# Local Email and OTP Testing

Navi can test mobile email OTP for free with Mailpit. No paid SMS or email provider is required.

## What Runs Locally

- API SMTP sender: `EMAIL_PROVIDER=smtp`
- SMTP server: `localhost:1025`
- Web inbox: `http://localhost:8025`
- Mobile API target: `EXPO_PUBLIC_API_URL=http://localhost:4000`

## Start The Stack

```bash
./bin/bootstrap.sh
pnpm --filter @navi/api dev
pnpm --filter @navi/mobile start
```

Open the local email inbox:

```text
http://localhost:8025
```

## Test Signup OTP

1. Open the mobile app.
2. Create an account with any test email, for example `tourist@navi.test`.
3. The API sends the signup OTP email to Mailpit.
4. Open `http://localhost:8025` and read the code.
5. In development, the mobile OTP screen also shows `123456` as the development code.

## Test Password Reset OTP

1. Use the mobile forgot-password screen.
2. Enter the account email.
3. Open Mailpit and read the reset email.
4. Enter the OTP, then set the new password.

## Production Rule

Mailpit and `devCode` are only for local/staging testing. Production must use a real email/SMS provider and must not expose OTP codes in API responses.