@striae-org/striae 5.3.1 → 5.4.0

package/scripts/deploy-config.sh

@@ -0,0 +1,236 @@
+#!/bin/bash
+
+# ===================================
+# STRIAE CONFIGURATION SETUP SCRIPT
+# ===================================
+# This script sets up all configuration files and replaces placeholders
+# Run this BEFORE installing worker dependencies to avoid wrangler validation errors
+
+set -e
+set -o pipefail
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo -e "${BLUE}⚙️  Striae Configuration Setup Script${NC}"
+echo "====================================="
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+cd "$PROJECT_ROOT"
+
+trap 'echo -e "\n${RED}❌ deploy-config.sh failed near line ${LINENO}${NC}"' ERR
+
+update_env=false
+show_help=false
+validate_only=false
+force_rotate_keys=false
+for arg in "$@"; do
+    case "$arg" in
+        -h|--help)
+            show_help=true
+            ;;
+        --update-env)
+            update_env=true
+            ;;
+        --validate-only)
+            validate_only=true
+            ;;
+        --force-rotate-keys)
+            force_rotate_keys=true
+            ;;
+        *)
+            echo -e "${RED}❌ Unknown option: $arg${NC}"
+            echo "Use --help to see supported options."
+            exit 1
+            ;;
+    esac
+done
+
+if [ "$update_env" = "true" ] && [ "$validate_only" = "true" ]; then
+    echo -e "${RED}❌ --update-env and --validate-only cannot be used together${NC}"
+    exit 1
+fi
+
+if [ "$force_rotate_keys" = "true" ] && [ "$validate_only" = "true" ]; then
+    echo -e "${RED}❌ --force-rotate-keys and --validate-only cannot be used together${NC}"
+    exit 1
+fi
+
+if [ "$show_help" = "true" ]; then
+    echo "Usage: bash ./scripts/deploy-config.sh [--update-env] [--validate-only] [--force-rotate-keys]"
+    echo ""
+    echo "Options:"
+    echo "  --update-env   Reset .env from .env.example and overwrite configs"
+    echo "  --validate-only Validate current .env and generated config files without modifying them"
+    echo "  --force-rotate-keys Force regeneration of all encryption/signing key pairs without prompts"
+    echo "  -h, --help     Show this help message"
+    exit 0
+fi
+
+if [ "$update_env" = "true" ]; then
+    echo -e "${YELLOW}⚠️  Update-env mode: overwriting configs and resetting .env values from template${NC}"
+fi
+
+if [ "$force_rotate_keys" = "true" ]; then
+    echo -e "${YELLOW}⚠️  Force-rotate-keys mode: all encryption/signing key pairs will be regenerated without prompts${NC}"
+fi
+
+require_command() {
+    local cmd=$1
+    if ! command -v "$cmd" > /dev/null 2>&1; then
+        echo -e "${RED}❌ Error: required command '$cmd' is not installed or not in PATH${NC}"
+        exit 1
+    fi
+}
+
+require_command node
+require_command sed
+require_command awk
+require_command grep
+
+is_placeholder() {
+    local value="$1"
+    local normalized
+
+    normalized=$(printf '%s' "$value" | tr -d '\r' | tr '[:upper:]' '[:lower:]')
+    normalized=$(printf '%s' "$normalized" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+    normalized=${normalized#\"}
+    normalized=${normalized%\"}
+
+    if [ -z "$normalized" ]; then
+        return 1
+    fi
+
+    [[ "$normalized" =~ ^your_[a-z0-9_]+_here$ || \
+       "$normalized" =~ ^your-[a-z0-9-]+-here$ || \
+       "$normalized" == "placeholder" || \
+       "$normalized" == "changeme" || \
+       "$normalized" == "replace_me" || \
+       "$normalized" == "replace-me" ]]
+}
+
+# Check if .env file exists
+env_created_from_example=false
+preserved_domain_env_file=""
+
+if [ -f ".env" ]; then
+    preserved_domain_env_file=".env"
+fi
+
+if [ "$update_env" = "true" ]; then
+    if [ -f ".env" ]; then
+        cp .env .env.backup
+        preserved_domain_env_file=".env.backup"
+        echo -e "${GREEN}📄 Existing .env backed up to .env.backup${NC}"
+    fi
+
+    if [ -f ".env.example" ]; then
+        cp ".env.example" ".env"
+        echo -e "${GREEN}✅ .env file reset from .env.example${NC}"
+        env_created_from_example=true
+    else
+        echo -e "${RED}❌ Error: .env.example file not found!${NC}"
+        exit 1
+    fi
+elif [ ! -f ".env" ]; then
+    if [ "$validate_only" = "true" ]; then
+        echo -e "${RED}❌ Error: .env file not found. --validate-only does not create files.${NC}"
+        echo -e "${YELLOW}Run deploy-config without --validate-only first to generate and populate .env.${NC}"
+        exit 1
+    fi
+
+    echo -e "${YELLOW}📄 .env file not found, copying from .env.example...${NC}"
+    if [ -f ".env.example" ]; then
+        cp ".env.example" ".env"
+        echo -e "${GREEN}✅ .env file created from .env.example${NC}"
+        env_created_from_example=true
+    else
+        echo -e "${RED}❌ Error: Neither .env nor .env.example file found!${NC}"
+        echo "Please create a .env.example file or provide a .env file."
+        exit 1
+    fi
+fi
+
+# Source the .env file
+echo -e "${YELLOW}📖 Loading environment variables from .env...${NC}"
+source .env
+
+DEPLOY_CONFIG_MODULES_DIR="$SCRIPT_DIR/deploy-config/modules"
+DEPLOY_CONFIG_ENV_UTILS_MODULE="$DEPLOY_CONFIG_MODULES_DIR/env-utils.sh"
+
+if [ ! -f "$DEPLOY_CONFIG_ENV_UTILS_MODULE" ]; then
+    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_ENV_UTILS_MODULE${NC}"
+    exit 1
+fi
+
+source "$DEPLOY_CONFIG_ENV_UTILS_MODULE"
+
+DEPLOY_CONFIG_KEYS_MODULE="$DEPLOY_CONFIG_MODULES_DIR/keys.sh"
+DEPLOY_CONFIG_VALIDATION_MODULE="$DEPLOY_CONFIG_MODULES_DIR/validation.sh"
+DEPLOY_CONFIG_SCAFFOLDING_MODULE="$DEPLOY_CONFIG_MODULES_DIR/scaffolding.sh"
+DEPLOY_CONFIG_PROMPT_MODULE="$DEPLOY_CONFIG_MODULES_DIR/prompt.sh"
+
+if [ ! -f "$DEPLOY_CONFIG_KEYS_MODULE" ]; then
+    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_KEYS_MODULE${NC}"
+    exit 1
+fi
+
+if [ ! -f "$DEPLOY_CONFIG_VALIDATION_MODULE" ]; then
+    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_VALIDATION_MODULE${NC}"
+    exit 1
+fi
+
+if [ ! -f "$DEPLOY_CONFIG_SCAFFOLDING_MODULE" ]; then
+    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_SCAFFOLDING_MODULE${NC}"
+    exit 1
+fi
+
+if [ ! -f "$DEPLOY_CONFIG_PROMPT_MODULE" ]; then
+    echo -e "${RED}❌ Error: Required deploy-config module not found: $DEPLOY_CONFIG_PROMPT_MODULE${NC}"
+    exit 1
+fi
+
+source "$DEPLOY_CONFIG_KEYS_MODULE"
+source "$DEPLOY_CONFIG_VALIDATION_MODULE"
+source "$DEPLOY_CONFIG_SCAFFOLDING_MODULE"
+source "$DEPLOY_CONFIG_PROMPT_MODULE"
+
+if [ "$validate_only" = "true" ]; then
+    echo -e "\n${BLUE}🧪 Validate-only mode enabled${NC}"
+    run_validation_checkpoint
+    echo -e "\n${GREEN}🎉 Configuration validation completed successfully!${NC}"
+    exit 0
+fi
+
+
+# Copy example configuration files
+copy_example_configs
+
+# Load required Firebase admin service credentials from app/config/admin-service.json
+load_admin_service_credentials
+
+# Always prompt for secrets to ensure configuration
+prompt_for_secrets
+
+# Validate after secrets have been configured
+validate_required_vars
+
+
+# Update wrangler configurations
+update_wrangler_configs
+
+# Validate generated files and values after replacements
+run_validation_checkpoint
+
+echo -e "\n${GREEN}🎉 Configuration setup completed!${NC}"
+echo -e "${BLUE}📝 Next Steps:${NC}"
+echo "   1. Install worker dependencies"
+echo "   2. Deploy workers"
+echo "   3. Deploy worker secrets"
+echo "   4. Deploy pages"
+echo -e "\n${GREEN}✨ Ready for deployment!${NC}"

package/scripts/deploy-pages-secrets.sh

@@ -0,0 +1,231 @@
+#!/bin/bash
+
+# ======================================
+# STRIAE PAGES SECRETS DEPLOYMENT SCRIPT
+# ======================================
+# This script deploys required secrets to Cloudflare Pages environments.
+
+set -e
+set -o pipefail
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo -e "${BLUE}🔐 Striae Pages Secrets Deployment Script${NC}"
+echo "=========================================="
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+cd "$PROJECT_ROOT"
+
+trap 'echo -e "\n${RED}❌ deploy-pages-secrets.sh failed near line ${LINENO}${NC}"' ERR
+
+show_help=false
+deploy_production=true
+deploy_preview=true
+
+for arg in "$@"; do
+    case "$arg" in
+        -h|--help)
+            show_help=true
+            ;;
+        --production-only)
+            deploy_production=true
+            deploy_preview=false
+            ;;
+        --preview-only)
+            deploy_production=false
+            deploy_preview=true
+            ;;
+        *)
+            echo -e "${RED}❌ Unknown option: $arg${NC}"
+            echo "Use --help to see supported options."
+            exit 1
+            ;;
+    esac
+done
+
+if [ "$show_help" = "true" ]; then
+    echo "Usage: bash ./scripts/deploy-pages-secrets.sh [--production-only|--preview-only]"
+    echo ""
+    echo "Options:"
+    echo "  --production-only  Deploy secrets only to the production Pages environment"
+    echo "  --preview-only     Deploy secrets only to the preview Pages environment"
+    echo "  -h, --help         Show this help message"
+    exit 0
+fi
+
+if [ "$deploy_production" != "true" ] && [ "$deploy_preview" != "true" ]; then
+    echo -e "${RED}❌ No target environment selected${NC}"
+    exit 1
+fi
+
+require_command() {
+    local cmd=$1
+    if ! command -v "$cmd" > /dev/null 2>&1; then
+        echo -e "${RED}❌ Error: required command '$cmd' is not installed or not in PATH${NC}"
+        exit 1
+    fi
+}
+
+strip_carriage_returns() {
+    printf '%s' "$1" | tr -d '\r'
+}
+
+is_placeholder() {
+    local value="$1"
+    local normalized
+
+    normalized=$(echo "$value" | tr '[:upper:]' '[:lower:]')
+
+    if [ -z "$normalized" ]; then
+        return 0
+    fi
+
+    [[ "$normalized" == your_*_here ]]
+}
+
+load_required_project_id() {
+    local admin_service_path="app/config/admin-service.json"
+    local service_project_id
+
+    if [ ! -f "$admin_service_path" ]; then
+        echo -e "${RED}❌ Error: Required Firebase admin service file not found: $admin_service_path${NC}"
+        echo -e "${YELLOW}   Create app/config/admin-service.json before deploying Pages secrets.${NC}"
+        exit 1
+    fi
+
+    if ! service_project_id=$(node -e "const fs=require('fs'); const data=JSON.parse(fs.readFileSync(process.argv[1], 'utf8')); process.stdout.write(data.project_id || '');" "$admin_service_path"); then
+        echo -e "${RED}❌ Error: Could not parse project_id from $admin_service_path${NC}"
+        exit 1
+    fi
+
+    service_project_id=$(strip_carriage_returns "$service_project_id")
+
+    if [ -z "$service_project_id" ] || is_placeholder "$service_project_id"; then
+        echo -e "${RED}❌ Error: project_id in $admin_service_path is missing or placeholder${NC}"
+        exit 1
+    fi
+
+    PROJECT_ID="$service_project_id"
+    export PROJECT_ID
+
+    echo -e "${GREEN}✅ Loaded PROJECT_ID from $admin_service_path${NC}"
+}
+
+get_required_value() {
+    local var_name=$1
+    local value="${!var_name}"
+
+    value=$(strip_carriage_returns "$value")
+
+    if [ -z "$value" ] || is_placeholder "$value"; then
+        echo -e "${RED}❌ Error: required value for $var_name is missing or placeholder${NC}" >&2
+        exit 1
+    fi
+
+    printf '%s' "$value"
+}
+
+get_optional_value() {
+    local var_name=$1
+    local value="${!var_name}"
+
+    value=$(strip_carriage_returns "$value")
+
+    if [ -z "$value" ] || is_placeholder "$value"; then
+        printf ''
+        return 0
+    fi
+
+    printf '%s' "$value"
+}
+
+set_pages_secret() {
+    local secret_name=$1
+    local secret_value=$2
+    local pages_env=$3
+
+    echo -e "${YELLOW}  Setting $secret_name for $pages_env...${NC}"
+
+    if [ "$pages_env" = "production" ]; then
+        printf '%s' "$secret_value" | wrangler pages secret put "$secret_name" --project-name "$PAGES_PROJECT_NAME"
+        return 0
+    fi
+
+    printf '%s' "$secret_value" | wrangler pages secret put "$secret_name" --project-name "$PAGES_PROJECT_NAME" --env "$pages_env"
+}
+
+deploy_pages_environment_secrets() {
+    local pages_env=$1
+    local secret
+    local secret_value
+
+    echo -e "\n${BLUE}🔧 Deploying Pages secrets to $pages_env...${NC}"
+
+    for secret in "${required_pages_secrets[@]}"; do
+        secret_value=$(get_required_value "$secret")
+        set_pages_secret "$secret" "$secret_value" "$pages_env"
+    done
+
+    local optional_primershear_emails
+    optional_primershear_emails=$(get_optional_value "PRIMERSHEAR_EMAILS")
+    if [ -n "$optional_primershear_emails" ]; then
+        set_pages_secret "PRIMERSHEAR_EMAILS" "$optional_primershear_emails" "$pages_env"
+    fi
+
+    echo -e "${GREEN}✅ Pages secrets deployed to $pages_env${NC}"
+}
+
+require_command wrangler
+require_command node
+
+if [ ! -f ".env" ]; then
+    echo -e "${RED}❌ Error: .env file not found${NC}"
+    echo -e "${YELLOW}   Run deploy-config first to generate and populate .env.${NC}"
+    exit 1
+fi
+
+echo -e "${YELLOW}📖 Loading environment variables from .env...${NC}"
+source .env
+
+load_required_project_id
+
+PAGES_PROJECT_NAME=$(strip_carriage_returns "$PAGES_PROJECT_NAME")
+if [ -z "$PAGES_PROJECT_NAME" ] || is_placeholder "$PAGES_PROJECT_NAME"; then
+    echo -e "${RED}❌ Error: PAGES_PROJECT_NAME is missing or placeholder in .env${NC}"
+    exit 1
+fi
+
+required_pages_secrets=(
+    "AUDIT_WORKER_DOMAIN"
+    "DATA_WORKER_DOMAIN"
+    "IMAGES_API_TOKEN"
+    "IMAGES_WORKER_DOMAIN"
+    "PDF_WORKER_AUTH"
+    "PDF_WORKER_DOMAIN"
+    "PROJECT_ID"
+    "R2_KEY_SECRET"
+    "USER_DB_AUTH"
+    "USER_WORKER_DOMAIN"
+)
+
+echo -e "${YELLOW}🔍 Validating required Pages secret values...${NC}"
+for secret in "${required_pages_secrets[@]}"; do
+    get_required_value "$secret" > /dev/null
+done
+echo -e "${GREEN}✅ Required Pages secret values found${NC}"
+
+if [ "$deploy_production" = "true" ]; then
+    deploy_pages_environment_secrets "production"
+fi
+
+if [ "$deploy_preview" = "true" ]; then
+    deploy_pages_environment_secrets "preview"
+fi
+
+echo -e "\n${GREEN}🎉 Pages secrets deployment completed!${NC}"

package/scripts/deploy-pages.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# ======================================
+# STRIAE PAGES DEPLOYMENT SCRIPT
+# ======================================
+# This script deploys the Striae frontend to Cloudflare Pages
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo -e "${BLUE}📄 Striae Pages Deployment Script${NC}"
+echo "=================================="
+
+# Deploy to Cloudflare Pages (includes build step)
+echo -e "${YELLOW}🚀 Building and deploying to Cloudflare Pages...${NC}"
+if ! npm run deploy; then
+    echo -e "${RED}❌ Deployment failed!${NC}"
+    exit 1
+fi
+
+echo -e "${GREEN}✅ Pages deployment completed successfully${NC}"
+
+echo -e "\n${BLUE}💡 Next Steps:${NC}"
+echo "   1. Test your application"
+echo "   2. Configure custom domain (optional)"
+echo "   3. Verify Pages environment variables in Cloudflare dashboard"
+
+echo -e "\n${GREEN}✨ Pages deployment complete!${NC}"

package/scripts/deploy-primershear-emails.sh

@@ -0,0 +1,167 @@
+#!/bin/bash
+
+# ============================================
+# PRIMERSHEAR EMAIL LIST DEPLOYMENT SCRIPT
+# ============================================
+# Reads primershear.emails, updates PRIMERSHEAR_EMAILS in .env,
+# then deploys that secret directly to Cloudflare Pages.
+#
+# Usage:
+#   bash ./scripts/deploy-primershear-emails.sh [--production-only|--preview-only|--env-only]
+#
+# Options:
+#   --production-only  Deploy to production Pages environment only
+#   --preview-only     Deploy to preview Pages environment only
+#   --env-only         Update .env only; do not deploy to Cloudflare
+#   -h, --help         Show this help message
+
+set -e
+set -o pipefail
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+echo -e "${BLUE}📧 PrimerShear Email List Deployment${NC}"
+echo "======================================"
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+cd "$PROJECT_ROOT"
+
+trap 'echo -e "\n${RED}❌ deploy-primershear-emails.sh failed near line ${LINENO}${NC}"' ERR
+
+# ── Argument parsing ─────────────────────────────────────────────────────────
+
+deploy_production=true
+deploy_preview=true
+env_only=false
+
+for arg in "$@"; do
+    case "$arg" in
+        -h|--help)
+            echo "Usage: bash ./scripts/deploy-primershear-emails.sh [--production-only|--preview-only|--env-only]"
+            echo ""
+            echo "Options:"
+            echo "  --production-only  Deploy to production Pages environment only"
+            echo "  --preview-only     Deploy to preview Pages environment only"
+            echo "  --env-only         Update .env only; do not deploy to Cloudflare"
+            echo "  -h, --help         Show this help message"
+            exit 0
+            ;;
+        --production-only)
+            deploy_production=true
+            deploy_preview=false
+            ;;
+        --preview-only)
+            deploy_production=false
+            deploy_preview=true
+            ;;
+        --env-only)
+            env_only=true
+            ;;
+        *)
+            echo -e "${RED}❌ Unknown option: $arg${NC}"
+            echo "Use --help to see supported options."
+            exit 1
+            ;;
+    esac
+done
+
+# ── Read emails file ──────────────────────────────────────────────────────────
+
+EMAILS_FILE="$PROJECT_ROOT/primershear.emails"
+
+if [ ! -f "$EMAILS_FILE" ]; then
+    echo -e "${RED}❌ primershear.emails not found at: $EMAILS_FILE${NC}"
+    echo -e "${YELLOW}   Create it with one email address per line.${NC}"
+    exit 1
+fi
+
+# Strip comment lines and blank lines, then join with commas
+# Use || true to avoid failure if paste gets no input (handles empty file gracefully)
+PRIMERSHEAR_EMAILS=$(grep -v '^[[:space:]]*#' "$EMAILS_FILE" | grep -v '^[[:space:]]*$' | paste -sd ',' - || true)
+
+if [ -z "$PRIMERSHEAR_EMAILS" ]; then
+    echo -e "${YELLOW}⚠️  primershear.emails contains no active email addresses.${NC}"
+    echo -e "${YELLOW}   The secret will be set to an empty string, disabling the feature.${NC}"
+fi
+
+EMAIL_COUNT=$(echo "$PRIMERSHEAR_EMAILS" | tr ',' '\n' | grep -c '[^[:space:]]' || true)
+echo -e "${GREEN}✅ Loaded $EMAIL_COUNT email address(es) from primershear.emails${NC}"
+
+# ── Update .env ───────────────────────────────────────────────────────────────
+
+ENV_FILE="$PROJECT_ROOT/.env"
+
+if [ ! -f "$ENV_FILE" ]; then
+    echo -e "${RED}❌ .env not found. Run deploy-config first.${NC}"
+    exit 1
+fi
+
+# Replace the PRIMERSHEAR_EMAILS= line in .env (handles both empty and populated values)
+if grep -q '^PRIMERSHEAR_EMAILS=' "$ENV_FILE"; then
+    # Use a temp file to avoid sed -i portability issues across macOS/Linux
+    local_tmp=$(mktemp)
+    sed "s|^PRIMERSHEAR_EMAILS=.*|PRIMERSHEAR_EMAILS=${PRIMERSHEAR_EMAILS}|" "$ENV_FILE" > "$local_tmp"
+    mv "$local_tmp" "$ENV_FILE"
+    echo -e "${GREEN}✅ Updated PRIMERSHEAR_EMAILS in .env${NC}"
+else
+    echo "" >> "$ENV_FILE"
+    echo "PRIMERSHEAR_EMAILS=${PRIMERSHEAR_EMAILS}" >> "$ENV_FILE"
+    echo -e "${GREEN}✅ Appended PRIMERSHEAR_EMAILS to .env${NC}"
+fi
+
+if [ "$env_only" = "true" ]; then
+    echo -e "\n${GREEN}🎉 .env updated. Skipping Cloudflare deployment (--env-only).${NC}"
+    exit 0
+fi
+
+# ── Deploy to Cloudflare Pages ────────────────────────────────────────────────
+
+if ! command -v wrangler > /dev/null 2>&1; then
+    echo -e "${RED}❌ wrangler is not installed or not in PATH${NC}"
+    exit 1
+fi
+
+source "$ENV_FILE"
+
+PAGES_PROJECT_NAME=$(echo "$PAGES_PROJECT_NAME" | tr -d '\r')
+if [ -z "$PAGES_PROJECT_NAME" ]; then
+    echo -e "${RED}❌ PAGES_PROJECT_NAME is missing from .env${NC}"
+    exit 1
+fi
+
+set_secret() {
+    local pages_env=$1
+    echo -e "${YELLOW}  Setting PRIMERSHEAR_EMAILS for $pages_env...${NC}"
+    if [ "$pages_env" = "production" ]; then
+        printf '%s' "$PRIMERSHEAR_EMAILS" | wrangler pages secret put PRIMERSHEAR_EMAILS \
+            --project-name "$PAGES_PROJECT_NAME"
+    else
+        printf '%s' "$PRIMERSHEAR_EMAILS" | wrangler pages secret put PRIMERSHEAR_EMAILS \
+            --project-name "$PAGES_PROJECT_NAME" --env "$pages_env"
+    fi
+}
+
+if [ "$deploy_production" = "true" ]; then
+    set_secret "production"
+    echo -e "${GREEN}✅ PRIMERSHEAR_EMAILS deployed to production${NC}"
+fi
+
+if [ "$deploy_preview" = "true" ]; then
+    set_secret "preview"
+    echo -e "${GREEN}✅ PRIMERSHEAR_EMAILS deployed to preview${NC}"
+fi
+
+# Deploy Pages so the new secret takes effect immediately
+echo -e "\n${YELLOW}🚀 Building and deploying Pages to activate new secret...${NC}"
+if ! npm run deploy; then
+    echo -e "${RED}❌ Pages deployment failed${NC}"
+    exit 1
+fi
+echo -e "${GREEN}✅ Pages deployment complete${NC}"
+
+echo -e "\n${GREEN}🎉 PrimerShear email list deployment complete!${NC}"