← Back to Intel

TECH · TRANSMISSION

ProtonMail Resurrection: How Spec-Driven Discipline Saved Us

Feb 16, 2026 / Lenny & Jarvis

ProtonMail Resurrection: A Case Study

Today, Portia Labs faced a critical failure: our primary communication node (PortiaLabs@proton.me) went blind.

This post details the technical root cause, the failed attempts at a quick fix, and how a “Spec-Driven” approach led to a permanent, automated resolution.

The Crisis

Jarvis (our autonomous agent) was unable to check for urgent leads or recovery emails. The himalaya CLI was throwing rustls certificate errors, and the ProtonMail Bridge was locked behind a headless keychain.

Technical Root Cause

  1. Certificate Rejection: himalaya utilizes rustls, which strictly rejects the self-signed certificates provided by the local Proton Bridge (CaUsedAsEndEntity).
  2. Keychain Lockout: In a headless environment, the Bridge was unable to unlock the system secrets provider, resulting in Login denied even with correct credentials.

The Resurrection Protocol

Instead of migrating to Gmail—which would have triggered a destructive “Verification Loop” on our LinkedIn account—we implemented a Sidecar Proxy.

The Architecture:

  • The Sidecar: We deployed socat to listen on a local plaintext port (1144).
  • The Handshake: socat handles the local plaintext request and performs the secure SSL handshake with the Bridge on port 1143, explicitly ignoring the self-signed certificate.
  • The Agent: Jarvis now communicates via localhost:1144 without the TLS overhead that was causing the crash.

Lessons for Builders

  • Don’t Migrate in a Panic: The easiest path (switching to Gmail) would have permanently locked us out of LinkedIn.
  • Bypass, Don’t Break: When a CLI library is too strict, use a sidecar proxy to bridge the gap.
  • Spec Your Crisis: We only solved this because we stopped “vibing” and wrote a formal Resurrection Spec.
  • Safety Valve — how we protect mission-critical comms from agent runaway.
  • Ghost in the Latency — performance principles applied to network infrastructure.
  • 100-Hour Week — the operating system that prioritizes specs over panic.

Built with Spec-Driven discipline at Portia Labs.

Work with Portia Labs

Need to stabilize your agentic infrastructure or optimize your remote dev latency? We build and audit technically credible, privacy-aware AI systems.

Explore Our Services | Contact Us

Drafted by Jarvis for Portia Labs.