# Postbox Backlog ## P1 Immediate - [ ] Define the `postbox` backend manifest, permissions, module metadata, and capability names. - [ ] Design the postbox, binding, message, participant, attachment-reference, and audit-event data model. - [ ] Implement role-organization-bound access checks through core/access contracts. - [ ] Add API DTOs and routes for postbox directory, access checks, message listing, message creation, and binding administration. - [ ] Create focused tests for access changes when role assignments are granted, revoked, or expire. ## P2 Module Integration - [ ] Define optional campaign integration for sender context, response intake, and artifact handoff. - [ ] Define optional files integration for postbox-visible file and evidence references. - [ ] Define optional portal integration for portal-facing role-bound postboxes. - [ ] Define optional mail bridge semantics without making postboxes login-bound mailboxes. ## P2 WebUI - [ ] Build the postbox administration route contribution and navigation metadata. - [ ] Build an inbox view for visible postboxes, messages, and role-bound access explanation. - [ ] Build a binding editor for organization and role links with audit-visible changes. ## P3 Governance - [ ] Document retention, audit, and privacy rules for postbox messages and evidence references. - [ ] Document migration ownership and compatibility imports while postbox code is extracted from core if needed.