Skip to content

feat: Issue #751 - SMS/Email delivery infrastructure#45

Open
theothersideofgod wants to merge 6 commits into
mainfrom
feat/issue-751-email-delivery
Open

feat: Issue #751 - SMS/Email delivery infrastructure#45
theothersideofgod wants to merge 6 commits into
mainfrom
feat/issue-751-email-delivery

Conversation

@theothersideofgod
Copy link
Copy Markdown
Contributor

@theothersideofgod theothersideofgod commented May 19, 2026
edited
Loading

Summary

Issue #751: Email & SMS Delivery for Magic Links, OTP, MFA

This PR implements the complete delivery infrastructure for passwordless authentication flows.

Supported Types

SMS Delivery (send-sms)

Type Description
sign_in_sms_otp Sign-in OTP via SMS
sign_up_sms Sign-up verification SMS
enable_sms_mfa MFA setup verification
mfa_challenge_sms MFA challenge code
phone_verification Phone number verification
sms_otp_code DB procedure compatibility
mfa_verification_code DB procedure compatibility

Email Delivery (send-verification-link)

Type Description
forgot_password Password reset link
magic_link_sign_in Magic link sign-in
magic_link_sign_up Magic link sign-up
email_otp Email OTP code
email_mfa_setup MFA setup via email
mfa_challenge MFA challenge code
magic_link_email DB procedure compatibility
email_otp_code DB procedure compatibility
mfa_verification_code DB procedure compatibility

Changes

SMS Delivery (Twilio)

File Description
functions/send-sms/handler.ts Multi-provider SMS handler (Twilio, AWS SNS, Vonage, stub)
functions/send-sms/handler.json Function manifest with Twilio dependency
k8s/base/functions/send-sms.yaml Knative service with twilio-credentials secretRef
k8s/base/kustomization.yaml Add send-sms to resources + update required secrets

Email Delivery Enhancements

File Description
functions/send-verification-link/handler.ts Add magic link, OTP, MFA email types

Runtime Fixes

File Description
packages/fn-runtime/ Fix databaseId header in meta GraphQL client

Refactoring & Security

Commit Description
86719b1 Rename email functions to send-verification-link/send-email
5f0ee96 Genericize internal infra identifiers
4914d21 Remove hardcoded secrets from HEAD

K8s Deployment

Before deploying, create the Twilio secret:

kubectl create secret generic twilio-credentials \
  --from-literal=TWILIO_ACCOUNT_SID="ACxxx" \
  --from-literal=TWILIO_AUTH_TOKEN="xxx" \
  --from-literal=TWILIO_FROM_NUMBER="+1xxx" \
  -n <namespace>

Error Handling

  • Missing credentials: Job fails with Twilio credentials not configured
  • Invalid credentials: Job fails with Twilio API error message
  • Unknown type: Returns Unknown sms_type: <type> or Unknown email_type: <type>

Test Plan

  • Real Twilio SMS delivery tested and confirmed
  • Stub mode works for local development
  • Email types compatible with DB procedures
  • K8s deployment with secret injection
  • Magic link email flow E2E test
  • Email OTP flow E2E test

Related PRs

  • constructive-hub#364: Local development configuration

🤖 Generated with Claude Code

theothersideofgod and others added 5 commits May 15, 2026 14:01
@theothersideofgod @claude
fix(fn-runtime): include databaseId in meta GraphQL client headers
d708680 
The server's API middleware requires X-Database-Id header along with
X-Meta-Schema to build the correct cache key for routing meta schema
requests. Without databaseId, the server returns 404 with "No valid
schemas found" error.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod @claude
feat(send-verification-link): add DB-compatible email types for passw…
6a19118 
…ordless auth

Support both function naming and DB procedure naming for email types:
- magic_link_sign_in/magic_link_sign_up + magic_link_email (DB)
- email_otp/email_mfa_setup/mfa_challenge + email_otp_code/mfa_verification_code (DB)
- account_deletion (DB)

Also accept both field naming conventions:
- magic_link_token + token (DB)
- otp_code + code (DB)

This ensures end-to-end compatibility with DB procedures that queue
email jobs via app_jobs.add_job().

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod @claude
feat(functions): add send-sms function for SMS OTP delivery
469a636 
Add new serverless function for sending SMS verification codes.
Supports multiple providers (Twilio, AWS SNS, Vonage) with stub mode
for development. Handles sign-in OTP, sign-up verification, MFA setup,
and phone verification flows.

Includes unit tests (6 passing).

Part of Issue #751: Email & SMS Delivery for Magic Links, OTP, MFA

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod @claude
feat(send-sms): integrate Twilio SDK for SMS delivery
cc8c6e2 
Implement actual Twilio API integration with proper error handling.
Adds unit tests for Twilio success, missing credentials, and API errors.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@theothersideofgod @claude
feat(k8s): add send-sms Knative service with twilio-credentials secret
fc9403c 
- Add k8s/base/functions/send-sms.yaml with secretRef to twilio-credentials
- Update kustomization.yaml to include send-sms function
- Add twilio-credentials to required secrets documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 19, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednpm/​@​agentic-kit/​ollama@​1.2.07410010089100
Addednpm/​twilio@​5.13.17610010095100
Addednpm/​@​constructive-io/​graphql-query@​3.25.57710010098100

View full report

@theothersideofgod theothersideofgod changed the title feat: add send-sms function with Twilio integration feat: Issue #751 - SMS/Email delivery infrastructure May 19, 2026
@theothersideofgod @claude
chore: update pnpm-lock.yaml with generated function dependencies
a6f9a7f 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 21, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm markdown-it is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: pnpm-lock.yamlnpm/@constructive-io/graphql-query@3.25.5npm/markdown-it@14.1.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theothersideofgod