npm - @chimerai/cli - Versions diffs - 0.2.95 → 0.2.96 - Mend

@chimerai/cli 0.2.95 → 0.2.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/commands/create.d.ts.map +1 -1
package/dist/commands/create.js +952 -952
package/dist/templates/provider-routes.d.ts.map +1 -1
package/dist/templates/provider-routes.js +6 -0
package/package.json +1 -1

package/dist/commands/create.js CHANGED Viewed

@@ -478,322 +478,322 @@ async function createTsConfig(targetDir) {
 }
 async function createPrismaSchema(targetDir, features, sqlite) {
     const dbProvider = sqlite ? 'sqlite' : 'postgresql';
-    let schemaContent = `generator client {
-  provider = "prisma-client-js"
-}
-datasource db {
-  provider = "${dbProvider}"
-  url      = env("DATABASE_URL")
-}
+    let schemaContent = `generator client {
+  provider = "prisma-client-js"
+}
+datasource db {
+  provider = "${dbProvider}"
+  url      = env("DATABASE_URL")
+}
 `;
     // Add User model if auth is included
     if (features.includes('auth')) {
-        schemaContent += `model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime?
-  image         String?
-  password      String?
-  createdAt     DateTime  @default(now())
-  updatedAt     DateTime  @updatedAt
-  accounts      Account[]
-  sessions      Session[]
+        schemaContent += `model User {
+  id            String    @id @default(cuid())
+  name          String?
+  email         String?   @unique
+  emailVerified DateTime?
+  image         String?
+  password      String?
+  createdAt     DateTime  @default(now())
+  updatedAt     DateTime  @updatedAt
+  accounts      Account[]
+  sessions      Session[]
 `;
         if (features.includes('rbac')) {
-            schemaContent += `  roles         UserRole[]
+            schemaContent += `  roles         UserRole[]
 `;
         }
         // Provider relations (ALWAYS included)
-        schemaContent += `  providers     Provider[]  @relation("CreatedProviders")
-  apiUsage      ApiUsage[]
-  apiKeys       ApiKey[]
+        schemaContent += `  providers     Provider[]  @relation("CreatedProviders")
+  apiUsage      ApiUsage[]
+  apiKeys       ApiKey[]
 `;
         if (features.includes('rbac')) {
-            schemaContent += `  modelAccess   ModelAccess[]
-  auditLogs     AuditLog[]
+            schemaContent += `  modelAccess   ModelAccess[]
+  auditLogs     AuditLog[]
 `;
         }
         if (features.includes('ai-chat')) {
-            schemaContent += `  conversations Conversation[]
+            schemaContent += `  conversations Conversation[]
 `;
         }
-        schemaContent += `}
-model Account {
-  id                String  @id @default(cuid())
-  userId            String
-  type              String
-  provider          String
-  providerAccountId String
-  refresh_token     String? @db.Text
-  access_token      String? @db.Text
-  expires_at        Int?
-  token_type        String?
-  scope             String?
-  id_token          String? @db.Text
-  session_state     String?
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-  @@unique([provider, providerAccountId])
-}
-model Session {
-  id           String   @id @default(cuid())
-  sessionToken String   @unique
-  userId       String
-  expires      DateTime
-  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
-}
-model VerificationToken {
-  identifier String
-  token      String   @unique
-  expires    DateTime
-  @@unique([identifier, token])
-}
-model ApiKey {
-  id          String    @id @default(cuid())
-  name        String
-  keyHash     String    @unique
-  userId      String
-  scopes      String[]  @default([])
-  revoked     Boolean   @default(false)
-  lastUsedAt  DateTime?
-  expiresAt   DateTime?
-  createdAt   DateTime  @default(now())
-  updatedAt   DateTime  @updatedAt
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-  @@index([userId])
-}
+        schemaContent += `}
+model Account {
+  id                String  @id @default(cuid())
+  userId            String
+  type              String
+  provider          String
+  providerAccountId String
+  refresh_token     String? @db.Text
+  access_token      String? @db.Text
+  expires_at        Int?
+  token_type        String?
+  scope             String?
+  id_token          String? @db.Text
+  session_state     String?
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+  @@unique([provider, providerAccountId])
+}
+model Session {
+  id           String   @id @default(cuid())
+  sessionToken String   @unique
+  userId       String
+  expires      DateTime
+  user         User     @relation(fields: [userId], references: [id], onDelete: Cascade)
+}
+model VerificationToken {
+  identifier String
+  token      String   @unique
+  expires    DateTime
+  @@unique([identifier, token])
+}
+model ApiKey {
+  id          String    @id @default(cuid())
+  name        String
+  keyHash     String    @unique
+  userId      String
+  scopes      String[]  @default([])
+  revoked     Boolean   @default(false)
+  lastUsedAt  DateTime?
+  expiresAt   DateTime?
+  createdAt   DateTime  @default(now())
+  updatedAt   DateTime  @updatedAt
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+  @@index([userId])
+}
 `;
     }
     // Add RBAC models
     if (features.includes('rbac')) {
-        schemaContent += `model Role {
-  id          String     @id @default(cuid())
-  name        String     @unique
-  description String?
-  permissions String[]
-  createdAt   DateTime   @default(now())
-  updatedAt   DateTime   @updatedAt
-  users       UserRole[]
-}
-model UserRole {
-  userId String
-  roleId String
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-  role Role @relation(fields: [roleId], references: [id], onDelete: Cascade)
-  @@id([userId, roleId])
-}
+        schemaContent += `model Role {
+  id          String     @id @default(cuid())
+  name        String     @unique
+  description String?
+  permissions String[]
+  createdAt   DateTime   @default(now())
+  updatedAt   DateTime   @updatedAt
+  users       UserRole[]
+}
+model UserRole {
+  userId String
+  roleId String
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+  role Role @relation(fields: [roleId], references: [id], onDelete: Cascade)
+  @@id([userId, roleId])
+}
 `;
     }
     // ── PROVIDER MODELS (ALWAYS included — core infrastructure) ──────────
-    schemaContent += `// === Provider Management (Core Infrastructure) ===
-model Provider {
-  id          String   @id @default(cuid())
-  name        String
-  type        String   // "openai", "anthropic", "ollama", "google", "custom"
-  description String?
-  baseUrl     String?
-  apiKey      String?  @db.Text  // AES-256-GCM encrypted, null for keyless providers (e.g. Ollama)
-  config      Json     @default("{}")
-  status      String   @default("active")
-  isDefault   Boolean  @default(false)
-  priority    Int      @default(0)
-  tags        String[]
-  createdAt   DateTime @default(now())
-  updatedAt   DateTime @updatedAt
-  createdBy   String?
-  models        Model[]
-  health        ProviderHealth?
-  apiUsage      ApiUsage[]
-${features.includes('ai-chat') ? '  conversations Conversation[]\n' : ''}${features.includes('auth') ? '  creator       User?    @relation("CreatedProviders", fields: [createdBy], references: [id])\n' : ''}
-  @@index([type])
-  @@index([status])
-}
-model Model {
-  id              String   @id @default(cuid())
-  providerId      String
-  modelId         String   // e.g. "gpt-4", "claude-3-sonnet"
-  name            String
-  description     String?
-  capabilities    String[] // ["chat", "embedding", "image", "vision"]
-  contextWindow   Int      @default(4096)
-  maxOutputTokens Int?
-  inputCost       Float    @default(0)  // $ per 1M tokens
-  outputCost      Float    @default(0)
-  isAvailable     Boolean  @default(true)
-  isDeprecated    Boolean  @default(false)
-  provider Provider @relation(fields: [providerId], references: [id], onDelete: Cascade)
-  @@unique([providerId, modelId])
-  @@index([providerId])
-}
-model ProviderHealth {
-  id                  String   @id @default(cuid())
-  providerId          String   @unique
-  status              String   @default("unknown") // "healthy", "degraded", "unhealthy"
-  responseTime        Int?     // ms
-  lastCheck           DateTime @default(now())
-  errorMessage        String?
-  modelsAvailable     Int      @default(0)
-  chatAvailable       Boolean  @default(false)
-  embeddingAvailable  Boolean  @default(false)
-  apiKeyValid         Boolean  @default(false)
-  provider Provider @relation(fields: [providerId], references: [id], onDelete: Cascade)
-}
-model ApiUsage {
-  id               String   @id @default(cuid())
-  userId           String
-  providerId       String?
-  model            String
-  endpoint         String
-  promptTokens     Int      @default(0)
-  completionTokens Int      @default(0)
-  totalTokens      Int      @default(0)
-  tokensUsed       Int      @default(0)
-  creditsUsed      Int      @default(0)
-  cost             Float    @default(0)
-  success          Boolean  @default(true)
-  errorMessage     String?
-  responseTime     Int      @default(0) // ms
-  createdAt        DateTime @default(now())
-${features.includes('auth') ? '  user     User      @relation(fields: [userId], references: [id], onDelete: Cascade)\n' : ''}  provider Provider? @relation(fields: [providerId], references: [id], onDelete: SetNull)
-  @@index([userId])
-  @@index([providerId])
-  @@index([createdAt])
-}
+    schemaContent += `// === Provider Management (Core Infrastructure) ===
+model Provider {
+  id          String   @id @default(cuid())
+  name        String
+  type        String   // "openai", "anthropic", "ollama", "google", "custom"
+  description String?
+  baseUrl     String?
+  apiKey      String?  @db.Text  // AES-256-GCM encrypted, null for keyless providers (e.g. Ollama)
+  config      Json     @default("{}")
+  status      String   @default("active")
+  isDefault   Boolean  @default(false)
+  priority    Int      @default(0)
+  tags        String[]
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  createdBy   String?
+  models        Model[]
+  health        ProviderHealth?
+  apiUsage      ApiUsage[]
+${features.includes('ai-chat') ? '  conversations Conversation[]\n' : ''}${features.includes('auth') ? '  creator       User?    @relation("CreatedProviders", fields: [createdBy], references: [id])\n' : ''}
+  @@index([type])
+  @@index([status])
+}
+model Model {
+  id              String   @id @default(cuid())
+  providerId      String
+  modelId         String   // e.g. "gpt-4", "claude-3-sonnet"
+  name            String
+  description     String?
+  capabilities    String[] // ["chat", "embedding", "image", "vision"]
+  contextWindow   Int      @default(4096)
+  maxOutputTokens Int?
+  inputCost       Float    @default(0)  // $ per 1M tokens
+  outputCost      Float    @default(0)
+  isAvailable     Boolean  @default(true)
+  isDeprecated    Boolean  @default(false)
+  provider Provider @relation(fields: [providerId], references: [id], onDelete: Cascade)
+  @@unique([providerId, modelId])
+  @@index([providerId])
+}
+model ProviderHealth {
+  id                  String   @id @default(cuid())
+  providerId          String   @unique
+  status              String   @default("unknown") // "healthy", "degraded", "unhealthy"
+  responseTime        Int?     // ms
+  lastCheck           DateTime @default(now())
+  errorMessage        String?
+  modelsAvailable     Int      @default(0)
+  chatAvailable       Boolean  @default(false)
+  embeddingAvailable  Boolean  @default(false)
+  apiKeyValid         Boolean  @default(false)
+  provider Provider @relation(fields: [providerId], references: [id], onDelete: Cascade)
+}
+model ApiUsage {
+  id               String   @id @default(cuid())
+  userId           String
+  providerId       String?
+  model            String
+  endpoint         String
+  promptTokens     Int      @default(0)
+  completionTokens Int      @default(0)
+  totalTokens      Int      @default(0)
+  tokensUsed       Int      @default(0)
+  creditsUsed      Int      @default(0)
+  cost             Float    @default(0)
+  success          Boolean  @default(true)
+  errorMessage     String?
+  responseTime     Int      @default(0) // ms
+  createdAt        DateTime @default(now())
+${features.includes('auth') ? '  user     User      @relation(fields: [userId], references: [id], onDelete: Cascade)\n' : ''}  provider Provider? @relation(fields: [providerId], references: [id], onDelete: SetNull)
+  @@index([userId])
+  @@index([providerId])
+  @@index([createdAt])
+}
 `;
     // Add ModelAccess when auth + rbac are enabled (for requireModelPermission)
     if (features.includes('auth') && features.includes('rbac')) {
-        schemaContent += `model ModelAccess {
-  id        String   @id @default(cuid())
-  userId    String
-  modelId   String
-  granted   Boolean  @default(true)
-  createdAt DateTime @default(now())
-  updatedAt DateTime @updatedAt
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-  @@unique([userId, modelId])
-  @@index([userId])
-  @@index([modelId])
-}
-model AuditLog {
-  id         String   @id @default(cuid())
-  action     String
-  userId     String
-  targetType String?
-  targetId   String?
-  metadata   Json?
-  ipAddress  String?
-  createdAt  DateTime @default(now())
-  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
-  @@index([userId])
-  @@index([action])
-  @@index([createdAt])
-}
+        schemaContent += `model ModelAccess {
+  id        String   @id @default(cuid())
+  userId    String
+  modelId   String
+  granted   Boolean  @default(true)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+  @@unique([userId, modelId])
+  @@index([userId])
+  @@index([modelId])
+}
+model AuditLog {
+  id         String   @id @default(cuid())
+  action     String
+  userId     String
+  targetType String?
+  targetId   String?
+  metadata   Json?
+  ipAddress  String?
+  createdAt  DateTime @default(now())
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+  @@index([userId])
+  @@index([action])
+  @@index([createdAt])
+}
 `;
     }
     // Add Prompt Templates
     if (features.includes('prompt-management')) {
-        schemaContent += `model PromptTemplate {
-  id          String   @id @default(cuid())
-  name        String   @unique
-  category    String
-  description String?
-  content     String   @db.Text
-  variables   String[]
-  language    String   @default("en")
-  version     Int      @default(1)
-  isActive    Boolean  @default(true)
-  isDefault   Boolean  @default(false)
-  tags        String[]
-  metadata    Json?
-  createdBy   String?
-  createdAt   DateTime @default(now())
-  updatedAt   DateTime @updatedAt
-  @@index([category])
-  @@index([isActive])
-  @@index([isDefault])
-}
+        schemaContent += `model PromptTemplate {
+  id          String   @id @default(cuid())
+  name        String   @unique
+  category    String
+  description String?
+  content     String   @db.Text
+  variables   String[]
+  language    String   @default("en")
+  version     Int      @default(1)
+  isActive    Boolean  @default(true)
+  isDefault   Boolean  @default(false)
+  tags        String[]
+  metadata    Json?
+  createdBy   String?
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+  @@index([category])
+  @@index([isActive])
+  @@index([isDefault])
+}
 `;
     }
     // Add Conversation & Message models for chat feature
     if (features.includes('ai-chat')) {
-        schemaContent += `model Conversation {
-  id         String    @id @default(cuid())
-  userId     String
-  title      String    @default("New Chat")
-  model      String?
-  providerId String?
-  metadata   Json?
-  archived   Boolean   @default(false)
-  createdAt  DateTime  @default(now())
-  updatedAt  DateTime  @updatedAt
-${features.includes('auth') ? '  user     User      @relation(fields: [userId], references: [id], onDelete: Cascade)\n' : ''}  provider Provider? @relation(fields: [providerId], references: [id], onDelete: SetNull)
-  messages Message[]
-  @@index([userId])
-  @@index([archived])
-  @@index([providerId])
-}
-model Message {
-  id             String       @id @default(cuid())
-  conversationId String
-  role           String
-  content        String       @db.Text
-  model          String?
-  tokens         Int?
-  createdAt      DateTime     @default(now())
-  conversation   Conversation @relation(fields: [conversationId], references: [id], onDelete: Cascade)
-  @@index([conversationId])
-}
+        schemaContent += `model Conversation {
+  id         String    @id @default(cuid())
+  userId     String
+  title      String    @default("New Chat")
+  model      String?
+  providerId String?
+  metadata   Json?
+  archived   Boolean   @default(false)
+  createdAt  DateTime  @default(now())
+  updatedAt  DateTime  @updatedAt
+${features.includes('auth') ? '  user     User      @relation(fields: [userId], references: [id], onDelete: Cascade)\n' : ''}  provider Provider? @relation(fields: [providerId], references: [id], onDelete: SetNull)
+  messages Message[]
+  @@index([userId])
+  @@index([archived])
+  @@index([providerId])
+}
+model Message {
+  id             String       @id @default(cuid())
+  conversationId String
+  role           String
+  content        String       @db.Text
+  model          String?
+  tokens         Int?
+  createdAt      DateTime     @default(now())
+  conversation   Conversation @relation(fields: [conversationId], references: [id], onDelete: Cascade)
+  @@index([conversationId])
+}
 `;
     }
     // SystemSetting is always included (used by admin settings + app-settings API)
-    schemaContent += `model SystemSetting {
-  key       String   @id
-  value     String   @db.Text
-  updatedAt DateTime @updatedAt
-}
+    schemaContent += `model SystemSetting {
+  key       String   @id
+  value     String   @db.Text
+  updatedAt DateTime @updatedAt
+}
 `;
     await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'prisma/schema.prisma'), schemaContent);
     // Apply SQLite compatibility transform if needed
@@ -849,55 +849,55 @@ async function createEnvFiles(targetDir, features, sqlite) {
     // Generate a random NextAuth secret (32 bytes hex = 64 chars)
     const nextAuthSecret = Array.from({ length: 64 }, () => '0123456789abcdef'.charAt(Math.floor(Math.random() * 16))).join('');
     const dbUrl = sqlite ? 'file:./dev.db' : 'postgresql://postgres:postgres@localhost:5432/myapp_db';
-    let envContent = `# Database${sqlite ? ' (SQLite — no Docker needed)' : ''}
-DATABASE_URL=${dbUrl}
+    let envContent = `# Database${sqlite ? ' (SQLite — no Docker needed)' : ''}
+DATABASE_URL=${dbUrl}
 `;
     if (features.includes('auth')) {
-        envContent += `# Authentication
-NEXTAUTH_SECRET=${nextAuthSecret}
-NEXTAUTH_URL=http://localhost:3000
+        envContent += `# Authentication
+NEXTAUTH_SECRET=${nextAuthSecret}
+NEXTAUTH_URL=http://localhost:3000
 `;
     }
     // ── Provider Infrastructure (ALWAYS included — core) ──────────
-    envContent += `# Provider Encryption (AES-256-GCM for API key storage)
-PROVIDER_ENCRYPTION_KEY=${encryptionKey}
-# Internal API Token (AI-Service ↔ Frontend communication)
-INTERNAL_API_TOKEN=${internalToken}
-# AI Service URL
-AI_SERVICE_URL=http://localhost:8002
-# AI Providers (Optional — can also be added via Provider Management UI)
-OPENAI_API_KEY=
-ANTHROPIC_API_KEY=
-AZURE_OPENAI_API_KEY=
-AZURE_OPENAI_ENDPOINT=
+    envContent += `# Provider Encryption (AES-256-GCM for API key storage)
+PROVIDER_ENCRYPTION_KEY=${encryptionKey}
+# Internal API Token (AI-Service ↔ Frontend communication)
+INTERNAL_API_TOKEN=${internalToken}
+# AI Service URL
+AI_SERVICE_URL=http://localhost:8002
+# AI Providers (Optional — can also be added via Provider Management UI)
+OPENAI_API_KEY=
+ANTHROPIC_API_KEY=
+AZURE_OPENAI_API_KEY=
+AZURE_OPENAI_ENDPOINT=
 `;
     if (features.includes('billing')) {
-        envContent += `# Stripe
-STRIPE_PUBLISHABLE_KEY=
-STRIPE_SECRET_KEY=
-STRIPE_WEBHOOK_SECRET=
+        envContent += `# Stripe
+STRIPE_PUBLISHABLE_KEY=
+STRIPE_SECRET_KEY=
+STRIPE_WEBHOOK_SECRET=
 `;
     }
     // Widget / External Integration
-    envContent += `# CORS / Widget Configuration (External Chat Embedding)
-# Comma-separated list of allowed origins for cross-origin requests (e.g. Blazor, Vue, React embeds)
-# Use * to allow all origins (development only!)
-# Example: CORS_ALLOWED_ORIGINS=https://my-blog.com,https://my-shop.com
-CORS_ALLOWED_ORIGINS=
-# Legacy alias (still supported): WIDGET_ALLOWED_ORIGINS
-# Upstash Redis (optional — for rate-limiting in serverless/multi-instance)
-# Without this, rate-limiting uses in-memory fallback (fine for single-instance)
-# UPSTASH_REDIS_REST_URL=
-# UPSTASH_REDIS_REST_TOKEN=
+    envContent += `# CORS / Widget Configuration (External Chat Embedding)
+# Comma-separated list of allowed origins for cross-origin requests (e.g. Blazor, Vue, React embeds)
+# Use * to allow all origins (development only!)
+# Example: CORS_ALLOWED_ORIGINS=https://my-blog.com,https://my-shop.com
+CORS_ALLOWED_ORIGINS=
+# Legacy alias (still supported): WIDGET_ALLOWED_ORIGINS
+# Upstash Redis (optional — for rate-limiting in serverless/multi-instance)
+# Without this, rate-limiting uses in-memory fallback (fine for single-instance)
+# UPSTASH_REDIS_REST_URL=
+# UPSTASH_REDIS_REST_TOKEN=
 `;
     await fs_extra_1.default.writeFile(path_1.default.join(targetDir, '.env'), envContent);
     await fs_extra_1.default.writeFile(path_1.default.join(targetDir, '.env.example'), envContent
@@ -1112,131 +1112,131 @@ async function copyFeatureFiles(targetDir, features) {
         await fs_extra_1.default.ensureDir(path_1.default.join(targetDir, 'app/api/app-settings'));
         await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'app/api/app-settings/route.ts'), appSettingsRoute);
         // ── RBAC Permission utilities (required by admin API routes) ───
-        const permissionsLib = `/**
- * Permission utility functions
- * Handles permission checks and role-based access control
- */
-export const AVAILABLE_PERMISSIONS = [
-  'users:read',
-  'users:write',
-  'users:delete',
-  'roles:read',
-  'roles:write',
-  'roles:delete',
-  'settings:read',
-  'settings:write',
-  'admin:*',
-] as const;
-export type Permission = typeof AVAILABLE_PERMISSIONS[number];
-interface User {
-  id: string;
-  email: string;
-  roles?: Array<{ permissions: string[] }>;
-}
-export function hasPermission(user: User | null, permission: string): boolean {
-  if (!user || !user.roles) return false;
-  const allPermissions = user.roles.flatMap(role => role.permissions || []);
-  // Tier 1: Super-Wildcard — '*' matcht ALLES
-  if (allPermissions.includes('*')) return true;
-  // Tier 2: Kategorie-Wildcard — 'admin:*' matcht 'admin:users:read', 'admin:roles:write', etc.
-  for (const perm of allPermissions) {
-    if (perm.endsWith(':*')) {
-      const prefix = perm.slice(0, -1); // 'admin:*' → 'admin:'
-      if (permission.startsWith(prefix)) return true;
-    }
-  }
-  // Tier 3: Exakter Match
-  return allPermissions.includes(permission);
-}
-export function hasAnyPermission(user: User | null, permissions: string[]): boolean {
-  if (!user) return false;
-  return permissions.some(permission => hasPermission(user, permission));
-}
-export function hasAllPermissions(user: User | null, permissions: string[]): boolean {
-  if (!user) return false;
-  return permissions.every(permission => hasPermission(user, permission));
-}
-export function getUserPermissions(user: User | null): string[] {
-  if (!user || !user.roles) return [];
-  return [...new Set(user.roles.flatMap(role => role.permissions || []))];
-}
-export function isValidPermission(permission: string): boolean {
-  return AVAILABLE_PERMISSIONS.includes(permission as Permission);
-}
+        const permissionsLib = `/**
+ * Permission utility functions
+ * Handles permission checks and role-based access control
+ */
+export const AVAILABLE_PERMISSIONS = [
+  'users:read',
+  'users:write',
+  'users:delete',
+  'roles:read',
+  'roles:write',
+  'roles:delete',
+  'settings:read',
+  'settings:write',
+  'admin:*',
+] as const;
+export type Permission = typeof AVAILABLE_PERMISSIONS[number];
+interface User {
+  id: string;
+  email: string;
+  roles?: Array<{ permissions: string[] }>;
+}
+export function hasPermission(user: User | null, permission: string): boolean {
+  if (!user || !user.roles) return false;
+  const allPermissions = user.roles.flatMap(role => role.permissions || []);
+  // Tier 1: Super-Wildcard — '*' matcht ALLES
+  if (allPermissions.includes('*')) return true;
+  // Tier 2: Kategorie-Wildcard — 'admin:*' matcht 'admin:users:read', 'admin:roles:write', etc.
+  for (const perm of allPermissions) {
+    if (perm.endsWith(':*')) {
+      const prefix = perm.slice(0, -1); // 'admin:*' → 'admin:'
+      if (permission.startsWith(prefix)) return true;
+    }
+  }
+  // Tier 3: Exakter Match
+  return allPermissions.includes(permission);
+}
+export function hasAnyPermission(user: User | null, permissions: string[]): boolean {
+  if (!user) return false;
+  return permissions.some(permission => hasPermission(user, permission));
+}
+export function hasAllPermissions(user: User | null, permissions: string[]): boolean {
+  if (!user) return false;
+  return permissions.every(permission => hasPermission(user, permission));
+}
+export function getUserPermissions(user: User | null): string[] {
+  if (!user || !user.roles) return [];
+  return [...new Set(user.roles.flatMap(role => role.permissions || []))];
+}
+export function isValidPermission(permission: string): boolean {
+  return AVAILABLE_PERMISSIONS.includes(permission as Permission);
+}
 `;
         await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'lib/permissions.ts'), permissionsLib);
-        const requirePermissionLib = `import { getServerSession } from 'next-auth';
-import { NextResponse } from 'next/server';
-import { authOptions } from '@/lib/auth';
-import { hasPermission } from '@/lib/permissions';
-/**
- * Server-side permission check for API routes
- * Returns NextResponse with 401/403 if check fails, null if OK
- */
-export async function requirePermission(permission: string) {
-  const session = await getServerSession(authOptions);
-  if (!session || !session.user) {
-    return NextResponse.json(
-      { error: 'Unauthorized - Please sign in' },
-      { status: 401 }
-    );
-  }
-  const user = await getServerSessionWithPermissions();
-  if (!user || !hasPermission(user as any, permission)) {
-    return NextResponse.json(
-      { error: \`Forbidden - Required permission: \${permission}\` },
-      { status: 403 }
-    );
-  }
-  return null;
-}
-async function getServerSessionWithPermissions() {
-  const session = await getServerSession(authOptions);
-  if (!session?.user?.email) return null;
-  const { prisma } = await import('@/lib/prisma');
-  const user = await prisma.user.findUnique({
-    where: { email: session.user.email },
-    include: {
-      roles: {
-        select: {
-          role: {
-            select: {
-              id: true,
-              name: true,
-              permissions: true
-            }
-          }
-        }
-      }
-    }
-  });
-  if (!user) return null;
-  // Flatten UserRole[] → { permissions: string[] }[]
-  return {
-    ...user,
-    roles: (user.roles as any[]).map((ur: any) => ur.role),
-  };
-}
+        const requirePermissionLib = `import { getServerSession } from 'next-auth';
+import { NextResponse } from 'next/server';
+import { authOptions } from '@/lib/auth';
+import { hasPermission } from '@/lib/permissions';
+/**
+ * Server-side permission check for API routes
+ * Returns NextResponse with 401/403 if check fails, null if OK
+ */
+export async function requirePermission(permission: string) {
+  const session = await getServerSession(authOptions);
+  if (!session || !session.user) {
+    return NextResponse.json(
+      { error: 'Unauthorized - Please sign in' },
+      { status: 401 }
+    );
+  }
+  const user = await getServerSessionWithPermissions();
+  if (!user || !hasPermission(user as any, permission)) {
+    return NextResponse.json(
+      { error: \`Forbidden - Required permission: \${permission}\` },
+      { status: 403 }
+    );
+  }
+  return null;
+}
+async function getServerSessionWithPermissions() {
+  const session = await getServerSession(authOptions);
+  if (!session?.user?.email) return null;
+  const { prisma } = await import('@/lib/prisma');
+  const user = await prisma.user.findUnique({
+    where: { email: session.user.email },
+    include: {
+      roles: {
+        select: {
+          role: {
+            select: {
+              id: true,
+              name: true,
+              permissions: true
+            }
+          }
+        }
+      }
+    }
+  });
+  if (!user) return null;
+  // Flatten UserRole[] → { permissions: string[] }[]
+  return {
+    ...user,
+    roles: (user.roles as any[]).map((ur: any) => ur.role),
+  };
+}
 `;
         await fs_extra_1.default.ensureDir(path_1.default.join(targetDir, 'lib/auth'));
         await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'lib/auth/require-permission.ts'), requirePermissionLib);
@@ -1332,215 +1332,215 @@ async function getServerSessionWithPermissions() {
 async function createSeedScript(targetDir, features, sqlite) {
     // Without auth there are no users/providers to seed — write a minimal placeholder
     if (!features.includes('auth')) {
-        const minimalSeed = `import { PrismaClient } from '@prisma/client';
-const prisma = new PrismaClient();
-async function main() {
-  console.log('🌱 No auth feature selected — nothing to seed yet.');
-  console.log('   Run: chimerai add auth  to add authentication.');
-}
-main().catch(console.error).finally(() => prisma.$disconnect());
+        const minimalSeed = `import { PrismaClient } from '@prisma/client';
+const prisma = new PrismaClient();
+async function main() {
+  console.log('🌱 No auth feature selected — nothing to seed yet.');
+  console.log('   Run: chimerai add auth  to add authentication.');
+}
+main().catch(console.error).finally(() => prisma.$disconnect());
 `;
         await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'prisma/seed.ts'), minimalSeed);
         return;
     }
     // Generate seed script with feature-specific configuration
-    const seedScript = `import { PrismaClient } from '@prisma/client';
-import * as bcrypt from 'bcryptjs';
-import crypto from 'crypto';
-const prisma = new PrismaClient();
-// ── Encryption helpers (same as lib/encryption.ts) ──────────────
-function getKey(): Buffer {
-  const key = process.env.PROVIDER_ENCRYPTION_KEY;
-  if (!key) throw new Error('PROVIDER_ENCRYPTION_KEY required for seeding');
-  if (key.length === 64 && /^[0-9a-fA-F]+$/.test(key)) {
-    return Buffer.from(key, 'hex');
-  }
-  return crypto.createHash('sha256').update(key).digest();
-}
-function encrypt(text: string): string {
-  if (!text) return '';
-  const key = getKey();
-  const iv = crypto.randomBytes(16);
-  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv, { authTagLength: 16 });
-  let encrypted = cipher.update(text, 'utf8', 'base64');
-  encrypted += cipher.final('base64');
-  const authTag = cipher.getAuthTag();
-  return iv.toString('base64') + ':' + authTag.toString('base64') + ':' + encrypted;
-}
-// ────────────────────────────────────────────────────────────────
-async function main() {
-  console.log('🌱 Seeding database...');
-  // Create default admin user (next-auth is always a core dependency)
-  const hashedPassword = await bcrypt.hash('admin123', 10);
-  const admin = await prisma.user.upsert({
-    where: { email: 'admin@example.com' },
-    update: {},
-    create: {
-      email: 'admin@example.com',
-      name: 'Admin User',
-      password: hashedPassword,
-    },
-  });
-  console.log('✅ Admin user created: admin@example.com / admin123');
+    const seedScript = `import { PrismaClient } from '@prisma/client';
+import * as bcrypt from 'bcryptjs';
+import crypto from 'crypto';
+const prisma = new PrismaClient();
+// ── Encryption helpers (same as lib/encryption.ts) ──────────────
+function getKey(): Buffer {
+  const key = process.env.PROVIDER_ENCRYPTION_KEY;
+  if (!key) throw new Error('PROVIDER_ENCRYPTION_KEY required for seeding');
+  if (key.length === 64 && /^[0-9a-fA-F]+$/.test(key)) {
+    return Buffer.from(key, 'hex');
+  }
+  return crypto.createHash('sha256').update(key).digest();
+}
+function encrypt(text: string): string {
+  if (!text) return '';
+  const key = getKey();
+  const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv, { authTagLength: 16 });
+  let encrypted = cipher.update(text, 'utf8', 'base64');
+  encrypted += cipher.final('base64');
+  const authTag = cipher.getAuthTag();
+  return iv.toString('base64') + ':' + authTag.toString('base64') + ':' + encrypted;
+}
+// ────────────────────────────────────────────────────────────────
+async function main() {
+  console.log('🌱 Seeding database...');
+  // Create default admin user (next-auth is always a core dependency)
+  const hashedPassword = await bcrypt.hash('admin123', 10);
+  const admin = await prisma.user.upsert({
+    where: { email: 'admin@example.com' },
+    update: {},
+    create: {
+      email: 'admin@example.com',
+      name: 'Admin User',
+      password: hashedPassword,
+    },
+  });
+  console.log('✅ Admin user created: admin@example.com / admin123');
 ${features.includes('rbac')
-        ? `
+        ? `
 ${sqlite
-            ? `  // Create default roles (SQLite-compatible: individual upserts)
-  for (const role of [
-    { name: 'admin', description: 'Full system access', permissions: JSON.stringify(['*']) },
-    { name: 'user', description: 'Regular user access', permissions: JSON.stringify(['chat:read', 'chat:write', 'profile:read']) },
-    { name: 'viewer', description: 'Read-only access', permissions: JSON.stringify(['chat:read']) },
-  ]) {
-    await prisma.role.upsert({
-      where: { name: role.name },
-      update: {},
-      create: role,
-    });
+            ? `  // Create default roles (SQLite-compatible: individual upserts)
+  for (const role of [
+    { name: 'admin', description: 'Full system access', permissions: JSON.stringify(['*']) },
+    { name: 'user', description: 'Regular user access', permissions: JSON.stringify(['chat:read', 'chat:write', 'profile:read']) },
+    { name: 'viewer', description: 'Read-only access', permissions: JSON.stringify(['chat:read']) },
+  ]) {
+    await prisma.role.upsert({
+      where: { name: role.name },
+      update: {},
+      create: role,
+    });
   }`
-            : `  // Create default roles
-  await prisma.role.createMany({
-    data: [
-      {
-        name: 'admin',
-        description: 'Full system access',
-        permissions: ['*'],
-      },
-      {
-        name: 'user',
-        description: 'Regular user access',
-        permissions: ['chat:read', 'chat:write', 'profile:read'],
-      },
-      {
-        name: 'viewer',
-        description: 'Read-only access',
-        permissions: ['chat:read'],
-      },
-    ],
-    skipDuplicates: true,
-  });`}
-  console.log('✅ Default roles created');
-  // Assign admin role to admin user
-  const adminRole = await prisma.role.findUnique({ where: { name: 'admin' } });
-  if (adminRole) {
-    await prisma.userRole.upsert({
-      where: { userId_roleId: { userId: admin.id, roleId: adminRole.id } },
-      update: {},
-      create: { userId: admin.id, roleId: adminRole.id },
-    });
-    console.log('✅ Admin user assigned admin role');
-  }
+            : `  // Create default roles
+  await prisma.role.createMany({
+    data: [
+      {
+        name: 'admin',
+        description: 'Full system access',
+        permissions: ['*'],
+      },
+      {
+        name: 'user',
+        description: 'Regular user access',
+        permissions: ['chat:read', 'chat:write', 'profile:read'],
+      },
+      {
+        name: 'viewer',
+        description: 'Read-only access',
+        permissions: ['chat:read'],
+      },
+    ],
+    skipDuplicates: true,
+  });`}
+  console.log('✅ Default roles created');
+  // Assign admin role to admin user
+  const adminRole = await prisma.role.findUnique({ where: { name: 'admin' } });
+  if (adminRole) {
+    await prisma.userRole.upsert({
+      where: { userId_roleId: { userId: admin.id, roleId: adminRole.id } },
+      update: {},
+      create: { userId: admin.id, roleId: adminRole.id },
+    });
+    console.log('✅ Admin user assigned admin role');
+  }
 `
-        : ''}
-  // ── Seed Providers (if API keys are in .env) ────────────────────
-  const openaiKey = process.env.OPENAI_API_KEY;
-  const anthropicKey = process.env.ANTHROPIC_API_KEY;
-  if (openaiKey) {
-    const provider = await prisma.provider.upsert({
-      where: { id: 'seed-openai' },
-      update: {},
-      create: {
-        id: 'seed-openai',
-        name: 'OpenAI',
-        type: 'openai',
-        description: 'OpenAI API (seeded from .env)',
-        baseUrl: 'https://api.openai.com/v1',
-        apiKey: encrypt(openaiKey),
-        config: ${sqlite ? `JSON.stringify({ defaultModel: 'gpt-4o-mini' })` : `{ defaultModel: 'gpt-4o-mini' }`},
-        status: 'active',
-        isDefault: true,
-        priority: 0,
-        createdBy: admin.id,
-      },
-    });
-    // Create default OpenAI models
+        : ''}
+  // ── Seed Providers (if API keys are in .env) ────────────────────
+  const openaiKey = process.env.OPENAI_API_KEY;
+  const anthropicKey = process.env.ANTHROPIC_API_KEY;
+  if (openaiKey) {
+    const provider = await prisma.provider.upsert({
+      where: { id: 'seed-openai' },
+      update: {},
+      create: {
+        id: 'seed-openai',
+        name: 'OpenAI',
+        type: 'openai',
+        description: 'OpenAI API (seeded from .env)',
+        baseUrl: 'https://api.openai.com/v1',
+        apiKey: encrypt(openaiKey),
+        config: ${sqlite ? `JSON.stringify({ defaultModel: 'gpt-4o-mini' })` : `{ defaultModel: 'gpt-4o-mini' }`},
+        status: 'active',
+        isDefault: true,
+        priority: 0,
+        createdBy: admin.id,
+      },
+    });
+    // Create default OpenAI models
 ${sqlite
-        ? `    for (const m of [
-      { providerId: provider.id, modelId: 'gpt-4o', name: 'GPT-4o', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 128000, inputCost: 2.5, outputCost: 10 },
-      { providerId: provider.id, modelId: 'gpt-4o-mini', name: 'GPT-4o Mini', capabilities: JSON.stringify(['chat']), contextWindow: 128000, inputCost: 0.15, outputCost: 0.6 },
-      { providerId: provider.id, modelId: 'gpt-4-turbo', name: 'GPT-4 Turbo', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 128000, inputCost: 10, outputCost: 30 },
-      { providerId: provider.id, modelId: 'text-embedding-3-small', name: 'Embedding 3 Small', capabilities: JSON.stringify(['embedding']), contextWindow: 8191, inputCost: 0.02, outputCost: 0 },
-      { providerId: provider.id, modelId: 'text-embedding-3-large', name: 'Embedding 3 Large', capabilities: JSON.stringify(['embedding']), contextWindow: 8191, inputCost: 0.13, outputCost: 0 },
-    ]) {
-      try { await prisma.model.create({ data: m }); } catch { /* skip duplicate */ }
+        ? `    for (const m of [
+      { providerId: provider.id, modelId: 'gpt-4o', name: 'GPT-4o', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 128000, inputCost: 2.5, outputCost: 10 },
+      { providerId: provider.id, modelId: 'gpt-4o-mini', name: 'GPT-4o Mini', capabilities: JSON.stringify(['chat']), contextWindow: 128000, inputCost: 0.15, outputCost: 0.6 },
+      { providerId: provider.id, modelId: 'gpt-4-turbo', name: 'GPT-4 Turbo', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 128000, inputCost: 10, outputCost: 30 },
+      { providerId: provider.id, modelId: 'text-embedding-3-small', name: 'Embedding 3 Small', capabilities: JSON.stringify(['embedding']), contextWindow: 8191, inputCost: 0.02, outputCost: 0 },
+      { providerId: provider.id, modelId: 'text-embedding-3-large', name: 'Embedding 3 Large', capabilities: JSON.stringify(['embedding']), contextWindow: 8191, inputCost: 0.13, outputCost: 0 },
+    ]) {
+      try { await prisma.model.create({ data: m }); } catch { /* skip duplicate */ }
     }`
-        : `    await prisma.model.createMany({
-      data: [
-        { providerId: provider.id, modelId: 'gpt-4o', name: 'GPT-4o', capabilities: ['chat', 'vision'], contextWindow: 128000, inputCost: 2.5, outputCost: 10 },
-        { providerId: provider.id, modelId: 'gpt-4o-mini', name: 'GPT-4o Mini', capabilities: ['chat'], contextWindow: 128000, inputCost: 0.15, outputCost: 0.6 },
-        { providerId: provider.id, modelId: 'gpt-4-turbo', name: 'GPT-4 Turbo', capabilities: ['chat', 'vision'], contextWindow: 128000, inputCost: 10, outputCost: 30 },
-        { providerId: provider.id, modelId: 'text-embedding-3-small', name: 'Embedding 3 Small', capabilities: ['embedding'], contextWindow: 8191, inputCost: 0.02, outputCost: 0 },
-        { providerId: provider.id, modelId: 'text-embedding-3-large', name: 'Embedding 3 Large', capabilities: ['embedding'], contextWindow: 8191, inputCost: 0.13, outputCost: 0 },
-      ],
-      skipDuplicates: true,
-    });`}
-    console.log('✅ OpenAI provider seeded with models');
-  }
-  if (anthropicKey) {
-    const provider = await prisma.provider.upsert({
-      where: { id: 'seed-anthropic' },
-      update: {},
-      create: {
-        id: 'seed-anthropic',
-        name: 'Anthropic',
-        type: 'anthropic',
-        description: 'Anthropic Claude API (seeded from .env)',
-        baseUrl: 'https://api.anthropic.com/v1',
-        apiKey: encrypt(anthropicKey),
-        config: ${sqlite ? `JSON.stringify({ defaultModel: 'claude-sonnet-4-20250514' })` : `{ defaultModel: 'claude-sonnet-4-20250514' }`},
-        status: 'active',
-        isDefault: false,
-        priority: 1,
-        createdBy: admin.id,
-      },
-    });
+        : `    await prisma.model.createMany({
+      data: [
+        { providerId: provider.id, modelId: 'gpt-4o', name: 'GPT-4o', capabilities: ['chat', 'vision'], contextWindow: 128000, inputCost: 2.5, outputCost: 10 },
+        { providerId: provider.id, modelId: 'gpt-4o-mini', name: 'GPT-4o Mini', capabilities: ['chat'], contextWindow: 128000, inputCost: 0.15, outputCost: 0.6 },
+        { providerId: provider.id, modelId: 'gpt-4-turbo', name: 'GPT-4 Turbo', capabilities: ['chat', 'vision'], contextWindow: 128000, inputCost: 10, outputCost: 30 },
+        { providerId: provider.id, modelId: 'text-embedding-3-small', name: 'Embedding 3 Small', capabilities: ['embedding'], contextWindow: 8191, inputCost: 0.02, outputCost: 0 },
+        { providerId: provider.id, modelId: 'text-embedding-3-large', name: 'Embedding 3 Large', capabilities: ['embedding'], contextWindow: 8191, inputCost: 0.13, outputCost: 0 },
+      ],
+      skipDuplicates: true,
+    });`}
+    console.log('✅ OpenAI provider seeded with models');
+  }
+  if (anthropicKey) {
+    const provider = await prisma.provider.upsert({
+      where: { id: 'seed-anthropic' },
+      update: {},
+      create: {
+        id: 'seed-anthropic',
+        name: 'Anthropic',
+        type: 'anthropic',
+        description: 'Anthropic Claude API (seeded from .env)',
+        baseUrl: 'https://api.anthropic.com/v1',
+        apiKey: encrypt(anthropicKey),
+        config: ${sqlite ? `JSON.stringify({ defaultModel: 'claude-sonnet-4-20250514' })` : `{ defaultModel: 'claude-sonnet-4-20250514' }`},
+        status: 'active',
+        isDefault: false,
+        priority: 1,
+        createdBy: admin.id,
+      },
+    });
 ${sqlite
-        ? `    for (const m of [
-      { providerId: provider.id, modelId: 'claude-sonnet-4-20250514', name: 'Claude Sonnet 4', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 200000, inputCost: 3, outputCost: 15 },
-      { providerId: provider.id, modelId: 'claude-3-5-sonnet-20241022', name: 'Claude 3.5 Sonnet', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 200000, inputCost: 3, outputCost: 15 },
-      { providerId: provider.id, modelId: 'claude-3-haiku-20240307', name: 'Claude 3 Haiku', capabilities: JSON.stringify(['chat']), contextWindow: 200000, inputCost: 0.25, outputCost: 1.25 },
-    ]) {
-      try { await prisma.model.create({ data: m }); } catch { /* skip duplicate */ }
+        ? `    for (const m of [
+      { providerId: provider.id, modelId: 'claude-sonnet-4-20250514', name: 'Claude Sonnet 4', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 200000, inputCost: 3, outputCost: 15 },
+      { providerId: provider.id, modelId: 'claude-3-5-sonnet-20241022', name: 'Claude 3.5 Sonnet', capabilities: JSON.stringify(['chat', 'vision']), contextWindow: 200000, inputCost: 3, outputCost: 15 },
+      { providerId: provider.id, modelId: 'claude-3-haiku-20240307', name: 'Claude 3 Haiku', capabilities: JSON.stringify(['chat']), contextWindow: 200000, inputCost: 0.25, outputCost: 1.25 },
+    ]) {
+      try { await prisma.model.create({ data: m }); } catch { /* skip duplicate */ }
     }`
-        : `    await prisma.model.createMany({
-      data: [
-        { providerId: provider.id, modelId: 'claude-sonnet-4-20250514', name: 'Claude Sonnet 4', capabilities: ['chat', 'vision'], contextWindow: 200000, inputCost: 3, outputCost: 15 },
-        { providerId: provider.id, modelId: 'claude-3-5-sonnet-20241022', name: 'Claude 3.5 Sonnet', capabilities: ['chat', 'vision'], contextWindow: 200000, inputCost: 3, outputCost: 15 },
-        { providerId: provider.id, modelId: 'claude-3-haiku-20240307', name: 'Claude 3 Haiku', capabilities: ['chat'], contextWindow: 200000, inputCost: 0.25, outputCost: 1.25 },
-      ],
-      skipDuplicates: true,
-    });`}
-    console.log('✅ Anthropic provider seeded with models');
-  }
-  if (!openaiKey && !anthropicKey) {
-    console.log('ℹ️  No API keys in .env — skip provider seeding. Add via Provider Management UI.');
-  }
-  console.log('🎉 Seeding completed!');
-}
-main()
-  .catch((e) => {
-    console.error('❌ Seeding failed:', e);
-    process.exit(1);
-  })
-  .finally(async () => {
-    await prisma.$disconnect();
-  });
+        : `    await prisma.model.createMany({
+      data: [
+        { providerId: provider.id, modelId: 'claude-sonnet-4-20250514', name: 'Claude Sonnet 4', capabilities: ['chat', 'vision'], contextWindow: 200000, inputCost: 3, outputCost: 15 },
+        { providerId: provider.id, modelId: 'claude-3-5-sonnet-20241022', name: 'Claude 3.5 Sonnet', capabilities: ['chat', 'vision'], contextWindow: 200000, inputCost: 3, outputCost: 15 },
+        { providerId: provider.id, modelId: 'claude-3-haiku-20240307', name: 'Claude 3 Haiku', capabilities: ['chat'], contextWindow: 200000, inputCost: 0.25, outputCost: 1.25 },
+      ],
+      skipDuplicates: true,
+    });`}
+    console.log('✅ Anthropic provider seeded with models');
+  }
+  if (!openaiKey && !anthropicKey) {
+    console.log('ℹ️  No API keys in .env — skip provider seeding. Add via Provider Management UI.');
+  }
+  console.log('🎉 Seeding completed!');
+}
+main()
+  .catch((e) => {
+    console.error('❌ Seeding failed:', e);
+    process.exit(1);
+  })
+  .finally(async () => {
+    await prisma.$disconnect();
+  });
 `;
     const seedDest = path_1.default.join(targetDir, 'prisma/seed.ts');
     await fs_extra_1.default.ensureDir(path_1.default.dirname(seedDest));
@@ -1553,208 +1553,208 @@ async function createDockerCompose(targetDir) {
 async function createInstallScripts(targetDir, features, sqlite) {
     // Windows install.bat
     const installBat = sqlite
-        ? `@echo off
-REM Installation Script for ChimerAI Project (SQLite)
-echo.
-echo ================================================
-echo   ChimerAI Project Setup (SQLite - No Docker needed)
-echo ================================================
-echo.
-REM Check Node.js
-where node >nul 2>nul
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Node.js is not installed
-    pause
-    exit /b 1
-)
-echo [1/3] Installing dependencies...
-call npm install
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Failed to install dependencies
-    pause
-    exit /b 1
-)
-echo [2/3] Setting up database...
-call npm run db:push
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Failed to setup database
-    pause
-    exit /b 1
-)
-echo [3/3] Seeding database...
-call npm run db:seed
-if %ERRORLEVEL% NEQ 0 (
-    echo [WARNING] Seeding failed, but you can continue
-)
-echo.
-echo ================================================
-echo   Setup completed successfully!
-echo ================================================
-echo.
-echo Next steps:
-echo   npm run dev
-echo   Open: http://localhost:3001
-echo.
-${features.includes('auth') ? 'echo Login with:\necho   Email: admin@example.com\necho   Password: admin123\necho.' : ''}
-pause
+        ? `@echo off
+REM Installation Script for ChimerAI Project (SQLite)
+echo.
+echo ================================================
+echo   ChimerAI Project Setup (SQLite - No Docker needed)
+echo ================================================
+echo.
+REM Check Node.js
+where node >nul 2>nul
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Node.js is not installed
+    pause
+    exit /b 1
+)
+echo [1/3] Installing dependencies...
+call npm install
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Failed to install dependencies
+    pause
+    exit /b 1
+)
+echo [2/3] Setting up database...
+call npm run db:push
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Failed to setup database
+    pause
+    exit /b 1
+)
+echo [3/3] Seeding database...
+call npm run db:seed
+if %ERRORLEVEL% NEQ 0 (
+    echo [WARNING] Seeding failed, but you can continue
+)
+echo.
+echo ================================================
+echo   Setup completed successfully!
+echo ================================================
+echo.
+echo Next steps:
+echo   npm run dev
+echo   Open: http://localhost:3001
+echo.
+${features.includes('auth') ? 'echo Login with:\necho   Email: admin@example.com\necho   Password: admin123\necho.' : ''}
+pause
 `
-        : `@echo off
-REM Installation Script for ChimerAI Project
-echo.
-echo ================================================
-echo   ChimerAI Project Setup
-echo ================================================
-echo.
-REM Check Node.js
-where node >nul 2>nul
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Node.js is not installed
-    pause
-    exit /b 1
-)
-REM Check Docker
-where docker >nul 2>nul
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Docker is not installed
-    pause
-    exit /b 1
-)
-echo [1/5] Installing dependencies...
-call npm install
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Failed to install dependencies
-    pause
-    exit /b 1
-)
-echo [2/5] Starting Docker containers...
-call docker-compose up -d
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Failed to start Docker
-    pause
-    exit /b 1
-)
-echo [3/5] Waiting for database...
-timeout /t 5 /nobreak >nul
-echo [4/5] Setting up database...
-call npm run db:push
-if %ERRORLEVEL% NEQ 0 (
-    echo [ERROR] Failed to setup database
-    pause
-    exit /b 1
-)
-echo [5/5] Seeding database...
-call npm run db:seed
-if %ERRORLEVEL% NEQ 0 (
-    echo [WARNING] Seeding failed, but you can continue
-)
-echo.
-echo ================================================
-echo   Setup completed successfully!
-echo ================================================
-echo.
-echo Next steps:
-echo   npm run dev
-echo   Open: http://localhost:3001
-echo.
-${features.includes('auth') ? 'echo Login with:\necho   Email: admin@example.com\necho   Password: admin123\necho.' : ''}
-pause
+        : `@echo off
+REM Installation Script for ChimerAI Project
+echo.
+echo ================================================
+echo   ChimerAI Project Setup
+echo ================================================
+echo.
+REM Check Node.js
+where node >nul 2>nul
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Node.js is not installed
+    pause
+    exit /b 1
+)
+REM Check Docker
+where docker >nul 2>nul
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Docker is not installed
+    pause
+    exit /b 1
+)
+echo [1/5] Installing dependencies...
+call npm install
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Failed to install dependencies
+    pause
+    exit /b 1
+)
+echo [2/5] Starting Docker containers...
+call docker-compose up -d
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Failed to start Docker
+    pause
+    exit /b 1
+)
+echo [3/5] Waiting for database...
+timeout /t 5 /nobreak >nul
+echo [4/5] Setting up database...
+call npm run db:push
+if %ERRORLEVEL% NEQ 0 (
+    echo [ERROR] Failed to setup database
+    pause
+    exit /b 1
+)
+echo [5/5] Seeding database...
+call npm run db:seed
+if %ERRORLEVEL% NEQ 0 (
+    echo [WARNING] Seeding failed, but you can continue
+)
+echo.
+echo ================================================
+echo   Setup completed successfully!
+echo ================================================
+echo.
+echo Next steps:
+echo   npm run dev
+echo   Open: http://localhost:3001
+echo.
+${features.includes('auth') ? 'echo Login with:\necho   Email: admin@example.com\necho   Password: admin123\necho.' : ''}
+pause
 `;
     // Linux/macOS install.sh
     const installSh = sqlite
-        ? `#!/bin/bash
-set -e
-echo ""
-echo "================================================"
-echo "  ChimerAI Project Setup (SQLite - No Docker needed)"
-echo "================================================"
-echo ""
-# Check Node.js
-if ! command -v node &> /dev/null; then
-    echo "[ERROR] Node.js is not installed"
-    exit 1
-fi
-echo "[1/3] Installing dependencies..."
-npm install
-echo "[2/3] Setting up database..."
-npm run db:push
-echo "[3/3] Seeding database..."
-npm run db:seed || echo "[WARNING] Seeding failed, but you can continue"
-echo ""
-echo "================================================"
-echo "  Setup completed successfully!"
-echo "================================================"
-echo ""
-echo "Next steps:"
-echo "  npm run dev"
-echo "  Open: http://localhost:3001"
-echo ""
-${features.includes('auth') ? 'echo "Login with:"\necho "  Email: admin@example.com"\necho "  Password: admin123"\necho ""' : ''}
+        ? `#!/bin/bash
+set -e
+echo ""
+echo "================================================"
+echo "  ChimerAI Project Setup (SQLite - No Docker needed)"
+echo "================================================"
+echo ""
+# Check Node.js
+if ! command -v node &> /dev/null; then
+    echo "[ERROR] Node.js is not installed"
+    exit 1
+fi
+echo "[1/3] Installing dependencies..."
+npm install
+echo "[2/3] Setting up database..."
+npm run db:push
+echo "[3/3] Seeding database..."
+npm run db:seed || echo "[WARNING] Seeding failed, but you can continue"
+echo ""
+echo "================================================"
+echo "  Setup completed successfully!"
+echo "================================================"
+echo ""
+echo "Next steps:"
+echo "  npm run dev"
+echo "  Open: http://localhost:3001"
+echo ""
+${features.includes('auth') ? 'echo "Login with:"\necho "  Email: admin@example.com"\necho "  Password: admin123"\necho ""' : ''}
 `
-        : `#!/bin/bash
-set -e
-echo ""
-echo "================================================"
-echo "  ChimerAI Project Setup"
-echo "================================================"
-echo ""
-# Check Node.js
-if ! command -v node &> /dev/null; then
-    echo "[ERROR] Node.js is not installed"
-    exit 1
-fi
-# Check Docker
-if ! command -v docker &> /dev/null; then
-    echo "[ERROR] Docker is not installed"
-    exit 1
-fi
-echo "[1/5] Installing dependencies..."
-npm install
-echo "[2/5] Starting Docker containers..."
-docker-compose up -d
-echo "[3/5] Waiting for database..."
-sleep 5
-echo "[4/5] Setting up database..."
-npm run db:push
-echo "[5/5] Seeding database..."
-npm run db:seed || echo "[WARNING] Seeding failed, but you can continue"
-echo ""
-echo "================================================"
-echo "  Setup completed successfully!"
-echo "================================================"
-echo ""
-echo "Next steps:"
-echo "  npm run dev"
-echo "  Open: http://localhost:3001"
-echo ""
-${features.includes('auth') ? 'echo "Login with:"\necho "  Email: admin@example.com"\necho "  Password: admin123"\necho ""' : ''}
+        : `#!/bin/bash
+set -e
+echo ""
+echo "================================================"
+echo "  ChimerAI Project Setup"
+echo "================================================"
+echo ""
+# Check Node.js
+if ! command -v node &> /dev/null; then
+    echo "[ERROR] Node.js is not installed"
+    exit 1
+fi
+# Check Docker
+if ! command -v docker &> /dev/null; then
+    echo "[ERROR] Docker is not installed"
+    exit 1
+fi
+echo "[1/5] Installing dependencies..."
+npm install
+echo "[2/5] Starting Docker containers..."
+docker-compose up -d
+echo "[3/5] Waiting for database..."
+sleep 5
+echo "[4/5] Setting up database..."
+npm run db:push
+echo "[5/5] Seeding database..."
+npm run db:seed || echo "[WARNING] Seeding failed, but you can continue"
+echo ""
+echo "================================================"
+echo "  Setup completed successfully!"
+echo "================================================"
+echo ""
+echo "Next steps:"
+echo "  npm run dev"
+echo "  Open: http://localhost:3001"
+echo ""
+${features.includes('auth') ? 'echo "Login with:"\necho "  Email: admin@example.com"\necho "  Password: admin123"\necho ""' : ''}
 `;
     await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'install.bat'), installBat);
     await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'install.sh'), installSh);
@@ -1767,12 +1767,12 @@ ${features.includes('auth') ? 'echo "Login with:"\necho "  Email: admin@example.
     }
 }
 async function createReadme(targetDir, projectName, features) {
-    let readme = `# ${projectName}
-Built with ChimerAI Kickstart
-## Features
+    let readme = `# ${projectName}
+Built with ChimerAI Kickstart
+## Features
 `;
     const featureDescriptions = {
         auth: '- 🔐 Authentication with NextAuth',
@@ -1790,95 +1790,95 @@ Built with ChimerAI Kickstart
             readme += featureDescriptions[f] + '\n';
         }
     });
-    readme += `
-## Getting Started
-### Prerequisites
-- Node.js 20+
-- Docker Desktop
-- npm
-### Quick Start (Recommended)
-**Windows:**
-\`\`\`bash
-install.bat
-\`\`\`
-**Linux/macOS:**
-\`\`\`bash
-./install.sh
-\`\`\`
-The install script will automatically:
-- Install dependencies
-- Start Docker containers
-- Setup and seed the database
-- Show you the next steps
-### Manual Installation
-If you prefer to run commands manually:
-\`\`\`bash
-# Install dependencies
-npm install
-# Start Docker services
-docker-compose up -d
-# Setup database
-npm run db:push
-npm run db:seed
-# Start development server
-npm run dev
-\`\`\`
-Open [http://localhost:3001](http://localhost:3001) in your browser.
-${features.includes('auth') ? `### Default Admin Credentials\n\n- Email: admin@example.com\n- Password: admin123\n\n⚠️ Change these in production!` : ''}
-## Available Scripts
-- \`pnpm dev\` - Start development server
-- \`pnpm build\` - Build for production
-- \`pnpm start\` - Start production server
-- \`pnpm lint\` - Run linter
-- \`pnpm db:push\` - Push database schema
-- \`pnpm db:seed\` - Seed database
-- \`pnpm db:studio\` - Open Prisma Studio
-## Tech Stack
-- **Framework**: Next.js 15
-- **Language**: TypeScript
-- **Database**: PostgreSQL + Prisma
-- **Auth**: NextAuth.js
-- **Styling**: Tailwind CSS
-- **UI Components**: Radix UI
-## Project Structure
-\`\`\`
-├── app/              # Next.js app directory
-├── components/       # React components
-├── lib/              # Utility functions
-├── prisma/           # Database schema
-└── public/           # Static assets
-\`\`\`
-## Learn More
-- [ChimerAI Documentation](https://chimerai.dev)
-- [Next.js Documentation](https://nextjs.org/docs)
-- [Prisma Documentation](https://www.prisma.io/docs)
-## License
-Commercial License - See LICENSE file
+    readme += `
+## Getting Started
+### Prerequisites
+- Node.js 20+
+- Docker Desktop
+- npm
+### Quick Start (Recommended)
+**Windows:**
+\`\`\`bash
+install.bat
+\`\`\`
+**Linux/macOS:**
+\`\`\`bash
+./install.sh
+\`\`\`
+The install script will automatically:
+- Install dependencies
+- Start Docker containers
+- Setup and seed the database
+- Show you the next steps
+### Manual Installation
+If you prefer to run commands manually:
+\`\`\`bash
+# Install dependencies
+npm install
+# Start Docker services
+docker-compose up -d
+# Setup database
+npm run db:push
+npm run db:seed
+# Start development server
+npm run dev
+\`\`\`
+Open [http://localhost:3001](http://localhost:3001) in your browser.
+${features.includes('auth') ? `### Default Admin Credentials\n\n- Email: admin@example.com\n- Password: admin123\n\n⚠️ Change these in production!` : ''}
+## Available Scripts
+- \`pnpm dev\` - Start development server
+- \`pnpm build\` - Build for production
+- \`pnpm start\` - Start production server
+- \`pnpm lint\` - Run linter
+- \`pnpm db:push\` - Push database schema
+- \`pnpm db:seed\` - Seed database
+- \`pnpm db:studio\` - Open Prisma Studio
+## Tech Stack
+- **Framework**: Next.js 15
+- **Language**: TypeScript
+- **Database**: PostgreSQL + Prisma
+- **Auth**: NextAuth.js
+- **Styling**: Tailwind CSS
+- **UI Components**: Radix UI
+## Project Structure
+\`\`\`
+├── app/              # Next.js app directory
+├── components/       # React components
+├── lib/              # Utility functions
+├── prisma/           # Database schema
+└── public/           # Static assets
+\`\`\`
+## Learn More
+- [ChimerAI Documentation](https://chimerai.dev)
+- [Next.js Documentation](https://nextjs.org/docs)
+- [Prisma Documentation](https://www.prisma.io/docs)
+## License
+Commercial License - See LICENSE file
 `;
     await fs_extra_1.default.writeFile(path_1.default.join(targetDir, 'README.md'), readme);
     // Create docs directory with inline documentation
@@ -1886,28 +1886,28 @@ Commercial License - See LICENSE file
     const docsDir = path_1.default.join(targetDir, 'docs');
     await fs_extra_1.default.ensureDir(docsDir);
     // Generate inline quickstart guide
-    const quickstart = `# Quick Start
-## Prerequisites
-- Node.js 20+
-- Docker Desktop
-- pnpm (recommended)
-## Setup
-1. \`pnpm install\`
-2. \`docker-compose up -d\`
-3. \`pnpm db:push\`
-4. \`pnpm db:seed\`
-5. \`pnpm dev\`
-## Default Login
-${features.includes('auth') ? '- Email: admin@example.com\n- Password: admin123' : '- No auth configured. Run: `chimerai add auth`'}
-## CLI Commands
-- \`chimerai add <component>\` — Add features
-- \`chimerai setup <service>\` — Configure integrations
-- \`chimerai doctor\` — Health check
-- \`chimerai update --diff\` — Check for template updates
+    const quickstart = `# Quick Start
+## Prerequisites
+- Node.js 20+
+- Docker Desktop
+- pnpm (recommended)
+## Setup
+1. \`pnpm install\`
+2. \`docker-compose up -d\`
+3. \`pnpm db:push\`
+4. \`pnpm db:seed\`
+5. \`pnpm dev\`
+## Default Login
+${features.includes('auth') ? '- Email: admin@example.com\n- Password: admin123' : '- No auth configured. Run: `chimerai add auth`'}
+## CLI Commands
+- \`chimerai add <component>\` — Add features
+- \`chimerai setup <service>\` — Configure integrations
+- \`chimerai doctor\` — Health check
+- \`chimerai update --diff\` — Check for template updates
 `;
     await fs_extra_1.default.writeFile(path_1.default.join(docsDir, 'QUICKSTART.md'), quickstart);
     console.log(chalk_1.default.green('  ✓ docs/QUICKSTART.md'));