@littlebearapps/platform-admin-sdk 1.4.2 → 1.5.0

package/templates/full/dashboard/src/components/search/SearchModal.tsx

@@ -0,0 +1,108 @@
+import { useState, useEffect, useRef, useCallback } from 'react';
+
+interface SearchResult {
+  type: string;
+  id: string;
+  title: string;
+  subtitle: string;
+}
+
+export function SearchModal() {
+  const [open, setOpen] = useState(false);
+  const [query, setQuery] = useState('');
+  const [results, setResults] = useState<SearchResult[]>([]);
+  const [loading, setLoading] = useState(false);
+  const inputRef = useRef<HTMLInputElement>(null);
+  const debounceRef = useRef<ReturnType<typeof setTimeout>>();
+
+  // Cmd+K / Ctrl+K listener
+  useEffect(() => {
+    function handleKeyDown(e: KeyboardEvent) {
+      if ((e.metaKey || e.ctrlKey) && e.key === 'k') {
+        e.preventDefault();
+        setOpen(prev => !prev);
+      }
+      if (e.key === 'Escape') {
+        setOpen(false);
+      }
+    }
+    document.addEventListener('keydown', handleKeyDown);
+    return () => document.removeEventListener('keydown', handleKeyDown);
+  }, []);
+
+  useEffect(() => {
+    if (open && inputRef.current) {
+      inputRef.current.focus();
+    }
+  }, [open]);
+
+  const search = useCallback((q: string) => {
+    if (q.length < 2) {
+      setResults([]);
+      return;
+    }
+    setLoading(true);
+    fetch(`/api/search?q=${encodeURIComponent(q)}`)
+      .then(res => res.json())
+      .then((data: { results: SearchResult[] }) => {
+        setResults(data.results ?? []);
+        setLoading(false);
+      })
+      .catch(() => setLoading(false));
+  }, []);
+
+  function handleInput(value: string) {
+    setQuery(value);
+    clearTimeout(debounceRef.current);
+    debounceRef.current = setTimeout(() => search(value), 300);
+  }
+
+  if (!open) return null;
+
+  return (
+    <div className="fixed inset-0 z-50 flex items-start justify-center pt-[20vh]" onClick={() => setOpen(false)}>
+      <div className="fixed inset-0 bg-black/50" />
+      <div
+        className="relative w-full max-w-lg bg-white dark:bg-gray-800 rounded-xl shadow-2xl border border-gray-200 dark:border-gray-700"
+        onClick={(e) => e.stopPropagation()}
+      >
+        <div className="flex items-center gap-3 px-4 py-3 border-b border-gray-200 dark:border-gray-700">
+          <span className="text-gray-400 text-sm">Search</span>
+          <input
+            ref={inputRef}
+            type="text"
+            value={query}
+            onChange={(e) => handleInput(e.target.value)}
+            placeholder="Search errors, notifications..."
+            className="flex-1 bg-transparent text-gray-900 dark:text-white placeholder-gray-400 outline-none text-sm"
+          />
+          <kbd className="hidden md:inline text-xs text-gray-400 border border-gray-300 dark:border-gray-600 rounded px-1.5 py-0.5">
+            ESC
+          </kbd>
+        </div>
+
+        <div className="max-h-80 overflow-y-auto p-2">
+          {loading && (
+            <div className="text-center py-4 text-sm text-gray-500 dark:text-gray-400">Searching...</div>
+          )}
+          {!loading && results.length === 0 && query.length >= 2 && (
+            <div className="text-center py-4 text-sm text-gray-500 dark:text-gray-400">No results found.</div>
+          )}
+          {!loading && results.map((r) => (
+            <a
+              key={`${r.type}-${r.id}`}
+              href={r.type === 'error' ? `/errors` : `/notifications`}
+              className="flex items-center gap-3 px-3 py-2 rounded-md hover:bg-gray-100 dark:hover:bg-gray-700 transition-colors"
+            >
+              <span className="text-xs font-mono text-gray-400 dark:text-gray-500 uppercase">{r.type}</span>
+              <div className="flex-1 min-w-0">
+                <div className="text-sm text-gray-900 dark:text-white truncate">{r.title}</div>
+                <div className="text-xs text-gray-500 dark:text-gray-400 truncate">{r.subtitle}</div>
+              </div>
+            </a>
+          ))}
+        </div>
+      </div>
+    </div>
+  );
+}

package/templates/full/dashboard/src/pages/api/notifications/index.ts

@@ -0,0 +1,47 @@
+import type { APIRoute } from 'astro';
+
+export const GET: APIRoute = async ({ locals, url }) => {
+  const db = (locals.runtime?.env as { PLATFORM_DB?: D1Database } | undefined)?.PLATFORM_DB;
+
+  if (!db) {
+    return new Response(JSON.stringify({ notifications: [], total: 0 }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  const page = parseInt(url.searchParams.get('page') ?? '1');
+  const limit = Math.min(parseInt(url.searchParams.get('limit') ?? '20'), 100);
+  const offset = (page - 1) * limit;
+
+  try {
+    const notifications = await db
+      .prepare(
+        `SELECT id, title, body, category, priority, source, created_at, read_at, action_url, expires_at
+         FROM notifications
+         WHERE expires_at IS NULL OR expires_at > unixepoch()
+         ORDER BY created_at DESC
+         LIMIT ? OFFSET ?`
+      )
+      .bind(limit, offset)
+      .all();
+
+    const total = await db
+      .prepare(`SELECT COUNT(*) as count FROM notifications WHERE expires_at IS NULL OR expires_at > unixepoch() LIMIT 1`)
+      .first<{ count: number }>();
+
+    return new Response(
+      JSON.stringify({
+        notifications: notifications.results ?? [],
+        total: total?.count ?? 0,
+        page,
+        limit,
+      }),
+      { headers: { 'Content-Type': 'application/json', 'Cache-Control': 'max-age=15' } }
+    );
+  } catch {
+    return new Response(JSON.stringify({ notifications: [], total: 0 }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};

package/templates/full/dashboard/src/pages/api/notifications/unread-count.ts

@@ -0,0 +1,31 @@
+import type { APIRoute } from 'astro';
+
+export const GET: APIRoute = async ({ locals }) => {
+  const db = (locals.runtime?.env as { PLATFORM_DB?: D1Database } | undefined)?.PLATFORM_DB;
+
+  if (!db) {
+    return new Response(JSON.stringify({ count: 0 }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  try {
+    const result = await db
+      .prepare(
+        `SELECT COUNT(*) as count FROM notifications
+         WHERE read_at IS NULL
+           AND (expires_at IS NULL OR expires_at > unixepoch())
+         LIMIT 1`
+      )
+      .first<{ count: number }>();
+
+    return new Response(JSON.stringify({ count: result?.count ?? 0 }), {
+      headers: { 'Content-Type': 'application/json', 'Cache-Control': 'max-age=15' },
+    });
+  } catch {
+    return new Response(JSON.stringify({ count: 0 }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};

package/templates/full/dashboard/src/pages/api/patterns/approve.ts

@@ -0,0 +1,55 @@
+import type { APIRoute } from 'astro';
+
+export const POST: APIRoute = async ({ locals, request }) => {
+  const db = (locals.runtime?.env as { PLATFORM_DB?: D1Database } | undefined)?.PLATFORM_DB;
+  const patternApi = (locals.runtime?.env as { PATTERN_DISCOVERY_API?: Fetcher } | undefined)?.PATTERN_DISCOVERY_API;
+
+  if (!db && !patternApi) {
+    return new Response(JSON.stringify({ error: 'No database or pattern API available' }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  try {
+    const body = (await request.json()) as { id: number; notes?: string };
+
+    if (patternApi) {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 5000);
+      const res = await patternApi.fetch(
+        `https://internal/suggestions/${body.id}?action=approve`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ notes: body.notes }),
+          signal: controller.signal,
+        }
+      );
+      clearTimeout(timeout);
+      if (!res.ok) throw new Error(`Pattern API returned ${res.status}`);
+      return new Response(JSON.stringify({ ok: true }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }
+
+    // Fallback: update D1 directly
+    await db!
+      .prepare(
+        `UPDATE transient_pattern_suggestions
+         SET status = 'approved', reviewed_at = datetime('now'), reviewer_notes = ?
+         WHERE id = ?`
+      )
+      .bind(body.notes ?? null, body.id)
+      .run();
+
+    return new Response(JSON.stringify({ ok: true }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    return new Response(
+      JSON.stringify({ error: error instanceof Error ? error.message : 'Failed to approve' }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+};

package/templates/full/dashboard/src/pages/api/patterns/index.ts

@@ -0,0 +1,36 @@
+import type { APIRoute } from 'astro';
+
+export const GET: APIRoute = async ({ locals, url }) => {
+  const db = (locals.runtime?.env as { PLATFORM_DB?: D1Database } | undefined)?.PLATFORM_DB;
+
+  if (!db) {
+    return new Response(JSON.stringify({ suggestions: [] }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  const status = url.searchParams.get('status') ?? 'pending';
+
+  try {
+    const suggestions = await db
+      .prepare(
+        `SELECT id, pattern_type, pattern_value, error_type, priority, status,
+                match_count, source, created_at, reviewed_at, reviewer_notes
+         FROM transient_pattern_suggestions
+         WHERE status = ?
+         ORDER BY created_at DESC
+         LIMIT 50`
+      )
+      .bind(status)
+      .all();
+
+    return new Response(JSON.stringify({ suggestions: suggestions.results ?? [] }), {
+      headers: { 'Content-Type': 'application/json', 'Cache-Control': 'max-age=30' },
+    });
+  } catch {
+    return new Response(JSON.stringify({ suggestions: [] }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};

package/templates/full/dashboard/src/pages/api/patterns/reject.ts

@@ -0,0 +1,54 @@
+import type { APIRoute } from 'astro';
+
+export const POST: APIRoute = async ({ locals, request }) => {
+  const db = (locals.runtime?.env as { PLATFORM_DB?: D1Database } | undefined)?.PLATFORM_DB;
+  const patternApi = (locals.runtime?.env as { PATTERN_DISCOVERY_API?: Fetcher } | undefined)?.PATTERN_DISCOVERY_API;
+
+  if (!db && !patternApi) {
+    return new Response(JSON.stringify({ error: 'No database or pattern API available' }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  try {
+    const body = (await request.json()) as { id: number; notes?: string };
+
+    if (patternApi) {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 5000);
+      const res = await patternApi.fetch(
+        `https://internal/suggestions/${body.id}?action=reject`,
+        {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ notes: body.notes }),
+          signal: controller.signal,
+        }
+      );
+      clearTimeout(timeout);
+      if (!res.ok) throw new Error(`Pattern API returned ${res.status}`);
+      return new Response(JSON.stringify({ ok: true }), {
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }
+
+    await db!
+      .prepare(
+        `UPDATE transient_pattern_suggestions
+         SET status = 'rejected', reviewed_at = datetime('now'), reviewer_notes = ?
+         WHERE id = ?`
+      )
+      .bind(body.notes ?? null, body.id)
+      .run();
+
+    return new Response(JSON.stringify({ ok: true }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    return new Response(
+      JSON.stringify({ error: error instanceof Error ? error.message : 'Failed to reject' }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+};

package/templates/full/dashboard/src/pages/api/search/index.ts

@@ -0,0 +1,74 @@
+import type { APIRoute } from 'astro';
+
+export const GET: APIRoute = async ({ locals, url }) => {
+  const searchApi = (locals.runtime?.env as { SEARCH_API?: Fetcher } | undefined)?.SEARCH_API;
+  const db = (locals.runtime?.env as { PLATFORM_DB?: D1Database } | undefined)?.PLATFORM_DB;
+  const query = url.searchParams.get('q')?.trim();
+
+  if (!query || query.length < 2) {
+    return new Response(JSON.stringify({ results: [], query: '' }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  // Prefer search API service binding
+  if (searchApi) {
+    try {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 5000);
+      const res = await searchApi.fetch(`https://internal/search?q=${encodeURIComponent(query)}`, {
+        signal: controller.signal,
+      });
+      clearTimeout(timeout);
+      if (res.ok) {
+        const data = await res.json();
+        return new Response(JSON.stringify(data), {
+          headers: { 'Content-Type': 'application/json', 'Cache-Control': 'max-age=30' },
+        });
+      }
+    } catch {
+      // Fall through to D1 fallback
+    }
+  }
+
+  // D1 fallback: basic LIKE search
+  if (!db) {
+    return new Response(JSON.stringify({ results: [], query }), {
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+
+  try {
+    const pattern = `%${query}%`;
+    const errors = await db
+      .prepare(
+        `SELECT 'error' as type, fingerprint as id, normalized_message as title, script_name as subtitle
+         FROM error_occurrences
+         WHERE normalized_message LIKE ? OR script_name LIKE ?
+         LIMIT 5`
+      )
+      .bind(pattern, pattern)
+      .all();
+
+    const notifications = await db
+      .prepare(
+        `SELECT 'notification' as type, id, title, category as subtitle
+         FROM notifications
+         WHERE title LIKE ?
+         LIMIT 5`
+      )
+      .bind(pattern)
+      .all();
+
+    const results = [...(errors.results ?? []), ...(notifications.results ?? [])];
+
+    return new Response(JSON.stringify({ results, query }), {
+      headers: { 'Content-Type': 'application/json', 'Cache-Control': 'max-age=30' },
+    });
+  } catch {
+    return new Response(JSON.stringify({ results: [], query }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};

package/templates/full/dashboard/src/pages/notifications.astro

@@ -0,0 +1,11 @@
+---
+import DashboardLayout from '../../layouts/DashboardLayout.astro';
+import { NotificationList } from '../../components/notifications/NotificationList';
+---
+
+<DashboardLayout title="Notifications">
+  <div class="max-w-4xl mx-auto">
+    <h2 class="text-xl font-bold text-gray-900 dark:text-white mb-4">Notifications</h2>
+    <NotificationList client:load />
+  </div>
+</DashboardLayout>

package/templates/full/migrations/008_auditor.sql

@@ -0,0 +1,99 @@
+-- =============================================================================
+-- 008_auditor.sql — Auditor Reports & Feature Coverage
+-- =============================================================================
+-- Additional tables for FULL tier SDK integration auditor.
+-- Base audit_results table is in shared migration 004_settings_alerts.sql.
+--
+-- Tables:
+--   attribution_reports        — Resource-to-project mapping status
+--   feature_coverage_audit     — Feature active/dormant/undefined tracking
+--   comprehensive_audit_reports — Weekly aggregated audit findings
+-- =============================================================================
+
+
+-- =============================================================================
+-- ATTRIBUTION REPORTS (from platform-mapper discovery runs)
+-- =============================================================================
+-- Stores resource-to-project attribution status from topology discovery.
+
+CREATE TABLE IF NOT EXISTS attribution_reports (
+  id TEXT PRIMARY KEY,
+  discovery_time TEXT NOT NULL,
+  total_resources INTEGER NOT NULL DEFAULT 0,
+  attributed_count INTEGER NOT NULL DEFAULT 0,
+  unattributed_count INTEGER NOT NULL DEFAULT 0,
+  report_json TEXT NOT NULL,
+  created_at TEXT DEFAULT (datetime('now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_attribution_discovery_time
+  ON attribution_reports(discovery_time);
+
+
+-- =============================================================================
+-- FEATURE COVERAGE AUDIT
+-- =============================================================================
+-- Tracks which features from budgets.yaml are active vs dormant.
+-- Populated by platform-auditor feature coverage checks.
+
+CREATE TABLE IF NOT EXISTS feature_coverage_audit (
+  id TEXT PRIMARY KEY,
+  audit_time TEXT NOT NULL,
+  project TEXT NOT NULL,
+  feature TEXT NOT NULL,
+  -- Status: active (heartbeats in last 7d), dormant (defined but no heartbeats),
+  --         undefined (reporting telemetry but not in config)
+  status TEXT NOT NULL CHECK (status IN ('active', 'dormant', 'undefined')),
+  last_heartbeat TEXT,
+  events_last_7d INTEGER DEFAULT 0,
+  defined_budget INTEGER,
+  budget_unit TEXT,
+  created_at TEXT DEFAULT (datetime('now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_feature_coverage_project
+  ON feature_coverage_audit(project);
+CREATE INDEX IF NOT EXISTS idx_feature_coverage_status
+  ON feature_coverage_audit(status);
+CREATE INDEX IF NOT EXISTS idx_feature_coverage_audit_time
+  ON feature_coverage_audit(audit_time);
+
+
+-- =============================================================================
+-- COMPREHENSIVE AUDIT REPORTS
+-- =============================================================================
+-- Weekly aggregated reports combining all audit dimensions:
+-- gap analysis, resource attribution, feature coverage, and AI Judge scores.
+
+CREATE TABLE IF NOT EXISTS comprehensive_audit_reports (
+  id TEXT PRIMARY KEY,
+  generated_at TEXT NOT NULL,
+  -- Gap summary (from sentinel gap_detection_log)
+  gap_events_count INTEGER NOT NULL DEFAULT 0,
+  total_missing_hours INTEGER NOT NULL DEFAULT 0,
+  worst_gap_day TEXT,
+  average_gap_severity TEXT,
+  -- Attribution summary (from mapper attribution_reports)
+  total_resources INTEGER NOT NULL DEFAULT 0,
+  attributed_count INTEGER NOT NULL DEFAULT 0,
+  unattributed_count INTEGER NOT NULL DEFAULT 0,
+  unattributed_resources TEXT, -- JSON array of {type, name}
+  -- Feature coverage summary
+  defined_features_count INTEGER NOT NULL DEFAULT 0,
+  active_features_count INTEGER NOT NULL DEFAULT 0,
+  dormant_features_count INTEGER NOT NULL DEFAULT 0,
+  undefined_features_count INTEGER NOT NULL DEFAULT 0,
+  -- AI Judge summary
+  ai_judge_avg_score REAL,
+  ai_judge_recommendations TEXT, -- JSON array
+  -- Action items
+  action_items_count INTEGER NOT NULL DEFAULT 0,
+  critical_items_count INTEGER NOT NULL DEFAULT 0,
+  action_items TEXT, -- JSON array
+  -- Full report
+  report_json TEXT NOT NULL,
+  created_at TEXT DEFAULT (datetime('now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_comprehensive_audit_generated
+  ON comprehensive_audit_reports(generated_at);

package/templates/full/migrations/010_pricing_versions.sql

@@ -0,0 +1,110 @@
+-- Migration 010: Pricing Version Tracking
+--
+-- Purpose: Audit trail for Cloudflare pricing changes with historical recomputation support.
+--
+-- Benefits:
+-- - Track when pricing changes occur (Cloudflare updates rates periodically)
+-- - Recompute historical costs when pricing is corrected
+-- - Audit trail for billing reconciliation
+-- - Support for pricing A/B comparisons
+
+-- Create pricing_versions table
+CREATE TABLE IF NOT EXISTS pricing_versions (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  version_name TEXT NOT NULL,              -- Human-readable name (e.g., "2026-01", "2025-workers-update")
+  effective_from TEXT NOT NULL,            -- ISO date when pricing became effective
+  effective_to TEXT,                       -- NULL = current, ISO date when superseded
+  source_url TEXT,                         -- CF pricing page reference for audit
+  pricing_json TEXT NOT NULL,              -- Full pricing config as JSON
+  allowances_json TEXT NOT NULL,           -- Paid plan allowances as JSON
+  notes TEXT,                              -- Optional notes about changes
+  created_at TEXT DEFAULT (datetime('now')),
+  created_by TEXT DEFAULT 'system'         -- 'system' for auto-detected, 'manual' for user overrides
+);
+
+-- Index for querying current/historical pricing
+CREATE INDEX IF NOT EXISTS idx_pricing_versions_effective
+  ON pricing_versions (effective_from, effective_to);
+
+-- Add pricing_version_id to daily rollups for cost recomputation
+-- Note: SQLite doesn't support adding constraints in ALTER, so we just add the column
+ALTER TABLE daily_usage_rollups ADD COLUMN pricing_version_id INTEGER;
+
+-- Add pricing_version_id to monthly rollups
+ALTER TABLE monthly_usage_rollups ADD COLUMN pricing_version_id INTEGER;
+
+-- Seed with current pricing (January 2026)
+INSERT INTO pricing_versions (
+  version_name,
+  effective_from,
+  effective_to,
+  source_url,
+  pricing_json,
+  allowances_json,
+  notes,
+  created_by
+) VALUES (
+  '2026-01-initial',
+  '2026-01-01',
+  NULL,
+  'https://developers.cloudflare.com/workers/platform/pricing/',
+  '{
+    "workers": {
+      "baseCostMonthly": 5.0,
+      "includedRequests": 10000000,
+      "requestsPerMillion": 0.3,
+      "cpuMsPerMillion": 0.02
+    },
+    "d1": {
+      "rowsReadPerBillion": 0.001,
+      "rowsWrittenPerMillion": 1.0,
+      "storagePerGb": 0.75
+    },
+    "kv": {
+      "readsPerMillion": 0.5,
+      "writesPerMillion": 5.0,
+      "deletesPerMillion": 5.0,
+      "listsPerMillion": 5.0,
+      "storagePerGb": 0.5
+    },
+    "r2": {
+      "storagePerGbMonth": 0.015,
+      "classAPerMillion": 4.5,
+      "classBPerMillion": 0.36
+    },
+    "durableObjects": {
+      "requestsPerMillion": 0.15,
+      "gbSecondsPerMillion": 12.5,
+      "storagePerGbMonth": 0.2,
+      "readsPerMillion": 0.2,
+      "writesPerMillion": 1.0,
+      "deletesPerMillion": 1.0
+    },
+    "vectorize": {
+      "storedDimensionsPerMillion": 0.01,
+      "queriedDimensionsPerMillion": 0.01
+    },
+    "aiGateway": { "free": true },
+    "workersAI": {
+      "neuronsPerThousand": 0.011
+    },
+    "pages": {
+      "buildCost": 0.15,
+      "bandwidthPerGb": 0.02
+    },
+    "queues": {
+      "messagesPerMillion": 0.4,
+      "operationsPerMillion": 0.4
+    },
+    "workflows": { "free": true }
+  }',
+  '{
+    "d1": { "rowsRead": 25000000000, "rowsWritten": 50000000 },
+    "kv": { "reads": 10000000, "writes": 1000000, "deletes": 1000000, "lists": 1000000 },
+    "r2": { "storage": 10000000000, "classA": 1000000, "classB": 10000000 },
+    "durableObjects": { "requests": 3000000, "gbSeconds": 400000 },
+    "vectorize": { "storedDimensions": 30000000, "queriedDimensions": 30000000 }
+  }',
+  'Initial pricing version seeded from Cloudflare pricing pages (January 2026)',
+  'migration'
+);

package/templates/full/migrations/011_multi_account.sql

@@ -0,0 +1,51 @@
+-- Migration 011: Multi-Account Cloudflare Support
+--
+-- Purpose: Registry for managing multiple Cloudflare accounts from a single platform.
+-- Enables federated infrastructure monitoring across accounts.
+--
+-- Use cases:
+-- - Separate accounts for production, staging, client projects
+-- - Consolidated billing and usage visibility across accounts
+-- - Per-account API token management
+--
+-- Architecture:
+-- - Each account has its own CLOUDFLARE_ACCOUNT_ID and API token
+-- - The api_token_env_key column stores the ENV VAR name (not the token itself)
+-- - Workers read the appropriate token from env at runtime
+-- - Primary account is the default for backwards compatibility
+
+CREATE TABLE IF NOT EXISTS account_registry (
+  account_id TEXT PRIMARY KEY,             -- Internal identifier (e.g., "primary", "staging", "client-acme")
+  account_name TEXT NOT NULL,              -- Human-readable name
+  cloudflare_account_id TEXT NOT NULL,     -- Cloudflare account ID
+  api_token_env_key TEXT NOT NULL,         -- ENV var name for the API token (e.g., "CLOUDFLARE_API_TOKEN")
+  is_primary INTEGER NOT NULL DEFAULT 0,   -- 1 = default account, 0 = secondary
+  status TEXT NOT NULL DEFAULT 'active',   -- active, disabled
+  notes TEXT,                              -- Optional notes
+  created_at TEXT DEFAULT (datetime('now')),
+  updated_at TEXT DEFAULT (datetime('now'))
+);
+
+-- Ensure only one primary account
+CREATE UNIQUE INDEX IF NOT EXISTS idx_account_registry_primary
+  ON account_registry (is_primary) WHERE is_primary = 1;
+
+-- Seed with primary account placeholder
+-- TODO: Update cloudflare_account_id with your actual account ID
+INSERT INTO account_registry (
+  account_id,
+  account_name,
+  cloudflare_account_id,
+  api_token_env_key,
+  is_primary,
+  status,
+  notes
+) VALUES (
+  'primary',
+  'Primary Account',
+  'YOUR_CLOUDFLARE_ACCOUNT_ID',
+  'CLOUDFLARE_API_TOKEN',
+  1,
+  'active',
+  'Default account seeded by migration. Update cloudflare_account_id after deployment.'
+);