Core

Safety notes

MailSubsystem can move real mail. Treat the pre-release Core as a developer tool and follow these defaults until the hardening release criteria are met.

Use a sandbox mailbox first

Create a throwaway IMAP account (or a non-critical secondary account) and connect that before anything you depend on. The filing agent makes real IMAP MOVE calls; mistakes are visible to other devices syncing the same mailbox.

Always dry-run filing

./target/release/mailsubsystem file --dry-run

Review the proposed moves before running file without the flag. The dry-run output shows source folder, destination folder, and the recommendation reason for each message.

Be explicit about hosted models

Configuring a frontier provider (Gemini, OpenAI, Anthropic) means selected email content can leave your machine. Local-only operation requires AI_PROVIDER=lmstudio (or equivalent) and no frontier keys set.

Hybrid mode escalates to the frontier when local confidence falls below CONFIDENCE_THRESHOLD.
The Core does not redact PII from prompts; assume the full message text is sent on escalation.
Audit which messages were processed by which provider via the database analysis records.

Production mailboxes

Do not connect business-critical mailboxes until:

Phase 5 hardening (sandbox safety, observability, graceful shutdown) is complete.
You have backups or a snapshot mechanism in place.
You have run at least a week of dry-run filing and are satisfied with the recommendations.

Reporting issues

Open issues at github.com/iamcobolt/MailSubsystem.git. Include the run_id from the JSON logs (LOG_FORMAT=json) when reporting agent behavior so the run can be reconstructed.