@striae-org/striae 5.5.1 → 6.0.0

package/app/components/navbar/case-import/case-import.module.css

@@ -433,7 +433,7 @@
 }
 
 .archivedImportNote {
-  margin-bottom: var(--spaceM);
+  margin: var(--spaceM) 0;
   padding: var(--spaceS) var(--spaceM);
   border-radius: var(--spaceXS);
   background: color-mix(in lab, var(--success) 10%, transparent);
@@ -444,7 +444,7 @@
 }
 
 .archivedRegularCaseRiskNote {
-  margin-bottom: var(--spaceM);
+  margin: var(--spaceM) 0;
   padding: var(--spaceS) var(--spaceM);
   border-radius: var(--spaceXS);
   background: color-mix(in lab, var(--warning) 12%, transparent);

package/app/components/navbar/case-import/case-import.tsx

@@ -239,7 +239,6 @@ export const CaseImport = ({
     if (!user || !importState.selectedFile || !importState.importType) return;
 
     if (importState.importType === 'case' && isArchivedRegularCaseImportBlocked) {
-      setError(ARCHIVED_REGULAR_CASE_BLOCK_MESSAGE);
       return;
     }
     
@@ -260,7 +259,6 @@ export const CaseImport = ({
     casePreview,
     updateImportState,
     executeImport,
-    setError,
   ]);
 
   const handleCancelImport = useCallback(() => {
@@ -333,7 +331,6 @@ export const CaseImport = ({
   // Handle confirmation import
   const handleConfirmImport = useCallback(() => {
     if (isArchivedRegularCaseImportBlocked) {
-      setError(ARCHIVED_REGULAR_CASE_BLOCK_MESSAGE);
       return;
     }
 
@@ -343,7 +340,6 @@ export const CaseImport = ({
     isArchivedRegularCaseImportBlocked,
     executeImport,
     updateImportState,
-    setError,
   ]);
 
   if (!isOpen) return null;
@@ -414,10 +410,6 @@ export const CaseImport = ({
             {/* Import progress */}
             <ProgressSection importProgress={importProgress} />
 
-            {isArchivedRegularCaseImportBlocked && (
-              <div className={styles.error}>{ARCHIVED_REGULAR_CASE_BLOCK_MESSAGE}</div>
-            )}
-
             {/* Success message */}
             {messages.success && (
               <div className={styles.success}>

package/app/components/navbar/case-import/components/CasePreviewSection.tsx

@@ -82,7 +82,7 @@ export const CasePreviewSection = ({
             </div>
           )}
         </div>
-      {casePreview.archived && (
+      {casePreview.archived && !isArchivedRegularCaseImportBlocked && (
         <div className={styles.archivedImportNote}>
           {ARCHIVED_SELF_IMPORT_NOTE}
         </div>

package/app/components/navbar/case-modals/all-cases-modal.tsx

@@ -225,6 +225,14 @@ export const CasesModal = ({
     selectedCase && selectedCase.caseNumber !== currentCase && !selectedCase.isReadOnly
   );
 
+  const deleteSelectedCaseTitle = !selectedCase
+    ? 'Select a case to delete.'
+    : selectedCase.caseNumber === currentCase
+      ? 'Open a different case before deleting this one.'
+      : selectedCase.isReadOnly
+        ? 'Read-only review cases cannot be deleted. Use Clear RO Case under Case Management first.'
+        : undefined;
+
   useEffect(() => {
     setCurrentPage(0);
   }, [preferences.sortBy, preferences.confirmationFilter, preferences.showArchivedOnly]);
@@ -484,12 +492,15 @@ export const CasesModal = ({
   const handleDeleteSelectedCase = async () => {
     if (!selectedCase || !canDeleteSelectedCase) {
       const isCurrentCaseSelection = selectedCase?.caseNumber === currentCase;
+      const isReadOnlyReviewSelection = selectedCase?.isReadOnly === true;
 
       setActionNotice({
         type: 'warning',
         message: isCurrentCaseSelection
           ? 'Open a different case before deleting this one.'
-          : 'Selected case cannot be deleted.',
+          : isReadOnlyReviewSelection
+            ? 'Read-only review cases cannot be deleted. Use Clear RO Case under Case Management first.'
+            : 'Selected case cannot be deleted.',
       });
       return;
     }
@@ -785,6 +796,7 @@ export const CasesModal = ({
               className={`${styles.secondaryActionButton} ${styles.deleteActionButton}`}
               onClick={handleDeleteSelectedCase}
               disabled={!canDeleteSelectedCase || isRunningAction}
+              title={deleteSelectedCaseTitle}
             >
               Delete Selected
             </button>

package/app/components/navbar/navbar.tsx

@@ -121,6 +121,11 @@ export const Navbar = ({
   const isImageNotesActive = canOpenImageNotes;
   const canDeleteCurrentFile = hasLoadedImage && !isReadOnly;
   const isArchivedRegularReadOnly = Boolean(isReadOnly && archiveDetails?.archived && !isReviewOnlyCase);
+  const caseExportLabel = isArchivedRegularReadOnly
+    ? 'Export Archive'
+    : isReadOnly
+      ? 'Export Confirmations'
+      : 'Export Case Package';
 
   return (
     <>
@@ -179,11 +184,9 @@ export const Navbar = ({
                   type="button"
                   role="menuitem"
                   className={`${styles.caseMenuItem} ${styles.caseMenuItemExport}`}
-                  disabled={!hasLoadedCase || disableLongRunningCaseActions || isArchivedRegularReadOnly}
+                  disabled={!hasLoadedCase || disableLongRunningCaseActions}
                   title={
-                    isArchivedRegularReadOnly
-                      ? 'Export is unavailable for archived cases loaded from your regular case list'
-                      : !hasLoadedCase
+                    !hasLoadedCase
                       ? 'Load a case to export case data'
                       : disableLongRunningCaseActions
                         ? 'Export is unavailable while files are uploading'
@@ -194,7 +197,7 @@ export const Navbar = ({
                     setIsCaseMenuOpen(false);
                   }}
                 >
-                  {isReadOnly ? 'Export Confirmations' : 'Export Case Package'}
+                  {caseExportLabel}
                 </button>
                 <button
                   type="button"

package/app/components/sidebar/cases/case-sidebar.tsx

@@ -258,7 +258,8 @@ const handleImageSelect = (file: FileData) => {
     ? 'Select an image first'
     : undefined;
 
-  const showCaseExportButton = Boolean(currentCase && isReadOnly && !isArchivedCase);
+  const showCaseExportButton = Boolean(currentCase && isReadOnly);
+  const caseExportButtonLabel = isArchivedCase ? 'Export Archive' : 'Export Confirmations';
 
   const exportCaseTitle = isUploading
     ? 'Cannot export while uploading'
@@ -391,7 +392,7 @@ return (
           disabled={isUploading || !currentCase}
           title={exportCaseTitle}
         >
-          Export Confirmations
+          {caseExportButtonLabel}
         </button>
       ) : (
         <button

package/app/routes/auth/login.example.tsx

@@ -94,14 +94,26 @@ export const Login = () => {
     setIsClient(true);
   }, []);
 
-  // Email validation with regex
-  const validateRegistrationEmail = (email: string): { valid: boolean } => {
+  // Email validation with regex and registration gateway allowlist check
+  const validateRegistrationEmail = async (email: string): Promise<{ valid: boolean; message?: string }> => {
     const emailRegex = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
-    
+
     if (!emailRegex.test(email)) {
       return { valid: false };
     }
 
+    try {
+      const response = await fetch(`/api/auth/can-register?email=${encodeURIComponent(email)}`);
+      if (response.status === 403) {
+        return {
+          valid: false,
+          message: 'Registration is limited to Striae membership. You may join at https://join.striae.org.'
+        };
+      }
+    } catch {
+      // Fail open on network error — server-side PUT guard provides defense-in-depth
+    }
+
     return { valid: true };
   };
 
@@ -282,9 +294,9 @@ export const Login = () => {
 
   try {
     if (!isLogin) {
-      const emailValidation = validateRegistrationEmail(email);
+      const emailValidation = await validateRegistrationEmail(email);
       if (!emailValidation.valid) {
-        setError('Please enter a valid email address');
+        setError(emailValidation.message ?? 'Please enter a valid email address');
         setIsLoading(false);
         return;
       }

package/app/routes/striae/striae.tsx

@@ -19,7 +19,7 @@ import { FilesModal } from '~/components/sidebar/files/files-modal';
 import { NotesEditorModal } from '~/components/sidebar/notes/notes-editor-modal';
 import { UserAuditViewer } from '~/components/audit/user-audit-viewer';
 import { fetchUserApi } from '~/utils/api';
-import { type AnnotationData, type FileData } from '~/types';
+import { type AnnotationData, type FileData, type ExportOptions } from '~/types';
 import { validateCaseNumber, renameCase, deleteCase, checkExistingCase, createNewCase, archiveCase, getCaseArchiveDetails } from '~/components/actions/case-manage';
 import { checkReadOnlyCaseExists, deleteReadOnlyCase } from '~/components/actions/case-review';
 import { canCreateCase, getCaseConfirmationSummary } from '~/utils/data';
@@ -77,15 +77,21 @@ export const Striae = ({ user }: StriaePage) => {
 
   // PDF generation states
   const [isGeneratingPDF, setIsGeneratingPDF] = useState(false);
+
+  // Toast notification states
   const [showToast, setShowToast] = useState(false);
   const [toastMessage, setToastMessage] = useState('');
   const [toastType, setToastType] = useState<ToastType>('success');
   const [toastDuration, setToastDuration] = useState(4000);
+
+  // Modal and sidebar states
   const [isAuditTrailOpen, setIsAuditTrailOpen] = useState(false);
   const [isRenameCaseModalOpen, setIsRenameCaseModalOpen] = useState(false);
   const [isOpenCaseModalOpen, setIsOpenCaseModalOpen] = useState(false);
   const [isListCasesModalOpen, setIsListCasesModalOpen] = useState(false);
   const [isFilesModalOpen, setIsFilesModalOpen] = useState(false);
+
+  // Case management action states
   const [isRenamingCase, setIsRenamingCase] = useState(false);
   const [isDeletingCase, setIsDeletingCase] = useState(false);
   const [isArchivingCase, setIsArchivingCase] = useState(false);
@@ -93,6 +99,8 @@ export const Striae = ({ user }: StriaePage) => {
   const [isOpeningCase, setIsOpeningCase] = useState(false);
   const [openCaseHelperText, setOpenCaseHelperText] = useState('');
   const [isArchiveCaseModalOpen, setIsArchiveCaseModalOpen] = useState(false);
+
+  // Export states
   const [isExportCaseModalOpen, setIsExportCaseModalOpen] = useState(false);
   const [isExportingCase, setIsExportingCase] = useState(false);
   const [isExportConfirmationsModalOpen, setIsExportConfirmationsModalOpen] = useState(false);
@@ -287,7 +295,8 @@ export const Striae = ({ user }: StriaePage) => {
   const handleExport = async (
     exportCaseNumber: string,
     designatedReviewerEmail?: string,
-    onProgress?: (progress: number, label: string) => void
+    onProgress?: (progress: number, label: string) => void,
+    exportOptions?: ExportOptions
   ) => {
     if (!exportCaseNumber) {
       showNotification('Select a case before exporting.', 'error');
@@ -311,7 +320,7 @@ export const Striae = ({ user }: StriaePage) => {
           setShowToast(true);
           onProgress?.(roundedProgress, label);
         },
-        { designatedReviewerEmail }
+        { ...exportOptions, designatedReviewerEmail }
       );
 
       showNotification(`Case ${exportCaseNumber} exported successfully.`, 'success');
@@ -364,6 +373,28 @@ export const Striae = ({ user }: StriaePage) => {
     }
   };
 
+  const handleOpenCaseExport = () => {
+    if (!currentCase) {
+      return;
+    }
+
+    if (isReadOnlyCase) {
+      if (isReviewOnlyCase) {
+        void handleOpenExportConfirmationsModal();
+        return;
+      }
+
+      if (archiveDetails.archived) {
+        void handleExport(currentCase, undefined, undefined, {
+          archivePackageMode: true,
+        });
+        return;
+      }
+    }
+
+    setIsExportCaseModalOpen(true);
+  };
+
   const handleRenameCaseSubmit = async (newCaseName: string) => {
     if (!currentCase) {
       showNotification('Select a case before renaming.', 'error');
@@ -809,13 +840,7 @@ export const Striae = ({ user }: StriaePage) => {
           void handleOpenCaseModal();
         }}
         onOpenListAllCases={() => setIsListCasesModalOpen(true)}
-        onOpenCaseExport={() => {
-          if (isReadOnlyCase) {
-            void handleOpenExportConfirmationsModal();
-          } else {
-            setIsExportCaseModalOpen(true);
-          }
-        }}
+        onOpenCaseExport={handleOpenCaseExport}
         onOpenAuditTrail={() => setIsAuditTrailOpen(true)}
         onOpenRenameCase={() => setIsRenameCaseModalOpen(true)}
         onDeleteCase={() => {
@@ -838,7 +863,7 @@ export const Striae = ({ user }: StriaePage) => {
           onOpenCase={() => {
             void handleOpenCaseModal();
           }}
-          onOpenCaseExport={() => void handleOpenExportConfirmationsModal()}
+          onOpenCaseExport={handleOpenCaseExport}
           imageId={imageId}
           currentCase={currentCase}
           imageLoaded={imageLoaded}

package/app/types/export.ts

@@ -5,4 +5,5 @@ export interface ExportOptions {
   includeUserInfo?: boolean;
   protectForensicData?: boolean;
   designatedReviewerEmail?: string;
+  archivePackageMode?: boolean;
 }

package/app/utils/forensics/SHA256.ts

@@ -6,8 +6,8 @@
 
 import { verifySignaturePayload } from './signature-utils';
 
-export const FORENSIC_MANIFEST_VERSION = '2.0';
-export const FORENSIC_MANIFEST_SIGNATURE_ALGORITHM = 'RSASSA-PKCS1-v1_5-SHA-256';
+export const FORENSIC_MANIFEST_VERSION = '3.0';
+export const FORENSIC_MANIFEST_SIGNATURE_ALGORITHM = 'RSASSA-PSS-SHA-256';
 
 export interface ForensicManifestData {
   dataHash: string;

package/app/utils/forensics/audit-export-signature.ts

@@ -5,7 +5,7 @@ import {
 } from './SHA256';
 import { verifySignaturePayload } from './signature-utils';
 
-export const AUDIT_EXPORT_SIGNATURE_VERSION = '1.0';
+export const AUDIT_EXPORT_SIGNATURE_VERSION = '2.0';
 
 const SHA256_HEX_REGEX = /^[a-f0-9]{64}$/i;
 

package/app/utils/forensics/confirmation-signature.ts

@@ -6,7 +6,7 @@ import {
 } from './SHA256';
 import { verifySignaturePayload } from './signature-utils';
 
-export const CONFIRMATION_SIGNATURE_VERSION = '2.0';
+export const CONFIRMATION_SIGNATURE_VERSION = '3.0';
 
 const SHA256_HEX_REGEX = /^[a-f0-9]{64}$/i;
 

package/app/utils/forensics/signature-utils.ts

@@ -29,6 +29,8 @@ export interface PublicSigningKeyDetails {
   publicKeyPem: string | null;
 }
 
+const RSA_PSS_SALT_LENGTH = 32;
+
 type ManifestSigningConfig = {
   manifest_signing_public_keys?: Record<string, string>;
   manifest_signing_public_key?: string;
@@ -197,7 +199,7 @@ export async function verifySignaturePayload(
       'spki',
       publicKeyPemToArrayBuffer(publicKeyPem, invalidPublicKeyError),
       {
-        name: 'RSASSA-PKCS1-v1_5',
+        name: 'RSA-PSS',
         hash: 'SHA-256'
       },
       false,
@@ -209,7 +211,10 @@ export async function verifySignaturePayload(
     signatureBuffer.set(signatureBytes);
 
     const verified = await crypto.subtle.verify(
-      { name: 'RSASSA-PKCS1-v1_5' },
+      {
+        name: 'RSA-PSS',
+        saltLength: RSA_PSS_SALT_LENGTH
+      },
       key,
       signatureBuffer,
       new TextEncoder().encode(payload)

package/functions/api/_shared/registration-allowlist.ts

@@ -0,0 +1,38 @@
+/**
+ * Checks whether the given email is permitted to register based on the
+ * REGISTRATION_EMAILS secret (a comma-separated list of allowed entries).
+ *
+ * Each entry may be:
+ *   - An exact email address:  user@example.com
+ *   - A domain wildcard:       @example.com  (matches any email from that domain)
+ *
+ * If registrationEmails is empty or unset, all registrations are allowed
+ * (backward-compatible — deploys without a members.emails file are unrestricted).
+ */
+export function isEmailAllowed(email: string, registrationEmails: string): boolean {
+  if (!registrationEmails || registrationEmails.trim().length === 0) {
+    return true;
+  }
+
+  const normalizedEmail = email.toLowerCase().trim();
+  const entries = registrationEmails
+    .split(',')
+    .map(e => e.trim().toLowerCase())
+    .filter(Boolean);
+
+  for (const entry of entries) {
+    if (entry.startsWith('@')) {
+      // Domain wildcard: @example.com matches user@example.com
+      if (normalizedEmail.endsWith(entry)) {
+        return true;
+      }
+    } else {
+      // Exact email match
+      if (normalizedEmail === entry) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}

package/functions/api/auth/can-register.ts

@@ -0,0 +1,59 @@
+import { isEmailAllowed } from '../_shared/registration-allowlist';
+
+interface CanRegisterContext {
+  request: Request;
+  env: Env;
+}
+
+const SUPPORTED_METHODS = new Set(['GET', 'OPTIONS']);
+
+function jsonResponse(payload: Record<string, unknown>, status: number = 200): Response {
+  return new Response(JSON.stringify(payload), {
+    status,
+    headers: {
+      'Cache-Control': 'no-store',
+      'Content-Type': 'application/json; charset=utf-8'
+    }
+  });
+}
+
+function textResponse(message: string, status: number): Response {
+  return new Response(message, {
+    status,
+    headers: {
+      'Cache-Control': 'no-store',
+      'Content-Type': 'text/plain; charset=utf-8'
+    }
+  });
+}
+
+export const onRequest = async ({ request, env }: CanRegisterContext): Promise<Response> => {
+  if (!SUPPORTED_METHODS.has(request.method)) {
+    return textResponse('Method not allowed', 405);
+  }
+
+  if (request.method === 'OPTIONS') {
+    return new Response(null, {
+      status: 204,
+      headers: {
+        'Allow': 'GET, OPTIONS',
+        'Cache-Control': 'no-store'
+      }
+    });
+  }
+
+  const url = new URL(request.url);
+  const email = url.searchParams.get('email');
+
+  if (!email || email.trim().length === 0) {
+    return textResponse('Missing required parameter: email', 400);
+  }
+
+  const registrationEmails = env.REGISTRATION_EMAILS ?? '';
+
+  if (isEmailAllowed(email, registrationEmails)) {
+    return jsonResponse({ allowed: true });
+  }
+
+  return jsonResponse({ allowed: false }, 403);
+};

package/functions/api/user/[[path]].ts

@@ -1,4 +1,5 @@
 import { verifyFirebaseIdentityFromRequest } from '../_shared/firebase-auth';
+import { isEmailAllowed } from '../_shared/registration-allowlist';
 
 interface UserProxyContext {
   request: Request;
@@ -155,6 +156,39 @@ export const onRequest = async ({ request, env }: UserProxyContext): Promise<Res
   if (requestedUserId !== identity.uid) {
     return textResponse('Forbidden', 403);
   }
+
+  // Registration gateway: for PUT requests, check if this is a new user creation.
+  // If REGISTRATION_EMAILS is set and the user record does not yet exist, enforce the allowlist.
+  // This is defense-in-depth — the primary check runs client-side in the login flow.
+  if (request.method === 'PUT' && env.REGISTRATION_EMAILS && env.REGISTRATION_EMAILS.trim().length > 0) {
+    try {
+      const existenceCheckUrl = `${userWorkerBaseUrl}/${encodeURIComponent(requestedUserId)}`;
+      const existenceResponse = await fetch(existenceCheckUrl, {
+        method: 'GET',
+        headers: {
+          'Accept': 'application/json',
+          'X-Custom-Auth-Key': env.USER_DB_AUTH
+        }
+      });
+
+      if (existenceResponse.status === 404) {
+        // User does not exist yet — this is a registration PUT.
+        // Enforce the email allowlist.
+        if (!isEmailAllowed(identity.email ?? '', env.REGISTRATION_EMAILS)) {
+          return textResponse('Registration is not permitted for this email address', 403);
+        }
+      } else if (!existenceResponse.ok) {
+        // Existence check failed (non-404, non-2xx response).
+        // Fail closed: reject the registration to prevent allowlist bypass during errors.
+        return textResponse('Unable to verify registration eligibility', 502);
+      }
+      // If user already exists (200), proceed normally.
+    } catch {
+      // Fail closed: on network error with allowlist active, reject the request.
+      return textResponse('Unable to verify registration eligibility', 502);
+    }
+  }
+
   const upstreamUrl = `${userWorkerBaseUrl}${proxyPath}${requestUrl.search}`;
 
   const upstreamHeaders = new Headers();

package/members.emails.example

@@ -0,0 +1,11 @@
+# Registration gateway - authorized email addresses
+# One entry per line. Lines starting with # are ignored.
+# This file is untracked. Run: npm run deploy-members to push changes.
+#
+# Supported formats:
+#   Exact email:   analyst@organization.com
+#   Domain wildcard: @organization.com  (allows all emails from that domain)
+#
+# Examples:
+# analyst@organization.com
+# @striae.org

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@striae-org/striae",
-  "version": "5.5.1",
+  "version": "6.0.0",
   "private": false,
   "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
   "license": "Apache-2.0",
@@ -52,11 +52,12 @@
     "workers/pdf-worker/src/formats/format-striae.ts",
     ".env.example",
     "primershear.emails.example",
+    "members.emails.example",
     "firebase.json",
     "tsconfig.json",
     "vite.config.ts",
     "/worker-configuration.d.ts",
-    "wrangler.toml.example",
+    "wrangler.toml.example",    
     "LICENSE"
   ],
   "sideEffects": false,
@@ -90,9 +91,10 @@
     "install-workers": "bash ./scripts/install-workers.sh",
     "deploy-workers": "npm run deploy-workers:audit && npm run deploy-workers:data && npm run deploy-workers:image && npm run deploy-workers:pdf && npm run deploy-workers:user",
     "deploy-workers:secrets": "bash ./scripts/deploy-worker-secrets.sh",
-    "deploy-pages:secrets": "bash ./scripts/deploy-pages-secrets.sh --production-only",
+    "deploy-pages:secrets": "bash ./scripts/deploy-pages-secrets.sh",
     "deploy-pages": "bash ./scripts/deploy-pages.sh",
-    "deploy-primershear": "bash ./scripts/deploy-primershear-emails.sh --production-only",
+    "deploy-primershear": "bash ./scripts/deploy-primershear-emails.sh",
+    "deploy-members": "bash ./scripts/deploy-members-emails.sh",
     "deploy-workers:audit": "cd workers/audit-worker && npm run deploy",
     "deploy-workers:data": "cd workers/data-worker && npm run deploy",
     "deploy-workers:image": "cd workers/image-worker && npm run deploy",
@@ -101,7 +103,7 @@
   },
   "dependencies": {
     "@react-router/cloudflare": "^7.14.0",
-    "firebase": "^12.11.0",
+    "firebase": "^12.12.0",
     "isbot": "^5.1.37",
     "jszip": "^3.10.1",
     "qrcode": "^1.5.4",
@@ -123,7 +125,7 @@
     "eslint-plugin-jsx-a11y": "^6.10.2",
     "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-react-hooks": "^7.0.1",
-    "firebase-admin": "^13.7.0",
+    "firebase-admin": "^13.8.0",
     "modern-normalize": "^3.0.1",
     "typescript": "^5.9.3",
     "vite": "^7.3.2",
@@ -131,9 +133,7 @@
     "wrangler": "^4.81.1"
   },
   "overrides": {
-    "@tootallnate/once": "3.0.1",
-    "tar": "7.5.11",
-    "undici": "7.24.1"
+    "@tootallnate/once": "3.0.1"
   },
   "engines": {
     "node": ">=20.19.0"

package/scripts/deploy-all.sh

@@ -127,8 +127,8 @@ echo ""
 # Step 5: Deploy Pages Secrets
 echo -e "${PURPLE}Step 5/6: Deploying Pages Secrets${NC}"
 echo "----------------------------------"
-echo -e "${YELLOW}🔐 Deploying Pages environment variables to production only...${NC}"
-if ! bash "$SCRIPT_DIR/deploy-pages-secrets.sh" --production-only; then
+echo -e "${YELLOW}🔐 Deploying Pages environment variables...${NC}"
+if ! bash "$SCRIPT_DIR/deploy-pages-secrets.sh"; then
     echo -e "${RED}❌ Pages secrets deployment failed!${NC}"
     exit 1
 fi