@codaijs/keel 0.2.2 → 0.2.4

package/dist/__tests__/sail-installer.test.js

@@ -39,13 +39,13 @@ describe("insertAtMarker", () => {
     });
     it("inserts code after marker comment", () => {
         const filePath = join(tempDir, "test.ts");
-        writeFileSync(filePath, `import express from "express";
-// [SAIL_IMPORTS]
-
-const app = express();
-// [SAIL_ROUTES]
-
-app.listen(3000);
+        writeFileSync(filePath, `import express from "express";
+// [SAIL_IMPORTS]
+
+const app = express();
+// [SAIL_ROUTES]
+
+app.listen(3000);
 `);
         const result = insertAtMarker(filePath, "// [SAIL_IMPORTS]", 'import { stripeRouter } from "./routes/stripe.js";');
         expect(result).toBe(true);
@@ -58,9 +58,9 @@ app.listen(3000);
     });
     it("inserts code after JSX marker comment", () => {
         const filePath = join(tempDir, "router.tsx");
-        writeFileSync(filePath, `<Route path="/" element={<Home />} />
-        {/* [SAIL_ROUTES] */}
-      </Route>
+        writeFileSync(filePath, `<Route path="/" element={<Home />} />
+        {/* [SAIL_ROUTES] */}
+      </Route>
 `);
         const result = insertAtMarker(filePath, "{/* [SAIL_ROUTES] */}", '          <Route path="/pricing" element={<Pricing />} />');
         expect(result).toBe(true);
@@ -69,8 +69,8 @@ app.listen(3000);
     });
     it("is idempotent — does not insert the same code twice", () => {
         const filePath = join(tempDir, "test.ts");
-        const originalContent = `// [SAIL_IMPORTS]
-const x = 1;
+        const originalContent = `// [SAIL_IMPORTS]
+const x = 1;
 `;
         writeFileSync(filePath, originalContent);
         const code = 'import { foo } from "./foo.js";';
@@ -87,8 +87,8 @@ const x = 1;
     });
     it("records manual step when marker is missing", () => {
         const filePath = join(tempDir, "test.ts");
-        writeFileSync(filePath, `import express from "express";
-const app = express();
+        writeFileSync(filePath, `import express from "express";
+const app = express();
 `);
         const consoleSpy = vi.spyOn(console, "log").mockImplementation(() => { });
         const result = insertAtMarker(filePath, "// [SAIL_IMPORTS]", 'import { foo } from "./foo.js";');
@@ -109,10 +109,10 @@ const app = express();
     });
     it("preserves existing content around marker", () => {
         const filePath = join(tempDir, "test.ts");
-        writeFileSync(filePath, `line1
-// [SAIL_IMPORTS]
-line3
-line4
+        writeFileSync(filePath, `line1
+// [SAIL_IMPORTS]
+line3
+line4
 `);
         insertAtMarker(filePath, "// [SAIL_IMPORTS]", "inserted_line");
         const content = readFileSync(filePath, "utf-8");
@@ -124,13 +124,13 @@ line4
     });
     it("handles multiple markers in same file", () => {
         const filePath = join(tempDir, "test.ts");
-        writeFileSync(filePath, `// [SAIL_IMPORTS]
-
-const app = express();
-
-// [SAIL_ROUTES]
-
-app.listen(3000);
+        writeFileSync(filePath, `// [SAIL_IMPORTS]
+
+const app = express();
+
+// [SAIL_ROUTES]
+
+app.listen(3000);
 `);
         insertAtMarker(filePath, "// [SAIL_IMPORTS]", 'import { a } from "./a.js";');
         insertAtMarker(filePath, "// [SAIL_ROUTES]", 'app.use("/api/a", a);');

package/dist/sail-installer.js

@@ -174,12 +174,12 @@ function installGoogleOAuth(sailDir, projectDir) {
     mkdirSync(destDir, { recursive: true });
     copyFileSync(join(sailDir, "files/GoogleButton.tsx"), join(destDir, "GoogleButton.tsx"));
     // Modify backend auth config
-    insertAtMarker(join(backendDir, "src/auth/index.ts"), "// [SAIL_SOCIAL_PROVIDERS]", `    google: {
-      clientId: process.env.GOOGLE_CLIENT_ID!,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+    insertAtMarker(join(backendDir, "src/auth/index.ts"), "// [SAIL_SOCIAL_PROVIDERS]", `    google: {
+      clientId: process.env.GOOGLE_CLIENT_ID!,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
     },`);
     // Add env var validation
-    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  GOOGLE_CLIENT_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "GOOGLE_CLIENT_ID is required in production").default(""),
+    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  GOOGLE_CLIENT_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "GOOGLE_CLIENT_ID is required in production").default(""),
   GOOGLE_CLIENT_SECRET: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "GOOGLE_CLIENT_SECRET is required in production").default(""),`);
     // Modify login and signup forms
     for (const form of ["LoginForm.tsx", "SignupForm.tsx"]) {
@@ -223,8 +223,8 @@ function installPushNotifications(sailDir, projectDir) {
     insertAtMarker(join(backendDir, "src/index.ts"), "// [SAIL_IMPORTS]", 'import { notificationsRouter } from "./routes/notifications.js";');
     insertAtMarker(join(backendDir, "src/index.ts"), "// [SAIL_ROUTES]", 'app.use("/api/notifications", notificationsRouter);');
     // Add env var validation
-    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  FIREBASE_PROJECT_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "FIREBASE_PROJECT_ID is required in production").default(""),
-  FIREBASE_PRIVATE_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "FIREBASE_PRIVATE_KEY is required in production").default(""),
+    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  FIREBASE_PROJECT_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "FIREBASE_PROJECT_ID is required in production").default(""),
+  FIREBASE_PRIVATE_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "FIREBASE_PRIVATE_KEY is required in production").default(""),
   FIREBASE_CLIENT_EMAIL: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "FIREBASE_CLIENT_EMAIL is required in production").default(""),`);
     // Modify Layout.tsx to include PushNotificationInit
     const layoutPath = join(frontendDir, "src/components/layout/Layout.tsx");
@@ -346,23 +346,23 @@ function installStripe(sailDir, projectDir) {
         }
     }
     // Add env var validation
-    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  STRIPE_SECRET_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "STRIPE_SECRET_KEY is required in production").default(""),
-  STRIPE_PUBLISHABLE_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "STRIPE_PUBLISHABLE_KEY is required in production").default(""),
+    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  STRIPE_SECRET_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "STRIPE_SECRET_KEY is required in production").default(""),
+  STRIPE_PUBLISHABLE_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "STRIPE_PUBLISHABLE_KEY is required in production").default(""),
   STRIPE_WEBHOOK_SECRET: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "STRIPE_WEBHOOK_SECRET is required in production").default(""),`);
     // Modify frontend router
-    insertAtMarker(join(frontendDir, "src/router.tsx"), "// [SAIL_IMPORTS]", `import { PricingPage } from "./pages/Pricing";
+    insertAtMarker(join(frontendDir, "src/router.tsx"), "// [SAIL_IMPORTS]", `import { PricingPage } from "./pages/Pricing";
 import { CheckoutPage } from "./pages/Checkout";`);
-    insertAtMarker(join(frontendDir, "src/router.tsx"), "// [SAIL_ROUTES]", `      {
-        path: "/pricing",
-        element: <PricingPage />,
-      },
-      {
-        path: "/checkout/success",
-        element: <CheckoutPage status="success" />,
-      },
-      {
-        path: "/checkout/cancel",
-        element: <CheckoutPage status="cancel" />,
+    insertAtMarker(join(frontendDir, "src/router.tsx"), "// [SAIL_ROUTES]", `      {
+        path: "/pricing",
+        element: <PricingPage />,
+      },
+      {
+        path: "/checkout/success",
+        element: <CheckoutPage status="success" />,
+      },
+      {
+        path: "/checkout/cancel",
+        element: <CheckoutPage status="cancel" />,
       },`);
     // Install dependencies
     const manifest = loadManifest(sailDir);
@@ -417,7 +417,7 @@ function installAdminDashboard(sailDir, projectDir) {
     // Add env var validation
     insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", '  ADMIN_EMAILS: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "ADMIN_EMAILS is required in production").default(""),');
     // Add frontend routes
-    insertAtMarker(join(frontendDir, "src/router.tsx"), "{/* [SAIL_ROUTES] */}", `          <Route path="/admin" element={<ProtectedRoute><AdminDashboard /></ProtectedRoute>} />
+    insertAtMarker(join(frontendDir, "src/router.tsx"), "{/* [SAIL_ROUTES] */}", `          <Route path="/admin" element={<ProtectedRoute><AdminDashboard /></ProtectedRoute>} />
           <Route path="/admin/users/:id" element={<ProtectedRoute><AdminUserDetail /></ProtectedRoute>} />`);
     // Install dependencies
     const manifest = loadManifest(sailDir);
@@ -509,45 +509,45 @@ function installGdpr(sailDir, projectDir) {
         }
         // Insert GDPR table definitions at the SAIL_SCHEMA marker
         if (schemaContent.includes("// [SAIL_SCHEMA]") && !schemaContent.includes("consentRecords")) {
-            const gdprSchema = `
-export const consentRecords = pgTable("consent_records", {
-  id: text("id")
-    .primaryKey()
-    .$defaultFn(() => crypto.randomUUID()),
-  userId: text("user_id")
-    .notNull()
-    .references(() => users.id, { onDelete: "cascade" }),
-  consentType: varchar("consent_type", { length: 50 }).notNull(),
-  granted: boolean("granted").notNull(),
-  version: varchar("version", { length: 20 }).notNull(),
-  ipAddress: text("ip_address"),
-  userAgent: text("user_agent"),
-  grantedAt: timestamp("granted_at").defaultNow().notNull(),
-  revokedAt: timestamp("revoked_at"),
-});
-
-export const deletionRequests = pgTable("deletion_requests", {
-  id: text("id")
-    .primaryKey()
-    .$defaultFn(() => crypto.randomUUID()),
-  userId: text("user_id")
-    .notNull()
-    .references(() => users.id, { onDelete: "cascade" }),
-  status: varchar("status", { length: 20 }).default("pending").notNull(),
-  reason: text("reason"),
-  requestedAt: timestamp("requested_at").defaultNow().notNull(),
-  scheduledDeletionAt: timestamp("scheduled_deletion_at").notNull(),
-  cancelledAt: timestamp("cancelled_at"),
-  completedAt: timestamp("completed_at"),
-});
-
-export const consentRecordsRelations = relations(consentRecords, ({ one }) => ({
-  user: one(users, { fields: [consentRecords.userId], references: [users.id] }),
-}));
-
-export const deletionRequestsRelations = relations(deletionRequests, ({ one }) => ({
-  user: one(users, { fields: [deletionRequests.userId], references: [users.id] }),
-}));
+            const gdprSchema = `
+export const consentRecords = pgTable("consent_records", {
+  id: text("id")
+    .primaryKey()
+    .$defaultFn(() => crypto.randomUUID()),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  consentType: varchar("consent_type", { length: 50 }).notNull(),
+  granted: boolean("granted").notNull(),
+  version: varchar("version", { length: 20 }).notNull(),
+  ipAddress: text("ip_address"),
+  userAgent: text("user_agent"),
+  grantedAt: timestamp("granted_at").defaultNow().notNull(),
+  revokedAt: timestamp("revoked_at"),
+});
+
+export const deletionRequests = pgTable("deletion_requests", {
+  id: text("id")
+    .primaryKey()
+    .$defaultFn(() => crypto.randomUUID()),
+  userId: text("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  status: varchar("status", { length: 20 }).default("pending").notNull(),
+  reason: text("reason"),
+  requestedAt: timestamp("requested_at").defaultNow().notNull(),
+  scheduledDeletionAt: timestamp("scheduled_deletion_at").notNull(),
+  cancelledAt: timestamp("cancelled_at"),
+  completedAt: timestamp("completed_at"),
+});
+
+export const consentRecordsRelations = relations(consentRecords, ({ one }) => ({
+  user: one(users, { fields: [consentRecords.userId], references: [users.id] }),
+}));
+
+export const deletionRequestsRelations = relations(deletionRequests, ({ one }) => ({
+  user: one(users, { fields: [deletionRequests.userId], references: [users.id] }),
+}));
 `;
             schemaContent = schemaContent.replace("// [SAIL_SCHEMA]", `// [SAIL_SCHEMA]\n${gdprSchema}`);
         }
@@ -572,28 +572,28 @@ export const deletionRequestsRelations = relations(deletionRequests, ({ one }) =
         if (!signupContent.includes("ConsentCheckboxes")) {
             signupContent = signupContent.replace('import { useAuth } from "@/hooks/useAuth";', 'import { useAuth } from "@/hooks/useAuth";\nimport { apiPost } from "@/lib/api";\nimport ConsentCheckboxes, { type ConsentState } from "./ConsentCheckboxes";');
             signupContent = signupContent.replace('  const [confirmPassword, setConfirmPassword] = useState("");', '  const [confirmPassword, setConfirmPassword] = useState("");\n  const [consent, setConsent] = useState<ConsentState>({\n    privacyPolicy: false,\n    termsOfService: false,\n    marketingEmails: false,\n    analytics: false,\n  });');
-            signupContent = signupContent.replace("    setIsSubmitting(true);\n\n    try {\n      await signup(email, password, name);\n\n      setSuccess(true);", `    if (!consent.privacyPolicy || !consent.termsOfService) {
-      setError("You must accept the Privacy Policy and Terms of Service.");
-      return;
-    }
-
-    setIsSubmitting(true);
-
-    try {
-      await signup(email, password, name);
-
-      // Record consent after successful signup
-      try {
-        await apiPost("/api/gdpr/consent", {
-          privacyPolicy: consent.privacyPolicy,
-          termsOfService: consent.termsOfService,
-          marketingEmails: consent.marketingEmails,
-          analytics: consent.analytics,
-        });
-      } catch {
-        // Non-critical: consent recording failure shouldn't block signup
-      }
-
+            signupContent = signupContent.replace("    setIsSubmitting(true);\n\n    try {\n      await signup(email, password, name);\n\n      setSuccess(true);", `    if (!consent.privacyPolicy || !consent.termsOfService) {
+      setError("You must accept the Privacy Policy and Terms of Service.");
+      return;
+    }
+
+    setIsSubmitting(true);
+
+    try {
+      await signup(email, password, name);
+
+      // Record consent after successful signup
+      try {
+        await apiPost("/api/gdpr/consent", {
+          privacyPolicy: consent.privacyPolicy,
+          termsOfService: consent.termsOfService,
+          marketingEmails: consent.marketingEmails,
+          analytics: consent.analytics,
+        });
+      } catch {
+        // Non-critical: consent recording failure shouldn't block signup
+      }
+
       setSuccess(true);`);
             signupContent = signupContent.replace("          <button\n            type=\"submit\"", "          <ConsentCheckboxes value={consent} onChange={setConsent} />\n\n          <button\n            type=\"submit\"");
             writeFileSync(signupPath, signupContent, "utf-8");
@@ -605,58 +605,58 @@ export const deletionRequestsRelations = relations(deletionRequests, ({ one }) =
         let settingsContent = readFileSync(settingsPath, "utf-8");
         if (!settingsContent.includes("DataExportButton")) {
             settingsContent = settingsContent.replace('import { apiGet } from "@/lib/api";', 'import { apiGet, apiPost } from "@/lib/api";\nimport DataExportButton from "../gdpr/DataExportButton";\nimport AccountDeletionRequest from "../gdpr/AccountDeletionRequest";');
-            settingsContent = settingsContent.replace("interface Session {", `interface ConsentSettings {
-  marketingEmails: boolean;
-  analytics: boolean;
-}
-
+            settingsContent = settingsContent.replace("interface Session {", `interface ConsentSettings {
+  marketingEmails: boolean;
+  analytics: boolean;
+}
+
 interface Session {`);
-            settingsContent = settingsContent.replace("  const [sessions, setSessions] = useState<Session[]>([]);", `  const [consent, setConsent] = useState<ConsentSettings>({
-    marketingEmails: false,
-    analytics: false,
-  });
-  const [sessions, setSessions] = useState<Session[]>([]);
-  const [consentLoading, setConsentLoading] = useState(true);
+            settingsContent = settingsContent.replace("  const [sessions, setSessions] = useState<Session[]>([]);", `  const [consent, setConsent] = useState<ConsentSettings>({
+    marketingEmails: false,
+    analytics: false,
+  });
+  const [sessions, setSessions] = useState<Session[]>([]);
+  const [consentLoading, setConsentLoading] = useState(true);
   const [consentSaving, setConsentSaving] = useState(false);`);
-            settingsContent = settingsContent.replace(`    async function loadSettings() {
-      try {
-        const sessionsData = await apiGet<Session[]>("/api/auth/sessions");
-        setSessions(sessionsData);
-      } catch {
-        // Settings may not exist yet
-      }
-    }`, `    async function loadSettings() {
-      try {
-        const [consentData, sessionsData] = await Promise.all([
-          apiGet<ConsentSettings>("/api/gdpr/consent"),
-          apiGet<Session[]>("/api/auth/sessions"),
-        ]);
-        setConsent(consentData);
-        setSessions(sessionsData);
-      } catch {
-        // Settings may not exist yet
-      } finally {
-        setConsentLoading(false);
-      }
+            settingsContent = settingsContent.replace(`    async function loadSettings() {
+      try {
+        const sessionsData = await apiGet<Session[]>("/api/auth/sessions");
+        setSessions(sessionsData);
+      } catch {
+        // Settings may not exist yet
+      }
+    }`, `    async function loadSettings() {
+      try {
+        const [consentData, sessionsData] = await Promise.all([
+          apiGet<ConsentSettings>("/api/gdpr/consent"),
+          apiGet<Session[]>("/api/auth/sessions"),
+        ]);
+        setConsent(consentData);
+        setSessions(sessionsData);
+      } catch {
+        // Settings may not exist yet
+      } finally {
+        setConsentLoading(false);
+      }
     }`);
-            settingsContent = settingsContent.replace("  return (", `  const handleConsentChange = async (
-    field: keyof ConsentSettings,
-    value: boolean,
-  ) => {
-    const updated = { ...consent, [field]: value };
-    setConsent(updated);
-    setConsentSaving(true);
-
-    try {
-      await apiPost("/api/gdpr/consent", updated);
-    } catch {
-      // Revert on error
-      setConsent(consent);
-    } finally {
-      setConsentSaving(false);
-    }
-  };
-
+            settingsContent = settingsContent.replace("  return (", `  const handleConsentChange = async (
+    field: keyof ConsentSettings,
+    value: boolean,
+  ) => {
+    const updated = { ...consent, [field]: value };
+    setConsent(updated);
+    setConsentSaving(true);
+
+    try {
+      await apiPost("/api/gdpr/consent", updated);
+    } catch {
+      // Revert on error
+      setConsent(consent);
+    } finally {
+      setConsentSaving(false);
+    }
+  };
+
   return (`);
             writeFileSync(settingsPath, settingsContent, "utf-8");
         }
@@ -688,10 +688,10 @@ function installR2Storage(sailDir, projectDir) {
     mkdirSync(dirname(destUploadPath), { recursive: true });
     copyFileSync(join(sailDir, "files/frontend/components/ProfilePictureUpload.tsx"), destUploadPath);
     // Add R2 env var validation
-    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  R2_ACCOUNT_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "R2_ACCOUNT_ID is required in production").default(""),
-  R2_ACCESS_KEY_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "R2_ACCESS_KEY_ID is required in production").default(""),
-  R2_SECRET_ACCESS_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "R2_SECRET_ACCESS_KEY is required in production").default(""),
-  R2_BUCKET_NAME: z.string().default("avatars"),
+    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  R2_ACCOUNT_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "R2_ACCOUNT_ID is required in production").default(""),
+  R2_ACCESS_KEY_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "R2_ACCESS_KEY_ID is required in production").default(""),
+  R2_SECRET_ACCESS_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "R2_SECRET_ACCESS_KEY is required in production").default(""),
+  R2_BUCKET_NAME: z.string().default("avatars"),
   R2_PUBLIC_URL: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "R2_PUBLIC_URL is required in production").default(""),`);
     // Add avatar routes to profile.ts
     const profilePath = join(backendDir, "src/routes/profile.ts");
@@ -703,40 +703,40 @@ function installR2Storage(sailDir, projectDir) {
         }
         // Add avatar routes if not present
         if (!profileContent.includes("/avatar/upload-url")) {
-            const avatarRoutes = `
-// POST /avatar/upload-url — generate presigned upload URL
-router.post("/avatar/upload-url", async (req, res) => {
-  const { fileType } = req.body as { fileType?: string };
-
-  if (!fileType || typeof fileType !== "string") {
-    res.status(400).json({ error: "fileType is required" });
-    return;
-  }
-
-  const result = await generateUploadUrl(req.user!.id, fileType);
-  res.json(result);
-});
-
-// DELETE /avatar — delete current avatar
-router.delete("/avatar", async (req, res) => {
-  const user = req.user!;
-
-  if (user.image) {
-    try {
-      // Extract key from the image URL or stored key
-      await deleteObject(user.image);
-    } catch {
-      // Continue even if R2 deletion fails
-    }
-  }
-
-  const [updated] = await db
-    .update(users)
-    .set({ image: null, updatedAt: new Date() })
-    .where(eq(users.id, user.id))
-    .returning();
-
-  res.json({ user: updated });
+            const avatarRoutes = `
+// POST /avatar/upload-url — generate presigned upload URL
+router.post("/avatar/upload-url", async (req, res) => {
+  const { fileType } = req.body as { fileType?: string };
+
+  if (!fileType || typeof fileType !== "string") {
+    res.status(400).json({ error: "fileType is required" });
+    return;
+  }
+
+  const result = await generateUploadUrl(req.user!.id, fileType);
+  res.json(result);
+});
+
+// DELETE /avatar — delete current avatar
+router.delete("/avatar", async (req, res) => {
+  const user = req.user!;
+
+  if (user.image) {
+    try {
+      // Extract key from the image URL or stored key
+      await deleteObject(user.image);
+    } catch {
+      // Continue even if R2 deletion fails
+    }
+  }
+
+  const [updated] = await db
+    .update(users)
+    .set({ image: null, updatedAt: new Date() })
+    .where(eq(users.id, user.id))
+    .returning();
+
+  res.json({ user: updated });
 });`;
             profileContent = profileContent.replace("export default router;", `${avatarRoutes}\n\nexport default router;`);
         }
@@ -798,11 +798,11 @@ function installFileUploads(sailDir, projectDir) {
     insertAtMarker(join(backendDir, "src/index.ts"), "// [SAIL_IMPORTS]", 'import { filesRouter } from "./routes/files.js";');
     insertAtMarker(join(backendDir, "src/index.ts"), "// [SAIL_ROUTES]", 'app.use("/api/files", filesRouter);');
     // Add env var validation
-    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  S3_ENDPOINT: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_ENDPOINT is required in production").default(""),
-  S3_ACCESS_KEY_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_ACCESS_KEY_ID is required in production").default(""),
-  S3_SECRET_ACCESS_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_SECRET_ACCESS_KEY is required in production").default(""),
-  S3_BUCKET_NAME: z.string().default("uploads"),
-  S3_PUBLIC_URL: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_PUBLIC_URL is required in production").default(""),
+    insertAtMarker(join(backendDir, "src/env.ts"), "// [SAIL_ENV_VARS]", `  S3_ENDPOINT: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_ENDPOINT is required in production").default(""),
+  S3_ACCESS_KEY_ID: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_ACCESS_KEY_ID is required in production").default(""),
+  S3_SECRET_ACCESS_KEY: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_SECRET_ACCESS_KEY is required in production").default(""),
+  S3_BUCKET_NAME: z.string().default("uploads"),
+  S3_PUBLIC_URL: z.string().min(process.env.NODE_ENV === "production" ? 1 : 0, "S3_PUBLIC_URL is required in production").default(""),
   S3_REGION: z.string().default("auto"),`);
     // Add frontend route
     insertAtMarker(join(frontendDir, "src/router.tsx"), "{/* [SAIL_ROUTES] */}", '          <Route path="/files" element={<ProtectedRoute><FilesPage /></ProtectedRoute>} />');