feat: Add escalation engine improvements and admin reply actions

Restructure the escalation engine to produce richer upstream escalation
emails with full contact history, peer upstream notification, and
domain-specific boilerplate for known problem domains (e.g. Kiwi Farms).

Add admin reply actions so admins can act on provider replies: mark a
case resolved, trigger immediate escalation when a provider refuses, or
ignore an auto-reply that blocked the escalation timer.

Changes:
- New internal/boilerplate package for domain-specific context in emails
- Store: GetEmailChain (recursive CTE), ListAllRepliesByReport,
  ListEmailRepliesByEmails for batch-fetching reply history
- Escalation engine: EscalateNow() for admin-triggered immediate
  escalation, two-pass upstream resolution for peer notification,
  composeEscalationBody with contact history chain and boilerplate
- Admin: HandleReplyAction (resolve/escalate_now/ignore_autoreply),
  HandleReportView now shows outgoing emails and their replies
- Email composition: domain boilerplate integrated into initial reports
- Template: report.html shows email chain with replies and action buttons

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: lizthegrey

cmd/wizard/main.go

@@ -14,6 +14,7 @@ import (
 	"time"
 
 	wizard "github.com/endharassment/reporting-wizard"
+	"github.com/endharassment/reporting-wizard/internal/boilerplate"
 	"github.com/endharassment/reporting-wizard/internal/email"
 	"github.com/endharassment/reporting-wizard/internal/escalation"
 	"github.com/endharassment/reporting-wizard/internal/infra"
@@ -84,13 +85,19 @@ func main() {
 	// a local Tor SOCKS proxy is available).
 	srv.SetSnapshotter(snapshot.NewPlainHTTPSnapshotter())
 
+	// Initialize domain boilerplate database.
+	boilerplateDB := boilerplate.NewDB()
+	srv.SetBoilerplate(boilerplateDB)
+
 	// Start escalation engine.
 	logger := slog.Default()
 	abuseContactLookup := &infra.RDAPAbuseContactLookup{
 		RDAP: infra.NewRDAPClient(),
 		ASN:  infra.NewASNClient(),
 	}
 	escalationEngine := escalation.NewEngine(db, abuseContactLookup, cfg.EscalationDays, logger)
+	escalationEngine.SetBoilerplate(boilerplateDB)
+	srv.SetEscalator(escalationEngine)
 	go func() {
 		if err := escalationEngine.Run(ctx); err != nil && err != context.Canceled {
 			log.Printf("ERROR: escalation engine: %v", err)

internal/admin/admin.go

@@ -26,6 +26,11 @@ type UserFunc func(ctx context.Context) *model.User
 // CSRFFunc extracts the CSRF token from a context.
 type CSRFFunc func(ctx context.Context) string
 
+// Escalator triggers immediate escalation for an outgoing email.
+type Escalator interface {
+	EscalateNow(ctx context.Context, emailID string) (int, error)
+}
+
 // AdminHandler holds dependencies for admin route handlers.
 type AdminHandler struct {
 	store     store.Store
@@ -34,6 +39,7 @@ type AdminHandler struct {
 	templates *template.Template
 	getUser   UserFunc
 	getCSRF   CSRFFunc
+	escalator Escalator
 }
 
 // NewAdminHandler creates an AdminHandler.
@@ -48,6 +54,11 @@ func NewAdminHandler(s store.Store, d *infra.Discovery, emailCfg report.EmailCon
 	}
 }
 
+// SetEscalator configures the escalation engine for immediate escalation actions.
+func (h *AdminHandler) SetEscalator(e Escalator) {
+	h.escalator = e
+}
+
 // DashboardCounts holds the counts shown on the admin dashboard.
 type DashboardCounts struct {
 	PendingApproval   int
@@ -100,12 +111,16 @@ func (h *AdminHandler) HandleReportView(w http.ResponseWriter, r *http.Request)
 	}
 
 	evidence, _ := h.store.ListEvidenceByReport(r.Context(), reportID)
+	emails, _ := h.store.ListEmailsByReport(r.Context(), reportID)
+	repliesByEmail, _ := h.store.ListAllRepliesByReport(r.Context(), reportID)
 	auditLog, _ := h.store.ListAuditLogByTarget(r.Context(), reportID)
 
 	h.render(w, r, "report.html", map[string]interface{}{
-		"Report":   rpt,
-		"Evidence": evidence,
-		"AuditLog": auditLog,
+		"Report":         rpt,
+		"Evidence":       evidence,
+		"Emails":         emails,
+		"RepliesByEmail": repliesByEmail,
+		"AuditLog":       auditLog,
 	})
 }
 
@@ -425,7 +440,6 @@ func (h *AdminHandler) HandleReportAbuse(w http.ResponseWriter, r *http.Request)
 	})
 }
 
-
 // HandleSendEmailToUser sends a custom email to the user who filed the report.
 func (h *AdminHandler) HandleSendEmailToUser(w http.ResponseWriter, r *http.Request) {
 	reportID := chi.URLParam(r, "reportID")
@@ -457,6 +471,89 @@ func (h *AdminHandler) HandleSendEmailToUser(w http.ResponseWriter, r *http.Requ
 	http.Redirect(w, r, fmt.Sprintf("/admin/reports/%s", reportID), http.StatusFound)
 }
 
+// HandleReplyAction processes admin actions on email replies.
+// Supported actions: resolve, escalate_now, ignore_autoreply.
+func (h *AdminHandler) HandleReplyAction(w http.ResponseWriter, r *http.Request) {
+	emailID := chi.URLParam(r, "emailID")
+	user := h.getUser(r.Context())
+	action := r.FormValue("action")
+	notes := r.FormValue("notes")
+
+	email, err := h.store.GetOutgoingEmail(r.Context(), emailID)
+	if err != nil {
+		http.Error(w, "Email not found", http.StatusNotFound)
+		return
+	}
+
+	switch action {
+	case "resolve":
+		resolveNotes := "resolved"
+		if notes != "" {
+			resolveNotes = "resolved: " + notes
+		}
+		email.ResponseNotes = resolveNotes
+		if err := h.store.UpdateOutgoingEmail(r.Context(), email); err != nil {
+			log.Printf("ERROR: resolve email: %v", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			return
+		}
+
+		// Update report status to resolved.
+		rpt, err := h.store.GetReport(r.Context(), email.ReportID)
+		if err == nil {
+			rpt.Status = model.StatusResolved
+			rpt.UpdatedAt = time.Now().UTC()
+			_ = h.store.UpdateReport(r.Context(), rpt)
+		}
+
+		// Cancel pending escalation emails for this report.
+		reportEmails, _ := h.store.ListEmailsByReport(r.Context(), email.ReportID)
+		for _, re := range reportEmails {
+			if re.Status == model.EmailPendingApproval && re.EmailType == model.EmailTypeEscalation {
+				re.Status = model.EmailRejected
+				re.ResponseNotes = "cancelled: report resolved"
+				_ = h.store.UpdateOutgoingEmail(r.Context(), re)
+			}
+		}
+
+		h.createAuditEntry(r, user.ID, "reply_resolved", emailID,
+			fmt.Sprintf("Marked email to %s as resolved: %s", email.Recipient, notes))
+
+	case "escalate_now":
+		if h.escalator == nil {
+			http.Error(w, "Escalation engine not configured", http.StatusInternalServerError)
+			return
+		}
+
+		created, err := h.escalator.EscalateNow(r.Context(), emailID)
+		if err != nil {
+			log.Printf("ERROR: escalate now: %v", err)
+			http.Error(w, "Escalation failed", http.StatusInternalServerError)
+			return
+		}
+
+		h.createAuditEntry(r, user.ID, "reply_escalate_now", emailID,
+			fmt.Sprintf("Immediate escalation triggered for email to %s, %d escalation emails created", email.Recipient, created))
+
+	case "ignore_autoreply":
+		email.ResponseNotes = ""
+		if err := h.store.UpdateOutgoingEmail(r.Context(), email); err != nil {
+			log.Printf("ERROR: clear response notes: %v", err)
+			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+			return
+		}
+
+		h.createAuditEntry(r, user.ID, "reply_ignore_autoreply", emailID,
+			fmt.Sprintf("Auto-reply ignored for email to %s, escalation timer resumed", email.Recipient))
+
+	default:
+		http.Error(w, "Invalid action", http.StatusBadRequest)
+		return
+	}
+
+	http.Redirect(w, r, fmt.Sprintf("/admin/reports/%s", email.ReportID), http.StatusFound)
+}
+
 // --- Helpers ---
 
 func (h *AdminHandler) render(w http.ResponseWriter, r *http.Request, name string, data map[string]interface{}) {

internal/boilerplate/boilerplate.go

@@ -0,0 +1,106 @@
+package boilerplate
+
+import "strings"
+
+// DomainInfo holds contextual information about a known problem domain.
+type DomainInfo struct {
+	Domain      string   // primary exact domain match
+	Aliases     []string // additional exact domain matches
+	Patterns    []string // wildcard suffix patterns, e.g. "*.kiwifarms.*"
+	DisplayName string   // human-friendly name
+	Summary     string   // 1-2 sentence description for abuse reports
+	Context     string   // longer paragraph with history
+	KnownASNs   []int    // ASNs historically associated with this domain
+}
+
+// DB holds the collection of known domain entries.
+type DB struct {
+	domains []DomainInfo
+}
+
+// NewDB creates a DB populated with built-in domain entries.
+func NewDB() *DB {
+	return &DB{
+		domains: builtinDomains(),
+	}
+}
+
+// Lookup finds domain info for the given domain.
+// It checks exact matches first (Domain and Aliases), then wildcard Patterns.
+// Returns nil if no match is found. Matching is case-insensitive.
+func (db *DB) Lookup(domain string) *DomainInfo {
+	domain = strings.ToLower(domain)
+
+	// Exact match first.
+	for i := range db.domains {
+		if strings.ToLower(db.domains[i].Domain) == domain {
+			return &db.domains[i]
+		}
+		for _, alias := range db.domains[i].Aliases {
+			if strings.ToLower(alias) == domain {
+				return &db.domains[i]
+			}
+		}
+	}
+
+	// Wildcard pattern match.
+	for i := range db.domains {
+		for _, pattern := range db.domains[i].Patterns {
+			if matchWildcard(strings.ToLower(pattern), domain) {
+				return &db.domains[i]
+			}
+		}
+	}
+
+	return nil
+}
+
+// matchWildcard matches a pattern like "*.kiwifarms.*" against a domain.
+// Supported wildcards:
+//   - Leading "*." matches any subdomain prefix (including nested)
+//   - Trailing ".*" matches any TLD suffix
+func matchWildcard(pattern, domain string) bool {
+	// Handle leading "*."
+	if strings.HasPrefix(pattern, "*.") {
+		suffix := pattern[2:] // e.g., "kiwifarms.*"
+		// Check if suffix also has trailing wildcard
+		if strings.HasSuffix(suffix, ".*") {
+			// Pattern like "*.kiwifarms.*" -- domain must contain ".kiwifarms." or start with "kiwifarms."
+			core := suffix[:len(suffix)-2] // e.g., "kiwifarms"
+			return strings.Contains(domain, "."+core+".") ||
+				strings.HasPrefix(domain, core+".") ||
+				domain == core
+		}
+		// Pattern like "*.example.com" -- domain must end with ".example.com" or be exactly "example.com"
+		return strings.HasSuffix(domain, "."+suffix) || domain == suffix
+	}
+
+	// Handle trailing ".*" only
+	if strings.HasSuffix(pattern, ".*") {
+		prefix := pattern[:len(pattern)-2] // e.g., "kiwifarms"
+		return strings.HasPrefix(domain, prefix+".") || domain == prefix
+	}
+
+	// No wildcards, exact match
+	return pattern == domain
+}
+
+func builtinDomains() []DomainInfo {
+	return []DomainInfo{
+		{
+			Domain:      "kiwifarms.net",
+			Aliases:     []string{"kiwifarms.st", "kiwifarms.ru", "kiwifarms.is", "kiwifarms.top", "kiwifarms.cc"},
+			Patterns:    []string{"*.kiwifarms.*"},
+			DisplayName: "Kiwi Farms",
+			Summary:     "Kiwi Farms is a well-documented harassment and doxxing forum that has been linked to multiple suicides and real-world violence against its targets.",
+			Context: "Kiwi Farms (formerly known as CWCki Forums) is a website primarily dedicated to " +
+				"the targeted harassment, doxxing, and stalking of individuals. The site has been " +
+				"linked to at least three suicides and numerous cases of real-world harassment campaigns. " +
+				"Multiple infrastructure providers including Cloudflare (September 2022), DDoS-Guard, " +
+				"and various hosting providers have previously terminated service to this domain. " +
+				"The site frequently migrates between TLDs and hosting providers to evade enforcement. " +
+				"We encourage you to review this content under your acceptable use policy.",
+			KnownASNs: []int{},
+		},
+	}
+}

internal/boilerplate/boilerplate_test.go

@@ -0,0 +1,127 @@
+package boilerplate
+
+import "testing"
+
+func TestLookup(t *testing.T) {
+	db := NewDB()
+
+	tests := []struct {
+		name      string
+		domain    string
+		wantMatch bool
+		wantName  string
+	}{
+		{
+			name:      "exact primary domain match",
+			domain:    "kiwifarms.net",
+			wantMatch: true,
+			wantName:  "Kiwi Farms",
+		},
+		{
+			name:      "exact alias match",
+			domain:    "kiwifarms.st",
+			wantMatch: true,
+			wantName:  "Kiwi Farms",
+		},
+		{
+			name:      "case insensitive match",
+			domain:    "KiwiFarms.Net",
+			wantMatch: true,
+			wantName:  "Kiwi Farms",
+		},
+		{
+			name:      "wildcard subdomain match",
+			domain:    "forum.kiwifarms.net",
+			wantMatch: true,
+			wantName:  "Kiwi Farms",
+		},
+		{
+			name:      "wildcard with different TLD",
+			domain:    "kiwifarms.xyz",
+			wantMatch: true,
+			wantName:  "Kiwi Farms",
+		},
+		{
+			name:      "wildcard subdomain with different TLD",
+			domain:    "www.kiwifarms.co",
+			wantMatch: true,
+			wantName:  "Kiwi Farms",
+		},
+		{
+			name:      "nested subdomain match",
+			domain:    "a.b.kiwifarms.net",
+			wantMatch: true,
+			wantName:  "Kiwi Farms",
+		},
+		{
+			name:      "no match for unrelated domain",
+			domain:    "example.com",
+			wantMatch: false,
+		},
+		{
+			name:      "no match for partial name",
+			domain:    "notkiwifarms.net",
+			wantMatch: false,
+		},
+		{
+			name:      "no match for empty domain",
+			domain:    "",
+			wantMatch: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			info := db.Lookup(tt.domain)
+			if tt.wantMatch {
+				if info == nil {
+					t.Fatal("expected match, got nil")
+				}
+				if info.DisplayName != tt.wantName {
+					t.Errorf("DisplayName = %q, want %q", info.DisplayName, tt.wantName)
+				}
+				if info.Summary == "" {
+					t.Error("Summary should not be empty")
+				}
+				if info.Context == "" {
+					t.Error("Context should not be empty")
+				}
+			} else {
+				if info != nil {
+					t.Errorf("expected no match, got %+v", info)
+				}
+			}
+		})
+	}
+}
+
+func TestMatchWildcard(t *testing.T) {
+	tests := []struct {
+		name    string
+		pattern string
+		domain  string
+		want    bool
+	}{
+		{"leading wildcard match", "*.example.com", "sub.example.com", true},
+		{"leading wildcard exact", "*.example.com", "example.com", true},
+		{"leading wildcard no match", "*.example.com", "other.com", false},
+		{"trailing wildcard match", "example.*", "example.com", true},
+		{"trailing wildcard match org", "example.*", "example.org", true},
+		{"trailing wildcard no match", "example.*", "other.com", false},
+		{"both wildcards match", "*.kiwifarms.*", "forum.kiwifarms.net", true},
+		{"both wildcards bare domain", "*.kiwifarms.*", "kiwifarms.net", true},
+		{"both wildcards no match", "*.kiwifarms.*", "example.com", false},
+		{"exact pattern", "example.com", "example.com", true},
+		{"exact pattern no match", "example.com", "other.com", false},
+		{"no false prefix match", "*.kiwifarms.*", "notkiwifarms.net", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := matchWildcard(tt.pattern, tt.domain)
+			if got != tt.want {
+				t.Errorf("matchWildcard(%q, %q) = %v, want %v", tt.pattern, tt.domain, got, tt.want)
+			}
+		})
+	}
+}

internal/escalation/escalation.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/endharassment/reporting-wizard/internal/boilerplate"
 	"github.com/endharassment/reporting-wizard/internal/model"
 	"github.com/endharassment/reporting-wizard/internal/store"
 	"github.com/google/uuid"
@@ -17,11 +18,18 @@ type AbuseContactLookup interface {
 	LookupAbuseContactByASN(ctx context.Context, asn int) (string, error)
 }
 
+// upstreamTarget holds a resolved upstream ASN and its abuse contact.
+type upstreamTarget struct {
+	ASN          int
+	AbuseContact string
+}
+
 // Engine checks for emails that are due for escalation and creates
 // escalation emails to upstream providers.
 type Engine struct {
 	store          store.Store
 	abuseContact   AbuseContactLookup
+	boilerplate    *boilerplate.DB
 	escalationDays int
 	tickInterval   time.Duration
 	logger         *slog.Logger
@@ -38,6 +46,11 @@ func NewEngine(s store.Store, ac AbuseContactLookup, escalationDays int, logger
 	}
 }
 
+// SetBoilerplate configures the domain boilerplate database.
+func (e *Engine) SetBoilerplate(db *boilerplate.DB) {
+	e.boilerplate = db
+}
+
 // SetTickInterval overrides the default tick interval (for testing).
 func (e *Engine) SetTickInterval(d time.Duration) {
 	e.tickInterval = d
@@ -63,6 +76,24 @@ func (e *Engine) Run(ctx context.Context) error {
 	}
 }
 
+// EscalateNow immediately triggers escalation for a specific email,
+// bypassing the escalation timer. This is used when an admin sees a
+// provider refusal and wants to escalate right away.
+func (e *Engine) EscalateNow(ctx context.Context, emailID string) (int, error) {
+	email, err := e.store.GetOutgoingEmail(ctx, emailID)
+	if err != nil {
+		return 0, fmt.Errorf("getting email %s: %w", emailID, err)
+	}
+
+	// Clear ResponseNotes so the email is eligible for escalation.
+	email.ResponseNotes = ""
+	if err := e.store.UpdateOutgoingEmail(ctx, email); err != nil {
+		return 0, fmt.Errorf("clearing response_notes for email %s: %w", emailID, err)
+	}
+
+	return e.escalateEmail(ctx, email, time.Now().UTC())
+}
+
 // checkAndEscalate finds emails due for escalation and creates escalation
 // emails to upstream providers.
 func (e *Engine) checkAndEscalate(ctx context.Context) {
@@ -112,6 +143,32 @@ func (e *Engine) escalateEmail(ctx context.Context, email *model.OutgoingEmail,
 		return 0, fmt.Errorf("listing infra results for report %s: %w", email.ReportID, err)
 	}
 
+	// Get the full email chain for contact history.
+	chain, err := e.store.GetEmailChain(ctx, email.ID)
+	if err != nil {
+		e.logger.Warn("could not fetch email chain, proceeding without history",
+			"email_id", email.ID, "error", err)
+		chain = []*model.OutgoingEmail{email}
+	}
+
+	// Batch-fetch replies for all emails in the chain.
+	chainIDs := make([]string, len(chain))
+	for i, ce := range chain {
+		chainIDs[i] = ce.ID
+	}
+	repliesByEmail, err := e.store.ListEmailRepliesByEmails(ctx, chainIDs)
+	if err != nil {
+		e.logger.Warn("could not fetch chain replies, proceeding without",
+			"email_id", email.ID, "error", err)
+		repliesByEmail = make(map[string][]*model.EmailReply)
+	}
+
+	// Look up domain boilerplate.
+	var domainInfo *boilerplate.DomainInfo
+	if e.boilerplate != nil {
+		domainInfo = e.boilerplate.Lookup(report.Domain)
+	}
+
 	// Collect unique upstream ASNs across all infra results.
 	upstreamASNs := make(map[int]bool)
 	for _, ir := range infraResults {
@@ -127,54 +184,52 @@ func (e *Engine) escalateEmail(ctx context.Context, email *model.OutgoingEmail,
 		)
 	}
 
-	created := 0
-	// Deduplicate abuse contacts to avoid sending multiple emails to the same address.
+	// First pass: resolve all upstream contacts so we know the full peer set.
+	var targets []upstreamTarget
 	seenContacts := make(map[string]bool)
 
 	for asn := range upstreamASNs {
 		abuseContact, err := e.abuseContact.LookupAbuseContactByASN(ctx, asn)
 		if err != nil {
 			e.logger.Error("looking up abuse contact for upstream ASN",
-				"asn", asn,
-				"email_id", email.ID,
-				"error", err,
-			)
+				"asn", asn, "email_id", email.ID, "error", err)
 			continue
 		}
 		if abuseContact == "" {
 			e.logger.Warn("no abuse contact found for upstream ASN",
-				"asn", asn,
-				"email_id", email.ID,
-			)
+				"asn", asn, "email_id", email.ID)
 			continue
 		}
-
 		if seenContacts[abuseContact] {
 			continue
 		}
 		seenContacts[abuseContact] = true
+		targets = append(targets, upstreamTarget{ASN: asn, AbuseContact: abuseContact})
+	}
 
-		sentDate := ""
-		if email.SentAt != nil {
-			sentDate = email.SentAt.Format("2006-01-02")
-		} else {
-			sentDate = email.CreatedAt.Format("2006-01-02")
+	// Second pass: create escalation emails with full context.
+	created := 0
+	for _, target := range targets {
+		// Build peer list (all other targets in this batch).
+		var peers []upstreamTarget
+		for _, other := range targets {
+			if other.ASN != target.ASN {
+				peers = append(peers, other)
+			}
 		}
 
-		days := int(now.Sub(email.CreatedAt).Hours() / 24)
-
-		body := composeEscalationBody(report, email, asn, sentDate, days)
-		subject := fmt.Sprintf("Escalation: Abuse Report for %s (upstream AS%d)", report.Domain, asn)
+		body := composeEscalationBody(report, chain, repliesByEmail, target.ASN, peers, domainInfo, now)
+		subject := fmt.Sprintf("Escalation: Abuse Report for %s (upstream AS%d)", report.Domain, target.ASN)
 
 		escAfter := now.Add(time.Duration(e.escalationDays) * 24 * time.Hour)
 
 		escEmail := &model.OutgoingEmail{
 			ID:            uuid.New().String(),
 			ReportID:      email.ReportID,
 			ParentEmailID: email.ID,
-			Recipient:     abuseContact,
-			RecipientOrg:  fmt.Sprintf("AS%d", asn),
-			TargetASN:     asn,
+			Recipient:     target.AbuseContact,
+			RecipientOrg:  fmt.Sprintf("AS%d", target.ASN),
+			TargetASN:     target.ASN,
 			EmailType:     model.EmailTypeEscalation,
 			XARFJson:      email.XARFJson,
 			EmailSubject:  subject,
@@ -186,7 +241,7 @@ func (e *Engine) escalateEmail(ctx context.Context, email *model.OutgoingEmail,
 
 		if err := e.store.CreateOutgoingEmail(ctx, escEmail); err != nil {
 			e.logger.Error("creating escalation email",
-				"upstream_asn", asn,
+				"upstream_asn", target.ASN,
 				"email_id", email.ID,
 				"error", err,
 			)
@@ -195,8 +250,8 @@ func (e *Engine) escalateEmail(ctx context.Context, email *model.OutgoingEmail,
 
 		e.logger.Info("created escalation email",
 			"escalation_id", escEmail.ID,
-			"upstream_asn", asn,
-			"recipient", abuseContact,
+			"upstream_asn", target.ASN,
+			"recipient", target.AbuseContact,
 			"parent_email_id", email.ID,
 		)
 		created++
@@ -211,29 +266,119 @@ func (e *Engine) escalateEmail(ctx context.Context, email *model.OutgoingEmail,
 	return created, nil
 }
 
-func composeEscalationBody(report *model.Report, original *model.OutgoingEmail, upstreamASN int, sentDate string, days int) string {
+func composeEscalationBody(
+	report *model.Report,
+	chain []*model.OutgoingEmail,
+	repliesByEmail map[string][]*model.EmailReply,
+	targetASN int,
+	peers []upstreamTarget,
+	domainInfo *boilerplate.DomainInfo,
+	now time.Time,
+) string {
 	var b strings.Builder
 
 	b.WriteString("Dear Abuse Team,\n\n")
-	b.WriteString(fmt.Sprintf(
-		"Report %s regarding %s was filed with %s (AS%d) on %s. "+
-			"No action has been taken after %d days. "+
-			"We are escalating to you as an upstream provider.\n\n",
-		report.ID, report.Domain, original.Recipient, original.TargetASN, sentDate, days,
-	))
-
-	b.WriteString("Original report details:\n")
-	b.WriteString(fmt.Sprintf("  Domain: %s\n", report.Domain))
+
+	// Identify the downstream provider (first email in the chain, the initial report).
+	if len(chain) > 0 {
+		initial := chain[0]
+		b.WriteString(fmt.Sprintf(
+			"We are escalating an abuse report regarding %s to you as an upstream "+
+				"provider of %s (AS%d).\n\n",
+			report.Domain, initial.RecipientOrg, initial.TargetASN,
+		))
+	}
+
+	// Contact History section.
+	if len(chain) > 0 {
+		b.WriteString("== Contact History ==\n\n")
+		for i, ce := range chain {
+			sentDate := "not yet sent"
+			if ce.SentAt != nil {
+				sentDate = ce.SentAt.Format("2006-01-02")
+			}
+
+			label := "Initial report"
+			if ce.EmailType == model.EmailTypeEscalation {
+				label = "Escalation"
+			}
+
+			b.WriteString(fmt.Sprintf("%d. %s to %s (%s)\n",
+				i+1, label, ce.Recipient, ce.RecipientOrg))
+			b.WriteString(fmt.Sprintf("   Sent: %s\n", sentDate))
+
+			// Show replies for this email.
+			replies := repliesByEmail[ce.ID]
+			if len(replies) > 0 {
+				for _, r := range replies {
+					b.WriteString(fmt.Sprintf("   Reply from %s on %s:\n",
+						r.FromAddress, r.CreatedAt.Format("2006-01-02")))
+					// Truncate reply body to 500 chars for the escalation email.
+					body := r.Body
+					if len(body) > 500 {
+						body = body[:500] + "..."
+					}
+					// Indent each line of the reply.
+					for _, line := range strings.Split(body, "\n") {
+						b.WriteString(fmt.Sprintf("     %s\n", line))
+					}
+				}
+			}
+
+			// Show status.
+			if ce.ResponseNotes == "escalated" {
+				if ce.SentAt != nil {
+					days := int(now.Sub(*ce.SentAt).Hours() / 24)
+					b.WriteString(fmt.Sprintf("   Status: No action taken after %d days\n", days))
+				} else {
+					b.WriteString("   Status: Escalated\n")
+				}
+			} else if ce.ResponseNotes != "" && len(replies) == 0 {
+				b.WriteString(fmt.Sprintf("   Status: %s\n", ce.ResponseNotes))
+			} else if len(replies) > 0 {
+				b.WriteString("   Status: Reply received, no resolution\n")
+			} else {
+				b.WriteString("   Status: No response\n")
+			}
+			b.WriteString("\n")
+		}
+
+		b.WriteString(fmt.Sprintf("%d. Current escalation to you (AS%d)\n\n",
+			len(chain)+1, targetASN))
+	}
+
+	// Domain boilerplate section.
+	if domainInfo != nil {
+		b.WriteString(fmt.Sprintf("== Context regarding %s ==\n\n", domainInfo.DisplayName))
+		b.WriteString(domainInfo.Summary)
+		b.WriteString("\n\n")
+		b.WriteString(domainInfo.Context)
+		b.WriteString("\n\n")
+	}
+
+	// Peer escalations section.
+	if len(peers) > 0 {
+		b.WriteString("== Peer Escalations ==\n\n")
+		b.WriteString("This report is also being escalated to:\n")
+		for _, peer := range peers {
+			b.WriteString(fmt.Sprintf("  - %s (AS%d)\n", peer.AbuseContact, peer.ASN))
+		}
+		b.WriteString("\n")
+	}
+
+	// Original report details.
+	b.WriteString("== Original Report Details ==\n\n")
+	b.WriteString(fmt.Sprintf("Domain: %s\n", report.Domain))
 	if len(report.URLs) > 0 {
-		b.WriteString("  URLs:\n")
+		b.WriteString("URLs:\n")
 		for _, u := range report.URLs {
-			b.WriteString(fmt.Sprintf("    - %s\n", u))
+			b.WriteString(fmt.Sprintf("  - %s\n", u))
 		}
 	}
-	b.WriteString(fmt.Sprintf("  Violation: %s\n", report.ViolationType))
-	b.WriteString(fmt.Sprintf("  Description: %s\n\n", report.Description))
+	b.WriteString(fmt.Sprintf("Violation: %s\n", report.ViolationType))
+	b.WriteString(fmt.Sprintf("Description: %s\n\n", report.Description))
 
-	b.WriteString("The original machine-readable X-ARF v4 report is attached to this email.\n\n")
+	b.WriteString("A machine-readable X-ARF v4 report is attached to this email.\n\n")
 	b.WriteString("We request that you investigate this matter and take appropriate action.\n\n")
 	b.WriteString("Regards,\n")
 	b.WriteString("End Network Harassment Inc Reporting Wizard\n")

internal/escalation/escalation_test.go

@@ -6,6 +6,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/endharassment/reporting-wizard/internal/boilerplate"
 	"github.com/endharassment/reporting-wizard/internal/model"
 	"github.com/google/uuid"
 	"github.com/sendgrid/sendgrid-go"
@@ -21,6 +22,8 @@ type EmailConfig struct {
 	SandboxMode bool
 	// SendGridAPIKey is the API key for SendGrid.
 	SendGridAPIKey string
+	// Boilerplate provides domain-specific context for known problem domains.
+	Boilerplate *boilerplate.DB
 }
 
 // ComposeEmail builds a model.OutgoingEmail from a report, its infrastructure
@@ -86,6 +89,17 @@ func composeBody(cfg EmailConfig, report *model.Report, infraResults []*model.In
 	b.WriteString(report.Description)
 	b.WriteString("\n\n")
 
+	// Add domain-specific boilerplate if available.
+	if cfg.Boilerplate != nil {
+		if info := cfg.Boilerplate.Lookup(report.Domain); info != nil {
+			b.WriteString(fmt.Sprintf("Context regarding %s:\n", info.DisplayName))
+			b.WriteString(info.Summary)
+			b.WriteString("\n\n")
+			b.WriteString(info.Context)
+			b.WriteString("\n\n")
+		}
+	}
+
 	if len(infraResults) > 0 {
 		b.WriteString("Infrastructure Details:\n")
 		for _, ir := range infraResults {

internal/report/email.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/endharassment/reporting-wizard/internal/admin"
+	"github.com/endharassment/reporting-wizard/internal/boilerplate"
 	"github.com/endharassment/reporting-wizard/internal/infra"
 	"github.com/endharassment/reporting-wizard/internal/report"
 	"github.com/endharassment/reporting-wizard/internal/store"
@@ -52,6 +53,7 @@ type Server struct {
 	router      chi.Router
 	staticFS    fs.FS
 	snapshotter Snapshotter
+	escalator   admin.Escalator
 }
 
 // NewServer creates a new Server from the given config, store, and filesystem assets.
@@ -168,6 +170,9 @@ func (s *Server) routes() chi.Router {
 			UserFromContext,
 			func(ctx context.Context) string { return CSRFTokenFromContext(ctx) },
 		)
+		if s.escalator != nil {
+			ah.SetEscalator(s.escalator)
+		}
 
 		r.Get("/admin", ah.HandleDashboard)
 		r.Get("/admin/queue", ah.HandleQueue)
@@ -179,6 +184,7 @@ func (s *Server) routes() chi.Router {
 		r.Get("/admin/emails/{emailID}", ah.HandleEmailPreview)
 		r.Post("/admin/emails/{emailID}/approve", ah.HandleEmailApprove)
 		r.Post("/admin/emails/{emailID}/reject", ah.HandleEmailReject)
+		r.Post("/admin/emails/{emailID}/reply-action", ah.HandleReplyAction)
 		r.Get("/admin/evidence/{evidenceID}", ah.HandleAdminEvidenceDownload)
 		r.Get("/admin/users", ah.HandleListUsers)
 		r.Post("/admin/users/{userID}/ban", ah.HandleBanUser)
@@ -198,6 +204,16 @@ func (s *Server) SetSnapshotter(snap Snapshotter) {
 	s.snapshotter = snap
 }
 
+// SetBoilerplate configures the domain boilerplate database for email composition.
+func (s *Server) SetBoilerplate(db *boilerplate.DB) {
+	s.emailCfg.Boilerplate = db
+}
+
+// SetEscalator configures the escalation engine for admin immediate-escalation actions.
+func (s *Server) SetEscalator(e admin.Escalator) {
+	s.escalator = e
+}
+
 // Stop cleans up server resources.
 func (s *Server) Stop() {
 	s.rl.Stop()

internal/server/server.go

@@ -78,7 +78,6 @@ func (s *SQLiteStore) GetUserByEmail(ctx context.Context, email string) (*model.
 		`SELECT id, email, name, is_admin, banned, google_access_token, google_refresh_token, google_token_expiry, created_at FROM users WHERE email = ?`, email))
 }
 
-
 func (s *SQLiteStore) UpdateUser(ctx context.Context, user *model.User) error {
 	_, err := s.db.ExecContext(ctx,
 		`UPDATE users SET email = ?, name = ?, is_admin = ?, google_access_token = ?, google_refresh_token = ?, google_token_expiry = ? WHERE id = ?`,
@@ -115,7 +114,6 @@ type scannable interface {
 	Scan(dest ...interface{}) error
 }
 
-
 func (s *SQLiteStore) CreateUser(ctx context.Context, user *model.User) error {
 	_, err := s.db.ExecContext(ctx,
 		`INSERT INTO users (id, email, name, is_admin, banned, google_access_token, google_refresh_token, google_token_expiry, created_at)
@@ -632,6 +630,92 @@ func (s *SQLiteStore) ListEmailRepliesByEmail(ctx context.Context, emailID strin
 	return replies, rows.Err()
 }
 
+func (s *SQLiteStore) GetEmailChain(ctx context.Context, emailID string) ([]*model.OutgoingEmail, error) {
+	query := `WITH RECURSIVE chain AS (
+		SELECT id, parent_email_id FROM outgoing_emails WHERE id = ?
+		UNION ALL
+		SELECT oe.id, oe.parent_email_id FROM outgoing_emails oe
+		JOIN chain c ON c.parent_email_id = oe.id
+		WHERE c.parent_email_id != ''
+	)
+	SELECT id, report_id, parent_email_id, recipient, recipient_org, target_asn, email_type,
+	 xarf_json, email_subject, email_body, status, approved_by, approved_at, sent_at,
+	 sendgrid_id, escalate_after, response_notes, created_at
+	 FROM outgoing_emails WHERE id IN (SELECT id FROM chain)
+	 ORDER BY created_at ASC`
+
+	rows, err := s.db.QueryContext(ctx, query, emailID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+	return s.scanEmails(rows)
+}
+
+func (s *SQLiteStore) ListAllRepliesByReport(ctx context.Context, reportID string) (map[string][]*model.EmailReply, error) {
+	rows, err := s.db.QueryContext(ctx,
+		`SELECT er.id, er.outgoing_email_id, er.from_address, er.body, er.created_at
+		 FROM email_replies er
+		 JOIN outgoing_emails oe ON er.outgoing_email_id = oe.id
+		 WHERE oe.report_id = ?
+		 ORDER BY er.created_at`, reportID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	result := make(map[string][]*model.EmailReply)
+	for rows.Next() {
+		var r model.EmailReply
+		var createdAt string
+		err := rows.Scan(&r.ID, &r.OutgoingEmailID, &r.FromAddress, &r.Body, &createdAt)
+		if err != nil {
+			return nil, err
+		}
+		r.CreatedAt, _ = time.Parse(timeFormat, createdAt)
+		result[r.OutgoingEmailID] = append(result[r.OutgoingEmailID], &r)
+	}
+	return result, rows.Err()
+}
+
+func (s *SQLiteStore) ListEmailRepliesByEmails(ctx context.Context, emailIDs []string) (map[string][]*model.EmailReply, error) {
+	if len(emailIDs) == 0 {
+		return make(map[string][]*model.EmailReply), nil
+	}
+
+	placeholders := make([]string, len(emailIDs))
+	args := make([]interface{}, len(emailIDs))
+	for i, id := range emailIDs {
+		placeholders[i] = "?"
+		args[i] = id
+	}
+
+	query := fmt.Sprintf(
+		`SELECT id, outgoing_email_id, from_address, body, created_at
+		 FROM email_replies WHERE outgoing_email_id IN (%s)
+		 ORDER BY created_at`,
+		strings.Join(placeholders, ", "))
+
+	rows, err := s.db.QueryContext(ctx, query, args...)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	result := make(map[string][]*model.EmailReply)
+	for rows.Next() {
+		var r model.EmailReply
+		var createdAt string
+		err := rows.Scan(&r.ID, &r.OutgoingEmailID, &r.FromAddress, &r.Body, &createdAt)
+		if err != nil {
+			return nil, err
+		}
+		r.CreatedAt, _ = time.Parse(timeFormat, createdAt)
+		result[r.OutgoingEmailID] = append(result[r.OutgoingEmailID], &r)
+	}
+	return result, rows.Err()
+}
+
 // --- Helpers ---
 
 func boolToInt(b bool) int {

internal/store/sqlite.go

@@ -60,4 +60,7 @@ type Store interface {
 	// Email Replies
 	CreateEmailReply(ctx context.Context, reply *model.EmailReply) error
 	ListEmailRepliesByEmail(ctx context.Context, emailID string) ([]*model.EmailReply, error)
+	GetEmailChain(ctx context.Context, emailID string) ([]*model.OutgoingEmail, error)
+	ListAllRepliesByReport(ctx context.Context, reportID string) (map[string][]*model.EmailReply, error)
+	ListEmailRepliesByEmails(ctx context.Context, emailIDs []string) (map[string][]*model.EmailReply, error)
 }

internal/store/store.go

@@ -51,6 +51,80 @@ <h2>Evidence</h2>
     {{ end }}
   </section>
 
+  {{ if .Emails }}
+  <section class="detail-section">
+    <h2>Outgoing Emails &amp; Replies</h2>
+    {{ range .Emails }}
+    <div class="email-entry" id="email-{{ .ID }}">
+      <h3>
+        {{ if eq (string .EmailType) "escalation" }}Escalation{{ else }}Initial Report{{ end }}
+        to {{ .Recipient }} ({{ .RecipientOrg }})
+      </h3>
+      <dl>
+        <dt>Status</dt>
+        <dd><span class="badge badge-{{ .Status }}">{{ .Status }}</span></dd>
+        <dt>Created</dt>
+        <dd><time datetime="{{ .CreatedAt.Format "2006-01-02T15:04:05Z" }}">{{ .CreatedAt.Format "Jan 2, 2006 3:04 PM" }}</time></dd>
+        {{ if .SentAt }}
+        <dt>Sent</dt>
+        <dd><time datetime="{{ .SentAt.Format "2006-01-02T15:04:05Z" }}">{{ .SentAt.Format "Jan 2, 2006 3:04 PM" }}</time></dd>
+        {{ end }}
+        {{ if .EscalateAfter }}
+        <dt>Escalate After</dt>
+        <dd><time datetime="{{ .EscalateAfter.Format "2006-01-02T15:04:05Z" }}">{{ .EscalateAfter.Format "Jan 2, 2006 3:04 PM" }}</time></dd>
+        {{ end }}
+        {{ if .ResponseNotes }}
+        <dt>Response Notes</dt>
+        <dd>{{ .ResponseNotes }}</dd>
+        {{ end }}
+      </dl>
+
+      {{ $replies := index $.RepliesByEmail .ID }}
+      {{ if $replies }}
+      <div class="replies">
+        <h4>Replies</h4>
+        {{ range $replies }}
+        <div class="reply-entry">
+          <p class="reply-meta">
+            From <strong>{{ .FromAddress }}</strong> on
+            <time datetime="{{ .CreatedAt.Format "2006-01-02T15:04:05Z" }}">{{ .CreatedAt.Format "Jan 2, 2006 3:04 PM" }}</time>
+          </p>
+          <pre class="reply-body">{{ .Body }}</pre>
+        </div>
+        {{ end }}
+      </div>
+      {{ end }}
+
+      {{ if eq (string .Status) "sent" }}
+      <div class="reply-actions">
+        <form method="post" action="/admin/emails/{{ .ID }}/reply-action" style="display:inline">
+          <input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">
+          <input type="hidden" name="action" value="resolve">
+          <input type="text" name="notes" placeholder="Resolution notes..." style="width:300px">
+          <button type="submit" class="btn btn-primary btn-sm"
+            onclick="return confirm('Mark this case as resolved?')">Resolve</button>
+        </form>
+        <form method="post" action="/admin/emails/{{ .ID }}/reply-action" style="display:inline">
+          <input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">
+          <input type="hidden" name="action" value="escalate_now">
+          <button type="submit" class="btn btn-danger btn-sm"
+            onclick="return confirm('Immediately escalate to upstream providers?')">Escalate Now</button>
+        </form>
+        {{ if .ResponseNotes }}
+        <form method="post" action="/admin/emails/{{ .ID }}/reply-action" style="display:inline">
+          <input type="hidden" name="csrf_token" value="{{ $.CSRFToken }}">
+          <input type="hidden" name="action" value="ignore_autoreply">
+          <button type="submit" class="btn btn-secondary btn-sm"
+            onclick="return confirm('Ignore auto-reply and resume escalation timer?')">Ignore Auto-Reply</button>
+        </form>
+        {{ end }}
+      </div>
+      {{ end }}
+    </div>
+    {{ end }}
+  </section>
+  {{ end }}
+
   {{ if eq (string .Report.Status) "cloudflare_pending" }}
   <section class="detail-section">
     <h2>Cloudflare Origin IP</h2>