create-kyro 0.1.1 → 0.1.3

package/dist/index.js

@@ -27,168 +27,172 @@ function validateProjectName(name) {
 
 // src/prompts.ts
 async function promptUser() {
-  const response = await prompts([
-    {
-      type: "text",
-      name: "projectName",
-      message: "Project name:",
-      initial: "my-kyro-app",
-      validate: validateProjectName
-    },
-    {
-      type: "select",
-      name: "database",
-      message: "Database:",
-      hint: " ",
-      choices: [
-        {
-          title: "SQLite (local-first, zero config)",
-          description: "Best for development and small projects. No setup required.",
-          value: "sqlite"
-        },
-        {
-          title: "PostgreSQL",
-          description: "Recommended for production. Robust and scalable.",
-          value: "postgres"
-        },
-        {
-          title: "MySQL",
-          description: "Popular choice for web applications.",
-          value: "mysql"
-        },
-        {
-          title: "MongoDB",
-          description: "Best for flexible, document-based schemas.",
-          value: "mongodb"
-        }
-      ]
-    },
-    {
-      type: "multiselect",
-      name: "apis",
-      message: "API protocols (select multiple):",
-      hint: "Space to select, Enter to confirm",
-      instructions: false,
-      choices: [
-        {
-          title: "REST",
-          description: "Simple HTTP API, great for any client",
-          value: "rest",
-          selected: true
-        },
-        {
-          title: "GraphQL",
-          description: "Flexible query language, great for complex data",
-          value: "graphql",
-          selected: true
-        },
-        {
-          title: "tRPC",
-          description: "End-to-end typesafe APIs, great for TypeScript",
-          value: "trpc"
-        },
-        {
-          title: "WebSocket",
-          description: "Real-time bidirectional communication",
-          value: "websocket"
-        }
-      ]
-    },
-    {
-      type: "select",
-      name: "styling",
-      message: "Styling:",
-      hint: " ",
-      choices: [
-        {
-          title: "Tailwind CSS",
-          description: "Utility-first CSS framework, excellent DX",
-          value: "tailwind"
-        },
-        {
-          title: "CSS Modules",
-          description: "Scoped CSS, no extra dependencies",
-          value: "cssmodules"
-        },
-        {
-          title: "Styled Components",
-          description: "CSS-in-JS with tagged template literals",
-          value: "styled"
-        },
-        {
-          title: "None",
-          description: "Bring your own styling solution",
-          value: "none"
-        }
-      ]
-    },
-    {
-      type: "toggle",
-      name: "auth",
-      message: "Add authentication (JWT)?",
-      active: "Yes",
-      inactive: "No"
-    },
-    {
-      type: "toggle",
-      name: "versioning",
-      message: "Add versioning/drafts?",
-      active: "Yes",
-      inactive: "No"
-    },
-    {
-      type: "toggle",
-      name: "admin",
-      message: "Include admin dashboard?",
-      initial: true,
-      active: "Yes",
-      inactive: "No"
-    },
+  const response = await prompts(
+    [
+      {
+        type: "text",
+        name: "projectName",
+        message: "Project name:",
+        initial: "my-kyro-app",
+        validate: validateProjectName
+      },
+      {
+        type: "select",
+        name: "database",
+        message: "Database:",
+        hint: " ",
+        choices: [
+          {
+            title: "SQLite (local-first, zero config)",
+            description: "Best for development and small projects. No setup required.",
+            value: "sqlite"
+          },
+          {
+            title: "PostgreSQL",
+            description: "Recommended for production. Robust and scalable.",
+            value: "postgres"
+          },
+          {
+            title: "MySQL",
+            description: "Popular choice for web applications.",
+            value: "mysql"
+          },
+          {
+            title: "MongoDB",
+            description: "Best for flexible, document-based schemas.",
+            value: "mongodb"
+          }
+        ]
+      },
+      {
+        type: "multiselect",
+        name: "apis",
+        message: "API protocols (select multiple):",
+        hint: "Space to select, Enter to confirm",
+        instructions: false,
+        choices: [
+          {
+            title: "REST",
+            description: "Simple HTTP API, great for any client",
+            value: "rest",
+            selected: true
+          },
+          {
+            title: "GraphQL",
+            description: "Flexible query language, great for complex data",
+            value: "graphql",
+            selected: true
+          },
+          {
+            title: "tRPC",
+            description: "End-to-end typesafe APIs, great for TypeScript",
+            value: "trpc"
+          },
+          {
+            title: "WebSocket",
+            description: "Real-time bidirectional communication",
+            value: "websocket"
+          }
+        ]
+      },
+      {
+        type: "select",
+        name: "styling",
+        message: "Styling:",
+        hint: " ",
+        choices: [
+          {
+            title: "Tailwind CSS",
+            description: "Utility-first CSS framework, excellent DX",
+            value: "tailwind"
+          },
+          {
+            title: "CSS Modules",
+            description: "Scoped CSS, no extra dependencies",
+            value: "cssmodules"
+          },
+          {
+            title: "Styled Components",
+            description: "CSS-in-JS with tagged template literals",
+            value: "styled"
+          },
+          {
+            title: "None",
+            description: "Bring your own styling solution",
+            value: "none"
+          }
+        ]
+      },
+      {
+        type: "toggle",
+        name: "auth",
+        message: "Add authentication (JWT)?",
+        initial: true,
+        active: "Yes",
+        inactive: "No"
+      },
+      {
+        type: "toggle",
+        name: "versioning",
+        message: "Add versioning/drafts?",
+        initial: true,
+        active: "Yes",
+        inactive: "No"
+      },
+      {
+        type: "toggle",
+        name: "admin",
+        message: "Include admin dashboard?",
+        initial: true,
+        active: "Yes",
+        inactive: "No"
+      },
+      {
+        type: "select",
+        name: "template",
+        message: "Starting template:",
+        hint: " ",
+        initial: 1,
+        choices: [
+          {
+            title: "Minimal",
+            description: "Basic configuration with one example collection + core settings",
+            value: "minimal"
+          },
+          {
+            title: "Blog",
+            description: "Posts, categories, media library + core settings",
+            value: "blog"
+          },
+          {
+            title: "E-commerce",
+            description: "Products, orders, customers, coupons + core + store/payment settings",
+            value: "ecommerce"
+          },
+          {
+            title: "Kitchen Sink",
+            description: "Everything: pages, navigation, blog, e-commerce + all settings",
+            value: "kitchen-sink"
+          }
+        ]
+      }
+    ],
     {
-      type: "select",
-      name: "template",
-      message: "Starting template:",
-      hint: " ",
-      choices: [
-        {
-          title: "Minimal",
-          description: "Basic configuration with one example collection",
-          value: "minimal"
-        },
-        {
-          title: "Blog",
-          description: "Posts, categories, tags, and media library",
-          value: "blog"
-        },
-        {
-          title: "E-commerce",
-          description: "Products, orders, customers, inventory, and coupons",
-          value: "ecommerce"
-        }
-      ]
+      onCancel: () => {
+        console.log("\nCancelled.");
+        process.exit(1);
+      }
     }
-  ], {
-    onCancel: () => {
-      console.log("\nCancelled.");
-      process.exit(1);
-    }
-  });
+  );
   return response;
 }
 
 // src/utils/logger.ts
-import kolorist from "kolorist";
-var { cyan, green, yellow, red, bold, dim } = kolorist;
+import { cyan, green, yellow, red, bold, dim } from "kolorist";
 var logger = {
   intro: (name, version) => {
     console.log(`
-${bold(cyan(`\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557`))}
-${bold(cyan(`\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D`))}
-${bold(cyan(`\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557`))}
-${bold(cyan(`\u2588\u2588\u2554\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2588\u2588\u2551`))}
-${bold(cyan(`\u2588\u2588\u2551     \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2551     \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551`))}
-${bold(cyan(`\u255A\u2550\u255D     \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u255D     \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D`))}
-${dim(`v${version}`)}
+${bold(cyan(`Kyro CMS`))} ${dim(`v${version}`)}
 ${dim("Astro-native headless CMS")}
 `);
   },
@@ -235,10 +239,10 @@ ${cyan("?")} ${bold(msg)}`);
 function generatePackageJson(answers, projectDir) {
   const deps = {
     "@kyro-cms/core": "latest",
-    "astro": "^5.4.0"
+    astro: "^5.4.0"
   };
   const devDeps = {
-    "typescript": "^5.7.3"
+    typescript: "^5.7.3"
   };
   if (answers.styling === "tailwind") {
     deps["@astrojs/react"] = "^4.2.0";
@@ -259,13 +263,17 @@ function generatePackageJson(answers, projectDir) {
   }
   if (answers.admin) {
     deps["@kyro-cms/admin"] = "latest";
+    deps["@astrojs/node"] = "^9.5.5";
     deps["lucide-react"] = "^0.475.0";
   }
   const scripts = {
-    "dev": "astro dev",
-    "build": "astro build",
-    "preview": "astro preview"
+    dev: "astro dev",
+    build: "astro build",
+    preview: "astro preview"
   };
+  if (answers.auth) {
+    scripts["db:bootstrap"] = "kyro auth bootstrap";
+  }
   if (answers.database === "sqlite") {
     scripts["db:generate"] = "kyro generate";
     scripts["db:push"] = "kyro push";
@@ -290,21 +298,21 @@ function generateKyroConfig(answers) {
   const imports = ["import { defineConfig } from '@kyro-cms/core';"];
   const adapterLines = [];
   if (answers.database === "sqlite") {
-    imports.push("import { localAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: localAdapter({ path: './data.db' }),`);
+    imports.push("import { createLocalAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createLocalAdapter({ path: './data.db' }),`);
   } else if (answers.database === "postgres") {
-    imports.push("import { drizzleAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: drizzleAdapter({`);
+    imports.push("import { createDrizzleAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createDrizzleAdapter({`);
     adapterLines.push(`    connectionString: process.env.DATABASE_URL,`);
     adapterLines.push(`  }),`);
   } else if (answers.database === "mysql") {
-    imports.push("import { drizzleAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: drizzleAdapter({`);
+    imports.push("import { createDrizzleAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createDrizzleAdapter({`);
     adapterLines.push(`    connectionString: process.env.DATABASE_URL,`);
     adapterLines.push(`  }),`);
   } else if (answers.database === "mongodb") {
-    imports.push("import { mongoAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: mongoAdapter({`);
+    imports.push("import { createMongoDBAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createMongoDBAdapter({`);
     adapterLines.push(`    connectionString: process.env.MONGODB_URI,`);
     adapterLines.push(`  }),`);
   }
@@ -328,28 +336,46 @@ function generateKyroConfig(answers) {
   if (answers.versioning) {
     features.push("  versioning: true,");
   }
-  let templateImports = "";
-  let collectionsLine = "";
+  let templateCollections = "";
+  let templateGlobals = "";
+  switch (answers.template) {
+    case "minimal":
+      templateCollections = "import { minimalCollections } from '@kyro-cms/core';";
+      break;
+    case "blog":
+      templateCollections = "import { blogCollections } from '@kyro-cms/core';";
+      break;
+    case "ecommerce":
+      templateCollections = "import { ecommerceCollections } from '@kyro-cms/core';";
+      break;
+    case "kitchen-sink":
+      templateCollections = `import { minimalCollections, blogCollections, ecommerceCollections, kitchenSinkCollections } from '@kyro-cms/core';`;
+      break;
+  }
+  if (templateCollections) {
+    imports.push(templateCollections);
+  }
+  let collectionsConfig = "";
   if (answers.template === "minimal") {
-    templateImports = `import { minimalCollections } from '@kyro-cms/core';`;
-    collectionsLine = "  ...minimalCollections,";
+    collectionsConfig = `  collections: Object.values(minimalCollections),`;
   } else if (answers.template === "blog") {
-    templateImports = `import { blogCollections } from '@kyro-cms/core';`;
-    collectionsLine = "  ...blogCollections,";
+    collectionsConfig = `  collections: Object.values(blogCollections),`;
   } else if (answers.template === "ecommerce") {
-    templateImports = `import { ecommerceCollections } from '@kyro-cms/core';`;
-    collectionsLine = "  ...ecommerceCollections,";
+    collectionsConfig = `  collections: Object.values(ecommerceCollections),`;
+  } else if (answers.template === "kitchen-sink") {
+    collectionsConfig = `  collections: [
+    ...Object.values(minimalCollections),
+    ...Object.values(blogCollections),
+    ...Object.values(ecommerceCollections),
+    ...Object.values(kitchenSinkCollections),
+  ],`;
   }
   const config = `${imports.join("\n")}
-${templateImports}
 
 export default defineConfig({
   name: '${answers.projectName}',
   prefix: '/api',${adapterLines.length > 0 ? "\n" + adapterLines.join("\n") : ""}
-
-  collections: {
-${collectionsLine}
-  },${features.length > 0 ? "\n" + features.join("\n") : ""}
+${collectionsConfig ? collectionsConfig : ""}${features.length > 0 ? "\n" + features.join("\n") : ""}
 
   api: {
 ${apiConfig.join("\n")}
@@ -371,6 +397,7 @@ function generateAstroConfig(answers) {
     mode: 'standalone'
   }),` : "";
   const config = `import { defineConfig } from 'astro/config';
+import node from '@astrojs/node';
 ${answers.styling === "tailwind" ? "import react from '@astrojs/react';\nimport tailwindcss from '@tailwindcss/vite';" : ""}
 
 export default defineConfig({
@@ -428,18 +455,67 @@ data/
 
 A Kyro CMS project.
 
-## Getting Started
+## Quick Start
 
 \`\`\`bash
 npm install
 npm run dev
 \`\`\`
 
+## Admin Dashboard
+
+Visit [http://localhost:4321/admin](http://localhost:4321/admin) to access the admin.
+
+${answers.auth ? `## Creating Your Admin User
+
+Before logging into the admin, you need to create an admin user. Run:
+
+\`\`\`bash
+npm run db:bootstrap
+\`\`\`
+
+Or set environment variables to auto-bootstrap on startup:
+
+\`\`\`bash
+# .env
+KYRO_ADMIN_EMAIL=admin@example.com
+KYRO_ADMIN_PASSWORD=SecurePass123!
+\`\`\`
+
+Then restart the dev server.
+` : ""}
+
 ## Documentation
 
 Visit [https://kyro.cms](https://kyro.cms) for full documentation.
 `;
   writeFileSync(join(projectDir, "README.md"), readme);
+  const envExample = `# Kyro CMS Configuration
+
+${answers.database === "sqlite" ? "# SQLite (local) - no additional config needed" : answers.database === "postgres" || answers.database === "mysql" ? "# Database connection (PostgreSQL/MySQL)\nDATABASE_URL=postgresql://user:password@localhost:5432/kyro_cms\nDATABASE_SSL=false" : "# MongoDB connection\nMONGODB_URI=mongodb://localhost:27017/kyro_cms"}
+
+${answers.auth ? `# Authentication (required for auth)
+JWT_SECRET=change-this-to-a-random-32-character-string
+JWT_EXPIRES_IN=24h
+
+# Bootstrap admin user (creates on first run)
+KYRO_ADMIN_EMAIL=admin@example.com
+KYRO_ADMIN_PASSWORD=SecurePass123!
+KYRO_ADMIN_ROLE=super_admin
+
+# Optional: Redis for sessions (recommended for production)
+# REDIS_URL=redis://localhost:6379
+# REDIS_TLS=false
+
+# Optional: SMTP for emails
+# SMTP_HOST=smtp.example.com
+# SMTP_PORT=587
+# SMTP_SECURE=false
+# SMTP_USER=your-email@example.com
+# SMTP_PASS=your-password
+# SMTP_FROM=noreply@example.com` : ""}
+`;
+  writeFileSync(join(projectDir, ".env.example"), envExample);
   const spec = `# ${answers.projectName}
 
 ## Overview
@@ -506,11 +582,11 @@ const title = "${answers.projectName}";
 `;
   writeFileSync(join(pagesDir, "index.astro"), indexPage);
   if (answers.admin) {
-    const adminDir = join(srcDir, "admin");
+    const adminDir = join(pagesDir, "admin");
     mkdirSync(adminDir, { recursive: true });
     const adminIndex = `---
 import { Admin } from '@kyro-cms/admin';
-import config from '../kyro.config';
+import config from '../../../kyro.config';
 ---
 <!DOCTYPE html>
 <html lang="en">
@@ -526,13 +602,455 @@ import config from '../kyro.config';
 `;
     writeFileSync(join(adminDir, "index.astro"), adminIndex);
   }
+  if (answers.auth) {
+    const authApiDir = join(pagesDir, "api", "auth");
+    mkdirSync(authApiDir, { recursive: true });
+    writeFileSync(
+      join(authApiDir, "login.ts"),
+      generateLoginEndpoint(answers.database)
+    );
+    writeFileSync(
+      join(authApiDir, "register.ts"),
+      generateRegisterEndpoint(answers.database)
+    );
+    writeFileSync(
+      join(authApiDir, "logout.ts"),
+      generateLogoutEndpoint(answers.database)
+    );
+    writeFileSync(join(authApiDir, "me.ts"), generateMeEndpoint());
+    writeFileSync(
+      join(authApiDir, "users.ts"),
+      generateUsersEndpoint(answers.database)
+    );
+    writeFileSync(join(srcDir, "middleware.ts"), generateMiddleware());
+  }
+}
+function generateLoginEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "24h";
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const body = (await request.json()) as {
+      email?: string;
+      password?: string;
+    };
+    const { email, password } = body;
+
+    if (!email || !password) {
+      return new Response(
+        JSON.stringify({ error: "Email and password required" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const adapter = await getAuthApi();
+    await adapter.connect();
+
+    const user = await adapter.findUserByEmail(email);
+    if (!user || !user.passwordHash) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ error: "Invalid credentials" }), {
+        status: 401,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const valid = await adapter.verifyPassword(password, user.passwordHash);
+    if (!valid) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ error: "Invalid credentials" }), {
+        status: 401,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const session = await adapter.createSession(user.id, {
+      ipAddress: request.headers.get("x-forwarded-for") || "unknown",
+      userAgent: request.headers.get("user-agent") || "",
+    });
+
+    const token = jwt.sign(
+      {
+        sub: user.id,
+        email: user.email,
+        role: user.role,
+        tenantId: user.tenantId,
+      },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions["expiresIn"] },
+    );
+
+    await adapter.disconnect();
+
+    const { passwordHash, ...safeUser } = user;
+
+    return new Response(
+      JSON.stringify({
+        success: true,
+        user: safeUser,
+        token,
+        refreshToken: session.refreshToken,
+      }),
+      {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      },
+    );
+  } catch (error) {
+    console.error("Login error:", error);
+    return new Response(JSON.stringify({ error: "Login failed" }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};
+`;
+}
+function generateRegisterEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  const isFirstUserCheck = database === "sqlite" ? `    const isFirstUser = !(await adapter.hasAnyUsers());` : `    const isFirstUser = await checkIsFirstUser(adapter);`;
+  const isFirstUserFn = database === "sqlite" ? "" : `
+
+async function checkIsFirstUser(adapter: RedisAuthAdapter): Promise<boolean> {
+  try {
+    const redis = (adapter as any).redis;
+    if (!redis) return true;
+    const pattern = "kyro:auth:users:email:*";
+    const result = await redis.scan("0", "MATCH", pattern, "COUNT", "1");
+    const keys = result[1];
+    return keys.length === 0;
+  } catch {
+    return true;
+  }
+}`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "24h";
+const ALLOW_REGISTRATION = process.env.KYRO_ALLOW_REGISTRATION !== "false";
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const body = (await request.json()) as {
+      email?: string;
+      password?: string;
+      confirmPassword?: string;
+    };
+    const { email, password, confirmPassword } = body;
+
+    if (!email || !password) {
+      return new Response(
+        JSON.stringify({ error: "Email and password required" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    if (password !== confirmPassword) {
+      return new Response(
+        JSON.stringify({ error: "Passwords do not match" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    if (password.length < 8) {
+      return new Response(
+        JSON.stringify({ error: "Password must be at least 8 characters" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const adapter = await getAuthApi();
+    try {
+      await adapter.connect();
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Unable to connect to auth storage." }),
+        { status: 500, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const existingUser = await adapter.findUserByEmail(email);
+    if (existingUser) {
+      await adapter.disconnect();
+      return new Response(
+        JSON.stringify({ error: "Email already registered" }),
+        { status: 409, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+${isFirstUserCheck}
+
+    if (!isFirstUser && !ALLOW_REGISTRATION) {
+      await adapter.disconnect();
+      return new Response(
+        JSON.stringify({ error: "Registration is disabled" }),
+        { status: 403, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const passwordHash = await adapter.hashPassword(password);
+    const user = await adapter.createUser({
+      email,
+      passwordHash,
+      role: isFirstUser ? "super_admin" : "editor",
+    });
+
+    if (isFirstUser) {
+      await adapter.updateUser(user.id, { emailVerified: true });
+    }
+
+    const session = await adapter.createSession(user.id, {
+      ipAddress: request.headers.get("x-forwarded-for") || "unknown",
+      userAgent: request.headers.get("user-agent") || "",
+    });
+
+    const token = jwt.sign(
+      {
+        sub: user.id,
+        email: user.email,
+        role: user.role,
+        tenantId: user.tenantId,
+      },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions["expiresIn"] },
+    );
+
+    await adapter.disconnect();
+
+    const { passwordHash: _, ...safeUser } = user;
+
+    return new Response(
+      JSON.stringify({
+        success: true,
+        isFirstUser,
+        user: safeUser,
+        token,
+        refreshToken: session.refreshToken,
+      }),
+      {
+        status: 201,
+        headers: { "Content-Type": "application/json" },
+      },
+    );
+  } catch (error) {
+    console.error("Registration error:", error);
+    return new Response(JSON.stringify({ error: "Registration failed" }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};${isFirstUserFn}
+`;
+}
+function generateLogoutEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const authHeader = request.headers.get("authorization");
+    const token = authHeader?.startsWith("Bearer ")
+      ? authHeader.slice(7)
+      : null;
+
+    if (token) {
+      const adapter = await getAuthApi();
+      await adapter.connect();
+      await adapter.deleteSession(token);
+      await adapter.disconnect();
+    }
+
+    return new Response(
+      JSON.stringify({ success: true }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  } catch {
+    return new Response(
+      JSON.stringify({ success: true }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
+}
+function generateMeEndpoint() {
+  return `import type { APIRoute } from "astro";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+
+export const GET: APIRoute = async ({ request }) => {
+  const authHeader = request.headers.get("authorization");
+  const token = authHeader?.startsWith("Bearer ")
+    ? authHeader.slice(7)
+    : null;
+
+  if (!token) {
+    return new Response(
+      JSON.stringify({ error: "Not authenticated" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+
+  try {
+    const payload = jwt.verify(token, JWT_SECRET) as jwt.JwtPayload;
+    return new Response(
+      JSON.stringify({
+        id: payload.sub,
+        email: payload.email,
+        role: payload.role,
+      }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  } catch {
+    return new Response(
+      JSON.stringify({ error: "Invalid token" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
+}
+function generateUsersEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  const hasUsersCheck = database === "sqlite" ? `    const hasUsers = await adapter.hasAnyUsers();` : `    const redis = (adapter as any).redis;
+    if (!redis) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ hasUsers: false }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const pattern = "kyro:auth:users:email:*";
+    const result = await redis.scan("0", "MATCH", pattern, "COUNT", "1");
+    const keys = result[1];
+    const hasUsers = keys.length > 0;`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const GET: APIRoute = async () => {
+  try {
+    const adapter = await getAuthApi();
+    await adapter.connect();
+
+${hasUsersCheck}
+
+    await adapter.disconnect();
+
+    return new Response(JSON.stringify({ hasUsers }), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  } catch {
+    return new Response(JSON.stringify({ hasUsers: false }), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};
+`;
+}
+function generateMiddleware() {
+  return `import type { MiddlewareHandler } from "astro";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+
+const PUBLIC_PATHS = [
+  "/api/auth/login",
+  "/api/auth/logout",
+  "/api/auth/register",
+  "/api/auth/me",
+  "/api/auth/users",
+  "/api/health",
+  "/favicon.svg",
+];
+
+const PUBLIC_PREFIXES = ["/api/auth/", "/admin"];
+
+export const onRequest: MiddlewareHandler = async ({ request, url }, next) => {
+  const pathname = new URL(url).pathname;
+
+  if (PUBLIC_PATHS.includes(pathname) || PUBLIC_PATHS.includes(pathname.replace(/\\/$/, ""))) {
+    return next();
+  }
+
+  for (const prefix of PUBLIC_PREFIXES) {
+    if (pathname.startsWith(prefix)) {
+      return next();
+    }
+  }
+
+  const authHeader = request.headers.get("authorization");
+  const token = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
+
+  if (!token) {
+    return new Response(
+      JSON.stringify({ error: "Authentication required" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+
+  try {
+    jwt.verify(token, JWT_SECRET) as jwt.JwtPayload;
+    return next();
+  } catch {
+    return new Response(
+      JSON.stringify({ error: "Invalid or expired token" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
 }
 
 // src/index.ts
 import { writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, existsSync } from "fs";
 import { join as join2 } from "path";
 import { execSync } from "child_process";
-var VERSION = "0.1.0";
+var VERSION = "0.1.1";
 async function main() {
   logger.intro("create-kyro", VERSION);
   const answers = await promptUser();