chore: add agentloop validation file (#563)

Closes #563

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.devcontainer/devcontainer.json

@@ -0,0 +1,10 @@
+{
+    "name": "SharedInbox Dev",
+    "build": {
+        "dockerfile": "../Dockerfile.dev",
+        "context": ".."
+    },
+    "workspaceFolder": "/src",
+    "workspaceMount": "source=${localWorkspaceFolder},target=/src,type=bind,consistency=cached",
+    "remoteUser": "ci"
+}

.forgejo/workflows/firebase-tests.yml

@@ -135,7 +135,7 @@ jobs:
           repo_labels = api_get("/labels")
           label_map = {l["name"]: l["id"] for l in repo_labels}
 
-          label_ids = [label_map["Ready"]] if "Ready" in label_map else []
+          label_ids = [label_map["loop/code"]] if "loop/code" in label_map else []
 
           title = "Firebase Tests failed — find root cause and fix"
           body = (

.forgejo/workflows/publish-dev-container.yml

@@ -0,0 +1,44 @@
+name: Publish Dev Container
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'Dockerfile.dev'
+      - '.devcontainer/devcontainer.json'
+      - '.forgejo/workflows/publish-dev-container.yml'
+  workflow_dispatch:
+
+jobs:
+  publish:
+    name: Build & Push sharedinbox-dev
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    env:
+      REGISTRY: codeberg.org
+      IMAGE: codeberg.org/guettli/sharedinbox-dev
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to Codeberg container registry
+        env:
+          FORGEJO_TOKEN: ${{ github.token }}
+        run: |
+          echo "$FORGEJO_TOKEN" \
+            | docker login "$REGISTRY" -u "${{ github.actor }}" --password-stdin
+
+      - name: Build image
+        run: |
+          SHORT_SHA="${GITHUB_SHA:0:7}"
+          docker build \
+            -t "$IMAGE:latest" \
+            -t "$IMAGE:$SHORT_SHA" \
+            -f Dockerfile.dev \
+            .
+
+      - name: Push image
+        run: |
+          SHORT_SHA="${GITHUB_SHA:0:7}"
+          docker push "$IMAGE:latest"
+          docker push "$IMAGE:$SHORT_SHA"

.fvmrc

@@ -1,3 +1,3 @@
 {
   "flutter": "3.44.0"
-}
+}

.gitignore

@@ -123,3 +123,4 @@ dagger-certs
 /go
 .last_deployed_sha
 .fail_count
+/*.kubeconfig

.pre-commit-config.yaml

@@ -26,13 +26,13 @@ repos:
       - id: forbidden-files-hook
         name: check for forbidden home-directory files
         language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command task check-hygiene'
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && task check-hygiene'
         pass_filenames: false
         always_run: true
       - id: dart-check
         name: dart format (autofix) + check-fast (parallel)
         language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command dagger call --progress=plain -q -m ci --source=. check-fast'
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && dagger call --progress=plain -q -m ci --source=. check-fast'
         pass_filenames: false
         always_run: true
       - id: ci-no-direct-dagger
@@ -50,6 +50,12 @@ repos:
       - id: ci-image-exists
         name: verify container images in ci/main.go are reachable
         language: system
-        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command task check-ci-images'
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && task check-ci-images'
         pass_filenames: false
         files: ^(ci/main\.go|\.fvmrc)$
+      - id: dagger-versions-aligned
+        name: verify Dagger version is consistent across dagger.json, Dockerfile and DAGGER.md
+        language: system
+        entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && scripts/check_dagger_versions.sh'
+        pass_filenames: false
+        files: ^(ci/dagger\.json|\.forgejo/Dockerfile|DAGGER\.md)$

Dockerfile.dev

@@ -0,0 +1,59 @@
+# Development and Testing Container for SharedInbox
+# Replaces the Nix shell environment.
+FROM ghcr.io/cirruslabs/flutter:3.44.0
+
+# Install Linux desktop build and test dependencies, Go, NodeJS, python3, and utilities
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    clang \
+    cmake \
+    ninja-build \
+    pkg-config \
+    libgtk-3-dev \
+    liblzma-dev \
+    libsecret-1-dev \
+    libgcrypt20-dev \
+    libjsoncpp-dev \
+    sqlite3 \
+    iproute2 \
+    netcat-openbsd \
+    xvfb \
+    libosmesa6 \
+    libegl1 \
+    lld \
+    git \
+    curl \
+    jq \
+    python3-pip \
+    nodejs \
+    npm \
+    hugo \
+    lcov \
+    rsync \
+    openssh-client \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Task runner
+RUN curl -fsSL https://taskfile.dev/install.sh \
+    | sh -s -- -b /usr/local/bin v3.48.0
+
+# Install Dagger CLI
+RUN curl -fsSL https://dl.dagger.io/dagger/install.sh \
+    | DAGGER_VERSION=0.20.8 BIN_DIR=/usr/local/bin sh
+
+# Install python packages (Play Store API clients + pre-commit)
+RUN pip install --break-system-packages --no-cache-dir \
+    google-api-python-client \
+    google-auth-httplib2 \
+    httplib2 \
+    pre-commit==4.5.1
+
+# Install acpx CLI globally
+RUN npm install -g acpx@0.10.0
+
+# Setup user "ci"
+RUN useradd -m -s /bin/bash ci
+USER ci
+ENV HOME=/home/ci
+ENV PATH=/home/ci/.pub-cache/bin:$PATH
+
+WORKDIR /src

ISSUE-539.md

@@ -1,72 +0,0 @@
-## Background
-
-The issue is real but the proposed mechanism (predicted-mail table + Message-ID match at next sync) is more complex than needed. Two IMAP facilities cover this directly:
-
-- **RFC 4315 / 6851 — `UIDPLUS` + `MOVE` response code `COPYUID`**: the server returns the destination UID(s) inline with the `MOVE` (or `COPY`+`EXPUNGE`) response. `enough_mail`'s `GenericImapResult.responseCodeCopyUid` already parses this (`/data/home/.pub-cache/hosted/pub.dev/enough_mail-2.1.7/lib/src/imap/response.dart:53`). Stalwart and every modern IMAP server advertise UIDPLUS. We currently throw this away — `client.uidMove(...)` is called for its side effect and the result is ignored (`lib/data/repositories/email_repository_impl.dart:2320,2335,2354`).
-- **Fallback — `UID SEARCH HEADER Message-ID …`**: bounded, deterministic, works on every IMAP server. Needed only when `responseCodeCopyUid` is missing.
-
-The undo path already attempts a Message-ID recovery (`lib/core/services/undo_service.dart:78-84`), and `findEmailByMessageId` exists (`lib/data/repositories/email_repository_impl.dart:1899`), so the building blocks are in place; we just need to remap on the write path instead of guessing on the read path.
-
-There is also a latent race: the row is optimistically moved (`mailbox_path = dest`) before the server flush, but the row still carries the source UID. If `_reconcileDeletedImap` runs against the **destination** mailbox between the optimistic write and the flush, it will not find that UID on the server and will hard-delete the row (`lib/data/repositories/email_repository_impl.dart:758-761`).
-
-## Goal
-
-After an IMAP move, the local email row keeps tracking the same physical message under its new UID, without orphaning, without re-fetching, and without breaking UndoLog references.
-
-## Concrete changes
-
-### 1. Capture the new UID inside the flush
-`lib/data/repositories/email_repository_impl.dart` — `_applyPendingChangeImap`, cases `move`, `snooze`, `unsnooze`:
-
-- Capture the `GenericImapResult` returned by `client.uidMove(...)`.
-- Read `result.responseCodeCopyUid`. If non-null, zip `sourceSequence` ↔ `targetSequence` to map `oldUid → newUid`.
-- If null (no UIDPLUS), look up the row's `messageId`. If present: `client.selectMailboxByPath(dest)` then `client.uidSearchMessages(searchCriteria: 'HEADER Message-ID "<id>"')` and take the highest UID. If `messageId` is also missing, log a warning and leave the row to be reconciled out on the next pass (worst case: cache miss, body refetch).
-- For each old/new pair, call a new helper `_remapEmailAfterMove(row, newUid, destPath)`.
-
-### 2. New helper `_remapEmailAfterMove` (same file)
-
-Composes `newId = "accountId:destPath:newUid"`, then in one Drift transaction:
-- `UPDATE email_bodies SET email_id = newId WHERE email_id = oldId`
-- `UPDATE emails SET id = newId, uid = newUid, mailbox_path = destPath WHERE id = oldId`
-- Patch any `threads.email_ids_json` containing `oldId` (reuse the JSON helper from the v41 migration path, or just rebuild affected threads via `_updateThread`).
-- `UPDATE pending_changes SET resource_id = newId WHERE resource_id = oldId` (in case multiple mutations are queued).
-- Call `UndoRepository.remapEmailId(oldId, newId)` (new method, see §3).
-
-`PRAGMA defer_foreign_keys = ON` for the transaction, mirroring the v41 migration pattern.
-
-### 3. UndoLog remap
-
-- `lib/data/repositories/undo_repository_impl.dart`: add `Future<void> remapEmailId(String oldId, String newId)` that loads each `undo_actions` row, rewrites `emailIds[]` entries equal to `oldId` and `originalEmails[].id` entries equal to `oldId`, and re-saves.
-- `lib/core/repositories/undo_repository.dart`: add the interface method.
-- Inject `UndoRepository` into `EmailRepositoryImpl` via DI (already a singleton in `lib/di.dart`) so `_remapEmailAfterMove` can call it.
-- The fallback path in `UndoService.undo` (the Message-ID lookup) becomes a defensive backstop and can stay as-is.
-
-### 4. Reconciliation guard
-
-`_reconcileDeletedImap` (`lib/data/repositories/email_repository_impl.dart:731`): before deleting a row whose UID is absent from the server, query `pending_changes` for a `move`/`snooze`/`unsnooze` row with `resource_id = row.id`. If one exists, skip the delete — the row is mid-flight. Since flush always runs before sync (`SYNC.md:199-200`) the race is narrow but real on retries when flush failed mid-cycle.
-
-### 5. Tests
-
-- `test/unit/fake_imap.dart`: make `uidMove` return a `GenericImapResult` whose `responseCode` is a configurable `"COPYUID <validity> <src> <dest>"` string; add a UIDPLUS-off mode that returns no response code and serves `uidSearchMessages` with a HEADER predicate.
-- New `test/unit/repositories/email_repository_move_test.dart`:
-  - Enqueue a move → flush → assert `emails`, `email_bodies`, `threads`, `pending_changes`, `undo_actions` all carry the new id.
-  - Same with UIDPLUS-off + HEADER-search fallback.
-  - Move with no Message-ID and no COPYUID → row is unchanged, warning logged, next reconciliation does not delete it because pending change is still queued.
-- New test in the same file: `_reconcileDeletedImap` skips a row that has a queued `move`.
-- Extend `test/integration/concurrent_sync_test.dart` (or sibling file) with a real Stalwart move-then-sync-then-undo cycle: assert the row keeps its body, the new UID matches what `UID SEARCH` returns, and undo restores it to the source mailbox.
-
-### 6. Docs
-
-- `SYNC.md` §3: note that IMAP moves remap the local id from the `COPYUID` response (UIDPLUS) or `UID SEARCH HEADER Message-ID` fallback, so `email_bodies` and `undo_actions` stay valid across moves.
-- `DB-SYNC.md` IMAP bullets: add "IMAP move remap: local row keeps its body/undo references via `COPYUID` (RFC 4315) or Message-ID header search."
-
-## Non-goals
-
-- No new "predicted mail" table — `COPYUID` + header search is reliable and stateless.
-- No change to JMAP moves (JMAP IDs are mailbox-independent).
-- No change to `uidValidity` handling — orthogonal.
-- No CONDSTORE/QRESYNC — already listed as future work in `DB-SYNC.md`.
-
-## Open question for review
-
-Should the fallback header-search be best-effort-quiet (current plan) or should it surface a `FailedMutation` when both `COPYUID` and `Message-ID` are missing? I lean quiet because the next full sync will still pull the message under its new UID — we'd just lose the cached body and any queued mutations on top of it. Happy to escalate to `FailedMutation` if you'd rather make the data loss visible.

Taskfile.yml

@@ -544,7 +544,7 @@ tasks:
       - sops exec-env secrets.enc.yaml 'bash scripts/build_android_bundle_local.sh'
 
   deploy-android-bundle:
-    desc: Build release AAB and upload to Play Store internal track (local/fvm)
+    desc: Build release AAB and upload to Play Store internal + closed-testing tracks (local/fvm)
     deps: [build-android-bundle-local]
     dotenv: [".env"]
     cmds:
@@ -712,6 +712,11 @@ tasks:
     cmds:
       - scripts/check_ci_images.sh
 
+  check-dagger-versions:
+    desc: Verify ci/dagger.json, flake.nix, .forgejo/Dockerfile and DAGGER.md pin the same Dagger version
+    cmds:
+      - scripts/check_dagger_versions.sh
+
   _integrations:
     internal: true
     run: once

agentloop-validation.txt

@@ -0,0 +1 @@
+Agentloop is working on sialoop!

ci/main.go

@@ -814,7 +814,14 @@ func (m *Ci) DeployApk(
 // Returns a flat directory with app-debug.apk and app-debug-androidTest.apk.
 func (m *Ci) BuildAndroidDebugApks() *dagger.Directory {
 	built := m.firebaseBase().
-		WithExec([]string{"flutter", "build", "apk", "--debug", "--no-pub"}).
+		// `flutter build apk` spawns a Gradle daemon. When this WithExec ends the
+		// container is torn down and the daemon is killed, but its journal-cache
+		// lock file on the persistent gradle-cache volume keeps its dead PID — the
+		// next gradlew invocation then times out waiting for that lock. `gradlew
+		// --stop` shuts the daemon down gracefully so the lock is released before
+		// Dagger snapshots the layer.
+		WithExec([]string{"/bin/bash", "-c",
+			`flutter build apk --debug --no-pub && (cd android && ./gradlew --stop)`}).
 		WithWorkdir("/src/android").
 		// --no-daemon avoids connecting to a stale daemon whose registry file was
 		// preserved in the Dagger layer snapshot but whose process no longer exists.
@@ -896,7 +903,7 @@ func withGoCache(c *dagger.Container) *dagger.Container {
 		WithEnvVariable("GOMODCACHE", "/home/ci/go/pkg/mod")
 }
 
-// UploadToPlayStore uploads a pre-built AAB to the Play Store internal track.
+// UploadToPlayStore uploads a pre-built AAB to the Play Store internal and closed-testing (alpha) tracks.
 func (m *Ci) UploadToPlayStore(
 	ctx context.Context,
 	aab *dagger.File,

flake.lock

@@ -1,82 +0,0 @@
-{
-  "nodes": {
-    "dagger": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1778107833,
-        "narHash": "sha256-q5XQep2mpgTPiWwuYB1+L2dsFeACT6sHx8J939iM+HE=",
-        "owner": "dagger",
-        "repo": "nix",
-        "rev": "873cc22ba46b73d4a6c1aa6c102ef3aabc736496",
-        "type": "github"
-      },
-      "original": {
-        "owner": "dagger",
-        "repo": "nix",
-        "type": "github"
-      }
-    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1778737229,
-        "narHash": "sha256-6xWoytx8jFW4PF1GjRm/i/53trbpKGfz6zjzQGBr4cI=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d7a713c0b7e47c908258e71cba7a2d77cc8d71d5",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-25.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "dagger": "dagger",
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

flake.nix

@@ -1,164 +0,0 @@
-{
-  description = "SharedInbox — IMAP/SMTP Flutter client";
-
-  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
-    flake-utils.url = "github:numtide/flake-utils";
-    dagger.url = "github:dagger/nix";
-    dagger.inputs.nixpkgs.follows = "nixpkgs";
-  };
-
-  outputs = { self, nixpkgs, flake-utils, dagger }:
-    flake-utils.lib.eachDefaultSystem (system:
-      let
-        pkgs = nixpkgs.legacyPackages.${system};
-
-        # All Linux desktop runtime libraries needed by flutter build linux and
-        # the UI integration tests (xvfb-run).  Kept as a list so we can reuse
-        # it for both buildInputs and LD_LIBRARY_PATH / PKG_CONFIG_PATH.
-        linuxDesktopLibs = with pkgs; [
-          gtk3
-          libsecret
-          fontconfig
-          libepoxy
-          mesa
-          libGL        # libglvnd — vendor-neutral GL/EGL/GLX dispatch layer
-          at-spi2-core
-          glib
-          pango
-          cairo
-          gdk-pixbuf
-          harfbuzz
-        # Dagger remote setup dependencies
-        stunnel
-        netcat
-        ];
-
-        fgj = pkgs.stdenv.mkDerivation {
-          pname = "fgj";
-          version = "0.4.0";
-          src = pkgs.fetchurl {
-            url = "https://codeberg.org/romaintb/fgj/releases/download/v0.4.0/fgj_linux_amd64";
-            sha256 = "07pia03facvvxq9i1dgl7p47ccv1iqj4drpkp45gvw26d4afkbj7";
-          };
-          dontUnpack = true;
-          installPhase = ''
-            mkdir -p $out/bin
-            cp $src $out/bin/fgj
-            chmod +x $out/bin/fgj
-          '';
-        };
-
-        # The dagger/nix flake pins 0.20.8, whose Nix wrapper is a broken self-exec
-        # loop.  Fetch 0.21.4 directly so the pre-commit dart-check hook can run.
-        dagger021 = pkgs.stdenv.mkDerivation {
-          pname = "dagger";
-          version = "0.21.4";
-          src = pkgs.fetchurl {
-            url = "https://dl.dagger.io/dagger/releases/0.21.4/dagger_v0.21.4_linux_amd64.tar.gz";
-            sha256 = "0wlnbr4g5069755131yjp2a6alacn64f1c8b27xn0cbynq3zicjd";
-          };
-          sourceRoot = ".";
-          installPhase = ''
-            mkdir -p $out/bin
-            cp dagger $out/bin/dagger
-            chmod +x $out/bin/dagger
-          '';
-        };
-      in {
-        devShells.default = pkgs.mkShell {
-          buildInputs = with pkgs; [
-            # Dagger CLI
-            dagger021
-
-            # Go compiler — for Dagger development
-            go
-
-            # Java JDK — required by Gradle for Android builds
-
-            # Task runner
-            go-task
-
-            # Flutter version manager — needed for host builds (task build-linux, task run)
-            fvm
-
-            # Git hooks
-            pre-commit
-
-            # Linux desktop build + runtime dependencies (flutter build linux / task run)
-          ] ++ linuxDesktopLibs ++ (with pkgs; [
-            pkg-config
-            clang
-            cmake
-            ninja
-
-            # Local IMAP/SMTP dev server for integration tests
-            stalwart-mail
-
-            # Headless display for UI integration tests
-            xvfb-run          # wraps Xvfb; xvfb-run --auto-servernum ...
-
-            # Coverage merging (flutter test --merge-coverage requires lcov)
-            lcov
-
-            # Website
-            hugo
-
-            # Utilities
-            git
-            curl
-            jq
-            sqlite
-            # python3 base + Google Play API client (for scripts/deploy_playstore.py)
-            (python3.withPackages (ps: with ps; [
-              google-api-python-client
-              google-auth-httplib2
-              httplib2
-            ]))  # used by stalwart-dev/start and deploy_playstore.py
-            fgj      # Codeberg/Forgejo CLI (like gh for GitHub)
-            skopeo   # inspect OCI image manifests without pulling layers (used by check-ci-images)
-            librsvg  # rsvg-convert — SVG→PNG for generate-icons task
-          ]);
-
-          shellHook = ''
-            # nix develop --command does not set IN_NIX_SHELL; set it so _preflight passes in CI
-            export IN_NIX_SHELL=1
-
-            # Point Dagger client at the running engine socket
-            export DAGGER_HOST=unix:///run/dagger/engine.sock
-
-            # Disable Flutter telemetry inside dev shell
-            export FLUTTER_SUPPRESS_ANALYTICS=true
-
-            # Expose dev headers to cmake's FindPkgConfig.
-            # The nix pkg-config wrapper works in bash but cmake invokes pkg-config
-            # as a subprocess and needs PKG_CONFIG_PATH set explicitly.
-            export PKG_CONFIG_PATH="${pkgs.gtk3.dev}/lib/pkgconfig:${pkgs.glib.dev}/lib/pkgconfig:${pkgs.pango.dev}/lib/pkgconfig:${pkgs.cairo.dev}/lib/pkgconfig:${pkgs.gdk-pixbuf.dev}/lib/pkgconfig:${pkgs.at-spi2-core.dev}/lib/pkgconfig:${pkgs.harfbuzz.dev}/lib/pkgconfig:${pkgs.libsecret}/lib/pkgconfig:${pkgs.fontconfig.dev}/lib/pkgconfig:${pkgs.libepoxy}/lib/pkgconfig:$PKG_CONFIG_PATH"
-
-            # Nix ld uses --no-copy-dt-needed-entries (strict mode): transitive shared-lib
-            # deps are not followed automatically, so link them explicitly.
-            export LDFLAGS="-L${pkgs.fontconfig.lib}/lib -lfontconfig $LDFLAGS"
-
-            # Make nix-built runtime libs visible to the dynamic linker so the
-            # Flutter Linux bundle and integration-ui tests can run.
-            export LD_LIBRARY_PATH="${pkgs.lib.makeLibraryPath linuxDesktopLibs}:$LD_LIBRARY_PATH"
-
-            # Wire the libglvnd dispatch to the nix mesa vendor ICDs so GTK/Flutter
-            # can create an OpenGL (EGL + GLX) context under Xvfb without a real GPU.
-            export __EGL_VENDOR_LIBRARY_DIRS="${pkgs.mesa}/share/glvnd/egl_vendor.d"
-            export __GLX_VENDOR_LIBRARY_DIRS="${pkgs.mesa}/lib"
-            export LIBGL_ALWAYS_SOFTWARE=1
-            export MESA_LOADER_DRIVER_OVERRIDE=softpipe
-
-            echo "SharedInbox Flutter dev environment ready."
-            echo "  Analyze        : task analyze"
-            echo "  Unit tests     : task test"
-            echo "  Integration    : task integration"
-            echo "  All checks     : task check"
-            echo "  Run (Linux)    : task run"
-            echo "  Start Stalwart : stalwart-dev/start"
-          '';
-        };
-      }
-    );
-}

lib/ui/screens/email_detail_screen.dart

@@ -239,6 +239,10 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                       ScaffoldMessenger.of(ctx).showSnackBar(
                         SnackBar(
                           duration: const Duration(seconds: 3),
+                          // SnackBar defaults to persist=true when an action
+                          // is set, which disables the auto-dismiss timer.
+                          // Explicitly opt back into duration-based dismiss.
+                          persist: false,
                           content: const Text(
                             'Images will be loaded automatically for this sender.',
                           ),

lib/ui/screens/thread_detail_screen.dart

@@ -214,6 +214,10 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
                             ScaffoldMessenger.of(context).showSnackBar(
                               SnackBar(
                                 duration: const Duration(seconds: 3),
+                                // SnackBar defaults to persist=true when an
+                                // action is set, which disables auto-dismiss.
+                                // Explicitly opt into duration-based dismiss.
+                                persist: false,
                                 content: const Text(
                                   'Images will be loaded automatically for this sender.',
                                 ),

lib/ui/screens/undo_log_detail_screen.dart

@@ -1,5 +1,6 @@
 import 'package:flutter/material.dart';
 import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:go_router/go_router.dart';
 import 'package:intl/intl.dart';
 import 'package:sharedinbox/core/models/email.dart';
 import 'package:sharedinbox/core/models/undo_action.dart';
@@ -93,7 +94,9 @@ class UndoLogDetailScreen extends ConsumerWidget {
                 style: theme.textTheme.bodySmall,
               ),
             ),
-          ...action.originalEmails.map((email) => _EmailTile(email: email)),
+          ...action.originalEmails.map(
+            (email) => _EmailTile(email: email, accountId: action.accountId),
+          ),
         ],
       ),
     );
@@ -120,13 +123,14 @@ class _SectionHeader extends StatelessWidget {
   }
 }
 
-class _EmailTile extends StatelessWidget {
-  const _EmailTile({required this.email});
+class _EmailTile extends ConsumerWidget {
+  const _EmailTile({required this.email, required this.accountId});
 
   final Email email;
+  final String accountId;
 
   @override
-  Widget build(BuildContext context) {
+  Widget build(BuildContext context, WidgetRef ref) {
     final sender = email.from.isNotEmpty
         ? (email.from.first.name ?? email.from.first.email)
         : '(Unknown Sender)';
@@ -134,6 +138,43 @@ class _EmailTile extends StatelessWidget {
       leading: const Icon(Icons.email_outlined),
       title: Text(email.subject ?? '(No Subject)'),
       subtitle: Text(sender, maxLines: 1, overflow: TextOverflow.ellipsis),
+      trailing: const Icon(Icons.chevron_right),
+      onTap: () => _openEmail(context, ref),
+    );
+  }
+
+  Future<void> _openEmail(BuildContext context, WidgetRef ref) async {
+    final messageId = email.messageId;
+    final messenger = ScaffoldMessenger.of(context);
+    if (messageId == null) {
+      messenger.showSnackBar(
+        const SnackBar(
+          duration: Duration(seconds: 5),
+          content: Text('Cannot locate this email — no Message-ID.'),
+        ),
+      );
+      return;
+    }
+    final found = await ref
+        .read(emailRepositoryProvider)
+        .findEmailByMessageId(accountId, messageId);
+    if (!context.mounted) return;
+    if (found == null) {
+      messenger.showSnackBar(
+        const SnackBar(
+          duration: Duration(seconds: 5),
+          content: Text(
+            'Email no longer exists at its previous location. '
+            'Use Undo to restore it.',
+          ),
+        ),
+      );
+      return;
+    }
+    context.go(
+      '/accounts/$accountId'
+      '/mailboxes/${Uri.encodeComponent(found.mailboxPath)}'
+      '/emails/${Uri.encodeComponent(found.id)}',
     );
   }
 }

scripts/check_dagger_versions.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+# Verify that the Dagger version is consistent across the project.
+#
+# The Dagger CLI must speak the same protocol as the engine it talks to.  We
+# pin the version in four places (engine image in DAGGER.md, the CLI in
+# flake.nix, the CLI in the Forgejo runner Dockerfile, and the module
+# engineVersion in ci/dagger.json).  This script fails if any of them drift.
+set -euo pipefail
+
+ROOT=$(git rev-parse --show-toplevel)
+
+# ci/dagger.json — strip leading "v" for comparison.
+dagger_json=$(grep -oE '"engineVersion"[[:space:]]*:[[:space:]]*"[^"]+"' "$ROOT/ci/dagger.json" \
+  | sed -E 's/.*"v?([^"]+)"$/\1/')
+
+# .forgejo/Dockerfile — DAGGER_VERSION env on the install line.
+dockerfile=$(grep -oE 'DAGGER_VERSION=[0-9]+\.[0-9]+\.[0-9]+' "$ROOT/.forgejo/Dockerfile" \
+  | head -n1 \
+  | cut -d= -f2)
+
+# DAGGER.md — engine image tag in the example systemd unit.
+dagger_md=$(grep -oE 'dagger/nix/v[0-9]+\.[0-9]+\.[0-9]+' "$ROOT/DAGGER.md" \
+  | head -n1 \
+  | sed -E 's@.*/v@@')
+
+printf 'ci/dagger.json    engineVersion = v%s\n' "$dagger_json"
+printf '.forgejo/Dockerf. DAGGER_VERSION= %s\n'  "$dockerfile"
+printf 'DAGGER.md         engine tag    = v%s\n' "$dagger_md"
+
+for v in "$dockerfile" "$dagger_md"; do
+  if [ -z "$v" ]; then
+    echo "ERROR: failed to parse a Dagger version reference." >&2
+    exit 1
+  fi
+  if [ "$v" != "$dagger_json" ]; then
+    echo "" >&2
+    echo "ERROR: Dagger versions are out of sync." >&2
+    echo "  Align ci/dagger.json, .forgejo/Dockerfile and DAGGER.md to the same version." >&2
+    exit 1
+  fi
+done
+
+echo "Dagger versions aligned (v$dagger_json)."

scripts/deploy_playstore.py

@@ -1,5 +1,11 @@
 #!/usr/bin/env python3
-"""Upload an Android App Bundle to the Google Play Store internal track."""
+"""Upload an Android App Bundle to the Google Play Store.
+
+The bundle is published to every track in ``TRACKS`` within a single Play edit,
+so internal testing and closed testing share the same version code. ``alpha``
+is what the Play Console labels "Closed testing"; publishing there removes the
+need to manually drag-and-drop the AAB into the closed-testing release form.
+"""
 
 import json
 import os
@@ -11,7 +17,7 @@ from google.oauth2 import service_account
 
 PACKAGE_NAME = "de.sharedinbox.mua"
 AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
-TRACK = "internal"
+TRACKS = ("internal", "alpha")
 _BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
 _UPLOAD_BASE = "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications"
 _MAX_UPLOAD_ATTEMPTS = 3
@@ -94,19 +100,20 @@ def main():
     version_code = bundle["versionCode"]
     print(f"Uploaded AAB, version code: {version_code}")
 
-    track_resp = session.put(
-        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
-        json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
-        timeout=30,
-    )
-    track_resp.raise_for_status()
+    for track in TRACKS:
+        track_resp = session.put(
+            f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{track}",
+            json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
+            timeout=30,
+        )
+        track_resp.raise_for_status()
 
     commit_resp = session.post(
         f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}:commit",
         timeout=30,
     )
     commit_resp.raise_for_status()
-    print(f"Deployed version {version_code} to {TRACK} track")
+    print(f"Deployed version {version_code} to tracks: {', '.join(TRACKS)}")
 
 
 if __name__ == "__main__":

scripts/test_deploy_playstore.py

@@ -95,6 +95,30 @@ class TestMainHappyPath(unittest.TestCase):
         track_call = session.put.call_args_list[0]
         self.assertIn("/tracks/", track_call[0][0])
 
+    def test_updates_all_configured_tracks(self):
+        session = self._run_main()
+        track_urls = [c[0][0] for c in session.put.call_args_list]
+        self.assertEqual(len(track_urls), len(deploy_playstore.TRACKS))
+        for track in deploy_playstore.TRACKS:
+            self.assertTrue(
+                any(url.endswith(f"/tracks/{track}") for url in track_urls),
+                f"no PUT to /tracks/{track} (saw {track_urls})",
+            )
+
+    def test_commits_after_all_track_updates(self):
+        session = self._run_main()
+        # All PUTs are track updates; commit is the second POST after the
+        # initial edit-create. Verify PUTs precede the commit by checking
+        # mock_calls order across both methods.
+        method_order = [c[0] for c in session.method_calls]
+        commit_idx = next(
+            i for i, m in enumerate(method_order)
+            if m == "post" and ":commit" in session.method_calls[i][1][0]
+        )
+        put_indices = [i for i, m in enumerate(method_order) if m == "put"]
+        self.assertEqual(len(put_indices), len(deploy_playstore.TRACKS))
+        self.assertTrue(all(i < commit_idx for i in put_indices))
+
 
 class TestUploadRetry(unittest.TestCase):
     def _run_main(self, upload_side_effects, sleep_mock=None):

test/widget/email_detail_screen_test.dart

@@ -582,6 +582,54 @@ void main() {
 
       expect(find.textContaining('Structure not available'), findsOneWidget);
     });
+
+    testWidgets(
+      'Load remote images snack bar auto-dismisses after 3 seconds',
+      (tester) async {
+        const body = EmailBody(
+          emailId: 'acc-1:42',
+          htmlBody: '<p>Hello <img src="https://example.com/x.png"/></p>',
+          attachments: [],
+        );
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation:
+                '/accounts/acc-1/mailboxes/INBOX/emails/acc-1%3A42',
+            overrides: _overrides(body: body),
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        // The "Load remote images" button is visible because the sender is
+        // not yet trusted.
+        expect(find.text('Load remote images'), findsOneWidget);
+
+        await tester.tap(find.text('Load remote images'));
+        // Settle the snack bar enter animation and the setState rebuild
+        // that swaps in the image-loading WebView.
+        await tester.pump();
+        await tester.pump(const Duration(milliseconds: 500));
+
+        // Snack bar must be visible.
+        expect(
+          find.text('Images will be loaded automatically for this sender.'),
+          findsOneWidget,
+        );
+
+        // After 3 seconds (the snack bar's duration) plus the reverse
+        // animation, the snack bar must be gone.
+        // Regression test for #484: SnackBar with an action defaults to
+        // persist=true, which disables auto-dismiss — explicit persist:false
+        // restores duration-based dismissal.
+        await tester.pump(const Duration(seconds: 4));
+        await tester.pumpAndSettle();
+
+        expect(
+          find.text('Images will be loaded automatically for this sender.'),
+          findsNothing,
+        );
+      },
+    );
   });
 }
 

test/widget/thread_detail_screen_test.dart

@@ -249,5 +249,59 @@ void main() {
 
       expect(find.text('Body content here'), findsOneWidget);
     });
+
+    testWidgets(
+      'Load remote images snack bar auto-dismisses after 3 seconds',
+      (tester) async {
+        final email = _threadEmail();
+        await tester.pumpWidget(
+          buildApp(
+            initialLocation: '/accounts/acc-1/mailboxes/INBOX/threads/thread-1',
+            overrides: [
+              accountRepositoryProvider.overrideWithValue(
+                FakeAccountRepository([kTestAccount]),
+              ),
+              mailboxRepositoryProvider.overrideWithValue(
+                FakeMailboxRepository(),
+              ),
+              emailRepositoryProvider.overrideWithValue(
+                FakeEmailRepository(
+                  emails: [email],
+                  emailBody: const EmailBody(
+                    emailId: 'acc-1:10',
+                    htmlBody:
+                        '<p>Hi <img src="https://example.com/x.png"/></p>',
+                    attachments: [],
+                  ),
+                ),
+              ),
+            ],
+          ),
+        );
+        await tester.pumpAndSettle();
+
+        expect(find.text('Load remote images'), findsOneWidget);
+
+        await tester.tap(find.text('Load remote images'));
+        await tester.pump();
+        await tester.pump(const Duration(milliseconds: 500));
+
+        expect(
+          find.text('Images will be loaded automatically for this sender.'),
+          findsOneWidget,
+        );
+
+        // Regression test for #484: SnackBar with an action defaults to
+        // persist=true, which disables auto-dismiss — explicit persist:false
+        // restores duration-based dismissal.
+        await tester.pump(const Duration(seconds: 4));
+        await tester.pumpAndSettle();
+
+        expect(
+          find.text('Images will be loaded automatically for this sender.'),
+          findsNothing,
+        );
+      },
+    );
   });
 }

test/widget/undo_log_detail_screen_test.dart

@@ -0,0 +1,176 @@
+import 'package:flutter/material.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:flutter_test/flutter_test.dart';
+import 'package:go_router/go_router.dart';
+
+import 'package:sharedinbox/core/models/email.dart';
+import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/di.dart';
+import 'package:sharedinbox/ui/screens/undo_log_detail_screen.dart';
+
+import 'helpers.dart';
+
+// FakeEmailRepository subclass that returns a pre-configured email from
+// findEmailByMessageId, so the tap handler in UndoLogDetailScreen can be
+// exercised without a real database.
+class _LookupEmailRepository extends FakeEmailRepository {
+  _LookupEmailRepository(this._lookup);
+
+  final Email? _lookup;
+
+  @override
+  Future<Email?> findEmailByMessageId(
+    String accountId,
+    String messageId,
+  ) async =>
+      _lookup;
+}
+
+UndoAction _action({
+  required List<Email> originalEmails,
+  String accountId = 'acc-1',
+}) =>
+    UndoAction(
+      id: 'undo-1',
+      accountId: accountId,
+      type: UndoType.move,
+      emailIds: originalEmails.map((e) => e.id).toList(),
+      sourceMailboxPath: 'INBOX',
+      destinationMailboxPath: 'Archive',
+      originalEmails: originalEmails,
+      timestamp: DateTime(2024, 6),
+    );
+
+Email _emailWith({
+  String id = 'acc-1:42',
+  String mailboxPath = 'INBOX',
+  String? messageId = '<msg-1@example.com>',
+}) =>
+    Email(
+      id: id,
+      accountId: 'acc-1',
+      mailboxPath: mailboxPath,
+      uid: 42,
+      subject: 'Hello world',
+      receivedAt: DateTime(2024, 6),
+      sentAt: DateTime(2024, 6),
+      from: const [EmailAddress(name: 'Bob', email: 'bob@example.com')],
+      to: const [EmailAddress(email: 'alice@example.com')],
+      cc: const [],
+      isSeen: false,
+      isFlagged: false,
+      hasAttachment: false,
+      messageId: messageId,
+    );
+
+// Builds a minimal app whose initial location is the undo log detail screen
+// for [action]. A placeholder email-detail route records its visit so the
+// test can assert which path the tap navigated to.
+Widget _buildApp({
+  required UndoAction action,
+  required FakeEmailRepository emailRepo,
+  ValueNotifier<String?>? lastEmailRoute,
+}) {
+  final router = GoRouter(
+    initialLocation: '/undo-detail',
+    routes: [
+      GoRoute(
+        path: '/undo-detail',
+        builder: (ctx, state) => UndoLogDetailScreen(action: action),
+      ),
+      GoRoute(
+        path: '/accounts/:accountId/mailboxes/:mailboxPath/emails/:emailId',
+        builder: (ctx, state) {
+          lastEmailRoute?.value = state.uri.toString();
+          return const Scaffold(body: Text('email-detail-route'));
+        },
+      ),
+    ],
+  );
+
+  return ProviderScope(
+    overrides: [
+      emailRepositoryProvider.overrideWithValue(emailRepo),
+    ],
+    child: MaterialApp.router(routerConfig: router),
+  );
+}
+
+void main() {
+  group('UndoLogDetailScreen email row tap', () {
+    testWidgets('navigates to the current location returned by lookup', (
+      tester,
+    ) async {
+      // Original row recorded INBOX/42; after the move it now lives in
+      // Archive with a fresh UID — the lookup is what bridges that gap.
+      final original = _emailWith();
+      final current = _emailWith(id: 'acc-1:77', mailboxPath: 'Archive');
+      final lastRoute = ValueNotifier<String?>(null);
+
+      await tester.pumpWidget(
+        _buildApp(
+          action: _action(originalEmails: [original]),
+          emailRepo: _LookupEmailRepository(current),
+          lastEmailRoute: lastRoute,
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Hello world'));
+      await tester.pumpAndSettle();
+
+      expect(find.text('email-detail-route'), findsOneWidget);
+      expect(
+        lastRoute.value,
+        '/accounts/acc-1/mailboxes/Archive/emails/acc-1%3A77',
+      );
+    });
+
+    testWidgets('shows snackbar when lookup returns null', (tester) async {
+      final original = _emailWith();
+      final lastRoute = ValueNotifier<String?>(null);
+
+      await tester.pumpWidget(
+        _buildApp(
+          action: _action(originalEmails: [original]),
+          emailRepo: _LookupEmailRepository(null),
+          lastEmailRoute: lastRoute,
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Hello world'));
+      await tester.pump();
+
+      expect(
+        find.textContaining('Email no longer exists'),
+        findsOneWidget,
+      );
+      expect(lastRoute.value, isNull);
+      expect(find.text('email-detail-route'), findsNothing);
+    });
+
+    testWidgets('shows snackbar when email has no Message-ID', (tester) async {
+      final original = _emailWith(messageId: null);
+      final lastRoute = ValueNotifier<String?>(null);
+
+      await tester.pumpWidget(
+        _buildApp(
+          action: _action(originalEmails: [original]),
+          // Lookup would succeed if called, but with no Message-ID the
+          // tap handler must short-circuit before reaching it.
+          emailRepo: _LookupEmailRepository(_emailWith()),
+          lastEmailRoute: lastRoute,
+        ),
+      );
+      await tester.pumpAndSettle();
+
+      await tester.tap(find.text('Hello world'));
+      await tester.pump();
+
+      expect(find.textContaining('no Message-ID'), findsOneWidget);
+      expect(lastRoute.value, isNull);
+      expect(find.text('email-detail-route'), findsNothing);
+    });
+  });
+}