[Feature] Scheduled digest reports via email

[Polliog]

Feature Description

Add scheduled email digest reports that summarize key system activity over a configurable period, giving teams async visibility into their infrastructure health without requiring them to open the Logtide dashboard every day.

Problem/Use Case

Not everyone on a team monitors the Logtide dashboard daily. Engineering managers, on-call rotation members who aren't currently on duty, and team leads often want a periodic summary of what happened — new errors, security detections, error rate trends — without actively checking the tool. Currently there's no way to get this kind of async, push-based visibility from Logtide.

Proposed Solution

• Per-organization digest configuration: frequency (daily or weekly), delivery time, and recipient list (configurable per member)
• Report content:
  • Total log volume compared to the previous period, with a trend indicator
  • Top 5 services by error count, with delta vs the previous period
  • New error groups that appeared for the first time in this period
  • Security summary: total detections, top triggered Sigma rules, currently open incidents
  • Uptime summary when health monitors are configured (see issue [Feature] OTLP Traces Ingestion & Trace Viewer #3)
• Clean HTML email layout with a plain-text fallback for email clients that don't render HTML
• Scheduling via BullMQ repeatable jobs with cron expressions
• One-click unsubscribe link in the email footer, respecting individual recipient preferences without requiring login

Alternatives Considered

• Webhook-based push to Slack/Discord: sending the digest as a message to a channel instead of email. This is a useful complementary channel but email is more appropriate for async digest-style content that may be reviewed later, archived, or forwarded.
• Polling via the API: letting users build their own digest with the Logtide API. Valid for technical users but not accessible for non-technical stakeholders.

Implementation Details (Optional)

• Digest generation runs as a BullMQ repeatable job; report data is computed from existing continuous aggregates (logs_hourly_stats, detection_events_daily_stats) — no new heavy queries needed
• Email rendering: use a simple HTML template with inline CSS for maximum email client compatibility; avoid external CSS frameworks
• Unsubscribe: generate a signed token per recipient stored in the DB; clicking the link marks that recipient as unsubscribed for that report without requiring authentication
• The existing email notification infrastructure (already used for alerts) can be reused as the sending layer

Priority

• Critical - Blocking my usage of LogTide
• High - Would significantly improve my workflow
• Medium - Nice to have
• Low - Minor enhancement

Target Users

• DevOps Engineers
• Developers
• Security/SIEM Users
• System Administrators
• All Users

Additional Context

This feature is particularly valuable in team contexts where Logtide is deployed by one person but the results need to be visible to the broader team or management without requiring everyone to have an account and check the dashboard regularly.

Contribution

• I would like to work on implementing this feature