ -43,15 +45,15 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    ref.listen<AsyncValue<(Email?, EmailBody)>>(
      emailDetailProvider(widget.emailId),
      (_, next) {
-        final email = next.valueOrNull?.$1;
+        final email = next.value?.$1;
        if (email != null && mounted) {
          setState(() => _isFlagged = email.isFlagged);
        }
      },
    );

-    final header = detail.valueOrNull?.$1;
-    final body = detail.valueOrNull?.$2;
+    final header = detail.value?.$1;
+    final body = detail.value?.$2;

    final isMobile = defaultTargetPlatform == TargetPlatform.android ||
        defaultTargetPlatform == TargetPlatform.iOS;
@@ -70,61 +72,25 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
            onPressed: header == null
                ? null
                : () {
-                    unawaited(_reply(context, header, body, replyAll: false));
+                    unawaited(
+                      _replyWithRecipientDialog(context, header, body),
+                    );
                  },
          ),
          IconButton(
-            icon: const Icon(Icons.reply_all),
-            tooltip: 'Reply all',
+            icon: const Icon(Icons.archive),
+            tooltip: 'Archive',
            onPressed: header == null
                ? null
                : () {
-                    unawaited(_reply(context, header, body, replyAll: true));
+                    unawaited(_archive(context, header));
                  },
          ),
-          IconButton(
-            icon: const Icon(Icons.forward),
-            tooltip: 'Forward',
-            onPressed: header == null
-                ? null
-                : () {
-                    unawaited(_forward(context, header, body));
-                  },
-          ),
-          IconButton(
-            icon: const Icon(Icons.mark_email_unread_outlined),
-            tooltip: 'Mark as unread',
-            onPressed: () async {
-              await repo.setFlag(widget.emailId, seen: false);
-              if (context.mounted) context.pop();
-            },
-          ),
-          IconButton(
-            icon: Icon(
-              _isFlagged ? Icons.star : Icons.star_border,
-              color: _isFlagged ? Colors.amber : null,
-            ),
-            tooltip: _isFlagged ? 'Unflag' : 'Flag',
-            onPressed: () async {
-              final next = !_isFlagged;
-              await repo.setFlag(widget.emailId, flagged: next);
-              if (mounted) setState(() => _isFlagged = next);
-            },
-          ),
-          IconButton(
-            icon: const Icon(Icons.drive_file_move_outline),
-            tooltip: 'Move to folder',
-            onPressed: header == null ? null : () => _moveTo(context, header),
-          ),
-          IconButton(
-            icon: const Icon(Icons.access_time),
-            tooltip: 'Snooze',
-            onPressed: header == null ? null : () => _snooze(context, header),
-          ),
          IconButton(
            icon: const Icon(Icons.delete),
            tooltip: 'Delete',
            onPressed: () async {
+              final nextEmailId = await _getNextEmailIdIfNeeded(header);
              final destPath = await repo.deleteEmail(widget.emailId);

              if (header != null) {
@@ -143,11 +109,44 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                );
              }

-              if (context.mounted) context.pop();
+              if (context.mounted) _navigateTo(context, header, nextEmailId);
+            },
+          ),
+          IconButton(
+            icon: Icon(
+              _isFlagged ? Icons.star : Icons.star_border,
+              color: _isFlagged ? Colors.amber : null,
+            ),
+            tooltip: _isFlagged ? 'Unflag' : 'Flag',
+            onPressed: () async {
+              final next = !_isFlagged;
+              await repo.setFlag(widget.emailId, flagged: next);
+              if (mounted) setState(() => _isFlagged = next);
            },
          ),
          PopupMenuButton<String>(
            itemBuilder: (ctx) => [
+              const PopupMenuItem(
+                value: 'forward',
+                child: Text('Forward'),
+              ),
+              const PopupMenuItem(
+                value: 'move',
+                child: Text('Move to folder'),
+              ),
+              const PopupMenuItem(
+                value: 'snooze',
+                child: Text('Snooze'),
+              ),
+              const PopupMenuItem(
+                value: 'spam',
+                child: Text('Mark as spam'),
+              ),
+              const PopupMenuItem(
+                value: 'mark_unread',
+                child: Text('Mark as unread'),
+              ),
+              const PopupMenuDivider(),
              const PopupMenuItem(
                value: 'headers',
                child: Text('Show Mail Headers'),
@@ -161,8 +160,20 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                child: Text('Show Raw Email'),
              ),
            ],
-            onSelected: (value) {
-              if (value == 'headers' && body != null) {
+            onSelected: (value) async {
+              if (value == 'forward' && header != null) {
+                unawaited(_forward(context, header, body));
+              } else if (value == 'move' && header != null) {
+                unawaited(_moveTo(context, header));
+              } else if (value == 'snooze' && header != null) {
+                unawaited(_snooze(context, header));
+              } else if (value == 'spam' && header != null) {
+                unawaited(_markAsSpam(context, header));
+              } else if (value == 'mark_unread') {
+                final nextEmailId = await _getNextEmailIdIfNeeded(header);
+                await repo.setFlag(widget.emailId, seen: false);
+                if (context.mounted) _navigateTo(context, header, nextEmailId);
+              } else if (value == 'headers' && body != null) {
                _showHeaders(context, body);
              } else if (value == 'structure' && body != null) {
                _showStructure(context, body);
@@ -241,6 +252,39 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    );
  }

+  Future<String?> _getNextEmailIdIfNeeded(Email? header) async {
+    if (header == null) return null;
+    final prefs = ref.read(userPreferencesProvider).value;
+    final action =
+        prefs?.afterMailViewAction ?? AfterMailViewAction.nextMessage;
+    if (action != AfterMailViewAction.nextMessage) return null;
+
+    final threads = await ref
+        .read(emailRepositoryProvider)
+        .observeThreads(header.accountId, header.mailboxPath)
+        .first;
+
+    final currentIndex =
+        threads.indexWhere((t) => t.emailIds.contains(widget.emailId));
+    if (currentIndex >= 0 && currentIndex + 1 < threads.length) {
+      return threads[currentIndex + 1].latestEmailId;
+    }
+    return null;
+  }
+
+  void _navigateTo(BuildContext context, Email? header, String? nextEmailId) {
+    if (!context.mounted) return;
+    if (nextEmailId != null && header != null) {
+      context.go(
+        '/accounts/${header.accountId}'
+        '/mailboxes/${Uri.encodeComponent(header.mailboxPath)}'
+        '/emails/${Uri.encodeComponent(nextEmailId)}',
+      );
+    } else {
+      context.pop();
+    }
+  }
+
  Future<void> _downloadAndOpen(EmailAttachment att) async {
    setState(() => _downloading.add(att.filename));
    try {
@@ -303,17 +347,78 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    return '\n\n— On $date, $from wrote:\n$quoted';
  }

-  Future<void> _reply(
+  Future<void> _replyWithRecipientDialog(
+    BuildContext context,
+    Email header,
+    EmailBody? body,
+  ) async {
+    final account =
+        await ref.read(accountRepositoryProvider).getAccount(header.accountId);
+    final ownEmail = account?.email.toLowerCase() ?? '';
+
+    final seen = <String>{};
+    final candidates = <_Candidate>[];
+
+    void addIfNew(EmailAddress addr, _Placement defaultPlacement) {
+      final key = addr.email.toLowerCase();
+      if (key == ownEmail || seen.contains(key)) return;
+      seen.add(key);
+      candidates.add(_Candidate(addr, defaultPlacement));
+    }
+
+    for (final addr in header.from) {
+      addIfNew(addr, _Placement.to);
+    }
+    for (final addr in header.to) {
+      addIfNew(addr, _Placement.to);
+    }
+    for (final addr in header.cc) {
+      addIfNew(addr, _Placement.cc);
+    }
+
+    if (!context.mounted) return;
+
+    if (candidates.length <= 1) {
+      final to = candidates
+          .where((c) => c.placement == _Placement.to)
+          .map((c) => c.address.email)
+          .join(', ');
+      final cc = candidates
+          .where((c) => c.placement == _Placement.cc)
+          .map((c) => c.address.email)
+          .join(', ');
+      await _composeReply(context, header, body, to: to, cc: cc);
+      return;
+    }
+
+    final confirmed = await showDialog<List<_Candidate>>(
+      context: context,
+      builder: (ctx) => _ReplyAllDialog(candidates: candidates),
+    );
+
+    if (confirmed == null || !context.mounted) return;
+
+    final to = confirmed
+        .where((c) => c.placement == _Placement.to)
+        .map((c) => c.address.email)
+        .join(', ');
+    final cc = confirmed
+        .where((c) => c.placement == _Placement.cc)
+        .map((c) => c.address.email)
+        .join(', ');
+    await _composeReply(context, header, body, to: to, cc: cc);
+  }
+
+  Future<void> _composeReply(
    BuildContext context,
    Email header,
    EmailBody? body, {
-    required bool replyAll,
+    required String to,
+    required String cc,
  }) async {
-    final to = header.from.isNotEmpty ? header.from.first.email : '';
    final subject = (header.subject?.startsWith('Re:') ?? false)
        ? header.subject!
        : 'Re: ${header.subject ?? ''}';
-    final cc = replyAll ? header.to.map((a) => a.email).join(', ') : '';
    final quoted = await _quotedBody(header, body);
    if (!context.mounted) return;
    unawaited(
@@ -330,6 +435,78 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    );
  }

+  Future<void> _archive(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+    if (!context.mounted) return;
+
+    final mailbox = await resolveMailboxByRole(
+      context,
+      ref.read(mailboxRepositoryProvider),
+      header.accountId,
+      header.mailboxPath,
+      'archive',
+      dialogTitle: 'No archive folder found',
+      createFolderName: 'Archive',
+    );
+
+    if (mailbox == null || !context.mounted) return;
+
+    await ref
+        .read(emailRepositoryProvider)
+        .moveEmail(widget.emailId, mailbox.path);
+
+    unawaited(
+      ref.read(undoServiceProvider.notifier).pushAction(
+            UndoAction(
+              id: DateTime.now().toIso8601String(),
+              accountId: header.accountId,
+              type: UndoType.move,
+              emailIds: [widget.emailId],
+              sourceMailboxPath: header.mailboxPath,
+              destinationMailboxPath: mailbox.path,
+            ),
+          ),
+    );
+
+    if (context.mounted) _navigateTo(context, header, nextEmailId);
+  }
+
+  Future<void> _markAsSpam(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+    if (!context.mounted) return;
+
+    final mailbox = await resolveMailboxByRole(
+      context,
+      ref.read(mailboxRepositoryProvider),
+      header.accountId,
+      header.mailboxPath,
+      'junk',
+      dialogTitle: 'No spam folder found',
+      createFolderName: 'Junk',
+    );
+
+    if (mailbox == null || !context.mounted) return;
+
+    await ref
+        .read(emailRepositoryProvider)
+        .moveEmail(widget.emailId, mailbox.path);
+
+    unawaited(
+      ref.read(undoServiceProvider.notifier).pushAction(
+            UndoAction(
+              id: DateTime.now().toIso8601String(),
+              accountId: header.accountId,
+              type: UndoType.move,
+              emailIds: [widget.emailId],
+              sourceMailboxPath: header.mailboxPath,
+              destinationMailboxPath: mailbox.path,
+            ),
+          ),
+    );
+
+    if (context.mounted) _navigateTo(context, header, nextEmailId);
+  }
+
  Future<void> _forward(
    BuildContext context,
    Email header,
@@ -352,6 +529,8 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
  }

  Future<void> _moveTo(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+
    final mailboxRepo = ref.read(mailboxRepositoryProvider);
    final mailboxes =
        await mailboxRepo.observeMailboxes(header.accountId).first;
@@ -400,10 +579,13 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
          ),
    );

-    if (context.mounted) context.pop();
+    if (context.mounted) _navigateTo(context, header, nextEmailId);
  }

  Future<void> _snooze(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+    if (!context.mounted) return;
+
    final until = await showModalBottomSheet<DateTime>(
      context: context,
      builder: (ctx) => const SnoozePicker(),
@@ -431,7 +613,7 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
          ),
        ),
      );
-      context.pop();
+      _navigateTo(context, header, nextEmailId);
    }
  }

@@ -670,6 +852,94 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
  }
 }

+enum _Placement { to, cc, skip }
+
+class _Candidate {
+  _Candidate(this.address, this.placement);
+  final EmailAddress address;
+  _Placement placement;
+}
+
+class _ReplyAllDialog extends StatefulWidget {
+  const _ReplyAllDialog({required this.candidates});
+  final List<_Candidate> candidates;
+
+  @override
+  State<_ReplyAllDialog> createState() => _ReplyAllDialogState();
+}
+
+class _ReplyAllDialogState extends State<_ReplyAllDialog> {
+  late final List<_Candidate> _candidates;
+
+  @override
+  void initState() {
+    super.initState();
+    _candidates = [
+      for (final c in widget.candidates) _Candidate(c.address, c.placement),
+    ];
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    return AlertDialog(
+      title: const Text('Reply All'),
+      content: SizedBox(
+        width: double.maxFinite,
+        child: ListView(
+          shrinkWrap: true,
+          children: [
+            for (final c in _candidates)
+              Padding(
+                padding: const EdgeInsets.symmetric(vertical: 4),
+                child: Row(
+                  children: [
+                    Expanded(
+                      child: Text(
+                        c.address.toString(),
+                        overflow: TextOverflow.ellipsis,
+                      ),
+                    ),
+                    const SizedBox(width: 8),
+                    SegmentedButton<_Placement>(
+                      showSelectedIcon: false,
+                      segments: const [
+                        ButtonSegment(
+                          value: _Placement.to,
+                          label: Text('To'),
+                        ),
+                        ButtonSegment(
+                          value: _Placement.cc,
+                          label: Text('Cc'),
+                        ),
+                        ButtonSegment(
+                          value: _Placement.skip,
+                          label: Text('Skip'),
+                        ),
+                      ],
+                      selected: {c.placement},
+                      onSelectionChanged: (s) =>
+                          setState(() => c.placement = s.first),
+                    ),
+                  ],
+                ),
+              ),
+          ],
+        ),
+      ),
+      actions: [
+        TextButton(
+          onPressed: () => Navigator.pop(context),
+          child: const Text('Cancel'),
+        ),
+        TextButton(
+          onPressed: () => Navigator.pop(context, _candidates),
+          child: const Text('Reply'),
+        ),
+      ],
+    );
+  }
+}
+
 class _MimeRow {
  const _MimeRow(this.depth, this.label);
  final int depth;
@@ -712,10 +982,13 @@ class _UnsubscribeChip extends StatelessWidget {
  Widget build(BuildContext context) {
    final uri = _parseUnsubscribeUri(header);
    if (uri == null) return const SizedBox.shrink();
-    return ActionChip(
-      avatar: const Icon(Icons.unsubscribe_outlined, size: 16),
-      label: const Text('Unsubscribe'),
-      onPressed: () => launchUrl(uri, mode: LaunchMode.externalApplication),
+    return Tooltip(
+      message: uri.toString(),
+      child: ActionChip(
+        avatar: const Icon(Icons.unsubscribe_outlined, size: 16),
+        label: const Text('Unsubscribe'),
+        onPressed: () => launchUrl(uri, mode: LaunchMode.externalApplication),
+      ),
    );
  }
 }
@@ -8,8 +8,10 @@ import 'package:intl/intl.dart';
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/screens/email_action_helpers.dart';
 import 'package:sharedinbox/ui/widgets/email_tile.dart';
 import 'package:sharedinbox/ui/widgets/folder_drawer.dart';
 import 'package:sharedinbox/ui/widgets/snooze_picker.dart';
@@ -147,16 +149,21 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
  Widget build(BuildContext context) {
    final repo = ref.watch(emailRepositoryProvider);
    final accountAsync = ref.watch(accountByIdProvider(widget.accountId));
+    final prefs =
+        ref.watch(userPreferencesProvider).value ?? const UserPreferences();
+    final menuAtBottom = prefs.menuPosition == MenuPosition.bottom;

    return Scaffold(
-      appBar: _buildAppBar(repo, accountAsync),
+      appBar: _buildAppBar(repo, accountAsync, menuAtBottom: menuAtBottom),
      drawer: _selecting
          ? null
          : FolderDrawer(
              accountId: widget.accountId,
              currentMailboxPath: widget.mailboxPath,
            ),
-      bottomNavigationBar: _selecting ? _selectionBottomBar() : null,
+      bottomNavigationBar: _selecting
+          ? _selectionBottomBar()
+          : (menuAtBottom ? _folderNavBottomBar() : null),
      body: Column(
        children: [
          _buildSyncErrorBanner(),
@@ -172,12 +179,14 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {

  PreferredSizeWidget _buildAppBar(
    EmailRepository emailRepo,
-    AsyncValue<Account?> accountAsync,
-  ) {
+    AsyncValue<Account?> accountAsync, {
+    required bool menuAtBottom,
+  }) {
    final selectionCount =
        _searching ? _selectedSearchIds.length : _selectedThreadIds.length;

    return AppBar(
+      automaticallyImplyLeading: !menuAtBottom,
      leading: _selecting
          ? IconButton(
              icon: const Icon(Icons.close),
@@ -261,9 +270,9 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {

  Widget _buildSyncButton(EmailRepository emailRepo) {
    final isSyncing =
-        ref.watch(isSyncingProvider(widget.accountId)).valueOrNull ?? false;
+        ref.watch(isSyncingProvider(widget.accountId)).value ?? false;
    final hasError =
-        ref.watch(syncLastErrorProvider(widget.accountId)).valueOrNull != null;
+        ref.watch(syncLastErrorProvider(widget.accountId)).value != null;
    return IconButton(
      tooltip: isSyncing
          ? 'Syncing…'
@@ -300,6 +309,22 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    );
  }

+  Widget _folderNavBottomBar() {
+    return BottomAppBar(
+      child: Row(
+        children: [
+          Builder(
+            builder: (context) => IconButton(
+              icon: const Icon(Icons.menu),
+              tooltip: 'Open folders',
+              onPressed: () => Scaffold.of(context).openDrawer(),
+            ),
+          ),
+        ],
+      ),
+    );
+  }
+
  Widget _selectionBottomBar() {
    return BottomAppBar(
      child: Row(
@@ -350,7 +375,7 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {

  Widget _buildSyncErrorBanner() {
    final errorAsync = ref.watch(syncLastErrorProvider(widget.accountId));
-    final error = errorAsync.valueOrNull;
+    final error = errorAsync.value;
    if (error == null || error == _dismissedError) {
      return const SizedBox.shrink();
    }
@@ -420,24 +445,26 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    );
  }

-  Future<void> _batchMoveToRole(String role, String notFoundMessage) async {
+  Future<void> _batchMoveToRole(
+    String role, {
+    required String dialogTitle,
+    required String createFolderName,
+  }) async {
    final ids = _selectedEmailIds;
    _clearSelection();
-    final mailbox = await ref
-        .read(mailboxRepositoryProvider)
-        .findMailboxByRole(widget.accountId, role);
-    if (!mounted) return;
-    if (mailbox == null) {
-      ScaffoldMessenger.of(
-        context,
-      ).showSnackBar(
-        SnackBar(
-          duration: const Duration(seconds: 5),
-          content: Text(notFoundMessage),
-        ),
-      );
-      return;
-    }
+
+    final mailbox = await resolveMailboxByRole(
+      context,
+      ref.read(mailboxRepositoryProvider),
+      widget.accountId,
+      widget.mailboxPath,
+      role,
+      dialogTitle: dialogTitle,
+      createFolderName: createFolderName,
+    );
+
+    if (!mounted || mailbox == null) return;
+
    final repo = ref.read(emailRepositoryProvider);

    // Fetch full email data before moving so we can restore them if user clicks Undo.
@@ -463,8 +490,11 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    unawaited(ref.read(undoServiceProvider.notifier).pushAction(action));
  }

-  Future<void> _batchArchive() =>
-      _batchMoveToRole('archive', 'No archive folder found');
+  Future<void> _batchArchive() => _batchMoveToRole(
+        'archive',
+        dialogTitle: 'No archive folder found',
+        createFolderName: 'Archive',
+      );

  Future<void> _refreshSearchAndPopIfEmpty() async {
    if (!mounted || !_searching) return;
@@ -543,8 +573,11 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    }
  }

-  Future<void> _batchMarkSpam() =>
-      _batchMoveToRole('junk', 'No spam folder found');
+  Future<void> _batchMarkSpam() => _batchMoveToRole(
+        'junk',
+        dialogTitle: 'No spam folder found',
+        createFolderName: 'Junk',
+      );

  Future<void> _batchMove() async {
    final ids = _selectedEmailIds;
@@ -4,6 +4,7 @@ import 'package:go_router/go_router.dart';

 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/mailbox.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/widgets/folder_drawer.dart';
@@ -17,8 +18,12 @@ class MailboxListScreen extends ConsumerWidget {
    final mailboxRepo = ref.watch(mailboxRepositoryProvider);
    final emailRepo = ref.watch(emailRepositoryProvider);
    final accountAsync = ref.watch(accountByIdProvider(accountId));
+    final prefs =
+        ref.watch(userPreferencesProvider).value ?? const UserPreferences();
+    final menuAtBottom = prefs.menuPosition == MenuPosition.bottom;
    return Scaffold(
      appBar: AppBar(
+        automaticallyImplyLeading: !menuAtBottom,
        title: const Text('Folders'),
        actions: [
          IconButton(
@@ -42,6 +47,19 @@ class MailboxListScreen extends ConsumerWidget {
        ],
      ),
      drawer: FolderDrawer(accountId: accountId),
+      bottomNavigationBar: menuAtBottom
+          ? BottomAppBar(
+              child: Row(
+                children: [
+                  IconButton(
+                    icon: const Icon(Icons.menu),
+                    tooltip: 'Open folders',
+                    onPressed: () => Scaffold.of(context).openDrawer(),
+                  ),
+                ],
+              ),
+            )
+          : null,
      body: Column(
        children: [
          // ── Failed-mutation banner ───────────────────────────────────────
@@ -1,11 +1,15 @@
 import 'dart:async';

 import 'package:flutter/material.dart';
+import 'package:flutter/services.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:intl/intl.dart';
+import 'package:package_info_plus/package_info_plus.dart';

+import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/utils/about_markdown.dart';

 final _timeFmt = DateFormat('MMM d, HH:mm:ss');

@@ -21,6 +25,57 @@ String _fmtBytes(int bytes) {
  return '${(bytes / (1024 * 1024)).toStringAsFixed(1)} MB';
 }

+String _buildSyncEntryMarkdown(SyncLogEntry entry) {
+  final buf = StringBuffer();
+  buf.writeln('## Sync Entry');
+  buf.writeln();
+  buf.writeln('| Property | Value |');
+  buf.writeln('|----------|-------|');
+  buf.writeln('| Started | ${_timeFmt.format(entry.startedAt)} |');
+  buf.writeln('| Finished | ${_timeFmt.format(entry.finishedAt)} |');
+  buf.writeln('| Duration | ${_fmtDuration(entry.duration)} |');
+  if (entry.protocol.isNotEmpty) {
+    buf.writeln('| Protocol | ${entry.protocol.toUpperCase()} |');
+  }
+  final statusLabel = entry.isOk
+      ? 'OK'
+      : entry.isPermanent
+          ? 'Error (permanent)'
+          : 'Error';
+  buf.writeln('| Status | $statusLabel |');
+  buf.writeln('| Emails fetched | ${entry.emailsFetched} |');
+  buf.writeln('| Emails up-to-date | ${entry.emailsSkipped} |');
+  buf.writeln('| Mailboxes synced | ${entry.mailboxesSynced} |');
+  buf.writeln('| Pending changes flushed | ${entry.pendingFlushed} |');
+  buf.writeln('| Data transferred | ${_fmtBytes(entry.bytesTransferred)} |');
+  if (entry.mailboxStats.isNotEmpty) {
+    buf.writeln();
+    buf.writeln('### Per mailbox');
+    buf.writeln();
+    buf.writeln('| Mailbox | Fetched | Up-to-date | Duration |');
+    buf.writeln('|---------|---------|------------|----------|');
+    for (final m in entry.mailboxStats) {
+      final dur = m.duration != null ? _fmtDuration(m.duration!) : '-';
+      buf.writeln('| ${m.mailboxPath} | ${m.fetched} | ${m.skipped} | $dur |');
+    }
+  }
+  if (entry.errorMessage != null) {
+    buf.writeln();
+    buf.writeln('**Error:**');
+    buf.writeln();
+    buf.writeln(entry.errorMessage);
+  }
+  if (entry.stackTrace != null) {
+    buf.writeln();
+    buf.writeln('**Stack trace:**');
+    buf.writeln();
+    buf.writeln('```');
+    buf.write(entry.stackTrace);
+    buf.writeln('```');
+  }
+  return buf.toString();
+}
+
 class SyncLogScreen extends ConsumerStatefulWidget {
  const SyncLogScreen({super.key, required this.accountId});

@@ -69,6 +124,41 @@ class _SyncLogScreenState extends ConsumerState<SyncLogScreen> {
    ref.read(syncManagerProvider).syncNow(widget.accountId);
  }

+  Future<void> _copyEntry(SyncLogEntry entry, BuildContext context) async {
+    final accounts =
+        await ref.read(accountRepositoryProvider).observeAccounts().first;
+    final imapCount = accounts.where((a) => a.type == AccountType.imap).length;
+    final jmapCount = accounts.where((a) => a.type == AccountType.jmap).length;
+
+    PackageInfo? pkg;
+    try {
+      pkg = await PackageInfo.fromPlatform();
+    } catch (_) {}
+
+    final deviceModel = await getDeviceModel();
+
+    if (!context.mounted) return;
+
+    final syncMd = _buildSyncEntryMarkdown(entry);
+    final aboutMd = buildAboutMarkdown(
+      context: context,
+      pkg: pkg,
+      imapCount: imapCount,
+      jmapCount: jmapCount,
+      deviceModel: deviceModel,
+    );
+    await Clipboard.setData(ClipboardData(text: '$syncMd\n$aboutMd'));
+
+    if (context.mounted) {
+      ScaffoldMessenger.of(context).showSnackBar(
+        const SnackBar(
+          duration: Duration(seconds: 3),
+          content: Text('Copied to clipboard'),
+        ),
+      );
+    }
+  }
+
  @override
  Widget build(BuildContext context) {
    return Scaffold(
@@ -96,16 +186,20 @@ class _SyncLogScreenState extends ConsumerState<SyncLogScreen> {
          ? const Center(child: Text('No sync entries yet'))
          : ListView.builder(
              itemCount: _entries.length,
-              itemBuilder: (ctx, i) => _SyncLogTile(entry: _entries[i]),
+              itemBuilder: (ctx, i) => _SyncLogTile(
+                entry: _entries[i],
+                onCopy: () => _copyEntry(_entries[i], ctx),
+              ),
            ),
    );
  }
 }

 class _SyncLogTile extends StatelessWidget {
-  const _SyncLogTile({required this.entry});
+  const _SyncLogTile({required this.entry, required this.onCopy});

  final SyncLogEntry entry;
+  final VoidCallback onCopy;

  @override
  Widget build(BuildContext context) {
@@ -115,6 +209,12 @@ class _SyncLogTile extends StatelessWidget {
    final theme = Theme.of(context);
    final errorColor = theme.colorScheme.error;

+    final subtitleText = entry.isOk
+        ? '${entry.emailsFetched} new · ${entry.emailsSkipped} up-to-date · took $durationLabel'
+        : entry.isPermanent
+            ? 'Error (permanent) · took $durationLabel'
+            : 'Error · took $durationLabel';
+
    return ExpansionTile(
      leading: Icon(
        entry.isOk ? Icons.check_circle : Icons.error_outline,
@@ -125,11 +225,20 @@ class _SyncLogTile extends StatelessWidget {
        style: entry.isOk ? null : TextStyle(color: errorColor),
      ),
      subtitle: Text(
-        entry.isOk
-            ? '${entry.emailsFetched} new · ${entry.emailsSkipped} up-to-date · took $durationLabel'
-            : 'Error · took $durationLabel',
+        subtitleText,
        style: TextStyle(fontSize: 12, color: entry.isOk ? null : errorColor),
      ),
+      trailing: Row(
+        mainAxisSize: MainAxisSize.min,
+        children: [
+          IconButton(
+            icon: const Icon(Icons.copy, size: 18),
+            tooltip: 'Copy as markdown',
+            onPressed: onCopy,
+          ),
+          const Icon(Icons.expand_more),
+        ],
+      ),
      children: [
        Padding(
          padding: const EdgeInsets.fromLTRB(72, 0, 16, 12),
@@ -171,6 +280,31 @@ class _SyncLogTile extends StatelessWidget {
                    style: TextStyle(color: errorColor, fontSize: 12),
                  ),
                ),
+              if (entry.stackTrace != null) ...[
+                const Padding(
+                  padding: EdgeInsets.only(top: 6, bottom: 2),
+                  child: Text(
+                    'Stack trace',
+                    style: TextStyle(fontSize: 12, color: Colors.grey),
+                  ),
+                ),
+                Container(
+                  width: double.infinity,
+                  padding: const EdgeInsets.all(8),
+                  decoration: BoxDecoration(
+                    color: Colors.black87,
+                    borderRadius: BorderRadius.circular(4),
+                  ),
+                  child: Text(
+                    entry.stackTrace!,
+                    style: TextStyle(
+                      fontSize: 10,
+                      fontFamily: 'monospace',
+                      color: Colors.red[300],
+                    ),
+                  ),
+                ),
+              ],
              if (entry.protocolLog != null) ...[
                const Padding(
                  padding: EdgeInsets.only(top: 6, bottom: 2),
@@ -7,6 +7,7 @@ import 'package:intl/intl.dart';

 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/utils/html_utils.dart';
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/widgets/secure_email_webview.dart';
@@ -28,9 +29,16 @@ class ThreadDetailScreen extends ConsumerWidget {
  @override
  Widget build(BuildContext context, WidgetRef ref) {
    final repo = ref.watch(emailRepositoryProvider);
+    final prefs =
+        ref.watch(userPreferencesProvider).value ?? const UserPreferences();
+    final buttonAtBottom = prefs.mailViewButtonPosition == MenuPosition.bottom;

    return Scaffold(
-      appBar: AppBar(title: const Text('Thread')),
+      appBar: AppBar(
+        title: const Text('Thread'),
+        automaticallyImplyLeading: !buttonAtBottom,
+      ),
+      bottomNavigationBar: buttonAtBottom ? _buildBackButtonBar(context) : null,
      body: StreamBuilder<List<Email>>(
        stream: repo.observeEmailsInThread(accountId, mailboxPath, threadId),
        builder: (context, snapshot) {
@@ -60,6 +68,20 @@ class ThreadDetailScreen extends ConsumerWidget {
      ),
    );
  }
+
+  Widget _buildBackButtonBar(BuildContext context) {
+    return BottomAppBar(
+      child: Row(
+        children: [
+          IconButton(
+            icon: const Icon(Icons.arrow_back),
+            tooltip: 'Back',
+            onPressed: () => context.pop(),
+          ),
+        ],
+      ),
+    );
+  }
 }

 class _EmailMessageCard extends ConsumerStatefulWidget {
@@ -0,0 +1,145 @@
+import 'dart:async';
+
+import 'package:flutter/material.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+
+import 'package:sharedinbox/core/models/user_preferences.dart';
+import 'package:sharedinbox/di.dart';
+
+class UserPreferencesScreen extends ConsumerWidget {
+  const UserPreferencesScreen({super.key});
+
+  @override
+  Widget build(BuildContext context, WidgetRef ref) {
+    final prefsAsync = ref.watch(userPreferencesProvider);
+
+    return Scaffold(
+      appBar: AppBar(title: const Text('Preferences')),
+      body: prefsAsync.when(
+        loading: () => const Center(child: CircularProgressIndicator()),
+        error: (_, __) =>
+            const Center(child: Text('Error loading preferences')),
+        data: (prefs) => ListView(
+          children: [
+            ListTile(
+              title: Text(
+                'Menu bar position',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'Where the folder navigation menu is shown in the mailbox view.',
+              ),
+            ),
+            RadioGroup<MenuPosition>(
+              groupValue: prefs.menuPosition,
+              onChanged: (value) {
+                if (value == null) return;
+                unawaited(
+                  ref
+                      .read(userPreferencesRepositoryProvider)
+                      .updateMenuPosition(value),
+                );
+              },
+              child: const Column(
+                children: [
+                  RadioListTile<MenuPosition>(
+                    title: Text('Bottom (default)'),
+                    subtitle: Text(
+                      'Open folder navigation from a button at the bottom of the screen.',
+                    ),
+                    value: MenuPosition.bottom,
+                  ),
+                  RadioListTile<MenuPosition>(
+                    title: Text('Top'),
+                    subtitle: Text(
+                      'Open folder navigation from the hamburger icon in the top bar.',
+                    ),
+                    value: MenuPosition.top,
+                  ),
+                ],
+              ),
+            ),
+            const Divider(),
+            ListTile(
+              title: Text(
+                'Single mail view button position',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'Where the back button is shown in the single mail view.',
+              ),
+            ),
+            RadioGroup<MenuPosition>(
+              groupValue: prefs.mailViewButtonPosition,
+              onChanged: (value) {
+                if (value == null) return;
+                unawaited(
+                  ref
+                      .read(userPreferencesRepositoryProvider)
+                      .updateMailViewButtonPosition(value),
+                );
+              },
+              child: const Column(
+                children: [
+                  RadioListTile<MenuPosition>(
+                    title: Text('Bottom (default)'),
+                    subtitle: Text(
+                      'Show the back button at the bottom of the screen.',
+                    ),
+                    value: MenuPosition.bottom,
+                  ),
+                  RadioListTile<MenuPosition>(
+                    title: Text('Top'),
+                    subtitle: Text(
+                      'Show the back button in the top bar.',
+                    ),
+                    value: MenuPosition.top,
+                  ),
+                ],
+              ),
+            ),
+            const Divider(),
+            ListTile(
+              title: Text(
+                'After mail action',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'What to show after deleting, archiving, or otherwise handling a message.',
+              ),
+            ),
+            RadioGroup<AfterMailViewAction>(
+              groupValue: prefs.afterMailViewAction,
+              onChanged: (value) {
+                if (value == null) return;
+                unawaited(
+                  ref
+                      .read(userPreferencesRepositoryProvider)
+                      .updateAfterMailViewAction(value),
+                );
+              },
+              child: const Column(
+                children: [
+                  RadioListTile<AfterMailViewAction>(
+                    title: Text('Next message (default)'),
+                    subtitle: Text(
+                      'Show the next message in the mailbox.',
+                    ),
+                    value: AfterMailViewAction.nextMessage,
+                  ),
+                  RadioListTile<AfterMailViewAction>(
+                    title: Text('Return to mailbox'),
+                    subtitle: Text(
+                      'Return to the message list.',
+                    ),
+                    value: AfterMailViewAction.showMailbox,
+                  ),
+                ],
+              ),
+            ),
+          ],
+        ),
+      ),
+    );
+  }
+}
@@ -0,0 +1,75 @@
+import 'dart:io';
+
+import 'package:device_info_plus/device_info_plus.dart';
+import 'package:flutter/material.dart';
+import 'package:package_info_plus/package_info_plus.dart';
+import 'package:sharedinbox/core/db_schema_version.dart';
+
+const _gitHash = String.fromEnvironment('GIT_HASH');
+
+/// Builds the About markdown table used in [AboutScreen] and sync log copies.
+String buildAboutMarkdown({
+  required BuildContext context,
+  PackageInfo? pkg,
+  required int imapCount,
+  required int jmapCount,
+  String? deviceModel,
+}) {
+  final size = MediaQuery.of(context).size;
+  final pixelRatio = MediaQuery.of(context).devicePixelRatio;
+  final physW = (size.width * pixelRatio).toInt();
+  final physH = (size.height * pixelRatio).toInt();
+  final version = pkg != null ? '${pkg.version}+${pkg.buildNumber}' : 'unknown';
+  final versionDisplay = _gitHash.isNotEmpty
+      ? '[$version](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash)'
+      : version;
+  final osName = _capitalize(Platform.operatingSystem);
+  final isDark = MediaQuery.of(context).platformBrightness == Brightness.dark;
+  final locale = Localizations.localeOf(context).toString();
+  final textScale =
+      MediaQuery.of(context).textScaler.scale(1.0).toStringAsFixed(1);
+
+  final gitCommitLine = _gitHash.isNotEmpty
+      ? '| Git Commit | [$_gitHash](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash) |\n'
+      : '';
+  final deviceModelLine =
+      deviceModel != null ? '| Device Model | $deviceModel |\n' : '';
+
+  return '## [sharedinbox.de](https://sharedinbox.de)\n\n'
+      '| Property | Value |\n'
+      '|----------|-------|\n'
+      '| App Version | $versionDisplay |\n'
+      '$gitCommitLine'
+      '| Platform | ${Platform.operatingSystem} |\n'
+      '| $osName Version | ${Platform.operatingSystemVersion} |\n'
+      '$deviceModelLine'
+      '| Resolution | ${physW}x$physH px'
+      ' (logical: ${size.width.toInt()}x${size.height.toInt()} pt,'
+      ' ratio: ${pixelRatio.toStringAsFixed(1)}x) |\n'
+      '| Dart Version | ${Platform.version.split(' ').first} |\n'
+      '| Processors | ${Platform.numberOfProcessors} |\n'
+      '| Dark Mode | ${isDark ? 'yes' : 'no'} |\n'
+      '| Locale | $locale |\n'
+      '| Text Scale | $textScale× |\n'
+      '| DB Schema Version | $dbSchemaVersion |\n'
+      '| IMAP Accounts | $imapCount |\n'
+      '| JMAP Accounts | $jmapCount |\n';
+}
+
+/// Fetches device model string, or null when unavailable.
+Future<String?> getDeviceModel() async {
+  try {
+    final info = DeviceInfoPlugin();
+    if (Platform.isAndroid) {
+      final android = await info.androidInfo;
+      return '${android.manufacturer} / ${android.model}';
+    } else if (Platform.isIOS) {
+      final ios = await info.iosInfo;
+      return ios.utsname.machine;
+    }
+  } catch (_) {}
+  return null;
+}
+
+String _capitalize(String s) =>
+    s.isEmpty ? s : '${s[0].toUpperCase()}${s.substring(1)}';
@@ -31,10 +31,13 @@ String buildEmailHtml(String htmlBody, {bool loadRemoteImages = false}) {
 <meta name="color-scheme" content="light">
 <meta http-equiv="Content-Security-Policy" content="$csp">
 <style>
-body { margin: 0; padding: 0; font-family: sans-serif; word-break: break-word; color-scheme: light; background-color: #ffffff; color: #000000; }
+body { margin: 0; padding: 0; font-family: sans-serif; word-break: break-word; overflow-x: hidden; color-scheme: light; background-color: #ffffff; color: #000000; }
 img { max-width: 100%; height: auto; }
 a { color: #1976D2; }
-* { box-sizing: border-box; }
+* { box-sizing: border-box; max-width: 100%; }
+table { width: 100%; border-collapse: collapse; }
+td, th { overflow-wrap: break-word; word-break: break-word; }
+pre { white-space: pre-wrap; word-break: break-word; overflow-x: auto; }
 </style>
 </head>
 <body>
@@ -108,12 +111,16 @@ class _SecureEmailWebViewState extends State<SecureEmailWebView> {
      );

  Future<void> _measureHeight(String _) async {
-    final result = await _controller!.runJavaScriptReturningResult(
-      'document.documentElement.scrollHeight',
-    );
-    final h = double.tryParse(result.toString());
-    if (h != null && h > 0 && mounted) {
-      setState(() => _height = h);
+    try {
+      final result = await _controller!.runJavaScriptReturningResult(
+        'document.documentElement.scrollHeight',
+      );
+      final h = double.tryParse(result.toString());
+      if (h != null && h > 0 && mounted) {
+        setState(() => _height = h);
+      }
+    } catch (_) {
+      // WebView not ready yet; height stays at default
    }
  }

@@ -249,6 +249,22 @@ packages:
      url: "https://pub.dev"
    source: hosted
    version: "0.7.12"
+  device_info_plus:
+    dependency: "direct main"
+    description:
+      name: device_info_plus
+      sha256: "6a642e1daa10190af89ba6cb6386c0df7d071a3592080bfe1e44faa63ae1df65"
+      url: "https://pub.dev"
+    source: hosted
+    version: "13.1.0"
+  device_info_plus_platform_interface:
+    dependency: transitive
+    description:
+      name: device_info_plus_platform_interface
+      sha256: "04b173a92e2d9161dfead145667037c8d834db725ce2e7b942bfe18fd2f45a46"
+      url: "https://pub.dev"
+    source: hosted
+    version: "8.1.0"
  drift:
    dependency: "direct main"
    description:
@@ -313,6 +329,14 @@ packages:
      url: "https://pub.dev"
    source: hosted
    version: "2.2.0"
+  ffi_leak_tracker:
+    dependency: transitive
+    description:
+      name: ffi_leak_tracker
+      sha256: "4093d4ef9ca06ffe2786e73bfb25e22aa92112b9bb4ec941f11e3e6b61489a97"
+      url: "https://pub.dev"
+    source: hosted
+    version: "0.1.2"
  file:
    dependency: transitive
    description:
@@ -325,10 +349,10 @@ packages:
    dependency: "direct main"
    description:
      name: file_picker
-      sha256: ab13ae8ef5580a411c458d6207b6774a6c237d77ac37011b13994879f68a8810
+      sha256: "0204695694b687b167fd497da5252e9f4aaa162e8d274d6fa1e757380f2a5f46"
      url: "https://pub.dev"
    source: hosted
-    version: "8.3.7"
+    version: "12.0.0-beta.4"
  fixnum:
    dependency: transitive
    description:
@@ -351,34 +375,42 @@ packages:
    dependency: "direct dev"
    description:
      name: flutter_lints
-      sha256: "3f41d009ba7172d5ff9be5f6e6e6abb4300e263aab8866d2a0842ed2a70f8f0c"
+      sha256: "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1"
      url: "https://pub.dev"
    source: hosted
-    version: "4.0.0"
+    version: "6.0.0"
  flutter_local_notifications:
    dependency: "direct main"
    description:
      name: flutter_local_notifications
-      sha256: ef41ae901e7529e52934feba19ed82827b11baa67336829564aeab3129460610
+      sha256: "0d9035862236fe38250fe1644d7ed3b8254e34a21b2c837c9f539fbb3bba5ef1"
      url: "https://pub.dev"
    source: hosted
-    version: "18.0.1"
+    version: "21.0.0"
  flutter_local_notifications_linux:
    dependency: transitive
    description:
      name: flutter_local_notifications_linux
-      sha256: "8f685642876742c941b29c32030f6f4f6dacd0e4eaecb3efbb187d6a3812ca01"
+      sha256: e0f25e243c6c44c825bbbc6b2b2e76f7d9222362adcfe9fd780bf01923c840bd
      url: "https://pub.dev"
    source: hosted
-    version: "5.0.0"
+    version: "8.0.0"
  flutter_local_notifications_platform_interface:
    dependency: transitive
    description:
      name: flutter_local_notifications_platform_interface
-      sha256: "6c5b83c86bf819cdb177a9247a3722067dd8cc6313827ce7c77a4b238a26fd52"
+      sha256: e7db3d5b49c2b7ecc68deba4aaaa67a348f92ee0fef34c8e4b4459dbef0d7307
      url: "https://pub.dev"
    source: hosted
-    version: "8.0.0"
+    version: "11.0.0"
+  flutter_local_notifications_windows:
+    dependency: transitive
+    description:
+      name: flutter_local_notifications_windows
+      sha256: "3a2654ba104fbb52c618ebed9def24ef270228470718c43b3a6afcd5c81bef0c"
+      url: "https://pub.dev"
+    source: hosted
+    version: "3.0.0"
  flutter_markdown_plus:
    dependency: "direct main"
    description:
@@ -399,34 +431,34 @@ packages:
    dependency: "direct main"
    description:
      name: flutter_riverpod
-      sha256: "9532ee6db4a943a1ed8383072a2e3eeda041db5657cdf6d2acecf3c21ecbe7e1"
+      sha256: "4e166be88e1dbbaa34a280bdb744aeae73b7ef25fdf8db7a3bb776760a3648e2"
      url: "https://pub.dev"
    source: hosted
-    version: "2.6.1"
+    version: "3.3.1"
  flutter_secure_storage:
    dependency: "direct main"
    description:
      name: flutter_secure_storage
-      sha256: "6848263f9744072d0977347c383fb8b57d9780319a6bf5238b5a2866a029de62"
+      sha256: d2a6ac2df7353f5ca47eb159a5407c1dba7ec48ca0e02dc38c9ff4d29447b261
      url: "https://pub.dev"
    source: hosted
-    version: "10.2.0"
+    version: "10.3.0"
  flutter_secure_storage_darwin:
    dependency: transitive
    description:
      name: flutter_secure_storage_darwin
-      sha256: "67cd1ff671add31dc13e45194398187a04bb63804b37fa47866afae296d73fcb"
+      sha256: "82329fa5cdf343773b1b6897dea959105a29f092454259edff92f9f6637e8149"
      url: "https://pub.dev"
    source: hosted
-    version: "0.3.1"
+    version: "0.3.2"
  flutter_secure_storage_linux:
    dependency: transitive
    description:
      name: flutter_secure_storage_linux
-      sha256: "2b5c76dce569ab752d55a1cee6a2242bcc11fdba927078fb88c503f150767cda"
+      sha256: a5f35ddab43cf5c8215d2feb4ce1957851f28c5c37e6f04335066a0602087bf5
      url: "https://pub.dev"
    source: hosted
-    version: "3.0.0"
+    version: "3.0.1"
  flutter_secure_storage_platform_interface:
    dependency: transitive
    description:
@@ -447,10 +479,10 @@ packages:
    dependency: transitive
    description:
      name: flutter_secure_storage_windows
-      sha256: "3b7c8e068875dfd46719ff57c90d8c459c87f2302ed6b00ff006b3c9fcad1613"
+      sha256: "471951813a97006d899db4948acc654a4f28c440083ea08178935ce20b173ec1"
      url: "https://pub.dev"
    source: hosted
-    version: "4.1.0"
+    version: "4.2.2"
  flutter_test:
    dependency: "direct dev"
    description: flutter
@@ -486,10 +518,10 @@ packages:
    dependency: "direct main"
    description:
      name: go_router
-      sha256: f02fd7d2a4dc512fec615529824fdd217fecb3a3d3de68360293a551f21634b3
+      sha256: "92d8cee7c57dff0a6c409c05597b460002434eccf7424a712283225b3962d03f"
      url: "https://pub.dev"
    source: hosted
-    version: "14.8.1"
+    version: "17.2.3"
  graphs:
    dependency: transitive
    description:
@@ -587,10 +619,10 @@ packages:
    dependency: transitive
    description:
      name: lints
-      sha256: "976c774dd944a42e83e2467f4cc670daef7eed6295b10b36ae8c85bcbf828235"
+      sha256: "12f842a479589fea194fe5c5a3095abc7be0c1f2ddfa9a0e76aed1dbd26a87df"
      url: "https://pub.dev"
    source: hosted
-    version: "4.0.0"
+    version: "6.1.0"
  logging:
    dependency: transitive
    description:
@@ -627,10 +659,10 @@ packages:
    dependency: transitive
    description:
      name: meta
-      sha256: "23f08335362185a5ea2ad3a4e597f1375e78bce8a040df5c600c8d3552ef2394"
+      sha256: "1741988757a65eb6b36abe716829688cf01910bbf91c34354ff7ec1c3de2b349"
      url: "https://pub.dev"
    source: hosted
-    version: "1.17.0"
+    version: "1.18.0"
  mime:
    dependency: "direct main"
    description:
@@ -643,10 +675,10 @@ packages:
    dependency: "direct main"
    description:
      name: mobile_scanner
-      sha256: d234581c090526676fd8fab4ada92f35c6746e3fb4f05a399665d75a399fb760
+      sha256: c92c26bf2231695b6d3477c8dcf435f51e28f87b1745966b1fe4c47a286171ce
      url: "https://pub.dev"
    source: hosted
-    version: "5.2.3"
+    version: "7.2.0"
  mockito:
    dependency: "direct dev"
    description:
@@ -699,18 +731,18 @@ packages:
    dependency: "direct main"
    description:
      name: package_info_plus
-      sha256: "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968"
+      sha256: "4bf625947f6c7713ee242296a682e23e44823c09cf9d79e4f1238923c92db852"
      url: "https://pub.dev"
    source: hosted
-    version: "8.3.1"
+    version: "10.1.0"
  package_info_plus_platform_interface:
    dependency: transitive
    description:
      name: package_info_plus_platform_interface
-      sha256: "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086"
+      sha256: db762cb2f4f25ee60fb6359773861b0f199e00b90d237bd85a76a1e806b46ef4
      url: "https://pub.dev"
    source: hosted
-    version: "3.2.1"
+    version: "4.1.0"
  path:
    dependency: "direct main"
    description:
@@ -875,26 +907,26 @@ packages:
    dependency: transitive
    description:
      name: riverpod
-      sha256: "59062512288d3056b2321804332a13ffdd1bf16df70dcc8e506e411280a72959"
+      sha256: "8c22216be8ad3ef2b44af3a329693558c98eca7b8bd4ef495c92db0bba279f83"
      url: "https://pub.dev"
    source: hosted
-    version: "2.6.1"
+    version: "3.2.1"
  share_plus:
    dependency: "direct main"
    description:
      name: share_plus
-      sha256: "223873d106614442ea6f20db5a038685cc5b32a2fba81cdecaefbbae0523f7fa"
+      sha256: a857d8b1479250aff6b57a51b2c02d31ca05848d441817c43f1640c885c286c0
      url: "https://pub.dev"
    source: hosted
-    version: "12.0.2"
+    version: "13.1.0"
  share_plus_platform_interface:
    dependency: transitive
    description:
      name: share_plus_platform_interface
-      sha256: "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a"
+      sha256: "7f7ae28cf400d13f811e297ff37742dba83b79e0a6f5dce14eec0248274e6ce9"
      url: "https://pub.dev"
    source: hosted
-    version: "6.1.0"
+    version: "7.1.0"
  shelf:
    dependency: transitive
    description:
@@ -976,10 +1008,10 @@ packages:
    dependency: "direct main"
    description:
      name: sqlite3_flutter_libs
-      sha256: eeb9e3a45207649076b808f8a5a74d68770d0b7f26ccef6d5f43106eee5375ad
+      sha256: "3ed7553eee7bb368f8950f58ba29f634e06e813c029aff6a0d60862b96de8454"
      url: "https://pub.dev"
    source: hosted
-    version: "0.5.42"
+    version: "0.6.0+eol"
  sqlparser:
    dependency: transitive
    description:
@@ -1056,34 +1088,34 @@ packages:
    dependency: "direct dev"
    description:
      name: test
-      sha256: "280d6d890011ca966ad08df7e8a4ddfab0fb3aa49f96ed6de56e3521347a9ae7"
+      sha256: "8d9ceddbab833f180fbefed08afa76d7c03513dfdba87ffcec2718b02bbcbf20"
      url: "https://pub.dev"
    source: hosted
-    version: "1.30.0"
+    version: "1.31.0"
  test_api:
    dependency: transitive
    description:
      name: test_api
-      sha256: "8161c84903fd860b26bfdefb7963b3f0b68fee7adea0f59ef805ecca346f0c7a"
+      sha256: "949a932224383300f01be9221c39180316445ecb8e7547f70a41a35bf421fb9e"
      url: "https://pub.dev"
    source: hosted
-    version: "0.7.10"
+    version: "0.7.11"
  test_core:
    dependency: transitive
    description:
      name: test_core
-      sha256: "0381bd1585d1a924763c308100f2138205252fb90c9d4eeaf28489ee65ccde51"
+      sha256: "1991d4cfe85d5043241acac92962c3977c8d2f2add1ee73130c7b286417d1d34"
      url: "https://pub.dev"
    source: hosted
-    version: "0.6.16"
+    version: "0.6.17"
  timezone:
    dependency: transitive
    description:
      name: timezone
-      sha256: dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1
+      sha256: "784a5e34d2eb62e1326f24d6f600aaaee452eb8ca8ef2f384a59244e292d158b"
      url: "https://pub.dev"
    source: hosted
-    version: "0.10.1"
+    version: "0.11.0"
  typed_data:
    dependency: transitive
    description:
@@ -1101,13 +1133,13 @@ packages:
    source: hosted
    version: "6.3.2"
  url_launcher_android:
-    dependency: transitive
+    dependency: "direct overridden"
    description:
      name: url_launcher_android
-      sha256: "3bb000251e55d4a209aa0e2e563309dc9bb2befea2295fd0cec1f51760aac572"
+      sha256: "5c8b6c2d89a78f5a1cca70a73d9d5f86c701b36b42f9c9dac7bad592113c28e9"
      url: "https://pub.dev"
    source: hosted
-    version: "6.3.29"
+    version: "6.3.24"
  url_launcher_ios:
    dependency: transitive
    description:
@@ -1264,10 +1296,18 @@ packages:
    dependency: transitive
    description:
      name: win32
-      sha256: d7cb55e04cd34096cd3a79b3330245f54cb96a370a1c27adb3c84b917de8b08e
+      sha256: ba6f4bba816c8d7e3c1580e170f3786d216951cc6b94babc3b814c08d2cb2738
      url: "https://pub.dev"
    source: hosted
-    version: "5.15.0"
+    version: "6.3.0"
+  win32_registry:
+    dependency: transitive
+    description:
+      name: win32_registry
+      sha256: "73b1d78920a9d6e03f8b4e43e612b87bf3152a0e5c5e5150267762b7c4116904"
+      url: "https://pub.dev"
+    source: hosted
+    version: "3.0.3"
  workmanager:
    dependency: "direct main"
    description:
@@ -19,15 +19,15 @@ dependencies:

  # Local persistence (offline-first)
  drift: ^2.20.3
-  sqlite3_flutter_libs: ^0.5.28
+  sqlite3_flutter_libs: ^0.6.0+eol
  path_provider: ^2.1.5
  path: ^1.9.1

  # State management
-  flutter_riverpod: ^2.6.1
+  flutter_riverpod: ^3.0.0

  # Navigation
-  go_router: ^14.8.1
+  go_router: ^17.2.3

  # Secure credential storage (passwords)
  flutter_secure_storage: ^10.0.0
@@ -36,7 +36,7 @@ dependencies:
  intl: any

  # File picking (compose attachments) and opening downloaded attachments
-  file_picker: ^8.0.0
+  file_picker: ^12.0.0-beta.4
  open_filex: ^4.6.0
  mime: ^2.0.0

@@ -47,7 +47,7 @@ dependencies:
  cryptography: ^2.7.0

  # QR code scanning (camera) for secure account import
-  mobile_scanner: ^5.0.0
+  mobile_scanner: ^7.2.0

  # HTML rendering for email bodies
  webview_flutter: ^4.0.0
@@ -55,19 +55,20 @@ dependencies:
  flutter_markdown_plus: ^1.0.7

  # Background sync and local notifications
-  flutter_local_notifications: ^18.0.1
+  flutter_local_notifications: ^21.0.0
  workmanager: ^0.9.0

  # App version metadata for crash reports
-  package_info_plus: ^8.0.0
-  share_plus: ^12.0.2
+  package_info_plus: ^10.1.0
+  share_plus: ^13.1.0
+  device_info_plus: ^13.1.0

 dev_dependencies:
  flutter_test:
    sdk: flutter
  integration_test:
    sdk: flutter
-  flutter_lints: ^4.0.0
+  flutter_lints: ^6.0.0
  drift_dev: ^2.20.3
  build_runner: ^2.4.13
  test: ^1.25.0
@@ -89,3 +90,7 @@ dependency_overrides:
  # (SIGSEGV in libdartjni.so FindClassUnchecked). Pin to 2.2.20 which uses
  # stable Pigeon and is known to work reliably.
  path_provider_android: ">=2.2.0 <2.2.21"
+  # url_launcher_android 6.3.25 updated to Pigeon 26, which causes a
+  # channel-error on launchUrl on some Android devices (same root cause as
+  # path_provider_android). Pin to <6.3.25 which uses stable Pigeon.
+  url_launcher_android: ">=6.3.0 <6.3.25"
@@ -0,0 +1,16 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ],
+  "labels": ["dependencies"],
+  "github-actions": {
+    "enabled": false
+  },
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["minor", "patch", "pin", "digest", "lockFileMaintenance"],
+      "addLabels": ["automerge"]
+    }
+  ]
+}
@@ -1,598 +0,0 @@
-#!/usr/bin/env python3
-"""
-agent_loop.py — called from cron every 10 minutes.
-
-Flow
----
-1. Agent already running?
-   a. Age > 1 h  → kill it, set its issue to State/Question, exit 1
-   b. Age ≤ 1 h  → print status, exit 0  (let it keep working)
-2. No agent running → extract pending_issue from state (if any), then check CI
-   a. CI is running         → save pending-ci state, exit 0
-   b. Latest CI failed      → start fix-CI agent (preserving pending_issue), exit 0
-   c. CI ok + pending_issue → close the issue (CI passed), exit 0
-   d. CI ok (or no run yet) → find oldest Ready issue, start issue agent,
-                              save state, exit 0
-   e. No Ready issues       → print "nothing to do", exit 0
-
-Issue agents must NOT close the issue themselves; the loop closes it after CI passes.
-
-State file: ~/.sharedinbox-agent-state.json
-  { "pid": 12345, "issue": 91,
-    "started_at": "2026-05-15T12:00:00+00:00", "type": "issue" }
-
-Output is written to ~/.sharedinbox-agent-logs/<session>-<timestamp>.log.
-Resume the Claude conversation afterward with:
-
-  claude --resume issue-91
-"""
-
-import argparse
-import json
-import os
-import shlex
-import subprocess
-import sys
-from datetime import datetime, timezone
-from pathlib import Path
-
-# Cron runs with a minimal PATH; ensure Nix profile binaries (tea, claude) and ~/go/bin (fgj) are found.
-os.environ["PATH"] = (
-    f"{Path.home()}/.nix-profile/bin"
-    f":{Path.home()}/go/bin"
-    f":{os.environ.get('PATH', '/usr/bin:/bin')}"
-)
-
-# ── configuration ─────────────────────────────────────────────────────────────
-
-REPO = "guettli/sharedinbox"
-REPO_URL = f"https://codeberg.org/{REPO}"
-STATE_FILE = Path.home() / ".sharedinbox-agent-state.json"
-MAX_AGENT_AGE_SECONDS = 3600  # 1 hour
-CLAUDE_PROJECTS_DIR = Path.home() / ".claude" / "projects" / (
-    "-" + str(Path.home())[1:].replace("/", "-")
-)
-
-# Labels used by the workflow.
-LABEL_READY = "State/Ready"
-LABEL_IN_PROGRESS = "State/InProgress"
-LABEL_QUESTION = "State/Question"
-LABEL_PRIO_HIGH = "Prio/High"
-
-# Only pick up issues filed by these accounts.
-ALLOWED_ISSUE_AUTHORS = {"guettli", "guettlibot", "guettlibot2"}
-
-# ── helpers ───────────────────────────────────────────────────────────────────
-
-
-def _issue_url(number: int) -> str:
-    return f"{REPO_URL}/issues/{number}"
-
-
-def _ci_run_url(run_id: int) -> str:
-    return f"{REPO_URL}/actions/runs/{run_id}"
-
-
-def _fgj(*args: str) -> None:
-    """Run a fgj command, raising on failure."""
-    cmd = ["fgj", "--hostname", "codeberg.org", *args]
-    result = subprocess.run(cmd, capture_output=True, text=True)
-    if result.returncode != 0:
-        raise RuntimeError(
-            f"fgj {' '.join(args)} failed:\n{result.stderr or result.stdout}"
-        )
-
-
-def _tea_get(path: str) -> dict | list | None:
-    """Run a tea api GET and return parsed JSON. Only use for reads — tea PATCH/PUT
-    silently fails (exits 0) when unauthenticated, so writes must go via fgj."""
-    cmd = ["tea", "api", path]
-    result = subprocess.run(cmd, capture_output=True, text=True)
-    if result.returncode != 0:
-        raise RuntimeError(
-            f"tea api {path} failed:\n{result.stderr or result.stdout}"
-        )
-    out = result.stdout.strip()
-    if not out:
-        return None
-    data = json.loads(out)
-    if isinstance(data, dict) and "message" in data and "url" in data:
-        raise RuntimeError(f"tea api {path} returned error: {data['message']}")
-    return data
-
-
-def _set_labels(issue: int, add: list[str], remove: list[str]) -> None:
-    """Add/remove labels on an issue via fgj."""
-    cmd = ["issue", "edit", str(issue), "--repo", REPO]
-    for label in add:
-        cmd += ["--add-label", label]
-    for label in remove:
-        cmd += ["--remove-label", label]
-    _fgj(*cmd)
-
-
-def _close_issue(issue: int) -> None:
-    _fgj("issue", "close", str(issue), "--repo", REPO)
-    _set_labels(issue, add=[], remove=[LABEL_IN_PROGRESS])
-
-
-def _comment_issue(issue: int, body: str) -> None:
-    _fgj("issue", "comment", str(issue), "--repo", REPO, "--body", body)
-
-
-def _ready_issues() -> list[dict]:
-    """Return open issues with State/Ready, Prio/High first, then oldest."""
-    result = subprocess.run(
-        ["fgj", "--hostname", "codeberg.org", "issue", "list",
-         "--repo", REPO, "--state", "open", "--json"],
-        capture_output=True, text=True, check=True,
-    )
-    data = json.loads(result.stdout) if result.stdout.strip() else []
-    ready = [
-        i for i in data
-        if any(lbl["name"] == LABEL_READY for lbl in i.get("labels", []))
-        and i.get("user", {}).get("login", "") in ALLOWED_ISSUE_AUTHORS
-    ]
-    ready.sort(key=lambda i: (
-        0 if any(lbl["name"] == LABEL_PRIO_HIGH for lbl in i.get("labels", [])) else 1,
-        i["number"],
-    ))
-    return ready
-
-
-def _latest_ci_run() -> dict | None:
-    data = _tea_get(f"repos/{REPO}/actions/runs?limit=1")
-    runs = (data or {}).get("workflow_runs", [])
-    return runs[0] if runs else None
-
-
-def _latest_ci_run_for_branch(branch: str) -> dict | None:
-    """Return the latest CI run for a specific branch, or None.
-
-    Forgejo's workflow_runs API has no top-level head_branch field.
-    For push events the branch is in ``prettyref``; for pull_request
-    events it lives inside ``event_payload["pull_request"]["head"]["ref"]``.
-    """
-    data = _tea_get(f"repos/{REPO}/actions/runs?limit=20")
-    runs = (data or {}).get("workflow_runs", [])
-    for run in runs:
-        if run.get("event") == "pull_request":
-            try:
-                payload = json.loads(run.get("event_payload", "{}"))
-                if payload.get("pull_request", {}).get("head", {}).get("ref") == branch:
-                    return run
-            except (json.JSONDecodeError, AttributeError):
-                pass
-        else:
-            if run.get("prettyref") == branch:
-                return run
-    return None
-
-
-def _find_pr_for_branch(branch: str) -> dict | None:
-    """Return the first open PR whose head branch matches, or None."""
-    result = subprocess.run(
-        ["fgj", "--hostname", "codeberg.org", "pr", "list",
-         "--repo", REPO, "--state", "open", "--json"],
-        capture_output=True, text=True,
-    )
-    if result.returncode != 0 or not result.stdout.strip():
-        return None
-    prs = json.loads(result.stdout)
-    for pr in prs:
-        head = pr.get("head", {})
-        ref = head.get("ref") or head.get("label", "").split(":")[-1]
-        if ref == branch:
-            return pr
-    return None
-
-
-def _merge_pr(pr_number: int) -> None:
-    """Squash-merge a PR via fgj."""
-    _fgj("pr", "merge", str(pr_number), "--repo", REPO, "--merge-method", "squash")
-
-
-# ── state file ────────────────────────────────────────────────────────────────
-
-
-def _read_state() -> dict | None:
-    if STATE_FILE.exists():
-        try:
-            return json.loads(STATE_FILE.read_text())
-        except Exception:
-            pass
-    return None
-
-
-def _write_state(pid: int | None, issue: int | None, kind: str, issue_title: str | None = None, session_name: str | None = None, ci_run_id: int | None = None) -> None:
-    data: dict = {
-        "pid": pid,
-        "issue": issue,
-        "started_at": datetime.now(timezone.utc).isoformat(),
-        "type": kind,
-    }
-    if issue_title is not None:
-        data["issue_title"] = issue_title
-    if session_name is not None:
-        data["session_name"] = session_name
-    if ci_run_id is not None:
-        data["ci_run_id_at_start"] = ci_run_id
-    STATE_FILE.write_text(json.dumps(data, indent=2))
-    STATE_FILE.chmod(0o600)
-
-
-def _clear_state() -> None:
-    STATE_FILE.unlink(missing_ok=True)
-
-
-# ── agent launcher ────────────────────────────────────────────────────────────
-
-
-def _start_agent(prompt: str, session_name: str) -> int:
-    """Start Claude Code as a detached background process and return its PID."""
-    log_dir = Path.home() / ".sharedinbox-agent-logs"
-    log_dir.mkdir(mode=0o700, exist_ok=True)
-    log_dir.chmod(0o700)  # fix permissions if dir already existed with wrong mode
-    ts = datetime.now().strftime("%Y%m%dT%H%M%S")
-    log_file = log_dir / f"{session_name}-{ts}.log"
-
-    log_fh = open(log_file, "w", opener=lambda p, f: os.open(p, f, 0o600))
-    proc = subprocess.Popen(
-        [
-            "claude",
-            "--dangerously-skip-permissions",
-            "--name", session_name,
-            "-p", prompt,
-        ],
-        stdin=subprocess.PIPE,
-        stdout=log_fh,
-        stderr=log_fh,
-        start_new_session=True,
-    )
-    log_fh.close()  # Parent closes its copy; the child retains the fd.
-    # Answer the workspace-trust dialog; after this the pipe hits EOF.
-    proc.stdin.write(b"\n")
-    proc.stdin.close()
-
-    print(f"Started agent pid={proc.pid}, log={log_file}")
-    print(f"  Resume: claude --resume {shlex.quote(session_name)}")
-    return proc.pid
-
-
-def _agent_alive(state: dict) -> bool:
-    """Return True if the agent process is still running."""
-    pid = state.get("pid")
-    if pid is None:
-        return False
-    try:
-        os.kill(pid, 0)
-        return True
-    except ProcessLookupError:
-        return False
-    except PermissionError:
-        return True
-
-
-def _agent_age_seconds(state: dict) -> float:
-    """Seconds elapsed since the agent was launched, from the state file timestamp."""
-    try:
-        started_at = datetime.fromisoformat(state["started_at"])
-        return (datetime.now(timezone.utc) - started_at).total_seconds()
-    except Exception:
-        return 0.0
-
-
-def _git_summary() -> str:
-    """Return a one-line summary of the latest commit and whether it's been pushed."""
-    try:
-        commit = subprocess.run(
-            ["git", "log", "--oneline", "-1"],
-            capture_output=True, text=True, check=True,
-        ).stdout.strip()
-        ahead = subprocess.run(
-            ["git", "rev-list", "--count", "HEAD@{u}..HEAD"],
-            capture_output=True, text=True,
-        )
-        if ahead.returncode == 0 and ahead.stdout.strip() != "0":
-            push_status = f"not pushed ({ahead.stdout.strip()} ahead)"
-        elif ahead.returncode == 0:
-            push_status = "pushed"
-        else:
-            push_status = "no upstream"
-        return f"{commit} [{push_status}]"
-    except Exception:
-        return ""
-
-
-def _kill_agent(state: dict) -> None:
-    """Forcefully stop the running agent."""
-    pid = state.get("pid")
-    if pid:
-        try:
-            os.kill(pid, 9)
-        except ProcessLookupError:
-            pass
-
-
-# ── subcommands ───────────────────────────────────────────────────────────────
-
-
-def cmd_list() -> int:
-    """List recent agent-loop sessions, newest first."""
-    if not CLAUDE_PROJECTS_DIR.exists():
-        print(f"No sessions found (directory missing: {CLAUDE_PROJECTS_DIR})")
-        return 0
-
-    sessions = []
-    for jsonl in CLAUDE_PROJECTS_DIR.glob("*.jsonl"):
-        agent_name = None
-        session_id = None
-        try:
-            with jsonl.open() as fh:
-                for line in fh:
-                    line = line.strip()
-                    if not line:
-                        continue
-                    d = json.loads(line)
-                    if d.get("type") == "agent-name":
-                        agent_name = d.get("agentName")
-                        session_id = d.get("sessionId")
-                        break
-        except Exception:
-            continue
-        if agent_name:
-            sessions.append((jsonl.stat().st_mtime, agent_name, session_id))
-
-    if not sessions:
-        print("No agent sessions found.")
-        return 0
-
-    sessions.sort(reverse=True)
-    total = len(sessions)
-    print(f"  {'DATE':<16}  {'NAME':<20}  UUID  (use with: claude --resume <uuid>)")
-    print(f"  {'-'*16}  {'-'*20}  {'-'*36}")
-    for mtime, name, sid in sessions[:20]:
-        ts = datetime.fromtimestamp(mtime).strftime("%Y-%m-%d %H:%M")
-        print(f"  {ts:<16}  {name:<20}  {sid}")
-    if total > 20:
-        print(f"  ... ({total - 20} more)")
-    return 0
-
-
-# ── main flow ─────────────────────────────────────────────────────────────────
-
-
-def _run_loop() -> int:
-    now = datetime.now(timezone.utc)
-    print(f"---------------------- Starting {now.strftime('%Y-%m-%d %H:%MZ')}")
-
-    state = _read_state()
-
-    # ── 1. Agent already running? ─────────────────────────────────────────────
-    if state and _agent_alive(state):
-        age = _agent_age_seconds(state)
-        issue = state.get("issue")
-        kind = state.get("type", "issue")
-        pid = state.get("pid", "?")
-
-        issue_title = state.get("issue_title", "")
-        issue_ref = (
-            f"{_issue_url(issue)} {issue_title}".strip() if issue else str(issue)
-        )
-
-        if age > MAX_AGENT_AGE_SECONDS:
-            print(
-                f"Agent pid={pid!r} ({issue_ref}) "
-                f"has been running for {age/60:.0f} min — aborting."
-            )
-            _kill_agent(state)
-            _clear_state()
-            if issue:
-                _set_labels(issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
-                _comment_issue(
-                    issue,
-                    f"Agent (pid {pid}) was killed after running for {age/60:.0f} min "
-                    f"(limit: {MAX_AGENT_AGE_SECONDS//60} min). "
-                    "Please investigate and resume manually.",
-                )
-                print(f"Set {_issue_url(issue)} to State/Question.")
-            return 1
-
-        session_name = state.get("session_name")
-        resume_cmd = f"claude --resume {shlex.quote(session_name)}" if session_name else ""
-        git_info = _git_summary()
-        parts = [
-            f"Agent pid={pid!r} ({kind}, {issue_ref}) still running ({age/60:.0f} min). Waiting.",
-        ]
-        if resume_cmd:
-            parts.append(f"  Resume: {resume_cmd}")
-        if git_info:
-            parts.append(f"  Commit: {git_info}")
-        print("\n".join(parts))
-        return 0
-
-    # Agent not running (or no state) — extract any pending issue, then clean up.
-    pending_issue: int | None = None
-    ci_run_id_at_start: int | None = None
-    if state:
-        pending_issue = state.get("issue")
-        ci_run_id_at_start = state.get("ci_run_id_at_start")
-        _clear_state()
-
-    # ── 2. Check for a PR opened by the agent ────────────────────────────────
-    if pending_issue:
-        branch = f"issue-{pending_issue}-fix"
-        pr = _find_pr_for_branch(branch)
-        if pr:
-            pr_number = pr["number"]
-            pr_url = f"{REPO_URL}/pulls/{pr_number}"
-            print(f"Found PR #{pr_number} ({pr_url}) for issue #{pending_issue}.")
-            pr_run = _latest_ci_run_for_branch(branch)
-
-            if pr_run and pr_run.get("status") == "running":
-                print(f"CI run {_ci_run_url(pr_run['id'])} on branch {branch!r} is running. Waiting.")
-                _write_state(None, pending_issue, "pending-ci")
-                return 0
-
-            if pr_run and pr_run.get("status") in ("failure", "error"):
-                print(f"CI run {_ci_run_url(pr_run['id'])} on branch {branch!r} failed — starting fix agent.")
-                prompt = (
-                    f"The Codeberg CI for guettli/sharedinbox just failed on branch {branch!r} "
-                    f"(PR #{pr_number}). "
-                    f"CI run: {_ci_run_url(pr_run['id'])}. "
-                    "Fetch the CI logs using the task ci-logs command or the Codeberg API. "
-                    "Identify the failure, fix it, commit, and push to the same branch. "
-                    "Do NOT push to main, do NOT close the issue, do NOT merge the PR. "
-                    "Verify locally with 'task check' before pushing. "
-                    "When done, stop."
-                )
-                session_name = f"ci-fix-pr-{pr_number}"
-                pid = _start_agent(prompt, session_name)
-                _write_state(pid, pending_issue, "ci-fix", session_name=session_name)
-                return 0
-
-            if not pr_run:
-                # No CI run yet — might be that CI hasn't triggered yet.
-                # Wait up to 15 min before giving up.
-                pr_created_at = pr.get("created_at", "")
-                try:
-                    created = datetime.fromisoformat(pr_created_at.replace("Z", "+00:00"))
-                    age_s = (datetime.now(timezone.utc) - created).total_seconds()
-                except Exception:
-                    age_s = 999999
-                if age_s < 900:
-                    print(
-                        f"PR #{pr_number} has no CI run yet (created {age_s/60:.0f} min ago). Waiting."
-                    )
-                    _write_state(None, pending_issue, "pending-ci")
-                    return 0
-                print(
-                    f"No CI run for branch {branch!r} after {age_s/60:.0f} min — "
-                    "agent may not have pushed. Setting to State/Question."
-                )
-                _set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
-                _comment_issue(
-                    pending_issue,
-                    f"Agent opened PR #{pr_number} but no CI run appeared on branch `{branch}` "
-                    f"after {age_s/60:.0f} min. The agent may not have pushed any commits. "
-                    "Please investigate and resume manually.",
-                )
-                return 0
-
-            # CI passed on the PR branch — squash-merge and close.
-            print(f"CI passed on branch {branch!r} — merging PR #{pr_number}.")
-            _merge_pr(pr_number)
-            _close_issue(pending_issue)
-            print(f"Merged PR #{pr_number} and closed {_issue_url(pending_issue)}.")
-            return 0
-
-    # ── 3. Global CI check (agent pushed to main, or no pending issue) ────────
-    run = _latest_ci_run()
-
-    if run and run.get("status") == "running":
-        print(f"CI run {_ci_run_url(run['id'])} is still running. Waiting.")
-        if pending_issue:
-            _write_state(None, pending_issue, "pending-ci")
-        return 0
-
-    if run and run.get("status") in ("failure", "error"):
-        print(f"CI run {_ci_run_url(run['id'])} failed — starting fix agent.")
-        prompt = (
-            "The Codeberg CI for guettli/sharedinbox just failed. "
-            f"The CI run ID is {run['id']}. "
-            "Fetch the CI logs using the task ci-logs command or the Codeberg API. "
-            "Identify the failure, fix it, commit, and push. "
-            "Verify locally with 'task check' before pushing. "
-            "When done, stop."
-        )
-        pid = _start_agent(prompt, "ci-fix")
-        _write_state(pid, pending_issue, "ci-fix", session_name="ci-fix")
-        return 0
-
-    # CI is ok (or no run).
-    if pending_issue:
-        latest_run_id = run["id"] if run else None
-        if ci_run_id_at_start is not None and latest_run_id == ci_run_id_at_start:
-            # CI run hasn't changed since the agent was launched → agent pushed nothing
-            # (likely crashed or hit a rate limit).
-            print(
-                f"No new CI run since agent started for {_issue_url(pending_issue)} "
-                f"(run id {latest_run_id}) — agent did nothing. Setting to State/Question."
-            )
-            _set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
-            _comment_issue(
-                pending_issue,
-                "The agent exited without pushing any changes (no new CI run was triggered). "
-                "This usually means the agent hit a rate limit or crashed at startup. "
-                "The issue has been set to State/Question — please review the agent log and retry.",
-            )
-            return 0
-        _close_issue(pending_issue)
-        print(f"CI passed — closed {_issue_url(pending_issue)}.")
-        return 0
-
-    # Find a Ready issue.
-    issues = _ready_issues()
-    if not issues:
-        print("No issues with State/Ready. Nothing to do.")
-        return 0
-
-    issue = issues[0]
-    issue_number = issue["number"]
-    issue_title = issue["title"]
-    issue_body = issue.get("body", "")
-
-    print(f"Starting agent for {_issue_url(issue_number)} {issue_title}")
-
-    # Mark InProgress before starting so the next cron tick sees it even if
-    # the agent hasn't had time to do so yet.
-    _set_labels(
-        issue_number,
-        add=[LABEL_IN_PROGRESS],
-        remove=[LABEL_READY],
-    )
-
-    prompt = f"""Work on Codeberg issue #{issue_number} in the guettli/sharedinbox repository.
-
-Issue title: {issue_title}
-
-Issue body:
-{issue_body}
-
-Instructions:
- Understand the issue thoroughly before writing any code.
- Implement the required change, following the existing code style.
- Write or update tests as appropriate.
- Run 'task check' locally and fix any failures before committing.
- Commit with a descriptive message referencing the issue number (e.g. "feat: ... (#{issue_number})").
- Create a branch named `issue-{issue_number}-fix`, push your changes there, and open a PR against main:
-      git checkout -b issue-{issue_number}-fix
-      git push -u origin issue-{issue_number}-fix
-      fgj pr create --title "fix: <short description> (#{issue_number})" \\
-        --head issue-{issue_number}-fix --base main --repo {REPO}
- Do NOT push to main, do NOT close the issue, and do NOT merge the PR — the loop handles that after CI passes.
- If you hit a blocker you cannot resolve, set the issue label to State/Question
-  and stop (do NOT close the issue).
- When the work is pushed and the PR is opened, stop. The loop will merge the PR and close the issue after CI passes.
-"""
-
-    session_name = f"issue-{issue_number}"
-    pid = _start_agent(prompt, session_name)
-    current_run_id = run["id"] if run else None
-    _write_state(pid, issue_number, "issue", issue_title, session_name=session_name, ci_run_id=current_run_id)
-    return 0
-
-
-def main() -> int:
-    parser = argparse.ArgumentParser(prog="agent_loop")
-    sub = parser.add_subparsers(dest="cmd")
-    sub.add_parser("list", help="List recent agent sessions")
-    args = parser.parse_args()
-
-    if args.cmd == "list":
-        return cmd_list()
-    return _run_loop()
-
-
-if __name__ == "__main__":
-    sys.exit(main())
@@ -11,6 +11,7 @@ const _minCoveragePercent = 80;

 // Pure-abstract interfaces: no executable code, Dart VM never instruments them.
 const _noCode = {
+  'lib/core/db_schema_version.dart',
  'lib/core/repositories/account_repository.dart',
  'lib/core/repositories/draft_repository.dart',
  'lib/core/repositories/email_repository.dart',
@@ -19,7 +20,9 @@ const _noCode = {
  'lib/core/repositories/sync_log_repository.dart',
  'lib/core/repositories/undo_repository.dart',
  'lib/core/repositories/search_history_repository.dart',
+  'lib/core/repositories/user_preferences_repository.dart',
  'lib/core/models/undo_action.dart',
+  'lib/core/models/user_preferences.dart',
  'lib/core/storage/secure_storage.dart',
 };

@@ -57,6 +60,8 @@ const _excluded = {
  'lib/ui/widgets/try_connection_button.dart',
  'lib/ui/widgets/undo_shell.dart',
  'lib/ui/screens/about_screen.dart',
+  'lib/ui/screens/email_action_helpers.dart',
+  'lib/ui/utils/about_markdown.dart',
  'lib/ui/widgets/email_tile.dart',
  'lib/core/sync/account_sync_manager.dart',
  'lib/core/sync/background_sync.dart',
@@ -70,6 +75,8 @@ const _excluded = {
  'lib/data/repositories/sync_log_repository_impl.dart',
  'lib/data/repositories/undo_repository_impl.dart',
  'lib/data/repositories/search_history_repository_impl.dart',
+  'lib/data/repositories/user_preferences_repository_impl.dart',
+  'lib/ui/screens/user_preferences_screen.dart',
  'lib/core/services/update_service.dart',
 };

@@ -6,76 +6,49 @@ import os
 import sys
 import time

-import requests
 from google.auth.transport.requests import AuthorizedSession
 from google.oauth2 import service_account

 PACKAGE_NAME = "de.sharedinbox.mua"
 AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
 TRACK = "internal"
-_TIMEOUT = 300  # seconds — AAB uploads can be large
-_MAX_UPLOAD_ATTEMPTS = 3
 _BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
 _UPLOAD_BASE = "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications"
+_MAX_UPLOAD_ATTEMPTS = 3


-def _make_session(config_json: str) -> AuthorizedSession:
-    creds = service_account.Credentials.from_service_account_info(
-        json.loads(config_json),
-        scopes=["https://www.googleapis.com/auth/androidpublisher"],
+def _upload_aab_resumable(session, package, edit_id, aab_path):
+    """Upload AAB using the Google resumable upload protocol."""
+    file_size = os.path.getsize(aab_path)
+    init_url = f"{_UPLOAD_BASE}/{package}/edits/{edit_id}/bundles"
+
+    # Step 1: initiate the resumable upload session
+    init_resp = session.post(
+        init_url,
+        params={"uploadType": "resumable"},
+        headers={
+            "X-Upload-Content-Type": "application/octet-stream",
+            "X-Upload-Content-Length": str(file_size),
+            "Content-Length": "0",
+        },
+        timeout=60,
    )
-    return AuthorizedSession(creds)
+    init_resp.raise_for_status()
+    upload_url = init_resp.headers["Location"]

-
-def _upload_aab(session: AuthorizedSession, edit_id: str) -> int:
-    """Resumable upload of the AAB. Returns the version code."""
-    file_size = os.path.getsize(AAB_PATH)
-
-    with open(AAB_PATH, "rb") as f:
-        data = f.read()
-
-    last_exc = None
-    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
-        try:
-            # Each attempt needs a fresh resumable upload URL — the previous URL expires on failure.
-            init_resp = session.post(
-                f"{_UPLOAD_BASE}/{PACKAGE_NAME}/edits/{edit_id}/bundles",
-                params={"uploadType": "resumable"},
-                headers={
-                    "X-Upload-Content-Type": "application/octet-stream",
-                    "X-Upload-Content-Length": str(file_size),
-                },
-                json={},
-                timeout=30,
-            )
-            if not init_resp.ok:
-                print(f"Init attempt {attempt + 1} failed: HTTP {init_resp.status_code}: {init_resp.text[:500]}")
-                init_resp.raise_for_status()
-            upload_url = init_resp.headers["Location"]
-
-            upload_resp = session.put(
-                upload_url,
-                data=data,
-                headers={
-                    "Content-Type": "application/octet-stream",
-                    "Content-Length": str(file_size),
-                },
-                timeout=_TIMEOUT,
-            )
-            if not upload_resp.ok:
-                print(f"Upload attempt {attempt + 1} failed: HTTP {upload_resp.status_code}: {upload_resp.text[:500]}")
-                upload_resp.raise_for_status()
-            return upload_resp.json()["versionCode"]
-        except requests.RequestException as exc:
-            last_exc = exc
-            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
-                delay = 10 * (2 ** attempt)
-                print(f"Attempt {attempt + 1} failed ({exc}), retrying in {delay}s…")
-                time.sleep(delay)
-
-    raise RuntimeError(
-        f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
-    ) from last_exc
+    # Step 2: upload the file in a single PUT to the session URI
+    with open(aab_path, "rb") as f:
+        upload_resp = session.put(
+            upload_url,
+            data=f,
+            headers={
+                "Content-Type": "application/octet-stream",
+                "Content-Length": str(file_size),
+            },
+            timeout=600,
+        )
+    upload_resp.raise_for_status()
+    return upload_resp.json()


 def main():
@@ -88,25 +61,45 @@ def main():
        print(f"Error: AAB not found at {AAB_PATH}", file=sys.stderr)
        sys.exit(1)

-    session = _make_session(config_json)
-
-    edit_resp = session.post(
-        f"{_BASE}/{PACKAGE_NAME}/edits",
-        json={},
-        timeout=30,
+    creds = service_account.Credentials.from_service_account_info(
+        json.loads(config_json),
+        scopes=["https://www.googleapis.com/auth/androidpublisher"],
    )
+    session = AuthorizedSession(creds)
+
+    edit_resp = session.post(f"{_BASE}/{PACKAGE_NAME}/edits", json={}, timeout=30)
    edit_resp.raise_for_status()
    edit_id = edit_resp.json()["id"]

-    version_code = _upload_aab(session, edit_id)
+    last_exc = None
+    bundle = None
+    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
+        try:
+            bundle = _upload_aab_resumable(session, PACKAGE_NAME, edit_id, AAB_PATH)
+            break
+        except Exception as exc:
+            last_exc = exc
+            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
+                delay = 10 * (2 ** attempt)
+                print(
+                    f"Upload attempt {attempt + 1} failed ({type(exc).__name__}: {exc}), "
+                    f"retrying in {delay}s…"
+                )
+                time.sleep(delay)
+    if bundle is None:
+        raise RuntimeError(
+            f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
+        ) from last_exc
+
+    version_code = bundle["versionCode"]
    print(f"Uploaded AAB, version code: {version_code}")

-    tracks_resp = session.put(
+    track_resp = session.put(
        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
        json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
        timeout=30,
    )
-    tracks_resp.raise_for_status()
+    track_resp.raise_for_status()

    commit_resp = session.post(
        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}:commit",
@@ -33,9 +33,6 @@ def list_remote_files(ssh_user: str, ssh_host: str, pattern: str) -> list[str]:
    result = subprocess.run(
        [
            "ssh",
-            "-v",
-            "-o", "StrictHostKeyChecking=no",
-            "-i", "/root/.ssh/id_ed25519",
            f"{ssh_user}@{ssh_host}",
            f"find {REMOTE_BUILDS_DIR} -name '{pattern}' -type f | sort",
        ],
@@ -14,14 +14,48 @@ if [ "$host" == "$port" ]; then
    port="8774"
 fi

-echo "Probing $host:$port..."
-if ! nc -zw 3 "$host" "$port" 2>/dev/null; then
-    echo "Error: No Dagger server responded on $host:$port"
-    exit 1
-fi
-echo "Found active Dagger server on $host:$port"
+MAX_PROBE_ATTEMPTS=5
+PROBE_DELAY=30
+for attempt in $(seq 1 $MAX_PROBE_ATTEMPTS); do
+    echo "Probing $host:$port (attempt $attempt/$MAX_PROBE_ATTEMPTS)..."
+    if nc -zw 5 "$host" "$port" 2>/dev/null; then
+        echo "Found active server on $host:$port"
+        break
+    fi
+    if [ "$attempt" -eq "$MAX_PROBE_ATTEMPTS" ]; then
+        echo "Warning: No Dagger server responded on $host:$port after $MAX_PROBE_ATTEMPTS attempts"
+        if ! docker info >/dev/null 2>&1; then
+            echo "Error: Remote Dagger engine is unavailable AND local Docker daemon is not running."
+            echo "Cannot proceed. Ensure either the remote server at $host:$port is accessible"
+            echo "or that Docker is running locally (check: sudo systemctl start docker)."
+            exit 1
+        fi
+        echo "Remote engine unavailable — CI will use the local Dagger engine."
+        exit 0
+    fi
+    echo "Dagger server not responding, waiting ${PROBE_DELAY}s before retry..."
+    sleep $PROBE_DELAY
+done

-# 2. Setup TLS credentials (passed as env vars from secrets)
+# 2a. Try plain TCP connection first (works when server is a plain TCP proxy, no TLS)
+echo "Trying plain TCP Dagger connection at tcp://$host:$port..."
+if _DAGGER_RUNNER_HOST="tcp://$host:$port" \
+   _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port" \
+   timeout 8 dagger version >/dev/null 2>&1; then
+    echo "Plain TCP Dagger connection succeeded — no TLS stunnel needed."
+    if [ -n "${GITHUB_ENV:-}" ]; then
+        echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV"
+        echo "_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV"
+    else
+        export _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port"
+        export _DAGGER_RUNNER_HOST="tcp://$host:$port"
+        echo "Dagger configured at tcp://$host:$port (plain TCP)"
+    fi
+    exit 0
+fi
+echo "Plain TCP connection not available; trying TLS stunnel..."
+
+# 2b. Setup TLS credentials (passed as env vars from secrets)
 mkdir -p /tmp/dagger-tls
 echo "$DAGGER_CA_CERT" > /tmp/dagger-tls/ca.crt
 echo "$DAGGER_CLIENT_CERT" > /tmp/dagger-tls/client.crt
@@ -1,466 +0,0 @@
-#!/usr/bin/env python3
-"""Tests for agent_loop.py."""
-import contextlib
-import io
-import json
-import os
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import MagicMock, patch
-
-import sys
-sys.path.insert(0, str(Path(__file__).parent))
-
-import agent_loop
-
-
-class TestUrlHelpers(unittest.TestCase):
-    def test_issue_url(self):
-        url = agent_loop._issue_url(128)
-        self.assertEqual(url, "https://codeberg.org/guettli/sharedinbox/issues/128")
-
-    def test_ci_run_url(self):
-        url = agent_loop._ci_run_url(4145144)
-        self.assertEqual(url, "https://codeberg.org/guettli/sharedinbox/actions/runs/4145144")
-
-
-class TestStateFile(unittest.TestCase):
-    def setUp(self):
-        self._tmp = tempfile.NamedTemporaryFile(delete=False, suffix=".json")
-        self._tmp.close()
-        self._orig = agent_loop.STATE_FILE
-        agent_loop.STATE_FILE = Path(self._tmp.name)
-        Path(self._tmp.name).unlink()  # Start with no state file.
-
-    def tearDown(self):
-        agent_loop.STATE_FILE = self._orig
-        Path(self._tmp.name).unlink(missing_ok=True)
-
-    def test_write_state_stores_pid(self):
-        agent_loop._write_state(12345, 91, "issue")
-        data = json.loads(Path(self._tmp.name).read_text())
-        self.assertEqual(data["pid"], 12345)
-        self.assertNotIn("tmux_session", data)
-
-    def test_write_state_stores_issue_and_kind(self):
-        agent_loop._write_state(99, 7, "ci-fix")
-        data = json.loads(Path(self._tmp.name).read_text())
-        self.assertEqual(data["issue"], 7)
-        self.assertEqual(data["type"], "ci-fix")
-        self.assertIn("started_at", data)
-
-    def test_read_state_returns_none_when_missing(self):
-        self.assertIsNone(agent_loop._read_state())
-
-    def test_read_and_write_roundtrip(self):
-        agent_loop._write_state(42, 10, "issue")
-        state = agent_loop._read_state()
-        self.assertIsNotNone(state)
-        self.assertEqual(state["pid"], 42)
-        self.assertEqual(state["issue"], 10)
-
-    def test_clear_state_removes_file(self):
-        agent_loop._write_state(1, None, "ci-fix")
-        agent_loop._clear_state()
-        self.assertIsNone(agent_loop._read_state())
-
-    def test_write_state_stores_issue_title(self):
-        agent_loop._write_state(42, 10, "issue", "My Test Issue")
-        data = json.loads(Path(self._tmp.name).read_text())
-        self.assertEqual(data["issue_title"], "My Test Issue")
-
-    def test_write_state_omits_issue_title_when_none(self):
-        agent_loop._write_state(42, None, "ci-fix")
-        data = json.loads(Path(self._tmp.name).read_text())
-        self.assertNotIn("issue_title", data)
-
-
-class TestAgentAlive(unittest.TestCase):
-    def test_own_pid_is_alive(self):
-        self.assertTrue(agent_loop._agent_alive({"pid": os.getpid()}))
-
-    def test_nonexistent_pid_is_dead(self):
-        self.assertFalse(agent_loop._agent_alive({"pid": 999999999}))
-
-    def test_missing_pid_returns_false(self):
-        self.assertFalse(agent_loop._agent_alive({}))
-        self.assertFalse(agent_loop._agent_alive({"pid": None}))
-
-
-class TestKillAgent(unittest.TestCase):
-    def test_kill_sends_sigkill(self):
-        with patch("agent_loop.os.kill") as mock_kill:
-            agent_loop._kill_agent({"pid": 1234})
-            mock_kill.assert_called_once_with(1234, 9)
-
-    def test_kill_ignores_missing_process(self):
-        with patch("agent_loop.os.kill", side_effect=ProcessLookupError):
-            agent_loop._kill_agent({"pid": 1234})  # Should not raise.
-
-    def test_kill_noop_when_no_pid(self):
-        with patch("agent_loop.os.kill") as mock_kill:
-            agent_loop._kill_agent({})
-            mock_kill.assert_not_called()
-
-
-class TestStartAgent(unittest.TestCase):
-    def _make_mock_proc(self, pid=42):
-        proc = MagicMock()
-        proc.pid = pid
-        proc.stdin = io.BytesIO()
-        return proc
-
-    def test_start_agent_returns_pid(self):
-        mock_proc = self._make_mock_proc(pid=42)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc):
-                with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                    result = agent_loop._start_agent("do something", "issue-99")
-        self.assertEqual(result, 42)
-
-    def test_start_agent_uses_popen_not_tmux(self):
-        mock_proc = self._make_mock_proc(pid=7)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc) as mock_popen:
-                with patch("agent_loop.subprocess.run") as mock_run:
-                    with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                        agent_loop._start_agent("prompt", "ci-fix")
-            mock_popen.assert_called_once()
-            mock_run.assert_not_called()
-
-    def test_start_agent_passes_session_name_to_claude(self):
-        mock_proc = self._make_mock_proc(pid=7)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc) as mock_popen:
-                with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                    agent_loop._start_agent("prompt", "issue-55")
-            cmd = mock_popen.call_args[0][0]
-            self.assertIn("issue-55", cmd)
-            self.assertIn("claude", cmd[0])
-
-    def test_start_agent_uses_start_new_session(self):
-        mock_proc = self._make_mock_proc(pid=7)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc) as mock_popen:
-                with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                    agent_loop._start_agent("prompt", "issue-55")
-            kwargs = mock_popen.call_args[1]
-            self.assertTrue(kwargs.get("start_new_session"))
-
-
-class TestMain(unittest.TestCase):
-    """Tests for the main() flow."""
-
-    def _make_mock_proc(self, pid=42):
-        proc = MagicMock()
-        proc.pid = pid
-        proc.stdin = io.BytesIO()
-        return proc
-
-    def _make_issue(self, number=10, title="Do something"):
-        return {"number": number, "title": title, "body": "", "labels": []}
-
-    def test_sets_in_progress_before_starting_agent(self):
-        """_set_labels(InProgress) must be called before _start_agent."""
-        call_order = []
-        mock_proc = self._make_mock_proc(pid=55)
-
-        def fake_set_labels(issue, add, remove):
-            call_order.append(("set_labels", add, remove))
-
-        def fake_start_agent(prompt, session_name):
-            call_order.append(("start_agent", session_name))
-            return 55
-
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[self._make_issue(10)]), \
-             patch("agent_loop._set_labels", side_effect=fake_set_labels), \
-             patch("agent_loop._start_agent", side_effect=fake_start_agent), \
-             patch("agent_loop._write_state"):
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        labels_idx = next(
-            i for i, c in enumerate(call_order) if c[0] == "set_labels"
-        )
-        agent_idx = next(
-            i for i, c in enumerate(call_order) if c[0] == "start_agent"
-        )
-        self.assertLess(labels_idx, agent_idx,
-                        "_set_labels must be called before _start_agent")
-
-    def test_sets_in_progress_label_and_removes_ready(self):
-        """The InProgress label is added and the Ready label is removed."""
-        captured = {}
-
-        def fake_set_labels(issue, add, remove):
-            captured["add"] = add
-            captured["remove"] = remove
-
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[self._make_issue(7)]), \
-             patch("agent_loop._set_labels", side_effect=fake_set_labels), \
-             patch("agent_loop._start_agent", return_value=99), \
-             patch("agent_loop._write_state"):
-            agent_loop._run_loop()
-
-        self.assertIn(agent_loop.LABEL_IN_PROGRESS, captured.get("add", []))
-        self.assertIn(agent_loop.LABEL_READY, captured.get("remove", []))
-
-    def test_no_ready_issues_does_nothing(self):
-        """main() exits cleanly with 0 when there are no ready issues."""
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[]), \
-             patch("agent_loop._set_labels") as mock_labels, \
-             patch("agent_loop._start_agent") as mock_start:
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        mock_labels.assert_not_called()
-        mock_start.assert_not_called()
-
-    def test_prompt_does_not_tell_agent_to_close_issue(self):
-        """Agents must not close issues; the loop handles closing after CI passes."""
-        captured_prompt = {}
-
-        def fake_start_agent(prompt, session_name):
-            captured_prompt["prompt"] = prompt
-            return 77
-
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[self._make_issue(42)]), \
-             patch("agent_loop._set_labels"), \
-             patch("agent_loop._start_agent", side_effect=fake_start_agent), \
-             patch("agent_loop._write_state"):
-            agent_loop._run_loop()
-
-        prompt = captured_prompt.get("prompt", "")
-        # "do NOT close the issue" (blocker instruction) is fine; what must be
-        # absent is any affirmative instruction to close on completion.
-        self.assertNotIn("close the issue and stop", prompt.lower())
-
-
-class TestPendingCi(unittest.TestCase):
-    """Tests for the pending-CI state: issue closed only after CI passes."""
-
-    def _dead_state(self, issue: int, kind: str = "issue") -> dict:
-        return {
-            "pid": 999999999,  # non-existent PID
-            "issue": issue,
-            "started_at": "2026-01-01T00:00:00+00:00",
-            "type": kind,
-        }
-
-    def test_closes_issue_when_ci_passes_after_agent_finishes(self):
-        """After issue agent finishes, loop closes the issue once CI is green."""
-        with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
-             patch("agent_loop._latest_ci_run", return_value={"id": 1, "status": "success"}), \
-             patch("agent_loop._close_issue") as mock_close, \
-             patch("agent_loop._clear_state"):
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        mock_close.assert_called_once_with(10)
-
-    def test_does_not_close_issue_when_ci_fails(self):
-        """After issue agent finishes, loop must NOT close the issue if CI failed."""
-        with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
-             patch("agent_loop._latest_ci_run", return_value={"id": 1, "status": "failure"}), \
-             patch("agent_loop._close_issue") as mock_close, \
-             patch("agent_loop._start_agent", return_value=55), \
-             patch("agent_loop._write_state"), \
-             patch("agent_loop._clear_state"):
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        mock_close.assert_not_called()
-
-    def test_saves_pending_ci_state_while_ci_running(self):
-        """When CI is still running after agent finishes, pending issue is preserved."""
-        written = {}
-
-        def fake_write_state(pid, issue, kind, issue_title=None, session_name=None, ci_run_id=None):
-            written["pid"] = pid
-            written["issue"] = issue
-            written["kind"] = kind
-
-        with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
-             patch("agent_loop._latest_ci_run", return_value={"id": 1, "status": "running"}), \
-             patch("agent_loop._write_state", side_effect=fake_write_state), \
-             patch("agent_loop._clear_state"):
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        self.assertEqual(written.get("issue"), 10)
-        self.assertEqual(written.get("kind"), "pending-ci")
-        self.assertIsNone(written.get("pid"))
-
-    def test_ci_fix_preserves_pending_issue_in_state(self):
-        """When CI fails after agent finishes, ci-fix state includes the pending issue."""
-        written = {}
-
-        def fake_write_state(pid, issue, kind, issue_title=None, session_name=None, ci_run_id=None):
-            written["pid"] = pid
-            written["issue"] = issue
-            written["kind"] = kind
-
-        with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
-             patch("agent_loop._latest_ci_run", return_value={"id": 1, "status": "failure"}), \
-             patch("agent_loop._start_agent", return_value=55), \
-             patch("agent_loop._write_state", side_effect=fake_write_state), \
-             patch("agent_loop._clear_state"):
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        self.assertEqual(written.get("issue"), 10)
-        self.assertEqual(written.get("kind"), "ci-fix")
-
-    def test_closes_issue_after_ci_fix_and_ci_passes(self):
-        """After ci-fix agent finishes and CI passes, the pending issue is closed."""
-        with patch("agent_loop._read_state", return_value=self._dead_state(10, "ci-fix")), \
-             patch("agent_loop._latest_ci_run", return_value={"id": 1, "status": "success"}), \
-             patch("agent_loop._close_issue") as mock_close, \
-             patch("agent_loop._clear_state"):
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        mock_close.assert_called_once_with(10)
-
-    def test_no_pending_issue_ci_fix_without_issue(self):
-        """ci-fix for a manual push (no pending issue) does not try to close anything."""
-        with patch("agent_loop._read_state", return_value={
-            "pid": 999999999, "issue": None, "started_at": "2026-01-01T00:00:00+00:00",
-            "type": "ci-fix",
-        }), \
-             patch("agent_loop._latest_ci_run", return_value={"id": 1, "status": "success"}), \
-             patch("agent_loop._close_issue") as mock_close, \
-             patch("agent_loop._ready_issues", return_value=[]), \
-             patch("agent_loop._clear_state"):
-            result = agent_loop._run_loop()
-
-        self.assertEqual(result, 0)
-        mock_close.assert_not_called()
-
-
-class TestOutputFormat(unittest.TestCase):
-    """Verify output format: no [agent_loop] prefix, URLs in output."""
-
-    def test_output_starts_with_header(self):
-        buf = io.StringIO()
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[]), \
-             contextlib.redirect_stdout(buf):
-            agent_loop._run_loop()
-        first_line = buf.getvalue().splitlines()[0]
-        self.assertTrue(first_line.startswith("---------------------- Starting "),
-                        f"Unexpected first line: {first_line!r}")
-
-    def test_no_agent_loop_prefix_in_output(self):
-        buf = io.StringIO()
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[]), \
-             contextlib.redirect_stdout(buf):
-            agent_loop._run_loop()
-        self.assertNotIn("[agent_loop]", buf.getvalue())
-
-    def test_ci_run_output_contains_url(self):
-        run = {"id": 4145144, "status": "running"}
-        buf = io.StringIO()
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=run), \
-             contextlib.redirect_stdout(buf):
-            agent_loop._run_loop()
-        self.assertIn("https://codeberg.org/guettli/sharedinbox/actions/runs/4145144",
-                      buf.getvalue())
-
-    def test_issue_output_contains_url_and_title(self):
-        issue = {"number": 128, "title": "Fix something", "body": "", "labels": []}
-        buf = io.StringIO()
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[issue]), \
-             patch("agent_loop._set_labels"), \
-             patch("agent_loop._start_agent", return_value=99), \
-             patch("agent_loop._write_state"), \
-             contextlib.redirect_stdout(buf):
-            agent_loop._run_loop()
-        output = buf.getvalue()
-        self.assertIn("https://codeberg.org/guettli/sharedinbox/issues/128", output)
-        self.assertIn("Fix something", output)
-
-
-class TestLatestCiRunForBranch(unittest.TestCase):
-    """Tests for _latest_ci_run_for_branch — Forgejo API field mapping."""
-
-    def _make_pr_run(self, branch: str, status: str = "success") -> dict:
-        payload = json.dumps({"pull_request": {"head": {"ref": branch}}})
-        return {"event": "pull_request", "event_payload": payload, "status": status, "id": 1}
-
-    def _make_push_run(self, prettyref: str, status: str = "success") -> dict:
-        return {"event": "push", "prettyref": prettyref, "status": status, "id": 2}
-
-    def _mock_tea_runs(self, runs):
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}) as m:
-            yield m
-
-    def test_pr_event_matches_via_event_payload(self):
-        run = self._make_pr_run("issue-166-fix")
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
-            result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
-        self.assertIsNotNone(result)
-        self.assertEqual(result["id"], 1)
-
-    def test_pr_event_does_not_match_wrong_branch(self):
-        run = self._make_pr_run("issue-99-fix")
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
-            result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
-        self.assertIsNone(result)
-
-    def test_push_event_matches_via_prettyref(self):
-        run = self._make_push_run("issue-166-fix")
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
-            result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
-        self.assertIsNotNone(result)
-        self.assertEqual(result["id"], 2)
-
-    def test_push_event_prettyref_pr_number_does_not_match_branch(self):
-        # Forgejo sets prettyref="#169" for PR runs — must not match branch name.
-        run = {"event": "push", "prettyref": "#169", "status": "success", "id": 3}
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
-            result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
-        self.assertIsNone(result)
-
-    def test_head_branch_field_absent_still_works(self):
-        # Regression: the old code used run.get("head_branch") which is absent in Forgejo.
-        run = self._make_pr_run("issue-166-fix")
-        self.assertNotIn("head_branch", run)
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
-            result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
-        self.assertIsNotNone(result)
-
-    def test_returns_none_when_no_runs(self):
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": []}):
-            result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
-        self.assertIsNone(result)
-
-    def test_returns_first_matching_run(self):
-        runs = [
-            self._make_pr_run("issue-166-fix", status="success"),
-            self._make_pr_run("issue-166-fix", status="failure"),
-        ]
-        runs[0]["id"] = 10
-        runs[1]["id"] = 11
-        with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
-            result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
-        self.assertEqual(result["id"], 10)
-
-
-if __name__ == "__main__":
-    unittest.main()
@@ -0,0 +1,200 @@
+#!/usr/bin/env python3
+"""Tests for deploy_playstore.py."""
+import os
+import sys
+import unittest
+from pathlib import Path
+from unittest.mock import MagicMock, call, patch
+
+sys.path.insert(0, str(Path(__file__).parent))
+
+import deploy_playstore
+
+
+def _make_session(
+    edit_id="edit-42",
+    version_code=7,
+    upload_side_effects=None,
+):
+    """Return a mock AuthorizedSession with sensible defaults."""
+    session = MagicMock()
+
+    # POST /edits → create edit
+    edit_resp = MagicMock()
+    edit_resp.json.return_value = {"id": edit_id}
+    session.post.return_value = edit_resp
+
+    # POST resumable-init → Location header
+    init_resp = MagicMock()
+    init_resp.headers = {"Location": "https://upload.example.com/session"}
+
+    # PUT upload → bundle JSON
+    upload_resp = MagicMock()
+    upload_resp.json.return_value = {"versionCode": version_code}
+
+    if upload_side_effects is not None:
+        # Use side_effect list: first call is edit create, rest are upload inits
+        # We override the PUT side effects via _upload_aab_resumable mock instead
+        pass
+
+    return session, init_resp, upload_resp
+
+
+class TestMainEnvChecks(unittest.TestCase):
+    def test_missing_env_exits(self):
+        with patch.dict(os.environ, {}, clear=True):
+            with self.assertRaises(SystemExit) as ctx:
+                deploy_playstore.main()
+        self.assertEqual(ctx.exception.code, 1)
+
+    def test_missing_aab_exits(self):
+        fake_config = '{"type": "service_account"}'
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
+            with patch("deploy_playstore.os.path.exists", return_value=False):
+                with self.assertRaises(SystemExit) as ctx:
+                    deploy_playstore.main()
+        self.assertEqual(ctx.exception.code, 1)
+
+
+class TestMainHappyPath(unittest.TestCase):
+    def _run_main(self, fake_config='{"type":"service_account"}'):
+        mock_session = MagicMock()
+        # POST for edit create and commit
+        post_responses = [
+            MagicMock(**{"json.return_value": {"id": "edit-42"}}),  # create edit
+            MagicMock(),  # commit
+        ]
+        mock_session.post.side_effect = post_responses
+        # PUT for track update
+        mock_session.put.return_value = MagicMock()
+
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
+            with patch("deploy_playstore.os.path.exists", return_value=True):
+                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
+                    with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
+                        with patch(
+                            "deploy_playstore._upload_aab_resumable",
+                            return_value={"versionCode": 7},
+                        ):
+                            deploy_playstore.main()
+
+        return mock_session
+
+    def test_creates_edit(self):
+        session = self._run_main()
+        create_call = session.post.call_args_list[0]
+        self.assertIn("/edits", create_call[0][0])
+
+    def test_commits_edit(self):
+        session = self._run_main()
+        commit_call = session.post.call_args_list[1]
+        self.assertIn(":commit", commit_call[0][0])
+
+    def test_updates_track(self):
+        session = self._run_main()
+        track_call = session.put.call_args_list[0]
+        self.assertIn("/tracks/", track_call[0][0])
+
+
+class TestUploadRetry(unittest.TestCase):
+    def _run_main(self, upload_side_effects, sleep_mock=None):
+        mock_session = MagicMock()
+        post_responses = [
+            MagicMock(**{"json.return_value": {"id": "edit-1"}}),
+            MagicMock(),
+        ]
+        mock_session.post.side_effect = post_responses
+        mock_session.put.return_value = MagicMock()
+
+        patches = [
+            patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}),
+            patch("deploy_playstore.os.path.exists", return_value=True),
+            patch("deploy_playstore.service_account.Credentials.from_service_account_info"),
+            patch("deploy_playstore.AuthorizedSession", return_value=mock_session),
+            patch("deploy_playstore._upload_aab_resumable", side_effect=upload_side_effects),
+            patch("deploy_playstore.time.sleep"),
+        ]
+        for p in patches:
+            p.start()
+        try:
+            deploy_playstore.main()
+        finally:
+            for p in patches:
+                p.stop()
+
+    def test_succeeds_on_first_attempt(self):
+        with patch("deploy_playstore._upload_aab_resumable", return_value={"versionCode": 5}) as mock_upload:
+            with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+                with patch("deploy_playstore.os.path.exists", return_value=True):
+                    with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
+                        mock_session = MagicMock()
+                        mock_session.post.side_effect = [
+                            MagicMock(**{"json.return_value": {"id": "e1"}}),
+                            MagicMock(),
+                        ]
+                        mock_session.put.return_value = MagicMock()
+                        with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
+                            deploy_playstore.main()
+            mock_upload.assert_called_once()
+
+    def test_retries_once_on_error_then_succeeds(self):
+        self._run_main([ValueError("transient"), {"versionCode": 9}])
+
+    def test_raises_after_all_attempts_exhausted(self):
+        with self.assertRaises(RuntimeError) as ctx:
+            self._run_main([ValueError("err"), ValueError("err"), ValueError("err")])
+        self.assertIn(str(deploy_playstore._MAX_UPLOAD_ATTEMPTS), str(ctx.exception))
+
+    def test_backoff_delays_are_10s_then_20s(self):
+        mock_session = MagicMock()
+        mock_session.post.side_effect = [
+            MagicMock(**{"json.return_value": {"id": "e1"}}),
+            MagicMock(),
+        ]
+        mock_session.put.return_value = MagicMock()
+
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+            with patch("deploy_playstore.os.path.exists", return_value=True):
+                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
+                    with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
+                        with patch(
+                            "deploy_playstore._upload_aab_resumable",
+                            side_effect=[ValueError("e"), ValueError("e"), {"versionCode": 3}],
+                        ):
+                            with patch("deploy_playstore.time.sleep") as mock_sleep:
+                                deploy_playstore.main()
+
+        mock_sleep.assert_has_calls([call(10), call(20)])
+
+
+class TestUploadAabResumable(unittest.TestCase):
+    def test_initiates_and_uploads(self):
+        mock_session = MagicMock()
+        init_resp = MagicMock()
+        init_resp.headers = {"Location": "https://upload.example.com/sess"}
+        upload_resp = MagicMock()
+        upload_resp.json.return_value = {"versionCode": 42}
+        mock_session.post.return_value = init_resp
+        mock_session.put.return_value = upload_resp
+
+        import tempfile
+        with tempfile.NamedTemporaryFile(delete=False) as f:
+            f.write(b"fake-aab-content")
+            aab_path = f.name
+
+        try:
+            result = deploy_playstore._upload_aab_resumable(
+                mock_session, "com.example.app", "edit-1", aab_path
+            )
+        finally:
+            os.unlink(aab_path)
+
+        self.assertEqual(result["versionCode"], 42)
+        mock_session.post.assert_called_once()
+        mock_session.put.assert_called_once()
+        put_call = mock_session.put.call_args
+        self.assertEqual(put_call[0][0], "https://upload.example.com/sess")
+
+
+if __name__ == "__main__":
+    unittest.main()
@@ -149,6 +149,22 @@ class _FakeMailboxes implements MailboxRepository {

  @override
  Future<void> clearForResync(String accountId) async {}
+
+  @override
+  Future<Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  ) async =>
+      Mailbox(
+        id: '$accountId:$name',
+        accountId: accountId,
+        path: name,
+        name: name,
+        role: role,
+        unreadCount: 0,
+        totalCount: 0,
+      );
 }

 class _FakeEmails implements EmailRepository {
@@ -288,6 +304,8 @@ class _FakeLogs implements SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -1,6 +1,8 @@
 import 'dart:async';

+import 'package:flutter/services.dart' show MissingPluginException;
 import 'package:mockito/annotations.dart';
+import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/mailbox.dart';
 import 'package:sharedinbox/core/repositories/account_repository.dart';
@@ -30,6 +32,40 @@ void main() {
    // This is hard to test without real loops, but we can verify it doesn't crash.
    manager.syncNow('unknown');
  });
+
+  // Regression test for issue #200: when flutter_secure_storage throws
+  // MissingPluginException (channel unavailable on the device), the IMAP sync
+  // loop must stop permanently instead of retrying indefinitely with backoff.
+  test(
+      'MissingPluginException from secure storage stops IMAP sync loop permanently',
+      () async {
+    final syncLog = FakeSyncLogRepository();
+
+    final m = AccountSyncManager(
+      _AccountRepositoryWithMissingPlugin(),
+      FakeMailboxRepositoryWithInbox(),
+      FakeEmailRepository(),
+      syncLog: syncLog,
+    );
+
+    m.start();
+
+    // Allow the first sync cycle to run and fail.
+    await Future<void>.delayed(const Duration(milliseconds: 100));
+
+    expect(syncLog.logs, hasLength(1));
+    expect(syncLog.logs.first.success, isFalse);
+
+    // Kicking the loop should have no effect once it has stopped permanently.
+    m.syncNow('1');
+    await Future<void>.delayed(const Duration(milliseconds: 100));
+
+    // Before the fix: kick triggers a retry → 2 log entries.
+    // After the fix: loop is permanently stopped → still exactly 1 entry.
+    expect(syncLog.logs, hasLength(1));
+
+    m.dispose();
+  });
 }

 class FakeEmailRepository implements EmailRepository {
@@ -145,6 +181,8 @@ class FakeSyncLogRepository implements SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -186,4 +224,50 @@ class FakeMailboxRepositoryWithInbox implements MailboxRepository {
  Future<Mailbox?> findMailboxByRole(String id, String role) async => null;
  @override
  Future<void> clearForResync(String accountId) async {}
+  @override
+  Future<Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  ) async =>
+      Mailbox(
+        id: '$accountId:$name',
+        accountId: accountId,
+        path: name,
+        name: name,
+        role: role,
+        unreadCount: 0,
+        totalCount: 0,
+      );
+}
+
+class _AccountRepositoryWithMissingPlugin implements AccountRepository {
+  static const _account = Account(
+    id: '1',
+    displayName: 'Test',
+    email: 'test@example.com',
+  );
+
+  @override
+  Stream<List<Account>> observeAccounts() => Stream.value([_account]);
+
+  @override
+  Future<Account?> getAccount(String id) async => _account;
+
+  @override
+  Future<String> getPassword(String accountId) => Future.error(
+        MissingPluginException(
+          'No implementation found for method read on channel '
+          'plugins.it.nomads.com/flutter_secure_storage',
+        ),
+      );
+
+  @override
+  Future<void> addAccount(Account account, String password) async {}
+
+  @override
+  Future<void> updateAccount(Account account, {String? password}) async {}
+
+  @override
+  Future<void> removeAccount(String id) async {}
 }
@@ -3,16 +3,16 @@
 // Do not manually edit this file.

 // ignore_for_file: no_leading_underscores_for_library_prefixes
-import 'dart:async' as _i4;
+import 'dart:async' as _i5;

 import 'package:mockito/mockito.dart' as _i1;
-import 'package:mockito/src/dummies.dart' as _i6;
-import 'package:sharedinbox/core/models/account.dart' as _i5;
-import 'package:sharedinbox/core/models/email.dart' as _i2;
-import 'package:sharedinbox/core/models/mailbox.dart' as _i8;
-import 'package:sharedinbox/core/repositories/account_repository.dart' as _i3;
+import 'package:mockito/src/dummies.dart' as _i7;
+import 'package:sharedinbox/core/models/account.dart' as _i6;
+import 'package:sharedinbox/core/models/email.dart' as _i3;
+import 'package:sharedinbox/core/models/mailbox.dart' as _i2;
+import 'package:sharedinbox/core/repositories/account_repository.dart' as _i4;
 import 'package:sharedinbox/core/repositories/email_repository.dart' as _i9;
-import 'package:sharedinbox/core/repositories/mailbox_repository.dart' as _i7;
+import 'package:sharedinbox/core/repositories/mailbox_repository.dart' as _i8;

 // ignore_for_file: type=lint
 // ignore_for_file: avoid_redundant_argument_values
@@ -29,8 +29,8 @@ import 'package:sharedinbox/core/repositories/mailbox_repository.dart' as _i7;
 // ignore_for_file: subtype_of_sealed_class
 // ignore_for_file: invalid_use_of_internal_member

-class _FakeEmailBody_0 extends _i1.SmartFake implements _i2.EmailBody {
-  _FakeEmailBody_0(
+class _FakeMailbox_0 extends _i1.SmartFake implements _i2.Mailbox {
+  _FakeMailbox_0(
    Object parent,
    Invocation parentInvocation,
  ) : super(
@@ -39,9 +39,8 @@ class _FakeEmailBody_0 extends _i1.SmartFake implements _i2.EmailBody {
        );
 }

-class _FakeSyncEmailsResult_1 extends _i1.SmartFake
-    implements _i2.SyncEmailsResult {
-  _FakeSyncEmailsResult_1(
+class _FakeEmailBody_1 extends _i1.SmartFake implements _i3.EmailBody {
+  _FakeEmailBody_1(
    Object parent,
    Invocation parentInvocation,
  ) : super(
@@ -50,9 +49,20 @@ class _FakeSyncEmailsResult_1 extends _i1.SmartFake
        );
 }

-class _FakeReliabilityResult_2 extends _i1.SmartFake
-    implements _i2.ReliabilityResult {
-  _FakeReliabilityResult_2(
+class _FakeSyncEmailsResult_2 extends _i1.SmartFake
+    implements _i3.SyncEmailsResult {
+  _FakeSyncEmailsResult_2(
+    Object parent,
+    Invocation parentInvocation,
+  ) : super(
+          parent,
+          parentInvocation,
+        );
+}
+
+class _FakeReliabilityResult_3 extends _i1.SmartFake
+    implements _i3.ReliabilityResult {
+  _FakeReliabilityResult_3(
    Object parent,
    Invocation parentInvocation,
  ) : super(
@@ -64,32 +74,32 @@ class _FakeReliabilityResult_2 extends _i1.SmartFake
 /// A class which mocks [AccountRepository].
 ///
 /// See the documentation for Mockito's code generation for more information.
-class MockAccountRepository extends _i1.Mock implements _i3.AccountRepository {
+class MockAccountRepository extends _i1.Mock implements _i4.AccountRepository {
  MockAccountRepository() {
    _i1.throwOnMissingStub(this);
  }

  @override
-  _i4.Stream<List<_i5.Account>> observeAccounts() => (super.noSuchMethod(
+  _i5.Stream<List<_i6.Account>> observeAccounts() => (super.noSuchMethod(
        Invocation.method(
          #observeAccounts,
          [],
        ),
-        returnValue: _i4.Stream<List<_i5.Account>>.empty(),
-      ) as _i4.Stream<List<_i5.Account>>);
+        returnValue: _i5.Stream<List<_i6.Account>>.empty(),
+      ) as _i5.Stream<List<_i6.Account>>);

  @override
-  _i4.Future<_i5.Account?> getAccount(String? id) => (super.noSuchMethod(
+  _i5.Future<_i6.Account?> getAccount(String? id) => (super.noSuchMethod(
        Invocation.method(
          #getAccount,
          [id],
        ),
-        returnValue: _i4.Future<_i5.Account?>.value(),
-      ) as _i4.Future<_i5.Account?>);
+        returnValue: _i5.Future<_i6.Account?>.value(),
+      ) as _i5.Future<_i6.Account?>);

  @override
-  _i4.Future<void> addAccount(
-    _i5.Account? account,
+  _i5.Future<void> addAccount(
+    _i6.Account? account,
    String? password,
  ) =>
      (super.noSuchMethod(
@@ -100,13 +110,13 @@ class MockAccountRepository extends _i1.Mock implements _i3.AccountRepository {
            password,
          ],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<void> updateAccount(
-    _i5.Account? account, {
+  _i5.Future<void> updateAccount(
+    _i6.Account? account, {
    String? password,
  }) =>
      (super.noSuchMethod(
@@ -115,65 +125,65 @@ class MockAccountRepository extends _i1.Mock implements _i3.AccountRepository {
          [account],
          {#password: password},
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<void> removeAccount(String? id) => (super.noSuchMethod(
+  _i5.Future<void> removeAccount(String? id) => (super.noSuchMethod(
        Invocation.method(
          #removeAccount,
          [id],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<String> getPassword(String? accountId) => (super.noSuchMethod(
+  _i5.Future<String> getPassword(String? accountId) => (super.noSuchMethod(
        Invocation.method(
          #getPassword,
          [accountId],
        ),
-        returnValue: _i4.Future<String>.value(_i6.dummyValue<String>(
+        returnValue: _i5.Future<String>.value(_i7.dummyValue<String>(
          this,
          Invocation.method(
            #getPassword,
            [accountId],
          ),
        )),
-      ) as _i4.Future<String>);
+      ) as _i5.Future<String>);
 }

 /// A class which mocks [MailboxRepository].
 ///
 /// See the documentation for Mockito's code generation for more information.
-class MockMailboxRepository extends _i1.Mock implements _i7.MailboxRepository {
+class MockMailboxRepository extends _i1.Mock implements _i8.MailboxRepository {
  MockMailboxRepository() {
    _i1.throwOnMissingStub(this);
  }

  @override
-  _i4.Stream<List<_i8.Mailbox>> observeMailboxes(String? accountId) =>
+  _i5.Stream<List<_i2.Mailbox>> observeMailboxes(String? accountId) =>
      (super.noSuchMethod(
        Invocation.method(
          #observeMailboxes,
          [accountId],
        ),
-        returnValue: _i4.Stream<List<_i8.Mailbox>>.empty(),
-      ) as _i4.Stream<List<_i8.Mailbox>>);
+        returnValue: _i5.Stream<List<_i2.Mailbox>>.empty(),
+      ) as _i5.Stream<List<_i2.Mailbox>>);

  @override
-  _i4.Future<int> syncMailboxes(String? accountId) => (super.noSuchMethod(
+  _i5.Future<int> syncMailboxes(String? accountId) => (super.noSuchMethod(
        Invocation.method(
          #syncMailboxes,
          [accountId],
        ),
-        returnValue: _i4.Future<int>.value(0),
-      ) as _i4.Future<int>);
+        returnValue: _i5.Future<int>.value(0),
+      ) as _i5.Future<int>);

  @override
-  _i4.Future<_i8.Mailbox?> findMailboxByRole(
+  _i5.Future<_i2.Mailbox?> findMailboxByRole(
    String? accountId,
    String? role,
  ) =>
@@ -185,18 +195,46 @@ class MockMailboxRepository extends _i1.Mock implements _i7.MailboxRepository {
            role,
          ],
        ),
-        returnValue: _i4.Future<_i8.Mailbox?>.value(),
-      ) as _i4.Future<_i8.Mailbox?>);
+        returnValue: _i5.Future<_i2.Mailbox?>.value(),
+      ) as _i5.Future<_i2.Mailbox?>);

  @override
-  _i4.Future<void> clearForResync(String? accountId) => (super.noSuchMethod(
+  _i5.Future<void> clearForResync(String? accountId) => (super.noSuchMethod(
        Invocation.method(
          #clearForResync,
          [accountId],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);
+
+  @override
+  _i5.Future<_i2.Mailbox> createMailboxWithRole(
+    String? accountId,
+    String? name,
+    String? role,
+  ) =>
+      (super.noSuchMethod(
+        Invocation.method(
+          #createMailboxWithRole,
+          [
+            accountId,
+            name,
+            role,
+          ],
+        ),
+        returnValue: _i5.Future<_i2.Mailbox>.value(_FakeMailbox_0(
+          this,
+          Invocation.method(
+            #createMailboxWithRole,
+            [
+              accountId,
+              name,
+              role,
+            ],
+          ),
+        )),
+      ) as _i5.Future<_i2.Mailbox>);
 }

 /// A class which mocks [EmailRepository].
@@ -208,13 +246,13 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
  }

  @override
-  _i4.Stream<String> get onChangesQueued => (super.noSuchMethod(
+  _i5.Stream<String> get onChangesQueued => (super.noSuchMethod(
        Invocation.getter(#onChangesQueued),
-        returnValue: _i4.Stream<String>.empty(),
-      ) as _i4.Stream<String>);
+        returnValue: _i5.Stream<String>.empty(),
+      ) as _i5.Stream<String>);

  @override
-  _i4.Stream<List<_i2.Email>> observeEmails(
+  _i5.Stream<List<_i3.Email>> observeEmails(
    String? accountId,
    String? mailboxPath, {
    int? limit = 50,
@@ -228,11 +266,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
          ],
          {#limit: limit},
        ),
-        returnValue: _i4.Stream<List<_i2.Email>>.empty(),
-      ) as _i4.Stream<List<_i2.Email>>);
+        returnValue: _i5.Stream<List<_i3.Email>>.empty(),
+      ) as _i5.Stream<List<_i3.Email>>);

  @override
-  _i4.Stream<List<_i2.EmailThread>> observeThreads(
+  _i5.Stream<List<_i3.EmailThread>> observeThreads(
    String? accountId,
    String? mailboxPath, {
    int? limit = 50,
@@ -246,11 +284,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
          ],
          {#limit: limit},
        ),
-        returnValue: _i4.Stream<List<_i2.EmailThread>>.empty(),
-      ) as _i4.Stream<List<_i2.EmailThread>>);
+        returnValue: _i5.Stream<List<_i3.EmailThread>>.empty(),
+      ) as _i5.Stream<List<_i3.EmailThread>>);

  @override
-  _i4.Stream<List<_i2.Email>> observeEmailsInThread(
+  _i5.Stream<List<_i3.Email>> observeEmailsInThread(
    String? accountId,
    String? mailboxPath,
    String? threadId,
@@ -264,36 +302,36 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            threadId,
          ],
        ),
-        returnValue: _i4.Stream<List<_i2.Email>>.empty(),
-      ) as _i4.Stream<List<_i2.Email>>);
+        returnValue: _i5.Stream<List<_i3.Email>>.empty(),
+      ) as _i5.Stream<List<_i3.Email>>);

  @override
-  _i4.Future<_i2.Email?> getEmail(String? emailId) => (super.noSuchMethod(
+  _i5.Future<_i3.Email?> getEmail(String? emailId) => (super.noSuchMethod(
        Invocation.method(
          #getEmail,
          [emailId],
        ),
-        returnValue: _i4.Future<_i2.Email?>.value(),
-      ) as _i4.Future<_i2.Email?>);
+        returnValue: _i5.Future<_i3.Email?>.value(),
+      ) as _i5.Future<_i3.Email?>);

  @override
-  _i4.Future<_i2.EmailBody> getEmailBody(String? emailId) =>
+  _i5.Future<_i3.EmailBody> getEmailBody(String? emailId) =>
      (super.noSuchMethod(
        Invocation.method(
          #getEmailBody,
          [emailId],
        ),
-        returnValue: _i4.Future<_i2.EmailBody>.value(_FakeEmailBody_0(
+        returnValue: _i5.Future<_i3.EmailBody>.value(_FakeEmailBody_1(
          this,
          Invocation.method(
            #getEmailBody,
            [emailId],
          ),
        )),
-      ) as _i4.Future<_i2.EmailBody>);
+      ) as _i5.Future<_i3.EmailBody>);

  @override
-  _i4.Future<_i2.SyncEmailsResult> syncEmails(
+  _i5.Future<_i3.SyncEmailsResult> syncEmails(
    String? accountId,
    String? mailboxPath,
  ) =>
@@ -306,7 +344,7 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
          ],
        ),
        returnValue:
-            _i4.Future<_i2.SyncEmailsResult>.value(_FakeSyncEmailsResult_1(
+            _i5.Future<_i3.SyncEmailsResult>.value(_FakeSyncEmailsResult_2(
          this,
          Invocation.method(
            #syncEmails,
@@ -316,10 +354,10 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            ],
          ),
        )),
-      ) as _i4.Future<_i2.SyncEmailsResult>);
+      ) as _i5.Future<_i3.SyncEmailsResult>);

  @override
-  _i4.Future<void> setFlag(
+  _i5.Future<void> setFlag(
    String? emailId, {
    bool? seen,
    bool? flagged,
@@ -333,12 +371,12 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            #flagged: flagged,
          },
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<void> markAllAsRead(
+  _i5.Future<void> markAllAsRead(
    String? accountId,
    String? mailboxPath,
  ) =>
@@ -350,12 +388,12 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            mailboxPath,
          ],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<void> moveEmail(
+  _i5.Future<void> moveEmail(
    String? emailId,
    String? destMailboxPath,
  ) =>
@@ -367,23 +405,23 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            destMailboxPath,
          ],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<String?> deleteEmail(String? emailId) => (super.noSuchMethod(
+  _i5.Future<String?> deleteEmail(String? emailId) => (super.noSuchMethod(
        Invocation.method(
          #deleteEmail,
          [emailId],
        ),
-        returnValue: _i4.Future<String?>.value(),
-      ) as _i4.Future<String?>);
+        returnValue: _i5.Future<String?>.value(),
+      ) as _i5.Future<String?>);

  @override
-  _i4.Future<void> sendEmail(
+  _i5.Future<void> sendEmail(
    String? accountId,
-    _i2.EmailDraft? draft,
+    _i3.EmailDraft? draft,
  ) =>
      (super.noSuchMethod(
        Invocation.method(
@@ -393,14 +431,14 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            draft,
          ],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<String> downloadAttachment(
+  _i5.Future<String> downloadAttachment(
    String? emailId,
-    _i2.EmailAttachment? attachment,
+    _i3.EmailAttachment? attachment,
  ) =>
      (super.noSuchMethod(
        Invocation.method(
@@ -410,7 +448,7 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            attachment,
          ],
        ),
-        returnValue: _i4.Future<String>.value(_i6.dummyValue<String>(
+        returnValue: _i5.Future<String>.value(_i7.dummyValue<String>(
          this,
          Invocation.method(
            #downloadAttachment,
@@ -420,25 +458,25 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            ],
          ),
        )),
-      ) as _i4.Future<String>);
+      ) as _i5.Future<String>);

  @override
-  _i4.Future<String> fetchRawRfc822(String? emailId) => (super.noSuchMethod(
+  _i5.Future<String> fetchRawRfc822(String? emailId) => (super.noSuchMethod(
        Invocation.method(
          #fetchRawRfc822,
          [emailId],
        ),
-        returnValue: _i4.Future<String>.value(_i6.dummyValue<String>(
+        returnValue: _i5.Future<String>.value(_i7.dummyValue<String>(
          this,
          Invocation.method(
            #fetchRawRfc822,
            [emailId],
          ),
        )),
-      ) as _i4.Future<String>);
+      ) as _i5.Future<String>);

  @override
-  _i4.Future<List<_i2.Email>> searchEmails(
+  _i5.Future<List<_i3.Email>> searchEmails(
    String? accountId,
    String? mailboxPath,
    String? query,
@@ -452,11 +490,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            query,
          ],
        ),
-        returnValue: _i4.Future<List<_i2.Email>>.value(<_i2.Email>[]),
-      ) as _i4.Future<List<_i2.Email>>);
+        returnValue: _i5.Future<List<_i3.Email>>.value(<_i3.Email>[]),
+      ) as _i5.Future<List<_i3.Email>>);

  @override
-  _i4.Future<List<_i2.Email>> searchEmailsGlobal(
+  _i5.Future<List<_i3.Email>> searchEmailsGlobal(
    String? accountId,
    String? query,
  ) =>
@@ -468,11 +506,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            query,
          ],
        ),
-        returnValue: _i4.Future<List<_i2.Email>>.value(<_i2.Email>[]),
-      ) as _i4.Future<List<_i2.Email>>);
+        returnValue: _i5.Future<List<_i3.Email>>.value(<_i3.Email>[]),
+      ) as _i5.Future<List<_i3.Email>>);

  @override
-  _i4.Future<List<_i2.Email>> getEmailsByAddress(
+  _i5.Future<List<_i3.Email>> getEmailsByAddress(
    String? accountId,
    String? address,
  ) =>
@@ -484,11 +522,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            address,
          ],
        ),
-        returnValue: _i4.Future<List<_i2.Email>>.value(<_i2.Email>[]),
-      ) as _i4.Future<List<_i2.Email>>);
+        returnValue: _i5.Future<List<_i3.Email>>.value(<_i3.Email>[]),
+      ) as _i5.Future<List<_i3.Email>>);

  @override
-  _i4.Future<List<_i2.EmailAddress>> searchAddresses(
+  _i5.Future<List<_i3.EmailAddress>> searchAddresses(
    String? accountId,
    String? query, {
    int? limit = 10,
@@ -503,11 +541,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
          {#limit: limit},
        ),
        returnValue:
-            _i4.Future<List<_i2.EmailAddress>>.value(<_i2.EmailAddress>[]),
-      ) as _i4.Future<List<_i2.EmailAddress>>);
+            _i5.Future<List<_i3.EmailAddress>>.value(<_i3.EmailAddress>[]),
+      ) as _i5.Future<List<_i3.EmailAddress>>);

  @override
-  _i4.Future<int> flushPendingChanges(
+  _i5.Future<int> flushPendingChanges(
    String? accountId,
    String? password,
  ) =>
@@ -519,42 +557,42 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            password,
          ],
        ),
-        returnValue: _i4.Future<int>.value(0),
-      ) as _i4.Future<int>);
+        returnValue: _i5.Future<int>.value(0),
+      ) as _i5.Future<int>);

  @override
-  _i4.Stream<List<_i2.FailedMutation>> observeFailedMutations(
+  _i5.Stream<List<_i3.FailedMutation>> observeFailedMutations(
          String? accountId) =>
      (super.noSuchMethod(
        Invocation.method(
          #observeFailedMutations,
          [accountId],
        ),
-        returnValue: _i4.Stream<List<_i2.FailedMutation>>.empty(),
-      ) as _i4.Stream<List<_i2.FailedMutation>>);
+        returnValue: _i5.Stream<List<_i3.FailedMutation>>.empty(),
+      ) as _i5.Stream<List<_i3.FailedMutation>>);

  @override
-  _i4.Future<void> discardMutation(int? id) => (super.noSuchMethod(
+  _i5.Future<void> discardMutation(int? id) => (super.noSuchMethod(
        Invocation.method(
          #discardMutation,
          [id],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<void> retryMutation(int? id) => (super.noSuchMethod(
+  _i5.Future<void> retryMutation(int? id) => (super.noSuchMethod(
        Invocation.method(
          #retryMutation,
          [id],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<bool> cancelPendingChange(
+  _i5.Future<bool> cancelPendingChange(
    String? emailId,
    String? changeType,
  ) =>
@@ -566,11 +604,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            changeType,
          ],
        ),
-        returnValue: _i4.Future<bool>.value(false),
-      ) as _i4.Future<bool>);
+        returnValue: _i5.Future<bool>.value(false),
+      ) as _i5.Future<bool>);

  @override
-  _i4.Future<void> snoozeEmail(
+  _i5.Future<void> snoozeEmail(
    String? emailId,
    DateTime? until,
  ) =>
@@ -582,32 +620,32 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            until,
          ],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<int> wakeUpEmails(String? accountId) => (super.noSuchMethod(
+  _i5.Future<int> wakeUpEmails(String? accountId) => (super.noSuchMethod(
        Invocation.method(
          #wakeUpEmails,
          [accountId],
        ),
-        returnValue: _i4.Future<int>.value(0),
-      ) as _i4.Future<int>);
+        returnValue: _i5.Future<int>.value(0),
+      ) as _i5.Future<int>);

  @override
-  _i4.Future<void> restoreEmails(List<_i2.Email>? emails) =>
+  _i5.Future<void> restoreEmails(List<_i3.Email>? emails) =>
      (super.noSuchMethod(
        Invocation.method(
          #restoreEmails,
          [emails],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);

  @override
-  _i4.Future<_i2.Email?> findEmailByMessageId(
+  _i5.Future<_i3.Email?> findEmailByMessageId(
    String? accountId,
    String? messageId,
  ) =>
@@ -619,20 +657,20 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            messageId,
          ],
        ),
-        returnValue: _i4.Future<_i2.Email?>.value(),
-      ) as _i4.Future<_i2.Email?>);
+        returnValue: _i5.Future<_i3.Email?>.value(),
+      ) as _i5.Future<_i3.Email?>);

  @override
-  _i4.Future<int> applySieveRules(String? accountId) => (super.noSuchMethod(
+  _i5.Future<int> applySieveRules(String? accountId) => (super.noSuchMethod(
        Invocation.method(
          #applySieveRules,
          [accountId],
        ),
-        returnValue: _i4.Future<int>.value(0),
-      ) as _i4.Future<int>);
+        returnValue: _i5.Future<int>.value(0),
+      ) as _i5.Future<int>);

  @override
-  _i4.Stream<void> watchJmapPush(
+  _i5.Stream<void> watchJmapPush(
    String? accountId,
    String? password,
  ) =>
@@ -644,11 +682,11 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            password,
          ],
        ),
-        returnValue: _i4.Stream<void>.empty(),
-      ) as _i4.Stream<void>);
+        returnValue: _i5.Stream<void>.empty(),
+      ) as _i5.Stream<void>);

  @override
-  _i4.Future<_i2.ReliabilityResult> verifySyncReliability(
+  _i5.Future<_i3.ReliabilityResult> verifySyncReliability(
    String? accountId,
    String? mailboxPath,
  ) =>
@@ -661,7 +699,7 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
          ],
        ),
        returnValue:
-            _i4.Future<_i2.ReliabilityResult>.value(_FakeReliabilityResult_2(
+            _i5.Future<_i3.ReliabilityResult>.value(_FakeReliabilityResult_3(
          this,
          Invocation.method(
            #verifySyncReliability,
@@ -671,15 +709,15 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
            ],
          ),
        )),
-      ) as _i4.Future<_i2.ReliabilityResult>);
+      ) as _i5.Future<_i3.ReliabilityResult>);

  @override
-  _i4.Future<void> clearForResync(String? accountId) => (super.noSuchMethod(
+  _i5.Future<void> clearForResync(String? accountId) => (super.noSuchMethod(
        Invocation.method(
          #clearForResync,
          [accountId],
        ),
-        returnValue: _i4.Future<void>.value(),
-        returnValueForMissingStub: _i4.Future<void>.value(),
-      ) as _i4.Future<void>);
+        returnValue: _i5.Future<void>.value(),
+        returnValueForMissingStub: _i5.Future<void>.value(),
+      ) as _i5.Future<void>);
 }
@@ -0,0 +1,156 @@
+import 'dart:async';
+import 'dart:io';
+
+import 'package:fake_async/fake_async.dart';
+import 'package:flutter/services.dart';
+import 'package:flutter_test/flutter_test.dart';
+import 'package:path_provider_platform_interface/path_provider_platform_interface.dart';
+import 'package:plugin_platform_interface/plugin_platform_interface.dart';
+
+import 'package:sharedinbox/data/db/database.dart';
+
+// Fake PathProviderPlatform that always throws PlatformException(channel-error)
+// to simulate the Pigeon channel not being ready at startup (issue #166).
+class _UnavailablePathProvider extends Fake
+    with MockPlatformInterfaceMixin
+    implements PathProviderPlatform {
+  @override
+  Future<String?> getApplicationSupportPath() async {
+    throw PlatformException(
+      code: 'channel-error',
+      message: 'Simulated: path_provider channel not ready',
+    );
+  }
+}
+
+// Fake PathProviderPlatform that fails the first [failCount] calls, then
+// returns a fixed path.  Used to exercise the retry loop in
+// _resolveDatabasePath() without waiting for real timers.
+class _SucceedAfterNPathProvider extends Fake
+    with MockPlatformInterfaceMixin
+    implements PathProviderPlatform {
+  _SucceedAfterNPathProvider({required this.failCount});
+
+  final int failCount;
+  int _callCount = 0;
+
+  @override
+  Future<String?> getApplicationSupportPath() async {
+    _callCount++;
+    if (_callCount <= failCount) {
+      throw PlatformException(
+        code: 'channel-error',
+        message: 'Simulated: path_provider channel not ready',
+      );
+    }
+    return '/tmp/test_app_support';
+  }
+}
+
+void main() {
+  TestWidgetsFlutterBinding.ensureInitialized();
+
+  // Regression test for https://codeberg.org/guettli/sharedinbox/issues/166:
+  // On some slow Android devices the path_provider Pigeon channel is not ready
+  // when initDatabasePath() runs before runApp(). initDatabasePath() must
+  // absorb the PlatformException and let the app start; _resolveDatabasePath()
+  // then retries with back-off on first DB access.
+  test(
+    'initDatabasePath completes without throwing when path_provider is unavailable',
+    () async {
+      final prev = PathProviderPlatform.instance;
+      PathProviderPlatform.instance = _UnavailablePathProvider();
+      addTearDown(() => PathProviderPlatform.instance = prev);
+
+      // Must not throw — the exception is swallowed so the app can continue.
+      await expectLater(initDatabasePath(), completes);
+    },
+  );
+
+  // Tests for _resolveDatabasePath() — the lazy retry path called on first DB
+  // access when initDatabasePath() already failed.  fake_async lets us advance
+  // the back-off timers without waiting real-world milliseconds.
+
+  test(
+    '_resolveDatabasePath retries and eventually succeeds after transient failures',
+    () {
+      resetDatabasePathForTesting();
+      final prev = PathProviderPlatform.instance;
+      // Fail 3 times, succeed on the 4th call.  The delays in
+      // _resolveDatabasePath are [200, 500, 1000, 2000, 4000] ms, so three
+      // failures cost 200+500+1000 = 1700 ms before the fourth attempt.
+      PathProviderPlatform.instance = _SucceedAfterNPathProvider(failCount: 3);
+      addTearDown(() {
+        PathProviderPlatform.instance = prev;
+        resetDatabasePathForTesting();
+      });
+
+      fakeAsync((fake) {
+        String? result;
+        unawaited(resolveDatabasePathForTesting().then((r) => result = r));
+
+        // Advance fake time through the three back-off delays.
+        fake.elapse(const Duration(milliseconds: 200 + 500 + 1000 + 1));
+
+        expect(result, isNotNull);
+        expect(result, endsWith('sharedinbox.db'));
+      });
+    },
+  );
+
+  test(
+    '_resolveDatabasePath throws PlatformException after exhausting all retries',
+    () {
+      resetDatabasePathForTesting();
+      final prev = PathProviderPlatform.instance;
+      PathProviderPlatform.instance = _UnavailablePathProvider();
+      addTearDown(() {
+        PathProviderPlatform.instance = prev;
+        resetDatabasePathForTesting();
+      });
+
+      fakeAsync((fake) {
+        Object? caughtError;
+        unawaited(
+          resolveDatabasePathForTesting().catchError((Object e) {
+            caughtError = e;
+            return ''; // ignored; satisfies the Future<String> return type
+          }),
+        );
+
+        // Advance past all five back-off delays: 200+500+1000+2000+4000 ms.
+        fake.elapse(
+          const Duration(milliseconds: 200 + 500 + 1000 + 2000 + 4000 + 1),
+        );
+
+        expect(caughtError, isA<PlatformException>());
+        expect(
+          (caughtError! as PlatformException).message,
+          contains('cannot open database'),
+        );
+      });
+    },
+    // The Android fallback runs only on Android, so on the host machine the
+    // exception is still thrown after all retries.  Skip on Android to avoid
+    // depending on /data/user/0/... being absent in the test environment.
+    skip: Platform.isAndroid,
+  );
+
+  // Regression test for issue #192: _androidFallbackPath must return null when
+  // the process cmdline does not look like an Android package name (e.g. on
+  // the host test machine where the process is the Dart executable).
+  test(
+    '_androidFallbackPath returns null when process name is not a package name',
+    () async {
+      // On non-Android platforms the host process cmdline is a file-system path
+      // (starts with '/'), which the fallback correctly rejects.  On Android
+      // the process IS named after the package — the fallback is free to
+      // succeed or return null depending on the device state; we do not assert
+      // here so as not to constrain Android behaviour.
+      if (!Platform.isAndroid) {
+        final result = await androidFallbackPathForTesting();
+        expect(result, isNull);
+      }
+    },
+  );
+}
@@ -14,6 +14,7 @@ import 'package:sharedinbox/data/repositories/mailbox_repository_impl.dart';

 import 'account_repository_impl_test.dart' show MapSecureStorage;
 import 'db_test_helper.dart';
+import 'fake_imap.dart' show SnoozeSpyImapClient;
 // ── Helpers ───────────────────────────────────────────────────────────────────

 const _account = Account(
@@ -432,5 +433,177 @@ void main() {
      expect(result, isNotNull);
      expect(result!.role, 'inbox');
    });
+
+    group('createMailboxWithRole', () {
+      test('IMAP: creates mailbox on server and persists with role', () async {
+        final spy = SnoozeSpyImapClient();
+        final db = openTestDatabase();
+        final accounts = AccountRepositoryImpl(db, MapSecureStorage());
+        final mailboxes = MailboxRepositoryImpl(
+          db,
+          accounts,
+          imapConnect: (_, __, ___) async => spy,
+        );
+        await accounts.addAccount(_account, 'pw');
+
+        final result = await mailboxes.createMailboxWithRole(
+          'acc-1',
+          'Archive',
+          'archive',
+        );
+
+        expect(spy.createdMailbox, 'Archive');
+        expect(result.name, 'Archive');
+        expect(result.role, 'archive');
+        expect(result.path, 'Archive');
+
+        final found = await mailboxes.findMailboxByRole('acc-1', 'archive');
+        expect(found, isNotNull);
+        expect(found!.name, 'Archive');
+      });
+
+      test('JMAP: creates mailbox on server and persists with role', () async {
+        final r = _makeRepos(
+          httpClient: _mockJmap(
+            apiResponses: [
+              {
+                'sessionState': 'sess1',
+                'methodResponses': [
+                  [
+                    'Mailbox/set',
+                    {
+                      'accountId': 'acct1',
+                      'created': {
+                        'new-mailbox': {'id': 'mbx-archive'},
+                      },
+                    },
+                    '0',
+                  ],
+                ],
+              },
+            ],
+          ),
+        );
+        await r.accounts.addAccount(_jmapAccount, 'pw');
+
+        final result = await r.mailboxes
+            .createMailboxWithRole('jmap-1', 'Archive', 'archive');
+
+        expect(result.name, 'Archive');
+        expect(result.role, 'archive');
+        expect(result.path, 'mbx-archive');
+
+        final found = await r.mailboxes.findMailboxByRole('jmap-1', 'archive');
+        expect(found, isNotNull);
+        expect(found!.name, 'Archive');
+      });
+
+      test(
+        'JMAP: throws when server returns no created ID',
+        () async {
+          final r = _makeRepos(
+            httpClient: _mockJmap(
+              apiResponses: [
+                {
+                  'sessionState': 'sess1',
+                  'methodResponses': [
+                    [
+                      'Mailbox/set',
+                      {
+                        'accountId': 'acct1',
+                        'created': null,
+                        'notCreated': {
+                          'new-mailbox': {'type': 'serverFail'},
+                        },
+                      },
+                      '0',
+                    ],
+                  ],
+                },
+              ],
+            ),
+          );
+          await r.accounts.addAccount(_jmapAccount, 'pw');
+
+          await expectLater(
+            r.mailboxes.createMailboxWithRole('jmap-1', 'Archive', 'archive'),
+            throwsA(isA<Exception>()),
+          );
+        },
+      );
+    });
+
+    group('syncMailboxes IMAP preserves manually-set role', () {
+      test('existing role is kept when server returns no special-use flag',
+          () async {
+        final spy = SnoozeSpyImapClient();
+        // Make listMailboxes return a plain folder without \Archive.
+        final db = openTestDatabase();
+        final accounts = AccountRepositoryImpl(db, MapSecureStorage());
+
+        // Override listMailboxes to return one plain folder.
+        final fakeClient = _PlainArchiveImapClient();
+        final mailboxes = MailboxRepositoryImpl(
+          db,
+          accounts,
+          imapConnect: (_, __, ___) async => fakeClient,
+        );
+        await accounts.addAccount(_account, 'pw');
+
+        // Pre-seed the DB with role='archive' (as if user created the folder).
+        await db.into(db.mailboxes).insert(
+              MailboxesCompanion.insert(
+                id: 'acc-1:Archive',
+                accountId: 'acc-1',
+                path: 'Archive',
+                name: 'Archive',
+                role: const Value('archive'),
+              ),
+            );
+
+        await mailboxes.syncMailboxes('acc-1');
+
+        final found = await mailboxes.findMailboxByRole('acc-1', 'archive');
+        expect(
+          found,
+          isNotNull,
+          reason: 'Manually-set role should be preserved after sync',
+        );
+        expect(found!.path, 'Archive');
+        // Suppress unused warning on spy.
+        expect(spy, isNotNull);
+      });
+    });
  });
 }
+
+/// Fake IMAP client that lists one mailbox named 'Archive' without any
+/// special-use flags, and logs out cleanly.
+class _PlainArchiveImapClient extends SnoozeSpyImapClient {
+  @override
+  Future<List<imap.Mailbox>> listMailboxes({
+    String path = '""',
+    bool recursive = false,
+    List<String>? mailboxPatterns,
+    List<String>? selectionOptions,
+    List<imap.ReturnOption>? returnOptions,
+  }) async =>
+      [
+        imap.Mailbox(
+          encodedName: 'Archive',
+          encodedPath: 'Archive',
+          pathSeparator: '/',
+          flags: [], // No \Archive special-use flag
+        ),
+      ];
+
+  @override
+  Future<imap.Mailbox> statusMailbox(
+    imap.Mailbox mailbox,
+    List<imap.StatusFlags> flags,
+  ) async =>
+      mailbox;
+
+  @override
+  Future<dynamic> logout() async {}
+}
@@ -14,7 +14,7 @@ void main() {
  group('Migration', () {
    test('schemaVersion matches expected value', () async {
      final db = AppDatabase(NativeDatabase.memory());
-      expect(db.schemaVersion, 32);
+      expect(db.schemaVersion, 36);
      await db.close();
    });

@@ -194,6 +194,21 @@ void main() {
      // v32: local_sieve_applied table.
      await db.customSelect('SELECT count(*) FROM local_sieve_applied').get();

+      // v33: error_stack_trace and is_permanent columns on sync_logs.
+      final syncLogColumns = await _tableColumns(db, 'sync_logs');
+      expect(syncLogColumns, contains('error_stack_trace'));
+      expect(syncLogColumns, contains('is_permanent'));
+
+      // v34: user_preferences table.
+      await db.customSelect('SELECT count(*) FROM user_preferences').get();
+
+      // v35: mail_view_button_position column on user_preferences.
+      final userPrefsColumns = await _tableColumns(db, 'user_preferences');
+      expect(userPrefsColumns, contains('mail_view_button_position'));
+
+      // v36: after_mail_view_action column on user_preferences.
+      expect(userPrefsColumns, contains('after_mail_view_action'));
+
      await db.close();
      if (dbFile.existsSync()) dbFile.deleteSync();
    });
@@ -381,11 +396,26 @@ void main() {
          await _tableColumns(db, 'sync_log_mailboxes');
      expect(syncLogMailboxColumns, contains('duration_ms'));

+      // v33: error_stack_trace and is_permanent columns on sync_logs.
+      final syncLogColumns = await _tableColumns(db, 'sync_logs');
+      expect(syncLogColumns, contains('error_stack_trace'));
+      expect(syncLogColumns, contains('is_permanent'));
+
+      // v34: user_preferences table.
+      await db.customSelect('SELECT count(*) FROM user_preferences').get();
+
+      // v35: mail_view_button_position column on user_preferences.
+      final userPrefsColumns = await _tableColumns(db, 'user_preferences');
+      expect(userPrefsColumns, contains('mail_view_button_position'));
+
+      // v36: after_mail_view_action column on user_preferences.
+      expect(userPrefsColumns, contains('after_mail_view_action'));
+
      await db.close();
      if (dbFile.existsSync()) dbFile.deleteSync();
    });

-    test('fresh install creates all tables at schemaVersion 32', () async {
+    test('fresh install creates all tables at schemaVersion 36', () async {
      final db = AppDatabase(NativeDatabase.memory());
      await db.select(db.accounts).get();

@@ -412,6 +442,7 @@ void main() {
          'local_sieve_scripts', // v29
          'share_keys', // v31
          'local_sieve_applied', // v32
+          'user_preferences', // v34
        ]),
      );

@@ -426,6 +457,18 @@ void main() {
          await _tableColumns(db, 'sync_log_mailboxes');
      expect(syncLogMailboxColumns, contains('duration_ms'));

+      // v33: error_stack_trace and is_permanent columns on sync_logs.
+      final syncLogColumns = await _tableColumns(db, 'sync_logs');
+      expect(syncLogColumns, contains('error_stack_trace'));
+      expect(syncLogColumns, contains('is_permanent'));
+
+      // v35: mail_view_button_position column on user_preferences.
+      final userPrefsColumns = await _tableColumns(db, 'user_preferences');
+      expect(userPrefsColumns, contains('mail_view_button_position'));
+
+      // v36: after_mail_view_action column on user_preferences.
+      expect(userPrefsColumns, contains('after_mail_view_action'));
+
      await db.close();
    });
  });
@@ -62,6 +62,21 @@ class _FakeMailboxes implements MailboxRepository {
      null;
  @override
  Future<void> clearForResync(String accountId) async {}
+  @override
+  Future<Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  ) async =>
+      Mailbox(
+        id: '$accountId:$name',
+        accountId: accountId,
+        path: name,
+        name: name,
+        role: role,
+        unreadCount: 0,
+        totalCount: 0,
+      );
 }

 class _FakeEmails implements EmailRepository {
@@ -54,6 +54,21 @@ class _FakeMailboxes implements MailboxRepository {
      null;
  @override
  Future<void> clearForResync(String accountId) async {}
+  @override
+  Future<Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  ) async =>
+      Mailbox(
+        id: '$accountId:$name',
+        accountId: accountId,
+        path: name,
+        name: name,
+        role: role,
+        unreadCount: 0,
+        totalCount: 0,
+      );
 }

 class _CountingEmails implements EmailRepository {
@@ -170,6 +185,8 @@ class _FakeSyncLog implements SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -126,4 +126,34 @@ void main() {
    expect(rows.first.result, 'error');
    expect(rows.first.errorMessage, 'Connection refused');
  });
+
+  test('stores and retrieves stackTrace and isPermanent on error entries',
+      () async {
+    final repo = SyncLogRepositoryImpl(db);
+    final start = DateTime(2024, 3, 1, 9);
+    final end = DateTime(2024, 3, 1, 9, 0, 1);
+    const fakeTrace = '#0 main (file:///app/lib/main.dart:10:5)';
+
+    await repo.log(
+      accountId: 'acc1',
+      success: false,
+      errorMessage: 'MissingPluginException',
+      stackTrace: fakeTrace,
+      isPermanent: true,
+      protocol: 'imap',
+      emailsFetched: 0,
+      emailsSkipped: 0,
+      mailboxesSynced: 0,
+      pendingFlushed: 0,
+      bytesTransferred: 0,
+      startedAt: start,
+      finishedAt: end,
+    );
+
+    final entries = await repo.observeSyncLogs('acc1').first;
+    final entry = entries.firstWhere((e) => e.startedAt == start);
+    expect(entry.stackTrace, fakeTrace);
+    expect(entry.isPermanent, true);
+    expect(entry.errorMessage, 'MissingPluginException');
+  });
 }
@@ -27,6 +27,22 @@ class MockUrlLauncher extends Mock
  }
 }

+class ThrowingUrlLauncher extends Mock
+    with MockPlatformInterfaceMixin
+    implements UrlLauncherPlatform {
+  @override
+  Future<bool> canLaunch(String? url) async => true;
+
+  @override
+  Future<bool> launchUrl(String? url, LaunchOptions? options) async {
+    throw PlatformException(
+      code: 'channel-error',
+      message: 'Unable to establish connection on channel: '
+          '"dev.flutter.pigeon.url_launcher_android.UrlLauncherApi.launchUrl".',
+    );
+  }
+}
+
 Widget _buildScreen({List<Account> accounts = const []}) {
  return ProviderScope(
    overrides: [
@@ -64,6 +80,9 @@ void main() {
    expect(find.textContaining('Dark Mode'), findsWidgets);
    expect(find.textContaining('IMAP Accounts'), findsWidgets);
    expect(find.textContaining('JMAP Accounts'), findsWidgets);
+    expect(find.textContaining('Locale'), findsWidgets);
+    expect(find.textContaining('Text Scale'), findsWidgets);
+    expect(find.textContaining('DB Schema Version'), findsWidgets);
    // Buttons are in the body, not in the AppBar actions
    expect(find.byIcon(Icons.copy), findsOneWidget);
    expect(find.byIcon(Icons.bug_report), findsOneWidget);
@@ -151,6 +170,13 @@ void main() {
    expect(clipboardText, contains('Dark Mode'));
    expect(clipboardText, contains('IMAP Accounts'));
    expect(clipboardText, contains('JMAP Accounts'));
+    expect(clipboardText, contains('Locale'));
+    expect(clipboardText, contains('Text Scale'));
+    expect(clipboardText, contains('DB Schema Version'));
+    expect(
+      clipboardText,
+      contains('[sharedinbox.de](https://sharedinbox.de)'),
+    );
  });

  testWidgets('AboutScreen create-issue button opens Codeberg URL', (
@@ -176,4 +202,24 @@ void main() {
    );
    expect(mock.launchedUrl, contains('1.2.3%2B99'));
  });
+
+  testWidgets(
+    'AboutScreen link tap with failed url_launcher shows error snackbar',
+    (tester) async {
+      tester.view.physicalSize = const Size(800, 1200);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(tester.view.resetPhysicalSize);
+      addTearDown(tester.view.resetDevicePixelRatio);
+
+      UrlLauncherPlatform.instance = ThrowingUrlLauncher();
+
+      await tester.pumpWidget(_buildScreen());
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.textContaining('sharedinbox.de').first);
+      await tester.pumpAndSettle();
+
+      expect(find.textContaining('Error:'), findsOneWidget);
+    },
+  );
 }
@@ -23,7 +23,7 @@ void main() {
      expect(find.byKey(const Key('scanEncryptedButton')), findsOneWidget);
    });

-    testWidgets('shows 20-minute expiry hint', (tester) async {
+    testWidgets('shows expiry countdown hint', (tester) async {
      await tester.pumpWidget(
        buildApp(
          initialLocation: '/accounts/receive',
@@ -32,8 +32,106 @@ void main() {
      );
      await tester.pumpAndSettle();

-      expect(find.textContaining('20 minutes'), findsOneWidget);
+      expect(find.textContaining('expires in'), findsOneWidget);
    });
+
+    testWidgets(
+      'step 2 button shows text-input fallback on platforms without camera',
+      (tester) async {
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts/receive',
+            overrides: baseOverrides(),
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        await tester.tap(find.byKey(const Key('scanEncryptedButton')));
+        await tester.pumpAndSettle();
+
+        // On Linux (desktop, no camera) the text fallback field must appear.
+        expect(find.byKey(const Key('encryptedCodeField')), findsOneWidget);
+      },
+    );
+
+    testWidgets(
+      'step 2 — valid encrypted QR imports account via text fallback',
+      (tester) async {
+        // Pre-generate a key pair so we can encrypt a QR code with the same
+        // material the screen will use for decryption.
+        final material = await ShareEncryptionService.generateKeyPair();
+        final repo = FakeShareKeyRepository(material: material);
+
+        const account = Account(
+          id: 'src-1',
+          displayName: 'Alice',
+          email: 'alice@example.com',
+          imapHost: 'imap.example.com',
+          smtpHost: 'smtp.example.com',
+        );
+
+        final encryptedQr = await ShareEncryptionService.encryptAccounts(
+          recipientKeyId: material.keyId,
+          recipientPublicKeyBytes: material.publicKeyBytes,
+          accounts: [
+            AccountPayload(
+              accountJson: account.toJson(),
+              password: 'secret',
+            ),
+          ],
+        );
+
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts/receive',
+            overrides: baseOverrides(shareKeyRepository: repo),
+          ),
+        );
+        await tester.pumpAndSettle(); // key generation completes
+
+        await tester.tap(find.byKey(const Key('scanEncryptedButton')));
+        await tester.pumpAndSettle();
+
+        await tester.enterText(
+          find.byKey(const Key('encryptedCodeField')),
+          encryptedQr,
+        );
+        await tester.tap(find.text('Import'));
+        await tester.pumpAndSettle();
+
+        expect(
+          find.text('Imported 1 account successfully.'),
+          findsOneWidget,
+        );
+      },
+    );
+
+    testWidgets(
+      'step 2 — invalid encrypted QR shows error and returns to pub-key step',
+      (tester) async {
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts/receive',
+            overrides: baseOverrides(),
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        await tester.tap(find.byKey(const Key('scanEncryptedButton')));
+        await tester.pumpAndSettle();
+
+        await tester.enterText(
+          find.byKey(const Key('encryptedCodeField')),
+          'not-a-valid-qr-code',
+        );
+        await tester.tap(find.text('Import'));
+        await tester.pumpAndSettle();
+
+        // Screen returns to the pub-key step with an error message visible.
+        expect(find.byKey(const Key('pubKeyQrCode')), findsOneWidget);
+        expect(find.textContaining('Import failed:'), findsWidgets);
+      },
+    );
  });

  group('AccountSendScreen', () {
@@ -1,5 +1,6 @@
 import 'package:flutter/material.dart';
 import 'package:flutter_test/flutter_test.dart';
+import 'package:sharedinbox/data/db/database.dart' show SyncHealthRow;

 import 'helpers.dart';

@@ -206,5 +207,74 @@ void main() {
      expect(tester.takeException(), isNull);
      expect(find.text('sharedinbox.de'), findsOneWidget);
    });
+
+    testWidgets('shows Healthy when sync health is healthy', (tester) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts',
+          overrides: baseOverrides(
+            accounts: [kTestAccount],
+            syncHealth: SyncHealthRow(
+              accountId: kTestAccount.id,
+              lastVerifiedAt: DateTime(2024, 6),
+              isHealthy: true,
+            ),
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(find.textContaining('Healthy'), findsOneWidget);
+    });
+
+    testWidgets(
+      'shows discrepancy details when sync health has discrepancies',
+      (tester) async {
+        const summary =
+            '{"INBOX":{"missingLocally":3,"missingOnServer":0,"flagMismatches":1}}';
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts',
+            overrides: baseOverrides(
+              accounts: [kTestAccount],
+              syncHealth: SyncHealthRow(
+                accountId: kTestAccount.id,
+                lastVerifiedAt: DateTime(2024, 6),
+                isHealthy: false,
+                discrepancySummary: summary,
+              ),
+            ),
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        expect(find.textContaining('missing locally: 3'), findsOneWidget);
+        expect(find.textContaining('flag mismatches: 1'), findsOneWidget);
+      },
+    );
+
+    testWidgets(
+      'sync health row is positioned below the account name row',
+      (tester) async {
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts',
+            overrides: baseOverrides(
+              accounts: [kTestAccount],
+              syncHealth: SyncHealthRow(
+                accountId: kTestAccount.id,
+                lastVerifiedAt: DateTime(2024, 6),
+                isHealthy: true,
+              ),
+            ),
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        final namePos = tester.getTopLeft(find.text('Alice')).dy;
+        final healthPos = tester.getTopLeft(find.textContaining('Healthy')).dy;
+        expect(healthPos, greaterThan(namePos));
+      },
+    );
  });
 }
@@ -0,0 +1,54 @@
+import 'dart:convert';
+
+import 'package:flutter/material.dart';
+import 'package:flutter/services.dart';
+import 'package:flutter_test/flutter_test.dart';
+import 'package:sharedinbox/ui/screens/changelog_screen.dart';
+
+class _FakeAssetBundle extends CachingAssetBundle {
+  final Map<String, String> _assets;
+  _FakeAssetBundle(this._assets);
+
+  @override
+  Future<ByteData> load(String key) async {
+    if (_assets.containsKey(key)) {
+      final encoded = utf8.encode(_assets[key]!);
+      return ByteData.view(Uint8List.fromList(encoded).buffer);
+    }
+    throw FlutterError('Asset not found: "$key"');
+  }
+}
+
+const _fakeChangelog =
+    '* 2024-01-01 feat: initial release\n* 2024-01-02 fix: resolve crash\n';
+
+void main() {
+  testWidgets('ChangeLogScreen shows changelog content', (tester) async {
+    await tester.pumpWidget(
+      DefaultAssetBundle(
+        bundle: _FakeAssetBundle({'assets/changelog.txt': _fakeChangelog}),
+        child: const MaterialApp(home: ChangeLogScreen()),
+      ),
+    );
+    await tester.pumpAndSettle();
+
+    expect(find.text('ChangeLog'), findsOneWidget);
+    expect(find.textContaining('initial release'), findsOneWidget);
+    expect(find.textContaining('resolve crash'), findsOneWidget);
+    expect(find.textContaining('Error loading changelog'), findsNothing);
+  });
+
+  testWidgets('ChangeLogScreen shows error when asset is missing', (
+    tester,
+  ) async {
+    await tester.pumpWidget(
+      DefaultAssetBundle(
+        bundle: _FakeAssetBundle({}),
+        child: const MaterialApp(home: ChangeLogScreen()),
+      ),
+    );
+    await tester.pumpAndSettle();
+
+    expect(find.textContaining('Error loading changelog'), findsOneWidget);
+  });
+}
@@ -1,5 +1,6 @@
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:flutter_test/flutter_test.dart';
 import 'package:go_router/go_router.dart';

@@ -1,4 +1,5 @@
 import 'package:flutter/material.dart';
+import 'package:flutter/services.dart';
 import 'package:flutter_test/flutter_test.dart';
 import 'package:mockito/mockito.dart';
 import 'package:package_info_plus/package_info_plus.dart';
@@ -76,6 +77,232 @@ void main() {
    expect(mock.launchedUrl, isNot(contains('Stack%20Trace')));
  });

+  testWidgets(
+    'CrashScreen copy-to-clipboard includes version and platform info',
+    (tester) async {
+      tester.view.physicalSize = const Size(800, 1200);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(() => tester.view.resetPhysicalSize());
+
+      String? clipboardText;
+      tester.binding.defaultBinaryMessenger.setMockMethodCallHandler(
+        SystemChannels.platform,
+        (MethodCall call) async {
+          if (call.method == 'Clipboard.setData') {
+            clipboardText =
+                (call.arguments as Map<dynamic, dynamic>)['text'] as String?;
+          }
+          return null;
+        },
+      );
+      addTearDown(
+        () => tester.binding.defaultBinaryMessenger
+            .setMockMethodCallHandler(SystemChannels.platform, null),
+      );
+
+      const exception = 'TestException: clipboard test';
+      final stackTrace = StackTrace.current;
+
+      await tester.pumpWidget(
+        MaterialApp(
+          home: CrashScreen(exception: exception, stackTrace: stackTrace),
+        ),
+      );
+
+      await tester.tap(find.text('Copy to Clipboard'));
+      await tester.pump();
+      await tester.pump();
+      await tester.pumpAndSettle();
+
+      expect(clipboardText, isNotNull);
+      expect(clipboardText, contains('App Version: 1.0.0+42'));
+      expect(clipboardText, contains('Build Mode:'));
+      expect(clipboardText, contains('Platform:'));
+      expect(clipboardText, contains('Dart:'));
+      expect(clipboardText, contains('Timestamp:'));
+      expect(clipboardText, contains('TestException: clipboard test'));
+      // GIT_HASH is empty in test builds — no Git Commit line expected
+      expect(clipboardText, isNot(contains('Git Commit:')));
+    },
+  );
+
+  testWidgets(
+    'CrashScreen shows git hash as clickable link above stacktrace',
+    (tester) async {
+      tester.view.physicalSize = const Size(800, 1200);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(() => tester.view.resetPhysicalSize());
+
+      final mock = MockUrlLauncher();
+      UrlLauncherPlatform.instance = mock;
+
+      const exception = 'TestException: git hash test';
+      final stackTrace = StackTrace.current;
+      const testHash = 'abc1234';
+
+      await tester.pumpWidget(
+        CrashScreen(
+          exception: exception,
+          stackTrace: stackTrace,
+          gitHash: testHash,
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // Git hash link should be present
+      final gitLinkFinder = find.textContaining('Git Commit: abc1234');
+      expect(gitLinkFinder, findsOneWidget);
+
+      // Link must appear above the stack trace
+      final stackTraceFinder = find.text('Stack Trace:');
+      expect(
+        tester.getTopLeft(gitLinkFinder).dy,
+        lessThan(tester.getTopLeft(stackTraceFinder).dy),
+      );
+
+      // Tapping the link should open the Codeberg commit URL
+      await tester.tap(gitLinkFinder);
+      await tester.pumpAndSettle();
+
+      expect(
+        mock.launchedUrl,
+        equals('https://codeberg.org/guettli/sharedinbox/commit/abc1234'),
+      );
+    },
+  );
+
+  testWidgets(
+    'CrashScreen shows version, build mode, and platform in the UI',
+    (tester) async {
+      tester.view.physicalSize = const Size(800, 1200);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(() => tester.view.resetPhysicalSize());
+
+      const exception = 'TestException: info row test';
+      final stackTrace = StackTrace.current;
+
+      await tester.pumpWidget(
+        MaterialApp(
+          home: CrashScreen(exception: exception, stackTrace: stackTrace),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // Info row shows app version (from mock), build mode, and platform OS.
+      expect(find.textContaining('1.0.0+42'), findsWidgets);
+      // In test builds kDebugMode is true.
+      expect(find.textContaining('debug'), findsOneWidget);
+      // Platform OS is always present (linux in CI, android/ios on device).
+      expect(
+        find.textContaining(RegExp(r'linux|android|ios|windows|macos')),
+        findsWidgets,
+      );
+    },
+  );
+
+  testWidgets(
+    'CrashScreen shows app version as clickable link when git hash is set',
+    (tester) async {
+      tester.view.physicalSize = const Size(800, 1200);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(() => tester.view.resetPhysicalSize());
+
+      final mock = MockUrlLauncher();
+      UrlLauncherPlatform.instance = mock;
+
+      const exception = 'TestException: version link test';
+      final stackTrace = StackTrace.current;
+      const testHash = 'abc1234';
+
+      await tester.pumpWidget(
+        CrashScreen(
+          exception: exception,
+          stackTrace: stackTrace,
+          gitHash: testHash,
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // App version link should be present (mocked as 1.0.0+42)
+      final versionLinkFinder = find.textContaining('App Version: 1.0.0+42');
+      expect(versionLinkFinder, findsOneWidget);
+
+      // It must appear above the git hash link
+      final gitLinkFinder = find.textContaining('Git Commit: abc1234');
+      expect(
+        tester.getTopLeft(versionLinkFinder).dy,
+        lessThan(tester.getTopLeft(gitLinkFinder).dy),
+      );
+
+      // Tapping it should open the Codeberg commit URL
+      await tester.tap(versionLinkFinder);
+      await tester.pumpAndSettle();
+
+      expect(
+        mock.launchedUrl,
+        equals('https://codeberg.org/guettli/sharedinbox/commit/abc1234'),
+      );
+    },
+  );
+
+  testWidgets(
+    'CrashScreen copy-to-clipboard includes app version as markdown link when git hash is set',
+    (tester) async {
+      tester.view.physicalSize = const Size(800, 1200);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(() => tester.view.resetPhysicalSize());
+
+      String? clipboardText;
+      tester.binding.defaultBinaryMessenger.setMockMethodCallHandler(
+        SystemChannels.platform,
+        (MethodCall call) async {
+          if (call.method == 'Clipboard.setData') {
+            clipboardText =
+                (call.arguments as Map<dynamic, dynamic>)['text'] as String?;
+          }
+          return null;
+        },
+      );
+      addTearDown(
+        () => tester.binding.defaultBinaryMessenger
+            .setMockMethodCallHandler(SystemChannels.platform, null),
+      );
+
+      const exception = 'TestException: version link clipboard test';
+      final stackTrace = StackTrace.current;
+      const testHash = 'abc1234';
+
+      await tester.pumpWidget(
+        CrashScreen(
+          exception: exception,
+          stackTrace: stackTrace,
+          gitHash: testHash,
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Copy to Clipboard'));
+      await tester.pump();
+      await tester.pump();
+      await tester.pumpAndSettle();
+
+      expect(clipboardText, isNotNull);
+      // App Version must be a markdown link pointing to the commit
+      expect(
+        clipboardText,
+        contains(
+          'App Version: [1.0.0+42](https://codeberg.org/guettli/sharedinbox/commit/abc1234)',
+        ),
+      );
+      expect(
+        clipboardText,
+        contains(
+          'Git Commit: [abc1234](https://codeberg.org/guettli/sharedinbox/commit/abc1234)',
+        ),
+      );
+    },
+  );
+
  testWidgets(
    'CrashScreen used as root widget — buttons work without ScaffoldMessenger crash',
    (tester) async {
@@ -105,6 +105,88 @@ void main() {
      expect(find.text('Edit account'), findsNothing);
    });

+    testWidgets(
+        'try connection button is disabled when no password stored or entered',
+        (
+      tester,
+    ) async {
+      tester.view.physicalSize = const Size(800, 1400);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(tester.view.resetPhysicalSize);
+      addTearDown(tester.view.resetDevicePixelRatio);
+
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/edit',
+          overrides: baseOverrides(
+            accounts: [kTestAccount],
+            hasStoredPassword: false,
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      final button = tester.widget<OutlinedButton>(
+        find.byKey(const Key('editTryConnectionButton')),
+      );
+      expect(button.onPressed, isNull);
+    });
+
+    testWidgets(
+        'try connection button is enabled after typing password with no stored password',
+        (tester) async {
+      tester.view.physicalSize = const Size(800, 1400);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(tester.view.resetPhysicalSize);
+      addTearDown(tester.view.resetDevicePixelRatio);
+
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/edit',
+          overrides: baseOverrides(
+            accounts: [kTestAccount],
+            hasStoredPassword: false,
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.enterText(
+        find.byKey(const Key('editPasswordField')),
+        'mypassword',
+      );
+      await tester.pump();
+
+      final button = tester.widget<OutlinedButton>(
+        find.byKey(const Key('editTryConnectionButton')),
+      );
+      expect(button.onPressed, isNotNull);
+    });
+
+    testWidgets('save button is disabled when no password stored or entered', (
+      tester,
+    ) async {
+      tester.view.physicalSize = const Size(800, 1400);
+      tester.view.devicePixelRatio = 1.0;
+      addTearDown(tester.view.resetPhysicalSize);
+      addTearDown(tester.view.resetDevicePixelRatio);
+
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/edit',
+          overrides: baseOverrides(
+            accounts: [kTestAccount],
+            hasStoredPassword: false,
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      final button = tester
+          .widget<FilledButton>(find.widgetWithText(FilledButton, 'Save'));
+      expect(button.onPressed, isNull);
+    });
+
    testWidgets('connection error shows error message', (tester) async {
      tester.view.physicalSize = const Size(800, 1400);
      tester.view.devicePixelRatio = 1.0;
@@ -3,7 +3,7 @@ import 'dart:convert';
 import 'dart:io';

 import 'package:flutter/material.dart';
-import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:flutter_test/flutter_test.dart';
 import 'package:path_provider_platform_interface/path_provider_platform_interface.dart';

@@ -179,6 +179,218 @@ void main() {
      expect(find.text('report.pdf'), findsOneWidget);
    });

+    testWidgets('Reply All button is not present in app bar', (tester) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: _overrides(
+            body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(
+        find.byWidgetPredicate(
+          (w) => w is Tooltip && w.message == 'Reply all',
+        ),
+        findsNothing,
+      );
+    });
+
+    testWidgets('Reply on single-recipient email navigates directly to compose',
+        (tester) async {
+      // testEmail has from=[bob], to=[alice]. After removing alice (own),
+      // only bob remains → no dialog, navigate straight to compose.
+      final email = testEmail();
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: [
+            ..._overrides(
+              body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+              email: email,
+            ),
+            draftRepositoryProvider.overrideWithValue(FakeDraftRepository()),
+          ],
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(
+        find.byWidgetPredicate(
+          (w) => w is Tooltip && w.message == 'Reply',
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // No dialog shown — straight navigation to compose.
+      expect(find.text('Reply All'), findsNothing);
+    });
+
+    testWidgets('Reply on multi-recipient email shows Reply All dialog',
+        (tester) async {
+      // Email with an extra Cc recipient so the dialog is triggered.
+      final email = Email(
+        id: 'acc-1:42',
+        accountId: 'acc-1',
+        mailboxPath: 'INBOX',
+        uid: 42,
+        subject: 'Hello world',
+        receivedAt: DateTime(2024, 6),
+        sentAt: DateTime(2024, 6),
+        from: const [EmailAddress(name: 'Bob', email: 'bob@example.com')],
+        to: const [EmailAddress(email: 'alice@example.com')],
+        cc: const [EmailAddress(name: 'Carol', email: 'carol@example.com')],
+        isSeen: false,
+        isFlagged: false,
+        hasAttachment: false,
+      );
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: _overrides(
+            body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+            email: email,
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(
+        find.byWidgetPredicate(
+          (w) => w is Tooltip && w.message == 'Reply',
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // Dialog must appear with title 'Reply All'.
+      expect(find.text('Reply All'), findsOneWidget);
+      // Both non-own addresses should be listed in the dialog.
+      expect(find.textContaining('bob@example.com'), findsAtLeastNWidgets(1));
+      expect(find.textContaining('carol@example.com'), findsAtLeastNWidgets(1));
+    });
+
+    testWidgets('Mark as spam is in popup menu, not a standalone button',
+        (tester) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: _overrides(
+            body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // No standalone icon button for mark as spam.
+      expect(
+        find.byWidgetPredicate(
+          (w) => w is Tooltip && w.message == 'Mark as spam',
+        ),
+        findsNothing,
+      );
+
+      // It appears in the popup menu.
+      await tester.tap(find.byType(PopupMenuButton<String>));
+      await tester.pumpAndSettle();
+
+      expect(find.text('Mark as spam'), findsOneWidget);
+    });
+
+    testWidgets('Mark as spam shows dialog when no junk folder',
+        (tester) async {
+      // FakeMailboxRepository has no mailboxes by default → findMailboxByRole
+      // returns null → dialog shown.
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: _overrides(
+            body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // Open the popup menu first, then tap Mark as spam.
+      await tester.tap(find.byType(PopupMenuButton<String>));
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Mark as spam'));
+      await tester.pumpAndSettle();
+
+      expect(find.text('No spam folder found'), findsOneWidget);
+    });
+
+    testWidgets('Archive button is present in app bar', (tester) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: _overrides(
+            body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(
+        find.byWidgetPredicate(
+          (w) => w is Tooltip && w.message == 'Archive',
+        ),
+        findsOneWidget,
+      );
+    });
+
+    testWidgets('Archive shows dialog when no archive folder', (tester) async {
+      // FakeMailboxRepository has no mailboxes by default → findMailboxByRole
+      // returns null → dialog shown.
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: _overrides(
+            body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(
+        find.byWidgetPredicate(
+          (w) => w is Tooltip && w.message == 'Archive',
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(find.text('No archive folder found'), findsOneWidget);
+    });
+
+    testWidgets('Mark as unread is in popup menu, not a standalone button',
+        (tester) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+          overrides: _overrides(
+            body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+          ),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // No standalone icon button for mark as unread.
+      expect(
+        find.byWidgetPredicate(
+          (w) => w is Tooltip && w.message == 'Mark as unread',
+        ),
+        findsNothing,
+      );
+
+      // It appears in the popup menu.
+      await tester.tap(find.byType(PopupMenuButton<String>));
+      await tester.pumpAndSettle();
+
+      expect(find.text('Mark as unread'), findsOneWidget);
+    });
+
    testWidgets('Show Raw Email dialog shows size of email', (tester) async {
      // 'A' * 2048 → fmtSize(2048) == '2.0 KB'
      final rawContent = 'A' * 2048;
@@ -271,6 +483,44 @@ void main() {
      expect(find.text('Share'), findsOneWidget);
    });

+    testWidgets(
+      'long-press on unsubscribe chip shows URL tooltip',
+      (tester) async {
+        final email = testEmail(
+          listUnsubscribeHeader: '<https://example.com/unsubscribe>',
+        );
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation:
+                '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+            overrides: _overrides(
+              body: const EmailBody(emailId: 'acc-1:42', attachments: []),
+              email: email,
+            ),
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        expect(find.text('Unsubscribe'), findsOneWidget);
+
+        expect(
+          find.byWidgetPredicate(
+            (w) =>
+                w is Tooltip && w.message == 'https://example.com/unsubscribe',
+          ),
+          findsOneWidget,
+        );
+
+        await tester.longPress(find.text('Unsubscribe'));
+        await tester.pumpAndSettle();
+
+        expect(
+          find.text('https://example.com/unsubscribe'),
+          findsOneWidget,
+        );
+      },
+    );
+
    testWidgets('Show Mail Structure opens dialog with MIME parts', (
      tester,
    ) async {
@@ -1,5 +1,5 @@
 import 'package:flutter/material.dart';
-import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:flutter_test/flutter_test.dart';

 import 'package:sharedinbox/core/models/email.dart';
@@ -2,6 +2,7 @@ import 'package:flutter/material.dart';
 import 'package:flutter_test/flutter_test.dart';

 import 'package:sharedinbox/core/models/email.dart';
+import 'package:sharedinbox/core/models/mailbox.dart';
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/screens/email_detail_screen.dart';
 import 'package:sharedinbox/ui/screens/email_list_screen.dart';
@@ -315,7 +316,7 @@ void main() {
      await tester.pumpAndSettle();

      expect(find.text('INBOX'), findsOneWidget);
-      expect(find.byType(BottomAppBar), findsNothing);
+      expect(find.byIcon(Icons.close), findsNothing);
    });

    testWidgets('tapping clear icon in search bar clears results', (
@@ -631,5 +632,150 @@ void main() {

      expect(find.text('This is the preview text'), findsOneWidget);
    });
+
+    group('archive with missing folder', () {
+      testWidgets('shows dialog when archive folder is not found', (
+        tester,
+      ) async {
+        final email = testEmail(subject: 'To archive');
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails',
+            overrides: [
+              accountRepositoryProvider.overrideWithValue(
+                FakeAccountRepository([kTestAccount]),
+              ),
+              // No archive folder in the repo.
+              mailboxRepositoryProvider.overrideWithValue(
+                FakeMailboxRepository(),
+              ),
+              emailRepositoryProvider.overrideWithValue(
+                FakeEmailRepository(emails: [email]),
+              ),
+            ],
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        // Enter selection mode and tap archive.
+        await tester.longPress(find.text('To archive'));
+        await tester.pumpAndSettle();
+        await tester.tap(find.byIcon(Icons.archive));
+        await tester.pumpAndSettle();
+
+        expect(find.text('No archive folder found'), findsOneWidget);
+        expect(find.text('Choose existing folder'), findsOneWidget);
+        expect(find.text('Create "Archive"'), findsOneWidget);
+      });
+
+      testWidgets('tapping Create creates the folder and moves emails', (
+        tester,
+      ) async {
+        final email = testEmail(subject: 'To archive');
+        final movedTo = <String>[];
+
+        final fakeEmailRepo = _SpyEmailRepository(
+          emails: [email],
+          onMove: (id, path) => movedTo.add(path),
+        );
+
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails',
+            overrides: [
+              accountRepositoryProvider.overrideWithValue(
+                FakeAccountRepository([kTestAccount]),
+              ),
+              mailboxRepositoryProvider.overrideWithValue(
+                FakeMailboxRepository(),
+              ),
+              emailRepositoryProvider.overrideWithValue(fakeEmailRepo),
+            ],
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        await tester.longPress(find.text('To archive'));
+        await tester.pumpAndSettle();
+        await tester.tap(find.byIcon(Icons.archive));
+        await tester.pumpAndSettle();
+
+        // Tap "Create Archive".
+        await tester.tap(find.text('Create "Archive"'));
+        await tester.pumpAndSettle();
+
+        expect(movedTo, contains('Archive'));
+      });
+
+      testWidgets(
+        'tapping Choose existing opens folder picker and moves emails',
+        (tester) async {
+          final email = testEmail(subject: 'To archive');
+          final movedTo = <String>[];
+
+          final fakeEmailRepo = _SpyEmailRepository(
+            emails: [email],
+            onMove: (id, path) => movedTo.add(path),
+          );
+          const archiveFolder = Mailbox(
+            id: 'acc-1:OldArchive',
+            accountId: 'acc-1',
+            path: 'OldArchive',
+            name: 'OldArchive',
+            unreadCount: 0,
+            totalCount: 0,
+          );
+
+          await tester.pumpWidget(
+            buildApp(
+              initialLocation: '/accounts/acc-1/mailboxes/INBOX/emails',
+              overrides: [
+                accountRepositoryProvider.overrideWithValue(
+                  FakeAccountRepository([kTestAccount]),
+                ),
+                // Repo has a folder but it has no 'archive' role.
+                mailboxRepositoryProvider.overrideWithValue(
+                  FakeMailboxRepository([archiveFolder]),
+                ),
+                emailRepositoryProvider.overrideWithValue(fakeEmailRepo),
+              ],
+            ),
+          );
+          await tester.pumpAndSettle();
+
+          await tester.longPress(find.text('To archive'));
+          await tester.pumpAndSettle();
+          await tester.tap(find.byIcon(Icons.archive));
+          await tester.pumpAndSettle();
+
+          // Tap "Choose existing folder".
+          await tester.tap(find.text('Choose existing folder'));
+          await tester.pumpAndSettle();
+
+          // Bottom sheet with folder list appears.
+          expect(find.text('OldArchive'), findsOneWidget);
+
+          await tester.tap(find.text('OldArchive'));
+          await tester.pumpAndSettle();
+
+          expect(movedTo, contains('OldArchive'));
+        },
+      );
+    });
  });
 }
+
+/// Email repository spy that records [moveEmail] calls.
+class _SpyEmailRepository extends FakeEmailRepository {
+  _SpyEmailRepository({
+    super.emails,
+    required void Function(String emailId, String path) onMove,
+  }) : _onMove = onMove;
+
+  final void Function(String emailId, String path) _onMove;
+
+  @override
+  Future<void> moveEmail(String emailId, String destMailboxPath) async {
+    _onMove(emailId, destMailboxPath);
+  }
+}
@@ -6,6 +6,7 @@

 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;
 import 'package:go_router/go_router.dart';

 import 'package:sharedinbox/core/models/account.dart';
@@ -13,16 +14,20 @@ import 'package:sharedinbox/core/models/discovery_result.dart';
 import 'package:sharedinbox/core/models/draft.dart';
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/mailbox.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/repositories/account_repository.dart';
 import 'package:sharedinbox/core/repositories/draft_repository.dart';
 import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
 import 'package:sharedinbox/core/repositories/search_history_repository.dart';
 import 'package:sharedinbox/core/repositories/share_key_repository.dart';
+import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
+import 'package:sharedinbox/core/repositories/user_preferences_repository.dart';
 import 'package:sharedinbox/core/services/account_discovery_service.dart';
 import 'package:sharedinbox/core/services/connection_test_service.dart';
 import 'package:sharedinbox/core/services/managesieve_probe_service.dart';
 import 'package:sharedinbox/core/services/share_encryption_service.dart';
+import 'package:sharedinbox/data/db/database.dart' show SyncHealthRow;
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/screens/account_list_screen.dart';
 import 'package:sharedinbox/ui/screens/account_receive_screen.dart';
@@ -36,17 +41,19 @@ import 'package:sharedinbox/ui/screens/email_list_screen.dart';
 import 'package:sharedinbox/ui/screens/mailbox_list_screen.dart';
 import 'package:sharedinbox/ui/screens/search_screen.dart';
 import 'package:sharedinbox/ui/screens/thread_detail_screen.dart';
+import 'package:sharedinbox/ui/screens/user_preferences_screen.dart';

 // ---------------------------------------------------------------------------
 // Fake repositories
 // ---------------------------------------------------------------------------

 class FakeAccountRepository implements AccountRepository {
-  final List<Account> _accounts;
-
  FakeAccountRepository([List<Account>? accounts])
      : _accounts = List.of(accounts ?? []);

+  final List<Account> _accounts;
+  bool hasPassword = true;
+
  @override
  Stream<List<Account>> observeAccounts() => Stream.value(List.of(_accounts));

@@ -73,15 +80,22 @@ class FakeAccountRepository implements AccountRepository {
      _accounts.removeWhere((a) => a.id == id);

  @override
-  Future<String> getPassword(String accountId) async => 'test-password';
+  Future<String> getPassword(String accountId) async {
+    if (!hasPassword) {
+      throw StateError('No password stored for account $accountId');
+    }
+    return 'test-password';
+  }
 }

 class FakeShareKeyRepository implements ShareKeyRepository {
+  FakeShareKeyRepository({ShareKeyMaterial? material}) : _material = material;
+
  ShareKeyMaterial? _material;

  @override
  Future<ShareKeyMaterial> createKeyPair() async {
-    _material = await ShareEncryptionService.generateKeyPair();
+    _material ??= await ShareEncryptionService.generateKeyPair();
    return _material!;
  }

@@ -154,8 +168,28 @@ class FakeMailboxRepository implements MailboxRepository {
  @override
  Future<Mailbox?> findMailboxByRole(String accountId, String role) async =>
      _mailboxes.where((m) => m.role == role).firstOrNull;
+
  @override
  Future<void> clearForResync(String accountId) async {}
+
+  @override
+  Future<Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  ) async {
+    final mailbox = Mailbox(
+      id: '$accountId:$name',
+      accountId: accountId,
+      path: name,
+      name: name,
+      role: role,
+      unreadCount: 0,
+      totalCount: 0,
+    );
+    _mailboxes.add(mailbox);
+    return mailbox;
+  }
 }

 class FakeEmailRepository implements EmailRepository {
@@ -380,6 +414,7 @@ class _NoOpManageSieveProbeService implements ManageSieveProbeService {
 Widget buildApp({
  required String initialLocation,
  required List<Override> overrides,
+  UserPreferencesRepository? userPreferences,
 }) {
  final testRouter = GoRouter(
    initialLocation: initialLocation,
@@ -400,6 +435,10 @@ Widget buildApp({
            path: 'send',
            builder: (ctx, state) => const AccountSendScreen(),
          ),
+          GoRoute(
+            path: 'preferences',
+            builder: (ctx, state) => const UserPreferencesScreen(),
+          ),
          GoRoute(
            path: ':accountId/edit',
            builder: (ctx, state) => EditAccountScreen(
@@ -473,10 +512,20 @@ Widget buildApp({
  );

  return ProviderScope(
-    // Always neutralise the ManageSieve probe so widget tests never open a
-    // real socket. Tests that need to assert on probe behaviour should supply
-    // their own override before this default in [overrides].
+    // Defaults come first so tests can override them via [overrides].
+    //
+    // syncLogRepositoryProvider is backed by a Drift StreamQuery. When the
+    // provider is disposed, Drift schedules a Timer.run() for cache
+    // debouncing. Flutter's test framework then fails the test with "A Timer
+    // is still pending". Replacing it with a synchronous stream avoids this.
+    // syncHealthProvider has the same issue and is overridden in baseOverrides.
    overrides: [
+      syncLogRepositoryProvider.overrideWithValue(
+        const NoOpSyncLogRepository(),
+      ),
+      userPreferencesRepositoryProvider.overrideWithValue(
+        userPreferences ?? FakeUserPreferencesRepository(),
+      ),
      ...overrides,
      manageSieveProbeServiceProvider.overrideWith(
        (ref) => _NoOpManageSieveProbeService(),
@@ -501,10 +550,14 @@ List<Override> baseOverrides({
  List<Mailbox>? mailboxes,
  DiscoveryResult? discovery,
  Exception? connectionError,
+  ShareKeyRepository? shareKeyRepository,
+  bool hasStoredPassword = true,
+  SyncHealthRow? syncHealth,
 }) =>
    [
-      accountRepositoryProvider
-          .overrideWithValue(FakeAccountRepository(accounts)),
+      accountRepositoryProvider.overrideWithValue(
+        FakeAccountRepository(accounts)..hasPassword = hasStoredPassword,
+      ),
      mailboxRepositoryProvider
          .overrideWithValue(FakeMailboxRepository(mailboxes)),
      emailRepositoryProvider.overrideWithValue(FakeEmailRepository()),
@@ -515,7 +568,12 @@ List<Override> baseOverrides({
      connectionTestServiceProvider.overrideWithValue(
        FakeConnectionTestService(error: connectionError),
      ),
-      shareKeyRepositoryProvider.overrideWithValue(FakeShareKeyRepository()),
+      shareKeyRepositoryProvider.overrideWithValue(
+        shareKeyRepository ?? FakeShareKeyRepository(),
+      ),
+      // syncHealthProvider is backed by a Drift StreamQuery; override with a
+      // plain stream to avoid "A Timer is still pending" in tests.
+      syncHealthProvider.overrideWith((ref, _) => Stream.value(syncHealth)),
    ];

 // ---------------------------------------------------------------------------
@@ -545,6 +603,7 @@ Email testEmail({
  bool isSeen = false,
  bool isFlagged = false,
  bool hasAttachment = false,
+  String? listUnsubscribeHeader,
 }) =>
    Email(
      id: id,
@@ -560,8 +619,45 @@ Email testEmail({
      isSeen: isSeen,
      isFlagged: isFlagged,
      hasAttachment: hasAttachment,
+      listUnsubscribeHeader: listUnsubscribeHeader,
    );

+class FakeUserPreferencesRepository implements UserPreferencesRepository {
+  FakeUserPreferencesRepository({
+    this.menuPosition = MenuPosition.bottom,
+    this.mailViewButtonPosition = MenuPosition.bottom,
+    this.afterMailViewAction = AfterMailViewAction.nextMessage,
+  });
+
+  MenuPosition menuPosition;
+  MenuPosition mailViewButtonPosition;
+  AfterMailViewAction afterMailViewAction;
+
+  @override
+  Stream<UserPreferences> observePreferences() => Stream.value(
+        UserPreferences(
+          menuPosition: menuPosition,
+          mailViewButtonPosition: mailViewButtonPosition,
+          afterMailViewAction: afterMailViewAction,
+        ),
+      );
+
+  @override
+  Future<void> updateMenuPosition(MenuPosition position) async {
+    menuPosition = position;
+  }
+
+  @override
+  Future<void> updateMailViewButtonPosition(MenuPosition position) async {
+    mailViewButtonPosition = position;
+  }
+
+  @override
+  Future<void> updateAfterMailViewAction(AfterMailViewAction action) async {
+    afterMailViewAction = action;
+  }
+}
+
 class FakeSearchHistoryRepository implements SearchHistoryRepository {
  final List<String> _history = [];

@@ -41,6 +41,20 @@ void main() {
      expect(html, contains('https: http: data: blob:'));
      _expectLightMode(html);
    });
+
+    test('prevents horizontal overflow so wide HTML emails are not cut off',
+        () {
+      final html =
+          buildEmailHtml('<table width="600"><tr><td>x</td></tr></table>');
+      // Body clips overflow so fixed-width email tables don't escape the viewport.
+      expect(html, contains('overflow-x: hidden'));
+      // Tables are forced to full viewport width so fixed pixel widths don't overflow.
+      expect(html, contains('table { width: 100%'));
+      // All elements are capped at viewport width via max-width.
+      expect(html, contains('max-width: 100%'));
+      // Pre-formatted text wraps instead of stretching the page.
+      expect(html, contains('white-space: pre-wrap'));
+    });
  });

  // On Linux (the test host) the widget falls back to plain text extracted via
@@ -2,6 +2,7 @@ import 'package:flutter/material.dart';
 import 'package:flutter_test/flutter_test.dart';

 import 'package:sharedinbox/core/models/email.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/di.dart';

 import 'helpers.dart';
@@ -142,6 +143,60 @@ void main() {
      expect(find.byIcon(Icons.expand_more), findsOneWidget);
    });

+    testWidgets('shows bottom app bar with back button by default', (
+      tester,
+    ) async {
+      final email = _threadEmail();
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/threads/thread-1',
+          overrides: [
+            accountRepositoryProvider.overrideWithValue(
+              FakeAccountRepository([kTestAccount]),
+            ),
+            mailboxRepositoryProvider.overrideWithValue(
+              FakeMailboxRepository(),
+            ),
+            emailRepositoryProvider.overrideWithValue(
+              FakeEmailRepository(emails: [email]),
+            ),
+          ],
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(find.byType(BottomAppBar), findsOneWidget);
+      expect(find.byIcon(Icons.arrow_back), findsOneWidget);
+    });
+
+    testWidgets('hides bottom app bar when button position is top', (
+      tester,
+    ) async {
+      final email = _threadEmail();
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/acc-1/mailboxes/INBOX/threads/thread-1',
+          userPreferences: FakeUserPreferencesRepository(
+            mailViewButtonPosition: MenuPosition.top,
+          ),
+          overrides: [
+            accountRepositoryProvider.overrideWithValue(
+              FakeAccountRepository([kTestAccount]),
+            ),
+            mailboxRepositoryProvider.overrideWithValue(
+              FakeMailboxRepository(),
+            ),
+            emailRepositoryProvider.overrideWithValue(
+              FakeEmailRepository(emails: [email]),
+            ),
+          ],
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(find.byType(BottomAppBar), findsNothing);
+    });
+
    testWidgets('flagged email shows star icon', (tester) async {
      final email = _threadEmail(isFlagged: true);
      await tester.pumpWidget(
@@ -0,0 +1,186 @@
+import 'package:flutter/material.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_test/flutter_test.dart';
+
+import 'package:sharedinbox/core/models/user_preferences.dart';
+import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/screens/user_preferences_screen.dart';
+
+import 'helpers.dart';
+
+void main() {
+  group('UserPreferencesScreen', () {
+    testWidgets('shows both menu position options', (tester) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(find.text('Menu bar position'), findsOneWidget);
+      expect(find.text('Bottom (default)'), findsNWidgets(2));
+      expect(find.text('Top'), findsNWidgets(2));
+    });
+
+    testWidgets('shows single mail view button position section', (
+      tester,
+    ) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      expect(
+        find.text('Single mail view button position'),
+        findsOneWidget,
+      );
+    });
+
+    testWidgets('menu position bottom option is selected by default', (
+      tester,
+    ) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      final radioGroups = find.byType(RadioGroup<MenuPosition>);
+      final menuGroup =
+          tester.widget<RadioGroup<MenuPosition>>(radioGroups.first);
+      expect(menuGroup.groupValue, MenuPosition.bottom);
+    });
+
+    testWidgets('mail view button position bottom is selected by default', (
+      tester,
+    ) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      final radioGroups = find.byType(RadioGroup<MenuPosition>);
+      final mailViewGroup =
+          tester.widget<RadioGroup<MenuPosition>>(radioGroups.last);
+      expect(mailViewGroup.groupValue, MenuPosition.bottom);
+    });
+
+    testWidgets('tapping Top in menu position section updates the repo', (
+      tester,
+    ) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Top').first);
+      await tester.pumpAndSettle();
+
+      final repo = ProviderScope.containerOf(
+        tester.element(find.byType(UserPreferencesScreen)),
+      ).read(userPreferencesRepositoryProvider)
+          as FakeUserPreferencesRepository;
+
+      expect(repo.menuPosition, MenuPosition.top);
+    });
+
+    testWidgets(
+        'tapping Top in mail view button position section updates the repo', (
+      tester,
+    ) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Top').last);
+      await tester.pumpAndSettle();
+
+      final repo = ProviderScope.containerOf(
+        tester.element(find.byType(UserPreferencesScreen)),
+      ).read(userPreferencesRepositoryProvider)
+          as FakeUserPreferencesRepository;
+
+      expect(repo.mailViewButtonPosition, MenuPosition.top);
+    });
+
+    testWidgets('shows after mail action section', (tester) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      // Scroll down to reveal the new section below the fold.
+      await tester.drag(find.byType(ListView), const Offset(0, -500));
+      await tester.pumpAndSettle();
+
+      expect(find.text('After mail action'), findsOneWidget);
+      expect(find.text('Next message (default)'), findsOneWidget);
+      expect(find.text('Return to mailbox'), findsOneWidget);
+    });
+
+    testWidgets('after mail action next message is selected by default', (
+      tester,
+    ) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.drag(find.byType(ListView), const Offset(0, -500));
+      await tester.pumpAndSettle();
+
+      final radioGroups = find.byType(RadioGroup<AfterMailViewAction>);
+      final group =
+          tester.widget<RadioGroup<AfterMailViewAction>>(radioGroups.first);
+      expect(group.groupValue, AfterMailViewAction.nextMessage);
+    });
+
+    testWidgets('tapping Return to mailbox updates the repo', (
+      tester,
+    ) async {
+      await tester.pumpWidget(
+        buildApp(
+          initialLocation: '/accounts/preferences',
+          overrides: baseOverrides(),
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.drag(find.byType(ListView), const Offset(0, -500));
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Return to mailbox'));
+      await tester.pumpAndSettle();
+
+      final repo = ProviderScope.containerOf(
+        tester.element(find.byType(UserPreferencesScreen)),
+      ).read(userPreferencesRepositoryProvider)
+          as FakeUserPreferencesRepository;
+
+      expect(repo.afterMailViewAction, AfterMailViewAction.showMailbox);
+    });
+  });
+}
@@ -25,7 +25,8 @@ The app processes the following data **exclusively on your device**:
  device's secure storage and never transmitted to us.
 - **Email messages and attachments** — fetched directly from your email provider's IMAP server and
  displayed in the app. We never receive, store, or process your emails.
- **App settings and configuration** — stored locally on your device.
+- **App settings and configuration** — stored locally on your device. The app will never upload
+  this data to sharedinbox.de or any third-party service.

 ### Network connections