@emailens/engine 0.3.1 → 0.5.1

package/README.md

@@ -1,6 +1,6 @@
 # @emailens/engine
 
-Email compatibility engine that transforms CSS per email client, analyzes compatibility, scores results, simulates dark mode, and provides framework-aware fix snippets.
+Email compatibility engine that transforms CSS per email client, analyzes compatibility, scores results, simulates dark mode, provides framework-aware fix snippets, and runs spam, accessibility, link, and image quality analysis.
 
 Supports **12 email clients**: Gmail (Web, Android, iOS), Outlook (365, Windows), Apple Mail (macOS, iOS), Yahoo Mail, Samsung Mail, Thunderbird, HEY Mail, and Superhuman.
 
@@ -12,240 +12,299 @@ npm install @emailens/engine
 bun add @emailens/engine
 ```
 
+Requires Node.js >= 18.
+
 ## Quick Start
 
 ```typescript
-import {
-  analyzeEmail,
-  generateCompatibilityScore,
-  transformForAllClients,
-  simulateDarkMode,
-} from "@emailens/engine";
-
-const html = `
-<html>
-<head>
-  <style>
-    .card { border-radius: 8px; box-shadow: 0 2px 8px rgba(0,0,0,0.1); }
-  </style>
+import { auditEmail } from "@emailens/engine";
+
+const html = `<html lang="en">
+<head><title>Newsletter</title>
+  <style>.card { border-radius: 8px; box-shadow: 0 2px 8px rgba(0,0,0,0.1); }</style>
 </head>
 <body>
   <div class="card" style="display: flex; gap: 16px;">
     <div>Column A</div>
     <div>Column B</div>
   </div>
+  <a href="https://example.com/unsubscribe">Unsubscribe</a>
 </body>
-</html>
-`;
-
-// 1. Analyze CSS compatibility across all clients
-const warnings = analyzeEmail(html);
-console.log(`Found ${warnings.length} warnings`);
-
-// 2. Generate per-client scores (0–100)
-const scores = generateCompatibilityScore(warnings);
-console.log(scores["gmail-web"]); // { score: 75, errors: 0, warnings: 5, info: 0 }
-console.log(scores["outlook-windows"]); // { score: 40, errors: 1, warnings: 8, info: 2 }
-
-// 3. Transform HTML per client (strips unsupported CSS, inlines styles)
-const transforms = transformForAllClients(html);
-for (const t of transforms) {
-  console.log(`${t.clientId}: ${t.warnings.length} warnings`);
-}
+</html>`;
+
+// Run all checks in one call
+const report = auditEmail(html, { framework: "jsx" });
+
+console.log(report.compatibility.scores["gmail-web"]);
+// { score: 75, errors: 0, warnings: 5, info: 0 }
+
+console.log(report.spam);
+// { score: 100, level: "low", issues: [] }
+
+console.log(report.accessibility.score);
+// 88
+
+console.log(report.links.totalLinks);
+// 1
 
-// 4. Simulate dark mode for a specific client
-const darkMode = simulateDarkMode(html, "gmail-android");
-console.log(darkMode.warnings); // Warns about transparent PNGs, missing prefers-color-scheme, etc.
+console.log(report.images.total);
+// 0
 ```
 
 ## API Reference
 
-### `analyzeEmail(html: string, framework?: Framework): CSSWarning[]`
-
-Analyzes an HTML email and returns CSS compatibility warnings for all 12 email clients. Detects usage of `<style>`, `<link>`, `<svg>`, `<video>`, `<form>`, inline CSS properties, `@font-face`, `@media` queries, gradients, flexbox/grid, and more.
+### `auditEmail(html: string, options?: AuditOptions): AuditReport`
 
-The optional `framework` parameter (`"jsx"` | `"mjml"` | `"maizzle"`) controls which fix snippets are attached to warnings. Analysis always runs on compiled HTML — fix snippets reference source-level constructs so you know how to modify your framework source code.
+**Unified API** — runs all email analysis checks in a single call. Returns compatibility warnings + scores, spam analysis, link validation, accessibility audit, and image analysis.
 
 ```typescript
-// Plain HTML analysis
-const warnings = analyzeEmail(html);
+import { auditEmail } from "@emailens/engine";
 
-// Framework-aware: fixes reference React Email components
-const warnings = analyzeEmail(html, "jsx");
-
-// Framework-aware: fixes reference MJML elements
-const warnings = analyzeEmail(html, "mjml");
+const report = auditEmail(html, {
+  framework: "jsx",         // attach framework-specific fix snippets
+  spam: { emailType: "transactional" },  // skip unsubscribe check
+  skip: ["images"],         // skip specific checks
+});
 
-// Framework-aware: fixes reference Maizzle/Tailwind classes
-const warnings = analyzeEmail(html, "maizzle");
+// report.compatibility.warnings  — CSSWarning[]
+// report.compatibility.scores    — Record<string, ClientScore>
+// report.spam                    — SpamReport
+// report.links                   — LinkReport
+// report.accessibility           — AccessibilityReport
+// report.images                  — ImageReport
 ```
 
-### `generateCompatibilityScore(warnings: CSSWarning[]): Record<string, ClientScore>`
+**`AuditOptions`:**
+- `framework?: "jsx" | "mjml" | "maizzle"` — attach framework-specific fix snippets
+- `spam?: SpamAnalysisOptions` — options for spam analysis
+- `skip?: Array<"spam" | "links" | "accessibility" | "images" | "compatibility">` — skip specific checks
 
-Generates a 0–100 compatibility score per email client from a set of warnings.
+---
 
-**Scoring formula:** `score = 100 - (errors × 15) - (warnings × 5) - (info × 1)`, clamped to 0–100.
+### `analyzeEmail(html: string, framework?: Framework): CSSWarning[]`
+
+Analyzes an HTML email and returns CSS compatibility warnings for all 12 email clients. Detects `<style>`, `<link>`, `<svg>`, `<video>`, `<form>`, inline CSS properties, `@font-face`, `@media` queries, gradients, flexbox/grid, and more.
+
+The optional `framework` parameter controls which fix snippets are attached to warnings. Analysis always runs on compiled HTML.
 
 ```typescript
-const scores = generateCompatibilityScore(warnings);
-// {
-//   "gmail-web": { score: 75, errors: 0, warnings: 5, info: 0 },
-//   "outlook-windows": { score: 40, errors: 1, warnings: 8, info: 2 },
-//   "apple-mail-macos": { score: 100, errors: 0, warnings: 0, info: 0 },
-//   ...
-// }
+const warnings = analyzeEmail(html);          // Plain HTML
+const warnings = analyzeEmail(html, "jsx");   // React Email fixes
+const warnings = analyzeEmail(html, "mjml");  // MJML fixes
 ```
 
-### `transformForClient(html: string, clientId: string, framework?: Framework): TransformResult`
+### `generateCompatibilityScore(warnings): Record<string, ClientScore>`
+
+Generates a 0–100 compatibility score per email client. Formula: `100 - (errors × 15) - (warnings × 5) - (info × 1)`.
 
-Transforms HTML for a specific email client. Strips unsupported CSS, inlines `<style>` blocks (for Gmail), removes unsupported elements, and generates per-client warnings.
+### `warningsForClient(warnings, clientId): CSSWarning[]`
+
+Filter warnings for a specific client.
+
+### `errorWarnings(warnings): CSSWarning[]`
+
+Get only error-severity warnings.
+
+### `structuralWarnings(warnings): CSSWarning[]`
+
+Get only warnings that require HTML restructuring (`fixType: "structural"`).
+
+---
+
+### `analyzeSpam(html: string, options?: SpamAnalysisOptions): SpamReport`
+
+Analyzes an HTML email for spam indicators. Returns a 0–100 score (100 = clean) and an array of issues. Uses heuristic rules modeled after SpamAssassin, CAN-SPAM, and GDPR.
 
 ```typescript
-const result = transformForClient(html, "gmail-web");
-console.log(result.html);      // Transformed HTML
-console.log(result.warnings);  // Client-specific warnings
-console.log(result.clientId);  // "gmail-web"
+import { analyzeSpam } from "@emailens/engine";
+
+const report = analyzeSpam(html, {
+  emailType: "transactional",       // skip unsubscribe check
+  listUnsubscribeHeader: "...",     // satisfies unsubscribe requirement
+});
+// { score: 95, level: "low", issues: [...] }
 ```
 
-### `transformForAllClients(html: string, framework?: Framework): TransformResult[]`
+**Checks:** caps ratio, excessive punctuation, spam trigger phrases, missing unsubscribe link (with transactional email exemption), hidden text, URL shorteners, image-to-text ratio, deceptive links (with ESP tracking domain allowlist), all-caps subject.
 
-Transforms HTML for all 12 email clients at once.
+### `validateLinks(html: string): LinkReport`
+
+Static analysis of all links in an HTML email. No network requests.
 
 ```typescript
-const results = transformForAllClients(html);
-for (const r of results) {
-  console.log(`${r.clientId}: ${r.warnings.length} issues`);
-}
+import { validateLinks } from "@emailens/engine";
+
+const report = validateLinks(html);
+// { totalLinks: 12, issues: [...], breakdown: { https: 10, http: 1, mailto: 1, ... } }
 ```
 
-### `simulateDarkMode(html: string, clientId: string): { html: string; warnings: CSSWarning[] }`
+**Checks:** empty/placeholder hrefs, `javascript:` protocol, insecure HTTP, generic link text, missing accessible names, empty mailto/tel, very long URLs, duplicate links.
 
-Simulates how an email client applies dark mode. Different clients use different strategies:
+### `checkAccessibility(html: string): AccessibilityReport`
 
-- **Full inversion** (Gmail Android, Samsung Mail): swaps all light backgrounds to dark
-- **Partial inversion** (Gmail Web, Apple Mail, Yahoo, Outlook.com, HEY, Superhuman): only inverts white backgrounds
-- **No dark mode** (Outlook Windows, Thunderbird): no transformation
+Audits an HTML email for accessibility issues. Returns a 0–100 score and detailed issues.
 
 ```typescript
-const { html: darkHtml, warnings } = simulateDarkMode(html, "gmail-android");
+import { checkAccessibility } from "@emailens/engine";
+
+const report = checkAccessibility(html);
+// { score: 88, issues: [...] }
 ```
 
-### `getCodeFix(property: string, clientId: string, framework?: Framework): CodeFix | undefined`
+**Checks:** missing `lang` attribute, missing `<title>`, image alt text, link accessibility, layout table roles, small text, color contrast (WCAG 2.1), heading hierarchy.
 
-Returns a paste-ready code fix for a specific CSS property + client combination. Fixes are tiered:
+### `analyzeImages(html: string): ImageReport`
 
-1. **Framework + client specific** (e.g., `border-radius` + Outlook + JSX → VML roundrect component)
-2. **Framework specific** (e.g., `@font-face` + MJML → `<mj-font>`)
-3. **Generic HTML fallback** (e.g., `display:flex` + Outlook → HTML table with MSO conditionals)
+Analyzes images for email best practices.
 
 ```typescript
-const fix = getCodeFix("display:flex", "outlook-windows", "jsx");
-// {
-//   language: "jsx",
-//   description: "Use Row and Column from @react-email/components",
-//   before: "<div style={{ display: 'flex' }}>...",
-//   after: "<Row><Column>..."
-// }
+import { analyzeImages } from "@emailens/engine";
+
+const report = analyzeImages(html);
+// { total: 5, totalDataUriBytes: 0, issues: [...], images: [...] }
 ```
 
-### `getSuggestion(property: string, clientId: string, framework?: Framework): { text: string; isGenericFallback?: boolean }`
+**Checks:** missing dimensions, oversized data URIs, missing alt, WebP/SVG format, missing `display:block`, tracking pixels, high image count.
+
+---
+
+### `transformForClient(html, clientId, framework?): TransformResult`
+
+Transforms HTML for a specific email client — strips unsupported CSS, inlines `<style>` blocks (for Gmail), removes unsupported elements.
+
+### `transformForAllClients(html, framework?): TransformResult[]`
+
+Transforms HTML for all 12 email clients at once.
+
+### `simulateDarkMode(html, clientId): { html, warnings }`
 
-Returns a human-readable suggestion for fixing a compatibility issue. Lighter than `getCodeFix` — returns a text description rather than before/after code.
+Simulates how an email client applies dark mode using luminance-based color detection.
+
+- **Full inversion** (Gmail Android, Samsung Mail): inverts all light backgrounds and dark text
+- **Partial inversion** (Gmail Web, Apple Mail, Yahoo, Outlook.com, HEY, Superhuman): only inverts very light/dark colors
+- **No dark mode** (Outlook Windows, Thunderbird)
+
+### `getCodeFix(property, clientId, framework?): CodeFix | undefined`
+
+Returns a paste-ready code fix for a CSS property + client combination. Fixes are tiered:
+
+1. **Framework + client specific** (e.g., `border-radius` + Outlook + JSX → VML component)
+2. **Framework specific** (e.g., `@font-face` + MJML → `<mj-font>`)
+3. **Client specific** (e.g., `border-radius` + Outlook → VML roundrect)
+4. **Generic HTML fallback**
 
 ### `diffResults(before, after): DiffResult[]`
 
-Compares two sets of analysis results (before and after a fix). Shows what improved, regressed, or stayed the same per client.
+Compares two sets of analysis results to show what improved, regressed, or stayed the same.
+
+---
+
+## Compile Module
+
+Compile email templates from JSX, MJML, or Maizzle to HTML.
 
 ```typescript
-const before = { scores: generateCompatibilityScore(warningsBefore), warnings: warningsBefore };
-const after = { scores: generateCompatibilityScore(warningsAfter), warnings: warningsAfter };
-const diffs = diffResults(before, after);
+import { compile, detectFormat, CompileError } from "@emailens/engine/compile";
 
-for (const d of diffs) {
-  console.log(`${d.clientId}: ${d.scoreBefore} → ${d.scoreAfter} (${d.scoreDelta > 0 ? "+" : ""}${d.scoreDelta})`);
-  console.log(`  Fixed: ${d.fixed.length}, Introduced: ${d.introduced.length}`);
-}
+// Auto-detect format and compile
+const format = detectFormat("email.tsx");  // "jsx"
+const html = await compile(source, format);
+
+// Or use specific compilers
+import { compileReactEmail, compileMjml, compileMaizzle } from "@emailens/engine/compile";
 ```
 
-### `generateFixPrompt(options: ExportPromptOptions): string`
+### `compile(source, format, filePath?): Promise<string>`
+
+Compile source to HTML based on format. Lazily imports per-format compilers.
+
+### `compileReactEmail(source, options?): Promise<string>`
 
-Generates a markdown prompt suitable for passing to an AI assistant to fix compatibility issues. Includes the original HTML, compatibility scores table, all detected issues with fix suggestions, and format-specific instructions.
+Compile React Email JSX/TSX to HTML. Pipeline: validate → transpile (sucrase) → sandbox execute → render.
 
 ```typescript
-const prompt = generateFixPrompt({
-  originalHtml: html,
-  warnings,
-  scores,
-  scope: "all",           // or "current" with selectedClientId
-  format: "jsx",           // "html" | "jsx" | "mjml" | "maizzle"
+import { compileReactEmail } from "@emailens/engine/compile";
+
+const html = await compileReactEmail(jsxSource, {
+  sandbox: "isolated-vm",  // "vm" | "isolated-vm" | "quickjs"
 });
 ```
 
-### `EMAIL_CLIENTS: EmailClient[]`
+**Sandbox strategies:**
+- `"isolated-vm"` (default) — Separate V8 isolate. True heap isolation. Requires `isolated-vm` native addon.
+- `"vm"` — `node:vm` with hardened globals. Fast, zero-dependency, but NOT a true security boundary. Suitable for CLI/local use.
+- `"quickjs"` — Validates code in WASM sandbox, then executes in `node:vm`. Security is equivalent to `"vm"`. No native addons needed.
 
-Array of all 12 supported email client definitions.
+**Peer dependencies:** `sucrase`, `react`, `@react-email/components`, `@react-email/render`. Plus `isolated-vm` or `quickjs-emscripten` depending on sandbox strategy.
 
-```typescript
-import { EMAIL_CLIENTS } from "@emailens/engine";
+### `compileMjml(source): Promise<string>`
+
+Compile MJML to HTML. **Peer dependency:** `mjml`.
+
+### `compileMaizzle(source): Promise<string>`
+
+Compile Maizzle template to HTML. **Peer dependency:** `@maizzle/framework`.
+
+**Security:** PostHTML file-system directives (`<extends>`, `<component>`, `<fetch>`, `<include>`, `<module>`, `<slot>`, `<fill>`, `<raw>`, `<block>`, `<yield>`) are rejected at validation time to prevent server-side file reads.
+
+### `detectFormat(filePath): InputFormat`
+
+Auto-detect input format from file extension (`.tsx`/`.jsx` → `"jsx"`, `.mjml` → `"mjml"`, `.html` → `"html"`).
+
+### `CompileError`
 
-for (const client of EMAIL_CLIENTS) {
-  console.log(`${client.name} (${client.category}) — ${client.engine}`);
+Unified error class for all compilation failures. Available from both `@emailens/engine` and `@emailens/engine/compile`.
+
+```typescript
+import { CompileError } from "@emailens/engine";
+
+try {
+  await compile(source, "jsx");
+} catch (err) {
+  if (err instanceof CompileError) {
+    console.log(err.format);  // "jsx" | "mjml" | "maizzle"
+    console.log(err.phase);   // "validation" | "transpile" | "execution" | "render" | "compile"
+  }
 }
-// Gmail (webmail) — Gmail Web
-// Outlook Windows (desktop) — Microsoft Word
-// Apple Mail (desktop) — WebKit
-// ...
 ```
 
-### `getClient(id: string): EmailClient | undefined`
+---
 
-Look up a client by ID.
+## Security Considerations
 
-## Supported Email Clients
+### Input Size Limits
 
-| Client | ID | Category | Engine | Dark Mode |
-|---|---|---|---|---|
-| Gmail | `gmail-web` | Webmail | Gmail Web | Yes |
-| Gmail Android | `gmail-android` | Mobile | Gmail Mobile | Yes |
-| Gmail iOS | `gmail-ios` | Mobile | Gmail Mobile | Yes |
-| Outlook 365 | `outlook-web` | Webmail | Outlook Web | Yes |
-| Outlook Windows | `outlook-windows` | Desktop | Microsoft Word | No |
-| Apple Mail | `apple-mail-macos` | Desktop | WebKit | Yes |
-| Apple Mail iOS | `apple-mail-ios` | Mobile | WebKit | Yes |
-| Yahoo Mail | `yahoo-mail` | Webmail | Yahoo | Yes |
-| Samsung Mail | `samsung-mail` | Mobile | Samsung | Yes |
-| Thunderbird | `thunderbird` | Desktop | Gecko | No |
-| HEY Mail | `hey-mail` | Webmail | WebKit | Yes |
-| Superhuman | `superhuman` | Desktop | Blink | Yes |
+All public functions enforce a 2MB (`MAX_HTML_SIZE`) input limit. Inputs exceeding this limit throw immediately. The limit is exported so consumers can check before calling:
+
+```typescript
+import { MAX_HTML_SIZE } from "@emailens/engine";
+if (html.length > MAX_HTML_SIZE) {
+  // handle oversized input
+}
+```
 
-## AI-Powered Fixes (v0.2.0)
+### Compile Module Security
 
-The engine classifies every warning as either `css` (CSS-only swap) or `structural` (requires HTML restructuring — tables, VML, conditionals). For structural issues that static snippets can't solve, the engine can generate a structured prompt and delegate to an LLM.
+- **React Email JSX**: User code runs in a sandboxed environment. The `"isolated-vm"` strategy provides true heap isolation. The `"vm"` and `"quickjs"` strategies use `node:vm` which is NOT a security boundary — suitable for CLI use where users run their own code. For server deployments accepting untrusted input, use `"isolated-vm"`.
+- **Maizzle**: PostHTML directives that access the filesystem (`<extends>`, `<fetch>`, `<include>`, `<raw>`, `<block>`, `<yield>`, etc.) are rejected at validation time.
+- **MJML**: Compiled through the `mjml` package with default settings.
 
-The engine is **provider-agnostic** — you bring your own AI provider via a simple callback.
+---
 
-### `generateAiFix(options): Promise<AiFixResult>`
+## AI-Powered Fixes
 
-Builds a fix prompt from the engine's analysis, sends it to your AI provider, and extracts the fixed code.
+The engine classifies every warning as either `css` (CSS-only swap) or `structural` (requires HTML restructuring). For structural issues, the engine can generate a prompt and delegate to an LLM.
+
+### `generateAiFix(options): Promise<AiFixResult>`
 
 ```typescript
-import Anthropic from "@anthropic-ai/sdk";
-import {
-  analyzeEmail,
-  generateCompatibilityScore,
-  generateAiFix,
-  AI_FIX_SYSTEM_PROMPT,
-} from "@emailens/engine";
-
-const anthropic = new Anthropic();
-const warnings = analyzeEmail(html, "jsx");
-const scores = generateCompatibilityScore(warnings);
+import { generateAiFix, AI_FIX_SYSTEM_PROMPT } from "@emailens/engine";
 
 const result = await generateAiFix({
   originalHtml: html,
   warnings,
   scores,
-  scope: "all",        // or "current" with selectedClientId
+  scope: "all",
   format: "jsx",
   provider: async (prompt) => {
     const msg = await anthropic.messages.create({
@@ -257,68 +316,34 @@ const result = await generateAiFix({
     return msg.content[0].type === "text" ? msg.content[0].text : "";
   },
 });
-
-console.log(result.code);              // Fixed email code
-console.log(result.targetedWarnings);  // 23
-console.log(result.structuralCount);   // 5
 ```
 
 ### `estimateAiFixTokens(options): Promise<TokenEstimate>`
 
-Estimate tokens **before** making an API call. Use for cost estimates, limit checks, and UI feedback.
-
-```typescript
-import { estimateAiFixTokens } from "@emailens/engine";
-
-const estimate = await estimateAiFixTokens({
-  originalHtml: html,
-  warnings,
-  scores,
-  scope: "all",
-  format: "jsx",
-  maxInputTokens: 16000,  // optional, triggers smart truncation
-});
-
-console.log(`~${estimate.inputTokens} input tokens`);
-console.log(`~${estimate.estimatedOutputTokens} output tokens`);
-console.log(`${estimate.warningCount} warnings (${estimate.structuralCount} structural)`);
-console.log(`Truncated: ${estimate.truncated}`);
-```
-
-**Smart truncation** kicks in when the prompt exceeds `maxInputTokens`:
-1. Deduplicates warnings (same property × severity)
-2. Removes `info`-level warnings
-3. Removes CSS-only warnings (keeps structural + errors)
-4. Trims long fix snippets
+Estimate tokens before making an API call.
 
 ### `heuristicTokenCount(text): number`
 
-Instant synchronous token estimate (~3.5 chars/token). Within ~10-15% of real Claude tokenizer for HTML/CSS.
-
-```typescript
-import { heuristicTokenCount } from "@emailens/engine";
-const tokens = heuristicTokenCount(html); // instant, no deps
-```
-
-### `AI_FIX_SYSTEM_PROMPT`
-
-Expert system prompt for email compatibility fixes. Pass as the `system` parameter to your LLM call for best results. Includes structural fix patterns (table layouts, VML, MSO conditionals).
-
-### `STRUCTURAL_FIX_PROPERTIES`
-
-`Set<string>` of CSS properties that require HTML restructuring (not just CSS swaps). Includes `display:flex`, `display:grid`, `word-break`, `position`, `border-radius` (Outlook), `background-image` (Outlook), and more.
-
-```typescript
-import { STRUCTURAL_FIX_PROPERTIES } from "@emailens/engine";
-STRUCTURAL_FIX_PROPERTIES.has("word-break"); // true
-STRUCTURAL_FIX_PROPERTIES.has("color");      // false
-```
+Instant synchronous token estimate (~3.5 chars/token).
 
-## CSS Support Matrix
+---
 
-The engine includes a comprehensive CSS support matrix (`src/rules/css-support.ts`) covering 45+ CSS properties and HTML elements across all 12 clients. Data sourced from [caniemail.com](https://www.caniemail.com/) with inferred values for HEY Mail and Superhuman based on their rendering engines.
+## Supported Email Clients
 
-Properties added in v0.2.0: `word-break`, `overflow-wrap`, `white-space`, `text-overflow`, `vertical-align`, `border-spacing`, `min-width`, `min-height`, `max-height`, `text-shadow`, `background-size`, `background-position`.
+| Client | ID | Category | Engine | Dark Mode |
+|---|---|---|---|---|
+| Gmail | `gmail-web` | Webmail | Gmail Web | Yes |
+| Gmail Android | `gmail-android` | Mobile | Gmail Mobile | Yes |
+| Gmail iOS | `gmail-ios` | Mobile | Gmail Mobile | Yes |
+| Outlook 365 | `outlook-web` | Webmail | Outlook Web | Yes |
+| Outlook Windows | `outlook-windows` | Desktop | Microsoft Word | No |
+| Apple Mail | `apple-mail-macos` | Desktop | WebKit | Yes |
+| Apple Mail iOS | `apple-mail-ios` | Mobile | WebKit | Yes |
+| Yahoo Mail | `yahoo-mail` | Webmail | Yahoo | Yes |
+| Samsung Mail | `samsung-mail` | Mobile | Samsung | Yes |
+| Thunderbird | `thunderbird` | Desktop | Gecko | No |
+| HEY Mail | `hey-mail` | Webmail | WebKit | Yes |
+| Superhuman | `superhuman` | Desktop | Blink | Yes |
 
 ## Types
 
@@ -327,16 +352,6 @@ type SupportLevel = "supported" | "partial" | "unsupported" | "unknown";
 type Framework = "jsx" | "mjml" | "maizzle";
 type InputFormat = "html" | Framework;
 type FixType = "css" | "structural";
-type AiProvider = (prompt: string) => Promise<string>;
-
-interface EmailClient {
-  id: string;
-  name: string;
-  category: "webmail" | "desktop" | "mobile";
-  engine: string;
-  darkModeSupport: boolean;
-  icon: string;
-}
 
 interface CSSWarning {
   severity: "error" | "warning" | "info";
@@ -345,50 +360,44 @@ interface CSSWarning {
   message: string;
   suggestion?: string;
   fix?: CodeFix;
-  fixIsGenericFallback?: boolean;
-  fixType?: FixType;           // "css" or "structural" (v0.2.0)
+  fixType?: FixType;
+  line?: number;       // line number in <style> block
+  selector?: string;   // element selector for inline styles
 }
 
-interface CodeFix {
-  before: string;
-  after: string;
-  language: "html" | "css" | "jsx" | "mjml" | "maizzle";
-  description: string;
+interface AuditReport {
+  compatibility: {
+    warnings: CSSWarning[];
+    scores: Record<string, { score: number; errors: number; warnings: number; info: number }>;
+  };
+  spam: SpamReport;
+  links: LinkReport;
+  accessibility: AccessibilityReport;
+  images: ImageReport;
 }
 
-interface AiFixResult {
-  code: string;
-  prompt: string;
-  targetedWarnings: number;
-  structuralCount: number;
-  tokenEstimate: TokenEstimate;
+interface SpamReport {
+  score: number;       // 0–100 (100 = clean)
+  level: "low" | "medium" | "high";
+  issues: SpamIssue[];
 }
 
-interface TokenEstimate {
-  inputTokens: number;
-  estimatedOutputTokens: number;
-  promptCharacters: number;
-  htmlCharacters: number;
-  warningCount: number;
-  structuralCount: number;
-  truncated: boolean;
-  warningsRemoved: number;
+interface LinkReport {
+  totalLinks: number;
+  issues: LinkIssue[];
+  breakdown: { https: number; http: number; mailto: number; tel: number; ... };
 }
 
-interface TransformResult {
-  clientId: string;
-  html: string;
-  warnings: CSSWarning[];
+interface AccessibilityReport {
+  score: number;       // 0–100
+  issues: AccessibilityIssue[];
 }
 
-interface DiffResult {
-  clientId: string;
-  scoreBefore: number;
-  scoreAfter: number;
-  scoreDelta: number;
-  fixed: CSSWarning[];
-  introduced: CSSWarning[];
-  unchanged: CSSWarning[];
+interface ImageReport {
+  total: number;
+  totalDataUriBytes: number;
+  issues: ImageIssue[];
+  images: ImageInfo[];
 }
 ```
 
@@ -398,7 +407,7 @@ interface DiffResult {
 bun test
 ```
 
-166 tests covering analysis, transformation, dark mode simulation, framework-aware fixes, AI fix generation, token estimation, smart truncation, fixType classification, and accuracy benchmarks against real-world email templates.
+449 tests covering analysis, transformation, dark mode simulation, framework-aware fixes, AI fix generation, token estimation, spam scoring, link validation, accessibility checking, image analysis, security hardening, integration pipelines, and accuracy benchmarks.
 
 ## License