@nuraly/lumenjs 0.1.3 → 0.2.0

package/dist/email/index.js

@@ -0,0 +1,154 @@
+import path from 'path';
+import fs from 'fs';
+import { renderVerifyEmail as builtInVerifyEmail } from './templates/verify-email.js';
+import { renderPasswordReset as builtInPasswordReset } from './templates/password-reset.js';
+import { renderWelcome as builtInWelcome } from './templates/welcome.js';
+import { compileTemplate } from './template-engine.js';
+export { renderVerifyEmail } from './templates/verify-email.js';
+export { renderPasswordReset } from './templates/password-reset.js';
+export { renderWelcome } from './templates/welcome.js';
+export { renderTemplate, renderButton, escapeHtml } from './templates/base.js';
+export { compileTemplate } from './template-engine.js';
+const BUILT_IN_TEMPLATES = {
+    'verify-email': (d) => builtInVerifyEmail(d),
+    'password-reset': (d) => builtInPasswordReset(d),
+    'welcome': (d) => builtInWelcome({ ...d, loginUrl: d.loginUrl || d.url }),
+};
+let _projectDir = null;
+/** Set the project directory for file-based template loading */
+export function setEmailProjectDir(dir) {
+    _projectDir = dir;
+}
+/**
+ * Load an HTML template file from the project's `emails/` directory.
+ * Returns the raw HTML string or null if not found.
+ */
+function loadHtmlTemplate(name) {
+    if (!_projectDir)
+        return null;
+    const emailsDir = path.resolve(_projectDir, 'emails');
+    const filePath = path.resolve(emailsDir, `${name}.html`);
+    // Prevent path traversal outside the emails/ directory
+    if (!filePath.startsWith(emailsDir + path.sep) && filePath !== emailsDir)
+        return null;
+    try {
+        return fs.readFileSync(filePath, 'utf-8');
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Get a template renderer. Resolution order:
+ * 1. HTML file in emails/ directory (compiled with {{variable}} engine)
+ * 2. Custom function in config.templates
+ * 3. Built-in template
+ */
+export function getTemplate(config, name) {
+    // 1. File-based HTML template
+    const htmlFile = loadHtmlTemplate(name);
+    if (htmlFile) {
+        return (data) => compileTemplate(htmlFile, data);
+    }
+    // 2. Custom function
+    if (config.templates?.[name])
+        return config.templates[name];
+    // 3. Built-in
+    return BUILT_IN_TEMPLATES[name];
+}
+/**
+ * Render a named template with data. Returns HTML string or null if template not found.
+ */
+export function renderEmailTemplate(config, name, data) {
+    const renderer = getTemplate(config, name);
+    return renderer ? renderer(data) : null;
+}
+async function createProvider(config) {
+    switch (config.provider) {
+        case 'smtp': {
+            if (!config.smtp)
+                throw new Error('[LumenJS Email] smtp config required for SMTP provider');
+            const { createSmtpProvider } = await import('./providers/smtp.js');
+            return createSmtpProvider(config.smtp);
+        }
+        case 'resend': {
+            if (!config.resend?.apiKey)
+                throw new Error('[LumenJS Email] resend.apiKey required for Resend provider');
+            const { createResendProvider } = await import('./providers/resend.js');
+            return createResendProvider(config.resend.apiKey);
+        }
+        case 'sendgrid': {
+            if (!config.sendgrid?.apiKey)
+                throw new Error('[LumenJS Email] sendgrid.apiKey required for SendGrid provider');
+            const { createSendGridProvider } = await import('./providers/sendgrid.js');
+            return createSendGridProvider(config.sendgrid.apiKey);
+        }
+        default:
+            throw new Error(`[LumenJS Email] Unknown provider: ${config.provider}`);
+    }
+}
+/** Strip HTML tags for plain text fallback */
+function htmlToText(html) {
+    return html
+        .replace(/<br\s*\/?>/gi, '\n')
+        .replace(/<\/p>/gi, '\n\n')
+        .replace(/<\/h[1-6]>/gi, '\n\n')
+        .replace(/<[^>]+>/g, '')
+        .replace(/&nbsp;/g, ' ')
+        .replace(/&amp;/g, '&')
+        .replace(/&lt;/g, '<')
+        .replace(/&gt;/g, '>')
+        .replace(/\n{3,}/g, '\n\n')
+        .trim();
+}
+/**
+ * Send an email using the configured provider.
+ */
+export async function sendEmail(config, message) {
+    const provider = await createProvider(config);
+    await provider.send({
+        from: config.from,
+        to: message.to,
+        subject: message.subject,
+        html: message.html,
+        text: message.text || htmlToText(message.html),
+    });
+}
+/**
+ * Create a reusable email sender function.
+ */
+export function createEmailSender(config) {
+    let provider = null;
+    return async (message) => {
+        if (!provider)
+            provider = await createProvider(config);
+        await provider.send({
+            from: config.from,
+            to: message.to,
+            subject: message.subject,
+            html: message.html,
+            text: message.text || htmlToText(message.html),
+        });
+    };
+}
+/**
+ * Load email config from lumenjs.email.ts.
+ */
+export async function loadEmailConfig(projectDir, ssrLoadModule) {
+    try {
+        let mod;
+        if (ssrLoadModule) {
+            mod = await ssrLoadModule(path.join(projectDir, 'lumenjs.email.ts'));
+        }
+        else {
+            mod = await import(path.join(projectDir, 'lumenjs.email.ts'));
+        }
+        const config = mod.default || mod;
+        if (!config?.provider || !config?.from)
+            return null;
+        return config;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/email/providers/resend.d.ts

@@ -0,0 +1,2 @@
+import type { EmailProvider } from '../types.js';
+export declare function createResendProvider(apiKey: string): EmailProvider;

package/dist/email/providers/resend.js

@@ -0,0 +1,24 @@
+export function createResendProvider(apiKey) {
+    return {
+        async send(message) {
+            const res = await fetch('https://api.resend.com/emails', {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Bearer ${apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    from: message.from,
+                    to: [message.to],
+                    subject: message.subject,
+                    html: message.html,
+                    text: message.text,
+                }),
+            });
+            if (!res.ok) {
+                const err = await res.text();
+                throw new Error(`Resend API error (${res.status}): ${err}`);
+            }
+        },
+    };
+}

package/dist/email/providers/sendgrid.d.ts

@@ -0,0 +1,2 @@
+import type { EmailProvider } from '../types.js';
+export declare function createSendGridProvider(apiKey: string): EmailProvider;

package/dist/email/providers/sendgrid.js

@@ -0,0 +1,31 @@
+export function createSendGridProvider(apiKey) {
+    return {
+        async send(message) {
+            const res = await fetch('https://api.sendgrid.com/v3/mail/send', {
+                method: 'POST',
+                headers: {
+                    'Authorization': `Bearer ${apiKey}`,
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    personalizations: [{ to: [{ email: message.to }] }],
+                    from: (() => {
+                        const hasAngleBrackets = /<.+>/.test(message.from);
+                        const email = hasAngleBrackets ? message.from.replace(/.*<(.+)>/, '$1') : message.from;
+                        const name = hasAngleBrackets ? message.from.replace(/<.+>/, '').trim() || undefined : undefined;
+                        return { email, name };
+                    })(),
+                    subject: message.subject,
+                    content: [
+                        ...(message.text ? [{ type: 'text/plain', value: message.text }] : []),
+                        { type: 'text/html', value: message.html },
+                    ],
+                }),
+            });
+            if (!res.ok) {
+                const err = await res.text();
+                throw new Error(`SendGrid API error (${res.status}): ${err}`);
+            }
+        },
+    };
+}

package/dist/email/providers/smtp.d.ts

@@ -0,0 +1,13 @@
+import type { EmailProvider } from '../types.js';
+interface SmtpConfig {
+    host: string;
+    port: number;
+    secure?: boolean;
+    rejectUnauthorized?: boolean;
+    auth: {
+        user: string;
+        pass: string;
+    };
+}
+export declare function createSmtpProvider(config: SmtpConfig): EmailProvider;
+export {};

package/dist/email/providers/smtp.js

@@ -0,0 +1,125 @@
+import net from 'node:net';
+import tls from 'node:tls';
+function readLine(socket) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        const timer = setTimeout(() => {
+            socket.removeListener('data', onData);
+            reject(new Error('SMTP timeout'));
+        }, 30000);
+        const onData = (chunk) => {
+            data += chunk.toString();
+            const lines = data.split('\r\n');
+            // Find the last complete line (ignore trailing empty from split)
+            const complete = lines.slice(0, -1);
+            if (complete.length > 0) {
+                const lastLine = complete[complete.length - 1];
+                // Final SMTP response line has a space after the 3-digit code, not '-'
+                if (/^\d{3} /.test(lastLine) || !/^\d{3}[-]/.test(lastLine)) {
+                    socket.removeListener('data', onData);
+                    clearTimeout(timer);
+                    resolve(complete.join('\r\n'));
+                }
+            }
+        };
+        socket.on('data', onData);
+        socket.once('error', (err) => {
+            clearTimeout(timer);
+            reject(err);
+        });
+    });
+}
+function writeLine(socket, line) {
+    return new Promise((resolve, reject) => {
+        socket.write(line + '\r\n', () => {
+            readLine(socket).then(resolve).catch(reject);
+        });
+    });
+}
+/** Strip CR/LF to prevent SMTP header/command injection. */
+function sanitizeHeaderValue(value) {
+    return value.replace(/[\r\n]/g, '');
+}
+export function createSmtpProvider(config) {
+    return {
+        async send(message) {
+            const fromRaw = sanitizeHeaderValue(message.from);
+            const fromEmail = fromRaw.replace(/.*<(.+)>/, '$1').trim() || fromRaw;
+            let socket;
+            if (config.secure) {
+                socket = tls.connect({ host: config.host, port: config.port, rejectUnauthorized: config.rejectUnauthorized !== false });
+            }
+            else {
+                socket = net.createConnection({ host: config.host, port: config.port });
+            }
+            await new Promise((resolve, reject) => {
+                socket.once('connect', resolve);
+                socket.once('secureConnect', resolve);
+                socket.once('error', reject);
+            });
+            try {
+                await readLine(socket); // greeting
+                const ehloRes = await writeLine(socket, `EHLO localhost`);
+                // STARTTLS if not already secure
+                if (!config.secure && ehloRes.includes('STARTTLS')) {
+                    await writeLine(socket, 'STARTTLS');
+                    socket = tls.connect({ socket, host: config.host, rejectUnauthorized: config.rejectUnauthorized !== false });
+                    await new Promise((resolve) => socket.once('secureConnect', resolve));
+                    await writeLine(socket, 'EHLO localhost');
+                }
+                // AUTH LOGIN
+                const authRes = await writeLine(socket, 'AUTH LOGIN');
+                if (authRes.startsWith('334')) {
+                    const userRes = await writeLine(socket, Buffer.from(config.auth.user).toString('base64'));
+                    if (userRes.startsWith('334')) {
+                        const passRes = await writeLine(socket, Buffer.from(config.auth.pass).toString('base64'));
+                        if (!passRes.startsWith('235'))
+                            throw new Error(`SMTP auth failed: ${passRes}`);
+                    }
+                }
+                const mailRes = await writeLine(socket, `MAIL FROM:<${fromEmail}>`);
+                if (!mailRes.startsWith('250'))
+                    throw new Error(`MAIL FROM failed: ${mailRes}`);
+                const safeTo = sanitizeHeaderValue(message.to);
+                const rcptRes = await writeLine(socket, `RCPT TO:<${safeTo}>`);
+                if (!rcptRes.startsWith('250'))
+                    throw new Error(`RCPT TO failed: ${rcptRes}`);
+                const dataRes = await writeLine(socket, 'DATA');
+                if (!dataRes.startsWith('354'))
+                    throw new Error(`DATA failed: ${dataRes}`);
+                const boundary = `----=_Part_${Date.now()}`;
+                const textBody = (message.text || message.html.replace(/<[^>]+>/g, '')).replace(/^\./gm, '..');
+                const htmlBody = message.html.replace(/^\./gm, '..');
+                const safeSubject = sanitizeHeaderValue(message.subject);
+                const emailData = [
+                    `From: ${fromRaw}`,
+                    `To: ${safeTo}`,
+                    `Subject: ${safeSubject}`,
+                    `MIME-Version: 1.0`,
+                    `Content-Type: multipart/alternative; boundary="${boundary}"`,
+                    `Date: ${new Date().toUTCString()}`,
+                    '',
+                    `--${boundary}`,
+                    `Content-Type: text/plain; charset=utf-8`,
+                    '',
+                    textBody,
+                    '',
+                    `--${boundary}`,
+                    `Content-Type: text/html; charset=utf-8`,
+                    '',
+                    htmlBody,
+                    '',
+                    `--${boundary}--`,
+                    '.',
+                ].join('\r\n');
+                const sendRes = await writeLine(socket, emailData);
+                if (!sendRes.startsWith('250'))
+                    throw new Error(`Send failed: ${sendRes}`);
+                await writeLine(socket, 'QUIT');
+            }
+            finally {
+                socket.destroy();
+            }
+        },
+    };
+}

package/dist/email/template-engine.d.ts

@@ -0,0 +1,18 @@
+import type { TemplateData } from './types.js';
+/**
+ * Compile an HTML template string with Handlebars-like syntax.
+ *
+ * Variables:
+ *   {{variable}}                — HTML-escaped
+ *   {{obj.prop}}                — dotted path access
+ *   {{{variable}}}              — raw/unescaped
+ *
+ * Blocks:
+ *   {{#if variable}}...{{/if}}  — conditional (truthy check)
+ *   {{#each items}}...{{/each}} — loop over array. Inside: {{name}}, {{@index}}
+ *
+ * Helpers:
+ *   {{#button url="..." text="..."}} — renders CTA button
+ *   {{#layout}}...{{/layout}}        — wraps content in base email layout
+ */
+export declare function compileTemplate(html: string, data: TemplateData): string;

package/dist/email/template-engine.js

@@ -0,0 +1,116 @@
+import { renderTemplate, renderButton } from './templates/base.js';
+/** Escape HTML entities */
+function escapeHtml(str) {
+    return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}
+/** Resolve a dotted path like "user.name" from an object */
+function resolve(obj, path) {
+    let current = obj;
+    for (const part of path.split('.')) {
+        if (current == null || typeof current !== 'object')
+            return undefined;
+        current = current[part];
+    }
+    return current;
+}
+/** Interpolate {{var}} or {{obj.prop}} inside a string */
+function interpolate(str, data, escape) {
+    return str.replace(/\{\{(\w[\w.]*)\}\}/g, (_m, path) => {
+        const value = resolve(data, path);
+        const s = value != null ? String(value) : '';
+        return escape ? escapeHtml(s) : s;
+    });
+}
+/**
+ * Compile an HTML template string with Handlebars-like syntax.
+ *
+ * Variables:
+ *   {{variable}}                — HTML-escaped
+ *   {{obj.prop}}                — dotted path access
+ *   {{{variable}}}              — raw/unescaped
+ *
+ * Blocks:
+ *   {{#if variable}}...{{/if}}  — conditional (truthy check)
+ *   {{#each items}}...{{/each}} — loop over array. Inside: {{name}}, {{@index}}
+ *
+ * Helpers:
+ *   {{#button url="..." text="..."}} — renders CTA button
+ *   {{#layout}}...{{/layout}}        — wraps content in base email layout
+ */
+export function compileTemplate(html, data) {
+    let result = html;
+    // 1. {{#layout}}...{{/layout}}
+    const layoutMatch = result.match(/\{\{#layout\}\}([\s\S]*?)\{\{\/layout\}\}/);
+    let useLayout = false;
+    if (layoutMatch) {
+        result = layoutMatch[1];
+        useLayout = true;
+    }
+    // 2. {{#each items}}...{{/each}} (supports nesting)
+    result = processEach(result, data);
+    // 3. {{#if variable}}...{{/if}} (no nesting for simplicity)
+    result = result.replace(/\{\{#if\s+([\w.]+)\}\}([\s\S]*?)\{\{\/if\}\}/g, (_match, path, content) => {
+        const value = resolve(data, path);
+        return value ? content : '';
+    });
+    // 4. {{#button url="..." text="..."}}
+    result = result.replace(/\{\{#button\s+url="([^"]*?)"\s+text="([^"]*?)"\s*\}\}/g, (_match, url, text) => {
+        return renderButton(interpolate(text, data, false), interpolate(url, data, false));
+    });
+    // 5. {{{variable}}} — raw
+    result = result.replace(/\{\{\{([\w.]+)\}\}\}/g, (_match, path) => {
+        const value = resolve(data, path);
+        return value != null ? String(value) : '';
+    });
+    // 6. {{variable}} — escaped
+    result = result.replace(/\{\{([\w.]+)\}\}/g, (_match, path) => {
+        // Skip @index (already replaced in each loop)
+        if (path.startsWith('@'))
+            return '';
+        const value = resolve(data, path);
+        return value != null ? escapeHtml(String(value)) : '';
+    });
+    // 7. Wrap in layout
+    if (useLayout) {
+        result = renderTemplate(data.appName, result);
+    }
+    return result;
+}
+/** Process {{#each items}}...{{/each}} blocks, resolving item variables */
+function processEach(html, data) {
+    return html.replace(/\{\{#each\s+([\w.]+)\}\}([\s\S]*?)\{\{\/each\}\}/g, (_match, path, body) => {
+        const items = resolve(data, path);
+        if (!Array.isArray(items))
+            return '';
+        return items.map((item, index) => {
+            let row = body;
+            // Replace {{@index}}
+            row = row.replace(/\{\{@index\}\}/g, String(index));
+            // If item is an object, replace {{prop}} with item.prop
+            if (item && typeof item === 'object') {
+                // Process nested {{#if}} within the loop context
+                row = row.replace(/\{\{#if\s+([\w.]+)\}\}([\s\S]*?)\{\{\/if\}\}/g, (_m, p, content) => {
+                    const value = resolve(item, p) ?? resolve(data, p);
+                    return value ? content : '';
+                });
+                // Replace {{{prop}}} raw
+                row = row.replace(/\{\{\{([\w.]+)\}\}\}/g, (_m, p) => {
+                    const v = resolve(item, p) ?? resolve(data, p);
+                    return v != null ? String(v) : '';
+                });
+                // Replace {{prop}} escaped
+                row = row.replace(/\{\{([\w.]+)\}\}/g, (_m, p) => {
+                    if (p.startsWith('@'))
+                        return '';
+                    const v = resolve(item, p) ?? resolve(data, p);
+                    return v != null ? escapeHtml(String(v)) : '';
+                });
+            }
+            else {
+                // Primitive item — replace {{.}} or {{this}}
+                row = row.replace(/\{\{\.?\}\}|\{\{this\}\}/g, escapeHtml(String(item)));
+            }
+            return row;
+        }).join('');
+    });
+}

package/dist/email/templates/base.d.ts

@@ -0,0 +1,9 @@
+/** Escape special HTML characters to prevent injection. */
+export declare function escapeHtml(s: string): string;
+/**
+ * Shared HTML email layout wrapper.
+ * Table-based for maximum email client compatibility (Outlook, Gmail, Apple Mail).
+ */
+export declare function renderTemplate(appName: string, content: string, footerText?: string): string;
+/** Render a purple CTA button */
+export declare function renderButton(text: string, url: string): string;

package/dist/email/templates/base.js

@@ -0,0 +1,65 @@
+/** Escape special HTML characters to prevent injection. */
+export function escapeHtml(s) {
+    return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}
+/**
+ * Shared HTML email layout wrapper.
+ * Table-based for maximum email client compatibility (Outlook, Gmail, Apple Mail).
+ */
+export function renderTemplate(appName, content, footerText) {
+    const safeAppName = escapeHtml(appName);
+    const safeFooter = footerText ? escapeHtml(footerText) : `This email was sent by ${safeAppName}. If you didn't expect this, you can safely ignore it.`;
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${safeAppName}</title>
+</head>
+<body style="margin:0; padding:0; background-color:#f7f9f9; font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;">
+  <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="background-color:#f7f9f9;">
+    <tr>
+      <td align="center" style="padding:40px 20px;">
+        <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="max-width:520px; background-color:#ffffff; border-radius:12px; overflow:hidden;">
+          <!-- Header -->
+          <tr>
+            <td style="padding:32px 40px 0; text-align:center;">
+              <div style="display:inline-block; width:40px; height:40px; background-color:#0f1419; color:#ffffff; border-radius:8px; font-size:20px; font-weight:900; line-height:40px; text-align:center;">N</div>
+              <div style="font-size:14px; font-weight:700; color:#0f1419; margin-top:8px;">${safeAppName}</div>
+            </td>
+          </tr>
+          <!-- Content -->
+          <tr>
+            <td style="padding:24px 40px 40px;">
+              ${content}
+            </td>
+          </tr>
+        </table>
+        <!-- Footer -->
+        <table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="max-width:520px;">
+          <tr>
+            <td style="padding:24px 40px; text-align:center; font-size:12px; color:#536471; line-height:1.5;">
+              ${safeFooter}
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+</body>
+</html>`;
+}
+/** Render a purple CTA button */
+export function renderButton(text, url) {
+    const safeText = escapeHtml(text);
+    const safeUrl = escapeHtml(url);
+    return `<table role="presentation" width="100%" cellpadding="0" cellspacing="0" style="margin:24px 0;">
+  <tr>
+    <td align="center">
+      <a href="${safeUrl}" target="_blank" style="display:inline-block; padding:14px 32px; background-color:#7c3aed; color:#ffffff; font-size:16px; font-weight:700; text-decoration:none; border-radius:9999px;">
+        ${safeText}
+      </a>
+    </td>
+  </tr>
+</table>`;
+}

package/dist/email/templates/password-reset.d.ts

@@ -0,0 +1,5 @@
+export declare function renderPasswordReset(opts: {
+    appName: string;
+    url: string;
+    userName?: string;
+}): string;

package/dist/email/templates/password-reset.js

@@ -0,0 +1,15 @@
+import { renderTemplate, renderButton, escapeHtml } from './base.js';
+export function renderPasswordReset(opts) {
+    const greeting = opts.userName ? `Hi ${escapeHtml(opts.userName)},` : 'Hi,';
+    const safeAppName = escapeHtml(opts.appName);
+    const safeUrl = escapeHtml(opts.url);
+    const content = `
+    <h1 style="font-size:22px; font-weight:800; color:#0f1419; margin:0 0 16px; line-height:1.3;">Reset your password</h1>
+    <p style="font-size:15px; color:#536471; line-height:1.6; margin:0 0 8px;">${greeting}</p>
+    <p style="font-size:15px; color:#536471; line-height:1.6; margin:0 0 4px;">We received a request to reset your password for your ${safeAppName} account. Click the button below to choose a new password.</p>
+    ${renderButton('Reset password', opts.url)}
+    <p style="font-size:13px; color:#8b98a5; line-height:1.5; margin:0;">This link expires in 1 hour. If you didn't request a password reset, you can safely ignore this email.</p>
+    <p style="font-size:12px; color:#8b98a5; line-height:1.5; margin:16px 0 0; word-break:break-all;">Or copy this link: ${safeUrl}</p>
+  `;
+    return renderTemplate(opts.appName, content);
+}

package/dist/email/templates/verify-email.d.ts

@@ -0,0 +1,5 @@
+export declare function renderVerifyEmail(opts: {
+    appName: string;
+    url: string;
+    userName?: string;
+}): string;

package/dist/email/templates/verify-email.js

@@ -0,0 +1,15 @@
+import { renderTemplate, renderButton, escapeHtml } from './base.js';
+export function renderVerifyEmail(opts) {
+    const greeting = opts.userName ? `Hi ${escapeHtml(opts.userName)},` : 'Hi,';
+    const safeAppName = escapeHtml(opts.appName);
+    const safeUrl = escapeHtml(opts.url);
+    const content = `
+    <h1 style="font-size:22px; font-weight:800; color:#0f1419; margin:0 0 16px; line-height:1.3;">Verify your email address</h1>
+    <p style="font-size:15px; color:#536471; line-height:1.6; margin:0 0 8px;">${greeting}</p>
+    <p style="font-size:15px; color:#536471; line-height:1.6; margin:0 0 4px;">Thanks for signing up for ${safeAppName}. Please verify your email address by clicking the button below.</p>
+    ${renderButton('Verify email', opts.url)}
+    <p style="font-size:13px; color:#8b98a5; line-height:1.5; margin:0;">If you didn't create an account, you can safely ignore this email.</p>
+    <p style="font-size:12px; color:#8b98a5; line-height:1.5; margin:16px 0 0; word-break:break-all;">Or copy this link: ${safeUrl}</p>
+  `;
+    return renderTemplate(opts.appName, content);
+}

package/dist/email/templates/welcome.d.ts

@@ -0,0 +1,5 @@
+export declare function renderWelcome(opts: {
+    appName: string;
+    userName?: string;
+    loginUrl: string;
+}): string;

package/dist/email/templates/welcome.js

@@ -0,0 +1,13 @@
+import { renderTemplate, renderButton, escapeHtml } from './base.js';
+export function renderWelcome(opts) {
+    const greeting = opts.userName ? `Hi ${escapeHtml(opts.userName)},` : 'Hi,';
+    const safeAppName = escapeHtml(opts.appName);
+    const content = `
+    <h1 style="font-size:22px; font-weight:800; color:#0f1419; margin:0 0 16px; line-height:1.3;">Welcome to ${safeAppName}!</h1>
+    <p style="font-size:15px; color:#536471; line-height:1.6; margin:0 0 8px;">${greeting}</p>
+    <p style="font-size:15px; color:#536471; line-height:1.6; margin:0 0 4px;">Your email has been verified and your account is ready. You can now sign in and start exploring.</p>
+    ${renderButton('Sign in', opts.loginUrl)}
+    <p style="font-size:13px; color:#8b98a5; line-height:1.5; margin:0;">Welcome aboard. We're glad you're here.</p>
+  `;
+    return renderTemplate(opts.appName, content);
+}