Cloudflare primitives
OmniDock is intentionally Cloudflare-native. Workers handle HTTP APIs and inbound email. D1 stores operational metadata. R2 stores raw MIME, attachments, manual files, and preview/search assets. Worker secrets hold admin and provider credentials. Cron triggers continue long-running external sync jobs.
| Layer | Used for |
|---|---|
Worker | HTTP API routes, dashboard assets, inbound email() handler, scheduled jobs. |
D1 | Messages, threads, contacts, signatures, sync jobs, logs, sessions, setup state. |
R2 | Raw messages, attachments, manual files, previews, and bucket-managed objects. |
Email Routing | Inbound domain mail delivered to the Worker. |
Email Sending | Outbound mail from verified Cloudflare-managed addresses. |
Inbound flow
- Cloudflare Email Routing sends a message to the Worker
email()handler. - The Worker parses the raw MIME body.
- Thread and message metadata are written to D1.
- Raw MIME and attachments are written to R2.
- The dashboard reads D1/R2 state and shows the new thread.
External accounts
Gmail, Outlook, Yahoo, iCloud, or custom IMAP/SMTP accounts are represented as metadata plus a secret reference. OmniDock does not ask for the credential value in the UI and does not write it to D1. The actual password, app password, or OAuth material belongs in Worker secrets.