Skip to content

Release v0.2.0: shared email service and auth foundation polish#2

Merged
juancobo merged 7 commits into
mainfrom
release/v0.2.0
May 29, 2026
Merged

Release v0.2.0: shared email service and auth foundation polish#2
juancobo merged 7 commits into
mainfrom
release/v0.2.0

Conversation

@juancobo

@juancobo juancobo commented May 29, 2026

Copy link
Copy Markdown
Member

@ampl/kit v0.2.0

This release adds a shared transactional-email path for the AMPL tools and
brings the auth foundation to lab-site parity.

Shared email service (ampl-email)

A new Cloudflare Worker at ampl.tools/email gives every tool one owned,
free-tier email path:

  • A service-binding send() method over Resend (the API key never leaves
    the email Worker)
  • A D1 send log with global suppression
  • A signature-verified bounce and complaint webhook
  • Fail-closed monthly and daily quotas, and a race-safe idempotency gate
  • RFC 8058 one-click unsubscribe with a bilingual confirmation page

@ampl/kit/email client surface

A new ./email subpath ships two pure building blocks for consumer tools:

  • renderEmailShell — an injection-safe, bilingual branded HTML email shell
  • buildIcs — an RFC 5545 .ics calendar builder (REQUEST/CANCEL, CRLF
    folding, TEXT escaping)

See CONSUMING.md for how to wire them to the email service.

Auth foundation polish

  • Header and footer brought to lab-site parity: AMPL logo linked home,
    bilingual lab-site nav, repositioned locale toggle, lab copyright, and a
    GitHub-native dark sign-in button
  • Sign-out now submits a POST via buildLogoutHref; the account widget
    handle is optional; NoAccess composes the Button primitive
  • GitHub email lookup guarded against malformed responses; validateSession
    verified to perform no writes

Build

Bumps the package to 0.2.0, exports the ./email subpath, and types the
email Worker secrets at their use sites so builds are reproducible without
local secrets.

juancobo added 7 commits May 28, 2026 23:03
@juancobo
Bring the auth UI chrome to lab-site parity
a9c602a 
Match the ampl.tools/auth header and footer to the live lab site: the
AMPL logo links home, the header carries the bilingual lab-site nav, the
locale toggle moves into the header, the footer shows the lab copyright,
and the GitHub sign-in button uses the GitHub-native dark style.
@juancobo
Improve kit auth ergonomics and correctness
83530c5 
Sign-out now submits a POST via buildLogoutHref instead of a link, the
account widget handle is optional, NoAccess composes the Button
primitive, the GitHub email lookup is guarded against malformed
responses, and validateSession is verified to perform no writes.
@juancobo
Add the shared email service worker
e926951 
A new ampl-email Worker provides one owned transactional-email path for
the AMPL tools at ampl.tools/email: a service-binding send() method over
Resend, a D1 send log with global suppression, a signature-verified
bounce and complaint webhook, fail-closed monthly and daily quotas,
a race-safe idempotency gate, and RFC 8058 one-click unsubscribe.
@juancobo
Add the @ampl/kit/email client surface
172b525 
A new ./email subpath gives consumer tools two pure building blocks: an
injection-safe bilingual branded HTML email shell (renderEmailShell) and
an RFC 5545 .ics calendar builder (buildIcs), with a CONSUMING.md guide
for wiring them to the email service.
@juancobo
Bump @ampl/kit to 0.2.0 and add email build config
ebc5338 
Bump the package to 0.2.0, export the ./email subpath, add the email
Worker scripts (deploy, D1 migrations, type generation), and update the
shared TypeScript and test configuration for the email worker.
@juancobo
Type email worker secrets at use sites for reproducible builds
07b9a04 
The email worker read RESEND_API_KEY, RESEND_WEBHOOK_SECRET, and
UNSUB_HMAC_SECRET directly off Env, which only typed correctly when a
local .dev.vars caused wrangler types to emit them. Cast the secrets
locally at each use site, matching the auth worker, so typecheck no
longer depends on generated secret types, and ignore the generated
workers-email-configuration.d.ts (it carries only non-secret vars).
@juancobo
Sync package-lock.json version to 0.2.0
492d8c7
Copilot AI review requested due to automatic review settings May 29, 2026 20:00
@juancobo juancobo merged commit 23cd32b into main May 29, 2026
2 of 3 checks passed
Copilot AI reviewed May 29, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@juancobo