Feat/corporate email policy

[HarshMN2345]

What does this PR do?

(Provide a description of what this PR does.)

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work.)

Related PRs and Issues

(If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.)

Have you read the Contributing Guidelines on issues?

(Write your answer here.)

[appwrite]

Console (appwrite/console)

Project ID: 688b7bf400350cbd60e9

Sites (1)

Site	Status	Logs	Preview	QR
console-stage 688b7cf6003b1842c9dc	Ready	View Logs	Preview URL

Tip

Function scopes give you fine-grained control over API permissions

[greptile-apps]

Greptile Summary

This PR adds a "Deny non-corporate emails" policy toggle to the Auth Security page, mirroring the existing free-email, aliased-email, and disposable-email policy controls.

• Adds denyCorporateEmailPolicy to the page load function and threads it through to the updateSignupEmailSecurity component, following the exact same fallback-to-default pattern used by the three existing email policies.
• Introduces $state tracking, hasChanges derivation, an updateDenyCorporateEmailPolicy SDK call, and a new Submit.AuthCorporateEmailsUpdate analytics event — all consistent with the existing implementation.

Confidence Score: 5/5

The change is a straightforward additive feature that mirrors existing, battle-tested patterns; the only new finding is a P2 description-copy nit in the UI toggle.

All four changed files follow the established patterns exactly — the load function, state tracking, SDK call, and analytics event are structurally identical to the three existing email policy controls. No new logic or error-handling paths were introduced.

updateSignupEmailSecurity.svelte — minor description text improvement suggested for the new toggle.

Important Files Changed

Filename	Overview
src/lib/actions/analytics.ts	Adds AuthCorporateEmailsUpdate enum entry to the Submit analytics enum — minimal, correct, follows existing naming pattern.
src/routes/(console)/project-[region]-[project]/auth/security/+page.ts	Adds DenyCorporateEmail: 'deny-corporate-email' to the local ProjectEmailPolicyId constant and wires denyCorporateEmailPolicy through the load function, correctly following the existing fallback-to-default pattern.
src/routes/(console)/project-[region]-[project]/auth/security/+page.svelte	Passes the new denyCorporateEmailPolicy prop from page data to the component — one-line addition, straightforward.
src/routes/(console)/project-[region]-[project]/auth/security/updateSignupEmailSecurity.svelte	Adds full corporate email policy toggle: new prop, $state tracking, hasChanges derivation, SDK call, and UI toggle. Description text for the new toggle uses the same example email as "Deny free emails" and describes behaviour that overlaps with existing toggles, which may confuse users.

_{Reviews (2): Last reviewed commit: "fix: use Deny non-corporate emails label" | Re-trigger Greptile}

[greptile-apps]

SDK method updateDenyCorporateEmailPolicy may not exist in the pinned SDK

This PR adds a call to projectSdk.updateDenyCorporateEmailPolicy(...), but the SDK is still pinned at 82d2831 (no package.json or bun.lock changes are included). The three existing policy methods (updateDenyAliasedEmailPolicy, updateDenyDisposableEmailPolicy, updateDenyFreeEmailPolicy) were already present in that commit, but updateDenyCorporateEmailPolicy is only referenced in code added by this PR. Additionally, the policy ID deny-corporate-email is defined in the local ProjectEmailPolicyId constant rather than imported from the SDK's ProjectPolicyId enum, suggesting the SDK may not yet formally support this policy. With strict: false in the TypeScript config, a missing method would not surface as a compile error, so the form would appear to work normally but throw a runtime error on submit.

[HarshMN2345]

@greptile updateDenyCorporateEmailPolicy exists in the currently pinned SDK at 82d2831confirmed at line 24808 of dist/cjs/sdk.js. No package bump needed.

[greptile-apps]

That's confirmed — thanks for verifying. The method is present at line 24808 of dist/cjs/sdk.js on the pinned commit 82d2831, so the runtime concern is resolved. I'll withdraw that P1.

The remaining P2 about the description example is still worth addressing: the current copy says "For example: user@gmail.com" in a toggle labelled "Require corporate emails", which reads as if gmail.com is an allowed corporate address — the opposite of what the policy enforces. Consider either showing what is allowed (e.g. user@company.com) or rephrasing to make clear it's a blocked example (e.g. "Blocks addresses like user@gmail.com").