@wirechunk/cli 0.0.7 → 0.0.9

package/build/main.js

@@ -1,12 +1,16 @@
 #!/usr/bin/env node
 import EventEmitter from "node:events";
-import require$$1$1 from "node:child_process";
+import require$$1$1, { spawn } from "node:child_process";
 import require$$2$2, { resolve as resolve$1 } from "node:path";
 import require$$3$1, { readFileSync, existsSync } from "node:fs";
 import process$2 from "node:process";
 import os from "node:os";
 import tty from "node:tty";
+import assert from "node:assert";
 import { webcrypto, randomUUID } from "node:crypto";
+import require$$5$2, { readFile, writeFile } from "node:fs/promises";
+import { hash, argon2id } from "argon2";
+import jwt from "jsonwebtoken";
 import { AsyncLocalStorage } from "node:async_hooks";
 import require$$1$5, { Transform } from "node:stream";
 import { pipeline } from "node:stream/promises";
@@ -22,7 +26,6 @@ import require$$0$b from "path";
 import require$$0$a from "stream";
 import require$$1$3 from "string_decoder";
 import require$$0$c from "buffer";
-import require$$5$2, { readFile, writeFile } from "node:fs/promises";
 import { parseEnv as parseEnv$1 } from "node:util";
 import require$$0$d from "os";
 import require$$1$4 from "tty";
@@ -31,7 +34,6 @@ import require$$5$1 from "assert";
 import require$$2$4 from "node:url";
 import require$$2$3 from "node:string_decoder";
 import require$$0$f from "zlib";
-import { hash, argon2id } from "argon2";
 var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
 function getDefaultExportFromCjs(x) {
   return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, "default") ? x["default"] : x;
@@ -4016,6 +4018,39 @@ const applyStyle = (self2, string2) => {
 Object.defineProperties(createChalk.prototype, styles);
 const chalk = createChalk();
 createChalk({ level: stderrColor ? stderrColor.level : 0 });
+const validatePasswordComplexity = (password) => {
+  if (password.length < 10) {
+    return {
+      ok: false,
+      error: "Password must be at least 10 characters long."
+    };
+  }
+  if (password.length > 120) {
+    return {
+      ok: false,
+      error: "Password must be at most 120 characters long."
+    };
+  }
+  if (!/[a-zA-Z]/.test(password)) {
+    return {
+      ok: false,
+      error: "Password must contain at least one letter."
+    };
+  }
+  if (!/\d/.test(password)) {
+    return {
+      ok: false,
+      error: "Password must contain at least one digit."
+    };
+  }
+  return {
+    ok: true,
+    value: void 0
+  };
+};
+const hashPassword = (password) => hash(password, {
+  type: argon2id
+});
 const POOL_SIZE_MULTIPLIER = 128;
 let pool, poolOffset;
 function fillPool(bytes) {
@@ -4053,19 +4088,6 @@ function customAlphabet(alphabet2, size = 21) {
 }
 const alphabet = "123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ";
 const cleanSmallId = customAlphabet(alphabet, 22);
-customAlphabet(alphabet, 7);
-const tinyAlphabet = "23456789abcdefghijkmnopqrstuvwxyz";
-const startWithLowercaseLetterPattern = /^[a-z]/;
-const startsWithLowercaseLetter = (s) => startWithLowercaseLetterPattern.test(s);
-const cleanLowercaseLettersAlphabet = "abcdefghijkmnopqrstuvwxyz";
-const randomLowercaseLetter = () => cleanLowercaseLettersAlphabet[Math.floor(Math.random() * cleanLowercaseLettersAlphabet.length)];
-const cleanTinyId = () => {
-  const id2 = customAlphabet(tinyAlphabet, 6)();
-  if (startsWithLowercaseLetter(id2)) {
-    return id2;
-  }
-  return `${randomLowercaseLetter()}${id2}`;
-};
 const domainRegex = /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/i;
 const validDomain = (domain) => domainRegex.test(domain);
 const removeColons = (domain) => domain.replaceAll(":", "");
@@ -4089,45 +4111,183 @@ const normalizeDomain = (domain, { allowPort = false } = {}) => {
   }
   return normalizedDomain || null;
 };
-const extractParts = (email2) => {
-  const [name, domain] = email2.split("@");
-  return { name, domain };
+const permissionAssetEdit = {
+  object: "Asset",
+  action: "edit"
 };
-const normalizeEmailAddress = (email2) => {
-  const emailTrimmed = email2.trim().toLowerCase();
-  if (!emailTrimmed) {
-    return { ok: false, error: "An email address is required." };
-  }
-  if (emailTrimmed.length > 60 || !emailTrimmed.includes("@") || !emailTrimmed.includes(".")) {
-    return {
-      ok: false,
-      error: "It does not look like the email address you provided is valid."
-    };
-  }
-  const { name, domain } = extractParts(emailTrimmed);
-  if (!name) {
-    return {
-      ok: false,
-      error: "It does not look like the email address you provided is valid. Please check the name."
-    };
-  }
-  if (!domain || !validDomain(domain)) {
-    return {
-      ok: false,
-      error: "It does not look like the email address you provided is valid. Please check the domain."
-    };
-  }
-  return { ok: true, value: emailTrimmed };
+const permissionAssetView = {
+  object: "Asset",
+  action: "view"
 };
-const siteDomainKey = "siteDomain";
-const submittedAtKey = "submittedAt";
-const defaultNotificationEmailBodyTemplate = `Form entry from your site {{${siteDomainKey}}}:
-
-{{#each .}}{{@key}}: {{{.}}}
-{{/each}}
-
-Submitted {{${submittedAtKey}}}
-`;
+const permissionExtensionCreate = {
+  object: "Extension",
+  action: "create"
+};
+const permissionExtensionCreateVersion = {
+  object: "Extension",
+  action: "createVersion"
+};
+const permissionSiteCreate = {
+  object: "Site",
+  action: "create"
+};
+const permissionTemplateCreate = {
+  object: "Template",
+  action: "create"
+};
+const permissionUserCreate = {
+  object: "User",
+  action: "create"
+};
+const permissionPlatformEdit = {
+  object: "Platform",
+  action: "edit"
+};
+const permissionComponentEdit = {
+  object: "Component",
+  action: "edit"
+};
+const permissionCourseEdit = {
+  object: "Course",
+  action: "edit"
+};
+const permissionCustomComponentEdit = {
+  object: "CustomComponent",
+  action: "edit"
+};
+const permissionCustomFieldEdit = {
+  object: "CustomField",
+  action: "edit"
+};
+const permissionExtensionEdit = {
+  object: "Extension",
+  action: "edit"
+};
+const permissionFileUploadAsExtension = {
+  object: "File",
+  action: "uploadAsExtension"
+};
+const permissionHelpTicketEditStatus = {
+  object: "HelpTicket",
+  action: "editStatus"
+};
+const permissionSequenceEdit = {
+  object: "Sequence",
+  action: "edit"
+};
+const permissionSequenceUserEdit = {
+  object: "SequenceUser",
+  action: "edit"
+};
+const permissionSiteEdit = {
+  object: "Site",
+  action: "edit"
+};
+const permissionSiteEditDomain = {
+  object: "Site",
+  action: "editDomain"
+};
+const permissionSiteEditTls = {
+  object: "Site",
+  action: "editTls"
+};
+const permissionSubscriptionEdit = {
+  object: "Subscription",
+  action: "edit"
+};
+const permissionTemplateEdit = {
+  object: "Template",
+  action: "edit"
+};
+const permissionUserEditEmail = {
+  object: "User",
+  action: "editEmail"
+};
+const permissionUserEditOrg = {
+  object: "User",
+  action: "editOrg"
+};
+const permissionUserEditStatus = {
+  object: "User",
+  action: "editStatus"
+};
+const permissionUserEditRole = {
+  object: "User",
+  action: "editRole"
+};
+const permissionUserEditProfile = {
+  object: "User",
+  action: "editProfile"
+};
+const permissionUserEditCustomFields = {
+  object: "User",
+  action: "editCustomFields"
+};
+const permissionFormTemplateSync = {
+  object: "FormTemplate",
+  action: "sync"
+};
+const permissionPageTemplateSync = {
+  object: "PageTemplate",
+  action: "sync"
+};
+const permissionPlatformView = {
+  object: "Platform",
+  action: "view"
+};
+const permissionCourseView = {
+  object: "Course",
+  action: "view"
+};
+const permissionExtensionView = {
+  object: "Extension",
+  action: "view"
+};
+const permissionSiteView = {
+  object: "Site",
+  action: "view"
+};
+const permissionTemplateView = {
+  object: "Template",
+  action: "view"
+};
+const allPermissions = [
+  permissionAssetEdit,
+  permissionAssetView,
+  permissionExtensionCreate,
+  permissionExtensionCreateVersion,
+  permissionExtensionEdit,
+  permissionExtensionView,
+  permissionTemplateCreate,
+  permissionComponentEdit,
+  permissionCourseEdit,
+  permissionCustomComponentEdit,
+  permissionCustomFieldEdit,
+  permissionFileUploadAsExtension,
+  permissionHelpTicketEditStatus,
+  permissionSequenceEdit,
+  permissionSequenceUserEdit,
+  permissionSiteCreate,
+  permissionSiteEdit,
+  permissionSiteEditDomain,
+  permissionSiteEditTls,
+  permissionSiteView,
+  permissionSubscriptionEdit,
+  permissionTemplateEdit,
+  permissionTemplateView,
+  permissionUserCreate,
+  permissionUserEditEmail,
+  permissionUserEditOrg,
+  permissionUserEditStatus,
+  permissionUserEditRole,
+  permissionUserEditProfile,
+  permissionUserEditCustomFields,
+  permissionFormTemplateSync,
+  permissionPageTemplateSync,
+  permissionPlatformEdit,
+  permissionPlatformView,
+  permissionCourseView
+];
 var Roarr = {};
 var createLogger = {};
 var config$2 = {};
@@ -10283,11 +10443,11 @@ function isValidIP(ip, version2) {
   }
   return false;
 }
-function isValidJWT$1(jwt, alg) {
-  if (!jwtRegex.test(jwt))
+function isValidJWT$1(jwt2, alg) {
+  if (!jwtRegex.test(jwt2))
     return false;
   try {
-    const [header] = jwt.split(".");
+    const [header] = jwt2.split(".");
     if (!header)
       return false;
     const base642 = header.replace(/-/g, "+").replace(/_/g, "/").padEnd(header.length + (4 - header.length % 4) % 4, "=");
@@ -22868,645 +23028,137 @@ const createPool = async (connectionUri, clientConfigurationInput) => {
   }), pool2, clientConfiguration);
 };
 const sql = createSqlTag();
-const localhostRegex1 = /localhost:\d{2,4}$/;
-const localhostRegex2 = /localhost$/;
-const isLocalhost = (domain) => localhostRegex1.test(domain) || localhostRegex2.test(domain);
-const envFilePath = ".env";
-const envLocalFilePath = ".env.local";
-const hasEnvFile = existsSync(envFilePath);
-const requireApiToken = (env2) => {
-  if (!env2.WIRECHUNK_API_TOKEN) {
-    console.error(
-      "Missing API token for authentication. Provide a WIRECHUNK_API_TOKEN environment variable."
-    );
-    process$2.exit(1);
-  }
-  return env2.WIRECHUNK_API_TOKEN;
-};
-const requireCoreDbUrl = (env2) => {
-  if (!env2.CORE_DATABASE_URL) {
-    if (hasEnvFile) {
-      console.error("Missing CORE_DATABASE_URL in environment");
-    } else {
-      console.error(`Missing CORE_DATABASE_URL in environment, no ${envFilePath} file found`);
+function $constructor(name, initializer2, params) {
+  function init(inst, def) {
+    if (!inst._zod) {
+      Object.defineProperty(inst, "_zod", {
+        value: {
+          def,
+          constr: _2,
+          traits: /* @__PURE__ */ new Set()
+        },
+        enumerable: false
+      });
+    }
+    if (inst._zod.traits.has(name)) {
+      return;
+    }
+    inst._zod.traits.add(name);
+    initializer2(inst, def);
+    const proto2 = _2.prototype;
+    const keys = Object.keys(proto2);
+    for (let i = 0; i < keys.length; i++) {
+      const k = keys[i];
+      if (!(k in inst)) {
+        inst[k] = proto2[k].bind(inst);
+      }
     }
-    process$2.exit(1);
-  }
-  return env2.CORE_DATABASE_URL;
-};
-const coreServerUrlFromEnv = (env2) => {
-  const url = env2.CORE_SERVER_URL;
-  if (url) {
-    return url.endsWith("/api") ? url.substring(0, url.length - 4) : url;
-  }
-  const adminDomain = env2.ADMIN_DOMAIN;
-  if (adminDomain) {
-    return isLocalhost(adminDomain) ? `http://${adminDomain}` : `https://${adminDomain}`;
   }
-  return "https://wirechunk.com";
-};
-const parseEnv = async (envMode) => {
-  const env2 = {};
-  if (hasEnvFile) {
-    const envFileRaw = await readFile(envFilePath, "utf8");
-    Object.assign(env2, parseEnv$1(envFileRaw));
+  const Parent = params?.Parent ?? Object;
+  class Definition extends Parent {
   }
-  if (envMode) {
-    const modeFilePath = `.env.${envMode}`;
-    if (existsSync(modeFilePath)) {
-      const modeFileRaw = await readFile(modeFilePath, "utf8");
-      Object.assign(env2, parseEnv$1(modeFileRaw));
+  Object.defineProperty(Definition, "name", { value: name });
+  function _2(def) {
+    var _a2;
+    const inst = params?.Parent ? new Definition() : this;
+    init(inst, def);
+    (_a2 = inst._zod).deferred ?? (_a2.deferred = []);
+    for (const fn of inst._zod.deferred) {
+      fn();
     }
+    return inst;
   }
-  if (existsSync(envLocalFilePath)) {
-    const envLocalFileRaw = await readFile(envLocalFilePath, "utf8");
-    Object.assign(env2, parseEnv$1(envLocalFileRaw));
-  }
-  if (envMode) {
-    const modeLocalFilePath = `.env.${envMode}.local`;
-    if (existsSync(modeLocalFilePath)) {
-      const modeLocalFileRaw = await readFile(modeLocalFilePath, "utf8");
-      Object.assign(env2, parseEnv$1(modeLocalFileRaw));
+  Object.defineProperty(_2, "init", { value: init });
+  Object.defineProperty(_2, Symbol.hasInstance, {
+    value: (inst) => {
+      if (params?.Parent && inst instanceof params.Parent)
+        return true;
+      return inst?._zod?.traits?.has(name);
     }
+  });
+  Object.defineProperty(_2, "name", { value: name });
+  return _2;
+}
+class $ZodAsyncError2 extends Error {
+  constructor() {
+    super(`Encountered Promise during synchronous parse. Use .parseAsync() instead.`);
   }
-  Object.assign(env2, process$2.env);
+}
+class $ZodEncodeError2 extends Error {
+  constructor(name) {
+    super(`Encountered unidirectional transform during encode: ${name}`);
+    this.name = "ZodEncodeError";
+  }
+}
+const globalConfig = {};
+function config(newConfig) {
+  return globalConfig;
+}
+function getEnumValues(entries) {
+  const numericValues = Object.values(entries).filter((v) => typeof v === "number");
+  const values = Object.entries(entries).filter(([k, _2]) => numericValues.indexOf(+k) === -1).map(([_2, v]) => v);
+  return values;
+}
+function jsonStringifyReplacer(_2, value) {
+  if (typeof value === "bigint")
+    return value.toString();
+  return value;
+}
+function cached(getter) {
   return {
-    ...env2,
-    CORE_SERVER_URL: coreServerUrlFromEnv(env2)
-  };
-};
-var dist$1 = {};
-var utilities = {};
-var extractJson = {};
-var hasRequiredExtractJson;
-function requireExtractJson() {
-  if (hasRequiredExtractJson) return extractJson;
-  hasRequiredExtractJson = 1;
-  Object.defineProperty(extractJson, "__esModule", {
-    value: true
-  });
-  extractJson.default = void 0;
-  const closeCharacterMap = {
-    '"': '"',
-    "[": "]",
-    "{": "}"
-  };
-  const defaultParser = JSON.parse.bind(JSON);
-  const extractJson$1 = (subject, configuration) => {
-    const parser2 = configuration && configuration.parser ? configuration.parser : defaultParser;
-    const filter2 = configuration && configuration.filter;
-    const foundObjects = [];
-    const rule2 = /["[{]/g;
-    let subjectOffset = 0;
-    while (true) {
-      const offsetSubject = subject.slice(subjectOffset);
-      const openCharacterMatch = rule2.exec(offsetSubject);
-      if (!openCharacterMatch) {
-        break;
-      }
-      const openCharacter = openCharacterMatch[0];
-      const closeCharacter = closeCharacterMap[openCharacter];
-      const startIndex = openCharacterMatch.index;
-      let haystack = offsetSubject.slice(startIndex);
-      while (haystack.length) {
-        if (!filter2 || filter2(haystack)) {
-          try {
-            const result2 = parser2(haystack);
-            foundObjects.push(result2);
-            subjectOffset += startIndex + haystack.length;
-            rule2.lastIndex = 0;
-            break;
-          } catch (error2) {
-          }
-        }
-        const offsetIndex = haystack.slice(0, -1).lastIndexOf(closeCharacter) + 1;
-        haystack = haystack.slice(0, offsetIndex);
+    get value() {
+      {
+        const value = getter();
+        Object.defineProperty(this, "value", { value });
+        return value;
       }
     }
-    return foundObjects;
   };
-  var _default2 = extractJson$1;
-  extractJson.default = _default2;
-  return extractJson;
 }
-var hasRequiredUtilities;
-function requireUtilities() {
-  if (hasRequiredUtilities) return utilities;
-  hasRequiredUtilities = 1;
-  (function(exports) {
-    Object.defineProperty(exports, "__esModule", {
-      value: true
-    });
-    Object.defineProperty(exports, "extractJson", {
-      enumerable: true,
-      get: function() {
-        return _extractJson.default;
-      }
-    });
-    var _extractJson = _interopRequireDefault(requireExtractJson());
-    function _interopRequireDefault(obj) {
-      return obj && obj.__esModule ? obj : { default: obj };
-    }
-  })(utilities);
-  return utilities;
+function nullish(input) {
+  return input === null || input === void 0;
 }
-var hasRequiredDist$1;
-function requireDist$1() {
-  if (hasRequiredDist$1) return dist$1;
-  hasRequiredDist$1 = 1;
-  (function(exports) {
-    Object.defineProperty(exports, "__esModule", {
-      value: true
-    });
-    Object.defineProperty(exports, "extractJson", {
-      enumerable: true,
-      get: function() {
-        return _utilities.extractJson;
+function cleanRegex(source2) {
+  const start = source2.startsWith("^") ? 1 : 0;
+  const end = source2.endsWith("$") ? source2.length - 1 : source2.length;
+  return source2.slice(start, end);
+}
+const EVALUATING = Symbol("evaluating");
+function defineLazy(object2, key, getter) {
+  let value = void 0;
+  Object.defineProperty(object2, key, {
+    get() {
+      if (value === EVALUATING) {
+        return void 0;
       }
-    });
-    var _utilities = requireUtilities();
-  })(dist$1);
-  return dist$1;
+      if (value === void 0) {
+        value = EVALUATING;
+        value = getter();
+      }
+      return value;
+    },
+    set(v) {
+      Object.defineProperty(object2, key, {
+        value: v
+        // configurable: true,
+      });
+    },
+    configurable: true
+  });
 }
-var distExports = requireDist$1();
-const getAutoExplainPayload = (noticeMessage) => {
-  const matches = distExports.extractJson(noticeMessage);
-  if (matches.length === 0) {
-    throw new Error("Notice message does not contain a recognizable JSON payload.");
-  }
-  if (matches.length > 1) {
-    throw new Error("Notice message contains multiple JSON payloads.");
-  }
-  return matches[0];
-};
-const isAutoExplainJsonMessage = (noticeMessage) => {
-  return noticeMessage.trim().startsWith("duration:") && noticeMessage.includes("{");
-};
-const toZeroIfInfinity = (value) => Number.isFinite(value) ? value : 0;
-function parseNumber(milliseconds) {
-  return {
-    days: Math.trunc(milliseconds / 864e5),
-    hours: Math.trunc(milliseconds / 36e5 % 24),
-    minutes: Math.trunc(milliseconds / 6e4 % 60),
-    seconds: Math.trunc(milliseconds / 1e3 % 60),
-    milliseconds: Math.trunc(milliseconds % 1e3),
-    microseconds: Math.trunc(toZeroIfInfinity(milliseconds * 1e3) % 1e3),
-    nanoseconds: Math.trunc(toZeroIfInfinity(milliseconds * 1e6) % 1e3)
-  };
-}
-function parseBigint(milliseconds) {
-  return {
-    days: milliseconds / 86400000n,
-    hours: milliseconds / 3600000n % 24n,
-    minutes: milliseconds / 60000n % 60n,
-    seconds: milliseconds / 1000n % 60n,
-    milliseconds: milliseconds % 1000n,
-    microseconds: 0n,
-    nanoseconds: 0n
-  };
-}
-function parseMilliseconds(milliseconds) {
-  switch (typeof milliseconds) {
-    case "number": {
-      if (Number.isFinite(milliseconds)) {
-        return parseNumber(milliseconds);
-      }
-      break;
-    }
-    case "bigint": {
-      return parseBigint(milliseconds);
-    }
-  }
-  throw new TypeError("Expected a finite number or bigint");
-}
-const isZero = (value) => value === 0 || value === 0n;
-const pluralize = (word, count) => count === 1 || count === 1n ? word : `${word}s`;
-const SECOND_ROUNDING_EPSILON = 1e-7;
-const ONE_DAY_IN_MILLISECONDS = 24n * 60n * 60n * 1000n;
-function prettyMilliseconds(milliseconds, options) {
-  const isBigInt = typeof milliseconds === "bigint";
-  if (!isBigInt && !Number.isFinite(milliseconds)) {
-    throw new TypeError("Expected a finite number or bigint");
-  }
-  options = { ...options };
-  const sign = milliseconds < 0 ? "-" : "";
-  milliseconds = milliseconds < 0 ? -milliseconds : milliseconds;
-  if (options.colonNotation) {
-    options.compact = false;
-    options.formatSubMilliseconds = false;
-    options.separateMilliseconds = false;
-    options.verbose = false;
-  }
-  if (options.compact) {
-    options.unitCount = 1;
-    options.secondsDecimalDigits = 0;
-    options.millisecondsDecimalDigits = 0;
-  }
-  let result2 = [];
-  const floorDecimals = (value, decimalDigits) => {
-    const flooredInterimValue = Math.floor(value * 10 ** decimalDigits + SECOND_ROUNDING_EPSILON);
-    const flooredValue = Math.round(flooredInterimValue) / 10 ** decimalDigits;
-    return flooredValue.toFixed(decimalDigits);
-  };
-  const add = (value, long, short, valueString) => {
-    if ((result2.length === 0 || !options.colonNotation) && isZero(value) && !(options.colonNotation && short === "m")) {
-      return;
-    }
-    valueString ??= String(value);
-    if (options.colonNotation) {
-      const wholeDigits = valueString.includes(".") ? valueString.split(".")[0].length : valueString.length;
-      const minLength = result2.length > 0 ? 2 : 1;
-      valueString = "0".repeat(Math.max(0, minLength - wholeDigits)) + valueString;
-    } else {
-      valueString += options.verbose ? " " + pluralize(long, value) : short;
-    }
-    result2.push(valueString);
-  };
-  const parsed = parseMilliseconds(milliseconds);
-  const days = BigInt(parsed.days);
-  if (options.hideYearAndDays) {
-    add(BigInt(days) * 24n + BigInt(parsed.hours), "hour", "h");
-  } else {
-    if (options.hideYear) {
-      add(days, "day", "d");
-    } else {
-      add(days / 365n, "year", "y");
-      add(days % 365n, "day", "d");
-    }
-    add(Number(parsed.hours), "hour", "h");
-  }
-  add(Number(parsed.minutes), "minute", "m");
-  if (!options.hideSeconds) {
-    if (options.separateMilliseconds || options.formatSubMilliseconds || !options.colonNotation && milliseconds < 1e3 && !options.subSecondsAsDecimals) {
-      const seconds = Number(parsed.seconds);
-      const milliseconds2 = Number(parsed.milliseconds);
-      const microseconds = Number(parsed.microseconds);
-      const nanoseconds = Number(parsed.nanoseconds);
-      add(seconds, "second", "s");
-      if (options.formatSubMilliseconds) {
-        add(milliseconds2, "millisecond", "ms");
-        add(microseconds, "microsecond", "µs");
-        add(nanoseconds, "nanosecond", "ns");
-      } else {
-        const millisecondsAndBelow = milliseconds2 + microseconds / 1e3 + nanoseconds / 1e6;
-        const millisecondsDecimalDigits = typeof options.millisecondsDecimalDigits === "number" ? options.millisecondsDecimalDigits : 0;
-        const roundedMilliseconds = millisecondsAndBelow >= 1 ? Math.round(millisecondsAndBelow) : Math.ceil(millisecondsAndBelow);
-        const millisecondsString = millisecondsDecimalDigits ? millisecondsAndBelow.toFixed(millisecondsDecimalDigits) : roundedMilliseconds;
-        add(
-          Number.parseFloat(millisecondsString),
-          "millisecond",
-          "ms",
-          millisecondsString
-        );
-      }
-    } else {
-      const seconds = (isBigInt ? Number(milliseconds % ONE_DAY_IN_MILLISECONDS) : milliseconds) / 1e3 % 60;
-      const secondsDecimalDigits = typeof options.secondsDecimalDigits === "number" ? options.secondsDecimalDigits : 1;
-      const secondsFixed = floorDecimals(seconds, secondsDecimalDigits);
-      const secondsString = options.keepDecimalsOnWholeSeconds ? secondsFixed : secondsFixed.replace(/\.0+$/, "");
-      add(Number.parseFloat(secondsString), "second", "s", secondsString);
-    }
-  }
-  if (result2.length === 0) {
-    return sign + "0" + (options.verbose ? " milliseconds" : "ms");
-  }
-  const separator = options.colonNotation ? ":" : " ";
-  if (typeof options.unitCount === "number") {
-    result2 = result2.slice(0, Math.max(options.unitCount, 1));
-  }
-  return sign + result2.join(separator);
-}
-const errorProperties = [
-  {
-    property: "name",
-    enumerable: false
-  },
-  {
-    property: "message",
-    enumerable: false
-  },
-  {
-    property: "stack",
-    enumerable: false
-  },
-  {
-    property: "code",
-    enumerable: true
-  },
-  {
-    property: "cause",
-    enumerable: false
-  },
-  {
-    property: "errors",
-    enumerable: false
-  }
-];
-const toJsonWasCalled = /* @__PURE__ */ new WeakSet();
-const toJSON = (from) => {
-  toJsonWasCalled.add(from);
-  const json2 = from.toJSON();
-  toJsonWasCalled.delete(from);
-  return json2;
-};
-const destroyCircular = ({
-  from,
-  seen,
-  to,
-  forceEnumerable,
-  maxDepth,
-  depth,
-  useToJSON,
-  serialize
-}) => {
-  if (!to) {
-    if (Array.isArray(from)) {
-      to = [];
-    } else {
-      to = {};
-    }
-  }
-  seen.push(from);
-  if (depth >= maxDepth) {
-    return to;
-  }
-  if (useToJSON && typeof from.toJSON === "function" && !toJsonWasCalled.has(from)) {
-    return toJSON(from);
-  }
-  const continueDestroyCircular = (value) => destroyCircular({
-    from: value,
-    seen: [...seen],
-    forceEnumerable,
-    maxDepth,
-    depth,
-    useToJSON,
-    serialize
-  });
-  for (const [key, value] of Object.entries(from)) {
-    if (value && value instanceof Uint8Array && value.constructor.name === "Buffer") {
-      to[key] = "[object Buffer]";
-      continue;
-    }
-    if (value !== null && typeof value === "object" && typeof value.pipe === "function") {
-      to[key] = "[object Stream]";
-      continue;
-    }
-    if (typeof value === "function") {
-      continue;
-    }
-    if (!value || typeof value !== "object") {
-      try {
-        to[key] = value;
-      } catch {
-      }
-      continue;
-    }
-    if (!seen.includes(from[key])) {
-      depth++;
-      to[key] = continueDestroyCircular(from[key]);
-      continue;
-    }
-    to[key] = "[Circular]";
-  }
-  {
-    for (const { property, enumerable } of errorProperties) {
-      if (from[property] !== void 0 && from[property] !== null) {
-        Object.defineProperty(to, property, {
-          value: isErrorLike(from[property]) || Array.isArray(from[property]) ? continueDestroyCircular(from[property]) : from[property],
-          enumerable: true,
-          configurable: true,
-          writable: true
-        });
-      }
-    }
-  }
-  return to;
-};
-function serializeError(value, options = {}) {
-  const {
-    maxDepth = Number.POSITIVE_INFINITY,
-    useToJSON = true
-  } = options;
-  if (typeof value === "object" && value !== null) {
-    return destroyCircular({
-      from: value,
-      seen: [],
-      forceEnumerable: true,
-      maxDepth,
-      depth: 0,
-      useToJSON,
-      serialize: true
-    });
-  }
-  if (typeof value === "function") {
-    return `[Function: ${value.name || "anonymous"}]`;
-  }
-  return value;
-}
-function isErrorLike(value) {
-  return Boolean(value) && typeof value === "object" && typeof value.name === "string" && typeof value.message === "string" && typeof value.stack === "string";
-}
-const stringifyCallSite = (callSite) => {
-  return (callSite.fileName || "") + ":" + callSite.lineNumber + ":" + callSite.columnNumber;
-};
-const defaultConfiguration = {
-  logValues: true
-};
-const createQueryLoggingInterceptor = (userConfiguration) => {
-  const configuration = {
-    ...defaultConfiguration,
-    ...userConfiguration
-  };
-  return {
-    afterQueryExecution: (context, query2, result2) => {
-      let rowCount = null;
-      if (result2.rowCount) {
-        rowCount = result2.rowCount;
-      }
-      for (const notice of result2.notices) {
-        if (!notice.message) {
-          continue;
-        }
-        if (isAutoExplainJsonMessage(notice.message)) {
-          context.log.info({
-            autoExplain: getAutoExplainPayload(notice.message)
-          }, "auto explain");
-        }
-      }
-      context.log.debug({
-        executionTime: prettyMilliseconds(Number(process.hrtime.bigint() - BigInt(context.queryInputTime)) / 1e6),
-        rowCount
-      }, "query execution result");
-      return null;
-    },
-    beforeQueryExecution: async (context, query2) => {
-      let stackTrace;
-      if (context.stackTrace) {
-        stackTrace = [];
-        for (const callSite of context.stackTrace) {
-          if (callSite.fileName !== null && !callSite.fileName.includes("node_modules/slonik/") && !callSite.fileName.includes("next_tick")) {
-            stackTrace.push(stringifyCallSite(callSite));
-          }
-        }
-      }
-      let values;
-      if (configuration.logValues) {
-        values = [];
-        for (const value of query2.values) {
-          if (Buffer.isBuffer(value)) {
-            values.push("[Buffer " + value.byteLength + "]");
-          } else {
-            values.push(value);
-          }
-        }
-      }
-      context.log.debug({
-        sql: query2.sql,
-        stackTrace,
-        values
-      }, "executing query");
-      return null;
-    },
-    name: "slonik-interceptor-query-logging",
-    queryExecutionError: (context, query2, error2) => {
-      context.log.error({
-        error: serializeError(error2)
-      }, "query execution produced an error");
-      return null;
-    }
-  };
-};
-function $constructor(name, initializer2, params) {
-  function init(inst, def) {
-    if (!inst._zod) {
-      Object.defineProperty(inst, "_zod", {
-        value: {
-          def,
-          constr: _2,
-          traits: /* @__PURE__ */ new Set()
-        },
-        enumerable: false
-      });
-    }
-    if (inst._zod.traits.has(name)) {
-      return;
-    }
-    inst._zod.traits.add(name);
-    initializer2(inst, def);
-    const proto2 = _2.prototype;
-    const keys = Object.keys(proto2);
-    for (let i = 0; i < keys.length; i++) {
-      const k = keys[i];
-      if (!(k in inst)) {
-        inst[k] = proto2[k].bind(inst);
-      }
-    }
-  }
-  const Parent = params?.Parent ?? Object;
-  class Definition extends Parent {
-  }
-  Object.defineProperty(Definition, "name", { value: name });
-  function _2(def) {
-    var _a2;
-    const inst = params?.Parent ? new Definition() : this;
-    init(inst, def);
-    (_a2 = inst._zod).deferred ?? (_a2.deferred = []);
-    for (const fn of inst._zod.deferred) {
-      fn();
-    }
-    return inst;
-  }
-  Object.defineProperty(_2, "init", { value: init });
-  Object.defineProperty(_2, Symbol.hasInstance, {
-    value: (inst) => {
-      if (params?.Parent && inst instanceof params.Parent)
-        return true;
-      return inst?._zod?.traits?.has(name);
-    }
-  });
-  Object.defineProperty(_2, "name", { value: name });
-  return _2;
-}
-class $ZodAsyncError2 extends Error {
-  constructor() {
-    super(`Encountered Promise during synchronous parse. Use .parseAsync() instead.`);
-  }
-}
-class $ZodEncodeError2 extends Error {
-  constructor(name) {
-    super(`Encountered unidirectional transform during encode: ${name}`);
-    this.name = "ZodEncodeError";
-  }
-}
-const globalConfig = {};
-function config(newConfig) {
-  return globalConfig;
-}
-function getEnumValues(entries) {
-  const numericValues = Object.values(entries).filter((v) => typeof v === "number");
-  const values = Object.entries(entries).filter(([k, _2]) => numericValues.indexOf(+k) === -1).map(([_2, v]) => v);
-  return values;
-}
-function jsonStringifyReplacer(_2, value) {
-  if (typeof value === "bigint")
-    return value.toString();
-  return value;
-}
-function cached(getter) {
-  return {
-    get value() {
-      {
-        const value = getter();
-        Object.defineProperty(this, "value", { value });
-        return value;
-      }
-    }
-  };
-}
-function nullish(input) {
-  return input === null || input === void 0;
-}
-function cleanRegex(source2) {
-  const start = source2.startsWith("^") ? 1 : 0;
-  const end = source2.endsWith("$") ? source2.length - 1 : source2.length;
-  return source2.slice(start, end);
-}
-const EVALUATING = Symbol("evaluating");
-function defineLazy(object2, key, getter) {
-  let value = void 0;
-  Object.defineProperty(object2, key, {
-    get() {
-      if (value === EVALUATING) {
-        return void 0;
-      }
-      if (value === void 0) {
-        value = EVALUATING;
-        value = getter();
-      }
-      return value;
-    },
-    set(v) {
-      Object.defineProperty(object2, key, {
-        value: v
-        // configurable: true,
-      });
-    },
-    configurable: true
-  });
-}
-function assignProp(target, prop, value) {
-  Object.defineProperty(target, prop, {
-    value,
-    writable: true,
-    enumerable: true,
-    configurable: true
-  });
-}
-function mergeDefs(...defs) {
-  const mergedDescriptors = {};
-  for (const def of defs) {
-    const descriptors = Object.getOwnPropertyDescriptors(def);
-    Object.assign(mergedDescriptors, descriptors);
+function assignProp(target, prop, value) {
+  Object.defineProperty(target, prop, {
+    value,
+    writable: true,
+    enumerable: true,
+    configurable: true
+  });
+}
+function mergeDefs(...defs) {
+  const mergedDescriptors = {};
+  for (const def of defs) {
+    const descriptors = Object.getOwnPropertyDescriptors(def);
+    Object.assign(mergedDescriptors, descriptors);
   }
   return Object.defineProperties({}, mergedDescriptors);
 }
@@ -26158,202 +25810,715 @@ function intersection(left, right) {
     left,
     right
   });
-}
-const ZodEnum2 = /* @__PURE__ */ $constructor("ZodEnum", (inst, def) => {
-  $ZodEnum.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.enum = def.entries;
-  inst.options = Object.values(def.entries);
-  const keys = new Set(Object.keys(def.entries));
-  inst.extract = (values, params) => {
-    const newEntries = {};
-    for (const value of values) {
-      if (keys.has(value)) {
-        newEntries[value] = def.entries[value];
-      } else
-        throw new Error(`Key ${value} not found in enum`);
+}
+const ZodEnum2 = /* @__PURE__ */ $constructor("ZodEnum", (inst, def) => {
+  $ZodEnum.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.enum = def.entries;
+  inst.options = Object.values(def.entries);
+  const keys = new Set(Object.keys(def.entries));
+  inst.extract = (values, params) => {
+    const newEntries = {};
+    for (const value of values) {
+      if (keys.has(value)) {
+        newEntries[value] = def.entries[value];
+      } else
+        throw new Error(`Key ${value} not found in enum`);
+    }
+    return new ZodEnum2({
+      ...def,
+      checks: [],
+      ...normalizeParams(params),
+      entries: newEntries
+    });
+  };
+  inst.exclude = (values, params) => {
+    const newEntries = { ...def.entries };
+    for (const value of values) {
+      if (keys.has(value)) {
+        delete newEntries[value];
+      } else
+        throw new Error(`Key ${value} not found in enum`);
+    }
+    return new ZodEnum2({
+      ...def,
+      checks: [],
+      ...normalizeParams(params),
+      entries: newEntries
+    });
+  };
+});
+function _enum$1(values, params) {
+  const entries = Array.isArray(values) ? Object.fromEntries(values.map((v) => [v, v])) : values;
+  return new ZodEnum2({
+    type: "enum",
+    entries,
+    ...normalizeParams(params)
+  });
+}
+const ZodTransform = /* @__PURE__ */ $constructor("ZodTransform", (inst, def) => {
+  $ZodTransform.init(inst, def);
+  ZodType2.init(inst, def);
+  inst._zod.parse = (payload, _ctx) => {
+    if (_ctx.direction === "backward") {
+      throw new $ZodEncodeError2(inst.constructor.name);
+    }
+    payload.addIssue = (issue$12) => {
+      if (typeof issue$12 === "string") {
+        payload.issues.push(issue(issue$12, payload.value, def));
+      } else {
+        const _issue = issue$12;
+        if (_issue.fatal)
+          _issue.continue = false;
+        _issue.code ?? (_issue.code = "custom");
+        _issue.input ?? (_issue.input = payload.value);
+        _issue.inst ?? (_issue.inst = inst);
+        payload.issues.push(issue(_issue));
+      }
+    };
+    const output = def.transform(payload.value, payload);
+    if (output instanceof Promise) {
+      return output.then((output2) => {
+        payload.value = output2;
+        return payload;
+      });
+    }
+    payload.value = output;
+    return payload;
+  };
+});
+function transform$2(fn) {
+  return new ZodTransform({
+    type: "transform",
+    transform: fn
+  });
+}
+const ZodOptional2 = /* @__PURE__ */ $constructor("ZodOptional", (inst, def) => {
+  $ZodOptional.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.unwrap = () => inst._zod.def.innerType;
+});
+function optional(innerType) {
+  return new ZodOptional2({
+    type: "optional",
+    innerType
+  });
+}
+const ZodNullable2 = /* @__PURE__ */ $constructor("ZodNullable", (inst, def) => {
+  $ZodNullable.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.unwrap = () => inst._zod.def.innerType;
+});
+function nullable(innerType) {
+  return new ZodNullable2({
+    type: "nullable",
+    innerType
+  });
+}
+const ZodDefault2 = /* @__PURE__ */ $constructor("ZodDefault", (inst, def) => {
+  $ZodDefault.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.unwrap = () => inst._zod.def.innerType;
+  inst.removeDefault = inst.unwrap;
+});
+function _default(innerType, defaultValue) {
+  return new ZodDefault2({
+    type: "default",
+    innerType,
+    get defaultValue() {
+      return typeof defaultValue === "function" ? defaultValue() : shallowClone(defaultValue);
+    }
+  });
+}
+const ZodPrefault = /* @__PURE__ */ $constructor("ZodPrefault", (inst, def) => {
+  $ZodPrefault.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.unwrap = () => inst._zod.def.innerType;
+});
+function prefault(innerType, defaultValue) {
+  return new ZodPrefault({
+    type: "prefault",
+    innerType,
+    get defaultValue() {
+      return typeof defaultValue === "function" ? defaultValue() : shallowClone(defaultValue);
+    }
+  });
+}
+const ZodNonOptional = /* @__PURE__ */ $constructor("ZodNonOptional", (inst, def) => {
+  $ZodNonOptional.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.unwrap = () => inst._zod.def.innerType;
+});
+function nonoptional(innerType, params) {
+  return new ZodNonOptional({
+    type: "nonoptional",
+    innerType,
+    ...normalizeParams(params)
+  });
+}
+const ZodCatch2 = /* @__PURE__ */ $constructor("ZodCatch", (inst, def) => {
+  $ZodCatch.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.unwrap = () => inst._zod.def.innerType;
+  inst.removeCatch = inst.unwrap;
+});
+function _catch(innerType, catchValue) {
+  return new ZodCatch2({
+    type: "catch",
+    innerType,
+    catchValue: typeof catchValue === "function" ? catchValue : () => catchValue
+  });
+}
+const ZodPipe = /* @__PURE__ */ $constructor("ZodPipe", (inst, def) => {
+  $ZodPipe.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.in = def.in;
+  inst.out = def.out;
+});
+function pipe(in_, out) {
+  return new ZodPipe({
+    type: "pipe",
+    in: in_,
+    out
+    // ...util.normalizeParams(params),
+  });
+}
+const ZodReadonly2 = /* @__PURE__ */ $constructor("ZodReadonly", (inst, def) => {
+  $ZodReadonly.init(inst, def);
+  ZodType2.init(inst, def);
+  inst.unwrap = () => inst._zod.def.innerType;
+});
+function readonly(innerType) {
+  return new ZodReadonly2({
+    type: "readonly",
+    innerType
+  });
+}
+const ZodCustom = /* @__PURE__ */ $constructor("ZodCustom", (inst, def) => {
+  $ZodCustom.init(inst, def);
+  ZodType2.init(inst, def);
+});
+function refine(fn, _params = {}) {
+  return _refine(ZodCustom, fn, _params);
+}
+function superRefine(fn) {
+  return _superRefine(fn);
+}
+const localhostRegex1 = /localhost:\d{2,4}$/;
+const localhostRegex2 = /localhost$/;
+const isLocalhost = (domain) => localhostRegex1.test(domain) || localhostRegex2.test(domain);
+const envFilePath = ".env";
+const envLocalFilePath = ".env.local";
+const hasEnvFile = existsSync(envFilePath);
+const requireApiToken = (env2) => {
+  if (!env2.WIRECHUNK_API_TOKEN) {
+    console.error(
+      "Missing API token for authentication. Provide a WIRECHUNK_API_TOKEN environment variable."
+    );
+    process$2.exit(1);
+  }
+  return env2.WIRECHUNK_API_TOKEN;
+};
+const requireCoreDbUrl = (env2) => {
+  const url = env2.WIRECHUNK_CORE_DATABASE_URL;
+  if (!url) {
+    const message = "Missing WIRECHUNK_CORE_DATABASE_URL in environment";
+    if (hasEnvFile) {
+      console.error(message);
+    } else {
+      console.error(`${message}, no ${envFilePath} file found`);
+    }
+    process$2.exit(1);
+  }
+  return url;
+};
+const coreServerUrlFromEnv = (env2) => {
+  const url = env2.WIRECHUNK_CORE_SERVER_URL;
+  if (url) {
+    return url.endsWith("/api") ? url.substring(0, url.length - 4) : url;
+  }
+  const adminDomain = env2.ADMIN_DOMAIN;
+  if (adminDomain) {
+    return isLocalhost(adminDomain) ? `http://${adminDomain}` : `https://${adminDomain}`;
+  }
+  return "https://wirechunk.com";
+};
+const parseEnv = async (envMode) => {
+  const env2 = {};
+  if (hasEnvFile) {
+    const envFileRaw = await readFile(envFilePath, "utf8");
+    Object.assign(env2, parseEnv$1(envFileRaw));
+  }
+  if (envMode) {
+    const modeFilePath = `.env.${envMode}`;
+    if (existsSync(modeFilePath)) {
+      const modeFileRaw = await readFile(modeFilePath, "utf8");
+      Object.assign(env2, parseEnv$1(modeFileRaw));
+    }
+  }
+  if (existsSync(envLocalFilePath)) {
+    const envLocalFileRaw = await readFile(envLocalFilePath, "utf8");
+    Object.assign(env2, parseEnv$1(envLocalFileRaw));
+  }
+  if (envMode) {
+    const modeLocalFilePath = `.env.${envMode}.local`;
+    if (existsSync(modeLocalFilePath)) {
+      const modeLocalFileRaw = await readFile(modeLocalFilePath, "utf8");
+      Object.assign(env2, parseEnv$1(modeLocalFileRaw));
+    }
+  }
+  Object.assign(env2, process$2.env);
+  return {
+    ...env2,
+    WIRECHUNK_CORE_SERVER_URL: coreServerUrlFromEnv(env2)
+  };
+};
+var dist$1 = {};
+var utilities = {};
+var extractJson = {};
+var hasRequiredExtractJson;
+function requireExtractJson() {
+  if (hasRequiredExtractJson) return extractJson;
+  hasRequiredExtractJson = 1;
+  Object.defineProperty(extractJson, "__esModule", {
+    value: true
+  });
+  extractJson.default = void 0;
+  const closeCharacterMap = {
+    '"': '"',
+    "[": "]",
+    "{": "}"
+  };
+  const defaultParser = JSON.parse.bind(JSON);
+  const extractJson$1 = (subject, configuration) => {
+    const parser2 = configuration && configuration.parser ? configuration.parser : defaultParser;
+    const filter2 = configuration && configuration.filter;
+    const foundObjects = [];
+    const rule2 = /["[{]/g;
+    let subjectOffset = 0;
+    while (true) {
+      const offsetSubject = subject.slice(subjectOffset);
+      const openCharacterMatch = rule2.exec(offsetSubject);
+      if (!openCharacterMatch) {
+        break;
+      }
+      const openCharacter = openCharacterMatch[0];
+      const closeCharacter = closeCharacterMap[openCharacter];
+      const startIndex = openCharacterMatch.index;
+      let haystack = offsetSubject.slice(startIndex);
+      while (haystack.length) {
+        if (!filter2 || filter2(haystack)) {
+          try {
+            const result2 = parser2(haystack);
+            foundObjects.push(result2);
+            subjectOffset += startIndex + haystack.length;
+            rule2.lastIndex = 0;
+            break;
+          } catch (error2) {
+          }
+        }
+        const offsetIndex = haystack.slice(0, -1).lastIndexOf(closeCharacter) + 1;
+        haystack = haystack.slice(0, offsetIndex);
+      }
+    }
+    return foundObjects;
+  };
+  var _default2 = extractJson$1;
+  extractJson.default = _default2;
+  return extractJson;
+}
+var hasRequiredUtilities;
+function requireUtilities() {
+  if (hasRequiredUtilities) return utilities;
+  hasRequiredUtilities = 1;
+  (function(exports) {
+    Object.defineProperty(exports, "__esModule", {
+      value: true
+    });
+    Object.defineProperty(exports, "extractJson", {
+      enumerable: true,
+      get: function() {
+        return _extractJson.default;
+      }
+    });
+    var _extractJson = _interopRequireDefault(requireExtractJson());
+    function _interopRequireDefault(obj) {
+      return obj && obj.__esModule ? obj : { default: obj };
+    }
+  })(utilities);
+  return utilities;
+}
+var hasRequiredDist$1;
+function requireDist$1() {
+  if (hasRequiredDist$1) return dist$1;
+  hasRequiredDist$1 = 1;
+  (function(exports) {
+    Object.defineProperty(exports, "__esModule", {
+      value: true
+    });
+    Object.defineProperty(exports, "extractJson", {
+      enumerable: true,
+      get: function() {
+        return _utilities.extractJson;
+      }
+    });
+    var _utilities = requireUtilities();
+  })(dist$1);
+  return dist$1;
+}
+var distExports = requireDist$1();
+const getAutoExplainPayload = (noticeMessage) => {
+  const matches = distExports.extractJson(noticeMessage);
+  if (matches.length === 0) {
+    throw new Error("Notice message does not contain a recognizable JSON payload.");
+  }
+  if (matches.length > 1) {
+    throw new Error("Notice message contains multiple JSON payloads.");
+  }
+  return matches[0];
+};
+const isAutoExplainJsonMessage = (noticeMessage) => {
+  return noticeMessage.trim().startsWith("duration:") && noticeMessage.includes("{");
+};
+const toZeroIfInfinity = (value) => Number.isFinite(value) ? value : 0;
+function parseNumber(milliseconds) {
+  return {
+    days: Math.trunc(milliseconds / 864e5),
+    hours: Math.trunc(milliseconds / 36e5 % 24),
+    minutes: Math.trunc(milliseconds / 6e4 % 60),
+    seconds: Math.trunc(milliseconds / 1e3 % 60),
+    milliseconds: Math.trunc(milliseconds % 1e3),
+    microseconds: Math.trunc(toZeroIfInfinity(milliseconds * 1e3) % 1e3),
+    nanoseconds: Math.trunc(toZeroIfInfinity(milliseconds * 1e6) % 1e3)
+  };
+}
+function parseBigint(milliseconds) {
+  return {
+    days: milliseconds / 86400000n,
+    hours: milliseconds / 3600000n % 24n,
+    minutes: milliseconds / 60000n % 60n,
+    seconds: milliseconds / 1000n % 60n,
+    milliseconds: milliseconds % 1000n,
+    microseconds: 0n,
+    nanoseconds: 0n
+  };
+}
+function parseMilliseconds(milliseconds) {
+  switch (typeof milliseconds) {
+    case "number": {
+      if (Number.isFinite(milliseconds)) {
+        return parseNumber(milliseconds);
+      }
+      break;
+    }
+    case "bigint": {
+      return parseBigint(milliseconds);
+    }
+  }
+  throw new TypeError("Expected a finite number or bigint");
+}
+const isZero = (value) => value === 0 || value === 0n;
+const pluralize = (word, count) => count === 1 || count === 1n ? word : `${word}s`;
+const SECOND_ROUNDING_EPSILON = 1e-7;
+const ONE_DAY_IN_MILLISECONDS = 24n * 60n * 60n * 1000n;
+function prettyMilliseconds(milliseconds, options) {
+  const isBigInt = typeof milliseconds === "bigint";
+  if (!isBigInt && !Number.isFinite(milliseconds)) {
+    throw new TypeError("Expected a finite number or bigint");
+  }
+  options = { ...options };
+  const sign = milliseconds < 0 ? "-" : "";
+  milliseconds = milliseconds < 0 ? -milliseconds : milliseconds;
+  if (options.colonNotation) {
+    options.compact = false;
+    options.formatSubMilliseconds = false;
+    options.separateMilliseconds = false;
+    options.verbose = false;
+  }
+  if (options.compact) {
+    options.unitCount = 1;
+    options.secondsDecimalDigits = 0;
+    options.millisecondsDecimalDigits = 0;
+  }
+  let result2 = [];
+  const floorDecimals = (value, decimalDigits) => {
+    const flooredInterimValue = Math.floor(value * 10 ** decimalDigits + SECOND_ROUNDING_EPSILON);
+    const flooredValue = Math.round(flooredInterimValue) / 10 ** decimalDigits;
+    return flooredValue.toFixed(decimalDigits);
+  };
+  const add = (value, long, short, valueString) => {
+    if ((result2.length === 0 || !options.colonNotation) && isZero(value) && !(options.colonNotation && short === "m")) {
+      return;
+    }
+    valueString ??= String(value);
+    if (options.colonNotation) {
+      const wholeDigits = valueString.includes(".") ? valueString.split(".")[0].length : valueString.length;
+      const minLength = result2.length > 0 ? 2 : 1;
+      valueString = "0".repeat(Math.max(0, minLength - wholeDigits)) + valueString;
+    } else {
+      valueString += options.verbose ? " " + pluralize(long, value) : short;
+    }
+    result2.push(valueString);
+  };
+  const parsed = parseMilliseconds(milliseconds);
+  const days = BigInt(parsed.days);
+  if (options.hideYearAndDays) {
+    add(BigInt(days) * 24n + BigInt(parsed.hours), "hour", "h");
+  } else {
+    if (options.hideYear) {
+      add(days, "day", "d");
+    } else {
+      add(days / 365n, "year", "y");
+      add(days % 365n, "day", "d");
+    }
+    add(Number(parsed.hours), "hour", "h");
+  }
+  add(Number(parsed.minutes), "minute", "m");
+  if (!options.hideSeconds) {
+    if (options.separateMilliseconds || options.formatSubMilliseconds || !options.colonNotation && milliseconds < 1e3 && !options.subSecondsAsDecimals) {
+      const seconds = Number(parsed.seconds);
+      const milliseconds2 = Number(parsed.milliseconds);
+      const microseconds = Number(parsed.microseconds);
+      const nanoseconds = Number(parsed.nanoseconds);
+      add(seconds, "second", "s");
+      if (options.formatSubMilliseconds) {
+        add(milliseconds2, "millisecond", "ms");
+        add(microseconds, "microsecond", "µs");
+        add(nanoseconds, "nanosecond", "ns");
+      } else {
+        const millisecondsAndBelow = milliseconds2 + microseconds / 1e3 + nanoseconds / 1e6;
+        const millisecondsDecimalDigits = typeof options.millisecondsDecimalDigits === "number" ? options.millisecondsDecimalDigits : 0;
+        const roundedMilliseconds = millisecondsAndBelow >= 1 ? Math.round(millisecondsAndBelow) : Math.ceil(millisecondsAndBelow);
+        const millisecondsString = millisecondsDecimalDigits ? millisecondsAndBelow.toFixed(millisecondsDecimalDigits) : roundedMilliseconds;
+        add(
+          Number.parseFloat(millisecondsString),
+          "millisecond",
+          "ms",
+          millisecondsString
+        );
+      }
+    } else {
+      const seconds = (isBigInt ? Number(milliseconds % ONE_DAY_IN_MILLISECONDS) : milliseconds) / 1e3 % 60;
+      const secondsDecimalDigits = typeof options.secondsDecimalDigits === "number" ? options.secondsDecimalDigits : 1;
+      const secondsFixed = floorDecimals(seconds, secondsDecimalDigits);
+      const secondsString = options.keepDecimalsOnWholeSeconds ? secondsFixed : secondsFixed.replace(/\.0+$/, "");
+      add(Number.parseFloat(secondsString), "second", "s", secondsString);
+    }
+  }
+  if (result2.length === 0) {
+    return sign + "0" + (options.verbose ? " milliseconds" : "ms");
+  }
+  const separator = options.colonNotation ? ":" : " ";
+  if (typeof options.unitCount === "number") {
+    result2 = result2.slice(0, Math.max(options.unitCount, 1));
+  }
+  return sign + result2.join(separator);
+}
+const errorProperties = [
+  {
+    property: "name",
+    enumerable: false
+  },
+  {
+    property: "message",
+    enumerable: false
+  },
+  {
+    property: "stack",
+    enumerable: false
+  },
+  {
+    property: "code",
+    enumerable: true
+  },
+  {
+    property: "cause",
+    enumerable: false
+  },
+  {
+    property: "errors",
+    enumerable: false
+  }
+];
+const toJsonWasCalled = /* @__PURE__ */ new WeakSet();
+const toJSON = (from) => {
+  toJsonWasCalled.add(from);
+  const json2 = from.toJSON();
+  toJsonWasCalled.delete(from);
+  return json2;
+};
+const destroyCircular = ({
+  from,
+  seen,
+  to,
+  forceEnumerable,
+  maxDepth,
+  depth,
+  useToJSON,
+  serialize
+}) => {
+  if (!to) {
+    if (Array.isArray(from)) {
+      to = [];
+    } else {
+      to = {};
+    }
+  }
+  seen.push(from);
+  if (depth >= maxDepth) {
+    return to;
+  }
+  if (useToJSON && typeof from.toJSON === "function" && !toJsonWasCalled.has(from)) {
+    return toJSON(from);
+  }
+  const continueDestroyCircular = (value) => destroyCircular({
+    from: value,
+    seen: [...seen],
+    forceEnumerable,
+    maxDepth,
+    depth,
+    useToJSON,
+    serialize
+  });
+  for (const [key, value] of Object.entries(from)) {
+    if (value && value instanceof Uint8Array && value.constructor.name === "Buffer") {
+      to[key] = "[object Buffer]";
+      continue;
     }
-    return new ZodEnum2({
-      ...def,
-      checks: [],
-      ...normalizeParams(params),
-      entries: newEntries
-    });
-  };
-  inst.exclude = (values, params) => {
-    const newEntries = { ...def.entries };
-    for (const value of values) {
-      if (keys.has(value)) {
-        delete newEntries[value];
-      } else
-        throw new Error(`Key ${value} not found in enum`);
+    if (value !== null && typeof value === "object" && typeof value.pipe === "function") {
+      to[key] = "[object Stream]";
+      continue;
     }
-    return new ZodEnum2({
-      ...def,
-      checks: [],
-      ...normalizeParams(params),
-      entries: newEntries
-    });
-  };
-});
-function _enum$1(values, params) {
-  const entries = Array.isArray(values) ? Object.fromEntries(values.map((v) => [v, v])) : values;
-  return new ZodEnum2({
-    type: "enum",
-    entries,
-    ...normalizeParams(params)
-  });
-}
-const ZodTransform = /* @__PURE__ */ $constructor("ZodTransform", (inst, def) => {
-  $ZodTransform.init(inst, def);
-  ZodType2.init(inst, def);
-  inst._zod.parse = (payload, _ctx) => {
-    if (_ctx.direction === "backward") {
-      throw new $ZodEncodeError2(inst.constructor.name);
+    if (typeof value === "function") {
+      continue;
     }
-    payload.addIssue = (issue$12) => {
-      if (typeof issue$12 === "string") {
-        payload.issues.push(issue(issue$12, payload.value, def));
-      } else {
-        const _issue = issue$12;
-        if (_issue.fatal)
-          _issue.continue = false;
-        _issue.code ?? (_issue.code = "custom");
-        _issue.input ?? (_issue.input = payload.value);
-        _issue.inst ?? (_issue.inst = inst);
-        payload.issues.push(issue(_issue));
+    if (!value || typeof value !== "object") {
+      try {
+        to[key] = value;
+      } catch {
       }
-    };
-    const output = def.transform(payload.value, payload);
-    if (output instanceof Promise) {
-      return output.then((output2) => {
-        payload.value = output2;
-        return payload;
-      });
+      continue;
     }
-    payload.value = output;
-    return payload;
-  };
-});
-function transform$2(fn) {
-  return new ZodTransform({
-    type: "transform",
-    transform: fn
-  });
-}
-const ZodOptional2 = /* @__PURE__ */ $constructor("ZodOptional", (inst, def) => {
-  $ZodOptional.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.unwrap = () => inst._zod.def.innerType;
-});
-function optional(innerType) {
-  return new ZodOptional2({
-    type: "optional",
-    innerType
-  });
-}
-const ZodNullable2 = /* @__PURE__ */ $constructor("ZodNullable", (inst, def) => {
-  $ZodNullable.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.unwrap = () => inst._zod.def.innerType;
-});
-function nullable(innerType) {
-  return new ZodNullable2({
-    type: "nullable",
-    innerType
-  });
-}
-const ZodDefault2 = /* @__PURE__ */ $constructor("ZodDefault", (inst, def) => {
-  $ZodDefault.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.unwrap = () => inst._zod.def.innerType;
-  inst.removeDefault = inst.unwrap;
-});
-function _default(innerType, defaultValue) {
-  return new ZodDefault2({
-    type: "default",
-    innerType,
-    get defaultValue() {
-      return typeof defaultValue === "function" ? defaultValue() : shallowClone(defaultValue);
+    if (!seen.includes(from[key])) {
+      depth++;
+      to[key] = continueDestroyCircular(from[key]);
+      continue;
     }
-  });
-}
-const ZodPrefault = /* @__PURE__ */ $constructor("ZodPrefault", (inst, def) => {
-  $ZodPrefault.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.unwrap = () => inst._zod.def.innerType;
-});
-function prefault(innerType, defaultValue) {
-  return new ZodPrefault({
-    type: "prefault",
-    innerType,
-    get defaultValue() {
-      return typeof defaultValue === "function" ? defaultValue() : shallowClone(defaultValue);
+    to[key] = "[Circular]";
+  }
+  {
+    for (const { property, enumerable } of errorProperties) {
+      if (from[property] !== void 0 && from[property] !== null) {
+        Object.defineProperty(to, property, {
+          value: isErrorLike(from[property]) || Array.isArray(from[property]) ? continueDestroyCircular(from[property]) : from[property],
+          enumerable: true,
+          configurable: true,
+          writable: true
+        });
+      }
     }
-  });
-}
-const ZodNonOptional = /* @__PURE__ */ $constructor("ZodNonOptional", (inst, def) => {
-  $ZodNonOptional.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.unwrap = () => inst._zod.def.innerType;
-});
-function nonoptional(innerType, params) {
-  return new ZodNonOptional({
-    type: "nonoptional",
-    innerType,
-    ...normalizeParams(params)
-  });
-}
-const ZodCatch2 = /* @__PURE__ */ $constructor("ZodCatch", (inst, def) => {
-  $ZodCatch.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.unwrap = () => inst._zod.def.innerType;
-  inst.removeCatch = inst.unwrap;
-});
-function _catch(innerType, catchValue) {
-  return new ZodCatch2({
-    type: "catch",
-    innerType,
-    catchValue: typeof catchValue === "function" ? catchValue : () => catchValue
-  });
-}
-const ZodPipe = /* @__PURE__ */ $constructor("ZodPipe", (inst, def) => {
-  $ZodPipe.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.in = def.in;
-  inst.out = def.out;
-});
-function pipe(in_, out) {
-  return new ZodPipe({
-    type: "pipe",
-    in: in_,
-    out
-    // ...util.normalizeParams(params),
-  });
-}
-const ZodReadonly2 = /* @__PURE__ */ $constructor("ZodReadonly", (inst, def) => {
-  $ZodReadonly.init(inst, def);
-  ZodType2.init(inst, def);
-  inst.unwrap = () => inst._zod.def.innerType;
-});
-function readonly(innerType) {
-  return new ZodReadonly2({
-    type: "readonly",
-    innerType
-  });
-}
-const ZodCustom = /* @__PURE__ */ $constructor("ZodCustom", (inst, def) => {
-  $ZodCustom.init(inst, def);
-  ZodType2.init(inst, def);
-});
-function refine(fn, _params = {}) {
-  return _refine(ZodCustom, fn, _params);
+  }
+  return to;
+};
+function serializeError(value, options = {}) {
+  const {
+    maxDepth = Number.POSITIVE_INFINITY,
+    useToJSON = true
+  } = options;
+  if (typeof value === "object" && value !== null) {
+    return destroyCircular({
+      from: value,
+      seen: [],
+      forceEnumerable: true,
+      maxDepth,
+      depth: 0,
+      useToJSON,
+      serialize: true
+    });
+  }
+  if (typeof value === "function") {
+    return `[Function: ${value.name || "anonymous"}]`;
+  }
+  return value;
 }
-function superRefine(fn) {
-  return _superRefine(fn);
+function isErrorLike(value) {
+  return Boolean(value) && typeof value === "object" && typeof value.name === "string" && typeof value.message === "string" && typeof value.stack === "string";
 }
+const stringifyCallSite = (callSite) => {
+  return (callSite.fileName || "") + ":" + callSite.lineNumber + ":" + callSite.columnNumber;
+};
+const defaultConfiguration = {
+  logValues: true
+};
+const createQueryLoggingInterceptor = (userConfiguration) => {
+  const configuration = {
+    ...defaultConfiguration,
+    ...userConfiguration
+  };
+  return {
+    afterQueryExecution: (context, query2, result2) => {
+      let rowCount = null;
+      if (result2.rowCount) {
+        rowCount = result2.rowCount;
+      }
+      for (const notice of result2.notices) {
+        if (!notice.message) {
+          continue;
+        }
+        if (isAutoExplainJsonMessage(notice.message)) {
+          context.log.info({
+            autoExplain: getAutoExplainPayload(notice.message)
+          }, "auto explain");
+        }
+      }
+      context.log.debug({
+        executionTime: prettyMilliseconds(Number(process.hrtime.bigint() - BigInt(context.queryInputTime)) / 1e6),
+        rowCount
+      }, "query execution result");
+      return null;
+    },
+    beforeQueryExecution: async (context, query2) => {
+      let stackTrace;
+      if (context.stackTrace) {
+        stackTrace = [];
+        for (const callSite of context.stackTrace) {
+          if (callSite.fileName !== null && !callSite.fileName.includes("node_modules/slonik/") && !callSite.fileName.includes("next_tick")) {
+            stackTrace.push(stringifyCallSite(callSite));
+          }
+        }
+      }
+      let values;
+      if (configuration.logValues) {
+        values = [];
+        for (const value of query2.values) {
+          if (Buffer.isBuffer(value)) {
+            values.push("[Buffer " + value.byteLength + "]");
+          } else {
+            values.push(value);
+          }
+        }
+      }
+      context.log.debug({
+        sql: query2.sql,
+        stackTrace,
+        values
+      }, "executing query");
+      return null;
+    },
+    name: "slonik-interceptor-query-logging",
+    queryExecutionError: (context, query2, error2) => {
+      context.log.error({
+        error: serializeError(error2)
+      }, "query execution produced an error");
+      return null;
+    }
+  };
+};
 const extensionDbName = (id2) => `ext_${id2}`;
 const voidSelectSchema = object({});
+const stringIdSelectSchema = object({
+  id: string()
+});
 const requireExtensionIdOptionOrEnvVar = (options, env2) => {
   const extensionId = options.extensionId || env2.EXTENSION_ID;
   if (!extensionId) {
@@ -26400,61 +26565,298 @@ const getExtensionDbConnectInfo = (opts, env2) => {
     dbName
   };
 };
+const revokeAllUserPlatformPermissions = async ({
+  platformAdminId
+}, db) => {
+  await db.query(
+    sql.type(
+      voidSelectSchema
+    )`delete from "Permissions" where "platformAdminId" = ${platformAdminId}`
+  );
+};
+const grantAllUserPlatformPermissions = async ({
+  platformAdminId
+}, db) => {
+  await db.query(
+    sql.type(
+      voidSelectSchema
+    )`insert into "Permissions" ("platformAdminId", "object", "action") values ${sql.join(
+      allPermissions.map(
+        (permission) => sql.fragment`(${platformAdminId}, ${permission.object}, ${permission.action})`
+      ),
+      sql.fragment`,`
+    )} on conflict ("platformAdminId", "object", "action") do nothing`
+  );
+};
+const devAdminPlatformId = "ths9gw8";
+const devUserEmail = "dev@example.com";
+const devUserPassword = "password00";
 const platformHandleAvailable = async (handle, db) => !await db.maybeOne(
   sql.type(voidSelectSchema)`select from "Platforms" where "handle" = ${handle}`
 );
-const randomString = () => randomUUID().replaceAll("-", "").slice(0, 10);
+const findSiteByDomainResult = object({
+  id: string(),
+  platformId: string()
+});
+const devJwtSecret = "abcd1234abcd1234abcd1234abcd1234";
+const tokenExpiresInSeconds = 60 * 60 * 24 * 365 * 5;
+const resolveEnvFilePath = (cwd, envMode) => envMode ? resolve$1(cwd, `./.env.${envMode}.local`) : resolve$1(cwd, "./.env.local");
+const requireJwtSecret = (opts, env2) => {
+  const secret = env2.WIRECHUNK_CORE_JWT_SECRET;
+  if (secret) {
+    return secret;
+  }
+  if (opts.dev) {
+    return devJwtSecret;
+  }
+  console.error("Missing WIRECHUNK_CORE_JWT_SECRET in environment");
+  process.exit(1);
+};
+const signAuthToken = (sessionId, secret, expiresInSeconds) => jwt.sign(
+  {
+    sessionId,
+    originalCreatedAt: Date.now()
+  },
+  secret,
+  { algorithm: "HS256", expiresIn: expiresInSeconds }
+);
 const bootstrap = async (opts, env2) => {
   const db = await createPool(requireCoreDbUrl(env2));
-  const platformId = cleanTinyId();
-  const name = opts.name.trim();
-  let handle = opts.handle?.trim().toLowerCase().replace(/\s+/g, "-");
+  const cwd = process.cwd();
+  const envFilePath2 = resolveEnvFilePath(cwd, opts.envMode);
+  if (opts.dev && (opts.name !== void 0 || opts.handle !== void 0 || opts.adminSiteDomain !== void 0)) {
+    console.error("--dev cannot be combined with --name, --handle, or --admin-site-domain");
+    process.exit(1);
+  }
+  const name = opts.dev ? "Dev" : opts.name?.trim();
+  if (!name) {
+    console.error("Missing required option: --name");
+    process.exit(1);
+  }
+  let handle = opts.dev ? "dev" : opts.handle?.trim().toLowerCase().replace(/\s+/g, "-");
   if (!handle) {
     handle = name.toLowerCase().replace(/\s+/g, "-");
     if (!await platformHandleAvailable(handle, db)) {
-      handle = `${handle}-${randomString()}`;
+      const randomString = randomUUID().replaceAll("-", "").toLowerCase().slice(0, 10);
+      handle = `${handle}-${randomString}`;
     }
   } else if (!await platformHandleAvailable(handle, db)) {
     console.error(`Handle "${handle}" is already in use`);
     process.exit(1);
   }
-  const adminSiteDomain = normalizeDomain(opts.adminSiteDomain, { allowPort: true });
+  const rawAdminSiteDomain = opts.dev ? "localhost:8080" : opts.adminSiteDomain?.trim();
+  if (!rawAdminSiteDomain) {
+    console.error("Missing required option: --admin-site-domain");
+    process.exit(1);
+  }
+  const adminSiteDomain = normalizeDomain(rawAdminSiteDomain, { allowPort: true });
   if (!adminSiteDomain) {
     console.error("Invalid admin site domain");
     process.exit(1);
   }
-  let emailSendFrom;
-  if (opts.emailSendFrom) {
-    const normalizeEmailSendFromResult = normalizeEmailAddress(opts.emailSendFrom);
-    if (!normalizeEmailSendFromResult.ok) {
-      console.error(normalizeEmailSendFromResult.error);
-      process.exit(1);
+  let devUserPasswordHash = null;
+  if (opts.dev) {
+    devUserPasswordHash = await hashPassword(devUserPassword);
+  }
+  const result2 = await db.transaction(async (db2) => {
+    const existingSiteForDomain = await db2.maybeOne(
+      sql.type(findSiteByDomainResult)`
+      select "id", "platformId"
+      from "Sites"
+      where "domain" = ${adminSiteDomain}
+    `
+    );
+    if (existingSiteForDomain) {
+      return {
+        code: 1,
+        error: `Domain "${adminSiteDomain}" is already in use by the platform with ID ${existingSiteForDomain.platformId}`
+      };
     }
-    emailSendFrom = normalizeEmailSendFromResult.value;
-  } else {
-    emailSendFrom = `site@${adminSiteDomain}`;
+    const insertPlatformQuery = opts.dev ? sql.type(stringIdSelectSchema)`
+          insert into "Platforms" (
+            "id",
+            "handle",
+            "name"
+          )
+          values (
+            ${devAdminPlatformId},
+            ${handle},
+            ${name}
+          )
+          returning "id"
+        ` : sql.type(stringIdSelectSchema)`
+          insert into "Platforms" (
+            "handle",
+            "name"
+          )
+          values (
+            ${handle},
+            ${name}
+          )
+          returning "id"
+        `;
+    const platform = await db2.one(insertPlatformQuery);
+    const adminSiteId = cleanSmallId();
+    await db2.query(
+      sql.type(voidSelectSchema)`
+        insert into "Sites" (
+          "id",
+          "platformId",
+          "domain",
+          "name"
+        )
+        values (
+          ${adminSiteId},
+          ${platform.id},
+          ${adminSiteDomain},
+          ${name}
+        )
+      `
+    );
+    await db2.query(
+      sql.type(voidSelectSchema)`
+        update "Platforms"
+        set "mainSiteId" = ${adminSiteId}
+        where "id" = ${platform.id}
+      `
+    );
+    if (opts.dev) {
+      assert(devUserPasswordHash, "Missing dev user password hash.");
+      const devUserId = cleanSmallId();
+      await db2.query(
+        sql.type(voidSelectSchema)`
+          insert into "Users" (
+            "id",
+            "platformId",
+            "email",
+            "emailVerified",
+            "password",
+            "passwordStatus",
+            "status",
+            "firstName",
+            "lastName",
+            "role"
+          )
+          values (
+            ${devUserId},
+            ${platform.id},
+            ${devUserEmail},
+            true,
+            ${devUserPasswordHash},
+            'Ok',
+            'Active',
+            'Mocky',
+            'McStubbs',
+            ''
+          )
+        `
+      );
+      const devPlatformAdminId = cleanSmallId();
+      await db2.query(
+        sql.type(voidSelectSchema)`
+          insert into "PlatformAdmins" (
+            "id",
+            "platformId",
+            "userId",
+            "owner",
+            "active"
+          )
+          values (
+            ${devPlatformAdminId},
+            ${platform.id},
+            ${devUserId},
+            true,
+            true
+          )
+        `
+      );
+      await grantAllUserPlatformPermissions(
+        {
+          platformAdminId: devPlatformAdminId
+        },
+        db2
+      );
+      return {
+        code: 0,
+        platformId: platform.id
+      };
+    }
+    return {
+      code: 0,
+      platformId: platform.id
+    };
+  });
+  if (result2.code !== 0) {
+    console.error(result2.error);
+    process.exit(result2.code);
   }
+  console.log(
+    `Created platform ${name} with handle ${handle} (ID ${result2.platformId}) and admin site ${adminSiteDomain}`
+  );
+  const jwtSecret = requireJwtSecret(opts, env2);
+  const sessionId = cleanSmallId();
+  const apiTokenId = cleanSmallId();
   await db.transaction(async (db2) => {
     await db2.query(
       sql.type(voidSelectSchema)`
-        insert into "Platforms" (
+        insert into "Sessions" (
+          "id",
+          "platformId",
+          "createdByIpAddress"
+        )
+        values (
+          ${sessionId},
+          ${result2.platformId},
+          ''
+        )
+      `
+    );
+    await db2.query(
+      sql.type(voidSelectSchema)`
+        insert into "ApiTokens" (
           "id",
-          "handle",
           "name",
-          "defaultFormNotificationEmailBodyTemplate",
-          "emailSendFromAddress"
+          "sessionId"
         )
         values (
-          ${platformId},
-          ${handle},
-          ${name},
-          ${defaultNotificationEmailBodyTemplate},
-          ${emailSendFrom}
+          ${apiTokenId},
+          'Bootstrap CLI token',
+          ${sessionId}
         )
       `
     );
+    const values = allPermissions.map(
+      ({ object: object2, action }) => sql.fragment`(${apiTokenId}, ${object2}, ${action})`
+    );
+    if (values.length) {
+      await db2.query(
+        sql.type(voidSelectSchema)`
+          insert into "Permissions" ("apiTokenId", "object", "action")
+          values ${sql.join(values, sql.fragment`, `)}
+        `
+      );
+    }
   });
-  console.log(`Created platform ${name} with handle ${handle} (ID ${platformId})`);
+  const token = signAuthToken(sessionId, jwtSecret, tokenExpiresInSeconds);
+  if (opts.verbose) {
+    console.log(`Loading file ${envFilePath2} to update environment variables`);
+  }
+  if (existsSync(envFilePath2)) {
+    const envFile = await readFile(envFilePath2, "utf8");
+    let lines = replaceEnvVar(envFile.split("\n"), "WIRECHUNK_API_TOKEN", token);
+    lines = replaceEnvVar(lines, "WIRECHUNK_PLATFORM_ID", result2.platformId);
+    await writeFile(envFilePath2, lines.join("\n"));
+  } else {
+    if (opts.verbose) {
+      console.log(`Creating file ${envFilePath2}`);
+    }
+    await writeFile(
+      envFilePath2,
+      `WIRECHUNK_API_TOKEN=${token}
+WIRECHUNK_PLATFORM_ID=${result2.platformId}
+`
+    );
+  }
 };
 const validateExtensionConfig = validate25;
 function validate25(data, { instancePath = "", parentData, parentDataProperty, rootData = data, dynamicAnchors = {} } = {}) {
@@ -43946,7 +44348,7 @@ function requireErrors() {
   const classRegExp = /^([A-Z][a-z0-9]*)+$/;
   const nodeInternalPrefix = "__node_internal_";
   const codes = {};
-  function assert(value, message) {
+  function assert2(value, message) {
     if (!value) {
       throw new codes.ERR_INTERNAL_ASSERTION(message);
     }
@@ -43962,7 +44364,7 @@ function requireErrors() {
   }
   function getMessage(key, msg, args) {
     if (typeof msg === "function") {
-      assert(
+      assert2(
         msg.length <= args.length,
         // Default options do not count.
         `Code: ${key}; The provided arguments length (${args.length}) does not match the required ones (${msg.length}).`
@@ -43970,7 +44372,7 @@ function requireErrors() {
       return msg(...args);
     }
     const expectedLength = (msg.match(/%[dfijoOs]/g) || []).length;
-    assert(
+    assert2(
       expectedLength === args.length,
       `Code: ${key}; The provided arguments length (${args.length}) does not match the required ones (${expectedLength}).`
     );
@@ -44044,7 +44446,7 @@ function requireErrors() {
   E(
     "ERR_INVALID_ARG_TYPE",
     (name, expected, actual) => {
-      assert(typeof name === "string", "'name' must be a string");
+      assert2(typeof name === "string", "'name' must be a string");
       if (!Array.isArray(expected)) {
         expected = [expected];
       }
@@ -44059,13 +44461,13 @@ function requireErrors() {
       const instances = [];
       const other = [];
       for (const value of expected) {
-        assert(typeof value === "string", "All expected entries have to be of type string");
+        assert2(typeof value === "string", "All expected entries have to be of type string");
         if (kTypes.includes(value)) {
           types2.push(value.toLowerCase());
         } else if (classRegExp.test(value)) {
           instances.push(value);
         } else {
-          assert(value !== "object", 'The value "object" should be written as "Object"');
+          assert2(value !== "object", 'The value "object" should be written as "Object"');
           other.push(value);
         }
       }
@@ -44178,7 +44580,7 @@ function requireErrors() {
   E(
     "ERR_MISSING_ARGS",
     (...args) => {
-      assert(args.length > 0, "At least one arg needs to be specified");
+      assert2(args.length > 0, "At least one arg needs to be specified");
       let msg;
       const len = args.length;
       args = (Array.isArray(args) ? args : [args]).map((a) => `"${a}"`).join(" or ");
@@ -44203,7 +44605,7 @@ function requireErrors() {
   E(
     "ERR_OUT_OF_RANGE",
     (str, range2, input) => {
-      assert(range2, 'Missing "range" argument');
+      assert2(range2, 'Missing "range" argument');
       let received;
       if (Number.isInteger(input) && Math.abs(input) > 2 ** 32) {
         received = addNumericalSeparator(String(input));
@@ -65034,6 +65436,80 @@ const CreateExtensionVersionDocument = {
     }
   ]
 };
+const CreateExtensionDocument = {
+  kind: "Document",
+  definitions: [
+    {
+      kind: "OperationDefinition",
+      operation: "mutation",
+      name: { kind: "Name", value: "CreateExtension" },
+      variableDefinitions: [
+        {
+          kind: "VariableDefinition",
+          variable: { kind: "Variable", name: { kind: "Name", value: "input" } },
+          type: {
+            kind: "NonNullType",
+            type: { kind: "NamedType", name: { kind: "Name", value: "CreateExtensionInput" } }
+          }
+        }
+      ],
+      selectionSet: {
+        kind: "SelectionSet",
+        selections: [
+          {
+            kind: "Field",
+            name: { kind: "Name", value: "createExtension" },
+            arguments: [
+              {
+                kind: "Argument",
+                name: { kind: "Name", value: "input" },
+                value: { kind: "Variable", name: { kind: "Name", value: "input" } }
+              }
+            ],
+            selectionSet: {
+              kind: "SelectionSet",
+              selections: [
+                { kind: "Field", name: { kind: "Name", value: "__typename" } },
+                {
+                  kind: "InlineFragment",
+                  typeCondition: {
+                    kind: "NamedType",
+                    name: { kind: "Name", value: "CreateExtensionSuccessResult" }
+                  },
+                  selectionSet: {
+                    kind: "SelectionSet",
+                    selections: [
+                      {
+                        kind: "Field",
+                        name: { kind: "Name", value: "extension" },
+                        selectionSet: {
+                          kind: "SelectionSet",
+                          selections: [
+                            { kind: "Field", name: { kind: "Name", value: "id" } },
+                            { kind: "Field", name: { kind: "Name", value: "name" } },
+                            { kind: "Field", name: { kind: "Name", value: "enabled" } }
+                          ]
+                        }
+                      }
+                    ]
+                  }
+                },
+                {
+                  kind: "InlineFragment",
+                  typeCondition: { kind: "NamedType", name: { kind: "Name", value: "Error" } },
+                  selectionSet: {
+                    kind: "SelectionSet",
+                    selections: [{ kind: "Field", name: { kind: "Name", value: "message" } }]
+                  }
+                }
+              ]
+            }
+          }
+        ]
+      }
+    }
+  ]
+};
 const createExtensionVersion$1 = ({
   client: client2,
   variables,
@@ -65106,7 +65582,7 @@ const createExtensionVersion = async (opts, env2) => {
   let extensionVersionId;
   let signedUrl;
   try {
-    const url = `${env2.CORE_SERVER_URL}/api`;
+    const url = `${env2.WIRECHUNK_CORE_SERVER_URL}/api`;
     if (opts.verbose) {
       console.log(`POST ${url}`);
     }
@@ -65127,6 +65603,12 @@ const createExtensionVersion = async (opts, env2) => {
     });
     if (result2.createExtensionVersion.__typename === "CreateExtensionVersionSuccessResult") {
       extensionVersionId = result2.createExtensionVersion.extensionVersion.id;
+      if (!result2.createExtensionVersion.signedUrl) {
+        console.error(
+          "Failed to upload source code for the extension version: a signed URL for the upload is not set"
+        );
+        process.exit(1);
+      }
       signedUrl = result2.createExtensionVersion.signedUrl;
     } else {
       console.error(
@@ -65186,39 +65668,241 @@ const createExtensionVersion = async (opts, env2) => {
   }
   console.log(`Created version ${versionName} (ID ${extensionVersionId})`);
 };
-const validatePasswordComplexity = (password) => {
-  if (password.length < 10) {
-    return {
-      ok: false,
-      error: "Password must be at least 10 characters long."
-    };
+const toConfigObject = (raw) => {
+  const parsed = parseEnv$1(raw);
+  const configEntries = Object.entries(parsed).filter(
+    (entry) => entry[1] !== void 0
+  );
+  return Object.fromEntries(configEntries);
+};
+const resolveServerAndDbOptions = (manifest) => {
+  if (!manifest.server) {
+    return { enableServer: false, enableDb: false };
   }
-  if (password.length > 120) {
+  let enableServer = !!manifest.server.enable;
+  let enableDb;
+  if (manifest.server.database?.enable && manifest.server.enable === false) {
+    console.warn("WARNING: Automatically disabling database because server is disabled");
+    enableDb = false;
+  } else if (manifest.server.database?.enable && !manifest.server.enable) {
+    console.warn("WARNING: Automatically enabling server because database is enabled");
+    enableServer = true;
+    enableDb = true;
+  } else {
+    enableDb = !!manifest.server.database?.enable;
+  }
+  return { enableServer, enableDb };
+};
+const formatValidationErrors = (errors2) => {
+  if (!errors2 || errors2.length === 0) {
+    return "Invalid extension config.";
+  }
+  return errors2.map((error2) => {
+    const path2 = error2.instancePath || "/";
+    const message = error2.message ?? "is invalid";
+    return `${path2} ${message}`.trim();
+  }).join("; ");
+};
+const createExtension = async (opts, env2) => {
+  const cwd = process.cwd();
+  let nameFromConfig = null;
+  let extensionConfigError = null;
+  let manifest = null;
+  if (opts.dev) {
+    const extensionDir = await requireValidExtensionDir(cwd);
+    manifest = extensionDir.manifest;
+    nameFromConfig = manifest.name;
+  } else if (!opts.name) {
+    const extensionConfigPath = resolve$1(cwd, "extension.json");
+    if (existsSync(extensionConfigPath)) {
+      if (opts.verbose) {
+        console.log(`Loading extension config ${extensionConfigPath}`);
+      }
+      try {
+        const parsedExtensionConfig = JSON.parse(
+          await readFile(extensionConfigPath, "utf8")
+        );
+        if (validateExtensionConfig(parsedExtensionConfig)) {
+          nameFromConfig = parsedExtensionConfig.name;
+        } else {
+          extensionConfigError = `Invalid extension config at ${extensionConfigPath}: ${formatValidationErrors(validateExtensionConfig.errors)}`;
+        }
+      } catch (error2) {
+        extensionConfigError = `Failed to read extension config at ${extensionConfigPath}: ${parseErrorMessage(error2)}`;
+      }
+    } else {
+      extensionConfigError = `extension.json not found at ${extensionConfigPath}`;
+    }
+  }
+  const platformId = (opts.platformId ?? env2.WIRECHUNK_PLATFORM_ID)?.trim();
+  const name = (opts.name ?? nameFromConfig)?.trim();
+  if (!platformId || !name) {
+    const missing = [];
+    const details = [];
+    if (!platformId) {
+      missing.push("platform ID");
+      details.push("Pass --platform-id or set WIRECHUNK_PLATFORM_ID.");
+    }
+    if (!name) {
+      missing.push("extension name");
+      details.push(
+        extensionConfigError ?? "Provide --name or add a valid extension.json file in the current directory."
+      );
+    }
+    console.error(`${missing.join(" and ")} missing. ${details.join(" ")}`);
+    process.exit(1);
+  }
+  const apiToken = requireApiToken(env2);
+  const enabled = !opts.disabled;
+  let config2 = null;
+  if (opts.configFile) {
+    const configFilePath = resolve$1(cwd, opts.configFile);
+    if (opts.verbose) {
+      console.log(`Loading config file ${configFilePath}`);
+    }
+    const configFile = await readFile(configFilePath, "utf8");
+    try {
+      config2 = toConfigObject(configFile);
+    } catch (error2) {
+      console.error(`Failed to parse config file at ${configFilePath}:`, parseErrorMessage(error2));
+      process.exit(1);
+    }
+  }
+  const url = `${env2.WIRECHUNK_CORE_SERVER_URL}/api`;
+  if (opts.verbose) {
+    console.log(`POST ${url}`);
+  }
+  try {
+    const client2 = new GraphQLClient(url);
+    let devServerDbOptions = null;
+    if (opts.dev) {
+      if (!manifest) {
+        console.error("The --dev flag requires a valid extension.json manifest.");
+        process.exit(1);
+      }
+      devServerDbOptions = resolveServerAndDbOptions(manifest);
+    }
+    const result2 = await client2.request({
+      document: CreateExtensionDocument,
+      variables: {
+        input: {
+          platformId,
+          name,
+          enabled,
+          config: config2 ? JSON.stringify(config2) : void 0
+        }
+      },
+      requestHeaders: {
+        Authorization: `Bearer ${apiToken}`
+      }
+    });
+    if (result2.createExtension.__typename === "CreateExtensionSuccessResult") {
+      const extension = result2.createExtension.extension;
+      console.log(`Created extension ${extension.name} (ID ${extension.id})`);
+      const envFilePath2 = opts.envMode ? resolve$1(cwd, `./.env.${opts.envMode}.local`) : resolve$1(cwd, "./.env.local");
+      const envLines = await (async () => {
+        if (existsSync(envFilePath2)) {
+          if (opts.verbose) {
+            console.log(`Loading file ${envFilePath2} to update environment variables`);
+          }
+          const envFile = await readFile(envFilePath2, "utf8");
+          return envFile.split("\n");
+        }
+        if (opts.verbose) {
+          console.log(`Creating file ${envFilePath2}`);
+        }
+        return [];
+      })();
+      let updatedEnvLines = replaceEnvVar(envLines, "EXTENSION_ID", extension.id);
+      if (devServerDbOptions?.enableDb) {
+        const { url: extensionDbUrl } = getExtensionDbConnectInfo(
+          { extensionId: extension.id },
+          env2
+        );
+        updatedEnvLines = replaceEnvVar(updatedEnvLines, "DATABASE_URL", extensionDbUrl.toString());
+      }
+      const envContents = updatedEnvLines.join("\n");
+      await writeFile(envFilePath2, envContents.endsWith("\n") ? envContents : `${envContents}
+`);
+      if (opts.dev) {
+        if (!devServerDbOptions) {
+          console.error("The --dev flag requires a valid extension.json manifest.");
+          process.exit(1);
+        }
+        const { enableServer, enableDb } = devServerDbOptions;
+        const versionResult = await client2.request({
+          document: CreateExtensionVersionDocument,
+          variables: {
+            input: {
+              extensionId: extension.id,
+              extensionName: extension.name,
+              versionName: "1",
+              manifest: JSON.stringify(manifest),
+              enableServer,
+              enableDb,
+              autoDeploy: false
+            }
+          },
+          requestHeaders: {
+            Authorization: `Bearer ${apiToken}`
+          }
+        });
+        if (versionResult.createExtensionVersion.__typename !== "CreateExtensionVersionSuccessResult") {
+          console.error(
+            `Failed to create dev extension version (${versionResult.createExtensionVersion.__typename}):`,
+            versionResult.createExtensionVersion.message
+          );
+          process.exit(1);
+        }
+        if (opts.verbose) {
+          console.log(
+            `Created dev extension version 1 (ID ${versionResult.createExtensionVersion.extensionVersion.id})`
+          );
+          console.log("Skipping upload in dev mode.");
+        }
+      }
+      return;
+    }
+    console.error(
+      `Failed to create an extension (${result2.createExtension.__typename}):`,
+      result2.createExtension.message
+    );
+    process.exit(1);
+  } catch (error2) {
+    console.error("Failed to create an extension:", parseErrorMessage(error2));
+    process.exit(1);
+  }
+};
+const extractParts = (email2) => {
+  const [name, domain] = email2.split("@");
+  return { name, domain };
+};
+const normalizeEmailAddress = (email2) => {
+  const emailTrimmed = email2.trim().toLowerCase();
+  if (!emailTrimmed) {
+    return { ok: false, error: "An email address is required." };
+  }
+  if (emailTrimmed.length > 60 || !emailTrimmed.includes("@") || !emailTrimmed.includes(".")) {
     return {
       ok: false,
-      error: "Password must be at most 120 characters long."
+      error: "It does not look like the email address you provided is valid."
     };
   }
-  if (!/[a-zA-Z]/.test(password)) {
+  const { name, domain } = extractParts(emailTrimmed);
+  if (!name) {
     return {
       ok: false,
-      error: "Password must contain at least one letter."
+      error: "It does not look like the email address you provided is valid. Please check the name."
     };
   }
-  if (!/\d/.test(password)) {
+  if (!domain || !validDomain(domain)) {
     return {
       ok: false,
-      error: "Password must contain at least one digit."
+      error: "It does not look like the email address you provided is valid. Please check the domain."
     };
   }
-  return {
-    ok: true,
-    value: void 0
-  };
+  return { ok: true, value: emailTrimmed };
 };
-const hashPassword = (password) => hash(password, {
-  type: argon2id
-});
 const detailedUniqueIntegrityConstraintViolationError = (error2) => {
   const message = error2.message === "Query violates a unique integrity constraint." ? `A database uniqueness constraint was violated when inserting or updating` : error2.message;
   const details = [];
@@ -65411,206 +66095,6 @@ const createUser = async (opts, env2) => {
     process.exit(1);
   }
 };
-const permissionAssetEdit = {
-  object: "Asset",
-  action: "edit"
-};
-const permissionAssetView = {
-  object: "Asset",
-  action: "view"
-};
-const permissionExtensionCreate = {
-  object: "Extension",
-  action: "create"
-};
-const permissionExtensionCreateVersion = {
-  object: "Extension",
-  action: "createVersion"
-};
-const permissionSiteCreate = {
-  object: "Site",
-  action: "create"
-};
-const permissionTemplateCreate = {
-  object: "Template",
-  action: "create"
-};
-const permissionUserCreate = {
-  object: "User",
-  action: "create"
-};
-const permissionPlatformEdit = {
-  object: "Platform",
-  action: "edit"
-};
-const permissionComponentEdit = {
-  object: "Component",
-  action: "edit"
-};
-const permissionCourseEdit = {
-  object: "Course",
-  action: "edit"
-};
-const permissionCustomComponentEdit = {
-  object: "CustomComponent",
-  action: "edit"
-};
-const permissionCustomFieldEdit = {
-  object: "CustomField",
-  action: "edit"
-};
-const permissionExtensionEdit = {
-  object: "Extension",
-  action: "edit"
-};
-const permissionFileUploadAsExtension = {
-  object: "File",
-  action: "uploadAsExtension"
-};
-const permissionHelpTicketEditStatus = {
-  object: "HelpTicket",
-  action: "editStatus"
-};
-const permissionSequenceEdit = {
-  object: "Sequence",
-  action: "edit"
-};
-const permissionSequenceUserEdit = {
-  object: "SequenceUser",
-  action: "edit"
-};
-const permissionSiteEdit = {
-  object: "Site",
-  action: "edit"
-};
-const permissionSiteEditDomain = {
-  object: "Site",
-  action: "editDomain"
-};
-const permissionSiteEditTls = {
-  object: "Site",
-  action: "editTls"
-};
-const permissionSubscriptionEdit = {
-  object: "Subscription",
-  action: "edit"
-};
-const permissionTemplateEdit = {
-  object: "Template",
-  action: "edit"
-};
-const permissionUserEditEmail = {
-  object: "User",
-  action: "editEmail"
-};
-const permissionUserEditOrg = {
-  object: "User",
-  action: "editOrg"
-};
-const permissionUserEditStatus = {
-  object: "User",
-  action: "editStatus"
-};
-const permissionUserEditRole = {
-  object: "User",
-  action: "editRole"
-};
-const permissionUserEditProfile = {
-  object: "User",
-  action: "editProfile"
-};
-const permissionUserEditCustomFields = {
-  object: "User",
-  action: "editCustomFields"
-};
-const permissionFormTemplateSync = {
-  object: "FormTemplate",
-  action: "sync"
-};
-const permissionPageTemplateSync = {
-  object: "PageTemplate",
-  action: "sync"
-};
-const permissionPlatformView = {
-  object: "Platform",
-  action: "view"
-};
-const permissionCourseView = {
-  object: "Course",
-  action: "view"
-};
-const permissionExtensionView = {
-  object: "Extension",
-  action: "view"
-};
-const permissionSiteView = {
-  object: "Site",
-  action: "view"
-};
-const permissionTemplateView = {
-  object: "Template",
-  action: "view"
-};
-const allPermissions = [
-  permissionAssetEdit,
-  permissionAssetView,
-  permissionExtensionCreate,
-  permissionExtensionCreateVersion,
-  permissionExtensionEdit,
-  permissionExtensionView,
-  permissionTemplateCreate,
-  permissionComponentEdit,
-  permissionCourseEdit,
-  permissionCustomComponentEdit,
-  permissionCustomFieldEdit,
-  permissionFileUploadAsExtension,
-  permissionHelpTicketEditStatus,
-  permissionSequenceEdit,
-  permissionSequenceUserEdit,
-  permissionSiteCreate,
-  permissionSiteEdit,
-  permissionSiteEditDomain,
-  permissionSiteEditTls,
-  permissionSiteView,
-  permissionSubscriptionEdit,
-  permissionTemplateEdit,
-  permissionTemplateView,
-  permissionUserCreate,
-  permissionUserEditEmail,
-  permissionUserEditOrg,
-  permissionUserEditStatus,
-  permissionUserEditRole,
-  permissionUserEditProfile,
-  permissionUserEditCustomFields,
-  permissionFormTemplateSync,
-  permissionPageTemplateSync,
-  permissionPlatformEdit,
-  permissionPlatformView,
-  permissionCourseView
-];
-const revokeAllUserPlatformPermissions = async ({
-  platformAdminId
-}, db) => {
-  await db.query(
-    sql.type(
-      voidSelectSchema
-    )`delete from "Permissions" where "platformAdminId" = ${platformAdminId}`
-  );
-};
-const grantAllUserPlatformPermissions = async ({
-  platformAdminId
-}, db) => {
-  await db.query(
-    sql.type(
-      voidSelectSchema
-    )`insert into "Permissions" ("id", "platformAdminId", "object", "action") values ${sql.join(
-      allPermissions.map(
-        (permission) => sql.fragment`(${cleanSmallId()}, ${platformAdminId}, ${permission.object}, ${permission.action})`
-      ),
-      sql.fragment`,`
-    )} on conflict ("platformAdminId", "object", "action") do nothing`
-  );
-};
 const findPlatformAdminSchema = object({
   id: string(),
   platformId: string(),
@@ -65647,8 +66131,8 @@ const editAdmin = async (opts, env2) => {
         if (!platformAdmin) {
           platformAdmin = await db2.one(
             sql.type(findPlatformAdminSchema)`
-              insert into "PlatformAdmins" ("id", "platformId", "userId", "owner", "active")
-              values (${cleanSmallId()}, ${platformId}, ${userId}, true, ${active ?? true})
+              insert into "PlatformAdmins" ("platformId", "userId", "owner", "active")
+              values (${platformId}, ${userId}, true, ${active ?? true})
               returning "id", "platformId", "active"
             `
           );
@@ -65918,6 +66402,90 @@ const initDb = async (opts, env2) => {
     coreDbUrl: coreDbUrlObject
   });
 };
+const parseStartFlag = (value, name) => {
+  const trimmed = value?.trim();
+  if (!trimmed) {
+    return void 0;
+  }
+  if (trimmed === "true") {
+    return true;
+  }
+  console.error(`${name} must be "true" or empty`);
+  process.exit(1);
+};
+const startCore = async (opts, env2) => {
+  const image = env2.WIRECHUNK_CORE_DEV_SERVER_IMAGE;
+  if (!image) {
+    console.error("Missing WIRECHUNK_CORE_DEV_SERVER_IMAGE in environment");
+    process.exit(1);
+  }
+  const databaseUrl = env2.WIRECHUNK_CORE_DATABASE_URL_DOCKER || env2.WIRECHUNK_CORE_DATABASE_URL;
+  if (!databaseUrl) {
+    console.error(
+      "Missing WIRECHUNK_CORE_DATABASE_URL_DOCKER or WIRECHUNK_CORE_DATABASE_URL in environment"
+    );
+    process.exit(1);
+  }
+  const envKeep = parseStartFlag(env2.WIRECHUNK_CORE_START_KEEP, "WIRECHUNK_CORE_START_KEEP");
+  const envAttach = parseStartFlag(env2.WIRECHUNK_CORE_START_ATTACH, "WIRECHUNK_CORE_START_ATTACH");
+  const keep = opts.keep ?? envKeep ?? false;
+  const attach = opts.attach ?? envAttach ?? false;
+  const cwd = resolve$1(process.cwd());
+  const args = [
+    "run",
+    "--name",
+    "wirechunk-core",
+    "--env-file",
+    ".env",
+    "--env-file",
+    ".env.local",
+    "-e",
+    `DATABASE_URL=${databaseUrl}`,
+    "-e",
+    "PORT=8080",
+    "-v",
+    `${cwd}:/ext`,
+    "-p",
+    "8080:8080",
+    "-p",
+    "9001:9001"
+  ];
+  if (!keep) {
+    args.push("--rm");
+  }
+  if (attach) {
+    args.push("-it");
+  } else {
+    args.push("-d");
+  }
+  args.push(image);
+  if (opts.verbose) {
+    console.log(`Running docker ${args.join(" ")}`);
+  }
+  let exitCode = 0;
+  try {
+    const result2 = await new Promise(
+      (resolvePromise, rejectPromise) => {
+        const child = spawn("docker", args, { stdio: "inherit" });
+        child.on("error", rejectPromise);
+        child.on("close", (code2, signal) => {
+          resolvePromise({ code: code2, signal });
+        });
+      }
+    );
+    if (result2.signal) {
+      console.error(`docker exited with signal ${result2.signal}`);
+      process.exit(1);
+    }
+    exitCode = result2.code ?? 1;
+  } catch (err) {
+    console.error("Failed to run docker:", err);
+    process.exit(1);
+  }
+  if (exitCode !== 0) {
+    process.exit(exitCode);
+  }
+};
 const program = new Command().name("wirechunk").option("--verbose", "output debug logging").option(
   "--env-mode <mode>",
   'the mode to use for finding .env files to load environment variables, such as "test" to load .env, .env.test, .env.local, and .env.test.local; also for finding config files to include when creating an extension or extension version, such as config.production.json'
@@ -65928,8 +66496,8 @@ then the .env.local file, and then from the environment. Variables from the envi
 highest precedence.
 
 Environment variables used by some commands:
-  CORE_SERVER_URL (the core admin server URL for commands using the API)
-  CORE_DATABASE_URL (the core database URL for commands requiring direct database access)`);
+  WIRECHUNK_CORE_SERVER_URL (the core admin server URL for commands using the API)
+  WIRECHUNK_CORE_DATABASE_URL (the core database URL for commands requiring direct database access)`);
 const withOptionsAndEnv = (action) => async (options, cmd) => {
   const mergedOptions = { ...program.opts(), ...options };
   if (mergedOptions.verbose) {
@@ -65938,13 +66506,11 @@ const withOptionsAndEnv = (action) => async (options, cmd) => {
   const env2 = await parseEnv(mergedOptions.envMode);
   return action(mergedOptions, env2);
 };
-program.command("bootstrap").description("create a platform").requiredOption("--name <string>", "the name of the platform").option("--handle <string>", "the handle of the platform (used by the admin site)").requiredOption(
-  "--admin-site-domain <string>",
-  "the domain of the platform admin site (dashboard)"
-).option(
-  "--email-send-from <string>",
-  'the email address from which to send emails, defaults to "site@<admin-site-domain>'
-).action(withOptionsAndEnv(bootstrap));
+program.command("bootstrap").description("create a platform").option("--dev", "bootstrap with development defaults").option("--name <string>", "the name of the platform").option("--handle <string>", "the handle of the platform").option("--admin-site-domain <string>", "the domain of the admin site (dashboard)").action(withOptionsAndEnv(bootstrap));
+program.command("create-extension").description("create an extension").option("--platform-id <string>", "the ID of the platform").option("--name <string>", "the name of the extension").option(
+  "--config-file <string>",
+  "the path to a file containing environment-style key-value pairs for the extension config"
+).option("--dev", "create a dev extension version without uploading code", false).option("--disabled", "create the extension disabled", false).action(withOptionsAndEnv(createExtension));
 program.command("create-extension-version").description("create an extension version").option(
   "--extension-id <string>",
   "the ID of the extension, can be set with an EXTENSION_ID environment variable instead"
@@ -65975,5 +66541,14 @@ extDev.command("init-db").description(
   "--extension-id <string>",
   "the ID of the extension, can be set with an EXTENSION_ID environment variable instead"
 ).option("--db-name <string>", "a custom name for the database, applicable only for testing").action(withOptionsAndEnv(initDb));
+extDev.command("start-core").description("start the core dev server in Docker").option("--keep", "keep the container after exit (omit --rm)").option("--attach", "run the container attached (omit -d)").option("--tty", "allocate a TTY when attached, requires --attach").action(
+  withOptionsAndEnv((options, env2) => {
+    if (options.tty && !options.attach) {
+      console.error("--tty requires --attach");
+      process.exit(1);
+    }
+    return startCore(options, env2);
+  })
+);
 program.command("edit-admin").description("edit a platform admin user or make a user a platform admin").requiredOption("--platform-id <string>", "the ID of the platform to edit").requiredOption("--user-id <string>", "the ID of the admin user to edit").option("--owner", "grants the user full permission to manage everything on the platform").option("--no-owner", "removes owner privileges on the platform").option("--active", "activates or deactivates the user’s admin access on the platform").option("--no-active", "deactivates the user’s admin access on the platform").option("--revoke-all-permissions", "revokes all permission of the user on their platform").action(withOptionsAndEnv(editAdmin));
 await program.parseAsync();