depository-deploy 1.0.30 → 1.0.41

package/install/install-unix.sh

@@ -317,6 +317,60 @@ kill_port_holder "$API_PORT"
 kill_port_holder "$AUTH_PORT"
 kill_port_holder "$GATHERER_PORT"
 
+# ---- Map service name → executable path (for direct-run error capture) ----
+get_svc_exe() {
+    case "$1" in
+        depository-auth)     echo "$INSTALL_DIR/auth/DEPOSITORY.API.OATH" ;;
+        depository-api)      echo "$INSTALL_DIR/api/DEPOSITORY.API.REST" ;;
+        depository-worker)   echo "$INSTALL_DIR/worker/DEPOSITORY.CORE.WORKER" ;;
+        depository-gatherer) echo "$INSTALL_DIR/gatherer/DEPOSITORY.CORE.GATHERER" ;;
+        depository-digestor) echo "$INSTALL_DIR/digestor/DEPOSITORY.CORE.DIGESTOR" ;;
+    esac
+}
+
+# Capture and print detailed startup error for a failed service
+capture_svc_error() {
+    local svc="$1"
+    warn "  --- journalctl output (last 50 lines) ---"
+    journalctl -u "$svc" -n 50 --no-pager 2>/dev/null | while IFS= read -r line; do
+        warn "    $line"
+    done
+
+    # Also try running the executable directly for 10 seconds to surface startup exceptions
+    local svc_exe
+    svc_exe="$(get_svc_exe "$svc")"
+    if [ -n "$svc_exe" ] && [ -f "$svc_exe" ]; then
+        warn "  --- Running exe directly to capture startup error (10 s) ---"
+        local tmp_out="/tmp/${svc}-startup-$$.log"
+        local svc_dir
+        svc_dir="$(dirname "$svc_exe")"
+        # Run as depository user if available so appsettings.json is readable
+        if id -u depository &>/dev/null; then
+            timeout 10 sudo -u depository "$svc_exe" > "$tmp_out" 2>&1 || true
+        else
+            timeout 10 "$svc_exe" > "$tmp_out" 2>&1 || true
+        fi
+        if [ -s "$tmp_out" ]; then
+            local total_lines; total_lines=$(wc -l < "$tmp_out")
+            warn "  --- Startup output: ${total_lines} line(s) captured (showing last 80) ---"
+            tail -n 80 "$tmp_out" | while IFS= read -r line; do
+                warn "    $line"
+            done
+        else
+            warn "    (no output captured from direct run)"
+        fi
+        rm -f "$tmp_out"
+        # Also show startup-error.log written by the .NET app itself
+        local err_log="$svc_dir/startup-error.log"
+        if [ -f "$err_log" ]; then
+            warn "  --- $err_log ---"
+            while IFS= read -r line; do
+                warn "    $line"
+            done < "$err_log"
+        fi
+    fi
+}
+
 # ---- Enable and start services ----
 info "Enabling and starting services..."
 systemctl daemon-reload
@@ -331,18 +385,12 @@ for svc in $SERVICES; do
             echo -e "  ${GREEN}[OK]${NC}   Started: $svc"
         else
             warn "  FAILED to start: $svc (did not reach active state)"
-            warn "  Run: journalctl -u $svc -n 30 --no-pager"
-            journalctl -u "$svc" -n 8 --no-pager 2>/dev/null | grep -iE 'error|fail|exception|unhandled|crit' | head -5 | while read -r line; do
-                warn "    $line"
-            done
+            capture_svc_error "$svc"
             START_FAILED="$START_FAILED $svc"
         fi
     else
         warn "  FAILED to start: $svc"
-        warn "  Run: journalctl -u $svc -n 30 --no-pager"
-        journalctl -u "$svc" -n 8 --no-pager 2>/dev/null | grep -iE 'error|fail|exception|unhandled|crit' | head -5 | while read -r line; do
-            warn "    $line"
-        done
+        capture_svc_error "$svc"
         START_FAILED="$START_FAILED $svc"
     fi
 done

package/install/install-windows.ps1

@@ -262,22 +262,13 @@ $svcDefs = @(
 )
 
 foreach ($def in $svcDefs) {
-    # Create a wrapper batch that sets the working directory (so appsettings.json is found)
-    # and optionally sets environment variables (e.g. ASPNETCORE_URLS for port binding).
-    $exeDir = Split-Path -Parent $def.Exe
-    $wrapperPath = Join-Path $exeDir "start-service.bat"
-    $batLines = "@echo off"
-    $batLines += "`r`ncd /d `"$exeDir`""
-    if ($def.Env -ne "") {
-        $batLines += "`r`nset $($def.Env)"
-    }
-    $batLines += "`r`n`"$($def.Exe)`""
-    Set-Content -Path $wrapperPath -Value $batLines -Encoding ASCII
-
-    & sc.exe create $def.Name binPath= "`"$wrapperPath`"" start= auto DisplayName= $def.Desc | Out-Null
+    # Register the exe directly as the Windows Service binary.
+    # UseWindowsService() in each app handles the SCM protocol and sets the content root
+    # to the exe's directory so appsettings.json is found automatically.
+    & sc.exe create $def.Name binPath= "`"$($def.Exe)`"" start= auto DisplayName= $def.Desc | Out-Null
     & sc.exe description $def.Name $def.Desc | Out-Null
 
-    # Also set environment via registry as a fallback
+    # Pass environment variables (e.g. ASPNETCORE_URLS) via the service registry entry
     if ($def.Env -ne "") {
         $regPath = "HKLM:\SYSTEM\CurrentControlSet\Services\$($def.Name)"
         Set-ItemProperty -Path $regPath -Name "Environment" -Value @($def.Env) -Type MultiString -ErrorAction SilentlyContinue
@@ -356,15 +347,25 @@ foreach ($def in $svcDefs) {
                     -RedirectStandardOutput "$env:TEMP\$($def.Name)-stdout.txt" `
                     -RedirectStandardError  "$env:TEMP\$($def.Name)-stderr.txt" `
                     -NoNewWindow -PassThru -ErrorAction SilentlyContinue
-                Start-Sleep -Seconds 3
+                Start-Sleep -Seconds 10
                 if (-not $proc.HasExited) { $proc.Kill() }
                 $stdout = Get-Content "$env:TEMP\$($def.Name)-stdout.txt" -ErrorAction SilentlyContinue
                 $stderr = Get-Content "$env:TEMP\$($def.Name)-stderr.txt" -ErrorAction SilentlyContinue
-                $combined = @($stdout; $stderr) | Where-Object { $_ -match 'error|fail|exception|unhandled|crit' -and $_ }
+                $combined = @($stdout; $stderr) | Where-Object { $_ -and $_.Trim() }
                 if ($combined) {
-                    $combined | Select-Object -First 8 | ForEach-Object { Write-Warn "    $_" }
+                    $total = $combined.Count
+                    Write-Warn "  --- Startup output: $total line(s) captured (showing last 80) ---"
+                    # Show LAST 80 lines — the actual crash/exception always appears at the end,
+                    # after EF Core model-validation warnings that fill the beginning.
+                    $combined | Select-Object -Last 80 | ForEach-Object { Write-Warn "    $_" }
                 } else {
-                    Write-Warn "  (no error output captured -- check Event Viewer)"
+                    Write-Warn "  (no output captured -- check Event Viewer > Windows Logs > Application)"
+                }
+                # Also surface startup-error.log written by the .NET app itself
+                $errLog = Join-Path $exeDir "startup-error.log"
+                if (Test-Path $errLog) {
+                    Write-Warn "  --- $errLog ---"
+                    Get-Content $errLog -ErrorAction SilentlyContinue | ForEach-Object { Write-Warn "    $_" }
                 }
             } catch {
                 Write-Warn "  Could not run exe directly: $_"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "depository-deploy",
-  "version": "1.0.30",
+  "version": "1.0.41",
   "description": "Depository document management system – deployment wizard and installers",
   "license": "UNLICENSED",
   "publishConfig": {
@@ -25,9 +25,9 @@
     "scripts/publish.mjs"
   ],
   "optionalDependencies": {
-    "depository-deploy-linux": "1.0.30",
-    "depository-deploy-macos": "1.0.30",
-    "depository-deploy-windows": "1.0.30"
+    "depository-deploy-linux": "1.0.41",
+    "depository-deploy-macos": "1.0.41",
+    "depository-deploy-windows": "1.0.41"
   },
   "scripts": {
     "start": "node wizard-server.mjs"

package/wizard-server.mjs

@@ -16,7 +16,7 @@
 //    GET  /api/install-stream/:id → SSE log stream
 // =============================================================
 
-import { createServer }                                    from 'http';
+import { createServer, request as httpRequest }            from 'http';
 import { readFileSync, writeFileSync, existsSync, statSync } from 'fs';
 import { spawn, execSync }                                   from 'child_process';
 import { join, dirname }                                     from 'path';
@@ -452,6 +452,64 @@ const server = createServer((req, res) => {
     return;
   }
 
+  // ── Create first admin user: POST /api/create-admin  { authPort, user }
+  if (req.method === 'POST' && url.pathname === '/api/create-admin') {
+    let body = '';
+    req.on('data', d => body += d);
+    req.on('end', async () => {
+      try {
+        const { authPort, user } = JSON.parse(body);
+        const port = Number(authPort) || 5238;
+        const payload = JSON.stringify(user);
+
+        // Retry up to 5 times with 3 s gaps — auth service may still be starting
+        let lastErr = 'no attempts made';
+        for (let attempt = 0; attempt < 5; attempt++) {
+          try {
+            const result = await new Promise((resolve, reject) => {
+              const opts = {
+                hostname: '127.0.0.1', port,
+                path: '/api/ApplicationUser/Register',
+                method: 'POST',
+                headers: {
+                  'Content-Type':   'application/json',
+                  'Content-Length': Buffer.byteLength(payload),
+                },
+              };
+              const r2 = httpRequest(opts, resp => {
+                let data = '';
+                resp.on('data', d => data += d);
+                resp.on('end', () => resolve({ status: resp.statusCode, body: data }));
+              });
+              r2.on('error', reject);
+              r2.setTimeout(8000, () => { r2.destroy(); reject(new Error('timeout')); });
+              r2.write(payload);
+              r2.end();
+            });
+
+            if (result.status >= 200 && result.status < 300) {
+              res.writeHead(200, { 'Content-Type': 'application/json' });
+              res.end(JSON.stringify({ ok: true }));
+              return;
+            }
+            lastErr = `HTTP ${result.status}: ${result.body}`;
+            break; // non-2xx from auth service — no point retrying
+          } catch (e) {
+            lastErr = e.message;
+            if (attempt < 4) await new Promise(r => setTimeout(r, 3000));
+          }
+        }
+
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: lastErr }));
+      } catch (e) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: e.message }));
+      }
+    });
+    return;
+  }
+
   res.writeHead(404); res.end('Not found');
 });
 

package/wizard.html

@@ -895,8 +895,41 @@ input.err { border-color: var(--err) !important; box-shadow: 0 0 0 3px rgba(220,
         </div>
       </div>
 
-      <!-- Step 6: Review -->
+      <!-- Step 6: Admin User -->
       <div class="step" id="step-6">
+        <div class="step-title" data-i18n="admin_title">Administrator Account</div>
+        <div class="step-sub" data-i18n="admin_sub">Create the first admin user. This account will be used to log in to Depository after installation.</div>
+        <div class="field-row">
+          <div class="field">
+            <label data-i18n="admin_email_lbl">Email</label>
+            <input type="email" id="admin_email" placeholder="admin@yourcompany.com">
+          </div>
+          <div class="field">
+            <label data-i18n="admin_name_lbl">Full Name</label>
+            <input type="text" id="admin_name" placeholder="Admin User">
+          </div>
+        </div>
+        <div class="field-row">
+          <div class="field">
+            <label data-i18n="admin_pass_lbl">Password</label>
+            <input type="password" id="admin_pass" placeholder="••••••••">
+          </div>
+          <div class="field">
+            <label data-i18n="admin_pass2_lbl">Confirm Password</label>
+            <input type="password" id="admin_pass2" placeholder="••••••••">
+          </div>
+        </div>
+        <div class="field-row">
+          <div class="field">
+            <label data-i18n="admin_org_lbl">Organization</label>
+            <input type="text" id="admin_org" placeholder="Your Company">
+          </div>
+        </div>
+        <p class="field-note" data-i18n="admin_note">This admin account will be created automatically after installation completes.</p>
+      </div>
+
+      <!-- Step 7: Review -->
+      <div class="step" id="step-7">
         <div class="step-title" data-i18n="review_title">Review &amp; Download</div>
         <div class="step-sub" data-i18n="review_sub">Check your settings below, then download the configuration file and run the installer.</div>
         <div class="review-grid" id="reviewGrid"></div>
@@ -984,7 +1017,7 @@ input.err { border-color: var(--err) !important; box-shadow: 0 0 0 3px rgba(220,
 const T = {
   en: {
     wizard_subtitle:"Setup Wizard", step_of:"Step {0} of {1}",
-    steps:["Welcome","Database","User Accounts","Network & Ports","Folders","Active Directory","Download"],
+    steps:["Welcome","Database","User Accounts","Network & Ports","Folders","Active Directory","Admin User","Download"],
     welcome_title:"Welcome to Depository Setup",
     welcome_hero_sub:"This wizard collects your settings and generates a ready-to-use configuration file for your server.",
     welcome_before:"Before you begin, make sure you have:",
@@ -1079,10 +1112,25 @@ const T = {
     update_done:"Updated! Restart the wizard server to apply.",
     update_failed:"Update failed. Run manually: npm install -g depository-deploy@latest",
     update_current:"v{0}",
+    admin_title:"Administrator Account",
+    admin_sub:"Create the first admin user. This account will be used to log in to Depository after installation.",
+    admin_email_lbl:"Email",
+    admin_pass_lbl:"Password",
+    admin_pass2_lbl:"Confirm Password",
+    admin_name_lbl:"Full Name",
+    admin_org_lbl:"Organization",
+    admin_note:"This admin account will be created automatically after installation completes.",
+    err_admin_email:"Admin email is required.",
+    err_admin_pass:"Password is required.",
+    err_admin_pass2:"Passwords do not match.",
+    err_admin_name:"Full name is required.",
+    admin_creating:"Creating admin user…",
+    admin_created:"✓ Admin user created successfully.",
+    admin_failed:"Admin user creation failed — you can create the account manually via the auth API.",
   },
   tr: {
     wizard_subtitle:"Kurulum Sihirbazı", step_of:"Adım {0} / {1}",
-    steps:["Hoş Geldiniz","Veritabanı","Kullanıcı Hesapları","Ağ ve Portlar","Klasörler","Active Directory","İndir"],
+    steps:["Hoş Geldiniz","Veritabanı","Kullanıcı Hesapları","Ağ ve Portlar","Klasörler","Active Directory","Yönetici Kullanıcı","İndir"],
     welcome_title:"Depository Kurulumuna Hoş Geldiniz",
     welcome_hero_sub:"Bu sihirbaz ayarlarınızı toplayarak sunucunuz için hazır bir yapılandırma dosyası oluşturur.",
     welcome_before:"Başlamadan önce şunlara sahip olduğunuzdan emin olun:",
@@ -1177,10 +1225,25 @@ const T = {
     update_done:"Güncellendi! Uygulamak için sihirbaz sunucusunu yeniden başlatın.",
     update_failed:"Güncelleme başarısız. Manuel çalıştırın: npm install -g depository-deploy@latest",
     update_current:"v{0}",
+    admin_title:"Yönetici Hesabı",
+    admin_sub:"İlk yönetici kullanıcıyı oluşturun. Bu hesap, kurulum sonrasında Depository'ye giriş yapmak için kullanılacaktır.",
+    admin_email_lbl:"E-posta",
+    admin_pass_lbl:"Şifre",
+    admin_pass2_lbl:"Şifreyi Onayla",
+    admin_name_lbl:"Tam Ad",
+    admin_org_lbl:"Organizasyon",
+    admin_note:"Bu yönetici hesabı, kurulum tamamlandıktan sonra otomatik olarak oluşturulacaktır.",
+    err_admin_email:"Yönetici e-postası zorunludur.",
+    err_admin_pass:"Şifre zorunludur.",
+    err_admin_pass2:"Şifreler eşleşmiyor.",
+    err_admin_name:"Tam ad zorunludur.",
+    admin_creating:"Yönetici kullanıcı oluşturuluyor…",
+    admin_created:"✓ Yönetici kullanıcı başarıyla oluşturuldu.",
+    admin_failed:"Yönetici kullanıcı oluşturulamadı — auth API üzerinden manuel olarak oluşturabilirsiniz.",
   },
   fr: {
     wizard_subtitle:"Assistant d'installation", step_of:"Étape {0} sur {1}",
-    steps:["Bienvenue","Base de données","Comptes utilisateurs","Réseau & Ports","Dossiers","Active Directory","Télécharger"],
+    steps:["Bienvenue","Base de données","Comptes utilisateurs","Réseau & Ports","Dossiers","Active Directory","Compte Admin","Télécharger"],
     welcome_title:"Bienvenue dans l'assistant Depository",
     welcome_hero_sub:"Cet assistant collecte vos paramètres et génère un fichier de configuration prêt à l'emploi.",
     welcome_before:"Avant de commencer, assurez-vous d'avoir :",
@@ -1275,10 +1338,25 @@ const T = {
     update_done:"Mis à jour ! Redémarrez le serveur du wizard pour appliquer.",
     update_failed:"Échec de la mise à jour. Exécutez manuellement : npm install -g depository-deploy@latest",
     update_current:"v{0}",
+    admin_title:"Compte Administrateur",
+    admin_sub:"Créez le premier utilisateur administrateur. Ce compte sera utilisé pour se connecter à Depository après l'installation.",
+    admin_email_lbl:"E-mail",
+    admin_pass_lbl:"Mot de passe",
+    admin_pass2_lbl:"Confirmer le mot de passe",
+    admin_name_lbl:"Nom complet",
+    admin_org_lbl:"Organisation",
+    admin_note:"Ce compte administrateur sera créé automatiquement à la fin de l'installation.",
+    err_admin_email:"L'e-mail administrateur est obligatoire.",
+    err_admin_pass:"Le mot de passe est obligatoire.",
+    err_admin_pass2:"Les mots de passe ne correspondent pas.",
+    err_admin_name:"Le nom complet est obligatoire.",
+    admin_creating:"Création de l'utilisateur admin…",
+    admin_created:"✓ Utilisateur admin créé avec succès.",
+    admin_failed:"Échec de la création de l'admin — créez le compte manuellement via l'API auth.",
   },
   de: {
     wizard_subtitle:"Installations-Assistent", step_of:"Schritt {0} von {1}",
-    steps:["Willkommen","Datenbank","Benutzerkonten","Netzwerk & Ports","Ordner","Active Directory","Herunterladen"],
+    steps:["Willkommen","Datenbank","Benutzerkonten","Netzwerk & Ports","Ordner","Active Directory","Admin-Benutzer","Herunterladen"],
     welcome_title:"Willkommen beim Depository-Setup",
     welcome_hero_sub:"Dieser Assistent erfasst Ihre Einstellungen und erstellt eine fertige Konfigurationsdatei für Ihren Server.",
     welcome_before:"Stellen Sie vor Beginn sicher, dass Sie Folgendes haben:",
@@ -1373,10 +1451,25 @@ const T = {
     update_done:"Aktualisiert! Starten Sie den Wizard-Server neu.",
     update_failed:"Aktualisierung fehlgeschlagen. Manuell ausführen: npm install -g depository-deploy@latest",
     update_current:"v{0}",
+    admin_title:"Administrator-Konto",
+    admin_sub:"Erstellen Sie den ersten Admin-Benutzer. Dieses Konto wird nach der Installation zur Anmeldung bei Depository verwendet.",
+    admin_email_lbl:"E-Mail",
+    admin_pass_lbl:"Passwort",
+    admin_pass2_lbl:"Passwort bestätigen",
+    admin_name_lbl:"Vollständiger Name",
+    admin_org_lbl:"Organisation",
+    admin_note:"Dieses Admin-Konto wird automatisch nach Abschluss der Installation erstellt.",
+    err_admin_email:"Admin-E-Mail ist erforderlich.",
+    err_admin_pass:"Passwort ist erforderlich.",
+    err_admin_pass2:"Passwörter stimmen nicht überein.",
+    err_admin_name:"Vollständiger Name ist erforderlich.",
+    admin_creating:"Admin-Benutzer wird erstellt…",
+    admin_created:"✓ Admin-Benutzer erfolgreich erstellt.",
+    admin_failed:"Admin-Benutzer konnte nicht erstellt werden — erstellen Sie das Konto manuell über die Auth-API.",
   },
   es: {
     wizard_subtitle:"Asistente de instalación", step_of:"Paso {0} de {1}",
-    steps:["Bienvenido","Base de datos","Cuentas de usuario","Red y puertos","Carpetas","Active Directory","Descargar"],
+    steps:["Bienvenido","Base de datos","Cuentas de usuario","Red y puertos","Carpetas","Active Directory","Usuario Admin","Descargar"],
     welcome_title:"Bienvenido a la configuración de Depository",
     welcome_hero_sub:"Este asistente recopila sus ajustes y genera un archivo de configuración listo para usar en su servidor.",
     welcome_before:"Antes de comenzar, asegúrese de tener:",
@@ -1471,10 +1564,25 @@ const T = {
     update_done:"Actualizado. Reinicie el servidor del wizard para aplicar.",
     update_failed:"Actualización fallida. Ejecute manualmente: npm install -g depository-deploy@latest",
     update_current:"v{0}",
+    admin_title:"Cuenta de Administrador",
+    admin_sub:"Cree el primer usuario administrador. Esta cuenta se usará para iniciar sesión en Depository tras la instalación.",
+    admin_email_lbl:"Correo electrónico",
+    admin_pass_lbl:"Contraseña",
+    admin_pass2_lbl:"Confirmar contraseña",
+    admin_name_lbl:"Nombre completo",
+    admin_org_lbl:"Organización",
+    admin_note:"Esta cuenta de administrador se creará automáticamente al finalizar la instalación.",
+    err_admin_email:"El correo del administrador es obligatorio.",
+    err_admin_pass:"La contraseña es obligatoria.",
+    err_admin_pass2:"Las contraseñas no coinciden.",
+    err_admin_name:"El nombre completo es obligatorio.",
+    admin_creating:"Creando usuario administrador…",
+    admin_created:"✓ Usuario administrador creado correctamente.",
+    admin_failed:"No se pudo crear el usuario admin — créelo manualmente a través de la API de autenticación.",
   },
   ar: {
     wizard_subtitle:"معالج الإعداد", step_of:"الخطوة {0} من {1}",
-    steps:["مرحباً","قاعدة البيانات","حسابات المستخدمين","الشبكة والمنافذ","المجلدات","Active Directory","تنزيل"],
+    steps:["مرحباً","قاعدة البيانات","حسابات المستخدمين","الشبكة والمنافذ","المجلدات","Active Directory","مستخدم مسؤول","تنزيل"],
     welcome_title:"مرحباً بك في إعداد Depository",
     welcome_hero_sub:"يجمع هذا المعالج إعداداتك ويُنشئ ملف تهيئة جاهزاً للاستخدام على خادمك.",
     welcome_before:"قبل البدء، تأكد من توفر ما يلي:",
@@ -1569,6 +1677,21 @@ const T = {
     update_done:"تم التحديث! أعد تشغيل خادم المعالج للتطبيق.",
     update_failed:"فشل التحديث. شغّل يدويًا: npm install -g depository-deploy@latest",
     update_current:"v{0}",
+    admin_title:"حساب المسؤول",
+    admin_sub:"أنشئ أول مستخدم مسؤول. سيُستخدم هذا الحساب لتسجيل الدخول إلى Depository بعد التثبيت.",
+    admin_email_lbl:"البريد الإلكتروني",
+    admin_pass_lbl:"كلمة المرور",
+    admin_pass2_lbl:"تأكيد كلمة المرور",
+    admin_name_lbl:"الاسم الكامل",
+    admin_org_lbl:"المؤسسة",
+    admin_note:"سيتم إنشاء حساب المسؤول تلقائيًا بعد اكتمال التثبيت.",
+    err_admin_email:"البريد الإلكتروني للمسؤول مطلوب.",
+    err_admin_pass:"كلمة المرور مطلوبة.",
+    err_admin_pass2:"كلمتا المرور غير متطابقتين.",
+    err_admin_name:"الاسم الكامل مطلوب.",
+    admin_creating:"جارٍ إنشاء المستخدم المسؤول…",
+    admin_created:"✓ تم إنشاء المستخدم المسؤول بنجاح.",
+    admin_failed:"فشل إنشاء المستخدم المسؤول — يمكنك إنشاء الحساب يدويًا عبر API المصادقة.",
   },
 };
 
@@ -1639,7 +1762,7 @@ function showStep(n) {
   renderSidebar();
   updateNav();
   document.getElementById('errBanner').textContent = '';
-  if (n === 6) populateReview();
+  if (n === 7) populateReview();
   if (n === 4) checkPrevInstall();
 }
 
@@ -1727,6 +1850,12 @@ function validateStep(s) {
         return {msg:t('err_overwrite'), field:'overwriteOk'};
       }
       break;
+    case 6:
+      if (!val('admin_email')) return {msg:t('err_admin_email'), field:'admin_email'};
+      if (!val('admin_name'))  return {msg:t('err_admin_name'),  field:'admin_name'};
+      if (!val('admin_pass'))  return {msg:t('err_admin_pass'),  field:'admin_pass'};
+      if (val('admin_pass') !== val('admin_pass2')) return {msg:t('err_admin_pass2'), field:'admin_pass2'};
+      break;
   }
   return null;
 }
@@ -2381,6 +2510,7 @@ async function runInstall() {
         setRunStatus('ok',  'run_success');
         result.className = 'run-result ok';
         result.textContent = t('run_success');
+        createAdminUser(result);
       } else {
         document.getElementById('terminalTitle').textContent = 'Installation Log — Failed';
         setRunStatus('err', 'run_failed');
@@ -2415,6 +2545,44 @@ async function runInstall() {
   }
 }
 
+async function createAdminUser(resultEl) {
+  const notice = document.createElement('div');
+  notice.style.cssText = 'margin-top:10px;font-size:13px;color:#2563eb;padding:6px 0';
+  notice.textContent = t('admin_creating');
+  resultEl.appendChild(notice);
+
+  try {
+    const authPort = val('auth_svc_port') || '5238';
+    const body = {
+      userName: val('admin_email'),
+      email:    val('admin_email'),
+      password: val('admin_pass'),
+      fullName: val('admin_name'),
+      Organization: val('admin_org') || '',
+      role: 'DIXI_ADMIN',
+      phoneNumber: '', doorNo: '', blockNo: '', country: '',
+      isStaffRegistration: false,
+      consentRecords: [], id: null,
+    };
+    const r = await fetch(SERVER_BASE + '/api/create-admin', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ authPort, user: body }),
+    });
+    const data = await r.json();
+    if (data.ok) {
+      notice.style.color = '#16a34a';
+      notice.textContent = t('admin_created');
+    } else {
+      notice.style.color = '#dc2626';
+      notice.textContent = t('admin_failed') + (data.error ? '  (' + data.error + ')' : '');
+    }
+  } catch(e) {
+    notice.style.color = '#dc2626';
+    notice.textContent = t('admin_failed');
+  }
+}
+
 function resetRun() {
   if (_evtSource) { _evtSource.close(); _evtSource = null; }
   document.getElementById('logPane').innerHTML = '';