- name: mailvault
- description: Privacy-first desktop email client with local Maildir storage. Connects to email accounts via native IMAP/SMTP (Rust), supports OAuth2
authentication (Microsoft, Google, Yahoo), email threading, background caching, bulk archive, and full .eml import/export. Built with Tauri v2 (Rust +
WebKitGTK). - snapcraft: https://github.com/GraphicMeat/mail-vault-app/blob/main/snap/snapcraft.yaml
- upstream: GitHub - GraphicMeat/mail-vault-app: Local email backup · GitHub
- upstream-relation: I am the upstream developer and snap publisher.
- interfaces:
- network:
- request-type: auto-connection
- reasoning: MailVault is an email client that must connect to remote IMAP and SMTP servers to fetch and send email. It also connects to OAuth2 token endpoints (Microsoft, Google, Yahoo) for authentication, and to the Microsoft Graph API for personal Outlook accounts. Without network access the app is non-functional.
- network-bind:
- request-type: auto-connection
- reasoning: The OAuth2 authorization code flow requires a local TCP callback server on localhost:19876 to receive the authorization code redirect from the user’s browser after they complete the OAuth2 login. This is a standard PKCE flow — the local listener is ephemeral and only active during authentication.
- desktop:
- request-type: auto-connection
- reasoning: MailVault is a GUI desktop application built with Tauri/WebKitGTK. It requires desktop integration for window management, theme detection, and standard desktop application behavior.
- desktop-legacy:
- request-type: auto-connection
- reasoning: Required for compatibility with X11-based desktop environments and older desktop integration APIs. MailVault supports both Wayland and X11 via WebKitGTK.
- wayland:
- request-type: auto-connection
- reasoning: MailVault is a GUI application that supports Wayland-native rendering via WebKitGTK. Required to display the application window on Wayland compositors (GNOME, KDE Plasma on Wayland, etc.).
- x11:
- request-type: auto-connection
- reasoning: MailVault is a GUI application that supports X11 rendering via WebKitGTK. Required to display the application window on X11-based desktop environments and XWayland fallback.
- home:
- request-type: auto-connection
- reasoning: MailVault stores archived emails as .eml files in Maildir format and supports bulk export/import of .eml files to/from user-chosen directories. Users also use file picker dialogs to save attachments and select files for import. Home directory access is needed for these file operations.
- password-manager-service:
- request-type: auto-connection
- reasoning: MailVault stores email account credentials (passwords and OAuth2 tokens) securely in the system keyring via the D-Bus Secret Service API (GNOME Keyring / KWallet). The keyring Rust crate with sync-secret-service feature is used for this. Without this interface, the app cannot persist or retrieve account credentials between sessions, making it unable to connect to any email account.
- network:
Hey @GraphicMeat
Sorry for the delay in my response
Most of the mentioned interface auto-connect by default, so no action is needed. The only is exception is password-manager-service interface, however, we only grant this auto-connection to very limited set snaps, as it allows the application to access all secrets in the system keyring.
In order to store/retrieve secrets from the confined application you should use the secret-portal instead. From tauri, this should be seamless when using the [libsecret](https://crates.io/crates/libsecret) crate and a recent base (core22 onward). See GitHub - jslarraz/snap-secrets-tauri · GitHub as a very basic working example.
Hey,
thank you for response. This makes sense. Appreciate for pointing into the right direction. This means a lot.
Just getting into multi platform development. Have a nice day 