@technomoron/mail-magic 1.0.43 → 2.0.0-beta1

package/CHANGES

@@ -1,6 +1,45 @@
 CHANGES
 =======
 
+Unreleased (2026-03-07)
+
+- chore(release): add package-local `release:preflight` support so a single package can run cleanbuild, tests, and local release checks from its own directory.
+- chore(release): stop using `setup-node` pnpm caching in the GitHub server release workflow because this repo does not ship a `pnpm-lock.yaml`.
+- chore(release): install workspace dependencies with `pnpm install --no-frozen-lockfile --link-workspace-packages` in the GitHub server release workflow because this repo does not ship a `pnpm-lock.yaml` and the CLI depends on the local prerelease client package.
+- chore(release): add a repo-level pnpm build-script allowlist for `sqlite3` and `esbuild`, while explicitly blocking `@scarf/scarf`, so clean GitHub installs can run the server test/build pipeline.
+- (Changes generated/assisted by Codex (profile: openai-gpt-5-codex/medium).)
+
+Version 2.0.0-beta1 (2026-03-07)
+
+- chore(release): stage the `2.0.0-beta1` prerelease and align package metadata with it.
+- chore(release): add shared local/CI release verification flow and update the GitHub server release workflow to use it on Node 24.
+- chore(release): publish tagged GitHub server releases to npm via a shared `npm publish` flow and add a local publish dry-run path for pre-tag testing.
+- docs(readme): point npm users to the packaged `examples/.env-dist` and example config tree instead of the monorepo root.
+- docs(swagger): refresh the packaged OpenAPI spec to `2.0.0-beta1` and document `POST /api/v1/reload`.
+- (Changes generated/assisted by Codex (profile: openai-gpt-5-codex/medium).)
+
+Version 1.0.45 (2026-03-06)
+
+- feat(reload): add `mailStore.triggerReload(force?)` with in-progress guard — concurrent reload requests are coalesced into a single queued follow-up run rather than running in parallel.
+- feat(reload): add `POST /v1/reload` API endpoint that triggers a force-reload of all templates; returns `{ reload: 'triggered' | 'queued' }`.
+- fix(routes): make the server route contract fixed again (`/api`, `/asset`, `/api/swagger`) instead of env-configurable.
+- docs(routes): remove `API_BASE_PATH`, `ASSET_ROUTE`, and `SWAGGER_PATH` from server env/docs/examples; document the fixed public routes.
+- test(routes): update helpers and integration fixtures to use the fixed route contract; guard root integration teardown when setup fails.
+- fix(mailer): clear stale transactional template asset metadata when `POST /api/v1/tx/template` updates an existing template.
+- test(mailer): add regression coverage for transactional template API updates and stronger public form recipient contract assertions.
+- feat(autoreload): watch `*.njk` files under `CONFIG_PATH` with chokidar; force-reload all templates (including already-loaded ones) when any template file changes.
+- fix(autoreload): `importData` now accepts `{ force }` option to re-read templates from disk even when a DB record already has rendered content.
+- docs(tutorial): correct `DB_AUTO_RELOAD` description — init-data.json triggers metadata re-import; `.njk` changes trigger template force-reload.
+- (Changes generated/assisted by Codex (profile: openai-gpt-5-codex/medium).)
+- (Changes generated/assisted by Claude Code (profile: anthropic-claude-opus-4-6/high).)
+
+Version 1.0.44 (2026-03-05)
+
+- fix(autoreload): catch unhandled promise rejections from async `reload()` in `enableInitDataAutoReload` `onChange` callback.
+- fix(mailer): validate that parsed `vars` is a non-null, non-array object after `JSON.parse`; return 400 for invalid types.
+- docs(utils): add doc comment to `buildRequestMeta` clarifying it is informational and requires a trusted reverse proxy for reliable IP data.
+- (Changes generated/assisted by Claude Code (profile: anthropic-claude-opus-4-6/high).)
+
 Version 1.0.43 (2026-03-04)
 
 - fix(security): add allowlist for custom email headers on `/v1/tx/message` to prevent header injection via arbitrary keys (e.g. `Bcc`, `From`, `Sender`).

package/README.md

@@ -38,13 +38,25 @@ endpoint, use the OpenAPI spec described in **Swagger / OpenAPI** below.
 npm install @technomoron/mail-magic
 ```
 
-The package ships a `mail-magic` CLI that loads a `.env` file and starts the server.
+The package ships a `mail-magic` CLI that loads a `.env` file and starts the server. It also ships a runnable example
+env/config tree under `examples/`.
 
 ## Quick Start
 
 ### 1. Create a `.env`
 
-Start from the repo’s `.env-dist` and set at least:
+If you installed from npm, start from:
+
+`node_modules/@technomoron/mail-magic/examples/.env-dist`
+
+If you are working from the monorepo, the same file lives at:
+
+`packages/server/examples/.env-dist`
+
+That example env is tuned for local development. For internet-facing form deployments, review the security notes and set
+stricter values for rate limiting, CAPTCHA, attachment limits, schema migration, and SMTP TLS verification.
+
+Set at least:
 
 ```ini
 # REQUIRED. Keep stable: used to HMAC API tokens before DB lookup.
@@ -54,7 +66,6 @@ CONFIG_PATH=./data
 
 API_HOST=127.0.0.1
 API_PORT=3776
-API_BASE_PATH=/api
 API_URL=http://127.0.0.1:3776
 
 SMTP_HOST=127.0.0.1
@@ -66,6 +77,14 @@ SMTP_TLS_REJECT=false
 
 ### 2. Create a minimal config directory
 
+If you want a ready-made starting point instead of creating one from scratch, copy:
+
+- `node_modules/@technomoron/mail-magic/examples/data`
+
+or, from the monorepo:
+
+- `packages/server/examples/data`
+
 `CONFIG_PATH` points at a directory containing `init-data.json` plus per-domain subfolders:
 
 ```text
@@ -135,9 +154,7 @@ The full set of environment variables is documented in the repository’s `.env-
 Commonly used variables:
 
 - `API_HOST`, `API_PORT`, `API_URL`
-- `API_BASE_PATH` (default `/api`)
 - `CONFIG_PATH` (default `./data/`)
-- `ASSET_ROUTE` (default `/asset`)
 - `ASSET_PUBLIC_BASE` (optional public base URL for assets)
 - `AUTOESCAPE_HTML` (default `true`)
 - `UPLOAD_PATH`, `UPLOAD_MAX` (multipart uploads)
@@ -150,7 +167,7 @@ Commonly used variables:
     - `SMTP_REQUIRE_TLS` (default `true`; set to `false` for local dev servers like MailHog that don't support STARTTLS)
     - `SMTP_TLS_REJECT` (default `true`; set to `false` to accept self-signed certificates)
 - Swagger/OpenAPI:
-    - `SWAGGER_ENABLED`, `SWAGGER_PATH`
+    - `SWAGGER_ENABLED` (serves `/api/swagger`)
 
 ## Swagger / OpenAPI
 
@@ -163,8 +180,7 @@ Packaged spec (on disk):
 Runtime spec endpoint:
 
 - set `SWAGGER_ENABLED=true`
-- optionally set `SWAGGER_PATH` (defaults to `<API_BASE_PATH>/swagger`, typically `/api/swagger`)
-- fetch the JSON from that endpoint and feed it to Swagger UI / Postman / Insomnia
+- fetch `/api/swagger` and feed the JSON to Swagger UI / Postman / Insomnia
 
 This spec is the canonical reference for:
 
@@ -280,7 +296,7 @@ by the form template’s `allowed_fields` setting).
 
 Templates may reference assets with `asset('path')`:
 
-- `asset('images/logo.png')` rewrites to a public URL under `ASSET_ROUTE` (default `/asset`)
+- `asset('images/logo.png')` rewrites to a public URL under `/asset`
 - `asset('images/logo.png', true)` embeds as a CID attachment
 
 All assets must live under:

package/dist/esm/api/mailer.js

@@ -50,7 +50,8 @@ export class MailerAPI extends ApiModule {
             subject,
             locale,
             sender,
-            template
+            template,
+            files: []
         };
         try {
             const [templateRecord, created] = await api_txmail.upsert(data, {
@@ -89,6 +90,9 @@ export class MailerAPI extends ApiModule {
                 throw new ApiError({ code: 400, message: 'Invalid JSON provided in "vars"' });
             }
         }
+        if (!parsedVars || typeof parsedVars !== 'object' || Array.isArray(parsedVars)) {
+            throw new ApiError({ code: 400, message: '"vars" must be a JSON object' });
+        }
         const thevars = parsedVars;
         const { valid, invalid } = this.validateEmails(rcpt);
         if (invalid.length > 0) {

package/dist/esm/api/reload.d.ts

@@ -0,0 +1,7 @@
+import { ApiModule, ApiRoute } from '@technomoron/api-server-base';
+import { mailApiServer } from '../server.js';
+export declare class ReloadAPI extends ApiModule<mailApiServer> {
+    private assertUser;
+    private postReload;
+    defineRoutes(): ApiRoute[];
+}

package/dist/esm/api/reload.js

@@ -0,0 +1,30 @@
+import { ApiError, ApiModule } from '@technomoron/api-server-base';
+import { api_user } from '../models/user.js';
+export class ReloadAPI extends ApiModule {
+    async assertUser(apireq) {
+        const rawUid = apireq.getRealUid();
+        const uid = rawUid === null ? null : Number(rawUid);
+        if (!uid || Number.isNaN(uid)) {
+            throw new ApiError({ code: 401, message: 'Invalid/Unknown API Key/Token' });
+        }
+        const user = await api_user.findByPk(uid);
+        if (!user) {
+            throw new ApiError({ code: 401, message: 'Invalid/Unknown API Key/Token' });
+        }
+    }
+    async postReload(apireq) {
+        await this.assertUser(apireq);
+        const reload = this.server.storage.triggerReload(true);
+        return [200, { Status: 'OK', reload }];
+    }
+    defineRoutes() {
+        return [
+            {
+                method: 'post',
+                path: '/v1/reload',
+                auth: { type: 'yes', req: 'any' },
+                handler: (req) => this.postReload(req)
+            }
+        ];
+    }
+}

package/dist/esm/index.d.ts

@@ -1,7 +1,7 @@
 import { mailApiServer } from './server.js';
 import { MailStoreVars, mailStore } from './store/store.js';
 import type { ApiServerConf } from '@technomoron/api-server-base';
-export type MailMagicServerOptions = Partial<ApiServerConf>;
+export type MailMagicServerOptions = Partial<Omit<ApiServerConf, 'apiBasePath' | 'swaggerPath'>>;
 export type MailMagicServerBootstrap = {
     server: mailApiServer;
     store: mailStore;

package/dist/esm/index.js

@@ -2,10 +2,11 @@ import { pathToFileURL } from 'node:url';
 import { AssetAPI, createAssetHandler } from './api/assets.js';
 import { FormAPI } from './api/forms.js';
 import { MailerAPI } from './api/mailer.js';
+import { ReloadAPI } from './api/reload.js';
 import { mailApiServer } from './server.js';
 import { mailStore } from './store/store.js';
 import { installMailMagicSwagger } from './swagger.js';
-import { normalizeRoute } from './util/route.js';
+import { MAIL_MAGIC_API_BASE_PATH, MAIL_MAGIC_ASSET_ROUTE, MAIL_MAGIC_SWAGGER_PATH } from './util/route.js';
 export const STARTUP_ERROR_MESSAGE = 'Failed to start mail-magic:';
 function mergeStaticDirs(base, override) {
     const merged = { ...base, ...(override ?? {}) };
@@ -22,19 +23,16 @@ function buildServerConfig(store, overrides) {
         uploadPath: store.getUploadStagingPath(),
         uploadMax: env.UPLOAD_MAX,
         debug: env.DEBUG,
-        apiBasePath: normalizeRoute(env.API_BASE_PATH, '/api'),
         swaggerEnabled: env.SWAGGER_ENABLED,
-        swaggerPath: env.SWAGGER_PATH,
         apiKeyEnabled: true,
         apiKeyPrefix: 'apikey-',
-        ...overrides
+        ...overrides,
+        apiBasePath: MAIL_MAGIC_API_BASE_PATH,
+        swaggerPath: MAIL_MAGIC_SWAGGER_PATH
     };
 }
 export async function createMailMagicServer(overrides = {}, envOverrides = {}) {
     const store = await new mailStore().init(envOverrides);
-    if (typeof overrides.apiBasePath === 'string') {
-        store.vars.API_BASE_PATH = overrides.apiBasePath;
-    }
     const baseStaticDirs = {};
     let adminUiPath = null;
     if (store.vars.ADMIN_ENABLED) {
@@ -48,32 +46,23 @@ export async function createMailMagicServer(overrides = {}, envOverrides = {}) {
         staticDirs: mergeStaticDirs(baseStaticDirs, overrides.staticDirs)
     };
     const config = buildServerConfig(store, mergedOverrides);
-    // ApiServerBase's built-in swagger handler loads from process.cwd(); install our own handler so
+    // ApiServerBase's built-in swagger handler loads from process.cwd(); install our own fixed-path handler so
     // SWAGGER_ENABLED works regardless of where the .env lives (mail-magic CLI chdir's to the env dir).
-    const { swaggerEnabled, swaggerPath } = config;
+    const { swaggerEnabled } = config;
     const serverConfig = { ...config, swaggerEnabled: false, swaggerPath: '' };
-    const server = new mailApiServer(serverConfig, store).api(new MailerAPI()).api(new FormAPI()).api(new AssetAPI());
+    const server = new mailApiServer(serverConfig, store)
+        .api(new MailerAPI())
+        .api(new FormAPI())
+        .api(new AssetAPI())
+        .api(new ReloadAPI());
     installMailMagicSwagger(server, {
-        apiBasePath: String(config.apiBasePath || '/api'),
-        assetRoute: String(store.vars.ASSET_ROUTE || '/asset'),
         apiUrl: String(store.vars.API_URL || ''),
-        swaggerEnabled,
-        swaggerPath
+        swaggerEnabled
     });
-    // Serve domain assets from a public route with traversal protection and caching.
-    const assetRoute = normalizeRoute(store.vars.ASSET_ROUTE, '/asset');
-    const assetPrefix = assetRoute === '/' ? '' : assetRoute;
-    const apiBasePath = normalizeRoute(store.vars.API_BASE_PATH, '/api');
-    const apiBasePrefix = apiBasePath === '/' ? '' : apiBasePath;
+    // Serve domain assets from the fixed public route with traversal protection and caching.
     const assetHandler = createAssetHandler(server);
-    const assetMounts = new Set();
-    assetMounts.add(assetPrefix);
-    // Integration tests (and API_URL defaults) expect assets to also be reachable under the API base path.
-    if (apiBasePrefix && assetPrefix && !assetPrefix.startsWith(`${apiBasePrefix}/`)) {
-        assetMounts.add(`${apiBasePrefix}${assetPrefix}`);
-    }
-    for (const prefix of assetMounts) {
-        // Use ApiServer.useExpress() so mounts under `apiBasePath` are installed before the API
+    for (const prefix of [MAIL_MAGIC_ASSET_ROUTE, `${MAIL_MAGIC_API_BASE_PATH}${MAIL_MAGIC_ASSET_ROUTE}`]) {
+        // Use ApiServer.useExpress() so mounts under the fixed API path are installed before the API
         // 404 handler. Fastify (find-my-way) requires the wildcard to be an unnamed `*`.
         server.useExpress(`${prefix}/:domain/*`, assetHandler);
     }
@@ -131,8 +120,8 @@ async function enableAdminFeatures(server, store, adminUiPath) {
         const mod = (await import('@technomoron/mail-magic-admin'));
         if (typeof mod?.registerAdmin === 'function') {
             await mod.registerAdmin(server, {
-                apiBasePath: normalizeRoute(store.vars.API_BASE_PATH, '/api'),
-                assetRoute: normalizeRoute(store.vars.ASSET_ROUTE, '/asset'),
+                apiBasePath: MAIL_MAGIC_API_BASE_PATH,
+                assetRoute: MAIL_MAGIC_ASSET_ROUTE,
                 appPath: adminUiPath ?? store.vars.ADMIN_APP_PATH,
                 logger: (message) => store.print_debug(message),
                 staticFallback: Boolean(adminUiPath)

package/dist/esm/models/init.d.ts

@@ -8,5 +8,7 @@ interface LoadedTemplate {
 }
 export declare function loadFormTemplate(store: mailStore, form: api_form_type): Promise<LoadedTemplate>;
 export declare function loadTxTemplate(store: mailStore, template: api_txmail_type): Promise<LoadedTemplate>;
-export declare function importData(store: mailStore): Promise<void>;
+export declare function importData(store: mailStore, options?: {
+    force?: boolean;
+}): Promise<void>;
 export {};

package/dist/esm/models/init.js

@@ -2,6 +2,7 @@ import fs from 'fs';
 import path from 'path';
 import { z } from 'zod';
 import { buildAssetUrl } from '../util/paths.js';
+import { MAIL_MAGIC_ASSET_ROUTE } from '../util/route.js';
 import { flattenTemplateWithAssets } from '../util/shared-template-flatten.js';
 import { user_and_domain } from '../util.js';
 import { api_domain, api_domain_schema } from './domain.js';
@@ -51,12 +52,11 @@ async function _load_template(store, filename, pathname, user, domain, locale, t
             throw new Error(`Unable to resolve template path for "${absPath}"`);
         }
         const assetBaseUrl = store.vars.ASSET_PUBLIC_BASE?.trim() ? store.vars.ASSET_PUBLIC_BASE : store.vars.API_URL;
-        const assetRoute = store.vars.ASSET_ROUTE;
         const { html, assets } = flattenTemplateWithAssets({
             domainRoot,
             templateKey,
             baseUrl: assetBaseUrl,
-            assetFormatter: (urlPath) => buildAssetUrl(assetBaseUrl, assetRoute, domain.name, urlPath),
+            assetFormatter: (urlPath) => buildAssetUrl(assetBaseUrl, MAIL_MAGIC_ASSET_ROUTE, domain.name, urlPath),
             normalizeInlineCid: buildInlineAssetCid
         });
         return { html, assets: assets };
@@ -75,7 +75,7 @@ export async function loadTxTemplate(store, template) {
     const locale = template.locale || domain.locale || null;
     return _load_template(store, template.filename, '', user, domain, locale, 'tx-template');
 }
-export async function importData(store) {
+export async function importData(store, options) {
     const initfile = path.join(store.configpath, 'init-data.json');
     if (fs.existsSync(initfile)) {
         store.print_debug(`Loading init data from ${initfile}`);
@@ -125,7 +125,7 @@ export async function importData(store) {
             store.print_debug('Creating template records');
             for (const record of records.template) {
                 const fixed = await upsert_txmail(record);
-                if (!fixed.template) {
+                if (!fixed.template || options?.force) {
                     const { html, assets } = await loadTxTemplate(store, fixed);
                     await fixed.update({ template: html, files: assets });
                 }
@@ -135,7 +135,7 @@ export async function importData(store) {
             store.print_debug('Creating form records');
             for (const record of records.form) {
                 const fixed = await upsert_form(record);
-                if (!fixed.template) {
+                if (!fixed.template || options?.force) {
                     const { html, assets } = await loadFormTemplate(store, fixed);
                     await fixed.update({ template: html, files: assets });
                 }

package/dist/esm/store/envloader.d.ts

@@ -18,6 +18,11 @@ export declare const envOptions: {
         type: "boolean";
         default: false;
     };
+    DB_RELOAD_DEBOUNCE_MS: {
+        description: string;
+        type: "number";
+        default: number;
+    };
     DB_FORCE_SYNC: {
         description: string;
         type: "boolean";
@@ -32,22 +37,14 @@ export declare const envOptions: {
         description: string;
         default: string;
     };
-    API_BASE_PATH: {
-        description: string;
-        default: string;
-    };
     ASSET_PUBLIC_BASE: {
         description: string;
         default: string;
     };
     SWAGGER_ENABLED: {
         description: string;
-        type: "boolean";
         default: false;
-    };
-    SWAGGER_PATH: {
-        description: string;
-        default: string;
+        type: "boolean";
     };
     ADMIN_ENABLED: {
         description: string;
@@ -58,10 +55,6 @@ export declare const envOptions: {
         description: string;
         default: string;
     };
-    ASSET_ROUTE: {
-        description: string;
-        default: string;
-    };
     CONFIG_PATH: {
         description: string;
         default: string;

package/dist/esm/store/envloader.js

@@ -15,10 +15,15 @@ export const envOptions = defineEnvOptions({
         default: '0.0.0.0'
     },
     DB_AUTO_RELOAD: {
-        description: 'Reload init-data.json automatically on change',
+        description: 'Watch init-data.json and *.njk template files for changes and reload automatically',
         type: 'boolean',
         default: false
     },
+    DB_RELOAD_DEBOUNCE_MS: {
+        description: 'Debounce delay in milliseconds before triggering a reload after a file change (default 300)',
+        type: 'number',
+        default: 300
+    },
     DB_FORCE_SYNC: {
         description: 'Drop and recreate database tables on startup (DANGEROUS)',
         type: 'boolean',
@@ -33,22 +38,14 @@ export const envOptions = defineEnvOptions({
         description: 'Sets the public URL for the API (i.e. https://ml.example.com:3790)',
         default: 'http://localhost:3776'
     },
-    API_BASE_PATH: {
-        description: 'Base path prefix for API routes',
-        default: '/api'
-    },
     ASSET_PUBLIC_BASE: {
         description: 'Public base URL for asset hosting (origin or origin + path)',
         default: ''
     },
     SWAGGER_ENABLED: {
-        description: 'Enable the Swagger/OpenAPI endpoint',
-        type: 'boolean',
-        default: false
-    },
-    SWAGGER_PATH: {
-        description: 'Path to expose the Swagger/OpenAPI spec (default: /api/swagger when enabled)',
-        default: ''
+        description: 'Enable the Swagger/OpenAPI endpoint at /api/swagger',
+        default: false,
+        type: 'boolean'
     },
     ADMIN_ENABLED: {
         description: 'Enable the optional admin UI and admin API module when available',
@@ -59,10 +56,6 @@ export const envOptions = defineEnvOptions({
         description: 'Optional path to the admin UI dist directory (or its parent)',
         default: ''
     },
-    ASSET_ROUTE: {
-        description: 'Route prefix exposed for config assets',
-        default: '/asset'
-    },
     CONFIG_PATH: {
         description: 'Path to directory where config files are located',
         default: './data/'

package/dist/esm/store/store.d.ts

@@ -14,11 +14,11 @@ type AutoReloadHandle = {
     close: () => void;
 };
 type AutoReloadContext = {
-    vars: Pick<MailStoreVars, 'DB_AUTO_RELOAD'>;
+    vars: Pick<MailStoreVars, 'DB_AUTO_RELOAD' | 'DB_RELOAD_DEBOUNCE_MS'>;
     config_filename: (name: string) => string;
     print_debug: (msg: string) => void;
 };
-export declare function enableInitDataAutoReload(ctx: AutoReloadContext, reload: () => void): AutoReloadHandle | null;
+export declare function enableInitDataAutoReload(ctx: AutoReloadContext, reload: () => void | Promise<void>, reloadForce?: () => void | Promise<void>): AutoReloadHandle | null;
 export declare class mailStore {
     private env;
     vars: MailStoreVars;
@@ -28,8 +28,17 @@ export declare class mailStore {
     uploadTemplate?: string;
     uploadStagingPath?: string;
     autoReloadHandle: AutoReloadHandle | null;
+    private reloadInProgress;
+    private reloadQueued;
+    private reloadQueuedForce;
     print_debug(msg: string): void;
     config_filename(name: string): string;
+    /**
+     * Trigger an importData reload. If a reload is already in progress the request is
+     * queued (at most one pending run) so no reload is silently dropped. Returns
+     * 'triggered' when a new run starts, or 'queued' when one is already running.
+     */
+    triggerReload(force?: boolean): 'triggered' | 'queued';
     resolveUploadPath(domainName?: string): string;
     getUploadStagingPath(): string;
     relocateUploads(domainName: string | null, files: UploadedFile[]): Promise<void>;

package/dist/esm/store/store.js

@@ -1,6 +1,7 @@
 import fs from 'fs';
 import path from 'path';
 import { EnvLoader } from '@technomoron/env-loader';
+import { watch as chokidarWatch } from 'chokidar';
 import { createTransport } from 'nodemailer';
 import { connect_api_db } from '../models/db.js';
 import { importData } from '../models/init.js';
@@ -24,41 +25,77 @@ function create_mail_transport(vars) {
     }
     return createTransport(args);
 }
-export function enableInitDataAutoReload(ctx, reload) {
+export function enableInitDataAutoReload(ctx, reload, reloadForce) {
     if (!ctx.vars.DB_AUTO_RELOAD) {
         return null;
     }
     const initDataPath = ctx.config_filename('init-data.json');
-    ctx.print_debug('Enabling auto reload of init-data.json');
-    let debounceTimer = null;
-    const onChange = () => {
-        if (debounceTimer) {
-            clearTimeout(debounceTimer);
-        }
-        debounceTimer = setTimeout(() => {
-            debounceTimer = null;
-            ctx.print_debug('Config file changed, reloading...');
-            try {
-                reload();
-            }
-            catch (err) {
-                ctx.print_debug(`Failed to reload config: ${err}`);
+    const configPath = path.dirname(initDataPath);
+    const debounceMs = ctx.vars.DB_RELOAD_DEBOUNCE_MS ?? 300;
+    function makeDebounced(fn, label) {
+        let timer = null;
+        const trigger = () => {
+            if (timer)
+                clearTimeout(timer);
+            timer = setTimeout(() => {
+                timer = null;
+                ctx.print_debug(label);
+                // fn() may be sync or async — try/catch handles a synchronous
+                // throw, while Promise.resolve().catch() handles an async rejection.
+                try {
+                    Promise.resolve(fn()).catch((err) => {
+                        ctx.print_debug(`Failed to reload: ${err}`);
+                    });
+                }
+                catch (err) {
+                    ctx.print_debug(`Failed to reload: ${err}`);
+                }
+            }, debounceMs);
+        };
+        const cancel = () => {
+            if (timer) {
+                clearTimeout(timer);
+                timer = null;
             }
-        }, 300);
-    };
-    try {
-        const watcher = fs.watch(initDataPath, { persistent: false }, onChange);
-        return {
-            close: () => watcher.close()
         };
+        return { trigger, cancel };
+    }
+    ctx.print_debug('Enabling auto reload of init-data.json');
+    const dataReload = makeDebounced(reload, 'Config file changed, reloading...');
+    // Watch init-data.json with fs.watch (+ fs.watchFile fallback).
+    let closeDataWatcher;
+    try {
+        const watcher = fs.watch(initDataPath, { persistent: false }, dataReload.trigger);
+        closeDataWatcher = () => watcher.close();
     }
     catch (err) {
         ctx.print_debug(`fs.watch unavailable; falling back to fs.watchFile: ${err}`);
-        fs.watchFile(initDataPath, { interval: 2000 }, onChange);
-        return {
-            close: () => fs.unwatchFile(initDataPath, onChange)
+        fs.watchFile(initDataPath, { interval: 2000 }, dataReload.trigger);
+        closeDataWatcher = () => fs.unwatchFile(initDataPath, dataReload.trigger);
+    }
+    // Watch *.njk files under configPath with chokidar (cross-platform recursive).
+    let closeTemplateWatcher = null;
+    if (reloadForce) {
+        ctx.print_debug('Enabling auto reload of template files');
+        const templateReload = makeDebounced(reloadForce, 'Template file changed, reloading...');
+        const watcher = chokidarWatch(path.join(configPath, '**', '*.njk'), {
+            persistent: false,
+            ignoreInitial: true
+        });
+        watcher.on('add', templateReload.trigger);
+        watcher.on('change', templateReload.trigger);
+        closeTemplateWatcher = () => {
+            templateReload.cancel();
+            void watcher.close();
         };
     }
+    return {
+        close: () => {
+            dataReload.cancel();
+            closeDataWatcher();
+            closeTemplateWatcher?.();
+        }
+    };
 }
 export class mailStore {
     env;
@@ -69,6 +106,9 @@ export class mailStore {
     uploadTemplate;
     uploadStagingPath;
     autoReloadHandle = null;
+    reloadInProgress = false;
+    reloadQueued = false;
+    reloadQueuedForce = false;
     print_debug(msg) {
         if (this.vars.DEBUG) {
             console.log(msg);
@@ -77,6 +117,35 @@ export class mailStore {
     config_filename(name) {
         return path.resolve(path.join(this.configpath, name));
     }
+    /**
+     * Trigger an importData reload. If a reload is already in progress the request is
+     * queued (at most one pending run) so no reload is silently dropped. Returns
+     * 'triggered' when a new run starts, or 'queued' when one is already running.
+     */
+    triggerReload(force = false) {
+        if (this.reloadInProgress) {
+            this.reloadQueued = true;
+            if (force)
+                this.reloadQueuedForce = true;
+            this.print_debug(`Reload already in progress; queued (force=${force})`);
+            return 'queued';
+        }
+        this.reloadInProgress = true;
+        this.print_debug(`Triggering reload (force=${force})`);
+        const fn = force ? () => importData(this, { force: true }) : () => importData(this);
+        Promise.resolve(fn())
+            .catch((err) => this.print_debug(`Reload failed: ${err}`))
+            .finally(() => {
+            this.reloadInProgress = false;
+            if (this.reloadQueued) {
+                this.reloadQueued = false;
+                const queued = this.reloadQueuedForce;
+                this.reloadQueuedForce = false;
+                this.triggerReload(queued);
+            }
+        });
+        return 'triggered';
+    }
     resolveUploadPath(domainName) {
         const raw = this.vars.UPLOAD_PATH ?? '';
         const hasDomainToken = raw.includes('{domain}');
@@ -194,7 +263,11 @@ export class mailStore {
         this.transport = await create_mail_transport(this.vars);
         this.api_db = await connect_api_db(this);
         this.autoReloadHandle?.close();
-        this.autoReloadHandle = enableInitDataAutoReload(this, () => importData(this));
+        this.autoReloadHandle = enableInitDataAutoReload(this, () => {
+            this.triggerReload(false);
+        }, () => {
+            this.triggerReload(true);
+        });
         return this;
     }
 }

package/dist/esm/swagger.d.ts

@@ -1,10 +1,7 @@
 import type { mailApiServer } from './server.js';
 type SwaggerInstallOptions = {
-    apiBasePath: string;
-    assetRoute: string;
     apiUrl: string;
     swaggerEnabled?: boolean;
-    swaggerPath?: string;
 };
 export declare function installMailMagicSwagger(server: mailApiServer, opts: SwaggerInstallOptions): void;
 export {};

package/dist/esm/swagger.js

@@ -1,44 +1,15 @@
 import fs from 'node:fs';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
-import { normalizeRoute } from './util/route.js';
-function replacePrefix(input, from, to) {
-    if (input === from) {
-        return to;
-    }
-    if (input.startsWith(`${from}/`)) {
-        const suffix = input.slice(from.length);
-        if (to === '/') {
-            return suffix.replace(/^\/+/, '/') || '/';
-        }
-        return `${to}${suffix}`;
-    }
-    return input;
-}
+import { MAIL_MAGIC_SWAGGER_PATH } from './util/route.js';
 function rewriteSpecForRuntime(spec, opts) {
     if (!spec || typeof spec !== 'object') {
         return spec;
     }
-    const base = normalizeRoute(opts.apiBasePath, '/api');
-    const asset = normalizeRoute(opts.assetRoute, '/asset');
     const root = spec;
     const out = { ...root };
-    // Keep the spec stable while still reflecting the configured public URL and base paths.
+    // Keep the spec stable while still reflecting the configured public URL.
     out.servers = [{ url: String(opts.apiUrl || ''), description: 'Configured API_URL' }];
-    const rawPaths = root.paths;
-    if (!rawPaths || typeof rawPaths !== 'object') {
-        return out;
-    }
-    const rewritten = {};
-    for (const [p, v] of Object.entries(rawPaths)) {
-        let next = String(p);
-        next = replacePrefix(next, '/api', base);
-        next = replacePrefix(next, '/asset', asset);
-        // Normalize double slashes after prefix replacement (path only, not URLs).
-        next = next.replace(/\/{2,}/g, '/');
-        rewritten[next] = v;
-    }
-    out.paths = rewritten;
     return out;
 }
 let cachedSpec = null;
@@ -60,16 +31,11 @@ function loadPackagedOpenApiSpec() {
     }
 }
 export function installMailMagicSwagger(server, opts) {
-    const rawPath = typeof opts.swaggerPath === 'string' ? opts.swaggerPath.trim() : '';
-    const enabled = Boolean(opts.swaggerEnabled) || rawPath.length > 0;
-    if (!enabled) {
+    if (!opts.swaggerEnabled) {
         return;
     }
-    const base = normalizeRoute(opts.apiBasePath, '/api');
-    const resolved = rawPath.length > 0 ? rawPath : `${base}/swagger`;
-    const mount = normalizeRoute(resolved, `${base}/swagger`);
     // Mount under the API router so it runs before the API 404 handler.
-    server.useExpress(mount, (req, res, next) => {
+    server.useExpress(MAIL_MAGIC_SWAGGER_PATH, (req, res, next) => {
         if (req.method && req.method !== 'GET' && req.method !== 'HEAD') {
             next();
             return;
@@ -86,8 +52,6 @@ export function installMailMagicSwagger(server, opts) {
             return;
         }
         res.status(200).json(rewriteSpecForRuntime(spec, {
-            apiBasePath: base,
-            assetRoute: opts.assetRoute,
             apiUrl: opts.apiUrl
         }));
     });

package/dist/esm/util/route.d.ts

@@ -1 +1,4 @@
+export declare const MAIL_MAGIC_API_BASE_PATH = "/api";
+export declare const MAIL_MAGIC_ASSET_ROUTE = "/asset";
+export declare const MAIL_MAGIC_SWAGGER_PATH = "/api/swagger";
 export declare function normalizeRoute(value: string, fallback?: string): string;

package/dist/esm/util/route.js

@@ -1,3 +1,6 @@
+export const MAIL_MAGIC_API_BASE_PATH = '/api';
+export const MAIL_MAGIC_ASSET_ROUTE = '/asset';
+export const MAIL_MAGIC_SWAGGER_PATH = '/api/swagger';
 export function normalizeRoute(value, fallback = '') {
     if (!value) {
         return fallback;

package/dist/esm/util/utils.d.ts

@@ -19,6 +19,13 @@ export declare function user_and_domain(domain_id: number): Promise<{
     user: api_user;
     domain: api_domain;
 }>;
+/**
+ * Collect informational request metadata (client IP, IP chain, timestamp) for
+ * use in template rendering context.  The values are **not** used for security
+ * decisions such as rate limiting — those rely on `getClientIp()` which is
+ * trust-proxy aware.  For the IP chain to be meaningful the server must sit
+ * behind a trusted reverse proxy that sets the forwarded headers.
+ */
 export declare function buildRequestMeta(rawReq: unknown): RequestMeta;
 export declare function decodeComponent(value: string | string[] | undefined): string;
 export declare function getBodyValue(body: Record<string, unknown>, ...keys: string[]): string;

package/dist/esm/util/utils.js

@@ -60,6 +60,13 @@ function resolveHeader(headers, key) {
     }
     return undefined;
 }
+/**
+ * Collect informational request metadata (client IP, IP chain, timestamp) for
+ * use in template rendering context.  The values are **not** used for security
+ * decisions such as rate limiting — those rely on `getClientIp()` which is
+ * trust-proxy aware.  For the IP chain to be meaningful the server must sit
+ * behind a trusted reverse proxy that sets the forwarded headers.
+ */
 export function buildRequestMeta(rawReq) {
     const req = (rawReq ?? {});
     const headers = req.headers ?? {};

package/docs/swagger/openapi.json

@@ -2,7 +2,7 @@
 	"openapi": "3.1.0",
 	"info": {
 		"title": "Mail Magic API",
-		"version": "1.0.42",
+		"version": "2.0.0-beta1",
 		"description": "OpenAPI definition for the Mail Magic server. Authenticated endpoints require an API key provided as `Authorization: Bearer apikey-<token>`."
 	},
 	"servers": [
@@ -30,11 +30,11 @@
 		},
 		{
 			"name": "public-assets",
-			"description": "Publicly served domain assets under ASSET_ROUTE."
+			"description": "Publicly served domain assets under the fixed /asset route."
 		},
 		{
 			"name": "swagger",
-			"description": "Swagger/OpenAPI spec endpoint (enabled via SWAGGER_ENABLED / SWAGGER_PATH)."
+			"description": "Swagger/OpenAPI spec endpoint at the fixed /api/swagger route when enabled."
 		}
 	],
 	"paths": {
@@ -699,6 +699,63 @@
 				}
 			}
 		},
+		"/api/v1/reload": {
+			"post": {
+				"tags": ["base"],
+				"summary": "Force reload templates and config",
+				"description": "Auth: API key. Triggers a force-reload of init-data metadata and all templates from disk. Returns whether the reload started immediately or was queued behind a reload already in progress.",
+				"security": [
+					{
+						"apiKeyBearer": []
+					}
+				],
+				"responses": {
+					"200": {
+						"description": "Reload request accepted.",
+						"content": {
+							"application/json": {
+								"schema": {
+									"allOf": [
+										{
+											"$ref": "#/components/schemas/ApiResponse"
+										},
+										{
+											"type": "object",
+											"properties": {
+												"data": {
+													"$ref": "#/components/schemas/ReloadResponseData"
+												}
+											},
+											"required": ["data"]
+										}
+									]
+								}
+							}
+						}
+					},
+					"401": {
+						"description": "Unauthorized.",
+						"content": {
+							"application/json": {
+								"schema": {
+									"$ref": "#/components/schemas/ApiResponse"
+								}
+							}
+						}
+					},
+					"500": {
+						"description": "Server error.",
+						"content": {
+							"application/json": {
+								"schema": {
+									"$ref": "#/components/schemas/ApiResponse"
+								}
+							}
+						}
+					}
+				}
+			}
+		},
 		"/asset/{domain}/{path}": {
 			"get": {
 				"tags": ["public-assets"],
@@ -751,7 +808,7 @@
 			"get": {
 				"tags": ["public-assets"],
 				"summary": "Fetch a public asset (under API base path)",
-				"description": "Compatibility route for assets reachable under API_BASE_PATH + ASSET_ROUTE.",
+				"description": "Compatibility route for clients that fetch assets under /api/asset.",
 				"security": [],
 				"parameters": [
 					{
@@ -797,7 +854,7 @@
 			"get": {
 				"tags": ["swagger"],
 				"summary": "Get OpenAPI spec",
-				"description": "Returns the OpenAPI spec JSON when Swagger is enabled. This endpoint is not wrapped in ApiResponse.",
+				"description": "Returns the OpenAPI spec JSON at the fixed /api/swagger route when Swagger is enabled. This endpoint is not wrapped in ApiResponse.",
 				"security": [],
 				"responses": {
 					"200": {
@@ -891,6 +948,21 @@
 				},
 				"required": ["Status"]
 			},
+			"ReloadResponseData": {
+				"type": "object",
+				"properties": {
+					"Status": {
+						"type": "string",
+						"examples": ["OK"]
+					},
+					"reload": {
+						"type": "string",
+						"enum": ["triggered", "queued"],
+						"description": "Whether a new force-reload started immediately or was queued behind one already in progress."
+					}
+				},
+				"required": ["Status", "reload"]
+			},
 			"TxTemplateUpsertRequest": {
 				"type": "object",
 				"additionalProperties": false,

package/docs/tutorial.md

@@ -22,7 +22,7 @@ Update your `.env` (or runtime environment) to point at the new workspace:
 ```dotenv
 API_TOKEN_PEPPER=<generate-a-long-random-string>
 CONFIG_PATH=${CONFIG_ROOT}
-DB_AUTO_RELOAD=1  # optional: hot-reload init-data and templates
+DB_AUTO_RELOAD=1  # optional: hot-reload init-data.json and template files
 UPLOAD_PATH=./{domain}/uploads
 ```
 
@@ -64,8 +64,8 @@ myorg-config/
 
 > **Assets vs inline:** Any file referenced via `asset('...')` must live under `myorg.com/assets/`. The helper
 > `asset('logo.png')` will become `http://localhost:3776/asset/myorg.com/logo.png` by default. You can change the base
-> via `ASSET_PUBLIC_BASE` (or `API_URL`) and the route via `ASSET_ROUTE`. Use `asset('logo.png', true)` when you need
-> the file embedded as a CID attachment instead.
+> via `ASSET_PUBLIC_BASE` (or `API_URL`). Use `asset('logo.png', true)` when you need the file embedded as a CID
+> attachment instead.
 
 ---
 
@@ -327,7 +327,8 @@ The inline flag (`true`) in `asset('logo.png', true)` tells Mail Magic to attach
       }'
     ```
 
-With `DB_AUTO_RELOAD=1`, editing templates or assets is as simple as saving the file.
+With `DB_AUTO_RELOAD=1`, saving `init-data.json` re-imports domain/user/template metadata; saving any `.njk` template
+file forces a full template re-render including inline asset collection.
 
 You now have a clean, self-contained configuration for MyOrg that inherits Mail Magic behaviour while keeping templates,
 partials, and assets under version control in a dedicated folder.

package/examples/.env-dist

@@ -1,9 +1,7 @@
 NODE_ENV=development
 API_PORT=3776
 API_HOST=127.0.0.1
-API_URL=http://127.0.0.1:3776/api
-API_BASE_PATH=/api
-ASSET_ROUTE=/asset
+API_URL=http://127.0.0.1:3776
 CONFIG_PATH=./data
 DB_TYPE=sqlite
 DB_NAME=./maildata.db

package/package.json

@@ -1,91 +1,94 @@
 {
-  "name": "@technomoron/mail-magic",
-  "version": "1.0.43",
-  "main": "dist/cjs/index.js",
-  "module": "dist/esm/index.js",
-  "type": "module",
-  "bin": {
-    "mail-magic": "dist/esm/bin/mail-magic.js"
-  },
-  "exports": {
-    ".": {
-      "types": "./dist/cjs/index.d.ts",
-      "import": "./dist/esm/index.js",
-      "require": "./dist/cjs/index.js"
-    }
-  },
-  "files": [
-    "dist",
-    "docs",
-    "examples",
-    "README.md",
-    "CHANGES"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/technomoron/mail-magic.git",
-    "directory": "packages/server"
-  },
-  "keywords": [],
-  "author": "Bjørn Erik Jacobsen",
-  "license": "MIT",
-  "copyright": "Copyright (c) 2025 Bjørn Erik Jacobsen",
-  "bugs": {
-    "url": "https://github.com/technomoron/mail-magic/issues"
-  },
-  "dependencies": {
-    "@technomoron/api-server-base": "2.0.0-beta.24",
-    "@technomoron/env-loader": "^1.0.8",
-    "@technomoron/unyuck": "^1.0.4",
-    "bcryptjs": "^3.0.2",
-    "dotenv": "^16.4.5",
-    "email-addresses": "^5.0.0",
-    "html-to-text": "^9.0.5",
-    "nanoid": "^5.1.6",
-    "nodemailer": "^6.10.1",
-    "nunjucks": "^3.2.4",
-    "sequelize": "^6.37.7",
-    "sqlite3": "^5.1.7",
-    "swagger-jsdoc": "^6.2.8",
-    "swagger-ui-express": "^5.0.1",
-    "zod": "^4.1.5"
-  },
-  "devDependencies": {
-    "@types/express": "^5.0.6",
-    "@types/html-to-text": "^9.0.4",
-    "@types/nodemailer": "^6.4.19",
-    "@types/nunjucks": "^3.2.6",
-    "@types/supertest": "^6.0.3",
-    "mailparser": "^3.9.1",
-    "nodemon": "^3.1.10",
-    "smtp-server": "^3.18.0",
-    "supertest": "^7.1.4",
-    "tsx": "^4.20.5",
-    "typescript": "^5.9.3",
-    "vitest": "^4.0.16"
-  },
-  "homepage": "https://github.com/technomoron/mail-magic#readme",
-  "scripts": {
-    "start": "node dist/esm/index.js",
-    "dev": "NODE_ENV=development nodemon --watch 'src/**/*.ts' --watch 'config/**/*.*' --watch '.env' --exec 'tsx' src/index.ts",
-    "run": "NODE_ENV=production run-s start",
-    "sync:shared": "node ../../scripts/sync-shared-code.cjs >/dev/null",
-    "build:esm": "tsc --project tsconfig/tsconfig.esm.json",
-    "build:cjs": "node scripts/add-shebang.cjs --cjs-only",
-    "build": "run-s sync:shared build:esm build:cjs",
-    "postbuild": "node scripts/add-shebang.cjs",
-    "test:unit": "vitest run --silent --reporter=dot",
-    "test": "run-s --silent sync:shared test:unit",
-    "test:watch": "vitest",
-    "scrub": "rimraf ./node_modules/ ./dist/ pnpm-lock.yaml package-lock.json yarn.lock",
-    "lint": "node ../../node_modules/eslint/bin/eslint.js --config ../../eslint.config.mjs --no-error-on-unmatched-pattern ./",
-    "lintfix": "node ../../node_modules/eslint/bin/eslint.js --config ../../eslint.config.mjs --fix --no-error-on-unmatched-pattern ./",
-    "pretty": "node ../../node_modules/prettier/bin/prettier.cjs --config ../../.prettierrc --write \"**/*.{js,jsx,cjs,mjs,ts,tsx,mts,vue,json,md}\"",
-    "format": "run-s lintfix pretty",
-    "cleanbuild": "run-s clean:dist format build",
-    "lintconfig": "node ../../lintconfig.cjs",
-    "clean:dist": "rimraf ./dist/",
-    "release": "bash ../../scripts/release-package.sh .",
-    "release:check": "bash ../../scripts/release-package-check.sh ."
-  }
-}
+	"name": "@technomoron/mail-magic",
+	"version": "2.0.0-beta1",
+	"main": "dist/cjs/index.js",
+	"module": "dist/esm/index.js",
+	"type": "module",
+	"bin": {
+		"mail-magic": "dist/esm/bin/mail-magic.js"
+	},
+	"exports": {
+		".": {
+			"types": "./dist/cjs/index.d.ts",
+			"import": "./dist/esm/index.js",
+			"require": "./dist/cjs/index.js"
+		}
+	},
+	"files": [
+		"dist",
+		"docs",
+		"examples",
+		"README.md",
+		"CHANGES"
+	],
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/technomoron/mail-magic.git",
+		"directory": "packages/server"
+	},
+	"scripts": {
+		"start": "node dist/esm/index.js",
+		"dev": "NODE_ENV=development nodemon --watch 'src/**/*.ts' --watch 'config/**/*.*' --watch '.env' --exec 'tsx' src/index.ts",
+		"run": "NODE_ENV=production run-s start",
+		"sync:shared": "node ../../scripts/sync-shared-code.cjs >/dev/null",
+		"build:esm": "tsc --project tsconfig/tsconfig.esm.json",
+		"build:cjs": "node scripts/add-shebang.cjs --cjs-only",
+		"build": "run-s sync:shared build:esm build:cjs",
+		"postbuild": "node scripts/add-shebang.cjs",
+		"prepack": "run-s build",
+		"test:unit": "vitest run --silent --reporter=dot",
+		"test": "run-s --silent sync:shared test:unit",
+		"test:watch": "vitest",
+		"scrub": "rimraf ./node_modules/ ./dist/ pnpm-lock.yaml package-lock.json yarn.lock",
+		"lint": "node ../../node_modules/eslint/bin/eslint.js --config ../../eslint.config.mjs --no-error-on-unmatched-pattern ./",
+		"lintfix": "node ../../node_modules/eslint/bin/eslint.js --config ../../eslint.config.mjs --fix --no-error-on-unmatched-pattern ./",
+		"pretty": "node ../../node_modules/prettier/bin/prettier.cjs --config ../../.prettierrc --write \"**/*.{js,jsx,cjs,mjs,ts,tsx,mts,vue,json,md}\"",
+		"format": "run-s lintfix pretty",
+		"cleanbuild": "run-s clean:dist format build",
+		"lintconfig": "node ../../lintconfig.cjs",
+		"clean:dist": "rimraf ./dist/",
+		"release": "bash ../../scripts/release-package.sh .",
+		"release:check": "bash ../../scripts/release-package-check.sh .",
+		"release:preflight": "bash ../../scripts/release-package-preflight.sh ."
+	},
+	"keywords": [],
+	"author": "Bjørn Erik Jacobsen",
+	"license": "MIT",
+	"copyright": "Copyright (c) 2025 Bjørn Erik Jacobsen",
+	"bugs": {
+		"url": "https://github.com/technomoron/mail-magic/issues"
+	},
+	"dependencies": {
+		"@technomoron/api-server-base": "2.0.0-beta.24",
+		"@technomoron/env-loader": "^1.0.8",
+		"@technomoron/unyuck": "^1.0.4",
+		"bcryptjs": "^3.0.2",
+		"chokidar": "^5.0.0",
+		"dotenv": "^16.4.5",
+		"email-addresses": "^5.0.0",
+		"html-to-text": "^9.0.5",
+		"nanoid": "^5.1.6",
+		"nodemailer": "^6.10.1",
+		"nunjucks": "^3.2.4",
+		"sequelize": "^6.37.7",
+		"sqlite3": "^5.1.7",
+		"swagger-jsdoc": "^6.2.8",
+		"swagger-ui-express": "^5.0.1",
+		"zod": "^4.1.5"
+	},
+	"devDependencies": {
+		"@types/express": "^5.0.6",
+		"@types/html-to-text": "^9.0.4",
+		"@types/nodemailer": "^6.4.19",
+		"@types/nunjucks": "^3.2.6",
+		"@types/supertest": "^6.0.3",
+		"mailparser": "^3.9.1",
+		"nodemon": "^3.1.10",
+		"smtp-server": "^3.18.0",
+		"supertest": "^7.1.4",
+		"tsx": "^4.20.5",
+		"typescript": "^5.9.3",
+		"vitest": "^4.0.16"
+	},
+	"homepage": "https://github.com/technomoron/mail-magic#readme"
+}