Dynobox is a local-first email client. It handles OAuth refresh tokens, manual mail credentials, mailbox contents, optional AI provider keys, local SQLite databases, and local automation endpoints. Treat local project and runtime files as sensitive.
The public repository currently supports the latest main branch only. Security fixes will be documented in release notes once tagged releases are established.
Please report suspected vulnerabilities privately before opening a public issue.
Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled yet, contact the project maintainers through the repository owner profile and avoid including secrets, tokens, mailbox contents, or exploit payloads in public issues.
Useful report details:
- Affected commit or version.
- Whether the issue affects browser mode, desktop mode, MCP, AI, or all modes.
- Reproduction steps using test accounts or redacted data.
- Expected impact and any known mitigations.
Dynobox is designed for local use. It does not try to protect mailbox data from a fully compromised local machine or from users/processes that can read your project directory, Electron user data directory, or shell environment.
Sensitive local files include:
server/.envclient/.envserver/.tokens.jsonserver/.mcp-settings.jsonserver/.rex-settings.json- Electron
userDataSQLite databases such asdynobox.sqlite - generated app bundles under
out/
These paths are ignored by git and should not be shared in issues, screenshots, logs, archives, or release artifacts.
The Express server is intended to run on localhost during development.
ALLOW_REMOTE_CLIENT=falseblocks non-loopback clients by default.DYNOBOX_API_KEYadds a shared API key requirement via thex-dynobox-keyheader.TRUST_PROXY=trueshould only be used when Dynobox is behind a trusted local proxy.- CORS and OAuth redirect settings must be reviewed before binding the server to non-loopback interfaces.
Do not expose the Dynobox API, MCP endpoint, or Electron development ports to untrusted networks.
Gmail OAuth refresh tokens and manual mail credentials are stored locally. Use TOKEN_ENCRYPTION_KEY to enable encryption where supported, keep file permissions restricted, and rotate credentials if a local token file is exposed.
For Google OAuth:
- Use a development OAuth client for local testing.
- Keep OAuth client secrets out of the repository.
- Rotate any secret that was ever committed, pasted into chat, or exposed in logs.
BRAIN BOX / REX features can send mailbox content, prompts, summaries, and embeddings to configured AI providers. MCP can expose inbox operations to local automation clients. Both are powerful and should be enabled deliberately.
Read docs/rex-ai-policy.md and docs/MCP_README.md before using either feature with real data.