Record recipient in all messaging events #5668

Author: carmenlau

.claude/skills/write-e2e-test/SKILL.md

@@ -12,23 +12,11 @@ Start/restart the environment (apply latest migrations, rebuild binaries):
 make teardown && make setup
 ```
 
-If GNU make is required in your environment, use the repo's `gmake` shim:
-```
-PATH=/tmp/gmake-bin:$PATH ./run.sh teardown
-PATH=/tmp/gmake-bin:$PATH ./run.sh setup
-```
-
-`/tmp/gmake-bin` is just a local shim directory with `make` pointing to GNU Make. Create it with:
-```
-mkdir -p /tmp/gmake-bin
-ln -sf /usr/local/bin/gmake /tmp/gmake-bin/make
-```
-
 If `./run.sh setup` backgrounds daemons that die when the shell exits, run setup and the target test in the same shell:
 ```
-PATH=/tmp/gmake-bin:$PATH ./run.sh teardown
-PATH=/tmp/gmake-bin:$PATH ./run.sh setup
-PATH=/tmp/gmake-bin:$PATH go test ./pkg/testrunner -count 1 -v -timeout 10m -run "TestAuthflow/<folder>/<filename_without_extension>"
+./run.sh teardown
+./run.sh setup
+go test ./pkg/testrunner -count 1 -v -timeout 10m -run "TestAuthflow/<folder>/<filename_without_extension>"
 ```
 
 Do not assume `zsh`. Run those commands sequentially in the developer's current shell.
@@ -305,20 +293,6 @@ If the e2e environment may be stale (e.g. first run in this session, or migratio
 make teardown && make setup
 ```
 
-If plain `make` fails in this repo, use:
-
-```
-PATH=/tmp/gmake-bin:$PATH ./run.sh teardown
-PATH=/tmp/gmake-bin:$PATH ./run.sh setup
-```
-
-If `/tmp/gmake-bin` does not exist yet, create it first:
-
-```
-mkdir -p /tmp/gmake-bin
-ln -sf /usr/local/bin/gmake /tmp/gmake-bin/make
-```
-
 Then run the new test(s):
 
 ```
@@ -328,9 +302,9 @@ cd e2e && go test ./pkg/testrunner/ -count 1 -v -timeout 10m -run "TestAuthflow/
 If the authgear/e2e daemons are started by `./run.sh setup` and do not survive shell exit, combine setup and test in one shell:
 
 ```
-PATH=/tmp/gmake-bin:$PATH ./run.sh teardown
-PATH=/tmp/gmake-bin:$PATH ./run.sh setup
-PATH=/tmp/gmake-bin:$PATH go test ./pkg/testrunner -count 1 -v -timeout 10m -run "TestAuthflow/<folder>/<filename_without_extension>"
+./run.sh teardown
+./run.sh setup
+go test ./pkg/testrunner -count 1 -v -timeout 10m -run "TestAuthflow/<folder>/<filename_without_extension>"
 ```
 
 If a test fails, read the error output, fix the test file, and re-run. Do not report the tests as done until they pass.
@@ -344,7 +318,7 @@ If a test fails, read the error output, fix the test file, and re-run. Do not re
 5. When testing audit events, always check the JSON path includes `payload`: `data->'payload'->'...'`.
 6. Prefer `ORDER BY <stable_column>, created_at` over `ORDER BY created_at` alone to avoid flaky ordering.
 7. To focus on one test during development, pass `-run "TestAuthflow/path/to/test"` to the test command.
-8. After environment changes, run `make teardown && make setup` to apply latest migrations. If `make` is broken in the current environment, use the `gmake` shim via `PATH=/tmp/gmake-bin:$PATH`.
+8. After environment changes, run `make teardown && make setup` to apply latest migrations.
 9. Always write JSON values in `input`, `output`, `query_output`, and `audit_query_output` as multi-line for readability. Prefer:
    ```yaml
    input: |

e2e/tests/events/email.suppressed/email_suppressed_event_records_recipient.test.yaml

@@ -0,0 +1,97 @@
+name: Email suppressed event records recipient
+authgear.yaml:
+  override: |
+    authenticator:
+      oob_otp:
+        email:
+          email_otp_mode: code
+    test_mode:
+      email:
+        enabled: true
+        rules:
+        - regex: "^[email protected]$"
+          suppressed: true
+    authentication_flow:
+      account_recovery_flows:
+      - name: default
+        steps:
+        - type: identify
+          one_of:
+          - identification: email
+            on_failure: ignore
+            steps:
+            - type: select_destination
+              allowed_channels:
+              - channel: email
+                otp_form: code
+        - type: verify_account_recovery_code
+        - type: reset_password
+before:
+  - type: custom_sql
+    custom_sql:
+      path: email_user.sql
+steps:
+  - name: create account recovery flow
+    action: create
+    input: |
+      {
+        "type": "account_recovery",
+        "name": "default"
+      }
+    output:
+      result: |
+        {
+          "action": {
+            "type": "identify"
+          }
+        }
+  - name: identify email
+    action: input
+    input: |
+      {
+        "identification": "email",
+        "login_id": "[email protected]"
+      }
+    output:
+      result: |
+        {
+          "action": {
+            "type": "select_destination"
+          }
+        }
+  - name: choose email destination
+    action: input
+    input: |
+      {
+        "index": 0
+      }
+    output:
+      result: |
+        {
+          "action": {
+            "type": "verify_account_recovery_code",
+            "data": {
+              "type": "account_recovery_verify_code_data",
+              "channel": "email",
+              "otp_form": "code"
+            }
+          }
+        }
+  - name: verify suppressed email payload records recipient
+    action: audit_query
+    audit_query: |
+      SELECT
+        activity_type,
+        data->'payload'->>'recipient' AS recipient
+      FROM _audit_log
+      WHERE app_id = '{{ .AppID }}'
+        AND activity_type = 'email.suppressed'
+      ORDER BY created_at, id
+    audit_query_output:
+      rows: |
+        [
+          {
+            "activity_type": "email.suppressed",
+            "recipient": "[email protected]"
+          }
+        ]

e2e/tests/events/email.suppressed/email_user.sql

@@ -0,0 +1,54 @@
+{{ $user_id := (uuidv4) }}
+{{ $email_id := (uuidv4) }}
+
+INSERT INTO _auth_user (
+  "id",
+  "app_id",
+  "created_at",
+  "updated_at",
+  "is_disabled",
+  "standard_attributes"
+) VALUES (
+  '{{ $user_id }}',
+  '{{ .AppID }}',
+  NOW(),
+  NOW(),
+  FALSE,
+  '{"email": "[email protected]"}'
+);
+
+INSERT INTO _auth_identity (
+  "id",
+  "app_id",
+  "type",
+  "user_id",
+  "created_at",
+  "updated_at"
+) VALUES (
+  '{{ $email_id }}',
+  '{{ .AppID }}',
+  'login_id',
+  '{{ $user_id }}',
+  NOW(),
+  NOW()
+);
+
+INSERT INTO _auth_identity_login_id (
+  "id",
+  "app_id",
+  "login_id_key",
+  "login_id",
+  "claims",
+  "original_login_id",
+  "unique_key",
+  "login_id_type"
+) VALUES (
+  '{{ $email_id }}',
+  '{{ .AppID }}',
+  'email',
+  '[email protected]',
+  '{"email": "[email protected]"}',
+  '[email protected]',
+  '[email protected]',
+  'email'
+);

e2e/tests/events/sms.suppressed/sms_suppressed_event_records_recipient.test.yaml

@@ -0,0 +1,73 @@
+name: SMS suppressed event records recipient
+authgear.yaml:
+  override: |
+    authenticator:
+      oob_otp:
+        sms:
+          phone_otp_mode: sms
+    test_mode:
+      sms:
+        enabled: true
+        rules:
+        - regex: "^\\+6591230001$"
+          suppressed: true
+    authentication_flow:
+      signup_flows:
+      - name: default
+        steps:
+        - name: identify_phone
+          type: identify
+          one_of:
+          - identification: phone
+        - type: verify
+          target_step: identify_phone
+        - type: create_authenticator
+          one_of:
+          - authentication: primary_password
+steps:
+  - name: create signup flow
+    action: create
+    input: |
+      {
+        "type": "signup",
+        "name": "default"
+      }
+    output:
+      result: |
+        {
+          "action": {
+            "type": "identify"
+          }
+        }
+  - name: identify phone
+    action: input
+    input: |
+      {
+        "identification": "phone",
+        "login_id": "+6591230001"
+      }
+    output:
+      result: |
+        {
+          "action": {
+            "type": "verify"
+          }
+        }
+  - name: verify suppressed sms payload records recipient
+    action: audit_query
+    audit_query: |
+      SELECT
+        activity_type,
+        data->'payload'->>'recipient' AS recipient
+      FROM _audit_log
+      WHERE app_id = '{{ .AppID }}'
+        AND activity_type = 'sms.suppressed'
+      ORDER BY created_at, id
+    audit_query_output:
+      rows: |
+        [
+          {
+            "activity_type": "sms.suppressed",
+            "recipient": "+6591230001"
+          }
+        ]