@authrim/setup 0.1.0

package/dist/core/wrangler.js

@@ -0,0 +1,398 @@
+/**
+ * Wrangler Configuration Generator
+ *
+ * Generates wrangler.toml files for each component based on environment
+ * configuration and resource IDs from authrim-lock.json.
+ */
+import { getWorkerName, getDOScriptName, DURABLE_OBJECTS, D1_DATABASES, } from './naming.js';
+// =============================================================================
+// Component-specific KV Requirements
+// =============================================================================
+const COMPONENT_KV_BINDINGS = {
+    'ar-lib-core': ['AUTHRIM_CONFIG'],
+    'ar-discovery': ['AUTHRIM_CONFIG'],
+    'ar-auth': ['CLIENTS_CACHE', 'SETTINGS', 'USER_CACHE', 'CONSENT_CACHE', 'AUTHRIM_CONFIG'],
+    'ar-token': ['CLIENTS_CACHE', 'SETTINGS', 'AUTHRIM_CONFIG'],
+    'ar-userinfo': ['SETTINGS', 'AUTHRIM_CONFIG'],
+    'ar-management': [
+        'CLIENTS_CACHE',
+        'SETTINGS',
+        'USER_CACHE',
+        'INITIAL_ACCESS_TOKENS',
+        'AUTHRIM_CONFIG',
+    ],
+    'ar-router': ['AUTHRIM_CONFIG'],
+    'ar-async': ['AUTHRIM_CONFIG'],
+    'ar-policy': ['REBAC_CACHE', 'AUTHRIM_CONFIG'],
+    'ar-saml': ['SETTINGS', 'AUTHRIM_CONFIG'],
+    'ar-bridge': ['SETTINGS', 'AUTHRIM_CONFIG'],
+    'ar-vc': ['AUTHRIM_CONFIG'],
+};
+// =============================================================================
+// Component-specific DO Requirements
+// =============================================================================
+const COMPONENT_DO_BINDINGS = {
+    'ar-lib-core': [], // Defines DOs, doesn't reference external
+    'ar-discovery': ['KEY_MANAGER'],
+    'ar-auth': [
+        'KEY_MANAGER',
+        'SESSION_STORE',
+        'AUTH_CODE_STORE',
+        'CHALLENGE_STORE',
+        'RATE_LIMITER',
+        'PAR_REQUEST_STORE',
+        'VERSION_MANAGER',
+    ],
+    'ar-token': [
+        'KEY_MANAGER',
+        'AUTH_CODE_STORE',
+        'REFRESH_TOKEN_ROTATOR',
+        'DPOP_JTI_STORE',
+        'DEVICE_CODE_STORE',
+        'CIBA_REQUEST_STORE',
+        'TOKEN_REVOCATION_STORE',
+    ],
+    'ar-userinfo': ['KEY_MANAGER', 'SESSION_STORE'],
+    'ar-management': ['KEY_MANAGER', 'VERSION_MANAGER', 'RATE_LIMITER'],
+    'ar-router': ['VERSION_MANAGER'],
+    'ar-async': [],
+    'ar-policy': ['PERMISSION_CHANGE_HUB'],
+    'ar-saml': ['KEY_MANAGER', 'SAML_REQUEST_STORE', 'SESSION_STORE'],
+    'ar-bridge': ['SESSION_STORE'],
+    'ar-vc': ['KEY_MANAGER'],
+};
+// =============================================================================
+// Component Entry Points
+// =============================================================================
+const COMPONENT_ENTRY_POINTS = {
+    'ar-lib-core': 'src/durable-objects/index.ts',
+    'ar-discovery': 'src/index.ts',
+    'ar-auth': 'src/index.ts',
+    'ar-token': 'src/index.ts',
+    'ar-userinfo': 'src/index.ts',
+    'ar-management': 'src/index.ts',
+    'ar-router': 'src/index.ts',
+    'ar-async': 'src/index.ts',
+    'ar-policy': 'src/index.ts',
+    'ar-saml': 'src/index.ts',
+    'ar-bridge': 'src/index.ts',
+    'ar-vc': 'src/index.ts',
+};
+// =============================================================================
+// Generator Functions
+// =============================================================================
+/**
+ * Generate wrangler.toml configuration for a component
+ */
+export function generateWranglerConfig(component, config, resourceIds) {
+    const env = config.environment.prefix;
+    const workerName = getWorkerName(env, component);
+    // Base configuration
+    const wranglerConfig = {
+        name: workerName,
+        main: COMPONENT_ENTRY_POINTS[component],
+        compatibility_date: '2024-09-23',
+        compatibility_flags: ['nodejs_compat'],
+        workers_dev: !config.urls?.api?.custom, // Enable workers_dev if no custom domain
+        vars: generateEnvVars(component, config),
+    };
+    // Placement (off for better performance with sharded DOs)
+    wranglerConfig.placement = { mode: 'off' };
+    // KV Namespaces
+    const kvBindings = COMPONENT_KV_BINDINGS[component];
+    if (kvBindings.length > 0) {
+        wranglerConfig.kv_namespaces = kvBindings
+            .filter((binding) => resourceIds.kv[binding])
+            .map((binding) => ({
+            binding,
+            id: resourceIds.kv[binding].id,
+        }));
+    }
+    // D1 Databases (most components need both)
+    if (component !== 'ar-router' && component !== 'ar-async') {
+        wranglerConfig.d1_databases = D1_DATABASES.map((db) => ({
+            binding: db.binding,
+            database_name: resourceIds.d1[db.binding]?.name || '',
+            database_id: resourceIds.d1[db.binding]?.id || '',
+        })).filter((db) => db.database_id);
+    }
+    // Durable Objects
+    if (component === 'ar-lib-core') {
+        // ar-lib-core defines all DOs
+        wranglerConfig.durable_objects = {
+            bindings: DURABLE_OBJECTS.map((dob) => ({
+                name: dob.name,
+                class_name: dob.className,
+            })),
+        };
+        // Migrations for ar-lib-core
+        wranglerConfig.migrations = generateDOMigrations();
+    }
+    else {
+        // Other components reference DOs from ar-lib-core
+        const doBindings = COMPONENT_DO_BINDINGS[component];
+        if (doBindings.length > 0) {
+            const scriptName = getDOScriptName(env);
+            wranglerConfig.durable_objects = {
+                bindings: doBindings.map((doName) => {
+                    const doDef = DURABLE_OBJECTS.find((d) => d.name === doName);
+                    return {
+                        name: doName,
+                        class_name: doDef?.className || doName,
+                        script_name: scriptName,
+                    };
+                }),
+            };
+        }
+    }
+    // R2 Buckets (optional)
+    if (config.features.r2?.enabled && resourceIds.r2) {
+        if (component === 'ar-auth' || component === 'ar-management') {
+            wranglerConfig.r2_buckets = [
+                {
+                    binding: 'AVATARS',
+                    bucket_name: resourceIds.r2['AVATARS']?.name || `${env}-authrim-avatars`,
+                },
+            ];
+        }
+    }
+    // Queues (optional)
+    if (config.features.queue?.enabled && resourceIds.queues) {
+        if (component === 'ar-auth' || component === 'ar-token') {
+            wranglerConfig.queues = {
+                producers: [
+                    {
+                        queue: resourceIds.queues['AUDIT_QUEUE']?.name || `${env}-audit-queue`,
+                        binding: 'AUDIT_QUEUE',
+                    },
+                ],
+            };
+        }
+    }
+    return wranglerConfig;
+}
+/**
+ * Generate environment variables for a component
+ */
+function generateEnvVars(component, config) {
+    const vars = {};
+    // Common variables
+    const issuerUrl = config.urls?.api?.custom || config.urls?.api?.auto || '';
+    const uiUrl = config.urls?.loginUi?.custom || config.urls?.loginUi?.auto || issuerUrl;
+    if (component === 'ar-auth' || component === 'ar-token' || component === 'ar-discovery') {
+        vars['ISSUER_URL'] = issuerUrl;
+    }
+    if (component === 'ar-auth') {
+        vars['UI_URL'] = uiUrl;
+        vars['CONFORMANCE_MODE'] = 'false';
+    }
+    // OIDC settings
+    if (component === 'ar-auth' || component === 'ar-token') {
+        vars['TOKEN_EXPIRY'] = config.oidc.accessTokenTtl.toString();
+        vars['CODE_EXPIRY'] = config.oidc.authCodeTtl.toString();
+        vars['STATE_EXPIRY'] = '300';
+        vars['NONCE_EXPIRY'] = '300';
+        vars['REFRESH_TOKEN_EXPIRY'] = config.oidc.refreshTokenTtl.toString();
+    }
+    // Key configuration
+    if (config.keys.keyId) {
+        vars['KEY_ID'] = config.keys.keyId;
+    }
+    // Security settings
+    vars['ALLOW_HTTP_REDIRECT'] = 'false';
+    vars['OPEN_REGISTRATION'] = 'false';
+    // Sharding configuration
+    if (component === 'ar-lib-core' || component === 'ar-auth' || component === 'ar-token') {
+        vars['AUTHRIM_CODE_SHARDS'] = config.sharding.authCodeShards.toString();
+        vars['AUTHRIM_SESSION_SHARDS'] = '32';
+    }
+    // Secrets placeholders (will be set via wrangler secret put)
+    if (component === 'ar-lib-core' || component === 'ar-management') {
+        vars['KEY_MANAGER_SECRET'] = ''; // Set via secret
+        vars['ADMIN_API_SECRET'] = ''; // Set via secret
+    }
+    return vars;
+}
+/**
+ * Generate DO migrations for ar-lib-core
+ */
+function generateDOMigrations() {
+    return [
+        {
+            tag: 'v1',
+            new_sqlite_classes: [
+                'SessionStore',
+                'AuthorizationCodeStore',
+                'RefreshTokenRotator',
+                'KeyManager',
+                'ChallengeStore',
+                'RateLimiterCounter',
+                'PARRequestStore',
+                'DPoPJTIStore',
+            ],
+        },
+        { tag: 'v2' },
+        {
+            tag: 'v3',
+            new_sqlite_classes: ['DeviceCodeStore', 'CIBARequestStore'],
+        },
+        {
+            tag: 'v4',
+            new_sqlite_classes: ['TokenRevocationStore'],
+        },
+        {
+            tag: 'v5',
+            new_sqlite_classes: ['VersionManager'],
+        },
+        {
+            tag: 'v6',
+            new_sqlite_classes: ['SAMLRequestStore'],
+        },
+        {
+            tag: 'v7',
+            new_sqlite_classes: ['PermissionChangeHub'],
+        },
+    ];
+}
+// =============================================================================
+// TOML Serialization
+// =============================================================================
+/**
+ * Convert WranglerConfig to TOML string
+ */
+export function toToml(config) {
+    const lines = [];
+    // Basic fields
+    lines.push(`name = "${config.name}"`);
+    lines.push(`main = "${config.main}"`);
+    lines.push(`compatibility_date = "${config.compatibility_date}"`);
+    lines.push(`compatibility_flags = [${config.compatibility_flags.map((f) => `"${f}"`).join(', ')}]`);
+    lines.push(`workers_dev = ${config.workers_dev}`);
+    lines.push('');
+    // Placement
+    if (config.placement) {
+        lines.push('[placement]');
+        lines.push(`mode = "${config.placement.mode}"`);
+        lines.push('');
+    }
+    // KV Namespaces
+    if (config.kv_namespaces && config.kv_namespaces.length > 0) {
+        lines.push('# KV Namespaces');
+        for (const kv of config.kv_namespaces) {
+            lines.push('[[kv_namespaces]]');
+            lines.push(`binding = "${kv.binding}"`);
+            lines.push(`id = "${kv.id}"`);
+            if (kv.preview_id) {
+                lines.push(`preview_id = "${kv.preview_id}"`);
+            }
+            lines.push('');
+        }
+    }
+    // D1 Databases
+    if (config.d1_databases && config.d1_databases.length > 0) {
+        lines.push('# D1 Databases');
+        for (const db of config.d1_databases) {
+            lines.push('[[d1_databases]]');
+            lines.push(`binding = "${db.binding}"`);
+            lines.push(`database_name = "${db.database_name}"`);
+            lines.push(`database_id = "${db.database_id}"`);
+            lines.push('');
+        }
+    }
+    // R2 Buckets
+    if (config.r2_buckets && config.r2_buckets.length > 0) {
+        lines.push('# R2 Buckets');
+        for (const r2 of config.r2_buckets) {
+            lines.push('[[r2_buckets]]');
+            lines.push(`binding = "${r2.binding}"`);
+            lines.push(`bucket_name = "${r2.bucket_name}"`);
+            lines.push('');
+        }
+    }
+    // Queues
+    if (config.queues?.producers && config.queues.producers.length > 0) {
+        lines.push('# Cloudflare Queues');
+        for (const producer of config.queues.producers) {
+            lines.push('[[queues.producers]]');
+            lines.push(`queue = "${producer.queue}"`);
+            lines.push(`binding = "${producer.binding}"`);
+            lines.push('');
+        }
+    }
+    // Durable Objects
+    if (config.durable_objects?.bindings && config.durable_objects.bindings.length > 0) {
+        lines.push('# Durable Objects Bindings');
+        for (const dob of config.durable_objects.bindings) {
+            lines.push('[[durable_objects.bindings]]');
+            lines.push(`name = "${dob.name}"`);
+            lines.push(`class_name = "${dob.class_name}"`);
+            if (dob.script_name) {
+                lines.push(`script_name = "${dob.script_name}"`);
+            }
+            lines.push('');
+        }
+    }
+    // Migrations
+    if (config.migrations && config.migrations.length > 0) {
+        lines.push('# Durable Objects Migrations');
+        for (const migration of config.migrations) {
+            lines.push('[[migrations]]');
+            lines.push(`tag = "${migration.tag}"`);
+            if (migration.new_sqlite_classes && migration.new_sqlite_classes.length > 0) {
+                lines.push('new_sqlite_classes = [');
+                for (const cls of migration.new_sqlite_classes) {
+                    lines.push(`  "${cls}",`);
+                }
+                lines.push(']');
+            }
+            lines.push('');
+        }
+    }
+    // Environment variables
+    if (Object.keys(config.vars).length > 0) {
+        lines.push('# Environment Variables');
+        lines.push('[vars]');
+        for (const [key, value] of Object.entries(config.vars)) {
+            if (value) {
+                lines.push(`${key} = "${value}"`);
+            }
+        }
+        lines.push('');
+    }
+    // Routes
+    if (config.routes && config.routes.length > 0) {
+        lines.push('# Routes');
+        for (const route of config.routes) {
+            lines.push('[[routes]]');
+            lines.push(`pattern = "${route.pattern}"`);
+            lines.push(`zone_name = "${route.zone_name}"`);
+            lines.push('');
+        }
+    }
+    return lines.join('\n');
+}
+/**
+ * Generate route configurations for custom domains
+ */
+export function generateRoutes(component, domain, zoneName) {
+    const routes = [];
+    switch (component) {
+        case 'ar-auth':
+            routes.push({ pattern: `${domain}/authorize*`, zone_name: zoneName }, { pattern: `${domain}/flow/*`, zone_name: zoneName }, { pattern: `${domain}/par`, zone_name: zoneName }, { pattern: `${domain}/session/check`, zone_name: zoneName }, { pattern: `${domain}/as/*`, zone_name: zoneName }, { pattern: `${domain}/api/auth/*`, zone_name: zoneName }, { pattern: `${domain}/api/sessions/*`, zone_name: zoneName }, { pattern: `${domain}/logout*`, zone_name: zoneName }, { pattern: `${domain}/logged-out`, zone_name: zoneName }, { pattern: `${domain}/auth/consent*`, zone_name: zoneName }, { pattern: `${domain}/_internal/*`, zone_name: zoneName });
+            break;
+        case 'ar-token':
+            routes.push({ pattern: `${domain}/token`, zone_name: zoneName }, { pattern: `${domain}/revoke`, zone_name: zoneName }, { pattern: `${domain}/introspect`, zone_name: zoneName }, { pattern: `${domain}/device*`, zone_name: zoneName });
+            break;
+        case 'ar-userinfo':
+            routes.push({ pattern: `${domain}/userinfo`, zone_name: zoneName });
+            break;
+        case 'ar-discovery':
+            routes.push({ pattern: `${domain}/.well-known/openid-configuration`, zone_name: zoneName }, { pattern: `${domain}/.well-known/jwks.json`, zone_name: zoneName }, { pattern: `${domain}/.well-known/oauth-authorization-server`, zone_name: zoneName });
+            break;
+        case 'ar-management':
+            routes.push({ pattern: `${domain}/api/admin/*`, zone_name: zoneName }, { pattern: `${domain}/register`, zone_name: zoneName });
+            break;
+    }
+    return routes;
+}
+//# sourceMappingURL=wrangler.js.map

package/dist/core/wrangler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrangler.js","sourceRoot":"","sources":["../../src/core/wrangler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EACL,aAAa,EACb,eAAe,EACf,eAAe,EAEf,YAAY,GAGb,MAAM,aAAa,CAAC;AAkCrB,gFAAgF;AAChF,qCAAqC;AACrC,gFAAgF;AAEhF,MAAM,qBAAqB,GAA2C;IACpE,aAAa,EAAE,CAAC,gBAAgB,CAAC;IACjC,cAAc,EAAE,CAAC,gBAAgB,CAAC;IAClC,SAAS,EAAE,CAAC,eAAe,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,gBAAgB,CAAC;IACzF,UAAU,EAAE,CAAC,eAAe,EAAE,UAAU,EAAE,gBAAgB,CAAC;IAC3D,aAAa,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC;IAC7C,eAAe,EAAE;QACf,eAAe;QACf,UAAU;QACV,YAAY;QACZ,uBAAuB;QACvB,gBAAgB;KACjB;IACD,WAAW,EAAE,CAAC,gBAAgB,CAAC;IAC/B,UAAU,EAAE,CAAC,gBAAgB,CAAC;IAC9B,WAAW,EAAE,CAAC,aAAa,EAAE,gBAAgB,CAAC;IAC9C,SAAS,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACzC,WAAW,EAAE,CAAC,UAAU,EAAE,gBAAgB,CAAC;IAC3C,OAAO,EAAE,CAAC,gBAAgB,CAAC;CAC5B,CAAC;AAEF,gFAAgF;AAChF,qCAAqC;AACrC,gFAAgF;AAEhF,MAAM,qBAAqB,GAAsC;IAC/D,aAAa,EAAE,EAAE,EAAE,0CAA0C;IAC7D,cAAc,EAAE,CAAC,aAAa,CAAC;IAC/B,SAAS,EAAE;QACT,aAAa;QACb,eAAe;QACf,iBAAiB;QACjB,iBAAiB;QACjB,cAAc;QACd,mBAAmB;QACnB,iBAAiB;KAClB;IACD,UAAU,EAAE;QACV,aAAa;QACb,iBAAiB;QACjB,uBAAuB;QACvB,gBAAgB;QAChB,mBAAmB;QACnB,oBAAoB;QACpB,wBAAwB;KACzB;IACD,aAAa,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC;IAC/C,eAAe,EAAE,CAAC,aAAa,EAAE,iBAAiB,EAAE,cAAc,CAAC;IACnE,WAAW,EAAE,CAAC,iBAAiB,CAAC;IAChC,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,CAAC,uBAAuB,CAAC;IACtC,SAAS,EAAE,CAAC,aAAa,EAAE,oBAAoB,EAAE,eAAe,CAAC;IACjE,WAAW,EAAE,CAAC,eAAe,CAAC;IAC9B,OAAO,EAAE,CAAC,aAAa,CAAC;CACzB,CAAC;AAEF,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF,MAAM,sBAAsB,GAAoC;IAC9D,aAAa,EAAE,8BAA8B;IAC7C,cAAc,EAAE,cAAc;IAC9B,SAAS,EAAE,cAAc;IACzB,UAAU,EAAE,cAAc;IAC1B,aAAa,EAAE,cAAc;IAC7B,eAAe,EAAE,cAAc;IAC/B,WAAW,EAAE,cAAc;IAC3B,UAAU,EAAE,cAAc;IAC1B,WAAW,EAAE,cAAc;IAC3B,SAAS,EAAE,cAAc;IACzB,WAAW,EAAE,cAAc;IAC3B,OAAO,EAAE,cAAc;CACxB,CAAC;AAEF,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,SAA0B,EAC1B,MAAqB,EACrB,WAAwB;IAExB,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC;IACtC,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAEjD,qBAAqB;IACrB,MAAM,cAAc,GAAmB;QACrC,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,sBAAsB,CAAC,SAAS,CAAC;QACvC,kBAAkB,EAAE,YAAY;QAChC,mBAAmB,EAAE,CAAC,eAAe,CAAC;QACtC,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,yCAAyC;QACjF,IAAI,EAAE,eAAe,CAAC,SAAS,EAAE,MAAM,CAAC;KACzC,CAAC;IAEF,0DAA0D;IAC1D,cAAc,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IAE3C,gBAAgB;IAChB,MAAM,UAAU,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,cAAc,CAAC,aAAa,GAAG,UAAU;aACtC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;aAC5C,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACjB,OAAO;YACP,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,EAAE;SAC/B,CAAC,CAAC,CAAC;IACR,CAAC;IAED,2CAA2C;IAC3C,IAAI,SAAS,KAAK,WAAW,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC1D,cAAc,CAAC,YAAY,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YACtD,OAAO,EAAE,EAAE,CAAC,OAAO;YACnB,aAAa,EAAE,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,IAAI,EAAE;YACrD,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE;SAClD,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC;IAED,kBAAkB;IAClB,IAAI,SAAS,KAAK,aAAa,EAAE,CAAC;QAChC,8BAA8B;QAC9B,cAAc,CAAC,eAAe,GAAG;YAC/B,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACtC,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,UAAU,EAAE,GAAG,CAAC,SAAS;aAC1B,CAAC,CAAC;SACJ,CAAC;QAEF,6BAA6B;QAC7B,cAAc,CAAC,UAAU,GAAG,oBAAoB,EAAE,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,kDAAkD;QAClD,MAAM,UAAU,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACxC,cAAc,CAAC,eAAe,GAAG;gBAC/B,QAAQ,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;oBAClC,MAAM,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;oBAC7D,OAAO;wBACL,IAAI,EAAE,MAAM;wBACZ,UAAU,EAAE,KAAK,EAAE,SAAS,IAAI,MAAM;wBACtC,WAAW,EAAE,UAAU;qBACxB,CAAC;gBACJ,CAAC,CAAC;aACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,IAAI,WAAW,CAAC,EAAE,EAAE,CAAC;QAClD,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;YAC7D,cAAc,CAAC,UAAU,GAAG;gBAC1B;oBACE,OAAO,EAAE,SAAS;oBAClB,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,IAAI,IAAI,GAAG,GAAG,kBAAkB;iBACzE;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACzD,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;YACxD,cAAc,CAAC,MAAM,GAAG;gBACtB,SAAS,EAAE;oBACT;wBACE,KAAK,EAAE,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,IAAI,IAAI,GAAG,GAAG,cAAc;wBACtE,OAAO,EAAE,aAAa;qBACvB;iBACF;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CACtB,SAA0B,EAC1B,MAAqB;IAErB,MAAM,IAAI,GAA2B,EAAE,CAAC;IAExC,mBAAmB;IACnB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC;IAC3E,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,SAAS,CAAC;IAEtF,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,UAAU,IAAI,SAAS,KAAK,cAAc,EAAE,CAAC;QACxF,IAAI,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC;IACjC,CAAC;IAED,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;QACvB,IAAI,CAAC,kBAAkB,CAAC,GAAG,OAAO,CAAC;IACrC,CAAC;IAED,gBAAgB;IAChB,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QACxD,IAAI,CAAC,cAAc,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QAC7D,IAAI,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QACzD,IAAI,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC;QAC7B,IAAI,CAAC,sBAAsB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;IACxE,CAAC;IAED,oBAAoB;IACpB,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;IACrC,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC,qBAAqB,CAAC,GAAG,OAAO,CAAC;IACtC,IAAI,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC;IAEpC,yBAAyB;IACzB,IAAI,SAAS,KAAK,aAAa,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QACvF,IAAI,CAAC,qBAAqB,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;QACxE,IAAI,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC;IACxC,CAAC;IAED,6DAA6D;IAC7D,IAAI,SAAS,KAAK,aAAa,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;QACjE,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC,iBAAiB;QAClD,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,CAAC,iBAAiB;IAClD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO;QACL;YACE,GAAG,EAAE,IAAI;YACT,kBAAkB,EAAE;gBAClB,cAAc;gBACd,wBAAwB;gBACxB,qBAAqB;gBACrB,YAAY;gBACZ,gBAAgB;gBAChB,oBAAoB;gBACpB,iBAAiB;gBACjB,cAAc;aACf;SACF;QACD,EAAE,GAAG,EAAE,IAAI,EAAE;QACb;YACE,GAAG,EAAE,IAAI;YACT,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;SAC5D;QACD;YACE,GAAG,EAAE,IAAI;YACT,kBAAkB,EAAE,CAAC,sBAAsB,CAAC;SAC7C;QACD;YACE,GAAG,EAAE,IAAI;YACT,kBAAkB,EAAE,CAAC,gBAAgB,CAAC;SACvC;QACD;YACE,GAAG,EAAE,IAAI;YACT,kBAAkB,EAAE,CAAC,kBAAkB,CAAC;SACzC;QACD;YACE,GAAG,EAAE,IAAI;YACT,kBAAkB,EAAE,CAAC,qBAAqB,CAAC;SAC5C;KACF,CAAC;AACJ,CAAC;AAED,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,MAAM,CAAC,MAAsB;IAC3C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,eAAe;IACf,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;IACtC,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;IACtC,KAAK,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,kBAAkB,GAAG,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CACR,0BAA0B,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CACxF,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,YAAY;IACZ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,gBAAgB;IAChB,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC9B,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,OAAO,GAAG,CAAC,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;YAC9B,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC;gBAClB,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC;YAChD,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,eAAe;IACf,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC7B,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,OAAO,GAAG,CAAC,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC,aAAa,GAAG,CAAC,CAAC;YACpD,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC,WAAW,GAAG,CAAC,CAAC;YAChD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,aAAa;IACb,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC3B,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,OAAO,GAAG,CAAC,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC,WAAW,GAAG,CAAC,CAAC;YAChD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,SAAS;IACT,IAAI,MAAM,CAAC,MAAM,EAAE,SAAS,IAAI,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnE,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAClC,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,OAAO,GAAG,CAAC,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,eAAe,EAAE,QAAQ,IAAI,MAAM,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnF,KAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACzC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;YAClD,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAC3C,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,iBAAiB,GAAG,CAAC,UAAU,GAAG,CAAC,CAAC;YAC/C,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC;YACnD,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,aAAa;IACb,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC1C,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,UAAU,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC;YACvC,IAAI,SAAS,CAAC,kBAAkB,IAAI,SAAS,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5E,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;gBACrC,KAAK,MAAM,GAAG,IAAI,SAAS,CAAC,kBAAkB,EAAE,CAAC;oBAC/C,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;gBAC5B,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClB,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,CAAC,IAAI,CAAC,GAAG,GAAG,OAAO,KAAK,GAAG,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,SAAS;IACT,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,cAAc,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;YAC3C,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,SAA0B,EAC1B,MAAc,EACd,QAAgB;IAEhB,MAAM,MAAM,GAAkD,EAAE,CAAC;IAEjE,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,SAAS;YACZ,MAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,EACxD,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,EACpD,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EACjD,EAAE,OAAO,EAAE,GAAG,MAAM,gBAAgB,EAAE,SAAS,EAAE,QAAQ,EAAE,EAC3D,EAAE,OAAO,EAAE,GAAG,MAAM,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAClD,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,EACxD,EAAE,OAAO,EAAE,GAAG,MAAM,iBAAiB,EAAE,SAAS,EAAE,QAAQ,EAAE,EAC5D,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,EACrD,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,EACxD,EAAE,OAAO,EAAE,GAAG,MAAM,gBAAgB,EAAE,SAAS,EAAE,QAAQ,EAAE,EAC3D,EAAE,OAAO,EAAE,GAAG,MAAM,cAAc,EAAE,SAAS,EAAE,QAAQ,EAAE,CAC1D,CAAC;YACF,MAAM;QACR,KAAK,UAAU;YACb,MAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,EACnD,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,EACpD,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,EACxD,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,CACtD,CAAC;YACF,MAAM;QACR,KAAK,aAAa;YAChB,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,GAAG,MAAM,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;YACpE,MAAM;QACR,KAAK,cAAc;YACjB,MAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,GAAG,MAAM,mCAAmC,EAAE,SAAS,EAAE,QAAQ,EAAE,EAC9E,EAAE,OAAO,EAAE,GAAG,MAAM,wBAAwB,EAAE,SAAS,EAAE,QAAQ,EAAE,EACnE,EAAE,OAAO,EAAE,GAAG,MAAM,yCAAyC,EAAE,SAAS,EAAE,QAAQ,EAAE,CACrF,CAAC;YACF,MAAM;QACR,KAAK,eAAe;YAClB,MAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,GAAG,MAAM,cAAc,EAAE,SAAS,EAAE,QAAQ,EAAE,EACzD,EAAE,OAAO,EAAE,GAAG,MAAM,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,CACvD,CAAC;YACF,MAAM;IACV,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * @authrim/setup - CLI tool for setting up Authrim OIDC Provider
+ *
+ * Usage:
+ *   npx @authrim/setup           # Start Web UI (default)
+ *   npx @authrim/setup --cli     # Start CLI mode
+ *   npx @authrim/setup --config ./authrim-config.json  # Load existing config
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG"}

package/dist/index.js

@@ -0,0 +1,117 @@
+#!/usr/bin/env node
+/**
+ * @authrim/setup - CLI tool for setting up Authrim OIDC Provider
+ *
+ * Usage:
+ *   npx @authrim/setup           # Start Web UI (default)
+ *   npx @authrim/setup --cli     # Start CLI mode
+ *   npx @authrim/setup --config ./authrim-config.json  # Load existing config
+ */
+import { Command } from 'commander';
+import { initCommand } from './cli/commands/init.js';
+import { deployCommand, statusCommand } from './cli/commands/deploy.js';
+import { configCommand } from './cli/commands/config.js';
+const program = new Command();
+program
+    .name('authrim-setup')
+    .description('CLI tool for setting up Authrim OIDC Provider on Cloudflare Workers')
+    .version('0.1.0');
+program
+    .command('init', { isDefault: true })
+    .description('Initialize a new Authrim setup')
+    .option('--cli', 'Use CLI mode instead of Web UI')
+    .option('--config <path>', 'Load existing configuration file')
+    .option('--keep <path>', 'Keep source files at specified path')
+    .option('--env <name>', 'Environment name (prod, staging, dev)', 'prod')
+    .action(initCommand);
+program
+    .command('deploy')
+    .description('Deploy Authrim to Cloudflare')
+    .option('--env <name>', 'Environment name')
+    .option('--config <path>', 'Configuration file path', 'authrim-config.json')
+    .option('--component <name>', 'Deploy a single component')
+    .option('--dry-run', 'Show what would be deployed without actually deploying')
+    .option('--skip-secrets', 'Skip uploading secrets')
+    .option('--skip-ui', 'Skip UI deployment to Cloudflare Pages')
+    .option('-y, --yes', 'Skip confirmation prompts')
+    .action(deployCommand);
+program
+    .command('status')
+    .description('Show deployment status')
+    .option('--config <path>', 'Configuration file path', 'authrim-config.json')
+    .action(statusCommand);
+program
+    .command('secrets')
+    .description('Upload secrets to Cloudflare')
+    .option('--env <name>', 'Environment name')
+    .option('--config <path>', 'Configuration file path', 'authrim-config.json')
+    .option('--keys-dir <path>', 'Keys directory', '.keys')
+    .action(async (options) => {
+    const { deployCommand: deploy } = await import('./cli/commands/deploy.js');
+    await deploy({ ...options, skipUi: true });
+});
+program
+    .command('config')
+    .description('Manage Authrim configuration')
+    .option('--show', 'Show current configuration')
+    .option('--validate', 'Validate configuration file')
+    .option('--json', 'Output in JSON format for scripting')
+    .option('--config <path>', 'Configuration file path', 'authrim-config.json')
+    .action(configCommand);
+program
+    .command('download')
+    .description('Download Authrim source code')
+    .option('-o, --output <path>', 'Output directory', './authrim')
+    .option('--repo <repository>', 'GitHub repository', 'sgrastar/authrim')
+    .option('--ref <gitRef>', 'Git tag or branch (default: latest release)')
+    .option('--force', 'Overwrite existing directory')
+    .action(async (options) => {
+    const chalk = await import('chalk').then((m) => m.default);
+    const ora = await import('ora').then((m) => m.default);
+    const { downloadSource, verifySourceStructure } = await import('./core/source.js');
+    console.log(chalk.bold('\n📦 Authrim Source Download\n'));
+    const spinner = ora('Downloading source...').start();
+    try {
+        const result = await downloadSource({
+            targetDir: options.output,
+            repository: options.repo,
+            gitRef: options.ref,
+            force: options.force,
+            onProgress: (msg) => {
+                spinner.text = msg;
+            },
+        });
+        spinner.succeed('Source downloaded successfully');
+        console.log(chalk.bold('\nSource Information:'));
+        console.log(`  Repository: ${chalk.cyan(result.repository)}`);
+        console.log(`  Ref:        ${chalk.cyan(result.gitRef)}`);
+        if (result.commitHash) {
+            console.log(`  Commit:     ${chalk.gray(result.commitHash.slice(0, 8))}`);
+        }
+        console.log(`  Method:     ${chalk.gray(result.method)}`);
+        console.log(`  Location:   ${chalk.cyan(options.output)}`);
+        // Verify structure
+        const verification = await verifySourceStructure(options.output);
+        if (!verification.valid) {
+            console.log(chalk.yellow('\n⚠️  Source verification warnings:'));
+            for (const error of verification.errors) {
+                console.log(chalk.yellow(`  • ${error}`));
+            }
+        }
+        else {
+            console.log(chalk.green('\n✓ Source structure verified'));
+        }
+        console.log(chalk.bold('\nNext steps:'));
+        console.log(`  cd ${options.output}`);
+        console.log('  pnpm install');
+        console.log('  pnpm setup');
+        console.log('');
+    }
+    catch (error) {
+        spinner.fail('Download failed');
+        console.error(chalk.red(`\nError: ${error}`));
+        process.exitCode = 1;
+    }
+});
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,eAAe,CAAC;KACrB,WAAW,CAAC,qEAAqE,CAAC;KAClF,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;KACpC,WAAW,CAAC,gCAAgC,CAAC;KAC7C,MAAM,CAAC,OAAO,EAAE,gCAAgC,CAAC;KACjD,MAAM,CAAC,iBAAiB,EAAE,kCAAkC,CAAC;KAC7D,MAAM,CAAC,eAAe,EAAE,qCAAqC,CAAC;KAC9D,MAAM,CAAC,cAAc,EAAE,uCAAuC,EAAE,MAAM,CAAC;KACvE,MAAM,CAAC,WAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC;KAC1C,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,EAAE,qBAAqB,CAAC;KAC3E,MAAM,CAAC,oBAAoB,EAAE,2BAA2B,CAAC;KACzD,MAAM,CAAC,WAAW,EAAE,wDAAwD,CAAC;KAC7E,MAAM,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;KAClD,MAAM,CAAC,WAAW,EAAE,wCAAwC,CAAC;KAC7D,MAAM,CAAC,WAAW,EAAE,2BAA2B,CAAC;KAChD,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,EAAE,qBAAqB,CAAC;KAC3E,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC;KAC1C,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,EAAE,qBAAqB,CAAC;KAC3E,MAAM,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,OAAO,CAAC;KACtD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAC3E,MAAM,MAAM,CAAC,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,QAAQ,EAAE,4BAA4B,CAAC;KAC9C,MAAM,CAAC,YAAY,EAAE,6BAA6B,CAAC;KACnD,MAAM,CAAC,QAAQ,EAAE,qCAAqC,CAAC;KACvD,MAAM,CAAC,iBAAiB,EAAE,yBAAyB,EAAE,qBAAqB,CAAC;KAC3E,MAAM,CAAC,aAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,qBAAqB,EAAE,kBAAkB,EAAE,WAAW,CAAC;KAC9D,MAAM,CAAC,qBAAqB,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;KACtE,MAAM,CAAC,gBAAgB,EAAE,6CAA6C,CAAC;KACvE,MAAM,CAAC,SAAS,EAAE,8BAA8B,CAAC;KACjD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACvD,MAAM,EAAE,cAAc,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAEnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAE1D,MAAM,OAAO,GAAG,GAAG,CAAC,uBAAuB,CAAC,CAAC,KAAK,EAAE,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC;YAClC,SAAS,EAAE,OAAO,CAAC,MAAM;YACzB,UAAU,EAAE,OAAO,CAAC,IAAI;YACxB,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClB,OAAO,CAAC,IAAI,GAAG,GAAG,CAAC;YACrB,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC;QAElD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5E,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAE3D,mBAAmB;QACnB,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjE,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC;YACjE,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,MAAM,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,KAAK,EAAE,CAAC,CAAC,CAAC;QAC9C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/web/api.d.ts

@@ -0,0 +1,21 @@
+/**
+ * API Routes for Authrim Setup Web UI
+ *
+ * Provides REST API endpoints for the setup wizard.
+ *
+ * Security Notes:
+ * - This API is designed to be accessed from localhost only
+ * - A session token is generated on server start to prevent unauthorized access
+ * - Operations are serialized to prevent race conditions
+ */
+import { Hono } from 'hono';
+/**
+ * Generate a new session token
+ */
+export declare function generateSessionToken(): string;
+/**
+ * Get current session token (for embedding in HTML)
+ */
+export declare function getSessionToken(): string;
+export declare function createApiRoutes(): Hono;
+//# sourceMappingURL=api.d.ts.map

package/dist/web/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../src/web/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAgC5B;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAG7C;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAExC;AA0ED,wBAAgB,eAAe,IAAI,IAAI,CA+XtC"}