@supatype/cli 0.1.0-alpha.6

package/src/app/framework.ts

@@ -0,0 +1,249 @@
+/**
+ * Framework auto-detection and build configuration.
+ * Inspects package.json to determine the framework, then resolves
+ * build command, output directory, and SPA mode defaults.
+ */
+
+import { existsSync, readFileSync } from "node:fs"
+import { join, resolve } from "node:path"
+import type { AppConfig, AppFramework } from "../config.js"
+
+export interface ResolvedAppConfig {
+  framework: AppFramework
+  directory: string
+  buildCommand: string
+  outputDirectory: string
+  spa: boolean
+  env: Record<string, string>
+  headers: Record<string, string>
+}
+
+interface FrameworkDefaults {
+  buildCommand: string
+  outputDirectory: string
+  spa: boolean
+}
+
+const FRAMEWORK_DEFAULTS: Record<AppFramework, FrameworkDefaults> = {
+  nextjs: { buildCommand: "next build", outputDirectory: "out", spa: false },
+  astro: { buildCommand: "astro build", outputDirectory: "dist", spa: false },
+  vite: { buildCommand: "vite build", outputDirectory: "dist", spa: true },
+  "remix-spa": { buildCommand: "remix vite:build", outputDirectory: "build/client", spa: true },
+  sveltekit: { buildCommand: "vite build", outputDirectory: "build", spa: false },
+  nuxt: { buildCommand: "nuxt generate", outputDirectory: "dist", spa: false },
+  static: { buildCommand: "", outputDirectory: ".", spa: false },
+}
+
+// Maps package.json dependency names to framework identifiers
+const FRAMEWORK_DETECTION: Array<{ dep: string; framework: AppFramework }> = [
+  { dep: "next", framework: "nextjs" },
+  { dep: "astro", framework: "astro" },
+  { dep: "@remix-run/react", framework: "remix-spa" },
+  { dep: "@sveltejs/kit", framework: "sveltekit" },
+  { dep: "nuxt", framework: "nuxt" },
+  // Vite last — many frameworks use Vite under the hood
+  { dep: "vite", framework: "vite" },
+]
+
+/**
+ * Detect the framework from package.json dependencies.
+ */
+export function detectFramework(appDir: string): AppFramework | undefined {
+  const pkgPath = join(appDir, "package.json")
+  if (!existsSync(pkgPath)) return undefined
+
+  const pkg = JSON.parse(readFileSync(pkgPath, "utf8")) as {
+    dependencies?: Record<string, string>
+    devDependencies?: Record<string, string>
+  }
+
+  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies }
+
+  for (const { dep, framework } of FRAMEWORK_DETECTION) {
+    if (dep in allDeps) return framework
+  }
+
+  // Check for plain HTML
+  if (existsSync(join(appDir, "index.html"))) return "static"
+
+  return undefined
+}
+
+/**
+ * Detect if the project is a monorepo.
+ */
+export function detectMonorepo(cwd: string): { isMonorepo: boolean; tool?: string } {
+  if (existsSync(join(cwd, "turbo.json"))) return { isMonorepo: true, tool: "turbo" }
+  if (existsSync(join(cwd, "pnpm-workspace.yaml"))) return { isMonorepo: true, tool: "pnpm" }
+  if (existsSync(join(cwd, "nx.json"))) return { isMonorepo: true, tool: "nx" }
+  return { isMonorepo: false }
+}
+
+/**
+ * Detect package manager from lockfiles.
+ */
+export function detectPackageManager(dir: string): "npm" | "pnpm" | "yarn" {
+  if (existsSync(join(dir, "pnpm-lock.yaml"))) return "pnpm"
+  if (existsSync(join(dir, "yarn.lock"))) return "yarn"
+  return "npm"
+}
+
+/**
+ * Resolve the full app configuration from user config + auto-detection.
+ */
+export function resolveAppConfig(
+  appConfig: AppConfig | undefined,
+  cwd: string,
+): ResolvedAppConfig {
+  const directory = resolve(cwd, appConfig?.directory || ".")
+
+  // Framework detection
+  let framework = appConfig?.framework
+  if (!framework) {
+    framework = detectFramework(directory)
+    if (!framework) {
+      throw new Error(
+        "Could not detect frontend framework.\n" +
+        "Set app.framework in supatype.config.ts, or ensure package.json is present.",
+      )
+    }
+  }
+
+  const defaults = FRAMEWORK_DEFAULTS[framework]
+
+  // Build command
+  let buildCommand = appConfig?.buildCommand || defaults.buildCommand
+  const mono = detectMonorepo(cwd)
+  if (mono.isMonorepo && mono.tool === "turbo" && !appConfig?.buildCommand) {
+    // In a Turborepo, run build via turbo from workspace root
+    const appDirRelative = appConfig?.directory || "."
+    if (appDirRelative !== ".") {
+      const pkgName = getPackageName(directory)
+      if (pkgName) {
+        buildCommand = `turbo run build --filter=${pkgName}`
+      }
+    }
+  }
+
+  return {
+    framework,
+    directory,
+    buildCommand,
+    outputDirectory: resolve(directory, appConfig?.outputDirectory || defaults.outputDirectory),
+    spa: appConfig?.spa ?? defaults.spa,
+    env: appConfig?.env ?? {},
+    headers: appConfig?.headers ?? {},
+  }
+}
+
+function getPackageName(dir: string): string | undefined {
+  const pkgPath = join(dir, "package.json")
+  if (!existsSync(pkgPath)) return undefined
+  const pkg = JSON.parse(readFileSync(pkgPath, "utf8")) as { name?: string }
+  return pkg.name
+}
+
+/**
+ * Validate that the framework is configured for static output.
+ * Returns an error message if SSR mode is detected.
+ */
+export function validateStaticMode(framework: AppFramework, appDir: string): string | null {
+  if (framework === "nextjs") {
+    // Check for output: 'export' in next.config.js/mjs/ts
+    for (const name of ["next.config.js", "next.config.mjs", "next.config.ts"]) {
+      const configPath = join(appDir, name)
+      if (existsSync(configPath)) {
+        const content = readFileSync(configPath, "utf8")
+        if (!content.includes("export")) {
+          return (
+            "Supatype currently supports Next.js static export only.\n" +
+            "Add `output: 'export'` to your next.config.js,\n" +
+            "or deploy your frontend to Vercel for SSR support."
+          )
+        }
+      }
+    }
+  }
+
+  if (framework === "astro") {
+    const configPath = join(appDir, "astro.config.mjs")
+    if (existsSync(configPath)) {
+      const content = readFileSync(configPath, "utf8")
+      if (content.includes("output: 'server'") || content.includes("output: \"server\"")) {
+        return (
+          "Supatype currently supports Astro static sites only.\n" +
+          "Remove `output: 'server'` from astro.config.mjs,\n" +
+          "or deploy your frontend separately for SSR support."
+        )
+      }
+    }
+  }
+
+  if (framework === "sveltekit") {
+    const pkgPath = join(appDir, "package.json")
+    if (existsSync(pkgPath)) {
+      const pkg = JSON.parse(readFileSync(pkgPath, "utf8")) as {
+        devDependencies?: Record<string, string>
+      }
+      if (!pkg.devDependencies?.["@sveltejs/adapter-static"]) {
+        return (
+          "Supatype requires @sveltejs/adapter-static for SvelteKit.\n" +
+          "Install it: npm install -D @sveltejs/adapter-static"
+        )
+      }
+    }
+  }
+
+  return null
+}
+
+/**
+ * Validate the build output.
+ */
+export function validateBuildOutput(outputDir: string, maxSizeMb: number): string | null {
+  if (!existsSync(outputDir)) {
+    return `Build output directory not found: ${outputDir}`
+  }
+
+  // Check for at least one HTML file
+  const hasHtml = findHtmlFile(outputDir)
+  if (!hasHtml) {
+    return `No HTML files found in build output: ${outputDir}`
+  }
+
+  // Check total size
+  const sizeMb = getDirSizeMb(outputDir)
+  if (sizeMb > maxSizeMb) {
+    return `Build output ${sizeMb.toFixed(1)}MB exceeds limit of ${maxSizeMb}MB`
+  }
+
+  if (sizeMb > 500) {
+    console.warn(
+      `Warning: Build output is ${sizeMb.toFixed(1)}MB. This may include unoptimised assets or node_modules.`,
+    )
+  }
+
+  return null
+}
+
+function findHtmlFile(dir: string): boolean {
+  const { readdirSync, statSync } = require("node:fs") as typeof import("node:fs")
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    if (entry.isFile() && entry.name.endsWith(".html")) return true
+    if (entry.isDirectory()) {
+      if (findHtmlFile(join(dir, entry.name))) return true
+    }
+  }
+  return false
+}
+
+function getDirSizeMb(dir: string): number {
+  const { readdirSync, statSync } = require("node:fs") as typeof import("node:fs")
+  let size = 0
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    const path = join(dir, entry.name)
+    if (entry.isFile()) size += statSync(path).size
+    else if (entry.isDirectory()) size += getDirSizeMb(path) * 1024 * 1024
+  }
+  return size / (1024 * 1024)
+}

package/src/cli.ts

@@ -0,0 +1,58 @@
+import { Command } from "commander"
+import { ENGINE_VERSION } from "./engine-version.js"
+import { registerInit } from "./commands/init.js"
+import { registerDev } from "./commands/dev.js"
+import { registerPush } from "./commands/push.js"
+import { registerDiff } from "./commands/diff.js"
+import { registerPull } from "./commands/pull.js"
+import { registerGenerate } from "./commands/generate.js"
+import { registerMigrate } from "./commands/migrate.js"
+import { registerSeed } from "./commands/seed.js"
+import { registerKeys } from "./commands/keys.js"
+import { registerApp } from "./commands/app.js"
+import { registerSelfHost } from "./commands/self-host.js"
+import { registerCloud } from "./commands/cloud.js"
+import { registerEngine } from "./commands/engine.js"
+import { registerDb } from "./commands/db.js"
+import { registerDeploy } from "./commands/deploy.js"
+import { registerStatus } from "./commands/status.js"
+import { registerLogs } from "./commands/logs.js"
+import { registerAdmin } from "./commands/admin.js"
+import { registerFunctions } from "./commands/functions.js"
+import { registerPlugins } from "./commands/plugins.js"
+import { showUpdateNotification } from "./engine/update-notify.js"
+
+export function run(): void {
+  const program = new Command()
+    .name("supatype")
+    .description("Supatype — schema-first Postgres API")
+    .version(ENGINE_VERSION)
+
+  registerInit(program)
+  registerDev(program)
+  registerPush(program)
+  registerDiff(program)
+  registerPull(program)
+  registerGenerate(program)
+  registerMigrate(program)
+  registerSeed(program)
+  registerKeys(program)
+  registerApp(program)
+  registerSelfHost(program)
+  registerCloud(program)
+  registerEngine(program)
+  registerDb(program)
+  registerDeploy(program)
+  registerStatus(program)
+  registerLogs(program)
+  registerAdmin(program)
+  registerFunctions(program)
+  registerPlugins(program)
+
+  // After command execution, show update notification (non-blocking)
+  program.hook("postAction", async () => {
+    await showUpdateNotification()
+  })
+
+  program.parse()
+}

package/src/commands/admin.ts

@@ -0,0 +1,371 @@
+// ─── Admin panel CLI commands (Gap Appendices task 48) ──────────────────────
+//
+// `npx supatype admin create-user` — create an admin user in the project's
+// {ref}_auth.users table. Used for initial setup and ongoing admin management.
+
+import type { Command } from "commander"
+import { createInterface } from "node:readline"
+import { randomBytes, scrypt } from "node:crypto"
+import { promisify } from "node:util"
+import { loadConfig } from "../config.js"
+import { signJwt } from "../jwt.js"
+
+const scryptAsync = promisify(scrypt)
+
+export function registerAdmin(program: Command): void {
+  const adminCmd = program
+    .command("admin")
+    .description("Manage admin panel users and configuration")
+
+  adminCmd
+    .command("create-user")
+    .description("Create an admin user for the admin panel")
+    .option("--email <email>", "Admin user email address")
+    .option("--password <password>", "Admin user password (prompted if not provided)")
+    .option("--role <role>", "Admin role to assign", "admin")
+    .option("--connection <url>", "Database connection URL (overrides config)")
+    .action(
+      async (opts: {
+        email?: string
+        password?: string
+        role: string
+        connection?: string
+      }) => {
+        const cwd = process.cwd()
+        const config = loadConfig(cwd)
+        const connection = opts.connection ?? config.connection
+
+        const email = opts.email ?? (await prompt("Admin email: "))
+        if (!email || !email.includes("@")) {
+          console.error("A valid email address is required.")
+          process.exit(1)
+        }
+
+        const password =
+          opts.password ?? (await prompt("Admin password (min 8 chars): "))
+        if (!password || password.length < 8) {
+          console.error("Password must be at least 8 characters.")
+          process.exit(1)
+        }
+
+        const role = opts.role
+
+        console.log(`\nCreating admin user: ${email} (role: ${role})...`)
+
+        // We use pg directly to insert into the auth.users table
+        const pg = await importPg()
+        const pool = new pg.Pool({ connectionString: connection, max: 2 })
+
+        try {
+          // Ensure the auth schema and users table exist
+          await pool.query(`
+            CREATE SCHEMA IF NOT EXISTS auth;
+
+            CREATE TABLE IF NOT EXISTS auth.users (
+              id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+              instance_id   UUID,
+              aud           TEXT DEFAULT 'authenticated',
+              role          TEXT DEFAULT 'authenticated',
+              email         TEXT UNIQUE,
+              encrypted_password TEXT,
+              email_confirmed_at TIMESTAMPTZ DEFAULT now(),
+              raw_app_meta_data  JSONB DEFAULT '{}',
+              raw_user_meta_data JSONB DEFAULT '{}',
+              created_at    TIMESTAMPTZ DEFAULT now(),
+              updated_at    TIMESTAMPTZ DEFAULT now(),
+              confirmation_token TEXT DEFAULT '',
+              recovery_token TEXT DEFAULT '',
+              email_change_token_new TEXT DEFAULT '',
+              email_change  TEXT DEFAULT ''
+            );
+          `)
+
+          // Check if user already exists
+          const existing = await pool.query(
+            `SELECT id FROM auth.users WHERE email = $1`,
+            [email.toLowerCase()],
+          )
+
+          if (existing.rows.length > 0) {
+            console.error(
+              `\nUser with email "${email}" already exists.`,
+            )
+            console.log(
+              `To update their role, use: supatype admin set-role --email ${email} --role ${role}`,
+            )
+            process.exit(1)
+          }
+
+          // Hash the password (bcrypt-style for GoTrue compatibility)
+          const passwordHash = await hashPassword(password)
+
+          // Insert the admin user with the admin role in app_metadata
+          const appMetadata = JSON.stringify({ role, provider: "email", providers: ["email"] })
+          const userMetadata = JSON.stringify({})
+
+          const result = await pool.query(
+            `INSERT INTO auth.users (
+              email, encrypted_password, role, aud,
+              raw_app_meta_data, raw_user_meta_data,
+              email_confirmed_at, created_at, updated_at
+            ) VALUES (
+              $1, $2, 'authenticated', 'authenticated',
+              $3::jsonb, $4::jsonb,
+              now(), now(), now()
+            ) RETURNING id, email`,
+            [email.toLowerCase(), passwordHash, appMetadata, userMetadata],
+          )
+
+          const user = result.rows[0] as { id: string; email: string }
+
+          console.log(`\nAdmin user created successfully.`)
+          console.log(`  ID:    ${user.id}`)
+          console.log(`  Email: ${user.email}`)
+          console.log(`  Role:  ${role}`)
+          console.log(
+            `\nThis user can now log in to the admin panel at /admin\n`,
+          )
+        } catch (err) {
+          const message =
+            err instanceof Error ? err.message : "Unknown error"
+          console.error(`\nFailed to create admin user: ${message}`)
+          process.exit(1)
+        } finally {
+          await pool.end()
+        }
+      },
+    )
+
+  adminCmd
+    .command("set-role")
+    .description("Change an existing user's admin role")
+    .requiredOption("--email <email>", "User email address")
+    .requiredOption("--role <role>", "New role to assign")
+    .option("--connection <url>", "Database connection URL (overrides config)")
+    .action(
+      async (opts: { email: string; role: string; connection?: string }) => {
+        const cwd = process.cwd()
+        const config = loadConfig(cwd)
+        const connection = opts.connection ?? config.connection
+
+        const pg = await importPg()
+        const pool = new pg.Pool({ connectionString: connection, max: 2 })
+
+        try {
+          const result = await pool.query(
+            `UPDATE auth.users
+             SET raw_app_meta_data = raw_app_meta_data || $1::jsonb,
+                 updated_at = now()
+             WHERE email = $2
+             RETURNING id, email, raw_app_meta_data`,
+            [JSON.stringify({ role: opts.role }), opts.email.toLowerCase()],
+          )
+
+          if (result.rows.length === 0) {
+            console.error(`\nNo user found with email "${opts.email}".`)
+            process.exit(1)
+          }
+
+          const user = result.rows[0] as {
+            id: string
+            email: string
+            raw_app_meta_data: Record<string, unknown>
+          }
+
+          console.log(`\nRole updated successfully.`)
+          console.log(`  ID:    ${user.id}`)
+          console.log(`  Email: ${user.email}`)
+          console.log(`  Role:  ${opts.role}\n`)
+        } catch (err) {
+          const message =
+            err instanceof Error ? err.message : "Unknown error"
+          console.error(`\nFailed to update role: ${message}`)
+          process.exit(1)
+        } finally {
+          await pool.end()
+        }
+      },
+    )
+
+  adminCmd
+    .command("list-users")
+    .description("List users with admin roles")
+    .option("--connection <url>", "Database connection URL (overrides config)")
+    .action(async (opts: { connection?: string }) => {
+      const cwd = process.cwd()
+      const config = loadConfig(cwd)
+      const connection = opts.connection ?? config.connection
+
+      const pg = await importPg()
+      const pool = new pg.Pool({ connectionString: connection, max: 2 })
+
+      try {
+        const result = await pool.query(
+          `SELECT id, email, raw_app_meta_data->>'role' as role, created_at
+           FROM auth.users
+           WHERE raw_app_meta_data->>'role' IS NOT NULL
+             AND raw_app_meta_data->>'role' != 'authenticated'
+           ORDER BY created_at ASC`,
+        )
+
+        if (result.rows.length === 0) {
+          console.log("\nNo admin users found.")
+          console.log(
+            "Create one with: supatype admin create-user --email admin@example.com --role admin\n",
+          )
+          return
+        }
+
+        console.log(
+          "\n  ID                                     Email                          Role         Created",
+        )
+        console.log("  " + "-".repeat(100))
+        for (const row of result.rows) {
+          const r = row as {
+            id: string
+            email: string
+            role: string
+            created_at: string
+          }
+          const date = new Date(r.created_at).toISOString().slice(0, 10)
+          console.log(
+            `  ${r.id}  ${r.email.padEnd(30)} ${r.role.padEnd(12)} ${date}`,
+          )
+        }
+        console.log()
+      } catch (err) {
+        const message =
+          err instanceof Error ? err.message : "Unknown error"
+        console.error(`\nFailed to list admin users: ${message}`)
+        process.exit(1)
+      } finally {
+        await pool.end()
+      }
+    })
+}
+
+// ─── First admin user prompt (task 48) ──────────────────────────────────────
+// Called by `supatype push` on initial setup if no admin users exist.
+
+export async function promptFirstAdminUser(
+  connection: string,
+): Promise<void> {
+  const pg = await importPg()
+  const pool = new pg.Pool({ connectionString: connection, max: 2 })
+
+  try {
+    // Check if auth.users table exists
+    const tableExists = await pool.query(
+      `SELECT EXISTS (
+        SELECT FROM information_schema.tables
+        WHERE table_schema = 'auth' AND table_name = 'users'
+      ) as exists`,
+    )
+    if (!tableExists.rows[0]?.exists) return
+
+    // Check if any admin users exist
+    const adminCount = await pool.query(
+      `SELECT COUNT(*) as count FROM auth.users
+       WHERE raw_app_meta_data->>'role' IS NOT NULL
+         AND raw_app_meta_data->>'role' != 'authenticated'`,
+    )
+
+    const count = parseInt(
+      (adminCount.rows[0] as { count: string }).count,
+      10,
+    )
+    if (count > 0) return
+
+    // No admin users — prompt to create one
+    console.log("\n  No admin users found for the admin panel.")
+    const createAdmin = await confirm(
+      "  Create an admin user now? [y/N] ",
+    )
+    if (!createAdmin) {
+      console.log(
+        "  Skipped. You can create one later with: supatype admin create-user\n",
+      )
+      return
+    }
+
+    const email = await prompt("  Admin email: ")
+    if (!email || !email.includes("@")) {
+      console.log("  Invalid email. Skipping admin user creation.\n")
+      return
+    }
+
+    const password = await prompt(
+      "  Admin password (min 8 chars): ",
+    )
+    if (!password || password.length < 8) {
+      console.log(
+        "  Password too short. Skipping admin user creation.\n",
+      )
+      return
+    }
+
+    const passwordHash = await hashPassword(password)
+    const appMetadata = JSON.stringify({
+      role: "admin",
+      provider: "email",
+      providers: ["email"],
+    })
+
+    await pool.query(
+      `INSERT INTO auth.users (
+        email, encrypted_password, role, aud,
+        raw_app_meta_data, raw_user_meta_data,
+        email_confirmed_at, created_at, updated_at
+      ) VALUES (
+        $1, $2, 'authenticated', 'authenticated',
+        $3::jsonb, '{}'::jsonb,
+        now(), now(), now()
+      )`,
+      [email.toLowerCase(), passwordHash, appMetadata],
+    )
+
+    console.log(`\n  Admin user "${email}" created (role: admin).`)
+    console.log(`  Log in at /admin after starting the dev server.\n`)
+  } catch {
+    // Non-fatal — if auth schema doesn't exist yet, skip silently
+  } finally {
+    await pool.end()
+  }
+}
+
+// ─── Helpers ────────────────────────────────────────────────────────────────────
+
+async function importPg(): Promise<typeof import("pg")> {
+  try {
+    return await import("pg")
+  } catch {
+    console.error(
+      "pg package is required for admin commands. Install it with: pnpm add pg",
+    )
+    process.exit(1)
+  }
+}
+
+async function hashPassword(password: string): Promise<string> {
+  const salt = randomBytes(16).toString("hex")
+  const derived = (await scryptAsync(password, salt, 64)) as Buffer
+  return `${salt}:${derived.toString("hex")}`
+}
+
+function prompt(question: string): Promise<string> {
+  const rl = createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  })
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close()
+      resolve(answer.trim())
+    })
+  })
+}
+
+async function confirm(question: string): Promise<boolean> {
+  const answer = await prompt(question)
+  return answer.toLowerCase() === "y"
+}