npm - @supatype/cli - Versions diffs - 0.1.0-alpha.9 → 0.1.1 - Mend

@supatype/cli 0.1.0-alpha.9 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (407) hide show

package/.turbo/turbo-build.log +2 -2
package/.turbo/turbo-test.log +285 -69
package/.turbo/turbo-typecheck.log +1 -1
package/assets/supatype-logo-wordmark.ascii.txt +6 -0
package/bin/dev-entry.ts +2 -1
package/dist/app/framework.js +1 -3
package/dist/app/framework.js.map +1 -1
package/dist/app/proxy-dev-app.d.ts +14 -0
package/dist/app/proxy-dev-app.d.ts.map +1 -1
package/dist/app/proxy-dev-app.js +110 -6
package/dist/app/proxy-dev-app.js.map +1 -1
package/dist/app-config.d.ts +10 -0
package/dist/app-config.d.ts.map +1 -1
package/dist/app-config.js +72 -0
package/dist/app-config.js.map +1 -1
package/dist/assets/supatype-logo-wordmark.ascii.txt +6 -0
package/dist/binary-cache.d.ts +19 -7
package/dist/binary-cache.d.ts.map +1 -1
package/dist/binary-cache.js +92 -46
package/dist/binary-cache.js.map +1 -1
package/dist/cli.d.ts +1 -1
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +17 -2
package/dist/cli.js.map +1 -1
package/dist/commands/add.d.ts +3 -0
package/dist/commands/add.d.ts.map +1 -0
package/dist/commands/add.js +86 -0
package/dist/commands/add.js.map +1 -0
package/dist/commands/admin.d.ts +28 -1
package/dist/commands/admin.d.ts.map +1 -1
package/dist/commands/admin.js +297 -149
package/dist/commands/admin.js.map +1 -1
package/dist/commands/adopt.d.ts +3 -0
package/dist/commands/adopt.d.ts.map +1 -0
package/dist/commands/adopt.js +55 -0
package/dist/commands/adopt.js.map +1 -0
package/dist/commands/app.d.ts.map +1 -1
package/dist/commands/app.js +20 -17
package/dist/commands/app.js.map +1 -1
package/dist/commands/cache.d.ts.map +1 -1
package/dist/commands/cache.js +11 -10
package/dist/commands/cache.js.map +1 -1
package/dist/commands/cloud.d.ts +4 -9
package/dist/commands/cloud.d.ts.map +1 -1
package/dist/commands/cloud.js +75 -125
package/dist/commands/cloud.js.map +1 -1
package/dist/commands/db.d.ts.map +1 -1
package/dist/commands/db.js +37 -58
package/dist/commands/db.js.map +1 -1
package/dist/commands/deploy.d.ts.map +1 -1
package/dist/commands/deploy.js +140 -96
package/dist/commands/deploy.js.map +1 -1
package/dist/commands/dev.d.ts.map +1 -1
package/dist/commands/dev.js +74 -39
package/dist/commands/dev.js.map +1 -1
package/dist/commands/diff.d.ts.map +1 -1
package/dist/commands/diff.js +39 -39
package/dist/commands/diff.js.map +1 -1
package/dist/commands/doctor.d.ts +3 -0
package/dist/commands/doctor.d.ts.map +1 -0
package/dist/commands/doctor.js +78 -0
package/dist/commands/doctor.js.map +1 -0
package/dist/commands/engine.d.ts.map +1 -1
package/dist/commands/engine.js +5 -4
package/dist/commands/engine.js.map +1 -1
package/dist/commands/functions.d.ts.map +1 -1
package/dist/commands/functions.js +172 -119
package/dist/commands/functions.js.map +1 -1
package/dist/commands/generate.d.ts.map +1 -1
package/dist/commands/generate.js +5 -4
package/dist/commands/generate.js.map +1 -1
package/dist/commands/init.d.ts +35 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +883 -107
package/dist/commands/init.js.map +1 -1
package/dist/commands/introspect.d.ts +3 -0
package/dist/commands/introspect.d.ts.map +1 -0
package/dist/commands/introspect.js +35 -0
package/dist/commands/introspect.js.map +1 -0
package/dist/commands/keys.d.ts +15 -1
package/dist/commands/keys.d.ts.map +1 -1
package/dist/commands/keys.js +46 -10
package/dist/commands/keys.js.map +1 -1
package/dist/commands/link-helpers.d.ts +15 -0
package/dist/commands/link-helpers.d.ts.map +1 -0
package/dist/commands/link-helpers.js +225 -0
package/dist/commands/link-helpers.js.map +1 -0
package/dist/commands/logs.d.ts.map +1 -1
package/dist/commands/logs.js +5 -4
package/dist/commands/logs.js.map +1 -1
package/dist/commands/migrate-from-v1.d.ts.map +1 -1
package/dist/commands/migrate-from-v1.js +3 -2
package/dist/commands/migrate-from-v1.js.map +1 -1
package/dist/commands/migrate.d.ts.map +1 -1
package/dist/commands/migrate.js +119 -26
package/dist/commands/migrate.js.map +1 -1
package/dist/commands/pg.d.ts.map +1 -1
package/dist/commands/pg.js +11 -12
package/dist/commands/pg.js.map +1 -1
package/dist/commands/plugins.d.ts.map +1 -1
package/dist/commands/plugins.js +55 -46
package/dist/commands/plugins.js.map +1 -1
package/dist/commands/pull.d.ts.map +1 -1
package/dist/commands/pull.js +33 -5
package/dist/commands/pull.js.map +1 -1
package/dist/commands/push.d.ts.map +1 -1
package/dist/commands/push.js +111 -138
package/dist/commands/push.js.map +1 -1
package/dist/commands/seed.d.ts.map +1 -1
package/dist/commands/seed.js +4 -3
package/dist/commands/seed.js.map +1 -1
package/dist/commands/self-host.d.ts +2 -2
package/dist/commands/self-host.d.ts.map +1 -1
package/dist/commands/self-host.js +65 -50
package/dist/commands/self-host.js.map +1 -1
package/dist/commands/self-update.d.ts.map +1 -1
package/dist/commands/self-update.js +3 -2
package/dist/commands/self-update.js.map +1 -1
package/dist/commands/status.d.ts +1 -1
package/dist/commands/status.d.ts.map +1 -1
package/dist/commands/status.js +95 -29
package/dist/commands/status.js.map +1 -1
package/dist/commands/types.d.ts.map +1 -1
package/dist/commands/types.js +3 -2
package/dist/commands/types.js.map +1 -1
package/dist/commands/update.d.ts.map +1 -1
package/dist/commands/update.js +54 -21
package/dist/commands/update.js.map +1 -1
package/dist/compose-rename.d.ts +10 -0
package/dist/compose-rename.d.ts.map +1 -0
package/dist/compose-rename.js +67 -0
package/dist/compose-rename.js.map +1 -0
package/dist/config.d.ts +2 -1
package/dist/config.d.ts.map +1 -1
package/dist/config.js.map +1 -1
package/dist/dev-compose.d.ts +26 -0
package/dist/dev-compose.d.ts.map +1 -1
package/dist/dev-compose.js +357 -79
package/dist/dev-compose.js.map +1 -1
package/dist/dev-log-bus.d.ts +30 -0
package/dist/dev-log-bus.d.ts.map +1 -0
package/dist/dev-log-bus.js +87 -0
package/dist/dev-log-bus.js.map +1 -0
package/dist/dev-log-filter.d.ts +10 -0
package/dist/dev-log-filter.d.ts.map +1 -0
package/dist/dev-log-filter.js +36 -0
package/dist/dev-log-filter.js.map +1 -0
package/dist/dev-logo.d.ts +12 -0
package/dist/dev-logo.d.ts.map +1 -0
package/dist/dev-logo.js +56 -0
package/dist/dev-logo.js.map +1 -0
package/dist/dev-ports.d.ts +27 -0
package/dist/dev-ports.d.ts.map +1 -0
package/dist/dev-ports.js +171 -0
package/dist/dev-ports.js.map +1 -0
package/dist/dev-session-lock.d.ts +25 -0
package/dist/dev-session-lock.d.ts.map +1 -0
package/dist/dev-session-lock.js +81 -0
package/dist/dev-session-lock.js.map +1 -0
package/dist/dev-session.d.ts +26 -0
package/dist/dev-session.d.ts.map +1 -0
package/dist/dev-session.js +106 -0
package/dist/dev-session.js.map +1 -0
package/dist/dev-shutdown.d.ts +25 -0
package/dist/dev-shutdown.d.ts.map +1 -0
package/dist/dev-shutdown.js +114 -0
package/dist/dev-shutdown.js.map +1 -0
package/dist/dev-task-colors.d.ts +13 -0
package/dist/dev-task-colors.d.ts.map +1 -0
package/dist/dev-task-colors.js +43 -0
package/dist/dev-task-colors.js.map +1 -0
package/dist/dev-tui.d.ts +24 -0
package/dist/dev-tui.d.ts.map +1 -0
package/dist/dev-tui.js +188 -0
package/dist/dev-tui.js.map +1 -0
package/dist/diff-output.d.ts +5 -1
package/dist/diff-output.d.ts.map +1 -1
package/dist/diff-output.js +69 -0
package/dist/diff-output.js.map +1 -1
package/dist/docker-runtime.d.ts +30 -0
package/dist/docker-runtime.d.ts.map +1 -0
package/dist/docker-runtime.js +118 -0
package/dist/docker-runtime.js.map +1 -0
package/dist/engine-client.d.ts +10 -1
package/dist/engine-client.d.ts.map +1 -1
package/dist/engine-client.js +76 -17
package/dist/engine-client.js.map +1 -1
package/dist/engine-push-output.d.ts +17 -0
package/dist/engine-push-output.d.ts.map +1 -0
package/dist/engine-push-output.js +64 -0
package/dist/engine-push-output.js.map +1 -0
package/dist/ensure-binary.js +2 -2
package/dist/ensure-binary.js.map +1 -1
package/dist/env-file.d.ts +5 -0
package/dist/env-file.d.ts.map +1 -0
package/dist/env-file.js +33 -0
package/dist/env-file.js.map +1 -0
package/dist/gitignore.d.ts +8 -0
package/dist/gitignore.d.ts.map +1 -0
package/dist/gitignore.js +41 -0
package/dist/gitignore.js.map +1 -0
package/dist/kong-config.d.ts +9 -0
package/dist/kong-config.d.ts.map +1 -1
package/dist/kong-config.js +18 -1
package/dist/kong-config.js.map +1 -1
package/dist/link.d.ts +66 -0
package/dist/link.d.ts.map +1 -0
package/dist/link.js +160 -0
package/dist/link.js.map +1 -0
package/dist/process-manager.d.ts +8 -0
package/dist/process-manager.d.ts.map +1 -1
package/dist/process-manager.js +53 -9
package/dist/process-manager.js.map +1 -1
package/dist/project-config.d.ts +30 -3
package/dist/project-config.d.ts.map +1 -1
package/dist/project-config.js +37 -4
package/dist/project-config.js.map +1 -1
package/dist/prompts.d.ts +3 -0
package/dist/prompts.d.ts.map +1 -0
package/dist/prompts.js +3 -0
package/dist/prompts.js.map +1 -0
package/dist/pull-utils.d.ts +50 -14
package/dist/pull-utils.d.ts.map +1 -1
package/dist/pull-utils.js +152 -12
package/dist/pull-utils.js.map +1 -1
package/dist/resolve-target.d.ts +86 -0
package/dist/resolve-target.d.ts.map +1 -0
package/dist/resolve-target.js +291 -0
package/dist/resolve-target.js.map +1 -0
package/dist/restore-system-relation-targets.d.ts +3 -0
package/dist/restore-system-relation-targets.d.ts.map +1 -0
package/dist/restore-system-relation-targets.js +45 -0
package/dist/restore-system-relation-targets.js.map +1 -0
package/dist/runtime-routes.d.ts.map +1 -1
package/dist/runtime-routes.js +7 -0
package/dist/runtime-routes.js.map +1 -1
package/dist/schema-ast-v2.d.ts +1 -1
package/dist/schema-ast-v2.d.ts.map +1 -1
package/dist/schema-ast-v2.js +2 -2
package/dist/schema-ast-v2.js.map +1 -1
package/dist/schema-sources.d.ts +40 -0
package/dist/schema-sources.d.ts.map +1 -0
package/dist/schema-sources.js +183 -0
package/dist/schema-sources.js.map +1 -0
package/dist/scripts/postinstall.js +5 -1
package/dist/scripts/postinstall.js.map +1 -1
package/dist/self-host-compose.d.ts +37 -1
package/dist/self-host-compose.d.ts.map +1 -1
package/dist/self-host-compose.js +234 -43
package/dist/self-host-compose.js.map +1 -1
package/dist/storage-provision.d.ts +4 -0
package/dist/storage-provision.d.ts.map +1 -1
package/dist/storage-provision.js +24 -2
package/dist/storage-provision.js.map +1 -1
package/dist/supatype-eval-1781522769253.d.mts +2 -0
package/dist/supatype-eval-1781522769253.d.mts.map +1 -0
package/dist/supatype-eval-1781522769253.mjs +3 -0
package/dist/supatype-eval-1781522769253.mjs.map +1 -0
package/dist/systemd.js +2 -2
package/dist/systemd.js.map +1 -1
package/dist/target-client.d.ts +10 -0
package/dist/target-client.d.ts.map +1 -0
package/dist/target-client.js +22 -0
package/dist/target-client.js.map +1 -0
package/dist/type-extractor.d.ts +11 -0
package/dist/type-extractor.d.ts.map +1 -1
package/dist/type-extractor.js +95 -8
package/dist/type-extractor.js.map +1 -1
package/dist/ui/brand.d.ts +9 -0
package/dist/ui/brand.d.ts.map +1 -0
package/dist/ui/brand.js +11 -0
package/dist/ui/brand.js.map +1 -0
package/dist/ui/confirm.d.ts +12 -0
package/dist/ui/confirm.d.ts.map +1 -0
package/dist/ui/confirm.js +28 -0
package/dist/ui/confirm.js.map +1 -0
package/dist/ui/fatal.d.ts +10 -0
package/dist/ui/fatal.d.ts.map +1 -0
package/dist/ui/fatal.js +34 -0
package/dist/ui/fatal.js.map +1 -0
package/dist/ui/index.d.ts +9 -0
package/dist/ui/index.d.ts.map +1 -0
package/dist/ui/index.js +9 -0
package/dist/ui/index.js.map +1 -0
package/dist/ui/interactive.d.ts +3 -0
package/dist/ui/interactive.d.ts.map +1 -0
package/dist/ui/interactive.js +5 -0
package/dist/ui/interactive.js.map +1 -0
package/dist/ui/messages.d.ts +10 -0
package/dist/ui/messages.d.ts.map +1 -0
package/dist/ui/messages.js +35 -0
package/dist/ui/messages.js.map +1 -0
package/dist/ui/next-steps.d.ts +3 -0
package/dist/ui/next-steps.d.ts.map +1 -0
package/dist/ui/next-steps.js +10 -0
package/dist/ui/next-steps.js.map +1 -0
package/dist/ui/progress.d.ts +5 -0
package/dist/ui/progress.d.ts.map +1 -0
package/dist/ui/progress.js +24 -0
package/dist/ui/progress.js.map +1 -0
package/dist/ui/prompts.d.ts +14 -0
package/dist/ui/prompts.d.ts.map +1 -0
package/dist/ui/prompts.js +34 -0
package/dist/ui/prompts.js.map +1 -0
package/package.json +5 -2
package/src/app/framework.ts +1 -3
package/src/app/proxy-dev-app.ts +114 -6
package/src/app-config.ts +80 -0
package/src/binary-cache.ts +102 -52
package/src/cli.ts +16 -2
package/src/commands/add.ts +97 -0
package/src/commands/admin.ts +381 -190
package/src/commands/adopt.ts +82 -0
package/src/commands/app.ts +20 -17
package/src/commands/cache.ts +11 -10
package/src/commands/cloud.ts +91 -142
package/src/commands/db.ts +40 -63
package/src/commands/deploy.ts +186 -126
package/src/commands/dev.ts +98 -55
package/src/commands/diff.ts +52 -43
package/src/commands/doctor.ts +103 -0
package/src/commands/engine.ts +5 -4
package/src/commands/functions.ts +187 -123
package/src/commands/generate.ts +5 -4
package/src/commands/init.ts +1087 -104
package/src/commands/introspect.ts +48 -0
package/src/commands/keys.ts +56 -14
package/src/commands/link-helpers.ts +273 -0
package/src/commands/logs.ts +5 -4
package/src/commands/migrate-from-v1.ts +3 -2
package/src/commands/migrate.ts +167 -27
package/src/commands/pg.ts +13 -18
package/src/commands/plugins.ts +55 -46
package/src/commands/pull.ts +38 -9
package/src/commands/push.ts +148 -175
package/src/commands/seed.ts +5 -4
package/src/commands/self-host.ts +85 -54
package/src/commands/self-update.ts +3 -2
package/src/commands/status.ts +102 -33
package/src/commands/types.ts +3 -2
package/src/commands/update.ts +59 -23
package/src/compose-rename.ts +76 -0
package/src/config.ts +2 -1
package/src/dev-compose.ts +462 -76
package/src/dev-log-bus.ts +101 -0
package/src/dev-log-filter.ts +32 -0
package/src/dev-logo.ts +61 -0
package/src/dev-ports.ts +212 -0
package/src/dev-session-lock.ts +101 -0
package/src/dev-session.ts +130 -0
package/src/dev-shutdown.ts +147 -0
package/src/dev-task-colors.ts +47 -0
package/src/dev-tui.ts +232 -0
package/src/diff-output.ts +79 -1
package/src/docker-runtime.ts +151 -0
package/src/engine-client.ts +81 -17
package/src/engine-push-output.ts +75 -0
package/src/ensure-binary.ts +2 -2
package/src/env-file.ts +37 -0
package/src/gitignore.ts +48 -0
package/src/kong-config.ts +24 -1
package/src/link.ts +243 -0
package/src/process-manager.ts +66 -10
package/src/project-config.ts +62 -7
package/src/prompts.ts +2 -0
package/src/pull-utils.ts +217 -23
package/src/resolve-target.ts +419 -0
package/src/restore-system-relation-targets.ts +45 -0
package/src/runtime-routes.ts +7 -0
package/src/schema-ast-v2.ts +2 -1
package/src/schema-sources.ts +248 -0
package/src/scripts/postinstall.ts +7 -1
package/src/self-host-compose.ts +262 -46
package/src/storage-provision.ts +33 -1
package/src/supatype-eval-1781522769253.mts +1 -0
package/src/systemd.ts +2 -2
package/src/target-client.ts +40 -0
package/src/type-extractor.ts +124 -11
package/src/ui/README.md +17 -0
package/src/ui/brand.ts +12 -0
package/src/ui/confirm.ts +38 -0
package/src/ui/fatal.ts +43 -0
package/src/ui/index.ts +8 -0
package/src/ui/interactive.ts +4 -0
package/src/ui/messages.ts +43 -0
package/src/ui/next-steps.ts +10 -0
package/src/ui/progress.ts +28 -0
package/src/ui/prompts.ts +40 -0
package/tests/admin-ensure.test.ts +59 -0
package/tests/cli-help.test.ts +27 -2
package/tests/config.test.ts +29 -2
package/tests/dev-ports.test.ts +41 -0
package/tests/dev-session-lock.test.ts +54 -0
package/tests/dev-ui.test.ts +162 -0
package/tests/docker-runtime.test.ts +236 -0
package/tests/engine-push-output.test.ts +67 -0
package/tests/init.test.ts +197 -18
package/tests/link.test.ts +148 -0
package/tests/minisign.test.ts +102 -0
package/tests/proxy-dev-app.test.ts +45 -1
package/tests/pull-utils.test.ts +5 -4
package/tests/runtime-contract.test.ts +186 -2
package/tests/schema-sources.test.ts +119 -0
package/tests/storage-provision.test.ts +100 -0
package/tests/ui-confirm.test.ts +41 -0
package/tests/ui-messages.test.ts +66 -0
package/tsconfig.tsbuildinfo +1 -1

package/src/commands/admin.ts CHANGED Viewed

@@ -1,17 +1,42 @@
 // ─── Admin panel CLI commands (Gap Appendices task 48) ──────────────────────
 //
 // `npx supatype admin create-user` — create an admin user in the project's
-// {ref}_auth.users table. Used for initial setup and ongoing admin management.
+// auth.users table. First admin is ensured on `supatype dev` or `supatype push`.
 import type { Command } from "commander"
-import { createInterface } from "node:readline"
-import { randomBytes, scrypt } from "node:crypto"
-import { promisify } from "node:util"
+import { spawnSync } from "node:child_process"
+import { existsSync } from "node:fs"
+import { dirname, join, resolve } from "node:path"
+import bcrypt from "bcryptjs"
+import type { Pool, QueryResult } from "pg"
 import { loadConfig } from "../config.js"
-import { connectionString } from "../project-config.js"
-import { signJwt } from "../jwt.js"
+import {
+  connectionString,
+  resolveRuntimeProvider,
+  type SupatypeProjectConfig,
+} from "../project-config.js"
+import { readEnvValue, upsertEnvFile } from "../env-file.js"
+import { hasEngineOverride } from "../binary-cache.js"
+import { confirm as uiConfirm } from "../ui/confirm.js"
+import { error, info, plain } from "../ui/messages.js"
+import { promptText } from "../ui/prompts.js"
+import { isInteractive } from "../ui/interactive.js"
+export const ADMIN_EMAIL_ENV = "SUPATYPE_ADMIN_EMAIL"
+export const ADMIN_PASSWORD_ENV = "SUPATYPE_ADMIN_PASSWORD"
+const BCRYPT_ROUNDS = 10
+export interface EnsureFirstAdminOptions {
+  email?: string
+  password?: string
+  cwd?: string
+  role?: string
+  connection?: string
+  compose?: { project: string; composePath: string }
+}
-const scryptAsync = promisify(scrypt)
+type DbQuery = (sql: string, params?: unknown[]) => Promise<QueryResult>
 export function registerAdmin(program: Command): void {
   const adminCmd = program
@@ -36,100 +61,34 @@ export function registerAdmin(program: Command): void {
         const config = loadConfig(cwd)
         const connection = opts.connection ?? connectionString(config)
-        const email = opts.email ?? (await prompt("Admin email: "))
+        const email = opts.email ?? (await promptText("Admin email"))
         if (!email || !email.includes("@")) {
-          console.error("A valid email address is required.")
+          error("A valid email address is required.")
           process.exit(1)
         }
         const password =
-          opts.password ?? (await prompt("Admin password (min 8 chars): "))
+          opts.password ?? (await promptText("Admin password (min 8 chars)"))
         if (!password || password.length < 8) {
-          console.error("Password must be at least 8 characters.")
+          error("Password must be at least 8 characters.")
           process.exit(1)
         }
         const role = opts.role
-        console.log(`\nCreating admin user: ${email} (role: ${role})...`)
+        info(`Creating admin user: ${email} (role: ${role})...`)
-        // We use pg directly to insert into the auth.users table
         const pg = await importPg()
         const pool = new pg.Pool({ connectionString: connection, max: 2 })
         try {
-          // Ensure the auth schema and users table exist
-          await pool.query(`
-            CREATE SCHEMA IF NOT EXISTS auth;
-            CREATE TABLE IF NOT EXISTS auth.users (
-              id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
-              instance_id   UUID,
-              aud           TEXT DEFAULT 'authenticated',
-              role          TEXT DEFAULT 'authenticated',
-              email         TEXT UNIQUE,
-              encrypted_password TEXT,
-              email_confirmed_at TIMESTAMPTZ DEFAULT now(),
-              raw_app_meta_data  JSONB DEFAULT '{}',
-              raw_user_meta_data JSONB DEFAULT '{}',
-              created_at    TIMESTAMPTZ DEFAULT now(),
-              updated_at    TIMESTAMPTZ DEFAULT now(),
-              confirmation_token TEXT DEFAULT '',
-              recovery_token TEXT DEFAULT '',
-              email_change_token_new TEXT DEFAULT '',
-              email_change  TEXT DEFAULT ''
-            );
-          `)
-          // Check if user already exists
-          const existing = await pool.query(
-            `SELECT id FROM auth.users WHERE email = $1`,
-            [email.toLowerCase()],
-          )
-          if (existing.rows.length > 0) {
-            console.error(
-              `\nUser with email "${email}" already exists.`,
-            )
-            console.log(
-              `To update their role, use: supatype admin set-role --email ${email} --role ${role}`,
-            )
-            process.exit(1)
-          }
-          // Hash the password (bcrypt-style for GoTrue compatibility)
-          const passwordHash = await hashPassword(password)
-          // Insert the admin user with the admin role in app_metadata
-          const appMetadata = JSON.stringify({ role, provider: "email", providers: ["email"] })
-          const userMetadata = JSON.stringify({})
-          const result = await pool.query(
-            `INSERT INTO auth.users (
-              email, encrypted_password, role, aud,
-              raw_app_meta_data, raw_user_meta_data,
-              email_confirmed_at, created_at, updated_at
-            ) VALUES (
-              $1, $2, 'authenticated', 'authenticated',
-              $3::jsonb, $4::jsonb,
-              now(), now(), now()
-            ) RETURNING id, email`,
-            [email.toLowerCase(), passwordHash, appMetadata, userMetadata],
-          )
-          const user = result.rows[0] as { id: string; email: string }
-          console.log(`\nAdmin user created successfully.`)
-          console.log(`  ID:    ${user.id}`)
-          console.log(`  Email: ${user.email}`)
-          console.log(`  Role:  ${role}`)
-          console.log(
-            `\nThis user can now log in to the admin panel at /admin\n`,
-          )
+          await ensureAuthUsersTable(pool)
+          await createAdminUser(pool, email, password, role)
+          info("This user can now log in to the admin panel at /admin")
         } catch (err) {
           const message =
             err instanceof Error ? err.message : "Unknown error"
-          console.error(`\nFailed to create admin user: ${message}`)
+          error(`Failed to create admin user: ${message}`)
           process.exit(1)
         } finally {
           await pool.end()
@@ -163,7 +122,7 @@ export function registerAdmin(program: Command): void {
           )
           if (result.rows.length === 0) {
-            console.error(`\nNo user found with email "${opts.email}".`)
+            error(`No user found with email "${opts.email}".`)
             process.exit(1)
           }
@@ -173,14 +132,14 @@ export function registerAdmin(program: Command): void {
             raw_app_meta_data: Record<string, unknown>
           }
-          console.log(`\nRole updated successfully.`)
-          console.log(`  ID:    ${user.id}`)
-          console.log(`  Email: ${user.email}`)
-          console.log(`  Role:  ${opts.role}\n`)
+          info("Role updated successfully.")
+          plain(`  ID:    ${user.id}`)
+          plain(`  Email: ${user.email}`)
+          plain(`  Role:  ${opts.role}`)
         } catch (err) {
           const message =
             err instanceof Error ? err.message : "Unknown error"
-          console.error(`\nFailed to update role: ${message}`)
+          error(`Failed to update role: ${message}`)
           process.exit(1)
         } finally {
           await pool.end()
@@ -210,17 +169,15 @@ export function registerAdmin(program: Command): void {
         )
         if (result.rows.length === 0) {
-          console.log("\nNo admin users found.")
-          console.log(
-            "Create one with: supatype admin create-user --email admin@example.com --role admin\n",
-          )
+          info("No admin users found.")
+          info("Create one with: supatype admin create-user --email admin@example.com --role admin")
           return
         }
-        console.log(
+        plain(
           "\n  ID                                     Email                          Role         Created",
         )
-        console.log("  " + "-".repeat(100))
+        plain("  " + "-".repeat(100))
         for (const row of result.rows) {
           const r = row as {
             id: string
@@ -229,15 +186,15 @@ export function registerAdmin(program: Command): void {
             created_at: string
           }
           const date = new Date(r.created_at).toISOString().slice(0, 10)
-          console.log(
+          plain(
             `  ${r.id}  ${r.email.padEnd(30)} ${r.role.padEnd(12)} ${date}`,
           )
         }
-        console.log()
+        plain()
       } catch (err) {
         const message =
           err instanceof Error ? err.message : "Unknown error"
-        console.error(`\nFailed to list admin users: ${message}`)
+        error(`Failed to list admin users: ${message}`)
         process.exit(1)
       } finally {
         await pool.end()
@@ -245,128 +202,362 @@ export function registerAdmin(program: Command): void {
     })
 }
-// ─── First admin user prompt (task 48) ──────────────────────────────────────
-// Called by `supatype push` on initial setup if no admin users exist.
+/** @deprecated Use ensureFirstAdminUser */
+export const promptFirstAdminUser = ensureFirstAdminUser
-export async function promptFirstAdminUser(
+/**
+ * Ensure a first admin user exists (idempotent). Called from `dev` and `push`
+ * when auth.users is ready and no admin users exist yet.
+ */
+export async function ensureFirstAdminUser(
   connection: string,
+  options: EnsureFirstAdminOptions = {},
 ): Promise<void> {
   const pg = await importPg()
   const pool = new pg.Pool({ connectionString: connection, max: 2 })
   try {
-    // Check if auth.users table exists
-    const tableExists = await pool.query(
-      `SELECT EXISTS (
-        SELECT FROM information_schema.tables
-        WHERE table_schema = 'auth' AND table_name = 'users'
-      ) as exists`,
+    await ensureFirstAdminWithQuery(
+      (sql, params) => pool.query(sql, params),
+      options,
     )
-    if (!tableExists.rows[0]?.exists) return
+  } catch {
+    // Non-fatal — skip when DB is unreachable or auth schema is not ready
+  } finally {
+    await pool.end()
+  }
+}
-    // Check if any admin users exist
-    const adminCount = await pool.query(
-      `SELECT COUNT(*) as count FROM auth.users
-       WHERE raw_app_meta_data->>'role' IS NOT NULL
-         AND raw_app_meta_data->>'role' != 'authenticated'`,
-    )
+/**
+ * Resolve DB access for the current project (host URL or compose exec when DB
+ * is not published to the host).
+ */
+export async function ensureFirstAdminUserForProject(
+  cwd: string,
+  config: SupatypeProjectConfig,
+  options: EnsureFirstAdminOptions = {},
+): Promise<void> {
+  const root = resolve(cwd)
+  const merged: EnsureFirstAdminOptions = { cwd: root, ...options }
+  if (
+    resolveRuntimeProvider(config) === "docker" &&
+    merged.compose &&
+    !hasEngineOverride(config)
+  ) {
+    try {
+      await ensureFirstAdminWithQuery(
+        (sql, params) => composeExecQuery(root, merged.compose!, sql, params),
+        merged,
+      )
+    } catch {
+      // Non-fatal
+    }
+    return
+  }
-    const count = parseInt(
-      (adminCount.rows[0] as { count: string }).count,
-      10,
-    )
-    if (count > 0) return
+  const connection =
+    merged.compose && hasEngineOverride(config)
+      ? hostComposeDbUrlFromEnv(root)
+      : options.connection ?? readEnvValue(root, "DATABASE_URL", connectionString(config))
-    // No admin users — prompt to create one
-    console.log("\n  No admin users found for the admin panel.")
-    const createAdmin = await confirm(
-      "  Create an admin user now? [y/N] ",
-    )
-    if (!createAdmin) {
-      console.log(
-        "  Skipped. You can create one later with: supatype admin create-user\n",
+  await ensureFirstAdminUser(connection, merged)
+}
+async function ensureFirstAdminWithQuery(
+  query: DbQuery,
+  options: EnsureFirstAdminOptions,
+): Promise<void> {
+  const cwd = options.cwd ? resolve(options.cwd) : process.cwd()
+  if (!(await authUsersTableExists(query))) return
+  if (await hasAdminUsers(query)) return
+  const credentials = await resolveAdminCredentials(options, cwd)
+  if (!credentials) {
+    if (!isInteractive()) {
+      info(
+        "No admin users found. Set SUPATYPE_ADMIN_EMAIL / SUPATYPE_ADMIN_PASSWORD in .env, " +
+          "or run: supatype admin create-user",
       )
-      return
     }
+    return
+  }
-    const email = await prompt("  Admin email: ")
-    if (!email || !email.includes("@")) {
-      console.log("  Invalid email. Skipping admin user creation.\n")
-      return
-    }
+  const role = options.role ?? "admin"
+  await createAdminUser(query, credentials.email, credentials.password, role, { quiet: true })
+  clearAdminSeedPassword(cwd)
+  info(`Admin user "${credentials.email}" created (role: ${role}).`)
+  info("Log in at /admin after starting the dev server.")
+}
-    const password = await prompt(
-      "  Admin password (min 8 chars): ",
-    )
-    if (!password || password.length < 8) {
-      console.log(
-        "  Password too short. Skipping admin user creation.\n",
-      )
-      return
+async function resolveAdminCredentials(
+  options: EnsureFirstAdminOptions,
+  cwd: string,
+): Promise<{ email: string; password: string } | null> {
+  const envEmail = options.email ?? readEnvValue(cwd, ADMIN_EMAIL_ENV, "").trim()
+  const envPassword =
+    options.password ?? readEnvValue(cwd, ADMIN_PASSWORD_ENV, "").trim()
+  if (envEmail && envPassword) {
+    if (!envEmail.includes("@")) {
+      info("Invalid admin email in .env. Skipping admin user creation.")
+      return null
+    }
+    if (envPassword.length < 8) {
+      info("Admin password in .env is too short (min 8 chars). Skipping.")
+      return null
     }
+    return { email: envEmail, password: envPassword }
+  }
-    const passwordHash = await hashPassword(password)
-    const appMetadata = JSON.stringify({
-      role: "admin",
-      provider: "email",
-      providers: ["email"],
-    })
+  if (!isInteractive()) return null
-    await pool.query(
-      `INSERT INTO auth.users (
-        email, encrypted_password, role, aud,
-        raw_app_meta_data, raw_user_meta_data,
-        email_confirmed_at, created_at, updated_at
-      ) VALUES (
-        $1, $2, 'authenticated', 'authenticated',
-        $3::jsonb, '{}'::jsonb,
-        now(), now(), now()
-      )`,
-      [email.toLowerCase(), passwordHash, appMetadata],
-    )
+  info("No admin users found for the admin panel.")
+  const createAdmin = await uiConfirm("Create an admin user now?")
+  if (!createAdmin) {
+    info("Skipped. You can create one later with: supatype admin create-user")
+    return null
+  }
-    console.log(`\n  Admin user "${email}" created (role: admin).`)
-    console.log(`  Log in at /admin after starting the dev server.\n`)
-  } catch {
-    // Non-fatal — if auth schema doesn't exist yet, skip silently
-  } finally {
-    await pool.end()
+  const email = await promptText("Admin email")
+  if (!email || !email.includes("@")) {
+    info("Invalid email. Skipping admin user creation.")
+    return null
+  }
+  const password = await promptText("Admin password (min 8 chars)")
+  if (!password || password.length < 8) {
+    info("Password too short. Skipping admin user creation.")
+    return null
   }
+  return { email, password }
 }
-// ─── Helpers ────────────────────────────────────────────────────────────────────
+export function clearAdminSeedPassword(cwd: string): void {
+  upsertEnvFile(cwd, {}, [ADMIN_PASSWORD_ENV])
+}
-async function importPg(): Promise<typeof import("pg")> {
-  try {
-    return await import("pg")
-  } catch {
-    console.error(
-      "pg package is required for admin commands. Install it with: pnpm add pg",
-    )
-    process.exit(1)
+export async function hashPasswordForAuth(password: string): Promise<string> {
+  return bcrypt.hash(password, BCRYPT_ROUNDS)
+}
+async function createAdminUser(
+  db: Pool | DbQuery,
+  email: string,
+  password: string,
+  role: string,
+  opts: { quiet?: boolean } = {},
+): Promise<{ id: string; email: string }> {
+  const query: DbQuery =
+    typeof (db as Pool).query === "function"
+      ? (sql, params) => (db as Pool).query(sql, params)
+      : (db as DbQuery)
+  const normalized = email.toLowerCase()
+  const existing = await query(`SELECT id FROM auth.users WHERE email = $1`, [
+    normalized,
+  ])
+  if (existing.rows.length > 0) {
+    throw new Error(`User with email "${email}" already exists.`)
+  }
+  const passwordHash = await hashPasswordForAuth(password)
+  const appMetadata = JSON.stringify({
+    role,
+    provider: "email",
+    providers: ["email"],
+  })
+  const userMetadata = JSON.stringify({})
+  const result = await query(
+    `INSERT INTO auth.users (
+      email, encrypted_password, role, aud,
+      raw_app_meta_data, raw_user_meta_data,
+      email_confirmed_at, created_at, updated_at
+    ) VALUES (
+      $1, $2, 'authenticated', 'authenticated',
+      $3::jsonb, $4::jsonb,
+      now(), now(), now()
+    ) RETURNING id, email`,
+    [normalized, passwordHash, appMetadata, userMetadata],
+  )
+  const user = result.rows[0] as { id: string; email: string }
+  if (!opts.quiet) {
+    info("Admin user created successfully.")
+    plain(`  ID:    ${user.id}`)
+    plain(`  Email: ${user.email}`)
+    plain(`  Role:  ${role}`)
   }
+  return user
 }
-async function hashPassword(password: string): Promise<string> {
-  const salt = randomBytes(16).toString("hex")
-  const derived = (await scryptAsync(password, salt, 64)) as Buffer
-  return `${salt}:${derived.toString("hex")}`
+async function ensureAuthUsersTable(pool: Pool): Promise<void> {
+  await pool.query(`
+    CREATE SCHEMA IF NOT EXISTS auth;
+    CREATE TABLE IF NOT EXISTS auth.users (
+      id            UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+      instance_id   UUID,
+      aud           TEXT DEFAULT 'authenticated',
+      role          TEXT DEFAULT 'authenticated',
+      email         TEXT UNIQUE,
+      encrypted_password TEXT,
+      email_confirmed_at TIMESTAMPTZ DEFAULT now(),
+      raw_app_meta_data  JSONB DEFAULT '{}',
+      raw_user_meta_data JSONB DEFAULT '{}',
+      created_at    TIMESTAMPTZ DEFAULT now(),
+      updated_at    TIMESTAMPTZ DEFAULT now(),
+      confirmation_token TEXT DEFAULT '',
+      recovery_token TEXT DEFAULT '',
+      email_change_token_new TEXT DEFAULT '',
+      email_change  TEXT DEFAULT ''
+    );
+  `)
 }
-function prompt(question: string): Promise<string> {
-  const rl = createInterface({
-    input: process.stdin,
-    output: process.stdout,
-  })
-  return new Promise((resolve) => {
-    rl.question(question, (answer) => {
-      rl.close()
-      resolve(answer.trim())
+async function authUsersTableExists(query: DbQuery): Promise<boolean> {
+  const result = await query(
+    `SELECT EXISTS (
+      SELECT FROM information_schema.tables
+      WHERE table_schema = 'auth' AND table_name = 'users'
+    ) as exists`,
+  )
+  return Boolean(result.rows[0]?.exists)
+}
+async function hasAdminUsers(query: DbQuery): Promise<boolean> {
+  const adminCount = await query(
+    `SELECT COUNT(*)::int as count FROM auth.users
+     WHERE raw_app_meta_data->>'role' IS NOT NULL
+       AND raw_app_meta_data->>'role' != 'authenticated'`,
+  )
+  const count = (adminCount.rows[0] as { count: number } | undefined)?.count ?? 0
+  return count > 0
+}
+function composeExecQuery(
+  cwd: string,
+  compose: { project: string; composePath: string },
+  sql: string,
+  params: unknown[] = [],
+): Promise<QueryResult> {
+  const db = readEnvValue(cwd, "POSTGRES_DB", "supatype")
+  const user = readEnvValue(cwd, "POSTGRES_USER", "supatype_admin")
+  const envFile = join(cwd, ".env")
+  const composeDir = dirname(compose.composePath)
+  const args = [
+    "compose",
+    "-p",
+    compose.project,
+    "--project-directory",
+    cwd,
+    "-f",
+    compose.composePath,
+  ]
+  if (existsSync(envFile)) args.push("--env-file", envFile)
+  if (params.length === 0) {
+    args.push("exec", "-T", "db", "psql", "-U", user, "-d", db, "-tAc", sql)
+    const result = spawnSync("docker", args, { cwd: composeDir, encoding: "utf8" })
+    if (result.status !== 0) {
+      throw new Error((result.stderr ?? result.stdout ?? "compose psql failed").trim())
+    }
+    const text = (result.stdout ?? "").trim()
+    if (sql.trim().toUpperCase().startsWith("SELECT")) {
+      return Promise.resolve({
+        rows: parsePsqlScalarRows(sql, text),
+        rowCount: 1,
+        command: "SELECT",
+        oid: 0,
+        fields: [],
+      })
+    }
+    return Promise.resolve({
+      rows: [],
+      rowCount: 0,
+      command: "INSERT",
+      oid: 0,
+      fields: [],
+    })
+  }
+  args.push(
+    "exec",
+    "-T",
+    "db",
+    "psql",
+    "-U",
+    user,
+    "-d",
+    db,
+    "-v",
+    "ON_ERROR_STOP=1",
+    "-c",
+    interpolateSql(sql, params),
+  )
+  const result = spawnSync("docker", args, { cwd: composeDir, encoding: "utf8" })
+  if (result.status !== 0) {
+    throw new Error((result.stderr ?? result.stdout ?? "compose psql failed").trim())
+  }
+  const stdout = (result.stdout ?? "").trim()
+  const idMatch = stdout.match(
+    /([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\s+\|\s+(.+)/i,
+  )
+  if (idMatch) {
+    return Promise.resolve({
+      rows: [{ id: idMatch[1], email: idMatch[2]?.trim() }],
+      rowCount: 1,
+      command: "INSERT",
+      oid: 0,
+      fields: [],
     })
+  }
+  return Promise.resolve({
+    rows: [],
+    rowCount: 0,
+    command: "INSERT",
+    oid: 0,
+    fields: [],
   })
 }
-async function confirm(question: string): Promise<boolean> {
-  const answer = await prompt(question)
-  return answer.toLowerCase() === "y"
+function parsePsqlScalarRows(sql: string, text: string): Record<string, unknown>[] {
+  const upper = sql.toUpperCase()
+  if (upper.includes(" AS EXISTS")) {
+    return [{ exists: text === "t" }]
+  }
+  if (upper.includes(" AS COUNT")) {
+    return [{ count: Number.parseInt(text, 10) || 0 }]
+  }
+  if (text === "") return []
+  return [{ value: text }]
+}
+function interpolateSql(sql: string, params: unknown[]): string {
+  return sql.replace(/\$(\d+)/g, (_match, index: string) => {
+    const value = params[Number(index) - 1]
+    if (value === null || value === undefined) return "NULL"
+    if (typeof value === "number" || typeof value === "bigint") return String(value)
+    if (typeof value === "boolean") return value ? "TRUE" : "FALSE"
+    return `'${String(value).replace(/'/g, "''")}'`
+  })
+}
+function hostComposeDbUrlFromEnv(cwd: string): string {
+  const port = readEnvValue(cwd, "SUPATYPE_DEV_DB_PORT", "54329")
+  const user = readEnvValue(cwd, "POSTGRES_USER", "supatype_admin")
+  const pass = readEnvValue(cwd, "POSTGRES_PASSWORD", "postgres")
+  const db = readEnvValue(cwd, "POSTGRES_DB", "supatype")
+  return `postgresql://${user}:${pass}@127.0.0.1:${port}/${db}?sslmode=disable`
+}
+async function importPg(): Promise<typeof import("pg")> {
+  try {
+    return await import("pg")
+  } catch {
+    error("pg package is required for admin commands. Install it with: pnpm add pg")
+    process.exit(1)
+  }
 }