Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 0 additions & 25 deletions .claude/settings.local.json

This file was deleted.

27 changes: 27 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Root Electron/runtime env.
# Electron loads this file in desktop mode before falling back to server/.env.

# Optional Electron/desktop runtime:
# ELECTRON_START_URL=http://localhost:5173
# DYNOBOX_SERVER_BASE_URL=http://localhost:3001
# DYNOBOX_API_KEY=shared_secret_for_local_api_requests
# DYNOBOX_SUPPRESS_CHROMIUM_WARNINGS=true
# DYNOBOX_DISABLE_HARDWARE_ACCELERATION=false

# Optional REX/BRAIN BOX AI config:
# REX_PLATFORM_API_KEY=optional_platform_provider_key
# VERCEL_AI_GATEWAY_API_KEY=optional_platform_provider_key
# AI_GATEWAY_API_KEY=optional_platform_provider_key
# REX_GATEWAY_PROVIDER=openai
# REX_MODEL=google/gemini-2.5-flash-lite
# REX_MAX_OUTPUT_TOKENS=500
# REX_GATEWAY_BASE_URL=https://ai-gateway.vercel.sh/v1
# REX_ANTHROPIC_BASE_URL=https://api.anthropic.com
# REX_OLLAMA_BASE_URL=http://127.0.0.1:11434
# REX_OLLAMA_MODEL=llama3.2:latest
# REX_OLLAMA_KEEP_ALIVE=30m
# REX_OLLAMA_CHAT_TIMEOUT_MS=35000
# REX_OLLAMA_CONTEXT_TIMEOUT_MS=5000
# REX_EMBEDDING_MODEL=text-embedding-3-small
# REX_TRANSCRIBE_MODEL=gpt-4o-mini-transcribe
# REX_SETTINGS_ENCRYPTION_KEY=long_random_secret_for_rex_settings
29 changes: 29 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
name: Bug report
about: Report a reproducible Dynobox problem
title: "[Bug]: "
labels: bug
assignees: ""
---

## What Happened?

Describe the bug and what you expected to happen.

## Reproduction

1.
2.
3.

## Environment

- OS:
- Node:
- npm:
- Mode: browser / desktop
- Account type: Gmail / Outlook preset / IMAP / POP3

## Logs or Screenshots

Paste only redacted logs. Do not include tokens, API keys, email bodies, private recipients, or mailbox screenshots with sensitive content.
23 changes: 23 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
name: Feature request
about: Suggest an improvement for Dynobox
title: "[Feature]: "
labels: enhancement
assignees: ""
---

## Problem

What user problem should this solve?

## Proposed Solution

Describe the behavior you would like to see.

## Data, Security, or Privacy Impact

Does this touch credentials, mailbox content, AI providers, MCP tools, local databases, or remote access?

## Alternatives

Describe any alternatives you considered.
18 changes: 18 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
## Summary

-

## Test Plan

- [ ] `npm run lint`
- [ ] `npm run build --prefix client`
- [ ] `npm run build:runtime`

## Security and Privacy

- [ ] This change does not add new handling of credentials, mailbox content, AI provider calls, MCP tools, or remote access.
- [ ] If it does, the relevant docs were updated (`SECURITY.md`, `docs/rex-ai-policy.md`, or `docs/MCP_README.md`).

## Screenshots

Add screenshots or screen recordings for UI changes.
45 changes: 45 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: CI

on:
pull_request:
push:
branches:
- main
- master

jobs:
lint-build:
name: Lint and Build
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: npm
cache-dependency-path: |
package-lock.json
client/package-lock.json
server/package-lock.json

- name: Install root dependencies
run: npm ci

- name: Install client dependencies
run: npm ci --prefix client

- name: Install server dependencies
run: npm ci --prefix server

- name: Lint client
run: npm run lint --prefix client

- name: Build client
run: npm run build --prefix client

- name: Build runtime
run: npm run build:runtime
43 changes: 40 additions & 3 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,10 +1,47 @@
node_modules/
server/node_modules/
client/node_modules/
server/.tokens.json
server/.env

# Environment and local secrets
.env
.env.*
!.env.example
!*.env.example
server/.env
server/.env.*
!server/.env.example
client/.env
client/.env.*
!client/.env.example
server/.tokens.json
server/.mcp-settings.json
server/.rex-settings.json
*.pem
*.key

# Local app data and generated runtime output
dist/
.DS_Store
client/dist/
electron-build/
server/.build/
out/
release/
dist-electron/

# Logs, caches, and coverage
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
coverage/
.nyc_output/
.eslintcache
.vite/

# OS and editor state
.DS_Store
Thumbs.db
.idea/
.vscode/
.claude/settings.local.json
70 changes: 70 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# Contributing

Thanks for helping improve Dynobox. The project is a local-first email client, so changes should be conservative around credentials, mailbox data, network exposure, and AI data flows.

## Setup

Install dependencies for the root, client, and server packages:

```bash
npm install
npm install --prefix client
npm install --prefix server
```

Copy the server env example and add your own local OAuth credentials:

```bash
cp server/.env.example server/.env
```

Run web mode:

```bash
npm run dev
```

Run desktop mode:

```bash
npm run dev:desktop
```

## Quality Checks

Run these before opening a pull request:

```bash
npm run lint
npm run build --prefix client
npm run build:runtime
```

`npm run check` runs the same core checks from the root package.

## Pull Requests

- Keep PRs focused and explain user-visible behavior changes.
- Include screenshots for UI changes where possible.
- Update docs when setup, environment variables, security posture, AI behavior, or data storage changes.
- Do not commit generated app output such as `out/`, `electron-build/`, `server/.build/`, or `client/dist/`.
- Do not commit local secrets, tokens, mailbox data, SQLite databases, or personal settings files.

## Code Style

- Follow existing React, Electron, and Express patterns before introducing new abstractions.
- Client code is real TypeScript and should pass ESLint.
- Server and Electron runtime sources are TypeScript-shaped JavaScript with `// @ts-nocheck`; `scripts/build-runtime-from-ts.mjs` copies them to runtime `.js` files.
- Keep network, file-system, and IPC boundaries explicit. This is especially important for email actions and AI tooling.

## Security-Sensitive Changes

Open a dedicated issue or PR note for changes that affect:

- OAuth scopes, token storage, or token encryption.
- Manual mail passwords.
- `ALLOW_REMOTE_CLIENT`, CORS, API keys, or proxy behavior.
- MCP tools or endpoints.
- BRAIN BOX / REX prompt construction, embeddings, provider calls, or consent behavior.

When in doubt, document the data flow and default to local-only behavior.
Loading
Loading