feat(waitlist): add pre-launch waitlist module (types, repo, routes)

- Create waitlist/types.ts: WaitlistEntryDoc, Zod schemas for join/status/unsubscribe/admin - Create waitlist/repository.ts: full CRUD, dedup by emailNormalized, position assignment, stats - Create waitlist/routes.ts: 5 public endpoints + 7 admin endpoints with role guard - Add waitlist container to cosmos-init.ts (+ 13 previously missing containers) - Add dispatchWaitlistJoined webhook to webhooks.ts - Register waitlistRoutes in server.ts - Public: join, check status, count, config, unsubscribe - Admin: list, stats, get, update, delete, batch invite, CSV export
2026-02-16 22:45:14 -08:00 · 2026-02-16 22:45:14 -08:00 · 2692c918ce
commit 2692c918ce
parent 66e657a646
6 changed files with 854 additions and 0 deletions
--- a/services/platform-service/src/lib/cosmos-init.ts
+++ b/services/platform-service/src/lib/cosmos-init.ts
@ -10,6 +10,25 @@ const CONTAINER_DEFS: Record<string, ContainerConfig> = {
  notification_prefs: { partitionKeyPath: '/userId' },
  audit_log: { partitionKeyPath: '/category', defaultTtl: 90 * 86400 },
  feature_flags: { partitionKeyPath: '/id' },
  // Growth modules
  invitation_codes: { partitionKeyPath: '/id' },
  referrals: { partitionKeyPath: '/id' },
  // Billing modules
  subscriptions: { partitionKeyPath: '/userId' },
  payments: { partitionKeyPath: '/userId' },
  licenses: { partitionKeyPath: '/id' },
  plans: { partitionKeyPath: '/id' },
  usage_daily: { partitionKeyPath: '/userId' },
  // API tokens
  api_tokens: { partitionKeyPath: '/id' },
  // Tracker modules
  tracker_items: { partitionKeyPath: '/id' },
  comments: { partitionKeyPath: '/itemId' },
  votes: { partitionKeyPath: '/itemId' },
  // Themes
  themes: { partitionKeyPath: '/id' },
  // Waitlist (pre-launch signups)
  waitlist: { partitionKeyPath: '/email' },
  // Mobile capture primitives (MindLyst-style).
  memory_items: { partitionKeyPath: '/userId' },
  daily_briefs: { partitionKeyPath: '/userId' },
--- a/services/platform-service/src/lib/webhooks.ts
+++ b/services/platform-service/src/lib/webhooks.ts
@ -4,6 +4,7 @@
 * Products register webhook URLs via env vars:
 *   WEBHOOK_INVITATION_REDEEMED_URL — called after an invitation code is redeemed
 *   WEBHOOK_REFERRAL_STATUS_URL     — called when a referral status transitions
 *   WEBHOOK_WAITLIST_JOINED_URL     — called when someone joins a pre-launch waitlist
 *
 * Payloads are JSON; failures are logged but never block the caller.
 */
@ -60,3 +61,8 @@ export function dispatchInvitationRedeemed(data: Record<string, unknown>): Promi
 export function dispatchReferralStatusChanged(data: Record<string, unknown>): Promise<boolean> {
  return dispatchWebhook(process.env.WEBHOOK_REFERRAL_STATUS_URL, 'referral.status_changed', data);
 }
 /** Dispatch a waitlist.joined webhook. */
 export function dispatchWaitlistJoined(data: Record<string, unknown>): Promise<boolean> {
  return dispatchWebhook(process.env.WEBHOOK_WAITLIST_JOINED_URL, 'waitlist.joined', data);
 }
--- a/services/platform-service/src/modules/waitlist/repository.ts
+++ b/services/platform-service/src/modules/waitlist/repository.ts
@ -0,0 +1,258 @@
 /**
 * Waitlist repository — Cosmos DB CRUD operations.
 *
 * Container: `waitlist`, partition key: `/email`
 * Cross-partition queries used for admin list/count/stats (acceptable for low-frequency reads).
 */
 import type { SqlParameter } from '@azure/cosmos';
 import { getContainer } from '../../lib/cosmos.js';
 import type { WaitlistEntryDoc, WaitlistStatus, WaitlistSource } from './types.js';
 const CONTAINER = 'waitlist';
 function container() {
  return getContainer(CONTAINER);
 }
 // ── Normalize email for case-insensitive dedup ──
 export function normalizeEmail(email: string): string {
  return email.trim().toLowerCase();
 }
 // ── Create ──
 export async function create(doc: WaitlistEntryDoc): Promise<WaitlistEntryDoc> {
  const { resource } = await container().items.create(doc);
  return resource as WaitlistEntryDoc;
 }
 // ── Read (single) ──
 export async function getById(id: string): Promise<WaitlistEntryDoc | null> {
  // id-based lookup requires cross-partition query (partition is /email)
  const { resources } = await container()
    .items.query<WaitlistEntryDoc>({
      query: 'SELECT * FROM c WHERE c.id = @id',
      parameters: [{ name: '@id', value: id }],
    })
    .fetchAll();
  return resources[0] ?? null;
 }
 export async function getByEmail(
  emailNormalized: string,
  productId: string
 ): Promise<WaitlistEntryDoc | null> {
  const { resources } = await container()
    .items.query<WaitlistEntryDoc>({
      query: 'SELECT * FROM c WHERE c.emailNormalized = @email AND c.productId = @productId',
      parameters: [
        { name: '@email', value: emailNormalized },
        { name: '@productId', value: productId },
      ],
    })
    .fetchAll();
  return resources[0] ?? null;
 }
 export async function getByUnsubscribeToken(token: string): Promise<WaitlistEntryDoc | null> {
  const { resources } = await container()
    .items.query<WaitlistEntryDoc>({
      query: 'SELECT * FROM c WHERE c.unsubscribeToken = @token',
      parameters: [{ name: '@token', value: token }],
    })
    .fetchAll();
  return resources[0] ?? null;
 }
 // ── List (admin, cross-partition) ──
 export interface ListOptions {
  productId?: string;
  status?: WaitlistStatus;
  source?: WaitlistSource;
  q?: string;
  sortBy: string;
  sortOrder: string;
  limit: number;
  offset: number;
 }
 export async function list(opts: ListOptions): Promise<{
  items: WaitlistEntryDoc[];
  total: number;
 }> {
  const conditions: string[] = [];
  const params: SqlParameter[] = [];
  if (opts.productId) {
    conditions.push('c.productId = @productId');
    params.push({ name: '@productId', value: opts.productId });
  }
  if (opts.status) {
    conditions.push('c.status = @status');
    params.push({ name: '@status', value: opts.status });
  }
  if (opts.source) {
    conditions.push('c.source = @source');
    params.push({ name: '@source', value: opts.source });
  }
  if (opts.q) {
    conditions.push('(CONTAINS(LOWER(c.email), @q) OR CONTAINS(LOWER(c.name), @q))');
    params.push({ name: '@q', value: opts.q.toLowerCase() });
  }
  const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
  // Allowed sort columns (whitelist to prevent injection)
  const sortCol = ['position', 'priority', 'createdAt'].includes(opts.sortBy)
    ? opts.sortBy
    : 'position';
  const sortDir = opts.sortOrder === 'desc' ? 'DESC' : 'ASC';
  // Count query
  const { resources: countRes } = await container()
    .items.query<number>({
      query: `SELECT VALUE COUNT(1) FROM c ${where}`,
      parameters: [...params],
    })
    .fetchAll();
  const total = countRes[0] ?? 0;
  // Data query
  const dataParams: SqlParameter[] = [
    ...params,
    { name: '@offset', value: opts.offset },
    { name: '@limit', value: opts.limit },
  ];
  const { resources: items } = await container()
    .items.query<WaitlistEntryDoc>({
      query: `SELECT * FROM c ${where} ORDER BY c.${sortCol} ${sortDir} OFFSET @offset LIMIT @limit`,
      parameters: dataParams,
    })
    .fetchAll();
  return { items, total };
 }
 // ── Count ──
 export async function count(productId: string): Promise<number> {
  const { resources } = await container()
    .items.query<number>({
      query:
        'SELECT VALUE COUNT(1) FROM c WHERE c.productId = @productId AND c.status != @excluded',
      parameters: [
        { name: '@productId', value: productId },
        { name: '@excluded', value: 'unsubscribed' },
      ],
    })
    .fetchAll();
  return resources[0] ?? 0;
 }
 // ── Next position ──
 export async function getNextPosition(productId: string): Promise<number> {
  const { resources } = await container()
    .items.query<number>({
      query: 'SELECT VALUE MAX(c.position) FROM c WHERE c.productId = @productId',
      parameters: [{ name: '@productId', value: productId }],
    })
    .fetchAll();
  const maxPos = resources[0] ?? 0;
  return (typeof maxPos === 'number' ? maxPos : 0) + 1;
 }
 // ── Update ──
 export async function update(
  id: string,
  email: string,
  updates: Partial<WaitlistEntryDoc>
 ): Promise<WaitlistEntryDoc | null> {
  try {
    const { resource: existing } = await container().item(id, email).read<WaitlistEntryDoc>();
    if (!existing) return null;
    const merged = { ...existing, ...updates, updatedAt: new Date().toISOString() };
    const { resource } = await container().item(id, email).replace(merged);
    return resource as WaitlistEntryDoc;
  } catch {
    return null;
  }
 }
 // ── Unsubscribe ──
 export async function unsubscribe(token: string): Promise<WaitlistEntryDoc | null> {
  const entry = await getByUnsubscribeToken(token);
  if (!entry) return null;
  if (entry.status === 'unsubscribed') return entry; // idempotent
  return update(entry.id, entry.email, { status: 'unsubscribed' });
 }
 // ── Delete ──
 export async function remove(id: string, email: string): Promise<boolean> {
  try {
    await container().item(id, email).delete();
    return true;
  } catch {
    return false;
  }
 }
 // ── Batch query by status (for invite flow) ──
 export async function getByStatus(
  productId: string,
  status: WaitlistStatus,
  sortBy: 'position' | 'priority',
  limit: number
 ): Promise<WaitlistEntryDoc[]> {
  const sortCol = sortBy === 'priority' ? 'c.priority DESC' : 'c.position ASC';
  const { resources } = await container()
    .items.query<WaitlistEntryDoc>({
      query: `SELECT * FROM c WHERE c.productId = @productId AND c.status = @status ORDER BY ${sortCol} OFFSET 0 LIMIT @limit`,
      parameters: [
        { name: '@productId', value: productId },
        { name: '@status', value: status },
        { name: '@limit', value: limit },
      ],
    })
    .fetchAll();
  return resources;
 }
 // ── Stats (admin analytics) ──
 export interface WaitlistStats {
  total: number;
  byStatus: Record<string, number>;
  bySource: Record<string, number>;
  todaySignups: number;
 }
 export async function stats(productId: string): Promise<WaitlistStats> {
  const { resources } = await container()
    .items.query<WaitlistEntryDoc>({
      query: 'SELECT c.status, c.source, c.createdAt FROM c WHERE c.productId = @productId',
      parameters: [{ name: '@productId', value: productId }],
    })
    .fetchAll();
  const byStatus: Record<string, number> = {};
  const bySource: Record<string, number> = {};
  const todayStr = new Date().toISOString().slice(0, 10); // YYYY-MM-DD
  let todaySignups = 0;
  for (const entry of resources) {
    byStatus[entry.status] = (byStatus[entry.status] || 0) + 1;
    bySource[entry.source] = (bySource[entry.source] || 0) + 1;
    if (entry.createdAt.startsWith(todayStr)) todaySignups++;
  }
  return { total: resources.length, byStatus, bySource, todaySignups };
 }
--- a/services/platform-service/src/modules/waitlist/routes.ts
+++ b/services/platform-service/src/modules/waitlist/routes.ts
@ -0,0 +1,471 @@
 /**
 * Waitlist REST endpoints — pre-launch signup collection.
 *
 * Public (no auth, rate-limited):
 *   POST   /public/waitlist/:productId          — join waitlist
 *   POST   /public/waitlist/:productId/status   — check position (email + token)
 *   GET    /public/waitlist/:productId/count    — total signups (social proof)
 *   GET    /public/waitlist/:productId/config   — prelaunch config (custom fields)
 *   POST   /public/waitlist/unsubscribe         — unsubscribe via token
 *
 * Admin (JWT auth, role=admin):
 *   GET    /waitlist                            — list entries
 *   GET    /waitlist/stats                      — signup analytics
 *   GET    /waitlist/:id                        — get single entry
 *   PUT    /waitlist/:id                        — update entry
 *   DELETE /waitlist/:id                        — delete entry
 *   POST   /waitlist/invite                     — batch invite
 *   POST   /waitlist/export                     — CSV export
 */
 import crypto from 'node:crypto';
 import type { FastifyInstance, FastifyRequest } from 'fastify';
 import rateLimit from '@fastify/rate-limit';
 import { getRequestProductId } from '../../lib/request-context.js';
 import { BadRequestError, ForbiddenError, NotFoundError } from '../../lib/errors.js';
 import { getProduct } from '../products/cache.js';
 import { dispatchWaitlistJoined } from '../../lib/webhooks.js';
 import type { CustomField } from '../products/types.js';
 import * as repo from './repository.js';
 import {
  JoinWaitlistSchema,
  CheckStatusSchema,
  UnsubscribeSchema,
  UpdateWaitlistEntrySchema,
  WaitlistQuerySchema,
  BatchInviteSchema,
  type WaitlistEntryDoc,
 } from './types.js';
 // ── Helpers ──
 function requireAdmin(req: FastifyRequest): void {
  if (!req.jwtPayload || req.jwtPayload.role !== 'admin') {
    throw new ForbiddenError('Admin access required');
  }
 }
 function hashIp(ip: string): string {
  return crypto.createHash('sha256').update(ip).digest('hex').slice(0, 16);
 }
 /**
 * Validate customData keys against the product's customFields schema.
 * Rejects unknown keys and enforces required fields.
 */
 function validateCustomData(
  customData: Record<string, unknown>,
  customFields: CustomField[]
 ): string | null {
  const allowedKeys = new Set(customFields.map(f => f.key));
  // Reject unknown keys
  for (const key of Object.keys(customData)) {
    if (!allowedKeys.has(key)) {
      return `Unknown custom field: "${key}"`;
    }
  }
  // Check required fields
  for (const field of customFields) {
    if (field.required && (customData[field.key] === undefined || customData[field.key] === '')) {
      return `Custom field "${field.key}" is required`;
    }
  }
  return null; // valid
 }
 // ── Route registration ──
 export async function waitlistRoutes(app: FastifyInstance) {
  // ════════════════════════════════════════════════════════════
  // PUBLIC ROUTES — rate-limited, no auth
  // ════════════════════════════════════════════════════════════
  // Rate limiting for public waitlist routes
  await app.register(rateLimit, {
    max: 60,
    timeWindow: '1 minute',
    keyGenerator: req => req.ip,
  });
  // ── Join waitlist ──
  app.post(
    '/public/waitlist/:productId',
    { config: { rateLimit: { max: 10, timeWindow: '1 minute' } } },
    async (req, reply) => {
      const { productId } = req.params as { productId: string };
      // Validate product exists and is in pre_launch (or active/beta for flexibility)
      const product = getProduct(productId);
      if (!product) throw new NotFoundError('Product not found');
      if (product.status === 'draft' || product.status === 'disabled') {
        throw new BadRequestError(`Product ${productId} is not accepting signups`);
      }
      // Check prelaunchConfig
      const plConfig = product.prelaunchConfig;
      if (!plConfig?.signupEnabled) {
        throw new BadRequestError('Waitlist signup is not enabled for this product');
      }
      // Parse input
      const parsed = JoinWaitlistSchema.safeParse(req.body);
      if (!parsed.success) {
        throw new BadRequestError(parsed.error.issues.map(i => i.message).join('; '));
      }
      const input = parsed.data;
      // TODO-1: CAPTCHA validation — when captchaEnabled, verify input.captchaToken
      // against the configured provider (Turnstile/hCaptcha/reCAPTCHA).
      // Skipped for now — requires provider API keys and HTTP calls.
      // Validate customData against product's custom fields
      if (plConfig.customFields.length > 0) {
        const err = validateCustomData(input.customData, plConfig.customFields);
        if (err) throw new BadRequestError(err);
      }
      // Dedupe check
      const emailNormalized = repo.normalizeEmail(input.email);
      const existing = await repo.getByEmail(emailNormalized, productId);
      if (existing) {
        // Idempotent: return existing entry position
        return {
          id: existing.id,
          position: existing.position,
          alreadyRegistered: true,
          referralLink: `?ref=${existing.id}`,
        };
      }
      // Check max signups cap
      if (plConfig.maxSignups) {
        const currentCount = await repo.count(productId);
        if (currentCount >= plConfig.maxSignups) {
          throw new BadRequestError('Waitlist is full');
        }
      }
      // Assign position
      const position = await repo.getNextPosition(productId);
      // Handle referral
      let referredBy: string | undefined;
      let source = input.source;
      if (input.ref) {
        const referrer = await repo.getById(input.ref);
        if (referrer && referrer.productId === productId && referrer.status === 'pending') {
          referredBy = referrer.id;
          source = 'referral';
          // Bump referrer priority
          await repo.update(referrer.id, referrer.email, {
            priority: referrer.priority + 1,
          });
        }
      }
      const now = new Date().toISOString();
      const doc: WaitlistEntryDoc = {
        id: `wl_${crypto.randomUUID()}`,
        productId,
        email: input.email.trim(),
        emailNormalized,
        name: input.name,
        source,
        referredBy,
        status: 'pending',
        position,
        priority: 0,
        customData: input.customData,
        ipHash: hashIp(req.ip),
        utmSource: input.utmSource,
        utmMedium: input.utmMedium,
        utmCampaign: input.utmCampaign,
        unsubscribeToken: crypto.randomUUID(),
        createdAt: now,
        updatedAt: now,
      };
      const created = await repo.create(doc);
      // Fire webhook (async, non-blocking)
      dispatchWaitlistJoined({
        entryId: created.id,
        email: created.email,
        position: created.position,
        source: created.source,
      });
      reply.code(201);
      return {
        id: created.id,
        position: created.position,
        unsubscribeToken: created.unsubscribeToken,
        referralLink: `?ref=${created.id}`,
        message:
          plConfig.confirmationMessage?.replace('{{position}}', String(created.position)) ??
          `You're #${created.position} on the waitlist!`,
      };
    }
  );
  // ── Check status ──
  app.post(
    '/public/waitlist/:productId/status',
    { config: { rateLimit: { max: 30, timeWindow: '1 minute' } } },
    async req => {
      const { productId } = req.params as { productId: string };
      const parsed = CheckStatusSchema.safeParse(req.body);
      if (!parsed.success) {
        throw new BadRequestError(parsed.error.issues.map(i => i.message).join('; '));
      }
      const emailNormalized = repo.normalizeEmail(parsed.data.email);
      const entry = await repo.getByEmail(emailNormalized, productId);
      if (!entry || entry.unsubscribeToken !== parsed.data.unsubscribeToken) {
        throw new NotFoundError('Entry not found or token mismatch');
      }
      return {
        position: entry.position,
        status: entry.status,
        createdAt: entry.createdAt,
      };
    }
  );
  // ── Count (social proof) ──
  app.get('/public/waitlist/:productId/count', async req => {
    const { productId } = req.params as { productId: string };
    const product = getProduct(productId);
    if (!product) throw new NotFoundError('Product not found');
    const total = await repo.count(productId);
    return { count: total };
  });
  // ── Public config (custom fields for frontend rendering) ──
  app.get('/public/waitlist/:productId/config', async req => {
    const { productId } = req.params as { productId: string };
    const product = getProduct(productId);
    if (!product) throw new NotFoundError('Product not found');
    const plConfig = product.prelaunchConfig;
    if (!plConfig) {
      return {
        signupEnabled: false,
        customFields: [],
      };
    }
    // Return only public-safe fields (strip maxSignups, captcha provider details)
    return {
      signupEnabled: plConfig.signupEnabled,
      launchDate: plConfig.launchDate,
      tagline: plConfig.tagline,
      logoUrl: plConfig.logoUrl,
      customFields: plConfig.customFields,
      confirmationMessage: plConfig.confirmationMessage,
      redirectUrl: plConfig.redirectUrl,
      captchaEnabled: plConfig.captchaEnabled,
    };
  });
  // ── Unsubscribe ──
  app.post(
    '/public/waitlist/unsubscribe',
    { config: { rateLimit: { max: 10, timeWindow: '1 minute' } } },
    async req => {
      const parsed = UnsubscribeSchema.safeParse(req.body);
      if (!parsed.success) {
        throw new BadRequestError(parsed.error.issues.map(i => i.message).join('; '));
      }
      const entry = await repo.unsubscribe(parsed.data.unsubscribeToken);
      if (!entry) {
        throw new NotFoundError('Entry not found or already unsubscribed');
      }
      return { status: 'unsubscribed' };
    }
  );
  // ════════════════════════════════════════════════════════════
  // ADMIN ROUTES — JWT auth, role=admin
  // ════════════════════════════════════════════════════════════
  // ── List entries ──
  app.get('/waitlist', async req => {
    requireAdmin(req);
    const raw = req.query as Record<string, string>;
    // Default productId from request context
    if (!raw.productId) {
      try {
        raw.productId = getRequestProductId(req);
      } catch {
        // If no productId available, list across all products
      }
    }
    const parsed = WaitlistQuerySchema.safeParse(raw);
    if (!parsed.success) {
      throw new BadRequestError(parsed.error.issues.map(i => i.message).join('; '));
    }
    return repo.list(parsed.data);
  });
  // ── Stats ──
  app.get('/waitlist/stats', async req => {
    requireAdmin(req);
    const productId = getRequestProductId(req);
    return repo.stats(productId);
  });
  // ── Get single entry ──
  app.get('/waitlist/:id', async req => {
    requireAdmin(req);
    const { id } = req.params as { id: string };
    const entry = await repo.getById(id);
    if (!entry) throw new NotFoundError('Waitlist entry not found');
    return entry;
  });
  // ── Update entry ──
  app.put('/waitlist/:id', async req => {
    requireAdmin(req);
    const { id } = req.params as { id: string };
    const entry = await repo.getById(id);
    if (!entry) throw new NotFoundError('Waitlist entry not found');
    const parsed = UpdateWaitlistEntrySchema.safeParse(req.body);
    if (!parsed.success) {
      throw new BadRequestError(parsed.error.issues.map(i => i.message).join('; '));
    }
    const updated = await repo.update(id, entry.email, parsed.data);
    if (!updated) throw new NotFoundError('Update failed');
    return updated;
  });
  // ── Delete entry ──
  app.delete('/waitlist/:id', async (req, reply) => {
    requireAdmin(req);
    const { id } = req.params as { id: string };
    const entry = await repo.getById(id);
    if (!entry) throw new NotFoundError('Waitlist entry not found');
    const ok = await repo.remove(id, entry.email);
    if (!ok) throw new NotFoundError('Delete failed');
    // TODO-2: Create audit log entry for admin delete action
    // await auditRepo.create({ userId: req.jwtPayload!.sub, action: 'waitlist.delete', ... })
    reply.code(204);
    return;
  });
  // ── Batch invite ──
  app.post('/waitlist/invite', async req => {
    requireAdmin(req);
    const productId = getRequestProductId(req);
    const parsed = BatchInviteSchema.safeParse(req.body);
    if (!parsed.success) {
      throw new BadRequestError(parsed.error.issues.map(i => i.message).join('; '));
    }
    const { count: inviteCount, strategy } = parsed.data;
    // Fetch pending entries by strategy
    const sortBy = strategy === 'priority' ? 'priority' : 'position';
    let entries = await repo.getByStatus(productId, 'pending', sortBy, inviteCount);
    if (strategy === 'random') {
      // Shuffle using Fisher-Yates
      for (let i = entries.length - 1; i > 0; i--) {
        const j = Math.floor(Math.random() * (i + 1));
        [entries[i], entries[j]] = [entries[j], entries[i]];
      }
      entries = entries.slice(0, inviteCount);
    }
    // TODO-3: Auto-generate invitation codes via invitations/ module for each entry.
    // For now, just mark entries as invited without linking to invitation codes.
    // Wire into invitations/repository.ts create() when ready.
    const now = new Date().toISOString();
    let invited = 0;
    let failed = 0;
    for (const entry of entries) {
      try {
        await repo.update(entry.id, entry.email, {
          status: 'invited',
          invitedAt: now,
        });
        invited++;
      } catch {
        failed++;
      }
    }
    // TODO-2: Create audit log entry for batch invite
    // await auditRepo.create({ userId: req.jwtPayload!.sub, action: 'waitlist.invite', ... })
    return {
      invited,
      failed,
      total: entries.length,
    };
  });
  // ── Export (CSV) ──
  app.post('/waitlist/export', async (req, reply) => {
    requireAdmin(req);
    const productId = getRequestProductId(req);
    const { items } = await repo.list({
      productId,
      sortBy: 'position',
      sortOrder: 'asc',
      limit: 10000,
      offset: 0,
    });
    // Build CSV (exclude sensitive fields: ipHash, unsubscribeToken)
    const headers = [
      'id',
      'email',
      'name',
      'position',
      'priority',
      'status',
      'source',
      'referredBy',
      'utmSource',
      'utmMedium',
      'utmCampaign',
      'createdAt',
    ];
    const csvLines = [headers.join(',')];
    for (const item of items) {
      const row = headers.map(h => {
        const val = (item as unknown as Record<string, unknown>)[h];
        if (val === undefined || val === null) return '';
        const str = String(val);
        return str.includes(',') || str.includes('"') ? `"${str.replace(/"/g, '""')}"` : str;
      });
      csvLines.push(row.join(','));
    }
    // TODO-2: Create audit log entry for export action
    reply.header('Content-Type', 'text/csv');
    reply.header(
      'Content-Disposition',
      `attachment; filename="waitlist-${productId}-${Date.now()}.csv"`
    );
    return csvLines.join('\n');
  });
 }
--- a/services/platform-service/src/modules/waitlist/types.ts
+++ b/services/platform-service/src/modules/waitlist/types.ts
@ -0,0 +1,97 @@
 /**
 * Waitlist types — pre-launch signup collection.
 *
 * Cosmos container: `waitlist` (partition key: `/email`)
 * Product-agnostic: every document includes `productId`.
 */
 import { z } from 'zod';
 // ── Waitlist entry document ──
 export interface WaitlistEntryDoc {
  id: string;
  productId: string;
  email: string;
  emailNormalized: string;
  name?: string;
  source: 'organic' | 'referral' | 'social' | 'ad' | 'api';
  referredBy?: string;
  status: 'pending' | 'invited' | 'converted' | 'unsubscribed';
  position: number;
  priority: number;
  customData: Record<string, unknown>;
  invitationCodeId?: string;
  invitedAt?: string;
  convertedAt?: string;
  ipHash?: string;
  utmSource?: string;
  utmMedium?: string;
  utmCampaign?: string;
  unsubscribeToken: string;
  createdAt: string;
  updatedAt: string;
 }
 export const WAITLIST_STATUSES = ['pending', 'invited', 'converted', 'unsubscribed'] as const;
 export type WaitlistStatus = (typeof WAITLIST_STATUSES)[number];
 export const WAITLIST_SOURCES = ['organic', 'referral', 'social', 'ad', 'api'] as const;
 export type WaitlistSource = (typeof WAITLIST_SOURCES)[number];
 // ── Public schemas ──
 export const JoinWaitlistSchema = z.object({
  email: z.string().email().max(320),
  name: z.string().max(128).optional(),
  source: z.enum(WAITLIST_SOURCES).default('organic'),
  ref: z.string().max(128).optional(),
  customData: z.record(z.unknown()).default({}),
  captchaToken: z.string().max(4096).optional(),
  utmSource: z.string().max(256).optional(),
  utmMedium: z.string().max(256).optional(),
  utmCampaign: z.string().max(256).optional(),
 });
 export const CheckStatusSchema = z.object({
  email: z.string().email(),
  unsubscribeToken: z.string().min(1),
 });
 export const UnsubscribeSchema = z.object({
  email: z.string().email(),
  unsubscribeToken: z.string().min(1),
 });
 // ── Admin schemas ──
 export const UpdateWaitlistEntrySchema = z.object({
  status: z.enum(WAITLIST_STATUSES).optional(),
  priority: z.number().int().min(0).optional(),
  name: z.string().max(128).optional(),
 });
 export const WaitlistQuerySchema = z.object({
  productId: z.string().optional(),
  status: z.enum(WAITLIST_STATUSES).optional(),
  source: z.enum(WAITLIST_SOURCES).optional(),
  q: z.string().max(256).optional(),
  sortBy: z.enum(['position', 'priority', 'createdAt']).default('position'),
  sortOrder: z.enum(['asc', 'desc']).default('asc'),
  limit: z.coerce.number().int().min(1).max(500).default(50),
  offset: z.coerce.number().int().min(0).default(0),
 });
 export const BatchInviteSchema = z.object({
  count: z.number().int().min(1).max(500),
  strategy: z.enum(['fifo', 'priority', 'random']).default('fifo'),
 });
 // ── Inferred types ──
 export type JoinWaitlistInput = z.infer<typeof JoinWaitlistSchema>;
 export type CheckStatusInput = z.infer<typeof CheckStatusSchema>;
 export type UnsubscribeInput = z.infer<typeof UnsubscribeSchema>;
 export type UpdateWaitlistEntryInput = z.infer<typeof UpdateWaitlistEntrySchema>;
 export type WaitlistQueryInput = z.infer<typeof WaitlistQuerySchema>;
 export type BatchInviteInput = z.infer<typeof BatchInviteSchema>;
--- a/services/platform-service/src/server.ts
+++ b/services/platform-service/src/server.ts
@ -45,6 +45,7 @@ import { memoryRoutes } from './modules/memory/routes.js';
 import { publicRoutes } from './modules/public/routes.js';
 import { tokenRoutes } from './modules/tokens/routes.js';
 import { themeRoutes } from './modules/themes/routes.js';
 import { waitlistRoutes } from './modules/waitlist/routes.js';
 import { initCosmosIfNeeded } from './lib/cosmos-init.js';
 import { config } from './lib/config.js';
@ -113,6 +114,8 @@ await app.register(memoryRoutes, { prefix: '/api' });
 await app.register(tokenRoutes, { prefix: '/api' });
 // Themes module
 await app.register(themeRoutes, { prefix: '/api' });
 // Waitlist module (pre-launch signups — public + admin routes)
 await app.register(waitlistRoutes, { prefix: '/api' });
 // Public routes — no auth, registered at top level
 await app.register(publicRoutes, { prefix: '/api' });