CL ClearLah

Notification command for customer beta

Make marketplace notifications automatic before beta.

One operator surface for login codes, order updates, disputes, saved-search alerts, message notifications, provider verification, and retry scheduling.

Delivery Gate

Checking notification provider handoff mode.

Open activity feed

Provider mode Manual

Manual mode is useful locally but blocks customer beta.

Automatic delivery Blocked

Configure webhook or WhatsApp Cloud with real credentials.

Due retry runner Token

Set a long cron token and schedule `/api/notifications/due`.

Choose Provider

Pick the fastest real path. Webhook is usually the shortest bridge; WhatsApp Cloud is cleaner once Meta templates are approved.

Fastest bridge

Webhook relay

Use a Make, Zapier, Worker, or custom HTTPS endpoint that receives ClearLah events and sends WhatsApp, SMS, or email.

Direct channel

WhatsApp Cloud

Use the Meta phone number ID, production access token, login template, and business notification template/default map.

Required runner

Due retry schedule

Queued and failed notifications are not automatic until a scheduler calls the token-protected due endpoint every few minutes.

Copy Commands

Run one provider setup path, verify it, then rerun strict notification and customer beta gates.

Webhook setup

Writes production-style local env and a masked Cloudflare handoff.

npm run configure:notifications -- --mode=webhook --webhook-url=https://notify.your-domain.sg/clearlah --webhook-token=<long-random-provider-token-at-least-24-chars> --cron-token=<long-random-cron-token-at-least-24-chars> --write

Verify webhook

Sends a synthetic ClearLah notification payload to the configured endpoint.

npm run ops:verify-notification-webhook -- --from-env

WhatsApp setup

Use only approved production templates. Keep token values out of git.

npm run configure:notifications -- --mode=whatsapp_cloud --graph-version=v24.0 --phone-number-id=<numeric-meta-phone-number-id> --access-token=<meta-whatsapp-cloud-access-token> --auth-template=clearlah_login_code --template-language=en_US --template-default=clearlah_notification --template-map='{}' --cron-token=<long-random-cron-token-at-least-24-chars> --write

Cloudflare secrets

Use the masked handoff output, then add real values through Wrangler or the dashboard.

npx wrangler pages secret put CLEARLAH_NOTIFICATION_MODE --project-name clearlah
npx wrangler pages secret put CLEARLAH_NOTIFICATION_CRON_TOKEN --project-name clearlah
npx wrangler pages secret put CLEARLAH_NOTIFICATION_WEBHOOK_URL --project-name clearlah
npx wrangler pages secret put CLEARLAH_NOTIFICATION_WEBHOOK_TOKEN --project-name clearlah

Due retry schedule

Configure this with your scheduler after the cron token is set in production.

curl -X POST https://clearlah.pages.dev/api/notifications/due \
  -H "content-type: application/json" \
  -H "x-clearlah-notification-cron-token: $CLEARLAH_NOTIFICATION_CRON_TOKEN" \
  --data '{"limit":25}'

Strict notification gate

Fails in manual mode. Passes only with real provider values and retry token.

npm run ops:notifications -- --strict

Provider smoke

Local checks for provider setup, due endpoint, templates, and webhook verifier.

npm run test:configure-notifications
npm run test:notification-readiness
npm run test:notification-due
npm run test:notification-webhook
npm run test:notification-templates

Strict package

Only package strict after inventory and notifications are ready.

npm run package:pages:strict

Customer beta gate

Rechecks inventory, notifications, package, deployment evidence, and transactions.

npm run check:customer-beta

Operator Links

Use these with the provider setup so queued messages can be reviewed, chased, and proven.

Admin notification queue Activity feed Supply command Deploy command Launch hub Transaction terms Privacy notice

Delivery Guardrails

These keep customer beta from depending on a founder manually chasing every message.

No manual-only beta

`CLEARLAH_NOTIFICATION_MODE=manual` must not clear customer beta or production traffic.

No hardcoded secrets

Tokens, access tokens, webhook secrets, and cron tokens belong in `.env.local` and Cloudflare secrets only.

No unapproved templates

WhatsApp Cloud messages need approved login and business notification templates before customer traffic.

No missing retry

Automatic delivery includes the due retry scheduler, not only provider configuration.