npm - @authrim/setup - Versions diffs - 0.1.47 → 0.1.51 - Mend

@authrim/setup 0.1.47 → 0.1.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +4 -0
package/dist/cli/commands/init.d.ts.map +1 -1
package/dist/cli/commands/init.js +280 -8
package/dist/cli/commands/init.js.map +1 -1
package/dist/core/cloudflare.d.ts +16 -4
package/dist/core/cloudflare.d.ts.map +1 -1
package/dist/core/cloudflare.js +45 -4
package/dist/core/cloudflare.js.map +1 -1
package/dist/core/config.d.ts +225 -0
package/dist/core/config.d.ts.map +1 -1
package/dist/core/config.js +42 -0
package/dist/core/config.js.map +1 -1
package/dist/index.js +1 -1
package/dist/web/api.d.ts.map +1 -1
package/dist/web/api.js +101 -4
package/dist/web/api.js.map +1 -1
package/dist/web/ui.d.ts.map +1 -1
package/dist/web/ui.js +605 -29
package/dist/web/ui.js.map +1 -1
package/package.json +1 -1

package/dist/web/ui.js CHANGED Viewed

@@ -746,6 +746,94 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       color: var(--text-muted);
       font-size: 0.8rem;
     }
+    /* Database configuration styles */
+    .database-config-grid {
+      display: grid;
+      grid-template-columns: 1fr 1fr;
+      gap: 1.5rem;
+      margin-bottom: 1.5rem;
+    }
+    .database-card {
+      background: var(--bg);
+      border: 1px solid var(--border);
+      border-radius: 0.5rem;
+      padding: 1.25rem;
+    }
+    .database-card h3 {
+      margin: 0 0 1rem 0;
+      font-size: 1.1rem;
+    }
+    .db-description {
+      font-size: 0.875rem;
+      color: var(--text-muted);
+      margin-bottom: 1rem;
+    }
+    .db-description p {
+      margin: 0 0 0.5rem 0;
+    }
+    .db-description ul {
+      margin: 0.5rem 0;
+      padding-left: 1.25rem;
+    }
+    .db-description li {
+      margin-bottom: 0.25rem;
+    }
+    .db-hint {
+      font-style: italic;
+      margin-top: 0.75rem;
+      padding: 0.5rem;
+      background: #f0f9ff;
+      border-radius: 4px;
+    }
+    .region-selection h4 {
+      margin: 0 0 0.75rem 0;
+      font-size: 0.95rem;
+      font-weight: 600;
+    }
+    .radio-group {
+      display: flex;
+      flex-direction: column;
+      gap: 0.5rem;
+    }
+    .radio-item {
+      display: flex;
+      align-items: center;
+      gap: 0.5rem;
+      cursor: pointer;
+      padding: 0.25rem 0;
+    }
+    .radio-item input[type="radio"] {
+      margin: 0;
+      width: 16px;
+      height: 16px;
+    }
+    .radio-separator {
+      font-size: 0.75rem;
+      color: var(--text-muted);
+      margin: 0.5rem 0 0.25rem 0;
+      font-weight: 500;
+      text-transform: uppercase;
+      letter-spacing: 0.05em;
+    }
+    @media (max-width: 768px) {
+      .database-config-grid {
+        grid-template-columns: 1fr;
+      }
+    }
   </style>
 </head>
 <body>
@@ -755,6 +843,15 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       <p class="subtitle">OIDC Provider on Cloudflare Workers</p>
     </header>
+    <!-- Development Warning Banner -->
+    <div style="background: #fef3c7; border: 2px solid #f59e0b; border-radius: 0.5rem; padding: 1rem; margin-bottom: 1.5rem; text-align: center;">
+      <strong style="color: #92400e;">⚠️ WARNING: Under Development!</strong>
+      <p style="color: #78350f; margin: 0.5rem 0 0 0; font-size: 0.875rem;">
+        This project is still under active development and does not work correctly yet.<br>
+        Admin UI is incomplete and does not support login functionality.
+      </p>
+    </div>
     <div class="step-indicator" id="step-indicator">
       <div class="step step-active" id="step-1">1</div>
       <div class="step-connector"></div>
@@ -763,6 +860,14 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       <div class="step step-pending" id="step-3">3</div>
       <div class="step-connector"></div>
       <div class="step step-pending" id="step-4">4</div>
+      <div class="step-connector"></div>
+      <div class="step step-pending" id="step-5">5</div>
+      <div class="step-connector"></div>
+      <div class="step step-pending" id="step-6">6</div>
+      <div class="step-connector"></div>
+      <div class="step step-pending" id="step-7">7</div>
+      <div class="step-connector"></div>
+      <div class="step step-pending" id="step-8">8</div>
     </div>
     <!-- Step 1: Prerequisites -->
@@ -1026,7 +1131,206 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       </div>
     </div>
-    <!-- Step 3: Provisioning -->
+    <!-- Step 3: Database Configuration -->
+    <div id="section-database" class="card hidden">
+      <h2 class="card-title">🗄️ Database Configuration</h2>
+      <div class="warning-box" style="background: #fef3c7; border-left: 4px solid #f59e0b; padding: 0.75rem 1rem; margin-bottom: 1.5rem; border-radius: 0.375rem;">
+        ⚠️ Database region cannot be changed after creation.
+      </div>
+      <div class="database-config-grid">
+        <!-- Core Database -->
+        <div class="database-card">
+          <h3>🗄️ Core Database</h3>
+          <div class="db-description">
+            <p>Stores application data including:</p>
+            <ul>
+              <li>OAuth clients and their configurations</li>
+              <li>Authorization codes and access tokens</li>
+              <li>User sessions and login state</li>
+              <li>Tenant settings and configurations</li>
+              <li>Audit logs and security events</li>
+            </ul>
+            <p class="db-hint">This database handles all authentication flows and should be placed close to your primary user base.</p>
+          </div>
+          <div class="region-selection">
+            <h4>Region</h4>
+            <div class="radio-group">
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="auto" checked>
+                <span>Automatic (nearest to you)</span>
+              </label>
+              <div class="radio-separator">Location Hints</div>
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="wnam">
+                <span>North America (West)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="enam">
+                <span>North America (East)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="weur">
+                <span>Europe (West)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="eeur">
+                <span>Europe (East)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="apac">
+                <span>Asia Pacific</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="oc">
+                <span>Oceania</span>
+              </label>
+              <div class="radio-separator">Jurisdiction (Compliance)</div>
+              <label class="radio-item">
+                <input type="radio" name="db-core-location" value="eu">
+                <span>EU Jurisdiction (GDPR compliance)</span>
+              </label>
+            </div>
+          </div>
+        </div>
+        <!-- PII Database -->
+        <div class="database-card">
+          <h3>🔒 PII Database</h3>
+          <div class="db-description">
+            <p>Stores personal user data including:</p>
+            <ul>
+              <li>User profiles (name, email, phone)</li>
+              <li>Passkey/WebAuthn credentials</li>
+              <li>User preferences and settings</li>
+              <li>Any custom user attributes</li>
+            </ul>
+            <p class="db-hint">This database contains personal data. Consider placing it in a region that complies with your data protection requirements.</p>
+          </div>
+          <div class="region-selection">
+            <h4>Region</h4>
+            <div class="radio-group">
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="auto" checked>
+                <span>Automatic (nearest to you)</span>
+              </label>
+              <div class="radio-separator">Location Hints</div>
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="wnam">
+                <span>North America (West)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="enam">
+                <span>North America (East)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="weur">
+                <span>Europe (West)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="eeur">
+                <span>Europe (East)</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="apac">
+                <span>Asia Pacific</span>
+              </label>
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="oc">
+                <span>Oceania</span>
+              </label>
+              <div class="radio-separator">Jurisdiction (Compliance)</div>
+              <label class="radio-item">
+                <input type="radio" name="db-pii-location" value="eu">
+                <span>EU Jurisdiction (GDPR compliance)</span>
+              </label>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div class="button-group">
+        <button class="btn-secondary" id="btn-back-database">Back</button>
+        <button class="btn-primary" id="btn-continue-database">Continue</button>
+      </div>
+    </div>
+    <!-- Step 4: Email Provider Configuration -->
+    <div id="section-email" class="card hidden">
+      <h2 class="card-title">📧 Email Provider</h2>
+      <p style="margin-bottom: 1rem; color: var(--text-muted);">
+        Configure email sending for magic links and verification codes.
+        You can configure this later if you prefer.
+      </p>
+      <div class="radio-group" style="margin-bottom: 1.5rem;">
+        <label class="radio-item" style="padding: 0.75rem; border: 1px solid var(--border); border-radius: 8px;">
+          <input type="radio" name="email-setup-choice" value="later" checked>
+          <span style="display: flex; flex-direction: column; gap: 0.25rem;">
+            <strong>Configure later</strong>
+            <small style="color: var(--text-muted);">Skip for now. Magic links will return URLs instead of sending emails.</small>
+          </span>
+        </label>
+        <label class="radio-item" style="padding: 0.75rem; border: 1px solid var(--border); border-radius: 8px; margin-top: 0.5rem;">
+          <input type="radio" name="email-setup-choice" value="configure">
+          <span style="display: flex; flex-direction: column; gap: 0.25rem;">
+            <strong>Configure Resend</strong>
+            <small style="color: var(--text-muted);">Set up email sending with Resend (recommended for production).</small>
+          </span>
+        </label>
+      </div>
+      <!-- Resend Configuration Form (hidden by default) -->
+      <div id="resend-config-form" class="hidden" style="background: var(--bg); border: 1px solid var(--border); border-radius: 8px; padding: 1.25rem;">
+        <h3 style="margin: 0 0 1rem 0; font-size: 1rem;">🔑 Resend Configuration</h3>
+        <div class="alert alert-info" style="margin-bottom: 1rem;">
+          <strong>📋 Before you begin:</strong>
+          <ol style="margin: 0.5rem 0 0 1rem; padding: 0;">
+            <li>Create a Resend account at <a href="https://resend.com" target="_blank" style="color: var(--primary);">resend.com</a></li>
+            <li>Add and verify your domain at <a href="https://resend.com/domains" target="_blank" style="color: var(--primary);">Domains Dashboard</a></li>
+            <li>Create an API key at <a href="https://resend.com/api-keys" target="_blank" style="color: var(--primary);">API Keys</a></li>
+          </ol>
+        </div>
+        <div class="form-group">
+          <label for="resend-api-key">Resend API Key</label>
+          <input type="password" id="resend-api-key" placeholder="re_xxxxxxxxxx" autocomplete="off">
+          <small style="color: var(--text-muted);">Your API key starts with "re_"</small>
+        </div>
+        <div class="form-group">
+          <label for="email-from-address">From Email Address</label>
+          <input type="email" id="email-from-address" placeholder="noreply@yourdomain.com" autocomplete="off">
+          <small style="color: var(--text-muted);">Must be from a verified domain in your Resend account</small>
+        </div>
+        <div class="form-group">
+          <label for="email-from-name">From Display Name (optional)</label>
+          <input type="text" id="email-from-name" placeholder="Authrim" autocomplete="off">
+          <small style="color: var(--text-muted);">Displayed as the sender name in email clients</small>
+        </div>
+        <div class="alert alert-warning" style="margin-top: 1rem;">
+          <strong>⚠️ Domain Verification Required</strong>
+          <p style="margin: 0.25rem 0 0 0; font-size: 0.875rem;">
+            Before your domain is verified, emails can only be sent from <code>onboarding@resend.dev</code> (for testing).
+            <a href="https://resend.com/docs/dashboard/domains/introduction" target="_blank" style="color: var(--primary);">Learn more about domain verification →</a>
+          </p>
+        </div>
+      </div>
+      <div class="button-group">
+        <button class="btn-secondary" id="btn-back-email">Back</button>
+        <button class="btn-primary" id="btn-continue-email">Continue</button>
+      </div>
+    </div>
+    <!-- Step 5: Provisioning -->
     <div id="section-provision" class="card hidden">
       <h2 class="card-title">
         Resource Provisioning
@@ -1298,6 +1602,10 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       2: document.getElementById('step-2'),
       3: document.getElementById('step-3'),
       4: document.getElementById('step-4'),
+      5: document.getElementById('step-5'),
+      6: document.getElementById('step-6'),
+      7: document.getElementById('step-7'),
+      8: document.getElementById('step-8'),
     };
     const sections = {
@@ -1306,6 +1614,8 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       mode: document.getElementById('section-mode'),
       loadConfig: document.getElementById('section-load-config'),
       config: document.getElementById('section-config'),
+      database: document.getElementById('section-database'),
+      email: document.getElementById('section-email'),
       provision: document.getElementById('section-provision'),
       deploy: document.getElementById('section-deploy'),
       complete: document.getElementById('section-complete'),
@@ -1337,7 +1647,7 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
     // Step navigation
     function setStep(step) {
       currentStep = step;
-      for (let i = 1; i <= 4; i++) {
+      for (let i = 1; i <= 7; i++) {
         const el = steps[i];
         el.className = 'step ' + (i < step ? 'step-complete' : i === step ? 'step-active' : 'step-pending');
       }
@@ -1568,28 +1878,80 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
     document.getElementById('btn-load-config').addEventListener('click', async () => {
       if (!loadedConfig) return;
-      // Use loaded config
+      // Support both new format (v1.0.0) and old format (v0.1.x)
+      const isNewFormat = loadedConfig.version === '1.0.0' || loadedConfig.environment?.prefix;
+      // Extract values (with fallback for old format)
+      const env = isNewFormat
+        ? loadedConfig.environment?.prefix
+        : loadedConfig.env || 'prod';
+      const apiDomain = isNewFormat
+        ? loadedConfig.urls?.api?.custom
+        : loadedConfig.apiDomain;
+      const loginUiDomain = isNewFormat
+        ? loadedConfig.urls?.loginUi?.custom
+        : loadedConfig.loginUiDomain;
+      const adminUiDomain = isNewFormat
+        ? loadedConfig.urls?.adminUi?.custom
+        : loadedConfig.adminUiDomain;
+      const tenant = loadedConfig.tenant || {
+        name: 'default',
+        displayName: 'Default Tenant',
+        multiTenant: false,
+      };
+      const components = loadedConfig.components || {
+        api: true,
+        loginUi: true,
+        adminUi: true,
+        saml: false,
+        async: false,
+        vc: false,
+        bridge: true,
+        policy: true,
+      };
+      // Build internal config
       config = {
-        env: loadedConfig.environment?.prefix || 'prod',
-        apiDomain: loadedConfig.urls?.api?.custom || null,
-        loginUiDomain: loadedConfig.urls?.loginUi?.custom || null,
-        adminUiDomain: loadedConfig.urls?.adminUi?.custom || null,
-        components: loadedConfig.components || {
-          api: true,
-          loginUi: true,
-          adminUi: true,
-          saml: false,
-          async: false,
-          vc: false,
-        },
+        env,
+        apiDomain: apiDomain || null,
+        loginUiDomain: loginUiDomain || null,
+        adminUiDomain: adminUiDomain || null,
+        tenant,
+        components,
       };
       // Set form values
       document.getElementById('env').value = config.env;
-      document.getElementById('api-domain').value = config.apiDomain || '';
+      document.getElementById('base-domain').value = config.tenant?.baseDomain || config.apiDomain || '';
       document.getElementById('login-domain').value = config.loginUiDomain || '';
       document.getElementById('admin-domain').value = config.adminUiDomain || '';
-      // Trigger env input to update default labels
+      document.getElementById('tenant-name').value = config.tenant?.name || 'default';
+      document.getElementById('tenant-display').value = config.tenant?.displayName || 'Default Tenant';
+      document.getElementById('naked-domain').checked = config.tenant?.nakedDomain || false;
+      // Set component checkboxes
+      if (document.getElementById('comp-login-ui')) {
+        document.getElementById('comp-login-ui').checked = components.loginUi !== false;
+      }
+      if (document.getElementById('comp-admin-ui')) {
+        document.getElementById('comp-admin-ui').checked = components.adminUi !== false;
+      }
+      if (document.getElementById('comp-saml')) {
+        document.getElementById('comp-saml').checked = components.saml === true;
+      }
+      if (document.getElementById('comp-async')) {
+        document.getElementById('comp-async').checked = components.async === true;
+      }
+      if (document.getElementById('comp-vc')) {
+        document.getElementById('comp-vc').checked = components.vc === true;
+      }
+      // Trigger env input to update preview/default labels
       document.getElementById('env').dispatchEvent(new Event('input'));
       // Skip to provisioning if resources already exist
@@ -1864,15 +2226,145 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       updateResourcePreview(env);
       updateProvisionButtons();
-      setStep(3);
-      showSection('provision');
+      // Go to database configuration step
+      setStep(4);
+      showSection('database');
     });
     document.getElementById('btn-back-config').addEventListener('click', () => {
-      setStep(2);
+      // Go back to email configuration (previous step in the flow)
+      setStep(5);
+      showSection('email');
+    });
+    // Database configuration handlers
+    document.getElementById('btn-back-database').addEventListener('click', () => {
+      setStep(3);
       showSection('config');
     });
+    document.getElementById('btn-continue-database').addEventListener('click', () => {
+      // Get selected values
+      const coreLocation = document.querySelector('input[name="db-core-location"]:checked').value;
+      const piiLocation = document.querySelector('input[name="db-pii-location"]:checked').value;
+      // Parse location vs jurisdiction
+      function parseDbLocation(value) {
+        if (value === 'eu') {
+          return { location: 'auto', jurisdiction: 'eu' };
+        }
+        return { location: value, jurisdiction: 'none' };
+      }
+      // Add database config to config object
+      config.database = {
+        core: parseDbLocation(coreLocation),
+        pii: parseDbLocation(piiLocation),
+      };
+      // Proceed to email configuration
+      setStep(5);
+      showSection('email');
+    });
+    // Email configuration handlers
+    // Toggle resend config form visibility
+    document.querySelectorAll('input[name="email-setup-choice"]').forEach(radio => {
+      radio.addEventListener('change', () => {
+        const resendForm = document.getElementById('resend-config-form');
+        const choice = document.querySelector('input[name="email-setup-choice"]:checked').value;
+        if (choice === 'configure') {
+          resendForm.classList.remove('hidden');
+        } else {
+          resendForm.classList.add('hidden');
+        }
+      });
+    });
+    document.getElementById('btn-back-email').addEventListener('click', () => {
+      setStep(4);
+      showSection('database');
+    });
+    document.getElementById('btn-continue-email').addEventListener('click', async () => {
+      const choice = document.querySelector('input[name="email-setup-choice"]:checked').value;
+      const btn = document.getElementById('btn-continue-email');
+      if (choice === 'configure') {
+        // Validate and store email configuration
+        const apiKey = document.getElementById('resend-api-key').value.trim();
+        const fromAddress = document.getElementById('email-from-address').value.trim();
+        const fromName = document.getElementById('email-from-name').value.trim();
+        // Validate API key format
+        if (!apiKey) {
+          alert('Please enter your Resend API key');
+          return;
+        }
+        if (!apiKey.startsWith('re_')) {
+          if (!confirm('API key does not start with "re_". This may not be a valid Resend API key. Continue anyway?')) {
+            return;
+          }
+        }
+        // Validate email address
+        if (!fromAddress) {
+          alert('Please enter a From email address');
+          return;
+        }
+        if (!fromAddress.includes('@')) {
+          alert('Please enter a valid email address');
+          return;
+        }
+        // Save email configuration to server
+        btn.disabled = true;
+        btn.textContent = 'Saving...';
+        try {
+          const result = await api('/email/configure', {
+            method: 'POST',
+            body: {
+              env: config.env,
+              provider: 'resend',
+              apiKey: apiKey,
+              fromAddress: fromAddress,
+              fromName: fromName || undefined,
+            },
+          });
+          if (!result.success) {
+            throw new Error(result.error || 'Failed to save email configuration');
+          }
+          // Store email configuration (without apiKey for config file)
+          config.email = {
+            provider: 'resend',
+            fromAddress: fromAddress,
+            fromName: fromName || undefined,
+            configured: true,
+          };
+        } catch (error) {
+          alert('Failed to save email configuration: ' + error.message);
+          btn.disabled = false;
+          btn.textContent = 'Continue';
+          return;
+        }
+        btn.disabled = false;
+        btn.textContent = 'Continue';
+      } else {
+        // Configure later - no email provider
+        config.email = {
+          provider: 'none',
+        };
+      }
+      // Proceed to provision
+      setStep(6);
+      showSection('provision');
+    });
     // Provision
     document.getElementById('btn-provision').addEventListener('click', async () => {
       const btn = document.getElementById('btn-provision');
@@ -1944,7 +2436,7 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
         const result = await api('/provision', {
           method: 'POST',
-          body: { env: config.env },
+          body: { env: config.env, databaseConfig: config.database },
         });
         // Stop polling
@@ -1990,12 +2482,12 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
     // Continue to Deploy button
     document.getElementById('btn-goto-deploy').addEventListener('click', () => {
-      setStep(4);
+      setStep(7);
       showSection('deploy');
     });
     document.getElementById('btn-back-provision').addEventListener('click', () => {
-      setStep(3);
+      setStep(6);
       // Update buttons based on provisioning status
       updateProvisionButtons();
       // Show resource preview if not completed
@@ -2077,7 +2569,12 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
             // Workers.dev - no tenant prefix (wildcard subdomains not supported)
             apiUrl = 'https://' + workersDomain;
           }
+          // Login UI URL for setup page (setup page is in Login UI, not API)
+          const pagesDomain = config.env + '-ar-ui.pages.dev';
+          const loginUiUrl = config.loginUiDomain ? 'https://' + config.loginUiDomain : 'https://' + pagesDomain;
           output.textContent += '  API URL: ' + apiUrl + '\\n';
+          output.textContent += '  Login UI URL: ' + loginUiUrl + '\\n';
           output.textContent += '  Keys Dir: .keys/' + config.env + '\\n';
           scrollToBottom(log);
@@ -2087,7 +2584,7 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
               method: 'POST',
               body: {
                 env: config.env,
-                baseUrl: apiUrl,
+                baseUrl: loginUiUrl,  // Setup page is in Login UI
                 keysDir: '.keys',
               },
             });
@@ -2197,6 +2694,7 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
         urlsEl.appendChild(debugDiv);
       }
+      setStep(8);
       showSection('complete');
     }
@@ -2279,19 +2777,97 @@ export function getHtmlTemplate(sessionToken, manageOnly) {
       }
     }
-    // Save configuration to file
+    // Save configuration to file (AuthrimConfigSchema format)
     function saveConfigToFile() {
-      if (!config) {
+      if (!config || !config.env) {
         alert('No configuration to save');
         return;
       }
+      const now = new Date().toISOString();
+      const env = config.env;
+      // Calculate auto-generated URLs
+      const workersDomain = env + '-ar-router.workers.dev';
+      const pagesDomain = env + '-ar-ui.pages.dev';
+      // Build issuer URL based on tenant settings
+      let issuerAutoUrl = 'https://' + workersDomain;
+      if (config.tenant && config.tenant.baseDomain) {
+        if (config.tenant.nakedDomain) {
+          issuerAutoUrl = 'https://' + config.tenant.baseDomain;
+        } else {
+          const tenantName = config.tenant.name || 'default';
+          issuerAutoUrl = 'https://' + tenantName + '.' + config.tenant.baseDomain;
+        }
+      }
+      // Build config in AuthrimConfigSchema format
       const configToSave = {
-        ...config,
-        savedAt: new Date().toISOString(),
-        version: '0.1.36',
+        version: '1.0.0',
+        createdAt: now,
+        updatedAt: now,
+        environment: {
+          prefix: env,
+        },
+        urls: {
+          api: {
+            custom: config.apiDomain || null,
+            auto: config.apiDomain ? issuerAutoUrl : 'https://' + workersDomain,
+          },
+          loginUi: {
+            custom: config.loginUiDomain || null,
+            auto: 'https://' + pagesDomain,
+          },
+          adminUi: {
+            custom: config.adminUiDomain || null,
+            auto: 'https://' + pagesDomain + '/admin',
+          },
+        },
+        tenant: {
+          name: config.tenant?.name || 'default',
+          displayName: config.tenant?.displayName || 'Default Tenant',
+          multiTenant: config.tenant?.multiTenant || false,
+          baseDomain: config.tenant?.baseDomain || undefined,
+        },
+        components: config.components || {
+          api: true,
+          loginUi: true,
+          adminUi: true,
+          saml: false,
+          async: false,
+          vc: false,
+          bridge: true,
+          policy: true,
+        },
+        keys: {
+          secretsPath: './.keys/',
+        },
+        database: config.database || {
+          core: { location: 'auto', jurisdiction: 'none' },
+          pii: { location: 'auto', jurisdiction: 'none' },
+        },
+        features: {
+          email: {
+            provider: config.email?.provider || 'none',
+            fromAddress: config.email?.fromAddress || undefined,
+            fromName: config.email?.fromName || undefined,
+            configured: config.email?.provider === 'resend' && config.email?.apiKey ? true : false,
+          },
+        },
       };
+      // Remove undefined values for cleaner output
+      if (!configToSave.tenant.baseDomain) {
+        delete configToSave.tenant.baseDomain;
+      }
+      if (!configToSave.features.email.fromAddress) {
+        delete configToSave.features.email.fromAddress;
+      }
+      if (!configToSave.features.email.fromName) {
+        delete configToSave.features.email.fromName;
+      }
       const blob = new Blob([JSON.stringify(configToSave, null, 2)], { type: 'application/json' });
       const url = URL.createObjectURL(blob);
       const a = document.createElement('a');