# GovOPlaN Postbox Codex Guide ## Scope This repository owns the `postbox` module: in-platform postboxes, role-organization-bound access, postbox messages, postbox directory APIs, internal and portal postbox surfaces, campaign postbox integration, postbox-owned migrations, and future `@govoplan/postbox-webui`. Postboxes are not login-bound mailboxes. They are platform-owned communication and access containers whose visibility is derived from organizational role assignments, explicit postbox bindings, and capability contracts. ## Local Commands Install and run through core: ```bash cd /mnt/DATA/git/govoplan-core ./.venv/bin/python -m pip install -r requirements-dev.txt ``` For combined checks once implementation starts, run: ```bash cd /mnt/DATA/git/govoplan-core ./scripts/check-focused.sh ``` ## Working Rules - Keep postbox behavior in this module, not core. - Derive role-organization access through core/access contracts; do not duplicate RBAC membership logic locally. - Do not import mail, files, campaign, or portal internals. Use manifests, capabilities, events, API routes, and typed DTOs. - Treat postbox access changes as auditable security events, especially when access changes because a role assignment changes. - Keep campaign delivery, file evidence, and portal usage optional behind capability boundaries.