ci: retrigger after Dagger engine restart

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.forgejo/workflows/ci.yml

@@ -4,6 +4,7 @@ jobs:
   check:
     name: Full Project Check
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v4
       - name: Setup Dagger Remote Engine

.forgejo/workflows/windows-nightly.yml

@@ -10,6 +10,7 @@ jobs:
     # Disabled until a self-hosted runner with label "windows-runner" is registered.
     name: Build & Deploy Windows (Nightly)
     runs-on: windows-runner
+    timeout-minutes: 90
     if: false
 
     steps:

.fvmrc

@@ -1,3 +1,3 @@
 {
-  "flutter": "3.44.1"
+  "flutter": "3.44.0"
 }

.pre-commit-config.yaml

@@ -10,6 +10,11 @@ repos:
       - id: end-of-file-fixer
       - id: trailing-whitespace
 
+  - repo: https://github.com/guettli/sync-branch
+    rev: v0.0.11
+    hooks:
+      - id: sync-branch
+
   - repo: local
     hooks:
       - id: check-no-binary
@@ -27,7 +32,7 @@ repos:
       - id: dart-check
         name: dart format (autofix) + check-fast (parallel)
         language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command scripts/pre_commit_check.sh'
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command dagger call --progress=plain -q -m ci --source=. check-fast'
         pass_filenames: false
         always_run: true
       - id: ci-no-direct-dagger
@@ -47,4 +52,4 @@ repos:
         language: system
         entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command task check-ci-images'
         pass_filenames: false
-        files: ^ci/main\.go$
+        files: ^(ci/main\.go|\.fvmrc)$

PLAN_ISSUE_21.md

@@ -1,59 +0,0 @@
-# Implementation Plan: Secure WebView for HTML Emails (#21)
-
-## Goal
-Replace the current `flutter_html` based rendering with a hardened WebView-based approach to improve rendering fidelity while strictly enforcing security and privacy.
-
-## 1. Dependency Management
-- **Core**: `webview_flutter` (v4+)
-- **Linux Platform**: `webview_flutter_linux` (Official community-supported or WebKitGTK based implementation). *Note: I will verify the exact package name during implementation.*
-- **Utilities**: `url_launcher` (existing) for opening links in the system browser.
-
-## 2. Secure WebView Component (`lib/ui/widgets/secure_email_webview.dart`)
-Create a new widget `SecureEmailWebView` that encapsulates the `WebViewWidget` and its controller.
-
-### Configuration & Hardening
-- **Disable JavaScript**: `controller.setJavaScriptMode(JavaScriptMode.disabled)`.
-- **Background**: Match the application theme (e.g., transparent or surface color).
-- **Security Headers/CSP**: Inject a Content Security Policy via `<meta>` tag in the HTML wrapper:
-  - `default-src 'none'; style-src 'unsafe-inline'; img-src 'self' data:;` (Blocks all external assets by default).
-
-### Image Blocking Logic
-- **Initial State**: Block remote images by injecting a CSP that restricts `img-src` to `data:` and local schemes.
-- **Toggle Mechanism**:
-  - Provide a "Load Remote Images" button in the Flutter UI.
-  - When triggered, re-render the HTML with an updated CSP: `img-src * data:;`.
-
-### Link Interception & Phishing Protection
-- Implement `NavigationDelegate.onNavigationRequest`.
-- **Process**:
-  1. Intercept any URL that doesn't start with `about:blank` or `data:`.
-  2. Block the navigation in the WebView.
-  3. Trigger a Flutter `showDialog` for confirmation.
-- **Phishing Protection Dialog**:
-  - Show the full URL.
-  - **Bold the FQDN**: Parse the URL using `Uri.parse`.
-    - Example: `https://`**`important-bank.com`**`/login`
-  - "Open in Browser" button uses `url_launcher`.
-
-## 3. Integration Plan
-### Step 1: Initialization
-Modify `lib/main.dart` to initialize the Linux WebView platform (using `webview_flutter_linux` or similar) during app startup.
-
-### Step 2: Replace Renderer in Screens
-- **EmailDetailScreen**: Replace `Html(...)` with `SecureEmailWebView(html: body.htmlBody!)`.
-- **ThreadDetailScreen**: Replace `Html(...)` with `SecureEmailWebView(html: body.htmlBody!)`.
-- Remove `flutter_html` imports and dependencies once migration is complete.
-
-## 4. Verification & Security Audit
-- **Manual Tests**:
-  - Open emails with complex HTML layouts.
-  - Verify images are blocked initially.
-  - Verify "Load images" works.
-  - Click various links (http, https, mailto) and verify the confirmation dialog and FQDN bolding.
-- **Security Check**:
-  - Verify that `<script>` tags are not executed.
-  - Verify no network requests for external images occur before user consent (via DevTools or proxy).
-
-## 5. Potential Challenges
-- **Linux WebView Stability**: WebKitGTK on Linux can sometimes have rendering or sizing issues in Flutter.
-- **Scrolling**: Ensuring the WebView integrates smoothly into the `ListView` of the email detail screen (might require fixed height or `SizedBox`).

PLAN_SNOOZE.md

@@ -1,46 +0,0 @@
-# Snooze Feature Plan
-
-## Goal
-Allow users to snooze emails, moving them to a special folder and bringing them back to the Inbox at a specified time. Snooze data must be stored in the account (IMAP/JMAP) for cross-device synchronization.
-
-## Technical Approach
-
-### 1. Metadata Storage (Account Sync)
-- **Keyword format:** `snz:<ISO8601_TIMESTAMP>` (e.g., `snz:2026-05-10T15:00:00Z`).
-- **JMAP:** Use `keywords`.
-- **IMAP:** Use User Flags (keywords).
-
-### 2. Database Changes
-- **Migration v22:**
-    - `Emails` table:
-        - `snoozedUntil` (DateTime, nullable)
-        - `snoozedFromMailboxPath` (String, nullable) - to remember where to move it back (usually INBOX).
-    - Index on `snoozedUntil`.
-
-### 3. Repository Updates (`EmailRepository`)
-- New method: `Future<void> snoozeEmail(String emailId, DateTime until)`
-    - Optimistically update local DB.
-    - Enqueue `snooze` change.
-- New method: `Future<int> wakeUpEmails(String accountId)`
-    - Find local rows where `snoozedUntil <= now`.
-    - Enqueue `move` back to original mailbox.
-    - Clear snooze metadata.
-
-### 4. Sync Loop Integration
-- In `AccountSyncManager`, call `wakeUpEmails(accountId)` at the start of each sync cycle.
-- Update IMAP/JMAP sync logic to parse `snz:` keywords and update local `snoozedUntil` / `snoozedFromMailboxPath`.
-
-### 5. UI Implementation
-- **Snooze Picker:** A dialog with options like "Later today", "Tomorrow morning", "Next week", "Custom".
-- **Action:** Add "Snooze" icon to `EmailListScreen` selection bar and `EmailDetailScreen`.
-- **Mailbox:** Ensure a "Snoozed" mailbox exists (create if missing).
-
-## Implementation Steps
-1. [ ] Database migration and model updates.
-2. [ ] Repository implementation for `snoozeEmail` and `wakeUpEmails`.
-3. [ ] Update flush logic for IMAP and JMAP to handle `snooze` mutations.
-4. [ ] Update sync logic to parse snooze keywords.
-5. [ ] Integrate `wakeUpEmails` into the sync loop.
-6. [ ] UI: Snooze picker dialog.
-7. [ ] UI: Add Snooze action to list and detail screens.
-8. [ ] Testing and validation.

README.md

@@ -216,8 +216,3 @@ test/
 - **Settings** — list and remove accounts
 - **Search** — IMAP server-side search (subject + body); results shown inline, no navigation change
 - **Offline-first** — all reads come from local Drift/SQLite DB; network only for sync and send
-# CI Trigger
-# CI Trigger 2
-# Dummy commit to verify CI fixes
-# Dummy commit 3
-# CI Trigger 1780415300

Taskfile.yml

@@ -96,34 +96,19 @@ tasks:
       - scripts/silent_on_success.sh fvm flutter pub run build_runner build --delete-conflicting-outputs
 
   codegen:
-    desc: Generate Drift DB code (run after any schema change)
-    deps: [_preflight, _pub-get]
-    sources:
-      - lib/**/*.dart
-      - pubspec.yaml
-    generates:
-      - lib/**/*.g.dart
+    desc: Generate Drift DB code via Dagger (exports generated files back to host)
     cmds:
-      - fvm flutter pub run build_runner build --delete-conflicting-outputs
+      - dagger call --progress=plain -q -m ci --source=. codegen -o .
 
   analyze:
-    desc: Static analysis (flutter analyze)
-    deps: [_preflight, _codegen]
-    sources:
-      - lib/**/*.dart
-      - test/**/*.dart
-      - pubspec.yaml
-      - analysis_options.yaml
+    desc: Static analysis via Dagger (dart analyze --fatal-infos)
     cmds:
-      - scripts/run_analyze.sh
+      - dagger call --progress=plain -q -m ci --source=. analyze
 
   format:
-    desc: Format all Dart source files
-    deps: [_preflight]
-    sources:
-      - "**/*.dart"
+    desc: Format all Dart source files via Dagger (writes back to host)
     cmds:
-      - fvm dart format lib test
+      - dagger call --progress=plain -q -m ci --source=. format-write -o .
 
   check-mocks:
     desc: Fail if any *.mocks.dart file is out of date (re-runs build_runner)
@@ -136,13 +121,9 @@ tasks:
       - scripts/check_mocks_fresh.sh
 
   analyze-fix:
-    desc: Auto-fix lint issues with dart fix --apply
-    deps: [_preflight]
-    sources:
-      - lib/**/*.dart
-      - test/**/*.dart
+    desc: Auto-fix lint issues via Dagger (dart fix --apply, writes back to host)
     cmds:
-      - fvm dart fix --apply
+      - dagger call --progress=plain -q -m ci --source=. analyze-fix -o .
 
   test:
     desc: Unit tests + coverage gate (fails if any non-excluded lib/ file is missing)
@@ -177,17 +158,17 @@ tasks:
   test-backend:
     desc: Backend tests against a local Stalwart mail server (via Dagger)
     cmds:
-      - dagger call --progress=plain -q -m ci --source=. test-backend
+      - timeout --kill-after=10 600 dagger call --progress=plain -q -m ci --source=. test-backend
 
   integration-ui:
     desc: UI E2E tests on Linux via Xvfb — headless, no emulator needed (via Dagger)
     cmds:
-      - dagger call --progress=plain -q -m ci --source=. test-integration
+      - timeout --kill-after=10 600 dagger call --progress=plain -q -m ci --source=. test-integration
 
   sync-reliability:
     desc: Run sync reliability runner (via Dagger)
     cmds:
-      - dagger call --progress=plain -q -m ci --source=. test-sync-reliability
+      - timeout --kill-after=10 600 dagger call --progress=plain -q -m ci --source=. test-sync-reliability
 
   test-android-firebase:
     desc: Build Android debug APKs and run instrumented tests on Firebase Test Lab (via Dagger)
@@ -202,7 +183,7 @@ tasks:
   ci-graph:
     desc: Print a Mermaid diagram of the CI pipeline — paste into mermaid.live or any Markdown renderer
     cmds:
-      - dagger call --progress=plain -q -m ci --source=. graph
+      - timeout --kill-after=10 60 dagger call --progress=plain -q -m ci --source=. graph
 
   stalwart:
     desc: Start a Stalwart instance for local development (via Dagger)
@@ -218,13 +199,13 @@ tasks:
       - sh: test -n "$SSH_KNOWN_HOSTS"
         msg: "SSH_KNOWN_HOSTS is not set"
     cmds:
-      - HASH=$(git rev-parse --short HEAD) && scripts/silent_on_success.sh dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
+      - HASH=$(git rev-parse --short HEAD) && scripts/silent_on_success.sh timeout --kill-after=10 1800 dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
 
   build-android-bundle:
     desc: Build AAB via Dagger (cached, versionCode=1 placeholder) and export locally
     cmds:
       - mkdir -p build/app/outputs/bundle/release
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. build-android-release --commit-hash "$HASH" -o build/app/outputs/bundle/release/app-release.aab
+      - HASH=$(git rev-parse --short HEAD) && timeout --kill-after=10 1800 dagger call --progress=plain -q -m ci --source=. build-android-release --commit-hash "$HASH" -o build/app/outputs/bundle/release/app-release.aab
 
   upload-android-bundle:
     desc: Upload AAB from build/ to Play Store via Dagger
@@ -234,7 +215,7 @@ tasks:
       - sh: test -f build/app/outputs/bundle/release/app-release.aab
         msg: "AAB not found — run build-android-bundle first"
     cmds:
-      - dagger call --progress=plain -q -m ci --source=. upload-to-play-store --aab build/app/outputs/bundle/release/app-release.aab --play-store-config env:PLAY_STORE_CONFIG_JSON
+      - timeout --kill-after=10 600 dagger call --progress=plain -q -m ci --source=. upload-to-play-store --aab build/app/outputs/bundle/release/app-release.aab --play-store-config env:PLAY_STORE_CONFIG_JSON
 
   publish-android:
     desc: Build cached AAB, stamp versionCode, sign, and publish to Play Store via Dagger
@@ -247,7 +228,7 @@ tasks:
       - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
         msg: "ANDROID_KEYSTORE_PASSWORD is not set"
     cmds:
-      - HASH=$(git rev-parse --short HEAD) && scripts/silent_on_success.sh dagger call --progress=plain -q -m ci --source=. publish-android --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --commit-hash "$HASH"
+      - HASH=$(git rev-parse --short HEAD) && scripts/silent_on_success.sh timeout --kill-after=10 1800 dagger call --progress=plain -q -m ci --source=. publish-android --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --commit-hash "$HASH"
 
   deploy-apk:
     desc: Build and deploy Android APK via Dagger
@@ -261,7 +242,7 @@ tasks:
       - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
         msg: "ANDROID_KEYSTORE_PASSWORD is not set"
     cmds:
-      - HASH=$(git rev-parse --short HEAD) && scripts/silent_on_success.sh dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
+      - HASH=$(git rev-parse --short HEAD) && scripts/silent_on_success.sh timeout --kill-after=10 1800 dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
 
   publish-website:
     desc: Build and publish website via Dagger
@@ -271,7 +252,7 @@ tasks:
       - sh: test -n "$SSH_KNOWN_HOSTS"
         msg: "SSH_KNOWN_HOSTS is not set"
     cmds:
-      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
+      - HASH=$(git rev-parse --short HEAD) && timeout --kill-after=10 600 dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
 
   check-dagger:
     desc: Run full check suite via Dagger (with OTEL timing report if python3 is available)
@@ -351,7 +332,7 @@ tasks:
       - sh: test -n "$RENOVATE_FORGEJO_TOKEN"
         msg: "RENOVATE_FORGEJO_TOKEN is not set"
     cmds:
-      - dagger call --progress=plain -q -m ci --source=. renovate --renovate-token env:RENOVATE_FORGEJO_TOKEN
+      - timeout --kill-after=10 1800 dagger call --progress=plain -q -m ci --source=. renovate --renovate-token env:RENOVATE_FORGEJO_TOKEN
 
   integration-android:
     desc: UI integration tests on a connected Android emulator (Stalwart on host, emulator reaches it via 10.0.2.2)
@@ -427,7 +408,7 @@ tasks:
         echo "Uploaded $TARBALL and updated latest.json"
 
   deploy-bugreport:
-    desc: Build and deploy the Go bugreport server to the webserver
+    desc: Deploy the Go bugreport server by restarting the systemd service (it pulls latest code from Codeberg)
     preconditions:
       - sh: test -n "$SSH_USER"
         msg: "SSH_USER is not set"
@@ -436,14 +417,11 @@ tasks:
       - sh: test -n "$SSH_KNOWN_HOSTS"
         msg: "SSH_KNOWN_HOSTS is not set"
     cmds:
-      - cd server/bugreport && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o ../../build/bugreport-server .
       - |
         mkdir -p ~/.ssh
         printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
-        ssh "$SSH_USER@$SSH_HOST" "mkdir -p bugreport/reports"
-        scp build/bugreport-server "$SSH_USER@$SSH_HOST:bugreport/bugreport-server"
-        ssh "root@$SSH_HOST" "systemctl daemon-reload && systemctl restart bugreport"
-        echo "Uploaded bugreport-server to $SSH_HOST and restarted service"
+        ssh "root@$SSH_HOST" "systemctl restart bugreport"
+        echo "Restarted bugreport service on $SSH_HOST to pull latest code from Codeberg"
 
   build-windows-release:
     desc: Build the Windows desktop app (release) — must run on a Windows machine with MSVC
@@ -544,15 +522,14 @@ tasks:
   deploy-android-bundle:
     desc: Build release AAB and upload to Play Store internal track (local/fvm)
     deps: [build-android-bundle-local]
-    preconditions:
-      - sh: test -n "$PLAY_STORE_CONFIG_JSON"
-        msg: "PLAY_STORE_CONFIG_JSON is not set"
+    dotenv: [".env"]
     cmds:
-      - python3 scripts/deploy_playstore.py
+      - sops exec-env secrets.enc.yaml 'python3 scripts/deploy_playstore.py'
 
   build-android-bundle-local:
     desc: Build a release App Bundle (AAB) locally via fvm (not Dagger)
     deps: [_preflight, _android-sdk-check, _codegen, generate-changelog]
+    dotenv: [".env"]
     method: timestamp
     sources:
       - lib/**/*.dart
@@ -561,7 +538,7 @@ tasks:
     generates:
       - build/app/outputs/bundle/release/app-release.aab
     cmds:
-      - ANDROID_HOME=${ANDROID_HOME:-$HOME/Android/Sdk} fvm flutter build appbundle --release --no-pub --build-number $(date +%s) --build-name $(date +%y%m%d-%H%M) --dart-define=GIT_HASH=$(git rev-parse --short HEAD) | grep -Ev "was tree-shaken|Tree-shaking can be disabled"
+      - sops exec-env secrets.enc.yaml 'bash scripts/build_android_bundle_local.sh'
 
   deploy-android:
     desc: Build release APK and upload via scp to $ANDROID_APK_SCP_USER@$ANDROID_APK_SCP_HOST:$ANDROID_APK_SCP_PATH
@@ -691,8 +668,9 @@ tasks:
           ${SSH_USER}@${SSH_HOST}:public_html/
 
   check-fast:
-    desc: Pre-commit checks — analyze + unit+widget tests + coverage gate (no build, no integration)
-    deps: [analyze, check-coverage, check-hygiene, check-layers, check-mocks]
+    desc: Pre-commit checks via Dagger (format, analyze, mocks, coverage — no integration or backend)
+    cmds:
+      - dagger call --progress=plain -q -m ci --source=. check-fast
 
   check-layers:
     desc: Enforce architecture — ui/ must not import data/ (only core/ interfaces allowed)

android/app/build.gradle.kts

@@ -22,15 +22,17 @@ android {
         }
     }
 
-    signingConfigs {
-        create("release") {
-            // Hardcoded alias matching t.sh
-            keyAlias = "upload"
-            // Use the same password for both key and keystore
-            val pass = System.getenv("ANDROID_KEYSTORE_PASSWORD")
-            storePassword = pass
-            keyPassword = pass
-            storeFile = file("upload-keystore.jks")
+    val ksPath: String? = System.getenv("ANDROID_KEYSTORE_PATH")
+
+    if (ksPath != null) {
+        signingConfigs {
+            create("release") {
+                keyAlias = "upload"
+                val pass = System.getenv("ANDROID_KEYSTORE_PASSWORD") ?: ""
+                storePassword = pass
+                keyPassword = pass
+                storeFile = file(ksPath)
+            }
         }
     }
 
@@ -46,14 +48,9 @@ android {
 
     buildTypes {
         release {
-            // Use the signing config defined above for release builds.
-            // If the keystore file exists (e.g. in CI or manually placed), sign it.
-            signingConfig = if (signingConfigs.getByName("release").storeFile?.exists() == true) {
-                signingConfigs.getByName("release")
-            } else {
-                signingConfigs.getByName("debug")
+            if (ksPath != null) {
+                signingConfig = signingConfigs.getByName("release")
             }
-
             isMinifyEnabled = false
             isShrinkResources = false
             ndk {

android/gradle/wrapper/gradle-wrapper.properties

@@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.5-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.5.1-all.zip

ci/main.go

@@ -440,6 +440,68 @@ func (m *Ci) Format(ctx context.Context) (string, error) {
 		Stdout(ctx)
 }
 
+// FormatWrite formats Dart files and exports the modified /src directory.
+func (m *Ci) FormatWrite() *dagger.Directory {
+	return m.setup(m.checkSrc()).
+		WithExec([]string{"dart", "format", "lib", "test"}).
+		Directory("/src")
+}
+
+// Analyze runs static analysis with dart analyze --fatal-infos.
+func (m *Ci) Analyze(ctx context.Context) (string, error) {
+	return m.setup(m.checkSrc()).
+		WithExec([]string{"dart", "analyze", "--fatal-infos"}).
+		Stdout(ctx)
+}
+
+// Codegen runs build_runner and exports the modified /src directory.
+func (m *Ci) Codegen() *dagger.Directory {
+	return m.codegenBase().Directory("/src")
+}
+
+// AnalyzeFix runs dart fix --apply and exports the modified /src directory.
+func (m *Ci) AnalyzeFix() *dagger.Directory {
+	return m.setup(m.checkSrc()).
+		WithExec([]string{"dart", "fix", "--apply"}).
+		Directory("/src")
+}
+
+// CheckFast runs fast checks (hygiene, layers, format, analyze, mocks, coverage) in parallel.
+func (m *Ci) CheckFast(ctx context.Context) (string, error) {
+	ctx, cancel := context.WithTimeout(ctx, 15*time.Minute)
+	defer cancel()
+
+	var eg errgroup.Group
+	eg.Go(func() error {
+		_, err := m.CheckHygiene(ctx)
+		return err
+	})
+	eg.Go(func() error {
+		_, err := m.CheckLayers(ctx)
+		return err
+	})
+	eg.Go(func() error {
+		_, err := m.Format(ctx)
+		return err
+	})
+	eg.Go(func() error {
+		_, err := m.Analyze(ctx)
+		return err
+	})
+	eg.Go(func() error {
+		_, err := m.CheckGenerated(ctx)
+		return err
+	})
+	eg.Go(func() error {
+		_, err := m.Coverage(ctx)
+		return err
+	})
+	if err := eg.Wait(); err != nil {
+		return "", err
+	}
+	return "All fast checks passed!", nil
+}
+
 // CheckGenerated verifies that all generated files (*.g.dart, *.mocks.dart) are up to date.
 // It snapshots the committed source (including any stale generated files) before
 // running build_runner, so git diff detects real staleness instead of always
@@ -687,7 +749,8 @@ func (m *Ci) setupKeystore(keystoreBase64 *dagger.Secret, keystorePassword *dagg
 	return m.androidBase().
 		WithSecretVariable("ANDROID_KEYSTORE_BASE64", keystoreBase64).
 		WithSecretVariable("ANDROID_KEYSTORE_PASSWORD", keystorePassword).
-		WithExec([]string{"/bin/sh", "-c", `echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > android/app/upload-keystore.jks`})
+		WithExec([]string{"/bin/sh", "-c", `echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > /tmp/upload-keystore.jks`}).
+		WithEnvVariable("ANDROID_KEYSTORE_PATH", "/tmp/upload-keystore.jks")
 }
 
 // BuildAndroidApk builds a release APK signed with the upload key.

go.mod

@@ -0,0 +1,3 @@
+module codeberg.org/guettli/sharedinbox
+
+go 1.22

lib/ui/router.dart

@@ -21,6 +21,7 @@ import 'package:sharedinbox/ui/screens/sieve_script_edit_screen.dart';
 import 'package:sharedinbox/ui/screens/sieve_scripts_screen.dart';
 import 'package:sharedinbox/ui/screens/sync_log_screen.dart';
 import 'package:sharedinbox/ui/screens/thread_detail_screen.dart';
+import 'package:sharedinbox/ui/screens/trusted_image_senders_screen.dart';
 import 'package:sharedinbox/ui/screens/undo_log_screen.dart';
 import 'package:sharedinbox/ui/screens/user_preferences_screen.dart';
 import 'package:sharedinbox/ui/widgets/undo_shell.dart';
@@ -67,6 +68,12 @@ final router = GoRouter(
               path: 'preferences',
               builder: (ctx, state) => const UserPreferencesScreen(),
             ),
+            GoRoute(
+              path: 'trusted-senders',
+              builder: (ctx, state) => TrustedImageSendersScreen(
+                highlightedSender: state.extra as String?,
+              ),
+            ),
             GoRoute(
               path: ':accountId/edit',
               builder: (ctx, state) => EditAccountScreen(

lib/ui/screens/email_detail_screen.dart

@@ -229,11 +229,14 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                             'Images will be loaded automatically for this sender.',
                           ),
                           action: SnackBarAction(
-                            label: 'Settings',
+                            label: 'View',
                             onPressed: () {
                               if (mounted) {
                                 unawaited(
-                                  context.push('/accounts/preferences'),
+                                  context.push(
+                                    '/accounts/trusted-senders',
+                                    extra: senderEmail,
+                                  ),
                                 );
                               }
                             },

lib/ui/screens/thread_detail_screen.dart

@@ -217,11 +217,14 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
                                   'Images will be loaded automatically for this sender.',
                                 ),
                                 action: SnackBarAction(
-                                  label: 'Settings',
+                                  label: 'View',
                                   onPressed: () {
                                     if (mounted) {
                                       unawaited(
-                                        context.push('/accounts/preferences'),
+                                        context.push(
+                                          '/accounts/trusted-senders',
+                                          extra: senderEmail,
+                                        ),
                                       );
                                     }
                                   },

lib/ui/screens/trusted_image_senders_screen.dart

@@ -0,0 +1,63 @@
+import 'dart:async';
+
+import 'package:flutter/material.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+
+import 'package:sharedinbox/di.dart';
+
+class TrustedImageSendersScreen extends ConsumerWidget {
+  const TrustedImageSendersScreen({super.key, this.highlightedSender});
+
+  final String? highlightedSender;
+
+  @override
+  Widget build(BuildContext context, WidgetRef ref) {
+    final trustedSendersAsync = ref.watch(trustedImageSendersProvider);
+
+    return Scaffold(
+      appBar: AppBar(title: const Text('Allowed addresses for images')),
+      body: trustedSendersAsync.when(
+        loading: () => const Center(child: CircularProgressIndicator()),
+        error: (_, __) =>
+            const Center(child: Text('Error loading trusted senders')),
+        data: (senders) {
+          if (senders.isEmpty) {
+            return const Padding(
+              padding: EdgeInsets.all(16),
+              child: Text(
+                'No addresses added yet. '
+                'Tap "Load remote images" in an email to add the sender.',
+              ),
+            );
+          }
+          return ListView.builder(
+            itemCount: senders.length,
+            itemBuilder: (context, index) {
+              final sender = senders[index];
+              final isHighlighted = sender == highlightedSender;
+              return ListTile(
+                title: Text(
+                  sender,
+                  style: isHighlighted
+                      ? const TextStyle(fontWeight: FontWeight.bold)
+                      : null,
+                ),
+                trailing: IconButton(
+                  icon: const Icon(Icons.delete_outline),
+                  tooltip: 'Remove',
+                  onPressed: () {
+                    unawaited(
+                      ref
+                          .read(userPreferencesRepositoryProvider)
+                          .removeTrustedImageSender(sender),
+                    );
+                  },
+                ),
+              );
+            },
+          );
+        },
+      ),
+    );
+  }
+}

lib/ui/screens/user_preferences_screen.dart

@@ -2,6 +2,7 @@ import 'dart:async';
 
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:go_router/go_router.dart';
 
 import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/sync/background_sync.dart';
@@ -14,6 +15,7 @@ class UserPreferencesScreen extends ConsumerWidget {
   Widget build(BuildContext context, WidgetRef ref) {
     final prefsAsync = ref.watch(userPreferencesProvider);
     final trustedSendersAsync = ref.watch(trustedImageSendersProvider);
+    final trustedCount = trustedSendersAsync.value?.length ?? 0;
 
     return Scaffold(
       appBar: AppBar(title: const Text('Preferences')),
@@ -213,41 +215,16 @@ class UserPreferencesScreen extends ConsumerWidget {
             const Divider(),
             ListTile(
               title: Text(
-                'Trusted image senders',
+                'Allowed addresses for images',
                 style: Theme.of(context).textTheme.titleSmall,
               ),
-              subtitle: const Text(
-                'Remote images are loaded automatically for these senders.',
+              subtitle: Text(
+                trustedCount == 0
+                    ? 'No addresses added yet.'
+                    : '$trustedCount address${trustedCount == 1 ? '' : 'es'}',
               ),
-            ),
-            ...trustedSendersAsync.when(
-              loading: () => const [],
-              error: (_, __) => const [],
-              data: (senders) => senders.isEmpty
-                  ? [
-                      const Padding(
-                        padding:
-                            EdgeInsets.symmetric(horizontal: 16, vertical: 8),
-                        child: Text('No trusted senders yet.'),
-                      ),
-                    ]
-                  : [
-                      for (final sender in senders)
-                        ListTile(
-                          title: Text(sender),
-                          trailing: IconButton(
-                            icon: const Icon(Icons.delete_outline),
-                            tooltip: 'Remove',
-                            onPressed: () {
-                              unawaited(
-                                ref
-                                    .read(userPreferencesRepositoryProvider)
-                                    .removeTrustedImageSender(sender),
-                              );
-                            },
-                          ),
-                        ),
-                    ],
+              trailing: const Icon(Icons.chevron_right),
+              onTap: () => context.push('/accounts/trusted-senders'),
             ),
           ],
         ),

plan.md

@@ -1,66 +0,0 @@
-# Next
-
-## Introduction
-
-Continue the momentum from the safety hardening and infrastructure work.
-The focus is on making the app ready for real-world use with robust error
-handling and performance optimizations.
-
-Create several small commits. Every commit should be self contained.
-
-while working create/append to plan.log, so that the user sees what you are working on.
-
-## Tasks
-
-### 0. deploy-android
-
-Make `task deploy-android` work.
-
-### 0.5 Debug duration of deploy-android
-
-Is there a way to make deploy-android faster?
-
-Use `task --verbose` to see what gets done.
-
-Maybe avoid doing things again, when nothing changed.
-Taskfile has features to avoid calling things again, when the input has not changed.
-
-### 1. Fix Android E2E Race Condition (aliceTile)
-
-The Android E2E test `integration_test/app_e2e_test.dart` is flaky. It fails
-at `tap(aliceTile)` with "0 widgets" even though `pumpUntil` found it.
-The current "double pumpUntil" fix isn't reliable enough.
-Investigate if the animation state or the Drift stream propagation is the
-culprit.
-
-### 2. Implement Global Crash Screen
-
-Wrap `main()` in `runZonedGuarded` to catch unhandled async errors.
-Implement a `CrashScreen` widget that shows the stack trace and a
-"Copy to Clipboard" button for user reporting.
-
-### 3. Database-Backed Threading
-
-Currently, emails are grouped into threads in-memory in the repository.
-Refactor to store thread relationships in the local SQLite database.
-This is necessary for performance on mailboxes with thousands of messages.
-
-### 4. Implement Undo for Bulk Actions
-
-Add a global "Undo" snackbar after deleting or moving emails.
-The system needs to handle the three sync states:
-- Queued (easy to undo)
-- In-progress (cancel network call)
-- Finished (requires a reverse move/un-delete)
-
-### 5. Transition to Real Account Testing
-
-Prepare the integration tests to run against a real test account
-(`si3e2e@thomas-guettler.de`) instead of the local Stalwart server.
-This verifies the app against real-world network latency and RFC edge cases.
-
-### 6. Coverage Gate Maintenance
-
-Reduce the `_excluded` list in `scripts/check_coverage.dart`.
-Add a test to ensure the exclusion list doesn't contain files that no longer
-exist ("ghost paths").

scripts/build_android_bundle_local.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+tmp=$(mktemp /dev/shm/keystore.XXXXXX.jks)
+trap "rm -f $tmp" EXIT
+
+printf '%s' "$ANDROID_KEYSTORE_BASE64" | base64 -d > "$tmp"
+
+ANDROID_KEYSTORE_PATH="$tmp" \
+ANDROID_HOME="${ANDROID_HOME:-$HOME/Android/Sdk}" \
+fvm flutter build appbundle --release --no-pub \
+  --build-number "$(date +%s)" \
+  --build-name "$(date +%y%m%d-%H%M)" \
+  --dart-define="GIT_HASH=$(git rev-parse --short HEAD)" \
+  | grep -Ev "was tree-shaken|Tree-shaking can be disabled"

scripts/check_ci_images.sh

@@ -6,7 +6,18 @@ set -euo pipefail
 ROOT=$(git rev-parse --show-toplevel)
 FILE="$ROOT/ci/main.go"
 
-images=$(grep -oP 'From\("\K[^"]+' "$FILE" | sort -u)
+# Static images from From("...") literals in ci/main.go
+static_images=$(grep -oP 'From\("\K[^"]+' "$FILE" | grep -v ':$' | sort -u)
+
+# Dynamic Flutter image derived from .fvmrc (not a literal in main.go)
+FVMRC="$ROOT/.fvmrc"
+flutter_version=$(python3 -c "import json; print(json.load(open('$FVMRC'))['flutter'])" 2>/dev/null || true)
+flutter_image=""
+if [ -n "$flutter_version" ]; then
+  flutter_image="ghcr.io/cirruslabs/flutter:$flutter_version"
+fi
+
+images=$(printf '%s\n%s\n' "$static_images" "$flutter_image" | grep -v '^$' | sort -u)
 
 if [ -z "$images" ]; then
   echo "check-ci-images: no From() image references found in $FILE"

scripts/check_coverage.dart

@@ -81,6 +81,7 @@ const _excluded = {
   'lib/data/repositories/user_preferences_repository_impl.dart',
   'lib/ui/screens/user_preferences_screen.dart',
   'lib/core/services/update_service.dart',
+  'lib/ui/screens/trusted_image_senders_screen.dart',
 };
 
 void main() {

scripts/run_firebase_test.sh

@@ -34,7 +34,7 @@ _filter_noise() {
 _run() {
     : > "$OUT" ; : > "$RC_FILE"
     {
-        dagger call --progress=plain -q -m ci --source=. test-android-firebase \
+        timeout --kill-after=10 2400 dagger call --progress=plain -q -m ci --source=. test-android-firebase \
             --service-account-key env:FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY \
             --project-id "$FIREBASE_PROJECT_ID"
         echo $? > "$RC_FILE"
@@ -44,6 +44,10 @@ _run() {
 for attempt in 1 2 3; do
     _run && break
     RC=$(cat "$RC_FILE" 2>/dev/null || echo 1)
+    if [ "$RC" -eq 124 ]; then
+        echo "::warning::[firebase] attempt $attempt/3 timed out after 2400s" >&2
+        exit 124
+    fi
     if [ "$attempt" -lt 3 ] && grep -qE "connection reset|context canceled|connection refused|No Dagger server responded" "$OUT"; then
         echo "[firebase] dagger connectivity error on attempt $attempt/3, retrying..." >&2
     else

scripts/setup_dagger_remote.sh

@@ -54,12 +54,22 @@ echo "$DAGGER_SSH_KEY" > ~/.ssh/dagger_key
 chmod 600 ~/.ssh/dagger_key
 
 # Add remote host to known_hosts
-ssh-keyscan -H "$DAGGER_ENGINE_HOST" >> ~/.ssh/known_hosts 2>/dev/null
+_t0=$SECONDS
+timeout 30 ssh-keyscan -H "$DAGGER_ENGINE_HOST" >> ~/.ssh/known_hosts 2>/dev/null
+_elapsed=$(( SECONDS - _t0 ))
+if [ "$_elapsed" -gt 10 ]; then
+    echo "::warning::ssh-keyscan took ${_elapsed}s — Dagger engine host may be slow to respond"
+fi
 
 # Create a background SSH tunnel to the Dagger engine.
 # We map local port 8080 to remote port 1774 (where our socat bridge is listening).
 echo "Establishing SSH tunnel to $DAGGER_ENGINE_HOST..."
-ssh -i ~/.ssh/dagger_key -o StrictHostKeyChecking=no -f -N -L 8080:localhost:1774 "dagger@$DAGGER_ENGINE_HOST"
+_t0=$SECONDS
+timeout 30 ssh -i ~/.ssh/dagger_key -o StrictHostKeyChecking=no -f -N -L 8080:localhost:1774 "dagger@$DAGGER_ENGINE_HOST"
+_elapsed=$(( SECONDS - _t0 ))
+if [ "$_elapsed" -gt 10 ]; then
+    echo "::warning::SSH tunnel setup took ${_elapsed}s"
+fi
 
 # Export _EXPERIMENTAL_DAGGER_RUNNER_HOST to use the tunnel.
 export _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://localhost:8080"

server/bugreport/go.mod

@@ -1,3 +0,0 @@
-module sharedinbox.de/bugreport
-
-go 1.21

server/bugreport/main.go

@@ -2,8 +2,6 @@ package main
 
 import (
 	"crypto/rand"
-	"crypto/sha256"
-	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -13,7 +11,6 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
-	"strings"
 	"sync"
 	"time"
 )
@@ -21,12 +18,10 @@ import (
 // BugReport represents the data stored in report.json
 type BugReport struct {
 	Description string    `json:"description"`
-	Email       string    `json:"email"`
 	AboutInfo   string    `json:"about_info"`
 	EmailData   string    `json:"email_data,omitempty"`
 	SyncLog     string    `json:"sync_log,omitempty"`
 	Timestamp   time.Time `json:"timestamp"`
-	HashedIP    string    `json:"hashed_ip"`
 }
 
 var (
@@ -75,12 +70,6 @@ func generateUUID() (string, error) {
 	return fmt.Sprintf("%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:]), nil
 }
 
-func hashIP(ip string) string {
-	h := sha256.New()
-	h.Write([]byte(ip))
-	return hex.EncodeToString(h.Sum(nil))
-}
-
 func bugReportHandler(storageDir string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		// Enable CORS so the web app (if applicable) can upload
@@ -143,20 +132,6 @@ func bugReportHandler(storageDir string) http.HandlerFunc {
 		emailData := r.FormValue("email_data")
 		syncLog := r.FormValue("sync_log")
 
-		// Get IP address
-		ip, _, err := net.SplitHostPort(r.RemoteAddr)
-		if err != nil {
-			ip = r.RemoteAddr
-		}
-		// Check X-Forwarded-For if behind a proxy
-		if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
-			parts := strings.Split(xff, ",")
-			if len(parts) > 0 {
-				ip = strings.TrimSpace(parts[0])
-			}
-		}
-		hashedIP := hashIP(ip)
-
 		uuidVal, err := generateUUID()
 		if err != nil {
 			log.Printf("Failed to generate UUID: %v", err)
@@ -179,12 +154,10 @@ func bugReportHandler(storageDir string) http.HandlerFunc {
 		// Write report.json
 		report := BugReport{
 			Description: description,
-			Email:       email,
 			AboutInfo:   aboutInfo,
 			EmailData:   emailData,
 			SyncLog:     syncLog,
 			Timestamp:   now,
-			HashedIP:    hashedIP,
 		}
 
 		reportJSONPath := filepath.Join(reportDir, "report.json")
@@ -205,6 +178,17 @@ func bugReportHandler(storageDir string) http.HandlerFunc {
 			return
 		}
 
+		// Write contact email to mail.eml (kept separate from report.json to isolate PII)
+		if email != "" {
+			mailEmlPath := filepath.Join(reportDir, "mail.eml")
+			err = os.WriteFile(mailEmlPath, []byte(email), 0600)
+			if err != nil {
+				log.Printf("Failed to write mail.eml: %v", err)
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+				return
+			}
+		}
+
 		// Save attachments
 		form := r.MultipartForm
 		files := form.File["attachments[]"]

to-playstore.md

@@ -1,57 +0,0 @@
-# Play Store Publishing Roadmap
-
-To publish the Flutter app to the Play Store, you need to transition from a "development" state to a "production-ready" state.
-
-Data Protection blabla page!
-
-## 1. What has been done
-*   **Application ID:** Changed to `de.sharedinbox.mua` (verified in `build.gradle.kts`, `MainActivity.kt`, and integration tests).
-*   **Build Logic:** `android/app/build.gradle.kts` now supports:
-    *   **Local builds:** Using `key.properties` (ignored by git).
-    *   **CI builds:** Using environment variables (`ANDROID_KEY_ALIAS`, `ANDROID_KEY_PASSWORD`, `ANDROID_KEYSTORE_PASSWORD`).
-*   **Taskfile:** Added `task build-android-bundle` to generate the `.aab` file.
-*   **CI Workflow:** Created `.forgejo/workflows/release.yml` which triggers on merge to `main`.
-
-
-### A. Create the Keystore
-Run the helper script I created for you:
-```bash
-./t.sh
-```
-Follow the prompts and use a strong password (24-32 chars).
-
-### B. Configure Codeberg Secrets
-Go to **Settings > Actions > Secrets** in your Codeberg repo and add:
-1.  **`ANDROID_KEYSTORE_BASE64`**: The output of `base64 -w 0 android/app/upload-keystore.jks`.
-2.  **`ANDROID_KEYSTORE_PASSWORD`**: Your keystore password.
-3.  **`PLAY_STORE_CONFIG_JSON`**: The JSON key from your Google Play Service Account.
-
-
-### C. First Manual Upload
-Google Play requires the **very first upload** to be done manually through the web console:
-1.  Generate your keystore using `./t.sh`.
-2.  Run the build locally using temporary environment variables:
-    ```bash
-    export ANDROID_KEYSTORE_PASSWORD=your_password
-    nix develop --command task build-android-bundle
-    ```
-3.  Upload the resulting `.aab` from `build/app/outputs/bundle/release/app-release.aab` to the Play Console (Internal Testing or Production track).
-4.  This "locks in" your signing key.
-
-## 2. What you need to do next
-
-
-## 3. Firebase Test Lab
-Once you have the Service Account JSON, you can add a task to `Taskfile.yml` to run automated tests on real devices:
-```yaml
-test-lab:
-  desc: Run integration tests in Firebase Test Lab
-  cmds:
-    - gcloud firebase test android run \
-      --type instrumentation \
-      --app build/app/outputs/apk/debug/app-debug.apk \
-      --test build/app/outputs/apk/androidTest/debug/app-debug-androidTest.apk \
-      --device model=virtuall1,version=30
-```
-
-**Recommendation:** Complete step **A** (Keystore) and **B** (Secrets) first. Once the first manual upload is done, the CI will take over for all future merges to `main`.