agentmail-clone-v1 0.1.0

package/sql/001_init.sql

@@ -0,0 +1,143 @@
+CREATE EXTENSION IF NOT EXISTS pgcrypto;
+
+CREATE TABLE IF NOT EXISTS users (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  email TEXT UNIQUE NOT NULL,
+  full_name TEXT NOT NULL,
+  password_hash TEXT NOT NULL,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS organizations (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  name TEXT NOT NULL,
+  plan TEXT NOT NULL DEFAULT 'free' CHECK (plan IN ('free', 'paid')),
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS memberships (
+  user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  role TEXT NOT NULL DEFAULT 'owner' CHECK (role IN ('owner', 'member')),
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  PRIMARY KEY (user_id, org_id)
+);
+
+CREATE TABLE IF NOT EXISTS domains (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  name TEXT NOT NULL UNIQUE,
+  provider_domain_id TEXT,
+  provider_route_id TEXT,
+  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'active', 'failed', 'deleted')),
+  dns_records_json JSONB NOT NULL DEFAULT '[]'::jsonb,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS inboxes (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  local_part TEXT NOT NULL,
+  domain_name TEXT NOT NULL,
+  email_address TEXT NOT NULL UNIQUE,
+  display_name TEXT,
+  status TEXT NOT NULL DEFAULT 'active' CHECK (status IN ('active', 'deleted')),
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  deleted_at TIMESTAMPTZ,
+  UNIQUE (org_id, local_part, domain_name)
+);
+
+CREATE TABLE IF NOT EXISTS emails (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  inbox_id UUID REFERENCES inboxes(id) ON DELETE SET NULL,
+  direction TEXT NOT NULL CHECK (direction IN ('inbound', 'outbound')),
+  delivery_status TEXT NOT NULL DEFAULT 'unknown' CHECK (delivery_status IN ('unknown', 'queued', 'sent', 'failed', 'received')),
+  message_id TEXT,
+  subject TEXT NOT NULL DEFAULT '',
+  from_address TEXT NOT NULL,
+  to_addresses TEXT[] NOT NULL DEFAULT '{}',
+  text_body TEXT,
+  html_body TEXT,
+  is_read BOOLEAN NOT NULL DEFAULT FALSE,
+  status TEXT NOT NULL DEFAULT 'active' CHECK (status IN ('active', 'deleted')),
+  provider_payload JSONB,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS api_keys (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  name TEXT NOT NULL,
+  key_prefix TEXT NOT NULL,
+  key_hash TEXT NOT NULL UNIQUE,
+  scopes TEXT[] NOT NULL DEFAULT '{}',
+  last_used_at TIMESTAMPTZ,
+  revoked_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE TABLE IF NOT EXISTS usage_monthly (
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  month_start DATE NOT NULL,
+  sent_count INTEGER NOT NULL DEFAULT 0,
+  inbound_count INTEGER NOT NULL DEFAULT 0,
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  PRIMARY KEY (org_id, month_start)
+);
+
+CREATE TABLE IF NOT EXISTS plan_limits (
+  plan TEXT PRIMARY KEY CHECK (plan IN ('free', 'paid')),
+  max_inboxes INTEGER NOT NULL,
+  max_custom_domains INTEGER NOT NULL,
+  max_api_keys INTEGER NOT NULL,
+  monthly_emails INTEGER NOT NULL,
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+INSERT INTO plan_limits (plan, max_inboxes, max_custom_domains, max_api_keys, monthly_emails)
+VALUES
+  ('free', 1, 0, 5, 1000),
+  ('paid', 10, 1, 100, 10000)
+ON CONFLICT (plan) DO NOTHING;
+
+CREATE TABLE IF NOT EXISTS idempotency_records (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  idempotency_key TEXT NOT NULL,
+  method TEXT NOT NULL,
+  request_path TEXT NOT NULL,
+  request_hash TEXT NOT NULL,
+  status TEXT NOT NULL CHECK (status IN ('in_progress', 'completed')),
+  response_status INTEGER,
+  response_body JSONB,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  expires_at TIMESTAMPTZ NOT NULL DEFAULT NOW() + INTERVAL '24 hours',
+  UNIQUE (org_id, idempotency_key, method, request_path)
+);
+
+CREATE TABLE IF NOT EXISTS webhook_events (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  provider TEXT NOT NULL,
+  event_id TEXT NOT NULL,
+  event_type TEXT,
+  payload JSONB NOT NULL,
+  processed_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  UNIQUE (provider, event_id)
+);
+
+CREATE TABLE IF NOT EXISTS schema_migrations (
+  id BIGSERIAL PRIMARY KEY,
+  filename TEXT UNIQUE NOT NULL,
+  executed_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_inboxes_org_status ON inboxes (org_id, status);
+CREATE INDEX IF NOT EXISTS idx_domains_org_status ON domains (org_id, status);
+CREATE INDEX IF NOT EXISTS idx_emails_org_inbox_created ON emails (org_id, inbox_id, created_at DESC);
+CREATE UNIQUE INDEX IF NOT EXISTS idx_emails_org_direction_message_id_unique
+  ON emails (org_id, direction, message_id) WHERE message_id IS NOT NULL;
+CREATE INDEX IF NOT EXISTS idx_api_keys_org_revoked ON api_keys (org_id, revoked_at);
+CREATE INDEX IF NOT EXISTS idx_idempotency_expires ON idempotency_records (expires_at);

package/sql/002_local_auth.sql

@@ -0,0 +1,38 @@
+ALTER TABLE users
+  ADD COLUMN IF NOT EXISTS password_hash TEXT;
+
+DO $$
+BEGIN
+  IF EXISTS (
+    SELECT 1
+    FROM information_schema.columns
+    WHERE table_name = 'users' AND column_name = 'google_sub'
+  ) THEN
+    ALTER TABLE users ALTER COLUMN google_sub DROP NOT NULL;
+  END IF;
+END $$;
+
+DO $$
+BEGIN
+  IF EXISTS (
+    SELECT 1
+    FROM pg_constraint
+    WHERE conname = 'users_google_sub_key'
+  ) THEN
+    ALTER TABLE users DROP CONSTRAINT users_google_sub_key;
+  END IF;
+END $$;
+
+UPDATE users
+SET full_name = COALESCE(full_name, '')
+WHERE full_name IS NULL;
+
+UPDATE users
+SET password_hash = COALESCE(password_hash, '')
+WHERE password_hash IS NULL;
+
+ALTER TABLE users
+  ALTER COLUMN full_name SET NOT NULL;
+
+ALTER TABLE users
+  ALTER COLUMN password_hash SET NOT NULL;

package/sql/003_domain_routes.sql

@@ -0,0 +1,2 @@
+ALTER TABLE domains
+  ADD COLUMN IF NOT EXISTS provider_route_id TEXT;

package/sql/004_reliability_primitives.sql

@@ -0,0 +1,75 @@
+ALTER TABLE emails
+  ADD COLUMN IF NOT EXISTS delivery_status TEXT;
+
+UPDATE emails
+SET delivery_status = CASE
+  WHEN direction = 'inbound' THEN 'received'
+  WHEN direction = 'outbound' THEN 'queued'
+  ELSE 'unknown'
+END
+WHERE delivery_status IS NULL;
+
+ALTER TABLE emails
+  ALTER COLUMN delivery_status SET DEFAULT 'unknown';
+
+DO $$
+BEGIN
+  IF NOT EXISTS (
+    SELECT 1
+    FROM pg_constraint
+    WHERE conname = 'emails_delivery_status_check'
+  ) THEN
+    ALTER TABLE emails
+      ADD CONSTRAINT emails_delivery_status_check
+      CHECK (delivery_status IN ('unknown', 'queued', 'sent', 'failed', 'received'));
+  END IF;
+END $$;
+
+ALTER TABLE emails
+  ALTER COLUMN delivery_status SET NOT NULL;
+
+CREATE UNIQUE INDEX IF NOT EXISTS idx_emails_org_direction_message_id_unique
+  ON emails (org_id, direction, message_id)
+  WHERE message_id IS NOT NULL;
+
+CREATE TABLE IF NOT EXISTS plan_limits (
+  plan TEXT PRIMARY KEY CHECK (plan IN ('free', 'paid')),
+  max_inboxes INTEGER NOT NULL,
+  max_custom_domains INTEGER NOT NULL,
+  max_api_keys INTEGER NOT NULL,
+  monthly_emails INTEGER NOT NULL,
+  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+INSERT INTO plan_limits (plan, max_inboxes, max_custom_domains, max_api_keys, monthly_emails)
+VALUES
+  ('free', 1, 0, 5, 1000),
+  ('paid', 10, 1, 100, 10000)
+ON CONFLICT (plan) DO NOTHING;
+
+CREATE TABLE IF NOT EXISTS idempotency_records (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  org_id UUID NOT NULL REFERENCES organizations(id) ON DELETE CASCADE,
+  idempotency_key TEXT NOT NULL,
+  method TEXT NOT NULL,
+  request_path TEXT NOT NULL,
+  request_hash TEXT NOT NULL,
+  status TEXT NOT NULL CHECK (status IN ('in_progress', 'completed')),
+  response_status INTEGER,
+  response_body JSONB,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  expires_at TIMESTAMPTZ NOT NULL DEFAULT NOW() + INTERVAL '24 hours',
+  UNIQUE (org_id, idempotency_key, method, request_path)
+);
+
+CREATE INDEX IF NOT EXISTS idx_idempotency_expires ON idempotency_records (expires_at);
+
+CREATE TABLE IF NOT EXISTS webhook_events (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  provider TEXT NOT NULL,
+  event_id TEXT NOT NULL,
+  event_type TEXT,
+  payload JSONB NOT NULL,
+  processed_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+  UNIQUE (provider, event_id)
+);

package/sql/005_auth_email_flows.sql

@@ -0,0 +1,22 @@
+ALTER TABLE users
+  ADD COLUMN IF NOT EXISTS email_verified_at TIMESTAMPTZ;
+
+UPDATE users
+SET email_verified_at = COALESCE(email_verified_at, created_at)
+WHERE email_verified_at IS NULL;
+
+CREATE TABLE IF NOT EXISTS auth_tokens (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  purpose TEXT NOT NULL CHECK (purpose IN ('email_verification', 'password_reset')),
+  token_hash TEXT NOT NULL UNIQUE,
+  expires_at TIMESTAMPTZ NOT NULL,
+  used_at TIMESTAMPTZ,
+  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_auth_tokens_user_purpose
+  ON auth_tokens (user_id, purpose, created_at DESC);
+
+CREATE INDEX IF NOT EXISTS idx_auth_tokens_expires
+  ON auth_tokens (expires_at);

package/src/config.js

@@ -0,0 +1,30 @@
+import dotenv from 'dotenv';
+
+dotenv.config();
+
+const required = ['DATABASE_URL', 'APP_BASE_URL', 'APP_SHARED_DOMAIN', 'SESSION_SECRET', 'API_KEY_HASH_SECRET'];
+for (const key of required) {
+  if (!process.env[key]) {
+    throw new Error(`Missing required environment variable: ${key}`);
+  }
+}
+
+export const config = {
+  nodeEnv: process.env.NODE_ENV ?? 'development',
+  port: Number(process.env.PORT ?? 3000),
+  appBaseUrl: process.env.APP_BASE_URL,
+  appSharedDomain: process.env.APP_SHARED_DOMAIN.toLowerCase(),
+  adminEmail: (process.env.ADMIN_EMAIL ?? 'jagan.ganti@gmail.com').toLowerCase(),
+  sessionSecret: process.env.SESSION_SECRET,
+  apiKeyHashSecret: process.env.API_KEY_HASH_SECRET,
+  databaseUrl: process.env.DATABASE_URL,
+  mailgunApiKey: process.env.MAILGUN_API_KEY,
+  mailgunRegion: process.env.MAILGUN_REGION ?? 'us',
+  mailgunWebhookSigningKey: process.env.MAILGUN_WEBHOOK_SIGNING_KEY,
+  mailgunAccountDomain: process.env.MAILGUN_ACCOUNT_DOMAIN,
+  mailFromEmail: process.env.MAIL_FROM_EMAIL,
+  dodoPaymentsApiKey: process.env.DODO_PAYMENTS_API_KEY,
+  dodoPaymentsEnvironment: process.env.DODO_PAYMENTS_ENVIRONMENT ?? 'test_mode',
+  dodoPaymentsWebhookKey: process.env.DODO_PAYMENTS_WEBHOOK_KEY,
+  dodoPaidProductId: process.env.DODO_PAYMENTS_PRODUCT_ID_PAID
+};

package/src/db.js

@@ -0,0 +1,25 @@
+import pg from 'pg';
+import { config } from './config.js';
+
+const { Pool } = pg;
+
+export const pool = new Pool({ connectionString: config.databaseUrl });
+
+export async function query(text, values = []) {
+  return pool.query(text, values);
+}
+
+export async function withTransaction(fn) {
+  const client = await pool.connect();
+  try {
+    await client.query('BEGIN');
+    const result = await fn(client);
+    await client.query('COMMIT');
+    return result;
+  } catch (err) {
+    await client.query('ROLLBACK');
+    throw err;
+  } finally {
+    client.release();
+  }
+}

package/src/lib/api-auth.js

@@ -0,0 +1,55 @@
+import fp from 'fastify-plugin';
+import { hashApiKey } from './security.js';
+import { getApiKeyByHash, getOrganizationById, touchApiKey } from './store.js';
+
+function parseBearer(authHeader) {
+  if (!authHeader) {
+    return null;
+  }
+  const [scheme, token] = authHeader.split(' ');
+  if (!scheme || !token || scheme.toLowerCase() !== 'bearer') {
+    return null;
+  }
+  return token.trim();
+}
+
+export const apiAuthPlugin = fp(async function apiAuthPlugin(fastify) {
+  fastify.decorateRequest('apiAuth', null);
+
+  fastify.decorate('requireApiKey', async (req, reply) => {
+    const token = parseBearer(req.headers.authorization);
+    if (!token) {
+      return reply.code(401).send({ error: 'Missing bearer token' });
+    }
+
+    const keyHash = hashApiKey(token);
+    const apiKey = await getApiKeyByHash(keyHash);
+    if (!apiKey) {
+      return reply.code(401).send({ error: 'Invalid API key' });
+    }
+
+    const org = await getOrganizationById(apiKey.org_id);
+    if (!org) {
+      return reply.code(401).send({ error: 'Invalid API key context' });
+    }
+
+    await touchApiKey(apiKey.id);
+    req.apiAuth = {
+      apiKey,
+      org
+    };
+    return undefined;
+  });
+
+  fastify.decorate('requireScope', (scope) => {
+    return async (req, reply) => {
+      if (!req.apiAuth) {
+        return reply.code(401).send({ error: 'Unauthorized' });
+      }
+      if (!req.apiAuth.apiKey.scopes.includes(scope) && !req.apiAuth.apiKey.scopes.includes('*')) {
+        return reply.code(403).send({ error: `Missing scope: ${scope}` });
+      }
+      return undefined;
+    };
+  });
+});

package/src/lib/auth.js

@@ -0,0 +1,71 @@
+import fp from 'fastify-plugin';
+import fastifyCookie from '@fastify/cookie';
+import fastifySession from '@fastify/session';
+import { config } from '../config.js';
+import { getAuthSession } from './session.js';
+import { ensureCsrfToken, hasValidCsrfToken } from './csrf.js';
+import { getOrganizationForUser, getUserById } from './store.js';
+
+export const authPlugin = fp(async function authPlugin(fastify) {
+  await fastify.register(fastifyCookie);
+  await fastify.register(fastifySession, {
+    secret: config.sessionSecret,
+    cookieName: 'agentinbox.sid',
+    saveUninitialized: false,
+    rolling: true,
+    cookie: {
+      secure: config.nodeEnv === 'production' ? 'auto' : false,
+      httpOnly: true,
+      sameSite: 'lax',
+      maxAge: 1000 * 60 * 60 * 12
+    }
+  });
+
+  fastify.decorateRequest('authUser', null);
+  fastify.decorateRequest('authOrg', null);
+
+  fastify.decorate('ensureCsrfToken', (req) => ensureCsrfToken(req));
+
+  fastify.decorate('attachCsrfToView', (req, reply) => {
+    reply.locals = {
+      ...(reply.locals ?? {}),
+      csrfToken: fastify.ensureCsrfToken(req)
+    };
+  });
+
+  fastify.decorate('requireCsrf', async (req, reply) => {
+    if (hasValidCsrfToken(req)) {
+      return undefined;
+    }
+    return reply.code(403).send('Invalid CSRF token');
+  });
+
+  fastify.decorate('loadAuthContext', async (req) => {
+    const auth = getAuthSession(req);
+    if (!auth?.userId || !auth?.orgId) {
+      return null;
+    }
+
+    const user = await getUserById(auth.userId);
+    if (!user) {
+      return null;
+    }
+
+    const org = await getOrganizationForUser(auth.userId, auth.orgId);
+    if (!org) {
+      return null;
+    }
+
+    req.authUser = user;
+    req.authOrg = org;
+    return { user, org };
+  });
+
+  fastify.decorate('requireUser', async (req, reply) => {
+    const context = await fastify.loadAuthContext(req);
+    if (!context) {
+      return reply.redirect('/');
+    }
+    return undefined;
+  });
+});

package/src/lib/csrf.js

@@ -0,0 +1,46 @@
+import crypto from 'node:crypto';
+
+const CSRF_TOKEN_KEY = 'csrfToken';
+const TOKEN_BYTES = 32;
+const SAFE_METHODS = new Set(['GET', 'HEAD', 'OPTIONS']);
+
+function asSingleValue(value) {
+  if (Array.isArray(value)) {
+    return String(value[0] ?? '');
+  }
+  return String(value ?? '');
+}
+
+export function ensureCsrfToken(req) {
+  const existing = asSingleValue(req.session?.[CSRF_TOKEN_KEY]).trim();
+  if (existing) {
+    return existing;
+  }
+  const created = crypto.randomBytes(TOKEN_BYTES).toString('hex');
+  req.session[CSRF_TOKEN_KEY] = created;
+  return created;
+}
+
+export function hasValidCsrfToken(req) {
+  if (SAFE_METHODS.has(req.method)) {
+    return true;
+  }
+
+  const sessionToken = asSingleValue(req.session?.[CSRF_TOKEN_KEY]).trim();
+  if (!sessionToken) {
+    return false;
+  }
+
+  const bodyToken = asSingleValue(req.body?._csrf).trim();
+  const headerToken = asSingleValue(req.headers['x-csrf-token']).trim();
+  const candidate = bodyToken || headerToken;
+  if (!candidate || candidate.length !== sessionToken.length) {
+    return false;
+  }
+
+  try {
+    return crypto.timingSafeEqual(Buffer.from(candidate), Buffer.from(sessionToken));
+  } catch (_) {
+    return false;
+  }
+}

package/src/lib/dodo.js

@@ -0,0 +1,67 @@
+import DodoPayments from 'dodopayments';
+import { config } from '../config.js';
+
+let client = null;
+
+function getClient() {
+  if (!client) {
+    client = new DodoPayments({
+      bearerToken: config.dodoPaymentsApiKey,
+      webhookKey: config.dodoPaymentsWebhookKey || null,
+      environment: config.dodoPaymentsEnvironment
+    });
+  }
+  return client;
+}
+
+export const dodo = {
+  isConfigured() {
+    return Boolean(config.dodoPaymentsApiKey && config.dodoPaidProductId);
+  },
+
+  getClient,
+
+  async createPaidUpgradeCheckout({ customerName, customerEmail, orgId, returnUrl }) {
+    if (!this.isConfigured()) {
+      throw new Error('Dodo Payments is not configured');
+    }
+
+    const response = await getClient().checkoutSessions.create({
+      customer: {
+        email: customerEmail,
+        name: customerName
+      },
+      product_cart: [
+        {
+          product_id: config.dodoPaidProductId,
+          quantity: 1
+        }
+      ],
+      metadata: {
+        org_id: orgId,
+        target_plan: 'paid'
+      },
+      return_url: returnUrl
+    });
+
+    return response;
+  },
+
+  async getCheckoutStatus(sessionId) {
+    if (!sessionId) {
+      throw new Error('sessionId is required');
+    }
+    return getClient().checkoutSessions.retrieve(sessionId);
+  },
+
+  unwrapWebhook({ body, headers }) {
+    return getClient().webhooks.unwrap(body, {
+      headers,
+      key: config.dodoPaymentsWebhookKey
+    });
+  },
+
+  unsafeUnwrapWebhook(body) {
+    return getClient().webhooks.unsafeUnwrap(body);
+  }
+};

package/src/lib/email-templates.js

@@ -0,0 +1,67 @@
+function greeting(fullName) {
+  const safeName = String(fullName ?? '').trim();
+  return safeName ? `Hi ${safeName},` : 'Hi,';
+}
+
+export function buildVerificationEmailTemplate({ fullName, verifyUrl }) {
+  const intro = greeting(fullName);
+  const subject = 'Verify your EmailAgent account';
+  const text = `${intro}
+
+Please verify your email to activate your EmailAgent account.
+
+Verify now: ${verifyUrl}
+
+This link expires in 24 hours.
+`;
+
+  const html = `
+    <p>${intro}</p>
+    <p>Please verify your email to activate your EmailAgent account.</p>
+    <p><a href="${verifyUrl}">Verify your account</a></p>
+    <p>This link expires in 24 hours.</p>
+  `;
+
+  return { subject, text, html };
+}
+
+export function buildWelcomeEmailTemplate({ fullName, appUrl }) {
+  const intro = greeting(fullName);
+  const subject = 'Welcome to EmailAgent';
+  const text = `${intro}
+
+Welcome to EmailAgent. Your account is now active.
+
+Open your dashboard: ${appUrl}/app/inboxes
+`;
+
+  const html = `
+    <p>${intro}</p>
+    <p>Welcome to EmailAgent. Your account is now active.</p>
+    <p><a href="${appUrl}/app/inboxes">Open your dashboard</a></p>
+  `;
+
+  return { subject, text, html };
+}
+
+export function buildPasswordResetEmailTemplate({ fullName, resetUrl }) {
+  const intro = greeting(fullName);
+  const subject = 'Reset your EmailAgent password';
+  const text = `${intro}
+
+We received a request to reset your password.
+
+Reset password: ${resetUrl}
+
+This link expires in 1 hour. If you did not request this, you can ignore this email.
+`;
+
+  const html = `
+    <p>${intro}</p>
+    <p>We received a request to reset your password.</p>
+    <p><a href="${resetUrl}">Reset password</a></p>
+    <p>This link expires in 1 hour. If you did not request this, you can ignore this email.</p>
+  `;
+
+  return { subject, text, html };
+}