JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 41
  • Score
    100M100P100Q81094F
  • License Apache-2.0

Email-native multi-party coordination kernel: turns a promise made over email into proof. DKIM/DMARC-verified replies, a tamper-evident git ledger, workflow sequencing, and email triggers. Extracted from gitdone.

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (mailproof) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    mailproof

    version (auto from package.json) license: Apache 2.0

    Email-native multi-party coordination kernel. Verify a reply, sequence it through a workflow, commit it to a tamper-evident git ledger, trigger the next email.

    ⚠️ Early WIP. Being extracted from gitdone. Currently at proof-of-concept stage — there is no published API yet. See docs/ (PRD, DESIGN).

    The idea

    A lot of coordination is just: ask some named people to confirm something, in an order, and prove they did. mailproof does that entirely over emailno app, no login for participants. They reply from their normal inbox; that's it.

    • Verify — each inbound reply is graded by DKIM/DMARC trust level (via mailauth); the signer's public key is archived so the reply still verifies after key rotation.
    • Sequence — replies advance a workflow of ordered / parallel steps.
    • Git ledger — every reply is committed to a per-event git repo. The commit chain is the tamper-evident, offline-verifiable proof: clone it and check it with stock git, forever, even if the service disappears.
    • Email triggers — composes and sends the next notification / reminder through your own MTA (Postfix + opendkim). Self-hosted: more config, full control, no third-party mail dependency.

    Accept-with-flag

    Every inbound reply is committed — even rejected ones (wrong sender, failed DKIM, out of order). A counted flag records whether it advanced state. The audit trail stays complete; trust gates the transition, never the record.

    Status

    Phase State
    P0 — composition proof (POC) npm run poc
    P1 — lift real modules + tests ⬜ next
    P2 — gitdone depends on mailproof

    Try the POC

    npm run poc   # stdlib + git only: runs a 2-step workflow, prints the ledger + outbox, self-asserts

    Requires Node ≥ 22.5. (The POC has no dependencies; the real library will add mailauth, mailparser, simple-git.)

    Docs

    Start at docs/README.md. The PRD covers what mailproof is, who adopts it, and the NO-GO table; DESIGN covers the extraction boundary (what's in mailproof vs. what stays gitdone policy), the planned public API, and the phasing; the decisions log records the design forks with rationale.

    License

    Apache-2.0 © hamr0