create-kyro 0.1.8 → 0.2.0

package/dist/index.js

@@ -64,39 +64,6 @@ async function promptUser() {
           }
         ]
       },
-      {
-        type: "multiselect",
-        name: "apis",
-        message: "API protocols (select multiple):",
-        hint: "Space to select, Enter to confirm",
-        instructions: false,
-        choices: [
-          {
-            title: "REST",
-            description: "Simple HTTP API, great for any client",
-            value: "rest",
-            selected: true
-          },
-          {
-            title: "GraphQL",
-            description: "Flexible query language, great for complex data",
-            value: "graphql",
-            selected: true
-          },
-          {
-            title: "tRPC",
-            description: "End-to-end typesafe APIs, great for TypeScript",
-            value: "trpc",
-            selected: true
-          },
-          {
-            title: "WebSocket",
-            description: "Real-time bidirectional communication",
-            value: "websocket",
-            selected: true
-          }
-        ]
-      },
       {
         type: "select",
         name: "styling",
@@ -318,19 +285,12 @@ function generateKyroConfig(answers) {
     adapterLines.push(`    connectionString: process.env.MONGODB_URI,`);
     adapterLines.push(`  }),`);
   }
-  const apiConfig = [];
-  if (answers.apis.includes("rest")) {
-    apiConfig.push("    rest: true,");
-  }
-  if (answers.apis.includes("graphql")) {
-    apiConfig.push("    graphql: true,");
-  }
-  if (answers.apis.includes("trpc")) {
-    apiConfig.push("    trpc: true,");
-  }
-  if (answers.apis.includes("websocket")) {
-    apiConfig.push("    websocket: true,");
-  }
+  const apiConfig = [
+    "    rest: true,",
+    "    graphql: true,",
+    "    trpc: true,",
+    "    websocket: true,"
+  ];
   const features = [];
   if (answers.auth) {
     features.push("  auth: true,");
@@ -524,7 +484,7 @@ This project uses Kyro CMS - an Astro-native headless CMS.
 ## Configuration
 
 - **Database**: ${answers.database === "sqlite" ? "SQLite (local-first)" : answers.database}
-- **APIs**: ${answers.apis.join(", ")}
+- **APIs**: REST, GraphQL, tRPC, WebSocket
 - **Styling**: ${answers.styling}
 - **Auth**: ${answers.auth ? "Enabled" : "Disabled"}
 - **Versioning**: ${answers.versioning ? "Enabled" : "Disabled"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-kyro",
-  "version": "0.1.8",
+  "version": "0.2.0",
   "description": "Interactive scaffolding for Kyro CMS projects",
   "type": "module",
   "bin": {
@@ -37,4 +37,4 @@
   "publishConfig": {
     "access": "public"
   }
-}
+}

package/src/generators/astro.ts

@@ -0,0 +1,45 @@
+import type { Answers } from "../prompts.js";
+
+export function generateAstroConfig(answers: Answers): string {
+  const integrations: string[] = [];
+  const vitePlugins: string[] = [];
+
+  if (answers.styling === "tailwind") {
+    integrations.push("  react(),");
+    vitePlugins.push("    tailwindcss(),");
+  }
+
+  const adapter = answers.admin
+    ? `
+  adapter: node({
+    mode: 'standalone'
+  }),`
+    : "";
+
+  const config = `import { defineConfig } from 'astro/config';
+import node from '@astrojs/node';
+${answers.styling === "tailwind" ? "import react from '@astrojs/react';\nimport tailwindcss from '@tailwindcss/vite';" : ""}
+
+export default defineConfig({
+  output: 'server',${adapter}
+
+  integrations: [
+${integrations.join("\n")}
+  ],${
+    vitePlugins.length > 0
+      ? `
+  vite: {
+    plugins: [
+${vitePlugins.join("\n")}
+    ],
+  },`
+      : ""
+  }
+  server: {
+    port: 4321,
+    host: true,
+  },
+});`;
+
+  return config;
+}

package/src/generators/config.ts

@@ -0,0 +1,95 @@
+import type { Answers } from "../prompts.js";
+
+export function generateKyroConfig(answers: Answers): string {
+  const imports: string[] = ["import { defineConfig } from '@kyro-cms/core';"];
+  const adapterLines: string[] = [];
+
+  if (answers.database === "sqlite") {
+    imports.push("import { createLocalAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createLocalAdapter({ path: './data.db' }),`);
+  } else if (answers.database === "postgres") {
+    imports.push("import { createDrizzleAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createDrizzleAdapter({`);
+    adapterLines.push(`    connectionString: process.env.DATABASE_URL,`);
+    adapterLines.push(`  }),`);
+  } else if (answers.database === "mysql") {
+    imports.push("import { createDrizzleAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createDrizzleAdapter({`);
+    adapterLines.push(`    connectionString: process.env.DATABASE_URL,`);
+    adapterLines.push(`  }),`);
+  } else if (answers.database === "mongodb") {
+    imports.push("import { createMongoDBAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createMongoDBAdapter({`);
+    adapterLines.push(`    connectionString: process.env.MONGODB_URI,`);
+    adapterLines.push(`  }),`);
+  }
+
+  const apiConfig = [
+    "    rest: true,",
+    "    graphql: true,",
+    "    trpc: true,",
+    "    websocket: true,",
+  ];
+
+  const features: string[] = [];
+  if (answers.auth) {
+    features.push("  auth: true,");
+  }
+  if (answers.versioning) {
+    features.push("  versioning: true,");
+  }
+
+  let templateCollections = "";
+  let templateGlobals = "";
+
+  switch (answers.template) {
+    case "minimal":
+      templateCollections =
+        "import { minimalCollections } from '@kyro-cms/core';";
+      break;
+    case "blog":
+      templateCollections = "import { blogCollections } from '@kyro-cms/core';";
+      break;
+    case "ecommerce":
+      templateCollections =
+        "import { ecommerceCollections } from '@kyro-cms/core';";
+      break;
+    case "kitchen-sink":
+      templateCollections = `import { minimalCollections, blogCollections, ecommerceCollections, kitchenSinkCollections } from '@kyro-cms/core';`;
+      break;
+  }
+
+  if (templateCollections) {
+    imports.push(templateCollections);
+  }
+
+  let collectionsConfig = "";
+  if (answers.template === "minimal") {
+    collectionsConfig = `  collections: Object.values(minimalCollections),`;
+  } else if (answers.template === "blog") {
+    collectionsConfig = `  collections: Object.values(blogCollections),`;
+  } else if (answers.template === "ecommerce") {
+    collectionsConfig = `  collections: Object.values(ecommerceCollections),`;
+  } else if (answers.template === "kitchen-sink") {
+    collectionsConfig = `  collections: [
+    ...Object.values(minimalCollections),
+    ...Object.values(blogCollections),
+    ...Object.values(ecommerceCollections),
+    ...Object.values(kitchenSinkCollections),
+  ],`;
+  }
+
+  const config = `${imports.join("\n")}
+
+export default defineConfig({
+  name: '${answers.projectName}',
+  prefix: '/api',${adapterLines.length > 0 ? "\n" + adapterLines.join("\n") : ""}
+${collectionsConfig ? collectionsConfig : ""}${features.length > 0 ? "\n" + features.join("\n") : ""}
+
+  api: {
+${apiConfig.join("\n")}
+  },
+});`;
+
+  return config;
+}

package/src/generators/files.ts

@@ -0,0 +1,629 @@
+import type { Answers } from "../prompts.js";
+import { writeFileSync, mkdirSync } from "fs";
+import { join } from "path";
+
+export function generateProjectFiles(
+  answers: Answers,
+  projectDir: string,
+): void {
+  const srcDir = join(projectDir, "src");
+  const pagesDir = join(srcDir, "pages");
+  const publicDir = join(projectDir, "public");
+
+  mkdirSync(pagesDir, { recursive: true });
+  mkdirSync(publicDir, { recursive: true });
+
+  if (answers.database === "sqlite") {
+    mkdirSync(join(projectDir, "data"), { recursive: true });
+  }
+
+  const tsconfig = `{
+  "extends": "astro/tsconfigs/strict",
+  "compilerOptions": {
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/*"]
+    }
+  }
+}`;
+
+  writeFileSync(join(projectDir, "tsconfig.json"), tsconfig);
+
+  const gitignore = `node_modules/
+dist/
+.astro/
+data/
+*.db
+.env
+.env.local
+.DS_Store
+`;
+
+  writeFileSync(join(projectDir, ".gitignore"), gitignore);
+
+  const readme = `# ${answers.projectName}
+
+A Kyro CMS project.
+
+## Quick Start
+
+\`\`\`bash
+npm install
+npm run dev
+\`\`\`
+
+## Admin Dashboard
+
+Visit [http://localhost:4321/admin](http://localhost:4321/admin) to access the admin.
+
+${
+  answers.auth
+    ? `## Creating Your Admin User
+
+Before logging into the admin, you need to create an admin user. Run:
+
+\`\`\`bash
+npm run db:bootstrap
+\`\`\`
+
+Or set environment variables to auto-bootstrap on startup:
+
+\`\`\`bash
+# .env
+KYRO_ADMIN_EMAIL=admin@example.com
+KYRO_ADMIN_PASSWORD=SecurePass123!
+\`\`\`
+
+Then restart the dev server.
+`
+    : ""
+}
+
+## Documentation
+
+Visit [https://kyro.cms](https://kyro.cms) for full documentation.
+`;
+
+  writeFileSync(join(projectDir, "README.md"), readme);
+
+  const envExample = `# Kyro CMS Configuration
+
+${
+  answers.database === "sqlite"
+    ? "# SQLite (local) - no additional config needed"
+    : answers.database === "postgres" || answers.database === "mysql"
+      ? "# Database connection (PostgreSQL/MySQL)\nDATABASE_URL=postgresql://user:password@localhost:5432/kyro_cms\nDATABASE_SSL=false"
+      : "# MongoDB connection\nMONGODB_URI=mongodb://localhost:27017/kyro_cms"
+}
+
+${
+  answers.auth
+    ? `# Authentication (uses SQLite at ./data/auth.db - no Redis needed)
+JWT_SECRET=change-this-to-a-random-32-character-string
+JWT_EXPIRES_IN=24h
+
+# Registration control (set to false to disable public registration after first user)
+KYRO_ALLOW_REGISTRATION=true
+
+# Optional: Custom auth database path (default: ./data/auth.db)
+# KYRO_AUTH_DB_PATH=./data/auth.db
+
+# Optional: SMTP for emails
+# SMTP_HOST=smtp.example.com
+# SMTP_PORT=587
+# SMTP_SECURE=false
+# SMTP_USER=your-email@example.com
+# SMTP_PASS=your-password
+# SMTP_FROM=noreply@example.com`
+    : ""
+}
+`;
+
+  writeFileSync(join(projectDir, ".env.example"), envExample);
+
+  const spec = `# ${answers.projectName}
+
+## Overview
+
+This project uses Kyro CMS - an Astro-native headless CMS.
+
+## Configuration
+
+- **Database**: ${answers.database === "sqlite" ? "SQLite (local-first)" : answers.database}
+- **APIs**: REST, GraphQL, tRPC, WebSocket
+- **Styling**: ${answers.styling}
+- **Auth**: ${answers.auth ? "Enabled" : "Disabled"}
+- **Versioning**: ${answers.versioning ? "Enabled" : "Disabled"}
+- **Admin**: ${answers.admin ? "Included" : "Not included"}
+- **Template**: ${answers.template}
+
+## Collections
+
+${
+  answers.template === "minimal"
+    ? "- Posts"
+    : answers.template === "blog"
+      ? "- Posts\n- Categories\n- Media"
+      : "- Products\n- Categories\n- Customers\n- Orders\n- Coupons"
+}
+`;
+
+  writeFileSync(join(projectDir, "SPEC.md"), spec);
+
+  const indexPage = `---
+const title = "${answers.projectName}";
+---
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>${answers.projectName}</title>
+  </head>
+  <body>
+    <main>
+      <h1>Welcome to ${answers.projectName}</h1>
+      <p>Your Kyro CMS is ready.</p>
+      ${
+        answers.admin
+          ? '<p><a href="/admin">Go to Admin Dashboard →</a></p>'
+          : ""
+      }
+    </main>
+  </body>
+</html>
+
+<style>
+  main {
+    max-width: 800px;
+    margin: 4rem auto;
+    padding: 2rem;
+    text-align: center;
+    font-family: system-ui, sans-serif;
+  }
+  h1 {
+    font-size: 2.5rem;
+    margin-bottom: 1rem;
+  }
+  p {
+    color: #666;
+  }
+  a {
+    color: #6366f1;
+    text-decoration: none;
+  }
+  a:hover {
+    text-decoration: underline;
+  }
+</style>
+`;
+
+  writeFileSync(join(pagesDir, "index.astro"), indexPage);
+
+  if (answers.admin) {
+    const adminDir = join(pagesDir, "admin");
+    mkdirSync(adminDir, { recursive: true });
+
+    const adminIndex = `---
+import { Admin } from '@kyro-cms/admin';
+import config from '../../../kyro.config';
+---
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Admin - ${answers.projectName}</title>
+  </head>
+  <body>
+    <Admin client:load config={config} />
+  </body>
+</html>
+`;
+
+    writeFileSync(join(adminDir, "index.astro"), adminIndex);
+  }
+
+  if (answers.auth) {
+    const authApiDir = join(pagesDir, "api", "auth");
+    mkdirSync(authApiDir, { recursive: true });
+
+    writeFileSync(
+      join(authApiDir, "login.ts"),
+      generateLoginEndpoint(answers.database),
+    );
+    writeFileSync(
+      join(authApiDir, "register.ts"),
+      generateRegisterEndpoint(answers.database),
+    );
+    writeFileSync(
+      join(authApiDir, "logout.ts"),
+      generateLogoutEndpoint(answers.database),
+    );
+    writeFileSync(join(authApiDir, "me.ts"), generateMeEndpoint());
+    writeFileSync(
+      join(authApiDir, "users.ts"),
+      generateUsersEndpoint(answers.database),
+    );
+
+    writeFileSync(join(srcDir, "middleware.ts"), generateMiddleware());
+  }
+}
+
+function generateLoginEndpoint(database: string): string {
+  return `import type { APIRoute } from "astro";
+import { SQLiteAuthAdapter } from "@kyro-cms/core";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "24h";
+
+async function getAuthApi() {
+  return new SQLiteAuthAdapter({ path: "./data/auth.db" });
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const body = (await request.json()) as {
+      email?: string;
+      password?: string;
+    };
+    const { email, password } = body;
+
+    if (!email || !password) {
+      return new Response(
+        JSON.stringify({ error: "Email and password required" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const adapter = await getAuthApi();
+    await adapter.connect();
+
+    const user = await adapter.findUserByEmail(email);
+    if (!user || !user.passwordHash) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ error: "Invalid credentials" }), {
+        status: 401,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const valid = await adapter.verifyPassword(password, user.passwordHash);
+    if (!valid) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ error: "Invalid credentials" }), {
+        status: 401,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const session = await adapter.createSession(user.id, {
+      ipAddress: request.headers.get("x-forwarded-for") || "unknown",
+      userAgent: request.headers.get("user-agent") || "",
+    });
+
+    const token = jwt.sign(
+      {
+        sub: user.id,
+        email: user.email,
+        role: user.role,
+        tenantId: user.tenantId,
+      },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions["expiresIn"] },
+    );
+
+    await adapter.disconnect();
+
+    const { passwordHash, ...safeUser } = user;
+
+    return new Response(
+      JSON.stringify({
+        success: true,
+        user: safeUser,
+        token,
+        refreshToken: session.refreshToken,
+      }),
+      {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      },
+    );
+  } catch (error) {
+    console.error("Login error:", error);
+    return new Response(JSON.stringify({ error: "Login failed" }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};
+`;
+}
+
+function generateRegisterEndpoint(database: string): string {
+  return `import type { APIRoute } from "astro";
+import { SQLiteAuthAdapter } from "@kyro-cms/core";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "24h";
+const ALLOW_REGISTRATION = process.env.KYRO_ALLOW_REGISTRATION !== "false";
+
+async function getAuthApi() {
+  return new SQLiteAuthAdapter({ path: "./data/auth.db" });
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const body = (await request.json()) as {
+      email?: string;
+      password?: string;
+      confirmPassword?: string;
+    };
+    const { email, password, confirmPassword } = body;
+
+    if (!email || !password) {
+      return new Response(
+        JSON.stringify({ error: "Email and password required" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    if (password !== confirmPassword) {
+      return new Response(
+        JSON.stringify({ error: "Passwords do not match" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    if (password.length < 8) {
+      return new Response(
+        JSON.stringify({ error: "Password must be at least 8 characters" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const adapter = await getAuthApi();
+    try {
+      await adapter.connect();
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Unable to connect to auth storage." }),
+        { status: 500, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const existingUser = await adapter.findUserByEmail(email);
+    if (existingUser) {
+      await adapter.disconnect();
+      return new Response(
+        JSON.stringify({ error: "Email already registered" }),
+        { status: 409, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const isFirstUser = !(await adapter.hasAnyUsers());
+
+    if (!isFirstUser && !ALLOW_REGISTRATION) {
+      await adapter.disconnect();
+      return new Response(
+        JSON.stringify({ error: "Registration is disabled" }),
+        { status: 403, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const passwordHash = await adapter.hashPassword(password);
+    const user = await adapter.createUser({
+      email,
+      passwordHash,
+      role: isFirstUser ? "super_admin" : "editor",
+    });
+
+    if (isFirstUser) {
+      await adapter.updateUser(user.id, { emailVerified: true });
+    }
+
+    const session = await adapter.createSession(user.id, {
+      ipAddress: request.headers.get("x-forwarded-for") || "unknown",
+      userAgent: request.headers.get("user-agent") || "",
+    });
+
+    const token = jwt.sign(
+      {
+        sub: user.id,
+        email: user.email,
+        role: user.role,
+        tenantId: user.tenantId,
+      },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions["expiresIn"] },
+    );
+
+    await adapter.disconnect();
+
+    const { passwordHash: _, ...safeUser } = user;
+
+    return new Response(
+      JSON.stringify({
+        success: true,
+        isFirstUser,
+        user: safeUser,
+        token,
+        refreshToken: session.refreshToken,
+      }),
+      {
+        status: 201,
+        headers: { "Content-Type": "application/json" },
+      },
+    );
+  } catch (error) {
+    console.error("Registration error:", error);
+    return new Response(JSON.stringify({ error: "Registration failed" }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};
+`;
+}
+
+function generateLogoutEndpoint(database: string): string {
+  return `import type { APIRoute } from "astro";
+import { SQLiteAuthAdapter } from "@kyro-cms/core";
+
+async function getAuthApi() {
+  return new SQLiteAuthAdapter({ path: "./data/auth.db" });
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const authHeader = request.headers.get("authorization");
+    const token = authHeader?.startsWith("Bearer ")
+      ? authHeader.slice(7)
+      : null;
+
+    if (token) {
+      const adapter = await getAuthApi();
+      await adapter.connect();
+      await adapter.deleteSession(token);
+      await adapter.disconnect();
+    }
+
+    return new Response(
+      JSON.stringify({ success: true }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  } catch {
+    return new Response(
+      JSON.stringify({ success: true }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
+}
+
+function generateMeEndpoint(): string {
+  return `import type { APIRoute } from "astro";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+
+export const GET: APIRoute = async ({ request }) => {
+  const authHeader = request.headers.get("authorization");
+  const token = authHeader?.startsWith("Bearer ")
+    ? authHeader.slice(7)
+    : null;
+
+  if (!token) {
+    return new Response(
+      JSON.stringify({ error: "Not authenticated" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+
+  try {
+    const payload = jwt.verify(token, JWT_SECRET) as jwt.JwtPayload;
+    return new Response(
+      JSON.stringify({
+        id: payload.sub,
+        email: payload.email,
+        role: payload.role,
+      }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  } catch {
+    return new Response(
+      JSON.stringify({ error: "Invalid token" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
+}
+
+function generateUsersEndpoint(database: string): string {
+  return `import type { APIRoute } from "astro";
+import { SQLiteAuthAdapter } from "@kyro-cms/core";
+
+async function getAuthApi() {
+  return new SQLiteAuthAdapter({ path: "./data/auth.db" });
+}
+
+export const GET: APIRoute = async () => {
+  try {
+    const adapter = await getAuthApi();
+    await adapter.connect();
+
+    const hasUsers = await adapter.hasAnyUsers();
+
+    await adapter.disconnect();
+
+    return new Response(JSON.stringify({ hasUsers }), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  } catch {
+    return new Response(JSON.stringify({ hasUsers: false }), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};
+`;
+}
+
+function generateMiddleware(): string {
+  return `import type { MiddlewareHandler } from "astro";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+
+const PUBLIC_PATHS = [
+  "/api/auth/login",
+  "/api/auth/logout",
+  "/api/auth/register",
+  "/api/auth/me",
+  "/api/auth/users",
+  "/api/health",
+  "/favicon.svg",
+];
+
+const PUBLIC_PREFIXES = ["/api/auth/", "/admin"];
+
+export const onRequest: MiddlewareHandler = async ({ request, url }, next) => {
+  const pathname = new URL(url).pathname;
+
+  if (PUBLIC_PATHS.includes(pathname) || PUBLIC_PATHS.includes(pathname.replace(/\\/$/, ""))) {
+    return next();
+  }
+
+  for (const prefix of PUBLIC_PREFIXES) {
+    if (pathname.startsWith(prefix)) {
+      return next();
+    }
+  }
+
+  const authHeader = request.headers.get("authorization");
+  const token = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
+
+  if (!token) {
+    return new Response(
+      JSON.stringify({ error: "Authentication required" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+
+  try {
+    jwt.verify(token, JWT_SECRET) as jwt.JwtPayload;
+    return next();
+  } catch {
+    return new Response(
+      JSON.stringify({ error: "Invalid or expired token" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
+}

package/src/generators/packagejson.ts

@@ -0,0 +1,80 @@
+import type { Answers } from "../prompts.js";
+
+export interface PackageJson {
+  name: string;
+  version: string;
+  type: string;
+  private: boolean;
+  scripts: Record<string, string>;
+  dependencies: Record<string, string>;
+  devDependencies: Record<string, string>;
+}
+
+export function generatePackageJson(
+  answers: Answers,
+  projectDir: string,
+): PackageJson {
+  const deps: Record<string, string> = {
+    "@kyro-cms/core": "latest",
+    astro: "^5.4.0",
+  };
+
+  const devDeps: Record<string, string> = {
+    typescript: "^5.7.3",
+  };
+
+  if (answers.styling === "tailwind") {
+    deps["@astrojs/react"] = "^4.2.0";
+    deps["react"] = "^19.0.0";
+    deps["react-dom"] = "^19.0.0";
+    deps["tailwindcss"] = "^4.0.0";
+    deps["@tailwindcss/vite"] = "^4.0.0";
+    devDeps["@types/react"] = "^19.0.0";
+    devDeps["@types/react-dom"] = "^19.0.0";
+  }
+
+  if (answers.database === "postgres") {
+    deps["pg"] = "^8.13.1";
+    deps["@types/pg"] = "^8.11.0";
+  } else if (answers.database === "mysql") {
+    deps["mysql2"] = "^3.12.0";
+  } else if (answers.database === "mongodb") {
+    deps["mongodb"] = "^6.12.0";
+  }
+
+  if (answers.admin) {
+    deps["@kyro-cms/admin"] = "latest";
+    deps["@astrojs/node"] = "^9.5.5";
+    deps["lucide-react"] = "^0.475.0";
+  }
+
+  const scripts: Record<string, string> = {
+    dev: "astro dev",
+    build: "astro build",
+    preview: "astro preview",
+  };
+
+  if (answers.auth) {
+    scripts["db:bootstrap"] = "kyro auth bootstrap";
+  }
+
+  if (answers.database === "sqlite") {
+    scripts["db:generate"] = "kyro generate";
+    scripts["db:push"] = "kyro push";
+    scripts["db:studio"] = "kyro studio";
+  }
+
+  return {
+    name: answers.projectName,
+    version: "0.1.0",
+    type: "module",
+    private: true,
+    scripts,
+    dependencies: deps,
+    devDependencies: devDeps,
+  };
+}
+
+export function formatPackageJson(pkg: PackageJson): string {
+  return JSON.stringify(pkg, null, 2);
+}

package/src/index.ts

@@ -0,0 +1,97 @@
+import { promptUser, type Answers } from './prompts.js';
+import { logger } from './utils/logger.js';
+import { generatePackageJson, formatPackageJson } from './generators/packagejson.js';
+import { generateKyroConfig } from './generators/config.js';
+import { generateAstroConfig } from './generators/astro.js';
+import { generateProjectFiles } from './generators/files.js';
+import { writeFileSync, mkdirSync, existsSync } from 'fs';
+import { join } from 'path';
+import { execSync } from 'child_process';
+
+const VERSION = '0.1.1';
+
+async function main() {
+  logger.intro('create-kyro', VERSION);
+
+  const answers = await promptUser();
+  const projectDir = join(process.cwd(), answers.projectName);
+
+  if (existsSync(projectDir)) {
+    logger.error(`Directory "${answers.projectName}" already exists.`);
+    process.exit(1);
+  }
+
+  const steps = [
+    'Creating project directory',
+    'Generating configuration files',
+    'Installing dependencies',
+    'Initializing git repository',
+  ];
+
+  logger.step(1, steps.length, steps[0]);
+  mkdirSync(projectDir, { recursive: true });
+  logger.success('Project directory created');
+
+  logger.step(2, steps.length, steps[1]);
+
+  const pkg = generatePackageJson(answers, projectDir);
+  writeFileSync(
+    join(projectDir, 'package.json'),
+    formatPackageJson(pkg)
+  );
+  logger.success('package.json generated');
+
+  const kyroConfig = generateKyroConfig(answers);
+  writeFileSync(join(projectDir, 'kyro.config.ts'), kyroConfig);
+  logger.success('kyro.config.ts generated');
+
+  const astroConfig = generateAstroConfig(answers);
+  writeFileSync(join(projectDir, 'astro.config.mjs'), astroConfig);
+  logger.success('astro.config.mjs generated');
+
+  generateProjectFiles(answers, projectDir);
+  logger.success('Project files generated');
+
+  logger.step(3, steps.length, steps[2]);
+  console.log('  Installing dependencies...');
+
+  try {
+    execSync('npm install', {
+      cwd: projectDir,
+      stdio: 'inherit',
+      env: { ...process.env, npm_config_loglevel: 'warn' }
+    });
+    logger.success('Dependencies installed');
+  } catch (error) {
+    logger.error('Failed to install dependencies');
+    process.exit(1);
+  }
+
+  logger.step(4, steps.length, steps[3]);
+  try {
+    execSync('git init && git add . && git commit -m "Initial commit - created with create-kyro"', {
+      cwd: projectDir,
+      stdio: 'pipe'
+    });
+    logger.success('Git repository initialized');
+  } catch {
+    logger.warning('Could not initialize git repository');
+  }
+
+  logger.done();
+
+  console.log('  To get started:');
+  console.log(`    ${logger ? '\x1b[36m' : ''}cd ${answers.projectName}${logger ? '\x1b[0m' : ''}`);
+  console.log(`    ${logger ? '\x1b[36m' : ''}npm run dev${logger ? '\x1b[0m' : ''}`);
+  console.log('');
+  console.log('  Visit http://localhost:4321 to see your app.');
+  if (answers.admin) {
+    console.log('  Visit http://localhost:4321/admin for the admin dashboard.');
+  }
+  console.log('');
+}
+
+main().catch((error) => {
+  logger.error(`Unexpected error: ${error.message}`);
+  process.exit(1);
+});

package/src/prompts.ts

@@ -0,0 +1,147 @@
+import prompts from "prompts";
+import { validateProjectName } from "./validators.js";
+
+export interface Answers {
+  projectName: string;
+  database: "sqlite" | "postgres" | "mysql" | "mongodb";
+  styling: "tailwind" | "cssmodules" | "styled" | "none";
+  auth: boolean;
+  versioning: boolean;
+  admin: boolean;
+  template: "minimal" | "blog" | "ecommerce" | "kitchen-sink";
+}
+
+export async function promptUser(): Promise<Answers> {
+  const response = await prompts(
+    [
+      {
+        type: "text",
+        name: "projectName",
+        message: "Project name:",
+        initial: "my-kyro-app",
+        validate: validateProjectName,
+      },
+      {
+        type: "select",
+        name: "database",
+        message: "Database:",
+        hint: " ",
+        choices: [
+          {
+            title: "SQLite (local-first, zero config)",
+            description:
+              "Best for development and small projects. No setup required.",
+            value: "sqlite",
+          },
+          {
+            title: "PostgreSQL",
+            description: "Recommended for production. Robust and scalable.",
+            value: "postgres",
+          },
+          {
+            title: "MySQL",
+            description: "Popular choice for web applications.",
+            value: "mysql",
+          },
+          {
+            title: "MongoDB",
+            description: "Best for flexible, document-based schemas.",
+            value: "mongodb",
+          },
+        ],
+      },
+      {
+        type: "select",
+        name: "styling",
+        message: "Styling:",
+        hint: " ",
+        choices: [
+          {
+            title: "Tailwind CSS",
+            description: "Utility-first CSS framework, excellent DX",
+            value: "tailwind",
+          },
+          {
+            title: "CSS Modules",
+            description: "Scoped CSS, no extra dependencies",
+            value: "cssmodules",
+          },
+          {
+            title: "Styled Components",
+            description: "CSS-in-JS with tagged template literals",
+            value: "styled",
+          },
+          {
+            title: "None",
+            description: "Bring your own styling solution",
+            value: "none",
+          },
+        ],
+      },
+      {
+        type: "toggle",
+        name: "auth",
+        message: "Add authentication (JWT)?",
+        initial: true,
+        active: "Yes",
+        inactive: "No",
+      },
+      {
+        type: "toggle",
+        name: "versioning",
+        message: "Add versioning/drafts?",
+        initial: true,
+        active: "Yes",
+        inactive: "No",
+      },
+      {
+        type: "toggle",
+        name: "admin",
+        message: "Include admin dashboard?",
+        initial: true,
+        active: "Yes",
+        inactive: "No",
+      },
+      {
+        type: "select",
+        name: "template",
+        message: "Starting template:",
+        hint: " ",
+        initial: 1,
+        choices: [
+          {
+            title: "Minimal",
+            description:
+              "Basic configuration with one example collection + core settings",
+            value: "minimal",
+          },
+          {
+            title: "Blog",
+            description: "Posts, categories, media library + core settings",
+            value: "blog",
+          },
+          {
+            title: "E-commerce",
+            description:
+              "Products, orders, customers, coupons + core + store/payment settings",
+            value: "ecommerce",
+          },
+          {
+            title: "Kitchen Sink",
+            description:
+              "Everything: pages, navigation, blog, e-commerce + all settings",
+            value: "kitchen-sink",
+          },
+        ],
+      },
+    ],
+    {
+      onCancel: () => {
+        console.log("\nCancelled.");
+        process.exit(1);
+      },
+    },
+  );
+
+  return response as Answers;
+}

package/src/utils/logger.ts

@@ -0,0 +1,52 @@
+import { cyan, green, yellow, red, bold, dim } from 'kolorist';
+
+export const logger = {
+  intro: (name: string, version: string) => {
+    console.log(`
+${bold(cyan(`Kyro CMS`))} ${dim(`v${version}`)}
+${dim('Astro-native headless CMS')}
+`);
+  },
+
+  success: (msg: string) => {
+    console.log(`${green('✓')} ${msg}`);
+  },
+
+  error: (msg: string) => {
+    console.log(`${red('✗')} ${msg}`);
+  },
+
+  warning: (msg: string) => {
+    console.log(`${yellow('⚠')} ${msg}`);
+  },
+
+  info: (msg: string) => {
+    console.log(`${cyan('ℹ')} ${msg}`);
+  },
+
+  step: (num: number, total: number, msg: string) => {
+    console.log(`${dim(`[${num}/${total}]`)} ${msg}`);
+  },
+
+  heading: (msg: string) => {
+    console.log(`\n${bold(cyan(msg))}`);
+  },
+
+  subheading: (msg: string) => {
+    console.log(`\n${bold(msg)}`);
+  },
+
+  list: (items: string[]) => {
+    items.forEach(item => {
+      console.log(`  ${green('•')} ${item}`);
+    });
+  },
+
+  done: () => {
+    console.log(`\n${green(bold('Done!'))} Project created successfully.\n`);
+  },
+
+  prompt: (msg: string) => {
+    console.log(`\n${cyan('?')} ${bold(msg)}`);
+  }
+};

package/src/validators.ts

@@ -0,0 +1,36 @@
+export function validateProjectName(name: string): string | true {
+  if (!name) {
+    return 'Project name is required';
+  }
+
+  if (!/^[a-z0-9-]+$/.test(name)) {
+    return 'Use lowercase letters, numbers, and hyphens only';
+  }
+
+  if (name.length < 2) {
+    return 'Project name must be at least 2 characters';
+  }
+
+  if (name.length > 50) {
+    return 'Project name must be less than 50 characters';
+  }
+
+  if (/^[-0-9]/.test(name)) {
+    return 'Project name cannot start with a number or hyphen';
+  }
+
+  const reserved = ['node_modules', 'dist', 'build', 'public', 'src', 'test', 'tests'];
+  if (reserved.includes(name)) {
+    return `"${name}" is a reserved name`;
+  }
+
+  return true;
+}
+
+export function validateEmail(email: string): string | true {
+  if (!email) return true;
+  if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+    return 'Invalid email address';
+  }
+  return true;
+}

package/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "outDir": "./dist",
+    "declaration": true,
+    "lib": ["ES2022"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/tsup.config.ts

@@ -0,0 +1,11 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/index.ts'],
+  format: ['esm'],
+  dts: true,
+  splitting: false,
+  clean: true,
+  target: 'node18',
+  platform: 'node'
+});