* feat: add customizable contact double opt-in flow
* test: add double opt-in service coverage
* fix: address review comments for double opt-in PR
- Make pending status conditional on doubleOptInEnabled flag
- Backfill legacy unsubscribeReason for reliable pending detection
- Add doubleOptInContent to contact book listing select
- Fix duplicate toast on DOI editor subject save failure
- Harden searchParams parsing against string[] values
- Make default DOI template use link mark for clickable URL
- Make public API create+update atomic via transaction
- Prevent contact upsert failure when DOI email send fails
- Fix empty string template variable replacement
Co-authored-by: opencode <opencode@anthropic.com>
* fix: harden double opt-in confirmation safeguards
Preserve explicit unsubscribe intent in DOI flows and prevent confirmation links from re-subscribing opted-out contacts. Also sanitize subscribe-page error messaging and use timing-safe hash comparison for link verification.
* ui stuff
* fix: require doubleOptInUrl in double opt-in templates
* feat: add configurable from address for double opt-in emails
* feat: add resend confirmation flow for pending contacts
* fix: move subscribe confirmation to explicit POST flow
* test: add contact book public API endpoint coverage
* docs: add double opt-in documentation and update OpenAPI spec
Add a user guide for the double opt-in feature covering setup, contact
statuses, email customization, template variables, and best practices.
Update the OpenAPI spec to include doubleOptIn fields in all contactBook
request/response schemas.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: opencode <opencode@anthropic.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(python-sdk): add webhook verification and event handling
Add webhook support to the Python SDK matching the JS SDK implementation:
- Add Webhooks class with verify() and construct_event() methods
- Implement HMAC-SHA256 signature verification with timing-safe comparison
- Add timestamp validation with configurable tolerance (default 5 minutes)
- Add comprehensive webhook event types (18 events: email, contact, domain, test)
- Add WebhookVerificationError with typed error codes
- Export webhook constants (headers) and types
* fix(python-sdk): harden webhook parsing and typing
Normalize invalid UTF-8 webhook payloads to INVALID_BODY errors so verify() safely returns false, and narrow base email webhook event types to avoid discriminated-union overlap. Add regression tests for both paths.
* chore(python-sdk): bump package version to 0.2.9
* feat(python-sdk): add local webhook test example project
Add a runnable Flask receiver and signed webhook sender under packages/python-sdk/example, and link it from the Python SDK README for local verification.
---------
Co-authored-by: Claude <noreply@anthropic.com>
* add some stripe stuff
* more stripe stuff
* more stripe things
* more stripr stuff
* more stripe stuff
* more stripe stuff
* add more stuff
* add more stripe stuff
* more stuff
* fix types
KM Koushik
Krish Parekh
Kuntal Majee
Vamsi Sai
Tommy Lundy
8x4