@kuratchi/js 0.0.1

package/dist/create.js

@@ -0,0 +1,876 @@
+/**
+ * `kuratchi create <project-name>` — scaffold a new KuratchiJS project
+ *
+ * Interactive prompts for feature selection, then generates
+ * a ready-to-run project with the selected stack.
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as readline from 'node:readline';
+import * as crypto from 'node:crypto';
+import { execSync } from 'node:child_process';
+const FRAMEWORK_PACKAGE_NAME = getFrameworkPackageName();
+function getFrameworkPackageName() {
+    try {
+        const raw = fs.readFileSync(new URL('../package.json', import.meta.url), 'utf-8');
+        const parsed = JSON.parse(raw);
+        return parsed.name || 'KuratchiJS';
+    }
+    catch {
+        return 'KuratchiJS';
+    }
+}
+// ── Prompt Helpers ──────────────────────────────────────────
+const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+function ask(question, defaultVal = '') {
+    const suffix = defaultVal ? ` (${defaultVal})` : '';
+    return new Promise((resolve) => {
+        rl.question(`  ${question}${suffix}: `, (answer) => {
+            resolve(answer.trim() || defaultVal);
+        });
+    });
+}
+function confirm(question, defaultYes = true) {
+    const hint = defaultYes ? 'Y/n' : 'y/N';
+    return new Promise((resolve) => {
+        rl.question(`  ${question} (${hint}): `, (answer) => {
+            const a = answer.trim().toLowerCase();
+            if (!a)
+                return resolve(defaultYes);
+            resolve(a === 'y' || a === 'yes');
+        });
+    });
+}
+export async function create(projectName, flags = []) {
+    const autoYes = flags.includes('--yes') || flags.includes('-y');
+    console.log('\nâš¡ Create a new KuratchiJS project\n');
+    // Project name
+    const name = projectName || (autoYes ? 'my-kuratchi-app' : await ask('Project name', 'my-kuratchi-app'));
+    // Validate name
+    if (!/^[a-z0-9][a-z0-9-]*$/.test(name)) {
+        console.error('  ✗ Project name must be lowercase alphanumeric with hyphens');
+        process.exit(1);
+    }
+    const targetDir = path.resolve(process.cwd(), name);
+    if (fs.existsSync(targetDir)) {
+        console.error(`  ✗ Directory "${name}" already exists`);
+        process.exit(1);
+    }
+    // Feature selection
+    const ui = autoYes ? true : await confirm('Include @kuratchi/ui theme?');
+    const orm = autoYes ? true : await confirm('Include @kuratchi/orm with D1?');
+    const auth = autoYes ? true : (orm ? await confirm('Include @kuratchi/auth (credentials login)?') : false);
+    if (auth && !orm) {
+        console.log('  ℹ Auth requires ORM — enabling ORM automatically');
+    }
+    console.log();
+    console.log(`  Project:  ${name}`);
+    console.log(`  UI:       ${ui ? '✓' : '—'}`);
+    console.log(`  ORM:      ${orm ? '✓' : '—'}`);
+    console.log(`  Auth:     ${auth ? '✓' : '—'}`);
+    console.log();
+    if (!autoYes) {
+        const ok = await confirm('Create project?');
+        if (!ok) {
+            console.log('  Cancelled.');
+            rl.close();
+            process.exit(0);
+        }
+    }
+    rl.close();
+    // Detect monorepo — if we're inside a workspace with packages/kuratchi-js, use workspace:*
+    const monorepoRoot = detectMonorepo(targetDir);
+    const isMonorepo = !!monorepoRoot;
+    // Scaffold files
+    const opts = { name, ui, orm, auth, monorepo: isMonorepo, monorepoRoot, projectDir: targetDir };
+    scaffold(targetDir, opts);
+    // ── Post-scaffold setup ─────────────────────────────────────
+    console.log();
+    // 1. Install dependencies
+    step('Installing dependencies...');
+    run('bun install', isMonorepo ? monorepoRoot : targetDir);
+    // 2. Create D1 database (local only for now)
+    if (orm) {
+        step('Creating D1 database...');
+        try {
+            const output = run(`npx wrangler d1 create ${name}-db`, targetDir);
+            // Parse database_id from wrangler output
+            const idMatch = output.match(/database_id\s*=\s*"([^"]+)"/);
+            if (idMatch) {
+                const dbId = idMatch[1];
+                patchWranglerDbId(targetDir, dbId);
+                step(`D1 database created: ${dbId}`);
+            }
+        }
+        catch {
+            // D1 create may fail if not logged in — that's fine for local dev
+            step('D1 create skipped (not logged in to Cloudflare — local dev still works)');
+        }
+    }
+    // 3. Generate worker types
+    step('Generating types...');
+    try {
+        run('npx wrangler types', targetDir);
+    }
+    catch {
+        // May fail without D1 — not critical
+    }
+    // 4. Build routes
+    step('Building routes...');
+    if (isMonorepo && monorepoRoot) {
+        const cliPath = path.join(monorepoRoot, 'packages', 'KuratchiJS', 'src', 'cli.ts');
+        if (fs.existsSync(cliPath)) {
+            run(`bun run --bun ${cliPath} build`, targetDir);
+        }
+        else {
+            run('npx kuratchi build', targetDir);
+        }
+    }
+    else {
+        run('npx kuratchi build', targetDir);
+    }
+    console.log();
+    console.log(`  ✓ Project ready at ./${name}`);
+    console.log();
+    console.log('  Get started:');
+    console.log(`    cd ${name}`);
+    console.log('    bun run dev');
+    console.log();
+}
+// ── Helpers ─────────────────────────────────────────────────
+function step(msg) {
+    console.log(`  â–¸ ${msg}`);
+}
+function run(cmd, cwd) {
+    try {
+        return execSync(cmd, { cwd, stdio: 'pipe', encoding: 'utf-8' });
+    }
+    catch (err) {
+        // Return stderr/stdout even on failure for parsing
+        if (err.stdout)
+            return err.stdout;
+        throw err;
+    }
+}
+function detectMonorepo(targetDir) {
+    // Walk up from target to find a workspace root with packages/kuratchi-js
+    let dir = path.dirname(targetDir);
+    for (let i = 0; i < 5; i++) {
+        if (fs.existsSync(path.join(dir, 'packages', 'KuratchiJS', 'package.json'))) {
+            return dir;
+        }
+        const parent = path.dirname(dir);
+        if (parent === dir)
+            break;
+        dir = parent;
+    }
+    return null;
+}
+function patchWranglerDbId(dir, dbId) {
+    const wranglerPath = path.join(dir, 'wrangler.jsonc');
+    let content = fs.readFileSync(wranglerPath, 'utf-8');
+    content = content.replace('"local-dev-only"', `"${dbId}"`);
+    fs.writeFileSync(wranglerPath, content, 'utf-8');
+}
+// ── Scaffold ────────────────────────────────────────────────
+function scaffold(dir, opts) {
+    const { name, ui, orm, auth } = opts;
+    // Create directory structure
+    const dirs = [
+        '',
+        'src',
+        'src/routes',
+    ];
+    if (orm) {
+        dirs.push('src/database', 'src/schemas');
+    }
+    if (auth) {
+        dirs.push('src/routes/auth', 'src/routes/auth/login', 'src/routes/auth/signup', 'src/routes/admin');
+    }
+    for (const d of dirs) {
+        fs.mkdirSync(path.join(dir, d), { recursive: true });
+    }
+    // Generate files
+    write(dir, 'package.json', genPackageJson(opts));
+    write(dir, 'wrangler.jsonc', genWrangler(opts));
+    write(dir, 'kuratchi.config.ts', genConfig(opts));
+    write(dir, 'tsconfig.json', genTsConfig());
+    write(dir, '.gitignore', genGitIgnore());
+    write(dir, 'src/index.ts', genWorkerEntry(opts));
+    write(dir, 'src/routes/layout.html', genLayout(opts));
+    write(dir, 'src/routes/page.html', genLandingPage(opts));
+    if (orm) {
+        write(dir, 'src/schemas/app.ts', genSchema(opts));
+        write(dir, 'src/database/items.ts', genItemsCrud());
+        write(dir, 'src/routes/items/page.html', genItemsPage());
+    }
+    if (auth) {
+        write(dir, '.dev.vars', genDevVars());
+        write(dir, 'src/database/auth.ts', genAuthFunctions());
+        write(dir, 'src/database/admin.ts', genAdminLoader());
+        write(dir, 'src/routes/auth/login/page.html', genLoginPage());
+        write(dir, 'src/routes/auth/signup/page.html', genSignupPage());
+        write(dir, 'src/routes/admin/page.html', genAdminPage());
+    }
+}
+function write(dir, filePath, content) {
+    const full = path.join(dir, filePath);
+    fs.mkdirSync(path.dirname(full), { recursive: true });
+    fs.writeFileSync(full, content, 'utf-8');
+    console.log(`  + ${filePath}`);
+}
+// ── Template Generators ─────────────────────────────────────
+function genPackageJson(opts) {
+    const ver = opts.monorepo ? 'workspace:*' : 'latest';
+    const deps = {
+        [FRAMEWORK_PACKAGE_NAME]: ver,
+    };
+    if (opts.ui)
+        deps['@kuratchi/ui'] = ver;
+    if (opts.orm)
+        deps['@kuratchi/orm'] = ver;
+    if (opts.auth)
+        deps['@kuratchi/auth'] = ver;
+    // In monorepo, scripts call the local CLI via bun with correct relative path
+    let devScript = 'kuratchi dev';
+    let buildScript = 'kuratchi build';
+    if (opts.monorepo && opts.monorepoRoot) {
+        const cliAbs = path.join(opts.monorepoRoot, 'packages', 'KuratchiJS', 'src', 'cli.ts');
+        const relCli = path.relative(opts.projectDir, cliAbs).replace(/\\/g, '/');
+        devScript = `bun run --bun ${relCli} dev`;
+        buildScript = `bun run --bun ${relCli} build`;
+    }
+    return JSON.stringify({
+        name: opts.monorepo ? `@kuratchi/${opts.name}` : opts.name,
+        version: '0.0.1',
+        private: true,
+        type: 'module',
+        scripts: {
+            dev: devScript,
+            build: buildScript,
+        },
+        dependencies: deps,
+        devDependencies: {
+            '@cloudflare/workers-types': '^4.20250214.0',
+            'wrangler': '^4.14.0',
+        },
+    }, null, 2) + '\n';
+}
+function genWrangler(opts) {
+    const config = {
+        name: opts.name,
+        main: 'src/index.ts',
+        compatibility_date: new Date().toISOString().split('T')[0],
+        compatibility_flags: ['nodejs_compat'],
+    };
+    if (opts.orm) {
+        config.d1_databases = [
+            {
+                binding: 'DB',
+                database_name: `${opts.name}-db`,
+                database_id: 'local-dev-only',
+            },
+        ];
+    }
+    return JSON.stringify(config, null, 2) + '\n';
+}
+function genConfig(opts) {
+    const lines = [];
+    lines.push(`import { defineConfig } from '${FRAMEWORK_PACKAGE_NAME}';`);
+    if (opts.ui) {
+        lines.push(`import { kuratchiUiConfig } from '@kuratchi/ui/adapter';`);
+    }
+    if (opts.orm) {
+        lines.push(`import { kuratchiOrmConfig } from '@kuratchi/orm/adapter';`);
+    }
+    if (opts.auth) {
+        lines.push(`import { kuratchiAuthConfig } from '@kuratchi/auth/adapter';`);
+    }
+    if (opts.orm) {
+        lines.push(`import { appSchema } from './src/schemas/app';`);
+    }
+    lines.push('');
+    lines.push('export default defineConfig({');
+    // UI
+    if (opts.ui) {
+        lines.push('  ui: kuratchiUiConfig({');
+        lines.push("    theme: 'default',");
+        lines.push('  }),');
+    }
+    // ORM
+    if (opts.orm) {
+        lines.push('  orm: kuratchiOrmConfig({');
+        lines.push('    databases: {');
+        lines.push('      DB: { schema: appSchema },');
+        lines.push('    }');
+        lines.push('  }),');
+    }
+    // Auth
+    if (opts.auth) {
+        lines.push('  auth: kuratchiAuthConfig({');
+        lines.push("    cookieName: 'kuratchi_session',");
+        lines.push('    sessionEnabled: true,');
+        lines.push('  }),');
+    }
+    lines.push('});');
+    lines.push('');
+    return lines.join('\n');
+}
+function genTsConfig() {
+    return JSON.stringify({
+        compilerOptions: {
+            target: 'ESNext',
+            module: 'ESNext',
+            moduleResolution: 'bundler',
+            strict: true,
+            esModuleInterop: true,
+            skipLibCheck: true,
+            forceConsistentCasingInFileNames: true,
+            types: ['./worker-configuration.d.ts'],
+        },
+        include: ['src/**/*.ts', 'kuratchi.config.ts'],
+        exclude: ['node_modules'],
+    }, null, 2) + '\n';
+}
+function genGitIgnore() {
+    return `node_modules/
+.wrangler/
+.dev.vars
+.kuratchi/
+worker-configuration.d.ts
+dist/
+`;
+}
+function genWorkerEntry(opts) {
+    return `export { default } from "../.kuratchi/routes.js";\n`;
+}
+function genLayout(opts) {
+    const navLinks = ['      <a href="/">Home</a>'];
+    if (opts.orm)
+        navLinks.push('      <a href="/items">Items</a>');
+    if (opts.auth)
+        navLinks.push('      <a href="/admin">Admin</a>');
+    return `<!DOCTYPE html>
+<html lang="en" class="dark">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>${opts.name} — KuratchiJS</title>
+</head>
+<body>
+  <header>
+    <a href="/">âš¡ ${opts.name}</a>
+    <nav>
+${navLinks.join('\n')}
+    </nav>
+  </header>
+  <main>
+    <slot></slot>
+  </main>
+</body>
+</html>
+`;
+}
+function genLandingPage(opts) {
+    const imports = [];
+    const cards = [];
+    if (opts.ui) {
+        imports.push("  import Badge from '@kuratchi/ui/badge.html';");
+        imports.push("  import Card from '@kuratchi/ui/card.html';");
+        imports.push("  import DataList from '@kuratchi/ui/data-list.html';");
+        imports.push("  import DataItem from '@kuratchi/ui/data-item.html';");
+    }
+    let body = '';
+    body += '<header>\n';
+    body += '  <div>\n';
+    body += `    <h1>${opts.name}</h1>\n`;
+    body += '    <p>Built with KuratchiJS — a Cloudflare Workers-native framework</p>\n';
+    body += '  </div>\n';
+    body += '</header>\n\n';
+    if (opts.orm) {
+        body += '<div>\n';
+        body += '  <a href="/items">\n';
+        if (opts.ui)
+            body += '    <Badge variant="success">D1 Database</Badge>\n';
+        body += '    <h2>Items</h2>\n';
+        body += '    <p>Full CRUD backed by Cloudflare D1. Schema auto-migrated on first request.</p>\n';
+        body += '  </a>\n';
+        if (opts.auth) {
+            body += '  <a href="/admin">\n';
+            if (opts.ui)
+                body += '    <Badge variant="warning">Protected</Badge>\n';
+            body += '    <h2>Admin</h2>\n';
+            body += '    <p>Protected dashboard — sign in with credentials to access.</p>\n';
+            body += '  </a>\n';
+        }
+        body += '</div>\n';
+    }
+    if (opts.ui) {
+        body += '\n<Card title="Stack">\n';
+        body += '  <DataList>\n';
+        body += `    <DataItem label="Framework" value="${FRAMEWORK_PACKAGE_NAME}" />\n`;
+        if (opts.orm)
+            body += '    <DataItem label="ORM" value="@kuratchi/orm" />\n';
+        if (opts.auth)
+            body += '    <DataItem label="Auth" value="@kuratchi/auth" />\n';
+        body += '    <DataItem label="UI" value="@kuratchi/ui" />\n';
+        body += '  </DataList>\n';
+        body += '</Card>\n';
+    }
+    if (imports.length > 0) {
+        return `<script>\n${imports.join('\n')}\n</script>\n\n${body}`;
+    }
+    return body;
+}
+// ── ORM Templates ───────────────────────────────────────────
+function genSchema(opts) {
+    const tables = [];
+    tables.push(`    items: {
+      id: 'integer primary key',
+      title: 'text not null',
+      done: 'integer not null default 0',
+      created_at: 'text not null default now',
+    },`);
+    if (opts.auth) {
+        tables.push(`    users: {
+      id: 'integer primary key',
+      email: 'text not null unique',
+      name: 'text',
+      password_hash: 'text not null',
+      created_at: 'text not null default now',
+      updated_at: 'text not null default now',
+    },
+    session: {
+      id: 'integer primary key',
+      sessionToken: 'text not null unique',
+      userId: 'integer not null',
+      expires: 'integer not null',
+      created_at: 'text not null default now',
+      updated_at: 'text not null default now',
+      deleted_at: 'text',
+    },`);
+    }
+    const version = opts.auth ? 1 : 1;
+    let types = `
+export interface Item {
+  id: number;
+  title: string;
+  done: number;
+  created_at: string;
+}`;
+    if (opts.auth) {
+        types += `
+
+export interface User {
+  id: number;
+  email: string;
+  name: string | null;
+  password_hash: string;
+  created_at: string;
+  updated_at: string;
+}
+
+export interface Session {
+  id: number;
+  sessionToken: string;
+  userId: number;
+  expires: number;
+  created_at: string;
+  updated_at: string;
+  deleted_at: string | null;
+}`;
+    }
+    return `import type { SchemaDsl } from '@kuratchi/orm';
+
+export const appSchema: SchemaDsl = {
+  name: '${opts.name}',
+  version: ${version},
+  tables: {
+${tables.join('\n')}
+  }
+};
+${types}
+`;
+}
+function genItemsCrud() {
+    return `import { env } from 'cloudflare:workers';
+import { kuratchiORM } from '@kuratchi/orm';
+import { getLocals } from '${FRAMEWORK_PACKAGE_NAME}';
+import type { Item } from './schemas/app';
+
+const db = kuratchiORM(() => (env as any).DB);
+
+export async function getItems() {
+  const result = await db.items.orderBy({ created_at: 'desc' }).many();
+  return (result.data ?? []) as Item[];
+}
+
+export async function addItem(formData: FormData): Promise<void> {
+  const title = (formData.get('title') as string)?.trim();
+  if (!title) throw new Error('Title is required');
+  await db.items.insert({ title });
+}
+
+export async function deleteItem(id: number): Promise<void> {
+  await db.items.delete({ id });
+}
+
+export async function toggleItem(id: number): Promise<void> {
+  const result = await db.items.where({ id }).first();
+  const item = result.data as Item | null;
+  if (item) {
+    await db.items.where({ id }).update({ done: item.done ? 0 : 1 });
+  }
+}
+`;
+}
+function genItemsPage() {
+    return `<script>
+  import { getItems, addItem, deleteItem, toggleItem } from '$database/items';
+  import EmptyState from '@kuratchi/ui/empty-state.html';
+
+  const items = await getItems();
+</script>
+
+<header>
+  <div>
+    <h1>Items</h1>
+    <p>Full CRUD backed by Cloudflare D1</p>
+  </div>
+</header>
+
+<form action={addItem} method="POST">
+  <input type="text" name="title" placeholder="What needs to be done?" required />
+  <button type="submit">Add</button>
+</form>
+
+if (items.length === 0) {
+  <EmptyState message="No items yet — add one above" />
+} else {
+  <section>
+    for (const item of items) {
+      <article>
+        <span style={item.done ? 'text-decoration: line-through; opacity: 0.5' : ''}>{item.title}</span>
+        <div>
+          <button data-action="toggleItem" data-args={JSON.stringify([item.id])}>
+            {item.done ? '↩' : '✓'}
+          </button>
+          <button data-action="deleteItem" data-args={JSON.stringify([item.id])}>✕</button>
+        </div>
+      </article>
+    }
+  </section>
+}
+`;
+}
+// ── Auth Templates ──────────────────────────────────────────
+function genDevVars() {
+    const secret = crypto.randomBytes(32).toString('hex');
+    return `AUTH_SECRET=${secret}\n`;
+}
+function genAuthFunctions() {
+    return `import { env } from 'cloudflare:workers';
+import { kuratchiORM } from '@kuratchi/orm';
+import {
+  hashPassword,
+  comparePassword,
+  generateSessionToken,
+  hashToken,
+  buildSessionCookie,
+  parseSessionCookie,
+} from '@kuratchi/auth';
+import { getAuth } from '@kuratchi/auth';
+import { getLocals } from '${FRAMEWORK_PACKAGE_NAME}';
+import type { User } from '../schemas/app';
+
+const db = kuratchiORM(() => (env as any).DB);
+
+// ── Sign Up ─────────────────────────────────────────────────
+
+export async function signUp(formData: FormData): Promise<void> {
+  const email = (formData.get('email') as string)?.trim().toLowerCase();
+  const password = formData.get('password') as string;
+  const name = (formData.get('name') as string)?.trim() || null;
+
+  if (!email || !password) {
+    throw new Error('Email and password are required');
+  }
+
+  if (password.length < 8) {
+    throw new Error('Password must be at least 8 characters');
+  }
+
+  // Check if user already exists
+  const existing = await db.users.where({ email }).first();
+  if (existing.data && existing.data.id) {
+    throw new Error('An account with this email already exists');
+  }
+
+  // Hash password with AUTH_SECRET as pepper
+  const secret = (env as any).AUTH_SECRET || '';
+  const hashedPassword = await hashPassword(password, undefined, secret);
+
+  // Create user
+  const insertResult = await db.users.insert({
+    email,
+    name,
+    password_hash: hashedPassword,
+  });
+  if (!insertResult.success) {
+    throw new Error('Failed to create account');
+  }
+
+  // Redirect to login after successful signup
+  getLocals().__redirectTo = '/auth/login';
+}
+
+// ── Sign In ─────────────────────────────────────────────────
+
+export async function signIn(formData: FormData): Promise<void> {
+  const email = (formData.get('email') as string)?.trim().toLowerCase();
+  const password = formData.get('password') as string;
+
+  if (!email || !password) {
+    throw new Error('Email and password are required');
+  }
+
+  // Look up user
+  const result = await db.users.where({ email }).first();
+  const user = (result.data ?? null) as User | null;
+
+  if (!user || !user.password_hash) {
+    throw new Error('Invalid email or password');
+  }
+
+  // Verify password
+  const secret = (env as any).AUTH_SECRET || '';
+  const isValid = await comparePassword(password, user.password_hash, secret);
+
+  if (!isValid) {
+    throw new Error('Invalid email or password');
+  }
+
+  // Create session token
+  const sessionToken = generateSessionToken();
+  const sessionTokenHash = await hashToken(sessionToken);
+
+  const now = new Date();
+  const expires = new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000); // 30 days
+
+  // Store session in DB
+  await db.session.insert({
+    sessionToken: sessionTokenHash,
+    userId: user.id,
+    expires: expires.getTime(),
+  });
+
+  // Build encrypted session cookie
+  const sessionCookie = await buildSessionCookie(
+    secret,
+    'default',
+    sessionTokenHash
+  );
+
+  // Set cookie on response
+  const auth = getAuth();
+  const setCookieHeader = auth.buildSetCookie('kuratchi_session', sessionCookie, {
+    expires,
+    httpOnly: true,
+    secure: true,
+    sameSite: 'lax',
+  });
+
+  const locals = auth.getLocals();
+  if (!locals.__setCookieHeaders) locals.__setCookieHeaders = [];
+  locals.__setCookieHeaders.push(setCookieHeader);
+
+  // Redirect to admin after successful login
+  locals.__redirectTo = '/admin';
+}
+
+// ── Sign Out ────────────────────────────────────────────────
+
+export async function signOut(formData: FormData): Promise<void> {
+  const auth = getAuth();
+  const sessionCookie = auth.getSessionCookie();
+
+  if (sessionCookie) {
+    const secret = (env as any).AUTH_SECRET || '';
+    const parsed = await parseSessionCookie(secret, sessionCookie);
+    if (parsed) {
+      await db.session.delete({ sessionToken: parsed.tokenHash });
+    }
+  }
+
+  // Clear cookie
+  const clearHeader = auth.buildClearCookie('kuratchi_session');
+  const locals = auth.getLocals();
+  if (!locals.__setCookieHeaders) locals.__setCookieHeaders = [];
+  locals.__setCookieHeaders.push(clearHeader);
+
+  // Redirect to login after sign out
+  locals.__redirectTo = '/auth/login';
+}
+
+// ── Get Current User ────────────────────────────────────────
+
+export async function getCurrentUser() {
+  const auth = getAuth();
+  const sessionCookie = auth.getSessionCookie();
+
+  if (!sessionCookie) return null;
+
+  const secret = (env as any).AUTH_SECRET || '';
+  const parsed = await parseSessionCookie(secret, sessionCookie);
+  if (!parsed) return null;
+
+  // Look up session in DB
+  const sessionResult = await db.session
+    .where({ sessionToken: parsed.tokenHash })
+    .first();
+  const session = (sessionResult.data ?? null) as any;
+
+  if (!session) return null;
+
+  // Check expiry
+  if (session.expires < Date.now()) {
+    await db.session.delete({ sessionToken: parsed.tokenHash });
+    return null;
+  }
+
+  // Look up user
+  const userResult = await db.users.where({ id: session.userId }).first();
+  const user = (userResult.data ?? null) as User | null;
+
+  if (!user) return null;
+
+  // Return safe user (no password_hash)
+  const { password_hash, ...safeUser } = user;
+  return safeUser;
+}
+`;
+}
+function genAdminLoader() {
+    return `import { getCurrentUser } from './auth';
+
+export { signOut } from './auth';
+
+export async function getAdminData() {
+  const user = await getCurrentUser();
+  return {
+    isAuthenticated: !!user,
+    user,
+    timestamp: new Date().toISOString(),
+  };
+}
+`;
+}
+function genLoginPage() {
+    return `<script>
+  import { signIn } from '$database/auth';
+  import AuthCard from '@kuratchi/ui/auth-card.html';
+</script>
+
+<AuthCard
+  title="Sign In"
+  subtitle="Welcome back — sign in to your account"
+  footerText="Don't have an account?"
+  footerLink="Sign up"
+  footerHref="/auth/signup"
+  error={__error}
+>
+  <form action={signIn} method="POST" class="kui-auth-form">
+    <div class="kui-field">
+      <label for="email">Email</label>
+      <input type="email" id="email" name="email" placeholder="you@example.com" required autocomplete="email" />
+    </div>
+    <div class="kui-field">
+      <label for="password">Password</label>
+      <input type="password" id="password" name="password" placeholder="••••••••" required autocomplete="current-password" minlength="8" />
+    </div>
+    <button type="submit" class="kui-button kui-button--primary kui-button--block kui-auth-submit">Sign In</button>
+  </form>
+</AuthCard>
+`;
+}
+function genSignupPage() {
+    return `<script>
+  import { signUp } from '$database/auth';
+  import AuthCard from '@kuratchi/ui/auth-card.html';
+</script>
+
+<AuthCard
+  title="Create Account"
+  subtitle="Sign up to get started"
+  footerText="Already have an account?"
+  footerLink="Sign in"
+  footerHref="/auth/login"
+  error={__error}
+>
+  <form action={signUp} method="POST" class="kui-auth-form">
+    <div class="kui-field">
+      <label for="name">Name</label>
+      <input type="text" id="name" name="name" placeholder="Your name" autocomplete="name" />
+    </div>
+    <div class="kui-field">
+      <label for="email">Email</label>
+      <input type="email" id="email" name="email" placeholder="you@example.com" required autocomplete="email" />
+    </div>
+    <div class="kui-field">
+      <label for="password">Password</label>
+      <input type="password" id="password" name="password" placeholder="••••••••" required autocomplete="new-password" minlength="8" />
+    </div>
+    <button type="submit" class="kui-button kui-button--primary kui-button--block kui-auth-submit">Create Account</button>
+  </form>
+</AuthCard>
+`;
+}
+function genAdminPage() {
+    return `<script>
+  import { getAdminData, signOut } from '$database/admin';
+  import Badge from '@kuratchi/ui/badge.html';
+  import Card from '@kuratchi/ui/card.html';
+  import DataList from '@kuratchi/ui/data-list.html';
+  import DataItem from '@kuratchi/ui/data-item.html';
+
+  const admin = await getAdminData();
+</script>
+
+if (!admin.isAuthenticated) {
+  <head>
+    <meta http-equiv="refresh" content="0;url=/auth/login" />
+  </head>
+  <p>Redirecting to login...</p>
+} else {
+  <header>
+    <div>
+      <h1>Admin Dashboard</h1>
+      <p>Welcome back, {admin.user.name || admin.user.email}</p>
+    </div>
+    <Badge variant="success">Authenticated</Badge>
+  </header>
+
+  <Card title="User Info">
+    <DataList>
+      <DataItem label="Email" value={admin.user.email} />
+      <DataItem label="Name" value={admin.user.name || '—'} />
+      <DataItem label="User ID" value={String(admin.user.id)} />
+      <DataItem label="Created" value={admin.user.created_at} />
+    </DataList>
+  </Card>
+
+  <Card title="Session">
+    <DataList>
+      <DataItem label="Timestamp" value={admin.timestamp} />
+    </DataList>
+  </Card>
+
+  <div style="display: flex; gap: 0.5rem; margin-top: 1rem;">
+    <a href="/" class="kui-button kui-button--outline">&larr; Back to Home</a>
+    <form action={signOut} method="POST" style="margin: 0;">
+      <button type="submit" class="kui-button kui-button--danger">Sign Out</button>
+    </form>
+  </div>
+}
+`;
+}