stratal 0.0.21 → 0.0.23

package/dist/email/index.mjs

@@ -1,12 +1,18 @@
-import { H as ApplicationError, k as ERROR_CODES } from "../errors-COW9-Mar.mjs";
-import { a as __decorate, o as __decorateParam, p as Transient, s as __decorateMetadata, u as LOGGER_TOKENS } from "../logger-DlV7NtvD.mjs";
-import { k as Module } from "../module-BzLg57FK.mjs";
-import { i as z, s as withI18n } from "../validation-DtJwAv7O.mjs";
-import { c as QUEUE_TOKENS } from "../queue.module-BhCjZp6H.mjs";
+import { c as Transient, d as inject } from "../di-DseMn-z9.mjs";
+import { a as ApplicationError } from "../container-storage-BmOJ4_Na.mjs";
+import { n as __decorateParam, t as __decorate } from "../decorate-CuAoSZvs.mjs";
+import { LOGGER_TOKENS } from "../logger/index.mjs";
+import "../errors-mXYxG0XB.mjs";
+import { n as Module } from "../module.decorator-CYHY6pG5.mjs";
+import "../module/index.mjs";
+import { t as QUEUE_TOKENS } from "../queue.tokens-DjHnFmre.mjs";
 import "../queue/index.mjs";
-import { u as STORAGE_TOKENS } from "../storage-D8CBP72Z.mjs";
-import { inject } from "tsyringe";
-import { render } from "@react-email/render";
+import { p as STORAGE_TOKENS } from "../storage-MDZypIE9.mjs";
+import { r as z } from "../zod-eKqqhZ5_.mjs";
+import { t as withZodI18n } from "../validation-CpOjviyT.mjs";
+//#region src/email/email.error.ts
+var EmailError = class extends ApplicationError {};
+//#endregion
 //#region src/email/email.tokens.ts
 /**
 * Dependency Injection Tokens for Email Module
@@ -36,12 +42,24 @@ const EMAIL_TOKENS = {
 	EmailProvider: Symbol.for("stratal:email:provider"),
 	/**
 	* Queue sender for email dispatch.
-	* Bound via EmailModule.forRoot({ queue: 'queue-name' })
+	* Bound via EmailModule.forRoot({ queue: 'QUEUE_BINDING_NAME' })
 	*/
 	EmailQueue: Symbol.for("stratal:email:queue")
 };
 //#endregion
 //#region src/email/consumers/email.consumer.ts
+/**
+* Strictly decode a base64 attachment payload. `Buffer.from(_, 'base64')` is
+* lenient and silently drops invalid characters, which would ship a corrupt
+* attachment. We re-encode and compare (modulo canonical padding) to reject
+* malformed input loudly instead.
+*/
+function decodeBase64Attachment(content, filename) {
+	const buffer = Buffer.from(content, "base64");
+	const normalize = (value) => value.replace(/=+$/, "");
+	if (normalize(buffer.toString("base64")) !== normalize(content)) throw new EmailError(`Invalid base64 content for attachment "${filename}"`);
+	return buffer;
+}
 let EmailConsumer = class EmailConsumer {
 	logger;
 	providerFactory;
@@ -64,7 +82,7 @@ let EmailConsumer = class EmailConsumer {
 		});
 		try {
 			const resolvedAttachments = await this.resolveAttachments(payload.attachments);
-			const result = await (await this.providerFactory.create()).send({
+			const result = await this.providerFactory.create().send({
 				...payload,
 				attachments: resolvedAttachments
 			});
@@ -103,7 +121,7 @@ let EmailConsumer = class EmailConsumer {
 		return Promise.all(attachments.map(async (attachment) => {
 			if ("content" in attachment) return {
 				filename: attachment.filename,
-				content: Buffer.from(attachment.content, "base64"),
+				content: decodeBase64Attachment(attachment.content, attachment.filename),
 				contentType: attachment.contentType
 			};
 			const result = await this.storage.download(attachment.storageKey, attachment.disk);
@@ -119,12 +137,7 @@ EmailConsumer = __decorate([
 	Transient(),
 	__decorateParam(0, inject(LOGGER_TOKENS.LoggerService)),
 	__decorateParam(1, inject(EMAIL_TOKENS.EmailProviderFactory)),
-	__decorateParam(2, inject(STORAGE_TOKENS.StorageService)),
-	__decorateMetadata("design:paramtypes", [
-		Object,
-		Object,
-		Object
-	])
+	__decorateParam(2, inject(STORAGE_TOKENS.StorageService))
 ], EmailConsumer);
 //#endregion
 //#region src/email/services/email.service.ts
@@ -142,11 +155,16 @@ let EmailService = class EmailService {
 	* @param input - Email message details
 	*/
 	async send({ template, ...input }) {
+		let html;
+		if (template) {
+			const { render } = await import("@react-email/render");
+			html = await render(template);
+		}
 		await this.queue.dispatch({
 			type: "email.send",
 			payload: {
 				...input,
-				html: template ? await render(template) : void 0
+				html
 			}
 		});
 	}
@@ -162,102 +180,424 @@ let EmailService = class EmailService {
 		for (const message of input.messages) await this.send(message);
 	}
 };
-EmailService = __decorate([
-	Transient(EMAIL_TOKENS.EmailService),
-	__decorateParam(0, inject(EMAIL_TOKENS.EmailQueue)),
-	__decorateMetadata("design:paramtypes", [Object])
-], EmailService);
+EmailService = __decorate([Transient(EMAIL_TOKENS.EmailService), __decorateParam(0, inject(EMAIL_TOKENS.EmailQueue))], EmailService);
 //#endregion
-//#region src/email/errors/resend-api-key-missing.error.ts
-/**
-* ResendApiKeyMissingError
-*
-* Thrown when the Resend API key is not configured in environment variables.
-* This prevents the Resend email provider from initializing.
-*
-* Resolution: Set the RESEND_EMAIL_API_KEY environment variable.
-*/
-var ResendApiKeyMissingError = class extends ApplicationError {
-	constructor() {
-		super("errors.email.resendApiKeyMissing", ERROR_CODES.SYSTEM.CONFIGURATION_ERROR);
+//#region src/email/smtp/smtp-client.ts
+/** Abort a server read if it stalls, so a hung endpoint can't wedge the Worker. */
+const RESPONSE_TIMEOUT_MS = 3e4;
+function parseSmtpUrl(config) {
+	try {
+		const parsed = new URL(config.url);
+		const secure = parsed.protocol === "smtps:";
+		return {
+			host: parsed.hostname,
+			port: parsed.port ? parseInt(parsed.port, 10) : secure ? 465 : 587,
+			secure,
+			username: parsed.username ? decodeURIComponent(parsed.username) : void 0,
+			password: parsed.password ? decodeURIComponent(parsed.password) : void 0
+		};
+	} catch {
+		throw new EmailError(`Invalid SMTP URL: ${config.url}`);
+	}
+}
+/** Parse an EHLO reply into the capabilities/mechanisms it advertises. */
+function parseCapabilities(ehloText) {
+	const auth = /* @__PURE__ */ new Set();
+	let startTls = false;
+	for (const rawLine of ehloText.split("\r\n")) {
+		const line = rawLine.slice(4).trim().toUpperCase();
+		if (!line) continue;
+		const [keyword, ...rest] = line.split(/\s+/);
+		if (keyword === "STARTTLS") startTls = true;
+		if (keyword === "AUTH") rest.forEach((m) => auth.add(m));
+	}
+	return {
+		startTls,
+		auth
+	};
+}
+var SmtpClient = class {
+	parsed;
+	constructor(config) {
+		this.parsed = parseSmtpUrl(config);
+	}
+	async send(mimeRaw, options) {
+		const { connect } = await import("cloudflare:sockets");
+		const { host, port, secure, username, password } = this.parsed;
+		const implicitTls = secure || port === 465;
+		const socket = connect({
+			hostname: host,
+			port
+		}, {
+			secureTransport: implicitTls ? "on" : "starttls",
+			allowHalfOpen: false
+		});
+		let activeSocket = socket;
+		let reader = socket.readable.getReader();
+		let writer = socket.writable.getWriter();
+		const decoder = new TextDecoder();
+		const encoder = new TextEncoder();
+		const readChunk = async () => {
+			const read = reader.read();
+			read.catch(() => {});
+			let timer;
+			const timeout = new Promise((_, reject) => {
+				timer = setTimeout(() => reject(new EmailError(`SMTP timeout: no response within ${RESPONSE_TIMEOUT_MS}ms`)), RESPONSE_TIMEOUT_MS);
+			});
+			try {
+				return await Promise.race([read, timeout]);
+			} finally {
+				clearTimeout(timer);
+			}
+		};
+		let leftover = "";
+		const readResponse = async () => {
+			let buffer = leftover;
+			leftover = "";
+			while (true) {
+				if (buffer.indexOf("\r\n") !== -1) {
+					const lines = buffer.split("\r\n");
+					let consumed = 0;
+					for (let i = 0; i < lines.length - 1; i++) {
+						const line = lines[i];
+						consumed += line.length + 2;
+						if (line[3] === " ") {
+							const code = parseInt(line.slice(0, 3), 10);
+							leftover = buffer.slice(consumed);
+							return {
+								code,
+								text: buffer.slice(0, consumed)
+							};
+						}
+					}
+				}
+				const result = await readChunk();
+				if (result.done) throw new EmailError("SMTP connection closed unexpectedly");
+				buffer += decoder.decode(result.value, { stream: true });
+			}
+		};
+		const sendCommand = async (command) => {
+			await writer.write(encoder.encode(command + "\r\n"));
+			return readResponse();
+		};
+		const expectCode = async (command, expected) => {
+			const response = await sendCommand(command);
+			if (response.code !== expected) throw new EmailError(`SMTP error: expected ${expected}, got ${response.code}: ${response.text.trim()}`);
+			return response.text;
+		};
+		try {
+			const greeting = await readResponse();
+			if (greeting.code !== 220) throw new EmailError(`SMTP server rejected connection: ${greeting.text.trim()}`);
+			let capabilities = parseCapabilities(await expectCode(`EHLO ${host}`, 250));
+			let encrypted = implicitTls;
+			if (!implicitTls && capabilities.startTls) {
+				await expectCode("STARTTLS", 220);
+				reader.releaseLock();
+				writer.releaseLock();
+				activeSocket = socket.startTls();
+				reader = activeSocket.readable.getReader();
+				writer = activeSocket.writable.getWriter();
+				leftover = "";
+				capabilities = parseCapabilities(await expectCode(`EHLO ${host}`, 250));
+				encrypted = true;
+			}
+			if (username && password) {
+				if (!encrypted) throw new EmailError("Refusing to send SMTP credentials over an unencrypted connection: the server did not offer STARTTLS. Use an smtps:// URL or a server that supports STARTTLS.");
+				await this.authenticate(expectCode, capabilities, username, password);
+			}
+			await expectCode(`MAIL FROM:<${options.from}>`, 250);
+			for (const recipient of options.to) await expectCode(`RCPT TO:<${recipient}>`, 250);
+			await expectCode("DATA", 354);
+			const dotStuffed = (mimeRaw.startsWith(".") ? "." + mimeRaw : mimeRaw).replace(/\r\n\./g, "\r\n..");
+			await writer.write(encoder.encode(dotStuffed + "\r\n.\r\n"));
+			const dataResponse = await readResponse();
+			if (dataResponse.code !== 250) throw new EmailError(`SMTP DATA rejected: ${dataResponse.text.trim()}`);
+			const messageId = dataResponse.text.match(/<([^>]+)>/)?.[1] ?? `${Date.now()}@${host}`;
+			await sendCommand("QUIT").catch(() => {});
+			return { messageId };
+		} finally {
+			reader.releaseLock();
+			writer.releaseLock();
+			await activeSocket.close().catch(() => {});
+		}
+	}
+	/** Authenticate using a server-advertised SASL mechanism (PLAIN or LOGIN). */
+	async authenticate(expectCode, capabilities, username, password) {
+		if (capabilities.auth.has("PLAIN")) {
+			await expectCode(`AUTH PLAIN ${Buffer.from(`\0${username}\0${password}`).toString("base64")}`, 235);
+			return;
+		}
+		if (capabilities.auth.has("LOGIN")) {
+			await expectCode("AUTH LOGIN", 334);
+			await expectCode(Buffer.from(username).toString("base64"), 334);
+			await expectCode(Buffer.from(password).toString("base64"), 235);
+			return;
+		}
+		throw new EmailError(capabilities.auth.size === 0 ? "SMTP credentials were provided but the server does not advertise AUTH." : `SMTP server does not support a known AUTH mechanism (offered: ${[...capabilities.auth].join(", ")}). Supported: PLAIN, LOGIN.`);
 	}
 };
 //#endregion
-//#region src/email/errors/smtp-configuration-missing.error.ts
+//#region src/email/smtp/mime.ts
 /**
-* SmtpConfigurationMissingError
-*
-* Thrown when SMTP configuration is not found in environment variables.
-* This prevents the SMTP email provider from initializing.
-*
-* Resolution: Set the SMTP_URL environment variable with format: smtp://user:pass@host:port
+* Hard cap on a single attachment's resolved size (20 MB). Attachments are fully
+* buffered into memory before base64 encoding, so an unbounded attachment would
+* let a single message exhaust the Worker's memory. Exceeding this throws.
 */
-var SmtpConfigurationMissingError = class extends ApplicationError {
-	constructor() {
-		super("errors.email.smtpConfigurationMissing", ERROR_CODES.SYSTEM.CONFIGURATION_ERROR);
-	}
-};
-//#endregion
-//#region src/email/errors/smtp-host-missing.error.ts
+const MAX_ATTACHMENT_SIZE_BYTES = 20 * 1024 * 1024;
+function generateBoundary() {
+	return `----=_Part_${crypto.randomUUID().replace(/-/g, "")}`;
+}
+function generateMessageId(fromEmail) {
+	const domain = fromEmail.split("@")[1] || "localhost";
+	return `<${crypto.randomUUID()}@${domain}>`;
+}
+function isAscii(str) {
+	return /^[ -~]*$/.test(str);
+}
+/** Remove CR/LF so a value can't inject extra headers (header smuggling). */
+function stripCrlf(value) {
+	return value.replace(/[\r\n]/g, "");
+}
 /**
-* SmtpHostMissingError
-*
-* Thrown when SMTP host could not be parsed from SMTP_URL or is empty.
-* This prevents the SMTP email provider from initializing.
-*
-* Resolution: Ensure SMTP_URL is correctly formatted: smtp://user:pass@host:port
+* Encode a header value as one or more RFC 2047 base64 encoded-words, folding so
+* no produced line exceeds the 76-char limit strict MTAs enforce. The UTF-8 byte
+* stream is chunked at <=45 source bytes per encoded-word (<=60 base64 chars,
+* keeping `=?UTF-8?B?...?=` <=75 chars) WITHOUT splitting a multibyte sequence.
+* Multiple encoded-words are folded with CRLF + a single space.
 */
-var SmtpHostMissingError = class extends ApplicationError {
-	constructor() {
-		super("errors.email.smtpHostMissing", ERROR_CODES.SYSTEM.CONFIGURATION_ERROR);
+function encodeEncodedWords(clean) {
+	const bytes = Buffer.from(clean, "utf-8");
+	const MAX_SOURCE_BYTES = 45;
+	const words = [];
+	let i = 0;
+	while (i < bytes.length) {
+		let end = Math.min(i + MAX_SOURCE_BYTES, bytes.length);
+		while (end > i && end < bytes.length && (bytes[end] & 192) === 128) end--;
+		const slice = bytes.subarray(i, end);
+		words.push(`=?UTF-8?B?${slice.toString("base64")}?=`);
+		i = end;
 	}
-};
-//#endregion
-//#region src/email/errors/email-smtp-connection-failed.error.ts
+	return words.join("\r\n ");
+}
+function encodeHeaderValue(value) {
+	const clean = stripCrlf(value);
+	if (isAscii(clean)) return clean;
+	return encodeEncodedWords(clean);
+}
 /**
-* EmailSmtpConnectionFailedError
-*
-* Thrown when connection to SMTP server fails during email sending.
-* This is a runtime error that may be temporary.
-*
-* Resolution: Check SMTP server availability, network connectivity, or wait and retry.
+* Validate an envelope address (used verbatim in `MAIL FROM`/`RCPT TO` SMTP
+* commands). Raw CR/LF would allow SMTP command injection, so we throw rather
+* than silently strip — a corrupted envelope must never reach the wire.
 */
-var EmailSmtpConnectionFailedError = class extends ApplicationError {
-	constructor(smtpHost, smtpPort) {
-		super("errors.email.smtpConnectionFailed", ERROR_CODES.SYSTEM.INFRASTRUCTURE_ERROR, {
-			smtpHost,
-			smtpPort
-		});
+function assertNoCrlf(address) {
+	if (/[\r\n]/.test(address)) throw new EmailError("Email envelope address contains CR/LF, which would allow SMTP command injection");
+}
+/**
+* Escape a value for an RFC 5322 quoted-string: backslash MUST be escaped first
+* (so the escapes added for `"` aren't themselves re-escaped), then `"`.
+*/
+function escapeQuotedString(value) {
+	return value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
+}
+/**
+* Encode a MIME parameter (e.g. `name`/`filename`) safely. ASCII values are
+* emitted as a quoted-string with `"`/`\` escaped; non-ASCII values use the
+* RFC 2231 extended syntax (`param*=UTF-8''…`). CR/LF are always stripped so a
+* crafted filename can't inject headers or break the MIME structure.
+*/
+function encodeMimeParam(param, value) {
+	const clean = stripCrlf(value);
+	if (isAscii(clean)) return `${param}="${escapeQuotedString(clean)}"`;
+	return `${param}*=UTF-8''${Array.from(Buffer.from(clean, "utf-8")).map((b) => /[A-Za-z0-9!#$&+\-.^_`|~]/.test(String.fromCharCode(b)) ? String.fromCharCode(b) : `%${b.toString(16).toUpperCase().padStart(2, "0")}`).join("")}`;
+}
+/**
+* Extract the bare address for the SMTP envelope and validate it has no raw
+* CR/LF before it is written into a `MAIL FROM`/`RCPT TO` command.
+*/
+function extractEmail(address) {
+	assertNoCrlf(address);
+	const match = address.match(/<([^>]+)>/);
+	const email = (match ? match[1] : address).trim();
+	if (/[<>\s]/.test(email)) throw new EmailError(`Invalid email address for SMTP envelope: ${JSON.stringify(address)}`);
+	return email;
+}
+function formatAddress(email, name) {
+	const cleanEmail = stripCrlf(email);
+	if (!name) return cleanEmail;
+	const cleanName = stripCrlf(name);
+	return `${isAscii(cleanName) ? `"${escapeQuotedString(cleanName)}"` : encodeHeaderValue(cleanName)} <${cleanEmail}>`;
+}
+function formatDate(date) {
+	return date.toUTCString().replace("GMT", "+0000");
+}
+function wrapBase64(base64) {
+	const lines = [];
+	for (let i = 0; i < base64.length; i += 76) lines.push(base64.slice(i, i + 76));
+	return lines.join("\r\n");
+}
+async function resolveContent(content) {
+	const buffer = Buffer.isBuffer(content) ? content : Buffer.from(await new Response(content).arrayBuffer());
+	if (buffer.byteLength > 20971520) throw new EmailError(`Email attachment exceeds the maximum size of ${MAX_ATTACHMENT_SIZE_BYTES} bytes (got ${buffer.byteLength} bytes)`);
+	return buffer;
+}
+/** Base64-encode a text body so arbitrary content (long lines, leading dots,
+* 8-bit data) is transported safely regardless of line length or SMTP escaping. */
+function encodeTextBody(content) {
+	return wrapBase64(Buffer.from(content, "utf-8").toString("base64"));
+}
+function buildBodyPart(text, html) {
+	if (text && html) {
+		const boundary = generateBoundary();
+		return {
+			content: [
+				`--${boundary}`,
+				"Content-Type: text/plain; charset=utf-8",
+				"Content-Transfer-Encoding: base64",
+				"",
+				encodeTextBody(text),
+				`--${boundary}`,
+				"Content-Type: text/html; charset=utf-8",
+				"Content-Transfer-Encoding: base64",
+				"",
+				encodeTextBody(html),
+				`--${boundary}--`
+			].join("\r\n"),
+			contentType: `multipart/alternative; boundary="${boundary}"`
+		};
 	}
-};
+	if (html) return {
+		content: encodeTextBody(html),
+		contentType: "text/html; charset=utf-8",
+		cte: "base64"
+	};
+	return {
+		content: encodeTextBody(text ?? ""),
+		contentType: "text/plain; charset=utf-8",
+		cte: "base64"
+	};
+}
+async function buildAttachmentPart(attachment) {
+	const base64 = wrapBase64((await resolveContent(attachment.content)).toString("base64"));
+	return [
+		`Content-Type: ${attachment.contentType || "application/octet-stream"}; ${encodeMimeParam("name", attachment.filename)}`,
+		"Content-Transfer-Encoding: base64",
+		`Content-Disposition: attachment; ${encodeMimeParam("filename", attachment.filename)}`,
+		"",
+		base64
+	].join("\r\n");
+}
+async function buildMimeMessage(message, defaultFrom) {
+	const fromAddr = message.from ? formatAddress(message.from.email, message.from.name) : formatAddress(defaultFrom.email, defaultFrom.name);
+	const fromEmail = extractEmail(message.from?.email ?? defaultFrom.email);
+	const toList = Array.isArray(message.to) ? message.to : [message.to];
+	const headers = [
+		`From: ${fromAddr}`,
+		`To: ${toList.map(stripCrlf).join(", ")}`,
+		`Subject: ${encodeHeaderValue(message.subject)}`,
+		`Date: ${formatDate(/* @__PURE__ */ new Date())}`,
+		`Message-ID: ${generateMessageId(fromEmail)}`,
+		"MIME-Version: 1.0"
+	];
+	if (message.replyTo) headers.push(`Reply-To: ${stripCrlf(message.replyTo)}`);
+	if (message.cc?.length) headers.push(`Cc: ${message.cc.map(stripCrlf).join(", ")}`);
+	const allRecipients = [
+		...toList,
+		...message.cc ?? [],
+		...message.bcc ?? []
+	].map(extractEmail);
+	const body = buildBodyPart(message.text, message.html);
+	if (!(message.attachments && message.attachments.length > 0)) {
+		headers.push(`Content-Type: ${body.contentType}`);
+		if (body.cte) headers.push(`Content-Transfer-Encoding: ${body.cte}`);
+		return {
+			raw: headers.join("\r\n") + "\r\n\r\n" + body.content,
+			envelope: {
+				from: fromEmail,
+				to: allRecipients
+			}
+		};
+	}
+	const mixedBoundary = generateBoundary();
+	headers.push(`Content-Type: multipart/mixed; boundary="${mixedBoundary}"`);
+	const parts = [`--${mixedBoundary}`, `Content-Type: ${body.contentType}`];
+	if (body.cte) parts.push(`Content-Transfer-Encoding: ${body.cte}`);
+	parts.push("", body.content);
+	for (const attachment of message.attachments) {
+		parts.push(`--${mixedBoundary}`);
+		parts.push(await buildAttachmentPart(attachment));
+	}
+	parts.push(`--${mixedBoundary}--`);
+	return {
+		raw: headers.join("\r\n") + "\r\n\r\n" + parts.join("\r\n"),
+		envelope: {
+			from: fromEmail,
+			to: allRecipients
+		}
+	};
+}
 //#endregion
-//#region src/email/errors/email-resend-api-failed.error.ts
+//#region src/email/providers/base-email.provider.ts
 /**
-* EmailResendApiFailedError
-*
-* Thrown when Resend API returns an error during email sending.
-* This is a runtime error from the Resend service.
+* Base Email Provider
 *
-* Resolution: Check Resend API status, API key validity, or wait and retry.
+* Abstract base class for email providers.
+* Provides shared implementation of sendBatch() to reduce code duplication.
 */
-var EmailResendApiFailedError = class extends ApplicationError {
-	constructor() {
-		super("errors.email.resendApiFailed", ERROR_CODES.SYSTEM.INFRASTRUCTURE_ERROR);
+var BaseEmailProvider = class {
+	/**
+	* Send multiple emails in a batch
+	*
+	* Default implementation sends emails sequentially.
+	* Concrete providers can override for optimized batch sending.
+	*/
+	async sendBatch(messages) {
+		const results = [];
+		let successful = 0;
+		let failed = 0;
+		for (const message of messages) try {
+			const result = await this.send(message);
+			results.push(result);
+			successful++;
+		} catch (error) {
+			results.push({
+				messageId: "",
+				accepted: false,
+				metadata: { error: error instanceof Error ? error.message : "Unknown error" }
+			});
+			failed++;
+		}
+		return {
+			total: messages.length,
+			successful,
+			failed,
+			results
+		};
 	}
 };
 //#endregion
-//#region src/email/errors/email-provider-not-supported.error.ts
-/**
-* EmailProviderNotSupportedError
-*
-* Thrown when an unsupported email provider is configured.
-* Only 'resend' and 'smtp' providers are currently supported.
-*
-* Resolution: Set EMAIL_PROVIDER to either 'resend' or 'smtp'.
-*/
-var EmailProviderNotSupportedError = class extends ApplicationError {
-	constructor(provider) {
-		super("errors.email.providerNotSupported", ERROR_CODES.SYSTEM.CONFIGURATION_ERROR, { provider });
+//#region src/email/providers/smtp.provider.ts
+var SmtpProvider = class extends BaseEmailProvider {
+	options;
+	constructor(options) {
+		super();
+		this.options = options;
+		if (!this.options.smtp?.url) throw new EmailError("SMTP URL is required");
+	}
+	async send(message) {
+		const mime = await buildMimeMessage(message, this.options.from);
+		try {
+			return {
+				messageId: (await new SmtpClient(this.options.smtp).send(mime.raw, {
+					from: mime.envelope.from,
+					to: mime.envelope.to
+				})).messageId,
+				accepted: true,
+				metadata: { provider: "smtp" }
+			};
+		} catch (error) {
+			if (error instanceof EmailError) throw error;
+			throw new EmailError(`SMTP send failed: ${error.message}`);
+		}
 	}
 };
 //#endregion
@@ -267,57 +607,35 @@ let EmailProviderFactory = class EmailProviderFactory {
 	constructor(options) {
 		this.options = options;
 	}
-	/**
-	* Create email provider instance based on configuration
-	*
-	* @returns Email provider implementation
-	* @throws EmailProviderNotSupportedError if provider is not supported
-	*/
-	async create() {
-		switch (this.options.provider) {
-			case "resend": {
-				const { ResendProvider } = await import("../resend.provider-DB4IlFjG.mjs");
-				return new ResendProvider(this.options);
-			}
-			case "smtp": {
-				const { SmtpProvider } = await import("../smtp.provider-B6D7zuWX.mjs");
-				return new SmtpProvider(this.options);
-			}
-			default: throw new EmailProviderNotSupportedError(this.options.provider);
-		}
+	create() {
+		return new SmtpProvider(this.options);
 	}
 };
-EmailProviderFactory = __decorate([
-	Transient(EMAIL_TOKENS.EmailProviderFactory),
-	__decorateParam(0, inject(EMAIL_TOKENS.Options)),
-	__decorateMetadata("design:paramtypes", [Object])
-], EmailProviderFactory);
+EmailProviderFactory = __decorate([Transient(EMAIL_TOKENS.EmailProviderFactory), __decorateParam(0, inject(EMAIL_TOKENS.Options))], EmailProviderFactory);
 //#endregion
 //#region src/email/email.module.ts
 /**
 * Email Module
 *
 * Provides email sending capabilities with provider abstraction.
-* Supports multiple email providers (Resend, SMTP) with automatic provider selection.
+* Sends email via SMTP. Emails are dispatched asynchronously via Cloudflare Queues.
 * Emails are sent asynchronously via Cloudflare Queues.
 *
 * **Usage:**
 * ```typescript
 * // In AppModule imports with static options
 * EmailModule.forRoot({
-*   provider: 'resend',
-*   apiKey: 'your-api-key',
 *   from: { name: 'App', email: 'noreply@example.com' },
-*   queue: 'notifications-queue',
+*   smtp: { url: 'smtp://user:pass@smtp.example.com:587' },
+*   queue: 'NOTIFICATIONS_QUEUE',
 * })
 *
 * // Or with async options from config namespaces
 * EmailModule.forRootAsync({
 *   inject: [emailConfig.KEY],
 *   useFactory: (email) => ({
-*     provider: email.provider,
-*     apiKey: email.apiKey,
 *     from: email.from,
+*     smtp: email.smtp,
 *     queue: email.queue,
 *   }),
 * })
@@ -344,10 +662,9 @@ let EmailModule = _EmailModule = class EmailModule {
 	* @example
 	* ```typescript
 	* EmailModule.forRoot({
-	*   provider: 'resend',
-	*   apiKey: env.RESEND_API_KEY,
 	*   from: { name: 'App', email: 'noreply@example.com' },
-	*   queue: 'notifications-queue',
+	*   smtp: { url: 'smtp://user:pass@smtp.example.com:587' },
+	*   queue: 'NOTIFICATIONS_QUEUE',
 	* })
 	* ```
 	*/
@@ -376,8 +693,6 @@ let EmailModule = _EmailModule = class EmailModule {
 	* EmailModule.forRootAsync({
 	*   inject: [emailConfig.KEY],
 	*   useFactory: (email) => ({
-	*     provider: email.provider,
-	*     apiKey: email.apiKey,
 	*     from: email.from,
 	*     smtp: email.smtp,
 	*     queue: email.queue,
@@ -523,7 +838,7 @@ const emailMessageSchema = z.object({
 	* Email attachments
 	*/
 	attachments: z.array(emailAttachmentSchema).optional()
-}).refine((data) => data.html ?? data.text, withI18n("zodI18n.errors.custom.emailOrTextRequired"));
+}).refine((data) => data.html ?? data.text, withZodI18n("zodI18n.errors.custom.emailOrTextRequired"));
 //#endregion
 //#region src/email/contracts/send-email.input.ts
 /**
@@ -550,6 +865,6 @@ const sendBatchEmailInputSchema = z.object({
 */
 messages: z.array(sendEmailInputSchema).min(1).max(100) });
 //#endregion
-export { EMAIL_TOKENS, EmailModule, EmailProviderFactory, EmailProviderNotSupportedError, EmailResendApiFailedError, EmailService, EmailSmtpConnectionFailedError, ResendApiKeyMissingError, SmtpConfigurationMissingError, SmtpHostMissingError, emailAddressSchema, emailAttachmentSchema, emailMessageSchema, inlineEmailAttachmentSchema, sendBatchEmailInputSchema, sendEmailInputSchema, storageEmailAttachmentSchema };
+export { BaseEmailProvider, EMAIL_TOKENS, EmailError, EmailModule, EmailProviderFactory, EmailService, emailAddressSchema, emailAttachmentSchema, emailMessageSchema, inlineEmailAttachmentSchema, sendBatchEmailInputSchema, sendEmailInputSchema, storageEmailAttachmentSchema };
 
 //# sourceMappingURL=index.mjs.map