Modern JMAP webmail client for Stalwart. Next.js 16 app built byDocumentation Index
Fetch the complete documentation index at: https://docs.augustin.ai/llms.txt
Use this file to discover all available pages before exploring further.
bulwarkmail/webmail, talks directly to Stalwart’s JMAP endpoint from the browser.
Access
- Webmail:
https://bulwark.augustin.ai - Login: Stalwart account credentials (same as IMAP)
Architecture
- Swarm stack on debian-2, co-located with Stalwart
- JMAP requests go browser →
stalwart.augustin.ai→ Traefik → stalwart service on theswarmoverlay - Bulwark’s client normalizes the server’s session URLs back to the origin it was configured with, so Stalwart’s internal
http://...:8080/...URLs don’t break anything ./data/settingsbind mount stores AES-256-GCM-encrypted per-user settings;SESSION_SECRETis load-bearing for that — back upbulwark/.envwith restic
Stalwart prerequisites
Bulwark requires Stalwart 0.16+. The Stalwart instance must have:x:Http.usePermissiveCors = true— browsers block JMAP requests otherwisex:Http.useXForwarded = true— gets real client IP from Traefik for rate limits
stalwart-cli update Http singleton --field <key>=<value> while in recovery mode (see stalwart/AGENTS.md).
Features in use
- Mail (JMAP native, not IMAP bridged)
- Calendar (CalDAV + JMAP calendars)
- Contacts (JMAP contacts + vCard import/export)
- Files (JMAP FileNode — Stalwart’s native cloud storage)
- Sieve filter management
- TOTP 2FA, app passwords, API keys
Known limitations
- Stalwart admin dashboard inside Bulwark is not wired up (no
ADMIN_PASSWORDset). Usestalwart-clior Stalwart’s own webadmin for admin tasks - Bulwark is 6 weeks old (created Mar 2026) — expect breaking changes around Stalwart upgrades. Check tracking before major Stalwart bumps.