@hogsend/engine 0.23.0 → 0.24.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hogsend/engine",
-  "version": "0.23.0",
+  "version": "0.24.0",
   "type": "module",
   "license": "MIT",
   "repository": {
@@ -40,14 +40,14 @@
     "svix": "^1.95.1",
     "winston": "^3.19.0",
     "zod": "^4.4.3",
-    "@hogsend/core": "^0.23.0",
-    "@hogsend/db": "^0.23.0",
-    "@hogsend/email": "^0.23.0",
-    "@hogsend/plugin-posthog": "^0.23.0",
-    "@hogsend/plugin-resend": "^0.23.0"
+    "@hogsend/core": "^0.24.0",
+    "@hogsend/db": "^0.24.0",
+    "@hogsend/email": "^0.24.0",
+    "@hogsend/plugin-posthog": "^0.24.0",
+    "@hogsend/plugin-resend": "^0.24.0"
   },
   "optionalDependencies": {
-    "@hogsend/plugin-postmark": "^0.23.0"
+    "@hogsend/plugin-postmark": "^0.24.0"
   },
   "devDependencies": {
     "@types/node": "^22.15.3",

package/src/journeys/journey-context.ts

@@ -21,6 +21,7 @@ import {
 import type {
   IfPast,
   JourneyContext,
+  RecentEvent,
   TimeOfDayBuilder,
   WaitForEventResult,
   Weekday,
@@ -451,6 +452,36 @@ export function createJourneyContext(
           count: total,
         };
       },
+
+      async events({
+        userId: targetUserId,
+        limit = 50,
+        within,
+      }): Promise<RecentEvent[]> {
+        const conditions = [eq(userEvents.userId, targetUserId)];
+        if (within) {
+          const since = new Date(Date.now() - durationToMs(within));
+          conditions.push(gte(userEvents.occurredAt, since));
+        }
+        const rows = await db
+          .select({
+            event: userEvents.event,
+            properties: userEvents.properties,
+            occurredAt: userEvents.occurredAt,
+          })
+          .from(userEvents)
+          .where(and(...conditions))
+          .orderBy(desc(userEvents.occurredAt))
+          .limit(limit);
+        return rows.map((row) => ({
+          event: row.event,
+          properties: row.properties ?? null,
+          occurredAt:
+            row.occurredAt instanceof Date
+              ? row.occurredAt.toISOString()
+              : String(row.occurredAt),
+        }));
+      },
     },
   };
 }

package/src/routes/admin/bulk.ts

@@ -144,6 +144,12 @@ const replayRoute = createRoute({
       },
       description: "Replay results",
     },
+    400: {
+      content: {
+        "application/json": { schema: errorSchema },
+      },
+      description: "No replay selection (eventIds or filter) provided",
+    },
   },
 });
 
@@ -362,14 +368,26 @@ export const bulkRouter = new OpenAPIHono<AppEnv>()
         conditions.push(lte(userEvents.occurredAt, new Date(body.filter.to)));
       }
 
-      const where = conditions.length > 0 ? and(...conditions) : undefined;
+      // Refuse an unscoped replay. With no `eventIds` and no filter the WHERE
+      // would collapse to `undefined`, silently re-pushing the most-recent
+      // `limit` events back through the full ingestion pipeline (re-triggering
+      // journeys, re-evaluating exits). Require an explicit selection.
+      if (conditions.length === 0) {
+        return c.json(
+          {
+            error:
+              "Replay requires `eventIds` or at least one `filter` field (event, userId, from, to).",
+          },
+          400,
+        );
+      }
 
       events = await db
         .select()
         .from(userEvents)
-        .where(where)
+        .where(and(...conditions))
         .orderBy(desc(userEvents.occurredAt))
-        .limit(body.limit ?? 100);
+        .limit(body.limit);
     }
 
     let replayed = 0;

package/src/routes/admin/preferences.ts

@@ -147,6 +147,14 @@ export const preferencesRouter = new OpenAPIHono<AppEnv>()
             ? {
                 suppressed: body.suppressed,
                 suppressedAt: body.suppressed ? new Date() : null,
+                // Un-suppressing clears the bounce slate. `bounceCount` only
+                // drives the auto-suppress threshold (the send-gate keys off
+                // `suppressed`/`unsubscribedAll`), so a leftover count would
+                // otherwise keep a bounced recipient pinned to the suppression
+                // list with no way to remove them.
+                ...(body.suppressed
+                  ? {}
+                  : { bounceCount: 0, lastBounceAt: null }),
               }
             : {}),
           ...(body.categories !== undefined

package/src/routes/admin/reporting.ts

@@ -362,8 +362,19 @@ reportingRouter.get("/sends/export", async (c) => {
     );
   }
 
+  // The export intentionally returns all matching sends, but is hard-capped at
+  // MAX_EXPORT_ROWS. Signal when the result was truncated so a caller never
+  // mistakes a partial CSV for the complete history.
+  const truncated = rows.length >= MAX_EXPORT_ROWS;
+
   return c.body(lines.join("\n"), 200, {
     "Content-Type": "text/csv; charset=utf-8",
     "Content-Disposition": 'attachment; filename="email-sends.csv"',
+    ...(truncated
+      ? {
+          "X-Hogsend-Export-Truncated": "true",
+          "X-Hogsend-Export-Limit": String(MAX_EXPORT_ROWS),
+        }
+      : {}),
   });
 });

package/src/routes/admin/suppressions.ts

@@ -1,6 +1,6 @@
 import { emailPreferences } from "@hogsend/db";
 import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
-import { and, count, desc, eq, gt, type SQL } from "drizzle-orm";
+import { and, count, desc, eq, gt, or, type SQL } from "drizzle-orm";
 import type { AppEnv } from "../../app.js";
 import { serializePrefs } from "../../lib/contacts.js";
 
@@ -8,6 +8,11 @@ import { serializePrefs } from "../../lib/contacts.js";
 // `complained` has no dedicated column — a complaint sets `suppressed` without
 // incrementing `bounceCount` (see mailer `handleComplaint`), so we identify it
 // as suppressed-but-not-bounced.
+//
+// IMPORTANT: the `email_preferences` table holds a row for (nearly) every
+// contact, most of whom are NOT suppressed. The "All" view must therefore
+// restrict to recipients suppressed in *some* way — returning `undefined`
+// here would drop the WHERE clause entirely and list every contact.
 function typeFilter(
   type: "bounced" | "unsubscribed" | "complained" | undefined,
 ): SQL | undefined {
@@ -22,7 +27,12 @@ function typeFilter(
         eq(emailPreferences.bounceCount, 0),
       );
     default:
-      return undefined;
+      // "All" = the union of every suppression reason.
+      return or(
+        eq(emailPreferences.suppressed, true),
+        eq(emailPreferences.unsubscribedAll, true),
+        gt(emailPreferences.bounceCount, 0),
+      );
   }
 }
 

package/src/routes/webhooks/sources.ts

@@ -135,7 +135,15 @@ export function registerWebhookSourceRoutes(
     const rawBody = await c.req.text();
     const headers = headersToRecord(c.req.raw.headers);
 
-    let secret = env[auth.envKey as keyof typeof env] as string | undefined;
+    // Engine-declared secrets (presets) resolve from the validated env. A
+    // CONSUMER-defined webhook source may name an env var the engine schema
+    // doesn't declare (a BYO signature/match source), so fall back to the raw
+    // process.env value for it. Both auth branches below gate on truthiness, so
+    // an unset/blank secret stays fail-closed (signature → 401) and
+    // open-when-unconfigured (match) exactly as before.
+    let secret =
+      (env[auth.envKey as keyof typeof env] as string | undefined) ??
+      process.env[auth.envKey];
 
     // For the inbound PostHog source, fall back to the secret minted by
     // `hogsend connect` (kind="derived" store) when env has none — so an