npm - @striae-org/striae - Versions diffs - 5.2.0 → 5.3.0 - Mend

@striae-org/striae 5.2.0 → 5.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (105) hide show

package/.env.example +36 -33
package/README.md +5 -46
package/app/components/actions/case-export/core-export.ts +2 -174
package/app/components/actions/case-export/download-handlers.ts +83 -750
package/app/components/actions/case-export/index.ts +6 -30
package/app/components/actions/case-export/metadata-helpers.ts +0 -78
package/app/components/actions/case-export/types-constants.ts +0 -43
package/app/components/actions/case-import/confirmation-import.ts +13 -14
package/app/components/actions/case-import/zip-processing.ts +92 -12
package/app/components/actions/generate-pdf.ts +3 -2
package/app/components/audit/user-audit-viewer.tsx +0 -19
package/app/components/audit/viewer/audit-viewer-header.tsx +0 -33
package/app/components/navbar/case-modals/archive-case-modal.tsx +1 -1
package/app/components/navbar/navbar.tsx +1 -1
package/app/components/sidebar/case-import/case-import.module.css +35 -0
package/app/components/sidebar/case-import/components/CasePreviewSection.tsx +59 -3
package/app/components/sidebar/case-import/components/ConfirmationDialog.tsx +2 -4
package/app/components/sidebar/case-import/components/ConfirmationPreviewSection.tsx +1 -1
package/app/components/sidebar/notes/class-details-shared.ts +2 -2
package/app/components/toast/toast.module.css +36 -0
package/app/components/toast/toast.tsx +6 -2
package/app/components/user/manage-profile.tsx +4 -3
package/app/config-example/config.json +1 -2
package/app/root.tsx +0 -7
package/app/routes/_index.tsx +1 -1
package/app/routes/auth/login.example.tsx +22 -103
package/app/routes/auth/route.ts +1 -1
package/app/routes/striae/striae.tsx +53 -59
package/app/services/firebase/index.ts +0 -3
package/app/types/export.ts +1 -2
package/app/utils/auth/index.ts +0 -1
package/app/utils/data/permissions.ts +3 -2
package/package.json +10 -17
package/public/_headers +0 -4
package/public/_routes.json +0 -1
package/worker-configuration.d.ts +20 -17
package/workers/audit-worker/src/audit-worker.example.ts +9 -806
package/workers/audit-worker/src/config.ts +7 -0
package/workers/audit-worker/src/crypto/data-at-rest.ts +410 -0
package/workers/audit-worker/src/handlers/audit-routes.ts +125 -0
package/workers/audit-worker/src/storage/audit-storage.ts +99 -0
package/workers/audit-worker/src/types.ts +56 -0
package/workers/audit-worker/worker-configuration.d.ts +1 -1
package/workers/audit-worker/wrangler.jsonc.example +1 -1
package/workers/data-worker/src/config.ts +11 -0
package/workers/data-worker/src/data-worker.example.ts +21 -942
package/workers/data-worker/src/handlers/decrypt-export.ts +118 -0
package/workers/data-worker/src/handlers/signing.ts +174 -0
package/workers/data-worker/src/handlers/storage-routes.ts +129 -0
package/workers/data-worker/src/registry/key-registry.ts +368 -0
package/workers/data-worker/src/types.ts +46 -0
package/workers/data-worker/worker-configuration.d.ts +1 -1
package/workers/data-worker/wrangler.jsonc.example +1 -1
package/workers/image-worker/worker-configuration.d.ts +1 -1
package/workers/image-worker/wrangler.jsonc.example +1 -1
package/workers/pdf-worker/worker-configuration.d.ts +2 -3
package/workers/pdf-worker/wrangler.jsonc.example +1 -1
package/workers/user-worker/src/auth.ts +30 -0
package/workers/user-worker/src/cleanup/account-deletion.ts +337 -0
package/workers/user-worker/src/config.ts +4 -0
package/workers/user-worker/src/encryption-utils.ts +25 -0
package/workers/user-worker/src/firebase/admin.ts +152 -0
package/workers/user-worker/src/handlers/user-routes.ts +242 -0
package/workers/user-worker/src/registry/user-kv.ts +172 -0
package/workers/user-worker/src/storage/user-records.ts +34 -0
package/workers/user-worker/src/types.ts +106 -0
package/workers/user-worker/src/user-worker.example.ts +18 -964
package/workers/user-worker/worker-configuration.d.ts +4 -2
package/workers/user-worker/wrangler.jsonc.example +12 -1
package/wrangler.toml.example +1 -1
package/app/components/actions/case-export/data-processing.ts +0 -223
package/app/components/sidebar/case-export/case-export.module.css +0 -418
package/app/components/sidebar/case-export/case-export.tsx +0 -310
package/app/types/exceljs-bare.d.ts +0 -9
package/app/utils/auth/auth.ts +0 -11
package/public/.well-known/security.txt +0 -6
package/public/favicon.ico +0 -0
package/public/icon-256.png +0 -0
package/public/icon-512.png +0 -0
package/public/manifest.json +0 -39
package/public/shortcut.png +0 -0
package/public/social-image.png +0 -0
package/public/vendor/exceljs.LICENSE +0 -22
package/public/vendor/exceljs.bare.min.js +0 -45
package/scripts/deploy-all.sh +0 -166
package/scripts/deploy-config/modules/env-utils.sh +0 -322
package/scripts/deploy-config/modules/keys.sh +0 -404
package/scripts/deploy-config/modules/prompt.sh +0 -372
package/scripts/deploy-config/modules/scaffolding.sh +0 -336
package/scripts/deploy-config/modules/validation.sh +0 -365
package/scripts/deploy-config.sh +0 -236
package/scripts/deploy-pages-secrets.sh +0 -231
package/scripts/deploy-pages.sh +0 -34
package/scripts/deploy-primershear-emails.sh +0 -167
package/scripts/deploy-worker-secrets.sh +0 -374
package/scripts/dev.cjs +0 -23
package/scripts/install-workers.sh +0 -88
package/scripts/run-eslint.cjs +0 -43
package/scripts/update-compatibility-dates.cjs +0 -124
package/scripts/update-markdown-versions.cjs +0 -43
package/workers/keys-worker/package.json +0 -18
package/workers/keys-worker/src/keys.example.ts +0 -67
package/workers/keys-worker/src/keys.ts +0 -67
package/workers/keys-worker/worker-configuration.d.ts +0 -7447
package/workers/keys-worker/wrangler.jsonc.example +0 -15

package/scripts/deploy-config/modules/validation.sh DELETED Viewed

@@ -1,365 +0,0 @@
-#!/bin/bash
-validate_data_at_rest_encryption_settings() {
-    local enabled_normalized
-    enabled_normalized=$(printf '%s' "${DATA_AT_REST_ENCRYPTION_ENABLED:-false}" | tr '[:upper:]' '[:lower:]')
-    if [ "$enabled_normalized" != "1" ] && [ "$enabled_normalized" != "true" ] && [ "$enabled_normalized" != "yes" ] && [ "$enabled_normalized" != "on" ]; then
-        echo -e "${RED}❌ Error: DATA_AT_REST_ENCRYPTION_ENABLED must be true because data-at-rest encryption is mandatory${NC}"
-        exit 1
-    fi
-    local has_legacy_private_key=false
-    local has_registry_keys_json=false
-    if [ -n "$DATA_AT_REST_ENCRYPTION_PRIVATE_KEY" ] && ! is_placeholder "$DATA_AT_REST_ENCRYPTION_PRIVATE_KEY"; then
-        has_legacy_private_key=true
-    fi
-    if [ -n "$DATA_AT_REST_ENCRYPTION_KEYS_JSON" ] && ! is_placeholder "$DATA_AT_REST_ENCRYPTION_KEYS_JSON"; then
-        has_registry_keys_json=true
-    fi
-    if [ "$has_legacy_private_key" != "true" ] && [ "$has_registry_keys_json" != "true" ]; then
-        echo -e "${RED}❌ Error: either DATA_AT_REST_ENCRYPTION_PRIVATE_KEY or DATA_AT_REST_ENCRYPTION_KEYS_JSON is required when data-at-rest encryption is enabled${NC}"
-        exit 1
-    fi
-    if [ -z "$DATA_AT_REST_ENCRYPTION_PUBLIC_KEY" ] || is_placeholder "$DATA_AT_REST_ENCRYPTION_PUBLIC_KEY"; then
-        echo -e "${RED}❌ Error: DATA_AT_REST_ENCRYPTION_PUBLIC_KEY is required when data-at-rest encryption is enabled${NC}"
-        exit 1
-    fi
-    if [ -z "$DATA_AT_REST_ENCRYPTION_KEY_ID" ] || is_placeholder "$DATA_AT_REST_ENCRYPTION_KEY_ID"; then
-        echo -e "${RED}❌ Error: DATA_AT_REST_ENCRYPTION_KEY_ID is required when data-at-rest encryption is enabled${NC}"
-        exit 1
-    fi
-}
-validate_user_kv_encryption_settings() {
-    local has_legacy_private_key=false
-    local has_registry_keys_json=false
-    local write_endpoints_enabled_normalized
-    if [ -n "$USER_KV_ENCRYPTION_PRIVATE_KEY" ] && ! is_placeholder "$USER_KV_ENCRYPTION_PRIVATE_KEY"; then
-        has_legacy_private_key=true
-    fi
-    if [ -n "$USER_KV_ENCRYPTION_KEYS_JSON" ] && ! is_placeholder "$USER_KV_ENCRYPTION_KEYS_JSON"; then
-        has_registry_keys_json=true
-    fi
-    if [ "$has_legacy_private_key" != "true" ] && [ "$has_registry_keys_json" != "true" ]; then
-        echo -e "${RED}❌ Error: either USER_KV_ENCRYPTION_PRIVATE_KEY or USER_KV_ENCRYPTION_KEYS_JSON is required${NC}"
-        exit 1
-    fi
-    # Defaults to enabled to preserve current behavior unless explicitly set false for read-only deployments.
-    write_endpoints_enabled_normalized=$(printf '%s' "${USER_KV_WRITE_ENDPOINTS_ENABLED:-true}" | tr '[:upper:]' '[:lower:]')
-    if [ "$write_endpoints_enabled_normalized" = "1" ] || [ "$write_endpoints_enabled_normalized" = "true" ] || [ "$write_endpoints_enabled_normalized" = "yes" ] || [ "$write_endpoints_enabled_normalized" = "on" ]; then
-        if [ -z "$USER_KV_ENCRYPTION_PUBLIC_KEY" ] || is_placeholder "$USER_KV_ENCRYPTION_PUBLIC_KEY"; then
-            echo -e "${RED}❌ Error: USER_KV_ENCRYPTION_PUBLIC_KEY is required when USER_KV_WRITE_ENDPOINTS_ENABLED is true${NC}"
-            exit 1
-        fi
-        if [ -z "$USER_KV_ENCRYPTION_KEY_ID" ] || is_placeholder "$USER_KV_ENCRYPTION_KEY_ID"; then
-            echo -e "${RED}❌ Error: USER_KV_ENCRYPTION_KEY_ID is required when USER_KV_WRITE_ENDPOINTS_ENABLED is true${NC}"
-            exit 1
-        fi
-    fi
-}
-# Validate required variables
-required_vars=(
-    # Core Cloudflare Configuration
-    "ACCOUNT_ID"
-    # Shared Authentication & Storage
-    "USER_DB_AUTH"
-    "R2_KEY_SECRET"
-    "IMAGES_API_TOKEN"
-    # Firebase Auth Configuration
-    "API_KEY"
-    "AUTH_DOMAIN"
-    "PROJECT_ID"
-    "STORAGE_BUCKET"
-    "MESSAGING_SENDER_ID"
-    "APP_ID"
-    "MEASUREMENT_ID"
-    "FIREBASE_SERVICE_ACCOUNT_EMAIL"
-    "FIREBASE_SERVICE_ACCOUNT_PRIVATE_KEY"
-    # Pages Configuration
-    "PAGES_PROJECT_NAME"
-    "PAGES_CUSTOM_DOMAIN"
-    # Worker Names (required for config replacement)
-    "KEYS_WORKER_NAME"
-    "USER_WORKER_NAME"
-    "DATA_WORKER_NAME"
-    "AUDIT_WORKER_NAME"
-    "IMAGES_WORKER_NAME"
-    "PDF_WORKER_NAME"
-    # Worker Domains (required for proxy/env secrets and worker fallbacks)
-    "KEYS_WORKER_DOMAIN"
-    "USER_WORKER_DOMAIN"
-    "DATA_WORKER_DOMAIN"
-    "AUDIT_WORKER_DOMAIN"
-    "IMAGES_WORKER_DOMAIN"
-    "PDF_WORKER_DOMAIN"
-    # Storage Configuration (required for config replacement)
-    "DATA_BUCKET_NAME"
-    "AUDIT_BUCKET_NAME"
-    "FILES_BUCKET_NAME"
-    "KV_STORE_ID"
-    # Worker-Specific Secrets (required for deployment)
-    "KEYS_AUTH"
-    "PDF_WORKER_AUTH"
-    "IMAGE_SIGNED_URL_SECRET"
-    "BROWSER_API_TOKEN"
-    "MANIFEST_SIGNING_PRIVATE_KEY"
-    "MANIFEST_SIGNING_KEY_ID"
-    "MANIFEST_SIGNING_PUBLIC_KEY"
-    "EXPORT_ENCRYPTION_PRIVATE_KEY"
-    "EXPORT_ENCRYPTION_KEY_ID"
-    "EXPORT_ENCRYPTION_PUBLIC_KEY"
-)
-validate_required_vars() {
-    echo -e "${YELLOW}🔍 Validating required environment variables...${NC}"
-    for var in "${required_vars[@]}"; do
-        if [ -z "${!var}" ] || is_placeholder "${!var}"; then
-            echo -e "${RED}❌ Error: $var is not set in .env file or is a placeholder${NC}"
-            exit 1
-        fi
-    done
-    echo -e "${GREEN}✅ All required variables found${NC}"
-}
-assert_file_exists() {
-    local file_path=$1
-    if [ ! -f "$file_path" ]; then
-        echo -e "${RED}❌ Error: required file is missing: $file_path${NC}"
-        exit 1
-    fi
-}
-assert_contains_literal() {
-    local file_path=$1
-    local literal=$2
-    local description=$3
-    if ! grep -Fq -- "$literal" "$file_path"; then
-        echo -e "${RED}❌ Error: ${description}${NC}"
-        echo -e "${YELLOW}   Expected to find '$literal' in $file_path${NC}"
-        exit 1
-    fi
-}
-assert_no_match_in_file() {
-    local file_path=$1
-    local pattern=$2
-    local description=$3
-    local matches
-    matches=$(grep -En "$pattern" "$file_path" | head -n 3 || true)
-    if [ -n "$matches" ]; then
-        echo -e "${RED}❌ Error: ${description}${NC}"
-        echo -e "${YELLOW}   First matching lines in $file_path:${NC}"
-        echo "$matches"
-        exit 1
-    fi
-}
-validate_json_file() {
-    local file_path=$1
-    if ! node -e "const fs=require('fs'); JSON.parse(fs.readFileSync(process.argv[1], 'utf8'));" "$file_path" > /dev/null 2>&1; then
-        echo -e "${RED}❌ Error: invalid JSON in $file_path${NC}"
-        exit 1
-    fi
-}
-validate_domain_var() {
-    local var_name=$1
-    local value="${!var_name}"
-    local normalized
-    value=$(strip_carriage_returns "$value")
-    normalized=$(normalize_domain_value "$value")
-    if [ -z "$value" ] || is_placeholder "$value"; then
-        echo -e "${RED}❌ Error: $var_name is missing or placeholder${NC}"
-        exit 1
-    fi
-    if [ "$value" != "$normalized" ]; then
-        echo -e "${RED}❌ Error: $var_name must not include protocol, trailing slash, or surrounding whitespace${NC}"
-        echo -e "${YELLOW}   Use '$normalized' instead${NC}"
-        exit 1
-    fi
-    if [[ "$value" == */* ]]; then
-        echo -e "${RED}❌ Error: $var_name must be a bare domain (no path segments)${NC}"
-        exit 1
-    fi
-}
-validate_env_value_formats() {
-    echo -e "${YELLOW}🔍 Validating environment value formats...${NC}"
-    validate_domain_var "PAGES_CUSTOM_DOMAIN"
-    validate_domain_var "KEYS_WORKER_DOMAIN"
-    validate_domain_var "USER_WORKER_DOMAIN"
-    validate_domain_var "DATA_WORKER_DOMAIN"
-    validate_domain_var "AUDIT_WORKER_DOMAIN"
-    validate_domain_var "IMAGES_WORKER_DOMAIN"
-    validate_domain_var "PDF_WORKER_DOMAIN"
-    if ! [[ "$KV_STORE_ID" =~ ^([0-9a-fA-F]{32}|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$ ]]; then
-        echo -e "${RED}❌ Error: KV_STORE_ID must be a 32-character hex namespace ID (or UUID format)${NC}"
-        exit 1
-    fi
-    if [[ "$ACCOUNT_ID" =~ [[:space:]] ]]; then
-        echo -e "${RED}❌ Error: ACCOUNT_ID must not contain whitespace${NC}"
-        exit 1
-    fi
-    echo -e "${GREEN}✅ Environment value formats look valid${NC}"
-}
-validate_env_file_entries() {
-    local var_name
-    local escaped_var_name
-    local count
-    echo -e "${YELLOW}🔍 Verifying required .env entries...${NC}"
-    for var_name in "${required_vars[@]}"; do
-        escaped_var_name=$(escape_for_sed_pattern "$var_name")
-        count=$(grep -c "^$escaped_var_name=" .env || true)
-        if [ "$count" -lt 1 ]; then
-            echo -e "${RED}❌ Error: missing .env entry for $var_name${NC}"
-            exit 1
-        fi
-    done
-    echo -e "${GREEN}✅ Required .env entries found${NC}"
-}
-validate_generated_configs() {
-    echo -e "${YELLOW}🔍 Running generated configuration checkpoint validations...${NC}"
-    local required_files=(
-        "wrangler.toml"
-        "app/config/config.json"
-        "app/config/firebase.ts"
-        "app/config/admin-service.json"
-        "app/routes/auth/login.tsx"
-        "app/routes/auth/login.module.css"
-        "workers/audit-worker/wrangler.jsonc"
-        "workers/data-worker/wrangler.jsonc"
-        "workers/image-worker/wrangler.jsonc"
-        "workers/keys-worker/wrangler.jsonc"
-        "workers/pdf-worker/wrangler.jsonc"
-        "workers/user-worker/wrangler.jsonc"
-        "workers/audit-worker/src/audit-worker.ts"
-        "workers/data-worker/src/data-worker.ts"
-        "workers/image-worker/src/image-worker.ts"
-        "workers/keys-worker/src/keys.ts"
-        "workers/pdf-worker/src/pdf-worker.ts"
-        "workers/user-worker/src/user-worker.ts"
-    )
-    local file_path
-    for file_path in "${required_files[@]}"; do
-        assert_file_exists "$file_path"
-    done
-    validate_json_file "app/config/config.json"
-    validate_json_file "app/config/admin-service.json"
-    assert_contains_literal "wrangler.toml" "\"$PAGES_PROJECT_NAME\"" "PAGES_PROJECT_NAME was not applied to wrangler.toml"
-    assert_contains_literal "workers/keys-worker/wrangler.jsonc" "$KEYS_WORKER_NAME" "KEYS_WORKER_NAME was not applied"
-    assert_contains_literal "workers/user-worker/wrangler.jsonc" "$USER_WORKER_NAME" "USER_WORKER_NAME was not applied"
-    assert_contains_literal "workers/data-worker/wrangler.jsonc" "$DATA_WORKER_NAME" "DATA_WORKER_NAME was not applied"
-    assert_contains_literal "workers/audit-worker/wrangler.jsonc" "$AUDIT_WORKER_NAME" "AUDIT_WORKER_NAME was not applied"
-    assert_contains_literal "workers/image-worker/wrangler.jsonc" "$IMAGES_WORKER_NAME" "IMAGES_WORKER_NAME was not applied"
-    assert_contains_literal "workers/pdf-worker/wrangler.jsonc" "$PDF_WORKER_NAME" "PDF_WORKER_NAME was not applied"
-    assert_contains_literal "workers/keys-worker/wrangler.jsonc" "$ACCOUNT_ID" "ACCOUNT_ID missing in keys worker config"
-    assert_contains_literal "workers/user-worker/wrangler.jsonc" "$ACCOUNT_ID" "ACCOUNT_ID missing in user worker config"
-    assert_contains_literal "workers/data-worker/wrangler.jsonc" "$ACCOUNT_ID" "ACCOUNT_ID missing in data worker config"
-    assert_contains_literal "workers/audit-worker/wrangler.jsonc" "$ACCOUNT_ID" "ACCOUNT_ID missing in audit worker config"
-    assert_contains_literal "workers/image-worker/wrangler.jsonc" "$ACCOUNT_ID" "ACCOUNT_ID missing in image worker config"
-    assert_contains_literal "workers/pdf-worker/wrangler.jsonc" "$ACCOUNT_ID" "ACCOUNT_ID missing in pdf worker config"
-    assert_contains_literal "workers/data-worker/wrangler.jsonc" "$DATA_BUCKET_NAME" "DATA_BUCKET_NAME missing in data worker config"
-    assert_contains_literal "workers/audit-worker/wrangler.jsonc" "$AUDIT_BUCKET_NAME" "AUDIT_BUCKET_NAME missing in audit worker config"
-    assert_contains_literal "workers/image-worker/wrangler.jsonc" "$FILES_BUCKET_NAME" "FILES_BUCKET_NAME missing in image worker config"
-    assert_contains_literal "workers/user-worker/wrangler.jsonc" "$KV_STORE_ID" "KV_STORE_ID missing in user worker config"
-    assert_contains_literal "app/config/config.json" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in app/config/config.json"
-    assert_contains_literal "app/config/config.json" "$EXPORT_ENCRYPTION_KEY_ID" "EXPORT_ENCRYPTION_KEY_ID missing in app/config/config.json"
-    assert_contains_literal "app/config/config.json" "\"export_encryption_public_key\":" "export_encryption_public_key missing in app/config/config.json"
-    assert_contains_literal "app/routes/auth/login.tsx" "const APP_CANONICAL_ORIGIN = 'https://$PAGES_CUSTOM_DOMAIN';" "PAGES_CUSTOM_DOMAIN missing in app/routes/auth/login.tsx canonical origin"
-    assert_contains_literal "app/config/firebase.ts" "$API_KEY" "API_KEY missing in app/config/firebase.ts"
-    assert_contains_literal "app/config/firebase.ts" "$AUTH_DOMAIN" "AUTH_DOMAIN missing in app/config/firebase.ts"
-    assert_contains_literal "app/config/firebase.ts" "$PROJECT_ID" "PROJECT_ID missing in app/config/firebase.ts"
-    assert_contains_literal "app/config/firebase.ts" "$STORAGE_BUCKET" "STORAGE_BUCKET missing in app/config/firebase.ts"
-    assert_contains_literal "app/config/firebase.ts" "$MESSAGING_SENDER_ID" "MESSAGING_SENDER_ID missing in app/config/firebase.ts"
-    assert_contains_literal "app/config/firebase.ts" "$APP_ID" "APP_ID missing in app/config/firebase.ts"
-    assert_contains_literal "app/config/firebase.ts" "$MEASUREMENT_ID" "MEASUREMENT_ID missing in app/config/firebase.ts"
-    assert_contains_literal "workers/audit-worker/src/audit-worker.ts" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in audit-worker source"
-    assert_contains_literal "workers/data-worker/src/data-worker.ts" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in data-worker source"
-    assert_contains_literal "workers/image-worker/src/image-worker.ts" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in image-worker source"
-    assert_contains_literal "workers/keys-worker/src/keys.ts" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in keys-worker source"
-    assert_contains_literal "workers/pdf-worker/src/pdf-worker.ts" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in pdf-worker source"
-    assert_contains_literal "workers/user-worker/src/user-worker.ts" "https://$PAGES_CUSTOM_DOMAIN" "PAGES_CUSTOM_DOMAIN missing in user-worker source"
-    local placeholder_pattern
-    placeholder_pattern="(\"(ACCOUNT_ID|PAGES_PROJECT_NAME|PAGES_CUSTOM_DOMAIN|KEYS_WORKER_NAME|USER_WORKER_NAME|DATA_WORKER_NAME|AUDIT_WORKER_NAME|IMAGES_WORKER_NAME|PDF_WORKER_NAME|KEYS_WORKER_DOMAIN|USER_WORKER_DOMAIN|DATA_WORKER_DOMAIN|AUDIT_WORKER_DOMAIN|IMAGES_WORKER_DOMAIN|PDF_WORKER_DOMAIN|DATA_BUCKET_NAME|AUDIT_BUCKET_NAME|FILES_BUCKET_NAME|KV_STORE_ID|MANIFEST_SIGNING_KEY_ID|MANIFEST_SIGNING_PUBLIC_KEY|EXPORT_ENCRYPTION_KEY_ID|EXPORT_ENCRYPTION_PUBLIC_KEY|YOUR_FIREBASE_API_KEY|YOUR_FIREBASE_AUTH_DOMAIN|YOUR_FIREBASE_PROJECT_ID|YOUR_FIREBASE_STORAGE_BUCKET|YOUR_FIREBASE_MESSAGING_SENDER_ID|YOUR_FIREBASE_APP_ID|YOUR_FIREBASE_MEASUREMENT_ID)\"|'(PAGES_CUSTOM_DOMAIN|DATA_WORKER_DOMAIN|IMAGES_WORKER_DOMAIN)')"
-    local files_to_scan=(
-        "wrangler.toml"
-        "workers/audit-worker/wrangler.jsonc"
-        "workers/data-worker/wrangler.jsonc"
-        "workers/image-worker/wrangler.jsonc"
-        "workers/keys-worker/wrangler.jsonc"
-        "workers/pdf-worker/wrangler.jsonc"
-        "workers/user-worker/wrangler.jsonc"
-        "workers/audit-worker/src/audit-worker.ts"
-        "workers/data-worker/src/data-worker.ts"
-        "workers/image-worker/src/image-worker.ts"
-        "workers/keys-worker/src/keys.ts"
-        "workers/pdf-worker/src/pdf-worker.ts"
-        "workers/user-worker/src/user-worker.ts"
-        "app/config/config.json"
-        "app/config/firebase.ts"
-        "app/routes/auth/login.tsx"
-    )
-    for file_path in "${files_to_scan[@]}"; do
-        assert_no_match_in_file "$file_path" "$placeholder_pattern" "Unresolved placeholder token found after config update"
-    done
-    echo -e "${GREEN}✅ Generated configuration checkpoint validation passed${NC}"
-}
-run_validation_checkpoint() {
-    validate_required_vars
-    validate_env_value_formats
-    validate_env_file_entries
-    validate_data_at_rest_encryption_settings
-    validate_user_kv_encryption_settings
-    validate_generated_configs
-}

package/scripts/deploy-config.sh DELETED Viewed

@@ -1,236 +0,0 @@
-#!/bin/bash
-# ===================================
-# STRIAE CONFIGURATION SETUP SCRIPT
-# ===================================
-# This script sets up all configuration files and replaces placeholders
-# Run this BEFORE installing worker dependencies to avoid wrangler validation errors
-set -e
-set -o pipefail
-# Colors for output
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-BLUE='\033[0;34m'
-NC='\033[0m' # No Color
-echo -e "${BLUE}⚙️  Striae Configuration Setup Script${NC}"
-echo "====================================="
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
-cd "$PROJECT_ROOT"
-trap 'echo -e "\n${RED}❌ deploy-config.sh failed near line ${LINENO}${NC}"' ERR
-update_env=false
-show_help=false
-validate_only=false
-force_rotate_keys=false
-for arg in "$@"; do
-    case "$arg" in
-        -h|--help)
-            show_help=true
-            ;;
-        --update-env)
-            update_env=true
-            ;;
-        --validate-only)
-            validate_only=true
-            ;;
-        --force-rotate-keys)
-            force_rotate_keys=true
-            ;;
-        *)
-            echo -e "${RED}❌ Unknown option: $arg${NC}"
-            echo "Use --help to see supported options."
-            exit 1
-            ;;
-    esac
-done
-if [ "$update_env" = "true" ] && [ "$validate_only" = "true" ]; then
-    echo -e "${RED}❌ --update-env and --validate-only cannot be used together${NC}"
-    exit 1
-fi
-if [ "$force_rotate_keys" = "true" ] && [ "$validate_only" = "true" ]; then
-    echo -e "${RED}❌ --force-rotate-keys and --validate-only cannot be used together${NC}"
-    exit 1
-fi
-if [ "$show_help" = "true" ]; then
-    echo "Usage: bash ./scripts/deploy-config.sh [--update-env] [--validate-only] [--force-rotate-keys]"
-    echo ""
-    echo "Options:"
-    echo "  --update-env   Reset .env from .env.example and overwrite configs"
-    echo "  --validate-only Validate current .env and generated config files without modifying them"
-    echo "  --force-rotate-keys Force regeneration of all encryption/signing key pairs without prompts"
-    echo "  -h, --help     Show this help message"
-    exit 0
-fi
-if [ "$update_env" = "true" ]; then
-    echo -e "${YELLOW}⚠️  Update-env mode: overwriting configs and resetting .env values from template${NC}"
-fi
-if [ "$force_rotate_keys" = "true" ]; then
-    echo -e "${YELLOW}⚠️  Force-rotate-keys mode: all encryption/signing key pairs will be regenerated without prompts${NC}"
-fi
-require_command() {
-    local cmd=$1
-    if ! command -v "$cmd" > /dev/null 2>&1; then
-        echo -e "${RED}❌ Error: required command '$cmd' is not installed or not in PATH${NC}"
-        exit 1
-    fi
-}
-require_command node
-require_command sed
-require_command awk
-require_command grep
-is_placeholder() {
-    local value="$1"
-    local normalized
-    normalized=$(printf '%s' "$value" | tr -d '\r' | tr '[:upper:]' '[:lower:]')
-    normalized=$(printf '%s' "$normalized" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-    normalized=${normalized#\"}
-    normalized=${normalized%\"}
-    if [ -z "$normalized" ]; then
-        return 1
-    fi
-    [[ "$normalized" =~ ^your_[a-z0-9_]+_here$ || \
-       "$normalized" =~ ^your-[a-z0-9-]+-here$ || \
-       "$normalized" == "placeholder" || \
-       "$normalized" == "changeme" || \
-       "$normalized" == "replace_me" || \
-       "$normalized" == "replace-me" ]]
-}
-# Check if .env file exists
-env_created_from_example=false
-preserved_domain_env_file=""
-if [ -f ".env" ]; then
-    preserved_domain_env_file=".env"
-fi
-if [ "$update_env" = "true" ]; then
-    if [ -f ".env" ]; then
-        cp .env .env.backup
-        preserved_domain_env_file=".env.backup"
-        echo -e "${GREEN}📄 Existing .env backed up to .env.backup${NC}"
-    fi
-    if [ -f ".env.example" ]; then
-        cp ".env.example" ".env"
-        echo -e "${GREEN}✅ .env file reset from .env.example${NC}"
-        env_created_from_example=true
-    else
-        echo -e "${RED}❌ Error: .env.example file not found!${NC}"
-        exit 1
-    fi
-elif [ ! -f ".env" ]; then
-    if [ "$validate_only" = "true" ]; then
-        echo -e "${RED}❌ Error: .env file not found. --validate-only does not create files.${NC}"
-        echo -e "${YELLOW}Run deploy-config without --validate-only first to generate and populate .env.${NC}"
-        exit 1
-    fi
-    echo -e "${YELLOW}📄 .env file not found, copying from .env.example...${NC}"
-    if [ -f ".env.example" ]; then
-        cp ".env.example" ".env"
-        echo -e "${GREEN}✅ .env file created from .env.example${NC}"
-        env_created_from_example=true
-    else
-        echo -e "${RED}❌ Error: Neither .env nor .env.example file found!${NC}"
-        echo "Please create a .env.example file or provide a .env file."
-        exit 1
-    fi
-fi
-# Source the .env file
-echo -e "${YELLOW}📖 Loading environment variables from .env...${NC}"
-source .env
-DEPLOY_CONFIG_MODULES_DIR="$SCRIPT_DIR/deploy-config/modules"
-DEPLOY_CONFIG_ENV_UTILS_MODULE="$DEPLOY_CONFIG_MODULES_DIR/env-utils.sh"
-if [ ! -f "$DEPLOY_CONFIG_ENV_UTILS_MODULE" ]; then
-    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_ENV_UTILS_MODULE${NC}"
-    exit 1
-fi
-source "$DEPLOY_CONFIG_ENV_UTILS_MODULE"
-DEPLOY_CONFIG_KEYS_MODULE="$DEPLOY_CONFIG_MODULES_DIR/keys.sh"
-DEPLOY_CONFIG_VALIDATION_MODULE="$DEPLOY_CONFIG_MODULES_DIR/validation.sh"
-DEPLOY_CONFIG_SCAFFOLDING_MODULE="$DEPLOY_CONFIG_MODULES_DIR/scaffolding.sh"
-DEPLOY_CONFIG_PROMPT_MODULE="$DEPLOY_CONFIG_MODULES_DIR/prompt.sh"
-if [ ! -f "$DEPLOY_CONFIG_KEYS_MODULE" ]; then
-    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_KEYS_MODULE${NC}"
-    exit 1
-fi
-if [ ! -f "$DEPLOY_CONFIG_VALIDATION_MODULE" ]; then
-    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_VALIDATION_MODULE${NC}"
-    exit 1
-fi
-if [ ! -f "$DEPLOY_CONFIG_SCAFFOLDING_MODULE" ]; then
-    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_SCAFFOLDING_MODULE${NC}"
-    exit 1
-fi
-if [ ! -f "$DEPLOY_CONFIG_PROMPT_MODULE" ]; then
-    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_PROMPT_MODULE${NC}"
-    exit 1
-fi
-source "$DEPLOY_CONFIG_KEYS_MODULE"
-source "$DEPLOY_CONFIG_VALIDATION_MODULE"
-source "$DEPLOY_CONFIG_SCAFFOLDING_MODULE"
-source "$DEPLOY_CONFIG_PROMPT_MODULE"
-if [ "$validate_only" = "true" ]; then
-    echo -e "\n${BLUE}🧪 Validate-only mode enabled${NC}"
-    run_validation_checkpoint
-    echo -e "\n${GREEN}🎉 Configuration validation completed successfully!${NC}"
-    exit 0
-fi
-# Copy example configuration files
-copy_example_configs
-# Load required Firebase admin service credentials from app/config/admin-service.json
-load_admin_service_credentials
-# Always prompt for secrets to ensure configuration
-prompt_for_secrets
-# Validate after secrets have been configured
-validate_required_vars
-# Update wrangler configurations
-update_wrangler_configs
-# Validate generated files and values after replacements
-run_validation_checkpoint
-echo -e "\n${GREEN}🎉 Configuration setup completed!${NC}"
-echo -e "${BLUE}📝 Next Steps:${NC}"
-echo "   1. Install worker dependencies"
-echo "   2. Deploy workers"
-echo "   3. Deploy worker secrets"
-echo "   4. Deploy pages"
-echo -e "\n${GREEN}✨ Ready for deployment!${NC}"