@striae-org/striae 6.1.7 → 7.0.0

package/package.json

@@ -1,138 +1,144 @@
-{
-  "name": "@striae-org/striae",
-  "version": "6.1.7",
-  "private": false,
-  "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
-  "license": "Apache-2.0",
-  "homepage": "https://github.com/striae-org/striae/wiki",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/striae-org/striae.git"
-  },
-  "funding": {
-    "type": "github",
-    "url": "https://github.com/sponsors/striae-org"
-  },
-  "bugs": {
-    "url": "https://github.com/striae-org/striae/issues"
-  },
-  "keywords": [
-    "forensics",
-    "firearms",
-    "annotation",
-    "react",
-    "cloudflare-workers",
-    "authenticated",
-    "confirmations",
-    "chain-of-custody",
-    "audit-trail"
-  ],
-  "publishConfig": {
-    "access": "public"
-  },
-  "files": [
-    "app/",
-    "!app/config",
-    "react-router.config.ts",
-    "load-context.ts",
-    "scripts/",
-    "functions/",
-    "public/",
-    "workers/",
-    "shared/",
-    "!workers/*/.wrangler",
-    "!workers/*/package-lock.json",
-    "!workers/*/worker-configuration.d.ts",
-    "!workers/*/wrangler.jsonc",
-    "!workers/*/src/**/*worker.ts",
-    "!workers/pdf-worker/src/assets/**/*",
-    "workers/pdf-worker/src/assets/generated-assets.example.ts",
-    "!workers/pdf-worker/src/formats/**/*",
-    "workers/pdf-worker/src/formats/format-striae.ts",
-    ".env.example",
-    "firebase.json",
-    "tsconfig.json",
-    "vite.config.ts",
-    "/worker-configuration.d.ts",
-    "wrangler.toml.example",
-    "LICENSE"
-  ],
-  "sideEffects": false,
-  "type": "module",
-  "scripts": {
-    "deploy:all": "bash ./scripts/deploy-all.sh",
-    "emulators": "firebase emulators:start --only auth",
-    "dev": "node ./scripts/dev.cjs && react-router dev",
-    "build": "node ./scripts/dev.cjs && react-router build",
-    "clean": "rm -rf build node_modules/.cache .cache",
-    "clean:build": "npm run clean && npm run build",
-    "deploy": "npm run build && wrangler pages deploy",
-    "publish:npm": "npm publish --access public --registry=https://registry.npmjs.org --@striae-org:registry=https://registry.npmjs.org",
-    "publish:npm:dry-run": "npm publish --dry-run --access public --registry=https://registry.npmjs.org --@striae-org:registry=https://registry.npmjs.org",
-    "publish:github": "npm publish --registry=https://npm.pkg.github.com --@striae-org:registry=https://npm.pkg.github.com",
-    "publish:github:dry-run": "npm publish --dry-run --registry=https://npm.pkg.github.com --@striae-org:registry=https://npm.pkg.github.com",
-    "publish:all": "npm run publish:npm && npm run publish:github",
-    "publish:all:dry-run": "npm run publish:npm:dry-run && npm run publish:github:dry-run",
-    "lint": "node ./scripts/run-eslint.cjs",
-    "start": "node ./scripts/dev.cjs && wrangler pages dev",
-    "typecheck": "react-router typegen && tsc",
-    "typegen": "wrangler types",
-    "preview": "npm run build && wrangler pages dev",
-    "cf-typegen": "wrangler types",
-    "enable-totp-mfa": "node ./scripts/enable-totp-mfa.mjs",
-    "unenroll-totp-mfa": "node ./scripts/unenroll-totp-mfa.mjs",
-    "update-versions": "node ./scripts/update-markdown-versions.cjs",
-    "update-compatibility-dates": "node ./scripts/update-compatibility-dates.cjs",
-    "deploy-config": "bash ./scripts/deploy-config.sh",
-    "update-env": "bash ./scripts/deploy-config.sh --update-env",
-    "install-workers": "bash ./scripts/install-workers.sh",
-    "deploy-workers": "npm run deploy-workers:audit && npm run deploy-workers:data && npm run deploy-workers:image && npm run deploy-workers:pdf && npm run deploy-workers:user",
-    "deploy-workers:secrets": "bash ./scripts/deploy-worker-secrets.sh",
-    "deploy-pages:secrets": "bash ./scripts/deploy-pages-secrets.sh",
-    "deploy-pages": "bash ./scripts/deploy-pages.sh",
-    "deploy-primershear": "bash ./scripts/deploy-primershear-emails.sh",
-    "deploy-members": "bash ./scripts/deploy-members-emails.sh",
-    "deploy-workers:audit": "cd workers/audit-worker && npm run deploy",
-    "deploy-workers:data": "cd workers/data-worker && npm run deploy",
-    "deploy-workers:image": "cd workers/image-worker && npm run deploy",
-    "deploy-workers:pdf": "cd workers/pdf-worker && npm run deploy",
-    "deploy-workers:user": "cd workers/user-worker && npm run deploy"
-  },
-  "dependencies": {
-    "@react-router/cloudflare": "^7.14.1",
-    "firebase": "^12.12.0",
-    "isbot": "^5.1.39",
-    "jszip": "^3.10.1",
-    "qrcode": "^1.5.4",
-    "react": "^19.2.5",
-    "react-dom": "^19.2.5",
-    "react-router": "^7.14.1"
-  },
-  "devDependencies": {
-    "@react-router/dev": "^7.14.1",
-    "@react-router/fs-routes": "^7.14.1",
-    "@types/qrcode": "^1.5.6",
-    "@types/react": "^19.2.14",
-    "@types/react-dom": "^19.2.3",
-    "@typescript-eslint/eslint-plugin": "^8.58.2",
-    "@typescript-eslint/parser": "^8.58.2",
-    "eslint": "^9.39.4",
-    "eslint-import-resolver-typescript": "^4.4.4",
-    "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jsx-a11y": "^6.10.2",
-    "eslint-plugin-react": "^7.37.5",
-    "eslint-plugin-react-hooks": "^7.1.1",
-    "firebase-admin": "^13.8.0",
-    "modern-normalize": "^3.0.1",
-    "typescript": "^6.0.3",
-    "vite": "^8.0.9",
-    "wrangler": "^4.84.0"
-  },
-  "overrides": {
-    "@tootallnate/once": "3.0.1"
-  },
-  "engines": {
-    "node": ">=20.19.0"
-  },
-  "packageManager": "npm@11.12.0"
+{
+  "name": "@striae-org/striae",
+  "version": "7.0.0",
+  "private": false,
+  "description": "Striae is a specialized, cloud-native platform designed to streamline forensic firearms identification by providing an intuitive environment for digital comparison image annotation, authenticated confirmations, and automated report generation.",
+  "license": "Apache-2.0",
+  "homepage": "https://github.com/striae-org/striae/wiki",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/striae-org/striae.git"
+  },
+  "funding": {
+    "type": "github",
+    "url": "https://github.com/sponsors/striae-org"
+  },
+  "bugs": {
+    "url": "https://github.com/striae-org/striae/issues"
+  },
+  "keywords": [
+    "forensics",
+    "firearms",
+    "annotation",
+    "react",
+    "cloudflare-workers",
+    "authenticated",
+    "confirmations",
+    "chain-of-custody",
+    "audit-trail"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "app/",
+    "!app/config",
+    "react-router.config.ts",
+    "load-context.ts",
+    "scripts/",
+    "functions/",
+    "public/",
+    "workers/",
+    "shared/",
+    "!workers/*/.wrangler",
+    "!workers/*/package-lock.json",
+    "!workers/*/worker-configuration.d.ts",
+    "!workers/*/wrangler.jsonc",
+    "!workers/pdf-worker/src/assets/**/*",
+    "workers/pdf-worker/src/assets/generated-assets.example.ts",
+    "!workers/pdf-worker/src/formats/**/*",
+    "workers/pdf-worker/src/formats/format-striae.ts",
+    ".env.example",
+    "firebase.json",
+    "tsconfig.json",
+    "vite.config.ts",
+    "wrangler.toml.example",
+    "LICENSE"
+  ],
+  "sideEffects": false,
+  "type": "module",
+  "scripts": {
+    "deploy:all": "bash ./scripts/deploy-all.sh",
+    "emulators": "firebase emulators:start --only auth",
+    "dev": "node ./scripts/dev.cjs && react-router dev",
+    "build": "node ./scripts/dev.cjs && react-router build",
+    "clean": "rm -rf build node_modules/.cache .cache",
+    "clean:build": "npm run clean && npm run build",
+    "deploy": "npm run build && wrangler pages deploy",
+    "publish:npm": "npm publish --access public --registry=https://registry.npmjs.org --@striae-org:registry=https://registry.npmjs.org",
+    "publish:npm:dry-run": "npm publish --dry-run --access public --registry=https://registry.npmjs.org --@striae-org:registry=https://registry.npmjs.org",
+    "publish:github": "npm publish --registry=https://npm.pkg.github.com --@striae-org:registry=https://npm.pkg.github.com",
+    "publish:github:dry-run": "npm publish --dry-run --registry=https://npm.pkg.github.com --@striae-org:registry=https://npm.pkg.github.com",
+    "publish:all": "npm run publish:npm && npm run publish:github",
+    "publish:all:dry-run": "npm run publish:npm:dry-run && npm run publish:github:dry-run",
+    "lint": "node ./scripts/run-eslint.cjs",
+    "start": "node ./scripts/dev.cjs && wrangler pages dev",
+    "typecheck": "react-router typegen && tsc",
+    "typegen": "wrangler types",
+    "preview": "npm run build && wrangler pages dev",
+    "cf-typegen": "wrangler types",
+    "test": "npm run test:app && npm run test:workers:data",
+    "test:app": "vitest run --config tests/app/vitest.config.ts",
+    "test:workers:data": "vitest run --config tests/workers/data/vitest.config.mjs",
+    "test:watch": "vitest --config tests/app/vitest.config.ts",
+    "test:coverage": "vitest run --config tests/app/vitest.config.ts --coverage",
+    "enable-totp-mfa": "node ./scripts/enable-totp-mfa.mjs",
+    "unenroll-totp-mfa": "node ./scripts/unenroll-totp-mfa.mjs",
+    "update-versions": "node ./scripts/update-markdown-versions.cjs",
+    "update-compatibility-dates": "node ./scripts/update-compatibility-dates.cjs",
+    "deploy-config": "bash ./scripts/deploy-config.sh",
+    "update-env": "bash ./scripts/deploy-config.sh --update-env",
+    "install-workers": "bash ./scripts/install-workers.sh",
+    "deploy-workers": "npm run deploy-workers:audit && npm run deploy-workers:data && npm run deploy-workers:image && npm run deploy-workers:pdf && npm run deploy-workers:user",
+    "deploy-workers:secrets": "bash ./scripts/deploy-worker-secrets.sh",
+    "deploy-pages:secrets": "bash ./scripts/deploy-pages-secrets.sh",
+    "deploy-pages": "bash ./scripts/deploy-pages.sh",
+    "deploy-primershear": "bash ./scripts/deploy-primershear-emails.sh",
+    "deploy-members": "bash ./scripts/deploy-members-emails.sh",
+    "deploy-workers:audit": "cd workers/audit-worker && npm run deploy",
+    "deploy-workers:data": "cd workers/data-worker && npm run deploy",
+    "deploy-workers:image": "cd workers/image-worker && npm run deploy",
+    "deploy-workers:pdf": "cd workers/pdf-worker && npm run deploy",
+    "deploy-workers:user": "cd workers/user-worker && npm run deploy"
+  },
+  "dependencies": {
+    "@react-router/cloudflare": "^7.14.2",
+    "firebase": "^12.12.1",
+    "isbot": "^5.1.39",
+    "jszip": "^3.10.1",
+    "qrcode": "^1.5.4",
+    "react": "^19.2.5",
+    "react-dom": "^19.2.5",
+    "react-router": "^7.14.2"
+  },
+  "devDependencies": {
+    "@cloudflare/vitest-pool-workers": "^0.14.9",
+    "@react-router/dev": "^7.14.2",
+    "@react-router/fs-routes": "^7.14.2",
+    "@types/qrcode": "^1.5.6",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "@typescript-eslint/eslint-plugin": "^8.59.0",
+    "@typescript-eslint/parser": "^8.59.0",
+    "@vitest/coverage-v8": "^4.1.5",
+    "eslint": "^9.39.4",
+    "eslint-import-resolver-typescript": "^4.4.4",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-jsx-a11y": "^6.10.2",
+    "eslint-plugin-react": "^7.37.5",
+    "eslint-plugin-react-hooks": "^7.1.1",
+    "firebase-admin": "^13.8.0",
+    "modern-normalize": "^3.0.1",
+    "typescript": "^6.0.3",
+    "vite": "^8.0.9",
+    "vitest": "^4.1.5",
+    "wrangler": "^4.84.1"
+  },
+  "overrides": {
+    "@tootallnate/once": "3.0.1"
+  },
+  "engines": {
+    "node": ">=20.19.0"
+  },
+  "packageManager": "npm@11.12.0"
 }

package/scripts/deploy-all.sh

@@ -79,7 +79,7 @@ echo -e "${GREEN}✅ Preflight checks passed${NC}"
 echo ""
 
 # Step 1: Configuration Setup
-echo -e "${PURPLE}Step 1/6: Configuration Setup${NC}"
+echo -e "${PURPLE}Step 1/7: Configuration Setup${NC}"
 echo "------------------------------"
 echo -e "${YELLOW}⚙️  Setting up configuration files and replacing placeholders...${NC}"
 if ! bash "$SCRIPT_DIR/deploy-config.sh"; then
@@ -92,7 +92,7 @@ run_config_checkpoint
 echo ""
 
 # Step 2: Install Worker Dependencies
-echo -e "${PURPLE}Step 2/6: Installing Worker Dependencies${NC}"
+echo -e "${PURPLE}Step 2/7: Installing Worker Dependencies${NC}"
 echo "----------------------------------------"
 echo -e "${YELLOW}📦 Installing npm dependencies for all workers...${NC}"
 if ! bash "$SCRIPT_DIR/install-workers.sh"; then
@@ -102,8 +102,26 @@ fi
 echo -e "${GREEN}✅ All worker dependencies installed successfully${NC}"
 echo ""
 
-# Step 3: Deploy Workers
-echo -e "${PURPLE}Step 3/6: Deploying Workers${NC}"
+# Step 3: Generate Wrangler Types
+echo -e "${PURPLE}Step 3/7: Generating Wrangler Types${NC}"
+echo "-------------------------------------"
+echo -e "${YELLOW}📝 Running wrangler types in root and all worker directories...${NC}"
+if ! npx wrangler types; then
+    echo -e "${RED}❌ Root wrangler types generation failed!${NC}"
+    exit 1
+fi
+for WORKER in audit-worker data-worker image-worker pdf-worker user-worker; do
+    echo -e "${YELLOW}  → Generating types for ${WORKER}...${NC}"
+    if ! (cd "workers/$WORKER" && npx wrangler types); then
+        echo -e "${RED}❌ wrangler types failed for ${WORKER}!${NC}"
+        exit 1
+    fi
+done
+echo -e "${GREEN}✅ Wrangler types generated successfully${NC}"
+echo ""
+
+# Step 4: Deploy Workers
+echo -e "${PURPLE}Step 4/7: Deploying Workers${NC}"
 echo "----------------------------"
 echo -e "${YELLOW}🔧 Deploying all 5 Cloudflare Workers...${NC}"
 if ! npm run deploy-workers; then
@@ -113,8 +131,8 @@ fi
 echo -e "${GREEN}✅ All workers deployed successfully${NC}"
 echo ""
 
-# Step 4: Deploy Worker Secrets
-echo -e "${PURPLE}Step 4/6: Deploying Worker Secrets${NC}"
+# Step 5: Deploy Worker Secrets
+echo -e "${PURPLE}Step 5/7: Deploying Worker Secrets${NC}"
 echo "-----------------------------------"
 echo -e "${YELLOW}🔐 Deploying worker environment variables...${NC}"
 if ! bash "$SCRIPT_DIR/deploy-worker-secrets.sh"; then
@@ -124,8 +142,8 @@ fi
 echo -e "${GREEN}✅ Worker secrets deployed successfully${NC}"
 echo ""
 
-# Step 5: Deploy Pages Secrets
-echo -e "${PURPLE}Step 5/6: Deploying Pages Secrets${NC}"
+# Step 6: Deploy Pages Secrets
+echo -e "${PURPLE}Step 6/7: Deploying Pages Secrets${NC}"
 echo "----------------------------------"
 echo -e "${YELLOW}🔐 Deploying Pages environment variables...${NC}"
 if ! bash "$SCRIPT_DIR/deploy-pages-secrets.sh"; then
@@ -135,8 +153,8 @@ fi
 echo -e "${GREEN}✅ Pages secrets deployed successfully${NC}"
 echo ""
 
-# Step 6: Deploy Pages
-echo -e "${PURPLE}Step 6/6: Deploying Pages${NC}"
+# Step 7: Deploy Pages
+echo -e "${PURPLE}Step 7/7: Deploying Pages${NC}"
 echo "--------------------------"
 echo -e "${YELLOW}🌐 Building and deploying Pages...${NC}"
 if ! npm run deploy-pages; then
@@ -153,6 +171,7 @@ echo "=========================================="
 echo ""
 echo -e "${BLUE}Deployed Components:${NC}"
 echo "  ✅ Worker dependencies (npm install)"
+echo "  ✅ Wrangler types (root + all workers)"
 echo "  ✅ 5 Cloudflare Workers"
 echo "  ✅ Worker environment variables"
 echo "  ✅ Pages environment variables"

package/scripts/deploy-config/modules/env-utils.sh

@@ -56,29 +56,12 @@ normalize_worker_label_value() {
     printf '%s' "$label"
 }
 
-normalize_worker_subdomain_value() {
-    local subdomain="$1"
-
-    subdomain=$(normalize_domain_value "$subdomain")
-    subdomain="${subdomain#.}"
-    subdomain="${subdomain%.}"
-    subdomain=$(printf '%s' "$subdomain" | tr '[:upper:]' '[:lower:]')
-
-    printf '%s' "$subdomain"
-}
-
 is_valid_worker_label() {
     local label="$1"
 
     [[ "$label" =~ ^[a-z0-9-]+$ ]]
 }
 
-is_valid_worker_subdomain() {
-    local subdomain="$1"
-
-    [[ "$subdomain" =~ ^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+$ ]]
-}
-
 strip_carriage_returns() {
     printf '%s' "$1" | tr -d '\r'
 }
@@ -196,57 +179,6 @@ confirm_key_pair_regeneration() {
     return 1
 }
 
-generate_worker_subdomain_label() {
-    node -e "const { randomInt } = require('crypto'); const alphabet = 'abcdefghijklmnopqrstuvwxyz0123456789'; let value = ''; for (let index = 0; index < 10; index += 1) { value += alphabet[randomInt(alphabet.length)]; } process.stdout.write(value);" 2>/dev/null
-}
-
-compose_worker_domain() {
-    local worker_name=$1
-    local worker_subdomain=$2
-
-    worker_name=$(normalize_worker_label_value "$worker_name")
-    worker_subdomain=$(normalize_worker_subdomain_value "$worker_subdomain")
-
-    if [ -z "$worker_name" ] || [ -z "$worker_subdomain" ]; then
-        return 1
-    fi
-
-    if ! is_valid_worker_label "$worker_name" || ! is_valid_worker_subdomain "$worker_subdomain"; then
-        return 1
-    fi
-
-    printf '%s.%s' "$worker_name" "$worker_subdomain"
-}
-
-infer_worker_subdomain_from_domain() {
-    local worker_name=$1
-    local worker_domain=$2
-    local worker_subdomain=""
-
-    worker_name=$(normalize_worker_label_value "$worker_name")
-    worker_domain=$(normalize_domain_value "$worker_domain")
-    worker_domain=$(printf '%s' "$worker_domain" | tr '[:upper:]' '[:lower:]')
-
-    if [ -z "$worker_name" ] || [ -z "$worker_domain" ] || is_placeholder "$worker_name" || is_placeholder "$worker_domain"; then
-        printf '%s' ""
-        return 0
-    fi
-
-    case "$worker_domain" in
-        "$worker_name".*)
-            worker_subdomain="${worker_domain#${worker_name}.}"
-            worker_subdomain=$(normalize_worker_subdomain_value "$worker_subdomain")
-
-            if is_valid_worker_subdomain "$worker_subdomain"; then
-                printf '%s' "$worker_subdomain"
-                return 0
-            fi
-            ;;
-    esac
-
-    printf '%s' ""
-}
-
 write_env_var() {
     local var_name=$1
     local var_value=$2

package/scripts/deploy-config/modules/prompt.sh

@@ -23,7 +23,7 @@ prompt_for_secrets() {
     is_auto_generated_secret_var() {
         local var_name=$1
         case "$var_name" in
-            USER_DB_AUTH|R2_KEY_SECRET|PDF_WORKER_AUTH|IMAGES_API_TOKEN|IMAGE_SIGNED_URL_SECRET)
+            IMAGE_SIGNED_URL_SECRET)
                 return 0
                 ;;
             *)
@@ -36,18 +36,6 @@ prompt_for_secrets() {
         local var_name=$1
         local value=$2
         case "$var_name" in
-            USER_DB_AUTH)
-                [ "$value" = "your_custom_user_db_auth_token_here" ]
-                ;;
-            R2_KEY_SECRET)
-                [ "$value" = "your_custom_r2_secret_here" ]
-                ;;
-            PDF_WORKER_AUTH)
-                [ "$value" = "your_custom_pdf_worker_auth_token_here" ]
-                ;;
-            IMAGES_API_TOKEN)
-                [ "$value" = "your_cloudflare_images_api_token_here" ]
-                ;;
             IMAGE_SIGNED_URL_SECRET)
                 [ "$value" = "your_image_signed_url_secret_here" ]
                 ;;
@@ -214,42 +202,11 @@ prompt_for_secrets() {
         echo ""
     }
 
-    set_worker_domain_from_shared_subdomain() {
-        local worker_name_var=$1
-        local worker_domain_var=$2
-        local worker_name_value="${!worker_name_var}"
-        local composed_domain=""
-
-        worker_name_value=$(normalize_worker_label_value "$worker_name_value")
-
-        if [ -z "$worker_name_value" ] || ! is_valid_worker_label "$worker_name_value"; then
-            echo -e "${RED}❌ $worker_name_var must use only lowercase letters, numbers, and dashes.${NC}"
-            exit 1
-        fi
-
-        composed_domain=$(compose_worker_domain "$worker_name_value" "$shared_worker_subdomain" || echo "")
-
-        if [ -z "$composed_domain" ]; then
-            echo -e "${RED}❌ Could not build $worker_domain_var from $worker_name_var and shared worker-subdomain.${NC}"
-            exit 1
-        fi
-
-        write_env_var "$worker_domain_var" "$composed_domain"
-        export "$worker_domain_var=$composed_domain"
-        echo -e "${GREEN}✅ $worker_domain_var set to $composed_domain${NC}"
-    }
-
     echo -e "${BLUE}📊 CLOUDFLARE CORE CONFIGURATION${NC}"
     echo "=================================="
     prompt_for_var "ACCOUNT_ID" "Your Cloudflare Account ID"
 
-    echo -e "${BLUE}🔐 SHARED AUTHENTICATION & STORAGE${NC}"
-    echo "==================================="
-    prompt_for_var "USER_DB_AUTH" "Custom user database authentication token (generate with: openssl rand -hex 16)"
-    prompt_for_var "R2_KEY_SECRET" "Custom R2 storage authentication token (generate with: openssl rand -hex 16)"
-    prompt_for_var "IMAGES_API_TOKEN" "Image worker API token (shared between workers)"
-
-    echo -e "${BLUE}🔥 FIREBASE AUTH CONFIGURATION${NC}"
+    echo -e "${BLUE} FIREBASE AUTH CONFIGURATION${NC}"
     echo "==============================="
     prompt_for_var "API_KEY" "Firebase API key"
     prompt_for_var "AUTH_DOMAIN" "Firebase auth domain (project-id.firebaseapp.com)"
@@ -264,77 +221,15 @@ prompt_for_secrets() {
     prompt_for_var "PAGES_PROJECT_NAME" "Your Cloudflare Pages project name"
     prompt_for_var "PAGES_CUSTOM_DOMAIN" "Your custom domain (e.g., striae.org) - DO NOT include https://"
 
-    echo -e "${BLUE}🔑 WORKER NAMES & DOMAINS${NC}"
-    echo "========================="
+    echo -e "${BLUE}🔑 WORKER NAMES${NC}"
+    echo "==============="
     echo -e "${YELLOW}Worker names are lowercased automatically and must use only letters, numbers, and dashes.${NC}"
-    echo -e "${YELLOW}Enter one shared worker-subdomain as a hostname (for example: team-name.workers.dev).${NC}"
-    echo -e "${YELLOW}Each worker domain is generated as {worker-name}.{worker-subdomain}.${NC}"
-
-    local shared_worker_subdomain=""
-    local shared_worker_subdomain_default=""
-    local shared_worker_subdomain_input=""
-
-    shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$USER_WORKER_NAME" "$USER_WORKER_DOMAIN")
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$DATA_WORKER_NAME" "$DATA_WORKER_DOMAIN")
-    fi
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$AUDIT_WORKER_NAME" "$AUDIT_WORKER_DOMAIN")
-    fi
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$IMAGES_WORKER_NAME" "$IMAGES_WORKER_DOMAIN")
-    fi
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$PDF_WORKER_NAME" "$PDF_WORKER_DOMAIN")
-    fi
-
-    while true; do
-        echo -e "${BLUE}WORKER_SUBDOMAIN${NC}"
-
-        if [ "$update_env" != "true" ] && [ -n "$shared_worker_subdomain_default" ] && ! is_placeholder "$shared_worker_subdomain_default"; then
-            echo -e "${GREEN}Current value: $shared_worker_subdomain_default${NC}"
-            read -p "New value (or press Enter to keep current): " shared_worker_subdomain_input
-            shared_worker_subdomain_input=$(strip_carriage_returns "$shared_worker_subdomain_input")
-
-            if [ -z "$shared_worker_subdomain_input" ]; then
-                shared_worker_subdomain="$shared_worker_subdomain_default"
-            else
-                shared_worker_subdomain="$shared_worker_subdomain_input"
-            fi
-        else
-            read -p "Enter shared worker-subdomain (e.g., team-name.workers.dev): " shared_worker_subdomain_input
-            shared_worker_subdomain_input=$(strip_carriage_returns "$shared_worker_subdomain_input")
-            shared_worker_subdomain="$shared_worker_subdomain_input"
-        fi
-
-        if [ -z "$shared_worker_subdomain" ] || is_placeholder "$shared_worker_subdomain"; then
-            echo -e "${RED}❌ shared worker-subdomain is required and cannot be a placeholder.${NC}"
-            continue
-        fi
-
-        shared_worker_subdomain=$(normalize_worker_subdomain_value "$shared_worker_subdomain")
-
-        if [ -z "$shared_worker_subdomain" ] || ! is_valid_worker_subdomain "$shared_worker_subdomain"; then
-            echo -e "${RED}❌ shared worker-subdomain must be a valid hostname like team-name.workers.dev (letters, numbers, dashes, and dots).${NC}"
-            continue
-        fi
-
-        echo -e "${GREEN}✅ Shared worker-subdomain set to: $shared_worker_subdomain${NC}"
-        echo ""
-        break
-    done
 
     prompt_for_var "USER_WORKER_NAME" "User worker name"
     prompt_for_var "DATA_WORKER_NAME" "Data worker name"
     prompt_for_var "AUDIT_WORKER_NAME" "Audit worker name"
     prompt_for_var "IMAGES_WORKER_NAME" "Images worker name"
     prompt_for_var "PDF_WORKER_NAME" "PDF worker name"
-
-    set_worker_domain_from_shared_subdomain "USER_WORKER_NAME" "USER_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "DATA_WORKER_NAME" "DATA_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "AUDIT_WORKER_NAME" "AUDIT_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "IMAGES_WORKER_NAME" "IMAGES_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "PDF_WORKER_NAME" "PDF_WORKER_DOMAIN"
     echo ""
 
     echo -e "${BLUE}🗄️ STORAGE CONFIGURATION${NC}"
@@ -346,7 +241,6 @@ prompt_for_secrets() {
 
     echo -e "${BLUE}🔐 SERVICE-SPECIFIC SECRETS${NC}"
     echo "============================"
-    prompt_for_var "PDF_WORKER_AUTH" "PDF worker authentication token (generate with: openssl rand -hex 16)"
     prompt_for_var "IMAGE_SIGNED_URL_SECRET" "Image signed URL secret (generate with: openssl rand -base64 48 | tr '+/' '-_' | tr -d '=')"
 
     # Auto-derive IMAGE_SIGNED_URL_BASE_URL from PAGES_CUSTOM_DOMAIN if not yet set or still