sently 0.3.3 → 0.4.1

package/CHANGELOG.md

@@ -0,0 +1,119 @@
+# Changelog
+
+## [0.4.1] — 2026-05-30
+
+### Fixed
+
+- CI: use locally installed tsc (node_modules/.bin/tsc) in build.ts
+  instead of bunx tsc to avoid runtime npm downloads in CI
+- CI: add bun run build step to SMTP integration job so dist/ exists
+  before the integration test imports from 'sently'
+- CI: improved smoke test error output with explicit .catch() handler
+- CI: added FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 to all workflow jobs
+
+## [0.4.0] — 2026-05-30
+
+### Added
+
+- `PreviewTransport` — writes emails to disk as .eml or HTML for local development
+- `RetryTransport` — decorator transport with exponential/linear/fixed backoff
+- `mailer.sendBulk()` — batch send with concurrency control and per-message callbacks
+- `templatePlugin` + `simpleEngine` — zero-dependency {{variable}} template rendering
+- `verify()` on all HTTP transports (Resend, SendGrid, Postmark, Mailgun, SES, Brevo)
+  returns typed `VerifyResult` instead of `boolean`
+- `MailOptions.template` and `MailOptions.data` fields for template plugin integration
+- `SESTransport` now accepts `dkim` config for signing raw MIME messages
+- `attachment.path` basePath guard (opt-in) in resolveAttachments
+- GitHub Actions CI matrix: unit tests (Bun), smoke test (Node 22), SMTP integration (Mailpit)
+
+### Fixed
+
+- `detectRuntime()` priority hardened: Bun checked before Node.js process globals
+- Cloudflare Workers detection uses positive signature (caches + UA), not absence of other runtimes
+
+## [0.3.4] — 2026-05-30
+
+### Fixed
+
+- Stale `sendx` references in package.json, build.ts, PROGRESS.md
+- JSR badge URL now matches jsr.json scope exactly
+- OAuth2 refresh deduplication: `refreshPromise` cleared in `.finally()`
+  to correctly handle rejected refresh attempts
+- SMTPPool.close() now sets draining flag, rejects new sends,
+  and uses Promise.allSettled to drain in-flight messages
+- Audited all buildMIME() call sites — await confirmed present
+
+### Added
+
+- `engines` field in package.json (Node >= 18, Bun >= 1.0)
+
+## [0.3.3] — 2026-05-29
+
+### Fixed
+
+- Corrected JSR package name in README from `@sently/sently` to `@alialnaghmoush/sently`
+
+## [0.3.2] — 2026-05-29
+
+### Fixed
+
+- Biome formatting in MIME header builder (`src/core/mime.ts`) so `bun lint` passes
+
+## [0.3.1] — 2026-05-29
+
+### Security
+
+- Fixed CRLF header injection: `sanitizeHeaderValue()` strips CR/LF
+  from Subject, display names, and custom headers in MIME builder
+- Fixed SMTP command injection: `MAIL FROM` and `RCPT TO` throw
+  `SMTPError` when address contains CR or LF
+- Fixed email address validation: `isValidEmail()` rejects strings
+  containing CR, LF, or TAB
+- Fixed OAuth2 refresh race condition: concurrent `getAccessToken()`
+  calls now share a single in-flight refresh Promise
+- Added `console.warn` when `rejectUnauthorized: false` is set
+  in Node.js and Bun adapters
+- Added security note in README for `attachment.path`
+
+## [0.3.0] — 2026-05-29
+
+### Added
+
+- Plugin system: `plugins` array in `createMailer()` config
+  Plugins are `(options: MailOptions) => MailOptions | Promise<MailOptions>` functions
+  that run sequentially before message construction
+- `MailgunTransport` — Mailgun HTTP API (multipart/form-data)
+- `SESTransport` — AWS SES v2 HTTP API with SigV4 signing (Web Crypto)
+- `BrevoTransport` — Brevo (formerly Sendinblue) HTTP API
+- `TLSOptions.minVersion` — set minimum TLS version for legacy SMTP servers
+
+### Parity milestone
+
+sently now covers ~98% of Nodemailer feature parity for modern use cases.
+Remaining gaps (SOCKS proxy, iCal) are out of scope by design.
+
+## [0.2.0] — 2026-05-29
+
+### Added
+
+- DKIM signing (RSA-SHA256 and Ed25519-SHA256) via `SMTPConfig.dkim`
+- OAuth2 / XOAUTH2 authentication via `SMTPAuth.type = 'OAUTH2'`
+- Connection pooling via `SMTPConfig.pool` and `SMTPPool`
+- Rate limiting via `PoolConfig.rateDelta` / `PoolConfig.rateLimit`
+- CRAM-MD5 authentication (pure-JS HMAC-MD5)
+
+### Changed
+
+- npm package name is `sently`; JSR package name is `@sently/sently`
+- `SMTPAuth.pass` is now optional (was required in v0.1)
+- `buildMIME()` is now `async` when DKIM config is provided
+- `selectAuthMethod` priority: XOAUTH2 > CRAM-MD5 > LOGIN > PLAIN
+- `createMailer()` uses `SMTPPool` automatically when `pool: true`
+
+### Fixed
+
+- CRAM-MD5 stub now fully implemented
+
+## [0.1.0] — 2026-05-29
+
+Initial release.

package/README.md

@@ -285,6 +285,99 @@ import { BrevoTransport } from "sently/transports/brevo";
 const transport = new BrevoTransport({ apiKey: "xkeysib-..." });
 ```
 
+### PreviewTransport
+
+Write emails to disk during local development instead of sending them:
+
+```typescript
+import { PreviewTransport } from "sently/transports/preview";
+import { createMailer } from "sently";
+
+const mailer = await createMailer({
+  transport: new PreviewTransport({
+    outDir: "./.emails",
+    open: true,
+    format: "html",
+  }),
+});
+
+await mailer.send({
+  from: "dev@localhost",
+  to: "you@example.com",
+  subject: "Preview me",
+  html: "<h1>Hello</h1>",
+});
+```
+
+### RetryTransport
+
+Wrap any transport with automatic retries and configurable backoff:
+
+```typescript
+import { RetryTransport } from "sently/transports/retry";
+import { ResendTransport } from "sently/transports/resend";
+import { createMailer } from "sently";
+
+const transport = new RetryTransport(
+  new ResendTransport({ apiKey: process.env.RESEND_API_KEY! }),
+  { maxAttempts: 3, backoff: "exponential", retryOn: [429, 503] },
+);
+
+const mailer = await createMailer({ transport });
+```
+
+### sendBulk()
+
+Send multiple messages with concurrency control and per-message callbacks:
+
+```typescript
+const result = await mailer.sendBulk(
+  [
+    { from: "a@b.com", to: "1@example.com", subject: "One", text: "Hi" },
+    { from: "a@b.com", to: "2@example.com", subject: "Two", text: "Hi" },
+  ],
+  {
+    concurrency: 2,
+    onSuccess: (_msg, index) => console.log(`Sent #${index}`),
+    onError: (_msg, index, err) => console.error(`Failed #${index}`, err),
+  },
+);
+
+console.log(result.sent, result.failed);
+```
+
+### TemplatePlugin
+
+Render HTML from named templates with zero dependencies:
+
+```typescript
+import { templatePlugin, simpleEngine } from "sently/plugins/template";
+import { createMailer } from "sently";
+import { ResendTransport } from "sently/transports/resend";
+
+const mailer = await createMailer({
+  transport: new ResendTransport({ apiKey: "re_..." }),
+  plugins: [
+    templatePlugin({
+      engine: simpleEngine,
+      templates: {
+        welcome: "<h1>Hello, {{name}}!</h1>",
+      },
+    }),
+  ],
+});
+
+await mailer.send({
+  from: "onboarding@yourdomain.com",
+  to: "user@example.com",
+  subject: "Welcome",
+  template: "welcome",
+  data: { name: "Ali" },
+});
+```
+
+Use a custom engine by passing any `(template, data) => string` function to `templatePlugin`.
+
 ### Plugin system
 
 Plugins transform `MailOptions` before the transport builds and sends the message. They run sequentially — each receives the output of the previous plugin.

package/dist/adapters/bun.d.ts

@@ -0,0 +1,35 @@
+import type { SocketAdapter, TLSOptions } from "../core/types.js";
+/** Configuration options for {@link BunAdapter}. */
+export interface BunAdapterOptions {
+    secure?: boolean;
+    connectionTimeout?: number;
+    tls?: TLSOptions;
+}
+/**
+ * Bun socket adapter using node:net and node:tls (Node compat layer).
+ */
+export declare class BunAdapter implements SocketAdapter {
+    private socket;
+    private _secure;
+    private _connected;
+    private readonly connectionTimeout;
+    private readonly tlsOptions;
+    /** Creates a Bun socket adapter (requires the Bun runtime). */
+    constructor(options?: BunAdapterOptions);
+    /** Whether the connection uses TLS. */
+    get secure(): boolean;
+    /** Whether the socket is currently connected. */
+    get connected(): boolean;
+    /** Opens a TCP or TLS connection to the given host and port. */
+    connect(host: string, port: number): Promise<void>;
+    /** Upgrades a plain connection to TLS via STARTTLS. */
+    startTLS(options?: TLSOptions): Promise<void>;
+    /** Writes raw bytes to the socket. */
+    write(data: Uint8Array): Promise<void>;
+    /** Reads incoming socket data as an async iterable of byte chunks. */
+    read(): AsyncGenerator<Uint8Array, void, unknown>;
+    /** Closes the socket connection. */
+    close(): Promise<void>;
+    private connectPlain;
+    private connectTls;
+}

package/dist/{src/adapters → adapters}/bun.js

@@ -1,4 +1,4 @@
-import"../../chunk-v0bahtg2.js";
+import"../chunk-v0bahtg2.js";
 
 // src/adapters/bun.ts
 import net from "node:net";

package/dist/adapters/cf.d.ts

@@ -0,0 +1,55 @@
+/**
+ * @module
+ * Cloudflare Workers socket adapter for SMTP via cloudflare:sockets.
+ *
+ * @example
+ * ```ts
+ * import { CloudflareAdapter } from "sently/adapters/cf";
+ * import { createMailer } from "sently";
+ *
+ * const mailer = await createMailer({
+ *   host: "smtp.example.com",
+ *   adapter: new CloudflareAdapter(),
+ *   auth: { user: "relay@example.com", pass: "secret" },
+ * });
+ * ```
+ */
+import type { SocketAdapter, TLSOptions } from "../core/types.js";
+/** Configuration options for {@link CloudflareAdapter}. */
+export interface CloudflareAdapterOptions {
+    secure?: boolean;
+    starttls?: boolean;
+    tls?: TLSOptions;
+}
+/**
+ * Cloudflare Workers socket adapter via cloudflare:sockets.
+ *
+ * Limitations:
+ * - No connection pooling (isolate lifecycle)
+ * - No file system access for attachment.path
+ * - No DNS MX lookup — explicit SMTP relay host required
+ */
+export declare class CloudflareAdapter implements SocketAdapter {
+    private socket;
+    private writer;
+    private _secure;
+    private _connected;
+    private readonly directTls;
+    private readonly starttls;
+    /** Creates a Cloudflare Workers socket adapter. */
+    constructor(options?: CloudflareAdapterOptions);
+    /** Whether the connection uses TLS. */
+    get secure(): boolean;
+    /** Whether the socket is currently connected. */
+    get connected(): boolean;
+    /** Opens a TCP or TLS connection to the given host and port. */
+    connect(host: string, port: number): Promise<void>;
+    /** Upgrades a plain connection to TLS via STARTTLS. */
+    startTLS(_options?: TLSOptions): Promise<void>;
+    /** Writes raw bytes to the socket. */
+    write(data: Uint8Array): Promise<void>;
+    /** Reads incoming socket data as an async iterable of byte chunks. */
+    read(): AsyncGenerator<Uint8Array, void, unknown>;
+    /** Closes the socket connection. */
+    close(): Promise<void>;
+}

package/dist/{src/adapters → adapters}/cf.js

@@ -1,6 +1,6 @@
 import {
   __require
-} from "../../chunk-v0bahtg2.js";
+} from "../chunk-v0bahtg2.js";
 
 // src/adapters/cf.ts
 class CloudflareAdapter {

package/dist/adapters/deno.d.ts

@@ -0,0 +1,48 @@
+/**
+ * @module
+ * Deno socket adapter for SMTP connections via Deno.connect and Deno.startTls.
+ *
+ * @example
+ * ```ts
+ * import { DenoAdapter } from "sently/adapters/deno";
+ * import { createMailer } from "sently";
+ *
+ * const mailer = await createMailer({
+ *   host: "smtp.example.com",
+ *   adapter: new DenoAdapter(),
+ *   auth: { user: "you@example.com", pass: "secret" },
+ * });
+ * ```
+ */
+import type { SocketAdapter, TLSOptions } from "../core/types.js";
+/** Configuration options for {@link DenoAdapter}. */
+export interface DenoAdapterOptions {
+    secure?: boolean;
+    connectionTimeout?: number;
+    tls?: TLSOptions;
+}
+/**
+ * Deno socket adapter using Deno.connect / Deno.startTls.
+ */
+export declare class DenoAdapter implements SocketAdapter {
+    private conn;
+    private _secure;
+    private _connected;
+    private readonly tlsOptions;
+    /** Creates a Deno socket adapter (requires the Deno runtime). */
+    constructor(options?: DenoAdapterOptions);
+    /** Whether the connection uses TLS. */
+    get secure(): boolean;
+    /** Whether the socket is currently connected. */
+    get connected(): boolean;
+    /** Opens a TCP or TLS connection to the given host and port. */
+    connect(host: string, port: number): Promise<void>;
+    /** Upgrades a plain connection to TLS via STARTTLS. */
+    startTLS(options?: TLSOptions): Promise<void>;
+    /** Writes raw bytes to the socket. */
+    write(data: Uint8Array): Promise<void>;
+    /** Reads incoming socket data as an async iterable of byte chunks. */
+    read(): AsyncGenerator<Uint8Array, void, unknown>;
+    /** Closes the socket connection. */
+    close(): Promise<void>;
+}

package/dist/{src/adapters → adapters}/deno.js

@@ -1,4 +1,4 @@
-import"../../chunk-v0bahtg2.js";
+import"../chunk-v0bahtg2.js";
 
 // src/adapters/deno.ts
 class DenoAdapter {

package/dist/adapters/node.d.ts

@@ -0,0 +1,35 @@
+import type { SocketAdapter, TLSOptions } from "../core/types.js";
+/** Configuration options for {@link NodeAdapter}. */
+export interface NodeAdapterOptions {
+    secure?: boolean;
+    connectionTimeout?: number;
+    tls?: TLSOptions;
+}
+/**
+ * Node.js socket adapter using node:net and node:tls.
+ */
+export declare class NodeAdapter implements SocketAdapter {
+    private socket;
+    private _secure;
+    private _connected;
+    private readonly connectionTimeout;
+    private readonly tlsOptions;
+    /** Creates a Node.js socket adapter. */
+    constructor(options?: NodeAdapterOptions);
+    /** Whether the connection uses TLS. */
+    get secure(): boolean;
+    /** Whether the socket is currently connected. */
+    get connected(): boolean;
+    /** Opens a TCP or TLS connection to the given host and port. */
+    connect(host: string, port: number): Promise<void>;
+    /** Upgrades a plain connection to TLS via STARTTLS. */
+    startTLS(options?: TLSOptions): Promise<void>;
+    /** Writes raw bytes to the socket. */
+    write(data: Uint8Array): Promise<void>;
+    /** Reads incoming socket data as an async iterable of byte chunks. */
+    read(): AsyncGenerator<Uint8Array, void, unknown>;
+    /** Closes the socket connection. */
+    close(): Promise<void>;
+    private connectPlain;
+    private connectTls;
+}

package/dist/{src/adapters → adapters}/node.js

@@ -1,4 +1,4 @@
-import"../../chunk-v0bahtg2.js";
+import"../chunk-v0bahtg2.js";
 
 // src/adapters/node.ts
 import net from "node:net";

package/dist/auth/oauth2.d.ts

@@ -0,0 +1,34 @@
+import type { OAuth2Config } from "../core/types.js";
+/** Default Google OAuth2 token endpoint. */
+export declare const GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token";
+/** Microsoft OAuth2 token endpoint (common tenant). */
+export declare const MICROSOFT_TOKEN_URL = "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+/** OAuth2 token endpoint response shape. */
+export interface TokenResponse {
+    access_token: string;
+    expires_in: number;
+    token_type: string;
+}
+/**
+ * OAuth2 client with in-memory token cache and automatic refresh.
+ */
+export declare class OAuth2Client {
+    private readonly config;
+    private cachedToken;
+    private expiresAt;
+    private refreshPromise;
+    /** Creates an OAuth2 client from configuration. */
+    constructor(config: OAuth2Config);
+    /**
+     * Get a valid access token (cached when still valid, refreshed otherwise).
+     */
+    getAccessToken(): Promise<string>;
+    /**
+     * Force-refresh the access token regardless of expiry.
+     */
+    refreshAccessToken(): Promise<string>;
+    /**
+     * Build the XOAUTH2 SASL string for SMTP AUTH (base64-encoded).
+     */
+    buildXOAUTH2(): Promise<string>;
+}

package/dist/{src/auth → auth}/oauth2.js

@@ -2,9 +2,9 @@ import {
   GOOGLE_TOKEN_URL,
   MICROSOFT_TOKEN_URL,
   OAuth2Client
-} from "../../chunk-ym3zzv8b.js";
-import"../../chunk-794hc3m4.js";
-import"../../chunk-v0bahtg2.js";
+} from "../chunk-ym3zzv8b.js";
+import"../chunk-794hc3m4.js";
+import"../chunk-v0bahtg2.js";
 export {
   OAuth2Client,
   MICROSOFT_TOKEN_URL,

package/dist/{chunk-hdqpvsm8.js → chunk-bvxkmq94.js}

@@ -83,9 +83,10 @@ function parseSingleAddress(input) {
 }
 
 // src/transports/resolve-attachments.ts
-async function resolveAttachments(attachments = []) {
+async function resolveAttachments(attachments, options) {
+  const list = attachments ?? [];
   const resolved = [];
-  for (const attachment of attachments) {
+  for (const attachment of list) {
     if (attachment.content instanceof Uint8Array) {
       resolved.push(attachment);
       continue;
@@ -97,6 +98,14 @@ async function resolveAttachments(attachments = []) {
       } catch {
         throw new Error("attachment.path is not supported on this runtime — use attachment.content (Uint8Array) instead");
       }
+      if (options?.basePath) {
+        const { resolve } = await import("node:path");
+        const resolvedPath = resolve(attachment.path);
+        const resolvedBase = resolve(options.basePath);
+        if (!resolvedPath.startsWith(resolvedBase)) {
+          throw new Error(`[sently] Attachment path "${resolvedPath}" escapes basePath "${options.basePath}". Use absolute paths within the allowed directory.`);
+        }
+      }
       const data = await fs.readFile(attachment.path);
       const { path: _path, ...rest } = attachment;
       resolved.push({ ...rest, content: new Uint8Array(data) });
@@ -113,4 +122,4 @@ async function resolveAttachments(attachments = []) {
 
 export { parseAddresses, toMIMEHeader, extractEmails, resolveAttachments };
 
-//# debugId=85211AC1FC8A34D664756E2164756E21
+//# debugId=7C59D40B68EA994E64756E2164756E21

package/dist/{chunk-hdqpvsm8.js.map → chunk-bvxkmq94.js.map}

@@ -3,9 +3,9 @@
   "sources": ["../src/core/address.ts", "../src/transports/resolve-attachments.ts"],
   "sourcesContent": [
     "// src/core/address.ts\nimport { encodeHeader } from \"./base64.js\";\nimport type { Address, AddressInput } from \"./types.js\";\n\n/**\n * Normalize any AddressInput form into Address[].\n */\nexport function parseAddresses(input: AddressInput): Address[] {\n  if (Array.isArray(input)) {\n    return input.flatMap((item) => parseAddresses(item));\n  }\n\n  if (typeof input === \"object\") {\n    return [{ ...input }];\n  }\n\n  const trimmed = input.trim();\n  if (!trimmed) {\n    return [];\n  }\n\n  return splitAddressList(trimmed).map(parseSingleAddress);\n}\n\n/**\n * Format an Address for SMTP envelope commands (MAIL FROM / RCPT TO).\n */\nexport function toEnvelope(address: Address): string {\n  return address.address;\n}\n\n/**\n * Format an Address for use in a MIME header (From, To, CC, etc.).\n */\nexport function toMIMEHeader(address: Address): string {\n  if (address.name) {\n    const name = encodeHeader(address.name);\n    return `${name} <${address.address}>`;\n  }\n  return address.address;\n}\n\n/**\n * Extract plain email strings from any AddressInput.\n */\nexport function extractEmails(input: AddressInput): string[] {\n  return parseAddresses(input).map((addr) => addr.address);\n}\n\n/**\n * Basic email format validation (format only, no DNS lookup).\n */\nexport function isValidEmail(email: string): boolean {\n  if (/[\\r\\n\\t]/.test(email)) return false;\n  return /^[^\\s@<>]+@[^\\s@<>]+\\.[^\\s@<>]+$/.test(email);\n}\n\nfunction splitAddressList(input: string): string[] {\n  const parts: string[] = [];\n  let current = \"\";\n  let inQuotes = false;\n  let inAngle = false;\n\n  for (let i = 0; i < input.length; i++) {\n    const char = input[i] ?? \"\";\n    if (char === '\"' && input[i - 1] !== \"\\\\\") {\n      inQuotes = !inQuotes;\n      current += char;\n      continue;\n    }\n    if (char === \"<\" && !inQuotes) {\n      inAngle = true;\n      current += char;\n      continue;\n    }\n    if (char === \">\" && !inQuotes) {\n      inAngle = false;\n      current += char;\n      continue;\n    }\n    if (char === \",\" && !inQuotes && !inAngle) {\n      if (current.trim()) {\n        parts.push(current.trim());\n      }\n      current = \"\";\n      continue;\n    }\n    current += char;\n  }\n\n  if (current.trim()) {\n    parts.push(current.trim());\n  }\n\n  return parts;\n}\n\nfunction parseSingleAddress(input: string): Address {\n  const trimmed = input.trim();\n\n  const angleMatch = trimmed.match(/^(?:\"([^\"]*)\"|([^<]*?))\\s*<([^>]+)>$/);\n  if (angleMatch) {\n    const name = (angleMatch[1] ?? angleMatch[2] ?? \"\").trim();\n    const address = (angleMatch[3] ?? \"\").trim();\n    if (name) {\n      return { name, address };\n    }\n    return { address };\n  }\n\n  if (trimmed.startsWith('\"') && trimmed.endsWith('\"')) {\n    return { address: trimmed.slice(1, -1) };\n  }\n\n  return { address: trimmed };\n}\n",
-    "import type { Attachment } from \"../core/types.js\";\n\n/**\n * Resolve attachment.path to in-memory Uint8Array content.\n * @throws When attachment.path is used on runtimes without node:fs/promises\n */\nexport async function resolveAttachments(attachments: Attachment[] = []): Promise<Attachment[]> {\n  const resolved: Attachment[] = [];\n\n  for (const attachment of attachments) {\n    if (attachment.content instanceof Uint8Array) {\n      resolved.push(attachment);\n      continue;\n    }\n\n    if (attachment.path) {\n      let fs: typeof import(\"node:fs/promises\");\n      try {\n        fs = await import(\"node:fs/promises\");\n      } catch {\n        throw new Error(\n          \"attachment.path is not supported on this runtime — use attachment.content (Uint8Array) instead\",\n        );\n      }\n\n      const data = await fs.readFile(attachment.path);\n      const { path: _path, ...rest } = attachment;\n      resolved.push({ ...rest, content: new Uint8Array(data) });\n      continue;\n    }\n\n    if (typeof attachment.content === \"string\") {\n      resolved.push(attachment);\n      continue;\n    }\n\n    resolved.push(attachment);\n  }\n\n  return resolved;\n}\n"
+    "import type { Attachment } from \"../core/types.js\";\n\n/** Options for {@link resolveAttachments}. */\nexport interface ResolveAttachmentsOptions {\n  /** If set, attachment paths must resolve within this directory.\n   *  Prevents symlink escape and path traversal. Opt-in only. */\n  basePath?: string;\n}\n\n/**\n * Resolve attachment.path to in-memory Uint8Array content.\n * @throws When attachment.path is used on runtimes without node:fs/promises\n */\nexport async function resolveAttachments(\n  attachments: Attachment[] | undefined,\n  options?: ResolveAttachmentsOptions,\n): Promise<Attachment[]> {\n  const list = attachments ?? [];\n  const resolved: Attachment[] = [];\n\n  for (const attachment of list) {\n    if (attachment.content instanceof Uint8Array) {\n      resolved.push(attachment);\n      continue;\n    }\n\n    if (attachment.path) {\n      let fs: typeof import(\"node:fs/promises\");\n      try {\n        fs = await import(\"node:fs/promises\");\n      } catch {\n        throw new Error(\n          \"attachment.path is not supported on this runtime — use attachment.content (Uint8Array) instead\",\n        );\n      }\n\n      if (options?.basePath) {\n        const { resolve } = await import(\"node:path\");\n        const resolvedPath = resolve(attachment.path);\n        const resolvedBase = resolve(options.basePath);\n        if (!resolvedPath.startsWith(resolvedBase)) {\n          throw new Error(\n            `[sently] Attachment path \"${resolvedPath}\" escapes basePath \"${options.basePath}\". ` +\n              \"Use absolute paths within the allowed directory.\",\n          );\n        }\n      }\n\n      const data = await fs.readFile(attachment.path);\n      const { path: _path, ...rest } = attachment;\n      resolved.push({ ...rest, content: new Uint8Array(data) });\n      continue;\n    }\n\n    if (typeof attachment.content === \"string\") {\n      resolved.push(attachment);\n      continue;\n    }\n\n    resolved.push(attachment);\n  }\n\n  return resolved;\n}\n"
   ],
-  "mappings": ";;;;;;;;AAOO,SAAS,cAAc,CAAC,OAAgC;AAAA,EAC7D,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,IACxB,OAAO,MAAM,QAAQ,CAAC,SAAS,eAAe,IAAI,CAAC;AAAA,EACrD;AAAA,EAEA,IAAI,OAAO,UAAU,UAAU;AAAA,IAC7B,OAAO,CAAC,KAAK,MAAM,CAAC;AAAA,EACtB;AAAA,EAEA,MAAM,UAAU,MAAM,KAAK;AAAA,EAC3B,IAAI,CAAC,SAAS;AAAA,IACZ,OAAO,CAAC;AAAA,EACV;AAAA,EAEA,OAAO,iBAAiB,OAAO,EAAE,IAAI,kBAAkB;AAAA;AAalD,SAAS,YAAY,CAAC,SAA0B;AAAA,EACrD,IAAI,QAAQ,MAAM;AAAA,IAChB,MAAM,OAAO,aAAa,QAAQ,IAAI;AAAA,IACtC,OAAO,GAAG,SAAS,QAAQ;AAAA,EAC7B;AAAA,EACA,OAAO,QAAQ;AAAA;AAMV,SAAS,aAAa,CAAC,OAA+B;AAAA,EAC3D,OAAO,eAAe,KAAK,EAAE,IAAI,CAAC,SAAS,KAAK,OAAO;AAAA;AAWzD,SAAS,gBAAgB,CAAC,OAAyB;AAAA,EACjD,MAAM,QAAkB,CAAC;AAAA,EACzB,IAAI,UAAU;AAAA,EACd,IAAI,WAAW;AAAA,EACf,IAAI,UAAU;AAAA,EAEd,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ,KAAK;AAAA,IACrC,MAAM,OAAO,MAAM,MAAM;AAAA,IACzB,IAAI,SAAS,OAAO,MAAM,IAAI,OAAO,MAAM;AAAA,MACzC,WAAW,CAAC;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,IACF;AAAA,IACA,IAAI,SAAS,OAAO,CAAC,UAAU;AAAA,MAC7B,UAAU;AAAA,MACV,WAAW;AAAA,MACX;AAAA,IACF;AAAA,IACA,IAAI,SAAS,OAAO,CAAC,UAAU;AAAA,MAC7B,UAAU;AAAA,MACV,WAAW;AAAA,MACX;AAAA,IACF;AAAA,IACA,IAAI,SAAS,OAAO,CAAC,YAAY,CAAC,SAAS;AAAA,MACzC,IAAI,QAAQ,KAAK,GAAG;AAAA,QAClB,MAAM,KAAK,QAAQ,KAAK,CAAC;AAAA,MAC3B;AAAA,MACA,UAAU;AAAA,MACV;AAAA,IACF;AAAA,IACA,WAAW;AAAA,EACb;AAAA,EAEA,IAAI,QAAQ,KAAK,GAAG;AAAA,IAClB,MAAM,KAAK,QAAQ,KAAK,CAAC;AAAA,EAC3B;AAAA,EAEA,OAAO;AAAA;AAGT,SAAS,kBAAkB,CAAC,OAAwB;AAAA,EAClD,MAAM,UAAU,MAAM,KAAK;AAAA,EAE3B,MAAM,aAAa,QAAQ,MAAM,sCAAsC;AAAA,EACvE,IAAI,YAAY;AAAA,IACd,MAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,IAAI,KAAK;AAAA,IACzD,MAAM,WAAW,WAAW,MAAM,IAAI,KAAK;AAAA,IAC3C,IAAI,MAAM;AAAA,MACR,OAAO,EAAE,MAAM,QAAQ;AAAA,IACzB;AAAA,IACA,OAAO,EAAE,QAAQ;AAAA,EACnB;AAAA,EAEA,IAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,GAAG;AAAA,IACpD,OAAO,EAAE,SAAS,QAAQ,MAAM,GAAG,EAAE,EAAE;AAAA,EACzC;AAAA,EAEA,OAAO,EAAE,SAAS,QAAQ;AAAA;;;AC5G5B,eAAsB,kBAAkB,CAAC,cAA4B,CAAC,GAA0B;AAAA,EAC9F,MAAM,WAAyB,CAAC;AAAA,EAEhC,WAAW,cAAc,aAAa;AAAA,IACpC,IAAI,WAAW,mBAAmB,YAAY;AAAA,MAC5C,SAAS,KAAK,UAAU;AAAA,MACxB;AAAA,IACF;AAAA,IAEA,IAAI,WAAW,MAAM;AAAA,MACnB,IAAI;AAAA,MACJ,IAAI;AAAA,QACF,KAAK,MAAa;AAAA,QAClB,MAAM;AAAA,QACN,MAAM,IAAI,MACR,gGACF;AAAA;AAAA,MAGF,MAAM,OAAO,MAAM,GAAG,SAAS,WAAW,IAAI;AAAA,MAC9C,QAAQ,MAAM,UAAU,SAAS;AAAA,MACjC,SAAS,KAAK,KAAK,MAAM,SAAS,IAAI,WAAW,IAAI,EAAE,CAAC;AAAA,MACxD;AAAA,IACF;AAAA,IAEA,IAAI,OAAO,WAAW,YAAY,UAAU;AAAA,MAC1C,SAAS,KAAK,UAAU;AAAA,MACxB;AAAA,IACF;AAAA,IAEA,SAAS,KAAK,UAAU;AAAA,EAC1B;AAAA,EAEA,OAAO;AAAA;",
-  "debugId": "85211AC1FC8A34D664756E2164756E21",
+  "mappings": ";;;;;;;;AAOO,SAAS,cAAc,CAAC,OAAgC;AAAA,EAC7D,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,IACxB,OAAO,MAAM,QAAQ,CAAC,SAAS,eAAe,IAAI,CAAC;AAAA,EACrD;AAAA,EAEA,IAAI,OAAO,UAAU,UAAU;AAAA,IAC7B,OAAO,CAAC,KAAK,MAAM,CAAC;AAAA,EACtB;AAAA,EAEA,MAAM,UAAU,MAAM,KAAK;AAAA,EAC3B,IAAI,CAAC,SAAS;AAAA,IACZ,OAAO,CAAC;AAAA,EACV;AAAA,EAEA,OAAO,iBAAiB,OAAO,EAAE,IAAI,kBAAkB;AAAA;AAalD,SAAS,YAAY,CAAC,SAA0B;AAAA,EACrD,IAAI,QAAQ,MAAM;AAAA,IAChB,MAAM,OAAO,aAAa,QAAQ,IAAI;AAAA,IACtC,OAAO,GAAG,SAAS,QAAQ;AAAA,EAC7B;AAAA,EACA,OAAO,QAAQ;AAAA;AAMV,SAAS,aAAa,CAAC,OAA+B;AAAA,EAC3D,OAAO,eAAe,KAAK,EAAE,IAAI,CAAC,SAAS,KAAK,OAAO;AAAA;AAWzD,SAAS,gBAAgB,CAAC,OAAyB;AAAA,EACjD,MAAM,QAAkB,CAAC;AAAA,EACzB,IAAI,UAAU;AAAA,EACd,IAAI,WAAW;AAAA,EACf,IAAI,UAAU;AAAA,EAEd,SAAS,IAAI,EAAG,IAAI,MAAM,QAAQ,KAAK;AAAA,IACrC,MAAM,OAAO,MAAM,MAAM;AAAA,IACzB,IAAI,SAAS,OAAO,MAAM,IAAI,OAAO,MAAM;AAAA,MACzC,WAAW,CAAC;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,IACF;AAAA,IACA,IAAI,SAAS,OAAO,CAAC,UAAU;AAAA,MAC7B,UAAU;AAAA,MACV,WAAW;AAAA,MACX;AAAA,IACF;AAAA,IACA,IAAI,SAAS,OAAO,CAAC,UAAU;AAAA,MAC7B,UAAU;AAAA,MACV,WAAW;AAAA,MACX;AAAA,IACF;AAAA,IACA,IAAI,SAAS,OAAO,CAAC,YAAY,CAAC,SAAS;AAAA,MACzC,IAAI,QAAQ,KAAK,GAAG;AAAA,QAClB,MAAM,KAAK,QAAQ,KAAK,CAAC;AAAA,MAC3B;AAAA,MACA,UAAU;AAAA,MACV;AAAA,IACF;AAAA,IACA,WAAW;AAAA,EACb;AAAA,EAEA,IAAI,QAAQ,KAAK,GAAG;AAAA,IAClB,MAAM,KAAK,QAAQ,KAAK,CAAC;AAAA,EAC3B;AAAA,EAEA,OAAO;AAAA;AAGT,SAAS,kBAAkB,CAAC,OAAwB;AAAA,EAClD,MAAM,UAAU,MAAM,KAAK;AAAA,EAE3B,MAAM,aAAa,QAAQ,MAAM,sCAAsC;AAAA,EACvE,IAAI,YAAY;AAAA,IACd,MAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,IAAI,KAAK;AAAA,IACzD,MAAM,WAAW,WAAW,MAAM,IAAI,KAAK;AAAA,IAC3C,IAAI,MAAM;AAAA,MACR,OAAO,EAAE,MAAM,QAAQ;AAAA,IACzB;AAAA,IACA,OAAO,EAAE,QAAQ;AAAA,EACnB;AAAA,EAEA,IAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,GAAG;AAAA,IACpD,OAAO,EAAE,SAAS,QAAQ,MAAM,GAAG,EAAE,EAAE;AAAA,EACzC;AAAA,EAEA,OAAO,EAAE,SAAS,QAAQ;AAAA;;;ACrG5B,eAAsB,kBAAkB,CACtC,aACA,SACuB;AAAA,EACvB,MAAM,OAAO,eAAe,CAAC;AAAA,EAC7B,MAAM,WAAyB,CAAC;AAAA,EAEhC,WAAW,cAAc,MAAM;AAAA,IAC7B,IAAI,WAAW,mBAAmB,YAAY;AAAA,MAC5C,SAAS,KAAK,UAAU;AAAA,MACxB;AAAA,IACF;AAAA,IAEA,IAAI,WAAW,MAAM;AAAA,MACnB,IAAI;AAAA,MACJ,IAAI;AAAA,QACF,KAAK,MAAa;AAAA,QAClB,MAAM;AAAA,QACN,MAAM,IAAI,MACR,gGACF;AAAA;AAAA,MAGF,IAAI,SAAS,UAAU;AAAA,QACrB,QAAQ,YAAY,MAAa;AAAA,QACjC,MAAM,eAAe,QAAQ,WAAW,IAAI;AAAA,QAC5C,MAAM,eAAe,QAAQ,QAAQ,QAAQ;AAAA,QAC7C,IAAI,CAAC,aAAa,WAAW,YAAY,GAAG;AAAA,UAC1C,MAAM,IAAI,MACR,6BAA6B,mCAAmC,QAAQ,6DAE1E;AAAA,QACF;AAAA,MACF;AAAA,MAEA,MAAM,OAAO,MAAM,GAAG,SAAS,WAAW,IAAI;AAAA,MAC9C,QAAQ,MAAM,UAAU,SAAS;AAAA,MACjC,SAAS,KAAK,KAAK,MAAM,SAAS,IAAI,WAAW,IAAI,EAAE,CAAC;AAAA,MACxD;AAAA,IACF;AAAA,IAEA,IAAI,OAAO,WAAW,YAAY,UAAU;AAAA,MAC1C,SAAS,KAAK,UAAU;AAAA,MACxB;AAAA,IACF;AAAA,IAEA,SAAS,KAAK,UAAU;AAAA,EAC1B;AAAA,EAEA,OAAO;AAAA;",
+  "debugId": "7C59D40B68EA994E64756E2164756E21",
   "names": []
 }

package/dist/{chunk-dhbe64fc.js → chunk-j6qw8ms6.js}

@@ -2,7 +2,7 @@ import {
   extractEmails,
   parseAddresses,
   toMIMEHeader
-} from "./chunk-hdqpvsm8.js";
+} from "./chunk-bvxkmq94.js";
 import {
   encodeBase64,
   encodeHeader,