npm - @kya-os/create-mcpi-app - Versions diffs - 1.7.42-canary.4 → 1.7.42-canary.41 - Mend

@kya-os/create-mcpi-app 1.7.42-canary.4 → 1.7.42-canary.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/.turbo/turbo-build.log +1 -1
package/.turbo/turbo-test$colon$coverage.log +81 -127
package/.turbo/turbo-test.log +24 -56
package/dist/helpers/create.js +1 -0
package/dist/helpers/create.js.map +1 -1
package/dist/helpers/fetch-cloudflare-mcpi-template.d.ts +16 -6
package/dist/helpers/fetch-cloudflare-mcpi-template.d.ts.map +1 -1
package/dist/helpers/fetch-cloudflare-mcpi-template.js +472 -1037
package/dist/helpers/fetch-cloudflare-mcpi-template.js.map +1 -1
package/dist/helpers/fetch-mcpi-template.d.ts.map +1 -1
package/dist/helpers/fetch-mcpi-template.js +8 -4
package/dist/helpers/fetch-mcpi-template.js.map +1 -1
package/dist/index.js +11 -1
package/dist/index.js.map +1 -1
package/package.json +31 -67

package/dist/helpers/fetch-cloudflare-mcpi-template.js CHANGED Viewed

@@ -1,617 +1,105 @@
 import fs from "fs-extra";
 import path from "path";
 import chalk from "chalk";
+import { spawn } from "child_process";
+import crypto from "crypto";
 import { generateIdentity } from "./generate-identity.js";
 /**
- * Scaffold Cloudflare Worker MCP server
- * Uses McpAgent from agents/mcp for MCP protocol support
- */
-export async function fetchCloudflareMcpiTemplate(projectPath, options = {}) {
-    const { packageManager = "npm", projectName = path.basename(projectPath), apikey, projectId, skipIdentity = false, } = options;
-    // Sanitize project name for class names
-    let className = projectName
-        .replace(/[^a-zA-Z0-9]/g, "")
-        .replace(/^[0-9]/, "_$&");
-    // Fallback to prevent empty class names
-    if (!className || className.length === 0) {
-        className = "Project";
-    }
-    const pascalClassName = className.charAt(0).toUpperCase() + className.slice(1);
-    // Sanitize project name for wrangler.toml (alphanumeric, lowercase, dashes only)
-    let wranglerName = projectName
-        .toLowerCase()
-        .replace(/[^a-z0-9-]/g, "-") // Replace invalid chars with dashes
-        .replace(/-+/g, "-") // Replace multiple dashes with single dash
-        .replace(/^-|-$/g, ""); // Remove leading/trailing dashes
-    // Fallback to prevent empty wrangler names
-    if (!wranglerName || wranglerName.length === 0) {
-        wranglerName = "worker";
-    }
-    try {
-        // Create package.json
-        const packageJson = {
-            name: projectName,
-            version: "0.1.0",
-            private: true,
-            scripts: {
-                setup: "node scripts/setup.js",
-                postinstall: "npm run setup",
-                deploy: "wrangler deploy",
-                dev: "wrangler dev",
-                start: "wrangler dev",
-                "kv:create": "npm run kv:create-nonce && npm run kv:create-proof && npm run kv:create-identity && npm run kv:create-delegation && npm run kv:create-tool-protection",
-                "kv:create-nonce": `wrangler kv namespace create ${className.toUpperCase()}_NONCE_CACHE`,
-                "kv:create-proof": `wrangler kv namespace create ${className.toUpperCase()}_PROOF_ARCHIVE`,
-                "kv:create-identity": `wrangler kv namespace create ${className.toUpperCase()}_IDENTITY_STORAGE`,
-                "kv:create-delegation": `wrangler kv namespace create ${className.toUpperCase()}_DELEGATION_STORAGE`,
-                "kv:create-tool-protection": `wrangler kv namespace create ${className.toUpperCase()}_TOOL_PROTECTION_KV`,
-                "kv:list": "wrangler kv namespace list | grep -E '(NONCE|PROOF|IDENTITY|DELEGATION|TOOL_PROTECTION|MCPI)' || wrangler kv namespace list",
-                "kv:keys-nonce": `wrangler kv key list --binding=${className.toUpperCase()}_NONCE_CACHE`,
-                "kv:keys-proof": `wrangler kv key list --binding=${className.toUpperCase()}_PROOF_ARCHIVE`,
-                "kv:keys-identity": `wrangler kv key list --binding=${className.toUpperCase()}_IDENTITY_STORAGE`,
-                "kv:keys-delegation": `wrangler kv key list --binding=${className.toUpperCase()}_DELEGATION_STORAGE`,
-                "kv:keys-tool-protection": `wrangler kv key list --binding=${className.toUpperCase()}_TOOL_PROTECTION_KV`,
-                "kv:delete-nonce": `wrangler kv namespace delete --binding=${className.toUpperCase()}_NONCE_CACHE`,
-                "kv:delete-proof": `wrangler kv namespace delete --binding=${className.toUpperCase()}_PROOF_ARCHIVE`,
-                "kv:delete-identity": `wrangler kv namespace delete --binding=${className.toUpperCase()}_IDENTITY_STORAGE`,
-                "kv:delete-delegation": `wrangler kv namespace delete --binding=${className.toUpperCase()}_DELEGATION_STORAGE`,
-                "kv:delete-tool-protection": `wrangler kv namespace delete --binding=${className.toUpperCase()}_TOOL_PROTECTION_KV`,
-                "kv:delete": "npm run kv:delete-nonce && npm run kv:delete-proof && npm run kv:delete-identity && npm run kv:delete-delegation && npm run kv:delete-tool-protection",
-                "kv:reset": "npm run kv:delete && npm run kv:create",
-                "kv:setup": "echo 'KV Commands: kv:create (create all), kv:list (list all), kv:keys-* (view keys), kv:delete (delete all), kv:reset (delete+recreate)'",
-                "cf-typegen": "wrangler types",
-                "type-check": "tsc --noEmit",
-                test: "vitest",
-                "test:watch": "vitest --watch",
-                "test:coverage": "vitest run --coverage",
-            },
-            dependencies: {
-                "@kya-os/contracts": "^1.5.2-canary.5",
-                "@kya-os/mcp-i-cloudflare": "1.5.1-canary.5",
-                "@modelcontextprotocol/sdk": "^1.19.1",
-                agents: "^0.2.21", // Use latest version - constructor now only accepts 2 parameters
-                hono: "^4.9.10",
-                zod: "^3.25.76",
-            },
-            devDependencies: {
-                "@cloudflare/workers-types": "^4.20251109.0",
-                "@kya-os/create-mcpi-app": "^1.7.23",
-                "@vitest/coverage-v8": "^3.2.4",
-                miniflare: "^3.0.0",
-                typescript: "^5.6.2",
-                vitest: "^3.2.4",
-                wrangler: "^4.42.2",
-            },
-        };
-        fs.ensureDirSync(projectPath); // Ensure directory exists before writing
-        fs.writeJsonSync(path.join(projectPath, "package.json"), packageJson, {
-            spaces: 2,
-        });
-        // Create src directory and tools
-        const srcDir = path.join(projectPath, "src");
-        const toolsDir = path.join(srcDir, "tools");
-        fs.ensureDirSync(toolsDir);
-        // Create scripts directory
-        const scriptsDir = path.join(projectPath, "scripts");
-        fs.ensureDirSync(scriptsDir);
-        // Create setup.js automation script
-        const setupScriptContent = `#!/usr/bin/env node
-/**
- * Automated Setup Script for ${projectName}
- *
- * This script automates the tedious process of:
- * 1. Checking/installing wrangler
- * 2. Creating KV namespaces
- * 3. Extracting namespace IDs
- * 4. Updating wrangler.toml automatically
- * 5. Setting up local development environment
- */
-const { execSync } = require('child_process');
-const fs = require('fs');
-const path = require('path');
-const readline = require('readline');
-const rl = readline.createInterface({
-  input: process.stdin,
-  output: process.stdout
-});
-// Colors for terminal output
-const colors = {
-  reset: '\\x1b[0m',
-  bright: '\\x1b[1m',
-  green: '\\x1b[32m',
-  yellow: '\\x1b[33m',
-  blue: '\\x1b[36m',
-  red: '\\x1b[31m'
-};
-function log(message, color = colors.reset) {
-  console.log(color + message + colors.reset);
-}
-function skipToPostKVSetup() {
-  // Skip KV creation but continue with other setup steps
-  const devVarsPath = path.join(__dirname, '..', '.dev.vars');
-  const devVarsExamplePath = path.join(__dirname, '..', '.dev.vars.example');
-  // Create .dev.vars from example if it doesn't exist
-  if (!fs.existsSync(devVarsPath) && fs.existsSync(devVarsExamplePath)) {
-    log('\\n📋 Creating .dev.vars from example...', colors.blue);
-    fs.copyFileSync(devVarsExamplePath, devVarsPath);
-    log('✅ Created .dev.vars - Please update with your values', colors.green);
-  }
-  // Check if identity needs to be generated
-  if (fs.existsSync(devVarsPath)) {
-    const devVarsContent = fs.readFileSync(devVarsPath, 'utf-8');
-    if (devVarsContent.includes('your-private-key-here')) {
-      log('\\n🔑 Generating agent identity...', colors.blue);
-      try {
-        execSync('npx @kya-os/create-mcpi-app regenerate-identity', { stdio: 'inherit' });
-        log('✅ Identity generated successfully', colors.green);
-      } catch {
-        log('⚠️  Could not generate identity automatically. Run: npx @kya-os/create-mcpi-app regenerate-identity', colors.yellow);
-      }
-    }
-  }
-  // Show modified next steps
-  log('\\n✨ Setup partially complete! Next steps:\\n', colors.bright + colors.green);
-  log('1. Set your Cloudflare account ID (required for KV namespaces):', colors.blue);
-  log('   export CLOUDFLARE_ACCOUNT_ID=your-account-id', colors.reset);
-  log('   OR add to wrangler.toml: account_id = "your-account-id"\\n', colors.reset);
-  log('2. Create KV namespaces: npm run kv:create', colors.blue);
-  log('3. Review .dev.vars and add any missing values', colors.blue);
-  log('4. Start development server: npm run dev', colors.blue);
-  log('5. Deploy to production: npm run deploy', colors.blue);
-  log('\\nUseful commands:', colors.bright);
-  log('  npm run dev                    - Start local development server');
-  log('  npm run deploy                 - Deploy to Cloudflare Workers');
-  log('  npm run kv:list                - List all KV namespaces');
-  log('  wrangler secret put <KEY>      - Set production secrets');
-  log('\\nFor more information, see the README.md file.\\n');
-  rl.close();
-}
-async function setup() {
-  log('\\n🚀 Starting automated setup for ${projectName}...\\n', colors.bright + colors.blue);
-  // 1. Check wrangler installation
-  try {
-    const wranglerVersion = execSync('wrangler --version', { encoding: 'utf-8' });
-    log('✅ Wrangler CLI detected: ' + wranglerVersion.trim(), colors.green);
-  } catch {
-    log('📦 Wrangler CLI not found. Installing...', colors.yellow);
-    try {
-      execSync('npm install -g wrangler', { stdio: 'inherit' });
-      log('✅ Wrangler CLI installed successfully', colors.green);
-    } catch (error) {
-      log('❌ Failed to install Wrangler. Please install manually: npm install -g wrangler', colors.red);
-      process.exit(1);
-    }
-  }
-  // 2. Check if user is logged in to Cloudflare
-  try {
-    execSync('wrangler whoami', { encoding: 'utf-8' });
-    log('✅ Logged in to Cloudflare', colors.green);
-  } catch {
-    log('🔑 Please log in to Cloudflare:', colors.yellow);
-    try {
-      execSync('wrangler login', { stdio: 'inherit' });
-    } catch (error) {
-      log('❌ Login failed. Please run: wrangler login', colors.red);
-      process.exit(1);
-    }
-  }
-  // 2.5. Set up wrangler.toml path for later use
-  const wranglerTomlPath = path.join(__dirname, '..', 'wrangler.toml');
-  let wranglerContent = '';
-  try {
-    wranglerContent = fs.readFileSync(wranglerTomlPath, 'utf-8');
-  } catch (error) {
-    log('⚠️  Could not read wrangler.toml', colors.yellow);
-  }
-  // 3. Create KV namespaces
-  log('\\n📚 Creating KV namespaces...\\n', colors.bright);
-  const namespaces = [
-    { binding: '${className.toUpperCase()}_NONCE_CACHE', name: 'Nonce Cache', purpose: 'Replay attack prevention' },
-    { binding: '${className.toUpperCase()}_PROOF_ARCHIVE', name: 'Proof Archive', purpose: 'Cryptographic proof storage' },
-    { binding: '${className.toUpperCase()}_IDENTITY_STORAGE', name: 'Identity Storage', purpose: 'Agent identity persistence' },
-    { binding: '${className.toUpperCase()}_DELEGATION_STORAGE', name: 'Delegation Storage', purpose: 'OAuth token storage' },
-    { binding: '${className.toUpperCase()}_TOOL_PROTECTION_KV', name: 'Tool Protection', purpose: 'Permission caching' }
-  ];
-  const kvIds = {};
-  let multipleAccountsDetected = false;
-  for (const ns of namespaces) {
-    // If we already detected multiple accounts, skip remaining namespaces
-    if (multipleAccountsDetected) {
-      break;
-    }
-    log(\`Creating \${ns.name} (\${ns.purpose})...\`, colors.blue);
-    // First, check if namespace already exists
-    let existingNamespace = null;
-    try {
-      const listOutput = execSync('wrangler kv namespace list', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
-      try {
-        const allNamespaces = JSON.parse(listOutput);
-        existingNamespace = allNamespaces.find(n => n.title === ns.binding);
-      } catch (parseError) {
-        // Fallback to regex if JSON parsing fails
-        const existingMatch = listOutput.match(new RegExp(\`"title":\\s*"\${ns.binding}"[^}]*"id":\\s*"([^"]+)"\`));
-        if (existingMatch && existingMatch[1]) {
-          existingNamespace = { id: existingMatch[1], title: ns.binding };
-        }
-      }
-    } catch (listError) {
-      // If we can't list namespaces, continue to try creating
-    }
-    if (existingNamespace && existingNamespace.id) {
-      kvIds[ns.binding] = existingNamespace.id;
-      log(\`  ✅ Using existing namespace with ID: \${existingNamespace.id}\`, colors.green);
-      continue;
-    }
-    // Namespace doesn't exist, try to create it
-    try {
-      // Suppress stderr to avoid noisy error messages
-      const output = execSync(\`wrangler kv namespace create "\${ns.binding}"\`, {
-        encoding: 'utf-8',
-        stdio: ['pipe', 'pipe', 'pipe']
-      });
-      // Extract the ID from output
-      const idMatch = output.match(/id = "([^"]+)"/);
-      if (idMatch && idMatch[1]) {
-        kvIds[ns.binding] = idMatch[1];
-        log(\`  ✅ Created with ID: \${idMatch[1]}\`, colors.green);
-      } else {
-        log(\`  ⚠️  Created but could not extract ID. Checking existing namespaces...\`, colors.yellow);
-        // Fallback: try to find it in the list
-        const listOutput = execSync('wrangler kv namespace list', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
-        try {
-          const allNamespaces = JSON.parse(listOutput);
-          const found = allNamespaces.find(n => n.title === ns.binding);
-          if (found && found.id) {
-            kvIds[ns.binding] = found.id;
-            log(\`  ✅ Found ID: \${found.id}\`, colors.green);
-          }
-        } catch {
-          // Ignore parse errors
-        }
-      }
-    } catch (error) {
-      const errorMessage = error.message || error.toString();
-      const errorOutput = error.stdout || error.stderr || '';
-      // Check if this is a multiple accounts error
-      if (errorMessage.includes('More than one account') || errorMessage.includes('multiple accounts') || errorOutput.includes('More than one account')) {
-        multipleAccountsDetected = true;
-        log('\\n⚠️  Multiple Cloudflare accounts detected!\\n', colors.yellow);
-        log('Wrangler cannot automatically select an account in non-interactive mode.\\n', colors.yellow);
-        log('To fix this, choose one of these options:\\n', colors.bright);
-        log('Option 1: Set environment variable (recommended):', colors.blue);
-        log('  export CLOUDFLARE_ACCOUNT_ID=your-account-id', colors.reset);
-        log('  npm run setup\\n', colors.reset);
-        log('Option 2: Add to wrangler.toml (permanent):', colors.blue);
-        log('  Edit wrangler.toml and add:', colors.reset);
-        log('  account_id = "your-account-id"\\n', colors.reset);
-        log('Find your account IDs in the error above or run:', colors.blue);
-        log('  wrangler whoami\\n', colors.reset);
-        log('⏭️  Skipping remaining KV namespace creation.', colors.yellow);
-        log('After setting account_id, run: npm run setup\\n', colors.yellow);
-        break;
-      }
-      // Check if namespace already exists (common case - suppress noisy error)
-      if (errorMessage.includes('already exists') || errorOutput.includes('already exists') || errorOutput.includes('code: 10014')) {
-        // Try to get the existing namespace ID
-        try {
-          const listOutput = execSync('wrangler kv namespace list', { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
-          try {
-            const allNamespaces = JSON.parse(listOutput);
-            const found = allNamespaces.find(n => n.title === ns.binding);
-            if (found && found.id) {
-              kvIds[ns.binding] = found.id;
-              log(\`  ✅ Using existing namespace with ID: \${found.id}\`, colors.green);
-            } else {
-              log(\`  ⚠️  Namespace exists but could not find ID. You may need to add it manually.\`, colors.yellow);
-            }
-          } catch (parseError) {
-            // Fallback to regex
-            const existingMatch = listOutput.match(new RegExp(\`"title":\\s*"\${ns.binding}"[^}]*"id":\\s*"([^"]+)"\`));
-            if (existingMatch && existingMatch[1]) {
-              kvIds[ns.binding] = existingMatch[1];
-              log(\`  ✅ Using existing namespace with ID: \${existingMatch[1]}\`, colors.green);
-            } else {
-              log(\`  ⚠️  Namespace exists but could not find ID. You may need to add it manually.\`, colors.yellow);
-            }
-          }
-        } catch (listError) {
-          log(\`  ⚠️  Namespace may already exist. Run 'wrangler kv namespace list' to verify.\`, colors.yellow);
-        }
-      } else {
-        // Some other error occurred
-        log(\`  ❌ Failed to create \${ns.binding}\`, colors.red);
-        log(\`     Error: \${errorMessage}\`, colors.red);
-      }
-    }
-  }
-  // If multiple accounts detected, skip to post-KV setup
-  if (multipleAccountsDetected) {
-    return skipToPostKVSetup();
-  }
-  // 4. Update wrangler.toml with KV IDs
-  if (Object.keys(kvIds).length > 0) {
-    log('\\n📝 Updating wrangler.toml with KV namespace IDs...\\n', colors.bright);
-    try {
-      wranglerContent = fs.readFileSync(wranglerTomlPath, 'utf-8');
-      let updatedCount = 0;
-      for (const [binding, id] of Object.entries(kvIds)) {
-        // Match pattern: binding = "BINDING_NAME"\\nid = "anything" (including placeholders)
-        const pattern = new RegExp(\`(binding = "\${binding}")\\\\s*\\\\nid = "[^"]*"\`, 'g');
-        const replacement = \`$1\\nid = "\${id}"\`;
-        const newContent = wranglerContent.replace(pattern, replacement);
-        if (newContent !== wranglerContent) {
-          updatedCount++;
-          log(\`  ✅ Updated \${binding} with ID: \${id}\`, colors.green);
-        }
-        wranglerContent = newContent;
-      }
-      fs.writeFileSync(wranglerTomlPath, wranglerContent);
-      log(\`\\n✅ Updated \${updatedCount} namespace ID(s) in wrangler.toml\`, colors.green);
-      // Show remaining placeholder IDs if any
-      const placeholderMatches = wranglerContent.match(/binding = "[^"]+"\\s*\\nid = "your_[^"]+"/g);
-      if (placeholderMatches) {
-        log('\\n⚠️  Some namespace IDs still have placeholders:', colors.yellow);
-        placeholderMatches.forEach(match => {
-          const bindingMatch = match.match(/binding = "([^"]+)"/);
-          if (bindingMatch) {
-            log(\`  - \${bindingMatch[1]}\`, colors.yellow);
-          }
-        });
-      }
-    } catch (error) {
-      log(\`❌ Failed to update wrangler.toml: \${error.message}\`, colors.red);
-    }
-  }
-  // 5. Create .dev.vars from example if it doesn't exist
-  const devVarsPath = path.join(__dirname, '..', '.dev.vars');
-  const devVarsExamplePath = path.join(__dirname, '..', '.dev.vars.example');
-  if (!fs.existsSync(devVarsPath) && fs.existsSync(devVarsExamplePath)) {
-    log('\\n📋 Creating .dev.vars from example...', colors.blue);
-    fs.copyFileSync(devVarsExamplePath, devVarsPath);
-    log('✅ Created .dev.vars - Please update with your values', colors.green);
-  }
-  // 6. Check if identity needs to be generated
-  if (fs.existsSync(devVarsPath)) {
-    const devVarsContent = fs.readFileSync(devVarsPath, 'utf-8');
-    if (devVarsContent.includes('your-private-key-here')) {
-      log('\\n🔑 Generating agent identity...', colors.blue);
-      try {
-        execSync('npx @kya-os/create-mcpi-app regenerate-identity', { stdio: 'inherit' });
-        log('✅ Identity generated successfully', colors.green);
-      } catch {
-        log('⚠️  Could not generate identity automatically. Run: npx @kya-os/create-mcpi-app regenerate-identity', colors.yellow);
-      }
-    }
-  }
-  // 7. Show next steps
-  log('\\n✨ Setup complete! Next steps:\\n', colors.bright + colors.green);
-  log('1. Review .dev.vars and add any missing values (AgentShield API key, etc.)', colors.blue);
-  log('2. Start development server: npm run dev', colors.blue);
-  log('3. Deploy to production: npm run deploy', colors.blue);
-  log('\\nUseful commands:', colors.bright);
-  log('  npm run dev                    - Start local development server');
-  log('  npm run deploy                 - Deploy to Cloudflare Workers');
-  log('  npm run kv:list                - List all KV namespaces');
-  log('  wrangler secret put <KEY>      - Set production secrets');
-  log('\\nFor more information, see the README.md file.\\n');
-  rl.close();
-}
-// Handle errors gracefully
-process.on('unhandledRejection', (error) => {
-  log(\`\\n❌ Setup failed: \${error.message}\`, colors.red);
-  process.exit(1);
-});
-// Run the setup
-setup().catch((error) => {
-  log(\`\\n❌ Setup failed: \${error.message}\`, colors.red);
-  process.exit(1);
-});
-`;
-        fs.writeFileSync(path.join(scriptsDir, "setup.js"), setupScriptContent);
-        // Make setup script executable
-        if (process.platform !== "win32") {
-            fs.chmodSync(path.join(scriptsDir, "setup.js"), "755");
-        }
-        // Note: Tests directory is not created by default
-        // Users can add their own tests as needed
-        // Create greet tool
-        const greetToolContent = `import { z } from "zod";
-/**
- * Greet Tool - Example MCP tool with AgentShield integration
- *
- * This tool demonstrates proper scopeId configuration for tool auto-discovery.
+ * Fetches the Cloudflare MCP-I template
  *
- * Configure the corresponding scope in mcpi-runtime-config.ts:
- * \`\`\`typescript
- * toolProtections: {
- *   greet: {
- *     requiresDelegation: false,
- *     requiredScopes: ["greet:execute"],  // ← This becomes the scopeId in proofs
- *   }
- * }
- * \`\`\`
- *
- * The scopeId format is "toolName:action":
- * - Tool name: "greet" (extracted before the ":")
- * - Action: "execute" (extracted after the ":")
- * - Risk level: Auto-determined from action keyword (execute = high)
- *
- * Other scopeId examples:
- * - "files:read" → Medium risk
- * - "files:write" → High risk
- * - "database:delete" → Critical risk
+ * Generates a complete project structure:
+ * - package.json with all scripts
+ * - wrangler.toml with all KV namespaces configured
+ * - .dev.vars with all secrets
+ * - src/index.ts
+ * - src/agent.ts
+ * - src/tools/greet.ts
+ * - src/mcpi-runtime-config.ts
+ * - scripts/setup.js for KV namespace creation and key regeneration
+ * - Automatically runs setup to create KV namespaces
  */
-export const greetTool = {
-  name: "greet",
-  description: "Greet a user by name",
-  inputSchema: z.object({
-    name: z.string().describe("The name of the user to greet")
-  }),
-  handler: async ({ name }: { name: string }) => {
-    return {
-      content: [
-        {
-          type: "text" as const,
-          text: \`Hello, \${name}! Welcome to your Cloudflare MCP server.\`
+export async function fetchCloudflareMcpiTemplate(targetDir, options) {
+    // Handle legacy string argument (projectName) for backward compatibility
+    const opts = typeof options === 'string'
+        ? { packageManager: 'npm', projectName: options }
+        : options;
+    const { projectName, apikey, projectId, packageManager } = opts;
+    const projectNameUpper = projectName.toUpperCase().replace(/-/g, '_');
+    console.log(chalk.blue(`\n🏗️  Generating Cloudflare MCP-I project: ${projectName}...`));
+    // 1. Create directory structure
+    await fs.ensureDir(path.join(targetDir, "src"));
+    await fs.ensureDir(path.join(targetDir, "src/tools"));
+    await fs.ensureDir(path.join(targetDir, "scripts"));
+    // 2. Generate Identity (Keys & DID)
+    console.log(chalk.blue("🔑 Generating cryptographic identity..."));
+    const identity = await generateIdentity();
+    // 3. Create package.json with all scripts
+    const packageJson = {
+        name: projectName,
+        version: "0.1.0",
+        private: true,
+        scripts: {
+            deploy: "wrangler deploy",
+            dev: "wrangler dev",
+            start: "wrangler dev",
+            test: "vitest",
+            "cf-typegen": "wrangler types",
+            "setup": "node scripts/setup.js",
+            "kv:create-nonce": `wrangler kv:namespace create ${projectNameUpper}_NONCE_CACHE`,
+            "kv:create-proof": `wrangler kv:namespace create ${projectNameUpper}_PROOF_ARCHIVE`,
+            "kv:create-identity": `wrangler kv:namespace create ${projectNameUpper}_IDENTITY_STORAGE`,
+            "kv:create-delegation": `wrangler kv:namespace create ${projectNameUpper}_DELEGATION_STORAGE`,
+            "kv:create-tool-protection": `wrangler kv:namespace create ${projectNameUpper}_TOOL_PROTECTION_KV`
+        },
+        dependencies: {
+            "@kya-os/mcp-i-cloudflare": "^1.5.8-canary.49",
+            "@modelcontextprotocol/sdk": "^0.6.0",
+            "agents": "^0.2.21",
+            "hono": "^4.6.3"
+        },
+        devDependencies: {
+            "@cloudflare/vitest-pool-workers": "^0.5.2",
+            "@cloudflare/workers-types": "^4.20240925.0",
+            "@types/node": "^20.8.3",
+            "typescript": "^5.5.2",
+            "vitest": "2.0.5",
+            "wrangler": "^3.78.12"
         }
-      ]
     };
-  }
-};
-`;
-        fs.writeFileSync(path.join(toolsDir, "greet.ts"), greetToolContent);
-        // Create mcpi-runtime-config.ts for AgentShield integration
-        const runtimeConfigContent = `import type { CloudflareRuntimeConfig } from '@kya-os/mcp-i-cloudflare/config';
-import type { CloudflareEnv } from '@kya-os/mcp-i-cloudflare';
-import { defineConfig } from '@kya-os/mcp-i-cloudflare';
-/**
- * Runtime configuration for MCP-I server
- *
- * This file configures runtime features like proof submission to AgentShield,
- * delegation verification, and audit logging.
- *
- * Environment variables are automatically injected from wrangler.toml (Cloudflare)
- * or .env (Node.js). Configure them there:
- * - AGENTSHIELD_API_URL: AgentShield API base URL
- * - AGENTSHIELD_API_KEY: Your AgentShield API key
- * - AGENTSHIELD_PROJECT_ID: Your AgentShield project ID (optional but recommended)
- * - MCPI_ENV: "development" or "production"
- *
- * Tool Protection:
- * - Automatically enabled if AGENTSHIELD_API_KEY and TOOL_PROTECTION_KV are set
- * - Fetches tool protection config from AgentShield API by project ID
- * - Caches config for 5 minutes to minimize API calls
- * - Falls back to local config if API is unavailable
- * - Configure delegation requirements in AgentShield dashboard
- */
-export function getRuntimeConfig(env: CloudflareEnv): CloudflareRuntimeConfig {
-  return defineConfig({
-    // Only specify overrides - defaults are handled automatically
-    vars: {
-      ENVIRONMENT: env.ENVIRONMENT || env.MCPI_ENV || 'development',
-      AGENTSHIELD_API_KEY: env.AGENTSHIELD_API_KEY,
-      AGENTSHIELD_API_URL: env.AGENTSHIELD_API_URL,
-    },
-    // Tool protection is automatically enabled by defineConfig if AGENTSHIELD_API_KEY is present
-    // You can override by explicitly setting toolProtection here
-    // Admin endpoints: automatically enabled by defineConfig if AGENTSHIELD_API_KEY is present
-    // Uses AGENTSHIELD_API_KEY for authentication (same as tool protection)
-    // No need to explicitly set admin - defineConfig handles it automatically
-    // admin: {
-    //   enabled: true,  // Auto-enabled by defineConfig when AGENTSHIELD_API_KEY is present
-    //   apiKey: env.ADMIN_API_KEY || env.AGENTSHIELD_API_KEY,
-    // },
-  });
-}
-`;
-        fs.writeFileSync(path.join(srcDir, "mcpi-runtime-config.ts"), runtimeConfigContent);
-        // Create main index.ts using MCPICloudflareServer
-        const indexContent = `import { MCPICloudflareAgent, createMCPIApp, type PrefixedCloudflareEnv } from "@kya-os/mcp-i-cloudflare";
-import { greetTool } from "./tools/greet";
-import { getRuntimeConfig } from "./mcpi-runtime-config";
-/**
- * Extended CloudflareEnv with prefixed KV bindings for multi-agent deployments
- */
-interface MyPrefixedCloudflareEnv extends PrefixedCloudflareEnv {
-  ${className.toUpperCase()}_NONCE_CACHE?: KVNamespace;
-  ${className.toUpperCase()}_PROOF_ARCHIVE?: KVNamespace;
-  ${className.toUpperCase()}_IDENTITY_STORAGE?: KVNamespace;
-  ${className.toUpperCase()}_DELEGATION_STORAGE?: KVNamespace;
-  ${className.toUpperCase()}_TOOL_PROTECTION_KV?: KVNamespace;
-}
+    await fs.writeJson(path.join(targetDir, "package.json"), packageJson, {
+        spaces: 2,
+    });
+    // 4. Create .dev.vars with ALL secrets
+    const devVarsContent = `# Secrets for local development
+# Generated by create-mcpi-app
+# Agent Identity (DO NOT COMMIT THIS FILE)
+MCP_IDENTITY_PRIVATE_KEY="${identity.privateKey}"
-/**
- * Your custom MCP agent - only define your tools here!
- * All framework complexity (runtime initialization, proof generation, etc.) is handled automatically.
- */
-export class ${pascalClassName}MCP extends MCPICloudflareAgent {
-  async registerTools() {
-    // Register your custom tools - proofs are generated automatically
-    this.server.tool(
-      greetTool.name,
-      greetTool.description,
-      greetTool.inputSchema.shape,
-      async (args: { name: string }) => {
-        return this.executeToolWithProof(
-          greetTool.name,
-          args,
-          greetTool.handler
-        );
-      }
-    );
-  }
-}
+# AgentShield Configuration
+${apikey ? `AGENTSHIELD_API_KEY="${apikey}"` : '# AGENTSHIELD_API_KEY="sk_YOUR_API_KEY_HERE"'}
-// Create and export the app - all routing is handled automatically
-export default createMCPIApp({
-  AgentClass: ${pascalClassName}MCP,
-  agentName: "${projectName}",
-  agentVersion: "1.0.0",
-  envPrefix: "${className.toUpperCase()}",
-  getRuntimeConfig,
-});
+# Admin API Key for cache management (OPTIONAL)
+# If not provided, falls back to AGENTSHIELD_API_KEY
+# Only set this if you need a separate admin key for security
+# ADMIN_API_KEY="${generateAdminApiKey()}"
 `;
-        fs.writeFileSync(path.join(srcDir, "index.ts"), indexContent);
-        const wranglerContent = `#:schema node_modules/wrangler/config-schema.json
-name = "${wranglerName}"
+    await fs.writeFile(path.join(targetDir, ".dev.vars"), devVarsContent);
+    // 5. Create wrangler.toml with all KV namespaces (placeholders initially)
+    const wranglerToml = `#:schema node_modules/wrangler/config-schema.json
+name = "${projectName}"
 main = "src/index.ts"
-compatibility_date = "2025-06-18"
+compatibility_date = "2024-09-25"
 compatibility_flags = ["nodejs_compat"]
+# Durable Object binding for MCP Agent state
 [[durable_objects.bindings]]
 name = "MCP_OBJECT"
-class_name = "${pascalClassName}MCP"
+class_name = "${toPascalCase(projectName)}MCP"
 [[migrations]]
 tag = "v1"
-new_sqlite_classes = ["${pascalClassName}MCP"]
+new_classes = ["${toPascalCase(projectName)}MCP"]
 # Cron trigger for proof batch queue flushing (OPTIONAL - CURRENTLY DISABLED)
 #
@@ -640,8 +128,8 @@ new_sqlite_classes = ["${pascalClassName}MCP"]
 # This namespace is automatically created by the setup script (npm run setup)
 # If you need to recreate it: npm run kv:create-nonce
 [[kv_namespaces]]
-binding = "${className.toUpperCase()}_NONCE_CACHE"
-id = "your_nonce_kv_namespace_id"  # Auto-filled by setup script
+binding = "${projectNameUpper}_NONCE_CACHE"
+id = "TODO_REPLACE_WITH_ID"  # Auto-filled by setup script
 # KV Namespace for proof archive (RECOMMENDED for auditability)
 #
@@ -652,8 +140,8 @@ id = "your_nonce_kv_namespace_id"  # Auto-filled by setup script
 #
 # Note: Comment out if you don't need proof archiving
 [[kv_namespaces]]
-binding = "${className.toUpperCase()}_PROOF_ARCHIVE"
-id = "your_proof_kv_namespace_id"  # Auto-filled by setup script
+binding = "${projectNameUpper}_PROOF_ARCHIVE"
+id = "TODO_REPLACE_WITH_ID"  # Auto-filled by setup script
 # KV Namespace for identity storage (RECOMMENDED for persistent agent identity)
 #
@@ -662,8 +150,8 @@ id = "your_proof_kv_namespace_id"  # Auto-filled by setup script
 # This namespace is automatically created by the setup script (npm run setup)
 # If you need to recreate it: npm run kv:create-identity
 [[kv_namespaces]]
-binding = "${className.toUpperCase()}_IDENTITY_STORAGE"
-id = "your_identity_kv_namespace_id"  # Auto-filled by setup script
+binding = "${projectNameUpper}_IDENTITY_STORAGE"
+id = "TODO_REPLACE_WITH_ID"  # Auto-filled by setup script
 # KV Namespace for delegation storage (REQUIRED for OAuth/delegation flows)
 #
@@ -672,10 +160,10 @@ id = "your_identity_kv_namespace_id"  # Auto-filled by setup script
 # This namespace is automatically created by the setup script (npm run setup)
 # If you need to recreate it: npm run kv:create-delegation
 [[kv_namespaces]]
-binding = "${className.toUpperCase()}_DELEGATION_STORAGE"
-id = "your_delegation_kv_namespace_id"  # Auto-filled by setup script
+binding = "${projectNameUpper}_DELEGATION_STORAGE"
+id = "TODO_REPLACE_WITH_ID"  # Auto-filled by setup script
-# KV Namespace for tool protection config (${apikey ? "ENABLED" : "OPTIONAL"} for dashboard-controlled delegation)
+# KV Namespace for tool protection config (ENABLED for dashboard-controlled delegation)
 #
 # 🆕 Enables dynamic tool protection configuration from AgentShield dashboard
 # Caches which tools require user delegation based on dashboard toggle switches
@@ -693,490 +181,437 @@ id = "your_delegation_kv_namespace_id"  # Auto-filled by setup script
 # Note: This namespace is REQUIRED when using AgentShield API key (--apikey)
 #       It will be automatically created by the setup script (npm run setup)
 [[kv_namespaces]]
-binding = "${className.toUpperCase()}_TOOL_PROTECTION_KV"
-id = "your_tool_protection_kv_id"  # Auto-filled by setup script
+binding = "${projectNameUpper}_TOOL_PROTECTION_KV"
+id = "TODO_REPLACE_WITH_ID"  # Auto-filled by setup script
 [vars]
+# Agent DID (public identifier - safe to commit)
+MCP_IDENTITY_AGENT_DID = "${identity.did}"
+# Public identity key (safe to commit - not sensitive)
+MCP_IDENTITY_PUBLIC_KEY = "${identity.publicKey}"
+# Private identity key (SECRET - NOT declared here)
+# For local development: Add to .dev.vars file
+# For production: Use wrangler secret put MCP_IDENTITY_PRIVATE_KEY
+# ALLOWED_ORIGINS for CORS (update for production)
+ALLOWED_ORIGINS = "https://claude.ai,https://app.anthropic.com"
+# DO routing strategy: "session" for dev, "shard" for production high-load
+DO_ROUTING_STRATEGY = "session"
+DO_SHARD_COUNT = "10"  # Number of shards if using shard strategy
 XMCP_I_TS_SKEW_SEC = "120"
 XMCP_I_SESSION_TTL = "1800"
 # AgentShield Integration (https://kya.vouched.id)
 AGENTSHIELD_API_URL = "https://kya.vouched.id"
 # AGENTSHIELD_PROJECT_ID - Your project ID from AgentShield dashboard (e.g., "batman-txh0ae")
 #   Required for project-scoped tool protection configuration (recommended)
 #   Find it in your dashboard URL: https://kya.vouched.id/dashboard/projects/{PROJECT_ID}
 #   Or in your project settings
 #   This is not sensitive, so it's safe to keep a value here
-AGENTSHIELD_PROJECT_ID = "${projectId || ""}"
+${projectId ? `AGENTSHIELD_PROJECT_ID = "${projectId}"` : '# AGENTSHIELD_PROJECT_ID = "your-project-id"'}
 MCPI_ENV = "development"
 # Secrets (NOT declared here - see instructions below)
 # For local development: Add secrets to .dev.vars file
 # For production: Use wrangler secret put COMMAND_NAME
+#
+# Required secrets:
 #   $ wrangler secret put MCP_IDENTITY_PRIVATE_KEY
-#   $ wrangler secret put AGENTSHIELD_API_KEY
-#   $ wrangler secret put ADMIN_API_KEY
+#
+# Optional secrets (recommended for production):
+#   $ wrangler secret put AGENTSHIELD_API_KEY  # For AgentShield integration
+#
+# Optional secrets (advanced):
+#   $ wrangler secret put ADMIN_API_KEY        # For cache management endpoints
+#                                              # Falls back to AGENTSHIELD_API_KEY if not set
+#
 # Note: .dev.vars is git-ignored and contains actual secret values for local dev
 # Optional: MCP Server URL for tool discovery and consent page generation
 # Uncomment to explicitly set your MCP server URL (auto-detected from request origin if not set)
 # IMPORTANT: Use base URL WITHOUT /mcp suffix (e.g., "https://your-worker.workers.dev")
 # The consent pages are at /consent, not /mcp/consent
-# MCP_SERVER_URL = "https://your-worker.workers.dev"
+# MCP_SERVER_URL = "https://${projectName}.YOUR-SUBDOMAIN.workers.dev"
 `;
-        fs.writeFileSync(path.join(projectPath, "wrangler.toml"), wranglerContent);
-        // Generate persistent identity for Cloudflare Worker
-        if (!skipIdentity) {
-            try {
-                const identity = await generateIdentity();
-                // Logs removed - identity generation is silent
-                // Read existing wrangler.toml
-                const wranglerPath = path.join(projectPath, "wrangler.toml");
-                let wranglerTomlContent = fs.readFileSync(wranglerPath, "utf8");
-                // Find [vars] section and add identity environment variables
-                // Add ALL identity variables (empty values will be overridden by .dev.vars)
-                const varsMatch = wranglerTomlContent.match(/\[vars\]/);
-                if (varsMatch) {
-                    const insertPosition = varsMatch.index + varsMatch[0].length;
-                    const identityVars = `
-# Agent DID (public identifier - safe to commit)
-MCP_IDENTITY_AGENT_DID = "${identity.did}"
-# Public identity key (safe to commit - not sensitive)
-MCP_IDENTITY_PUBLIC_KEY = "${identity.publicKey}"
-# Private identity key (SECRET - NOT declared here)
-# For local development: Add to .dev.vars file
-# For production: Use wrangler secret put MCP_IDENTITY_PRIVATE_KEY
-# ALLOWED_ORIGINS for CORS (update for production)
-ALLOWED_ORIGINS = "https://claude.ai,https://app.anthropic.com"
-# DO routing strategy: "session" for dev, "shard" for production high-load
-DO_ROUTING_STRATEGY = "session"
-DO_SHARD_COUNT = "10"  # Number of shards if using shard strategy
+    await fs.writeFile(path.join(targetDir, "wrangler.toml"), wranglerToml);
+    // 6. Create src/index.ts (Entry Point)
+    const indexTs = `import { createMCPICloudflareAdapter } from "@kya-os/mcp-i-cloudflare";
+import { ${toPascalCase(projectName)}Agent } from "./agent";
+import config from "./mcpi-runtime-config";
+// Create the adapter
+const adapter = createMCPICloudflareAdapter({
+  agent: ${toPascalCase(projectName)}Agent,
+  env: {} as any, // Will be injected by Cloudflare
+  serverInfo: {
+    name: "${projectName}",
+    version: "1.0.0",
+  },
+  tools: config.tools, // Pass tools from config
+});
+// Export the fetch handler and Durable Object
+export default adapter;
+export { ${toPascalCase(projectName)}MCP } from "./agent";
 `;
-                    // Remove any secret declarations from [vars] (they should not be here)
-                    // Secrets go in .dev.vars for local dev, wrangler secret put for production
-                    wranglerTomlContent = wranglerTomlContent.replace(/^\s*MCP_IDENTITY_PRIVATE_KEY\s*=.*$/gm, `# MCP_IDENTITY_PRIVATE_KEY - SECRET (not declared here, see .dev.vars or wrangler secret put)`);
-                    wranglerTomlContent = wranglerTomlContent.replace(/^\s*AGENTSHIELD_API_KEY\s*=.*$/gm, `# AGENTSHIELD_API_KEY - SECRET (not declared here, see .dev.vars or wrangler secret put)`);
-                    wranglerTomlContent = wranglerTomlContent.replace(/^\s*ADMIN_API_KEY\s*=.*$/gm, `# ADMIN_API_KEY - SECRET (not declared here, see .dev.vars or wrangler secret put)`);
-                    // Update public key if it exists (safe to keep in [vars])
-                    if (/MCP_IDENTITY_PUBLIC_KEY\s*=/.test(wranglerTomlContent)) {
-                        wranglerTomlContent = wranglerTomlContent.replace(/MCP_IDENTITY_PUBLIC_KEY\s*=\s*"[^"]*"/, `MCP_IDENTITY_PUBLIC_KEY = "${identity.publicKey}"`);
-                    }
-                    // Update AGENTSHIELD_PROJECT_ID if it exists and projectId is provided
-                    // This is safe to keep a value since it's not sensitive
-                    if (projectId &&
-                        /AGENTSHIELD_PROJECT_ID\s*=/.test(wranglerTomlContent)) {
-                        wranglerTomlContent = wranglerTomlContent.replace(/AGENTSHIELD_PROJECT_ID\s*=\s*"[^"]*"/, `AGENTSHIELD_PROJECT_ID = "${projectId}"`);
-                    }
-                    // Check if non-secret variables already exist in wrangler.toml
-                    const hasIdentityDid = /MCP_IDENTITY_AGENT_DID\s*=/.test(wranglerTomlContent);
-                    const hasIdentityPublicKey = /MCP_IDENTITY_PUBLIC_KEY\s*=/.test(wranglerTomlContent);
-                    // Only insert identity vars if they don't already exist
-                    const needsInsertion = !hasIdentityDid || !hasIdentityPublicKey;
-                    if (needsInsertion) {
-                        wranglerTomlContent =
-                            wranglerTomlContent.slice(0, insertPosition) +
-                                identityVars +
-                                wranglerTomlContent.slice(insertPosition);
-                    }
-                    // Write updated wrangler.toml (without secrets)
-                    fs.writeFileSync(wranglerPath, wranglerTomlContent);
-                    // Create .dev.vars file for local development (git-ignored)
-                    // Only contains SECRETS (not public keys or project IDs)
-                    const devVarsPath = path.join(projectPath, ".dev.vars");
-                    const devVarsContent = `# Local development secrets (DO NOT COMMIT)
-# This file is git-ignored and contains sensitive data
-#
-# HOW IT WORKS:
-# 1. Secrets are NOT declared in wrangler.toml [vars] (avoids conflicts)
-# 2. This file (.dev.vars) provides secrets for local development
-# 3. Production uses: wrangler secret put VARIABLE_NAME
-#
-# Non-secrets (MCP_IDENTITY_PUBLIC_KEY, AGENTSHIELD_PROJECT_ID) are in wrangler.toml
+    await fs.writeFile(path.join(targetDir, "src/index.ts"), indexTs);
+    // 7. Create src/agent.ts (Agent Class)
+    const agentTs = `import { MCPICloudflareAgent } from "@kya-os/mcp-i-cloudflare";
+import config from "./mcpi-runtime-config";
+import type { Tool } from "@modelcontextprotocol/sdk/types.js";
-# Private identity key (generated by create-mcpi-app)
-MCP_IDENTITY_PRIVATE_KEY="${identity.privateKey}"
+/**
+ * MCP-I Agent Implementation
+ */
+export class ${toPascalCase(projectName)}Agent extends MCPICloudflareAgent {
+  /**
+   * Get tools definition from runtime config
+   */
+  protected getTools(): Tool[] {
+    return config.tools || [];
+  }
-# AgentShield API key (get from https://kya.vouched.id/dashboard)
-AGENTSHIELD_API_KEY="${apikey || ""}"${apikey ? "  # Provided via --apikey flag" : ""}
+  /**
+   * Handle tool execution by routing to handlers defined in config
+   */
+  protected async executeTool(name: string, args: any): Promise<any> {
+    // Find the tool handler in our config
+    const toolDef = config.tools?.find(t => t.name === name);
+    if (toolDef && (toolDef as any).handler) {
+      return (toolDef as any).handler(args);
+    }
+    throw new Error(\`Unknown tool: \${name}\`);
+  }
+}
-# Admin API key for protected endpoints (set to same value as AGENTSHIELD_API_KEY)
-ADMIN_API_KEY="${apikey || ""}"${apikey ? "  # Set to same value as AGENTSHIELD_API_KEY" : ""}
+// Export Durable Object class
+export class ${toPascalCase(projectName)}MCP extends ${toPascalCase(projectName)}Agent {}
 `;
-                    fs.writeFileSync(devVarsPath, devVarsContent);
-                    // Create .dev.vars.example for reference
-                    const devVarsExamplePath = path.join(projectPath, ".dev.vars.example");
-                    const devVarsExampleContent = `# Copy this file to .dev.vars and fill in your values
-# DO NOT commit .dev.vars to version control
-#
-# NOTE: Only secrets go here. Non-secrets (MCP_IDENTITY_PUBLIC_KEY, AGENTSHIELD_PROJECT_ID)
-# are in wrangler.toml [vars] and can be committed safely.
-# Private identity key (generate with: npx @kya-os/create-mcpi-app regenerate-identity)
-MCP_IDENTITY_PRIVATE_KEY="your-private-key-here"
+    await fs.writeFile(path.join(targetDir, "src/agent.ts"), agentTs);
+    // 8. Create src/tools/greet.ts
+    const greetToolTs = `import type { ToolDefinition } from "@kya-os/mcp-i-cloudflare";
-# AgentShield API key (get from https://kya.vouched.id/dashboard)
-AGENTSHIELD_API_KEY="your-api-key-here"
-# Admin API key for protected endpoints (set to same value as AGENTSHIELD_API_KEY)
-ADMIN_API_KEY="your-admin-key-here"
-`;
-                    fs.writeFileSync(devVarsExamplePath, devVarsExampleContent);
-                }
-            }
-            catch (error) {
-                // Logs removed - errors are silent during scaffolding
-            }
-        }
-        // Create tsconfig.json
-        fs.ensureDirSync(projectPath); // Ensure directory exists before writing
-        const tsconfigContent = {
-            compilerOptions: {
-                target: "ES2022",
-                module: "ES2022",
-                lib: ["ES2022"],
-                types: ["@cloudflare/workers-types"],
-                moduleResolution: "bundler",
-                resolveJsonModule: true,
-                allowSyntheticDefaultImports: true,
-                esModuleInterop: true,
-                strict: true,
-                skipLibCheck: true,
-                forceConsistentCasingInFileNames: true,
-            },
-            include: ["src/**/*"],
-        };
-        fs.writeJsonSync(path.join(projectPath, "tsconfig.json"), tsconfigContent, {
-            spaces: 2,
-        });
-        // Create .gitignore
-        const gitignoreContent = `node_modules/
-dist/
-.wrangler/
-.dev.vars
-.env
-.env.local
-*.log
-`;
-        fs.writeFileSync(path.join(projectPath, ".gitignore"), gitignoreContent);
-        // Create .npmrc to suppress harmless deprecation warnings
-        const npmrcContent = `# Suppress deprecation warnings from transitive dependencies
-# These warnings are harmless and don't affect functionality
-# They come from: inflight (glob@7), phin (jimp), rimraf (del), glob (rimraf), node-domexception (node-fetch)
-# Will be resolved when upstream packages update their dependencies
-loglevel=error
+export const greetTool: ToolDefinition = {
+  name: "greet",
+  description: "Greet the user",
+  inputSchema: {
+    type: "object",
+    properties: {
+      name: { type: "string", description: "Name of the person to greet" },
+    },
+    required: ["name"],
+  },
+  handler: async (args: { name: string }) => {
+    return {
+      content: [
+        {
+          type: "text",
+          text: \`Hello, \${args.name}! Welcome to ${projectName}.\`,
+        },
+      ],
+    };
+  },
+};
 `;
-        fs.writeFileSync(path.join(projectPath, ".npmrc"), npmrcContent);
-        // Create README.md
-        const readmeContent = `# ${projectName}
-MCP server running on Cloudflare Workers with MCP-I identity features, cryptographic proofs, and full SSE/HTTP streaming support.
-## Features
-- ✅ **MCP Protocol Support**: SSE and HTTP streaming transports
-- ✅ **Cryptographic Identity**: DID-based agent identity with Ed25519 signatures
-- ✅ **Proof Generation**: Every tool call generates a cryptographic proof
-- ✅ **Audit Logging**: Track all operations with proof IDs and signatures
-- ✅ **Nonce Protection**: Replay attack prevention via KV-backed nonce cache
-- ✅ **Proof Archiving**: Optional KV storage for proof history
-## Quick Start
-### 1. Install Dependencies
-\`\`\`bash
-${packageManager} install
-\`\`\`
-### 2. Create KV Namespaces
-#### Create All KV Namespaces (Recommended)
-\`\`\`bash
-${packageManager === "npm" ? "npm run" : packageManager} kv:create
-\`\`\`
-This creates all 5 KV namespaces at once:
-- \`NONCE_CACHE\` - Replay attack prevention (Required)
-- \`PROOF_ARCHIVE\` - Cryptographic proof storage (Recommended)
-- \`IDENTITY_STORAGE\` - Agent identity persistence (Recommended)
-- \`DELEGATION_STORAGE\` - OAuth delegation storage (Required for delegation)
-- \`TOOL_PROTECTION_KV\` - Dashboard-controlled permissions (Optional)
-Copy the namespace IDs from the output and update each one in \`wrangler.toml\`:
-\`\`\`toml
-[[kv_namespaces]]
-binding = "NONCE_CACHE"
-id = "your_nonce_kv_id_here"  # ← Update this
-[[kv_namespaces]]
-binding = "PROOF_ARCHIVE"
-id = "your_proof_kv_id_here"  # ← Update this
-[[kv_namespaces]]
-binding = "IDENTITY_STORAGE"
-id = "your_identity_kv_id_here"  # ← Update this
-[[kv_namespaces]]
-binding = "DELEGATION_STORAGE"
-id = "your_delegation_kv_id_here"  # ← Update this
-[[kv_namespaces]]
-binding = "TOOL_PROTECTION_KV"
-id = "your_tool_protection_kv_id_here"  # ← Update this
-\`\`\`
-**Note:** You can also create namespaces individually:
-- \`${packageManager === "npm" ? "npm run" : packageManager} kv:create-nonce\` - Create nonce cache only
-- \`${packageManager === "npm" ? "npm run" : packageManager} kv:create-proof\` - Create proof archive only
-- \`${packageManager === "npm" ? "npm run" : packageManager} kv:create-identity\` - Create identity storage only
-- \`${packageManager === "npm" ? "npm run" : packageManager} kv:create-delegation\` - Create delegation storage only
-- \`${packageManager === "npm" ? "npm run" : packageManager} kv:create-tool-protection\` - Create tool protection cache only
-### 3. Test Locally
-\`\`\`bash
-${packageManager === "npm" ? "npm run" : packageManager} dev
-\`\`\`
-### 4. Deploy
-#### Production Deployment
-Secrets are **not** declared in \`wrangler.toml\` to avoid conflicts. Set them using:
-\`\`\`bash
-wrangler secret put MCP_IDENTITY_PRIVATE_KEY
-wrangler secret put AGENTSHIELD_API_KEY
-wrangler secret put ADMIN_API_KEY
-\`\`\`
-**Tip:** Copy values from your \`.dev.vars\` file when prompted.
-**Note:** \`MCP_IDENTITY_PUBLIC_KEY\` and \`AGENTSHIELD_PROJECT_ID\` are not secrets and are already in \`wrangler.toml\` with values.
-Now deploy:
+    await fs.writeFile(path.join(targetDir, "src/tools/greet.ts"), greetToolTs);
+    // 9. Create src/mcpi-runtime-config.ts
+    const runtimeConfigTs = `import type { ToolDefinition } from "@kya-os/mcp-i-cloudflare";
+import { greetTool } from "./tools/greet";
-\`\`\`bash
-${packageManager === "npm" ? "npm run" : packageManager} deploy
-\`\`\`
+interface RuntimeConfig {
+  tools: ToolDefinition[];
+}
-## Connect with Claude Desktop
+const config: RuntimeConfig = {
+  tools: [
+    greetTool,
+    // Add more tools here
+  ],
+};
-Add to \`~/Library/Application Support/Claude/claude_desktop_config.json\`:
+export default config;
+`;
+    await fs.writeFile(path.join(targetDir, "src/mcpi-runtime-config.ts"), runtimeConfigTs);
+    // 10. Create scripts/setup.js (KV Namespace Creation & Key Regeneration Script)
+    const setupJs = `#!/usr/bin/env node
+const { execSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+const projectName = '${projectName}';
+const projectNameUpper = '${projectNameUpper}';
+console.log('🚀 Setting up MCP-I Cloudflare Worker...');
+console.log('');
+// Check if user is logged in to Cloudflare
+console.log('🔐 Checking Cloudflare authentication...');
+try {
+  execSync('wrangler whoami', { encoding: 'utf8', stdio: 'pipe' });
+  console.log('✅ Logged in to Cloudflare\\n');
+} catch (error) {
+  console.error('❌ Not logged in to Cloudflare!\\n');
+  console.error('Please run: wrangler login\\n');
+  console.error('Then run this setup script again: npm run setup\\n');
+  process.exit(1);
+}
-\`\`\`json
-{
-  "mcpServers": {
-    "${projectName}": {
-      "command": "npx",
-      "args": ["mcp-remote", "https://your-worker.workers.dev/sse"]
+// Function to execute command and capture output
+function exec(command, silent = false) {
+  try {
+    const output = execSync(command, { encoding: 'utf8', stdio: silent ? 'pipe' : 'inherit' });
+    return output?.trim();
+  } catch (error) {
+    if (!silent) {
+      console.error(\`❌ Command failed: \${command}\`);
+      console.error(error.message);
+      if (error.stderr) {
+        console.error('Error output:', error.stderr.toString());
+      }
     }
+    throw error; // Re-throw to handle in caller
   }
 }
-\`\`\`
-**Note:** Use the \`/sse\` endpoint for Claude Desktop compatibility.
-Restart Claude Desktop and test: "Use the greet tool to say hello to Alice"
-## Adding Tools
-Create tools in \`src/tools/\`:
-\`\`\`typescript
-import { z } from "zod";
-export const myTool = {
-  name: "my_tool",
-  description: "Tool description",
-  inputSchema: z.object({
-    input: z.string().describe("Input parameter")
-  }),
-  handler: async ({ input }: { input: string }) => ({
-    content: [{ type: "text" as const, text: \`Result: \${input}\` }]
-  })
-};
-\`\`\`
-Register in \`src/index.ts\` init method:
-\`\`\`typescript
-this.server.tool(
-  myTool.name,
-  myTool.description,
-  myTool.inputSchema.shape,
-  myTool.handler
-);
-\`\`\`
-## Endpoints
-- \`/health\` - Health check
-- \`/sse\` - SSE transport for MCP
-- \`/mcp\` - Streamable HTTP transport for MCP
-- \`/oauth/callback\` - OAuth callback for delegation flows
-- \`/admin/clear-cache\` - Clear tool protection cache (requires API key)
-## Viewing Cryptographic Proofs
-Every tool call generates a cryptographic proof that's logged to the console:
-\`\`\`bash
-${packageManager === "npm" ? "npm run" : packageManager} dev
-\`\`\`
-When you call a tool, you'll see logs like:
-\`\`\`
-[MCP-I] Initialized with DID: did:web:localhost:agents:key-abc123
-[MCP-I Proof] {
-  tool: 'greet',
-  did: 'did:web:localhost:agents:key-abc123',
-  proofId: 'proof_1234567890_abcd',
-  signature: 'mNYP8x2k9FqV3...'
+// Function to extract namespace ID from wrangler output
+function extractNamespaceId(output) {
+  // Match patterns like: id = "abc123" or { id: "abc123" }
+  const match = output.match(/id\\s*[:=]\\s*"([^"]+)"/);
+  return match ? match[1] : null;
 }
-\`\`\`
-### Proof Archives (Optional)
-If you configured the \`PROOF_ARCHIVE\` KV namespace, proofs are also stored for querying:
-\`\`\`bash
-# List all proofs
-wrangler kv:key list --namespace-id=your_proof_kv_id
-# View a specific proof
-wrangler kv:key get "proof_1234567890_abcd" --namespace-id=your_proof_kv_id
-\`\`\`
-## Identity Management
-Your agent's cryptographic identity is stored in Durable Objects state. To view your agent's DID:
-1. Check the logs during \`init()\` - it prints the DID
-2. Or query the runtime: \`await mcpiRuntime.getIdentity()\`
-The identity includes:
-- \`did\`: Decentralized identifier (e.g., \`did:web:your-worker.workers.dev:agents:key-xyz\`)
-- \`publicKey\`: Ed25519 public key for signature verification
-- \`privateKey\`: Ed25519 private key (secured in Durable Object state)
-## AgentShield Integration
-This project is configured to send cryptographic proofs to AgentShield for audit trails and compliance monitoring.
-### Setup
-1. **Get your AgentShield API key**:
-   - Sign up at https://kya.vouched.id
-   - Create a project
-   - Copy your API key from the dashboard
-2. **Update \`wrangler.toml\`**:
-   \`\`\`toml
-   [vars]
-   AGENTSHIELD_API_URL = "https://kya.vouched.id"
-   AGENTSHIELD_API_KEY = "sk_your_actual_key_here"  # ← Replace this
-   MCPI_ENV = "development"
-   \`\`\`
-3. **Test proof submission**:
-   \`\`\`bash
-   ${packageManager === "npm" ? "npm run" : packageManager} dev
-   \`\`\`
-   Call a tool and check the logs:
-   \`\`\`
-   [AgentShield] Submitting proof: { did: 'did:web:...', sessionId: '...', jwsFormat: 'valid (3 parts)' }
-   [AgentShield] ✅ Proofs accepted: 1
-   \`\`\`
-4. **View proofs in dashboard**:
-   - Go to https://kya.vouched.id/dashboard
-   - Select your project
-   - Click "Interactions" tab
-   - See your proofs in real-time
-### Configuration
-The AgentShield integration is configured in \`src/mcpi-runtime-config.ts\`. You can customize:
-- Proof batch size (\`maxBatchSize\`)
-- Flush interval (\`flushIntervalMs\`)
-- Retry policy (\`maxRetries\`)
-- Tool protection rules (\`toolProtections\`)
-### Dashboard-Controlled Tool Protection (Advanced)
-🆕 **NEW**: Control which tools require user delegation directly from the AgentShield dashboard - no code changes needed!
-Instead of hardcoding \`requiresDelegation\` in your config, enable dynamic tool protection:
-1. **Create Tool Protection KV namespace**:
-   \`\`\`bash
-   ${packageManager === "npm" ? "npm run" : packageManager} kv:create-tool-protection
-   \`\`\`
-2. **Uncomment TOOL_PROTECTION_KV in \`wrangler.toml\`**:
-   \`\`\`toml
-   [[kv_namespaces]]
-   binding = "TOOL_PROTECTION_KV"
-   id = "your_tool_protection_kv_id"  # ← Add the ID from step 1
-   \`\`\`
-3. **Enable Tool Protection Service in \`src/mcpi-runtime-config.ts\`**:
-   - Uncomment the import: \`import { CloudflareRuntime } from "@kya-os/mcp-i-cloudflare";\`
-   - Uncomment the \`toolProtectionService\` configuration block
-4. **Deploy and test**:
-   \`\`\`bash
-   ${packageManager === "npm" ? "npm run" : packageManager} deploy
-   \`\`\`
-5. **Control delegation from dashboard**:
-   - Go to https://kya.vouched.id/dashboard
-   - Select your project → "Tools" tab
-   - Toggle "Require Delegation" for any tool
-   - Changes apply in real-time (5-minute cache)
-**Benefits:**
-- Update tool permissions without redeploying
-- Test delegation flows instantly
-- Different requirements per environment (dev vs prod)
-- Automatic tool discovery from proof submissions
-**Note:** The first time a tool is called, it auto-discovers in the dashboard. The \`requiresDelegation\` toggle will appear after the first proof is submitted.
-### Disable AgentShield (Optional)
-If you don't want to use AgentShield, edit \`src/mcpi-runtime-config.ts\`:
-\`\`\`typescript
-proofing: {
-  enabled: false,  // Disable proof submission
-  // ...
+// Function to update wrangler.toml with namespace ID
+function updateWranglerToml(binding, namespaceId) {
+  const wranglerPath = path.join(__dirname, '..', 'wrangler.toml');
+  let content = fs.readFileSync(wranglerPath, 'utf8');
+  // Find the binding section and update the ID
+  const bindingPattern = new RegExp(\`binding\\\\s*=\\\\s*"\${binding}"[^\\\\[]*id\\\\s*=\\\\s*"[^"]*"\`, 's');
+  content = content.replace(bindingPattern, (match) => {
+    return match.replace(/id\\s*=\\s*"[^"]*"/, \`id = "\${namespaceId}"\`);
+  });
+  fs.writeFileSync(wranglerPath, content);
+  console.log(\`✅ Updated wrangler.toml with \${binding} namespace ID: \${namespaceId}\`);
 }
-\`\`\`
-Or simply don't configure the \`AGENTSHIELD_API_KEY\` environment variable.
+// Create KV namespaces
+const namespaces = [
+  { binding: \`\${projectNameUpper}_NONCE_CACHE\`, name: 'NONCE_CACHE', description: 'Nonce cache for replay attack prevention' },
+  { binding: \`\${projectNameUpper}_PROOF_ARCHIVE\`, name: 'PROOF_ARCHIVE', description: 'Proof archive for auditability' },
+  { binding: \`\${projectNameUpper}_IDENTITY_STORAGE\`, name: 'IDENTITY_STORAGE', description: 'Identity storage for persistent agent identity' },
+  { binding: \`\${projectNameUpper}_DELEGATION_STORAGE\`, name: 'DELEGATION_STORAGE', description: 'Delegation storage for OAuth flows' },
+  { binding: \`\${projectNameUpper}_TOOL_PROTECTION_KV\`, name: 'TOOL_PROTECTION_KV', description: 'Tool protection configuration cache' },
+];
+console.log('📦 Creating KV namespaces...');
+console.log('');
+let successCount = 0;
+let failureCount = 0;
+for (const ns of namespaces) {
+  console.log(\`\\n📦 Creating \${ns.name}...\`);
+  console.log(\`   Description: \${ns.description}\`);
+  try {
+    // Try to create the namespace
+    const output = exec(\`wrangler kv:namespace create \${ns.binding}\`, true);
+    if (output) {
+      console.log(\`   Raw output: \${output.substring(0, 200)}\`);
+      const namespaceId = extractNamespaceId(output);
+      if (namespaceId) {
+        updateWranglerToml(ns.binding, namespaceId);
+        console.log(\`   ✅ Created successfully!\`);
+        successCount++;
+      } else {
+        console.log(\`   ⚠️  Could not extract namespace ID from output.\`);
+        console.log(\`   Full output: \${output}\`);
+        console.log(\`   You may need to update wrangler.toml manually.\`);
+        failureCount++;
+      }
+    } else {
+      console.log(\`   ⚠️  No output from wrangler command.\`);
+      failureCount++;
+    }
+  } catch (error) {
+    // Namespace might already exist
+    console.log(\`   ℹ️  Namespace may already exist. Checking...\`);
+    try {
+      const listOutput = exec(\`wrangler kv:namespace list\`, true);
+      if (listOutput && listOutput.includes(ns.binding)) {
+        console.log(\`   ✓ Namespace \${ns.binding} already exists\`);
+        // Try to extract ID from list output
+        const listJson = JSON.parse(listOutput);
+        const existing = listJson.find(item => item.title.includes(ns.binding));
+        if (existing && existing.id) {
+          updateWranglerToml(ns.binding, existing.id);
+          console.log(\`   ✅ Updated wrangler.toml with existing ID: \${existing.id}\`);
+          successCount++;
+        } else {
+          console.log(\`   ⚠️  Found namespace but could not extract ID. Update wrangler.toml manually.\`);
+          failureCount++;
+        }
+      } else {
+        console.log(\`   ❌ Could not create or find namespace \${ns.binding}.\`);
+        console.log(\`   Error: \${error.message}\`);
+        console.log(\`   You may need to create it manually with: wrangler kv:namespace create \${ns.binding}\`);
+        failureCount++;
+      }
+    } catch (listError) {
+      console.log(\`   ❌ Failed to list namespaces: \${listError.message}\`);
+      failureCount++;
+    }
+  }
+}
-## References
+console.log('');
+console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+console.log('📊 Setup Summary:');
+console.log(\`   ✅ Success: \${successCount}/\${namespaces.length} namespaces\`);
+console.log(\`   ❌ Failed: \${failureCount}/\${namespaces.length} namespaces\`);
+console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\\n');
+if (failureCount > 0) {
+  console.log('⚠️  Some namespaces failed to create.\\n');
+  console.log('Manual steps required:');
+  console.log('1. Check wrangler.toml for any "TODO_REPLACE_WITH_ID" entries');
+  console.log('2. Create missing namespaces manually with:');
+  console.log('   wrangler kv:namespace create NAMESPACE_BINDING\\n');
+  console.log('3. Copy the ID from the output to wrangler.toml\\n');
+} else {
+  console.log('✨ Setup complete!\\n');
+}
-- [Cloudflare Agents MCP](https://developers.cloudflare.com/agents/model-context-protocol/)
-- [MCP Specification](https://spec.modelcontextprotocol.io/)
-- [MCP-I Documentation](https://github.com/kya-os/xmcp-i)
+console.log('🚀 Next steps:');
+console.log('1. Review wrangler.toml to ensure all namespace IDs are populated');
+console.log('2. Review .dev.vars for secrets configuration');
+console.log('3. Run "npm run dev" to start the development server');
+console.log('4. Run "npm run deploy" to deploy to Cloudflare Workers\\n');
+console.log('📝 For production deployment:');
+console.log('   wrangler secret put MCP_IDENTITY_PRIVATE_KEY');
+if (failureCount === 0) {
+  console.log('   wrangler secret put AGENTSHIELD_API_KEY');
+  console.log('   # ADMIN_API_KEY is optional - falls back to AGENTSHIELD_API_KEY if not set');
+}
+`;
+    await fs.writeFile(path.join(targetDir, "scripts/setup.js"), setupJs);
+    await fs.chmod(path.join(targetDir, "scripts/setup.js"), '755');
+    // 11. Create tsconfig.json
+    const tsConfig = {
+        compilerOptions: {
+            target: "esnext",
+            module: "esnext",
+            moduleResolution: "bundler",
+            types: ["@cloudflare/workers-types", "vitest/globals"],
+            strict: true,
+            skipLibCheck: true,
+            noEmit: true,
+        },
+        include: ["src/**/*"],
+        exclude: ["node_modules"],
+    };
+    await fs.writeJson(path.join(targetDir, "tsconfig.json"), tsConfig, {
+        spaces: 2,
+    });
+    // 12. Create .gitignore
+    const gitignore = `node_modules
+dist
+.wrangler
+.dev.vars
 `;
-        fs.writeFileSync(path.join(projectPath, "README.md"), readmeContent);
+    await fs.writeFile(path.join(targetDir, ".gitignore"), gitignore);
+    console.log(chalk.green("✔ Created Cloudflare MCP-I template files"));
+    console.log(chalk.gray("  - Generated identity keys in .dev.vars"));
+    console.log(chalk.gray("  - Configured wrangler.toml with KV namespaces"));
+    console.log(chalk.gray("  - Created modular tool structure"));
+    console.log(chalk.gray("  - Created setup script for KV namespace creation"));
+    // 13. Run npm install first
+    console.log(chalk.blue("\n📦 Installing dependencies..."));
+    await runCommand(packageManager, ["install"], targetDir);
+    // 14. Run setup script to create KV namespaces
+    console.log(chalk.blue("\n🔧 Running setup script to create KV namespaces..."));
+    try {
+        await runCommand("node", ["scripts/setup.js"], targetDir);
+        console.log(chalk.green("\n✅ KV namespaces created successfully!"));
     }
     catch (error) {
-        console.error(chalk.red("Failed to set up Cloudflare Worker MCP server:"), error);
-        throw error;
+        console.log(chalk.yellow("\n⚠️  KV namespace setup encountered issues."));
+        console.log(chalk.yellow("\nMost likely cause: You're not logged in to Cloudflare."));
+        console.log(chalk.yellow("\nTo fix this:"));
+        console.log(chalk.cyan("   1. cd " + projectName));
+        console.log(chalk.cyan("   2. wrangler login"));
+        console.log(chalk.cyan("   3. npm run setup"));
+        console.log(chalk.gray("\nThe setup script will create all required KV namespaces and update wrangler.toml."));
+    }
+    // 15. Final instructions
+    console.log(chalk.blue("\n" + "=".repeat(60)));
+    console.log(chalk.bold.green("🎉 Cloudflare MCP-I project created successfully!"));
+    console.log(chalk.blue("=".repeat(60)));
+    console.log(chalk.bold("\n📝 Important Configuration Notes:"));
+    console.log(chalk.gray("\n1. ADMIN_API_KEY (in .dev.vars):"));
+    console.log(chalk.gray("   - OPTIONAL: Falls back to AGENTSHIELD_API_KEY if not set"));
+    console.log(chalk.gray("   - Only needed if you want separate admin endpoint security"));
+    console.log(chalk.gray("   - For most use cases, you can delete this line\n"));
+    console.log(chalk.gray("2. KV Namespaces (in wrangler.toml):"));
+    console.log(chalk.gray("   - Required for MCP-I security features"));
+    console.log(chalk.gray("   - Auto-created by 'npm run setup' script"));
+    console.log(chalk.gray("   - Check wrangler.toml for 'TODO_REPLACE_WITH_ID' if setup failed\n"));
+    console.log(chalk.bold("🚀 Next Steps:"));
+    console.log(chalk.cyan("   cd " + projectName));
+    // Check if they need to run setup
+    const wranglerPath = path.join(targetDir, "wrangler.toml");
+    if (fs.existsSync(wranglerPath)) {
+        const wranglerContent = await fs.readFile(wranglerPath, 'utf-8');
+        if (wranglerContent.includes('TODO_REPLACE_WITH_ID')) {
+            console.log(chalk.yellow("   wrangler login              # Login to Cloudflare first!"));
+            console.log(chalk.yellow("   npm run setup               # Create KV namespaces"));
+        }
     }
+    console.log(chalk.cyan("   npm run dev                 # Start local development"));
+    console.log(chalk.cyan("   npm run deploy              # Deploy to Cloudflare\n"));
+}
+function toPascalCase(str) {
+    return str
+        .replace(/(?:^\w|[A-Z]|\b\w)/g, (word, index) => {
+        return word.toUpperCase();
+    })
+        .replace(/\s+/g, "")
+        .replace(/-/g, "");
+}
+function generateAdminApiKey() {
+    // Generate a secure random API key
+    return Buffer.from(crypto.randomBytes(32)).toString('base64');
+}
+function runCommand(command, args, cwd) {
+    return new Promise((resolve, reject) => {
+        const child = spawn(command, args, {
+            cwd,
+            stdio: 'inherit',
+            shell: process.platform === 'win32'
+        });
+        child.on('error', reject);
+        child.on('exit', (code) => {
+            if (code === 0) {
+                resolve();
+            }
+            else {
+                reject(new Error(`Command failed with exit code ${code}`));
+            }
+        });
+    });
 }
 //# sourceMappingURL=fetch-cloudflare-mcpi-template.js.map