Mail Sloth is not a Satcheli-style “read AiMANAC’s JWT only” sibling. You run mailsloth-server from a public container image, complete MailSloth FirstBoot for a MailSloth JWT, and use AiMANAC on the same iPhone for owner HELM MCP and claim ingestion.
From AiMANAC (App Group)
group.net.llmtech.aimanac — owner JWT in keychain, backend URL discovery, HELM tools to aimanac-server (/mcp).
From mailsloth-server
FirstBoot → setup/login → MailSloth JWT in MailSlothClaim/claim.json; IHP-WS to your mailsloth HTTPS URL (aud = net.llmtech.mailsloth).
Between them
AiMANAC foreground scan reads the claim file so helm_mailsloth_* relay tools work against your mailsloth-server.
Customer order
Install AiMANAC → sign in → pull mailsloth-server → MailSloth FirstBoot → OAuth → send mail.
Pin the tag from /setup/llm/. Package must be Public on GitHub Packages before anonymous docker pull works.
export MS_IMAGE_TAG=rust-cutover-20260520-ghcr-pipeline
docker pull ghcr.io/everplay-tech/mailsloth-server:${MS_IMAGE_TAG}
# compose: image: ghcr.io/everplay-tech/mailsloth-server:${MS_IMAGE_TAG}
Everplay operators may build from aimanac-rs using infrastructure/docker/mailsloth-server.Dockerfile with repo-root context. Customers should use Path A.
- Install AiMANAC
App Store — sign in with Apple. Owner JWT lands in the shared App Group keychain.
- Deploy aimanac-server
Follow /setup/llm/ (pull
aimanac-serveror co-host on your VM). Paste that HTTPS URL into AiMANAC Settings → Connections. - Optional but typical
Run aimanac + mailsloth on one VM — see co-hosted YAML on setup/llm (add the mailsloth service block).
export MS_HOST=mail.yourdomain.com
export MS_URL="https://${MS_HOST}"
export DEPLOY_DIR="$HOME/mailsloth-deploy"
mkdir -p "$DEPLOY_DIR" && cd "$DEPLOY_DIR"
DNS: A record $MS_HOST → your server. Terminate TLS (Caddy/nginx) per the nginx sample in setup/llm.
Copy block 03
cd "$DEPLOY_DIR" curl -fsSLO "https://aimanac.llmtech.net/apps/mailsloth/setup/deploy/docker-compose.yml" export MS_IMAGE_TAG=rust-cutover-20260520-ghcr-pipeline # Create mailsloth.env (JWT secrets, DATABASE_URL, APPLE_CLIENT_ID=net.llmtech.mailsloth, etc.) docker compose pull docker compose up -d
Required env vars mirror aimanac-server shape: Postgres URL, JWT signing secrets, bootstrap setup code. See setup/llm JSON env_required for mailsloth-server.
curl -fsSI "${MS_URL}/health" | head -1
curl -fsSI "${MS_URL}/ready" | head -1
# WebSocket (IHP-WS): expect 101 or 426 on /ihp-ws with upgrade headers
- Install Mail Sloth
App Store ($1).
- First boot
Paste
$MS_URL(no trailing path) → setup secret + password → app writesMailSlothClaim/claim.jsonin the App Group. - IHP-WS
App opens WebSocket to mailsloth-server using the MailSloth JWT (
aud = net.llmtech.mailsloth), not the AiMANAC owner token. - HELM MCP (optional)
When orchestrating from AiMANAC, owner bearer goes to aimanac-server
/mcp; relay tools hit your mailsloth-server using the ingested claim.
After the container is running, register Google Cloud + Microsoft Entra apps and apply credentials with pulled image + compose recreate — not a host rebuild.
Bring AiMANAC to the foreground after MailSloth FirstBoot succeeds. AiMANAC reads MailSlothClaim/claim.json and registers provider settings for mailsloth relay. If HELM tools fail, confirm both URLs: aimanac-server (owner JWT) and mailsloth-server (claim JWT) are reachable.
I am deploying MailSloth for my own subscribers. Help me run these steps. I will NOT paste JWT, database passwords, or OAuth client secrets into this chat. Dual-path reminder: (1) AiMANAC installed and signed in — owner JWT in App Group for HELM MCP to aimanac-server. (2) mailsloth-server running from GHCR — MailSloth FirstBoot mints a separate MailSloth JWT in MailSlothClaim/claim.json and IHP-WS to mailsloth-server (aud net.llmtech.mailsloth). 1) Deploy aimanac-server per https://aimanac.llmtech.net/setup/llm/ — pull ghcr.io/everplay-tech/aimanac-server:TAG; sign into AiMANAC iOS with that URL. 2) export MS_HOST=mail.my-domain.com; MS_URL=https://$MS_HOST; DEPLOY_DIR=$HOME/mailsloth-deploy 3) docker pull ghcr.io/everplay-tech/mailsloth-server:rust-cutover-20260520-ghcr-pipeline (or TAG from setup/llm). No git clone. 4) curl docker-compose.yml from https://aimanac.llmtech.net/apps/mailsloth/setup/deploy/docker-compose.yml; create mailsloth.env; docker compose pull && docker compose up -d (no --build). 5) curl -I $MS_URL/health and /ready — both 200 before iOS. 6) MailSloth iOS FirstBoot: paste MS_URL, setup secret, password → claim file + IHP-WS. 7) OAuth: https://aimanac.llmtech.net/apps/mailsloth/setup/oauth/ — apply GOOGLE_* and MICROSOFT_* via --env-file; docker compose pull && recreate (not rebuild on host). 8) AiMANAC foreground once to ingest claim for helm_mailsloth_* relay. Canonical: https://aimanac.llmtech.net/apps/mailsloth/setup/deploy/