The Thunderbird extension
A MailExtension for self-service on a SithBit account: wallet login, mail password, timezone, do-not-disturb schedules, aliases, balances, and delegated encryption-key management. Everything that must be signed is signed inside the extension by a WebAssembly module compiled from this workspace’s own crates — the server only relays already-signed transactions and never holds your key.
Requires Thunderbird 140 or later.
What the operator must run
The extension talks only to account-api.
For the aliases, balances, and encryption-key panes, the API needs its
[chain] section configured (a mail-grpc gateway plus a Solana RPC
endpoint — see the
configuration reference);
without it those panes report the surface as unavailable while login and
the settings panes keep working.
Building and installing
cd webclients/thunderbird
./build.sh # wasm-pack build + stages shared/ + zips the xpi
Install sithbit-thunderbird.xpi via Thunderbird’s Add-ons Manager
(gear menu → Install Add-on From File). Thunderbird accepts
self-built, unsigned xpi files permanently — no store listing is
needed. For development, point Load Temporary Add-on (Tools →
Developer Tools → Debug Add-ons) at thunderbird/staging/manifest.json.
The extension ships with host permissions for http://localhost /
http://127.0.0.1 only. Pointing it at a remote API (extension
options) prompts for that origin’s permission when you save.
The wallet and its passphrase
First open (the SithBit button in the spaces toolbar), the dashboard asks for your Solana keypair file — the JSON array of 64 numbers — and a passphrase. The keypair is encrypted with the passphrase (PBKDF2 + AES-GCM) before it is stored in the Thunderbird profile; the decrypted key lives only in memory and is gone when Thunderbird exits, so each restart asks for the passphrase again.
Login is a wallet challenge: the API issues a nonce, the extension signs it, and a day-long session token comes back. No password ever exists for login — your wallet is the account.
Panes
- Balances — wallet SOL, on-chain mailbox message count, and a per-sender stamp lookup (stamp balances are held per sender, so there is no single “total stamps” number).
- Aliases — every alias pointing at your wallet. Registration and transfer stay in the CLI.
- Encryption key — publish, rotate, or close a
delegated X25519 key. The transaction is
built and signed in the extension’s wasm module and relayed through
the API. Export the secret when it is shown — it appears exactly
once, in the same JSON format
sithbit mail get -xreads; mail sealed to an old key still needs that old key’s secret, so keep every export. - Settings — the mail password your IMAP/POP/SMTP client uses (username = wallet address) and your IANA timezone.
- Do not disturb — weekly or date-range windows during which senders are asked to retry later, evaluated in your timezone.
Security notes
- The wallet secret at rest is exactly as strong as your passphrase.
- The session token authorizes account changes (password, timezone, DND) for up to 24 hours; on-chain actions additionally require the unlocked wallet, which never survives a restart.
- The API relay cannot alter what you sign: transactions are built from the workspace’s own instruction encoders compiled to wasm, and a parity test pins them byte-for-byte to the CLI’s.