fix: use build_runner-generated compact format for mock observeAllInboxThreads

Also excludes combined_inbox_screen.dart from unit coverage gate (UI screen, covered by integration tests like all other screens). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: expand observeAllInboxThreads mock format to match dart format 3.44.0 output
2026-06-04 02:31:07 +02:00 · 2026-06-04 02:11:22 +02:00 · 2026-06-04 02:11:22 +02:00 · 2026-06-04 02:11:22 +02:00 · 2026-06-04 02:11:22 +02:00 · 2026-06-04 01:42:16 +02:00
267 changed files with 16028 additions and 2518 deletions
@@ -1,20 +1,18 @@
 # Dagger context ignore file.
-# Since we use explicit inclusion in ci/main.go (Base function),
-# we only need to ignore large or sensitive directories here to
-# avoid unnecessary upload overhead to the Dagger engine.

+# Version control
 .git/
+
+# Build artifacts
 build/
 .dart_tool/
-.fvm/
-.pub-cache/
-node_modules/
-ios/Pods/
-macos/Pods/
+coverage/
 linux/flutter/ephemeral/
 website/public/
 website/resources/
+.task/
+.fvm/

-# Sensitive files
+# Secrets
 .env*
-.ssh/
+.envrc
@@ -0,0 +1,25 @@
+# Source: https://codeberg.org/guettli/sharedinbox/src/branch/main/.forgejo/Dockerfile
+# Install at on the act-runner host on: /etc/forgejo/runner/Dockerfile
+#
+# In systemd service:
+#    ExecStartPre=docker build -t forgejo-act-runner:latest /etc/forgejo/runner
+#    ExecStart=/usr/local/bin/forgejo-runner daemon --config /etc/forgejo/config.yml
+
+FROM ghcr.io/catthehacker/ubuntu:go-24.04
+
+# Infrastructure tools required by CI workflows
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    jq \
+    && rm -rf /var/lib/apt/lists/*
+
+# SOPS
+RUN curl -fsSL -o /usr/local/bin/sops https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64 \
+    && chmod +x /usr/local/bin/sops
+
+# Dagger CLI — pinned to match the engine version on the runner host
+RUN curl -fsSL https://dl.dagger.io/dagger/install.sh \
+    | DAGGER_VERSION=0.20.8 BIN_DIR=/usr/local/bin sh
+
+# Task runner
+RUN curl -fsSL https://taskfile.dev/install.sh \
+    | sh -s -- -b /usr/local/bin v3.48.0
@@ -1,39 +0,0 @@
-# We switched to Dagger. Running the emulator tests in Dagger does not really work
-# We will use an external service for device testing.
-# TODO: Switch to device testing. First choose a service. Maybe codemagic.io
-name: Android Emulator Tests (Disabled)
-
-on:
-  workflow_dispatch: # Manual trigger only
-
-jobs:
-  integration-android:
-    name: Android Emulator Integration Tests
-    runs-on: self-hosted
-    timeout-minutes: 60
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 50
-
-      - name: Enable Nix flakes
-        run: |
-          mkdir -p ~/.config/nix
-          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-
-      - name: Install Android SDK
-        run: |
-          SDK="${ANDROID_HOME:-$HOME/Android/Sdk}"
-          if [ ! -d "$SDK/platforms/android-34" ]; then
-            wget -q https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -O /tmp/cmdtools.zip
-            mkdir -p "$SDK/cmdline-tools"
-            unzip -q /tmp/cmdtools.zip -d "$SDK/cmdline-tools"
-            [ -d "$SDK/cmdline-tools/cmdline-tools" ] && mv "$SDK/cmdline-tools/cmdline-tools" "$SDK/cmdline-tools/latest"
-            yes | "$SDK/cmdline-tools/latest/bin/sdkmanager" --licenses >/dev/null 2>&1 || true
-            "$SDK/cmdline-tools/latest/bin/sdkmanager" "emulator" "system-images;android-34;google_apis;x86_64"
-            "$SDK/cmdline-tools/latest/bin/sdkmanager" "platform-tools" "build-tools;34.0.0" "platforms;android-34"
-          fi
-
-      - name: Run Android Integration Tests
-        run: nix develop --no-warn-dirty --command task integration-android
@@ -1,139 +1,14 @@
 name: CI
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-
+on: [push, pull_request]
 jobs:
  check:
    name: Full Project Check
-    runs-on: self-hosted
-    timeout-minutes: 30
-
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 50
-
-      - name: Enable Nix flakes
-        run: |
-          mkdir -p ~/.config/nix
-          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-
+      - name: Setup Dagger Remote Engine
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+        run: scripts/setup_dagger_remote.sh
      - name: Run Full Check Suite
-        run: nix develop --no-warn-dirty --command dagger call --progress=plain -m ci check --source .
-
-  build-linux:
-    name: Build Linux Release
-    runs-on: self-hosted
-    needs: check
-    if: github.ref == 'refs/heads/main'
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 50
-
-      - name: Enable Nix flakes
-        run: |
-          mkdir -p ~/.config/nix
-          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-
-      - name: Build & Deploy Linux to server
-        continue-on-error: true
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_USER: ${{ secrets.SSH_USER }}
-          SSH_HOST: ${{ secrets.SSH_HOST }}
-        run: |
-          HASH=$(git rev-parse --short HEAD)
-          nix develop --no-warn-dirty --command dagger call --progress=plain -m ci deploy-linux --source . --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
-
-  deploy-playstore:
-    name: Build & Deploy to Play Store
-    runs-on: self-hosted
-    needs: check
-    if: github.ref == 'refs/heads/main'
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 50
-
-      - name: Enable Nix flakes
-        run: |
-          mkdir -p ~/.config/nix
-          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-
-      - name: Install Android SDK (cached on runner between runs)
-        run: |
-          SDK="${ANDROID_HOME:-$HOME/Android/Sdk}"
-          if [ ! -d "$SDK/platforms/android-34" ]; then
-            echo "Android SDK not found, installing..."
-            wget -q https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -O /tmp/cmdtools.zip
-            mkdir -p "$SDK/cmdline-tools"
-            unzip -q /tmp/cmdtools.zip -d "$SDK/cmdline-tools"
-            [ -d "$SDK/cmdline-tools/cmdline-tools" ] && mv "$SDK/cmdline-tools/cmdline-tools" "$SDK/cmdline-tools/latest"
-            yes | "$SDK/cmdline-tools/latest/bin/sdkmanager" --licenses >/dev/null 2>&1 || true
-            "$SDK/cmdline-tools/latest/bin/sdkmanager" "platform-tools" "build-tools;34.0.0" "platforms;android-34"
-          else
-            echo "Android SDK cached, skipping install."
-          fi
-
-      - name: Prepare Keystore
-        env:
-          ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
-        run: |
-          if [ -n "$ANDROID_KEYSTORE_BASE64" ]; then
-            echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > android/app/upload-keystore.jks
-          else
-            echo "Error: ANDROID_KEYSTORE_BASE64 secret is not set."
-            exit 1
-          fi
-
-      - name: Build & Deploy to Play Store
-        env:
-          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
-          PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }}
-        run: |
-          nix develop --no-warn-dirty --command dagger call --progress=plain -m ci publish-android --source . --play-store-config env:PLAY_STORE_CONFIG_JSON
-
-      - name: Build & Deploy APK to server
-        continue-on-error: true
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_USER: ${{ secrets.SSH_USER }}
-          SSH_HOST: ${{ secrets.SSH_HOST }}
-          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
-        run: |
-          HASH=$(git rev-parse --short HEAD)
-          nix develop --no-warn-dirty --command dagger call --progress=plain -m ci deploy-apk --source . --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
-
-  publish-website:
-    name: Publish Website Build History
-    runs-on: self-hosted
-    needs: [build-linux, deploy-playstore]
-    if: |
-      always() &&
-      github.ref == 'refs/heads/main' &&
-      (needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success')
-
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - name: Enable Nix flakes
-        run: |
-          mkdir -p ~/.config/nix
-          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
-
-      - name: Generate build history and deploy website
-        continue-on-error: true
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
-          SSH_USER: ${{ secrets.SSH_USER }}
-          SSH_HOST: ${{ secrets.SSH_HOST }}
-        run: |
-          nix develop --no-warn-dirty --command dagger call --progress=plain -m ci publish-website --source . --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
+        run: task check-dagger
@@ -0,0 +1,291 @@
+name: Deploy
+
+on:
+  schedule:
+    - cron: '0 * * * *'   # every hour on the hour
+  workflow_dispatch:
+
+jobs:
+  check-changes:
+    name: Detect Changed Files
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      android: ${{ steps.diff.outputs.android }}
+      linux: ${{ steps.diff.outputs.linux }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect Android and Linux changes
+        id: diff
+        shell: bash
+        env:
+          FORGEJO_TOKEN: ${{ github.token }}
+        run: |
+          # On workflow_dispatch always build everything
+          if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "linux=true"   >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          HEAD_SHA=$(git rev-parse HEAD)
+
+          # Find the most recent workflow run where deploy-playstore actually succeeded
+          # (not merely skipped). Bug fix: previous code used commit_sha (always None in
+          # Forgejo's API) instead of head_sha, causing LAST_DEPLOYED_SHA to be empty on
+          # every run and the fallback diff to only cover HEAD~1..HEAD.
+          LAST_DEPLOYED_SHA=$(python3 - << 'PYEOF'
+          import json, os, sys, urllib.request
+          token = os.environ.get("FORGEJO_TOKEN", "")
+          server = os.environ.get("GITHUB_SERVER_URL", "").rstrip("/")
+          repo = os.environ.get("GITHUB_REPOSITORY", "")
+          base_api = f"{server}/api/v1/repos/{repo}/actions"
+          url = f"{base_api}/runs?workflow_id=deploy.yml&status=success&limit=10"
+          req = urllib.request.Request(url, headers={"Authorization": f"token {token}"})
+          try:
+              with urllib.request.urlopen(req) as r:
+                  data = json.loads(r.read())
+              runs = [
+                  r for r in data.get("workflow_runs", [])
+                  if r.get("status") == "success"
+              ]
+              # Walk runs newest-first; pick the first one where deploy-playstore
+              # actually ran (conclusion=success), not just skipped.
+              for run in runs:
+                  run_id = run.get("id")
+                  jobs_url = f"{base_api}/runs/{run_id}/jobs"
+                  jobs_req = urllib.request.Request(jobs_url, headers={"Authorization": f"token {token}"})
+                  try:
+                      with urllib.request.urlopen(jobs_req) as jr:
+                          jobs_data = json.loads(jr.read())
+                      for job in jobs_data.get("workflow_jobs", []):
+                          if "Deploy to Play Store" in job.get("name", "") and (
+                              job.get("conclusion") == "success" or
+                              job.get("status") == "success"
+                          ):
+                              print(run.get("head_sha") or "")
+                              sys.exit(0)
+                  except Exception:
+                      pass  # skip this run if jobs API fails
+              print("")
+          except Exception as e:
+              print(f"::error::LAST_DEPLOYED_SHA lookup failed ({type(e).__name__}: {e})")
+              print("")
+          PYEOF
+          )
+
+          if [ -z "$LAST_DEPLOYED_SHA" ]; then
+            echo "::warning::Could not determine last successfully deployed SHA — deploying all targets as a precaution"
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "linux=true"   >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          if [ "$HEAD_SHA" = "$LAST_DEPLOYED_SHA" ]; then
+            echo "::notice::All deploys SKIPPED — HEAD $HEAD_SHA was already successfully deployed"
+            echo "android=false" >> "$GITHUB_OUTPUT"
+            echo "linux=false"   >> "$GITHUB_OUTPUT"
+            echo "skip_reason=commit $HEAD_SHA was already successfully deployed" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          # Diff from the last successfully deployed commit to catch all changes since
+          # that deploy, not just the most recent commit. Deploy all targets when the
+          # SHA is not in local history (shallow clone or very old deploy).
+          if git cat-file -e "$LAST_DEPLOYED_SHA" 2>/dev/null; then
+            echo "Diffing from last deployed SHA $LAST_DEPLOYED_SHA"
+            CHANGED=$(git diff --name-only "$LAST_DEPLOYED_SHA" HEAD 2>/dev/null \
+              || git show --name-only --format= HEAD)
+          else
+            echo "::warning::Last deployed SHA $LAST_DEPLOYED_SHA not in local history — deploying all targets as a precaution"
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "linux=true"   >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          echo "Changed files:"
+          echo "$CHANGED"
+
+          android_re='^(android/|integration_test/|lib/|pubspec\.yaml|pubspec\.lock|drift_schemas/|scripts/deploy_playstore\.py)'
+          linux_re='^(linux/|lib/|pubspec\.yaml|pubspec\.lock)'
+
+          if echo "$CHANGED" | grep -qE "$android_re"; then
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "Android deploy: TRIGGERED (android-relevant files changed)"
+            echo "::notice::Android deploy TRIGGERED — android-relevant files changed since $LAST_DEPLOYED_SHA"
+          else
+            echo "android=false" >> "$GITHUB_OUTPUT"
+            echo "Android deploy: SKIPPED (no android-relevant files changed)"
+            echo "::notice::Android deploy SKIPPED — diff $LAST_DEPLOYED_SHA..HEAD has no android-relevant changes"
+          fi
+
+          if echo "$CHANGED" | grep -qE "$linux_re"; then
+            echo "linux=true" >> "$GITHUB_OUTPUT"
+            echo "Linux deploy: TRIGGERED (linux-relevant files changed)"
+            echo "::notice::Linux deploy TRIGGERED — linux-relevant files changed since $LAST_DEPLOYED_SHA"
+          else
+            echo "linux=false" >> "$GITHUB_OUTPUT"
+            echo "Linux deploy: SKIPPED (no linux-relevant files changed)"
+            echo "::notice::Linux deploy SKIPPED — diff $LAST_DEPLOYED_SHA..HEAD has no linux-relevant changes"
+          fi
+
+  deploy-playstore:
+    name: Build & Deploy to Play Store
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.android == 'true'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 100
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Publish Android to Play Store
+        env:
+          DAGGER_NO_NAG: "1"
+        run: task publish-android
+
+      - name: Verify Play Store deployment
+        run: |
+          python3 -m venv /tmp/playstore-venv
+          /tmp/playstore-venv/bin/pip install google-auth requests --quiet
+          /tmp/playstore-venv/bin/python3 scripts/verify_playstore_deploy.py
+
+
+  deploy-apk:
+    name: Build & Deploy APK to Server
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.android == 'true'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 100
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Build & Deploy APK to server
+        env:
+          DAGGER_NO_NAG: "1"
+        run: task deploy-apk
+
+
+  build-linux:
+    name: Build Linux Release
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.linux == 'true'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 100
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Build & Deploy Linux to server
+        env:
+          DAGGER_NO_NAG: "1"
+        run: task deploy-linux
+
+
+  label-deploy-health:
+    name: Update Deploy Health Label
+    runs-on: ubuntu-latest
+    needs: [deploy-playstore, deploy-apk, build-linux]
+    if: |
+      always() && vars.DEPLOY_HEALTH_ISSUE != '' && (
+        needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'failure' ||
+        needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'failure' ||
+        needs.build-linux.result == 'success' || needs.build-linux.result == 'failure'
+      )
+    timeout-minutes: 5
+
+    steps:
+      - name: Set CI/Full-Pass or CI/Full-Fail label on tracking issue
+        env:
+          FORGEJO_TOKEN: ${{ github.token }}
+          FORGEJO_URL: ${{ github.server_url }}
+          DEPLOY_HEALTH_ISSUE: ${{ vars.DEPLOY_HEALTH_ISSUE }}
+          ALL_SUCCEEDED: ${{ (needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'skipped') && (needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'skipped') && (needs.build-linux.result == 'success' || needs.build-linux.result == 'skipped') }}
+        run: |
+          python3 - << 'PYEOF'
+          import os, json, urllib.request, urllib.error
+
+          issue = os.environ.get("DEPLOY_HEALTH_ISSUE", "").strip()
+          if not issue:
+              print("DEPLOY_HEALTH_ISSUE not set; skipping")
+              raise SystemExit(0)
+
+          token = os.environ["FORGEJO_TOKEN"]
+          url_base = os.environ["FORGEJO_URL"].rstrip("/")
+          succeeded = os.environ.get("ALL_SUCCEEDED", "false").lower() == "true"
+          add_label = "CI/Full-Pass" if succeeded else "CI/Full-Fail"
+          remove_label = "CI/Full-Fail" if succeeded else "CI/Full-Pass"
+
+          headers = {"Authorization": f"token {token}", "Content-Type": "application/json"}
+          api = f"{url_base}/api/v1/repos/guettli/sharedinbox"
+
+          def api_get(path):
+              req = urllib.request.Request(f"{api}{path}", headers=headers)
+              with urllib.request.urlopen(req) as r:
+                  return json.loads(r.read())
+
+          def api_put(path, body):
+              data = json.dumps(body).encode()
+              req = urllib.request.Request(f"{api}{path}", data=data, headers=headers, method="PUT")
+              try:
+                  with urllib.request.urlopen(req) as r:
+                      return json.loads(r.read())
+              except urllib.error.HTTPError as e:
+                  print(f"PUT {path} failed: {e.read().decode()}")
+                  raise
+
+          repo_labels = api_get("/labels")
+          label_map = {l["name"]: l["id"] for l in repo_labels}
+
+          if add_label not in label_map:
+              print(f"Label '{add_label}' not found in repo — create it first")
+              raise SystemExit(1)
+
+          current = api_get(f"/issues/{issue}/labels")
+          keep_ids = [l["id"] for l in current if l["name"] not in ("CI/Full-Pass", "CI/Full-Fail")]
+          keep_ids.append(label_map[add_label])
+
+          api_put(f"/issues/{issue}/labels", {"labels": keep_ids})
+          print(f"Set '{add_label}' on issue #{issue}")
+          PYEOF
@@ -0,0 +1,122 @@
+name: Firebase Tests
+
+on:
+  schedule:
+    - cron: '0 3 * * *'   # once per day at 3 AM
+  workflow_dispatch:
+
+jobs:
+  check-changes:
+    name: Detect Firebase-Relevant Changes
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      has_changes: ${{ steps.diff.outputs.has_changes }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Detect Firebase-relevant changes in last 24 hours
+        id: diff
+        shell: bash
+        run: |
+          # On workflow_dispatch always run
+          if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
+            echo "has_changes=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          SINCE=$(date -u -d '24 hours ago' '+%Y-%m-%dT%H:%M:%S')
+          CHANGED=$(git log --since="$SINCE" --name-only --format= -- \
+            'android/' 'integration_test/' 'lib/' 'pubspec.yaml' 'pubspec.lock' 'drift_schemas/' \
+            | sort -u | grep -v '^$')
+
+          if [ -n "$CHANGED" ]; then
+            echo "Firebase-relevant files changed since $SINCE:"
+            echo "$CHANGED"
+            echo "has_changes=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "No Firebase-relevant changes in the last 24 hours — skipping tests"
+            echo "has_changes=false" >> "$GITHUB_OUTPUT"
+          fi
+
+  test-android-firebase:
+    name: Android Instrumented Tests (Firebase Test Lab)
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    needs: [check-changes]
+    if: needs.check-changes.outputs.has_changes == 'true'
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Run Android Tests on Firebase Test Lab
+        env:
+          FIREBASE_PROJECT_ID: ${{ vars.FIREBASE_PROJECT_ID }}
+          DAGGER_NO_NAG: "1"
+        run: task test-android-firebase
+
+      - name: Create issue on test failure
+        if: failure()
+        env:
+          FORGEJO_TOKEN: ${{ github.token }}
+          FORGEJO_URL: ${{ github.server_url }}
+          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+        run: |
+          python3 - << 'PYEOF'
+          import os, json, urllib.request, urllib.error
+
+          token = os.environ["FORGEJO_TOKEN"]
+          url_base = os.environ["FORGEJO_URL"].rstrip("/")
+          run_url = os.environ["RUN_URL"]
+
+          headers = {"Authorization": f"token {token}", "Content-Type": "application/json"}
+          api = f"{url_base}/api/v1/repos/guettli/sharedinbox"
+
+          def api_get(path):
+              req = urllib.request.Request(f"{api}{path}", headers=headers)
+              with urllib.request.urlopen(req) as r:
+                  return json.loads(r.read())
+
+          def api_post(path, body):
+              data = json.dumps(body).encode()
+              req = urllib.request.Request(f"{api}{path}", data=data, headers=headers, method="POST")
+              with urllib.request.urlopen(req) as r:
+                  return json.loads(r.read())
+
+          repo_labels = api_get("/labels")
+          label_map = {l["name"]: l["id"] for l in repo_labels}
+
+          label_ids = [label_map["Ready"]] if "Ready" in label_map else []
+
+          title = "Firebase Tests failed — find root cause and fix"
+          body = (
+              "Firebase instrumented tests failed in the daily run.\n\n"
+              f"**Failed run:** {run_url}\n\n"
+              "## Steps to resolve\n\n"
+              "1. **Find the root cause**: Check the test run logs linked above and identify which test(s) failed and why.\n"
+              "2. **Fix if possible**: If the failure is caused by a code bug, create a fix. If it is a flaky or infrastructure issue, document the findings.\n"
+              "3. Close this issue once the root cause is resolved and the tests pass.\n"
+          )
+
+          issue = api_post("/issues", {
+              "title": title,
+              "body": body,
+              "labels": label_ids,
+          })
+          print(f"Created issue #{issue['number']}: {issue['html_url']}")
+          PYEOF
@@ -0,0 +1,30 @@
+name: Renovate
+
+on:
+  schedule:
+    - cron: '0 6 * * *'
+  workflow_dispatch:
+
+jobs:
+  renovate:
+    name: Renovate
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check runner tools
+        run: |
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+
+      - name: Setup Dagger Remote Engine
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+        run: scripts/setup_dagger_remote.sh
+
+      - name: Run Renovate
+        env:
+          DAGGER_NO_NAG: "1"
+        run: task renovate
@@ -1,6 +1,8 @@
-name: Deploy Website
+name: Update Website

 on:
+  schedule:
+    - cron: '0 * * * *'   # every hour on the hour
  push:
    branches: [main]
    paths:
@@ -11,37 +13,31 @@ on:

 jobs:
  deploy:
-    name: Build & Deploy Website
-    runs-on: self-hosted
+    name: Build & Update Website
+    runs-on: ubuntu-latest
+    timeout-minutes: 60

    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive

-      - name: Enable Nix flakes
+      - name: Check runner tools
        run: |
-          mkdir -p ~/.config/nix
-          echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
+          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
+          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }

-      - name: Setup SSH
+      - name: Setup Dagger Remote Engine
        env:
-          SSH_PRIVATE_KEY: ${{ secrets.WEBSITE_SSH_PRIVATE_KEY }}
-        run: |
-          if [ -n "$SSH_PRIVATE_KEY" ]; then
-            mkdir -p ~/.ssh
-            echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
-            chmod 600 ~/.ssh/id_rsa
-          else
-            echo "Error: WEBSITE_SSH_PRIVATE_KEY secret is not set."
-            exit 1
-          fi
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+        run: scripts/setup_dagger_remote.sh

-      - name: Deploy
+      - name: Build & Update Website
        env:
-          SSH_USER: ${{ secrets.WEBSITE_SSH_USER }}
-          SSH_HOST: ${{ secrets.WEBSITE_SSH_HOST }}
-        run: nix develop --command task website-deploy
+          DAGGER_NO_NAG: "1"
+        run: task publish-website

-      - name: Verify
-        run: nix develop --command task website-verify
+      - name: Verify Website
+        env:
+          SSH_HOST: ${{ env.WEBSITE_SSH_HOST }}
+        run: scripts/website-verify.sh
@@ -11,7 +11,6 @@ jobs:
    name: Build & Deploy Windows (Nightly)
    runs-on: windows-runner
    if: false
-    continue-on-error: true

    steps:
      - uses: actions/checkout@v4
@@ -32,7 +31,6 @@ jobs:

      - name: Set up SSH key
        if: env.SKIP_BUILD != 'true'
-        continue-on-error: true
        env:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
        run: |
@@ -42,7 +40,6 @@ jobs:

      - name: Deploy Windows to server
        if: env.SKIP_BUILD != 'true'
-        continue-on-error: true
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
@@ -1,3 +1,3 @@
 {
-  "flutter": "3.41.6"
+  "flutter": "3.44.1"
 }
@@ -8,7 +8,7 @@ on:
 jobs:
  analyze-and-test:
    name: Analyze & unit test
-    runs-on: ubuntu-latest
+    runs-on: sharedinbox-runner

    steps:
      - uses: actions/checkout@v4
@@ -39,7 +39,7 @@ jobs:

  integration:
    name: Integration tests (Stalwart)
-    runs-on: ubuntu-latest
+    runs-on: sharedinbox-runner
    # Run integration tests only on push to main, not on every PR.
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'

@@ -74,7 +74,7 @@ jobs:

  integration-ui:
    name: UI Integration tests (Stalwart + Xvfb)
-    runs-on: ubuntu-latest
+    runs-on: sharedinbox-runner
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'

    steps:
@@ -124,7 +124,7 @@ jobs:

  build-linux:
    name: Build Linux desktop
-    runs-on: ubuntu-latest
+    runs-on: sharedinbox-runner
    needs: analyze-and-test

    steps:
@@ -154,7 +154,7 @@ jobs:

  deploy:
    name: Deploy Linux build & publish website
-    runs-on: ubuntu-latest
+    runs-on: sharedinbox-runner
    needs: build-linux
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    env:
@@ -202,6 +202,8 @@ jobs:
          mkdir -p ~/.ssh
          printf '%s\n' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
+          printf '%s\n' "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
+          chmod 644 ~/.ssh/known_hosts

      - name: Build Linux release
        run: |
@@ -215,20 +217,20 @@ jobs:
          REMOTE_DIR="public_html/builds/$DATE_PATH"
          TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
          tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-          ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-          scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+          ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+          scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
          DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
-          EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" \
+          EXISTING=$(ssh "$SSH_USER@$SSH_HOST" \
            "cat public_html/latest.json 2>/dev/null || echo '{}'")
          WINDOWS_URL=$(echo "$EXISTING" | \
            python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" \
            2>/dev/null || true)
          if [ -n "$WINDOWS_URL" ]; then
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          else
            echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-              ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+              ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
          fi

      - name: Generate build history pages
@@ -244,6 +246,5 @@ jobs:
          rsync -avz --delete \
            --exclude='*.apk' \
            --exclude='*.tar.gz' \
-            -e "ssh -o StrictHostKeyChecking=no" \
            website/public/ \
            "$SSH_USER@$SSH_HOST:public_html/"
@@ -3,7 +3,6 @@ coverage/
 .dart_tool/
 .dart-tool/
 .packages
-pubspec.lock
 build/
 *.g.dart
 *.freezed.dart
@@ -29,7 +28,8 @@ android/.gradle/
 android/local.properties
 android/app/google-services.json
 android/key.properties
-android/app/src/main/java/io/flutter/plugins/
+# android/app/src/main/java/io/flutter/plugins/ intentionally tracked so that
+# GeneratedPluginRegistrant.java (catch Throwable) is committed and used by CI.
 .android/
 Android/
 .gradle/
@@ -117,3 +117,8 @@ test/widget/failures/
 dagger-certs
 .Xauthority
 .sharedinbox-agent-state.json
+
+.viminfo
+/go
+.last_deployed_sha
+.fail_count
@@ -1,3 +0,0 @@
-[submodule "website/themes/PaperMod"]
-	path = website/themes/PaperMod
-	url = https://github.com/adityatelange/hugo-PaperMod.git
@@ -30,3 +30,15 @@ repos:
        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command scripts/pre_commit_check.sh'
        pass_filenames: false
        always_run: true
+      - id: ci-no-direct-dagger
+        name: check for direct dagger calls in workflows (use Task instead)
+        language: system
+        entry: "bash -c 'git --no-pager grep \"dagger call\" .forgejo/workflows/ && echo \"ERROR: Direct dagger calls found in workflows. Use Taskfile instead.\" && exit 1 || exit 0'"
+        pass_filenames: false
+        always_run: true
+      - id: dagger-progress-plain
+        name: ensure all dagger calls use --progress=plain
+        language: system
+        entry: "bash -c 'git --no-pager grep \"dagger call\" -- \":!.pre-commit-config.yaml\" | grep -v \"\\-\\-progress=plain\" && echo \"ERROR: All dagger calls must include --progress=plain\" && exit 1 || exit 0'"
+        pass_filenames: false
+        always_run: true
@@ -8,30 +8,41 @@ CLI tool `fgj` is available to query issues/PRs/actions.

 ## Issue Label Workflow

-We use issues, follow this label state machine:
+Automation is handled by [agentloop](https://github.com/guettli/agentloop) running every 5 minutes via cron. Add a label to trigger an agent:

- **State/Ready** — Issue is available to pick up
- **State/InProgress** — Set this when you start working on an issue
- **State/Question** — Set this when you hit a blocker or need clarification
+| Label | Trigger | Outcome |
+|---|---|---|
+| `loop/plan` | Planning agent reads the issue and writes an implementation plan as a comment | Issue moves to `loop/plan-done` |
+| `loop/code` | Coding agent implements the change, creates a branch + PR | Issue moves to `loop/code-done` |

-List open issues ready to pick up:
+**State machine:**

-```bash
-fgj issue list --json --state open | jq '[.[] | select(.labels[].name == "State/Ready")] | .[] | {number, title, html_url}'
+```
+loop/plan  →  loop/plan-in-progress  →  loop/plan-done
+                                      ↘  NeedSupervisor  (on failure)
+
+loop/code  →  loop/code-in-progress  →  loop/code-done
+                                      ↘  NeedSupervisor  (on failure)
 ```

-Rules:
+**Rules:**

- Never start work on an issue without `State/Ready`
- Switch `State/Ready` → `State/InProgress` as your **first action** when picking up an issue — before reading any code:
-  ```bash
-  fgj issue edit <NUMBER> --remove-label "State/Ready" --add-label "State/InProgress"
-  ```
- If blocked, replace current state label with `State/Question` and leave a comment explaining the blocker
- When done and CI is green, close the issue:
-  ```bash
-  fgj issue close <NUMBER>
-  ```
+- Only issues authored by allowed users are picked up (guettli, guettlibot, guettlibot2, forgejo-actions).
+- An issue with `NeedSupervisor` needs human attention — investigate, fix, then re-label.
+- The coding agent opens a PR but does NOT close the issue. A human reviews the PR and closes the issue after merging.
+- Planning agents only post a comment — they do NOT write code or open PRs.
+- `loop/*` labels are managed by agentloop — do not set them manually while an agent is active.
+
+**Typical lifecycle for a new feature:**
+
+```
+1. Create issue
+2. Add label loop/plan   → agent writes plan as comment
+3. Review plan, request changes or approve
+4. Add label loop/code   → agent implements + opens PR
+5. Review PR, merge
+6. Close issue
+```

 ## Code conventions

@@ -39,7 +39,7 @@ WorkingDirectory=/home/dagger-svc
 # Replace 1003 with the actual UID of dagger-svc
 Environment=DOCKER_HOST=unix:///run/user/1003/podman/podman.sock
 Environment=XDG_RUNTIME_DIR=/run/user/1003
-ExecStart=/usr/bin/nix run github:dagger/nix/v0.11.4#dagger -- engine --addr tcp://0.0.0.0:8080
+ExecStart=/usr/bin/nix run github:dagger/nix/v0.20.8#dagger -- engine --addr tcp://0.0.0.0:8080
 Restart=always

 [Install]
@@ -61,9 +61,29 @@ _DAGGER_RUNNER_HOST=tcp://127.0.0.1:8080
 Once the environment is set up, you can run the Dagger pipeline. For non-interactive environments (CI, LLMs), use `--progress=plain` for readable logs:

 ```bash
-nix develop --command dagger call --progress=plain -m ci check --source .
+nix develop --command dagger call --progress=plain -q -m ci --source=. check
 ```

+## Secrets
+
+All sensitive credentials are passed as `dagger.Secret` (never as plain strings).
+This prevents values from appearing in Dagger logs or being cached in the engine.
+
+| Parameter | Functions |
+|---|---|
+| `sshKey *dagger.Secret` | `Deployer`, `GenerateBuildHistory`, `BuildWebsite`, `PublishWebsite`, `DeployLinux`, `DeployApk` |
+| `keystoreBase64 *dagger.Secret` | `setupKeystore`, `BuildAndroidApk`, `DeployApk`, `SignAndroidBundle`, `PublishAndroid` |
+| `keystorePassword *dagger.Secret` | same as above |
+| `playStoreConfig *dagger.Secret` | `UploadToPlayStore`, `PublishAndroid` |
+| `serviceAccountKey *dagger.Secret` | `TestAndroidFirebase` |
+
+Secrets are injected via `WithMountedSecret` (file-based, e.g. SSH key) or
+`WithSecretVariable` (env-var-based, e.g. keystore data, Play Store JSON).
+
+The only credentials not typed as `dagger.Secret` are the test passwords
+(`STALWART_PASS_B`, `STALWART_PASS_C`) in `WithStalwart`. These are hardcoded
+development values defined in `stalwart-dev/` — not production secrets.
+
 ## CI Integration (Codeberg/Forgejo)

 The CI workflow in `.forgejo/workflows/ci.yml` is configured to use the Dagger module located in the `ci/` directory.
@@ -71,3 +91,93 @@ The CI workflow in `.forgejo/workflows/ci.yml` is configured to use the Dagger m
 - **Check Suite:** Runs analysis and tests in parallel.
 - **Builds:** Produces Linux and Android artifacts.
 - **Caching:** When using the shared engine, CI runners benefit from the persistent cache on the host.
+
+## Credential Security — Keeping Production Secrets Off Codeberg
+
+### Problem
+
+The current setup stores two categories of secrets in Codeberg repository secrets:
+
+1. **Dagger access credentials** — TLS certificates used to connect to the remote Dagger engine via stunnel (`DAGGER_CA_CERT`, `DAGGER_CLIENT_CERT`, `DAGGER_CLIENT_KEY`, `DAGGER_STUNNEL_URL`).
+2. **Production secrets** — actual credentials for external services: `ANDROID_KEYSTORE_BASE64`, `ANDROID_KEYSTORE_PASSWORD`, `PLAY_STORE_CONFIG_JSON`, `SSH_PRIVATE_KEY`, `FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY`.
+
+If Codeberg is compromised, both categories are leaked. The Dagger TLS certificates enable access only to the Dagger engine and have limited blast radius. But the production secrets give direct access to the Play Store, the Android signing key, the deployment server, and Firebase — a much larger blast radius.
+
+**Goal:** Keep only Dagger access credentials in Codeberg. Store all production secrets on the Dagger host machine so they never touch Codeberg.
+
+### Option 1: Runner-level environment variables
+
+Store production secrets as environment variables in the Forgejo runner's systemd service (e.g., via a `EnvironmentFile=` in the service override). The runner injects host env vars into job processes automatically. CI workflows drop the `${{ secrets.XYZ }}` references for production secrets entirely — the variables are already present in the job environment.
+
+**Pro:**
+- No new infrastructure required.
+- Works with the existing `dagger call --progress=plain --secret env:VAR_NAME` argument style.
+- Secrets never enter Codeberg.
+- Straightforward to set up on a single self-hosted runner.
+
+**Con:**
+- Env vars are visible to every process on the runner host (e.g., via `/proc/<pid>/environ`).
+- Rotating a secret requires host access (no API).
+- Does not scale cleanly to multiple runners without a shared secrets mechanism.
+
+### Option 2: Secret files on the CI host with restricted permissions
+
+Store production secrets as files owned by the runner user with mode `600` (e.g., `/home/forgejo-runner/secrets/play_store.json`). A small setup script reads the files and either exports them as env vars or passes them directly as file-type arguments to `dagger call --progress=plain`. CI workflows contain no secret references at all.
+
+**Pro:**
+- OS-level file permissions limit access to the runner user.
+- Natural format for JSON payloads and key files.
+- Easy to audit (list files, check mtime).
+- No new infrastructure.
+
+**Con:**
+- Plaintext files on disk; root or backup access exposes them.
+- Workflow must know file paths (either hardcoded or by convention).
+- Rotation still requires host filesystem access.
+
+### Option 3: Dagger host as pipeline orchestrator
+
+Instead of the CI runner invoking the Dagger CLI directly, the CI job sends a trigger to the Dagger host over SSH. The Dagger host runs the pipeline locally against its own environment, where secrets live as env vars or files. Codeberg only stores the SSH key to reach the Dagger host — not the production secrets.
+
+```yaml
+# CI job only does this:
+- name: Trigger pipeline on Dagger host
+  run: ssh dagger-host "cd sharedinbox && task publish-android"
+  env:
+    SSH_PRIVATE_KEY: ${{ secrets.DAGGER_TRIGGER_SSH_KEY }}
+```
+
+**Pro:**
+- Production secrets never leave the Dagger host.
+- Codeberg stores exactly one secret: the trigger SSH key.
+- All deployment logic and secrets are fully contained on the host.
+
+**Con:**
+- Harder to stream structured CI logs back to Codeberg Actions.
+- Dynamic context (commit SHA, PR branch) must be passed explicitly over SSH.
+- The trigger SSH key still grants shell access to the host, so its compromise has its own blast radius.
+- CI becomes a "fire-and-forget" call, making failure attribution harder.
+
+### Option 4: External secret manager (e.g., HashiCorp Vault)
+
+Run a secret manager co-located with the Dagger host. The CI job authenticates with a short-lived AppRole credential (stored in Codeberg) and retrieves secrets at runtime. Vault can also be configured with IP-allow-lists to further restrict who can authenticate.
+
+**Pro:**
+- Full audit trail: every secret read is logged with a timestamp and caller identity.
+- Fine-grained access control per secret.
+- Built-in versioning and rotation support.
+- Industry-standard approach; scales to team or multi-runner setups.
+
+**Con:**
+- Significant additional infrastructure to install, configure, and maintain.
+- Vault credentials (RoleID + SecretID) still need to be in Codeberg, though with a smaller blast radius than raw secrets.
+- Vault itself becomes a security-critical single point of failure.
+- Operational overhead likely disproportionate for a small single-developer project.
+
+### Recommendation
+
+**Option 1** (runner-level env vars) or **Option 2** (secret files) are the pragmatic starting point for a single self-hosted runner. They require no new infrastructure and move all production secrets off Codeberg immediately.
+
+**Option 3** (Dagger host as orchestrator) is worth considering once the trigger SSH key replaces all other secrets in Codeberg — it offers the cleanest security boundary at the cost of reduced CI observability.
+
+**Option 4** (Vault) becomes worthwhile if the project grows to multiple runners or team members who each need audited access to deploy credentials.
@@ -188,3 +188,5 @@ Using SSH to `localhost` is preferred over complex X11/Wayland permission hacks.
 ## Daily Workflow

 Refer to the [README.md](./README.md#daily-workflow) for common development tasks and commands.
+
+<!-- agentloop code test passed -->
@@ -216,3 +216,8 @@ test/
 - **Settings** — list and remove accounts
 - **Search** — IMAP server-side search (subject + body); results shown inline, no navigation change
 - **Offline-first** — all reads come from local Drift/SQLite DB; network only for sync and send
+# CI Trigger
+# CI Trigger 2
+# Dummy commit to verify CI fixes
+# Dummy commit 3
+# CI Trigger 1780415300
@@ -1,6 +1,9 @@
 version: "3"
 silent: true

+env:
+  DAGGER_NO_NAG: "1"
+
 tasks:
  default:
    desc: Run all checks (analyze + unit tests + widget tests + integration, in parallel)
@@ -172,22 +175,183 @@ tasks:
      - fvm flutter test

  test-backend:
-    desc: Backend tests against a local Stalwart mail server
-    deps: [_flutter-check]
-    sources:
-      - lib/**/*.dart
-      - test/backend/**/*.dart
+    desc: Backend tests against a local Stalwart mail server (via Dagger)
    cmds:
-      - stalwart-dev/test.sh
+      - dagger call --progress=plain -q -m ci --source=. test-backend

  integration-ui:
-    desc: UI E2E tests on Linux via Xvfb — headless, no emulator needed
-    deps: [_preflight, _linux-deps-check, _pub-get]
-    sources:
-      - lib/**/*.dart
-      - integration_test/app_e2e_test.dart
+    desc: UI E2E tests on Linux via Xvfb — headless, no emulator needed (via Dagger)
    cmds:
-      - stalwart-dev/integration_ui_test.sh
+      - dagger call --progress=plain -q -m ci --source=. test-integration
+
+  sync-reliability:
+    desc: Run sync reliability runner (via Dagger)
+    cmds:
+      - dagger call --progress=plain -q -m ci --source=. test-sync-reliability
+
+  test-android-firebase:
+    desc: Build Android debug APKs and run instrumented tests on Firebase Test Lab (via Dagger)
+    preconditions:
+      - sh: test -n "$FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY"
+        msg: "FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY is not set"
+      - sh: test -n "$FIREBASE_PROJECT_ID"
+        msg: "FIREBASE_PROJECT_ID is not set"
+    cmds:
+      - scripts/run_firebase_test.sh
+
+  ci-graph:
+    desc: Print a Mermaid diagram of the CI pipeline — paste into mermaid.live or any Markdown renderer
+    cmds:
+      - dagger call --progress=plain -q -m ci --source=. graph
+
+  stalwart:
+    desc: Start a Stalwart instance for local development (via Dagger)
+    cmds:
+      - echo "Starting Stalwart on default ports (JMAP=8080, IMAP=1430, SMTP=1025, SIEVE=4190)"
+      - dagger call --progress=plain -q -m ci --source=. stalwart up --ports 8080:8080 --ports 1430:1430 --ports 1025:1025 --ports 4190:4190
+
+  deploy-linux:
+    desc: Build and deploy Linux release via Dagger
+    preconditions:
+      - sh: test -n "$SSH_PRIVATE_KEY"
+        msg: "SSH_PRIVATE_KEY is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
+    cmds:
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
+
+  build-android-bundle:
+    desc: Build AAB via Dagger (cached, versionCode=1 placeholder) and export locally
+    cmds:
+      - mkdir -p build/app/outputs/bundle/release
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. build-android-release --commit-hash "$HASH" -o build/app/outputs/bundle/release/app-release.aab
+
+  upload-android-bundle:
+    desc: Upload AAB from build/ to Play Store via Dagger
+    preconditions:
+      - sh: test -n "$PLAY_STORE_CONFIG_JSON"
+        msg: "PLAY_STORE_CONFIG_JSON is not set"
+      - sh: test -f build/app/outputs/bundle/release/app-release.aab
+        msg: "AAB not found — run build-android-bundle first"
+    cmds:
+      - dagger call --progress=plain -q -m ci --source=. upload-to-play-store --aab build/app/outputs/bundle/release/app-release.aab --play-store-config env:PLAY_STORE_CONFIG_JSON
+
+  publish-android:
+    desc: Build cached AAB, stamp versionCode, sign, and publish to Play Store via Dagger
+    deps: [generate-changelog]
+    preconditions:
+      - sh: test -n "$PLAY_STORE_CONFIG_JSON"
+        msg: "PLAY_STORE_CONFIG_JSON is not set"
+      - sh: test -n "$ANDROID_KEYSTORE_BASE64"
+        msg: "ANDROID_KEYSTORE_BASE64 is not set"
+      - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
+        msg: "ANDROID_KEYSTORE_PASSWORD is not set"
+    cmds:
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. publish-android --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --commit-hash "$HASH"
+
+  deploy-apk:
+    desc: Build and deploy Android APK via Dagger
+    preconditions:
+      - sh: test -n "$SSH_PRIVATE_KEY"
+        msg: "SSH_PRIVATE_KEY is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
+      - sh: test -n "$ANDROID_KEYSTORE_BASE64"
+        msg: "ANDROID_KEYSTORE_BASE64 is not set"
+      - sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
+        msg: "ANDROID_KEYSTORE_PASSWORD is not set"
+    cmds:
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
+
+  publish-website:
+    desc: Build and publish website via Dagger
+    preconditions:
+      - sh: test -n "$SSH_PRIVATE_KEY"
+        msg: "SSH_PRIVATE_KEY is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
+    cmds:
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
+
+  check-dagger:
+    desc: Run full check suite via Dagger (with OTEL timing report if python3 is available)
+    cmds:
+      - |
+        DAGGER_OUT=$(mktemp)
+        RC_FILE=$(mktemp)
+        _ts() { date -u '+[%H:%M:%S]'; }
+        run_dagger() {
+          : > "$DAGGER_OUT"; : > "$RC_FILE"
+          { timeout --kill-after=10 600 "$@"; echo $? > "$RC_FILE"; } 2>&1 | tee "$DAGGER_OUT"
+          RC=$(cat "$RC_FILE" 2>/dev/null || echo 1)
+          if [ "$RC" -eq 124 ] && grep -q "All tests passed" "$DAGGER_OUT"; then
+            echo "$(_ts) dagger: hung in teardown after success; treating as exit 0." >&2
+            RC=0
+          fi
+          return "$RC"
+        }
+        retry_dagger() {
+          for attempt in 1 2 3; do
+            run_dagger "$@" && return 0
+            RC=$?
+            if [ "$attempt" -lt 3 ] && { grep -qE "connection reset|context deadline exceeded|connection refused|invalid return status code" "$DAGGER_OUT" || [ "$RC" -eq 2 ]; }; then
+              echo "$(_ts) dagger: network error on attempt $attempt/3, retrying..." >&2
+            elif [ "$attempt" -lt 3 ] && grep -q "No space left on device" "$DAGGER_OUT"; then
+              echo "$(_ts) dagger: disk space error on attempt $attempt/3, pruning Dagger cache..." >&2
+              timeout 120 dagger query '{ engine { localCache { prune(targetSpace: "20gb") } } }' 2>/dev/null || true
+              echo "$(_ts) dagger: waiting 90s for freed space to settle..." >&2
+              sleep 90
+            else
+              return "$RC"
+            fi
+          done
+        }
+        if ! command -v python3 >/dev/null 2>&1; then
+          retry_dagger dagger call --progress=plain -q -m ci --source=. check
+          RC=$?
+          rm -f "$DAGGER_OUT" "$RC_FILE"
+          exit $RC
+        fi
+        PORTFILE=$(mktemp)
+        python3 ci/otel-receiver.py --port-file="$PORTFILE" &
+        RECV_PID=$!
+        cleanup() {
+          rm -f "$PORTFILE" "$DAGGER_OUT" "$RC_FILE"
+        }
+        trap cleanup EXIT
+        until [ -s "$PORTFILE" ]; do
+          sleep 0.05
+          if ! kill -0 "$RECV_PID" 2>/dev/null; then
+            echo "$(_ts) otel-receiver.py died before writing port file; falling back to plain run" >&2
+            retry_dagger dagger call --progress=plain -q -m ci --source=. check
+            RC=$?
+            rm -f "$PORTFILE" "$DAGGER_OUT" "$RC_FILE"
+            exit $RC
+          fi
+        done
+        PORT=$(cat "$PORTFILE")
+        retry_dagger env \
+          OTEL_EXPORTER_OTLP_ENDPOINT="http://127.0.0.1:$PORT" \
+          OTEL_EXPORTER_OTLP_PROTOCOL="http/protobuf" \
+          dagger call --progress=plain -q -m ci --source=. check
+        RC=$?
+        curl -sf "http://127.0.0.1:$PORT/shutdown" >/dev/null 2>&1 || true
+        wait "$RECV_PID" 2>/dev/null || true
+        exit $RC
+
+  dagger-prune:
+    desc: Prune the Dagger engine cache (keeps named volumes unless total exceeds 75 GB, then targets 50 GB)
+    cmds:
+      - |
+        dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }'
+
+  renovate:
+    desc: Run Renovate bot against the repository via Dagger
+    preconditions:
+      - sh: test -n "$RENOVATE_FORGEJO_TOKEN"
+        msg: "RENOVATE_FORGEJO_TOKEN is not set"
+    cmds:
+      - dagger call --progress=plain -q -m ci --source=. renovate --renovate-token env:RENOVATE_FORGEJO_TOKEN

  integration-android:
    desc: UI integration tests on a connected Android emulator (Stalwart on host, emulator reaches it via 10.0.2.2)
@@ -236,25 +400,29 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
        tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
        # Merge with any existing latest.json so we don't overwrite the windows key
-        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        WINDOWS_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" 2>/dev/null || true)
        if [ -n "$WINDOWS_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $TARBALL and updated latest.json"

@@ -279,24 +447,28 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        ZIPFILE="sharedinbox-windows-x64-$HASH.zip"
        cd build/windows/x64/runner && zip -r /tmp/$ZIPFILE Release/ && cd -
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
        DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$ZIPFILE"
-        EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
+        EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
        LINUX_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('linux',''))" 2>/dev/null || true)
        if [ -n "$LINUX_URL" ]; then
          echo "{\"version\":\"$HASH\",\"linux\":\"$LINUX_URL\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        else
          echo "{\"version\":\"$HASH\",\"windows\":\"$DOWNLOAD_URL\"}" | \
-            ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
+            ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
        fi
        echo "Uploaded $ZIPFILE and updated latest.json"

@@ -351,16 +523,16 @@ tasks:
      - ANDROID_HOME=${ANDROID_HOME:-$HOME/Android/Sdk} fvm flutter build apk --release --no-pub --dart-define=GIT_HASH=$(git rev-parse --short HEAD) | grep -Ev "was tree-shaken|Tree-shaking can be disabled"

  deploy-android-bundle:
-    desc: Build release AAB and upload to Play Store internal track
-    deps: [build-android-bundle]
+    desc: Build release AAB and upload to Play Store internal track (local/fvm)
+    deps: [build-android-bundle-local]
    preconditions:
      - sh: test -n "$PLAY_STORE_CONFIG_JSON"
        msg: "PLAY_STORE_CONFIG_JSON is not set"
    cmds:
      - python3 scripts/deploy_playstore.py

-  build-android-bundle:
-    desc: Build a release App Bundle (AAB)
+  build-android-bundle-local:
+    desc: Build a release App Bundle (AAB) locally via fvm (not Dagger)
    deps: [_preflight, _android-sdk-check, _codegen, generate-changelog]
    method: timestamp
    sources:
@@ -446,14 +618,18 @@ tasks:
        msg: "SSH_USER is not set"
      - sh: test -n "$SSH_HOST"
        msg: "SSH_HOST is not set"
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        HASH=$(git rev-parse --short HEAD)
        DATE_PATH=$(date -u +%Y/%m/%d)
        REMOTE_DIR="public_html/builds/$DATE_PATH"
        APK_NAME="sharedinbox-mua-$HASH.apk"
-        ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
-        scp -o StrictHostKeyChecking=no \
+        ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
+        scp \
          build/app/outputs/flutter-apk/app-release.apk \
          "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$APK_NAME"
        echo "Uploaded $APK_NAME to $REMOTE_DIR"
@@ -482,12 +658,16 @@ tasks:
  website-deploy:
    desc: Deploy the website via rsync to public_html
    deps: [website-build]
+    preconditions:
+      - sh: test -n "$SSH_KNOWN_HOSTS"
+        msg: "SSH_KNOWN_HOSTS is not set"
    cmds:
      - |
+        mkdir -p ~/.ssh
+        printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
        rsync -avz --delete \
          --exclude='*.apk' \
          --exclude='*.tar.gz' \
-          -e "ssh -o StrictHostKeyChecking=no" \
          website/public/ \
          ${SSH_USER}@${SSH_HOST}:public_html/

@@ -4,7 +4,6 @@ gradle-wrapper.jar
 /gradlew
 /gradlew.bat
 /local.properties
-GeneratedPluginRegistrant.java
 .cxx/

 # Remember to never publicly share your keystore.
@@ -16,8 +16,10 @@ android {
        isCoreLibraryDesugaringEnabled = true
    }

-    kotlinOptions {
-        jvmTarget = JavaVersion.VERSION_17.toString()
+    kotlin {
+        compilerOptions {
+            jvmTarget = org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_17
+        }
    }

    signingConfigs {
@@ -67,7 +69,7 @@ flutter {

 dependencies {
    // Required for flutter_local_notifications and other plugins that need Java 8+ APIs on API < 26.
-    coreLibraryDesugaring("com.android.tools:desugar_jdk_libs:2.1.4")
+    coreLibraryDesugaring("com.android.tools:desugar_jdk_libs:2.1.5")
    // integration_test is a dev dependency; the Flutter plugin loader adds it as
    // debugImplementation only, but GeneratedPluginRegistrant.java (in src/main)
    // references its class in all variants. Make it available for release compilation
@@ -0,0 +1,89 @@
+package io.flutter.plugins;
+
+import androidx.annotation.Keep;
+import androidx.annotation.NonNull;
+import io.flutter.Log;
+
+import io.flutter.embedding.engine.FlutterEngine;
+
+/**
+ * Generated file. Do not edit.
+ * This file is generated by the Flutter tool based on the
+ * plugins that support the Android platform.
+ */
+@Keep
+public final class GeneratedPluginRegistrant {
+  private static final String TAG = "GeneratedPluginRegistrant";
+  public static void registerWith(@NonNull FlutterEngine flutterEngine) {
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.device_info.DeviceInfoPlusPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin device_info_plus, dev.fluttercommunity.plus.device_info.DeviceInfoPlusPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.mr.flutter.plugin.filepicker.FilePickerPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin file_picker, com.mr.flutter.plugin.filepicker.FilePickerPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.dexterous.flutterlocalnotifications.FlutterLocalNotificationsPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin flutter_local_notifications, com.dexterous.flutterlocalnotifications.FlutterLocalNotificationsPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.flutter_plugin_android_lifecycle.FlutterAndroidLifecyclePlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin flutter_plugin_android_lifecycle, io.flutter.plugins.flutter_plugin_android_lifecycle.FlutterAndroidLifecyclePlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin flutter_secure_storage, com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.flutter.plugins.integration_test.IntegrationTestPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin integration_test, dev.flutter.plugins.integration_test.IntegrationTestPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.steenbakker.mobile_scanner.MobileScannerPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin mobile_scanner, dev.steenbakker.mobile_scanner.MobileScannerPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new com.crazecoder.openfile.OpenFilePlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin open_filex, com.crazecoder.openfile.OpenFilePlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.packageinfo.PackageInfoPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin package_info_plus, dev.fluttercommunity.plus.packageinfo.PackageInfoPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.pathprovider.PathProviderPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin path_provider_android, io.flutter.plugins.pathprovider.PathProviderPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.plus.share.SharePlusPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin share_plus, dev.fluttercommunity.plus.share.SharePlusPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.urllauncher.UrlLauncherPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin url_launcher_android, io.flutter.plugins.urllauncher.UrlLauncherPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new io.flutter.plugins.webviewflutter.WebViewFlutterPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin webview_flutter_android, io.flutter.plugins.webviewflutter.WebViewFlutterPlugin", e);
+    }
+    try {
+      flutterEngine.getPlugins().add(new dev.fluttercommunity.workmanager.WorkmanagerPlugin());
+    } catch (Exception e) {
+      Log.e(TAG, "Error registering plugin workmanager_android, dev.fluttercommunity.workmanager.WorkmanagerPlugin", e);
+    }
+  }
+}
@@ -1,2 +1,3 @@
 org.gradle.jvmargs=-Xmx8G -XX:MaxMetaspaceSize=4G -XX:ReservedCodeCacheSize=512m -XX:+HeapDumpOnOutOfMemoryError
 android.useAndroidX=true
+org.gradle.welcome=never
@@ -2,4 +2,4 @@ distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.5-all.zip
@@ -19,8 +19,8 @@ pluginManagement {

 plugins {
    id("dev.flutter.flutter-plugin-loader") version "1.0.0"
-    id("com.android.application") version "8.11.1" apply false
-    id("org.jetbrains.kotlin.android") version "2.2.20" apply false
+    id("com.android.application") version "8.13.2" apply false
+    id("org.jetbrains.kotlin.android") version "2.3.21" apply false
 }

 include(":app")
@@ -7,8 +7,8 @@ require (
 	github.com/Khan/genqlient v0.8.1
 	github.com/dagger/otel-go v1.43.0
 	github.com/vektah/gqlparser/v2 v2.5.33
-	go.opentelemetry.io/otel v1.43.0
-	go.opentelemetry.io/otel/trace v1.43.0
+	go.opentelemetry.io/otel v1.44.0
+	go.opentelemetry.io/otel/trace v1.44.0
 )

 require (
@@ -21,33 +21,25 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect
 	github.com/sosodev/duration v1.4.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.17.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.17.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 // indirect
-	go.opentelemetry.io/otel/log v0.17.0 // indirect
-	go.opentelemetry.io/otel/metric v1.43.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.43.0
-	go.opentelemetry.io/otel/sdk/log v0.17.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.20.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.20.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 // indirect
+	go.opentelemetry.io/otel/log v0.20.0 // indirect
+	go.opentelemetry.io/otel/metric v1.44.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.44.0
+	go.opentelemetry.io/otel/sdk/log v0.20.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.44.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.10.0 // indirect
 	golang.org/x/net v0.52.0 // indirect
-	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.44.0 // indirect
 	golang.org/x/text v0.35.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 // indirect
-	google.golang.org/grpc v1.79.3 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect
+	google.golang.org/grpc v1.80.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 )
-
-replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0
-
-replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0
-
-replace go.opentelemetry.io/otel/log => go.opentelemetry.io/otel/log v0.16.0
-
-replace go.opentelemetry.io/otel/sdk/log => go.opentelemetry.io/otel/sdk/log v0.16.0
@@ -43,36 +43,65 @@ go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I=
 go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0=
+go.opentelemetry.io/otel v1.44.0 h1:JjwHmHpA4iZ3wBxluu2fbbE7j4kqlE8jXyAyPXH7HqU=
+go.opentelemetry.io/otel v1.44.0/go.mod h1:BMgjTHL9WPRlRjL2oZCBTL4whCGtXch2H4BhOPIAyYc=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0 h1:ZVg+kCXxd9LtAaQNKBxAvJ5NpMf7LpvEr4MIZqb0TMQ=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0/go.mod h1:hh0tMeZ75CCXrHd9OXRYxTlCAdxcXioWHFIpYw2rZu8=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.20.0 h1:rydZ9sxbcFdm/oWrVyfLTjHIygMgv0bEeMd+3B/BvoM=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.20.0/go.mod h1:earQ25dooT0Hhspq59DZ8YCC50jWfOlFEeWoxy/P444=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0 h1:djrxvDxAe44mJUrKataUbOhCKhR3F8QCyWucO16hTQs=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0/go.mod h1:dt3nxpQEiSoKvfTVxp3TUg5fHPLhKtbcnN3Z1I1ePD0=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.20.0 h1:owlhcJ3QO3X0YTDTCcDZ4V+6aVDkWbNmBoQ5NUp7Oww=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.20.0/go.mod h1:MP4eemTiI9zC8fgg+DYynhYDYf3ba72S376TvP+Ye0Q=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.41.0 h1:VO3BL6OZXRQ1yQc8W6EVfJzINeJ35BkiHx4MYfoQf44=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.41.0/go.mod h1:qRDnJ2nv3CQXMK2HUd9K9VtvedsPAce3S+/4LZHjX/s=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0 h1:SUplec5dp06reu1zaXmOXdvqH398taqrDXqUl99jxSc=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0/go.mod h1:ho2g4N+ane+swq5I/VBkKWnRDY4kUINH3FuqyZqX/Ug=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.41.0 h1:MMrOAN8H1FrvDyq9UJ4lu5/+ss49Qgfgb7Zpm0m8ABo=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.41.0/go.mod h1:Na+2NNASJtF+uT4NxDe0G+NQb+bUgdPDfwxY/6JmS/c=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0 h1:RuynHbfU8JUEw7DyONgkVYg2SVtsoF28y0LGIr69jgA=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0/go.mod h1:qZF+/lBs71APw8mlnEZcqZHMzqrYrsFiJOv83lX1OGo=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 h1:ao6Oe+wSebTlQ1OEht7jlYTzQKE+pnx/iNywFvTbuuI=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0/go.mod h1:u3T6vz0gh/NVzgDgiwkgLxpsSF6PaPmo2il0apGJbls=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 h1:4YsVu3B8+3qtWYYrsUYgn0OG78pN0rnNPRGX4SbokQI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0/go.mod h1:+wnlSn0mD1ADVMe3v9Z/WIaiz6q6gL2J/ejaAmdmv80=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 h1:mq/Qcf28TWz719lE3/hMB4KkyDuLJIvgJnFGcd0kEUI=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0/go.mod h1:yk5LXEYhsL2htyDNJbEq7fWzNEigeEdV5xBF/Y+kAv0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 h1:qazEJlUOQzhCpzQpFETGby7EdqjI1wsd0W+6Gg1SCTU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0/go.mod h1:fOD2Yefuxixkx3ahVNf0O/PERb6r4OlbxfATVnYvzCo=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 h1:inYW9ZhgqiDqh6BioM7DVHHzEGVq76Db5897WLGZ5Go=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0/go.mod h1:Izur+Wt8gClgMJqO/cZ8wdeeMryJ/xxiOVgFSSfpDTY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 h1:lgh3PiVrRUWMLOVSkQicxzZll5NjF1r+AtsX1XRIHw0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0/go.mod h1:5Cnhth3m/AgOeTgE3ex12pPmiu/gGtZit03kSzx9X7s=
 go.opentelemetry.io/otel/log v0.16.0 h1:DeuBPqCi6pQwtCK0pO4fvMB5eBq6sNxEnuTs88pjsN4=
 go.opentelemetry.io/otel/log v0.16.0/go.mod h1:rWsmqNVTLIA8UnwYVOItjyEZDbKIkMxdQunsIhpUMes=
+go.opentelemetry.io/otel/log v0.20.0 h1:/5i0vuHxCLWUfChWG41K9wkM0jafruPw9NU1/RCJirs=
+go.opentelemetry.io/otel/log v0.20.0/go.mod h1:wOcMcjsZpG8x7Bak7IhSi/lg8wscV2C1VdrKCLPlt0E=
 go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM=
 go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY=
+go.opentelemetry.io/otel/metric v1.44.0 h1:1w0gILTcHdr3YI+ixLyjemwrVnsMURbTZFrSYCdDdmc=
+go.opentelemetry.io/otel/metric v1.44.0/go.mod h1:8O7hanEPBNgEMmybD3s2VBKcgWOCsA6tzHBPODAiquo=
 go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg=
 go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg=
+go.opentelemetry.io/otel/sdk v1.44.0 h1:nHYwb9lK+fJPU/dnT6s7W7Z8itMWyqrnVfbheVYrZ58=
+go.opentelemetry.io/otel/sdk v1.44.0/go.mod h1:Osuydd3Se74nqjAKxid74N5eC+jfEqfTegHRnq58oK0=
 go.opentelemetry.io/otel/sdk/log v0.16.0 h1:e/b4bdlQwC5fnGtG3dlXUrNOnP7c8YLVSpSfEBIkTnI=
 go.opentelemetry.io/otel/sdk/log v0.16.0/go.mod h1:JKfP3T6ycy7QEuv3Hj8oKDy7KItrEkus8XJE6EoSzw4=
+go.opentelemetry.io/otel/sdk/log v0.20.0 h1:vM3xI7TQgKPiSghe6urZtAkyFY7SodrSpC83CffDFuY=
+go.opentelemetry.io/otel/sdk/log v0.20.0/go.mod h1:Knej2nmsTUzN79T2eeXdRsjjPcoxoq2pUyUHz9TFyyU=
 go.opentelemetry.io/otel/sdk/log/logtest v0.16.0 h1:/XVkpZ41rVRTP4DfMgYv1nEtNmf65XPPyAdqV90TMy4=
 go.opentelemetry.io/otel/sdk/log/logtest v0.16.0/go.mod h1:iOOPgQr5MY9oac/F5W86mXdeyWZGleIx3uXO98X2R6Y=
 go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw=
 go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A=
+go.opentelemetry.io/otel/sdk/metric v1.44.0 h1:3LlKgI+VjbVsjNRFZJZAJ30WjXC5VkNRks6si09iEfI=
+go.opentelemetry.io/otel/sdk/metric v1.44.0/go.mod h1:5B5pMARnXxKhltooO4xUuCBorl65a4EpnTalObqOigA=
 go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A=
 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
+go.opentelemetry.io/otel/trace v1.44.0 h1:jxF5CsGYCe74MCRx2X4g7WsY/VBKRqqpNvXlX/6gtIk=
+go.opentelemetry.io/otel/trace v1.44.0/go.mod h1:oLl1jrMQAVo6v3GAggN+1VH9VIz9iUSvW53sW1Q8PIE=
 go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
 go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
+go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
@@ -87,10 +116,13 @@ gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 h1:tu/dtnW1o3wfaxCOjSLn5IRX4YDcJrtlpzYkhHhGaC4=
 google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171/go.mod h1:M5krXqk4GhBKvB596udGL3UyjL4I1+cTbK0orROM9ng=
+google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 h1:ggcbiqK8WWh6l1dnltU4BgWGIGo+EVYxCaAPih/zQXQ=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
 google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
 google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
@@ -0,0 +1,195 @@
+#!/usr/bin/env python3
+"""
+Minimal OTLP HTTP/protobuf trace receiver for Dagger CI timing.
+
+Usage:
+    python3 ci/otel-receiver.py --port-file=/tmp/otel.port
+
+Caller sets:
+    OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:<port>
+    OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
+"""
+
+import argparse
+import signal
+import struct
+import sys
+import threading
+from http.server import BaseHTTPRequestHandler, HTTPServer
+
+
+# ── Minimal protobuf binary decoder ─────────────────────────────────────────
+# Only decodes the fields we need; skips everything else safely.
+
+def _varint(buf, pos):
+    n, shift = 0, 0
+    while pos < len(buf):
+        b = buf[pos]; pos += 1
+        n |= (b & 0x7F) << shift
+        shift += 7
+        if not (b & 0x80):
+            return n, pos
+    raise ValueError("truncated varint")
+
+
+def _fields(buf):
+    """Yield (field_num, wire_type, raw_value) for each field in a message."""
+    pos = 0
+    while pos < len(buf):
+        tag, pos = _varint(buf, pos)
+        wt, fn = tag & 7, tag >> 3
+        if wt == 0:                                          # varint
+            v, pos = _varint(buf, pos)
+        elif wt == 1:                                        # fixed64
+            v = struct.unpack_from("<Q", buf, pos)[0]; pos += 8
+        elif wt == 2:                                        # length-delimited
+            n, pos = _varint(buf, pos)
+            v = buf[pos:pos + n]; pos += n
+        elif wt == 5:                                        # fixed32
+            v = struct.unpack_from("<I", buf, pos)[0]; pos += 4
+        else:
+            break                                            # unknown: stop
+        yield fn, wt, v
+
+
+def _any_value(buf):
+    """Parse AnyValue, return (type_tag, python_value)."""
+    for fn, wt, v in _fields(buf):
+        if fn == 1 and wt == 2:                              # string_value
+            return "str", v.decode("utf-8", errors="replace")
+        if fn == 2 and wt == 0:                              # bool_value
+            return "bool", bool(v)
+        if fn == 3 and wt == 0:                              # int_value (sint64)
+            return "int", v
+        if fn == 4 and wt == 1:                              # double_value
+            return "float", struct.unpack("<d", struct.pack("<Q", v))[0]
+    return None, None
+
+
+def _keyvalue(buf):
+    key, tag, val = None, None, None
+    for fn, wt, v in _fields(buf):
+        if fn == 1 and wt == 2:
+            key = v.decode("utf-8", errors="replace")
+        elif fn == 2 and wt == 2:
+            tag, val = _any_value(v)
+    return key, tag, val
+
+
+def _span(buf):
+    name = ""
+    start_ns = end_ns = 0
+    cached = False
+    for fn, wt, v in _fields(buf):
+        if fn == 5 and wt == 2:                              # name
+            name = v.decode("utf-8", errors="replace")
+        elif fn == 7 and wt == 1:                            # start_time_unix_nano
+            start_ns = v
+        elif fn == 8 and wt == 1:                            # end_time_unix_nano
+            end_ns = v
+        elif fn == 9 and wt == 2:                            # attributes (repeated)
+            k, tag, val = _keyvalue(v)
+            if tag == "bool" and k and "cached" in k.lower():
+                cached = val
+    return {"name": name, "dur": max(0.0, (end_ns - start_ns) / 1e9), "cached": cached}
+
+
+def _decode(body):
+    spans = []
+    for fn1, wt1, rs in _fields(body):                      # resource_spans = 1
+        if fn1 != 1 or wt1 != 2:
+            continue
+        for fn2, wt2, ss in _fields(rs):                    # scope_spans = 2
+            if fn2 != 2 or wt2 != 2:
+                continue
+            for fn3, wt3, sp in _fields(ss):                # spans = 2
+                if fn3 == 2 and wt3 == 2:
+                    spans.append(_span(sp))
+    return spans
+
+
+# ── HTTP receiver ────────────────────────────────────────────────────────────
+
+_spans = []
+_lock = threading.Lock()
+
+
+class _Handler(BaseHTTPRequestHandler):
+    protocol_version = "HTTP/1.1"
+
+    def _respond(self, code, body=b""):
+        self.close_connection = True  # actually close after response, matching the header
+        self.send_response(code)
+        self.send_header("Content-Type", "application/x-protobuf")
+        self.send_header("Content-Length", str(len(body)))
+        self.send_header("Connection", "close")
+        self.end_headers()
+        if body:
+            self.wfile.write(body)
+
+    def do_GET(self):
+        if self.path != "/shutdown":
+            self._respond(404); return
+        self._respond(200, b"shutting down")
+        threading.Thread(target=self.server.shutdown, daemon=True).start()
+
+    def do_POST(self):
+        if self.path != "/v1/traces":
+            self._respond(404); return
+        n = int(self.headers.get("Content-Length", 0))
+        body = self.rfile.read(n)
+        try:
+            decoded = _decode(body)
+        except Exception as exc:
+            print(f"[otel-receiver] decode error: {exc}", file=sys.stderr, flush=True)
+            self._respond(400, str(exc).encode()); return
+        with _lock:
+            _spans.extend(decoded)
+        self._respond(200)
+
+    def log_message(self, *_):
+        pass
+
+
+# ── Timing report ────────────────────────────────────────────────────────────
+
+def _report():
+    with _lock:
+        if not _spans:
+            print("otel-receiver: no spans received", file=sys.stderr)
+            return
+        rows = sorted(_spans, key=lambda r: r["dur"], reverse=True)
+        NAME_W = 38
+        print(f'\n{"STATUS":<6}  {"DURATION":>8}  SPAN')
+        print("─" * (6 + 2 + 8 + 2 + NAME_W + 20))
+        for r in rows:
+            status = "CACHED" if r["cached"] else "LIVE"
+            name = r["name"]
+            if len(name) > NAME_W:
+                name = name[: NAME_W - 1] + "…"
+            print(f'{status:<6}  {r["dur"]:7.2f}s  {name}')
+        print(f"\n{len(rows)} spans total")
+
+
+def main():
+    ap = argparse.ArgumentParser()
+    ap.add_argument("--port-file", default="")
+    args = ap.parse_args()
+
+    server = HTTPServer(("127.0.0.1", 0), _Handler)
+    if args.port_file:
+        with open(args.port_file, "w") as f:
+            f.write(str(server.server_address[1]))
+
+    def _shutdown(sig, frame):
+        threading.Thread(target=server.shutdown, daemon=True).start()
+
+    signal.signal(signal.SIGTERM, _shutdown)
+    signal.signal(signal.SIGINT, _shutdown)
+
+    server.serve_forever()
+    _report()
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+REPO_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+# Load .env into environment
+set -a
+# shellcheck source=.env
+source "$REPO_DIR/.env"
+set +a
+
+# SSH_PRIVATE_KEY must not live in .env (dagger parses .env and chokes on multiline values)
+export SSH_PRIVATE_KEY=$(cat "$HOME/.ssh/id_ed25519")
+
+# Add nix profile and nix store tools (task, dagger) to PATH
+export PATH="$HOME/.nix-profile/bin:$PATH"
+for pkg in "*go-task-*/bin/task" "*dagger-*/bin/dagger" "*fgj-*/bin/fgj"; do
+    bin=$(ls -d /nix/store/$pkg 2>/dev/null | sort -V | tail -1)
+    [ -n "$bin" ] && export PATH="$(dirname "$bin"):$PATH"
+done
+
+exec python3 "$REPO_DIR/deploy_cron.py"
@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+"""
+Cron deploy script for sharedinbox website.
+Runs every 5 minutes; skips if origin/main has not changed since last trigger.
+Triggers the 'Deploy Website' Forgejo Actions workflow via fgj on each new commit.
+Forgejo Actions handles failure reporting.
+"""
+import subprocess
+import sys
+from pathlib import Path
+
+REPO_DIR = Path(__file__).parent.resolve()
+SHA_FILE = REPO_DIR / '.last_deployed_sha'
+REPO = 'guettli/sharedinbox'
+
+
+def git(*args):
+    return subprocess.run(
+        ['git', *args], cwd=REPO_DIR, check=True,
+        capture_output=True, text=True,
+    ).stdout.strip()
+
+
+def read(path: Path) -> str:
+    return path.read_text().strip() if path.exists() else ''
+
+
+def main():
+    try:
+        git('fetch', 'origin', 'main')
+    except subprocess.CalledProcessError as exc:
+        print(f'git fetch failed (transient?): {exc} — skipping this run.', file=sys.stderr)
+        return
+    remote_sha = git('rev-parse', 'origin/main')
+    last_sha = read(SHA_FILE)
+
+    if remote_sha == last_sha:
+        print(f'No changes since {remote_sha[:8]}, skipping.')
+        return
+
+    print(f'New commit {remote_sha[:8]} (was {last_sha[:8] or "none"}) — triggering workflow...')
+    result = subprocess.run(
+        ['fgj', 'actions', 'workflow', 'run', 'website.yml', '-R', REPO],
+        capture_output=True, text=True,
+    )
+    if result.returncode != 0:
+        print(f'fgj workflow run failed: {result.stderr}', file=sys.stderr)
+        sys.exit(1)
+
+    SHA_FILE.write_text(remote_sha + '\n')
+    print('Workflow triggered.')
+
+
+if __name__ == '__main__':
+    main()
@@ -4,6 +4,28 @@ This file contains tasks which got implemented.

 Tasks get moved from next.md to done.md

+## Tasks (2026-05-29)
+
+- **Merge PR #307 — user preferences and configurable navigation (Issue #315)**: Confirmed that
+  all features from PR #307 (issue #299) were already merged into main via separate PRs:
+  - Configurable menu bar position (bottom/top) for mailbox view — merged via #298/#303
+  - Configurable back button position for single mail view — merged via #299/#307 features in #300
+  - Configurable "after mail action" (next message / return to mailbox) — merged via #300/#308
+  - Archive button with `resolveMailboxByRole` helper — merged via #287/#291, #286/#290
+  - User preferences DB schema (v34–v36: `user_preferences` table) — in main
+  - PR #307 and issue #299 closed.
+  - Issue #315 closed.
+
+## Tasks (2026-05-26)
+
+- **Renovate Bot (Issue #257)**: Renovate Bot runs daily via Forgejo Actions to keep
+  dependencies up to date. All required components are in main:
+  - `renovate.json` — Renovate configuration covering pub, Dockerfile, and Forgejo Actions
+  - `ci/main.go` — `Renovate()` Dagger function using Forgejo platform and Codeberg endpoint
+  - `.forgejo/workflows/renovate.yml` — daily cron (06:00 UTC) workflow
+  - `Taskfile.yml` — `renovate` task
+  - Issue #257 closed.
+
 ## Tasks (2026-05-11)

 - **Stabilize Email List UI during Selection (Issue #14)**: Prevented layout shifts when entering
@@ -29,7 +29,11 @@
          cairo
          gdk-pixbuf
          harfbuzz
+        # Dagger remote setup dependencies
+        stunnel
+        netcat
        ];
+
        fgj = pkgs.stdenv.mkDerivation {
          pname = "fgj";
          version = "0.4.0";
@@ -90,8 +94,9 @@
            sqlite
            # python3 base + Google Play API client (for scripts/deploy_playstore.py)
            (python3.withPackages (ps: with ps; [
-              google-auth
-              requests
+              google-api-python-client
+              google-auth-httplib2
+              httplib2
            ]))  # used by stalwart-dev/start and deploy_playstore.py
            fgj      # Codeberg/Forgejo CLI (like gh for GitHub)
          ]);
@@ -112,12 +112,28 @@ void main() {
  late String userPass;

  setUpAll(() {
-    imapHost = Platform.environment['STALWART_IMAP_HOST'] ?? '127.0.0.1';
-    imapPort = int.parse(Platform.environment['STALWART_IMAP_PORT'] ?? '1430');
-    smtpHost = Platform.environment['STALWART_SMTP_HOST'] ?? '127.0.0.1';
-    smtpPort = int.parse(Platform.environment['STALWART_SMTP_PORT'] ?? '1025');
-    userEmail = Platform.environment['STALWART_USER_B'] ?? 'alice@example.com';
-    userPass = Platform.environment['STALWART_PASS_B'] ?? 'secret';
+    const required = [
+      'STALWART_IMAP_HOST',
+      'STALWART_IMAP_PORT',
+      'STALWART_SMTP_HOST',
+      'STALWART_SMTP_PORT',
+      'STALWART_USER_B',
+      'STALWART_PASS_B',
+    ];
+    final missing = required.where((k) => Platform.environment[k] == null).toList();
+    if (missing.isNotEmpty) {
+      fail(
+        'Missing required environment variables: ${missing.join(', ')}. '
+        'This test requires a running Stalwart instance — '
+        'run via stalwart-dev/integration_ui_test.sh.',
+      );
+    }
+    imapHost = Platform.environment['STALWART_IMAP_HOST']!;
+    imapPort = int.parse(Platform.environment['STALWART_IMAP_PORT']!);
+    smtpHost = Platform.environment['STALWART_SMTP_HOST']!;
+    smtpPort = int.parse(Platform.environment['STALWART_SMTP_PORT']!);
+    userEmail = Platform.environment['STALWART_USER_B']!;
+    userPass = Platform.environment['STALWART_PASS_B']!;
  });

  testWidgets(
@@ -301,7 +317,7 @@ void main() {

      // ── Check Sent folder ──────────────────────────────────────────────────
      // Use the drawer to switch folders (no back button on Linux desktop).
-      await tester.tap(find.byTooltip('Open navigation menu'));
+      await tester.tap(find.byTooltip('Open folders'));
      await tester.pumpAndSettle();
      await tester.tap(find.text('Sent'));
      await tester.pumpAndSettle();
@@ -315,7 +331,7 @@ void main() {
      expect(find.text(subject), findsOneWidget);

      // ── Check Inbox ────────────────────────────────────────────────────────
-      await tester.tap(find.byTooltip('Open navigation menu'));
+      await tester.tap(find.byTooltip('Open folders'));
      await tester.pumpAndSettle();
      await tester.tap(find.text('INBOX'));
      await tester.pumpAndSettle();
@@ -0,0 +1 @@
+const int dbSchemaVersion = 37;
@@ -0,0 +1,14 @@
+enum MenuPosition { bottom, top }
+
+enum AfterMailViewAction { nextMessage, showMailbox }
+
+class UserPreferences {
+  const UserPreferences({
+    this.menuPosition = MenuPosition.bottom,
+    this.mailViewButtonPosition = MenuPosition.bottom,
+    this.afterMailViewAction = AfterMailViewAction.nextMessage,
+  });
+  final MenuPosition menuPosition;
+  final MenuPosition mailViewButtonPosition;
+  final AfterMailViewAction afterMailViewAction;
+}
@@ -15,6 +15,10 @@ abstract class EmailRepository {
    int limit = 50,
  });

+  /// Returns threads from the INBOX mailbox of every account, sorted by latest
+  /// message date descending. Inbox mailboxes are identified by role = 'inbox'.
+  Stream<List<EmailThread>> observeAllInboxThreads({int limit = 50});
+
  /// Returns all emails belonging to [threadId] in [mailboxPath].
  Stream<List<Email>> observeEmailsInThread(
    String accountId,
@@ -11,4 +11,13 @@ abstract class MailboxRepository {

  /// Deletes all locally-cached mailbox rows for [accountId].
  Future<void> clearForResync(String accountId);
+
+  /// Creates a new mailbox named [name] for [accountId] and tags it with
+  /// [role] in the local database. For JMAP accounts the role is also sent
+  /// to the server. Returns the newly created [Mailbox].
+  Future<Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  );
 }
@@ -19,6 +19,8 @@ class SyncLogEntry {
    required this.id,
    required this.result,
    this.errorMessage,
+    this.stackTrace,
+    this.isPermanent = false,
    required this.protocol,
    required this.emailsFetched,
    required this.emailsSkipped,
@@ -34,6 +36,8 @@ class SyncLogEntry {
  final int id;
  final String result; // 'ok' or 'error'
  final String? errorMessage;
+  final String? stackTrace;
+  final bool isPermanent;
  final String protocol; // 'imap' or 'jmap'
  final int emailsFetched;
  final int emailsSkipped;
@@ -54,6 +58,8 @@ abstract class SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -81,6 +87,8 @@ class NoOpSyncLogRepository implements SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -0,0 +1,12 @@
+import 'package:sharedinbox/core/models/user_preferences.dart';
+
+abstract class UserPreferencesRepository {
+  Stream<UserPreferences> observePreferences();
+  Future<void> updateMenuPosition(MenuPosition position);
+  Future<void> updateMailViewButtonPosition(MenuPosition position);
+  Future<void> updateAfterMailViewAction(AfterMailViewAction action);
+
+  Stream<List<String>> observeTrustedImageSenders();
+  Future<void> addTrustedImageSender(String senderEmail);
+  Future<void> removeTrustedImageSender(String senderEmail);
+}
@@ -1,31 +1,40 @@
 import 'dart:io';

+import 'package:flutter/services.dart';
 import 'package:flutter_local_notifications/flutter_local_notifications.dart';

 const _kChannelId = 'new_mail';
 const _kChannelName = 'New mail';

 final _plugin = FlutterLocalNotificationsPlugin();
+bool _initialized = false;

 Future<void> initNotifications() async {
-  const android = AndroidInitializationSettings('@mipmap/ic_launcher');
-  await _plugin.initialize(
-    const InitializationSettings(android: android),
-    onDidReceiveNotificationResponse: (_) {},
-  );
-  await _plugin
-      .resolvePlatformSpecificImplementation<
-          AndroidFlutterLocalNotificationsPlugin>()
-      ?.requestNotificationsPermission();
+  try {
+    const android = AndroidInitializationSettings('@mipmap/ic_launcher');
+    await _plugin.initialize(
+      settings: const InitializationSettings(android: android),
+      onDidReceiveNotificationResponse: (_) {},
+    );
+    await _plugin
+        .resolvePlatformSpecificImplementation<
+            AndroidFlutterLocalNotificationsPlugin>()
+        ?.requestNotificationsPermission();
+    _initialized = true;
+  } on MissingPluginException {
+    // Plugin not registered on this device; notifications silently disabled.
+  } catch (_) {
+    // Unexpected initialization failure; notifications silently disabled.
+  }
 }

 Future<void> showNewMailNotification(String accountEmail) async {
-  if (!Platform.isAndroid) return;
+  if (!Platform.isAndroid || !_initialized) return;
  await _plugin.show(
-    accountEmail.hashCode & 0x7FFFFFFF,
-    'New mail',
-    accountEmail,
-    const NotificationDetails(
+    id: accountEmail.hashCode & 0x7FFFFFFF,
+    title: 'New mail',
+    body: accountEmail,
+    notificationDetails: const NotificationDetails(
      android: AndroidNotificationDetails(
        _kChannelId,
        _kChannelName,
@@ -92,8 +92,9 @@ class ShareEncryptionService {
  ) {
    if (!s.startsWith(_pubKeyPrefix)) return null;
    try {
-      final data =
-          Uint8List.fromList(base64.decode(s.substring(_pubKeyPrefix.length)));
+      final data = Uint8List.fromList(
+        base64.decode(s.substring(_pubKeyPrefix.length)),
+      );
      if (data.length != _keyIdLen + _pubKeyLen) return null;
      return (
        keyId: data.sublist(0, _keyIdLen),
@@ -4,38 +4,39 @@ import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
 import 'package:sharedinbox/di.dart';

-class UndoService extends StateNotifier<List<UndoAction>> {
-  UndoService(this._ref) : super([]);
-
-  final Ref _ref;
+class UndoService extends Notifier<List<UndoAction>> {
  static const int _maxHistory = 10;

-  // Resolves once init() has loaded persisted history. Default to an already-
-  // resolved future so operations are safe even if init() is never called.
-  Future<void> _ready = Future.value();
+  // Resolves once build() has loaded persisted history.
+  late Future<void> _ready;

-  Future<void> init() async {
-    _ready = _ref.read(undoRepositoryProvider).getHistory().then((history) {
-      if (mounted) state = history;
+  @override
+  List<UndoAction> build() {
+    _ready = ref.read(undoRepositoryProvider).getHistory().then((history) {
+      if (ref.mounted) state = history;
    });
-    await _ready;
+    return [];
  }

+  /// Waits for the persisted history to finish loading. Called by tests to
+  /// ensure the provider is ready before asserting state.
+  Future<void> init() => _ready;
+
  Future<void> pushAction(UndoAction action) async {
    await _ready;
    final newList = [...state, action];
    if (newList.length > _maxHistory) {
      final removed = newList.removeAt(0);
-      await _ref.read(undoRepositoryProvider).deleteAction(removed.id);
+      await ref.read(undoRepositoryProvider).deleteAction(removed.id);
    }
    state = newList;
-    await _ref.read(undoRepositoryProvider).saveAction(action);
+    await ref.read(undoRepositoryProvider).saveAction(action);
  }

  Future<void> clear() async {
    await _ready;
    state = [];
-    unawaited(_ref.read(undoRepositoryProvider).clearHistory());
+    unawaited(ref.read(undoRepositoryProvider).clearHistory());
  }

  Future<void> undo({String? actionId}) async {
@@ -57,7 +58,7 @@ class UndoService extends StateNotifier<List<UndoAction>> {
    // happened and retry if the undo failed (e.g. after an IMAP sync reverted
    // the local change). The inverse action added below allows undoing the undo.

-    final repo = _ref.read(emailRepositoryProvider);
+    final repo = ref.read(emailRepositoryProvider);

    for (final id in action.emailIds) {
      // 1. Try to cancel the original change (if not started yet).
@@ -108,8 +108,9 @@ class SieveInterpreter {
  }

  bool _globMatch(String value, String pattern) {
-    final regexStr =
-        RegExp.escape(pattern).replaceAll(r'\*', '.*').replaceAll(r'\?', '.');
+    final regexStr = RegExp.escape(
+      pattern,
+    ).replaceAll(r'\*', '.*').replaceAll(r'\?', '.');
    return RegExp('^$regexStr\$').hasMatch(value);
  }

@@ -466,9 +466,7 @@ class _Scanner {

  String readTaggedArg() {
    if (!isAtEnd && _src[_pos] == ':') return readWord();
-    throw SieveParseException(
-      'Expected tagged argument at position $_pos',
-    );
+    throw SieveParseException('Expected tagged argument at position $_pos');
  }

  String? peekSizeUnit() {
@@ -480,9 +478,7 @@ class _Scanner {

  String readDigits() {
    if (isAtEnd || !_isDigit(_src[_pos])) {
-      throw SieveParseException(
-        'Expected number at position $_pos',
-      );
+      throw SieveParseException('Expected number at position $_pos');
    }
    final start = _pos;
    while (!isAtEnd && _isDigit(_src[_pos])) {
@@ -493,9 +489,7 @@ class _Scanner {

  String readQuotedString() {
    if (_src[_pos] != '"') {
-      throw SieveParseException(
-        'Expected " at position $_pos',
-      );
+      throw SieveParseException('Expected " at position $_pos');
    }
    _pos++; // skip opening quote
    final buf = StringBuffer();
@@ -1,6 +1,7 @@
 import 'dart:async';

 import 'package:enough_mail/enough_mail.dart' as imap;
+import 'package:flutter/services.dart' show MissingPluginException;
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/models/email.dart' show SyncEmailsResult;
 import 'package:sharedinbox/core/repositories/account_repository.dart';
@@ -259,6 +260,8 @@ class _AccountSync implements _SyncLoop {
            accountId: account.id,
            success: false,
            errorMessage: e.toString(),
+            stackTrace: st.toString(),
+            isPermanent: isPermanent,
            protocol: 'imap',
            emailsFetched: 0,
            emailsSkipped: 0,
@@ -294,6 +297,7 @@ class _AccountSync implements _SyncLoop {

  bool _isPermanentError(Object e) {
    if (isTlsConfigError(e)) return true;
+    if (e is MissingPluginException) return true;
    final s = e.toString().toLowerCase();
    // enough_mail doesn't always have typed exceptions for auth, so we check strings.
    return s.contains('invalid credentials') ||
@@ -511,6 +515,8 @@ class _JmapAccountSync implements _SyncLoop {
            accountId: account.id,
            success: false,
            errorMessage: e.toString(),
+            stackTrace: st.toString(),
+            isPermanent: isPermanent,
            protocol: 'jmap',
            emailsFetched: 0,
            emailsSkipped: 0,
@@ -546,6 +552,7 @@ class _JmapAccountSync implements _SyncLoop {

  bool _isPermanentError(Object e) {
    if (isTlsConfigError(e)) return true;
+    if (e is MissingPluginException) return true;
    final s = e.toString().toLowerCase();
    return s.contains('invalid credentials') ||
        s.contains('authentication failed') ||
@@ -5,6 +5,8 @@ import 'dart:io';
 import 'package:drift/drift.dart';
 import 'package:drift/native.dart';
 import 'package:enough_mail/enough_mail.dart' as imap;
+import 'package:flutter/services.dart';
+import 'package:flutter/widgets.dart';
 import 'package:path/path.dart' as p;
 import 'package:path_provider/path_provider.dart';

@@ -23,6 +25,9 @@ const _kResourceType = 'background_check';

@pragma('vm:entry-point')
 void callbackDispatcher() {
+  // Required so that path_provider and other plugins are available in this
+  // background isolate (issue #192).
+  WidgetsFlutterBinding.ensureInitialized();
  Workmanager().executeTask((_, __) async {
    try {
      await _doBackgroundSync();
@@ -32,14 +37,22 @@ void callbackDispatcher() {
 }

 Future<void> registerBackgroundSync() async {
-  await Workmanager().initialize(callbackDispatcher);
-  await Workmanager().registerPeriodicTask(
-    _kTaskName,
-    _kTaskName,
-    frequency: const Duration(minutes: 15),
-    constraints: Constraints(networkType: NetworkType.connected),
-    existingWorkPolicy: ExistingPeriodicWorkPolicy.keep,
-  );
+  try {
+    await Workmanager().initialize(callbackDispatcher);
+    await Workmanager().registerPeriodicTask(
+      _kTaskName,
+      _kTaskName,
+      frequency: const Duration(minutes: 15),
+      constraints: Constraints(networkType: NetworkType.connected),
+      existingWorkPolicy: ExistingPeriodicWorkPolicy.keep,
+    );
+  } on PlatformException {
+    // WorkManager channel unavailable on this device; background sync disabled.
+  } on MissingPluginException {
+    // Plugin not registered on this device; background sync disabled.
+  } catch (_) {
+    // Unexpected initialization failure; background sync disabled.
+  }
 }

 Future<void> _doBackgroundSync() async {
@@ -35,10 +35,7 @@ String injectInlineImages(String html, imap.MimeMessage msg) {
        .replaceAll('src="cid:$bareCid"', 'src="$dataUri"')
        .replaceAll("src='cid:$bareCid'", "src='$dataUri'")
        .replaceAll('src="cid:${bareCid.toLowerCase()}"', 'src="$dataUri"')
-        .replaceAll(
-          "src='cid:${bareCid.toLowerCase()}'",
-          "src='$dataUri'",
-        );
+        .replaceAll("src='cid:${bareCid.toLowerCase()}'", "src='$dataUri'");
  }
  return result;
 }
@@ -3,8 +3,10 @@ import 'dart:io';

 import 'package:drift/drift.dart';
 import 'package:drift/native.dart';
+import 'package:flutter/services.dart';
 import 'package:path/path.dart' as p;
 import 'package:path_provider/path_provider.dart';
+import 'package:sharedinbox/core/db_schema_version.dart';

 part 'database.g.dart';

@@ -191,6 +193,9 @@ class SyncLogs extends Table {
  DateTimeColumn get finishedAt => dateTime()();
  // Added in schema v13: raw protocol log when account.verbose == true.
  TextColumn get protocolLog => text().nullable()();
+  // Added in schema v33: stack trace and permanent flag for error entries.
+  TextColumn get errorStackTrace => text().nullable()();
+  BoolColumn get isPermanent => boolean().withDefault(const Constant(false))();
 }

 /// Per-mailbox breakdown for a single sync cycle.
@@ -302,6 +307,34 @@ class LocalSieveApplied extends Table {
  Set<Column> get primaryKey => {accountId, messageId};
 }

+/// Senders for whom remote images are loaded automatically.
+/// Per-device/per-user — not tied to any email account.
+@DataClassName('ImageTrustedSenderRow')
+class ImageTrustedSenders extends Table {
+  TextColumn get senderEmail => text()();
+  DateTimeColumn get addedAt => dateTime()();
+
+  @override
+  Set<Column> get primaryKey => {senderEmail};
+}
+
+/// App-wide user preferences, stored as a singleton row (id always 1).
+@DataClassName('UserPreferencesRow')
+class UserPreferences extends Table {
+  IntColumn get id => integer()();
+  // 'bottom' (default) | 'top'
+  TextColumn get menuPosition => text().withDefault(const Constant('bottom'))();
+  // Added in schema v35: 'bottom' (default) | 'top'
+  TextColumn get mailViewButtonPosition =>
+      text().withDefault(const Constant('bottom'))();
+  // Added in schema v36: 'nextMessage' (default) | 'showMailbox'
+  TextColumn get afterMailViewAction =>
+      text().withDefault(const Constant('nextMessage'))();
+
+  @override
+  Set<Column> get primaryKey => {id};
+}
+
 // ── Database ──────────────────────────────────────────────────────────────────

@DriftDatabase(
@@ -322,13 +355,15 @@ class LocalSieveApplied extends Table {
    LocalSieveScripts,
    LocalSieveApplied,
    ShareKeys,
+    UserPreferences,
+    ImageTrustedSenders,
  ],
 )
 class AppDatabase extends _$AppDatabase {
  AppDatabase([QueryExecutor? executor]) : super(executor ?? _openConnection());

  @override
-  int get schemaVersion => 32;
+  int get schemaVersion => dbSchemaVersion;

  Future<void> _createEmailFts() async {
    await customStatement('''
@@ -569,6 +604,28 @@ class AppDatabase extends _$AppDatabase {
          if (from < 32) {
            await m.createTable(localSieveApplied);
          }
+          if (from >= 7 && from < 33) {
+            await m.addColumn(syncLogs, syncLogs.errorStackTrace);
+            await m.addColumn(syncLogs, syncLogs.isPermanent);
+          }
+          if (from < 34) {
+            await m.createTable(userPreferences);
+          }
+          if (from >= 34 && from < 35) {
+            await m.addColumn(
+              userPreferences,
+              userPreferences.mailViewButtonPosition,
+            );
+          }
+          if (from >= 34 && from < 36) {
+            await m.addColumn(
+              userPreferences,
+              userPreferences.afterMailViewAction,
+            );
+          }
+          if (from < 37) {
+            await m.createTable(imageTrustedSenders);
+          }
        },
      );
 }
@@ -578,20 +635,96 @@ String? _dbPath;

 /// Call after WidgetsFlutterBinding.ensureInitialized() so that the
 /// path_provider plugin channel is registered before the first DB access.
+/// On some Android versions the Pigeon channel is not ready at the very
+/// start of main(); if it fails, _openConnection() retries lazily.
 Future<void> initDatabasePath() async {
-  final dir = await getApplicationSupportDirectory();
-  _dbPath = p.join(dir.path, 'sharedinbox.db');
+  try {
+    final dir = await getApplicationSupportDirectory();
+    _dbPath = p.join(dir.path, 'sharedinbox.db');
+  } on PlatformException {
+    // Channel not yet established; LazyDatabase will resolve the path
+    // on first access, after runApp() completes initialization.
+  }
 }

+/// Resolve the application support path, retrying on PlatformException to
+/// survive a race where the path_provider Pigeon channel isn't ready yet.
+Future<String> _resolveDatabasePath() async {
+  if (_dbPath != null) return _dbPath!;
+  // initDatabasePath() failed (channel not ready before runApp). Retry now
+  // that the engine is fully initialised, with back-off. Some slow Android
+  // devices need several seconds for the Pigeon channel to become ready
+  // (issue #166), so use a longer schedule than the initial attempt.
+  const delays = [200, 500, 1000, 2000, 4000];
+  for (final ms in delays) {
+    try {
+      final dir = await getApplicationSupportDirectory();
+      _dbPath = p.join(dir.path, 'sharedinbox.db');
+      return _dbPath!;
+    } on PlatformException {
+      await Future<void>.delayed(Duration(milliseconds: ms));
+    }
+  }
+  // On Android, path_provider can be permanently broken on some devices
+  // regardless of how long we wait (issue #192).  Derive the path from
+  // /proc/self/cmdline (the Android process name == package name) without
+  // a platform channel as a last resort so the app can still open its DB.
+  if (Platform.isAndroid) {
+    final fallback = await _androidFallbackPath();
+    if (fallback != null) {
+      _dbPath = fallback;
+      return _dbPath!;
+    }
+  }
+  throw PlatformException(
+    code: 'channel-error',
+    message: 'path_provider unavailable after ${delays.length + 1} attempts — '
+        'cannot open database.',
+  );
+}
+
+// Reads /proc/self/cmdline to extract the Android package name, then
+// constructs the standard app files-dir path without a platform channel.
+// Returns null when the path cannot be determined or created.
+Future<String?> _androidFallbackPath() async {
+  try {
+    final bytes = await File('/proc/self/cmdline').readAsBytes();
+    final end = bytes.indexOf(0);
+    final packageName = String.fromCharCodes(
+      end >= 0 ? bytes.sublist(0, end) : bytes,
+    ).trim();
+    // A valid Android package name contains dots but not slashes.
+    if (packageName.isEmpty ||
+        !packageName.contains('.') ||
+        packageName.contains('/')) {
+      return null;
+    }
+    for (final base in [
+      '/data/user/0/$packageName/files',
+      '/data/data/$packageName/files',
+    ]) {
+      try {
+        await Directory(base).create(recursive: true);
+        return p.join(base, 'sharedinbox.db');
+      } catch (_) {
+        continue;
+      }
+    }
+    return null;
+  } catch (_) {
+    return null;
+  }
+}
+
+// These functions are only called from unit tests (database_path_test.dart).
+// They expose internals that cannot be reached via the public API.
+Future<String> resolveDatabasePathForTesting() => _resolveDatabasePath();
+void resetDatabasePathForTesting() => _dbPath = null;
+Future<String?> androidFallbackPathForTesting() => _androidFallbackPath();
+
 LazyDatabase _openConnection() {
  return LazyDatabase(() async {
-    final file = File(
-      _dbPath ??
-          p.join(
-            (await getApplicationSupportDirectory()).path,
-            'sharedinbox.db',
-          ),
-    );
+    final file = File(await _resolveDatabasePath());
    return NativeDatabase.createInBackground(
      file,
      setup: (db) {
@@ -9,8 +9,9 @@ class LocalSieveRepository {
  final AppDatabase _db;

  Future<List<SieveScript>> listScripts(String accountId) async {
-    final rows = await (_db.select(_db.localSieveScripts)
-          ..where((t) => t.accountId.equals(accountId)))
+    final rows = await (_db.select(
+      _db.localSieveScripts,
+    )..where((t) => t.accountId.equals(accountId)))
        .get();
    return rows
        .map(
@@ -26,10 +27,9 @@ class LocalSieveRepository {

  Future<String> getScriptContent(String accountId, String blobId) async {
    final rowId = int.parse(blobId);
-    final row = await (_db.select(_db.localSieveScripts)
-          ..where(
-            (t) => t.id.equals(rowId) & t.accountId.equals(accountId),
-          ))
+    final row = await (_db.select(
+      _db.localSieveScripts,
+    )..where((t) => t.id.equals(rowId) & t.accountId.equals(accountId)))
        .getSingleOrNull();
    if (row == null) throw Exception('Local script not found: $blobId');
    return row.content;
@@ -44,9 +44,7 @@ class LocalSieveRepository {
    if (id != null) {
      final rowId = int.parse(id);
      await (_db.update(_db.localSieveScripts)
-            ..where(
-              (t) => t.id.equals(rowId) & t.accountId.equals(accountId),
-            ))
+            ..where((t) => t.id.equals(rowId) & t.accountId.equals(accountId)))
          .write(
        LocalSieveScriptsCompanion(
          name: Value(name),
@@ -78,10 +76,9 @@ class LocalSieveRepository {

  Future<void> deleteScript(String accountId, String scriptId) async {
    final rowId = int.parse(scriptId);
-    await (_db.delete(_db.localSieveScripts)
-          ..where(
-            (t) => t.id.equals(rowId) & t.accountId.equals(accountId),
-          ))
+    await (_db.delete(
+      _db.localSieveScripts,
+    )..where((t) => t.id.equals(rowId) & t.accountId.equals(accountId)))
        .go();
  }

@@ -92,9 +89,7 @@ class LocalSieveRepository {
          .write(const LocalSieveScriptsCompanion(isActive: Value(false)));
      final rowId = int.parse(scriptId);
      await (_db.update(_db.localSieveScripts)
-            ..where(
-              (t) => t.id.equals(rowId) & t.accountId.equals(accountId),
-            ))
+            ..where((t) => t.id.equals(rowId) & t.accountId.equals(accountId)))
          .write(const LocalSieveScriptsCompanion(isActive: Value(true)));
    });
  }
@@ -9,11 +9,8 @@ import 'package:sharedinbox/data/db/database.dart';
 import 'package:sharedinbox/data/imap/imap_client_factory.dart';

 class DraftRepositoryImpl implements DraftRepository {
-  DraftRepositoryImpl(
-    this._db,
-    this._accounts, {
-    ImapConnectFn? imapConnect,
-  }) : _imapConnect = imapConnect;
+  DraftRepositoryImpl(this._db, this._accounts, {ImapConnectFn? imapConnect})
+      : _imapConnect = imapConnect;

  final AppDatabase _db;
  final AccountRepository _accounts;
@@ -124,10 +121,7 @@ class DraftRepositoryImpl implements DraftRepository {
    }
  }

-  Future<void> _syncWithServer(
-    imap.ImapClient client,
-    String accountId,
-  ) async {
+  Future<void> _syncWithServer(imap.ImapClient client, String accountId) async {
    // Create/select the Drafts folder.
    try {
      await client.createMailbox('Drafts');
@@ -162,8 +156,9 @@ class DraftRepositoryImpl implements DraftRepository {
          ? uidList.first.toString()
          : null;
      if (uid != null) {
-        await (_db.update(_db.drafts)..where((t) => t.id.equals(row.id)))
-            .write(DraftsCompanion(imapServerId: Value(uid)));
+        await (_db.update(_db.drafts)..where((t) => t.id.equals(row.id))).write(
+          DraftsCompanion(imapServerId: Value(uid)),
+        );
      }
    }

@@ -95,6 +95,26 @@ class EmailRepositoryImpl implements EmailRepository {
        .map((rows) => rows.map(_threadRowToModel).toList());
  }

+  @override
+  Stream<List<model.EmailThread>> observeAllInboxThreads({int limit = 50}) {
+    final query = _db.select(_db.threads).join([
+      innerJoin(
+        _db.mailboxes,
+        _db.mailboxes.accountId.equalsExp(_db.threads.accountId) &
+            _db.mailboxes.path.equalsExp(_db.threads.mailboxPath),
+      ),
+    ]);
+    query
+      ..where(_db.mailboxes.role.equals('inbox'))
+      ..orderBy([OrderingTerm.desc(_db.threads.latestDate)])
+      ..limit(limit);
+    return query.watch().map(
+          (rows) => rows
+              .map((row) => _threadRowToModel(row.readTable(_db.threads)))
+              .toList(),
+        );
+  }
+
  model.EmailThread _threadRowToModel(ThreadRow row) {
    List<model.EmailAddress> parseAddresses(String json) {
      final list = jsonDecode(json) as List<dynamic>;
@@ -156,6 +176,7 @@ class EmailRepositoryImpl implements EmailRepository {
      return;
    }

+    if (threadEmails.isEmpty) return;
    final latest = threadEmails.last;

    // Collect unique participants across the whole thread.
@@ -237,7 +258,12 @@ class EmailRepositoryImpl implements EmailRepository {
    try {
      await client.selectMailboxByPath(emailRow.mailboxPath);
      final fetch = await client.uidFetchMessage(emailRow.uid, '(BODY.PEEK[])');
-      final msg = fetch.messages.first;
+      final msg = fetch.messages.firstOrNull;
+      if (msg == null) {
+        throw StateError(
+          'IMAP server returned no message for UID ${emailRow.uid}.',
+        );
+      }
      final textBody = msg.decodeTextPlainPart();
      final rawHtml = msg.decodeTextHtmlPart();
      final htmlBody =
@@ -325,13 +351,7 @@ class EmailRepositoryImpl implements EmailRepository {
          ],
          'fetchHTMLBodyValues': true,
          'fetchTextBodyValues': true,
-          'bodyProperties': [
-            'partId',
-            'type',
-            'name',
-            'size',
-            'subParts',
-          ],
+          'bodyProperties': ['partId', 'type', 'name', 'size', 'subParts'],
        },
        '0',
      ],
@@ -1949,8 +1969,9 @@ class EmailRepositoryImpl implements EmailRepository {
        .getSingleOrNull();
    final inboxPath = inboxMailbox?.path ?? 'INBOX';

-    final alreadyApplied = await (_db.select(_db.localSieveApplied)
-          ..where((t) => t.accountId.equals(accountId)))
+    final alreadyApplied = await (_db.select(
+      _db.localSieveApplied,
+    )..where((t) => t.accountId.equals(accountId)))
        .get();
    final appliedIds = alreadyApplied.map((r) => r.messageId).toSet();

@@ -2050,7 +2071,9 @@ class EmailRepositoryImpl implements EmailRepository {
            ..limit(1))
          .getSingleOrNull();
      if (destMailbox == null) {
-        log('Sieve: JMAP mailbox "$folder" not found for account ${account.id}');
+        log(
+          'Sieve: JMAP mailbox "$folder" not found for account ${account.id}',
+        );
        return;
      }
      destPath = destMailbox.path;
@@ -2808,11 +2831,13 @@ class EmailRepositoryImpl implements EmailRepository {
      // Content-Transfer-Encoding) and getPart() can decode the part correctly.
      // A partial BODY.PEEK[n] fetch omits those headers, causing
      // decodeContentBinary() to return raw base64 instead of decoded bytes.
-      final fetch = await client.uidFetchMessage(
-        emailRow.uid,
-        'BODY.PEEK[]',
-      );
-      final msg = fetch.messages.first;
+      final fetch = await client.uidFetchMessage(emailRow.uid, 'BODY.PEEK[]');
+      final msg = fetch.messages.firstOrNull;
+      if (msg == null) {
+        throw StateError(
+          'IMAP server returned no message for UID ${emailRow.uid}.',
+        );
+      }
      final part = msg.getPart(attachment.fetchPartId) ?? msg;
      final bytes = part.decodeContentBinary();
      if (bytes == null) {
@@ -2874,11 +2899,14 @@ class EmailRepositoryImpl implements EmailRepository {
    );
    try {
      await client.selectMailboxByPath(emailRow.mailboxPath);
-      final fetch = await client.uidFetchMessage(
-        emailRow.uid,
-        'BODY.PEEK[]',
-      );
-      return fetch.messages.first.renderMessage();
+      final fetch = await client.uidFetchMessage(emailRow.uid, 'BODY.PEEK[]');
+      final msg = fetch.messages.firstOrNull;
+      if (msg == null) {
+        throw StateError(
+          'IMAP server returned no message for UID ${emailRow.uid}.',
+        );
+      }
+      return msg.renderMessage();
    } finally {
      await client.logout();
    }
@@ -2955,6 +2983,20 @@ class EmailRepositoryImpl implements EmailRepository {
  }) async {
    if (query.length < 2) return [];
    final pattern = '%${query.toLowerCase()}%';
+
+    // Addresses we deliberately wrote to (sent folder) should appear before
+    // addresses that happened to email us (inbox/other folders).
+    final sentMailboxes = await (_db.select(_db.mailboxes)
+          ..where((t) {
+            Expression<bool> cond = t.role.equals('sent');
+            if (accountId != null) {
+              cond = t.accountId.equals(accountId) & cond;
+            }
+            return cond;
+          }))
+        .get();
+    final sentPaths = {for (final m in sentMailboxes) m.path};
+
    final rows = await (_db.select(_db.emails)
          ..where((t) {
            Expression<bool> cond = const Constant(true);
@@ -2969,11 +3011,22 @@ class EmailRepositoryImpl implements EmailRepository {
          ..limit(100))
        .get();

+    // Two passes: sent-folder rows first (prioritise recipients we chose),
+    // then other rows (senders who contacted us).
+    final sortedRows = [
+      ...rows.where((r) => sentPaths.contains(r.mailboxPath)),
+      ...rows.where((r) => !sentPaths.contains(r.mailboxPath)),
+    ];
+
    final seen = <String>{};
    final results = <model.EmailAddress>[];
    final lowerQuery = query.toLowerCase();
-    for (final row in rows) {
-      for (final jsonStr in [row.fromJson, row.toAddresses, row.ccJson]) {
+    for (final row in sortedRows) {
+      final isSent = sentPaths.contains(row.mailboxPath);
+      final fields = isSent
+          ? [row.toAddresses, row.ccJson, row.fromJson]
+          : [row.fromJson, row.toAddresses, row.ccJson];
+      for (final jsonStr in fields) {
        final list = jsonDecode(jsonStr) as List<dynamic>;
        for (final e in list) {
          final map = e as Map<String, dynamic>;
@@ -3252,14 +3305,17 @@ class EmailRepositoryImpl implements EmailRepository {
    await _db.customStatement('PRAGMA foreign_keys = OFF');
    try {
      await _db.transaction(() async {
-        await (_db.delete(_db.emails)
-              ..where((t) => t.accountId.equals(accountId)))
+        await (_db.delete(
+          _db.emails,
+        )..where((t) => t.accountId.equals(accountId)))
            .go();
-        await (_db.delete(_db.pendingChanges)
-              ..where((t) => t.accountId.equals(accountId)))
+        await (_db.delete(
+          _db.pendingChanges,
+        )..where((t) => t.accountId.equals(accountId)))
            .go();
-        await (_db.delete(_db.syncStates)
-              ..where((t) => t.accountId.equals(accountId)))
+        await (_db.delete(
+          _db.syncStates,
+        )..where((t) => t.accountId.equals(accountId)))
            .go();
      });
    } finally {
@@ -79,6 +79,15 @@ class MailboxRepositoryImpl implements MailboxRepository {
    );
    try {
      final mailboxes = await client.listMailboxes(recursive: true);
+
+      // Pre-load existing DB roles so we can preserve manually-set roles for
+      // folders the server doesn't tag with a special-use attribute.
+      final existingRows = await (_db.select(
+        _db.mailboxes,
+      )..where((t) => t.accountId.equals(account.id)))
+          .get();
+      final existingRoles = {for (final r in existingRows) r.id: r.role};
+
      for (final mb in mailboxes) {
        final path = mb.path;
        final id = '${account.id}:$path';
@@ -96,6 +105,12 @@ class MailboxRepositoryImpl implements MailboxRepository {
          log('STATUS skipped for $path: $e');
        }

+        // Use the server-assigned role when available; fall back to the
+        // existing DB role so that manually-created folders (e.g. a user
+        // who just created their Archive folder) keep their role across syncs
+        // when the IMAP server does not expose a special-use attribute.
+        final role = _imapRole(mb) ?? existingRoles[id];
+
        await _db.into(_db.mailboxes).insertOnConflictUpdate(
              MailboxesCompanion.insert(
                id: id,
@@ -104,7 +119,7 @@ class MailboxRepositoryImpl implements MailboxRepository {
                name: mb.name,
                unreadCount: Value(unread),
                totalCount: Value(total),
-                role: Value(_imapRole(mb)),
+                role: Value(role),
              ),
            );
      }
@@ -306,8 +321,112 @@ class MailboxRepositoryImpl implements MailboxRepository {

  @override
  Future<void> clearForResync(String accountId) async {
-    await (_db.delete(_db.mailboxes)
-          ..where((t) => t.accountId.equals(accountId)))
+    await (_db.delete(
+      _db.mailboxes,
+    )..where((t) => t.accountId.equals(accountId)))
        .go();
  }
+
+  @override
+  Future<model.Mailbox> createMailboxWithRole(
+    String accountId,
+    String name,
+    String role,
+  ) async {
+    final account = (await _accounts.getAccount(accountId))!;
+    final password = await _accounts.getPassword(accountId);
+    switch (account.type) {
+      case account_model.AccountType.imap:
+        return _createMailboxWithRoleImap(account, password, name, role);
+      case account_model.AccountType.jmap:
+        return _createMailboxWithRoleJmap(account, password, name, role);
+    }
+  }
+
+  Future<model.Mailbox> _createMailboxWithRoleImap(
+    account_model.Account account,
+    String password,
+    String name,
+    String role,
+  ) async {
+    final client = await _imapConnect(
+      account,
+      _effectiveUsername(account),
+      password,
+    );
+    try {
+      await client.createMailbox(name);
+    } finally {
+      await client.logout();
+    }
+    final id = '${account.id}:$name';
+    await _db.into(_db.mailboxes).insertOnConflictUpdate(
+          MailboxesCompanion.insert(
+            id: id,
+            accountId: account.id,
+            path: name,
+            name: name,
+            role: Value(role),
+          ),
+        );
+    final row = await (_db.select(
+      _db.mailboxes,
+    )..where((t) => t.id.equals(id)))
+        .getSingle();
+    return _toModel(row);
+  }
+
+  Future<model.Mailbox> _createMailboxWithRoleJmap(
+    account_model.Account account,
+    String password,
+    String name,
+    String role,
+  ) async {
+    final jmapUrl = account.jmapUrl;
+    if (jmapUrl == null || jmapUrl.isEmpty) {
+      throw Exception('JMAP account ${account.id} has no jmapUrl');
+    }
+    final jmap = await JmapClient.connect(
+      httpClient: _httpClient,
+      jmapUrl: Uri.parse(jmapUrl),
+      username: _effectiveUsername(account),
+      password: password,
+    );
+    final responses = await jmap.call([
+      [
+        'Mailbox/set',
+        {
+          'accountId': jmap.accountId,
+          'create': {
+            'new-mailbox': {'name': name, 'role': role},
+          },
+        },
+        '0',
+      ],
+    ]);
+    final result = _responseArgs(responses, 0, 'Mailbox/set');
+    final created = result['created'] as Map<String, dynamic>?;
+    final newId =
+        (created?['new-mailbox'] as Map<String, dynamic>?)?['id'] as String?;
+    if (newId == null) {
+      throw Exception(
+        'Failed to create mailbox "$name": server returned no ID',
+      );
+    }
+    final dbId = '${account.id}:$newId';
+    await _db.into(_db.mailboxes).insertOnConflictUpdate(
+          MailboxesCompanion.insert(
+            id: dbId,
+            accountId: account.id,
+            path: newId,
+            name: name,
+            role: Value(role),
+          ),
+        );
+    final row = await (_db.select(
+      _db.mailboxes,
+    )..where((t) => t.id.equals(dbId)))
+        .getSingle();
+    return _toModel(row);
+  }
 }
@@ -24,8 +24,9 @@ class SearchHistoryRepositoryImpl implements SearchHistoryRepository {

    await _db.transaction(() async {
      // Remove existing entry for same query (deduplication).
-      await (_db.delete(_db.searchHistoryEntries)
-            ..where((t) => t.query.equals(trimmed)))
+      await (_db.delete(
+        _db.searchHistoryEntries,
+      )..where((t) => t.query.equals(trimmed)))
          .go();

      await _db.into(_db.searchHistoryEntries).insert(
@@ -43,8 +44,9 @@ class SearchHistoryRepositoryImpl implements SearchHistoryRepository {
          .get();

      if (keepIds.isNotEmpty) {
-        await (_db.delete(_db.searchHistoryEntries)
-              ..where((t) => t.id.isNotIn(keepIds)))
+        await (_db.delete(
+          _db.searchHistoryEntries,
+        )..where((t) => t.id.isNotIn(keepIds)))
            .go();
      }
    });
@@ -40,8 +40,9 @@ class ShareKeyRepositoryImpl implements ShareKeyRepository {
    await _pruneExpired();

    final keyIdHex = _hex(keyId);
-    final row = await (_db.select(_db.shareKeys)
-          ..where((t) => t.id.equals(keyIdHex)))
+    final row = await (_db.select(
+      _db.shareKeys,
+    )..where((t) => t.id.equals(keyIdHex)))
        .getSingleOrNull();

    if (row == null) return null;
@@ -55,10 +56,9 @@ class ShareKeyRepositoryImpl implements ShareKeyRepository {
  }

  Future<void> _pruneExpired() async {
-    await (_db.delete(_db.shareKeys)
-          ..where(
-            (t) => t.expiresAt.isSmallerThanValue(DateTime.now().toUtc()),
-          ))
+    await (_db.delete(
+      _db.shareKeys,
+    )..where((t) => t.expiresAt.isSmallerThanValue(DateTime.now().toUtc())))
        .go();
  }

@@ -13,6 +13,8 @@ class SyncLogRepositoryImpl implements SyncLogRepository {
    required String accountId,
    required bool success,
    String? errorMessage,
+    String? stackTrace,
+    bool isPermanent = false,
    required String protocol,
    required int emailsFetched,
    required int emailsSkipped,
@@ -30,6 +32,8 @@ class SyncLogRepositoryImpl implements SyncLogRepository {
              accountId: accountId,
              result: success ? 'ok' : 'error',
              errorMessage: Value(errorMessage),
+              errorStackTrace: Value(stackTrace),
+              isPermanent: Value(isPermanent),
              protocol: Value(protocol),
              itemsSynced: Value(emailsFetched),
              emailsSkipped: Value(emailsSkipped),
@@ -75,6 +79,8 @@ class SyncLogRepositoryImpl implements SyncLogRepository {
            id: r.id,
            result: r.result,
            errorMessage: r.errorMessage,
+            stackTrace: r.errorStackTrace,
+            isPermanent: r.isPermanent,
            protocol: r.protocol,
            emailsFetched: r.itemsSynced,
            emailsSkipped: r.emailsSkipped,
@@ -0,0 +1,95 @@
+import 'package:drift/drift.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart' as pref;
+import 'package:sharedinbox/core/repositories/user_preferences_repository.dart';
+import 'package:sharedinbox/data/db/database.dart';
+
+class UserPreferencesRepositoryImpl implements UserPreferencesRepository {
+  UserPreferencesRepositoryImpl(this._db);
+
+  final AppDatabase _db;
+  static const _rowId = 1;
+
+  @override
+  Stream<pref.UserPreferences> observePreferences() {
+    return (_db.select(
+      _db.userPreferences,
+    )..where((t) => t.id.equals(_rowId)))
+        .watchSingleOrNull()
+        .map(_rowToModel);
+  }
+
+  @override
+  Future<void> updateMenuPosition(pref.MenuPosition position) async {
+    await _db.into(_db.userPreferences).insertOnConflictUpdate(
+          UserPreferencesCompanion(
+            id: const Value(_rowId),
+            menuPosition: Value(position.name),
+          ),
+        );
+  }
+
+  @override
+  Future<void> updateMailViewButtonPosition(pref.MenuPosition position) async {
+    await _db.into(_db.userPreferences).insertOnConflictUpdate(
+          UserPreferencesCompanion(
+            id: const Value(_rowId),
+            mailViewButtonPosition: Value(position.name),
+          ),
+        );
+  }
+
+  @override
+  Future<void> updateAfterMailViewAction(
+    pref.AfterMailViewAction action,
+  ) async {
+    await _db.into(_db.userPreferences).insertOnConflictUpdate(
+          UserPreferencesCompanion(
+            id: const Value(_rowId),
+            afterMailViewAction: Value(action.name),
+          ),
+        );
+  }
+
+  @override
+  Stream<List<String>> observeTrustedImageSenders() {
+    return (_db.select(_db.imageTrustedSenders)
+          ..orderBy([(t) => OrderingTerm.desc(t.addedAt)]))
+        .watch()
+        .map((rows) => rows.map((r) => r.senderEmail).toList());
+  }
+
+  @override
+  Future<void> addTrustedImageSender(String senderEmail) async {
+    await _db.into(_db.imageTrustedSenders).insertOnConflictUpdate(
+          ImageTrustedSendersCompanion(
+            senderEmail: Value(senderEmail.toLowerCase()),
+            addedAt: Value(DateTime.now()),
+          ),
+        );
+  }
+
+  @override
+  Future<void> removeTrustedImageSender(String senderEmail) async {
+    await (_db.delete(_db.imageTrustedSenders)
+          ..where((t) => t.senderEmail.equals(senderEmail.toLowerCase())))
+        .go();
+  }
+
+  static pref.UserPreferences _rowToModel(UserPreferencesRow? row) {
+    if (row == null) return const pref.UserPreferences();
+    return pref.UserPreferences(
+      menuPosition: pref.MenuPosition.values.firstWhere(
+        (e) => e.name == row.menuPosition,
+        orElse: () => pref.MenuPosition.bottom,
+      ),
+      mailViewButtonPosition: pref.MenuPosition.values.firstWhere(
+        (e) => e.name == row.mailViewButtonPosition,
+        orElse: () => pref.MenuPosition.bottom,
+      ),
+      afterMailViewAction: pref.AfterMailViewAction.values.firstWhere(
+        (e) => e.name == row.afterMailViewAction,
+        orElse: () => pref.AfterMailViewAction.nextMessage,
+      ),
+    );
+  }
+}
@@ -5,13 +5,16 @@ import 'package:http/http.dart' as http;
 import 'package:sharedinbox/core/models/account.dart' as model;
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/repositories/account_repository.dart';
 import 'package:sharedinbox/core/repositories/draft_repository.dart';
 import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
 import 'package:sharedinbox/core/repositories/search_history_repository.dart';
 import 'package:sharedinbox/core/repositories/share_key_repository.dart';
+import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
 import 'package:sharedinbox/core/repositories/undo_repository.dart';
+import 'package:sharedinbox/core/repositories/user_preferences_repository.dart';
 import 'package:sharedinbox/core/services/account_discovery_service.dart';
 import 'package:sharedinbox/core/services/connection_test_service.dart';
 import 'package:sharedinbox/core/services/managesieve_probe_service.dart';
@@ -20,7 +23,8 @@ import 'package:sharedinbox/core/services/undo_service.dart';
 import 'package:sharedinbox/core/storage/secure_storage.dart';
 import 'package:sharedinbox/core/sync/account_sync_manager.dart';
 import 'package:sharedinbox/core/sync/reliability_runner.dart';
-import 'package:sharedinbox/data/db/database.dart' hide Email, EmailBody;
+import 'package:sharedinbox/data/db/database.dart'
+    hide Email, EmailBody, UserPreferences;
 import 'package:sharedinbox/data/db/local_sieve_repository.dart';
 import 'package:sharedinbox/data/imap/imap_client_factory.dart';
 import 'package:sharedinbox/data/jmap/sieve_repository.dart';
@@ -32,6 +36,7 @@ import 'package:sharedinbox/data/repositories/search_history_repository_impl.dar
 import 'package:sharedinbox/data/repositories/share_key_repository_impl.dart';
 import 'package:sharedinbox/data/repositories/sync_log_repository_impl.dart';
 import 'package:sharedinbox/data/repositories/undo_repository_impl.dart';
+import 'package:sharedinbox/data/repositories/user_preferences_repository_impl.dart';
 import 'package:sharedinbox/data/storage/flutter_secure_storage_impl.dart';

 /// Swappable IMAP connection factory — override in tests to use plaintext.
@@ -96,12 +101,13 @@ final undoRepositoryProvider = Provider<UndoRepository>((ref) {
  return UndoRepositoryImpl(ref.watch(dbProvider));
 });

-final searchHistoryRepositoryProvider =
-    Provider<SearchHistoryRepository>((ref) {
+final searchHistoryRepositoryProvider = Provider<SearchHistoryRepository>((
+  ref,
+) {
  return SearchHistoryRepositoryImpl(ref.watch(dbProvider));
 });

-final syncLogRepositoryProvider = Provider((ref) {
+final syncLogRepositoryProvider = Provider<SyncLogRepository>((ref) {
  return SyncLogRepositoryImpl(ref.watch(dbProvider));
 });

@@ -130,8 +136,10 @@ final syncHealthProvider =
      .watchSingleOrNull();
 });

-final isSyncingProvider =
-    StreamProvider.autoDispose.family<bool, String>((ref, accountId) {
+final isSyncingProvider = StreamProvider.autoDispose.family<bool, String>((
+  ref,
+  accountId,
+) {
  return ref.watch(syncManagerProvider).watchSyncing(accountId);
 });

@@ -180,12 +188,9 @@ final manageSieveProbeServiceProvider = Provider<ManageSieveProbeService>((
  return ManageSieveProbeService(ref.watch(accountRepositoryProvider));
 });

-final undoServiceProvider =
-    StateNotifierProvider<UndoService, List<UndoAction>>((ref) {
-  final service = UndoService(ref);
-  unawaited(service.init());
-  return service;
-});
+final undoServiceProvider = NotifierProvider<UndoService, List<UndoAction>>(
+  UndoService.new,
+);

 /// Loads email header + body and marks the email as seen.
 /// Owned by [EmailDetailScreen]; decouples data loading from the widget tree.
@@ -194,20 +199,50 @@ final emailDetailProvider = AsyncNotifierProvider.autoDispose
  EmailDetailNotifier.new,
 );

-class EmailDetailNotifier
-    extends AutoDisposeFamilyAsyncNotifier<(Email?, EmailBody), String> {
+class EmailDetailNotifier extends AsyncNotifier<(Email?, EmailBody)> {
+  EmailDetailNotifier(this._emailId);
+  final String _emailId;
+
  @override
-  Future<(Email?, EmailBody)> build(String emailId) async {
+  Future<(Email?, EmailBody)> build() async {
    final repo = ref.read(emailRepositoryProvider);
    final results = await Future.wait([
-      repo.getEmail(emailId),
-      repo.getEmailBody(emailId),
+      repo.getEmail(_emailId),
+      repo.getEmailBody(_emailId),
    ]);
-    unawaited(repo.setFlag(emailId, seen: true));
+    unawaited(repo.setFlag(_emailId, seen: true));
+    final header = results[0] as Email?;
+    if (header != null) {
+      unawaited(_prefetchNextEmailBody(repo, header));
+    }
    return (results[0] as Email?, results[1] as EmailBody);
  }
+
+  Future<void> _prefetchNextEmailBody(
+    EmailRepository repo,
+    Email header,
+  ) async {
+    final prefs = ref.read(userPreferencesProvider).value;
+    final action =
+        prefs?.afterMailViewAction ?? AfterMailViewAction.nextMessage;
+    if (action != AfterMailViewAction.nextMessage) return;
+
+    final threads =
+        await repo.observeThreads(header.accountId, header.mailboxPath).first;
+    final currentIndex = threads.indexWhere(
+      (t) => t.emailIds.contains(_emailId),
+    );
+    if (currentIndex < 0 || currentIndex + 1 >= threads.length) return;
+
+    final nextId = threads[currentIndex + 1].latestEmailId;
+    await repo.getEmailBody(nextId);
+  }
 }

+final allAccountsProvider = StreamProvider<List<model.Account>>((ref) {
+  return ref.watch(accountRepositoryProvider).observeAccounts();
+});
+
 final accountByIdProvider =
    StreamProvider.autoDispose.family<model.Account?, String>((ref, accountId) {
  return ref.watch(accountRepositoryProvider).observeAccounts().map(
@@ -228,3 +263,22 @@ final accountConnectionStatusProvider =
      .read(connectionTestServiceProvider)
      .testConnection(account, password);
 });
+
+final userPreferencesRepositoryProvider = Provider<UserPreferencesRepository>((
+  ref,
+) {
+  return UserPreferencesRepositoryImpl(ref.watch(dbProvider));
+});
+
+final userPreferencesProvider = StreamProvider.autoDispose<UserPreferences>((
+  ref,
+) {
+  return ref.watch(userPreferencesRepositoryProvider).observePreferences();
+});
+
+final trustedImageSendersProvider =
+    StreamProvider.autoDispose<List<String>>((ref) {
+  return ref
+      .watch(userPreferencesRepositoryProvider)
+      .observeTrustedImageSenders();
+});
@@ -3,6 +3,7 @@ import 'dart:io';

 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_riverpod/misc.dart' show Override;

 import 'package:sharedinbox/core/services/notification_service.dart';
 import 'package:sharedinbox/core/sync/background_sync.dart';
@@ -9,6 +9,7 @@ import 'package:sharedinbox/ui/screens/account_send_screen.dart';
 import 'package:sharedinbox/ui/screens/add_account_screen.dart';
 import 'package:sharedinbox/ui/screens/address_emails_screen.dart';
 import 'package:sharedinbox/ui/screens/changelog_screen.dart';
+import 'package:sharedinbox/ui/screens/combined_inbox_screen.dart';
 import 'package:sharedinbox/ui/screens/compose_screen.dart';
 import 'package:sharedinbox/ui/screens/edit_account_screen.dart';
 import 'package:sharedinbox/ui/screens/email_detail_screen.dart';
@@ -20,14 +21,19 @@ import 'package:sharedinbox/ui/screens/sieve_scripts_screen.dart';
 import 'package:sharedinbox/ui/screens/sync_log_screen.dart';
 import 'package:sharedinbox/ui/screens/thread_detail_screen.dart';
 import 'package:sharedinbox/ui/screens/undo_log_screen.dart';
+import 'package:sharedinbox/ui/screens/user_preferences_screen.dart';
 import 'package:sharedinbox/ui/widgets/undo_shell.dart';

 final router = GoRouter(
-  initialLocation: '/accounts',
+  initialLocation: '/inbox',
  routes: [
    ShellRoute(
      builder: (ctx, state, child) => UndoShell(child: child),
      routes: [
+        GoRoute(
+          path: '/inbox',
+          builder: (ctx, state) => const CombinedInboxScreen(),
+        ),
        GoRoute(
          path: '/accounts',
          builder: (ctx, state) => const AccountListScreen(),
@@ -56,6 +62,10 @@ final router = GoRouter(
              path: 'about',
              builder: (ctx, state) => const AboutScreen(),
            ),
+            GoRoute(
+              path: 'preferences',
+              builder: (ctx, state) => const UserPreferencesScreen(),
+            ),
            GoRoute(
              path: ':accountId/edit',
              builder: (ctx, state) => EditAccountScreen(
@@ -1,13 +1,13 @@
 import 'dart:async';
-import 'dart:io';

 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
-import 'package:flutter_markdown/flutter_markdown.dart';
+import 'package:flutter_markdown_plus/flutter_markdown_plus.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:package_info_plus/package_info_plus.dart';
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/utils/about_markdown.dart';
 import 'package:url_launcher/url_launcher.dart';

 class AboutScreen extends ConsumerStatefulWidget {
@@ -19,53 +19,22 @@ class AboutScreen extends ConsumerStatefulWidget {

 class _AboutScreenState extends ConsumerState<AboutScreen> {
  final Future<PackageInfo> _packageInfoFuture = PackageInfo.fromPlatform();
+  late final Future<String?> _deviceModelFuture;
  late final Stream<List<Account>> _accountsStream;
-
-  static const _gitHash = String.fromEnvironment('GIT_HASH');
+  String? _deviceModel;

  @override
  void initState() {
    super.initState();
    _accountsStream = ref.read(accountRepositoryProvider).observeAccounts();
+    _deviceModelFuture = getDeviceModel();
+    unawaited(
+      _deviceModelFuture.then((model) {
+        if (mounted) setState(() => _deviceModel = model);
+      }),
+    );
  }

-  String _buildMarkdown(
-    BuildContext context,
-    PackageInfo? pkg,
-    int imapCount,
-    int jmapCount,
-  ) {
-    final size = MediaQuery.of(context).size;
-    final pixelRatio = MediaQuery.of(context).devicePixelRatio;
-    final physW = (size.width * pixelRatio).toInt();
-    final physH = (size.height * pixelRatio).toInt();
-    final version =
-        pkg != null ? '${pkg.version}+${pkg.buildNumber}' : 'unknown';
-    final versionDisplay = _gitHash.isNotEmpty
-        ? '[$version](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash)'
-        : version;
-    final osName = _capitalize(Platform.operatingSystem);
-    final isDark = MediaQuery.of(context).platformBrightness == Brightness.dark;
-
-    return '## sharedinbox.de\n\n'
-        '| Property | Value |\n'
-        '|----------|-------|\n'
-        '| App Version | $versionDisplay |\n'
-        '| Platform | ${Platform.operatingSystem} |\n'
-        '| $osName Version | ${Platform.operatingSystemVersion} |\n'
-        '| Resolution | ${physW}x$physH px'
-        ' (logical: ${size.width.toInt()}x${size.height.toInt()} pt,'
-        ' ratio: ${pixelRatio.toStringAsFixed(1)}x) |\n'
-        '| Dart Version | ${Platform.version.split(' ').first} |\n'
-        '| Processors | ${Platform.numberOfProcessors} |\n'
-        '| Dark Mode | ${isDark ? 'yes' : 'no'} |\n'
-        '| IMAP Accounts | $imapCount |\n'
-        '| JMAP Accounts | $jmapCount |\n';
-  }
-
-  static String _capitalize(String s) =>
-      s.isEmpty ? s : '${s[0].toUpperCase()}${s.substring(1)}';
-
  Future<void> _copyToClipboard(
    BuildContext context,
    int imapCount,
@@ -75,10 +44,20 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    try {
      pkg = await _packageInfoFuture;
    } catch (_) {}
+    String? deviceModel;
+    try {
+      deviceModel = await _deviceModelFuture;
+    } catch (_) {}
    if (!context.mounted) return;
    await Clipboard.setData(
      ClipboardData(
-        text: _buildMarkdown(context, pkg, imapCount, jmapCount),
+        text: buildAboutMarkdown(
+          context: context,
+          pkg: pkg,
+          imapCount: imapCount,
+          jmapCount: jmapCount,
+          deviceModel: deviceModel,
+        ),
      ),
    );
    if (context.mounted) {
@@ -91,6 +70,32 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    }
  }

+  Future<void> _launchUrl(BuildContext context, Uri url) async {
+    try {
+      final launched = await launchUrl(
+        url,
+        mode: LaunchMode.externalApplication,
+      );
+      if (!launched && context.mounted) {
+        ScaffoldMessenger.of(context).showSnackBar(
+          const SnackBar(
+            duration: Duration(seconds: 5),
+            content: Text('Could not open browser.'),
+          ),
+        );
+      }
+    } catch (e) {
+      if (context.mounted) {
+        ScaffoldMessenger.of(context).showSnackBar(
+          SnackBar(
+            duration: const Duration(seconds: 5),
+            content: Text('Error: $e'),
+          ),
+        );
+      }
+    }
+  }
+
  Future<void> _createIssue(
    BuildContext context,
    int imapCount,
@@ -100,16 +105,28 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
    try {
      pkg = await _packageInfoFuture;
    } catch (_) {}
+    String? deviceModel;
+    try {
+      deviceModel = await _deviceModelFuture;
+    } catch (_) {}
    if (!context.mounted) return;
    final body = Uri.encodeComponent(
-      _buildMarkdown(context, pkg, imapCount, jmapCount),
+      buildAboutMarkdown(
+        context: context,
+        pkg: pkg,
+        imapCount: imapCount,
+        jmapCount: jmapCount,
+        deviceModel: deviceModel,
+      ),
    );
    final url = Uri.parse(
      'https://codeberg.org/guettli/sharedinbox/issues/new?body=$body',
    );
    try {
-      final launched =
-          await launchUrl(url, mode: LaunchMode.externalApplication);
+      final launched = await launchUrl(
+        url,
+        mode: LaunchMode.externalApplication,
+      );
      if (!launched && context.mounted) {
        ScaffoldMessenger.of(context).showSnackBar(
          const SnackBar(
@@ -153,21 +170,17 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
                      return const Center(child: CircularProgressIndicator());
                    }
                    return Markdown(
-                      data: _buildMarkdown(
-                        context,
-                        snapshot.data,
-                        imapCount,
-                        jmapCount,
+                      data: buildAboutMarkdown(
+                        context: context,
+                        pkg: snapshot.data,
+                        imapCount: imapCount,
+                        jmapCount: jmapCount,
+                        deviceModel: _deviceModel,
                      ),
                      selectable: true,
                      onTapLink: (text, href, title) {
                        if (href != null) {
-                          unawaited(
-                            launchUrl(
-                              Uri.parse(href),
-                              mode: LaunchMode.externalApplication,
-                            ),
-                          );
+                          unawaited(_launchUrl(context, Uri.parse(href)));
                        }
                      },
                    );
@@ -1,4 +1,5 @@
 import 'dart:async';
+import 'dart:convert';

 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
@@ -66,6 +67,14 @@ class AccountListScreen extends ConsumerWidget {
                unawaited(context.push('/accounts/about'));
              },
            ),
+            ListTile(
+              leading: const Icon(Icons.settings),
+              title: const Text('Preferences'),
+              onTap: () {
+                Navigator.pop(context); // Close drawer
+                unawaited(context.push('/accounts/preferences'));
+              },
+            ),
          ],
        ),
      ),
@@ -111,20 +120,80 @@ class _AccountTile extends ConsumerWidget {
    final health = ref.watch(syncHealthProvider(account.id));
    final typeLabel = account.type == AccountType.jmap ? 'JMAP' : 'IMAP';

-    return ListTile(
-      leading: const Icon(Icons.account_circle),
-      title: Text(account.displayName),
-      subtitle: Column(
-        crossAxisAlignment: CrossAxisAlignment.start,
-        children: [
-          Text('${account.email}\n$typeLabel'),
-          const SizedBox(height: 4),
-          health.when(
+    return Column(
+      crossAxisAlignment: CrossAxisAlignment.start,
+      children: [
+        ListTile(
+          leading: const Icon(Icons.account_circle),
+          title: Text(account.displayName),
+          subtitle: Text('${account.email}\n$typeLabel'),
+          isThreeLine: true,
+          trailing: Row(
+            mainAxisSize: MainAxisSize.min,
+            children: [
+              status.when(
+                loading: () => const SizedBox(
+                  width: 20,
+                  height: 20,
+                  child: CircularProgressIndicator(strokeWidth: 2),
+                ),
+                data: (_) =>
+                    const Icon(Icons.check_circle, color: Colors.green),
+                error: (e, _) => Tooltip(
+                  message: e.toString(),
+                  child: const Icon(Icons.error_outline, color: Colors.red),
+                ),
+              ),
+              PopupMenuButton<_AccountAction>(
+                onSelected: (action) => _onAction(context, action),
+                itemBuilder: (_) => [
+                  const PopupMenuItem(
+                    value: _AccountAction.syncLog,
+                    child: Text('Sync log'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.verifySync,
+                    child: Text('Verify sync health'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.forceSync,
+                    child: Text('Force full sync'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.edit,
+                    child: Text('Edit'),
+                  ),
+                  if (_sieveSupported(account))
+                    const PopupMenuItem(
+                      value: _AccountAction.emailFiltersRemote,
+                      child: Text('Server email filters'),
+                    ),
+                  const PopupMenuItem(
+                    value: _AccountAction.emailFiltersLocal,
+                    child: Text('Local email filters'),
+                  ),
+                  const PopupMenuItem(
+                    value: _AccountAction.send,
+                    child: Text('Send accounts'),
+                  ),
+                  const PopupMenuDivider(),
+                  const PopupMenuItem(
+                    value: _AccountAction.delete,
+                    child: Text('Delete'),
+                  ),
+                ],
+              ),
+            ],
+          ),
+          onTap: () => context.push('/accounts/${account.id}/mailboxes'),
+        ),
+        Padding(
+          padding: const EdgeInsets.fromLTRB(72, 0, 16, 8),
+          child: health.when(
            data: (h) {
              if (h == null) return const Text('Sync health: Not verified yet');
              final date = h.lastVerifiedAt.toLocal().toString().split('.')[0];
              return Row(
-                mainAxisSize: MainAxisSize.min,
                children: [
                  const Text('Sync health: '),
                  Icon(
@@ -133,7 +202,13 @@ class _AccountTile extends ConsumerWidget {
                    color: h.isHealthy ? Colors.green : Colors.orange,
                  ),
                  const SizedBox(width: 4),
-                  Text(h.isHealthy ? 'Healthy' : 'Discrepancies found'),
+                  Expanded(
+                    child: Text(
+                      h.isHealthy
+                          ? 'Healthy'
+                          : _formatDiscrepancies(h.discrepancySummary),
+                    ),
+                  ),
                  Text(' ($date)', style: const TextStyle(fontSize: 10)),
                ],
              );
@@ -141,66 +216,8 @@ class _AccountTile extends ConsumerWidget {
            loading: () => const Text('Sync health: checking...'),
            error: (e, _) => Text('Sync health error: $e'),
          ),
-        ],
-      ),
-      isThreeLine: true,
-      trailing: Row(
-        mainAxisSize: MainAxisSize.min,
-        children: [
-          status.when(
-            loading: () => const SizedBox(
-              width: 20,
-              height: 20,
-              child: CircularProgressIndicator(strokeWidth: 2),
-            ),
-            data: (_) => const Icon(Icons.check_circle, color: Colors.green),
-            error: (e, _) => Tooltip(
-              message: e.toString(),
-              child: const Icon(Icons.error_outline, color: Colors.red),
-            ),
-          ),
-          PopupMenuButton<_AccountAction>(
-            onSelected: (action) => _onAction(context, action),
-            itemBuilder: (_) => [
-              const PopupMenuItem(
-                value: _AccountAction.syncLog,
-                child: Text('Sync log'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.verifySync,
-                child: Text('Verify sync health'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.forceSync,
-                child: Text('Force full sync'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.edit,
-                child: Text('Edit'),
-              ),
-              if (_sieveSupported(account))
-                const PopupMenuItem(
-                  value: _AccountAction.emailFiltersRemote,
-                  child: Text('Server email filters'),
-                ),
-              const PopupMenuItem(
-                value: _AccountAction.emailFiltersLocal,
-                child: Text('Local email filters'),
-              ),
-              const PopupMenuItem(
-                value: _AccountAction.send,
-                child: Text('Send accounts'),
-              ),
-              const PopupMenuDivider(),
-              const PopupMenuItem(
-                value: _AccountAction.delete,
-                child: Text('Delete'),
-              ),
-            ],
-          ),
-        ],
-      ),
-      onTap: () => context.push('/accounts/${account.id}/mailboxes'),
+        ),
+      ],
    );
  }

@@ -293,6 +310,30 @@ class _AccountTile extends ConsumerWidget {
  }
 }

+String _formatDiscrepancies(String? summary) {
+  if (summary == null) return 'Discrepancies found';
+  try {
+    final decoded = jsonDecode(summary) as Map<String, dynamic>;
+    var missingLocally = 0;
+    var missingOnServer = 0;
+    var flagMismatches = 0;
+    for (final v in decoded.values) {
+      final m = v as Map<String, dynamic>;
+      missingLocally += (m['missingLocally'] as int? ?? 0);
+      missingOnServer += (m['missingOnServer'] as int? ?? 0);
+      flagMismatches += (m['flagMismatches'] as int? ?? 0);
+    }
+    final parts = <String>[];
+    if (missingLocally > 0) parts.add('missing locally: $missingLocally');
+    if (missingOnServer > 0) parts.add('missing on server: $missingOnServer');
+    if (flagMismatches > 0) parts.add('flag mismatches: $flagMismatches');
+    if (parts.isEmpty) return 'Discrepancies found';
+    return 'Discrepancies found (${parts.join(', ')})';
+  } catch (_) {
+    return 'Discrepancies found';
+  }
+}
+
 class _OnboardingView extends StatelessWidget {
  const _OnboardingView();

@@ -32,11 +32,15 @@ enum _Step { generatingKey, showingPubKey, scanning, importing, done, error }
 class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
  _Step _step = _Step.generatingKey;
  ShareKeyMaterial? _keyMaterial;
+  DateTime? _keyExpiresAt;
  String? _pubKeyQr;
  String? _errorMessage;
  bool _scannerActive = false;

  MobileScannerController? _scannerController;
+  // True when the scanner plugin fails to initialise at runtime (e.g.
+  // MissingPluginException on some Android builds).
+  bool _scannerFailed = false;

  @override
  void initState() {
@@ -61,6 +65,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
      );
      setState(() {
        _keyMaterial = material;
+        _keyExpiresAt = DateTime.now().toUtc().add(const Duration(minutes: 20));
        _pubKeyQr = qr;
        _step = _Step.showingPubKey;
      });
@@ -76,8 +81,37 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
    setState(() {
      _step = _Step.scanning;
      _scannerActive = true;
-      _scannerController = MobileScannerController();
    });
+    if (_cameraScanSupported()) {
+      unawaited(_initScanner());
+    }
+  }
+
+  // Pre-flight: probe the scanner's permission-state method to verify the
+  // plugin is registered.  MissingPluginException is thrown on Android builds
+  // where the plugin is not linked (issue #204).  All other exceptions mean
+  // the plugin exists but something else failed — the MobileScanner widget
+  // will surface those via its own error builder.
+  Future<void> _initScanner() async {
+    bool available = false;
+    try {
+      await const MethodChannel(
+        'dev.steenbakker.mobile_scanner/scanner/method',
+      ).invokeMethod<int>('state');
+      available = true;
+    } on MissingPluginException {
+      // Plugin not registered on this device; text fallback will be shown.
+    } catch (_) {
+      // Plugin registered but state check failed; let the scanner widget
+      // handle it via its errorBuilder.
+      available = true;
+    }
+    if (!mounted) return;
+    if (available) {
+      setState(() => _scannerController = MobileScannerController());
+    } else {
+      setState(() => _scannerFailed = true);
+    }
  }

  Future<void> _onScanned(String rawValue) async {
@@ -185,11 +219,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
            ),
          ),
        _Step.done => const Center(
-            child: Icon(
-              Icons.check_circle,
-              size: 64,
-              color: Colors.green,
-            ),
+            child: Icon(Icons.check_circle, size: 64, color: Colors.green),
          ),
        _Step.error => Center(
            child: Padding(
@@ -244,7 +274,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
            },
          ),
          const SizedBox(height: 8),
-          const _ExpiryHint(),
+          _ExpiryHint(expiresAt: _keyExpiresAt!),
          const SizedBox(height: 32),
          if (_errorMessage != null) ...[
            Text(
@@ -266,11 +296,14 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
  }

  Widget _buildScannerView(BuildContext context) {
-    // On platforms where the camera scanner is not available (Linux desktop),
-    // fall back to a text-input field.
-    if (!_cameraScanSupported()) {
+    // Fall back to text input when the platform has no camera support or when
+    // the scanner plugin fails to initialise at runtime (MissingPluginException).
+    if (!_cameraScanSupported() || _scannerFailed) {
      return _buildTextFallbackView(context);
    }
+    if (_scannerController == null) {
+      return const Center(child: CircularProgressIndicator());
+    }

    return Stack(
      children: [
@@ -371,8 +404,37 @@ bool _cameraScanSupported() =>
    Platform.isMacOS ||
    Platform.isWindows;

-class _ExpiryHint extends StatelessWidget {
-  const _ExpiryHint();
+class _ExpiryHint extends StatefulWidget {
+  const _ExpiryHint({required this.expiresAt});
+
+  final DateTime expiresAt;
+
+  @override
+  State<_ExpiryHint> createState() => _ExpiryHintState();
+}
+
+class _ExpiryHintState extends State<_ExpiryHint> {
+  late Timer _timer;
+
+  @override
+  void initState() {
+    super.initState();
+    _timer = Timer.periodic(const Duration(seconds: 1), (_) => setState(() {}));
+  }
+
+  @override
+  void dispose() {
+    _timer.cancel();
+    super.dispose();
+  }
+
+  String _formatRemaining() {
+    final remaining = widget.expiresAt.difference(DateTime.now().toUtc());
+    if (remaining.isNegative) return 'expired';
+    final minutes = remaining.inMinutes;
+    final seconds = remaining.inSeconds % 60;
+    return '${minutes.toString().padLeft(2, '0')}:${seconds.toString().padLeft(2, '0')}';
+  }

  @override
  Widget build(BuildContext context) {
@@ -382,7 +444,7 @@ class _ExpiryHint extends StatelessWidget {
        Icon(Icons.timer_outlined, size: 14, color: Colors.grey[600]),
        const SizedBox(width: 4),
        Text(
-          'This key expires in 20 minutes',
+          'This key expires in ${_formatRemaining()}',
          style: TextStyle(fontSize: 12, color: Colors.grey[600]),
        ),
      ],
@@ -45,12 +45,42 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
  bool _scannerActive = true;

  MobileScannerController? _scannerController;
+  // True when the scanner plugin fails to initialise at runtime (e.g.
+  // MissingPluginException on some Android builds).
+  bool _scannerFailed = false;

  @override
  void initState() {
    super.initState();
    if (_cameraScanSupported()) {
-      _scannerController = MobileScannerController();
+      unawaited(_initScanner());
+    }
+  }
+
+  // Pre-flight: probe the scanner's permission-state method to verify the
+  // plugin is registered.  MissingPluginException is thrown on Android builds
+  // where the plugin is not linked (issue #204).  All other exceptions mean
+  // the plugin exists but something else failed — the MobileScanner widget
+  // will surface those via its own error builder.
+  Future<void> _initScanner() async {
+    bool available = false;
+    try {
+      await const MethodChannel(
+        'dev.steenbakker.mobile_scanner/scanner/method',
+      ).invokeMethod<int>('state');
+      available = true;
+    } on MissingPluginException {
+      // Plugin not registered on this device; text fallback will be shown.
+    } catch (_) {
+      // Plugin registered but state check failed; let the scanner widget
+      // handle it via its errorBuilder.
+      available = true;
+    }
+    if (!mounted) return;
+    if (available) {
+      setState(() => _scannerController = MobileScannerController());
+    } else {
+      setState(() => _scannerFailed = true);
    }
  }

@@ -128,10 +158,7 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
    for (final account in selected) {
      final password = await repo.getPassword(account.id);
      payloads.add(
-        AccountPayload(
-          accountJson: account.toJson(),
-          password: password,
-        ),
+        AccountPayload(accountJson: account.toJson(), password: password),
      );
    }

@@ -178,9 +205,12 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
  }

  Widget _buildScanStep(BuildContext context) {
-    if (!_cameraScanSupported()) {
+    if (!_cameraScanSupported() || _scannerFailed) {
      return _buildTextFallbackView(context);
    }
+    if (_scannerController == null) {
+      return const Center(child: CircularProgressIndicator());
+    }

    return Stack(
      children: [
@@ -328,9 +358,7 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
              unawaited(Clipboard.setData(ClipboardData(text: _encryptedQr!)));
              ScaffoldMessenger.of(context).showSnackBar(
                const SnackBar(
-                  content: Text(
-                    'Encrypted code copied to clipboard',
-                  ),
+                  content: Text('Encrypted code copied to clipboard'),
                ),
              );
            },
@@ -1,8 +1,7 @@
 import 'dart:async';

 import 'package:flutter/material.dart';
-import 'package:flutter/services.dart' show rootBundle;
-import 'package:flutter_markdown/flutter_markdown.dart';
+import 'package:flutter_markdown_plus/flutter_markdown_plus.dart';
 import 'package:url_launcher/url_launcher.dart';

 class ChangeLogScreen extends StatelessWidget {
@@ -13,7 +12,9 @@ class ChangeLogScreen extends StatelessWidget {
    return Scaffold(
      appBar: AppBar(title: const Text('ChangeLog')),
      body: FutureBuilder<String>(
-        future: rootBundle.loadString('assets/changelog.txt'),
+        future: DefaultAssetBundle.of(
+          context,
+        ).loadString('assets/changelog.txt'),
        builder: (context, snapshot) {
          if (snapshot.connectionState == ConnectionState.waiting) {
            return const Center(child: CircularProgressIndicator());
@@ -0,0 +1,393 @@
+import 'dart:async';
+
+import 'package:flutter/material.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:go_router/go_router.dart';
+import 'package:intl/intl.dart';
+
+import 'package:sharedinbox/core/models/account.dart';
+import 'package:sharedinbox/core/models/email.dart';
+import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/di.dart';
+
+final _dateFmt = DateFormat('MMM d');
+final _formattedDates = <int, String>{};
+
+int _dayKey(DateTime dt) => dt.year * 10000 + dt.month * 100 + dt.day;
+
+String _fmtDate(DateTime dt) =>
+    _formattedDates[_dayKey(dt)] ??= _dateFmt.format(dt);
+
+class CombinedInboxScreen extends ConsumerStatefulWidget {
+  const CombinedInboxScreen({super.key});
+
+  @override
+  ConsumerState<CombinedInboxScreen> createState() =>
+      _CombinedInboxScreenState();
+}
+
+class _CombinedInboxScreenState extends ConsumerState<CombinedInboxScreen> {
+  static const _pageSize = 50;
+  int _limit = _pageSize;
+
+  @override
+  Widget build(BuildContext context) {
+    final accountsAsync = ref.watch(allAccountsProvider);
+
+    return accountsAsync.when(
+      loading: () => const Scaffold(
+        body: Center(child: CircularProgressIndicator()),
+      ),
+      error: (e, _) => Scaffold(
+        body: Center(child: Text('Error: $e')),
+      ),
+      data: (accounts) {
+        if (accounts.isEmpty) {
+          WidgetsBinding.instance.addPostFrameCallback((_) {
+            if (context.mounted) context.go('/accounts');
+          });
+          return const Scaffold(
+            body: Center(child: CircularProgressIndicator()),
+          );
+        }
+
+        final accountNames = {
+          for (final a in accounts) a.id: a.displayName,
+        };
+        final showAccount = accounts.length > 1;
+
+        return Scaffold(
+          appBar: _buildAppBar(accounts),
+          drawer: _buildDrawer(context, accounts),
+          body: _buildBody(accountNames, showAccount),
+          floatingActionButton: FloatingActionButton(
+            onPressed: () => context.push('/compose'),
+            child: const Icon(Icons.edit),
+          ),
+        );
+      },
+    );
+  }
+
+  PreferredSizeWidget _buildAppBar(List<Account> accounts) {
+    return AppBar(
+      title: const Text('Combined Inbox'),
+      actions: [
+        IconButton(
+          icon: const Icon(Icons.search),
+          tooltip: 'Search',
+          onPressed: () => context.push('/search'),
+        ),
+        IconButton(
+          icon: const Icon(Icons.sync),
+          tooltip: 'Sync all',
+          onPressed: () {
+            for (final a in accounts) {
+              ref.read(syncManagerProvider).syncNow(a.id);
+            }
+          },
+        ),
+      ],
+    );
+  }
+
+  Widget _buildDrawer(BuildContext context, List<Account> accounts) {
+    return Drawer(
+      child: ListView(
+        padding: EdgeInsets.zero,
+        children: [
+          const DrawerHeader(
+            decoration: BoxDecoration(color: Colors.blueGrey),
+            child: Text(
+              'sharedinbox.de',
+              style: TextStyle(color: Colors.white, fontSize: 24),
+            ),
+          ),
+          ListTile(
+            leading: const Icon(Icons.manage_accounts),
+            title: const Text('Accounts'),
+            onTap: () {
+              Navigator.pop(context);
+              context.go('/accounts');
+            },
+          ),
+          ListTile(
+            leading: const Icon(Icons.person_add),
+            title: const Text('Add account'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/add'));
+            },
+          ),
+          const Divider(),
+          for (final account in accounts)
+            ListTile(
+              leading: const Icon(Icons.inbox),
+              title: Text(account.displayName),
+              subtitle: Text(account.email),
+              onTap: () {
+                Navigator.pop(context);
+                unawaited(context.push('/accounts/${account.id}/mailboxes'));
+              },
+            ),
+          const Divider(),
+          ListTile(
+            leading: const Icon(Icons.settings),
+            title: const Text('Preferences'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/preferences'));
+            },
+          ),
+          ListTile(
+            leading: const Icon(Icons.history),
+            title: const Text('Undo Log'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/undo-log'));
+            },
+          ),
+          ListTile(
+            leading: const Icon(Icons.info_outline),
+            title: const Text('About'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/about'));
+            },
+          ),
+        ],
+      ),
+    );
+  }
+
+  Widget _buildBody(Map<String, String> accountNames, bool showAccount) {
+    final emailRepo = ref.watch(emailRepositoryProvider);
+    return RefreshIndicator(
+      onRefresh: () async {
+        final accounts = ref.read(allAccountsProvider).value ?? [];
+        for (final a in accounts) {
+          ref.read(syncManagerProvider).syncNow(a.id);
+        }
+      },
+      child: StreamBuilder<List<EmailThread>>(
+        stream: emailRepo.observeAllInboxThreads(limit: _limit),
+        builder: (ctx, snap) {
+          if (!snap.hasData) {
+            return const Center(child: CircularProgressIndicator());
+          }
+          final threads = snap.data!;
+          if (threads.isEmpty) {
+            return ListView(
+              children: const [
+                SizedBox(
+                  height: 300,
+                  child: Center(child: Text('No emails')),
+                ),
+              ],
+            );
+          }
+          return _buildThreadList(threads, accountNames, showAccount);
+        },
+      ),
+    );
+  }
+
+  Widget _buildThreadList(
+    List<EmailThread> threads,
+    Map<String, String> accountNames,
+    bool showAccount,
+  ) {
+    final hasMore = threads.length == _limit;
+    return ListView.builder(
+      itemCount: threads.length + (hasMore ? 1 : 0),
+      itemBuilder: (ctx, i) {
+        if (i == threads.length) {
+          return TextButton(
+            onPressed: () => setState(() => _limit += _pageSize),
+            child: const Text('Load more'),
+          );
+        }
+        return _buildThreadTile(ctx, threads[i], accountNames, showAccount);
+      },
+    );
+  }
+
+  Widget _buildThreadTile(
+    BuildContext ctx,
+    EmailThread t,
+    Map<String, String> accountNames,
+    bool showAccount,
+  ) {
+    final senderNames =
+        t.participants.map((a) => a.name ?? a.email).take(3).join(', ');
+
+    final tile = ListTile(
+      leading: Icon(
+        t.hasUnread ? Icons.mail : Icons.mail_outline,
+        color: t.hasUnread ? Theme.of(ctx).colorScheme.primary : null,
+      ),
+      title: Row(
+        children: [
+          Expanded(
+            child: Text(
+              senderNames.isEmpty ? '(unknown)' : senderNames,
+              style: t.hasUnread
+                  ? const TextStyle(fontWeight: FontWeight.bold)
+                  : null,
+              overflow: TextOverflow.ellipsis,
+            ),
+          ),
+          if (t.messageCount > 1)
+            Padding(
+              padding: const EdgeInsets.only(left: 4),
+              child: Text(
+                '[${t.messageCount}]',
+                style: Theme.of(ctx).textTheme.bodySmall,
+              ),
+            ),
+        ],
+      ),
+      subtitle: Column(
+        crossAxisAlignment: CrossAxisAlignment.start,
+        children: [
+          Text(
+            t.subject ?? '(no subject)',
+            maxLines: 1,
+            overflow: TextOverflow.ellipsis,
+            style: t.hasUnread
+                ? const TextStyle(fontWeight: FontWeight.bold)
+                : null,
+          ),
+          if (t.preview != null && t.preview!.isNotEmpty)
+            Text(
+              t.preview!,
+              maxLines: 1,
+              overflow: TextOverflow.ellipsis,
+              style: Theme.of(ctx).textTheme.bodySmall,
+            ),
+          if (showAccount)
+            Text(
+              accountNames[t.accountId] ?? t.accountId,
+              maxLines: 1,
+              overflow: TextOverflow.ellipsis,
+              style: Theme.of(ctx).textTheme.bodySmall?.copyWith(
+                    color: Theme.of(ctx).colorScheme.primary,
+                  ),
+            ),
+        ],
+      ),
+      trailing: Row(
+        mainAxisSize: MainAxisSize.min,
+        children: [
+          if (t.isFlagged)
+            const Icon(Icons.star, color: Colors.amber, size: 16),
+          const SizedBox(width: 4),
+          Text(
+            _fmtDate(t.latestDate),
+            style: Theme.of(ctx).textTheme.bodySmall,
+          ),
+        ],
+      ),
+      onTap: t.messageCount > 1
+          ? () => context.push(
+                '/accounts/${t.accountId}/mailboxes'
+                '/${Uri.encodeComponent(t.mailboxPath)}'
+                '/threads/${Uri.encodeComponent(t.threadId)}',
+              )
+          : () => context.push(
+                '/accounts/${t.accountId}/mailboxes'
+                '/${Uri.encodeComponent(t.mailboxPath)}'
+                '/emails/${Uri.encodeComponent(t.latestEmailId)}',
+              ),
+    );
+
+    return Dismissible(
+      key: ValueKey('${t.accountId}:${t.threadId}'),
+      background: _swipeBackground(
+        alignment: Alignment.centerLeft,
+        color: Colors.green,
+        icon: Icons.archive,
+        label: 'Archive',
+      ),
+      secondaryBackground: _swipeBackground(
+        alignment: Alignment.centerRight,
+        color: Colors.red,
+        icon: Icons.delete,
+        label: 'Delete',
+      ),
+      onDismissed: (direction) => unawaited(_onSwipeDismissed(t, direction)),
+      child: tile,
+    );
+  }
+
+  Future<void> _onSwipeDismissed(
+    EmailThread t,
+    DismissDirection direction,
+  ) async {
+    final repo = ref.read(emailRepositoryProvider);
+
+    final originalEmails = (await Future.wait(
+      t.emailIds.map((id) => repo.getEmail(id)),
+    ))
+        .whereType<Email>()
+        .toList();
+
+    if (direction == DismissDirection.startToEnd) {
+      final archive = await ref
+          .read(mailboxRepositoryProvider)
+          .findMailboxByRole(t.accountId, 'archive');
+      if (!mounted || archive == null) return;
+
+      for (final id in t.emailIds) {
+        await repo.moveEmail(id, archive.path);
+      }
+      final action = UndoAction(
+        id: DateTime.now().toIso8601String(),
+        accountId: t.accountId,
+        type: UndoType.move,
+        emailIds: t.emailIds,
+        sourceMailboxPath: t.mailboxPath,
+        destinationMailboxPath: archive.path,
+        originalEmails: originalEmails,
+      );
+      unawaited(ref.read(undoServiceProvider.notifier).pushAction(action));
+      return;
+    }
+
+    String? lastDestPath;
+    for (final id in t.emailIds) {
+      lastDestPath = await repo.deleteEmail(id);
+    }
+    final action = UndoAction(
+      id: DateTime.now().toIso8601String(),
+      accountId: t.accountId,
+      type: UndoType.delete,
+      emailIds: t.emailIds,
+      sourceMailboxPath: t.mailboxPath,
+      destinationMailboxPath: lastDestPath,
+      originalEmails: originalEmails,
+    );
+    unawaited(ref.read(undoServiceProvider.notifier).pushAction(action));
+  }
+
+  Widget _swipeBackground({
+    required AlignmentGeometry alignment,
+    required Color color,
+    required IconData icon,
+    required String label,
+  }) {
+    return Container(
+      color: color,
+      alignment: alignment,
+      padding: const EdgeInsets.symmetric(horizontal: 20),
+      child: Row(
+        mainAxisSize: MainAxisSize.min,
+        children: [
+          Icon(icon, color: Colors.white),
+          const SizedBox(width: 8),
+          Text(label, style: const TextStyle(color: Colors.white)),
+        ],
+      ),
+    );
+  }
+}
@@ -162,7 +162,7 @@ class _ComposeScreenState extends ConsumerState<ComposeScreen> {
  }

  Future<void> _pickAttachments() async {
-    final result = await FilePicker.platform.pickFiles(allowMultiple: true);
+    final result = await FilePicker.pickFiles();
    if (result == null) return;
    final files = result.files.where((f) => f.path != null).toList();
    if (!mounted) return;
@@ -194,9 +194,7 @@ class _ComposeScreenState extends ConsumerState<ComposeScreen> {
      await OpenFilex.open(path);
    } catch (e) {
      if (!mounted) return;
-      ScaffoldMessenger.of(
-        context,
-      ).showSnackBar(
+      ScaffoldMessenger.of(context).showSnackBar(
        SnackBar(
          duration: const Duration(seconds: 5),
          content: Text('Failed to open file: $e'),
@@ -213,9 +211,7 @@ class _ComposeScreenState extends ConsumerState<ComposeScreen> {

  Future<void> _send() async {
    if (_accountId == null) {
-      ScaffoldMessenger.of(
-        context,
-      ).showSnackBar(
+      ScaffoldMessenger.of(context).showSnackBar(
        const SnackBar(
          duration: Duration(seconds: 5),
          content: Text('Select an account first'),
@@ -255,9 +251,7 @@ class _ComposeScreenState extends ConsumerState<ComposeScreen> {
      if (mounted) context.pop();
    } catch (e) {
      if (!mounted) return;
-      ScaffoldMessenger.of(
-        context,
-      ).showSnackBar(
+      ScaffoldMessenger.of(context).showSnackBar(
        SnackBar(
          duration: const Duration(seconds: 5),
          content: Text('Send failed: $e'),
@@ -1,5 +1,6 @@
 import 'dart:io';

+import 'package:flutter/foundation.dart';
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
 import 'package:package_info_plus/package_info_plus.dart';
@@ -10,21 +11,45 @@ class CrashScreen extends StatelessWidget {
    super.key,
    required this.exception,
    required this.stackTrace,
+    this.gitHash = const String.fromEnvironment('GIT_HASH'),
  });

  final Object exception;
  final StackTrace? stackTrace;
+  final String gitHash;

-  Future<String> _buildReport() async {
-    String version = 'unknown';
+  String get _buildMode {
+    if (kDebugMode) return 'debug';
+    if (kProfileMode) return 'profile';
+    return 'release';
+  }
+
+  Future<String> _fetchVersion() async {
    try {
      final info = await PackageInfo.fromPlatform();
-      version = '${info.version}+${info.buildNumber}';
-    } catch (_) {}
+      return '${info.version}+${info.buildNumber}';
+    } catch (_) {
+      return 'unknown';
+    }
+  }
+
+  Future<String> _buildReport() async {
+    final version = await _fetchVersion();
    final platform =
        '${Platform.operatingSystem} ${Platform.operatingSystemVersion}';
-    return 'App Version: $version\n'
-        'Platform: $platform\n\n'
+    final versionDisplay = gitHash.isNotEmpty
+        ? '[$version](https://codeberg.org/guettli/sharedinbox/commit/$gitHash)'
+        : version;
+    final gitLine = gitHash.isNotEmpty
+        ? 'Git Commit: [$gitHash](https://codeberg.org/guettli/sharedinbox/commit/$gitHash)\n'
+        : '';
+    final timestamp = DateTime.now().toUtc().toIso8601String();
+    return 'App Version: $versionDisplay\n'
+        'Build Mode: $_buildMode\n'
+        '$gitLine'
+        'Platform: $platform\n'
+        'Dart: ${Platform.version}\n'
+        'Timestamp: $timestamp\n\n'
        'Error:\n```\n$exception\n```\n\n'
        'Stack Trace:\n```\n$stackTrace\n```';
  }
@@ -37,39 +62,86 @@ class CrashScreen extends StatelessWidget {
          title: const Text('Something went wrong'),
          backgroundColor: Theme.of(context).colorScheme.errorContainer,
        ),
-        body: SingleChildScrollView(
-          padding: const EdgeInsets.all(16),
-          child: Column(
-            crossAxisAlignment: CrossAxisAlignment.stretch,
-            children: [
-              const Icon(Icons.error_outline, color: Colors.red, size: 64),
-              const SizedBox(height: 16),
-              Text(
-                'sharedinbox.de encountered an unexpected error and needs to be restarted.',
-                style: Theme.of(context).textTheme.titleMedium,
-                textAlign: TextAlign.center,
-              ),
-              const SizedBox(height: 24),
-              const Text(
-                'Error Details:',
-                style: TextStyle(fontWeight: FontWeight.bold),
-              ),
-              const SizedBox(height: 8),
-              Container(
-                padding: const EdgeInsets.all(12),
-                decoration: BoxDecoration(
-                  color: Colors.grey[200],
-                  borderRadius: BorderRadius.circular(8),
-                ),
-                child: Text(
-                  exception.toString(),
-                  style: const TextStyle(fontFamily: 'monospace', fontSize: 12),
-                ),
-              ),
-              if (stackTrace != null) ...[
+        body: Builder(
+          builder: (ctx) => SingleChildScrollView(
+            padding: const EdgeInsets.all(16),
+            child: Column(
+              crossAxisAlignment: CrossAxisAlignment.stretch,
+              children: [
+                const Icon(Icons.error_outline, color: Colors.red, size: 64),
                const SizedBox(height: 16),
+                Text(
+                  'sharedinbox.de encountered an unexpected error and needs to be restarted.',
+                  style: Theme.of(ctx).textTheme.titleMedium,
+                  textAlign: TextAlign.center,
+                ),
+                const SizedBox(height: 4),
+                FutureBuilder<String>(
+                  future: _fetchVersion(),
+                  builder: (context, snapshot) => Text(
+                    'v${snapshot.data ?? '…'}  •  $_buildMode  •  '
+                    '${Platform.operatingSystem} ${Platform.operatingSystemVersion}',
+                    style: Theme.of(
+                      context,
+                    ).textTheme.bodySmall?.copyWith(color: Colors.grey[600]),
+                    textAlign: TextAlign.center,
+                  ),
+                ),
+                if (gitHash.isNotEmpty) ...[
+                  const SizedBox(height: 8),
+                  FutureBuilder<PackageInfo>(
+                    future: PackageInfo.fromPlatform(),
+                    builder: (_, snapshot) {
+                      if (!snapshot.hasData) return const SizedBox.shrink();
+                      final version =
+                          '${snapshot.data!.version}+${snapshot.data!.buildNumber}';
+                      return GestureDetector(
+                        onTap: () async {
+                          final url = Uri.parse(
+                            'https://codeberg.org/guettli/sharedinbox/commit/$gitHash',
+                          );
+                          await launchUrl(
+                            url,
+                            mode: LaunchMode.externalApplication,
+                          );
+                        },
+                        child: Text(
+                          'App Version: $version',
+                          style: const TextStyle(
+                            fontSize: 12,
+                            color: Colors.blue,
+                            decoration: TextDecoration.underline,
+                          ),
+                          textAlign: TextAlign.center,
+                        ),
+                      );
+                    },
+                  ),
+                  const SizedBox(height: 4),
+                  GestureDetector(
+                    onTap: () async {
+                      final url = Uri.parse(
+                        'https://codeberg.org/guettli/sharedinbox/commit/$gitHash',
+                      );
+                      await launchUrl(
+                        url,
+                        mode: LaunchMode.externalApplication,
+                      );
+                    },
+                    child: Text(
+                      'Git Commit: $gitHash',
+                      style: const TextStyle(
+                        fontSize: 12,
+                        color: Colors.blue,
+                        decoration: TextDecoration.underline,
+                      ),
+                      textAlign: TextAlign.center,
+                    ),
+                  ),
+                ],
+                const SizedBox(height: 24),
                const Text(
-                  'Stack Trace:',
+                  'Error Details:',
                  style: TextStyle(fontWeight: FontWeight.bold),
                ),
                const SizedBox(height: 8),
@@ -80,70 +152,94 @@ class CrashScreen extends StatelessWidget {
                    borderRadius: BorderRadius.circular(8),
                  ),
                  child: Text(
-                    stackTrace.toString(),
+                    exception.toString(),
                    style: const TextStyle(
                      fontFamily: 'monospace',
-                      fontSize: 10,
+                      fontSize: 12,
                    ),
                  ),
                ),
-              ],
-              const SizedBox(height: 24),
-              FilledButton.icon(
-                onPressed: () async {
-                  final data = await _buildReport();
-                  await Clipboard.setData(ClipboardData(text: data));
-                  if (context.mounted) {
-                    ScaffoldMessenger.of(context).showSnackBar(
-                      const SnackBar(
-                        duration: Duration(seconds: 5),
-                        content: Text('Copied to clipboard'),
+                if (stackTrace != null) ...[
+                  const SizedBox(height: 16),
+                  const Text(
+                    'Stack Trace:',
+                    style: TextStyle(fontWeight: FontWeight.bold),
+                  ),
+                  const SizedBox(height: 8),
+                  Container(
+                    padding: const EdgeInsets.all(12),
+                    decoration: BoxDecoration(
+                      color: Colors.grey[200],
+                      borderRadius: BorderRadius.circular(8),
+                    ),
+                    child: Text(
+                      stackTrace.toString(),
+                      style: const TextStyle(
+                        fontFamily: 'monospace',
+                        fontSize: 10,
                      ),
-                    );
-                  }
-                },
-                icon: const Icon(Icons.copy),
-                label: const Text('Copy to Clipboard'),
-              ),
-              const SizedBox(height: 16),
-              OutlinedButton.icon(
-                onPressed: () async {
-                  final report = await _buildReport();
-                  final title = Uri.encodeComponent(
-                    'Crash: ${exception.toString().split('\n').first}',
-                  );
-                  final body = Uri.encodeComponent(report);
-                  final url = Uri.parse(
-                    'https://codeberg.org/guettli/sharedinbox/issues/new?title=$title&body=$body',
-                  );
-                  try {
-                    final launched = await launchUrl(
-                      url,
-                      mode: LaunchMode.externalApplication,
-                    );
-                    if (!launched && context.mounted) {
-                      ScaffoldMessenger.of(context).showSnackBar(
+                    ),
+                  ),
+                ],
+                const SizedBox(height: 24),
+                FilledButton.icon(
+                  onPressed: () async {
+                    final data = await _buildReport();
+                    await Clipboard.setData(ClipboardData(text: data));
+                    if (ctx.mounted) {
+                      ScaffoldMessenger.of(ctx).showSnackBar(
                        const SnackBar(
                          duration: Duration(seconds: 5),
-                          content: Text('Could not open browser.'),
+                          content: Text('Copied to clipboard'),
                        ),
                      );
                    }
-                  } catch (e) {
-                    if (context.mounted) {
-                      ScaffoldMessenger.of(context).showSnackBar(
-                        SnackBar(
-                          duration: const Duration(seconds: 5),
-                          content: Text('Error: $e'),
-                        ),
+                  },
+                  icon: const Icon(Icons.copy),
+                  label: const Text('Copy to Clipboard'),
+                ),
+                const SizedBox(height: 16),
+                OutlinedButton.icon(
+                  onPressed: () async {
+                    // URL carries only the title to avoid exceeding browser
+                    // URL-length limits — long stack traces caused "create
+                    // issue failed" (#146).  Use "Copy to Clipboard" first to
+                    // get the full report, then paste it in the issue body.
+                    final title = Uri.encodeComponent(
+                      'Crash: ${exception.toString().split('\n').first}',
+                    );
+                    final url = Uri.parse(
+                      'https://codeberg.org/guettli/sharedinbox/issues/new?title=$title',
+                    );
+                    try {
+                      final launched = await launchUrl(
+                        url,
+                        mode: LaunchMode.externalApplication,
                      );
+                      if (!launched && ctx.mounted) {
+                        ScaffoldMessenger.of(ctx).showSnackBar(
+                          const SnackBar(
+                            duration: Duration(seconds: 5),
+                            content: Text('Could not open browser.'),
+                          ),
+                        );
+                      }
+                    } catch (e) {
+                      if (ctx.mounted) {
+                        ScaffoldMessenger.of(ctx).showSnackBar(
+                          SnackBar(
+                            duration: const Duration(seconds: 5),
+                            content: Text('Error: $e'),
+                          ),
+                        );
+                      }
                    }
-                  }
-                },
-                icon: const Icon(Icons.bug_report),
-                label: const Text('Report Issue on Codeberg'),
-              ),
-            ],
+                  },
+                  icon: const Icon(Icons.bug_report),
+                  label: const Text('Report Issue on Codeberg'),
+                ),
+              ],
+            ),
          ),
        ),
      ),
@@ -38,6 +38,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
  var _sieveSsl = true;
  var _verbose = false;
  final _jmapUrlCtrl = TextEditingController();
+  bool _hasStoredPassword = false;

  // -- "Try connection" state ------------------------------------------------
  bool _tryTesting = false;
@@ -50,6 +51,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
    _smtpHostCtrl.addListener(_rebuild);
    _sieveHostCtrl.addListener(_rebuild);
    _imapHostCtrl.addListener(_rebuild);
+    _passwordCtrl.addListener(_rebuild);
    unawaited(_load());
  }

@@ -63,6 +65,11 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
      context.pop();
      return;
    }
+    try {
+      await repo.getPassword(account.id);
+      _hasStoredPassword = true;
+    } catch (_) {}
+    if (!mounted) return;
    _account = account;
    _displayNameCtrl.text = account.displayName;
    _usernameCtrl.text = account.username;
@@ -84,6 +91,7 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
    _smtpHostCtrl.removeListener(_rebuild);
    _sieveHostCtrl.removeListener(_rebuild);
    _imapHostCtrl.removeListener(_rebuild);
+    _passwordCtrl.removeListener(_rebuild);
    for (final c in [
      _displayNameCtrl,
      _usernameCtrl,
@@ -267,10 +275,12 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
            ),
            _field(
              _passwordCtrl,
-              'New password (leave blank to keep)',
+              _hasStoredPassword
+                  ? 'New password (leave blank to keep)'
+                  : 'Password',
              key: const Key('editPasswordField'),
              obscure: true,
-              required: false,
+              required: !_hasStoredPassword,
            ),
            if (account.type == AccountType.jmap) ...[
              const Divider(height: 32),
@@ -345,10 +355,17 @@ class _EditAccountScreenState extends ConsumerState<EditAccountScreen> {
              testing: _tryTesting,
              okMessage: _tryOk,
              errorMessage: _tryErr,
-              onPressed: _tryConnection,
+              onPressed: _hasStoredPassword || _passwordCtrl.text.isNotEmpty
+                  ? _tryConnection
+                  : null,
            ),
            const SizedBox(height: 8),
-            FilledButton(onPressed: _save, child: const Text('Save')),
+            FilledButton(
+              onPressed: _hasStoredPassword || _passwordCtrl.text.isNotEmpty
+                  ? _save
+                  : null,
+              child: const Text('Save'),
+            ),
          ],
        ),
      ),
@@ -0,0 +1,80 @@
+import 'package:flutter/material.dart';
+
+import 'package:sharedinbox/core/models/mailbox.dart';
+import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
+
+enum _MissingFolderChoice { chooseExisting, createNew }
+
+/// Resolves a mailbox by role, prompting the user to choose or create one when
+/// the role is not found.  Returns the target [Mailbox], or null if cancelled.
+Future<Mailbox?> resolveMailboxByRole(
+  BuildContext context,
+  MailboxRepository mailboxRepo,
+  String accountId,
+  String currentMailboxPath,
+  String role, {
+  required String dialogTitle,
+  required String createFolderName,
+}) async {
+  Mailbox? mailbox = await mailboxRepo.findMailboxByRole(accountId, role);
+  if (!context.mounted) return null;
+  if (mailbox != null) return mailbox;
+
+  final choice = await showDialog<_MissingFolderChoice>(
+    context: context,
+    builder: (ctx) => AlertDialog(
+      title: Text(dialogTitle),
+      actions: [
+        TextButton(
+          onPressed: () =>
+              Navigator.pop(ctx, _MissingFolderChoice.chooseExisting),
+          child: const Text('Choose existing folder'),
+        ),
+        FilledButton(
+          onPressed: () => Navigator.pop(ctx, _MissingFolderChoice.createNew),
+          child: Text('Create "$createFolderName"'),
+        ),
+      ],
+    ),
+  );
+  if (!context.mounted || choice == null) return null;
+
+  switch (choice) {
+    case _MissingFolderChoice.chooseExisting:
+      final mailboxes = await mailboxRepo.observeMailboxes(accountId).first;
+      if (!context.mounted) return null;
+      final chosen = await showModalBottomSheet<String>(
+        context: context,
+        builder: (ctx) => ListView(
+          shrinkWrap: true,
+          children: [
+            const ListTile(
+              title: Text(
+                'Move to…',
+                style: TextStyle(fontWeight: FontWeight.bold),
+              ),
+            ),
+            for (final m in mailboxes.where(
+              (m) => m.path != currentMailboxPath,
+            ))
+              ListTile(
+                leading: const Icon(Icons.folder_outlined),
+                title: Text(m.name),
+                onTap: () => Navigator.pop(ctx, m.path),
+              ),
+          ],
+        ),
+      );
+      if (chosen == null || !context.mounted) return null;
+      mailbox = mailboxes.firstWhere((m) => m.path == chosen);
+    case _MissingFolderChoice.createNew:
+      mailbox = await mailboxRepo.createMailboxWithRole(
+        accountId,
+        createFolderName,
+        role,
+      );
+      if (!context.mounted) return null;
+  }
+
+  return mailbox;
+}
@@ -13,9 +13,12 @@ import 'package:share_plus/share_plus.dart';

 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/utils/format_utils.dart';
 import 'package:sharedinbox/core/utils/html_utils.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/screens/email_action_helpers.dart';
+import 'package:sharedinbox/ui/widgets/email_headers_dialog.dart';
 import 'package:sharedinbox/ui/widgets/secure_email_webview.dart';
 import 'package:sharedinbox/ui/widgets/snooze_picker.dart';
 import 'package:url_launcher/url_launcher.dart';
@@ -43,15 +46,15 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    ref.listen<AsyncValue<(Email?, EmailBody)>>(
      emailDetailProvider(widget.emailId),
      (_, next) {
-        final email = next.valueOrNull?.$1;
+        final email = next.value?.$1;
        if (email != null && mounted) {
          setState(() => _isFlagged = email.isFlagged);
        }
      },
    );

-    final header = detail.valueOrNull?.$1;
-    final body = detail.valueOrNull?.$2;
+    final header = detail.value?.$1;
+    final body = detail.value?.$2;

    final isMobile = defaultTargetPlatform == TargetPlatform.android ||
        defaultTargetPlatform == TargetPlatform.iOS;
@@ -70,61 +73,23 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
            onPressed: header == null
                ? null
                : () {
-                    unawaited(_reply(context, header, body, replyAll: false));
+                    unawaited(_replyWithRecipientDialog(context, header, body));
                  },
          ),
          IconButton(
-            icon: const Icon(Icons.reply_all),
-            tooltip: 'Reply all',
+            icon: const Icon(Icons.archive),
+            tooltip: 'Archive',
            onPressed: header == null
                ? null
                : () {
-                    unawaited(_reply(context, header, body, replyAll: true));
+                    unawaited(_archive(context, header));
                  },
          ),
-          IconButton(
-            icon: const Icon(Icons.forward),
-            tooltip: 'Forward',
-            onPressed: header == null
-                ? null
-                : () {
-                    unawaited(_forward(context, header, body));
-                  },
-          ),
-          IconButton(
-            icon: const Icon(Icons.mark_email_unread_outlined),
-            tooltip: 'Mark as unread',
-            onPressed: () async {
-              await repo.setFlag(widget.emailId, seen: false);
-              if (context.mounted) context.pop();
-            },
-          ),
-          IconButton(
-            icon: Icon(
-              _isFlagged ? Icons.star : Icons.star_border,
-              color: _isFlagged ? Colors.amber : null,
-            ),
-            tooltip: _isFlagged ? 'Unflag' : 'Flag',
-            onPressed: () async {
-              final next = !_isFlagged;
-              await repo.setFlag(widget.emailId, flagged: next);
-              if (mounted) setState(() => _isFlagged = next);
-            },
-          ),
-          IconButton(
-            icon: const Icon(Icons.drive_file_move_outline),
-            tooltip: 'Move to folder',
-            onPressed: header == null ? null : () => _moveTo(context, header),
-          ),
-          IconButton(
-            icon: const Icon(Icons.access_time),
-            tooltip: 'Snooze',
-            onPressed: header == null ? null : () => _snooze(context, header),
-          ),
          IconButton(
            icon: const Icon(Icons.delete),
            tooltip: 'Delete',
            onPressed: () async {
+              final nextEmailId = await _getNextEmailIdIfNeeded(header);
              final destPath = await repo.deleteEmail(widget.emailId);

              if (header != null) {
@@ -143,11 +108,32 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                );
              }

-              if (context.mounted) context.pop();
+              if (context.mounted) _navigateTo(context, header, nextEmailId);
+            },
+          ),
+          IconButton(
+            icon: Icon(
+              _isFlagged ? Icons.star : Icons.star_border,
+              color: _isFlagged ? Colors.amber : null,
+            ),
+            tooltip: _isFlagged ? 'Unflag' : 'Flag',
+            onPressed: () async {
+              final next = !_isFlagged;
+              await repo.setFlag(widget.emailId, flagged: next);
+              if (mounted) setState(() => _isFlagged = next);
            },
          ),
          PopupMenuButton<String>(
            itemBuilder: (ctx) => [
+              const PopupMenuItem(value: 'forward', child: Text('Forward')),
+              const PopupMenuItem(value: 'move', child: Text('Move to folder')),
+              const PopupMenuItem(value: 'snooze', child: Text('Snooze')),
+              const PopupMenuItem(value: 'spam', child: Text('Mark as spam')),
+              const PopupMenuItem(
+                value: 'mark_unread',
+                child: Text('Mark as unread'),
+              ),
+              const PopupMenuDivider(),
              const PopupMenuItem(
                value: 'headers',
                child: Text('Show Mail Headers'),
@@ -156,13 +142,22 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                value: 'structure',
                child: Text('Show Mail Structure'),
              ),
-              const PopupMenuItem(
-                value: 'rfc',
-                child: Text('Show Raw Email'),
-              ),
+              const PopupMenuItem(value: 'rfc', child: Text('Show Raw Email')),
            ],
-            onSelected: (value) {
-              if (value == 'headers' && body != null) {
+            onSelected: (value) async {
+              if (value == 'forward' && header != null) {
+                unawaited(_forward(context, header, body));
+              } else if (value == 'move' && header != null) {
+                unawaited(_moveTo(context, header));
+              } else if (value == 'snooze' && header != null) {
+                unawaited(_snooze(context, header));
+              } else if (value == 'spam' && header != null) {
+                unawaited(_markAsSpam(context, header));
+              } else if (value == 'mark_unread') {
+                final nextEmailId = await _getNextEmailIdIfNeeded(header);
+                await repo.setFlag(widget.emailId, seen: false);
+                if (context.mounted) _navigateTo(context, header, nextEmailId);
+              } else if (value == 'headers' && body != null) {
                _showHeaders(context, body);
              } else if (value == 'structure' && body != null) {
                _showStructure(context, body);
@@ -176,19 +171,35 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
      body: detail.when(
        loading: () => const Center(child: CircularProgressIndicator()),
        error: (e, _) => Center(child: Text('Error: $e')),
-        data: (d) => _buildBody(context, d.$1, d.$2),
+        data: (d) {
+          final trusted =
+              ref.watch(trustedImageSendersProvider).value ?? const <String>[];
+          return _buildBody(context, d.$1, d.$2, trusted);
+        },
      ),
    );
  }

-  Widget _buildBody(BuildContext ctx, Email? header, EmailBody body) {
+  Widget _buildBody(
+    BuildContext ctx,
+    Email? header,
+    EmailBody body,
+    List<String> trustedSenders,
+  ) {
    final hasHtml = (body.htmlBody ?? '').trim().isNotEmpty;
+    final senderEmail = header?.from.isNotEmpty == true
+        ? header!.from.first.email.toLowerCase()
+        : null;
+    final isTrusted =
+        senderEmail != null && trustedSenders.contains(senderEmail);
+    final effectiveLoadImages = _loadRemoteImages || isTrusted;
+
    return ListView(
      padding: const EdgeInsets.all(16),
      children: [
        if (header != null) ...[_buildHeader(ctx, header), const Divider()],
        if (hasHtml) ...[
-          if (!_loadRemoteImages)
+          if (!effectiveLoadImages)
            Align(
              alignment: Alignment.centerLeft,
              child: Padding(
@@ -196,13 +207,40 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                child: OutlinedButton.icon(
                  icon: const Icon(Icons.image_outlined, size: 18),
                  label: const Text('Load remote images'),
-                  onPressed: () => setState(() => _loadRemoteImages = true),
+                  onPressed: () {
+                    setState(() => _loadRemoteImages = true);
+                    if (senderEmail != null) {
+                      unawaited(
+                        ref
+                            .read(userPreferencesRepositoryProvider)
+                            .addTrustedImageSender(senderEmail),
+                      );
+                      ScaffoldMessenger.of(ctx).showSnackBar(
+                        SnackBar(
+                          duration: const Duration(seconds: 3),
+                          content: const Text(
+                            'Images will be loaded automatically for this sender.',
+                          ),
+                          action: SnackBarAction(
+                            label: 'Settings',
+                            onPressed: () {
+                              if (mounted) {
+                                unawaited(
+                                  context.push('/accounts/preferences'),
+                                );
+                              }
+                            },
+                          ),
+                        ),
+                      );
+                    }
+                  },
                ),
              ),
            ),
          SecureEmailWebView(
            htmlBody: body.htmlBody!,
-            loadRemoteImages: _loadRemoteImages,
+            loadRemoteImages: effectiveLoadImages,
          ),
        ] else
          SelectableText(
@@ -241,6 +279,40 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    );
  }

+  Future<String?> _getNextEmailIdIfNeeded(Email? header) async {
+    if (header == null) return null;
+    final prefs = ref.read(userPreferencesProvider).value;
+    final action =
+        prefs?.afterMailViewAction ?? AfterMailViewAction.nextMessage;
+    if (action != AfterMailViewAction.nextMessage) return null;
+
+    final threads = await ref
+        .read(emailRepositoryProvider)
+        .observeThreads(header.accountId, header.mailboxPath)
+        .first;
+
+    final currentIndex = threads.indexWhere(
+      (t) => t.emailIds.contains(widget.emailId),
+    );
+    if (currentIndex >= 0 && currentIndex + 1 < threads.length) {
+      return threads[currentIndex + 1].latestEmailId;
+    }
+    return null;
+  }
+
+  void _navigateTo(BuildContext context, Email? header, String? nextEmailId) {
+    if (!context.mounted) return;
+    if (nextEmailId != null && header != null) {
+      context.go(
+        '/accounts/${header.accountId}'
+        '/mailboxes/${Uri.encodeComponent(header.mailboxPath)}'
+        '/emails/${Uri.encodeComponent(nextEmailId)}',
+      );
+    } else {
+      context.pop();
+    }
+  }
+
  Future<void> _downloadAndOpen(EmailAttachment att) async {
    setState(() => _downloading.add(att.filename));
    try {
@@ -303,17 +375,78 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    return '\n\n— On $date, $from wrote:\n$quoted';
  }

-  Future<void> _reply(
+  Future<void> _replyWithRecipientDialog(
+    BuildContext context,
+    Email header,
+    EmailBody? body,
+  ) async {
+    final account =
+        await ref.read(accountRepositoryProvider).getAccount(header.accountId);
+    final ownEmail = account?.email.toLowerCase() ?? '';
+
+    final seen = <String>{};
+    final candidates = <_Candidate>[];
+
+    void addIfNew(EmailAddress addr, _Placement defaultPlacement) {
+      final key = addr.email.toLowerCase();
+      if (key == ownEmail || seen.contains(key)) return;
+      seen.add(key);
+      candidates.add(_Candidate(addr, defaultPlacement));
+    }
+
+    for (final addr in header.from) {
+      addIfNew(addr, _Placement.to);
+    }
+    for (final addr in header.to) {
+      addIfNew(addr, _Placement.to);
+    }
+    for (final addr in header.cc) {
+      addIfNew(addr, _Placement.cc);
+    }
+
+    if (!context.mounted) return;
+
+    if (candidates.length <= 1) {
+      final to = candidates
+          .where((c) => c.placement == _Placement.to)
+          .map((c) => c.address.email)
+          .join(', ');
+      final cc = candidates
+          .where((c) => c.placement == _Placement.cc)
+          .map((c) => c.address.email)
+          .join(', ');
+      await _composeReply(context, header, body, to: to, cc: cc);
+      return;
+    }
+
+    final confirmed = await showDialog<List<_Candidate>>(
+      context: context,
+      builder: (ctx) => _ReplyAllDialog(candidates: candidates),
+    );
+
+    if (confirmed == null || !context.mounted) return;
+
+    final to = confirmed
+        .where((c) => c.placement == _Placement.to)
+        .map((c) => c.address.email)
+        .join(', ');
+    final cc = confirmed
+        .where((c) => c.placement == _Placement.cc)
+        .map((c) => c.address.email)
+        .join(', ');
+    await _composeReply(context, header, body, to: to, cc: cc);
+  }
+
+  Future<void> _composeReply(
    BuildContext context,
    Email header,
    EmailBody? body, {
-    required bool replyAll,
+    required String to,
+    required String cc,
  }) async {
-    final to = header.from.isNotEmpty ? header.from.first.email : '';
    final subject = (header.subject?.startsWith('Re:') ?? false)
        ? header.subject!
        : 'Re: ${header.subject ?? ''}';
-    final cc = replyAll ? header.to.map((a) => a.email).join(', ') : '';
    final quoted = await _quotedBody(header, body);
    if (!context.mounted) return;
    unawaited(
@@ -330,6 +463,78 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    );
  }

+  Future<void> _archive(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+    if (!context.mounted) return;
+
+    final mailbox = await resolveMailboxByRole(
+      context,
+      ref.read(mailboxRepositoryProvider),
+      header.accountId,
+      header.mailboxPath,
+      'archive',
+      dialogTitle: 'No archive folder found',
+      createFolderName: 'Archive',
+    );
+
+    if (mailbox == null || !context.mounted) return;
+
+    await ref
+        .read(emailRepositoryProvider)
+        .moveEmail(widget.emailId, mailbox.path);
+
+    unawaited(
+      ref.read(undoServiceProvider.notifier).pushAction(
+            UndoAction(
+              id: DateTime.now().toIso8601String(),
+              accountId: header.accountId,
+              type: UndoType.move,
+              emailIds: [widget.emailId],
+              sourceMailboxPath: header.mailboxPath,
+              destinationMailboxPath: mailbox.path,
+            ),
+          ),
+    );
+
+    if (context.mounted) _navigateTo(context, header, nextEmailId);
+  }
+
+  Future<void> _markAsSpam(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+    if (!context.mounted) return;
+
+    final mailbox = await resolveMailboxByRole(
+      context,
+      ref.read(mailboxRepositoryProvider),
+      header.accountId,
+      header.mailboxPath,
+      'junk',
+      dialogTitle: 'No spam folder found',
+      createFolderName: 'Junk',
+    );
+
+    if (mailbox == null || !context.mounted) return;
+
+    await ref
+        .read(emailRepositoryProvider)
+        .moveEmail(widget.emailId, mailbox.path);
+
+    unawaited(
+      ref.read(undoServiceProvider.notifier).pushAction(
+            UndoAction(
+              id: DateTime.now().toIso8601String(),
+              accountId: header.accountId,
+              type: UndoType.move,
+              emailIds: [widget.emailId],
+              sourceMailboxPath: header.mailboxPath,
+              destinationMailboxPath: mailbox.path,
+            ),
+          ),
+    );
+
+    if (context.mounted) _navigateTo(context, header, nextEmailId);
+  }
+
  Future<void> _forward(
    BuildContext context,
    Email header,
@@ -343,15 +548,14 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    unawaited(
      context.push(
        '/compose',
-        extra: {
-          'prefillSubject': subject,
-          'prefillBody': quoted,
-        },
+        extra: {'prefillSubject': subject, 'prefillBody': quoted},
      ),
    );
  }

  Future<void> _moveTo(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+
    final mailboxRepo = ref.read(mailboxRepositoryProvider);
    final mailboxes =
        await mailboxRepo.observeMailboxes(header.accountId).first;
@@ -400,10 +604,13 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
          ),
    );

-    if (context.mounted) context.pop();
+    if (context.mounted) _navigateTo(context, header, nextEmailId);
  }

  Future<void> _snooze(BuildContext context, Email header) async {
+    final nextEmailId = await _getNextEmailIdIfNeeded(header);
+    if (!context.mounted) return;
+
    final until = await showModalBottomSheet<DateTime>(
      context: context,
      builder: (ctx) => const SnoozePicker(),
@@ -431,7 +638,7 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
          ),
        ),
      );
-      context.pop();
+      _navigateTo(context, header, nextEmailId);
    }
  }

@@ -443,9 +650,9 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
          .fetchRawRfc822(widget.emailId);
    } catch (e) {
      if (!context.mounted) return;
-      ScaffoldMessenger.of(context).showSnackBar(
-        SnackBar(content: Text('Failed to fetch raw email: $e')),
-      );
+      ScaffoldMessenger.of(
+        context,
+      ).showSnackBar(SnackBar(content: Text('Failed to fetch raw email: $e')));
      return;
    }

@@ -559,47 +766,7 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    unawaited(
      showDialog<void>(
        context: context,
-        builder: (ctx) => AlertDialog(
-          title: const Text('Mail Headers'),
-          content: SizedBox(
-            width: double.maxFinite,
-            child: ListView.builder(
-              shrinkWrap: true,
-              itemCount: body.headers.length,
-              itemBuilder: (ctx, i) {
-                final header = body.headers[i];
-                return Container(
-                  color: i.isEven
-                      ? Theme.of(ctx).colorScheme.surfaceContainerHighest
-                      : Theme.of(ctx).colorScheme.surface,
-                  padding: const EdgeInsets.symmetric(
-                    vertical: 4,
-                    horizontal: 8,
-                  ),
-                  child: Row(
-                    crossAxisAlignment: CrossAxisAlignment.start,
-                    children: [
-                      Expanded(
-                        child: SelectableText(
-                          header.name,
-                          style: const TextStyle(fontWeight: FontWeight.bold),
-                        ),
-                      ),
-                      const SizedBox(width: 8),
-                      Expanded(flex: 2, child: SelectableText(header.value)),
-                    ],
-                  ),
-                );
-              },
-            ),
-          ),
-          actions: [
-            TextButton(
-              onPressed: () => Navigator.pop(ctx),
-              child: const Text('Close'),
-            ),
-          ],
-        ),
+        builder: (ctx) => EmailHeadersDialog(headers: body.headers),
      ),
    );
  }
@@ -610,9 +777,7 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
      ScaffoldMessenger.of(context).showSnackBar(
        const SnackBar(
          duration: Duration(seconds: 5),
-          content: Text(
-            'Structure not available. Try re-syncing the email.',
-          ),
+          content: Text('Structure not available. Try re-syncing the email.'),
        ),
      );
      return;
@@ -624,12 +789,13 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
    unawaited(
      showDialog<void>(
        context: context,
-        builder: (ctx) => AlertDialog(
-          title: const Text('Mail Structure'),
-          content: SizedBox(
-            width: double.maxFinite,
-            child: ListView.builder(
-              shrinkWrap: true,
+        builder: (ctx) => Dialog.fullscreen(
+          child: Scaffold(
+            appBar: AppBar(
+              title: const Text('Mail Structure'),
+              leading: const CloseButton(),
+            ),
+            body: ListView.builder(
              itemCount: rows.length,
              itemBuilder: (ctx, i) {
                final row = rows[i];
@@ -658,14 +824,90 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
              },
            ),
          ),
-          actions: [
-            TextButton(
-              onPressed: () => Navigator.pop(ctx),
-              child: const Text('Close'),
-            ),
+        ),
+      ),
+    );
+  }
+}
+
+enum _Placement { to, cc, skip }
+
+class _Candidate {
+  _Candidate(this.address, this.placement);
+  final EmailAddress address;
+  _Placement placement;
+}
+
+class _ReplyAllDialog extends StatefulWidget {
+  const _ReplyAllDialog({required this.candidates});
+  final List<_Candidate> candidates;
+
+  @override
+  State<_ReplyAllDialog> createState() => _ReplyAllDialogState();
+}
+
+class _ReplyAllDialogState extends State<_ReplyAllDialog> {
+  late final List<_Candidate> _candidates;
+
+  @override
+  void initState() {
+    super.initState();
+    _candidates = [
+      for (final c in widget.candidates) _Candidate(c.address, c.placement),
+    ];
+  }
+
+  @override
+  Widget build(BuildContext context) {
+    return AlertDialog(
+      title: const Text('Reply All'),
+      content: SizedBox(
+        width: double.maxFinite,
+        child: ListView(
+          shrinkWrap: true,
+          children: [
+            for (final c in _candidates)
+              Padding(
+                padding: const EdgeInsets.symmetric(vertical: 4),
+                child: Row(
+                  children: [
+                    Expanded(
+                      child: Text(
+                        c.address.toString(),
+                        overflow: TextOverflow.ellipsis,
+                      ),
+                    ),
+                    const SizedBox(width: 8),
+                    SegmentedButton<_Placement>(
+                      showSelectedIcon: false,
+                      segments: const [
+                        ButtonSegment(value: _Placement.to, label: Text('To')),
+                        ButtonSegment(value: _Placement.cc, label: Text('Cc')),
+                        ButtonSegment(
+                          value: _Placement.skip,
+                          label: Text('Skip'),
+                        ),
+                      ],
+                      selected: {c.placement},
+                      onSelectionChanged: (s) =>
+                          setState(() => c.placement = s.first),
+                    ),
+                  ],
+                ),
+              ),
          ],
        ),
      ),
+      actions: [
+        TextButton(
+          onPressed: () => Navigator.pop(context),
+          child: const Text('Cancel'),
+        ),
+        TextButton(
+          onPressed: () => Navigator.pop(context, _candidates),
+          child: const Text('Reply'),
+        ),
+      ],
    );
  }
 }
@@ -712,10 +954,13 @@ class _UnsubscribeChip extends StatelessWidget {
  Widget build(BuildContext context) {
    final uri = _parseUnsubscribeUri(header);
    if (uri == null) return const SizedBox.shrink();
-    return ActionChip(
-      avatar: const Icon(Icons.unsubscribe_outlined, size: 16),
-      label: const Text('Unsubscribe'),
-      onPressed: () => launchUrl(uri, mode: LaunchMode.externalApplication),
+    return Tooltip(
+      message: uri.toString(),
+      child: ActionChip(
+        avatar: const Icon(Icons.unsubscribe_outlined, size: 16),
+        label: const Text('Unsubscribe'),
+        onPressed: () => launchUrl(uri, mode: LaunchMode.externalApplication),
+      ),
    );
  }
 }
@@ -8,8 +8,10 @@ import 'package:intl/intl.dart';
 import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/screens/email_action_helpers.dart';
 import 'package:sharedinbox/ui/widgets/email_tile.dart';
 import 'package:sharedinbox/ui/widgets/folder_drawer.dart';
 import 'package:sharedinbox/ui/widgets/snooze_picker.dart';
@@ -147,16 +149,21 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
  Widget build(BuildContext context) {
    final repo = ref.watch(emailRepositoryProvider);
    final accountAsync = ref.watch(accountByIdProvider(widget.accountId));
+    final prefs =
+        ref.watch(userPreferencesProvider).value ?? const UserPreferences();
+    final menuAtBottom = prefs.menuPosition == MenuPosition.bottom;

    return Scaffold(
-      appBar: _buildAppBar(repo, accountAsync),
+      appBar: _buildAppBar(repo, accountAsync, menuAtBottom: menuAtBottom),
      drawer: _selecting
          ? null
          : FolderDrawer(
              accountId: widget.accountId,
              currentMailboxPath: widget.mailboxPath,
            ),
-      bottomNavigationBar: _selecting ? _selectionBottomBar() : null,
+      bottomNavigationBar: _selecting
+          ? _selectionBottomBar()
+          : (menuAtBottom ? _folderNavBottomBar() : null),
      body: Column(
        children: [
          _buildSyncErrorBanner(),
@@ -172,12 +179,14 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {

  PreferredSizeWidget _buildAppBar(
    EmailRepository emailRepo,
-    AsyncValue<Account?> accountAsync,
-  ) {
+    AsyncValue<Account?> accountAsync, {
+    required bool menuAtBottom,
+  }) {
    final selectionCount =
        _searching ? _selectedSearchIds.length : _selectedThreadIds.length;

    return AppBar(
+      automaticallyImplyLeading: !menuAtBottom,
      leading: _selecting
          ? IconButton(
              icon: const Icon(Icons.close),
@@ -261,9 +270,9 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {

  Widget _buildSyncButton(EmailRepository emailRepo) {
    final isSyncing =
-        ref.watch(isSyncingProvider(widget.accountId)).valueOrNull ?? false;
+        ref.watch(isSyncingProvider(widget.accountId)).value ?? false;
    final hasError =
-        ref.watch(syncLastErrorProvider(widget.accountId)).valueOrNull != null;
+        ref.watch(syncLastErrorProvider(widget.accountId)).value != null;
    return IconButton(
      tooltip: isSyncing
          ? 'Syncing…'
@@ -300,6 +309,22 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    );
  }

+  Widget _folderNavBottomBar() {
+    return BottomAppBar(
+      child: Row(
+        children: [
+          Builder(
+            builder: (context) => IconButton(
+              icon: const Icon(Icons.menu),
+              tooltip: 'Open folders',
+              onPressed: () => Scaffold.of(context).openDrawer(),
+            ),
+          ),
+        ],
+      ),
+    );
+  }
+
  Widget _selectionBottomBar() {
    return BottomAppBar(
      child: Row(
@@ -350,17 +375,13 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {

  Widget _buildSyncErrorBanner() {
    final errorAsync = ref.watch(syncLastErrorProvider(widget.accountId));
-    final error = errorAsync.valueOrNull;
+    final error = errorAsync.value;
    if (error == null || error == _dismissedError) {
      return const SizedBox.shrink();
    }
    return MaterialBanner(
      padding: const EdgeInsets.fromLTRB(16, 8, 8, 8),
-      content: Text(
-        error,
-        maxLines: 2,
-        overflow: TextOverflow.ellipsis,
-      ),
+      content: Text(error, maxLines: 2, overflow: TextOverflow.ellipsis),
      leading: Icon(
        Icons.sync_problem,
        color: Theme.of(context).colorScheme.error,
@@ -374,9 +395,8 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
          child: const Text('Retry'),
        ),
        TextButton(
-          onPressed: () => context.push(
-            '/accounts/${widget.accountId}/sync-log',
-          ),
+          onPressed: () =>
+              context.push('/accounts/${widget.accountId}/sync-log'),
          child: const Text('View log'),
        ),
        TextButton(
@@ -420,24 +440,26 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    );
  }

-  Future<void> _batchMoveToRole(String role, String notFoundMessage) async {
+  Future<void> _batchMoveToRole(
+    String role, {
+    required String dialogTitle,
+    required String createFolderName,
+  }) async {
    final ids = _selectedEmailIds;
    _clearSelection();
-    final mailbox = await ref
-        .read(mailboxRepositoryProvider)
-        .findMailboxByRole(widget.accountId, role);
-    if (!mounted) return;
-    if (mailbox == null) {
-      ScaffoldMessenger.of(
-        context,
-      ).showSnackBar(
-        SnackBar(
-          duration: const Duration(seconds: 5),
-          content: Text(notFoundMessage),
-        ),
-      );
-      return;
-    }
+
+    final mailbox = await resolveMailboxByRole(
+      context,
+      ref.read(mailboxRepositoryProvider),
+      widget.accountId,
+      widget.mailboxPath,
+      role,
+      dialogTitle: dialogTitle,
+      createFolderName: createFolderName,
+    );
+
+    if (!mounted || mailbox == null) return;
+
    final repo = ref.read(emailRepositoryProvider);

    // Fetch full email data before moving so we can restore them if user clicks Undo.
@@ -463,8 +485,11 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    unawaited(ref.read(undoServiceProvider.notifier).pushAction(action));
  }

-  Future<void> _batchArchive() =>
-      _batchMoveToRole('archive', 'No archive folder found');
+  Future<void> _batchArchive() => _batchMoveToRole(
+        'archive',
+        dialogTitle: 'No archive folder found',
+        createFolderName: 'Archive',
+      );

  Future<void> _refreshSearchAndPopIfEmpty() async {
    if (!mounted || !_searching) return;
@@ -543,8 +568,11 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
    }
  }

-  Future<void> _batchMarkSpam() =>
-      _batchMoveToRole('junk', 'No spam folder found');
+  Future<void> _batchMarkSpam() => _batchMoveToRole(
+        'junk',
+        dialogTitle: 'No spam folder found',
+        createFolderName: 'Junk',
+      );

  Future<void> _batchMove() async {
    final ids = _selectedEmailIds;
@@ -4,6 +4,7 @@ import 'package:go_router/go_router.dart';

 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/mailbox.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/repositories/email_repository.dart';
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/widgets/folder_drawer.dart';
@@ -17,8 +18,12 @@ class MailboxListScreen extends ConsumerWidget {
    final mailboxRepo = ref.watch(mailboxRepositoryProvider);
    final emailRepo = ref.watch(emailRepositoryProvider);
    final accountAsync = ref.watch(accountByIdProvider(accountId));
+    final prefs =
+        ref.watch(userPreferencesProvider).value ?? const UserPreferences();
+    final menuAtBottom = prefs.menuPosition == MenuPosition.bottom;
    return Scaffold(
      appBar: AppBar(
+        automaticallyImplyLeading: !menuAtBottom,
        title: const Text('Folders'),
        actions: [
          IconButton(
@@ -42,6 +47,19 @@ class MailboxListScreen extends ConsumerWidget {
        ],
      ),
      drawer: FolderDrawer(accountId: accountId),
+      bottomNavigationBar: menuAtBottom
+          ? BottomAppBar(
+              child: Row(
+                children: [
+                  IconButton(
+                    icon: const Icon(Icons.menu),
+                    tooltip: 'Open folders',
+                    onPressed: () => Scaffold.of(context).openDrawer(),
+                  ),
+                ],
+              ),
+            )
+          : null,
      body: Column(
        children: [
          // ── Failed-mutation banner ───────────────────────────────────────
@@ -10,8 +10,9 @@ import 'package:sharedinbox/core/utils/logger.dart';
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/widgets/email_tile.dart';

-final _searchHistoryProvider =
-    FutureProvider.autoDispose<List<String>>((ref) async {
+final _searchHistoryProvider = FutureProvider.autoDispose<List<String>>((
+  ref,
+) async {
  return ref.watch(searchHistoryRepositoryProvider).getRecentSearches();
 });

@@ -137,9 +137,7 @@ class _SieveScriptsScreenState extends ConsumerState<SieveScriptsScreen> {
  Widget build(BuildContext context) {
    return Scaffold(
      appBar: AppBar(
-        title: Text(
-          widget.isLocal ? 'Local Filters' : 'Remote Filters',
-        ),
+        title: Text(widget.isLocal ? 'Local Filters' : 'Remote Filters'),
      ),
      body: _buildBody(),
      floatingActionButton: FloatingActionButton(
@@ -1,11 +1,15 @@
 import 'dart:async';

 import 'package:flutter/material.dart';
+import 'package:flutter/services.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:intl/intl.dart';
+import 'package:package_info_plus/package_info_plus.dart';

+import 'package:sharedinbox/core/models/account.dart';
 import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
 import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/utils/about_markdown.dart';

 final _timeFmt = DateFormat('MMM d, HH:mm:ss');

@@ -21,6 +25,57 @@ String _fmtBytes(int bytes) {
  return '${(bytes / (1024 * 1024)).toStringAsFixed(1)} MB';
 }

+String _buildSyncEntryMarkdown(SyncLogEntry entry) {
+  final buf = StringBuffer();
+  buf.writeln('## Sync Entry');
+  buf.writeln();
+  buf.writeln('| Property | Value |');
+  buf.writeln('|----------|-------|');
+  buf.writeln('| Started | ${_timeFmt.format(entry.startedAt)} |');
+  buf.writeln('| Finished | ${_timeFmt.format(entry.finishedAt)} |');
+  buf.writeln('| Duration | ${_fmtDuration(entry.duration)} |');
+  if (entry.protocol.isNotEmpty) {
+    buf.writeln('| Protocol | ${entry.protocol.toUpperCase()} |');
+  }
+  final statusLabel = entry.isOk
+      ? 'OK'
+      : entry.isPermanent
+          ? 'Error (permanent)'
+          : 'Error';
+  buf.writeln('| Status | $statusLabel |');
+  buf.writeln('| Emails fetched | ${entry.emailsFetched} |');
+  buf.writeln('| Emails up-to-date | ${entry.emailsSkipped} |');
+  buf.writeln('| Mailboxes synced | ${entry.mailboxesSynced} |');
+  buf.writeln('| Pending changes flushed | ${entry.pendingFlushed} |');
+  buf.writeln('| Data transferred | ${_fmtBytes(entry.bytesTransferred)} |');
+  if (entry.mailboxStats.isNotEmpty) {
+    buf.writeln();
+    buf.writeln('### Per mailbox');
+    buf.writeln();
+    buf.writeln('| Mailbox | Fetched | Up-to-date | Duration |');
+    buf.writeln('|---------|---------|------------|----------|');
+    for (final m in entry.mailboxStats) {
+      final dur = m.duration != null ? _fmtDuration(m.duration!) : '-';
+      buf.writeln('| ${m.mailboxPath} | ${m.fetched} | ${m.skipped} | $dur |');
+    }
+  }
+  if (entry.errorMessage != null) {
+    buf.writeln();
+    buf.writeln('**Error:**');
+    buf.writeln();
+    buf.writeln(entry.errorMessage);
+  }
+  if (entry.stackTrace != null) {
+    buf.writeln();
+    buf.writeln('**Stack trace:**');
+    buf.writeln();
+    buf.writeln('```');
+    buf.write(entry.stackTrace);
+    buf.writeln('```');
+  }
+  return buf.toString();
+}
+
 class SyncLogScreen extends ConsumerStatefulWidget {
  const SyncLogScreen({super.key, required this.accountId});

@@ -69,6 +124,41 @@ class _SyncLogScreenState extends ConsumerState<SyncLogScreen> {
    ref.read(syncManagerProvider).syncNow(widget.accountId);
  }

+  Future<void> _copyEntry(SyncLogEntry entry, BuildContext context) async {
+    final accounts =
+        await ref.read(accountRepositoryProvider).observeAccounts().first;
+    final imapCount = accounts.where((a) => a.type == AccountType.imap).length;
+    final jmapCount = accounts.where((a) => a.type == AccountType.jmap).length;
+
+    PackageInfo? pkg;
+    try {
+      pkg = await PackageInfo.fromPlatform();
+    } catch (_) {}
+
+    final deviceModel = await getDeviceModel();
+
+    if (!context.mounted) return;
+
+    final syncMd = _buildSyncEntryMarkdown(entry);
+    final aboutMd = buildAboutMarkdown(
+      context: context,
+      pkg: pkg,
+      imapCount: imapCount,
+      jmapCount: jmapCount,
+      deviceModel: deviceModel,
+    );
+    await Clipboard.setData(ClipboardData(text: '$syncMd\n$aboutMd'));
+
+    if (context.mounted) {
+      ScaffoldMessenger.of(context).showSnackBar(
+        const SnackBar(
+          duration: Duration(seconds: 3),
+          content: Text('Copied to clipboard'),
+        ),
+      );
+    }
+  }
+
  @override
  Widget build(BuildContext context) {
    return Scaffold(
@@ -96,16 +186,20 @@ class _SyncLogScreenState extends ConsumerState<SyncLogScreen> {
          ? const Center(child: Text('No sync entries yet'))
          : ListView.builder(
              itemCount: _entries.length,
-              itemBuilder: (ctx, i) => _SyncLogTile(entry: _entries[i]),
+              itemBuilder: (ctx, i) => _SyncLogTile(
+                entry: _entries[i],
+                onCopy: () => _copyEntry(_entries[i], ctx),
+              ),
            ),
    );
  }
 }

 class _SyncLogTile extends StatelessWidget {
-  const _SyncLogTile({required this.entry});
+  const _SyncLogTile({required this.entry, required this.onCopy});

  final SyncLogEntry entry;
+  final VoidCallback onCopy;

  @override
  Widget build(BuildContext context) {
@@ -115,6 +209,12 @@ class _SyncLogTile extends StatelessWidget {
    final theme = Theme.of(context);
    final errorColor = theme.colorScheme.error;

+    final subtitleText = entry.isOk
+        ? '${entry.emailsFetched} new · ${entry.emailsSkipped} up-to-date · took $durationLabel'
+        : entry.isPermanent
+            ? 'Error (permanent) · took $durationLabel'
+            : 'Error · took $durationLabel';
+
    return ExpansionTile(
      leading: Icon(
        entry.isOk ? Icons.check_circle : Icons.error_outline,
@@ -125,11 +225,20 @@ class _SyncLogTile extends StatelessWidget {
        style: entry.isOk ? null : TextStyle(color: errorColor),
      ),
      subtitle: Text(
-        entry.isOk
-            ? '${entry.emailsFetched} new · ${entry.emailsSkipped} up-to-date · took $durationLabel'
-            : 'Error · took $durationLabel',
+        subtitleText,
        style: TextStyle(fontSize: 12, color: entry.isOk ? null : errorColor),
      ),
+      trailing: Row(
+        mainAxisSize: MainAxisSize.min,
+        children: [
+          IconButton(
+            icon: const Icon(Icons.copy, size: 18),
+            tooltip: 'Copy as markdown',
+            onPressed: onCopy,
+          ),
+          const Icon(Icons.expand_more),
+        ],
+      ),
      children: [
        Padding(
          padding: const EdgeInsets.fromLTRB(72, 0, 16, 12),
@@ -171,6 +280,31 @@ class _SyncLogTile extends StatelessWidget {
                    style: TextStyle(color: errorColor, fontSize: 12),
                  ),
                ),
+              if (entry.stackTrace != null) ...[
+                const Padding(
+                  padding: EdgeInsets.only(top: 6, bottom: 2),
+                  child: Text(
+                    'Stack trace',
+                    style: TextStyle(fontSize: 12, color: Colors.grey),
+                  ),
+                ),
+                Container(
+                  width: double.infinity,
+                  padding: const EdgeInsets.all(8),
+                  decoration: BoxDecoration(
+                    color: Colors.black87,
+                    borderRadius: BorderRadius.circular(4),
+                  ),
+                  child: Text(
+                    entry.stackTrace!,
+                    style: TextStyle(
+                      fontSize: 10,
+                      fontFamily: 'monospace',
+                      color: Colors.red[300],
+                    ),
+                  ),
+                ),
+              ],
              if (entry.protocolLog != null) ...[
                const Padding(
                  padding: EdgeInsets.only(top: 6, bottom: 2),
@@ -7,6 +7,7 @@ import 'package:intl/intl.dart';

 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/core/models/user_preferences.dart';
 import 'package:sharedinbox/core/utils/html_utils.dart';
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/widgets/secure_email_webview.dart';
@@ -28,9 +29,16 @@ class ThreadDetailScreen extends ConsumerWidget {
  @override
  Widget build(BuildContext context, WidgetRef ref) {
    final repo = ref.watch(emailRepositoryProvider);
+    final prefs =
+        ref.watch(userPreferencesProvider).value ?? const UserPreferences();
+    final buttonAtBottom = prefs.mailViewButtonPosition == MenuPosition.bottom;

    return Scaffold(
-      appBar: AppBar(title: const Text('Thread')),
+      appBar: AppBar(
+        title: const Text('Thread'),
+        automaticallyImplyLeading: !buttonAtBottom,
+      ),
+      bottomNavigationBar: buttonAtBottom ? _buildBackButtonBar(context) : null,
      body: StreamBuilder<List<Email>>(
        stream: repo.observeEmailsInThread(accountId, mailboxPath, threadId),
        builder: (context, snapshot) {
@@ -60,6 +68,20 @@ class ThreadDetailScreen extends ConsumerWidget {
      ),
    );
  }
+
+  Widget _buildBackButtonBar(BuildContext context) {
+    return BottomAppBar(
+      child: Row(
+        children: [
+          IconButton(
+            icon: const Icon(Icons.arrow_back),
+            tooltip: 'Back',
+            onPressed: () => context.pop(),
+          ),
+        ],
+      ),
+    );
+  }
 }

 class _EmailMessageCard extends ConsumerStatefulWidget {
@@ -91,6 +113,14 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {

  @override
  Widget build(BuildContext context) {
+    final trustedSenders =
+        ref.watch(trustedImageSendersProvider).value ?? const <String>[];
+    final senderEmail = widget.email.from.isNotEmpty
+        ? widget.email.from.first.email.toLowerCase()
+        : null;
+    final isTrusted =
+        senderEmail != null && trustedSenders.contains(senderEmail);
+
    return Card(
      margin: const EdgeInsets.symmetric(vertical: 4),
      child: Column(
@@ -125,13 +155,13 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
              ],
            ),
          ),
-          if (_expanded) _buildExpandedBody(),
+          if (_expanded) _buildExpandedBody(isTrusted, senderEmail),
        ],
      ),
    );
  }

-  Widget _buildExpandedBody() {
+  Widget _buildExpandedBody(bool isTrusted, String? senderEmail) {
    return Padding(
      padding: const EdgeInsets.fromLTRB(16, 0, 16, 16),
      child: Column(
@@ -141,6 +171,17 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
          FutureBuilder<EmailBody>(
            future: _bodyFuture,
            builder: (context, snapshot) {
+              if (snapshot.hasError) {
+                return Padding(
+                  padding: const EdgeInsets.all(16),
+                  child: Text(
+                    'Failed to load email: ${snapshot.error}',
+                    style: TextStyle(
+                      color: Theme.of(context).colorScheme.error,
+                    ),
+                  ),
+                );
+              }
              if (!snapshot.hasData) {
                return const Center(
                  child: Padding(
@@ -151,21 +192,48 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
              }
              final body = snapshot.data!;
              final hasHtml = (body.htmlBody ?? '').trim().isNotEmpty;
+              final effectiveLoadImages = _loadRemoteImages || isTrusted;

              return Column(
                crossAxisAlignment: CrossAxisAlignment.start,
                children: [
                  if (hasHtml) ...[
-                    if (!_loadRemoteImages)
+                    if (!effectiveLoadImages)
                      TextButton.icon(
                        icon: const Icon(Icons.image_outlined, size: 16),
                        label: const Text('Load remote images'),
-                        onPressed: () =>
-                            setState(() => _loadRemoteImages = true),
+                        onPressed: () {
+                          setState(() => _loadRemoteImages = true);
+                          if (senderEmail != null) {
+                            unawaited(
+                              ref
+                                  .read(userPreferencesRepositoryProvider)
+                                  .addTrustedImageSender(senderEmail),
+                            );
+                            ScaffoldMessenger.of(context).showSnackBar(
+                              SnackBar(
+                                duration: const Duration(seconds: 3),
+                                content: const Text(
+                                  'Images will be loaded automatically for this sender.',
+                                ),
+                                action: SnackBarAction(
+                                  label: 'Settings',
+                                  onPressed: () {
+                                    if (mounted) {
+                                      unawaited(
+                                        context.push('/accounts/preferences'),
+                                      );
+                                    }
+                                  },
+                                ),
+                              ),
+                            );
+                          }
+                        },
                      ),
                    SecureEmailWebView(
                      htmlBody: body.htmlBody!,
-                      loadRemoteImages: _loadRemoteImages,
+                      loadRemoteImages: effectiveLoadImages,
                    ),
                  ] else
                    SelectableText(
@@ -84,9 +84,7 @@ class _UndoActionTile extends ConsumerWidget {
              .read(undoServiceProvider.notifier)
              .undo(actionId: action.id);
          if (context.mounted) {
-            ScaffoldMessenger.of(
-              context,
-            ).showSnackBar(
+            ScaffoldMessenger.of(context).showSnackBar(
              const SnackBar(
                duration: Duration(seconds: 5),
                content: Text('Action undone.'),
@@ -0,0 +1,179 @@
+import 'dart:async';
+
+import 'package:flutter/material.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+
+import 'package:sharedinbox/core/models/user_preferences.dart';
+import 'package:sharedinbox/di.dart';
+
+class UserPreferencesScreen extends ConsumerWidget {
+  const UserPreferencesScreen({super.key});
+
+  @override
+  Widget build(BuildContext context, WidgetRef ref) {
+    final prefsAsync = ref.watch(userPreferencesProvider);
+    final trustedSendersAsync = ref.watch(trustedImageSendersProvider);
+
+    return Scaffold(
+      appBar: AppBar(title: const Text('Preferences')),
+      body: prefsAsync.when(
+        loading: () => const Center(child: CircularProgressIndicator()),
+        error: (_, __) =>
+            const Center(child: Text('Error loading preferences')),
+        data: (prefs) => ListView(
+          children: [
+            ListTile(
+              title: Text(
+                'Menu bar position',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'Where the folder navigation menu is shown in the mailbox view.',
+              ),
+            ),
+            RadioGroup<MenuPosition>(
+              groupValue: prefs.menuPosition,
+              onChanged: (value) {
+                if (value == null) return;
+                unawaited(
+                  ref
+                      .read(userPreferencesRepositoryProvider)
+                      .updateMenuPosition(value),
+                );
+              },
+              child: const Column(
+                children: [
+                  RadioListTile<MenuPosition>(
+                    title: Text('Bottom (default)'),
+                    subtitle: Text(
+                      'Open folder navigation from a button at the bottom of the screen.',
+                    ),
+                    value: MenuPosition.bottom,
+                  ),
+                  RadioListTile<MenuPosition>(
+                    title: Text('Top'),
+                    subtitle: Text(
+                      'Open folder navigation from the hamburger icon in the top bar.',
+                    ),
+                    value: MenuPosition.top,
+                  ),
+                ],
+              ),
+            ),
+            const Divider(),
+            ListTile(
+              title: Text(
+                'Single mail view button position',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'Where the back button is shown in the single mail view.',
+              ),
+            ),
+            RadioGroup<MenuPosition>(
+              groupValue: prefs.mailViewButtonPosition,
+              onChanged: (value) {
+                if (value == null) return;
+                unawaited(
+                  ref
+                      .read(userPreferencesRepositoryProvider)
+                      .updateMailViewButtonPosition(value),
+                );
+              },
+              child: const Column(
+                children: [
+                  RadioListTile<MenuPosition>(
+                    title: Text('Bottom (default)'),
+                    subtitle: Text(
+                      'Show the back button at the bottom of the screen.',
+                    ),
+                    value: MenuPosition.bottom,
+                  ),
+                  RadioListTile<MenuPosition>(
+                    title: Text('Top'),
+                    subtitle: Text('Show the back button in the top bar.'),
+                    value: MenuPosition.top,
+                  ),
+                ],
+              ),
+            ),
+            const Divider(),
+            ListTile(
+              title: Text(
+                'After mail action',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'What to show after deleting, archiving, or otherwise handling a message.',
+              ),
+            ),
+            RadioGroup<AfterMailViewAction>(
+              groupValue: prefs.afterMailViewAction,
+              onChanged: (value) {
+                if (value == null) return;
+                unawaited(
+                  ref
+                      .read(userPreferencesRepositoryProvider)
+                      .updateAfterMailViewAction(value),
+                );
+              },
+              child: const Column(
+                children: [
+                  RadioListTile<AfterMailViewAction>(
+                    title: Text('Next message (default)'),
+                    subtitle: Text('Show the next message in the mailbox.'),
+                    value: AfterMailViewAction.nextMessage,
+                  ),
+                  RadioListTile<AfterMailViewAction>(
+                    title: Text('Return to mailbox'),
+                    subtitle: Text('Return to the message list.'),
+                    value: AfterMailViewAction.showMailbox,
+                  ),
+                ],
+              ),
+            ),
+            const Divider(),
+            ListTile(
+              title: Text(
+                'Trusted image senders',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'Remote images are loaded automatically for these senders.',
+              ),
+            ),
+            ...trustedSendersAsync.when(
+              loading: () => const [],
+              error: (_, __) => const [],
+              data: (senders) => senders.isEmpty
+                  ? [
+                      const Padding(
+                        padding:
+                            EdgeInsets.symmetric(horizontal: 16, vertical: 8),
+                        child: Text('No trusted senders yet.'),
+                      ),
+                    ]
+                  : [
+                      for (final sender in senders)
+                        ListTile(
+                          title: Text(sender),
+                          trailing: IconButton(
+                            icon: const Icon(Icons.delete_outline),
+                            tooltip: 'Remove',
+                            onPressed: () {
+                              unawaited(
+                                ref
+                                    .read(userPreferencesRepositoryProvider)
+                                    .removeTrustedImageSender(sender),
+                              );
+                            },
+                          ),
+                        ),
+                    ],
+            ),
+          ],
+        ),
+      ),
+    );
+  }
+}
@@ -0,0 +1,76 @@
+import 'dart:io';
+
+import 'package:device_info_plus/device_info_plus.dart';
+import 'package:flutter/material.dart';
+import 'package:package_info_plus/package_info_plus.dart';
+import 'package:sharedinbox/core/db_schema_version.dart';
+
+const _gitHash = String.fromEnvironment('GIT_HASH');
+
+/// Builds the About markdown table used in [AboutScreen] and sync log copies.
+String buildAboutMarkdown({
+  required BuildContext context,
+  PackageInfo? pkg,
+  required int imapCount,
+  required int jmapCount,
+  String? deviceModel,
+}) {
+  final size = MediaQuery.of(context).size;
+  final pixelRatio = MediaQuery.of(context).devicePixelRatio;
+  final physW = (size.width * pixelRatio).toInt();
+  final physH = (size.height * pixelRatio).toInt();
+  final version = pkg != null ? '${pkg.version}+${pkg.buildNumber}' : 'unknown';
+  final versionDisplay = _gitHash.isNotEmpty
+      ? '[$version](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash)'
+      : version;
+  final osName = _capitalize(Platform.operatingSystem);
+  final isDark = MediaQuery.of(context).platformBrightness == Brightness.dark;
+  final locale = Localizations.localeOf(context).toString();
+  final textScale = MediaQuery.of(
+    context,
+  ).textScaler.scale(1.0).toStringAsFixed(1);
+
+  final gitCommitLine = _gitHash.isNotEmpty
+      ? '| Git Commit | [$_gitHash](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash) |\n'
+      : '';
+  final deviceModelLine =
+      deviceModel != null ? '| Device Model | $deviceModel |\n' : '';
+
+  return '## [sharedinbox.de](https://sharedinbox.de)\n\n'
+      '| Property | Value |\n'
+      '|----------|-------|\n'
+      '| App Version | $versionDisplay |\n'
+      '$gitCommitLine'
+      '| Platform | ${Platform.operatingSystem} |\n'
+      '| $osName Version | ${Platform.operatingSystemVersion} |\n'
+      '$deviceModelLine'
+      '| Resolution | ${physW}x$physH px'
+      ' (logical: ${size.width.toInt()}x${size.height.toInt()} pt,'
+      ' ratio: ${pixelRatio.toStringAsFixed(1)}x) |\n'
+      '| Dart Version | ${Platform.version.split(' ').first} |\n'
+      '| Processors | ${Platform.numberOfProcessors} |\n'
+      '| Dark Mode | ${isDark ? 'yes' : 'no'} |\n'
+      '| Locale | $locale |\n'
+      '| Text Scale | $textScale× |\n'
+      '| DB Schema Version | $dbSchemaVersion |\n'
+      '| IMAP Accounts | $imapCount |\n'
+      '| JMAP Accounts | $jmapCount |\n';
+}
+
+/// Fetches device model string, or null when unavailable.
+Future<String?> getDeviceModel() async {
+  try {
+    final info = DeviceInfoPlugin();
+    if (Platform.isAndroid) {
+      final android = await info.androidInfo;
+      return '${android.manufacturer} / ${android.model}';
+    } else if (Platform.isIOS) {
+      final ios = await info.iosInfo;
+      return ios.utsname.machine;
+    }
+  } catch (_) {}
+  return null;
+}
+
+String _capitalize(String s) =>
+    s.isEmpty ? s : '${s[0].toUpperCase()}${s.substring(1)}';
@@ -0,0 +1,258 @@
+import 'package:flutter/material.dart';
+import 'package:intl/intl.dart';
+
+import 'package:sharedinbox/core/models/email.dart';
+
+/// Full-screen dialog for browsing email headers, organised into groups.
+class EmailHeadersDialog extends StatelessWidget {
+  const EmailHeadersDialog({super.key, required this.headers});
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    return Dialog.fullscreen(
+      child: Scaffold(
+        appBar: AppBar(
+          title: const Text('Mail Headers'),
+          leading: const CloseButton(),
+        ),
+        body: _HeadersBody(headers: headers),
+      ),
+    );
+  }
+}
+
+class _HeadersBody extends StatelessWidget {
+  const _HeadersBody({required this.headers});
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    final receivedHeaders = <EmailHeader>[];
+    final listHeaders = <EmailHeader>[];
+    final arcHeaders = <EmailHeader>[];
+    final otherHeaders = <EmailHeader>[];
+    // Maps X- prefix (e.g. "X-Google") → headers with that prefix.
+    final xByPrefix = <String, List<EmailHeader>>{};
+
+    for (final h in headers) {
+      final lower = h.name.toLowerCase();
+      if (lower == 'received') {
+        receivedHeaders.add(h);
+        continue;
+      }
+      if (lower.startsWith('list-')) {
+        listHeaders.add(h);
+        continue;
+      }
+      if (lower.startsWith('arc-')) {
+        arcHeaders.add(h);
+        continue;
+      }
+      if (lower.startsWith('x-')) {
+        final parts = h.name.split('-');
+        // "X-Foo-Bar-Baz" → prefix "X-Foo"; "X-Single" → prefix "X-Single".
+        final prefix = parts.length >= 3 ? '${parts[0]}-${parts[1]}' : h.name;
+        xByPrefix.putIfAbsent(prefix, () => []).add(h);
+        continue;
+      }
+      otherHeaders.add(h);
+    }
+
+    final sections = <Widget>[];
+
+    if (otherHeaders.isNotEmpty) {
+      sections.add(_HeadersSection(title: 'Headers', headers: otherHeaders));
+    }
+    if (listHeaders.isNotEmpty) {
+      sections.add(
+        _HeadersSection(title: 'List- Headers', headers: listHeaders),
+      );
+    }
+    if (receivedHeaders.isNotEmpty) {
+      sections.add(_ReceivedSection(headers: receivedHeaders));
+    }
+    if (arcHeaders.isNotEmpty) {
+      sections.add(
+        _HeadersSection(title: 'ARC- Headers', headers: arcHeaders),
+      );
+    }
+
+    // X- headers at bottom, each prefix in its own collapsible group.
+    final sortedPrefixes = xByPrefix.keys.toList()
+      ..sort((a, b) => a.toLowerCase().compareTo(b.toLowerCase()));
+    for (final prefix in sortedPrefixes) {
+      sections.add(
+        _HeadersSection(
+          title: '$prefix Headers',
+          headers: xByPrefix[prefix]!,
+        ),
+      );
+    }
+
+    return ListView(children: sections);
+  }
+}
+
+class _HeadersSection extends StatelessWidget {
+  const _HeadersSection({required this.title, required this.headers});
+
+  final String title;
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    return ExpansionTile(
+      title: Text('$title (${headers.length})'),
+      children: [
+        for (var i = 0; i < headers.length; i++)
+          _HeaderRow(header: headers[i], index: i),
+      ],
+    );
+  }
+}
+
+/// Received headers section — collapsed by default; shows inter-hop delays.
+class _ReceivedSection extends StatelessWidget {
+  const _ReceivedSection({required this.headers});
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    final entries = _buildEntries(headers);
+    return ExpansionTile(
+      title: Text('Received (${headers.length})'),
+      children: [
+        for (var i = 0; i < entries.length; i++) ...[
+          _HeaderRow(header: entries[i].header, index: i),
+          if (entries[i].delay != null) _DelayRow(delay: entries[i].delay!),
+        ],
+      ],
+    );
+  }
+
+  static List<_ReceivedEntry> _buildEntries(List<EmailHeader> headers) {
+    final timestamps =
+        headers.map((h) => _parseReceivedTimestamp(h.value)).toList();
+    return [
+      for (var i = 0; i < headers.length; i++)
+        _ReceivedEntry(
+          header: headers[i],
+          delay: _computeDelay(timestamps, i),
+        ),
+    ];
+  }
+
+  static Duration? _computeDelay(List<DateTime?> timestamps, int i) {
+    if (i >= timestamps.length - 1) return null;
+    final current = timestamps[i];
+    final next = timestamps[i + 1];
+    if (current == null || next == null) return null;
+    final d = current.difference(next);
+    return d.isNegative ? Duration.zero : d;
+  }
+}
+
+class _ReceivedEntry {
+  const _ReceivedEntry({required this.header, this.delay});
+  final EmailHeader header;
+  final Duration? delay;
+}
+
+class _HeaderRow extends StatelessWidget {
+  const _HeaderRow({required this.header, required this.index});
+  final EmailHeader header;
+  final int index;
+
+  @override
+  Widget build(BuildContext context) {
+    final bg = index.isEven
+        ? Theme.of(context).colorScheme.surfaceContainerHighest
+        : Theme.of(context).colorScheme.surface;
+    return Container(
+      color: bg,
+      padding: const EdgeInsets.symmetric(vertical: 4, horizontal: 8),
+      child: Row(
+        crossAxisAlignment: CrossAxisAlignment.start,
+        children: [
+          Expanded(
+            child: SelectableText(
+              header.name,
+              style: const TextStyle(fontWeight: FontWeight.bold),
+            ),
+          ),
+          const SizedBox(width: 8),
+          Expanded(flex: 2, child: SelectableText(header.value)),
+        ],
+      ),
+    );
+  }
+}
+
+class _DelayRow extends StatelessWidget {
+  const _DelayRow({required this.delay});
+  final Duration delay;
+
+  @override
+  Widget build(BuildContext context) {
+    final color = _delayColor(delay);
+    return Padding(
+      padding: const EdgeInsets.symmetric(horizontal: 16, vertical: 2),
+      child: Row(
+        children: [
+          Icon(Icons.arrow_downward, size: 14, color: color),
+          const SizedBox(width: 4),
+          Text(
+            _formatDuration(delay),
+            style: TextStyle(
+              fontSize: 12,
+              color: color,
+              fontWeight:
+                  delay.inSeconds >= 30 ? FontWeight.bold : FontWeight.normal,
+            ),
+          ),
+        ],
+      ),
+    );
+  }
+}
+
+/// Parses the RFC 2822 timestamp from a Received header value.
+///
+/// Received headers end with `; date`, e.g.:
+///   by mx.example.com; Mon, 1 Jan 2024 12:00:00 +0000 (UTC)
+DateTime? _parseReceivedTimestamp(String value) {
+  final semiIndex = value.lastIndexOf(';');
+  if (semiIndex < 0) return null;
+  var s = value.substring(semiIndex + 1).trim();
+  // Strip parenthesised comments like (UTC).
+  s = s.replaceAll(RegExp(r'\([^)]*\)'), ' ').trim();
+  // Strip leading day-of-week abbreviation like "Mon, ".
+  s = s.replaceFirst(RegExp(r'^[A-Za-z]{2,4},\s*'), '');
+  // Collapse runs of whitespace.
+  s = s.replaceAll(RegExp(r'\s+'), ' ').trim();
+
+  for (final fmt in [
+    DateFormat('dd MMM yyyy HH:mm:ss Z', 'en_US'),
+    DateFormat('d MMM yyyy HH:mm:ss Z', 'en_US'),
+    DateFormat('dd MMM yyyy HH:mm:ss', 'en_US'),
+    DateFormat('d MMM yyyy HH:mm:ss', 'en_US'),
+  ]) {
+    try {
+      return fmt.parse(s);
+    } catch (_) {}
+  }
+  return null;
+}
+
+String _formatDuration(Duration d) {
+  if (d.inSeconds < 60) return '${d.inSeconds}s';
+  if (d.inMinutes < 60) return '${d.inMinutes}m ${d.inSeconds.remainder(60)}s';
+  return '${d.inHours}h ${d.inMinutes.remainder(60)}m';
+}
+
+Color _delayColor(Duration d) {
+  if (d.inSeconds < 30) return Colors.green;
+  if (d.inSeconds < 300) return Colors.orange;
+  return Colors.red;
+}
@@ -31,10 +31,13 @@ String buildEmailHtml(String htmlBody, {bool loadRemoteImages = false}) {
 <meta name="color-scheme" content="light">
 <meta http-equiv="Content-Security-Policy" content="$csp">
 <style>
-body { margin: 0; padding: 0; font-family: sans-serif; word-break: break-word; color-scheme: light; background-color: #ffffff; color: #000000; }
+body { margin: 0; padding: 0; font-family: sans-serif; word-break: break-word; overflow-x: hidden; color-scheme: light; background-color: #ffffff; color: #000000; }
 img { max-width: 100%; height: auto; }
 a { color: #1976D2; }
-* { box-sizing: border-box; }
+* { box-sizing: border-box; max-width: 100%; }
+table { width: 100%; border-collapse: collapse; }
+td, th { overflow-wrap: break-word; word-break: break-word; }
+pre { white-space: pre-wrap; word-break: break-word; overflow-x: auto; }
 </style>
 </head>
 <body>
@@ -108,12 +111,16 @@ class _SecureEmailWebViewState extends State<SecureEmailWebView> {
      );

  Future<void> _measureHeight(String _) async {
-    final result = await _controller!.runJavaScriptReturningResult(
-      'document.documentElement.scrollHeight',
-    );
-    final h = double.tryParse(result.toString());
-    if (h != null && h > 0 && mounted) {
-      setState(() => _height = h);
+    try {
+      final result = await _controller!.runJavaScriptReturningResult(
+        'document.documentElement.scrollHeight',
+      );
+      final h = double.tryParse(result.toString());
+      if (h != null && h > 0 && mounted) {
+        setState(() => _height = h);
+      }
+    } catch (_) {
+      // WebView not ready yet; height stays at default
    }
  }

@@ -184,12 +191,14 @@ class _SecureEmailWebViewState extends State<SecureEmailWebView> {
    );

    if (confirmed == true && mounted) {
-      final launched =
-          await launchUrl(uri, mode: LaunchMode.externalApplication);
+      final launched = await launchUrl(
+        uri,
+        mode: LaunchMode.externalApplication,
+      );
      if (!launched && mounted) {
-        ScaffoldMessenger.of(context).showSnackBar(
-          SnackBar(content: Text('Could not open: $url')),
-        );
+        ScaffoldMessenger.of(
+          context,
+        ).showSnackBar(SnackBar(content: Text('Could not open: $url')));
      }
    }
  }
@@ -19,24 +19,24 @@ dependencies:

  # Local persistence (offline-first)
  drift: ^2.20.3
-  sqlite3_flutter_libs: ^0.5.28
+  sqlite3_flutter_libs: ^0.6.0+eol
  path_provider: ^2.1.5
  path: ^1.9.1

  # State management
-  flutter_riverpod: ^2.6.1
+  flutter_riverpod: ^3.0.0

  # Navigation
-  go_router: ^14.8.1
+  go_router: ^17.2.3

  # Secure credential storage (passwords)
  flutter_secure_storage: ^10.0.0

  # Date formatting
-  intl: any
+  intl: ^0.20.2

  # File picking (compose attachments) and opening downloaded attachments
-  file_picker: ^8.0.0
+  file_picker: ^12.0.0-beta.4
  open_filex: ^4.6.0
  mime: ^2.0.0

@@ -47,34 +47,35 @@ dependencies:
  cryptography: ^2.7.0

  # QR code scanning (camera) for secure account import
-  mobile_scanner: ^5.0.0
+  mobile_scanner: ^7.2.0

  # HTML rendering for email bodies
  webview_flutter: ^4.0.0
  url_launcher: ^6.3.2
-  flutter_markdown: ^0.7.7+1
+  flutter_markdown_plus: ^1.0.7

  # Background sync and local notifications
-  flutter_local_notifications: ^18.0.1
+  flutter_local_notifications: ^21.0.0
  workmanager: ^0.9.0

  # App version metadata for crash reports
-  package_info_plus: ^8.0.0
-  share_plus: ^12.0.2
+  package_info_plus: ^10.1.0
+  share_plus: ^13.1.0
+  device_info_plus: ^13.1.0

 dev_dependencies:
  flutter_test:
    sdk: flutter
  integration_test:
    sdk: flutter
-  flutter_lints: ^4.0.0
+  flutter_lints: ^6.0.0
  drift_dev: ^2.20.3
  build_runner: ^2.4.13
  test: ^1.25.0
  mockito: ^5.4.4
  fake_async: ^1.3.1
  path_provider_platform_interface: ^2.1.2
-  sqlite3: any  # used directly in test/unit/db_test_helper.dart
+  sqlite3: ^3.1.5  # used directly in test/unit/db_test_helper.dart; 3.x required for Database.close()
  url_launcher_platform_interface: ^2.3.2
  plugin_platform_interface: ^2.1.8

@@ -84,7 +85,12 @@ flutter:
    - assets/

 dependency_overrides:
-  # path_provider_android 2.3+ uses package:jni which crashes on startup
-  # (SIGSEGV in libdartjni.so FindClassUnchecked — JNI env not ready when
-  # the Dart VM first calls into it). Pin to 2.2.x which uses Pigeon instead.
-  path_provider_android: ">=2.2.0 <2.3.0"
+  # path_provider_android 2.2.21 updated to Pigeon 26, which causes a
+  # channel-error on startup on some Android devices. 2.3+ uses package:jni
+  # (SIGSEGV in libdartjni.so FindClassUnchecked). Pin to 2.2.20 which uses
+  # stable Pigeon and is known to work reliably.
+  path_provider_android: ">=2.2.0 <2.2.21"
+  # url_launcher_android 6.3.25 updated to Pigeon 26, which causes a
+  # channel-error on launchUrl on some Android devices (same root cause as
+  # path_provider_android). Pin to <6.3.25 which uses stable Pigeon.
+  url_launcher_android: ">=6.3.0 <6.3.25"
@@ -0,0 +1,39 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ],
+  "labels": ["dependencies"],
+  "github-actions": {
+    "enabled": false
+  },
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["minor", "patch", "pin", "digest", "lockFileMaintenance"],
+      "addLabels": ["automerge"]
+    },
+    {
+      "matchManagers": ["gomod"],
+      "matchFileNames": ["ci/**"],
+      "enabled": false
+    }
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": ["^\\.forgejo/Dockerfile$"],
+      "matchStrings": ["DAGGER_VERSION=(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)"],
+      "depNameTemplate": "dagger/dagger",
+      "datasourceTemplate": "github-releases",
+      "extractVersionTemplate": "^v(?<version>.*)$"
+    },
+    {
+      "customType": "regex",
+      "fileMatch": ["^DAGGER\\.md$"],
+      "matchStrings": ["github:dagger/nix/v(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)#dagger"],
+      "depNameTemplate": "dagger/dagger",
+      "datasourceTemplate": "github-releases",
+      "extractVersionTemplate": "^v(?<version>.*)$"
+    }
+  ]
+}
@@ -1,326 +0,0 @@
-#!/usr/bin/env python3
-"""
-agent_loop.py — called from cron every 10 minutes.
-
-Flow
----
-1. Agent already running?
-   a. Age > 1 h  → kill it, set its issue to State/Question, exit 1
-   b. Age ≤ 1 h  → print status, exit 0  (let it keep working)
-2. No agent running → check Codeberg CI
-   a. CI is running         → print "CI running, waiting", exit 0
-   b. Latest CI failed      → start fix-CI agent, save state, exit 0
-   c. CI ok (or no run yet) → find oldest Ready issue, start issue agent,
-                              save state, exit 0
-   d. No Ready issues       → print "nothing to do", exit 0
-
-State file: ~/.sharedinbox-agent-state.json
-  { "pid": 12345, "issue": 91,
-    "started_at": "2026-05-15T12:00:00+00:00", "type": "issue" }
-
-Output is written to ~/.sharedinbox-agent-logs/<session>-<timestamp>.log.
-Resume the Claude conversation afterward with:
-
-  claude --resume issue-91
-"""
-
-import json
-import os
-import shlex
-import subprocess
-import sys
-from datetime import datetime, timezone
-from pathlib import Path
-
-# Cron runs with a minimal PATH; ensure Nix profile binaries (tea, claude) are found.
-os.environ["PATH"] = f"/home/si/.nix-profile/bin:{os.environ.get('PATH', '/usr/bin:/bin')}"
-
-# ── configuration ─────────────────────────────────────────────────────────────
-
-REPO = "guettli/sharedinbox"
-STATE_FILE = Path.home() / ".sharedinbox-agent-state.json"
-MAX_AGENT_AGE_SECONDS = 3600  # 1 hour
-
-# Labels used by the workflow.
-LABEL_READY = "State/Ready"
-LABEL_IN_PROGRESS = "State/InProgress"
-LABEL_QUESTION = "State/Question"
-
-# ── helpers ───────────────────────────────────────────────────────────────────
-
-
-def _tea(*args: str) -> dict | list | None:
-    """Run a `tea api` command and return parsed JSON, or None on 204."""
-    method = "GET"
-    path = args[0]
-    extra: list[str] = []
-    body_str = None
-
-    i = 1
-    while i < len(args):
-        if args[i] in ("--method", "-X") and i + 1 < len(args):
-            method = args[i + 1]
-            i += 2
-        elif args[i] in ("--data", "-d") and i + 1 < len(args):
-            body_str = args[i + 1]
-            i += 2
-        else:
-            extra.append(args[i])
-            i += 1
-
-    cmd = ["tea", "api", "--repo", REPO, "-X", method]
-    if body_str:
-        cmd += ["-d", body_str]
-    cmd.append(path)
-
-    result = subprocess.run(cmd, capture_output=True, text=True)
-    if result.returncode != 0:
-        raise RuntimeError(
-            f"tea api {path} failed:\n{result.stderr or result.stdout}"
-        )
-    out = result.stdout.strip()
-    if not out:
-        return None
-    return json.loads(out)
-
-
-def _set_labels(issue: int, add: list[str], remove: list[str]) -> None:
-    """Replace labels on an issue via the tea CLI."""
-    current = _tea(f"repos/{REPO}/issues/{issue}/labels") or []
-    current_names = {lbl["name"] for lbl in current}
-    all_labels = _tea(f"repos/{REPO}/labels") or []
-    name_to_id = {lbl["name"]: lbl["id"] for lbl in all_labels}
-
-    desired = (current_names - set(remove)) | set(add)
-    ids = [name_to_id[n] for n in desired if n in name_to_id]
-    _tea(
-        f"repos/{REPO}/issues/{issue}/labels",
-        "-X", "PUT",
-        "-d", json.dumps({"labels": ids}),
-    )
-
-
-def _close_issue(issue: int) -> None:
-    _tea(
-        f"repos/{REPO}/issues/{issue}",
-        "-X", "PATCH",
-        "-d", json.dumps({"state": "closed"}),
-    )
-
-
-def _ready_issues() -> list[dict]:
-    """Return open issues with State/Ready, oldest first."""
-    data = _tea(f"repos/{REPO}/issues?state=open&type=issues&limit=50") or []
-    ready = [
-        i for i in data
-        if any(lbl["name"] == LABEL_READY for lbl in i.get("labels", []))
-    ]
-    ready.sort(key=lambda i: i["number"])
-    return ready
-
-
-def _latest_ci_run() -> dict | None:
-    data = _tea(f"repos/{REPO}/actions/runs?limit=1")
-    runs = (data or {}).get("workflow_runs", [])
-    return runs[0] if runs else None
-
-
-# ── state file ────────────────────────────────────────────────────────────────
-
-
-def _read_state() -> dict | None:
-    if STATE_FILE.exists():
-        try:
-            return json.loads(STATE_FILE.read_text())
-        except Exception:
-            pass
-    return None
-
-
-def _write_state(pid: int, issue: int | None, kind: str) -> None:
-    STATE_FILE.write_text(
-        json.dumps(
-            {
-                "pid": pid,
-                "issue": issue,
-                "started_at": datetime.now(timezone.utc).isoformat(),
-                "type": kind,
-            },
-            indent=2,
-        )
-    )
-
-
-def _clear_state() -> None:
-    STATE_FILE.unlink(missing_ok=True)
-
-
-# ── agent launcher ────────────────────────────────────────────────────────────
-
-
-def _start_agent(prompt: str, session_name: str) -> int:
-    """Start Claude Code as a detached background process and return its PID."""
-    log_dir = Path.home() / ".sharedinbox-agent-logs"
-    log_dir.mkdir(exist_ok=True)
-    ts = datetime.now().strftime("%Y%m%dT%H%M%S")
-    log_file = log_dir / f"{session_name}-{ts}.log"
-
-    log_fh = open(log_file, "w")
-    proc = subprocess.Popen(
-        [
-            "claude",
-            "--dangerously-skip-permissions",
-            "--name", session_name,
-            "-p", prompt,
-        ],
-        stdin=subprocess.PIPE,
-        stdout=log_fh,
-        stderr=log_fh,
-        start_new_session=True,
-    )
-    log_fh.close()  # Parent closes its copy; the child retains the fd.
-    # Answer the workspace-trust dialog; after this the pipe hits EOF.
-    proc.stdin.write(b"\n")
-    proc.stdin.close()
-
-    print(f"[agent_loop] Started agent pid={proc.pid}, log={log_file}")
-    print(f"[agent_loop]   Resume: claude --resume {shlex.quote(session_name)}")
-    return proc.pid
-
-
-def _agent_alive(state: dict) -> bool:
-    """Return True if the agent process is still running."""
-    pid = state.get("pid")
-    if pid is None:
-        return False
-    try:
-        os.kill(pid, 0)
-        return True
-    except ProcessLookupError:
-        return False
-    except PermissionError:
-        return True
-
-
-def _agent_age_seconds(state: dict) -> float:
-    """Seconds elapsed since the agent was launched, from the state file timestamp."""
-    try:
-        started_at = datetime.fromisoformat(state["started_at"])
-        return (datetime.now(timezone.utc) - started_at).total_seconds()
-    except Exception:
-        return 0.0
-
-
-def _kill_agent(state: dict) -> None:
-    """Forcefully stop the running agent."""
-    pid = state.get("pid")
-    if pid:
-        try:
-            os.kill(pid, 9)
-        except ProcessLookupError:
-            pass
-
-
-# ── main flow ─────────────────────────────────────────────────────────────────
-
-
-def main() -> int:
-    state = _read_state()
-
-    # ── 1. Agent already running? ─────────────────────────────────────────────
-    if state and _agent_alive(state):
-        age = _agent_age_seconds(state)
-        issue = state.get("issue")
-        kind = state.get("type", "issue")
-        pid = state.get("pid", "?")
-
-        if age > MAX_AGENT_AGE_SECONDS:
-            print(
-                f"[agent_loop] Agent pid={pid!r} (issue #{issue}) "
-                f"has been running for {age/60:.0f} min — aborting."
-            )
-            _kill_agent(state)
-            _clear_state()
-            if issue:
-                _set_labels(issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
-                print(f"[agent_loop] Set issue #{issue} to State/Question.")
-            return 1
-
-        print(
-            f"[agent_loop] Agent pid={pid!r} ({kind}, issue #{issue}) "
-            f"still running ({age/60:.0f} min). Waiting."
-        )
-        return 0
-
-    # Agent not running (or no state) — clean up stale state.
-    if state:
-        _clear_state()
-
-    # ── 2. Check CI ───────────────────────────────────────────────────────────
-    run = _latest_ci_run()
-
-    if run and run.get("status") == "running":
-        print(f"[agent_loop] CI run {run['id']} is still running. Waiting.")
-        return 0
-
-    if run and run.get("status") in ("failure", "error"):
-        print(f"[agent_loop] CI run {run['id']} failed — starting fix agent.")
-        prompt = (
-            "The Codeberg CI for guettli/sharedinbox just failed. "
-            f"The CI run ID is {run['id']}. "
-            "Fetch the CI logs using the task ci-logs command or the Codeberg API. "
-            "Identify the failure, fix it, commit, and push. "
-            "Verify locally with 'task check' before pushing. "
-            "When done, stop."
-        )
-        pid = _start_agent(prompt, "ci-fix")
-        _write_state(pid, None, "ci-fix")
-        return 0
-
-    # CI is ok (or no run) — find a Ready issue.
-    issues = _ready_issues()
-    if not issues:
-        print("[agent_loop] No issues with State/Ready. Nothing to do.")
-        return 0
-
-    issue = issues[0]
-    issue_number = issue["number"]
-    issue_title = issue["title"]
-    issue_body = issue.get("body", "")
-
-    print(f"[agent_loop] Starting agent for issue #{issue_number}: {issue_title}")
-
-    # Mark InProgress before starting so the next cron tick sees it even if
-    # the agent hasn't had time to do so yet.
-    _set_labels(
-        issue_number,
-        add=[LABEL_IN_PROGRESS],
-        remove=[LABEL_READY],
-    )
-
-    prompt = f"""Work on Codeberg issue #{issue_number} in the guettli/sharedinbox repository.
-
-Issue title: {issue_title}
-
-Issue body:
-{issue_body}
-
-Instructions:
- Understand the issue thoroughly before writing any code.
- Implement the required change, following the existing code style.
- Write or update tests as appropriate.
- Run 'task check' locally and fix any failures before committing.
- Commit with a descriptive message referencing the issue number (e.g. "feat: ... (#{issue_number})").
- Push to origin/main.
- If you hit a blocker you cannot resolve, set the issue label to State/Question
-  and stop (do NOT close the issue).
- When the work is done and pushed, close the issue and stop.
-"""
-
-    pid = _start_agent(prompt, f"issue-{issue_number}")
-    _write_state(pid, issue_number, "issue")
-    return 0
-
-
-if __name__ == "__main__":
-    sys.exit(main())
@@ -11,6 +11,7 @@ const _minCoveragePercent = 80;

 // Pure-abstract interfaces: no executable code, Dart VM never instruments them.
 const _noCode = {
+  'lib/core/db_schema_version.dart',
  'lib/core/repositories/account_repository.dart',
  'lib/core/repositories/draft_repository.dart',
  'lib/core/repositories/email_repository.dart',
@@ -19,7 +20,9 @@ const _noCode = {
  'lib/core/repositories/sync_log_repository.dart',
  'lib/core/repositories/undo_repository.dart',
  'lib/core/repositories/search_history_repository.dart',
+  'lib/core/repositories/user_preferences_repository.dart',
  'lib/core/models/undo_action.dart',
+  'lib/core/models/user_preferences.dart',
  'lib/core/storage/secure_storage.dart',
 };

@@ -39,6 +42,7 @@ const _excluded = {
  'lib/ui/screens/add_account_screen.dart',
  'lib/ui/screens/address_emails_screen.dart',
  'lib/ui/screens/changelog_screen.dart',
+  'lib/ui/screens/combined_inbox_screen.dart',
  'lib/ui/screens/compose_screen.dart',
  'lib/ui/screens/crash_screen.dart',
  'lib/ui/screens/edit_account_screen.dart',
@@ -57,6 +61,9 @@ const _excluded = {
  'lib/ui/widgets/try_connection_button.dart',
  'lib/ui/widgets/undo_shell.dart',
  'lib/ui/screens/about_screen.dart',
+  'lib/ui/screens/email_action_helpers.dart',
+  'lib/ui/utils/about_markdown.dart',
+  'lib/ui/widgets/email_headers_dialog.dart',
  'lib/ui/widgets/email_tile.dart',
  'lib/core/sync/account_sync_manager.dart',
  'lib/core/sync/background_sync.dart',
@@ -70,6 +77,8 @@ const _excluded = {
  'lib/data/repositories/sync_log_repository_impl.dart',
  'lib/data/repositories/undo_repository_impl.dart',
  'lib/data/repositories/search_history_repository_impl.dart',
+  'lib/data/repositories/user_preferences_repository_impl.dart',
+  'lib/ui/screens/user_preferences_screen.dart',
  'lib/core/services/update_service.dart',
 };

@@ -5,7 +5,14 @@ set -euo pipefail
 cd "$(git rev-parse --show-toplevel)"

 echo "check-mocks: regenerating..."
-fvm flutter pub run build_runner build --delete-conflicting-outputs 2>&1
+tmp=$(mktemp)
+trap 'rm -f "$tmp"' EXIT
+if fvm flutter pub run build_runner build --delete-conflicting-outputs >"$tmp" 2>&1; then
+  grep -vE '^\[' "$tmp" || true
+else
+  cat "$tmp"
+  exit 1
+fi

 CHANGED=$(git diff --name-only -- '*.mocks.dart')
 if [ -n "$CHANGED" ]; then
@@ -6,71 +6,49 @@ import os
 import sys
 import time

-import requests
 from google.auth.transport.requests import AuthorizedSession
 from google.oauth2 import service_account

 PACKAGE_NAME = "de.sharedinbox.mua"
 AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
 TRACK = "internal"
-_TIMEOUT = 300  # seconds — AAB uploads can be large
-_MAX_UPLOAD_ATTEMPTS = 3
 _BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
 _UPLOAD_BASE = "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications"
+_MAX_UPLOAD_ATTEMPTS = 3


-def _make_session(config_json: str) -> AuthorizedSession:
-    creds = service_account.Credentials.from_service_account_info(
-        json.loads(config_json),
-        scopes=["https://www.googleapis.com/auth/androidpublisher"],
-    )
-    return AuthorizedSession(creds)
-
-
-def _upload_aab(session: AuthorizedSession, edit_id: str) -> int:
-    """Resumable upload of the AAB. Returns the version code."""
-    file_size = os.path.getsize(AAB_PATH)
+def _upload_aab_resumable(session, package, edit_id, aab_path):
+    """Upload AAB using the Google resumable upload protocol."""
+    file_size = os.path.getsize(aab_path)
+    init_url = f"{_UPLOAD_BASE}/{package}/edits/{edit_id}/bundles"

+    # Step 1: initiate the resumable upload session
    init_resp = session.post(
-        f"{_UPLOAD_BASE}/{PACKAGE_NAME}/edits/{edit_id}/bundles",
+        init_url,
        params={"uploadType": "resumable"},
        headers={
            "X-Upload-Content-Type": "application/octet-stream",
            "X-Upload-Content-Length": str(file_size),
+            "Content-Length": "0",
        },
-        json={},
-        timeout=30,
+        timeout=60,
    )
    init_resp.raise_for_status()
    upload_url = init_resp.headers["Location"]

-    with open(AAB_PATH, "rb") as f:
-        data = f.read()
-
-    last_exc = None
-    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
-        try:
-            upload_resp = session.put(
-                upload_url,
-                data=data,
-                headers={
-                    "Content-Type": "application/octet-stream",
-                    "Content-Length": str(file_size),
-                },
-                timeout=_TIMEOUT,
-            )
-            upload_resp.raise_for_status()
-            return upload_resp.json()["versionCode"]
-        except requests.HTTPError as exc:
-            last_exc = exc
-            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
-                delay = 10 * (2 ** attempt)
-                print(f"Upload attempt {attempt + 1} failed ({exc}), retrying in {delay}s…")
-                time.sleep(delay)
-
-    raise RuntimeError(
-        f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
-    ) from last_exc
+    # Step 2: upload the file in a single PUT to the session URI
+    with open(aab_path, "rb") as f:
+        upload_resp = session.put(
+            upload_url,
+            data=f,
+            headers={
+                "Content-Type": "application/octet-stream",
+                "Content-Length": str(file_size),
+            },
+            timeout=600,
+        )
+    upload_resp.raise_for_status()
+    return upload_resp.json()


 def main():
@@ -83,25 +61,45 @@ def main():
        print(f"Error: AAB not found at {AAB_PATH}", file=sys.stderr)
        sys.exit(1)

-    session = _make_session(config_json)
-
-    edit_resp = session.post(
-        f"{_BASE}/{PACKAGE_NAME}/edits",
-        json={},
-        timeout=30,
+    creds = service_account.Credentials.from_service_account_info(
+        json.loads(config_json),
+        scopes=["https://www.googleapis.com/auth/androidpublisher"],
    )
+    session = AuthorizedSession(creds)
+
+    edit_resp = session.post(f"{_BASE}/{PACKAGE_NAME}/edits", json={}, timeout=30)
    edit_resp.raise_for_status()
    edit_id = edit_resp.json()["id"]

-    version_code = _upload_aab(session, edit_id)
+    last_exc = None
+    bundle = None
+    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
+        try:
+            bundle = _upload_aab_resumable(session, PACKAGE_NAME, edit_id, AAB_PATH)
+            break
+        except Exception as exc:
+            last_exc = exc
+            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
+                delay = 10 * (2 ** attempt)
+                print(
+                    f"Upload attempt {attempt + 1} failed ({type(exc).__name__}: {exc}), "
+                    f"retrying in {delay}s…"
+                )
+                time.sleep(delay)
+    if bundle is None:
+        raise RuntimeError(
+            f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
+        ) from last_exc
+
+    version_code = bundle["versionCode"]
    print(f"Uploaded AAB, version code: {version_code}")

-    tracks_resp = session.put(
+    track_resp = session.put(
        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
        json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
        timeout=30,
    )
-    tracks_resp.raise_for_status()
+    track_resp.raise_for_status()

    commit_resp = session.post(
        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}:commit",
@@ -33,15 +33,20 @@ def list_remote_files(ssh_user: str, ssh_host: str, pattern: str) -> list[str]:
    result = subprocess.run(
        [
            "ssh",
-            "-o",
-            "StrictHostKeyChecking=no",
            f"{ssh_user}@{ssh_host}",
            f"find {REMOTE_BUILDS_DIR} -name '{pattern}' -type f | sort",
        ],
        capture_output=True,
        text=True,
-        check=True,
    )
+    if result.returncode != 0:
+        print(
+            f"WARNING: ssh exit {result.returncode} listing {pattern} on {ssh_user}@{ssh_host}"
+            " — build history will be empty for this pattern",
+            file=sys.stderr,
+        )
+        print(result.stderr, file=sys.stderr)
+        return []
    return [line.strip() for line in result.stdout.splitlines() if line.strip()]


@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+# Runs the Firebase Test Lab Dagger pipeline with Gradle/Dagger noise filtered out.
+# Retries up to 3 times on transient Dagger engine connectivity errors.
+set -uo pipefail
+
+OUT=$(mktemp)
+RC_FILE=$(mktemp)
+trap 'rm -f "$OUT" "$RC_FILE"' EXIT
+
+_strip_ansi() {
+    sed 's/\x1b\[[0-9;]*[mGKHFJ]//g'
+}
+
+_filter_noise() {
+    grep -vE \
+        '> Task :.+(UP-TO-DATE|NO-SOURCE|SKIPPED)'\
+'|[0-9]+ files found for path '\''lib/'\
+'|^Inputs:'\
+'|^[[:space:]]+-[[:space:]]/'\
+'|\[Incubating\]'\
+'|Deprecated Gradle features'\
+'|warning-mode all'\
+'|please refer to https://docs\.gradle'\
+'|[0-9]+ actionable tasks'\
+'|^warning: \[options\]'\
+'|^Note: Some input files'\
+'|Starting a Gradle Daemon'\
+'|Have questions, feedback, or issues'\
+'|https://firebase\.google\.com/support'\
+'|^\s*[┆│]\s*$' \
+    || true
+}
+
+_run() {
+    : > "$OUT" ; : > "$RC_FILE"
+    {
+        dagger call --progress=plain -q -m ci --source=. test-android-firebase \
+            --service-account-key env:FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY \
+            --project-id "$FIREBASE_PROJECT_ID"
+        echo $? > "$RC_FILE"
+    } 2>&1 | tee "$OUT" | _strip_ansi | _filter_noise
+}
+
+for attempt in 1 2 3; do
+    _run && break
+    RC=$(cat "$RC_FILE" 2>/dev/null || echo 1)
+    if [ "$attempt" -lt 3 ] && grep -qE "connection reset|context canceled|connection refused|No Dagger server responded" "$OUT"; then
+        echo "[firebase] dagger connectivity error on attempt $attempt/3, retrying..." >&2
+    else
+        exit "$RC"
+    fi
+done
+
+exit "$(cat "$RC_FILE" 2>/dev/null || echo 0)"
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ -z "${SOPS_AGE_KEY:-}" ]; then
+    echo "Error: SOPS_AGE_KEY must be set."
+    exit 1
+fi
+
+echo "Decrypting secrets with SOPS..."
+export SOPS_AGE_KEY="$SOPS_AGE_KEY"
+SECRETS_JSON=$(mktemp)
+trap "rm -f $SECRETS_JSON" EXIT
+
+sops --decrypt --output-type json secrets.enc.yaml > "$SECRETS_JSON"
+
+DAGGER_SSH_KEY=$(jq -r '.DAGGER_SSH_KEY' "$SECRETS_JSON")
+DAGGER_ENGINE_HOST=$(jq -r '.DAGGER_ENGINE_HOST' "$SECRETS_JSON")
+
+# Export all CI secrets to the GitHub Actions environment so subsequent steps
+# can use them without referencing Forgejo secrets directly.
+export_secret() {
+    local name="$1"
+    local value
+    value=$(jq -r --arg k "$name" '.[$k] // empty' "$SECRETS_JSON")
+    if [ -n "${GITHUB_ENV:-}" ]; then
+        # Use heredoc syntax for multiline-safe export.
+        # Avoid adding a second trailing newline for values that already end with one
+        # (e.g. SSH private keys), which can corrupt PEM parsing.
+        {
+            printf '%s<<__EOF__\n' "$name"
+            printf '%s' "$value"
+            [ "${value%$'\n'}" = "$value" ] && printf '\n'
+            printf '__EOF__\n'
+        } >> "$GITHUB_ENV"
+    fi
+    printf '[secrets] exported %s (%d chars)\n' "$name" "${#value}"
+}
+
+export_secret "SSH_PRIVATE_KEY"
+export_secret "SSH_KNOWN_HOSTS"
+export_secret "SSH_USER"
+export_secret "SSH_HOST"
+export_secret "WEBSITE_SSH_HOST"
+export_secret "PLAY_STORE_CONFIG_JSON"
+export_secret "ANDROID_KEYSTORE_BASE64"
+export_secret "ANDROID_KEYSTORE_PASSWORD"
+export_secret "FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY"
+export_secret "RENOVATE_FORGEJO_TOKEN"
+
+# Setup SSH directory and keys
+mkdir -p ~/.ssh
+chmod 700 ~/.ssh
+echo "$DAGGER_SSH_KEY" > ~/.ssh/dagger_key
+chmod 600 ~/.ssh/dagger_key
+
+# Add remote host to known_hosts
+ssh-keyscan -H "$DAGGER_ENGINE_HOST" >> ~/.ssh/known_hosts 2>/dev/null
+
+# Create a background SSH tunnel to the Dagger engine.
+# We map local port 8080 to remote port 1774 (where our socat bridge is listening).
+echo "Establishing SSH tunnel to $DAGGER_ENGINE_HOST..."
+ssh -i ~/.ssh/dagger_key -o StrictHostKeyChecking=no -f -N -L 8080:localhost:1774 "dagger@$DAGGER_ENGINE_HOST"
+
+# Export _EXPERIMENTAL_DAGGER_RUNNER_HOST to use the tunnel.
+export _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://localhost:8080"
+if [ -n "${GITHUB_ENV:-}" ]; then
+    echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://localhost:8080" >> "$GITHUB_ENV"
+fi
+
+# Verify the connection
+echo "Verifying connection to Dagger engine via SSH tunnel..."
+# Use a simple command that doesn't require complex GraphQL operations.
+if ! timeout 45 dagger core --help >/dev/null 2>&1 ; then
+    echo "Error: Dagger engine unreachable via tunnel at localhost:8080"
+    # Debug
+    ps aux | grep ssh
+    exit 1
+fi
+echo "Dagger connection verified successfully."
@@ -1,207 +0,0 @@
-#!/usr/bin/env python3
-"""Tests for agent_loop.py."""
-import io
-import json
-import os
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import MagicMock, patch
-
-import sys
-sys.path.insert(0, str(Path(__file__).parent))
-
-import agent_loop
-
-
-class TestStateFile(unittest.TestCase):
-    def setUp(self):
-        self._tmp = tempfile.NamedTemporaryFile(delete=False, suffix=".json")
-        self._tmp.close()
-        self._orig = agent_loop.STATE_FILE
-        agent_loop.STATE_FILE = Path(self._tmp.name)
-        Path(self._tmp.name).unlink()  # Start with no state file.
-
-    def tearDown(self):
-        agent_loop.STATE_FILE = self._orig
-        Path(self._tmp.name).unlink(missing_ok=True)
-
-    def test_write_state_stores_pid(self):
-        agent_loop._write_state(12345, 91, "issue")
-        data = json.loads(Path(self._tmp.name).read_text())
-        self.assertEqual(data["pid"], 12345)
-        self.assertNotIn("tmux_session", data)
-
-    def test_write_state_stores_issue_and_kind(self):
-        agent_loop._write_state(99, 7, "ci-fix")
-        data = json.loads(Path(self._tmp.name).read_text())
-        self.assertEqual(data["issue"], 7)
-        self.assertEqual(data["type"], "ci-fix")
-        self.assertIn("started_at", data)
-
-    def test_read_state_returns_none_when_missing(self):
-        self.assertIsNone(agent_loop._read_state())
-
-    def test_read_and_write_roundtrip(self):
-        agent_loop._write_state(42, 10, "issue")
-        state = agent_loop._read_state()
-        self.assertIsNotNone(state)
-        self.assertEqual(state["pid"], 42)
-        self.assertEqual(state["issue"], 10)
-
-    def test_clear_state_removes_file(self):
-        agent_loop._write_state(1, None, "ci-fix")
-        agent_loop._clear_state()
-        self.assertIsNone(agent_loop._read_state())
-
-
-class TestAgentAlive(unittest.TestCase):
-    def test_own_pid_is_alive(self):
-        self.assertTrue(agent_loop._agent_alive({"pid": os.getpid()}))
-
-    def test_nonexistent_pid_is_dead(self):
-        self.assertFalse(agent_loop._agent_alive({"pid": 999999999}))
-
-    def test_missing_pid_returns_false(self):
-        self.assertFalse(agent_loop._agent_alive({}))
-        self.assertFalse(agent_loop._agent_alive({"pid": None}))
-
-
-class TestKillAgent(unittest.TestCase):
-    def test_kill_sends_sigkill(self):
-        with patch("agent_loop.os.kill") as mock_kill:
-            agent_loop._kill_agent({"pid": 1234})
-            mock_kill.assert_called_once_with(1234, 9)
-
-    def test_kill_ignores_missing_process(self):
-        with patch("agent_loop.os.kill", side_effect=ProcessLookupError):
-            agent_loop._kill_agent({"pid": 1234})  # Should not raise.
-
-    def test_kill_noop_when_no_pid(self):
-        with patch("agent_loop.os.kill") as mock_kill:
-            agent_loop._kill_agent({})
-            mock_kill.assert_not_called()
-
-
-class TestStartAgent(unittest.TestCase):
-    def _make_mock_proc(self, pid=42):
-        proc = MagicMock()
-        proc.pid = pid
-        proc.stdin = io.BytesIO()
-        return proc
-
-    def test_start_agent_returns_pid(self):
-        mock_proc = self._make_mock_proc(pid=42)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc):
-                with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                    result = agent_loop._start_agent("do something", "issue-99")
-        self.assertEqual(result, 42)
-
-    def test_start_agent_uses_popen_not_tmux(self):
-        mock_proc = self._make_mock_proc(pid=7)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc) as mock_popen:
-                with patch("agent_loop.subprocess.run") as mock_run:
-                    with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                        agent_loop._start_agent("prompt", "ci-fix")
-            mock_popen.assert_called_once()
-            mock_run.assert_not_called()
-
-    def test_start_agent_passes_session_name_to_claude(self):
-        mock_proc = self._make_mock_proc(pid=7)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc) as mock_popen:
-                with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                    agent_loop._start_agent("prompt", "issue-55")
-            cmd = mock_popen.call_args[0][0]
-            self.assertIn("issue-55", cmd)
-            self.assertIn("claude", cmd[0])
-
-    def test_start_agent_uses_start_new_session(self):
-        mock_proc = self._make_mock_proc(pid=7)
-        with tempfile.TemporaryDirectory() as tmpdir:
-            with patch("agent_loop.subprocess.Popen", return_value=mock_proc) as mock_popen:
-                with patch.object(agent_loop.Path, "home", return_value=Path(tmpdir)):
-                    agent_loop._start_agent("prompt", "issue-55")
-            kwargs = mock_popen.call_args[1]
-            self.assertTrue(kwargs.get("start_new_session"))
-
-
-class TestMain(unittest.TestCase):
-    """Tests for the main() flow."""
-
-    def _make_mock_proc(self, pid=42):
-        proc = MagicMock()
-        proc.pid = pid
-        proc.stdin = io.BytesIO()
-        return proc
-
-    def _make_issue(self, number=10, title="Do something"):
-        return {"number": number, "title": title, "body": "", "labels": []}
-
-    def test_sets_in_progress_before_starting_agent(self):
-        """_set_labels(InProgress) must be called before _start_agent."""
-        call_order = []
-        mock_proc = self._make_mock_proc(pid=55)
-
-        def fake_set_labels(issue, add, remove):
-            call_order.append(("set_labels", add, remove))
-
-        def fake_start_agent(prompt, session_name):
-            call_order.append(("start_agent", session_name))
-            return 55
-
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[self._make_issue(10)]), \
-             patch("agent_loop._set_labels", side_effect=fake_set_labels), \
-             patch("agent_loop._start_agent", side_effect=fake_start_agent), \
-             patch("agent_loop._write_state"):
-            result = agent_loop.main()
-
-        self.assertEqual(result, 0)
-        labels_idx = next(
-            i for i, c in enumerate(call_order) if c[0] == "set_labels"
-        )
-        agent_idx = next(
-            i for i, c in enumerate(call_order) if c[0] == "start_agent"
-        )
-        self.assertLess(labels_idx, agent_idx,
-                        "_set_labels must be called before _start_agent")
-
-    def test_sets_in_progress_label_and_removes_ready(self):
-        """The InProgress label is added and the Ready label is removed."""
-        captured = {}
-
-        def fake_set_labels(issue, add, remove):
-            captured["add"] = add
-            captured["remove"] = remove
-
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[self._make_issue(7)]), \
-             patch("agent_loop._set_labels", side_effect=fake_set_labels), \
-             patch("agent_loop._start_agent", return_value=99), \
-             patch("agent_loop._write_state"):
-            agent_loop.main()
-
-        self.assertIn(agent_loop.LABEL_IN_PROGRESS, captured.get("add", []))
-        self.assertIn(agent_loop.LABEL_READY, captured.get("remove", []))
-
-    def test_no_ready_issues_does_nothing(self):
-        """main() exits cleanly with 0 when there are no ready issues."""
-        with patch("agent_loop._read_state", return_value=None), \
-             patch("agent_loop._latest_ci_run", return_value=None), \
-             patch("agent_loop._ready_issues", return_value=[]), \
-             patch("agent_loop._set_labels") as mock_labels, \
-             patch("agent_loop._start_agent") as mock_start:
-            result = agent_loop.main()
-
-        self.assertEqual(result, 0)
-        mock_labels.assert_not_called()
-        mock_start.assert_not_called()
-
-
-if __name__ == "__main__":
-    unittest.main()
@@ -0,0 +1,200 @@
+#!/usr/bin/env python3
+"""Tests for deploy_playstore.py."""
+import os
+import sys
+import unittest
+from pathlib import Path
+from unittest.mock import MagicMock, call, patch
+
+sys.path.insert(0, str(Path(__file__).parent))
+
+import deploy_playstore
+
+
+def _make_session(
+    edit_id="edit-42",
+    version_code=7,
+    upload_side_effects=None,
+):
+    """Return a mock AuthorizedSession with sensible defaults."""
+    session = MagicMock()
+
+    # POST /edits → create edit
+    edit_resp = MagicMock()
+    edit_resp.json.return_value = {"id": edit_id}
+    session.post.return_value = edit_resp
+
+    # POST resumable-init → Location header
+    init_resp = MagicMock()
+    init_resp.headers = {"Location": "https://upload.example.com/session"}
+
+    # PUT upload → bundle JSON
+    upload_resp = MagicMock()
+    upload_resp.json.return_value = {"versionCode": version_code}
+
+    if upload_side_effects is not None:
+        # Use side_effect list: first call is edit create, rest are upload inits
+        # We override the PUT side effects via _upload_aab_resumable mock instead
+        pass
+
+    return session, init_resp, upload_resp
+
+
+class TestMainEnvChecks(unittest.TestCase):
+    def test_missing_env_exits(self):
+        with patch.dict(os.environ, {}, clear=True):
+            with self.assertRaises(SystemExit) as ctx:
+                deploy_playstore.main()
+        self.assertEqual(ctx.exception.code, 1)
+
+    def test_missing_aab_exits(self):
+        fake_config = '{"type": "service_account"}'
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
+            with patch("deploy_playstore.os.path.exists", return_value=False):
+                with self.assertRaises(SystemExit) as ctx:
+                    deploy_playstore.main()
+        self.assertEqual(ctx.exception.code, 1)
+
+
+class TestMainHappyPath(unittest.TestCase):
+    def _run_main(self, fake_config='{"type":"service_account"}'):
+        mock_session = MagicMock()
+        # POST for edit create and commit
+        post_responses = [
+            MagicMock(**{"json.return_value": {"id": "edit-42"}}),  # create edit
+            MagicMock(),  # commit
+        ]
+        mock_session.post.side_effect = post_responses
+        # PUT for track update
+        mock_session.put.return_value = MagicMock()
+
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
+            with patch("deploy_playstore.os.path.exists", return_value=True):
+                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
+                    with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
+                        with patch(
+                            "deploy_playstore._upload_aab_resumable",
+                            return_value={"versionCode": 7},
+                        ):
+                            deploy_playstore.main()
+
+        return mock_session
+
+    def test_creates_edit(self):
+        session = self._run_main()
+        create_call = session.post.call_args_list[0]
+        self.assertIn("/edits", create_call[0][0])
+
+    def test_commits_edit(self):
+        session = self._run_main()
+        commit_call = session.post.call_args_list[1]
+        self.assertIn(":commit", commit_call[0][0])
+
+    def test_updates_track(self):
+        session = self._run_main()
+        track_call = session.put.call_args_list[0]
+        self.assertIn("/tracks/", track_call[0][0])
+
+
+class TestUploadRetry(unittest.TestCase):
+    def _run_main(self, upload_side_effects, sleep_mock=None):
+        mock_session = MagicMock()
+        post_responses = [
+            MagicMock(**{"json.return_value": {"id": "edit-1"}}),
+            MagicMock(),
+        ]
+        mock_session.post.side_effect = post_responses
+        mock_session.put.return_value = MagicMock()
+
+        patches = [
+            patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}),
+            patch("deploy_playstore.os.path.exists", return_value=True),
+            patch("deploy_playstore.service_account.Credentials.from_service_account_info"),
+            patch("deploy_playstore.AuthorizedSession", return_value=mock_session),
+            patch("deploy_playstore._upload_aab_resumable", side_effect=upload_side_effects),
+            patch("deploy_playstore.time.sleep"),
+        ]
+        for p in patches:
+            p.start()
+        try:
+            deploy_playstore.main()
+        finally:
+            for p in patches:
+                p.stop()
+
+    def test_succeeds_on_first_attempt(self):
+        with patch("deploy_playstore._upload_aab_resumable", return_value={"versionCode": 5}) as mock_upload:
+            with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+                with patch("deploy_playstore.os.path.exists", return_value=True):
+                    with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
+                        mock_session = MagicMock()
+                        mock_session.post.side_effect = [
+                            MagicMock(**{"json.return_value": {"id": "e1"}}),
+                            MagicMock(),
+                        ]
+                        mock_session.put.return_value = MagicMock()
+                        with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
+                            deploy_playstore.main()
+            mock_upload.assert_called_once()
+
+    def test_retries_once_on_error_then_succeeds(self):
+        self._run_main([ValueError("transient"), {"versionCode": 9}])
+
+    def test_raises_after_all_attempts_exhausted(self):
+        with self.assertRaises(RuntimeError) as ctx:
+            self._run_main([ValueError("err"), ValueError("err"), ValueError("err")])
+        self.assertIn(str(deploy_playstore._MAX_UPLOAD_ATTEMPTS), str(ctx.exception))
+
+    def test_backoff_delays_are_10s_then_20s(self):
+        mock_session = MagicMock()
+        mock_session.post.side_effect = [
+            MagicMock(**{"json.return_value": {"id": "e1"}}),
+            MagicMock(),
+        ]
+        mock_session.put.return_value = MagicMock()
+
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+            with patch("deploy_playstore.os.path.exists", return_value=True):
+                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
+                    with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
+                        with patch(
+                            "deploy_playstore._upload_aab_resumable",
+                            side_effect=[ValueError("e"), ValueError("e"), {"versionCode": 3}],
+                        ):
+                            with patch("deploy_playstore.time.sleep") as mock_sleep:
+                                deploy_playstore.main()
+
+        mock_sleep.assert_has_calls([call(10), call(20)])
+
+
+class TestUploadAabResumable(unittest.TestCase):
+    def test_initiates_and_uploads(self):
+        mock_session = MagicMock()
+        init_resp = MagicMock()
+        init_resp.headers = {"Location": "https://upload.example.com/sess"}
+        upload_resp = MagicMock()
+        upload_resp.json.return_value = {"versionCode": 42}
+        mock_session.post.return_value = init_resp
+        mock_session.put.return_value = upload_resp
+
+        import tempfile
+        with tempfile.NamedTemporaryFile(delete=False) as f:
+            f.write(b"fake-aab-content")
+            aab_path = f.name
+
+        try:
+            result = deploy_playstore._upload_aab_resumable(
+                mock_session, "com.example.app", "edit-1", aab_path
+            )
+        finally:
+            os.unlink(aab_path)
+
+        self.assertEqual(result["versionCode"], 42)
+        mock_session.post.assert_called_once()
+        mock_session.put.assert_called_once()
+        put_call = mock_session.put.call_args
+        self.assertEqual(put_call[0][0], "https://upload.example.com/sess")
+
+
+if __name__ == "__main__":
+    unittest.main()
@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+# Tests for Firebase CI check patterns used in ci/main.go.
+# Run directly: bash scripts/test_firebase_check.sh
+
+PASS=0
+FAIL=0
+
+_assert() {
+    local name="$1" expected="$2" actual="$3"
+    if [ "$actual" = "$expected" ]; then
+        PASS=$((PASS + 1))
+    else
+        echo "FAIL: $name"
+        echo "  expected: '$expected'"
+        echo "  actual:   '$actual'"
+        FAIL=$((FAIL + 1))
+    fi
+}
+
+# --- auth stderr filter ---
+# Lines ignored: "Activated service account credentials for: [...]"
+#                "Updated property [core/project]."
+_filter_auth() {
+    grep -vF "Activated service account credentials for:" \
+    | grep -vF "Updated property [core/project]." \
+    | grep -v "^$" \
+    || true
+}
+
+_assert "auth: both known messages produce empty output" "" \
+    "$(printf 'Activated service account credentials for: [ci@sa.iam.gserviceaccount.com]\nUpdated property [core/project].\n' | _filter_auth)"
+
+_assert "auth: only credentials line produces empty output" "" \
+    "$(printf 'Activated service account credentials for: [ci@sa.iam.gserviceaccount.com]\n' | _filter_auth)"
+
+_assert "auth: only property line produces empty output" "" \
+    "$(printf 'Updated property [core/project].\n' | _filter_auth)"
+
+_assert "auth: empty input produces empty output" "" \
+    "$(printf '' | _filter_auth)"
+
+_assert "auth: unexpected line passes through" "some unexpected error" \
+    "$(printf 'some unexpected error\n' | _filter_auth)"
+
+_assert "auth: unknown line kept alongside known messages" "unexpected line" \
+    "$(printf 'Activated service account credentials for: [x]\nunexpected line\nUpdated property [core/project].\n' | _filter_auth)"
+
+# --- "error" word detection: grep -qwi 'error' ---
+# Matches "error" as a whole word (case-insensitive).
+# Must NOT match "error" as part of another word (e.g. "stderr", "AssertionError").
+_has_err() { printf '%s\n' "$1" | grep -qwi 'error' && echo yes || echo no; }
+
+_assert "error: non-retryable error line matched"  yes "$(_has_err 'A non-retryable error occurred.')"
+_assert "error: uppercase ERROR matched"           yes "$(_has_err 'ERROR: infrastructure_failure')"
+_assert "error: mixed-case Error matched"          yes "$(_has_err 'Error: something went wrong')"
+_assert "error: normal pending line not matched"   no  "$(_has_err 'Test is Pending')"
+_assert "error: timing line not matched"           no  "$(_has_err 'Done. Test time = 183 (secs)')"
+_assert "error: completion line not matched"       no  "$(_has_err 'Instrumentation testing complete.')"
+_assert "error: 'stderr' word not matched"         no  "$(_has_err 'some stderr: gcloud output')"
+_assert "error: 'AssertionError' not matched"      no  "$(_has_err 'java.lang.AssertionError: expected true')"
+
+# --- device count from result table ---
+# Counts data rows by looking for lines with "│" that contain an outcome word.
+TABLE_PASS="┌─────────┬───────────────────────┬──────────────┐
+│ OUTCOME │    TEST_AXIS_VALUE    │ TEST_DETAILS │
+├─────────┼───────────────────────┼──────────────┤
+│ Passed  │ oriole-33-en-portrait │ --           │
+└─────────┴───────────────────────┴──────────────┘"
+
+TABLE_FAIL="┌─────────┬───────────────────────┬──────────────┐
+│ OUTCOME │    TEST_AXIS_VALUE    │ TEST_DETAILS │
+├─────────┼───────────────────────┼──────────────┤
+│ Failed  │ oriole-33-en-portrait │ --           │
+└─────────┴───────────────────────┴──────────────┘"
+
+_count() {
+    local n
+    n=$(printf '%s' "$1" | grep "│" | grep -cE "(Passed|Failed|Inconclusive|Skipped)") || n=0
+    printf '%s' "$n"
+}
+
+_assert "count: one passing device gives 1"  1 "$(_count "$TABLE_PASS")"
+_assert "count: one failing device gives 1"  1 "$(_count "$TABLE_FAIL")"
+_assert "count: no table gives 0"            0 "$(_count 'Test is Pending\nDone.')"
+_assert "count: plain output gives 0"        0 "$(_count 'Instrumentation testing complete.')"
+
+echo ""
+echo "Results: $PASS passed, $FAIL failed"
+[ "$FAIL" -eq 0 ] || exit 1
@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+"""Tests for verify_playstore_deploy.py."""
+import os
+import sys
+import time
+import unittest
+from pathlib import Path
+from unittest.mock import MagicMock, patch
+
+sys.path.insert(0, str(Path(__file__).parent))
+
+import verify_playstore_deploy
+
+
+def _make_session(version_code, track="internal"):
+    """Return a mock AuthorizedSession with the given version code on the track."""
+    session = MagicMock()
+
+    edit_resp = MagicMock()
+    edit_resp.json.return_value = {"id": "edit-99"}
+    session.post.return_value = edit_resp
+
+    track_resp = MagicMock()
+    track_resp.json.return_value = {
+        "releases": [{"versionCodes": [str(version_code)], "status": "completed"}]
+    }
+    session.get.return_value = track_resp
+    session.delete.return_value = MagicMock()
+
+    return session
+
+
+class TestMissingEnv(unittest.TestCase):
+    def test_missing_env_exits(self):
+        with patch.dict(os.environ, {}, clear=True):
+            with self.assertRaises(SystemExit) as ctx:
+                verify_playstore_deploy.main()
+        self.assertEqual(ctx.exception.code, 1)
+
+
+class TestRecentDeploy(unittest.TestCase):
+    def _run(self, version_code):
+        session = _make_session(version_code)
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+            with patch("verify_playstore_deploy.service_account.Credentials.from_service_account_info"):
+                with patch("verify_playstore_deploy.AuthorizedSession", return_value=session):
+                    verify_playstore_deploy.main()
+
+    def test_recent_version_code_passes(self):
+        # Version code is Unix timestamp — a very recent one should pass.
+        recent_vc = int(time.time()) - 60  # 1 minute ago
+        self._run(recent_vc)
+
+    def test_old_version_code_fails(self):
+        old_vc = int(time.time()) - 7200  # 2 hours ago
+        with self.assertRaises(SystemExit) as ctx:
+            self._run(old_vc)
+        self.assertEqual(ctx.exception.code, 1)
+
+
+class TestEmptyTrack(unittest.TestCase):
+    def _run_empty(self, releases):
+        session = MagicMock()
+        session.post.return_value = MagicMock(**{"json.return_value": {"id": "edit-1"}})
+        session.get.return_value = MagicMock(**{"json.return_value": {"releases": releases}})
+        session.delete.return_value = MagicMock()
+
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+            with patch("verify_playstore_deploy.service_account.Credentials.from_service_account_info"):
+                with patch("verify_playstore_deploy.AuthorizedSession", return_value=session):
+                    verify_playstore_deploy.main()
+
+    def test_no_releases_exits(self):
+        with self.assertRaises(SystemExit) as ctx:
+            self._run_empty([])
+        self.assertEqual(ctx.exception.code, 1)
+
+    def test_release_with_no_version_codes_exits(self):
+        with self.assertRaises(SystemExit) as ctx:
+            self._run_empty([{"status": "completed", "versionCodes": []}])
+        self.assertEqual(ctx.exception.code, 1)
+
+
+if __name__ == "__main__":
+    unittest.main()
@@ -0,0 +1,94 @@
+#!/usr/bin/env python3
+"""Verify that the Android app was recently published to the Play Store internal track.
+
+The publish-android pipeline sets versionCode = int(time.Now().Unix()), so a
+freshly deployed release always has a version code close to the current Unix
+timestamp.  This script queries the internal track and fails if the latest
+version code is older than _MAX_DEPLOY_AGE_SECONDS, which would mean the
+deployment silently did not land.
+"""
+
+import json
+import os
+import sys
+import time
+
+from google.auth.transport.requests import AuthorizedSession
+from google.oauth2 import service_account
+
+PACKAGE_NAME = "de.sharedinbox.mua"
+TRACK = "internal"
+_BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
+# Allow up to one hour for the build + upload to complete.
+_MAX_DEPLOY_AGE_SECONDS = 3600
+
+
+def main():
+    config_json = os.environ.get("PLAY_STORE_CONFIG_JSON")
+    if not config_json:
+        print("Error: PLAY_STORE_CONFIG_JSON environment variable not set", file=sys.stderr)
+        sys.exit(1)
+
+    creds = service_account.Credentials.from_service_account_info(
+        json.loads(config_json),
+        scopes=["https://www.googleapis.com/auth/androidpublisher"],
+    )
+    session = AuthorizedSession(creds)
+
+    # Open a read-only edit to query the current track state.
+    edit_resp = session.post(f"{_BASE}/{PACKAGE_NAME}/edits", json={}, timeout=30)
+    edit_resp.raise_for_status()
+    edit_id = edit_resp.json()["id"]
+
+    try:
+        track_resp = session.get(
+            f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
+            timeout=30,
+        )
+        track_resp.raise_for_status()
+        track_data = track_resp.json()
+    finally:
+        # Discard the edit — we made no changes.
+        try:
+            session.delete(f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}", timeout=30)
+        except Exception:
+            pass
+
+    releases = track_data.get("releases", [])
+    if not releases:
+        print(
+            f"ERROR: No releases found on {TRACK} track — deploy may have failed silently",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+
+    all_version_codes = [
+        int(vc)
+        for release in releases
+        for vc in release.get("versionCodes", [])
+    ]
+    if not all_version_codes:
+        print("ERROR: Latest release has no version codes", file=sys.stderr)
+        sys.exit(1)
+
+    latest_vc = max(all_version_codes)
+    now = int(time.time())
+    # versionCode is set to Unix timestamp by PublishAndroid in ci/main.go.
+    age_seconds = now - latest_vc
+
+    print(f"Latest version code on {TRACK} track: {latest_vc}")
+    print(f"Current time: {now} — version code age: {age_seconds}s")
+
+    if age_seconds > _MAX_DEPLOY_AGE_SECONDS:
+        print(
+            f"::error::Latest version code {latest_vc} is {age_seconds}s old "
+            f"(limit: {_MAX_DEPLOY_AGE_SECONDS}s). The deploy may have failed silently.",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+
+    print(f"OK: version {latest_vc} verified on {TRACK} track ({age_seconds}s old)")
+
+
+if __name__ == "__main__":
+    main()
@@ -1,10 +1,5 @@
 # Minimal Stalwart Mail configuration for local development and integration tests.
 #
-# Do not start directly — use stalwart-dev/start, which substitutes $STALWART_PORT
-# and writes a per-clone config into /tmp/stalwart-dev-PORT/ before starting.
-#
-# Check:  curl http://localhost:$STALWART_PORT/.well-known/jmap
-#
 # HTTP only — localhost testing, no TLS.
 # Two test accounts (alice, bob) for multi-account sync tests.

@@ -13,27 +8,27 @@ hostname = "localhost"

 [[server.listener]]
 id       = "jmap"
-bind     = ["127.0.0.1:8080"]
+bind     = ["0.0.0.0:8080"]
 protocol = "http"

 [[server.listener]]
 id       = "imap"
-bind     = ["127.0.0.1:1430"]
+bind     = ["0.0.0.0:1430"]
 protocol = "imap"

 [[server.listener]]
 id       = "smtp"
-bind     = ["127.0.0.1:1025"]
+bind     = ["0.0.0.0:1025"]
 protocol = "smtp"

 [[server.listener]]
 id       = "managesieve"
-bind     = ["127.0.0.1:4190"]
+bind     = ["0.0.0.0:4190"]
 protocol = "managesieve"

 [store."db"]
 type = "sqlite"
-path = "/tmp/stalwart-dev/data.sqlite"
+path = "/tmp/stalwart/data.sqlite"

 [storage]
 data      = "db"
@@ -6,16 +6,6 @@
 # STALWART_TMPDIR/ports.env for other scripts to source.
 set -euo pipefail

-command -v stalwart >/dev/null || {
-    echo "stalwart not in PATH — run inside nix develop"
-    exit 1
-}
-
-command -v ss >/dev/null || {
-    echo "ss not in PATH — cannot verify Stalwart ports"
-    exit 1
-}
-
 if [ "${STALWART_RANDOM_PORTS:-0}" = "1" ] || [ "${STALWART_PORT:-0}" = "0" ]; then
    command -v python3 >/dev/null || {
        echo "python3 not in PATH — cannot choose random Stalwart ports"
@@ -61,17 +51,30 @@ export STALWART_SIEVE_PORT=${STALWART_SIEVE_PORT}
 export STALWART_URL=${STALWART_URL}
 EOF

+# Find a container runtime
+if command -v podman >/dev/null 2>&1; then
+    RUNTIME="podman"
+elif command -v docker >/dev/null 2>&1; then
+    RUNTIME="docker"
+else
+    echo "No container runtime (podman or docker) found" >&2
+    exit 1
+fi
+
 echo "Stalwart ports: JMAP=${STALWART_PORT} IMAP=${STALWART_IMAP_PORT} SMTP=${STALWART_SMTP_PORT} SIEVE=${STALWART_SIEVE_PORT}" >&2
-echo "Stalwart is running in the foreground. Press Ctrl+C to stop." >&2
+echo "Stalwart is running in a container (${RUNTIME}). Press Ctrl+C to stop." >&2
 echo "Connection info written to ${TMPDIR}/ports.env" >&2

 REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"

-sed -e "s|127.0.0.1:8080|127.0.0.1:${STALWART_PORT}|" \
-    -e "s|127.0.0.1:1430|127.0.0.1:${STALWART_IMAP_PORT}|" \
-    -e "s|127.0.0.1:1025|127.0.0.1:${STALWART_SMTP_PORT}|" \
-    -e "s|127.0.0.1:4190|127.0.0.1:${STALWART_SIEVE_PORT}|" \
-    -e "s|/tmp/stalwart-dev|${TMPDIR}|" \
-    "${REPO_ROOT}/stalwart-dev/config.toml" >"${TMPDIR}/config.toml"
-
-exec stalwart --config "${TMPDIR}/config.toml"
+# Run Stalwart in container, mapping the random host ports to the fixed container ports.
+# We mount the config.toml and use /tmp/stalwart for data (mapped to our local TMPDIR).
+exec "${RUNTIME}" run --rm -i \
+    -p "${STALWART_PORT}:8080" \
+    -p "${STALWART_IMAP_PORT}:1430" \
+    -p "${STALWART_SMTP_PORT}:1025" \
+    -p "${STALWART_SIEVE_PORT}:4190" \
+    -v "${REPO_ROOT}/stalwart-dev/config.toml:/etc/stalwart/config.toml:ro" \
+    -v "${TMPDIR}:/tmp/stalwart:rw" \
+    docker.io/stalwartlabs/stalwart:v0.14.1 \
+    stalwart --config /etc/stalwart/config.toml
--- a/Show More
+++ b/Show More