Bug Report: safeStorage encryption unavailable on Wayland (Niri compositor) – OAuth account setup fails

Environment
∙ OS: CachyOS (Arch-based)
∙ Compositor: Niri (Wayland)
∙ Mailspring version: 1.17.3-6978bdc7
∙ Installation method: pacman
∙ Display server: Wayland (XDG_SESSION_TYPE=wayland)
∙ DBUS_SESSION_BUS_ADDRESS: unix:path=/run/user/1000/bus<!-- You’re reporting a bug in Mailspring.

• Please first check for existing discussions about this issue.
• Complete the template below.
• Remember that fixing bugs isn’t as easy as it looks!
  Read https://community.getmailspring.com/t/about-the-bug-reports-category
  →

Description

When attempting to add a Microsoft Outlook account via OAuth, Mailspring completes the OAuth flow in the browser (redirects to Mailspring) but fails to store the resulting token. The account is never added.
Root cause (from logs)
Electron’s safeStorage.encryptString is unavailable, preventing any token or password from being stored:Error: Error while encrypting the text provided to safeStorage.encryptString.
Encryption is not available.
Additionally: Mailspring encountered an error reading passwords from the keychain.
Error: Could not load libtidy.

To Reproduce…

Steps to reproduce the behavior:

1. Install Mailspring on CachyOS with Niri as Wayland compositor

2. Launch Mailspring

3. Attempt to add a Microsoft Outlook account via OAuth

4. Complete Microsoft login in browser – browser lands on Mailspring
   

5. Mailspring shows “Account not created” – account never appears

Attempted workarounds (all unsuccessful)
∙ mailspring --password-store=“gnome-libsecret” – safeStorage error persists
∙ mailspring --password-store=“basic” – safeStorage error persists
∙ echo “” | gnome-keyring-daemon --unlock before launch – no effect
∙ ELECTRON_OZONE_PLATFORM_HINT=wayland mailspring --no-sandbox --password-store=“gnome-libsecret” – no effect
∙ Verified org.freedesktop.Secret.Service is available and responding on D-Bus
∙ Verified xdg-mime handler for mailspring:// is correctly registered
∙ gnome-keyring-daemon is running with --components=pkcs11,secrets

Expected Behavior

After completing OAuth in the browser, the token should be stored securely and the account should be added successfully. Actual behavior:
safeStorage reports encryption as unavailable regardless of --password-store flag, causing all account setup to fail silently after OAuth completion.Additional notes:
libtidy is missing (libtidy.so not found). While likely unrelated to the OAuth issue, it should be noted.

Screenshots

Setup

• OS and Version:
  • Installation Method:
• Mailspring Version:

Additional Context