feat: add combined inbox as the default startup view

Creates a Combined Inbox that shows threads from the INBOX mailbox of
every account, sorted by date. On first launch the app opens here; if
no accounts exist yet it redirects to the account list automatically.

- EmailRepository: add observeAllInboxThreads() — JOINs threads with
  mailboxes on role='inbox', covering both IMAP and JMAP accounts
- di.dart: add allAccountsProvider (StreamProvider for all accounts)
- CombinedInboxScreen: thread list with swipe-to-archive/delete, pull-
  to-refresh, load-more pagination, per-account name label, compose FAB,
  and a drawer linking to individual account mailboxes
- router.dart: add /inbox route; change initialLocation to /inbox
- Update all test fakes and mocks for the new abstract method

Closes #376

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.forgejo/Dockerfile

@@ -4,8 +4,18 @@
 # In systemd service:
 #    ExecStartPre=docker build -t forgejo-act-runner:latest /etc/forgejo/runner
 #    ExecStart=/usr/local/bin/forgejo-runner daemon --config /etc/forgejo/config.yml
+
 FROM ghcr.io/catthehacker/ubuntu:go-24.04
 
+# Infrastructure tools required by CI workflows
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    jq \
+    && rm -rf /var/lib/apt/lists/*
+
+# SOPS
+RUN curl -fsSL -o /usr/local/bin/sops https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64 \
+    && chmod +x /usr/local/bin/sops
+
 # Dagger CLI — pinned to match the engine version on the runner host
 RUN curl -fsSL https://dl.dagger.io/dagger/install.sh \
     | DAGGER_VERSION=0.20.8 BIN_DIR=/usr/local/bin sh

.forgejo/workflows/deploy.yml

@@ -34,14 +34,17 @@ jobs:
 
           HEAD_SHA=$(git rev-parse HEAD)
 
-          # Skip if this exact commit was already successfully deployed (prevents
-          # hourly schedule from redeploying the same commit on every tick).
+          # Find the most recent workflow run where deploy-playstore actually succeeded
+          # (not merely skipped). Bug fix: previous code used commit_sha (always None in
+          # Forgejo's API) instead of head_sha, causing LAST_DEPLOYED_SHA to be empty on
+          # every run and the fallback diff to only cover HEAD~1..HEAD.
           LAST_DEPLOYED_SHA=$(python3 - << 'PYEOF'
           import json, os, sys, urllib.request
           token = os.environ.get("FORGEJO_TOKEN", "")
           server = os.environ.get("GITHUB_SERVER_URL", "").rstrip("/")
           repo = os.environ.get("GITHUB_REPOSITORY", "")
-          url = f"{server}/api/v1/repos/{repo}/actions/runs?workflow_id=deploy.yml&status=success&limit=5"
+          base_api = f"{server}/api/v1/repos/{repo}/actions"
+          url = f"{base_api}/runs?workflow_id=deploy.yml&status=success&limit=10"
           req = urllib.request.Request(url, headers={"Authorization": f"token {token}"})
           try:
               with urllib.request.urlopen(req) as r:
@@ -50,30 +53,58 @@ jobs:
                   r for r in data.get("workflow_runs", [])
                   if r.get("status") == "success"
               ]
-              print(runs[0].get("commit_sha") or "")
+              # Walk runs newest-first; pick the first one where deploy-playstore
+              # actually ran (conclusion=success), not just skipped.
+              for run in runs:
+                  run_id = run.get("id")
+                  jobs_url = f"{base_api}/runs/{run_id}/jobs"
+                  jobs_req = urllib.request.Request(jobs_url, headers={"Authorization": f"token {token}"})
+                  try:
+                      with urllib.request.urlopen(jobs_req) as jr:
+                          jobs_data = json.loads(jr.read())
+                      for job in jobs_data.get("workflow_jobs", []):
+                          if "Deploy to Play Store" in job.get("name", "") and (
+                              job.get("conclusion") == "success" or
+                              job.get("status") == "success"
+                          ):
+                              print(run.get("head_sha") or "")
+                              sys.exit(0)
+                  except Exception:
+                      pass  # skip this run if jobs API fails
+              print("")
           except Exception as e:
-              print(f"API check failed: {e}", file=sys.stderr)
+              print(f"::error::LAST_DEPLOYED_SHA lookup failed ({type(e).__name__}: {e})")
               print("")
           PYEOF
           )
 
-          if [ -n "$LAST_DEPLOYED_SHA" ] && [ "$HEAD_SHA" = "$LAST_DEPLOYED_SHA" ]; then
-            echo "HEAD $HEAD_SHA already successfully deployed — skipping"
+          if [ -z "$LAST_DEPLOYED_SHA" ]; then
+            echo "::warning::Could not determine last successfully deployed SHA — deploying all targets as a precaution"
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "linux=true"   >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          if [ "$HEAD_SHA" = "$LAST_DEPLOYED_SHA" ]; then
+            echo "::notice::All deploys SKIPPED — HEAD $HEAD_SHA was already successfully deployed"
             echo "android=false" >> "$GITHUB_OUTPUT"
             echo "linux=false"   >> "$GITHUB_OUTPUT"
+            echo "skip_reason=commit $HEAD_SHA was already successfully deployed" >> "$GITHUB_OUTPUT"
             exit 0
           fi
 
           # Diff from the last successfully deployed commit to catch all changes since
-          # that deploy, not just the most recent commit. Falls back to HEAD~1 when
-          # LAST_DEPLOYED_SHA is unknown or not in local history.
-          if [ -n "$LAST_DEPLOYED_SHA" ] && git cat-file -e "$LAST_DEPLOYED_SHA" 2>/dev/null; then
+          # that deploy, not just the most recent commit. Deploy all targets when the
+          # SHA is not in local history (shallow clone or very old deploy).
+          if git cat-file -e "$LAST_DEPLOYED_SHA" 2>/dev/null; then
             echo "Diffing from last deployed SHA $LAST_DEPLOYED_SHA"
             CHANGED=$(git diff --name-only "$LAST_DEPLOYED_SHA" HEAD 2>/dev/null \
               || git show --name-only --format= HEAD)
           else
-            CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null \
-              || git show --name-only --format= HEAD)
+            echo "::warning::Last deployed SHA $LAST_DEPLOYED_SHA not in local history — deploying all targets as a precaution"
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "linux=true"   >> "$GITHUB_OUTPUT"
+            exit 0
           fi
 
           echo "Changed files:"
@@ -82,13 +113,25 @@ jobs:
           android_re='^(android/|integration_test/|lib/|pubspec\.yaml|pubspec\.lock|drift_schemas/|scripts/deploy_playstore\.py)'
           linux_re='^(linux/|lib/|pubspec\.yaml|pubspec\.lock)'
 
-          echo "$CHANGED" | grep -qE "$android_re" \
-            && echo "android=true" >> "$GITHUB_OUTPUT" \
-            || echo "android=false" >> "$GITHUB_OUTPUT"
+          if echo "$CHANGED" | grep -qE "$android_re"; then
+            echo "android=true" >> "$GITHUB_OUTPUT"
+            echo "Android deploy: TRIGGERED (android-relevant files changed)"
+            echo "::notice::Android deploy TRIGGERED — android-relevant files changed since $LAST_DEPLOYED_SHA"
+          else
+            echo "android=false" >> "$GITHUB_OUTPUT"
+            echo "Android deploy: SKIPPED (no android-relevant files changed)"
+            echo "::notice::Android deploy SKIPPED — diff $LAST_DEPLOYED_SHA..HEAD has no android-relevant changes"
+          fi
 
-          echo "$CHANGED" | grep -qE "$linux_re" \
-            && echo "linux=true"   >> "$GITHUB_OUTPUT" \
-            || echo "linux=false"  >> "$GITHUB_OUTPUT"
+          if echo "$CHANGED" | grep -qE "$linux_re"; then
+            echo "linux=true" >> "$GITHUB_OUTPUT"
+            echo "Linux deploy: TRIGGERED (linux-relevant files changed)"
+            echo "::notice::Linux deploy TRIGGERED — linux-relevant files changed since $LAST_DEPLOYED_SHA"
+          else
+            echo "linux=false" >> "$GITHUB_OUTPUT"
+            echo "Linux deploy: SKIPPED (no linux-relevant files changed)"
+            echo "::notice::Linux deploy SKIPPED — diff $LAST_DEPLOYED_SHA..HEAD has no linux-relevant changes"
+          fi
 
   deploy-playstore:
     name: Build & Deploy to Play Store
@@ -117,6 +160,12 @@ jobs:
           DAGGER_NO_NAG: "1"
         run: task publish-android
 
+      - name: Verify Play Store deployment
+        run: |
+          python3 -m venv /tmp/playstore-venv
+          /tmp/playstore-venv/bin/pip install google-auth requests --quiet
+          /tmp/playstore-venv/bin/python3 scripts/verify_playstore_deploy.py
+
 
   deploy-apk:
     name: Build & Deploy APK to Server

.fvmrc

@@ -1,3 +1,3 @@
 {
-  "flutter": "3.44.0"
+  "flutter": "3.44.1"
 }

DAGGER.md

@@ -39,7 +39,7 @@ WorkingDirectory=/home/dagger-svc
 # Replace 1003 with the actual UID of dagger-svc
 Environment=DOCKER_HOST=unix:///run/user/1003/podman/podman.sock
 Environment=XDG_RUNTIME_DIR=/run/user/1003
-ExecStart=/usr/bin/nix run github:dagger/nix/v0.11.4#dagger -- engine --addr tcp://0.0.0.0:8080
+ExecStart=/usr/bin/nix run github:dagger/nix/v0.20.8#dagger -- engine --addr tcp://0.0.0.0:8080
 Restart=always
 
 [Install]

Taskfile.yml

@@ -271,7 +271,7 @@ tasks:
       - sh: test -n "$SSH_KNOWN_HOSTS"
         msg: "SSH_KNOWN_HOSTS is not set"
     cmds:
-      - dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
+      - HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
 
   check-dagger:
     desc: Run full check suite via Dagger (with OTEL timing report if python3 is available)
@@ -294,7 +294,7 @@ tasks:
           for attempt in 1 2 3; do
             run_dagger "$@" && return 0
             RC=$?
-            if [ "$attempt" -lt 3 ] && { grep -qE "connection reset|context canceled|context deadline exceeded|connection refused|invalid return status code" "$DAGGER_OUT" || [ "$RC" -eq 2 ]; }; then
+            if [ "$attempt" -lt 3 ] && { grep -qE "connection reset|context deadline exceeded|connection refused|invalid return status code" "$DAGGER_OUT" || [ "$RC" -eq 2 ]; }; then
               echo "$(_ts) dagger: network error on attempt $attempt/3, retrying..." >&2
             elif [ "$attempt" -lt 3 ] && grep -q "No space left on device" "$DAGGER_OUT"; then
               echo "$(_ts) dagger: disk space error on attempt $attempt/3, pruning Dagger cache..." >&2

ci/go.mod

@@ -7,8 +7,8 @@ require (
 	github.com/Khan/genqlient v0.8.1
 	github.com/dagger/otel-go v1.43.0
 	github.com/vektah/gqlparser/v2 v2.5.33
-	go.opentelemetry.io/otel v1.43.0
-	go.opentelemetry.io/otel/trace v1.43.0
+	go.opentelemetry.io/otel v1.44.0
+	go.opentelemetry.io/otel/trace v1.44.0
 )
 
 require (
@@ -21,33 +21,25 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect
 	github.com/sosodev/duration v1.4.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.17.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.17.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 // indirect
-	go.opentelemetry.io/otel/log v0.17.0 // indirect
-	go.opentelemetry.io/otel/metric v1.43.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.43.0
-	go.opentelemetry.io/otel/sdk/log v0.17.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.20.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.20.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 // indirect
+	go.opentelemetry.io/otel/log v0.20.0 // indirect
+	go.opentelemetry.io/otel/metric v1.44.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.44.0
+	go.opentelemetry.io/otel/sdk/log v0.20.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.44.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.10.0 // indirect
 	golang.org/x/net v0.52.0 // indirect
-	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.44.0 // indirect
 	golang.org/x/text v0.35.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 // indirect
-	google.golang.org/grpc v1.79.3 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect
+	google.golang.org/grpc v1.80.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 )
-
-replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0
-
-replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.19.0
-
-replace go.opentelemetry.io/otel/log => go.opentelemetry.io/otel/log v0.19.0
-
-replace go.opentelemetry.io/otel/sdk/log => go.opentelemetry.io/otel/sdk/log v0.19.0

ci/go.sum

@@ -43,36 +43,65 @@ go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I=
 go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0=
+go.opentelemetry.io/otel v1.44.0 h1:JjwHmHpA4iZ3wBxluu2fbbE7j4kqlE8jXyAyPXH7HqU=
+go.opentelemetry.io/otel v1.44.0/go.mod h1:BMgjTHL9WPRlRjL2oZCBTL4whCGtXch2H4BhOPIAyYc=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0 h1:ZVg+kCXxd9LtAaQNKBxAvJ5NpMf7LpvEr4MIZqb0TMQ=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0/go.mod h1:hh0tMeZ75CCXrHd9OXRYxTlCAdxcXioWHFIpYw2rZu8=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.20.0 h1:rydZ9sxbcFdm/oWrVyfLTjHIygMgv0bEeMd+3B/BvoM=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.20.0/go.mod h1:earQ25dooT0Hhspq59DZ8YCC50jWfOlFEeWoxy/P444=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0 h1:djrxvDxAe44mJUrKataUbOhCKhR3F8QCyWucO16hTQs=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.16.0/go.mod h1:dt3nxpQEiSoKvfTVxp3TUg5fHPLhKtbcnN3Z1I1ePD0=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.20.0 h1:owlhcJ3QO3X0YTDTCcDZ4V+6aVDkWbNmBoQ5NUp7Oww=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.20.0/go.mod h1:MP4eemTiI9zC8fgg+DYynhYDYf3ba72S376TvP+Ye0Q=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.41.0 h1:VO3BL6OZXRQ1yQc8W6EVfJzINeJ35BkiHx4MYfoQf44=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.41.0/go.mod h1:qRDnJ2nv3CQXMK2HUd9K9VtvedsPAce3S+/4LZHjX/s=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0 h1:SUplec5dp06reu1zaXmOXdvqH398taqrDXqUl99jxSc=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.44.0/go.mod h1:ho2g4N+ane+swq5I/VBkKWnRDY4kUINH3FuqyZqX/Ug=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.41.0 h1:MMrOAN8H1FrvDyq9UJ4lu5/+ss49Qgfgb7Zpm0m8ABo=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.41.0/go.mod h1:Na+2NNASJtF+uT4NxDe0G+NQb+bUgdPDfwxY/6JmS/c=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0 h1:RuynHbfU8JUEw7DyONgkVYg2SVtsoF28y0LGIr69jgA=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.44.0/go.mod h1:qZF+/lBs71APw8mlnEZcqZHMzqrYrsFiJOv83lX1OGo=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 h1:ao6Oe+wSebTlQ1OEht7jlYTzQKE+pnx/iNywFvTbuuI=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0/go.mod h1:u3T6vz0gh/NVzgDgiwkgLxpsSF6PaPmo2il0apGJbls=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0 h1:4YsVu3B8+3qtWYYrsUYgn0OG78pN0rnNPRGX4SbokQI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0/go.mod h1:+wnlSn0mD1ADVMe3v9Z/WIaiz6q6gL2J/ejaAmdmv80=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 h1:mq/Qcf28TWz719lE3/hMB4KkyDuLJIvgJnFGcd0kEUI=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0/go.mod h1:yk5LXEYhsL2htyDNJbEq7fWzNEigeEdV5xBF/Y+kAv0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0 h1:qazEJlUOQzhCpzQpFETGby7EdqjI1wsd0W+6Gg1SCTU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0/go.mod h1:fOD2Yefuxixkx3ahVNf0O/PERb6r4OlbxfATVnYvzCo=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 h1:inYW9ZhgqiDqh6BioM7DVHHzEGVq76Db5897WLGZ5Go=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0/go.mod h1:Izur+Wt8gClgMJqO/cZ8wdeeMryJ/xxiOVgFSSfpDTY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 h1:lgh3PiVrRUWMLOVSkQicxzZll5NjF1r+AtsX1XRIHw0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0/go.mod h1:5Cnhth3m/AgOeTgE3ex12pPmiu/gGtZit03kSzx9X7s=
 go.opentelemetry.io/otel/log v0.16.0 h1:DeuBPqCi6pQwtCK0pO4fvMB5eBq6sNxEnuTs88pjsN4=
 go.opentelemetry.io/otel/log v0.16.0/go.mod h1:rWsmqNVTLIA8UnwYVOItjyEZDbKIkMxdQunsIhpUMes=
+go.opentelemetry.io/otel/log v0.20.0 h1:/5i0vuHxCLWUfChWG41K9wkM0jafruPw9NU1/RCJirs=
+go.opentelemetry.io/otel/log v0.20.0/go.mod h1:wOcMcjsZpG8x7Bak7IhSi/lg8wscV2C1VdrKCLPlt0E=
 go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM=
 go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY=
+go.opentelemetry.io/otel/metric v1.44.0 h1:1w0gILTcHdr3YI+ixLyjemwrVnsMURbTZFrSYCdDdmc=
+go.opentelemetry.io/otel/metric v1.44.0/go.mod h1:8O7hanEPBNgEMmybD3s2VBKcgWOCsA6tzHBPODAiquo=
 go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg=
 go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg=
+go.opentelemetry.io/otel/sdk v1.44.0 h1:nHYwb9lK+fJPU/dnT6s7W7Z8itMWyqrnVfbheVYrZ58=
+go.opentelemetry.io/otel/sdk v1.44.0/go.mod h1:Osuydd3Se74nqjAKxid74N5eC+jfEqfTegHRnq58oK0=
 go.opentelemetry.io/otel/sdk/log v0.16.0 h1:e/b4bdlQwC5fnGtG3dlXUrNOnP7c8YLVSpSfEBIkTnI=
 go.opentelemetry.io/otel/sdk/log v0.16.0/go.mod h1:JKfP3T6ycy7QEuv3Hj8oKDy7KItrEkus8XJE6EoSzw4=
+go.opentelemetry.io/otel/sdk/log v0.20.0 h1:vM3xI7TQgKPiSghe6urZtAkyFY7SodrSpC83CffDFuY=
+go.opentelemetry.io/otel/sdk/log v0.20.0/go.mod h1:Knej2nmsTUzN79T2eeXdRsjjPcoxoq2pUyUHz9TFyyU=
 go.opentelemetry.io/otel/sdk/log/logtest v0.16.0 h1:/XVkpZ41rVRTP4DfMgYv1nEtNmf65XPPyAdqV90TMy4=
 go.opentelemetry.io/otel/sdk/log/logtest v0.16.0/go.mod h1:iOOPgQr5MY9oac/F5W86mXdeyWZGleIx3uXO98X2R6Y=
 go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw=
 go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A=
+go.opentelemetry.io/otel/sdk/metric v1.44.0 h1:3LlKgI+VjbVsjNRFZJZAJ30WjXC5VkNRks6si09iEfI=
+go.opentelemetry.io/otel/sdk/metric v1.44.0/go.mod h1:5B5pMARnXxKhltooO4xUuCBorl65a4EpnTalObqOigA=
 go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A=
 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
+go.opentelemetry.io/otel/trace v1.44.0 h1:jxF5CsGYCe74MCRx2X4g7WsY/VBKRqqpNvXlX/6gtIk=
+go.opentelemetry.io/otel/trace v1.44.0/go.mod h1:oLl1jrMQAVo6v3GAggN+1VH9VIz9iUSvW53sW1Q8PIE=
 go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
 go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
+go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
@@ -87,10 +116,13 @@ gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 h1:tu/dtnW1o3wfaxCOjSLn5IRX4YDcJrtlpzYkhHhGaC4=
 google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171/go.mod h1:M5krXqk4GhBKvB596udGL3UyjL4I1+cTbK0orROM9ng=
+google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 h1:ggcbiqK8WWh6l1dnltU4BgWGIGo+EVYxCaAPih/zQXQ=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
 google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
 google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

ci/main.go

@@ -338,7 +338,12 @@ func (m *Ci) Deployer(sshKey *dagger.Secret, knownHosts *dagger.Secret) *dagger.
 	return dag.Container().
 		From("alpine:3.21").
 		WithExec([]string{"apk", "--no-cache", "add", "rsync", "openssh-client", "python3", "tar"}).
-		WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
+		// Mount at a raw path so we can normalise before use: strip any CRLF line
+		// endings that appear when the key is stored or exported on Windows, which
+		// cause "error in libcrypto" in Alpine's LibreSSL-backed openssh.
+		WithMountedSecret("/root/.ssh/id_ed25519.raw", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
+		WithExec([]string{"sh", "-c",
+			"tr -d '\\r' < /root/.ssh/id_ed25519.raw > /root/.ssh/id_ed25519 && chmod 600 /root/.ssh/id_ed25519"}).
 		WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
 		WithEnvVariable("RSYNC_RSH", "ssh -i /root/.ssh/id_ed25519")
 }
@@ -480,11 +485,18 @@ func (m *Ci) Check(ctx context.Context) (string, error) {
 	ctx, cancel := context.WithTimeout(ctx, 30*time.Minute)
 	defer cancel()
 
-	if _, err := m.CheckHygiene(ctx); err != nil {
-		return "Hygiene check failed", err
-	}
-	if _, err := m.CheckLayers(ctx); err != nil {
-		return "Layer check failed", err
+	// Run cheap structural checks in parallel for faster fail detection.
+	var fastEg errgroup.Group
+	fastEg.Go(func() error {
+		_, err := m.CheckHygiene(ctx)
+		return err
+	})
+	fastEg.Go(func() error {
+		_, err := m.CheckLayers(ctx)
+		return err
+	})
+	if err := fastEg.Wait(); err != nil {
+		return "", err
 	}
 
 	checkSetup := m.setup(m.checkSrc())
@@ -508,16 +520,19 @@ func (m *Ci) Check(ctx context.Context) (string, error) {
 		return coverage, err
 	}
 
+	// Use errgroup.Group (not WithContext) so a failing test does not cancel its
+	// sibling via context — which would surface as "context canceled" in dagger
+	// output and trigger spurious retries in check-dagger.
 	var testBackend, testIntegration string
-	eg, egCtx := errgroup.WithContext(ctx)
+	var eg errgroup.Group
 	eg.Go(func() error {
 		var e error
-		testBackend, e = m.TestBackend(egCtx)
+		testBackend, e = m.TestBackend(ctx)
 		return e
 	})
 	eg.Go(func() error {
 		var e error
-		testIntegration, e = m.TestIntegration(egCtx)
+		testIntegration, e = m.TestIntegration(ctx)
 		return e
 	})
 	if err := eg.Wait(); err != nil {
@@ -559,6 +574,8 @@ func (m *Ci) BuildWebsite(
 	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
+	// +optional
+	commitHash string,
 ) *dagger.Directory {
 	buildHistory := m.GenerateBuildHistory(ctx, sshKey, knownHosts, sshUser, sshHost)
 
@@ -566,9 +583,13 @@ func (m *Ci) BuildWebsite(
 		Include: []string{"website/"},
 	}).WithDirectory("website/content/builds", buildHistory)
 
-	return m.Hugo().
+	hugo := m.Hugo().
 		WithDirectory("/src", websiteSource).
-		WithWorkdir("/src/website").
+		WithWorkdir("/src/website")
+	if commitHash != "" {
+		hugo = hugo.WithEnvVariable("HUGO_PARAMS_GITVERSION", commitHash)
+	}
+	return hugo.
 		WithExec([]string{"hugo", "--minify"}).
 		Directory("public")
 }
@@ -580,8 +601,10 @@ func (m *Ci) PublishWebsite(
 	knownHosts *dagger.Secret,
 	sshUser string,
 	sshHost string,
+	// +optional
+	commitHash string,
 ) (string, error) {
-	public := m.BuildWebsite(ctx, sshKey, knownHosts, sshUser, sshHost)
+	public := m.BuildWebsite(ctx, sshKey, knownHosts, sshUser, sshHost, commitHash)
 
 	return m.Deployer(sshKey, knownHosts).
 		WithDirectory("/public", public).

lib/core/db_schema_version.dart

@@ -1 +1 @@
-const int dbSchemaVersion = 36;
+const int dbSchemaVersion = 37;

lib/core/repositories/email_repository.dart

@@ -15,6 +15,10 @@ abstract class EmailRepository {
     int limit = 50,
   });
 
+  /// Returns threads from the INBOX of every account, sorted by latest date.
+  /// Inbox mailboxes are matched by role = 'inbox'.
+  Stream<List<EmailThread>> observeAllInboxThreads({int limit = 50});
+
   /// Returns all emails belonging to [threadId] in [mailboxPath].
   Stream<List<Email>> observeEmailsInThread(
     String accountId,

lib/core/repositories/user_preferences_repository.dart

@@ -5,4 +5,8 @@ abstract class UserPreferencesRepository {
   Future<void> updateMenuPosition(MenuPosition position);
   Future<void> updateMailViewButtonPosition(MenuPosition position);
   Future<void> updateAfterMailViewAction(AfterMailViewAction action);
+
+  Stream<List<String>> observeTrustedImageSenders();
+  Future<void> addTrustedImageSender(String senderEmail);
+  Future<void> removeTrustedImageSender(String senderEmail);
 }

lib/data/db/database.dart

@@ -307,6 +307,17 @@ class LocalSieveApplied extends Table {
   Set<Column> get primaryKey => {accountId, messageId};
 }
 
+/// Senders for whom remote images are loaded automatically.
+/// Per-device/per-user — not tied to any email account.
+@DataClassName('ImageTrustedSenderRow')
+class ImageTrustedSenders extends Table {
+  TextColumn get senderEmail => text()();
+  DateTimeColumn get addedAt => dateTime()();
+
+  @override
+  Set<Column> get primaryKey => {senderEmail};
+}
+
 /// App-wide user preferences, stored as a singleton row (id always 1).
 @DataClassName('UserPreferencesRow')
 class UserPreferences extends Table {
@@ -345,6 +356,7 @@ class UserPreferences extends Table {
     LocalSieveApplied,
     ShareKeys,
     UserPreferences,
+    ImageTrustedSenders,
   ],
 )
 class AppDatabase extends _$AppDatabase {
@@ -611,6 +623,9 @@ class AppDatabase extends _$AppDatabase {
               userPreferences.afterMailViewAction,
             );
           }
+          if (from < 37) {
+            await m.createTable(imageTrustedSenders);
+          }
         },
       );
 }

lib/data/repositories/email_repository_impl.dart

@@ -95,6 +95,26 @@ class EmailRepositoryImpl implements EmailRepository {
         .map((rows) => rows.map(_threadRowToModel).toList());
   }
 
+  @override
+  Stream<List<model.EmailThread>> observeAllInboxThreads({int limit = 50}) {
+    final query = _db.select(_db.threads).join([
+      innerJoin(
+        _db.mailboxes,
+        _db.mailboxes.accountId.equalsExp(_db.threads.accountId) &
+            _db.mailboxes.path.equalsExp(_db.threads.mailboxPath),
+      ),
+    ]);
+    query
+      ..where(_db.mailboxes.role.equals('inbox'))
+      ..orderBy([OrderingTerm.desc(_db.threads.latestDate)])
+      ..limit(limit);
+    return query.watch().map(
+          (rows) => rows
+              .map((row) => _threadRowToModel(row.readTable(_db.threads)))
+              .toList(),
+        );
+  }
+
   model.EmailThread _threadRowToModel(ThreadRow row) {
     List<model.EmailAddress> parseAddresses(String json) {
       final list = jsonDecode(json) as List<dynamic>;
@@ -2963,6 +2983,20 @@ class EmailRepositoryImpl implements EmailRepository {
   }) async {
     if (query.length < 2) return [];
     final pattern = '%${query.toLowerCase()}%';
+
+    // Addresses we deliberately wrote to (sent folder) should appear before
+    // addresses that happened to email us (inbox/other folders).
+    final sentMailboxes = await (_db.select(_db.mailboxes)
+          ..where((t) {
+            Expression<bool> cond = t.role.equals('sent');
+            if (accountId != null) {
+              cond = t.accountId.equals(accountId) & cond;
+            }
+            return cond;
+          }))
+        .get();
+    final sentPaths = {for (final m in sentMailboxes) m.path};
+
     final rows = await (_db.select(_db.emails)
           ..where((t) {
             Expression<bool> cond = const Constant(true);
@@ -2977,11 +3011,22 @@ class EmailRepositoryImpl implements EmailRepository {
           ..limit(100))
         .get();
 
+    // Two passes: sent-folder rows first (prioritise recipients we chose),
+    // then other rows (senders who contacted us).
+    final sortedRows = [
+      ...rows.where((r) => sentPaths.contains(r.mailboxPath)),
+      ...rows.where((r) => !sentPaths.contains(r.mailboxPath)),
+    ];
+
     final seen = <String>{};
     final results = <model.EmailAddress>[];
     final lowerQuery = query.toLowerCase();
-    for (final row in rows) {
-      for (final jsonStr in [row.fromJson, row.toAddresses, row.ccJson]) {
+    for (final row in sortedRows) {
+      final isSent = sentPaths.contains(row.mailboxPath);
+      final fields = isSent
+          ? [row.toAddresses, row.ccJson, row.fromJson]
+          : [row.fromJson, row.toAddresses, row.ccJson];
+      for (final jsonStr in fields) {
         final list = jsonDecode(jsonStr) as List<dynamic>;
         for (final e in list) {
           final map = e as Map<String, dynamic>;

lib/data/repositories/user_preferences_repository_impl.dart

@@ -50,6 +50,31 @@ class UserPreferencesRepositoryImpl implements UserPreferencesRepository {
         );
   }
 
+  @override
+  Stream<List<String>> observeTrustedImageSenders() {
+    return (_db.select(_db.imageTrustedSenders)
+          ..orderBy([(t) => OrderingTerm.desc(t.addedAt)]))
+        .watch()
+        .map((rows) => rows.map((r) => r.senderEmail).toList());
+  }
+
+  @override
+  Future<void> addTrustedImageSender(String senderEmail) async {
+    await _db.into(_db.imageTrustedSenders).insertOnConflictUpdate(
+          ImageTrustedSendersCompanion(
+            senderEmail: Value(senderEmail.toLowerCase()),
+            addedAt: Value(DateTime.now()),
+          ),
+        );
+  }
+
+  @override
+  Future<void> removeTrustedImageSender(String senderEmail) async {
+    await (_db.delete(_db.imageTrustedSenders)
+          ..where((t) => t.senderEmail.equals(senderEmail.toLowerCase())))
+        .go();
+  }
+
   static pref.UserPreferences _rowToModel(UserPreferencesRow? row) {
     if (row == null) return const pref.UserPreferences();
     return pref.UserPreferences(

lib/di.dart

@@ -211,10 +211,38 @@ class EmailDetailNotifier extends AsyncNotifier<(Email?, EmailBody)> {
       repo.getEmailBody(_emailId),
     ]);
     unawaited(repo.setFlag(_emailId, seen: true));
+    final header = results[0] as Email?;
+    if (header != null) {
+      unawaited(_prefetchNextEmailBody(repo, header));
+    }
     return (results[0] as Email?, results[1] as EmailBody);
   }
+
+  Future<void> _prefetchNextEmailBody(
+    EmailRepository repo,
+    Email header,
+  ) async {
+    final prefs = ref.read(userPreferencesProvider).value;
+    final action =
+        prefs?.afterMailViewAction ?? AfterMailViewAction.nextMessage;
+    if (action != AfterMailViewAction.nextMessage) return;
+
+    final threads =
+        await repo.observeThreads(header.accountId, header.mailboxPath).first;
+    final currentIndex = threads.indexWhere(
+      (t) => t.emailIds.contains(_emailId),
+    );
+    if (currentIndex < 0 || currentIndex + 1 >= threads.length) return;
+
+    final nextId = threads[currentIndex + 1].latestEmailId;
+    await repo.getEmailBody(nextId);
+  }
 }
 
+final allAccountsProvider = StreamProvider<List<model.Account>>((ref) {
+  return ref.watch(accountRepositoryProvider).observeAccounts();
+});
+
 final accountByIdProvider =
     StreamProvider.autoDispose.family<model.Account?, String>((ref, accountId) {
   return ref.watch(accountRepositoryProvider).observeAccounts().map(
@@ -247,3 +275,10 @@ final userPreferencesProvider = StreamProvider.autoDispose<UserPreferences>((
 ) {
   return ref.watch(userPreferencesRepositoryProvider).observePreferences();
 });
+
+final trustedImageSendersProvider =
+    StreamProvider.autoDispose<List<String>>((ref) {
+  return ref
+      .watch(userPreferencesRepositoryProvider)
+      .observeTrustedImageSenders();
+});

lib/ui/router.dart

@@ -4,6 +4,7 @@ import 'package:sharedinbox/core/models/sieve_script.dart';
 
 import 'package:sharedinbox/ui/screens/about_screen.dart';
 import 'package:sharedinbox/ui/screens/account_list_screen.dart';
+import 'package:sharedinbox/ui/screens/combined_inbox_screen.dart';
 import 'package:sharedinbox/ui/screens/account_receive_screen.dart';
 import 'package:sharedinbox/ui/screens/account_send_screen.dart';
 import 'package:sharedinbox/ui/screens/add_account_screen.dart';
@@ -24,11 +25,15 @@ import 'package:sharedinbox/ui/screens/user_preferences_screen.dart';
 import 'package:sharedinbox/ui/widgets/undo_shell.dart';
 
 final router = GoRouter(
-  initialLocation: '/accounts',
+  initialLocation: '/inbox',
   routes: [
     ShellRoute(
       builder: (ctx, state, child) => UndoShell(child: child),
       routes: [
+        GoRoute(
+          path: '/inbox',
+          builder: (ctx, state) => const CombinedInboxScreen(),
+        ),
         GoRoute(
           path: '/accounts',
           builder: (ctx, state) => const AccountListScreen(),

lib/ui/screens/combined_inbox_screen.dart

@@ -0,0 +1,393 @@
+import 'dart:async';
+
+import 'package:flutter/material.dart';
+import 'package:flutter_riverpod/flutter_riverpod.dart';
+import 'package:go_router/go_router.dart';
+import 'package:intl/intl.dart';
+
+import 'package:sharedinbox/core/models/account.dart';
+import 'package:sharedinbox/core/models/email.dart';
+import 'package:sharedinbox/core/models/undo_action.dart';
+import 'package:sharedinbox/di.dart';
+
+final _dateFmt = DateFormat('MMM d');
+final _formattedDates = <int, String>{};
+
+int _dayKey(DateTime dt) => dt.year * 10000 + dt.month * 100 + dt.day;
+
+String _fmtDate(DateTime dt) =>
+    _formattedDates[_dayKey(dt)] ??= _dateFmt.format(dt);
+
+class CombinedInboxScreen extends ConsumerStatefulWidget {
+  const CombinedInboxScreen({super.key});
+
+  @override
+  ConsumerState<CombinedInboxScreen> createState() =>
+      _CombinedInboxScreenState();
+}
+
+class _CombinedInboxScreenState extends ConsumerState<CombinedInboxScreen> {
+  static const _pageSize = 50;
+  int _limit = _pageSize;
+
+  @override
+  Widget build(BuildContext context) {
+    final accountsAsync = ref.watch(allAccountsProvider);
+
+    return accountsAsync.when(
+      loading: () => const Scaffold(
+        body: Center(child: CircularProgressIndicator()),
+      ),
+      error: (e, _) => Scaffold(
+        body: Center(child: Text('Error: $e')),
+      ),
+      data: (accounts) {
+        if (accounts.isEmpty) {
+          WidgetsBinding.instance.addPostFrameCallback((_) {
+            if (context.mounted) context.go('/accounts');
+          });
+          return const Scaffold(
+            body: Center(child: CircularProgressIndicator()),
+          );
+        }
+
+        final accountNames = {
+          for (final a in accounts) a.id: a.displayName,
+        };
+        final showAccount = accounts.length > 1;
+
+        return Scaffold(
+          appBar: _buildAppBar(accounts),
+          drawer: _buildDrawer(context, accounts),
+          body: _buildBody(accountNames, showAccount),
+          floatingActionButton: FloatingActionButton(
+            onPressed: () => context.push('/compose'),
+            child: const Icon(Icons.edit),
+          ),
+        );
+      },
+    );
+  }
+
+  PreferredSizeWidget _buildAppBar(List<Account> accounts) {
+    return AppBar(
+      title: const Text('Combined Inbox'),
+      actions: [
+        IconButton(
+          icon: const Icon(Icons.search),
+          tooltip: 'Search',
+          onPressed: () => context.push('/search'),
+        ),
+        IconButton(
+          icon: const Icon(Icons.sync),
+          tooltip: 'Sync all',
+          onPressed: () {
+            for (final a in accounts) {
+              ref.read(syncManagerProvider).syncNow(a.id);
+            }
+          },
+        ),
+      ],
+    );
+  }
+
+  Widget _buildDrawer(BuildContext context, List<Account> accounts) {
+    return Drawer(
+      child: ListView(
+        padding: EdgeInsets.zero,
+        children: [
+          const DrawerHeader(
+            decoration: BoxDecoration(color: Colors.blueGrey),
+            child: Text(
+              'sharedinbox.de',
+              style: TextStyle(color: Colors.white, fontSize: 24),
+            ),
+          ),
+          ListTile(
+            leading: const Icon(Icons.manage_accounts),
+            title: const Text('Accounts'),
+            onTap: () {
+              Navigator.pop(context);
+              context.go('/accounts');
+            },
+          ),
+          ListTile(
+            leading: const Icon(Icons.person_add),
+            title: const Text('Add account'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/add'));
+            },
+          ),
+          const Divider(),
+          for (final account in accounts)
+            ListTile(
+              leading: const Icon(Icons.inbox),
+              title: Text(account.displayName),
+              subtitle: Text(account.email),
+              onTap: () {
+                Navigator.pop(context);
+                unawaited(context.push('/accounts/${account.id}/mailboxes'));
+              },
+            ),
+          const Divider(),
+          ListTile(
+            leading: const Icon(Icons.settings),
+            title: const Text('Preferences'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/preferences'));
+            },
+          ),
+          ListTile(
+            leading: const Icon(Icons.history),
+            title: const Text('Undo Log'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/undo-log'));
+            },
+          ),
+          ListTile(
+            leading: const Icon(Icons.info_outline),
+            title: const Text('About'),
+            onTap: () {
+              Navigator.pop(context);
+              unawaited(context.push('/accounts/about'));
+            },
+          ),
+        ],
+      ),
+    );
+  }
+
+  Widget _buildBody(Map<String, String> accountNames, bool showAccount) {
+    final emailRepo = ref.watch(emailRepositoryProvider);
+    return RefreshIndicator(
+      onRefresh: () async {
+        final accounts = ref.read(allAccountsProvider).value ?? [];
+        for (final a in accounts) {
+          ref.read(syncManagerProvider).syncNow(a.id);
+        }
+      },
+      child: StreamBuilder<List<EmailThread>>(
+        stream: emailRepo.observeAllInboxThreads(limit: _limit),
+        builder: (ctx, snap) {
+          if (!snap.hasData) {
+            return const Center(child: CircularProgressIndicator());
+          }
+          final threads = snap.data!;
+          if (threads.isEmpty) {
+            return ListView(
+              children: const [
+                SizedBox(
+                  height: 300,
+                  child: Center(child: Text('No emails')),
+                ),
+              ],
+            );
+          }
+          return _buildThreadList(threads, accountNames, showAccount);
+        },
+      ),
+    );
+  }
+
+  Widget _buildThreadList(
+    List<EmailThread> threads,
+    Map<String, String> accountNames,
+    bool showAccount,
+  ) {
+    final hasMore = threads.length == _limit;
+    return ListView.builder(
+      itemCount: threads.length + (hasMore ? 1 : 0),
+      itemBuilder: (ctx, i) {
+        if (i == threads.length) {
+          return TextButton(
+            onPressed: () => setState(() => _limit += _pageSize),
+            child: const Text('Load more'),
+          );
+        }
+        return _buildThreadTile(ctx, threads[i], accountNames, showAccount);
+      },
+    );
+  }
+
+  Widget _buildThreadTile(
+    BuildContext ctx,
+    EmailThread t,
+    Map<String, String> accountNames,
+    bool showAccount,
+  ) {
+    final senderNames =
+        t.participants.map((a) => a.name ?? a.email).take(3).join(', ');
+
+    final tile = ListTile(
+      leading: Icon(
+        t.hasUnread ? Icons.mail : Icons.mail_outline,
+        color: t.hasUnread ? Theme.of(ctx).colorScheme.primary : null,
+      ),
+      title: Row(
+        children: [
+          Expanded(
+            child: Text(
+              senderNames.isEmpty ? '(unknown)' : senderNames,
+              style: t.hasUnread
+                  ? const TextStyle(fontWeight: FontWeight.bold)
+                  : null,
+              overflow: TextOverflow.ellipsis,
+            ),
+          ),
+          if (t.messageCount > 1)
+            Padding(
+              padding: const EdgeInsets.only(left: 4),
+              child: Text(
+                '[${t.messageCount}]',
+                style: Theme.of(ctx).textTheme.bodySmall,
+              ),
+            ),
+        ],
+      ),
+      subtitle: Column(
+        crossAxisAlignment: CrossAxisAlignment.start,
+        children: [
+          Text(
+            t.subject ?? '(no subject)',
+            maxLines: 1,
+            overflow: TextOverflow.ellipsis,
+            style: t.hasUnread
+                ? const TextStyle(fontWeight: FontWeight.bold)
+                : null,
+          ),
+          if (t.preview != null && t.preview!.isNotEmpty)
+            Text(
+              t.preview!,
+              maxLines: 1,
+              overflow: TextOverflow.ellipsis,
+              style: Theme.of(ctx).textTheme.bodySmall,
+            ),
+          if (showAccount)
+            Text(
+              accountNames[t.accountId] ?? t.accountId,
+              maxLines: 1,
+              overflow: TextOverflow.ellipsis,
+              style: Theme.of(ctx).textTheme.bodySmall?.copyWith(
+                    color: Theme.of(ctx).colorScheme.primary,
+                  ),
+            ),
+        ],
+      ),
+      trailing: Row(
+        mainAxisSize: MainAxisSize.min,
+        children: [
+          if (t.isFlagged)
+            const Icon(Icons.star, color: Colors.amber, size: 16),
+          const SizedBox(width: 4),
+          Text(
+            _fmtDate(t.latestDate),
+            style: Theme.of(ctx).textTheme.bodySmall,
+          ),
+        ],
+      ),
+      onTap: t.messageCount > 1
+          ? () => context.push(
+                '/accounts/${t.accountId}/mailboxes'
+                '/${Uri.encodeComponent(t.mailboxPath)}'
+                '/threads/${Uri.encodeComponent(t.threadId)}',
+              )
+          : () => context.push(
+                '/accounts/${t.accountId}/mailboxes'
+                '/${Uri.encodeComponent(t.mailboxPath)}'
+                '/emails/${Uri.encodeComponent(t.latestEmailId)}',
+              ),
+    );
+
+    return Dismissible(
+      key: ValueKey('${t.accountId}:${t.threadId}'),
+      background: _swipeBackground(
+        alignment: Alignment.centerLeft,
+        color: Colors.green,
+        icon: Icons.archive,
+        label: 'Archive',
+      ),
+      secondaryBackground: _swipeBackground(
+        alignment: Alignment.centerRight,
+        color: Colors.red,
+        icon: Icons.delete,
+        label: 'Delete',
+      ),
+      onDismissed: (direction) => unawaited(_onSwipeDismissed(t, direction)),
+      child: tile,
+    );
+  }
+
+  Future<void> _onSwipeDismissed(
+    EmailThread t,
+    DismissDirection direction,
+  ) async {
+    final repo = ref.read(emailRepositoryProvider);
+
+    final originalEmails = (await Future.wait(
+      t.emailIds.map((id) => repo.getEmail(id)),
+    ))
+        .whereType<Email>()
+        .toList();
+
+    if (direction == DismissDirection.startToEnd) {
+      final archive = await ref
+          .read(mailboxRepositoryProvider)
+          .findMailboxByRole(t.accountId, 'archive');
+      if (!mounted || archive == null) return;
+
+      for (final id in t.emailIds) {
+        await repo.moveEmail(id, archive.path);
+      }
+      final action = UndoAction(
+        id: DateTime.now().toIso8601String(),
+        accountId: t.accountId,
+        type: UndoType.move,
+        emailIds: t.emailIds,
+        sourceMailboxPath: t.mailboxPath,
+        destinationMailboxPath: archive.path,
+        originalEmails: originalEmails,
+      );
+      unawaited(ref.read(undoServiceProvider.notifier).pushAction(action));
+      return;
+    }
+
+    String? lastDestPath;
+    for (final id in t.emailIds) {
+      lastDestPath = await repo.deleteEmail(id);
+    }
+    final action = UndoAction(
+      id: DateTime.now().toIso8601String(),
+      accountId: t.accountId,
+      type: UndoType.delete,
+      emailIds: t.emailIds,
+      sourceMailboxPath: t.mailboxPath,
+      destinationMailboxPath: lastDestPath,
+      originalEmails: originalEmails,
+    );
+    unawaited(ref.read(undoServiceProvider.notifier).pushAction(action));
+  }
+
+  Widget _swipeBackground({
+    required AlignmentGeometry alignment,
+    required Color color,
+    required IconData icon,
+    required String label,
+  }) {
+    return Container(
+      color: color,
+      alignment: alignment,
+      padding: const EdgeInsets.symmetric(horizontal: 20),
+      child: Row(
+        mainAxisSize: MainAxisSize.min,
+        children: [
+          Icon(icon, color: Colors.white),
+          const SizedBox(width: 8),
+          Text(label, style: const TextStyle(color: Colors.white)),
+        ],
+      ),
+    );
+  }
+}

lib/ui/screens/email_detail_screen.dart

@@ -18,6 +18,7 @@ import 'package:sharedinbox/core/utils/format_utils.dart';
 import 'package:sharedinbox/core/utils/html_utils.dart';
 import 'package:sharedinbox/di.dart';
 import 'package:sharedinbox/ui/screens/email_action_helpers.dart';
+import 'package:sharedinbox/ui/widgets/email_headers_dialog.dart';
 import 'package:sharedinbox/ui/widgets/secure_email_webview.dart';
 import 'package:sharedinbox/ui/widgets/snooze_picker.dart';
 import 'package:url_launcher/url_launcher.dart';
@@ -170,19 +171,35 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
       body: detail.when(
         loading: () => const Center(child: CircularProgressIndicator()),
         error: (e, _) => Center(child: Text('Error: $e')),
-        data: (d) => _buildBody(context, d.$1, d.$2),
+        data: (d) {
+          final trusted =
+              ref.watch(trustedImageSendersProvider).value ?? const <String>[];
+          return _buildBody(context, d.$1, d.$2, trusted);
+        },
       ),
     );
   }
 
-  Widget _buildBody(BuildContext ctx, Email? header, EmailBody body) {
+  Widget _buildBody(
+    BuildContext ctx,
+    Email? header,
+    EmailBody body,
+    List<String> trustedSenders,
+  ) {
     final hasHtml = (body.htmlBody ?? '').trim().isNotEmpty;
+    final senderEmail = header?.from.isNotEmpty == true
+        ? header!.from.first.email.toLowerCase()
+        : null;
+    final isTrusted =
+        senderEmail != null && trustedSenders.contains(senderEmail);
+    final effectiveLoadImages = _loadRemoteImages || isTrusted;
+
     return ListView(
       padding: const EdgeInsets.all(16),
       children: [
         if (header != null) ...[_buildHeader(ctx, header), const Divider()],
         if (hasHtml) ...[
-          if (!_loadRemoteImages)
+          if (!effectiveLoadImages)
             Align(
               alignment: Alignment.centerLeft,
               child: Padding(
@@ -190,13 +207,40 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
                 child: OutlinedButton.icon(
                   icon: const Icon(Icons.image_outlined, size: 18),
                   label: const Text('Load remote images'),
-                  onPressed: () => setState(() => _loadRemoteImages = true),
+                  onPressed: () {
+                    setState(() => _loadRemoteImages = true);
+                    if (senderEmail != null) {
+                      unawaited(
+                        ref
+                            .read(userPreferencesRepositoryProvider)
+                            .addTrustedImageSender(senderEmail),
+                      );
+                      ScaffoldMessenger.of(ctx).showSnackBar(
+                        SnackBar(
+                          duration: const Duration(seconds: 3),
+                          content: const Text(
+                            'Images will be loaded automatically for this sender.',
+                          ),
+                          action: SnackBarAction(
+                            label: 'Settings',
+                            onPressed: () {
+                              if (mounted) {
+                                unawaited(
+                                  context.push('/accounts/preferences'),
+                                );
+                              }
+                            },
+                          ),
+                        ),
+                      );
+                    }
+                  },
                 ),
               ),
             ),
           SecureEmailWebView(
             htmlBody: body.htmlBody!,
-            loadRemoteImages: _loadRemoteImages,
+            loadRemoteImages: effectiveLoadImages,
           ),
         ] else
           SelectableText(
@@ -722,47 +766,7 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
     unawaited(
       showDialog<void>(
         context: context,
-        builder: (ctx) => AlertDialog(
-          title: const Text('Mail Headers'),
-          content: SizedBox(
-            width: double.maxFinite,
-            child: ListView.builder(
-              shrinkWrap: true,
-              itemCount: body.headers.length,
-              itemBuilder: (ctx, i) {
-                final header = body.headers[i];
-                return Container(
-                  color: i.isEven
-                      ? Theme.of(ctx).colorScheme.surfaceContainerHighest
-                      : Theme.of(ctx).colorScheme.surface,
-                  padding: const EdgeInsets.symmetric(
-                    vertical: 4,
-                    horizontal: 8,
-                  ),
-                  child: Row(
-                    crossAxisAlignment: CrossAxisAlignment.start,
-                    children: [
-                      Expanded(
-                        child: SelectableText(
-                          header.name,
-                          style: const TextStyle(fontWeight: FontWeight.bold),
-                        ),
-                      ),
-                      const SizedBox(width: 8),
-                      Expanded(flex: 2, child: SelectableText(header.value)),
-                    ],
-                  ),
-                );
-              },
-            ),
-          ),
-          actions: [
-            TextButton(
-              onPressed: () => Navigator.pop(ctx),
-              child: const Text('Close'),
-            ),
-          ],
-        ),
+        builder: (ctx) => EmailHeadersDialog(headers: body.headers),
       ),
     );
   }
@@ -785,12 +789,13 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
     unawaited(
       showDialog<void>(
         context: context,
-        builder: (ctx) => AlertDialog(
-          title: const Text('Mail Structure'),
-          content: SizedBox(
-            width: double.maxFinite,
-            child: ListView.builder(
-              shrinkWrap: true,
+        builder: (ctx) => Dialog.fullscreen(
+          child: Scaffold(
+            appBar: AppBar(
+              title: const Text('Mail Structure'),
+              leading: const CloseButton(),
+            ),
+            body: ListView.builder(
               itemCount: rows.length,
               itemBuilder: (ctx, i) {
                 final row = rows[i];
@@ -819,12 +824,6 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
               },
             ),
           ),
-          actions: [
-            TextButton(
-              onPressed: () => Navigator.pop(ctx),
-              child: const Text('Close'),
-            ),
-          ],
         ),
       ),
     );

lib/ui/screens/thread_detail_screen.dart

@@ -113,6 +113,14 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
 
   @override
   Widget build(BuildContext context) {
+    final trustedSenders =
+        ref.watch(trustedImageSendersProvider).value ?? const <String>[];
+    final senderEmail = widget.email.from.isNotEmpty
+        ? widget.email.from.first.email.toLowerCase()
+        : null;
+    final isTrusted =
+        senderEmail != null && trustedSenders.contains(senderEmail);
+
     return Card(
       margin: const EdgeInsets.symmetric(vertical: 4),
       child: Column(
@@ -147,13 +155,13 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
               ],
             ),
           ),
-          if (_expanded) _buildExpandedBody(),
+          if (_expanded) _buildExpandedBody(isTrusted, senderEmail),
         ],
       ),
     );
   }
 
-  Widget _buildExpandedBody() {
+  Widget _buildExpandedBody(bool isTrusted, String? senderEmail) {
     return Padding(
       padding: const EdgeInsets.fromLTRB(16, 0, 16, 16),
       child: Column(
@@ -184,21 +192,48 @@ class _EmailMessageCardState extends ConsumerState<_EmailMessageCard> {
               }
               final body = snapshot.data!;
               final hasHtml = (body.htmlBody ?? '').trim().isNotEmpty;
+              final effectiveLoadImages = _loadRemoteImages || isTrusted;
 
               return Column(
                 crossAxisAlignment: CrossAxisAlignment.start,
                 children: [
                   if (hasHtml) ...[
-                    if (!_loadRemoteImages)
+                    if (!effectiveLoadImages)
                       TextButton.icon(
                         icon: const Icon(Icons.image_outlined, size: 16),
                         label: const Text('Load remote images'),
-                        onPressed: () =>
-                            setState(() => _loadRemoteImages = true),
+                        onPressed: () {
+                          setState(() => _loadRemoteImages = true);
+                          if (senderEmail != null) {
+                            unawaited(
+                              ref
+                                  .read(userPreferencesRepositoryProvider)
+                                  .addTrustedImageSender(senderEmail),
+                            );
+                            ScaffoldMessenger.of(context).showSnackBar(
+                              SnackBar(
+                                duration: const Duration(seconds: 3),
+                                content: const Text(
+                                  'Images will be loaded automatically for this sender.',
+                                ),
+                                action: SnackBarAction(
+                                  label: 'Settings',
+                                  onPressed: () {
+                                    if (mounted) {
+                                      unawaited(
+                                        context.push('/accounts/preferences'),
+                                      );
+                                    }
+                                  },
+                                ),
+                              ),
+                            );
+                          }
+                        },
                       ),
                     SecureEmailWebView(
                       htmlBody: body.htmlBody!,
-                      loadRemoteImages: _loadRemoteImages,
+                      loadRemoteImages: effectiveLoadImages,
                     ),
                   ] else
                     SelectableText(

lib/ui/screens/user_preferences_screen.dart

@@ -12,6 +12,7 @@ class UserPreferencesScreen extends ConsumerWidget {
   @override
   Widget build(BuildContext context, WidgetRef ref) {
     final prefsAsync = ref.watch(userPreferencesProvider);
+    final trustedSendersAsync = ref.watch(trustedImageSendersProvider);
 
     return Scaffold(
       appBar: AppBar(title: const Text('Preferences')),
@@ -131,6 +132,45 @@ class UserPreferencesScreen extends ConsumerWidget {
                 ],
               ),
             ),
+            const Divider(),
+            ListTile(
+              title: Text(
+                'Trusted image senders',
+                style: Theme.of(context).textTheme.titleSmall,
+              ),
+              subtitle: const Text(
+                'Remote images are loaded automatically for these senders.',
+              ),
+            ),
+            ...trustedSendersAsync.when(
+              loading: () => const [],
+              error: (_, __) => const [],
+              data: (senders) => senders.isEmpty
+                  ? [
+                      const Padding(
+                        padding:
+                            EdgeInsets.symmetric(horizontal: 16, vertical: 8),
+                        child: Text('No trusted senders yet.'),
+                      ),
+                    ]
+                  : [
+                      for (final sender in senders)
+                        ListTile(
+                          title: Text(sender),
+                          trailing: IconButton(
+                            icon: const Icon(Icons.delete_outline),
+                            tooltip: 'Remove',
+                            onPressed: () {
+                              unawaited(
+                                ref
+                                    .read(userPreferencesRepositoryProvider)
+                                    .removeTrustedImageSender(sender),
+                              );
+                            },
+                          ),
+                        ),
+                    ],
+            ),
           ],
         ),
       ),

lib/ui/widgets/email_headers_dialog.dart

@@ -0,0 +1,258 @@
+import 'package:flutter/material.dart';
+import 'package:intl/intl.dart';
+
+import 'package:sharedinbox/core/models/email.dart';
+
+/// Full-screen dialog for browsing email headers, organised into groups.
+class EmailHeadersDialog extends StatelessWidget {
+  const EmailHeadersDialog({super.key, required this.headers});
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    return Dialog.fullscreen(
+      child: Scaffold(
+        appBar: AppBar(
+          title: const Text('Mail Headers'),
+          leading: const CloseButton(),
+        ),
+        body: _HeadersBody(headers: headers),
+      ),
+    );
+  }
+}
+
+class _HeadersBody extends StatelessWidget {
+  const _HeadersBody({required this.headers});
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    final receivedHeaders = <EmailHeader>[];
+    final listHeaders = <EmailHeader>[];
+    final arcHeaders = <EmailHeader>[];
+    final otherHeaders = <EmailHeader>[];
+    // Maps X- prefix (e.g. "X-Google") → headers with that prefix.
+    final xByPrefix = <String, List<EmailHeader>>{};
+
+    for (final h in headers) {
+      final lower = h.name.toLowerCase();
+      if (lower == 'received') {
+        receivedHeaders.add(h);
+        continue;
+      }
+      if (lower.startsWith('list-')) {
+        listHeaders.add(h);
+        continue;
+      }
+      if (lower.startsWith('arc-')) {
+        arcHeaders.add(h);
+        continue;
+      }
+      if (lower.startsWith('x-')) {
+        final parts = h.name.split('-');
+        // "X-Foo-Bar-Baz" → prefix "X-Foo"; "X-Single" → prefix "X-Single".
+        final prefix = parts.length >= 3 ? '${parts[0]}-${parts[1]}' : h.name;
+        xByPrefix.putIfAbsent(prefix, () => []).add(h);
+        continue;
+      }
+      otherHeaders.add(h);
+    }
+
+    final sections = <Widget>[];
+
+    if (otherHeaders.isNotEmpty) {
+      sections.add(_HeadersSection(title: 'Headers', headers: otherHeaders));
+    }
+    if (listHeaders.isNotEmpty) {
+      sections.add(
+        _HeadersSection(title: 'List- Headers', headers: listHeaders),
+      );
+    }
+    if (receivedHeaders.isNotEmpty) {
+      sections.add(_ReceivedSection(headers: receivedHeaders));
+    }
+    if (arcHeaders.isNotEmpty) {
+      sections.add(
+        _HeadersSection(title: 'ARC- Headers', headers: arcHeaders),
+      );
+    }
+
+    // X- headers at bottom, each prefix in its own collapsible group.
+    final sortedPrefixes = xByPrefix.keys.toList()
+      ..sort((a, b) => a.toLowerCase().compareTo(b.toLowerCase()));
+    for (final prefix in sortedPrefixes) {
+      sections.add(
+        _HeadersSection(
+          title: '$prefix Headers',
+          headers: xByPrefix[prefix]!,
+        ),
+      );
+    }
+
+    return ListView(children: sections);
+  }
+}
+
+class _HeadersSection extends StatelessWidget {
+  const _HeadersSection({required this.title, required this.headers});
+
+  final String title;
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    return ExpansionTile(
+      title: Text('$title (${headers.length})'),
+      children: [
+        for (var i = 0; i < headers.length; i++)
+          _HeaderRow(header: headers[i], index: i),
+      ],
+    );
+  }
+}
+
+/// Received headers section — collapsed by default; shows inter-hop delays.
+class _ReceivedSection extends StatelessWidget {
+  const _ReceivedSection({required this.headers});
+  final List<EmailHeader> headers;
+
+  @override
+  Widget build(BuildContext context) {
+    final entries = _buildEntries(headers);
+    return ExpansionTile(
+      title: Text('Received (${headers.length})'),
+      children: [
+        for (var i = 0; i < entries.length; i++) ...[
+          _HeaderRow(header: entries[i].header, index: i),
+          if (entries[i].delay != null) _DelayRow(delay: entries[i].delay!),
+        ],
+      ],
+    );
+  }
+
+  static List<_ReceivedEntry> _buildEntries(List<EmailHeader> headers) {
+    final timestamps =
+        headers.map((h) => _parseReceivedTimestamp(h.value)).toList();
+    return [
+      for (var i = 0; i < headers.length; i++)
+        _ReceivedEntry(
+          header: headers[i],
+          delay: _computeDelay(timestamps, i),
+        ),
+    ];
+  }
+
+  static Duration? _computeDelay(List<DateTime?> timestamps, int i) {
+    if (i >= timestamps.length - 1) return null;
+    final current = timestamps[i];
+    final next = timestamps[i + 1];
+    if (current == null || next == null) return null;
+    final d = current.difference(next);
+    return d.isNegative ? Duration.zero : d;
+  }
+}
+
+class _ReceivedEntry {
+  const _ReceivedEntry({required this.header, this.delay});
+  final EmailHeader header;
+  final Duration? delay;
+}
+
+class _HeaderRow extends StatelessWidget {
+  const _HeaderRow({required this.header, required this.index});
+  final EmailHeader header;
+  final int index;
+
+  @override
+  Widget build(BuildContext context) {
+    final bg = index.isEven
+        ? Theme.of(context).colorScheme.surfaceContainerHighest
+        : Theme.of(context).colorScheme.surface;
+    return Container(
+      color: bg,
+      padding: const EdgeInsets.symmetric(vertical: 4, horizontal: 8),
+      child: Row(
+        crossAxisAlignment: CrossAxisAlignment.start,
+        children: [
+          Expanded(
+            child: SelectableText(
+              header.name,
+              style: const TextStyle(fontWeight: FontWeight.bold),
+            ),
+          ),
+          const SizedBox(width: 8),
+          Expanded(flex: 2, child: SelectableText(header.value)),
+        ],
+      ),
+    );
+  }
+}
+
+class _DelayRow extends StatelessWidget {
+  const _DelayRow({required this.delay});
+  final Duration delay;
+
+  @override
+  Widget build(BuildContext context) {
+    final color = _delayColor(delay);
+    return Padding(
+      padding: const EdgeInsets.symmetric(horizontal: 16, vertical: 2),
+      child: Row(
+        children: [
+          Icon(Icons.arrow_downward, size: 14, color: color),
+          const SizedBox(width: 4),
+          Text(
+            _formatDuration(delay),
+            style: TextStyle(
+              fontSize: 12,
+              color: color,
+              fontWeight:
+                  delay.inSeconds >= 30 ? FontWeight.bold : FontWeight.normal,
+            ),
+          ),
+        ],
+      ),
+    );
+  }
+}
+
+/// Parses the RFC 2822 timestamp from a Received header value.
+///
+/// Received headers end with `; date`, e.g.:
+///   by mx.example.com; Mon, 1 Jan 2024 12:00:00 +0000 (UTC)
+DateTime? _parseReceivedTimestamp(String value) {
+  final semiIndex = value.lastIndexOf(';');
+  if (semiIndex < 0) return null;
+  var s = value.substring(semiIndex + 1).trim();
+  // Strip parenthesised comments like (UTC).
+  s = s.replaceAll(RegExp(r'\([^)]*\)'), ' ').trim();
+  // Strip leading day-of-week abbreviation like "Mon, ".
+  s = s.replaceFirst(RegExp(r'^[A-Za-z]{2,4},\s*'), '');
+  // Collapse runs of whitespace.
+  s = s.replaceAll(RegExp(r'\s+'), ' ').trim();
+
+  for (final fmt in [
+    DateFormat('dd MMM yyyy HH:mm:ss Z', 'en_US'),
+    DateFormat('d MMM yyyy HH:mm:ss Z', 'en_US'),
+    DateFormat('dd MMM yyyy HH:mm:ss', 'en_US'),
+    DateFormat('d MMM yyyy HH:mm:ss', 'en_US'),
+  ]) {
+    try {
+      return fmt.parse(s);
+    } catch (_) {}
+  }
+  return null;
+}
+
+String _formatDuration(Duration d) {
+  if (d.inSeconds < 60) return '${d.inSeconds}s';
+  if (d.inMinutes < 60) return '${d.inMinutes}m ${d.inSeconds.remainder(60)}s';
+  return '${d.inHours}h ${d.inMinutes.remainder(60)}m';
+}
+
+Color _delayColor(Duration d) {
+  if (d.inSeconds < 30) return Colors.green;
+  if (d.inSeconds < 300) return Colors.orange;
+  return Colors.red;
+}

renovate.json

@@ -11,6 +11,29 @@
     {
       "matchUpdateTypes": ["minor", "patch", "pin", "digest", "lockFileMaintenance"],
       "addLabels": ["automerge"]
+    },
+    {
+      "matchManagers": ["gomod"],
+      "matchFileNames": ["ci/**"],
+      "enabled": false
+    }
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": ["^\\.forgejo/Dockerfile$"],
+      "matchStrings": ["DAGGER_VERSION=(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)"],
+      "depNameTemplate": "dagger/dagger",
+      "datasourceTemplate": "github-releases",
+      "extractVersionTemplate": "^v(?<version>.*)$"
+    },
+    {
+      "customType": "regex",
+      "fileMatch": ["^DAGGER\\.md$"],
+      "matchStrings": ["github:dagger/nix/v(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)#dagger"],
+      "depNameTemplate": "dagger/dagger",
+      "datasourceTemplate": "github-releases",
+      "extractVersionTemplate": "^v(?<version>.*)$"
     }
   ]
 }

scripts/check_coverage.dart

@@ -62,6 +62,7 @@ const _excluded = {
   'lib/ui/screens/about_screen.dart',
   'lib/ui/screens/email_action_helpers.dart',
   'lib/ui/utils/about_markdown.dart',
+  'lib/ui/widgets/email_headers_dialog.dart',
   'lib/ui/widgets/email_tile.dart',
   'lib/core/sync/account_sync_manager.dart',
   'lib/core/sync/background_sync.dart',

scripts/setup_dagger_remote.sh

@@ -23,10 +23,13 @@ export_secret() {
     local value
     value=$(jq -r --arg k "$name" '.[$k] // empty' "$SECRETS_JSON")
     if [ -n "${GITHUB_ENV:-}" ]; then
-        # Use heredoc syntax for multiline-safe export
+        # Use heredoc syntax for multiline-safe export.
+        # Avoid adding a second trailing newline for values that already end with one
+        # (e.g. SSH private keys), which can corrupt PEM parsing.
         {
             printf '%s<<__EOF__\n' "$name"
-            printf '%s\n' "$value"
+            printf '%s' "$value"
+            [ "${value%$'\n'}" = "$value" ] && printf '\n'
             printf '__EOF__\n'
         } >> "$GITHUB_ENV"
     fi

scripts/test_verify_playstore_deploy.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python3
+"""Tests for verify_playstore_deploy.py."""
+import os
+import sys
+import time
+import unittest
+from pathlib import Path
+from unittest.mock import MagicMock, patch
+
+sys.path.insert(0, str(Path(__file__).parent))
+
+import verify_playstore_deploy
+
+
+def _make_session(version_code, track="internal"):
+    """Return a mock AuthorizedSession with the given version code on the track."""
+    session = MagicMock()
+
+    edit_resp = MagicMock()
+    edit_resp.json.return_value = {"id": "edit-99"}
+    session.post.return_value = edit_resp
+
+    track_resp = MagicMock()
+    track_resp.json.return_value = {
+        "releases": [{"versionCodes": [str(version_code)], "status": "completed"}]
+    }
+    session.get.return_value = track_resp
+    session.delete.return_value = MagicMock()
+
+    return session
+
+
+class TestMissingEnv(unittest.TestCase):
+    def test_missing_env_exits(self):
+        with patch.dict(os.environ, {}, clear=True):
+            with self.assertRaises(SystemExit) as ctx:
+                verify_playstore_deploy.main()
+        self.assertEqual(ctx.exception.code, 1)
+
+
+class TestRecentDeploy(unittest.TestCase):
+    def _run(self, version_code):
+        session = _make_session(version_code)
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+            with patch("verify_playstore_deploy.service_account.Credentials.from_service_account_info"):
+                with patch("verify_playstore_deploy.AuthorizedSession", return_value=session):
+                    verify_playstore_deploy.main()
+
+    def test_recent_version_code_passes(self):
+        # Version code is Unix timestamp — a very recent one should pass.
+        recent_vc = int(time.time()) - 60  # 1 minute ago
+        self._run(recent_vc)
+
+    def test_old_version_code_fails(self):
+        old_vc = int(time.time()) - 7200  # 2 hours ago
+        with self.assertRaises(SystemExit) as ctx:
+            self._run(old_vc)
+        self.assertEqual(ctx.exception.code, 1)
+
+
+class TestEmptyTrack(unittest.TestCase):
+    def _run_empty(self, releases):
+        session = MagicMock()
+        session.post.return_value = MagicMock(**{"json.return_value": {"id": "edit-1"}})
+        session.get.return_value = MagicMock(**{"json.return_value": {"releases": releases}})
+        session.delete.return_value = MagicMock()
+
+        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
+            with patch("verify_playstore_deploy.service_account.Credentials.from_service_account_info"):
+                with patch("verify_playstore_deploy.AuthorizedSession", return_value=session):
+                    verify_playstore_deploy.main()
+
+    def test_no_releases_exits(self):
+        with self.assertRaises(SystemExit) as ctx:
+            self._run_empty([])
+        self.assertEqual(ctx.exception.code, 1)
+
+    def test_release_with_no_version_codes_exits(self):
+        with self.assertRaises(SystemExit) as ctx:
+            self._run_empty([{"status": "completed", "versionCodes": []}])
+        self.assertEqual(ctx.exception.code, 1)
+
+
+if __name__ == "__main__":
+    unittest.main()

scripts/verify_playstore_deploy.py

@@ -0,0 +1,94 @@
+#!/usr/bin/env python3
+"""Verify that the Android app was recently published to the Play Store internal track.
+
+The publish-android pipeline sets versionCode = int(time.Now().Unix()), so a
+freshly deployed release always has a version code close to the current Unix
+timestamp.  This script queries the internal track and fails if the latest
+version code is older than _MAX_DEPLOY_AGE_SECONDS, which would mean the
+deployment silently did not land.
+"""
+
+import json
+import os
+import sys
+import time
+
+from google.auth.transport.requests import AuthorizedSession
+from google.oauth2 import service_account
+
+PACKAGE_NAME = "de.sharedinbox.mua"
+TRACK = "internal"
+_BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
+# Allow up to one hour for the build + upload to complete.
+_MAX_DEPLOY_AGE_SECONDS = 3600
+
+
+def main():
+    config_json = os.environ.get("PLAY_STORE_CONFIG_JSON")
+    if not config_json:
+        print("Error: PLAY_STORE_CONFIG_JSON environment variable not set", file=sys.stderr)
+        sys.exit(1)
+
+    creds = service_account.Credentials.from_service_account_info(
+        json.loads(config_json),
+        scopes=["https://www.googleapis.com/auth/androidpublisher"],
+    )
+    session = AuthorizedSession(creds)
+
+    # Open a read-only edit to query the current track state.
+    edit_resp = session.post(f"{_BASE}/{PACKAGE_NAME}/edits", json={}, timeout=30)
+    edit_resp.raise_for_status()
+    edit_id = edit_resp.json()["id"]
+
+    try:
+        track_resp = session.get(
+            f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
+            timeout=30,
+        )
+        track_resp.raise_for_status()
+        track_data = track_resp.json()
+    finally:
+        # Discard the edit — we made no changes.
+        try:
+            session.delete(f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}", timeout=30)
+        except Exception:
+            pass
+
+    releases = track_data.get("releases", [])
+    if not releases:
+        print(
+            f"ERROR: No releases found on {TRACK} track — deploy may have failed silently",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+
+    all_version_codes = [
+        int(vc)
+        for release in releases
+        for vc in release.get("versionCodes", [])
+    ]
+    if not all_version_codes:
+        print("ERROR: Latest release has no version codes", file=sys.stderr)
+        sys.exit(1)
+
+    latest_vc = max(all_version_codes)
+    now = int(time.time())
+    # versionCode is set to Unix timestamp by PublishAndroid in ci/main.go.
+    age_seconds = now - latest_vc
+
+    print(f"Latest version code on {TRACK} track: {latest_vc}")
+    print(f"Current time: {now} — version code age: {age_seconds}s")
+
+    if age_seconds > _MAX_DEPLOY_AGE_SECONDS:
+        print(
+            f"::error::Latest version code {latest_vc} is {age_seconds}s old "
+            f"(limit: {_MAX_DEPLOY_AGE_SECONDS}s). The deploy may have failed silently.",
+            file=sys.stderr,
+        )
+        sys.exit(1)
+
+    print(f"OK: version {latest_vc} verified on {TRACK} track ({age_seconds}s old)")
+
+
+if __name__ == "__main__":
+    main()

test/backend/account_sync_manager_test.dart

@@ -186,6 +186,10 @@ class _FakeEmails implements EmailRepository {
   }) =>
       Stream.value([]);
 
+  @override
+  Stream<List<EmailThread>> observeAllInboxThreads({int limit = 50}) =>
+      Stream.value([]);
+
   @override
   Stream<List<Email>> observeEmailsInThread(String a, String m, String t) =>
       Stream.value([]);

test/unit/account_sync_manager_test.dart

@@ -81,6 +81,9 @@ class FakeEmailRepository implements EmailRepository {
   }) =>
       Stream.value([]);
   @override
+  Stream<List<EmailThread>> observeAllInboxThreads({int limit = 50}) =>
+      Stream.value([]);
+  @override
   Stream<List<Email>> observeEmailsInThread(String a, String m, String t) =>
       Stream.value([]);
   @override

test/unit/account_sync_manager_test.mocks.dart

@@ -287,6 +287,19 @@ class MockEmailRepository extends _i1.Mock implements _i9.EmailRepository {
         returnValue: _i5.Stream<List<_i3.EmailThread>>.empty(),
       ) as _i5.Stream<List<_i3.EmailThread>>);
 
+  @override
+  _i5.Stream<List<_i3.EmailThread>> observeAllInboxThreads({
+    int? limit = 50,
+  }) =>
+      (super.noSuchMethod(
+        Invocation.method(
+          #observeAllInboxThreads,
+          [],
+          {#limit: limit},
+        ),
+        returnValue: _i5.Stream<List<_i3.EmailThread>>.empty(),
+      ) as _i5.Stream<List<_i3.EmailThread>>);
+
   @override
   _i5.Stream<List<_i3.Email>> observeEmailsInThread(
     String? accountId,

test/unit/email_repository_impl_test.dart

@@ -497,6 +497,60 @@ void main() {
       },
     );
 
+    test(
+      'searchAddresses prioritises sent-folder addresses over newer received',
+      () async {
+        final r = _makeRepos();
+        await r.accounts.addAccount(_account, 'pw');
+
+        // Register the Sent mailbox so searchAddresses knows its role.
+        await r.db.into(r.db.mailboxes).insert(
+              MailboxesCompanion.insert(
+                id: 'acc-1:Sent',
+                accountId: 'acc-1',
+                path: 'Sent',
+                name: 'Sent',
+                role: const Value('sent'),
+              ),
+            );
+
+        // Older sent email: user deliberately wrote to info@foo.de.
+        await r.db.into(r.db.emails).insert(
+              EmailsCompanion.insert(
+                id: 'acc-1:sent-1',
+                accountId: 'acc-1',
+                mailboxPath: 'Sent',
+                uid: 1,
+                receivedAt: DateTime(2025),
+                toAddresses: const Value(
+                  '[{"name":"Foo","email":"info@foo.de"}]',
+                ),
+              ),
+            );
+
+        // Newer received email: spam arrived today from info@spam.de.
+        await r.db.into(r.db.emails).insert(
+              EmailsCompanion.insert(
+                id: 'acc-1:inbox-1',
+                accountId: 'acc-1',
+                mailboxPath: 'INBOX',
+                uid: 2,
+                receivedAt: DateTime(2026),
+                fromJson: const Value(
+                  '[{"name":"Spam","email":"info@spam.de"}]',
+                ),
+              ),
+            );
+
+        // Even though spam is newer, the sent-folder address should win.
+        final results = await r.emails.searchAddresses(null, 'info');
+        expect(results.map((a) => a.email).toList(), [
+          'info@foo.de',
+          'info@spam.de',
+        ]);
+      },
+    );
+
     // ── IMAP method tests ────────────────────────────────────────────────────
 
     test(

test/unit/migration_test.dart

@@ -14,7 +14,7 @@ void main() {
   group('Migration', () {
     test('schemaVersion matches expected value', () async {
       final db = AppDatabase(NativeDatabase.memory());
-      expect(db.schemaVersion, 36);
+      expect(db.schemaVersion, 37);
       await db.close();
     });
 
@@ -209,6 +209,9 @@ void main() {
       // v36: after_mail_view_action column on user_preferences.
       expect(userPrefsColumns, contains('after_mail_view_action'));
 
+      // v37: image_trusted_senders table.
+      await db.customSelect('SELECT count(*) FROM image_trusted_senders').get();
+
       await db.close();
       if (dbFile.existsSync()) dbFile.deleteSync();
     });
@@ -412,12 +415,17 @@ void main() {
         // v36: after_mail_view_action column on user_preferences.
         expect(userPrefsColumns, contains('after_mail_view_action'));
 
+        // v37: image_trusted_senders table.
+        await db
+            .customSelect('SELECT count(*) FROM image_trusted_senders')
+            .get();
+
         await db.close();
         if (dbFile.existsSync()) dbFile.deleteSync();
       },
     );
 
-    test('fresh install creates all tables at schemaVersion 36', () async {
+    test('fresh install creates all tables at schemaVersion 37', () async {
       final db = AppDatabase(NativeDatabase.memory());
       await db.select(db.accounts).get();
 
@@ -445,6 +453,7 @@ void main() {
           'share_keys', // v31
           'local_sieve_applied', // v32
           'user_preferences', // v34
+          'image_trusted_senders', // v37
         ]),
       );
 
@@ -473,6 +482,9 @@ void main() {
       // v36: after_mail_view_action column on user_preferences.
       expect(userPrefsColumns, contains('after_mail_view_action'));
 
+      // v37: image_trusted_senders table.
+      await db.customSelect('SELECT count(*) FROM image_trusted_senders').get();
+
       await db.close();
     });
   });

test/unit/reliability_runner_check_now_test.dart

@@ -103,6 +103,9 @@ class _FakeEmails implements EmailRepository {
   }) =>
       Stream.value([]);
   @override
+  Stream<List<EmailThread>> observeAllInboxThreads({int limit = 50}) =>
+      Stream.value([]);
+  @override
   Stream<List<Email>> observeEmailsInThread(String a, String m, String t) =>
       Stream.value([]);
   @override

test/unit/reliability_runner_test.dart

@@ -102,6 +102,9 @@ class _CountingEmails implements EmailRepository {
   }) =>
       Stream.value([]);
   @override
+  Stream<List<EmailThread>> observeAllInboxThreads({int limit = 50}) =>
+      Stream.value([]);
+  @override
   Stream<List<Email>> observeEmailsInThread(String a, String m, String t) =>
       Stream.value([]);
   @override

test/unit/undo_service_test.mocks.dart

@@ -109,6 +109,19 @@ class MockEmailRepository extends _i1.Mock implements _i3.EmailRepository {
         returnValue: _i4.Stream<List<_i2.EmailThread>>.empty(),
       ) as _i4.Stream<List<_i2.EmailThread>>);
 
+  @override
+  _i4.Stream<List<_i2.EmailThread>> observeAllInboxThreads({
+    int? limit = 50,
+  }) =>
+      (super.noSuchMethod(
+        Invocation.method(
+          #observeAllInboxThreads,
+          [],
+          {#limit: limit},
+        ),
+        returnValue: _i4.Stream<List<_i2.EmailThread>>.empty(),
+      ) as _i4.Stream<List<_i2.EmailThread>>);
+
   @override
   _i4.Stream<List<_i2.Email>> observeEmailsInThread(
     String? accountId,

test/widget/helpers.dart

@@ -245,6 +245,10 @@ class FakeEmailRepository implements EmailRepository {
         }).toList();
       });
 
+  @override
+  Stream<List<EmailThread>> observeAllInboxThreads({int limit = 50}) =>
+      Stream.value([]);
+
   @override
   Stream<List<Email>> observeEmailsInThread(
     String accountId,
@@ -627,11 +631,13 @@ class FakeUserPreferencesRepository implements UserPreferencesRepository {
     this.menuPosition = MenuPosition.bottom,
     this.mailViewButtonPosition = MenuPosition.bottom,
     this.afterMailViewAction = AfterMailViewAction.nextMessage,
-  });
+    List<String>? trustedImageSenders,
+  }) : _trustedImageSenders = trustedImageSenders ?? [];
 
   MenuPosition menuPosition;
   MenuPosition mailViewButtonPosition;
   AfterMailViewAction afterMailViewAction;
+  final List<String> _trustedImageSenders;
 
   @override
   Stream<UserPreferences> observePreferences() => Stream.value(
@@ -656,6 +662,23 @@ class FakeUserPreferencesRepository implements UserPreferencesRepository {
   Future<void> updateAfterMailViewAction(AfterMailViewAction action) async {
     afterMailViewAction = action;
   }
+
+  @override
+  Stream<List<String>> observeTrustedImageSenders() =>
+      Stream.value(List.of(_trustedImageSenders));
+
+  @override
+  Future<void> addTrustedImageSender(String senderEmail) async {
+    final normalized = senderEmail.toLowerCase();
+    if (!_trustedImageSenders.contains(normalized)) {
+      _trustedImageSenders.add(normalized);
+    }
+  }
+
+  @override
+  Future<void> removeTrustedImageSender(String senderEmail) async {
+    _trustedImageSenders.remove(senderEmail.toLowerCase());
+  }
 }
 
 class FakeSearchHistoryRepository implements SearchHistoryRepository {