Develop

.github/README.md

@@ -1,4 +1,4 @@
-![ByteSend](./apps/web/public/nameplate.png)
+![ByteSend](../apps/web/public/nameplate.png)
 
 **Open-source email infrastructure that works.** REST API, SMTP relay, campaigns, contact management, and real-time webhooks self-hosted or managed on [bytesend.cloud](https://bytesend.cloud).
 

.github/workflows/codeql.yml

@@ -11,6 +11,9 @@
 #
 name: "CodeQL Advanced"
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 on:
   push:
     branches: [ "main", "develop" ]
@@ -59,7 +62,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     # Add any setup steps before running the `github/codeql-action/init` action.
     # This includes steps like installing compilers or runtimes (`actions/setup-node`

.github/workflows/docker-publish.yml

@@ -1,5 +1,8 @@
 name: Publish Docker
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 on:
   push:
     branches:
@@ -36,25 +39,28 @@ jobs:
             context: ./apps/smtp-server
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
           ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.ref }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4
+
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -93,9 +99,9 @@ jobs:
           IMAGE_TAG_ARGS=""
           for TAG in $TAGS; do
             IMAGE_TAG_ARGS="$IMAGE_TAG_ARGS -t bytesend/$APP-$BUILD_PLATFORM:$TAG -t ghcr.io/bytesend/$APP-$BUILD_PLATFORM:$TAG"
-            # Clean up any existing platform-specific tags to avoid manifest conflicts on re-run
-            docker manifest rm bytesend/$APP-$BUILD_PLATFORM:$TAG 2>/dev/null || true
-            docker manifest rm ghcr.io/bytesend/$APP-$BUILD_PLATFORM:$TAG 2>/dev/null || true
+            # Remove remote tags (single image or manifest list) so re-runs can safely republish.
+            docker buildx imagetools rm bytesend/$APP-$BUILD_PLATFORM:$TAG 2>/dev/null || true
+            docker buildx imagetools rm ghcr.io/bytesend/$APP-$BUILD_PLATFORM:$TAG 2>/dev/null || true
           done
 
           docker buildx build \
@@ -117,19 +123,19 @@ jobs:
     needs: build_and_publish_platform_containers
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           ref: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.ref }}
 
       - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -157,10 +163,10 @@ jobs:
 
           for APP_NAME in bytesend smtp-proxy; do
             for TAG in $TAGS; do
-              # Clean up any existing manifests (allows re-running without failures)
-              docker manifest rm bytesend/$APP_NAME:$TAG 2>/dev/null || true
-              docker manifest rm bytesend/$APP_NAME-amd64:$TAG 2>/dev/null || true
-              docker manifest rm bytesend/$APP_NAME-arm64:$TAG 2>/dev/null || true
+              # Remove remote tags/manifests first so reruns are idempotent.
+              docker buildx imagetools rm bytesend/$APP_NAME:$TAG 2>/dev/null || true
+              docker buildx imagetools rm bytesend/$APP_NAME-amd64:$TAG 2>/dev/null || true
+              docker buildx imagetools rm bytesend/$APP_NAME-arm64:$TAG 2>/dev/null || true
 
               docker manifest create \
                 bytesend/$APP_NAME:$TAG \
@@ -193,10 +199,10 @@ jobs:
 
           for APP_NAME in bytesend smtp-proxy; do
             for TAG in $TAGS; do
-              # Clean up any existing manifests (allows re-running without failures)
-              docker manifest rm ghcr.io/bytesend/$APP_NAME:$TAG 2>/dev/null || true
-              docker manifest rm ghcr.io/bytesend/$APP_NAME-amd64:$TAG 2>/dev/null || true
-              docker manifest rm ghcr.io/bytesend/$APP_NAME-arm64:$TAG 2>/dev/null || true
+              # Remove remote tags/manifests first so reruns are idempotent.
+              docker buildx imagetools rm ghcr.io/bytesend/$APP_NAME:$TAG 2>/dev/null || true
+              docker buildx imagetools rm ghcr.io/bytesend/$APP_NAME-amd64:$TAG 2>/dev/null || true
+              docker buildx imagetools rm ghcr.io/bytesend/$APP_NAME-arm64:$TAG 2>/dev/null || true
 
               docker manifest create \
                 ghcr.io/bytesend/$APP_NAME:$TAG \

.github/workflows/issue-summary.yml

@@ -1,5 +1,8 @@
 name: Summarize new issues
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 on:
   issues:
     types: [opened]
@@ -14,7 +17,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Run AI inference
         id: inference

.github/workflows/npm-release.yml

@@ -1,12 +1,14 @@
-name: Release JS Packages
+name: Relase Node SDK
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
 
 on:
   push:
     branches:
       - main
     paths:
-      - "packages/sdk/**" # Trigger only changes in packages
-      - ".github/workflows/npm-release.yml"
+      - "packages/sdk/**"
   workflow_dispatch:
 
 permissions:
@@ -22,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node.js 20.x
         uses: actions/setup-node@v4
@@ -43,18 +45,14 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
-      - name: Publish with Trusted Publishing (OIDC)
-        if: ${{ secrets.NPM_TOKEN == '' }}
-        working-directory: packages/sdk
-        run: |
-          pnpm run build
-          npm publish --access public --no-git-checks --provenance
-
-      - name: Publish with NPM token
-        if: ${{ secrets.NPM_TOKEN != '' }}
+      - name: Publish package
         working-directory: packages/sdk
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           pnpm run build
-          npm publish --access public --no-git-checks
+          if [ -n "$NODE_AUTH_TOKEN" ]; then
+            npm publish --access public --no-git-checks
+          else
+            npm publish --access public --no-git-checks --provenance
+          fi

.github/workflows/pypi-release.yml

@@ -0,0 +1,49 @@
+name: Relase Python SDK
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "packages/python-sdk/**"
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+concurrency: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    environment: pypi
+    defaults:
+      run:
+        working-directory: packages/python-sdk
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - uses: snok/install-poetry@v1
+        with:
+          version: "1.8.2"
+          virtualenvs-create: false
+
+      - name: Build package with Poetry
+        run: poetry build --no-interaction
+
+      - name: List contents of dist
+        run: ls -la dist
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: packages/python-sdk/dist

.github/workflows/stale-cleanup.yml

@@ -5,6 +5,9 @@
 # https://github.com/actions/stale
 name: Mark stale issues and pull requests
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 on:
   schedule:
   - cron: '23 13 * * *'

.github/workflows/website-test.yml

@@ -1,5 +1,8 @@
 name: Website Tests
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 on:
   pull_request:
     paths:
@@ -55,7 +58,7 @@ jobs:
           --health-retries 20
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4

CHANGELOG.md

@@ -40,7 +40,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Issue summary workflow** — added `.github/workflows/issue-summary.yml` to automatically summarize newly opened issues
 - **Stale cleanup workflow** — added `.github/workflows/stale-cleanup.yml` to clean up inactive issues and pull requests
 - **CodeQL workflow** — introduced `.github/workflows/codeql.yml` and enabled `develop` branch triggers
-- **JavaScript SDK release workflow** — added `.github/workflows/npm-release.yml` to build and publish the `bytesend-js` package from `packages/sdk` on pushes to `main` and manual dispatch
+- **JavaScript SDK release workflow** — added `.github/workflows/npm-release.yml` to build and publish the `bytesend-js` package from `packages/sdk` changes on `main` (plus manual dispatch)
+- **Python SDK release workflow** — added `.github/workflows/pypi-release.yml` to build and publish the `bytesend-python` package from `packages/python-sdk` on pushes to `main` and manual dispatch
 
 #### Community / Governance
 - **Repository security policy** — added `.github/SECURITY.md` with supported versions, private reporting process, and response expectations
@@ -73,6 +74,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **SMTP docs refreshed for monorepo paths** — clone/build/deployment documentation now references `NodeByteLTD/ByteSend` and `apps/smtp-server` paths throughout
 - **SMTP quickstart clarified** — get-started docs now direct users to use their configured SMTP username (default `bytesend`) rather than implying only a fixed username
 - **Core docs/readme refresh** — updated main README and docs navigation/content pages for current monorepo structure and self-hosting guidance (`apps/docs/README.md`, `apps/docs/docs.json`, local/docker/self-hosting guide pages)
+- **Feature docs expansion** — added new guides for GitHub OAuth, API authentication, plans/pricing, plan management, admin operations, and notification providers (`apps/docs/guides/*`)
+- **Mintlify branding refresh** — updated `apps/docs/docs.json` theme colors/navigation and expanded `apps/docs/introduction.mdx` to surface new billing, alerting, and auth capabilities
 
 #### References
 - **Internal references expanded** — added `.references/README.md`, `smtp-auth-and-operations.md`, `release-playbook.md`, and `repository-governance.md`
@@ -87,10 +90,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Website test workflow tuning** — adjusted website test workflow behavior
 - **Docker publish workflow update** — updated `.github/workflows/docker-publish.yml`
 - **Docker manifest recreation safety** — docker publish now removes existing manifests before create, preventing rerun failures on previously published tags
+- **Docker remote tag cleanup** — docker publish now removes pre-existing remote tags/manifests with `docker buildx imagetools rm` before publishing platform images/manifests, avoiding `is a manifest list` rerun failures
 - **Website tests pnpm version alignment** — removed hardcoded pnpm version from `.github/workflows/website-test.yml` so CI uses the repository `packageManager` version (`pnpm@9.0.0`)
 - **Docker publish tag strategy hardening** — `.github/workflows/docker-publish.yml` now publishes ref-aware tags (`latest`, `develop`, version tag, and commit SHA) with matching multi-arch manifests
 - **Manual Docker publish branch support** — wired `workflow_dispatch` branch input into checkout and tag resolution so manual runs build/publish the selected branch
 - **Labeler rules refresh** — updated `.github/labeler.yml` to align automated PR labeling with the current repository structure
+- **Actions runtime forward-compatibility** — added `FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true` across workflows to avoid Node 20 JavaScript action deprecation breakage
 
 ### Fixed
 

apps/docs/docs.json

@@ -3,14 +3,14 @@
   "theme": "mint",
   "name": "ByteSend",
   "colors": {
-    "primary": "#144B90",
-    "light": "#DBEAFE",
-    "dark": "#4395F9"
+    "primary": "#0066CC",
+    "light": "#E6F2FF",
+    "dark": "#3D9FFF"
   },
   "background": {
     "color": {
-      "light": "#F5F7FA",
-      "dark": "#101120"
+      "light": "#F8F9FB",
+      "dark": "#0A0E1A"
     }
   },
   "fonts": {
@@ -33,6 +33,7 @@
               "introduction",
               "get-started/smtp",
               "get-started/nodejs",
+              "get-started/python",
               "get-started/local",
               "get-started/set-up-docker"
             ]
@@ -59,7 +60,30 @@
         "tab": "Guides",
         "groups": [
           {
-            "group": "User Guides",
+            "group": "Account & Authentication",
+            "pages": [
+              "guides/github-oauth",
+              "guides/api-authentication"
+            ]
+          },
+          {
+            "group": "Account & Billing",
+            "pages": [
+              "guides/plans-and-pricing",
+              "guides/plan-management",
+              "guides/admin-operations"
+            ]
+          },
+          {
+            "group": "Notifications & Alerts",
+            "pages": [
+              "guides/notification-providers",
+              "guides/discord-notifications",
+              "guides/slack-notifications"
+            ]
+          },
+          {
+            "group": "Integration Guides",
             "pages": [
               "guides/webhooks",
               "guides/double-opt-in",