Resend and Redis

RESEND_API_KEY=
EMAIL_FROM=

• lib/email.js
• actions/email.ts
• lib/account-delete-verification.ts
• lib/org-delete-verification.ts

The codebase currently contains branded sender values like Jampack <noreply@hencework.com> and Workspace Security <noreply@hencework.com>, so replace those before launch.

• Organization invite emails
• Ad hoc email sending in the email app
• Account delete OTP emails
• Organization delete OTP emails

UPSTASH_REDIS_REST_URL=
UPSTASH_REDIS_REST_TOKEN=

• lib/redis.ts
• app/api/redis-test/route.ts
• lib/account-delete-verification.ts
• lib/org-delete-verification.ts

This pattern is used for both account delete and organization delete flows.

1. A six-digit OTP is generated.
2. The OTP is hashed and stored in Redis with a 10 minute TTL.
3. A cooldown key is stored for 60 seconds to block rapid resends.
4. Verification allows up to 5 attempts.
5. On success, a short-lived verified token is stored and later consumed.

This route uses getCache() and setCache() from lib/redis.ts.

• GET /api/redis-test?key=demo
• POST /api/redis-test with { "key": "demo", "value": { "ok": true }, "ttlSeconds": 60 }

1. Send one invite email.
2. Use the email app send flow once.
3. Request an account delete OTP.
4. Request an organization delete OTP.
5. Confirm cooldown and wrong-attempt behavior.