@iflow-mcp/jakeliume-webpeel 0.22.0

package/dist/server/auth-store.js

@@ -0,0 +1,88 @@
+/**
+ * Auth store abstraction for API key validation and usage tracking
+ * Designed to easily swap from in-memory to PostgreSQL
+ */
+import { timingSafeEqual } from 'crypto';
+/**
+ * Validate API key format and strength
+ * SECURITY: Enforce minimum complexity
+ */
+function validateKeyFormat(key) {
+    // Minimum 32 characters
+    if (key.length < 32) {
+        return false;
+    }
+    // Must contain alphanumeric characters
+    if (!/^[a-zA-Z0-9_-]+$/.test(key)) {
+        return false;
+    }
+    return true;
+}
+/**
+ * Timing-safe key comparison
+ * SECURITY: Prevent timing attacks on key validation
+ */
+function timingSafeKeyCompare(a, b) {
+    // Ensure equal length for comparison
+    if (a.length !== b.length) {
+        // Compare against dummy to prevent timing leak
+        const dummy = 'x'.repeat(Math.max(a.length, b.length));
+        timingSafeEqual(Buffer.from(dummy), Buffer.from(dummy));
+        return false;
+    }
+    try {
+        return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * In-memory auth store for development and self-hosted deployments
+ */
+export class InMemoryAuthStore {
+    keys = new Map();
+    usage = new Map();
+    constructor() {
+        // SECURITY: Demo key only in development mode
+        // Removed hardcoded demo key - use addKey() or environment variables
+        if (process.env.NODE_ENV === 'development' && process.env.DEMO_KEY) {
+            this.addKey({
+                key: process.env.DEMO_KEY,
+                tier: 'pro',
+                rateLimit: 300,
+                createdAt: new Date(),
+            });
+        }
+    }
+    async validateKey(key) {
+        // Basic validation
+        if (!key || typeof key !== 'string') {
+            return null;
+        }
+        // SECURITY: Timing-safe comparison to prevent timing attacks
+        for (const [storedKey, keyInfo] of this.keys.entries()) {
+            if (timingSafeKeyCompare(key, storedKey)) {
+                return keyInfo;
+            }
+        }
+        // Constant-time operation for invalid key
+        return null;
+    }
+    async trackUsage(key, creditsOrType) {
+        // For in-memory store, just count everything as 1 credit
+        const credits = typeof creditsOrType === 'number' ? creditsOrType : 1;
+        const current = this.usage.get(key) || 0;
+        this.usage.set(key, current + credits);
+    }
+    addKey(keyInfo) {
+        // SECURITY: Validate key format before adding
+        if (!validateKeyFormat(keyInfo.key)) {
+            throw new Error('Invalid API key format: must be at least 32 characters, alphanumeric with - or _');
+        }
+        this.keys.set(keyInfo.key, keyInfo);
+    }
+    getUsage(key) {
+        return this.usage.get(key) || 0;
+    }
+}

package/dist/server/bull-queues.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Bull queue setup for WebPeel microservices.
+ *
+ * Used by:
+ *   - API container  (API_MODE=queue)  — to enqueue fetch/render jobs
+ *   - Worker container (WORKER_MODE=1) — to process jobs and write results
+ *
+ * Queue names:
+ *   - "webpeel:fetch"  — HTTP-only fetches (no browser)
+ *   - "webpeel:render" — Browser/Playwright fetches (render=true)
+ *
+ * Job result format stored in Redis:
+ *   key: webpeel:result:<jobId>
+ *   value: JSON string of { status, result?, error? }
+ *   TTL: 24h
+ *
+ * No secrets in code. All config via env vars:
+ *   REDIS_URL      — e.g. redis://redis:6379 (default)
+ *   REDIS_PASSWORD — optional password
+ */
+import Bull from 'bull';
+export interface FetchJobPayload {
+    jobId: string;
+    url: string;
+    format?: 'markdown' | 'text' | 'html' | 'clean';
+    render?: boolean;
+    wait?: number;
+    maxTokens?: number;
+    budget?: number;
+    stealth?: boolean;
+    screenshot?: boolean;
+    fullPage?: boolean;
+    selector?: string;
+    exclude?: string[];
+    includeTags?: string[];
+    excludeTags?: string[];
+    images?: boolean;
+    actions?: any[];
+    timeout?: number;
+    lite?: boolean;
+    raw?: boolean;
+    noDomainApi?: boolean;
+    readable?: boolean;
+    question?: string;
+    highlightQuery?: string;
+    highlightMaxChars?: number;
+    userId?: string;
+}
+export declare function getFetchQueue(): Bull.Queue<FetchJobPayload>;
+export declare function getRenderQueue(): Bull.Queue<FetchJobPayload>;
+export declare const RESULT_KEY_PREFIX = "webpeel:result:";
+export declare const RESULT_TTL_SECONDS = 86400;
+export interface JobResult {
+    status: 'queued' | 'processing' | 'completed' | 'failed';
+    result?: any;
+    error?: string;
+    startedAt?: string;
+    completedAt?: string;
+}
+export declare function closeQueues(): Promise<void>;

package/dist/server/bull-queues.js

@@ -0,0 +1,90 @@
+/**
+ * Bull queue setup for WebPeel microservices.
+ *
+ * Used by:
+ *   - API container  (API_MODE=queue)  — to enqueue fetch/render jobs
+ *   - Worker container (WORKER_MODE=1) — to process jobs and write results
+ *
+ * Queue names:
+ *   - "webpeel:fetch"  — HTTP-only fetches (no browser)
+ *   - "webpeel:render" — Browser/Playwright fetches (render=true)
+ *
+ * Job result format stored in Redis:
+ *   key: webpeel:result:<jobId>
+ *   value: JSON string of { status, result?, error? }
+ *   TTL: 24h
+ *
+ * No secrets in code. All config via env vars:
+ *   REDIS_URL      — e.g. redis://redis:6379 (default)
+ *   REDIS_PASSWORD — optional password
+ */
+import Bull from 'bull';
+// ─── Redis connection config ─────────────────────────────────────────────────
+function getRedisConfig() {
+    const url = process.env.REDIS_URL || 'redis://redis:6379';
+    const password = process.env.REDIS_PASSWORD || undefined;
+    // Parse the URL to extract host/port (Bull accepts host+port or full URL)
+    try {
+        const parsed = new URL(url);
+        return {
+            host: parsed.hostname,
+            port: parseInt(parsed.port || '6379', 10),
+            password,
+            db: parseInt(parsed.pathname?.slice(1) || '0', 10) || 0,
+        };
+    }
+    catch {
+        // Fallback defaults
+        return {
+            host: 'redis',
+            port: 6379,
+            password,
+        };
+    }
+}
+const sharedOpts = {
+    redis: getRedisConfig(),
+    defaultJobOptions: {
+        attempts: 3,
+        backoff: {
+            type: 'exponential',
+            delay: 2000,
+        },
+        removeOnComplete: { age: 86400, count: 1000 }, // Keep 24h or 1000 jobs, whichever hits first
+        removeOnFail: { age: 259200 }, // Keep failed jobs 72h for debugging
+        timeout: 120_000, // 2 min hard timeout per job
+    },
+    // Lock will be extended by workers every 30s — initial lock should be generous
+    settings: {
+        lockDuration: 60_000, // 60s initial lock (default: 30s)
+    },
+};
+// ─── Queue singletons ────────────────────────────────────────────────────────
+let _fetchQueue = null;
+let _renderQueue = null;
+export function getFetchQueue() {
+    if (!_fetchQueue) {
+        _fetchQueue = new Bull('webpeel:fetch', sharedOpts);
+    }
+    return _fetchQueue;
+}
+export function getRenderQueue() {
+    if (!_renderQueue) {
+        _renderQueue = new Bull('webpeel:render', sharedOpts);
+    }
+    return _renderQueue;
+}
+// ─── Result helpers (Redis key = webpeel:result:<jobId>) ─────────────────────
+export const RESULT_KEY_PREFIX = 'webpeel:result:';
+export const RESULT_TTL_SECONDS = 86_400; // 24 hours
+// ─── Graceful teardown ───────────────────────────────────────────────────────
+export async function closeQueues() {
+    const closes = [];
+    if (_fetchQueue)
+        closes.push(_fetchQueue.close());
+    if (_renderQueue)
+        closes.push(_renderQueue.close());
+    await Promise.all(closes);
+    _fetchQueue = null;
+    _renderQueue = null;
+}

package/dist/server/email-service.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Email service using Nodemailer (free, no API key required).
+ * Configure via environment variables:
+ *   EMAIL_SMTP_HOST - SMTP server (e.g. smtp.gmail.com)
+ *   EMAIL_SMTP_PORT - SMTP port (default: 587)
+ *   EMAIL_SMTP_USER - SMTP username / email address
+ *   EMAIL_SMTP_PASS - SMTP password (Gmail: use App Password)
+ *   EMAIL_FROM      - From address (default: EMAIL_SMTP_USER)
+ *
+ * Gmail setup: https://myaccount.google.com/apppasswords
+ * Use "App Password" (not your regular password).
+ */
+import type { Pool as PgPool } from 'pg';
+export interface UsageAlertEmailParams {
+    toEmail: string;
+    userName?: string;
+    usagePercent: number;
+    used: number;
+    total: number;
+    tier: string;
+}
+export declare function sendUsageAlertEmail(params: UsageAlertEmailParams): Promise<boolean>;
+export interface UsageAlertCheckResult {
+    /**
+     * Which threshold was crossed (80 | 90), or null if no alert to send.
+     * Priority: 90 > 80 (only one alert per call).
+     */
+    threshold: 80 | 90 | null;
+    usagePercent: number;
+    used: number;
+    total: number;
+    userEmail: string;
+    userName?: string;
+    userTier: string;
+    /** Custom alert email if set, otherwise falls back to userEmail */
+    alertEmail: string;
+}
+/**
+ * Check whether a usage alert should be sent for a given user and,
+ * if so, return the alert details plus automatically update the
+ * `alert_sent_80_at` / `alert_sent_90_at` column.
+ *
+ * Thresholds are **automatic** (80% and 90%) and work independently of
+ * the user-configured `alert_threshold` system.
+ *
+ * Call this fire-and-forget style after each successful API request:
+ *   ```ts
+ *   checkAndSendDualAlert(pool, userId).catch(() => {});
+ *   ```
+ */
+export declare function checkAndSendDualAlert(pool: PgPool, userId: string): Promise<void>;
+/**
+ * Send password reset email with a secure reset link.
+ */
+export declare function sendPasswordResetEmail(toEmail: string, resetUrl: string): Promise<boolean>;

package/dist/server/email-service.js

@@ -0,0 +1,291 @@
+/**
+ * Email service using Nodemailer (free, no API key required).
+ * Configure via environment variables:
+ *   EMAIL_SMTP_HOST - SMTP server (e.g. smtp.gmail.com)
+ *   EMAIL_SMTP_PORT - SMTP port (default: 587)
+ *   EMAIL_SMTP_USER - SMTP username / email address
+ *   EMAIL_SMTP_PASS - SMTP password (Gmail: use App Password)
+ *   EMAIL_FROM      - From address (default: EMAIL_SMTP_USER)
+ *
+ * Gmail setup: https://myaccount.google.com/apppasswords
+ * Use "App Password" (not your regular password).
+ */
+import nodemailer from 'nodemailer';
+import { Resend } from 'resend';
+// ── Resend (primary — sends from noreply@webpeel.dev) ─────────────────────
+function getResend() {
+    const key = process.env.RESEND_API_KEY;
+    if (!key)
+        return null;
+    return new Resend(key);
+}
+// ── Nodemailer (fallback — Gmail SMTP) ────────────────────────────────────
+function createTransport() {
+    const host = process.env.EMAIL_SMTP_HOST;
+    const user = process.env.EMAIL_SMTP_USER;
+    const pass = process.env.EMAIL_SMTP_PASS;
+    if (!host || !user || !pass) {
+        return null;
+    }
+    return nodemailer.createTransport({
+        host,
+        port: parseInt(process.env.EMAIL_SMTP_PORT || '587'),
+        secure: process.env.EMAIL_SMTP_PORT === '465',
+        auth: { user, pass },
+    });
+}
+/**
+ * Send an email via Resend (primary) or Nodemailer (fallback).
+ * Returns true if sent successfully.
+ */
+async function sendEmail(options) {
+    const fromAddress = process.env.EMAIL_FROM || 'noreply@webpeel.dev';
+    const fromName = 'WebPeel';
+    // Try Resend first (proper From address, no Gmail override)
+    const resend = getResend();
+    if (resend) {
+        try {
+            await resend.emails.send({
+                from: `${fromName} <${fromAddress}>`,
+                to: options.to,
+                subject: options.subject,
+                html: options.html,
+            });
+            console.log(`[email] Sent via Resend to: ${options.to}`);
+            return true;
+        }
+        catch (err) {
+            console.warn('[email] Resend failed, trying Nodemailer fallback:', err.message);
+        }
+    }
+    // Fallback to Nodemailer/SMTP
+    const transport = createTransport();
+    if (transport) {
+        try {
+            const smtpFrom = process.env.EMAIL_SMTP_USER || fromAddress;
+            await transport.sendMail({
+                from: `${fromName} <${smtpFrom}>`,
+                to: options.to,
+                subject: options.subject,
+                html: options.html,
+            });
+            console.log(`[email] Sent via SMTP to: ${options.to}`);
+            return true;
+        }
+        catch (err) {
+            console.error('[email] SMTP send failed:', err.message);
+        }
+    }
+    console.warn('[email] No email provider configured (set RESEND_API_KEY or EMAIL_SMTP_*)');
+    return false;
+}
+export async function sendUsageAlertEmail(params) {
+    const html = buildUsageAlertHtml(params);
+    return sendEmail({
+        to: params.toEmail,
+        subject: `WebPeel: You've used ${params.usagePercent}% of your weekly API limit`,
+        html,
+    });
+}
+function buildUsageAlertHtml(params) {
+    const { usagePercent, used, total, tier, userName } = params;
+    const color = usagePercent >= 90 ? '#ef4444' : usagePercent >= 75 ? '#f59e0b' : '#5865F2';
+    return `<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"><title>WebPeel Usage Alert</title></head>
+<body style="margin:0;padding:0;background:#0A0A0F;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;">
+  <div style="max-width:520px;margin:40px auto;background:#111116;border:1px solid #27272a;border-radius:12px;overflow:hidden;">
+    <div style="background:${color};padding:4px 24px;"></div>
+    <div style="padding:32px 24px;">
+      <div style="font-size:24px;font-weight:700;color:#ffffff;margin-bottom:8px;">Usage Alert</div>
+      <div style="font-size:15px;color:#a1a1aa;margin-bottom:24px;">
+        ${userName ? `Hi ${userName}, you've` : "You've"} used <strong style="color:#ffffff;">${usagePercent}%</strong> of your weekly API limit.
+      </div>
+      <div style="background:#18181b;border-radius:8px;padding:16px;margin-bottom:24px;">
+        <div style="font-size:13px;color:#a1a1aa;margin-bottom:8px;">Usage this week</div>
+        <div style="height:8px;background:#27272a;border-radius:4px;overflow:hidden;">
+          <div style="height:100%;width:${Math.min(usagePercent, 100)}%;background:${color};border-radius:4px;"></div>
+        </div>
+        <div style="font-size:13px;color:#a1a1aa;margin-top:8px;">${used} / ${total} requests · ${tier} plan</div>
+      </div>
+      <a href="https://app.webpeel.dev/billing" style="display:inline-block;background:#5865F2;color:#ffffff;padding:12px 24px;border-radius:8px;text-decoration:none;font-weight:600;font-size:14px;">Upgrade Plan →</a>
+      <div style="font-size:12px;color:#71717a;margin-top:24px;">
+        To disable these alerts, visit <a href="https://app.webpeel.dev/settings" style="color:#5865F2;">Settings</a>.
+      </div>
+    </div>
+  </div>
+</body>
+</html>`;
+}
+// ---------------------------------------------------------------------------
+// Dual-threshold automatic alert system (80% and 90%)
+// ---------------------------------------------------------------------------
+/** Week string in "YYYY-Www" format, consistent with pg-auth-store */
+function getCurrentWeek() {
+    const now = new Date();
+    const year = now.getUTCFullYear();
+    const jan4 = new Date(Date.UTC(year, 0, 4));
+    const weekNum = Math.ceil(((now.getTime() - jan4.getTime()) / 86400000 + jan4.getUTCDay() + 1) / 7);
+    return `${year}-W${String(weekNum).padStart(2, '0')}`;
+}
+/** Returns true if the timestamp is within the current ISO week */
+function isSentThisWeek(ts) {
+    if (!ts)
+        return false;
+    const now = new Date();
+    // Start of current week (Monday 00:00 UTC)
+    const dayOfWeek = now.getUTCDay(); // 0=Sun, 1=Mon...
+    const daysToMonday = dayOfWeek === 0 ? 6 : dayOfWeek - 1;
+    const weekStart = new Date(Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate() - daysToMonday));
+    return ts >= weekStart;
+}
+/**
+ * Check whether a usage alert should be sent for a given user and,
+ * if so, return the alert details plus automatically update the
+ * `alert_sent_80_at` / `alert_sent_90_at` column.
+ *
+ * Thresholds are **automatic** (80% and 90%) and work independently of
+ * the user-configured `alert_threshold` system.
+ *
+ * Call this fire-and-forget style after each successful API request:
+ *   ```ts
+ *   checkAndSendDualAlert(pool, userId).catch(() => {});
+ *   ```
+ */
+export async function checkAndSendDualAlert(pool, userId) {
+    try {
+        const currentWeek = getCurrentWeek();
+        const result = await pool.query(`SELECT u.email, u.name, u.tier, u.alert_email,
+              u.alert_sent_80_at, u.alert_sent_90_at,
+              u.weekly_limit,
+              COALESCE(SUM(wu.total_count), 0) AS total_used,
+              u.weekly_limit + COALESCE(MAX(wu.rollover_credits), 0) AS total_available
+       FROM users u
+       LEFT JOIN api_keys ak ON ak.user_id = u.id
+       LEFT JOIN weekly_usage wu ON wu.api_key_id = ak.id AND wu.week = $2
+       WHERE u.id = $1
+       GROUP BY u.id, u.email, u.name, u.tier, u.alert_email,
+                u.alert_sent_80_at, u.alert_sent_90_at, u.weekly_limit`, [userId, currentWeek]);
+        const row = result.rows[0];
+        if (!row)
+            return;
+        const used = parseInt(row.total_used, 10) || 0;
+        const total = parseInt(row.total_available, 10) || row.weekly_limit || 999;
+        const usagePercent = total > 0 ? Math.round((used / total) * 100) : 0;
+        const alertEmail = row.alert_email || row.email;
+        const sharedParams = {
+            toEmail: alertEmail,
+            userName: row.name || undefined,
+            used,
+            total,
+            tier: row.tier,
+        };
+        // Check 90% threshold first (higher priority)
+        if (usagePercent >= 90 && !isSentThisWeek(row.alert_sent_90_at ? new Date(row.alert_sent_90_at) : null)) {
+            const sent = await sendUsageAlertEmail({ ...sharedParams, usagePercent: 90 });
+            if (sent) {
+                await pool.query('UPDATE users SET alert_sent_90_at = NOW() WHERE id = $1', [userId]);
+                console.log(`[alert] Sent 90% usage alert to ${alertEmail} (user ${userId})`);
+            }
+            return; // Only one alert per call
+        }
+        // Check 80% threshold (lower priority — don't send if already sent 90%)
+        if (usagePercent >= 80 && !isSentThisWeek(row.alert_sent_80_at ? new Date(row.alert_sent_80_at) : null)) {
+            const sent = await sendUsageAlertEmail({ ...sharedParams, usagePercent: 80 });
+            if (sent) {
+                await pool.query('UPDATE users SET alert_sent_80_at = NOW() WHERE id = $1', [userId]);
+                console.log(`[alert] Sent 80% usage alert to ${alertEmail} (user ${userId})`);
+            }
+        }
+    }
+    catch (err) {
+        // Never let alert errors surface to callers
+        console.warn('[alert] checkAndSendDualAlert failed:', err);
+    }
+}
+/**
+ * Send password reset email with a secure reset link.
+ */
+export async function sendPasswordResetEmail(toEmail, resetUrl) {
+    const result = await sendEmail({
+        to: toEmail,
+        subject: 'Reset your WebPeel password',
+        html: `<!DOCTYPE html>
+<html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"></head>
+<body style="margin:0;padding:0;background-color:#f6f6f9;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica Neue',Arial,sans-serif;">
+<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background-color:#f6f6f9;padding:40px 0;">
+<tr><td align="center">
+<table role="presentation" width="480" cellpadding="0" cellspacing="0" style="max-width:480px;width:100%;">
+
+  <!-- Logo -->
+  <tr><td align="center" style="padding:0 0 32px;">
+    <table role="presentation" cellpadding="0" cellspacing="0"><tr>
+      <td style="background-color:#5865F2;border-radius:10px;width:40px;height:40px;text-align:center;vertical-align:middle;">
+        <span style="color:#ffffff;font-size:20px;font-weight:700;line-height:40px;">W</span>
+      </td>
+      <td style="padding-left:12px;">
+        <span style="font-size:22px;font-weight:700;color:#1a1a2e;letter-spacing:-0.5px;">WebPeel</span>
+      </td>
+    </tr></table>
+  </td></tr>
+
+  <!-- Card -->
+  <tr><td>
+    <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background-color:#ffffff;border-radius:16px;border:1px solid #e5e5ea;overflow:hidden;">
+      
+      <!-- Purple accent bar -->
+      <tr><td style="background-color:#5865F2;height:4px;font-size:0;line-height:0;">&nbsp;</td></tr>
+      
+      <!-- Content -->
+      <tr><td style="padding:40px 36px;">
+        <h1 style="margin:0 0 16px;font-size:22px;font-weight:700;color:#1a1a2e;">Reset your password</h1>
+        <p style="margin:0 0 8px;font-size:15px;line-height:1.6;color:#4a4a5a;">Hi there,</p>
+        <p style="margin:0 0 28px;font-size:15px;line-height:1.6;color:#4a4a5a;">
+          We received a request to reset your WebPeel account password. Click the button below to choose a new one. This link expires in <strong>1 hour</strong>.
+        </p>
+        
+        <!-- Button -->
+        <table role="presentation" cellpadding="0" cellspacing="0" style="margin:0 auto 28px;">
+        <tr><td align="center" style="background-color:#5865F2;border-radius:10px;">
+          <a href="${resetUrl}" target="_blank" style="display:inline-block;padding:14px 36px;font-size:15px;font-weight:600;color:#ffffff;text-decoration:none;letter-spacing:0.3px;">
+            Reset Password
+          </a>
+        </td></tr>
+        </table>
+        
+        <!-- Fallback URL -->
+        <p style="margin:0 0 24px;font-size:12px;line-height:1.5;color:#9a9aaa;word-break:break-all;">
+          Or copy this link: <a href="${resetUrl}" style="color:#5865F2;">${resetUrl}</a>
+        </p>
+        
+        <hr style="border:none;border-top:1px solid #eeeef2;margin:0 0 20px;">
+        <p style="margin:0;font-size:13px;line-height:1.5;color:#9a9aaa;">
+          If you didn't request this, no action is needed — your password won't change.
+        </p>
+      </td></tr>
+    </table>
+  </td></tr>
+
+  <!-- Footer -->
+  <tr><td align="center" style="padding:28px 0 0;">
+    <p style="margin:0 0 6px;font-size:12px;color:#9a9aaa;">
+      © ${new Date().getFullYear()} WebPeel — The web data platform for AI
+    </p>
+    <p style="margin:0;font-size:12px;">
+      <a href="https://webpeel.dev" style="color:#5865F2;text-decoration:none;">webpeel.dev</a>
+      &nbsp;·&nbsp;
+      <a href="https://app.webpeel.dev" style="color:#5865F2;text-decoration:none;">Dashboard</a>
+    </p>
+  </td></tr>
+
+</table>
+</td></tr>
+</table>
+</body></html>`,
+    });
+    if (!result) {
+        console.warn('[email] Password reset email not sent to:', toEmail);
+        console.warn('[email] Reset URL:', resetUrl);
+    }
+    return result;
+}

package/dist/server/job-queue.d.ts

@@ -0,0 +1,100 @@
+/**
+ * Job queue for async operations
+ *
+ * Factory creates PostgreSQL-backed queue in production or in-memory queue for local dev.
+ * Tracks crawl, batch scrape, and extraction jobs with progress updates.
+ */
+export interface WebhookConfig {
+    url: string;
+    events: ('started' | 'page' | 'completed' | 'failed')[];
+    metadata?: Record<string, any>;
+    secret?: string;
+}
+export interface WebhookDeliveryResult {
+    url: string;
+    delivered: boolean;
+    deliveredAt?: string;
+    statusCode?: number;
+    error?: string;
+}
+export interface Job {
+    id: string;
+    type: 'crawl' | 'batch' | 'extract';
+    status: 'queued' | 'processing' | 'completed' | 'failed' | 'cancelled';
+    progress: number;
+    total: number;
+    completed: number;
+    creditsUsed: number;
+    data: any[];
+    error?: string;
+    webhook?: WebhookConfig;
+    webhookDelivery?: WebhookDeliveryResult;
+    ownerId?: string;
+    createdAt: string;
+    updatedAt: string;
+    expiresAt: string;
+}
+/**
+ * Job queue interface - implemented by both in-memory and PostgreSQL queues
+ */
+export interface IJobQueue {
+    createJob(type: Job['type'], webhook?: WebhookConfig, ownerId?: string): Job | Promise<Job>;
+    getJob(id: string): Job | null | Promise<Job | null>;
+    updateJob(id: string, update: Partial<Job>): void | Promise<void>;
+    cancelJob(id: string): boolean | Promise<boolean>;
+    listJobs(options?: {
+        type?: string;
+        status?: string;
+        limit?: number;
+        ownerId?: string;
+    }): Job[] | Promise<Job[]>;
+    destroy(): void;
+}
+/**
+ * In-memory job queue for local development
+ */
+export declare class InMemoryJobQueue implements IJobQueue {
+    private jobs;
+    private cleanupInterval;
+    constructor();
+    /**
+     * Create a new job
+     */
+    createJob(type: Job['type'], webhook?: WebhookConfig, ownerId?: string): Job;
+    /**
+     * Get a job by ID
+     */
+    getJob(id: string): Job | null;
+    /**
+     * Update a job
+     */
+    updateJob(id: string, update: Partial<Job>): void;
+    /**
+     * Cancel a job
+     */
+    cancelJob(id: string): boolean;
+    /**
+     * List jobs with optional filters
+     */
+    listJobs(options?: {
+        type?: string;
+        status?: string;
+        limit?: number;
+        ownerId?: string;
+    }): Job[];
+    /**
+     * Remove expired jobs
+     */
+    cleanExpired(): void;
+    /**
+     * Clean up interval on shutdown
+     */
+    destroy(): void;
+}
+/**
+ * Create job queue based on environment
+ * - Uses PostgreSQL if DATABASE_URL is set
+ * - Falls back to in-memory for local development
+ */
+export declare function createJobQueue(): IJobQueue;
+export declare const jobQueue: InMemoryJobQueue;