About Locker

v0.1.0

A Mac app for the inbox

Email, with the cloud
taken back out.

Locker is a Mac program. It reads your mail through IMAP or Apple Mail, lets Claude Code, Cursor, Zed, and your own scripts act on it through MCP, and never sends a byte until you press Approve. Drafts, replies, and rules all live in one window on your machine.

Not a tab. Not an OAuth maze. Not another subscription.

Get Locker View sourcemacOS 13+ · IMAP + Apple Mail · open source

What it looks like on your machine

Mail.app, with a brain.

One window. Your real inbox on the left. Rules and connectors running quietly behind the scenes. A green dot for what just happened.

Locker — Inbox

12 unread

Search…

FromSubjectRuleReceived

GitHubPull request #42 merged into main→ Slack9:41 AM
StripeYour invoice for May is ready · INV-1042draft9:12 AM
LinearENG-318 has 3 new comments and needs a review8:50 AM
Acme Co.Quick question about scoping for the Q3 planYesterday

Rule GH → Slack ran · 1 draft queued for approval · audit logged

12 unread · 7 rules on · No errorslocalhost:4859

Mail you actually have

Gmail, Outlook, Fastmail, Proton, Apple Mail — all in.

IMAP with an app password, or the AppleScript bridge to Mail.app. No OAuth dance, no Google verification, no third-party server in the middle. Credentials are encrypted at rest with a local key.

Mail accounts — Locker

3 active

Personal Gmail

IMAP · active

Testremove

nathan@gmail.com · imap.gmail.com:993 (TLS) · last sync 2 minutes ago

Work — Fastmail

IMAP · active

Testremove

nathan@fastmail.com · imap.fastmail.com:993 (TLS) · last sync 4 minutes ago

Mac Mail

Apple Mail · active

remove

all local accounts · last sync just now

Add an IMAP account

Gmail (app password)Outlook / 365FastmailCustom IMAP

One click fills host + port. Passwords are encrypted with a local AES-256-GCM key (LOCKER_SECRET_KEY). Lose the key, lose the credentials — never the server we don't have.

Per-account sync errors land in the card. One bad password doesn't kill the others.

If your provider speaks IMAP, Locker reads it. If it's already in Mail.app, Locker reads it. Sending works the same way — your account, your SMTP, your machine.

Read, reply, send

A real email client lives inside Locker.

Open a message, hit Reply, and the compose pane drops in below with the thread quoted. Send goes out via your account's SMTP (IMAP accounts) or Mail.app (Apple Mail). No bouncing to another window.

Re: Pull request #42 merged into main

GitHub

Pull request #42 merged into main

from noreply@github.com · to nathan@gmail.com · 9:41 AM · via Personal Gmail (IMAP)

nathan merged 3 commits into main from imap-bridge.

Adds the IMAP adapter, AES-256-GCM password storage, mailbox CRUD, sync dispatch, and the dashboard page. Nathan can now dogfood Locker without owning Apple Mail.

Tonoreply@github.comSubjectRe: Pull request #42 merged into main

Thanks for the heads up — IMAP path looks clean. I'll roll the migration tonight.

> nathan merged 3 commits into main from imap-bridge…

Sending as nathan@gmail.com · via smtp.gmail.com:465

Save draftSend

1 message · thread of 4 · labeled githubcmd-R to reply · cmd-shift-A to approve a queued draft

Same compose pane an AI rule uses when it queues a draft. You see the exact text before any byte leaves your machine.

Plug in any tool you already use

Bring your own AI. Locker is just the doorway.

Locker speaks MCP— the same protocol Claude Code, Cursor, Zed, and Continue already speak. One click in the dashboard mints a token and wires the connection. No terminal, no JSON pasting.

Integrations — Locker

MCP

Claude Code · terminal
~/.claude.json
one-click
Cursor · IDE
~/.cursor/mcp.json
one-click
Zed · editor
~/.config/zed/settings.json
one-click
Claude Desktop · app
~/Library/.../Claude/...
one-click
Your script · anything that speaks HTTP
Bearer token + curl
one-click

Revoke any of them, any time, from /settings/tokens. The audit log keeps the name and prefix even after revoke.

The AI proposes. You approve. Drafts never leave until you click.

Your CLIs, your scripts, your bin folder

Register a tool once. Every rule and every AI agent can run it.

Locker exposes a registry of your own commands — point it at a binary, a script, or an HTTP endpoint. Rules call them in actions. Claude Code and Cursor call them through MCP. Every invocation lands in the audit log with stdout, exit code, and which agent ran it.

My tools — Locker

3 registered

Name · CommandKindRuns

cloak cloak scan {{path}}

Run my secret-scanner before any draft mentioning credentials goes out.

CLI47

fob-status node ~/code/fob/scripts/status.js

Fetch Fob.sh latest release metrics — invoiced quietly by the digest rule.

Script12

linear-summary POST https://linear.local/summary

Daily standup summariser — Claude calls it via MCP.

HTTP8

Args are templated · stdout is captured · sandbox optionalcmd-N to register a new tool

The same agent that drafts the email can run cloak scan first, then refuse to send if a credential is flagged. Your call, your tools.

An example, end-to-end

One rule. One incoming email. One draft, queued for you.

rule_github_to_slack.json — Locker

📝

{
  "name": "GitHub → Slack",
  "when": "email_received",
  "if": { "from": "contains github.com" },
  "do": [
    { "label": "github" },
    { "draft_to": "slack",
      "channel": "#engineering",
      "template": "PR update: {{subject}}" }
  ]
}

1
GitHub sends a real email about a merged PR.
2
Locker sees it land in Mail.app. A green dot blinks.
3
The rule fires. Mail gets labeled github.
4
A Slack message is drafted with the PR details and waits for your one-click approval.
5
Audit log records: actor=rule, target=slack, time=09:41, status=awaiting approval.

Nothing leaves your machine in step 4 until you tap Approve. Step 5 is permanent. You can rewind, disable the rule, or revoke a draft — and every move is recorded the same way.

System Preferences — Privacy

🔒

“Locker” would like to control Mail.

This will allow Locker to read your messages, create drafts, and label conversations. It will not send anything without your approval.

Read Mail.app

Optional. Local AppleScript bridge for Apple Mail accounts.

IMAP / SMTP (your accounts)

Connects directly to Gmail, Outlook, Fastmail, Proton — credentials encrypted at rest.

Create drafts

Required. Stored in your Locker queue, or your provider's Drafts folder.

Ask

Send mail

Asks for approval, every time, with a diff.

Off

Telemetry

Off. There is no analytics SDK. There is no us-server.

You see this dialog once. The answer is good forever.

Things this app will not do

🚫

A short list, deliberately

Most software gets defined by what it does. This one gets defined by what it refuses to do.

Won't
It will not phone home.
No telemetry SDK, no analytics ping, no “just checking how you're doing” on launch. The dev tools are quiet, too.
Won't
It will not send anything without your OK.
Every rule queues a draft. Every AI agent queues a draft. Approve in the dashboard or it never leaves.
Won't
It will not require an account.
No sign-up. No password. No magic link. The engine runs on 127.0.0.1.
Won't
It will not store anything on a server we own.
There is no server we own. Postgres runs in Docker on your Mac. The database is on your disk. IMAP passwords are AES-256-GCM encrypted with a key that never leaves it.
Won't
It will not bundle an AI you have to subscribe to.
It speaks MCP. One click wires Locker into Claude Code, Cursor, Zed, Claude Desktop — you bring the model and the key.
Won't
It will not lock the door.
API tokens you mint, you can revoke. Rules export as JSON. The audit log is a SQL query away. Postgres + Docker, that's the stack.

Negative space is a feature.

Roadmap.fldr — Locker

📁

NameKindItems

Built — working in the repo today· engine, dashboard, MCP, IMAP, and the email client are realFolder21

Local engine (Fastify · Postgres · 30+ routes)Built—
Web dashboard (this design system)Built—
Rules engine (JSON conditions + actions, validated)Built—
Rule editor (create / edit / enable / disable / delete)Built—
Approval queue · message detail · audit logBuilt—
Engine master pause switch (kill all rules in one click)Built—
Inbox search (sender / subject / snippet)Built—
Wired menu bar (File · Edit · View · Rules · Tools · Help)Built—
MCP server — Claude Code, Cursor, Zed, Claude Desktop, …Built—
API tokens (Bearer auth — bring any HTTP client)Built—
One-click wire-up for any MCP client (no terminal)Built—
Editable MCP client paths + add-your-own clientBuilt—
Approved webhook drafts execute (POST on approve)Built—
Editable connector webhook URLs in the dashboardBuilt—
Apple Mail bridge (read inbox via AppleScript)Built—
IMAP bridge — Gmail / Outlook / Fastmail / Proton / customBuilt—
AES-256-GCM at-rest encryption for IMAP passwordsBuilt—
Compose + reply inside Locker (SMTP or Mail.app)Built—
Per-account sync error handling (one bad account is isolated)Built—
Bring-your-own tools: register CLIs / scripts / reposBuilt—
AI agents can run user tools via MCP (with audit)Built—

Building next — rounding out v0.1· what's actively being worked onFolder6

Continuous mail sync (worker polling, not one-shot)Building—
Tags + reply-all + schedule send + snooze + undo sendBuilding—
Threading + multi-account unified inbox viewBuilding—
Connector account management (Slack OAuth, etc.)Building—
Install tools from a repo URL (clone + build)Building—
License decision · privacy & terms pagesBuilding—

Planned — 3 to 6 months· shape is clear, build hasn't startedFolder7

Visual rule builder (no JSON for simple rules)Planned—
Scheduled rules (worker polling)Planned—
Calendar.app integrationPlanned—
Reminders.app integrationPlanned—
Full-body search (semantic, via pgvector)Planned—
Tracker-pixel blocking · attachment quarantinePlanned—
Homebrew install · signed .app packagingPlanned—

Ideas — not committed· interesting if it earns the workFolder5

Gmail / Outlook OAuth (IMAP already covers both)Idea—
Connector marketplaceIdea—
Team shared inboxesIdea—
Windows / LinuxIdea—
Mobile companion (read-only)Idea—

4 folders · 39 itemsupdated just now

Locker — Get Info

ⓘ

Locker

12,304,512 bytes · created May 2026 · modified just now

Kind: Application (macOS)
Where: /Applications/Locker.app · on your machine, only
Engine: 127.0.0.1:4859 · Fastify + Postgres in Docker
Permissions: Mail.app (read + draft) · MCP tokens you mint · nothing else
What it sends: Nothing, unless a draft has been approved by you
Open with: Dashboard · MCP clients · curl + Bearer token
Source: github.com/newtophilly/locker · open source, license TBD
Locked: —
Stationery: —

Like a real Mac app, only the file system can be sure of what's inside.

About the author

👤

Built by one person, in the open

Nathan Haring

Founding engineer · iOS, Android & systems · Perkasie, PA

Locker is a one-person side build. I spent the last few years shipping native apps and systems at growing teams, and watched every email tool I tried trade my privacy for a feature I could have written in an afternoon.

So I'm writing it in afternoons. Local-first, open source, a real Mac app — the kind that came on a floppy and actually finished doing the thing.

If you're building something nearby — an MCP client, a connector, a Mail.app rabbit hole of your own — find me. The source will be open, the issues will be triaged, and the roadmap is honest.

Portfolio Locker sourcenathanharing.com

Save the date

◖

Want to know when this is ready?

One email when Locker is installable. No newsletter, no follow-up, no “Just checking in!” six months from now.