fix(confirmation): flag code-based OTP signups with no clickable link

Detect verification-code signups (e.g. "your verification code is 371404") whose only link is a mailto. These cleared the keyword threshold but were dropped because the detector required an http(s) candidate link. A code path now raises the flag/badge/banner when a verification keyword sits next to an OTP-style code; the code is never extracted or surfaced. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-20 22:03:48 +00:00 · 2026-05-25 23:46:14 +02:00
parent 3f35435610
commit 4d3a94d1ec
4 changed files with 98 additions and 10 deletions
@@ -236,7 +236,9 @@ async function storeEmail(
    ...(inlineIds.length > 0 ? { inlineAttachmentIds: inlineIds } : {}),
    ...(messageId ? { messageId } : {}),
    dedupHash,
-    ...(confirmationLinks
+    // null = not a confirmation; [] = a code-based confirmation (flag it, no
+    // link to surface). Both an empty and a populated array mean "detected".
+    ...(confirmationLinks !== null
      ? { confirmation: { links: confirmationLinks } }
      : {}),
  };