@assistkick/create 1.0.0

package/templates/product-system/packages/backend/src/services/auth_service.test.ts

@@ -0,0 +1,115 @@
+import { describe, it } from 'node:test';
+import assert from 'node:assert/strict';
+import { AuthService } from './auth_service.ts';
+
+const createService = () => new AuthService({
+  jwtSecret: 'test-secret-at-least-32-chars-long!!',
+  isProduction: false,
+});
+
+describe('AuthService', () => {
+  describe('generateAccessToken / verifyToken', () => {
+    it('generates a valid access token with user claims', async () => {
+      const service = createService();
+      const token = await service.generateAccessToken('user-1', 'test@example.com', 'admin');
+      const payload = await service.verifyToken(token);
+
+      assert.equal(payload.sub, 'user-1');
+      assert.equal(payload.email, 'test@example.com');
+      assert.equal(payload.role, 'admin');
+      assert.equal(payload.type, undefined);
+    });
+  });
+
+  describe('generateRefreshToken / verifyToken', () => {
+    it('generates a valid refresh token with type=refresh', async () => {
+      const service = createService();
+      const token = await service.generateRefreshToken('user-1');
+      const payload = await service.verifyToken(token);
+
+      assert.equal(payload.sub, 'user-1');
+      assert.equal(payload.type, 'refresh');
+      assert.equal(payload.email, undefined);
+    });
+  });
+
+  describe('verifyToken', () => {
+    it('rejects tokens signed with a different secret', async () => {
+      const service1 = createService();
+      const service2 = new AuthService({
+        jwtSecret: 'different-secret-at-least-32-chars!!',
+        isProduction: false,
+      });
+
+      const token = await service1.generateAccessToken('user-1', 'test@example.com', 'user');
+      await assert.rejects(() => service2.verifyToken(token));
+    });
+
+    it('rejects malformed tokens', async () => {
+      const service = createService();
+      await assert.rejects(() => service.verifyToken('not-a-jwt'));
+    });
+  });
+
+  describe('hashPassword / verifyPassword', () => {
+    it('hashes and verifies passwords correctly', async () => {
+      const service = createService();
+      const hashed = await service.hashPassword('mypassword');
+      const valid = await service.verifyPassword('mypassword', hashed);
+      const invalid = await service.verifyPassword('wrongpassword', hashed);
+
+      assert.equal(valid, true);
+      assert.equal(invalid, false);
+    });
+  });
+
+  describe('setAuthCookies', () => {
+    it('sets access_token and refresh_token cookies', () => {
+      const service = createService();
+      const cookies: Record<string, any> = {};
+      const mockRes = {
+        cookie: (name: string, value: string, opts: any) => {
+          cookies[name] = { value, opts };
+        },
+      } as any;
+
+      service.setAuthCookies(mockRes, 'access-jwt', 'refresh-jwt');
+
+      assert.ok(cookies['access_token']);
+      assert.equal(cookies['access_token'].value, 'access-jwt');
+      assert.equal(cookies['access_token'].opts.httpOnly, true);
+      assert.equal(cookies['access_token'].opts.secure, false); // not production
+
+      assert.ok(cookies['refresh_token']);
+      assert.equal(cookies['refresh_token'].value, 'refresh-jwt');
+      assert.equal(cookies['refresh_token'].opts.path, '/api/auth');
+    });
+  });
+
+  describe('clearAuthCookies', () => {
+    it('clears both cookies', () => {
+      const service = createService();
+      const cleared: string[] = [];
+      const mockRes = {
+        clearCookie: (name: string, _opts?: any) => {
+          cleared.push(name);
+        },
+      } as any;
+
+      service.clearAuthCookies(mockRes);
+
+      assert.ok(cleared.includes('access_token'));
+      assert.ok(cleared.includes('refresh_token'));
+    });
+  });
+
+  describe('isProductionMode', () => {
+    it('reflects the constructor parameter', () => {
+      const devService = new AuthService({ jwtSecret: 'test-secret-32-chars-long!!!!!!!', isProduction: false });
+      const prodService = new AuthService({ jwtSecret: 'test-secret-32-chars-long!!!!!!!', isProduction: true });
+
+      assert.equal(devService.isProductionMode, false);
+      assert.equal(prodService.isProductionMode, true);
+    });
+  });
+});

package/templates/product-system/packages/backend/src/services/auth_service.ts

@@ -0,0 +1,82 @@
+/**
+ * Authentication service — handles password hashing, JWT generation,
+ * and cookie management for user authentication.
+ */
+
+import { hash, compare } from 'bcryptjs';
+import { SignJWT, jwtVerify } from 'jose';
+import type { Response } from 'express';
+
+const SALT_ROUNDS = 12;
+const ACCESS_TOKEN_EXPIRY = '30m';
+const REFRESH_TOKEN_EXPIRY = '7d';
+const ACCESS_COOKIE_MAX_AGE = 30 * 60 * 1000; // 30 minutes
+const REFRESH_COOKIE_MAX_AGE = 7 * 24 * 60 * 60 * 1000; // 7 days
+
+interface AuthServiceDeps {
+  jwtSecret: string;
+  isProduction: boolean;
+}
+
+export class AuthService {
+  private readonly secret: Uint8Array;
+  readonly isProductionMode: boolean;
+
+  constructor({ jwtSecret, isProduction }: AuthServiceDeps) {
+    this.secret = new TextEncoder().encode(jwtSecret);
+    this.isProductionMode = isProduction;
+  }
+
+  hashPassword = async (password: string): Promise<string> => {
+    return hash(password, SALT_ROUNDS);
+  };
+
+  verifyPassword = async (password: string, passwordHash: string): Promise<boolean> => {
+    return compare(password, passwordHash);
+  };
+
+  generateAccessToken = async (userId: string, email: string, role: string): Promise<string> => {
+    return new SignJWT({ sub: userId, email, role })
+      .setProtectedHeader({ alg: 'HS256' })
+      .setIssuedAt()
+      .setExpirationTime(ACCESS_TOKEN_EXPIRY)
+      .sign(this.secret);
+  };
+
+  generateRefreshToken = async (userId: string): Promise<string> => {
+    return new SignJWT({ sub: userId, type: 'refresh' })
+      .setProtectedHeader({ alg: 'HS256' })
+      .setIssuedAt()
+      .setExpirationTime(REFRESH_TOKEN_EXPIRY)
+      .sign(this.secret);
+  };
+
+  verifyToken = async (token: string): Promise<{ sub: string; email?: string; role?: string; type?: string }> => {
+    const { payload } = await jwtVerify(token, this.secret);
+    return payload as { sub: string; email?: string; role?: string; type?: string };
+  };
+
+  setAuthCookies = (res: Response, accessToken: string, refreshToken: string): void => {
+    const cookieOptions = {
+      httpOnly: true,
+      secure: this.isProductionMode,
+      sameSite: 'strict' as const,
+    };
+
+    res.cookie('access_token', accessToken, {
+      ...cookieOptions,
+      maxAge: ACCESS_COOKIE_MAX_AGE,
+    });
+
+    res.cookie('refresh_token', refreshToken, {
+      ...cookieOptions,
+      maxAge: REFRESH_COOKIE_MAX_AGE,
+      path: '/api/auth',
+    });
+  };
+
+  clearAuthCookies = (res: Response): void => {
+    res.clearCookie('access_token');
+    res.clearCookie('refresh_token', { path: '/api/auth' });
+  };
+}

package/templates/product-system/packages/backend/src/services/coherence-review.ts

@@ -0,0 +1,339 @@
+/**
+ * Coherence review orchestration — prompt building, AI review, proposal execution.
+ */
+
+import { join } from 'node:path';
+import { randomUUID } from 'node:crypto';
+import { readGraph, removeEdge as removeEdgeDb, patchNode as patchNodeDb } from '@interview-system/shared/lib/graph.js';
+import { loadCoherence, saveCoherence, getDismissalKey, sortProposals } from '@interview-system/shared/lib/coherence.js';
+import { getDb } from '@interview-system/shared/lib/db.js';
+import { nodes } from '@interview-system/shared/db/schema.js';
+import { eq } from 'drizzle-orm';
+import { claudeService, paths, log } from './init.js';
+
+// --- Coherence review state ---
+export let coherenceRunning = false;
+export let coherenceProgress = { current: 0, total: 0, message: '' };
+
+export const readCoherenceData = async (projectId?: string) => loadCoherence(projectId);
+export const writeCoherenceData = async (data: any, projectId?: string) => saveCoherence(data, projectId);
+
+/**
+ * Expand scope nodes with 1-hop neighbors to catch stale references.
+ */
+const expandScope = (scopeNodeIds: string[], graph: any) => {
+  const expanded = new Set(scopeNodeIds);
+  for (const nodeId of scopeNodeIds) {
+    for (const edge of graph.edges) {
+      if (edge.from === nodeId) expanded.add(edge.to);
+      if (edge.to === nodeId) expanded.add(edge.from);
+    }
+  }
+  return [...expanded];
+};
+
+/**
+ * Build the enhanced coherence prompt with deep context.
+ */
+export const buildCoherencePrompt = (graph: any, coherenceData: any) => {
+  const lastReview = coherenceData.last_review_timestamp;
+
+  const dismissedKeys = new Set(
+    coherenceData.proposals
+      .filter((p: any) => p.status === 'dismissed')
+      .map((p: any) => getDismissalKey(p))
+  );
+  const dismissedList = [...dismissedKeys];
+
+  const changedNodes = lastReview
+    ? graph.nodes.filter((n: any) => n.updated_at > lastReview || n.created_at > lastReview)
+    : graph.nodes;
+  const changedIds = changedNodes.map((n: any) => n.id);
+  const scopeNodeIds = lastReview ? expandScope(changedIds, graph) : changedIds;
+
+  const nodesSummary = graph.nodes.map((n: any) =>
+    `  ${n.id} [${n.type}] "${n.name}" status=${n.status} completeness=${n.completeness}`
+  ).join('\n');
+
+  const edgesSummary = graph.edges.map((e: any) =>
+    `  ${e.from} --${e.relation}--> ${e.to}`
+  ).join('\n');
+
+  const contextNodes = graph.nodes.filter((n: any) =>
+    n.type === 'decision' || n.type === 'tech_choice'
+  );
+  const contextSummary = contextNodes.map((n: any) =>
+    `  ${n.id} [${n.type}] "${n.name}" status=${n.status}`
+  ).join('\n');
+
+  const validRelations = [
+    'contains', 'depends_on', 'governed_by', 'constrained_by',
+    'implemented_with', 'reads_writes', 'exposes', 'consumes',
+    'performed_by', 'escalates_to', 'relates_to'
+  ];
+
+  const validNodeTypes = [
+    'feature', 'component', 'data_entity', 'decision', 'tech_choice',
+    'non_functional_requirement', 'design_token', 'design_pattern',
+    'user_role', 'flow', 'assumption', 'open_question'
+  ];
+
+  let prompt = `You are a graph coherence reviewer for a product specification knowledge graph. `;
+  prompt += `Analyze the graph and propose fixes for inconsistencies, stale references, and missing connections.\n\n`;
+  prompt += `## All Nodes\n${nodesSummary}\n\n`;
+  prompt += `## All Edges\n${edgesSummary}\n\n`;
+
+  if (contextNodes.length > 0) {
+    prompt += `## Architectural Context (decisions and tech choices — cross-reference these)\n${contextSummary}\n\n`;
+  }
+
+  prompt += `## Scope (nodes to focus on)\n`;
+  prompt += scopeNodeIds.length > 0
+    ? `Focus on these nodes (changed since last review + their 1-hop neighbors): ${scopeNodeIds.join(', ')}\n\n`
+    : `No previous review — analyze all nodes.\n\n`;
+
+  if (dismissedList.length > 0) {
+    prompt += `## Previously Dismissed (do NOT re-propose these exact tuples)\n`;
+    prompt += dismissedList.map((d: any) => `  - ${d}`).join('\n') + '\n\n';
+  }
+
+  prompt += `## Valid Relation Types\n${validRelations.join(', ')}\n\n`;
+  prompt += `## Valid Node Types\n${validNodeTypes.join(', ')}\n\n`;
+
+  prompt += `## Five Proposal Types\n`;
+  prompt += `1. add_edge — Add a missing edge between existing nodes\n`;
+  prompt += `2. add_node — Add a missing node (e.g. a shared design_pattern) with suggested edges\n`;
+  prompt += `3. remove_edge — Remove a stale edge that no longer reflects the architecture\n`;
+  prompt += `4. deprecate_node — Remove an obsolete node (list all edges that will be removed)\n`;
+  prompt += `5. update_description — Update a node description that references outdated concepts\n\n`;
+
+  prompt += `## Confidence Levels\n`;
+  prompt += `- high: A decision or migration node explicitly confirms the finding\n`;
+  prompt += `- medium: Inferred from context and relationships\n`;
+  prompt += `- low: Based on naming or convention patterns\n\n`;
+
+  prompt += `## Instructions\n`;
+  prompt += `1. Cross-reference findings against decision and tech_choice nodes to detect stale references.\n`;
+  prompt += `2. Be selective — only propose changes that add real value.\n`;
+  prompt += `3. Reference specific decision/tech_choice node IDs and names in your reasoning.\n`;
+  prompt += `4. Group related proposals by giving them the same batch_id string.\n`;
+  prompt += `5. Assign a confidence level to each proposal.\n\n`;
+
+  prompt += `## Output Format\n`;
+  prompt += `Respond with ONLY a JSON array. No other text.\n`;
+  prompt += `Proposal schemas:\n`;
+  prompt += `- {"type":"add_edge","from_id":"...","to_id":"...","relation":"...","confidence":"high|medium|low","batch_id":"optional","reasoning":"..."}\n`;
+  prompt += `- {"type":"add_node","proposed_node_type":"...","proposed_node_name":"...","confidence":"...","batch_id":"optional","reasoning":"...","suggested_edges":[{"from_id":"...","to_id":"NEW","relation":"..."}]}\n`;
+  prompt += `- {"type":"remove_edge","from_id":"...","to_id":"...","relation":"...","confidence":"...","batch_id":"optional","reasoning":"..."}\n`;
+  prompt += `- {"type":"deprecate_node","target_node_id":"...","affected_edges":[{"from":"...","relation":"...","to":"..."}],"confidence":"...","batch_id":"optional","reasoning":"..."}\n`;
+  prompt += `- {"type":"update_description","target_node_id":"...","proposed_description":"...","confidence":"...","batch_id":"optional","reasoning":"..."}\n\n`;
+  prompt += `If there are no proposals, respond with: []\n`;
+
+  return prompt;
+};
+
+export const runCoherenceReview = async (projectId?: string) => {
+  log('COHERENCE', '=== Starting coherence review ===');
+  const coherenceData = await readCoherenceData(projectId);
+  coherenceData.review_status = 'running';
+  coherenceData.partial_run = false;
+  await writeCoherenceData(coherenceData, projectId);
+
+  const collectedProposals: any[] = [];
+
+  try {
+    const graph = await readGraph(projectId);
+    coherenceProgress = { current: 0, total: graph.nodes.length, message: 'Building analysis prompt...' };
+
+    const prompt = buildCoherencePrompt(graph, coherenceData);
+    log('COHERENCE', `Prompt built — ${prompt.length} chars`);
+    coherenceProgress = { current: 0, total: 1, message: 'AI agent analyzing graph...' };
+
+    const output = await claudeService.spawnClaude(prompt, paths.dataDir, 'coherence-review');
+    log('COHERENCE', `Claude output received — ${output.length} chars`);
+    coherenceProgress = { current: 1, total: 1, message: 'Parsing results...' };
+
+    let jsonStr = output.trim();
+    const fenceMatch = jsonStr.match(/```(?:json)?\s*\n?([\s\S]*?)\n?```/);
+    if (fenceMatch) {
+      jsonStr = fenceMatch[1].trim();
+    }
+    const arrayMatch = jsonStr.match(/\[[\s\S]*\]/);
+    if (arrayMatch) {
+      jsonStr = arrayMatch[0];
+    }
+
+    let proposals;
+    try {
+      proposals = JSON.parse(jsonStr);
+    } catch (parseErr: any) {
+      log('COHERENCE', `Failed to parse Claude output as JSON: ${parseErr.message}`);
+      log('COHERENCE', `Raw output: ${output.slice(0, 500)}`);
+      coherenceData.review_status = 'idle';
+      await writeCoherenceData(coherenceData, projectId);
+      coherenceRunning = false;
+      coherenceProgress = { current: 0, total: 0, message: '' };
+      return;
+    }
+
+    if (!Array.isArray(proposals)) {
+      log('COHERENCE', `Claude output is not an array`);
+      coherenceData.review_status = 'idle';
+      await writeCoherenceData(coherenceData, projectId);
+      coherenceRunning = false;
+      coherenceProgress = { current: 0, total: 0, message: '' };
+      return;
+    }
+
+    for (const p of proposals) {
+      if (p.type === 'edge') p.type = 'add_edge';
+      if (p.type === 'node') p.type = 'add_node';
+    }
+
+    const dismissedKeys = new Set(
+      coherenceData.proposals
+        .filter((p: any) => p.status === 'dismissed')
+        .map((p: any) => getDismissalKey(p))
+    );
+
+    const now = new Date().toISOString();
+    for (const p of proposals) {
+      p.id = randomUUID().slice(0, 8);
+      p.status = 'pending';
+      p.created_at = now;
+      p.resolved_at = null;
+
+      const key = getDismissalKey(p);
+      if (dismissedKeys.has(key)) {
+        log('COHERENCE', `Skipping dismissed proposal: ${key}`);
+        continue;
+      }
+
+      if (p.type === 'deprecate_node' && p.target_node_id) {
+        const affectedEdges = graph.edges.filter(
+          (e: any) => e.from === p.target_node_id || e.to === p.target_node_id
+        );
+        p.affected_edges = affectedEdges.map((e: any) => ({
+          from: e.from, relation: e.relation, to: e.to
+        }));
+      }
+
+      collectedProposals.push(p);
+    }
+
+    const sorted = sortProposals(collectedProposals);
+    for (const p of sorted) {
+      coherenceData.proposals.push(p);
+    }
+
+    coherenceData.last_review_timestamp = now;
+    coherenceData.review_status = 'idle';
+    coherenceData.partial_run = false;
+    await writeCoherenceData(coherenceData, projectId);
+    log('COHERENCE', `=== Coherence review completed — ${sorted.length} proposals ===`);
+  } catch (err: any) {
+    log('COHERENCE', `Review FAILED: ${err.message}`);
+    if (collectedProposals.length > 0) {
+      const sorted = sortProposals(collectedProposals);
+      for (const p of sorted) {
+        coherenceData.proposals.push(p);
+      }
+      log('COHERENCE', `Saved ${sorted.length} partial proposals before failure`);
+    }
+    coherenceData.review_status = 'idle';
+    coherenceData.partial_run = true;
+    coherenceData.last_review_timestamp = new Date().toISOString();
+    await writeCoherenceData(coherenceData, projectId);
+  }
+  coherenceRunning = false;
+  coherenceProgress = { current: 0, total: 0, message: '' };
+};
+
+/**
+ * Execute the graph action for a proposal.
+ */
+export const executeProposalAction = async (proposal: any, coherenceData: any, projectId?: string) => {
+  const { toolRunner, toolsDir, toolExt, dataDir } = paths;
+  const pidArgs = projectId ? ['--project-id', projectId] : [];
+
+  if (proposal.type === 'add_edge' || proposal.type === 'edge') {
+    await claudeService.spawnCommand(toolRunner, [
+      join(toolsDir, `add_edge${toolExt}`),
+      proposal.from_id, proposal.relation, proposal.to_id,
+      ...pidArgs,
+    ], dataDir);
+    log('COHERENCE', `Applied edge: ${proposal.from_id} --${proposal.relation}--> ${proposal.to_id}`);
+  } else if (proposal.type === 'add_node' || proposal.type === 'node') {
+    const result = await claudeService.spawnCommand(toolRunner, [
+      join(toolsDir, `add_node${toolExt}`),
+      '--type', proposal.proposed_node_type,
+      '--name', proposal.proposed_node_name,
+      '--description', proposal.reasoning,
+      ...pidArgs,
+    ], dataDir);
+    log('COHERENCE', `Created node: ${proposal.proposed_node_type} "${proposal.proposed_node_name}"`);
+
+    const idMatch = result.match(/([a-z_]+_\d+)/);
+    if (idMatch && proposal.suggested_edges) {
+      const newNodeId = idMatch[1];
+      for (const edge of proposal.suggested_edges) {
+        const fromId = edge.from_id === 'NEW' ? newNodeId : edge.from_id;
+        const toId = edge.to_id === 'NEW' ? newNodeId : edge.to_id;
+        try {
+          await claudeService.spawnCommand(toolRunner, [
+            join(toolsDir, `add_edge${toolExt}`),
+            fromId, edge.relation, toId,
+            ...pidArgs,
+          ], dataDir);
+          log('COHERENCE', `Applied suggested edge: ${fromId} --${edge.relation}--> ${toId}`);
+        } catch (edgeErr: any) {
+          log('COHERENCE', `Failed to apply suggested edge: ${edgeErr.message}`);
+        }
+      }
+      proposal.created_node_id = newNodeId;
+    }
+  } else if (proposal.type === 'remove_edge') {
+    await claudeService.spawnCommand(toolRunner, [
+      join(toolsDir, `remove_edge${toolExt}`),
+      proposal.from_id, proposal.relation, proposal.to_id,
+      ...pidArgs,
+    ], dataDir);
+    log('COHERENCE', `Removed edge: ${proposal.from_id} --${proposal.relation}--> ${proposal.to_id}`);
+  } else if (proposal.type === 'deprecate_node') {
+    const graph = await readGraph();
+    const affectedEdges = graph.edges.filter(
+      (e: any) => e.from === proposal.target_node_id || e.to === proposal.target_node_id
+    );
+    for (const edge of affectedEdges) {
+      try {
+        await removeEdgeDb(edge.from, edge.relation, edge.to);
+        log('COHERENCE', `Removed edge for deprecated node: ${edge.from} --${edge.relation}--> ${edge.to}`);
+      } catch (edgeErr: any) {
+        log('COHERENCE', `Failed to remove edge: ${edgeErr.message}`);
+      }
+    }
+    const db = getDb();
+    await db.delete(nodes).where(eq(nodes.id, proposal.target_node_id));
+    log('COHERENCE', `Deprecated node: ${proposal.target_node_id}`);
+
+    coherenceData.proposals = coherenceData.proposals.filter((p: any) => {
+      if (p.status !== 'dismissed') return true;
+      if (p.target_node_id === proposal.target_node_id) return false;
+      if (p.from_id === proposal.target_node_id || p.to_id === proposal.target_node_id) return false;
+      return true;
+    });
+  } else if (proposal.type === 'update_description') {
+    await patchNodeDb(proposal.target_node_id, {
+      body: proposal.proposed_description,
+    });
+    log('COHERENCE', `Updated description for node: ${proposal.target_node_id}`);
+  }
+};
+
+export const setCoherenceRunning = (value: boolean) => {
+  coherenceRunning = value;
+};
+
+export const setCoherenceProgress = (value: { current: number; total: number; message: string }) => {
+  coherenceProgress = value;
+};

package/templates/product-system/packages/backend/src/services/email_service.ts

@@ -0,0 +1,75 @@
+/**
+ * Email service — sends transactional emails via Resend.
+ * Constructor DI: receives apiKey and fromAddress.
+ * Gracefully degrades when no API key is configured (logs warning instead of crashing).
+ */
+
+import { Resend } from 'resend';
+
+interface EmailServiceDeps {
+  apiKey: string;
+  fromAddress: string;
+}
+
+export class EmailService {
+  private readonly client: Resend | null;
+  private readonly fromAddress: string;
+
+  constructor({ apiKey, fromAddress }: EmailServiceDeps) {
+    this.client = apiKey ? new Resend(apiKey) : null;
+    this.fromAddress = fromAddress;
+    if (!apiKey) {
+      console.warn('[EMAIL] RESEND_API_KEY not set — email sending disabled');
+    }
+  }
+
+  sendPasswordResetEmail = async (to: string, resetUrl: string): Promise<void> => {
+    if (!this.client) {
+      console.warn(`[EMAIL] Would send password reset to ${to}: ${resetUrl}`);
+      return;
+    }
+
+    console.log(`[EMAIL] Sending password reset to ${to} from ${this.fromAddress}`);
+    const { data, error } = await this.client.emails.send({
+      from: this.fromAddress,
+      to,
+      subject: 'Reset your password',
+      html: `
+        <p>You requested a password reset.</p>
+        <p><a href="${resetUrl}">Click here to reset your password</a></p>
+        <p>This link expires in 1 hour. If you didn't request this, ignore this email.</p>
+      `,
+    });
+
+    if (error) {
+      console.error(`[EMAIL] Resend API error:`, error);
+      throw new Error(`Resend API error: ${error.message}`);
+    }
+    console.log(`[EMAIL] Password reset sent successfully, id=${data?.id}`);
+  };
+
+  sendInvitationEmail = async (to: string, invitationUrl: string): Promise<void> => {
+    if (!this.client) {
+      console.warn(`[EMAIL] Would send invitation to ${to}: ${invitationUrl}`);
+      return;
+    }
+
+    console.log(`[EMAIL] Sending invitation to ${to} from ${this.fromAddress}`);
+    const { data, error } = await this.client.emails.send({
+      from: this.fromAddress,
+      to,
+      subject: "You're invited to join",
+      html: `
+        <p>You've been invited to join the Product Interview System.</p>
+        <p><a href="${invitationUrl}">Click here to accept your invitation</a></p>
+        <p>This link expires in 48 hours.</p>
+      `,
+    });
+
+    if (error) {
+      console.error(`[EMAIL] Resend API error:`, error);
+      throw new Error(`Resend API error: ${error.message}`);
+    }
+    console.log(`[EMAIL] Invitation sent successfully, id=${data?.id}`);
+  };
+}