dineway 0.1.25 → 0.1.27

package/dist/cli/index.mjs

@@ -9,21 +9,21 @@ import { t as ContentRepository } from "../content-DvpMad_N.mjs";
 import { i as encodeBase64url } from "../base64-C1Q9yr0B.mjs";
 import "../types-D1DjBFA9.mjs";
 import { t as MediaRepository } from "../media-Cg4zc9fq.mjs";
-import { t as TaxonomyRepository } from "../taxonomy-DpXdVSSR.mjs";
+import { t as TaxonomyRepository } from "../taxonomy-BvXRL85P.mjs";
 import { t as OptionsRepository } from "../options-BF11H_FD.mjs";
-import "../redirect-hKO66LS_.mjs";
-import "../byline-9WeA8b0a.mjs";
-import "../request-cache-BzuhyUXj.mjs";
-import "../fts-manager-DYRy6HVi.mjs";
-import { n as SchemaRegistry } from "../registry-CYO6XQ-4.mjs";
-import "../loader-dt5DoyI1.mjs";
-import "../settings-D2k1JraC.mjs";
-import { i as pluginManifestSchema } from "../manifest-schema-CU0XL_ZK.mjs";
-import "../ssrf-z3oH8wjK.mjs";
-import { t as validateSeed } from "../validate-BGpmNtMe.mjs";
-import { t as applySeed } from "../apply-D7vu4aFn.mjs";
-import { n as fingerprintKey, r as generateEncryptionKey, t as DinewaySecretsError } from "../secrets-BIrqds5c.mjs";
-import { o as convertDataForRead } from "../transport-Dt7A12-i.mjs";
+import "../redirect-BaVvo2te.mjs";
+import "../byline-DpNNSjET.mjs";
+import "../request-cache-BpwuE2ix.mjs";
+import "../fts-manager-DnfOsF4s.mjs";
+import { n as SchemaRegistry } from "../registry-i__XP2WV.mjs";
+import "../loader-p2imNN98.mjs";
+import "../settings-DORe02PC.mjs";
+import { i as pluginManifestSchema } from "../manifest-schema-C6fzQoWn.mjs";
+import "../ssrf-KAIQS48_.mjs";
+import { t as validateSeed } from "../validate-JE-WfUQ5.mjs";
+import { t as applySeed } from "../apply-TIoQ00aH.mjs";
+import { n as fingerprintKey, r as generateEncryptionKey, t as DinewaySecretsError } from "../secrets-DfeNNoLa.mjs";
+import { o as convertDataForRead } from "../transport-B7kO-4ee.mjs";
 import { createHeaderAwareFetch, customHeadersInterceptor, isRedirectResponse, resolveCustomHeaders } from "../client/external-auth-headers.mjs";
 import { DinewayClient } from "../client/index.mjs";
 import { LocalStorage } from "../storage/local.mjs";
@@ -1541,17 +1541,6 @@ async function writeForgewayCredentials(credentials, cwd) {
 	store.credentials = credentials;
 	await writeStore(store, cwd);
 }
-async function readForgewayProjectSecret(projectId, cwd) {
-	return (await readStore(cwd)).projects?.[projectId] ?? null;
-}
-async function writeForgewayProjectSecret(projectId, secret, cwd) {
-	const store = await readStore(cwd);
-	store.projects = {
-		...store.projects,
-		[projectId]: secret
-	};
-	await writeStore(store, cwd);
-}
 function shadowGrantKey(platformApiUrl, placeId) {
 	return `${platformApiUrl.replace(TRAILING_SLASH_PATTERN$1, "")}#${placeId}`;
 }
@@ -1577,7 +1566,6 @@ async function writeForgewayShadowGrant(grant, cwd) {
 //#endregion
 //#region src/cli/commands/deploy/targets/forgeway.ts
 const DEFAULT_PLATFORM_API_URL = "https://api.dineway.ai";
-const DEFAULT_SITE_BASE_DOMAIN = "dineway.site";
 const DATABASE_ENV_VAR_NAMES = ["DINEWAY_DATABASE_URL", "DINEWAY_DATABASE_AUTH_TOKEN"];
 const POLL_INTERVAL_MS$1 = 5e3;
 const POLL_TIMEOUT_MS$1 = 3e5;
@@ -1594,6 +1582,7 @@ const BACKSLASH_PATTERN = /\\/g;
 const DIACRITICS_PATTERN = /[\u0300-\u036f]/g;
 const NON_COMPARE_PATTERN = /[^\p{Letter}\p{Number}]+/gu;
 const LOCATION_PARTS_PATTERN = /[,;|/]+|\s+-\s+/u;
+const SHADOW_EMAIL_PATTERN = /^shadow_[a-f0-9]{16}@dineway\.ai$/i;
 const EXCLUDE_PATTERNS = [
 	"node_modules",
 	".git",
@@ -1634,7 +1623,7 @@ function normalizeForgewayUser(user) {
 		name: user.profile?.name ?? user.name ?? user.email,
 		email: user.email,
 		avatarUrl: user.profile?.avatar_url ?? user.avatarUrl ?? user.avatar_url ?? null,
-		emailVerified: user.emailVerified ?? user.email_verified ?? true
+		emailVerified: user.emailVerified ?? user.email_verified ?? false
 	};
 }
 function getFetch(deps) {
@@ -1676,79 +1665,35 @@ async function parseErrorResponse(response) {
 	}
 	return `Forgeway request failed: ${response.status}`;
 }
-async function loginWithEmail(platformApiUrl, deps) {
-	const email = getEnv("FORGEWAY_EMAIL");
-	const password = getEnv("FORGEWAY_PASSWORD");
-	if (!email || !password) throw new Error("FORGEWAY_EMAIL and FORGEWAY_PASSWORD are required for admin login.");
-	const response = await forgewayRequest(`${platformApiUrl}/api/auth/admin/sessions`, {
-		method: "POST",
-		headers: { "Content-Type": "application/json" },
-		body: JSON.stringify({
-			email,
-			password
-		})
-	}, deps);
-	if (!response.ok) throw new Error(await parseErrorResponse(response));
-	const payload = await response.json();
-	if (!payload.accessToken || !payload.user) throw new Error("Forgeway login response was missing accessToken or user.");
-	return {
-		platformApiUrl,
-		accessToken: payload.accessToken,
-		refreshToken: payload.refreshToken,
-		user: normalizeForgewayUser(payload.user)
-	};
+function normalizeEmail(email) {
+	return email.trim().toLowerCase();
 }
-async function resolveCredentials(cwd, platformApiUrl, deps, _dryRun) {
-	const envToken = getEnv("FORGEWAY_ACCESS_TOKEN");
-	if (envToken) return {
-		platformApiUrl,
-		accessToken: envToken
-	};
-	const stored = await (deps.readCredentials ?? readForgewayCredentials)(cwd);
-	if (stored?.accessToken) return {
-		...stored,
-		platformApiUrl
-	};
-	if (!getEnv("FORGEWAY_EMAIL") || !getEnv("FORGEWAY_PASSWORD")) return null;
-	const credentials = await loginWithEmail(platformApiUrl, deps);
-	await (deps.writeCredentials ?? writeForgewayCredentials)(credentials, cwd);
-	return credentials;
+function isShadowEmail(email) {
+	return Boolean(email && SHADOW_EMAIL_PATTERN.test(email));
 }
-async function platformFetch(path, context, deps, options = {}) {
-	const request = async (accessToken) => await forgewayRequest(`${context.platformApiUrl}${path}`, {
-		...options,
-		headers: {
-			"Content-Type": "application/json",
-			Authorization: `Bearer ${accessToken}`,
-			...options.headers
-		}
-	}, deps);
-	let response = await request(context.credentials.accessToken);
-	if (response.status === 401 && context.credentials.refreshToken) {
-		const refreshed = await refreshAccessToken(context.projectDir, context.platformApiUrl, context.credentials, deps);
-		context.credentials.accessToken = refreshed;
-		response = await request(refreshed);
-	}
-	if (!response.ok) throw new ForgewayApiError(await parseErrorResponse(response), response.status);
-	return await response.json();
-}
-async function refreshAccessToken(cwd, platformApiUrl, credentials, deps) {
-	if (!credentials.refreshToken) throw new Error("Forgeway refresh token is missing. Log in again.");
-	const response = await forgewayRequest(`${platformApiUrl}/api/auth/refresh?client_type=server`, {
+async function refreshFormalAccessToken(context, deps) {
+	if (!context.refreshToken) throw new Error("Forgeway formal account refresh token is missing. Run dineway deploy again.");
+	const response = await forgewayRequest(`${context.platformApiUrl}/api/auth/refresh?client_type=server`, {
 		method: "POST",
 		headers: { "Content-Type": "application/json" },
-		body: JSON.stringify({ refreshToken: credentials.refreshToken })
+		body: JSON.stringify({ refreshToken: context.refreshToken })
 	}, deps);
-	if (!response.ok) throw new Error("Failed to refresh Forgeway access token. Log in again.");
+	if (!response.ok) throw new Error("Failed to refresh Forgeway formal account credentials. Run dineway deploy again.");
 	const payload = await response.json();
 	if (!payload.accessToken) throw new Error("Forgeway refresh response was missing accessToken.");
+	const user = assertVerifiedFormalAccountUser(payload.user ? normalizeForgewayUser(payload.user) : context.user, context.user?.email);
 	const updated = {
-		...credentials,
-		platformApiUrl,
+		platformApiUrl: context.platformApiUrl,
 		accessToken: payload.accessToken,
-		refreshToken: payload.refreshToken ?? credentials.refreshToken
+		refreshToken: payload.refreshToken ?? context.refreshToken,
+		...user ? { user } : {},
+		source: "shadow-email-upgrade",
+		...context.placeId ? { placeId: context.placeId } : {}
 	};
-	await (deps.writeCredentials ?? writeForgewayCredentials)(updated, cwd);
+	context.accessToken = updated.accessToken;
+	context.refreshToken = updated.refreshToken;
+	context.user = updated.user;
+	await (deps.writeCredentials ?? writeForgewayCredentials)(updated, context.projectDir);
 	return payload.accessToken;
 }
 async function refreshShadowAccessToken(context, deps) {
@@ -1794,90 +1739,85 @@ async function promptRequired(question, initialValue, deps, errorMessage) {
 	if (!answer) throw new Error(errorMessage);
 	return answer;
 }
-async function chooseSingleOrPrompt(label, items, deps) {
-	if (items.length === 0) throw new Error(`No Forgeway ${label}s found.`);
-	if (items.length === 1) return items[0];
-	if (!process.stdin.isTTY && !deps.promptText) throw new Error(`Multiple Forgeway ${label}s found. Set FORGEWAY_${label.toUpperCase()}_ID.`);
-	consola.info(`Available Forgeway ${label}s:`);
-	items.forEach((item, index) => consola.info(`  ${index + 1}. ${item.name} (${item.id})`));
-	const answer = await promptRequired(`Choose ${label}: `, "1", deps, `${label} is required.`);
-	const index = Number(answer);
-	if (!Number.isInteger(index) || index < 1 || index > items.length) throw new Error(`Invalid Forgeway ${label} selection: ${answer}`);
-	return items[index - 1];
-}
 function getSavedForgewayMetadata(pkg) {
 	return pkg.dineway?.deploy?.forgeway ?? {};
 }
-async function resolveAdminProjectContext(cwd, options, deps) {
-	const saved = getSavedForgewayMetadata(await readDeployPackageJson(cwd));
-	const platformApiUrl = normalizePlatformApiUrl(getEnv("FORGEWAY_API_URL") ?? (typeof saved.platformApiUrl === "string" ? saved.platformApiUrl : void 0));
-	const envApiKey = getEnv("FORGEWAY_PROJECT_API_KEY");
-	const envOssHost = getEnv("FORGEWAY_OSS_HOST");
-	if (envApiKey && envOssHost) return {
-		projectDir: cwd,
-		platformApiUrl,
-		authKind: "project-api-key",
-		projectId: getEnv("FORGEWAY_PROJECT_ID") ?? saved.projectId,
-		projectName: saved.projectName,
-		orgId: saved.orgId,
-		appkey: saved.appkey,
-		region: saved.region,
-		apiKey: envApiKey,
-		ossHost: envOssHost
-	};
-	const credentials = await resolveCredentials(cwd, platformApiUrl, deps, Boolean(options.dryRun));
-	if (!credentials) return null;
-	const platformContext = {
-		platformApiUrl,
-		projectDir: cwd,
-		credentials
-	};
-	let projectId = getEnv("FORGEWAY_PROJECT_ID") ?? (typeof saved.projectId === "string" ? saved.projectId : void 0);
-	let project = null;
-	if (!projectId) {
-		const orgId = getEnv("FORGEWAY_ORG_ID");
-		project = await chooseSingleOrPrompt("project", await listProjects((orgId !== void 0 ? {
-			id: orgId,
-			name: orgId
-		} : await chooseSingleOrPrompt("org", await listOrganizations(platformContext, deps), deps)).id, platformContext, deps), deps);
-		projectId = project.id;
-	}
-	if (!project) {
-		if (!projectId) throw new Error("Forgeway project id is required");
-		project = unwrapProjectPayload(await platformFetch(`/projects/v1/${encodeURIComponent(projectId)}`, platformContext, deps));
-	}
-	const savedSecret = await (deps.readProjectSecret ?? readForgewayProjectSecret)(projectId, cwd) ?? void 0;
-	const apiKey = getEnv("FORGEWAY_PROJECT_API_KEY") ?? savedSecret?.apiKey ?? await fetchProjectApiKey(projectId, platformContext, deps);
-	const orgId = project.organization_id ?? project.organizationId ?? (typeof saved.orgId === "string" ? saved.orgId : "unknown");
-	const ossHost = getEnv("FORGEWAY_OSS_HOST") ?? savedSecret?.ossHost ?? (typeof saved.ossHost === "string" ? saved.ossHost : void 0) ?? `https://${project.appkey}.${project.region}.${DEFAULT_SITE_BASE_DOMAIN}`;
-	if (!options.dryRun) {
-		await (deps.writeProjectSecret ?? writeForgewayProjectSecret)(projectId, {
-			apiKey,
-			ossHost
-		}, cwd);
-		await writeForgewayDeployMetadata(cwd, {
-			platformApiUrl,
-			projectId,
-			projectName: project.name,
-			orgId,
-			appkey: project.appkey,
-			region: project.region,
-			ossHost
-		});
-	}
+async function resolveForgewayAccountEmail(options, grant, cwd, deps) {
+	const stored = await (deps.readCredentials ?? readForgewayCredentials)(cwd);
+	const storedEmail = stored?.source === "shadow-email-upgrade" && stored.placeId === grant.placeId && stored.user?.emailVerified === true && !isShadowEmail(stored.user?.email) ? stored.user?.email : void 0;
+	const email = normalizeEmail(options.email ?? getEnv("FORGEWAY_EMAIL") ?? storedEmail ?? await promptRequired("Forgeway account email: ", void 0, deps, "Forgeway account email is required. Pass --email or set FORGEWAY_EMAIL."));
+	if (!email || isShadowEmail(email)) throw new Error("Forgeway account email must be a real owner email, not a shadow user email.");
+	return email;
+}
+function isStoredFormalCredentialForGrant(stored, grant, email) {
+	if (!stored?.accessToken || stored.source !== "shadow-email-upgrade" || stored.placeId !== grant.placeId || !stored.user) return false;
+	if (normalizeEmail(stored.user.email) !== email) return false;
+	if (stored.user.emailVerified !== true) return false;
+	if (isShadowEmail(stored.user.email)) return false;
+	if (grant.user?.id && stored.user.id !== grant.user.id) return false;
+	return true;
+}
+function assertVerifiedFormalAccountUser(user, expectedEmail) {
+	if (!user || user.emailVerified !== true || isShadowEmail(user.email)) throw new Error("Forgeway formal account credentials require a verified formal account.");
+	if (expectedEmail && normalizeEmail(user.email) !== normalizeEmail(expectedEmail)) throw new Error("Forgeway refresh returned credentials for a different email.");
+	return user;
+}
+async function shadowUpgradeFetch(context, path, deps, options) {
+	const request = async (accessToken) => await forgewayRequest(`${context.platformApiUrl}${path}`, {
+		...options,
+		headers: {
+			"Content-Type": "application/json",
+			Authorization: `Bearer ${accessToken}`,
+			...options.headers
+		}
+	}, deps);
+	if (!context.accessToken) throw new Error("Dineway shadow deploy grant is missing its access token.");
+	let response = await request(context.accessToken);
+	if (response.status === 401) response = await request(await refreshShadowAccessToken(context, deps));
+	if (!response.ok) throw new ForgewayApiError(await parseErrorResponse(response), response.status);
+	return await response.json();
+}
+async function startShadowEmailUpgrade(context, email, deps) {
+	const payload = await shadowUpgradeFetch(context, "/api/auth/users/shadow/upgrade/email/start", deps, {
+		method: "POST",
+		body: JSON.stringify({ email })
+	});
+	if (payload.email && normalizeEmail(payload.email) !== email) throw new Error("Forgeway email verification response returned a different email.");
+	return payload;
+}
+async function verifyShadowEmailUpgrade(context, email, otp, deps) {
+	const payload = await shadowUpgradeFetch(context, "/api/auth/users/shadow/upgrade/email/verify", deps, {
+		method: "POST",
+		body: JSON.stringify({
+			email,
+			otp
+		})
+	});
+	if (!payload.accessToken || !payload.refreshToken || !payload.user) throw new Error("Forgeway email upgrade response was missing credentials.");
+	const user = normalizeForgewayUser(payload.user);
+	if (normalizeEmail(user.email) !== email) throw new Error("Forgeway email upgrade returned credentials for a different email.");
+	if (user.emailVerified !== true || isShadowEmail(user.email)) throw new Error("Forgeway email upgrade did not return a verified formal account.");
 	return {
-		projectDir: cwd,
-		platformApiUrl,
-		authKind: "project-api-key",
-		projectId,
-		projectName: project.name,
-		orgId,
-		appkey: project.appkey,
-		region: project.region,
-		apiKey,
-		ossHost
+		platformApiUrl: context.platformApiUrl,
+		accessToken: payload.accessToken,
+		refreshToken: payload.refreshToken,
+		user,
+		source: "shadow-email-upgrade",
+		...context.placeId ? { placeId: context.placeId } : {}
 	};
 }
+async function resolveFormalAccountCredentials(context, grant, email, deps) {
+	const stored = await (deps.readCredentials ?? readForgewayCredentials)(context.projectDir);
+	if (isStoredFormalCredentialForGrant(stored, grant, email)) return {
+		...stored,
+		platformApiUrl: context.platformApiUrl
+	};
+	await startShadowEmailUpgrade(context, email, deps);
+	consola.info(`Sent Forgeway email verification code to ${email}`);
+	const credentials = await verifyShadowEmailUpgrade(context, email, await promptRequired("Email verification code: ", void 0, deps, "Email verification code is required."), deps);
+	await (deps.writeCredentials ?? writeForgewayCredentials)(credentials, context.projectDir);
+	return credentials;
+}
 async function resolveShadowProjectContext(cwd, options, deps) {
 	const pkg = await readDeployPackageJson(cwd).catch(() => null);
 	const saved = pkg ? getSavedForgewayMetadata(pkg) : {};
@@ -1901,37 +1841,35 @@ async function resolveShadowProjectContext(cwd, options, deps) {
 		name: options.restaurantName ?? grant.restaurantName,
 		city: options.city ?? grant.city
 	};
+	const shadowContext = {
+		projectDir: cwd,
+		platformApiUrl,
+		authKind: "shadow-grant",
+		accessToken: grant.accessToken,
+		refreshToken: grant.refreshToken,
+		user: grant.user,
+		ossHost: platformApiUrl,
+		placeId: grant.placeId,
+		restaurantName: restaurant.name,
+		city: restaurant.city
+	};
+	const accountEmail = await resolveForgewayAccountEmail(options, grant, cwd, deps);
+	const credentials = await resolveFormalAccountCredentials(shadowContext, grant, accountEmail, deps);
 	return {
 		context: {
-			projectDir: cwd,
-			platformApiUrl,
-			authKind: "shadow-grant",
-			accessToken: grant.accessToken,
-			refreshToken: grant.refreshToken,
-			ossHost: platformApiUrl,
-			placeId: grant.placeId,
-			restaurantName: restaurant.name,
-			city: restaurant.city
+			...shadowContext,
+			authKind: "formal-account",
+			accessToken: credentials.accessToken,
+			refreshToken: credentials.refreshToken,
+			user: credentials.user,
+			ossHost: platformApiUrl
 		},
 		restaurant
 	};
 }
 async function resolveProjectContext(cwd, options, deps) {
-	const adminContext = await resolveAdminProjectContext(cwd, options, deps);
-	if (adminContext) return { context: adminContext };
 	return await resolveShadowProjectContext(cwd, options, deps);
 }
-function unwrapProjectPayload(payload) {
-	if (isRecord(payload) && "project" in payload) {
-		if (isForgewayProject(payload.project)) return payload.project;
-		throw new Error("Forgeway project response did not include a project");
-	}
-	if (isForgewayProject(payload)) return payload;
-	throw new Error("Forgeway project response did not include a project");
-}
-function isForgewayProject(value) {
-	return isRecord(value) && typeof value.id === "string" && typeof value.name === "string" && typeof value.appkey === "string" && typeof value.region === "string";
-}
 function isRecord(value) {
 	return typeof value === "object" && value !== null;
 }
@@ -2038,20 +1976,6 @@ async function createShadowGrant(options) {
 	await (options.deps.writeShadowGrant ?? writeForgewayShadowGrant)(grant, options.cwd);
 	return grant;
 }
-async function listOrganizations(context, deps) {
-	const payload = await platformFetch("/organizations/v1", context, deps);
-	return Array.isArray(payload) ? payload : payload.organizations ?? [];
-}
-async function listProjects(orgId, context, deps) {
-	const payload = await platformFetch(`/organizations/v1/${encodeURIComponent(orgId)}/projects`, context, deps);
-	return Array.isArray(payload) ? payload : payload.projects ?? [];
-}
-async function fetchProjectApiKey(projectId, context, deps) {
-	const payload = await platformFetch(`/projects/v1/${encodeURIComponent(projectId)}/access-api-key`, context, deps);
-	const apiKey = payload.access_api_key ?? payload.apiKey;
-	if (!apiKey) throw new Error("Forgeway project API key response was empty.");
-	return apiKey;
-}
 async function ossFetch(context, path, deps, options = {}) {
 	const request = async (token) => await forgewayRequest(`${context.ossHost.replace(TRAILING_SLASH_PATTERN, "")}${path}`, {
 		...options,
@@ -2061,10 +1985,10 @@ async function ossFetch(context, path, deps, options = {}) {
 			...options.headers
 		}
 	}, deps);
-	const token = context.apiKey ?? context.accessToken;
+	const token = context.accessToken;
 	if (!token) throw new Error("Forgeway deploy context is missing an authorization token.");
 	let response = await request(token);
-	if (response.status === 401 && context.authKind === "shadow-grant") response = await request(await refreshShadowAccessToken(context, deps));
+	if (response.status === 401) response = await request(context.authKind === "formal-account" ? await refreshFormalAccessToken(context, deps) : await refreshShadowAccessToken(context, deps));
 	if (!response.ok) throw new ForgewayApiError(await parseErrorResponse(response), response.status);
 	return await response.json();
 }
@@ -2357,11 +2281,14 @@ async function deploySiteProject(options) {
 	if (localFiles.length === 0) throw new Error("No deployable files found in the source directory.");
 	const createResult = await ossFetch(options.context, `/api/deployments/sites/${encodeURIComponent(options.siteId)}/deploy`, options.deps, {
 		method: "POST",
-		body: JSON.stringify({ files: localFiles.map(({ path: relativePath, sha, size }) => ({
-			path: relativePath,
-			sha,
-			size
-		})) })
+		body: JSON.stringify({
+			dinewayAdminBootstrap: true,
+			files: localFiles.map(({ path: relativePath, sha, size }) => ({
+				path: relativePath,
+				sha,
+				size
+			}))
+		})
 	});
 	const localFileByPath = new Map(localFiles.map((file) => [file.path, file]));
 	await runWithConcurrency(createResult.files.filter((file) => !file.uploadedAt), DIRECT_UPLOAD_CONCURRENCY, async (manifestFile) => {
@@ -2375,9 +2302,21 @@ async function deploySiteProject(options) {
 	return {
 		deploymentId: createResult.id,
 		...result,
-		site: createResult.site
+		site: createResult.site,
+		dinewayAdminBootstrap: createResult.dinewayAdminBootstrap
 	};
 }
+function formatDinewayAdminBootstrapMessage(bootstrap, siteUrl) {
+	if (!bootstrap) return "";
+	if (bootstrap.status === "already_issued") return `Dineway admin bootstrap: ${bootstrap.message}`;
+	return [
+		"Dineway admin bootstrap credentials were issued. Forgeway will not print these again.",
+		`Admin email: ${bootstrap.adminEmail}`,
+		`Setup link (expires ${bootstrap.setupTokenExpiresAt}): ${bootstrap.setupUrl}`,
+		`Admin API token: ${bootstrap.apiToken}`,
+		`CLI example: DINEWAY_TOKEN=${bootstrap.apiToken} dineway whoami --url ${siteUrl}`
+	].join("\n");
+}
 async function deployForgeway(cwd, options, deps = {}) {
 	if (options.dryRun) return { message: "[dry-run] Would resolve Forgeway project, create/reuse site, bind database, initialize Dineway, upload files, and start deployment." };
 	const sourceDir = resolve(cwd);
@@ -2414,9 +2353,11 @@ async function deployForgeway(cwd, options, deps = {}) {
 		deps
 	});
 	const url = deployment.liveUrl ?? `https://${site.domain}`;
+	const bootstrapMessage = formatDinewayAdminBootstrapMessage(deployment.dinewayAdminBootstrap, url);
+	const statusMessage = deployment.isReady ? `Deploy complete: ${url}` : `Deploy started for ${site.domain}. Check Forgeway for build status.`;
 	return {
 		url,
-		message: deployment.isReady ? `Deploy complete: ${url}` : `Deploy started for ${site.domain}. Check Forgeway for build status.`
+		message: bootstrapMessage ? `${statusMessage}\n\n${bootstrapMessage}` : statusMessage
 	};
 }
 const forgewayTarget = {
@@ -2948,6 +2889,11 @@ const deployCommand = defineCommand({
 			description: "Forgeway deployment site ID or slug",
 			required: false
 		},
+		email: {
+			type: "string",
+			description: "Forgeway account email for shadow-user upgrade",
+			required: false
+		},
 		"restaurant-name": {
 			type: "string",
 			description: "Restaurant name for first Forgeway site creation",
@@ -2978,6 +2924,7 @@ const deployCommand = defineCommand({
 			yes: args.yes,
 			dryRun: args["dry-run"],
 			site: args.site,
+			email: args.email,
 			restaurantName: args["restaurant-name"],
 			city: args.city,
 			database: args.database,

package/dist/client/external-auth-headers.d.mts

@@ -1,4 +1,4 @@
-import { t as Interceptor } from "../transport-BZCHo8n0.mjs";
+import { t as Interceptor } from "../transport-qeWznEPc.mjs";
 
 //#region src/client/external-auth-headers.d.ts
 /**

package/dist/client/index.d.mts

@@ -1,4 +1,4 @@
-import { a as tokenInterceptor, i as devBypassInterceptor, n as createTransport, r as csrfInterceptor, t as Interceptor } from "../transport-BZCHo8n0.mjs";
+import { a as tokenInterceptor, i as devBypassInterceptor, n as createTransport, r as csrfInterceptor, t as Interceptor } from "../transport-qeWznEPc.mjs";
 
 //#region src/client/portable-text.d.ts
 /**

package/dist/client/index.mjs

@@ -1,4 +1,4 @@
-import { a as tokenInterceptor, c as markdownToPortableText, i as refreshInterceptor, l as portableTextToMarkdown, n as csrfInterceptor, o as convertDataForRead, r as devBypassInterceptor, s as convertDataForWrite, t as createTransport } from "../transport-Dt7A12-i.mjs";
+import { a as tokenInterceptor, c as markdownToPortableText, i as refreshInterceptor, l as portableTextToMarkdown, n as csrfInterceptor, o as convertDataForRead, r as devBypassInterceptor, s as convertDataForWrite, t as createTransport } from "../transport-B7kO-4ee.mjs";
 import mime from "mime/lite";
 
 //#region src/client/index.ts

package/dist/{context-CnrsB3lh.mjs → context-DgqEfcWz.mjs}

@@ -1,5 +1,5 @@
-import { a as ContextRepository, i as parseSiteBriefingScope, n as SiteBriefingError } from "./briefing-Dk4I4VC8.mjs";
-import { b as toPublicContextEntry, x as toPublicContextEntryPage, y as toPublicContextDiff } from "./site-context-Dr_5pFHr.mjs";
+import { a as ContextRepository, i as parseSiteBriefingScope, n as SiteBriefingError } from "./briefing-Jsxs587i.mjs";
+import { b as toPublicContextEntry, x as toPublicContextEntryPage, y as toPublicContextDiff } from "./site-context-DuBQk6Mp.mjs";
 
 //#region src/api/handlers/context.ts
 async function handleContextEntryList(db, input = {}) {

package/dist/{context-DRq-f4sM.mjs → context-Ufrm1lOv.mjs}

@@ -5,10 +5,10 @@ import { n as decodeCursor, r as encodeCursor } from "./types-D1DjBFA9.mjs";
 import { t as MediaRepository } from "./media-Cg4zc9fq.mjs";
 import { t as UserRepository } from "./user-2aI21yV1.mjs";
 import { t as OptionsRepository } from "./options-BF11H_FD.mjs";
-import { t as withTransaction } from "./transaction-qfqpPVpu.mjs";
-import { t as SeoRepository } from "./seo-DASNc4gD.mjs";
-import { a as validateExternalUrl, i as stripCredentialHeaders, t as SsrfError } from "./ssrf-z3oH8wjK.mjs";
-import { t as CronAccessImpl } from "./cron-fV9baRVc.mjs";
+import { t as withTransaction } from "./transaction-D0FOsb3X.mjs";
+import { t as SeoRepository } from "./seo-BPb_reaG.mjs";
+import { a as validateExternalUrl, i as stripCredentialHeaders, t as SsrfError } from "./ssrf-KAIQS48_.mjs";
+import { t as CronAccessImpl } from "./cron-D7FDsRu-.mjs";
 import { sql } from "kysely";
 import { ulid } from "ulidx";
 

package/dist/{context-route-helpers-CdFWd8GK.mjs → context-route-helpers-Dq5U_AXp.mjs}

@@ -1,4 +1,4 @@
-import { T as resolveActorIdentity, p as logSiteActivitySafely } from "./activity-events-CjOgr0Uv.mjs";
+import { T as resolveActorIdentity, p as logSiteActivitySafely } from "./activity-events-CpcTzKpF.mjs";
 
 //#region src/api/context-route-helpers.ts
 function resolveContextRouteActor(locals) {

package/dist/{dashboard-DdqRifyu.mjs → dashboard-BC9bgPOH.mjs}

@@ -2,7 +2,7 @@ import { t as validateIdentifier } from "./validate-VPnKoIzW.mjs";
 import { t as ContentRepository } from "./content-DvpMad_N.mjs";
 import { t as MediaRepository } from "./media-Cg4zc9fq.mjs";
 import { t as UserRepository } from "./user-2aI21yV1.mjs";
-import { t as ReviewRequestRepository } from "./review-requests-BYuoyse0.mjs";
+import { t as ReviewRequestRepository } from "./review-requests-CTUU_RJm.mjs";
 import { sql } from "kysely";
 
 //#region src/api/handlers/dashboard.ts

package/dist/db/index.d.mts

@@ -1,4 +1,4 @@
-import "../types-DwIXYH8s.mjs";
-import { a as SqliteConfig, c as sqlite, i as PostgresConfig, n as DatabaseDialectType, o as libsql, r as LibsqlConfig, s as postgres, t as DatabaseDescriptor } from "../adapters-C0EARyCK.mjs";
-import { i as runMigrations, n as getMigrationStatus, r as rollbackMigration, t as MigrationStatus } from "../runner-BJm_NJr2.mjs";
+import "../types-B1NksXAb.mjs";
+import { a as SqliteConfig, c as sqlite, i as PostgresConfig, n as DatabaseDialectType, o as libsql, r as LibsqlConfig, s as postgres, t as DatabaseDescriptor } from "../adapters-kZjS7plb.mjs";
+import { i as runMigrations, n as getMigrationStatus, r as rollbackMigration, t as MigrationStatus } from "../runner-pAnQS6iI.mjs";
 export { type DatabaseDescriptor, type DatabaseDialectType, type LibsqlConfig, type MigrationStatus, type PostgresConfig, type SqliteConfig, getMigrationStatus, libsql, postgres, rollbackMigration, runMigrations, sqlite };

package/dist/db/libsql.d.mts

@@ -1,4 +1,4 @@
-import { r as LibsqlConfig } from "../adapters-C0EARyCK.mjs";
+import { r as LibsqlConfig } from "../adapters-kZjS7plb.mjs";
 import { Dialect } from "kysely";
 
 //#region src/db/libsql.d.ts

package/dist/db/postgres.d.mts

@@ -1,4 +1,4 @@
-import { i as PostgresConfig } from "../adapters-C0EARyCK.mjs";
+import { i as PostgresConfig } from "../adapters-kZjS7plb.mjs";
 import { PostgresDialect } from "kysely";
 
 //#region src/db/postgres.d.ts

package/dist/db/sqlite.d.mts

@@ -1,4 +1,4 @@
-import { a as SqliteConfig } from "../adapters-C0EARyCK.mjs";
+import { a as SqliteConfig } from "../adapters-kZjS7plb.mjs";
 import { Dialect } from "kysely";
 
 //#region src/db/sqlite.d.ts

package/dist/{device-flow-AsTA1k4t.mjs → device-flow-CTS91g4A.mjs}

@@ -1,8 +1,8 @@
-import { t as withTransaction } from "./transaction-qfqpPVpu.mjs";
-import { a as filterExperimentalSiteContextWorkflowScopes, i as experimentalSiteContextWorkflowsEnabled, o as getExperimentalSiteContextWorkflowScopesDisabledMessage, r as disabledExperimentalSiteContextWorkflowScopes } from "./experimental-workflows-C7o_9V7S.mjs";
-import { a as hashApiToken, n as TOKEN_PREFIXES, r as generatePrefixedToken, t as ALL_VALID_SCOPES } from "./api-tokens-BZ9aAeCo.mjs";
-import { o as lookupOAuthClient } from "./oauth-clients-BlHrNh_u.mjs";
-import { t as lookupUserRoleAndStatus } from "./oauth-user-lookup-B7-6YI3R.mjs";
+import { t as withTransaction } from "./transaction-D0FOsb3X.mjs";
+import { a as filterExperimentalSiteContextWorkflowScopes, i as experimentalSiteContextWorkflowsEnabled, o as getExperimentalSiteContextWorkflowScopesDisabledMessage, r as disabledExperimentalSiteContextWorkflowScopes } from "./experimental-workflows-BbZbIEZp.mjs";
+import { a as hashApiToken, n as TOKEN_PREFIXES, r as generatePrefixedToken, t as ALL_VALID_SCOPES } from "./api-tokens-L0o9Bd7v.mjs";
+import { o as lookupOAuthClient } from "./oauth-clients-BMs_bmoz.mjs";
+import { t as lookupUserRoleAndStatus } from "./oauth-user-lookup-DdcI8ZVL.mjs";
 import { clampScopes } from "@dineway-ai/auth";
 import { generateCodeVerifier } from "arctic";
 

package/dist/{hitl-requests-DcTPiuog.mjs → hitl-requests-DaRuZ7tb.mjs}

@@ -1,5 +1,5 @@
-import { t as ExperimentalSiteContextWorkflowDisabledError } from "./experimental-workflows-C7o_9V7S.mjs";
-import { n as HitlRequestService } from "./site-context-Dr_5pFHr.mjs";
+import { t as ExperimentalSiteContextWorkflowDisabledError } from "./experimental-workflows-BbZbIEZp.mjs";
+import { n as HitlRequestService } from "./site-context-DuBQk6Mp.mjs";
 
 //#region src/api/handlers/hitl-requests.ts
 const HITL_NOT_FOUND_RE = /not found/i;