dineway 0.1.3

package/dist/cli/index.mjs

@@ -0,0 +1,3987 @@
+#!/usr/bin/env node
+import { t as __exportAll } from "../chunk-ClPoSABd.mjs";
+import { n as createDatabase } from "../connection-C9pxzuag.mjs";
+import { s as listTablesLike } from "../dialect-helpers-B9uSp2GJ.mjs";
+import { r as runMigrations, t as getMigrationStatus } from "../runner-BGUGywgG.mjs";
+import { t as ContentRepository } from "../content-zSgdNmnt.mjs";
+import { i as encodeBase64url } from "../base64-F8-DUraK.mjs";
+import "../types-BawVha09.mjs";
+import { t as MediaRepository } from "../media-DMTr80Gv.mjs";
+import { f as OptionsRepository, p as TaxonomyRepository, t as applySeed } from "../apply-CAPvMfoU.mjs";
+import { n as SchemaRegistry } from "../registry-DSd1GWB8.mjs";
+import "../redirect-JPqLAbxa.mjs";
+import "../byline-DeWCMU_i.mjs";
+import { r as isI18nEnabled } from "../config-Cq8H0SfX.mjs";
+import "../loader-qKmo0wAY.mjs";
+import { i as pluginManifestSchema } from "../manifest-schema-CTSEyIJ3.mjs";
+import { t as validateSeed } from "../validate-CXnRKfJK.mjs";
+import { LocalStorage } from "../storage/local.mjs";
+import { createHeaderAwareFetch, customHeadersInterceptor, isRedirectResponse, resolveCustomHeaders } from "../client/external-auth-headers.mjs";
+import { DinewayClient } from "../client/index.mjs";
+import { imageSize } from "image-size";
+import { createGzipDecoder, unpackTar } from "modern-tar";
+import { createHash } from "node:crypto";
+import { createWriteStream, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { basename, dirname, extname, isAbsolute, join, resolve } from "node:path";
+import { access, copyFile, mkdir, readFile, readdir, rm, stat, symlink, writeFile } from "node:fs/promises";
+import { defineCommand, runCommand, runMain } from "citty";
+import consola, { consola as consola$1 } from "consola";
+import pc from "picocolors";
+import { homedir } from "node:os";
+import { spawn } from "node:child_process";
+import { pipeline } from "node:stream/promises";
+import { packTar } from "modern-tar/fs";
+
+//#region src/cli/commands/auth.ts
+/**
+* Auth CLI commands
+*/
+/**
+* Generate a cryptographically secure auth secret
+*/
+function generateAuthSecret() {
+	const bytes = new Uint8Array(32);
+	crypto.getRandomValues(bytes);
+	return encodeBase64url(bytes);
+}
+const secretCommand = defineCommand({
+	meta: {
+		name: "secret",
+		description: "Generate a secure auth secret"
+	},
+	run() {
+		const secret = generateAuthSecret();
+		consola$1.log("");
+		consola$1.log(pc.bold("Generated auth secret:"));
+		consola$1.log("");
+		consola$1.log(`  ${pc.cyan("DINEWAY_AUTH_SECRET")}=${pc.green(secret)}`);
+		consola$1.log("");
+		consola$1.log(pc.dim("Add this to your environment variables."));
+		consola$1.log("");
+	}
+});
+const authCommand = defineCommand({
+	meta: {
+		name: "auth",
+		description: "Authentication utilities"
+	},
+	subCommands: { secret: secretCommand }
+});
+
+//#endregion
+//#region src/cli/credentials.ts
+/**
+* Credential storage for CLI auth tokens.
+*
+* Stores OAuth tokens in ~/.config/dineway/auth.json.
+* Remote URLs are keyed by origin, local dev by project path.
+*/
+function getConfigDir() {
+	const xdg = process.env["XDG_CONFIG_HOME"];
+	if (xdg) return join(xdg, "dineway");
+	return join(homedir(), ".config", "dineway");
+}
+function getCredentialPath() {
+	return join(getConfigDir(), "auth.json");
+}
+/**
+* Resolve the credential key for a given URL.
+*
+* Remote URLs are keyed by origin (e.g. "https://my-site.pages.dev").
+* Local dev instances are keyed by project path (e.g. "path:/Users/matt/sites/blog").
+*/
+function resolveCredentialKey(baseUrl) {
+	try {
+		const url = new URL(baseUrl);
+		if (url.hostname === "localhost" || url.hostname === "127.0.0.1" || url.hostname === "[::1]") {
+			const projectPath = findProjectRoot(process.cwd());
+			if (projectPath) return `path:${projectPath}`;
+			return url.origin;
+		}
+		return url.origin;
+	} catch {
+		return baseUrl;
+	}
+}
+/**
+* Walk up from cwd to find the project root (directory containing astro.config.*).
+*/
+function findProjectRoot(from) {
+	let dir = resolve(from);
+	const root = resolve("/");
+	while (dir !== root) {
+		for (const name of [
+			"astro.config.ts",
+			"astro.config.mts",
+			"astro.config.js",
+			"astro.config.mjs"
+		]) if (existsSync(join(dir, name))) return dir;
+		const parent = resolve(dir, "..");
+		if (parent === dir) break;
+		dir = parent;
+	}
+	return null;
+}
+function readStore() {
+	const path = getCredentialPath();
+	try {
+		if (existsSync(path)) {
+			const content = readFileSync(path, "utf-8");
+			return JSON.parse(content);
+		}
+	} catch {}
+	return {};
+}
+function writeStore(store) {
+	mkdirSync(getConfigDir(), { recursive: true });
+	writeFileSync(getCredentialPath(), JSON.stringify(store, null, "	"), {
+		encoding: "utf-8",
+		mode: 384
+	});
+}
+/**
+* Get stored credentials for a URL.
+*/
+function getCredentials(baseUrl) {
+	const key = resolveCredentialKey(baseUrl);
+	const cred = readStore()[key];
+	if (!cred || !("accessToken" in cred)) return null;
+	return cred;
+}
+/**
+* Save credentials for a URL.
+*/
+function saveCredentials(baseUrl, cred) {
+	const key = resolveCredentialKey(baseUrl);
+	const store = readStore();
+	store[key] = cred;
+	writeStore(store);
+}
+/**
+* Remove credentials for a URL.
+*/
+function removeCredentials(baseUrl) {
+	const key = resolveCredentialKey(baseUrl);
+	const store = readStore();
+	if (key in store) {
+		delete store[key];
+		writeStore(store);
+		return true;
+	}
+	return false;
+}
+function marketplaceKey(registryUrl) {
+	try {
+		return `marketplace:${new URL(registryUrl).origin}`;
+	} catch {
+		return `marketplace:${registryUrl}`;
+	}
+}
+/**
+* Get stored marketplace credential for a registry URL.
+*/
+function getMarketplaceCredential(registryUrl) {
+	const key = marketplaceKey(registryUrl);
+	const cred = readStore()[key];
+	if (!cred || !("token" in cred)) return null;
+	if (new Date(cred.expiresAt) < /* @__PURE__ */ new Date()) return null;
+	return cred;
+}
+/**
+* Save marketplace credential for a registry URL.
+*/
+function saveMarketplaceCredential(registryUrl, cred) {
+	const key = marketplaceKey(registryUrl);
+	const store = readStore();
+	store[key] = cred;
+	writeStore(store);
+}
+/**
+* Remove marketplace credential for a registry URL.
+*/
+function removeMarketplaceCredential(registryUrl) {
+	const key = marketplaceKey(registryUrl);
+	const store = readStore();
+	if (key in store) {
+		delete store[key];
+		writeStore(store);
+		return true;
+	}
+	return false;
+}
+
+//#endregion
+//#region src/cli/client-factory.ts
+var client_factory_exports = /* @__PURE__ */ __exportAll({
+	connectionArgs: () => connectionArgs,
+	createClientFromArgs: () => createClientFromArgs
+});
+/**
+* Shared connection args for all CLI commands that talk to a Dineway instance.
+* Spread into each command's `args` definition.
+*/
+const connectionArgs = {
+	url: {
+		type: "string",
+		alias: "u",
+		description: "Dineway instance URL",
+		default: "http://localhost:4321"
+	},
+	token: {
+		type: "string",
+		alias: "t",
+		description: "Auth token"
+	},
+	header: {
+		type: "string",
+		alias: "H",
+		description: "Custom header \"Name: Value\" (repeatable, or use DINEWAY_HEADERS env)"
+	},
+	json: {
+		type: "boolean",
+		description: "Output as JSON"
+	}
+};
+/**
+* Create a DinewayClient from CLI args, env vars, and stored credentials.
+*
+* Auth resolution order:
+* 1. --token flag
+* 2. DINEWAY_TOKEN env var
+* 3. Stored credentials (~/.config/dineway/auth.json)
+* 4. Dev bypass (if URL is localhost)
+*
+* Custom headers are merged from (in priority order):
+* 1. Stored credentials (persisted during `dineway login --header`)
+* 2. DINEWAY_HEADERS env var
+* 3. --header CLI flags
+*/
+function createClientFromArgs(args) {
+	const baseUrl = args.url || process.env["DINEWAY_URL"] || "http://localhost:4321";
+	let token = args.token || process.env["DINEWAY_TOKEN"];
+	const isLocal = baseUrl.includes("localhost") || baseUrl.includes("127.0.0.1");
+	const cred = !token ? getCredentials(baseUrl) : null;
+	const customHeaders = {
+		...cred?.customHeaders,
+		...resolveCustomHeaders()
+	};
+	const extraInterceptors = [];
+	if (Object.keys(customHeaders).length > 0) extraInterceptors.push(customHeadersInterceptor(customHeaders));
+	if (!token && cred) if (new Date(cred.expiresAt) > /* @__PURE__ */ new Date()) token = cred.accessToken;
+	else return new DinewayClient({
+		baseUrl,
+		token: cred.accessToken,
+		refreshToken: cred.refreshToken,
+		onTokenRefresh: (newAccessToken, expiresIn) => {
+			saveCredentials(baseUrl, {
+				...cred,
+				accessToken: newAccessToken,
+				expiresAt: new Date(Date.now() + expiresIn * 1e3).toISOString()
+			});
+		},
+		interceptors: extraInterceptors
+	});
+	return new DinewayClient({
+		baseUrl,
+		token,
+		devBypass: !token && isLocal,
+		interceptors: extraInterceptors
+	});
+}
+
+//#endregion
+//#region src/cli/output.ts
+/**
+* Redirect consola output to stderr so it doesn't pollute JSON on stdout.
+*
+* Call this early in any command that uses `output()` with `--json`.
+* Safe to call multiple times — only applies the redirect once.
+*/
+function configureOutputMode(args) {
+	if (args.json || !process.stdout.isTTY) {
+		consola$1.options.stdout = process.stderr;
+		consola$1.options.stderr = process.stderr;
+	}
+}
+/**
+* Output data as JSON or pretty-printed.
+*
+* If stdout is not a TTY or --json is set, outputs JSON.
+* Otherwise, outputs a formatted representation.
+*/
+function output(data, args) {
+	if (args.json || !process.stdout.isTTY) process.stdout.write(JSON.stringify(data, null, 2) + "\n");
+	else prettyPrint(data);
+}
+function prettyPrint(data, indent = 0) {
+	if (data === null || data === void 0) {
+		consola$1.log("(empty)");
+		return;
+	}
+	if (Array.isArray(data)) {
+		if (data.length === 0) {
+			consola$1.log("(no items)");
+			return;
+		}
+		for (const item of data) {
+			prettyPrint(item, indent);
+			if (indent === 0) consola$1.log("---");
+		}
+		return;
+	}
+	if (typeof data === "object") {
+		const obj = Object(data);
+		if ("items" in obj && Array.isArray(obj.items)) {
+			prettyPrint(obj.items, indent);
+			if (typeof obj.nextCursor === "string") consola$1.log(`\nNext cursor: ${obj.nextCursor}`);
+			return;
+		}
+		const prefix = "  ".repeat(indent);
+		for (const [key, value] of Object.entries(obj)) {
+			if (value === null || value === void 0) continue;
+			if (typeof value === "object" && !Array.isArray(value)) {
+				consola$1.log(`${prefix}${key}:`);
+				prettyPrint(value, indent + 1);
+			} else if (Array.isArray(value)) consola$1.log(`${prefix}${key}: [${value.length} items]`);
+			else {
+				const str = typeof value === "string" ? value : JSON.stringify(value);
+				const display = str.length > 80 ? str.slice(0, 77) + "..." : str;
+				consola$1.log(`${prefix}${key}: ${display}`);
+			}
+		}
+		return;
+	}
+	consola$1.log(typeof data === "string" ? data : JSON.stringify(data));
+}
+
+//#endregion
+//#region src/cli/commands/content.ts
+/**
+* dineway content
+*
+* CRUD commands for managing content items via the Dineway REST API.
+*/
+/** Read content data from --data, --file, or --stdin */
+async function readInputData(args) {
+	if (args.data) try {
+		return JSON.parse(args.data);
+	} catch {
+		throw new Error("Invalid JSON in --data argument");
+	}
+	if (args.file) try {
+		const content = await readFile(args.file, "utf-8");
+		return JSON.parse(content);
+	} catch (error) {
+		if (error instanceof SyntaxError) throw new Error(`Invalid JSON in file: ${args.file}`, { cause: error });
+		throw error;
+	}
+	if (args.stdin) {
+		const chunks = [];
+		for await (const chunk of process.stdin) chunks.push(chunk);
+		const content = Buffer.concat(chunks).toString("utf-8");
+		try {
+			return JSON.parse(content);
+		} catch {
+			throw new Error("Invalid JSON from stdin");
+		}
+	}
+	throw new Error("Provide content data via --data, --file, or --stdin");
+}
+const listCommand$4 = defineCommand({
+	meta: {
+		name: "list",
+		description: "List content items"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		status: {
+			type: "string",
+			description: "Filter by status"
+		},
+		locale: {
+			type: "string",
+			description: "Filter by locale"
+		},
+		limit: {
+			type: "string",
+			description: "Maximum items to return"
+		},
+		cursor: {
+			type: "string",
+			description: "Pagination cursor"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			const result = await createClientFromArgs(args).list(args.collection, {
+				status: args.status,
+				locale: args.locale,
+				limit: args.limit ? parseInt(args.limit, 10) : void 0,
+				cursor: args.cursor
+			});
+			output({
+				items: result.items.map((item) => ({
+					id: item.id,
+					slug: item.slug,
+					locale: item.locale,
+					status: item.status,
+					title: typeof item.data?.title === "string" ? item.data.title : void 0,
+					updatedAt: item.updatedAt
+				})),
+				nextCursor: result.nextCursor
+			}, args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const getCommand$3 = defineCommand({
+	meta: {
+		name: "get",
+		description: "Get a single content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		locale: {
+			type: "string",
+			description: "Locale for slug resolution"
+		},
+		raw: {
+			type: "boolean",
+			description: "Return raw Portable Text (skip markdown conversion)"
+		},
+		published: {
+			type: "boolean",
+			description: "Return published data only (ignore pending draft)"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			const client = createClientFromArgs(args);
+			const item = await client.get(args.collection, args.id, {
+				raw: args.raw,
+				locale: args.locale
+			});
+			if (!args.published && item.draftRevisionId) {
+				const comparison = await client.compare(args.collection, args.id);
+				if (comparison.hasChanges && comparison.draft) item.data = comparison.draft;
+			}
+			output(item, args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const createCommand$1 = defineCommand({
+	meta: {
+		name: "create",
+		description: "Create a content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		data: {
+			type: "string",
+			description: "Content data as JSON string"
+		},
+		file: {
+			type: "string",
+			description: "Read content data from a JSON file"
+		},
+		stdin: {
+			type: "boolean",
+			description: "Read content data from stdin"
+		},
+		slug: {
+			type: "string",
+			description: "Content slug"
+		},
+		locale: {
+			type: "string",
+			description: "Content locale"
+		},
+		"translation-of": {
+			type: "string",
+			description: "ID of content item to link as translation"
+		},
+		draft: {
+			type: "boolean",
+			description: "Keep as draft instead of auto-publishing"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			const data = await readInputData(args);
+			const client = createClientFromArgs(args);
+			const item = await client.create(args.collection, {
+				data,
+				slug: args.slug,
+				locale: args.locale,
+				translationOf: args["translation-of"]
+			});
+			if (!args.draft) await client.publish(args.collection, item.id);
+			output(await client.get(args.collection, item.id), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const updateCommand = defineCommand({
+	meta: {
+		name: "update",
+		description: "Update a content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		data: {
+			type: "string",
+			description: "Content data as JSON string"
+		},
+		file: {
+			type: "string",
+			description: "Read content data from a JSON file"
+		},
+		rev: {
+			type: "string",
+			description: "Revision token from get (prevents overwriting unseen changes)",
+			required: true
+		},
+		draft: {
+			type: "boolean",
+			description: "Keep as draft instead of auto-publishing"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			const data = await readInputData(args);
+			const client = createClientFromArgs(args);
+			const updated = await client.update(args.collection, args.id, {
+				data,
+				_rev: args.rev
+			});
+			if (!args.draft && updated.draftRevisionId) await client.publish(args.collection, args.id);
+			output(await client.get(args.collection, args.id), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const deleteCommand$2 = defineCommand({
+	meta: {
+		name: "delete",
+		description: "Delete a content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			await createClientFromArgs(args).delete(args.collection, args.id);
+			consola$1.success(`Deleted ${args.collection}/${args.id}`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const publishCommand$1 = defineCommand({
+	meta: {
+		name: "publish",
+		description: "Publish a content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			await createClientFromArgs(args).publish(args.collection, args.id);
+			consola$1.success(`Published ${args.collection}/${args.id}`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const unpublishCommand = defineCommand({
+	meta: {
+		name: "unpublish",
+		description: "Unpublish a content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			await createClientFromArgs(args).unpublish(args.collection, args.id);
+			consola$1.success(`Unpublished ${args.collection}/${args.id}`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const scheduleCommand = defineCommand({
+	meta: {
+		name: "schedule",
+		description: "Schedule content for publishing"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		at: {
+			type: "string",
+			description: "ISO 8601 datetime to publish at",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			await createClientFromArgs(args).schedule(args.collection, args.id, { at: args.at });
+			consola$1.success(`Scheduled ${args.collection}/${args.id} for ${args.at}`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const restoreCommand = defineCommand({
+	meta: {
+		name: "restore",
+		description: "Restore a trashed content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			await createClientFromArgs(args).restore(args.collection, args.id);
+			consola$1.success(`Restored ${args.collection}/${args.id}`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const translationsCommand = defineCommand({
+	meta: {
+		name: "translations",
+		description: "List translations for a content item"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		id: {
+			type: "positional",
+			description: "Content item ID or slug",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).translations(args.collection, args.id), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const contentCommand = defineCommand({
+	meta: {
+		name: "content",
+		description: "Manage content"
+	},
+	subCommands: {
+		list: listCommand$4,
+		get: getCommand$3,
+		create: createCommand$1,
+		update: updateCommand,
+		delete: deleteCommand$2,
+		publish: publishCommand$1,
+		unpublish: unpublishCommand,
+		schedule: scheduleCommand,
+		restore: restoreCommand,
+		translations: translationsCommand
+	}
+});
+
+//#endregion
+//#region src/cli/database-url.ts
+const REMOTE_DATABASE_URL_PREFIXES = [
+	"libsql:",
+	"http://",
+	"https://",
+	"ws://",
+	"wss://"
+];
+/**
+* Resolve a CLI --database argument into a concrete database URL.
+*
+* - Plain paths become absolute `file:` URLs rooted at `cwd`
+* - Relative `file:` URLs are normalized against `cwd`
+* - `:memory:` and remote URLs are passed through unchanged
+*/
+function resolveCliDatabaseTarget(cwd, database) {
+	if (database === ":memory:") return {
+		url: database,
+		display: database
+	};
+	if (database.startsWith("file:")) {
+		const rawPath = database.slice(5);
+		const absolutePath = isAbsolute(rawPath) ? rawPath : resolve(cwd, rawPath);
+		return {
+			url: `file:${absolutePath}`,
+			display: absolutePath,
+			localPath: absolutePath
+		};
+	}
+	if (REMOTE_DATABASE_URL_PREFIXES.some((prefix) => database.startsWith(prefix))) return {
+		url: database,
+		display: database
+	};
+	const absolutePath = resolve(cwd, database);
+	return {
+		url: `file:${absolutePath}`,
+		display: absolutePath,
+		localPath: absolutePath
+	};
+}
+
+//#endregion
+//#region src/cli/commands/dev.ts
+/**
+* dineway dev
+*
+* Start development server with optional schema sync from remote
+*/
+async function readPackageJson$2(cwd) {
+	const pkgPath = resolve(cwd, "package.json");
+	try {
+		const content = await readFile(pkgPath, "utf-8");
+		return JSON.parse(content);
+	} catch {
+		return null;
+	}
+}
+async function fileExists$4(path) {
+	try {
+		await access(path);
+		return true;
+	} catch {
+		return false;
+	}
+}
+const devCommand = defineCommand({
+	meta: {
+		name: "dev",
+		description: "Start dev server with local database"
+	},
+	args: {
+		database: {
+			type: "string",
+			alias: "d",
+			description: "Database path or URL (default: ./data.db)",
+			default: "./data.db"
+		},
+		types: {
+			type: "boolean",
+			alias: "t",
+			description: "Generate types from remote before starting",
+			default: false
+		},
+		port: {
+			type: "string",
+			alias: "p",
+			description: "Port for dev server",
+			default: "4321"
+		},
+		cwd: {
+			type: "string",
+			description: "Working directory",
+			default: process.cwd()
+		}
+	},
+	async run({ args }) {
+		const cwd = resolve(args.cwd);
+		const pkg = await readPackageJson$2(cwd);
+		if (!pkg) {
+			consola.error("No package.json found");
+			process.exit(1);
+		}
+		const database = resolveCliDatabaseTarget(cwd, args.database);
+		consola.info(`Database: ${database.display}`);
+		if (database.localPath && !await fileExists$4(database.localPath)) consola.start("Database not found, initializing...");
+		const db = createDatabase({ url: database.url });
+		try {
+			consola.start("Checking database migrations...");
+			const { applied } = await runMigrations(db);
+			if (applied.length > 0) consola.success(`Applied ${applied.length} migrations`);
+			else consola.info("Database up to date");
+		} catch (error) {
+			consola.error("Migration failed:", error);
+			await db.destroy();
+			process.exit(1);
+		}
+		await db.destroy();
+		if (args.types) {
+			const remoteUrl = pkg.dineway?.url || process.env.DINEWAY_URL;
+			if (!remoteUrl) consola.warn("No remote URL configured. Set DINEWAY_URL or dineway.url in package.json");
+			else try {
+				const { createClientFromArgs } = await Promise.resolve().then(() => client_factory_exports);
+				const client = createClientFromArgs({ url: remoteUrl });
+				const schema = await client.schemaExport();
+				const types = await client.schemaTypes();
+				const { writeFile, mkdir } = await import("node:fs/promises");
+				const { resolve: resolvePath, dirname } = await import("node:path");
+				const outputPath = resolvePath(cwd, ".dineway/types.ts");
+				await mkdir(dirname(outputPath), { recursive: true });
+				await writeFile(outputPath, types, "utf-8");
+				await writeFile(resolvePath(dirname(outputPath), "schema.json"), JSON.stringify(schema, null, 2), "utf-8");
+				consola.success(`Generated types for ${schema.collections.length} collections`);
+			} catch (error) {
+				consola.warn("Type generation failed:", error instanceof Error ? error.message : error);
+			}
+		}
+		consola.start("Starting Astro dev server...");
+		const astroArgs = [
+			"astro",
+			"dev",
+			"--port",
+			args.port
+		];
+		const pnpmLockExists = await fileExists$4(resolve(cwd, "pnpm-lock.yaml"));
+		const yarnLockExists = await fileExists$4(resolve(cwd, "yarn.lock"));
+		let cmd;
+		let cmdArgs;
+		if (pnpmLockExists) {
+			cmd = "pnpm";
+			cmdArgs = astroArgs;
+		} else if (yarnLockExists) {
+			cmd = "yarn";
+			cmdArgs = astroArgs;
+		} else {
+			cmd = "npx";
+			cmdArgs = astroArgs;
+		}
+		consola.info(`Running: ${cmd} ${cmdArgs.join(" ")}`);
+		const child = spawn(cmd, cmdArgs, {
+			cwd,
+			stdio: "inherit",
+			env: {
+				...process.env,
+				DINEWAY_DATABASE_URL: database.url
+			}
+		});
+		child.on("error", (error) => {
+			consola.error("Failed to start dev server:", error);
+			process.exit(1);
+		});
+		child.on("exit", (code) => {
+			process.exit(code ?? 0);
+		});
+		const cleanup = () => {
+			child.kill("SIGTERM");
+		};
+		process.on("SIGINT", cleanup);
+		process.on("SIGTERM", cleanup);
+	}
+});
+
+//#endregion
+//#region src/cli/commands/doctor.ts
+/**
+* dineway doctor
+*
+* Diagnose database health: connection, migrations, schema integrity.
+*/
+async function fileExists$3(path) {
+	try {
+		await access(path);
+		return true;
+	} catch {
+		return false;
+	}
+}
+function printResult(result) {
+	(result.status === "pass" ? consola.success : result.status === "warn" ? consola.warn : consola.error)(`${result.name}: ${result.message}`);
+}
+async function checkDatabase(database) {
+	const results = [];
+	if (database.localPath && !await fileExists$3(database.localPath)) {
+		results.push({
+			name: "database",
+			status: "fail",
+			message: `not found at ${database.localPath} — run "dineway init"`
+		});
+		return results;
+	}
+	results.push({
+		name: "database",
+		status: "pass",
+		message: database.display
+	});
+	let db;
+	try {
+		db = createDatabase({ url: database.url });
+		const { applied, pending } = await getMigrationStatus(db);
+		if (pending.length === 0) results.push({
+			name: "migrations",
+			status: "pass",
+			message: `${applied.length} applied, none pending`
+		});
+		else results.push({
+			name: "migrations",
+			status: "warn",
+			message: `${applied.length} applied, ${pending.length} pending — run "dineway init"`
+		});
+		const { sql } = await import("kysely");
+		try {
+			const count = (await sql`SELECT COUNT(id) as count FROM _dineway_collections`.execute(db)).rows[0]?.count ?? 0;
+			results.push({
+				name: "collections",
+				status: count > 0 ? "pass" : "warn",
+				message: count > 0 ? `${count} collections defined` : "no collections — seed or create via admin"
+			});
+		} catch {
+			results.push({
+				name: "collections",
+				status: "fail",
+				message: "could not query collections table — migrations may not have run"
+			});
+		}
+		try {
+			const tableNames = await listTablesLike(db, "ec_%");
+			const collectionsResult = await sql`SELECT slug FROM _dineway_collections`.execute(db);
+			const registeredSlugs = new Set(collectionsResult.rows.map((r) => `ec_${r.slug}`));
+			const orphaned = tableNames.filter((name) => !registeredSlugs.has(name));
+			if (orphaned.length > 0) results.push({
+				name: "orphaned tables",
+				status: "warn",
+				message: `found ${orphaned.length}: ${orphaned.join(", ")}`
+			});
+		} catch {}
+		try {
+			const count = (await sql`SELECT COUNT(id) as count FROM _dineway_users`.execute(db)).rows[0]?.count ?? 0;
+			results.push({
+				name: "users",
+				status: count > 0 ? "pass" : "warn",
+				message: count > 0 ? `${count} users` : "no users — complete setup wizard at /_dineway/admin"
+			});
+		} catch {
+			results.push({
+				name: "users",
+				status: "warn",
+				message: "could not query users table"
+			});
+		}
+	} catch (error) {
+		results.push({
+			name: "database connection",
+			status: "fail",
+			message: error instanceof Error ? error.message : "failed to connect"
+		});
+	} finally {
+		if (db) await db.destroy();
+	}
+	return results;
+}
+const doctorCommand = defineCommand({
+	meta: {
+		name: "doctor",
+		description: "Check database health and diagnose issues"
+	},
+	args: {
+		database: {
+			type: "string",
+			alias: "d",
+			description: "Database path or URL (default: ./data.db)",
+			default: "./data.db"
+		},
+		cwd: {
+			type: "string",
+			description: "Working directory",
+			default: process.cwd()
+		},
+		json: {
+			type: "boolean",
+			description: "Output results as JSON",
+			default: false
+		}
+	},
+	async run({ args }) {
+		const results = await checkDatabase(resolveCliDatabaseTarget(resolve(args.cwd), args.database));
+		if (args.json) {
+			process.stdout.write(JSON.stringify(results, null, 2) + "\n");
+			return;
+		}
+		consola.start("Dineway Doctor\n");
+		for (const result of results) printResult(result);
+		const fails = results.filter((r) => r.status === "fail");
+		const warns = results.filter((r) => r.status === "warn");
+		consola.log("");
+		if (fails.length === 0 && warns.length === 0) consola.success("All checks passed");
+		else if (fails.length === 0) consola.info(`All critical checks passed (${warns.length} warnings)`);
+		else {
+			consola.error(`${fails.length} issues found`);
+			process.exitCode = 1;
+		}
+	}
+});
+
+//#endregion
+//#region src/cli/commands/export-seed.ts
+/**
+* dineway export-seed
+*
+* Export current database schema (and optionally content) as a seed file
+*/
+const SETTINGS_PREFIX = "site:";
+const exportSeedCommand = defineCommand({
+	meta: {
+		name: "export-seed",
+		description: "Export database schema and content as a seed file"
+	},
+	args: {
+		database: {
+			type: "string",
+			alias: "d",
+			description: "Database path or URL",
+			default: "./data.db"
+		},
+		cwd: {
+			type: "string",
+			description: "Working directory",
+			default: process.cwd()
+		},
+		"with-content": {
+			type: "string",
+			description: "Include content (all or comma-separated collection names)",
+			required: false
+		},
+		pretty: {
+			type: "boolean",
+			description: "Pretty print JSON output",
+			default: true
+		}
+	},
+	async run({ args }) {
+		const database = resolveCliDatabaseTarget(resolve(args.cwd), args.database);
+		consola.info(`Database: ${database.display}`);
+		const db = createDatabase({ url: database.url });
+		try {
+			await runMigrations(db);
+		} catch (error) {
+			consola.error("Migration failed:", error);
+			await db.destroy();
+			process.exit(1);
+		}
+		try {
+			const seed = await exportSeed(db, args["with-content"]);
+			const output = args.pretty ? JSON.stringify(seed, null, "	") : JSON.stringify(seed);
+			console.log(output);
+		} catch (error) {
+			consola.error("Export failed:", error);
+			await db.destroy();
+			process.exit(1);
+		}
+		await db.destroy();
+	}
+});
+/**
+* Export database to seed file format
+*/
+async function exportSeed(db, withContent) {
+	const seed = {
+		$schema: "https://dineway.foodism.ai/seed.schema.json",
+		version: "1",
+		meta: {
+			name: "Exported Seed",
+			description: "Exported from existing Dineway database"
+		}
+	};
+	seed.settings = await exportSettings(db);
+	seed.collections = await exportCollections(db);
+	seed.taxonomies = await exportTaxonomies(db);
+	seed.menus = await exportMenus(db);
+	seed.widgetAreas = await exportWidgetAreas(db);
+	if (withContent !== void 0) {
+		const collections = withContent === "" || withContent === "true" ? null : withContent.split(",").map((s) => s.trim()).filter(Boolean);
+		seed.content = await exportContent(db, seed.collections || [], collections);
+	}
+	return seed;
+}
+/**
+* Export site settings
+*/
+async function exportSettings(db) {
+	const allOptions = await new OptionsRepository(db).getByPrefix(SETTINGS_PREFIX);
+	const settings = {};
+	for (const [key, value] of allOptions) {
+		const settingKey = key.replace(SETTINGS_PREFIX, "");
+		settings[settingKey] = value;
+	}
+	return Object.keys(settings).length > 0 ? settings : void 0;
+}
+/**
+* Export collections and their fields
+*/
+async function exportCollections(db) {
+	const registry = new SchemaRegistry(db);
+	const collections = await registry.listCollections();
+	const result = [];
+	for (const collection of collections) {
+		const fields = await registry.listFields(collection.id);
+		const seedCollection = {
+			slug: collection.slug,
+			label: collection.label,
+			labelSingular: collection.labelSingular || void 0,
+			description: collection.description || void 0,
+			icon: collection.icon || void 0,
+			supports: collection.supports.length > 0 ? collection.supports : void 0,
+			urlPattern: collection.urlPattern || void 0,
+			fields: fields.map((field) => ({
+				slug: field.slug,
+				label: field.label,
+				type: field.type,
+				required: field.required || void 0,
+				unique: field.unique || void 0,
+				searchable: field.searchable || void 0,
+				defaultValue: field.defaultValue,
+				validation: field.validation ? { ...field.validation } : void 0,
+				widget: field.widget || void 0,
+				options: field.options || void 0
+			}))
+		};
+		result.push(seedCollection);
+	}
+	return result;
+}
+/**
+* Export taxonomy definitions and terms
+*/
+async function exportTaxonomies(db) {
+	const defs = await db.selectFrom("_dineway_taxonomy_defs").selectAll().execute();
+	const result = [];
+	const termRepo = new TaxonomyRepository(db);
+	for (const def of defs) {
+		const terms = await termRepo.findByName(def.name);
+		const seedTerms = [];
+		const idToSlug = /* @__PURE__ */ new Map();
+		for (const term of terms) idToSlug.set(term.id, term.slug);
+		for (const term of terms) {
+			const seedTerm = {
+				slug: term.slug,
+				label: term.label,
+				description: typeof term.data?.description === "string" ? term.data.description : void 0
+			};
+			if (term.parentId) seedTerm.parent = idToSlug.get(term.parentId);
+			seedTerms.push(seedTerm);
+		}
+		const taxonomy = {
+			name: def.name,
+			label: def.label,
+			labelSingular: def.label_singular || void 0,
+			hierarchical: def.hierarchical === 1,
+			collections: def.collections ? JSON.parse(def.collections) : []
+		};
+		if (seedTerms.length > 0) taxonomy.terms = seedTerms;
+		result.push(taxonomy);
+	}
+	return result;
+}
+/**
+* Export menus with their items
+*/
+async function exportMenus(db) {
+	const menus = await db.selectFrom("_dineway_menus").selectAll().execute();
+	const result = [];
+	for (const menu of menus) {
+		const seedItems = buildMenuItemTree(await db.selectFrom("_dineway_menu_items").selectAll().where("menu_id", "=", menu.id).orderBy("sort_order", "asc").execute());
+		result.push({
+			name: menu.name,
+			label: menu.label,
+			items: seedItems
+		});
+	}
+	return result;
+}
+/** Type guard for valid widget types */
+function isWidgetType(t) {
+	return t === "content" || t === "menu" || t === "component";
+}
+/**
+* Build hierarchical menu item tree from flat array
+*/
+function buildMenuItemTree(items) {
+	const childMap = /* @__PURE__ */ new Map();
+	for (const item of items) {
+		const parentId = item.parent_id;
+		if (!childMap.has(parentId)) childMap.set(parentId, []);
+		childMap.get(parentId).push(item);
+	}
+	function buildLevel(parentId) {
+		return (childMap.get(parentId) || []).map((item) => {
+			const seedItem = {
+				type: item.type,
+				label: item.label || void 0
+			};
+			if (item.type === "custom") seedItem.url = item.custom_url || void 0;
+			else {
+				seedItem.ref = item.reference_id || void 0;
+				seedItem.collection = item.reference_collection || void 0;
+			}
+			if (item.target === "_blank") seedItem.target = "_blank";
+			if (item.title_attr) seedItem.titleAttr = item.title_attr;
+			if (item.css_classes) seedItem.cssClasses = item.css_classes;
+			const itemChildren = buildLevel(item.id);
+			if (itemChildren.length > 0) seedItem.children = itemChildren;
+			return seedItem;
+		});
+	}
+	return buildLevel(null);
+}
+/**
+* Export widget areas with their widgets
+*/
+async function exportWidgetAreas(db) {
+	const areas = await db.selectFrom("_dineway_widget_areas").selectAll().execute();
+	const result = [];
+	for (const area of areas) {
+		const seedWidgets = (await db.selectFrom("_dineway_widgets").selectAll().where("area_id", "=", area.id).orderBy("sort_order", "asc").execute()).filter((w) => isWidgetType(w.type)).map((widget) => {
+			const seedWidget = { type: isWidgetType(widget.type) ? widget.type : "content" };
+			if (widget.title) seedWidget.title = widget.title;
+			if (widget.type === "content" && widget.content) seedWidget.content = JSON.parse(widget.content);
+			else if (widget.type === "menu" && widget.menu_name) seedWidget.menuName = widget.menu_name;
+			else if (widget.type === "component") {
+				if (widget.component_id) seedWidget.componentId = widget.component_id;
+				if (widget.component_props) seedWidget.props = JSON.parse(widget.component_props);
+			}
+			return seedWidget;
+		});
+		result.push({
+			name: area.name,
+			label: area.label,
+			description: area.description || void 0,
+			widgets: seedWidgets
+		});
+	}
+	return result;
+}
+/**
+* Export content from collections
+*/
+async function exportContent(db, collections, includeCollections) {
+	const content = {};
+	const contentRepo = new ContentRepository(db);
+	const taxonomyRepo = new TaxonomyRepository(db);
+	const mediaRepo = new MediaRepository(db);
+	const mediaMap = /* @__PURE__ */ new Map();
+	try {
+		let cursor;
+		do {
+			const result = await mediaRepo.findMany({
+				limit: 100,
+				cursor,
+				status: "all"
+			});
+			for (const media of result.items) mediaMap.set(media.id, {
+				url: `/_dineway/api/media/file/${media.storageKey}`,
+				filename: media.filename,
+				alt: media.alt || void 0,
+				caption: media.caption || void 0
+			});
+			cursor = result.nextCursor;
+		} while (cursor);
+	} catch {}
+	const i18nEnabled = isI18nEnabled();
+	for (const collection of collections) {
+		if (includeCollections && !includeCollections.includes(collection.slug)) continue;
+		const entries = [];
+		let cursor;
+		const translationGroupToSeedId = /* @__PURE__ */ new Map();
+		do {
+			const result = await contentRepo.findMany(collection.slug, {
+				limit: 100,
+				cursor
+			});
+			for (const item of result.items) {
+				const seedId = item.slug ? i18nEnabled && item.locale ? `${collection.slug}:${item.slug}:${item.locale}` : `${collection.slug}:${item.slug}` : item.id;
+				const processedData = processDataForExport(item.data, collection.fields, mediaMap);
+				const entry = {
+					id: seedId,
+					slug: item.slug || item.id,
+					status: item.status === "published" || item.status === "draft" ? item.status : void 0,
+					data: processedData
+				};
+				if (i18nEnabled && item.locale) {
+					entry.locale = item.locale;
+					if (item.translationGroup) {
+						const sourceSeedId = translationGroupToSeedId.get(item.translationGroup);
+						if (sourceSeedId) entry.translationOf = sourceSeedId;
+						else translationGroupToSeedId.set(item.translationGroup, seedId);
+					}
+				}
+				const taxonomies = await getTaxonomyAssignments(taxonomyRepo, collection.slug, item.id);
+				if (Object.keys(taxonomies).length > 0) entry.taxonomies = taxonomies;
+				entries.push(entry);
+			}
+			cursor = result.nextCursor;
+		} while (cursor);
+		if (i18nEnabled && entries.length > 0) entries.sort((a, b) => {
+			if (a.translationOf && !b.translationOf) return 1;
+			if (!a.translationOf && b.translationOf) return -1;
+			return 0;
+		});
+		if (entries.length > 0) content[collection.slug] = entries;
+	}
+	return content;
+}
+/**
+* Process content data for export, converting image fields to $media syntax
+*/
+function processDataForExport(data, fields, mediaMap) {
+	const result = {};
+	const fieldTypes = /* @__PURE__ */ new Map();
+	for (const field of fields) fieldTypes.set(field.slug, field.type);
+	for (const [key, value] of Object.entries(data)) {
+		const fieldType = fieldTypes.get(key);
+		if (fieldType === "image" && value && typeof value === "object") {
+			const imageValue = value;
+			if (imageValue.id) {
+				const mediaInfo = mediaMap.get(imageValue.id);
+				if (mediaInfo) {
+					result[key] = { $media: {
+						url: mediaInfo.url,
+						filename: mediaInfo.filename,
+						alt: imageValue.alt || mediaInfo.alt,
+						caption: mediaInfo.caption
+					} };
+					continue;
+				}
+			}
+			result[key] = value;
+		} else if (fieldType === "reference" && typeof value === "string") result[key] = `$ref:${value}`;
+		else if (Array.isArray(value)) result[key] = value.map((item) => {
+			if (typeof item === "string" && fieldType === "reference") return `$ref:${item}`;
+			return item;
+		});
+		else result[key] = value;
+	}
+	return result;
+}
+/**
+* Get taxonomy term assignments for a content entry
+*/
+async function getTaxonomyAssignments(taxonomyRepo, collection, entryId) {
+	const terms = await taxonomyRepo.getTermsForEntry(collection, entryId);
+	const result = {};
+	for (const term of terms) {
+		if (!result[term.name]) result[term.name] = [];
+		result[term.name].push(term.slug);
+	}
+	return result;
+}
+
+//#endregion
+//#region src/cli/commands/init.ts
+/**
+* dineway init
+*
+* Initialize database from template config in package.json
+*/
+async function fileExists$2(path) {
+	try {
+		await access(path);
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function readPackageJson$1(cwd) {
+	const pkgPath = resolve(cwd, "package.json");
+	try {
+		const content = await readFile(pkgPath, "utf-8");
+		return JSON.parse(content);
+	} catch {
+		return null;
+	}
+}
+async function runSqlFile(db, filePath) {
+	const statements = (await readFile(filePath, "utf-8")).split("\n").filter((line) => !line.trim().startsWith("--")).join("\n").split(";").map((s) => s.trim()).filter((s) => s.length > 0);
+	for (const statement of statements) await db.executeQuery({
+		sql: statement,
+		parameters: [],
+		query: {
+			kind: "RawNode",
+			sqlFragments: [statement],
+			parameters: []
+		}
+	});
+}
+/**
+* Check if database has already been initialized with template schema
+*/
+async function isAlreadyInitialized(db) {
+	try {
+		const { sql } = await import("kysely");
+		const row = (await sql`SELECT COUNT(id) as count FROM _dineway_collections`.execute(db)).rows[0];
+		return row ? row.count > 0 : false;
+	} catch {
+		return false;
+	}
+}
+const initCommand = defineCommand({
+	meta: {
+		name: "init",
+		description: "Initialize database from template config"
+	},
+	args: {
+		database: {
+			type: "string",
+			alias: "d",
+			description: "Database path or URL (default: ./data.db)",
+			default: "./data.db"
+		},
+		cwd: {
+			type: "string",
+			description: "Working directory",
+			default: process.cwd()
+		},
+		force: {
+			type: "boolean",
+			alias: "f",
+			description: "Force re-initialization",
+			default: false
+		}
+	},
+	async run({ args }) {
+		const cwd = resolve(args.cwd);
+		consola.start("Initializing Dineway...");
+		const pkg = await readPackageJson$1(cwd);
+		if (!pkg) {
+			consola.error("No package.json found in", cwd);
+			process.exit(1);
+		}
+		const config = pkg.dineway;
+		consola.info(`Project: ${pkg.name || "unknown"}`);
+		if (config?.label) consola.info(`Template: ${config.label}`);
+		const database = resolveCliDatabaseTarget(cwd, args.database);
+		consola.info(`Database: ${database.display}`);
+		const db = createDatabase({ url: database.url });
+		consola.start("Running migrations...");
+		try {
+			const { applied } = await runMigrations(db);
+			if (applied.length > 0) {
+				consola.success(`Applied ${applied.length} migrations`);
+				for (const name of applied) consola.info(`  - ${name}`);
+			} else consola.info("Migrations already up to date");
+		} catch (error) {
+			consola.error("Migration failed:", error);
+			await db.destroy();
+			process.exit(1);
+		}
+		const alreadyInitialized = await isAlreadyInitialized(db);
+		if (alreadyInitialized && !args.force) {
+			await db.destroy();
+			consola.success("Already initialized. Use --force to re-run schema/seed.");
+			return;
+		}
+		if (alreadyInitialized && args.force) consola.warn("Re-initializing (--force)...");
+		if (config?.schema) {
+			const schemaPath = resolve(cwd, config.schema);
+			if (await fileExists$2(schemaPath)) {
+				consola.start(`Running schema: ${config.schema}`);
+				try {
+					await runSqlFile(db, schemaPath);
+					consola.success("Schema applied");
+				} catch (error) {
+					consola.error("Schema failed:", error);
+					await db.destroy();
+					process.exit(1);
+				}
+			} else consola.warn(`Schema file not found: ${config.schema}`);
+		}
+		await db.destroy();
+		consola.success("Dineway initialized successfully!");
+		consola.info("Run `pnpm dev` to start the development server");
+	}
+});
+
+//#endregion
+//#region src/cli/commands/login.ts
+/**
+* Login/logout/whoami CLI commands
+*
+* Login uses the OAuth Device Flow (RFC 8628):
+* 1. POST /oauth/device/code → get device_code + user_code
+* 2. Display URL + code to user
+* 3. Poll POST /oauth/device/token until authorized
+* 4. Save tokens to ~/.config/dineway/auth.json
+*
+* Custom headers (--header / DINEWAY_HEADERS) are sent with every request
+* and persisted to credentials so subsequent commands inherit them.
+* This supports sites behind reverse proxies and external auth gateways.
+*/
+async function pollForToken(tokenEndpoint, deviceCode, interval, expiresIn, fetchFn) {
+	const deadline = Date.now() + expiresIn * 1e3;
+	let currentInterval = interval;
+	while (Date.now() < deadline) {
+		await new Promise((resolve) => setTimeout(resolve, currentInterval * 1e3));
+		const res = await fetchFn(tokenEndpoint, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify({
+				device_code: deviceCode,
+				grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+			})
+		});
+		if (res.ok) return (await res.json()).data;
+		const body = await res.json();
+		if (body.error === "authorization_pending") continue;
+		if (body.error === "slow_down") {
+			currentInterval = body.interval ?? currentInterval + 5;
+			continue;
+		}
+		if (body.error === "expired_token") throw new Error("Device code expired. Please try again.");
+		if (body.error === "access_denied") throw new Error("Authorization was denied.");
+		throw new Error(`Token exchange failed: ${body.error || res.statusText}`);
+	}
+	throw new Error("Device code expired (timeout). Please try again.");
+}
+function printExternalAuthGuidance(baseUrl) {
+	console.log();
+	consola$1.info("This instance is behind an external auth gateway or reverse proxy.");
+	consola$1.info("Authenticate at the gateway first, or retry with the required forwarded headers.");
+	console.log();
+	consola$1.info(`  ${pc.bold("Header-based retry:")}`);
+	console.log(`    ${pc.cyan(`dineway login --url ${baseUrl} -H "Header-Name: value"`)}`);
+	console.log(`    ${pc.cyan(`DINEWAY_HEADERS="Header-Name: value" dineway login --url ${baseUrl}`)}`);
+	console.log();
+	consola$1.info(`  ${pc.bold("API token fallback:")}`);
+	console.log(`    ${pc.cyan("Sign in through the gateway in your browser, then create a token in Settings > API Tokens.")}`);
+	console.log(`    ${pc.cyan(`dineway --token <token> --url ${baseUrl}`)}`);
+	console.log();
+}
+const loginCommand = defineCommand({
+	meta: {
+		name: "login",
+		description: "Log in to a Dineway instance"
+	},
+	args: {
+		url: {
+			type: "string",
+			alias: "u",
+			description: "Dineway instance URL",
+			default: "http://localhost:4321"
+		},
+		header: {
+			type: "string",
+			alias: "H",
+			description: "Custom header \"Name: Value\" (repeatable, or use DINEWAY_HEADERS env)"
+		}
+	},
+	async run({ args }) {
+		const baseUrl = args.url || "http://localhost:4321";
+		consola$1.start(`Connecting to ${baseUrl}...`);
+		const customHeaders = resolveCustomHeaders();
+		let headerFetch = createHeaderAwareFetch(customHeaders);
+		try {
+			let res = await headerFetch(new URL("/_dineway/.well-known/auth", baseUrl), { redirect: "manual" });
+			if (isRedirectResponse(res)) {
+				printExternalAuthGuidance(baseUrl);
+				return;
+			}
+			if (!res.ok) {
+				if (res.status === 404) {
+					if (baseUrl.includes("localhost") || baseUrl.includes("127.0.0.1")) {
+						consola$1.info("Auth discovery not available. Trying dev bypass...");
+						const bypassRes = await fetch(new URL("/_dineway/api/auth/dev-bypass", baseUrl), { redirect: "manual" });
+						if (bypassRes.status === 302 || bypassRes.ok) consola$1.success("Dev bypass available. Client will authenticate automatically.");
+						else consola$1.error("Could not authenticate. Is the dev server running?");
+					} else consola$1.error("Auth discovery endpoint not found. Is this a Dineway instance?");
+					return;
+				}
+				consola$1.error(`Discovery failed: ${res.status} ${res.statusText}`);
+				process.exit(2);
+			}
+			const discovery = await res.json();
+			consola$1.success(`Connected to ${discovery.instance?.name || "Dineway"}`);
+			const deviceFlow = discovery.auth?.methods?.device_flow;
+			if (!deviceFlow) {
+				consola$1.info("Device Flow is not available for this instance.");
+				consola$1.info("Generate an API token in Settings > API Tokens");
+				consola$1.info(`Then run: ${pc.cyan(`dineway --token <token> --url ${baseUrl}`)}`);
+				return;
+			}
+			const codeRes = await headerFetch(new URL(deviceFlow.device_authorization_endpoint, baseUrl), {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/json",
+					"X-Dineway-Request": "1"
+				},
+				body: JSON.stringify({
+					client_id: "dineway-cli",
+					scope: "admin"
+				})
+			});
+			if (!codeRes.ok) {
+				consola$1.error(`Failed to request device code: ${codeRes.status}`);
+				process.exit(2);
+			}
+			const deviceCode = (await codeRes.json()).data;
+			console.log();
+			consola$1.info(`Open your browser to:`);
+			console.log(`  ${pc.cyan(pc.bold(deviceCode.verification_uri))}`);
+			console.log();
+			consola$1.info(`Enter code: ${pc.yellow(pc.bold(deviceCode.user_code))}`);
+			console.log();
+			try {
+				const { execFile } = await import("node:child_process");
+				if (process.platform === "darwin") execFile("open", [deviceCode.verification_uri]);
+				else if (process.platform === "win32") execFile("cmd", [
+					"/c",
+					"start",
+					"",
+					deviceCode.verification_uri
+				]);
+				else execFile("xdg-open", [deviceCode.verification_uri]);
+			} catch {}
+			consola$1.start("Waiting for authorization...");
+			const tokenResult = await pollForToken(new URL(deviceFlow.token_endpoint, baseUrl).toString(), deviceCode.device_code, deviceCode.interval, deviceCode.expires_in, headerFetch);
+			let userEmail = "unknown";
+			let userRole = "unknown";
+			try {
+				const meRes = await headerFetch(new URL("/_dineway/api/auth/me", baseUrl), { headers: { Authorization: `Bearer ${tokenResult.access_token}` } });
+				if (meRes.ok) {
+					const me = (await meRes.json()).data;
+					userEmail = me.email || "unknown";
+					userRole = (me.role ? {
+						10: "subscriber",
+						20: "contributor",
+						30: "author",
+						40: "editor",
+						50: "admin"
+					}[me.role] : void 0) || "unknown";
+				}
+			} catch {}
+			const expiresAt = new Date(Date.now() + tokenResult.expires_in * 1e3).toISOString();
+			const hasCustomHeaders = Object.keys(customHeaders).length > 0;
+			saveCredentials(baseUrl, {
+				accessToken: tokenResult.access_token,
+				refreshToken: tokenResult.refresh_token,
+				expiresAt,
+				...hasCustomHeaders ? { customHeaders } : {},
+				user: {
+					email: userEmail,
+					role: userRole
+				}
+			});
+			consola$1.success(`Logged in as ${pc.bold(userEmail)} (${userRole})`);
+			consola$1.info(`Token saved to ${pc.dim(resolveCredentialKey(baseUrl))}`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Login failed");
+			process.exit(2);
+		}
+	}
+});
+const logoutCommand = defineCommand({
+	meta: {
+		name: "logout",
+		description: "Log out of a Dineway instance"
+	},
+	args: { url: {
+		type: "string",
+		alias: "u",
+		description: "Dineway instance URL",
+		default: "http://localhost:4321"
+	} },
+	async run({ args }) {
+		const baseUrl = args.url || "http://localhost:4321";
+		const cred = getCredentials(baseUrl);
+		if (!cred) {
+			consola$1.info("No stored credentials found for this instance.");
+			return;
+		}
+		const headerFetch = createHeaderAwareFetch(cred.customHeaders ?? {});
+		try {
+			await headerFetch(new URL("/_dineway/api/oauth/token/revoke", baseUrl), {
+				method: "POST",
+				headers: { "Content-Type": "application/json" },
+				body: JSON.stringify({ token: cred.refreshToken })
+			});
+		} catch {}
+		removeCredentials(baseUrl);
+		consola$1.success("Logged out successfully.");
+	}
+});
+const whoamiCommand = defineCommand({
+	meta: {
+		name: "whoami",
+		description: "Show current user and auth method"
+	},
+	args: {
+		url: {
+			type: "string",
+			alias: "u",
+			description: "Dineway instance URL",
+			default: "http://localhost:4321"
+		},
+		token: {
+			type: "string",
+			alias: "t",
+			description: "Auth token"
+		},
+		json: {
+			type: "boolean",
+			description: "Output as JSON"
+		}
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		const baseUrl = args.url || "http://localhost:4321";
+		let token = args.token || process.env["DINEWAY_TOKEN"];
+		let authMethod = token ? "token" : "none";
+		let storedHeaders = {};
+		if (!token) {
+			const cred = getCredentials(baseUrl);
+			if (cred) {
+				token = cred.accessToken;
+				authMethod = "stored";
+				storedHeaders = cred.customHeaders ?? {};
+				if (new Date(cred.expiresAt) < /* @__PURE__ */ new Date()) {
+					const headerFetch = createHeaderAwareFetch(storedHeaders);
+					try {
+						const refreshRes = await headerFetch(new URL("/_dineway/api/oauth/token/refresh", baseUrl), {
+							method: "POST",
+							headers: { "Content-Type": "application/json" },
+							body: JSON.stringify({
+								refresh_token: cred.refreshToken,
+								grant_type: "refresh_token"
+							})
+						});
+						if (refreshRes.ok) {
+							const refreshed = await refreshRes.json();
+							token = refreshed.access_token;
+							saveCredentials(baseUrl, {
+								...cred,
+								accessToken: refreshed.access_token,
+								expiresAt: new Date(Date.now() + refreshed.expires_in * 1e3).toISOString()
+							});
+						} else {
+							consola$1.warn("Stored token expired and refresh failed. Run: dineway login");
+							process.exit(2);
+						}
+					} catch {
+						consola$1.warn("Stored token expired. Run: dineway login");
+						process.exit(2);
+					}
+				}
+			}
+		}
+		if (!token) {
+			if (baseUrl.includes("localhost") || baseUrl.includes("127.0.0.1")) {
+				authMethod = "dev-bypass";
+				consola$1.info(`Auth method: ${pc.cyan("dev-bypass")}`);
+				consola$1.info("No stored credentials. Client will use dev bypass for localhost.");
+				return;
+			}
+			consola$1.error("Not logged in. Run: dineway login");
+			process.exit(2);
+		}
+		const headerFetch = createHeaderAwareFetch(storedHeaders);
+		try {
+			const meRes = await headerFetch(new URL("/_dineway/api/auth/me", baseUrl), { headers: { Authorization: `Bearer ${token}` } });
+			if (!meRes.ok) {
+				if (meRes.status === 401) {
+					consola$1.error("Token is invalid or expired. Run: dineway login");
+					process.exit(1);
+				}
+				consola$1.error(`Failed to fetch user info: ${meRes.status}`);
+				process.exit(1);
+			}
+			const me = (await meRes.json()).data;
+			const roleNames = {
+				10: "subscriber",
+				20: "contributor",
+				30: "author",
+				40: "editor",
+				50: "admin"
+			};
+			if (args.json) console.log(JSON.stringify({
+				id: me.id,
+				email: me.email,
+				name: me.name,
+				role: roleNames[me.role] || `unknown (${me.role})`,
+				authMethod,
+				url: baseUrl
+			}));
+			else {
+				consola$1.info(`Email: ${pc.bold(me.email)}`);
+				if (me.name) consola$1.info(`Name:  ${me.name}`);
+				consola$1.info(`Role:  ${pc.cyan(roleNames[me.role] || `unknown (${me.role})`)}`);
+				consola$1.info(`Auth:  ${pc.dim(authMethod)}`);
+				consola$1.info(`URL:   ${pc.dim(baseUrl)}`);
+			}
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+
+//#endregion
+//#region src/cli/commands/media.ts
+/**
+* dineway media
+*
+* Manage media items via the Dineway API
+*/
+const listCommand$3 = defineCommand({
+	meta: {
+		name: "list",
+		description: "List media items"
+	},
+	args: {
+		...connectionArgs,
+		mime: {
+			type: "string",
+			description: "Filter by MIME type (e.g., image/png)"
+		},
+		limit: {
+			type: "string",
+			description: "Number of items to return"
+		},
+		cursor: {
+			type: "string",
+			description: "Pagination cursor"
+		}
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		const client = createClientFromArgs(args);
+		try {
+			output(await client.mediaList({
+				mimeType: args.mime,
+				limit: args.limit ? Number(args.limit) : void 0,
+				cursor: args.cursor
+			}), args);
+		} catch (error) {
+			consola$1.error("Failed to list media:", error instanceof Error ? error.message : error);
+			process.exit(1);
+		}
+	}
+});
+const uploadCommand = defineCommand({
+	meta: {
+		name: "upload",
+		description: "Upload a media file"
+	},
+	args: {
+		file: {
+			type: "positional",
+			description: "Path to the file to upload",
+			required: true
+		},
+		...connectionArgs,
+		alt: {
+			type: "string",
+			description: "Alt text for the media item"
+		},
+		caption: {
+			type: "string",
+			description: "Caption for the media item"
+		}
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		const client = createClientFromArgs(args);
+		const filename = basename(args.file);
+		consola$1.start(`Uploading ${filename}...`);
+		try {
+			const buffer = await readFile(args.file);
+			const result = await client.mediaUpload(buffer, filename, {
+				alt: args.alt,
+				caption: args.caption
+			});
+			consola$1.success(`Uploaded ${filename}`);
+			output(result, args);
+		} catch (error) {
+			consola$1.error("Failed to upload:", error instanceof Error ? error.message : error);
+			process.exit(1);
+		}
+	}
+});
+const getCommand$2 = defineCommand({
+	meta: {
+		name: "get",
+		description: "Get a media item"
+	},
+	args: {
+		id: {
+			type: "positional",
+			description: "Media item ID",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		const client = createClientFromArgs(args);
+		try {
+			output(await client.mediaGet(args.id), args);
+		} catch (error) {
+			consola$1.error("Failed to get media:", error instanceof Error ? error.message : error);
+			process.exit(1);
+		}
+	}
+});
+const deleteCommand$1 = defineCommand({
+	meta: {
+		name: "delete",
+		description: "Delete a media item"
+	},
+	args: {
+		id: {
+			type: "positional",
+			description: "Media item ID",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		const client = createClientFromArgs(args);
+		try {
+			await client.mediaDelete(args.id);
+			if (args.json) output({ deleted: true }, args);
+			else consola$1.success(`Deleted media item ${args.id}`);
+		} catch (error) {
+			consola$1.error("Failed to delete media:", error instanceof Error ? error.message : error);
+			process.exit(1);
+		}
+	}
+});
+const mediaCommand = defineCommand({
+	meta: {
+		name: "media",
+		description: "Manage media items"
+	},
+	subCommands: {
+		list: listCommand$3,
+		upload: uploadCommand,
+		get: getCommand$2,
+		delete: deleteCommand$1
+	}
+});
+
+//#endregion
+//#region src/cli/commands/menu.ts
+/**
+* dineway menu
+*
+* Manage menus via the Dineway REST API.
+*/
+const listCommand$2 = defineCommand({
+	meta: {
+		name: "list",
+		description: "List all menus"
+	},
+	args: { ...connectionArgs },
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).menus(), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const getCommand$1 = defineCommand({
+	meta: {
+		name: "get",
+		description: "Get a menu with its items"
+	},
+	args: {
+		name: {
+			type: "positional",
+			description: "Menu name",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).menu(args.name), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const menuCommand = defineCommand({
+	meta: {
+		name: "menu",
+		description: "Manage menus"
+	},
+	subCommands: {
+		list: listCommand$2,
+		get: getCommand$1
+	}
+});
+
+//#endregion
+//#region src/cli/commands/bundle-utils.ts
+/**
+* Bundle utility functions
+*
+* Shared logic extracted from the bundle command so it can be tested
+* without the CLI harness and tsdown dependency.
+*/
+const MAX_BUNDLE_SIZE = 5 * 1024 * 1024;
+const MAX_SCREENSHOTS = 5;
+const MAX_SCREENSHOT_WIDTH = 1920;
+const MAX_SCREENSHOT_HEIGHT = 1080;
+const ICON_SIZE = 256;
+/** Matches require("node:xxx") / require("xxx") / import("node:xxx") in bundled output */
+const NODE_BUILTIN_IMPORT_RE = /(?:import|require)\s*\(?["'](?:node:)?([a-z_]+)["']\)?/g;
+const LEADING_DOT_SLASH_RE = /^\.\//;
+const DIST_PREFIX_RE = /^dist\//;
+const MJS_EXT_RE = /\.m?js$/;
+const BUILD_OUTPUT_EXT_RE = /\.(?:mjs|js|cjs)$/;
+const TS_TO_TSX_RE = /\.ts$/;
+/** Node.js built-in modules that shouldn't appear in sandbox code */
+const NODE_BUILTINS = new Set([
+	"assert",
+	"buffer",
+	"child_process",
+	"cluster",
+	"crypto",
+	"dgram",
+	"dns",
+	"domain",
+	"events",
+	"fs",
+	"http",
+	"http2",
+	"https",
+	"inspector",
+	"module",
+	"net",
+	"os",
+	"path",
+	"perf_hooks",
+	"process",
+	"punycode",
+	"querystring",
+	"readline",
+	"repl",
+	"stream",
+	"string_decoder",
+	"sys",
+	"timers",
+	"tls",
+	"trace_events",
+	"tty",
+	"url",
+	"util",
+	"v8",
+	"vm",
+	"wasi",
+	"worker_threads",
+	"zlib"
+]);
+async function fileExists$1(path) {
+	try {
+		await access(path);
+		return true;
+	} catch {
+		return false;
+	}
+}
+/**
+* Read image dimensions from a buffer.
+* Returns [width, height] or null if the format is unrecognized.
+*/
+function readImageDimensions(buf) {
+	try {
+		const result = imageSize(buf);
+		if (result.width != null && result.height != null) return [result.width, result.height];
+		return null;
+	} catch {
+		return null;
+	}
+}
+/**
+* Extract manifest metadata from a ResolvedPlugin.
+* Strips functions (hooks, route handlers) and keeps only serializable metadata.
+*/
+function extractManifest(plugin) {
+	const hooks = [];
+	for (const [name, resolved] of Object.entries(plugin.hooks)) {
+		if (!resolved) continue;
+		if (resolved.exclusive || resolved.priority !== 100 || resolved.timeout !== 5e3) {
+			const entry = { name };
+			if (resolved.exclusive) entry.exclusive = true;
+			if (resolved.priority !== 100) entry.priority = resolved.priority;
+			if (resolved.timeout !== 5e3) entry.timeout = resolved.timeout;
+			hooks.push(entry);
+		} else hooks.push(name);
+	}
+	return {
+		id: plugin.id,
+		version: plugin.version,
+		capabilities: plugin.capabilities,
+		allowedHosts: plugin.allowedHosts,
+		storage: plugin.storage,
+		hooks,
+		routes: Object.keys(plugin.routes),
+		admin: {
+			settingsSchema: plugin.admin.settingsSchema,
+			pages: plugin.admin.pages,
+			widgets: plugin.admin.widgets
+		}
+	};
+}
+/**
+* Scan bundled code for Node.js built-in imports.
+* Matches require("node:xxx"), require("xxx"), import("node:xxx") — the patterns
+* that appear in bundled ESM/CJS output (not source-level named imports).
+* Returns deduplicated array of built-in module names found.
+*/
+function findNodeBuiltinImports(code) {
+	const found = [];
+	NODE_BUILTIN_IMPORT_RE.lastIndex = 0;
+	let match;
+	while ((match = NODE_BUILTIN_IMPORT_RE.exec(code)) !== null) {
+		const mod = match[1];
+		if (NODE_BUILTINS.has(mod)) found.push(mod);
+	}
+	return [...new Set(found)];
+}
+/**
+* Find a build output file by base name, checking common extensions.
+* tsdown may output .mjs, .js, or .cjs depending on format and config.
+*/
+async function findBuildOutput(dir, baseName) {
+	const normalizedBaseName = baseName.replace(BUILD_OUTPUT_EXT_RE, "");
+	for (const ext of [
+		".mjs",
+		".js",
+		".cjs"
+	]) {
+		const candidate = join(dir, `${normalizedBaseName}${ext}`);
+		if (await fileExists$1(candidate)) return candidate;
+	}
+}
+/**
+* Resolve a dist/built path back to its source .ts/.tsx equivalent.
+* E.g., "./dist/index.mjs" → "src/index.ts"
+*/
+async function resolveSourceEntry(pluginDir, distPath) {
+	const cleaned = distPath.replace(LEADING_DOT_SLASH_RE, "");
+	const direct = resolve(pluginDir, cleaned);
+	if (await fileExists$1(direct)) return direct;
+	const srcPath = cleaned.replace(DIST_PREFIX_RE, "src/").replace(MJS_EXT_RE, ".ts");
+	const srcFull = resolve(pluginDir, srcPath);
+	if (await fileExists$1(srcFull)) return srcFull;
+	const tsxFull = resolve(pluginDir, srcPath.replace(TS_TO_TSX_RE, ".tsx"));
+	if (await fileExists$1(tsxFull)) return tsxFull;
+}
+const TS_SOURCE_EXPORT_RE = /\.(?:ts|tsx|mts|cts|jsx)$/;
+/**
+* Find package.json exports that point to source files instead of built output.
+* Returns an array of `{ exportPath, resolvedPath }` for each offending export.
+*/
+function findSourceExports(exports) {
+	const issues = [];
+	for (const [exportPath, exportValue] of Object.entries(exports)) {
+		const resolved = typeof exportValue === "string" ? exportValue : exportValue && typeof exportValue === "object" && "import" in exportValue ? exportValue.import : null;
+		if (resolved && TS_SOURCE_EXPORT_RE.test(resolved)) issues.push({
+			exportPath,
+			resolvedPath: resolved
+		});
+	}
+	return issues;
+}
+/**
+* Recursively calculate the total size of all files in a directory.
+*/
+async function calculateDirectorySize(dir) {
+	let total = 0;
+	const items = await readdir(dir, { withFileTypes: true });
+	for (const item of items) {
+		const fullPath = join(dir, item.name);
+		if (item.isFile()) {
+			const s = await stat(fullPath);
+			total += s.size;
+		} else if (item.isDirectory()) total += await calculateDirectorySize(fullPath);
+	}
+	return total;
+}
+/**
+* Create a gzipped tarball from a directory.
+*/
+async function createTarball(sourceDir, outputPath) {
+	const { createGzip } = await import("node:zlib");
+	await pipeline(packTar(sourceDir), createGzip({ level: 9 }), createWriteStream(outputPath));
+}
+
+//#endregion
+//#region src/cli/commands/bundle.ts
+/**
+* dineway plugin bundle
+*
+* Produces a publishable plugin tarball from a plugin source directory.
+*
+* Steps:
+* 1. Resolve plugin entrypoint (finds definePlugin() export)
+* 2. Bundle backend code with tsdown → backend.js (single ES module, tree-shaken)
+* 3. Bundle admin code if present → admin.js
+* 4. Extract manifest from definePlugin() → manifest.json
+* 5. Collect assets (README.md, icon.png, screenshots/)
+* 6. Validate bundle (manifest schema, size limits, no Node.js builtins)
+* 7. Create tarball ({id}-{version}.tar.gz)
+*/
+var bundle_exports = /* @__PURE__ */ __exportAll({ bundleCommand: () => bundleCommand });
+const TS_EXT_RE = /\.tsx?$/;
+const SLASH_RE = /\//g;
+const LEADING_AT_RE = /^@/;
+const DINEWAY_SCOPE_RE = /^@dineway-ai\//;
+const bundleCommand = defineCommand({
+	meta: {
+		name: "bundle",
+		description: "Bundle a plugin for marketplace distribution"
+	},
+	args: {
+		dir: {
+			type: "string",
+			description: "Plugin directory (default: current directory)",
+			default: process.cwd()
+		},
+		outDir: {
+			type: "string",
+			alias: "o",
+			description: "Output directory for the tarball (default: ./dist)",
+			default: "dist"
+		},
+		validateOnly: {
+			type: "boolean",
+			description: "Run validation only, skip tarball creation",
+			default: false
+		}
+	},
+	async run({ args }) {
+		const pluginDir = resolve(args.dir);
+		const outDir = resolve(pluginDir, args.outDir);
+		const validateOnly = args.validateOnly;
+		consola.start(validateOnly ? "Validating plugin..." : "Bundling plugin...");
+		const pkgPath = join(pluginDir, "package.json");
+		if (!await fileExists$1(pkgPath)) {
+			consola.error("No package.json found in", pluginDir);
+			process.exit(1);
+		}
+		const pkg = JSON.parse(await readFile(pkgPath, "utf-8"));
+		let backendEntry;
+		let adminEntry;
+		if (pkg.exports) {
+			const sandboxExport = pkg.exports["./sandbox"];
+			if (typeof sandboxExport === "string") backendEntry = await resolveSourceEntry(pluginDir, sandboxExport);
+			else if (sandboxExport && typeof sandboxExport === "object" && "import" in sandboxExport) backendEntry = await resolveSourceEntry(pluginDir, sandboxExport.import);
+			const adminExport = pkg.exports["./admin"];
+			if (typeof adminExport === "string") adminEntry = await resolveSourceEntry(pluginDir, adminExport);
+			else if (adminExport && typeof adminExport === "object" && "import" in adminExport) adminEntry = await resolveSourceEntry(pluginDir, adminExport.import);
+		}
+		if (!backendEntry) {
+			const defaultSandbox = join(pluginDir, "src/sandbox-entry.ts");
+			if (await fileExists$1(defaultSandbox)) backendEntry = defaultSandbox;
+		}
+		let mainEntry;
+		if (pkg.exports?.["."] !== void 0) {
+			const mainExport = pkg.exports["."];
+			if (typeof mainExport === "string") mainEntry = await resolveSourceEntry(pluginDir, mainExport);
+			else if (mainExport && typeof mainExport === "object" && "import" in mainExport) mainEntry = await resolveSourceEntry(pluginDir, mainExport.import);
+		}
+		if (!mainEntry && pkg.main) mainEntry = await resolveSourceEntry(pluginDir, pkg.main);
+		if (!mainEntry) {
+			const defaultMain = join(pluginDir, "src/index.ts");
+			if (await fileExists$1(defaultMain)) mainEntry = defaultMain;
+		}
+		if (!mainEntry) {
+			consola.error("Cannot find plugin entrypoint. Expected src/index.ts or main/exports in package.json");
+			process.exit(1);
+		}
+		consola.info(`Main entry: ${mainEntry}`);
+		if (backendEntry) consola.info(`Backend entry: ${backendEntry}`);
+		if (adminEntry) consola.info(`Admin entry: ${adminEntry}`);
+		consola.start("Extracting plugin manifest...");
+		const { build } = await import("tsdown");
+		const tmpDir = join(pluginDir, ".dineway-bundle-tmp");
+		try {
+			await mkdir(tmpDir, { recursive: true });
+			const mainOutDir = join(tmpDir, "main");
+			await build({
+				config: false,
+				entry: [mainEntry],
+				format: "esm",
+				outDir: mainOutDir,
+				dts: false,
+				platform: "node",
+				external: ["dineway", DINEWAY_SCOPE_RE]
+			});
+			const pluginNodeModules = join(pluginDir, "node_modules");
+			const tmpNodeModules = join(mainOutDir, "node_modules");
+			if (await fileExists$1(pluginNodeModules)) await symlink(pluginNodeModules, tmpNodeModules, "junction");
+			const mainOutputPath = await findBuildOutput(mainOutDir, basename(mainEntry).replace(TS_EXT_RE, ""));
+			if (!mainOutputPath) {
+				consola.error("Failed to build main entry — no output found in", mainOutDir);
+				process.exit(1);
+			}
+			const pluginModule = await import(mainOutputPath);
+			let resolvedPlugin;
+			if (typeof pluginModule.createPlugin === "function") resolvedPlugin = pluginModule.createPlugin();
+			else if (typeof pluginModule.default === "function") resolvedPlugin = pluginModule.default();
+			else if (typeof pluginModule.default === "object" && pluginModule.default !== null) {
+				const defaultExport = pluginModule.default;
+				if ("id" in defaultExport && "version" in defaultExport) resolvedPlugin = defaultExport;
+			}
+			if (!resolvedPlugin) for (const [key, value] of Object.entries(pluginModule)) {
+				if (key === "default" || typeof value !== "function") continue;
+				try {
+					const result = value();
+					if (result && typeof result === "object" && "id" in result && "version" in result) {
+						resolvedPlugin = {
+							id: result.id,
+							version: result.version,
+							capabilities: result.capabilities ?? [],
+							allowedHosts: result.allowedHosts ?? [],
+							storage: result.storage ?? {},
+							hooks: {},
+							routes: {},
+							admin: {
+								pages: result.adminPages,
+								widgets: result.adminWidgets
+							}
+						};
+						if (backendEntry) {
+							const backendProbeDir = join(tmpDir, "backend-probe");
+							const probeShimDir = join(tmpDir, "probe-shims");
+							await mkdir(probeShimDir, { recursive: true });
+							await writeFile(join(probeShimDir, "dineway.mjs"), "export const definePlugin = (d) => d;\n");
+							await build({
+								config: false,
+								entry: [backendEntry],
+								format: "esm",
+								outDir: backendProbeDir,
+								dts: false,
+								platform: "neutral",
+								external: [],
+								alias: { dineway: join(probeShimDir, "dineway.mjs") },
+								treeshake: true
+							});
+							const backendProbePath = await findBuildOutput(backendProbeDir, basename(backendEntry).replace(TS_EXT_RE, ""));
+							if (backendProbePath) {
+								const standardDef = (await import(backendProbePath)).default ?? {};
+								const hooks = standardDef.hooks;
+								const routes = standardDef.routes;
+								if (hooks) for (const hookName of Object.keys(hooks)) {
+									const hookEntry = hooks[hookName];
+									const isConfig = typeof hookEntry === "object" && hookEntry !== null && "handler" in hookEntry;
+									const config = isConfig ? hookEntry : {};
+									resolvedPlugin.hooks[hookName] = {
+										handler: isConfig ? hookEntry.handler : hookEntry,
+										priority: config.priority ?? 100,
+										timeout: config.timeout ?? 5e3,
+										dependencies: config.dependencies ?? [],
+										errorPolicy: config.errorPolicy ?? "abort",
+										exclusive: config.exclusive ?? false,
+										pluginId: result.id
+									};
+								}
+								if (routes) for (const [name, route] of Object.entries(routes)) {
+									const routeObj = route;
+									resolvedPlugin.routes[name] = {
+										handler: routeObj.handler,
+										public: routeObj.public
+									};
+								}
+							}
+						}
+						break;
+					}
+				} catch {}
+			}
+			if (!resolvedPlugin?.id || !resolvedPlugin?.version) {
+				consola.error("Could not extract plugin definition. Expected one of:\n  - createPlugin() export (native format)\n  - Descriptor factory function returning { id, version, ... } (standard format)");
+				process.exit(1);
+			}
+			const manifest = extractManifest(resolvedPlugin);
+			if (resolvedPlugin.admin?.entry) {
+				consola.error("Plugin declares adminEntry — React admin components require native/trusted mode. Use Block Kit for sandboxed admin pages, or remove adminEntry.");
+				process.exit(1);
+			}
+			if (resolvedPlugin.admin?.portableTextBlocks && resolvedPlugin.admin.portableTextBlocks.length > 0) {
+				consola.error("Plugin declares portableTextBlocks — these require native/trusted mode and cannot be bundled for the marketplace.");
+				process.exit(1);
+			}
+			consola.success(`Plugin: ${manifest.id}@${manifest.version}`);
+			consola.info(`  Capabilities: ${manifest.capabilities.length > 0 ? manifest.capabilities.join(", ") : "(none)"}`);
+			consola.info(`  Hooks: ${manifest.hooks.length > 0 ? manifest.hooks.map((h) => typeof h === "string" ? h : h.name).join(", ") : "(none)"}`);
+			consola.info(`  Routes: ${manifest.routes.length > 0 ? manifest.routes.map((r) => typeof r === "string" ? r : r.name).join(", ") : "(none)"}`);
+			const bundleDir = join(tmpDir, "bundle");
+			await mkdir(bundleDir, { recursive: true });
+			if (backendEntry) {
+				consola.start("Bundling backend...");
+				const shimDir = join(tmpDir, "shims");
+				await mkdir(shimDir, { recursive: true });
+				await writeFile(join(shimDir, "dineway.mjs"), "export const definePlugin = (d) => d;\n");
+				await build({
+					config: false,
+					entry: [backendEntry],
+					format: "esm",
+					outDir: join(tmpDir, "backend"),
+					dts: false,
+					platform: "neutral",
+					external: [],
+					alias: { dineway: join(shimDir, "dineway.mjs") },
+					minify: true,
+					treeshake: true
+				});
+				const backendBaseName = basename(backendEntry).replace(TS_EXT_RE, "");
+				const backendOutputPath = await findBuildOutput(join(tmpDir, "backend"), backendBaseName);
+				if (backendOutputPath) {
+					await copyFile(backendOutputPath, join(bundleDir, "backend.js"));
+					consola.success("Built backend.js");
+				} else {
+					consola.error("Backend build produced no output");
+					process.exit(1);
+				}
+			} else {
+				consola.warn("No sandbox entry found — bundle will have no backend.js");
+				consola.warn("  Add a \"sandbox-entry.ts\" in src/ or a \"./sandbox\" export in package.json");
+			}
+			if (adminEntry) {
+				consola.start("Bundling admin...");
+				await build({
+					config: false,
+					entry: [adminEntry],
+					format: "esm",
+					outDir: join(tmpDir, "admin"),
+					dts: false,
+					platform: "neutral",
+					external: [],
+					minify: true,
+					treeshake: true
+				});
+				const adminBaseName = basename(adminEntry).replace(TS_EXT_RE, "");
+				const adminOutputPath = await findBuildOutput(join(tmpDir, "admin"), adminBaseName);
+				if (adminOutputPath) {
+					await copyFile(adminOutputPath, join(bundleDir, "admin.js"));
+					consola.success("Built admin.js");
+				}
+			}
+			await writeFile(join(bundleDir, "manifest.json"), JSON.stringify(manifest, null, 2));
+			consola.start("Collecting assets...");
+			const readmePath = join(pluginDir, "README.md");
+			if (await fileExists$1(readmePath)) {
+				await copyFile(readmePath, join(bundleDir, "README.md"));
+				consola.success("Included README.md");
+			}
+			const iconPath = join(pluginDir, "icon.png");
+			if (await fileExists$1(iconPath)) {
+				const dims = readImageDimensions(await readFile(iconPath));
+				if (!dims) consola.warn("icon.png is not a valid PNG — skipping");
+				else if (dims[0] !== ICON_SIZE || dims[1] !== ICON_SIZE) {
+					consola.warn(`icon.png is ${dims[0]}x${dims[1]}, expected ${ICON_SIZE}x${ICON_SIZE} — including anyway`);
+					await copyFile(iconPath, join(bundleDir, "icon.png"));
+				} else {
+					await copyFile(iconPath, join(bundleDir, "icon.png"));
+					consola.success("Included icon.png");
+				}
+			}
+			const screenshotsDir = join(pluginDir, "screenshots");
+			if (await fileExists$1(screenshotsDir)) {
+				const screenshotFiles = (await readdir(screenshotsDir)).filter((f) => {
+					const ext = extname(f).toLowerCase();
+					return ext === ".png" || ext === ".jpg" || ext === ".jpeg";
+				}).toSorted().slice(0, MAX_SCREENSHOTS);
+				if (screenshotFiles.length > 0) {
+					await mkdir(join(bundleDir, "screenshots"), { recursive: true });
+					for (const file of screenshotFiles) {
+						const filePath = join(screenshotsDir, file);
+						const dims = readImageDimensions(await readFile(filePath));
+						if (!dims) {
+							consola.warn(`screenshots/${file} — cannot read dimensions, skipping`);
+							continue;
+						}
+						if (dims[0] > MAX_SCREENSHOT_WIDTH || dims[1] > MAX_SCREENSHOT_HEIGHT) consola.warn(`screenshots/${file} is ${dims[0]}x${dims[1]}, max ${MAX_SCREENSHOT_WIDTH}x${MAX_SCREENSHOT_HEIGHT} — including anyway`);
+						await copyFile(filePath, join(bundleDir, "screenshots", file));
+					}
+					consola.success(`Included ${screenshotFiles.length} screenshot(s)`);
+				}
+			}
+			consola.start("Validating bundle...");
+			let hasErrors = false;
+			if (pkg.exports) for (const issue of findSourceExports(pkg.exports)) {
+				consola.error(`Export "${issue.exportPath}" points to source (${issue.resolvedPath}). Package exports must point to built files (e.g. dist/*.mjs). Add a build step and update the exports map.`);
+				hasErrors = true;
+			}
+			const backendPath = join(bundleDir, "backend.js");
+			if (await fileExists$1(backendPath)) {
+				const builtins = findNodeBuiltinImports(await readFile(backendPath, "utf-8"));
+				if (builtins.length > 0) {
+					consola.error(`backend.js imports Node.js built-in modules: ${builtins.join(", ")}`);
+					consola.error("Sandboxed plugins cannot use Node.js APIs");
+					hasErrors = true;
+				}
+			}
+			if (manifest.capabilities.includes("network:fetch:any")) consola.warn("Plugin declares unrestricted network access (network:fetch:any) — it can make requests to any host");
+			else if (manifest.capabilities.includes("network:fetch") && manifest.allowedHosts.length === 0) consola.warn("Plugin declares network:fetch capability but no allowedHosts — all fetch requests will be blocked");
+			if (resolvedPlugin.admin?.portableTextBlocks && resolvedPlugin.admin.portableTextBlocks.length > 0) consola.warn("Plugin declares portableTextBlocks — these require trusted mode and will be ignored in sandboxed plugins");
+			if (resolvedPlugin.admin?.entry) consola.warn("Plugin declares admin.entry — custom React components require trusted mode. Use Block Kit for sandboxed admin pages");
+			if (resolvedPlugin.hooks["page:fragments"]) consola.warn("Plugin declares page:fragments hook — this is trusted-only and will not work in sandboxed mode");
+			const hasAdminPages = (manifest.admin?.pages?.length ?? 0) > 0;
+			const hasAdminWidgets = (manifest.admin?.widgets?.length ?? 0) > 0;
+			if (hasAdminPages || hasAdminWidgets) {
+				if (!manifest.routes.map((r) => typeof r === "string" ? r : r.name).includes("admin")) {
+					consola.error(`Plugin declares ${hasAdminPages ? "adminPages" : ""}${hasAdminPages && hasAdminWidgets ? " and " : ""}${hasAdminWidgets ? "adminWidgets" : ""} but the sandbox entry has no "admin" route. Add an admin route handler to serve Block Kit pages.`);
+					hasErrors = true;
+				}
+			}
+			const totalSize = await calculateDirectorySize(bundleDir);
+			if (totalSize > MAX_BUNDLE_SIZE) {
+				const sizeMB = (totalSize / 1024 / 1024).toFixed(2);
+				consola.error(`Bundle size ${sizeMB}MB exceeds maximum of 5MB`);
+				hasErrors = true;
+			} else {
+				const sizeKB = (totalSize / 1024).toFixed(1);
+				consola.info(`Bundle size: ${sizeKB}KB`);
+			}
+			if (hasErrors) {
+				consola.error("Bundle validation failed");
+				process.exit(1);
+			}
+			consola.success("Validation passed");
+			if (validateOnly) return;
+			await mkdir(outDir, { recursive: true });
+			const tarballName = `${manifest.id.replace(SLASH_RE, "-").replace(LEADING_AT_RE, "")}-${manifest.version}.tar.gz`;
+			const tarballPath = join(outDir, tarballName);
+			consola.start("Creating tarball...");
+			await createTarball(bundleDir, tarballPath);
+			const tarballSizeKB = ((await stat(tarballPath)).size / 1024).toFixed(1);
+			const tarballBuf = await readFile(tarballPath);
+			const checksum = createHash("sha256").update(tarballBuf).digest("hex");
+			consola.success(`Created ${tarballName} (${tarballSizeKB}KB)`);
+			consola.info(`  SHA-256: ${checksum}`);
+			consola.info(`  Path: ${tarballPath}`);
+		} finally {
+			if (tmpDir.endsWith(".dineway-bundle-tmp")) await rm(tmpDir, {
+				recursive: true,
+				force: true
+			});
+		}
+	}
+});
+
+//#endregion
+//#region src/cli/commands/plugin-init.ts
+/**
+* dineway plugin init
+*
+* Scaffold a new Dineway plugin. Generates the standard-format boilerplate:
+*   src/index.ts         -- descriptor factory
+*   src/sandbox-entry.ts -- definePlugin({ hooks, routes })
+*   package.json
+*   tsconfig.json
+*
+* Use --native to generate native-format boilerplate instead (createPlugin + React admin).
+*
+*/
+const SLUG_RE = /^[a-z][a-z0-9]*(-[a-z0-9]+)*$/;
+const SCOPE_RE = /^@[^/]+\//;
+const pluginInitCommand = defineCommand({
+	meta: {
+		name: "init",
+		description: "Scaffold a new plugin"
+	},
+	args: {
+		dir: {
+			type: "string",
+			description: "Directory to create the plugin in (default: current directory)",
+			default: "."
+		},
+		name: {
+			type: "string",
+			description: "Plugin name/id (e.g. my-plugin or @org/my-plugin)"
+		},
+		native: {
+			type: "boolean",
+			description: "Generate native-format plugin (createPlugin + React admin)",
+			default: false
+		}
+	},
+	async run({ args }) {
+		const targetDir = resolve(args.dir);
+		const isNative = args.native;
+		let pluginName = args.name || basename(targetDir);
+		if (!pluginName || pluginName === ".") pluginName = basename(resolve("."));
+		const slug = pluginName.replace(SCOPE_RE, "");
+		if (!SLUG_RE.test(slug)) {
+			consola.error(`Invalid plugin name "${pluginName}". Use lowercase letters, numbers, and hyphens (e.g. my-plugin).`);
+			process.exit(1);
+		}
+		const srcDir = join(targetDir, "src");
+		if (await fileExists$1(join(targetDir, "package.json"))) {
+			consola.error(`package.json already exists in ${targetDir}`);
+			process.exit(1);
+		}
+		consola.start(`Scaffolding ${isNative ? "native" : "standard"} plugin: ${pluginName}`);
+		await mkdir(srcDir, { recursive: true });
+		if (isNative) await scaffoldNative(targetDir, srcDir, pluginName, slug);
+		else await scaffoldStandard(targetDir, srcDir, pluginName, slug);
+		consola.success(`Plugin scaffolded in ${targetDir}`);
+		consola.info("Next steps:");
+		if (args.dir !== ".") consola.info(`  1. cd ${args.dir}`);
+		consola.info(`  ${args.dir !== "." ? "2" : "1"}. pnpm install`);
+		if (isNative) consola.info(`  ${args.dir !== "." ? "3" : "2"}. Edit src/index.ts to add hooks and routes`);
+		else consola.info(`  ${args.dir !== "." ? "3" : "2"}. Edit src/sandbox-entry.ts to add hooks and routes`);
+		consola.info(`  ${args.dir !== "." ? "4" : "3"}. dineway plugin validate --dir .`);
+	}
+});
+async function scaffoldStandard(targetDir, srcDir, pluginName, slug) {
+	const fnName = slug.split("-").map((s, i) => i === 0 ? s : s[0].toUpperCase() + s.slice(1)).join("");
+	await writeFile(join(targetDir, "package.json"), JSON.stringify({
+		name: pluginName,
+		version: "0.1.0",
+		type: "module",
+		exports: {
+			".": "./src/index.ts",
+			"./sandbox": "./src/sandbox-entry.ts"
+		},
+		files: ["src"],
+		peerDependencies: { dineway: "*" }
+	}, null, "	") + "\n");
+	await writeFile(join(targetDir, "tsconfig.json"), JSON.stringify({
+		compilerOptions: {
+			target: "ES2022",
+			module: "preserve",
+			moduleResolution: "bundler",
+			strict: true,
+			esModuleInterop: true,
+			declaration: true,
+			outDir: "./dist",
+			rootDir: "./src"
+		},
+		include: ["src/**/*"],
+		exclude: ["node_modules", "dist"]
+	}, null, "	") + "\n");
+	await writeFile(join(srcDir, "index.ts"), `import type { PluginDescriptor } from "dineway";
+
+export function ${fnName}Plugin(): PluginDescriptor {
+\treturn {
+\t\tid: "${pluginName}",
+\t\tversion: "0.1.0",
+\t\tformat: "standard",
+\t\tentrypoint: "${pluginName}/sandbox",
+\t\tcapabilities: [],
+\t};
+}
+`);
+	await writeFile(join(srcDir, "sandbox-entry.ts"), `import { definePlugin } from "dineway";
+import type { PluginContext } from "dineway";
+
+export default definePlugin({
+\thooks: {
+\t\t"content:afterSave": {
+\t\t\thandler: async (event: any, ctx: PluginContext) => {
+\t\t\t\tctx.log.info("Content saved", {
+\t\t\t\t\tcollection: event.collection,
+\t\t\t\t\tid: event.content.id,
+\t\t\t\t});
+\t\t\t},
+\t\t},
+\t},
+});
+`);
+}
+async function scaffoldNative(targetDir, srcDir, pluginName, slug) {
+	const fnName = slug.split("-").map((s, i) => i === 0 ? s : s[0].toUpperCase() + s.slice(1)).join("");
+	await writeFile(join(targetDir, "package.json"), JSON.stringify({
+		name: pluginName,
+		version: "0.1.0",
+		type: "module",
+		exports: { ".": "./src/index.ts" },
+		files: ["src"],
+		peerDependencies: { dineway: "*" }
+	}, null, "	") + "\n");
+	await writeFile(join(targetDir, "tsconfig.json"), JSON.stringify({
+		compilerOptions: {
+			target: "ES2022",
+			module: "preserve",
+			moduleResolution: "bundler",
+			strict: true,
+			esModuleInterop: true,
+			declaration: true,
+			outDir: "./dist",
+			rootDir: "./src"
+		},
+		include: ["src/**/*"],
+		exclude: ["node_modules", "dist"]
+	}, null, "	") + "\n");
+	await writeFile(join(srcDir, "index.ts"), `import { definePlugin } from "dineway";
+import type { PluginDescriptor } from "dineway";
+
+export function ${fnName}Plugin(): PluginDescriptor {
+\treturn {
+\t\tid: "${pluginName}",
+\t\tversion: "0.1.0",
+\t\tformat: "native",
+\t\tentrypoint: "${pluginName}",
+\t\toptions: {},
+\t};
+}
+
+export function createPlugin() {
+\treturn definePlugin({
+\t\tid: "${pluginName}",
+\t\tversion: "0.1.0",
+
+\t\thooks: {
+\t\t\t"content:afterSave": async (event, ctx) => {
+\t\t\t\tctx.log.info("Content saved", {
+\t\t\t\t\tcollection: event.collection,
+\t\t\t\t\tid: event.content.id,
+\t\t\t\t});
+\t\t\t},
+\t\t},
+\t});
+}
+
+export default createPlugin;
+`);
+}
+
+//#endregion
+//#region src/cli/commands/plugin-validate.ts
+/**
+* dineway plugin validate
+*
+* Runs bundle validation without producing a tarball.
+* Thin wrapper around `dineway plugin bundle --validate-only`.
+*
+*/
+const pluginValidateCommand = defineCommand({
+	meta: {
+		name: "validate",
+		description: "Validate a plugin without producing a tarball (same checks as bundle)"
+	},
+	args: { dir: {
+		type: "string",
+		description: "Plugin directory (default: current directory)",
+		default: "."
+	} },
+	async run({ args }) {
+		await runCommand(bundleCommand, { rawArgs: [
+			"--dir",
+			args.dir,
+			"--validateOnly"
+		] });
+	}
+});
+
+//#endregion
+//#region src/cli/commands/publish.ts
+/**
+* dineway plugin publish
+*
+* Publishes a plugin tarball to the Dineway Marketplace.
+*
+* Flow:
+* 1. Resolve tarball (from --tarball path, or build via `dineway plugin bundle`)
+* 2. Read manifest.json from tarball to show summary
+* 3. Authenticate (stored credential or GitHub device flow)
+* 4. Pre-publish validation (check plugin exists, version not published)
+* 5. Upload via multipart POST
+* 6. Display audit results
+*/
+const DEFAULT_REGISTRY = "https://marketplace.dineway.foodism.ai";
+/**
+* Authenticate with the marketplace via GitHub Device Flow.
+* Returns the marketplace JWT and author info.
+*/
+async function authenticateViaDeviceFlow(registryUrl) {
+	consola.start("Fetching auth configuration...");
+	const discoveryRes = await fetch(new URL("/api/v1/auth/discovery", registryUrl));
+	if (!discoveryRes.ok) throw new Error(`Marketplace unreachable: ${discoveryRes.status} ${discoveryRes.statusText}`);
+	const discovery = await discoveryRes.json();
+	const deviceRes = await fetch(discovery.github.deviceAuthorizationEndpoint, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json",
+			Accept: "application/json"
+		},
+		body: JSON.stringify({
+			client_id: discovery.github.clientId,
+			scope: "read:user user:email"
+		})
+	});
+	if (!deviceRes.ok) throw new Error(`GitHub device flow failed: ${deviceRes.status}`);
+	const deviceCode = await deviceRes.json();
+	console.log();
+	consola.info("Open your browser to:");
+	console.log(`  ${pc.cyan(pc.bold(deviceCode.verification_uri))}`);
+	console.log();
+	consola.info(`Enter code: ${pc.yellow(pc.bold(deviceCode.user_code))}`);
+	console.log();
+	try {
+		const { execFile } = await import("node:child_process");
+		if (process.platform === "darwin") execFile("open", [deviceCode.verification_uri]);
+		else if (process.platform === "win32") execFile("cmd", [
+			"/c",
+			"start",
+			"",
+			deviceCode.verification_uri
+		]);
+		else execFile("xdg-open", [deviceCode.verification_uri]);
+	} catch {}
+	consola.start("Waiting for authorization...");
+	const githubToken = await pollGitHubDeviceFlow(discovery.github.tokenEndpoint, discovery.github.clientId, deviceCode.device_code, deviceCode.interval, deviceCode.expires_in);
+	consola.start("Authenticating with marketplace...");
+	const deviceTokenUrl = new URL(discovery.marketplace.deviceTokenEndpoint, registryUrl);
+	const authRes = await fetch(deviceTokenUrl, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ access_token: githubToken })
+	});
+	if (!authRes.ok) {
+		const body = await authRes.json().catch(() => ({}));
+		throw new Error(`Marketplace auth failed: ${body.error ?? authRes.statusText}`);
+	}
+	return await authRes.json();
+}
+async function pollGitHubDeviceFlow(tokenEndpoint, clientId, deviceCode, interval, expiresIn) {
+	const deadline = Date.now() + expiresIn * 1e3;
+	let currentInterval = interval;
+	while (Date.now() < deadline) {
+		await new Promise((r) => setTimeout(r, currentInterval * 1e3));
+		const body = await (await fetch(tokenEndpoint, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Accept: "application/json"
+			},
+			body: JSON.stringify({
+				client_id: clientId,
+				device_code: deviceCode,
+				grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+			})
+		})).json();
+		if (body.access_token) return body.access_token;
+		if (body.error === "authorization_pending") continue;
+		if (body.error === "slow_down") {
+			currentInterval = body.interval ?? currentInterval + 5;
+			continue;
+		}
+		if (body.error === "expired_token") throw new Error("Device code expired. Please try again.");
+		if (body.error === "access_denied") throw new Error("Authorization was denied.");
+		throw new Error(`GitHub token exchange failed: ${body.error ?? "unknown error"}`);
+	}
+	throw new Error("Device code expired (timeout). Please try again.");
+}
+const manifestSummarySchema = pluginManifestSchema.pick({
+	id: true,
+	version: true,
+	capabilities: true,
+	allowedHosts: true
+});
+/**
+* Read manifest.json from a tarball without fully extracting it.
+*/
+async function readManifestFromTarball(tarballPath) {
+	const data = await readFile(tarballPath);
+	const manifest = (await unpackTar(new ReadableStream({ start(controller) {
+		controller.enqueue(new Uint8Array(data.buffer, data.byteOffset, data.byteLength));
+		controller.close();
+	} }).pipeThrough(createGzipDecoder()), { filter: (header) => header.name === "manifest.json" })).find((e) => e.header.name === "manifest.json");
+	if (!manifest?.data) throw new Error("Tarball does not contain manifest.json");
+	const content = new TextDecoder().decode(manifest.data);
+	const parsed = JSON.parse(content);
+	const result = manifestSummarySchema.safeParse(parsed);
+	if (!result.success) throw new Error(`Invalid manifest.json: ${result.error.message}`);
+	return result.data;
+}
+const POLL_INTERVAL_MS = 3e3;
+const POLL_TIMEOUT_MS = 12e4;
+/**
+* Poll the version endpoint until status leaves "pending" or timeout.
+* Returns the final version data, or null on timeout.
+*/
+async function pollVersionStatus(versionUrl, token) {
+	const deadline = Date.now() + POLL_TIMEOUT_MS;
+	while (Date.now() < deadline) {
+		await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+		try {
+			const res = await fetch(versionUrl, { headers: { Authorization: `Bearer ${token}` } });
+			if (!res.ok) continue;
+			const data = await res.json();
+			if (data.status !== "pending") return data;
+		} catch {}
+	}
+	return null;
+}
+function displayAuditResults(version) {
+	const statusColor = version.status === "published" ? pc.green : version.status === "flagged" ? pc.yellow : pc.red;
+	consola.info(`  Status: ${statusColor(version.status)}`);
+	if (version.audit_verdict) {
+		const verdictColor = version.audit_verdict === "pass" ? pc.green : version.audit_verdict === "warn" ? pc.yellow : pc.red;
+		consola.info(`  Audit: ${verdictColor(version.audit_verdict)}`);
+	}
+	if (version.image_audit_verdict) {
+		const verdictColor = version.image_audit_verdict === "pass" ? pc.green : version.image_audit_verdict === "warn" ? pc.yellow : pc.red;
+		consola.info(`  Image audit: ${verdictColor(version.image_audit_verdict)}`);
+	}
+}
+function displayInlineAuditResults(audit, imageAudit) {
+	const verdictColor = audit.verdict === "pass" ? pc.green : audit.verdict === "warn" ? pc.yellow : pc.red;
+	consola.info(`  Audit: ${verdictColor(audit.verdict)} (risk: ${audit.riskScore}/100)`);
+	if (audit.findings.length > 0) for (const finding of audit.findings) {
+		const icon = finding.severity === "high" ? pc.red("!") : pc.yellow("~");
+		consola.info(`    ${icon} [${finding.category}] ${finding.description}`);
+	}
+	if (imageAudit) {
+		const imgColor = imageAudit.verdict === "pass" ? pc.green : imageAudit.verdict === "warn" ? pc.yellow : pc.red;
+		consola.info(`  Image audit: ${imgColor(imageAudit.verdict)}`);
+	}
+}
+const publishCommand = defineCommand({
+	meta: {
+		name: "publish",
+		description: "Publish a plugin to the Dineway Marketplace"
+	},
+	args: {
+		tarball: {
+			type: "string",
+			description: "Path to plugin tarball (default: build first via `dineway plugin bundle`)"
+		},
+		dir: {
+			type: "string",
+			description: "Plugin directory (used with --build, default: current directory)",
+			default: process.cwd()
+		},
+		build: {
+			type: "boolean",
+			description: "Build the plugin before publishing",
+			default: false
+		},
+		registry: {
+			type: "string",
+			description: "Marketplace registry URL",
+			default: DEFAULT_REGISTRY
+		},
+		"no-wait": {
+			type: "boolean",
+			description: "Exit immediately after upload without waiting for audit (useful for CI)",
+			default: false
+		}
+	},
+	async run({ args }) {
+		const registryUrl = args.registry;
+		let tarballPath;
+		if (args.tarball) tarballPath = resolve(args.tarball);
+		else if (args.build) {
+			consola.start("Building plugin...");
+			const pluginDir = resolve(args.dir);
+			try {
+				const { runCommand } = await import("citty");
+				const { bundleCommand } = await Promise.resolve().then(() => bundle_exports);
+				await runCommand(bundleCommand, { rawArgs: ["--dir", pluginDir] });
+			} catch {
+				consola.error("Build failed");
+				process.exit(1);
+			}
+			const { readdir } = await import("node:fs/promises");
+			const distDir = resolve(pluginDir, "dist");
+			const tarball = (await readdir(distDir)).find((f) => f.endsWith(".tar.gz"));
+			if (!tarball) {
+				consola.error("Build succeeded but no .tar.gz found in dist/");
+				process.exit(1);
+			}
+			tarballPath = resolve(distDir, tarball);
+		} else {
+			const pluginDir = resolve(args.dir);
+			const { readdir } = await import("node:fs/promises");
+			try {
+				const distDir = resolve(pluginDir, "dist");
+				const tarball = (await readdir(distDir)).find((f) => f.endsWith(".tar.gz"));
+				if (tarball) tarballPath = resolve(distDir, tarball);
+				else {
+					consola.error("No tarball found. Run `dineway plugin bundle` first or use --build.");
+					process.exit(1);
+				}
+			} catch {
+				consola.error("No dist/ directory found. Run `dineway plugin bundle` first or use --build.");
+				process.exit(1);
+			}
+		}
+		const sizeKB = ((await stat(tarballPath)).size / 1024).toFixed(1);
+		consola.info(`Tarball: ${pc.dim(tarballPath)} (${sizeKB}KB)`);
+		const manifest = await readManifestFromTarball(tarballPath);
+		console.log();
+		consola.info(`Plugin: ${pc.bold(`${manifest.id}@${manifest.version}`)}`);
+		if (manifest.capabilities.length > 0) consola.info(`Capabilities: ${manifest.capabilities.join(", ")}`);
+		if (manifest.allowedHosts?.length) consola.info(`Allowed hosts: ${manifest.allowedHosts.join(", ")}`);
+		console.log();
+		let token;
+		const envToken = process.env.DINEWAY_MARKETPLACE_TOKEN;
+		const stored = !envToken ? getMarketplaceCredential(registryUrl) : null;
+		if (envToken) {
+			token = envToken;
+			consola.info("Using DINEWAY_MARKETPLACE_TOKEN for authentication");
+		} else if (stored) {
+			token = stored.token;
+			consola.info(`Authenticated as ${pc.bold(stored.author?.name ?? "unknown")}`);
+		} else {
+			consola.info("Not logged in to marketplace. Starting GitHub authentication...");
+			const result = await authenticateViaDeviceFlow(registryUrl);
+			token = result.token;
+			saveMarketplaceCredential(registryUrl, {
+				token: result.token,
+				expiresAt: new Date(Date.now() + 30 * 86400 * 1e3).toISOString(),
+				author: {
+					id: result.author.id,
+					name: result.author.name
+				}
+			});
+			consola.success(`Authenticated as ${pc.bold(result.author.name)}`);
+		}
+		consola.start("Checking marketplace...");
+		const pluginRes = await fetch(new URL(`/api/v1/plugins/${manifest.id}`, registryUrl));
+		if (pluginRes.status === 404 && !envToken) {
+			consola.info(`Plugin ${pc.bold(manifest.id)} not found in marketplace. Registering...`);
+			const createRes = await fetch(new URL("/api/v1/plugins", registryUrl), {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/json",
+					Authorization: `Bearer ${token}`
+				},
+				body: JSON.stringify({
+					id: manifest.id,
+					name: manifest.id,
+					capabilities: manifest.capabilities
+				})
+			});
+			if (!createRes.ok) {
+				const body = await createRes.json().catch(() => ({}));
+				if (createRes.status === 401) {
+					removeMarketplaceCredential(registryUrl);
+					consola.error("Authentication expired. Please run `dineway plugin publish` again to re-authenticate.");
+					process.exit(1);
+				}
+				consola.error(`Failed to register plugin: ${body.error ?? createRes.statusText}`);
+				process.exit(1);
+			}
+			consola.success(`Registered ${pc.bold(manifest.id)}`);
+		} else if (pluginRes.status === 404 && envToken) consola.info(`Plugin ${pc.bold(manifest.id)} will be auto-registered on publish`);
+		else if (!pluginRes.ok) {
+			consola.error(`Marketplace error: ${pluginRes.status}`);
+			process.exit(1);
+		}
+		consola.start(`Publishing ${manifest.id}@${manifest.version}...`);
+		const tarballData = await readFile(tarballPath);
+		const formData = new FormData();
+		formData.append("bundle", new Blob([tarballData], { type: "application/gzip" }), basename(tarballPath));
+		const uploadUrl = new URL(`/api/v1/plugins/${manifest.id}/versions`, registryUrl);
+		const uploadRes = await fetch(uploadUrl, {
+			method: "POST",
+			headers: { Authorization: `Bearer ${token}` },
+			body: formData
+		});
+		if (!uploadRes.ok && uploadRes.status !== 202) {
+			const body = await uploadRes.json().catch(() => ({}));
+			if (uploadRes.status === 401) {
+				if (envToken) consola.error("DINEWAY_MARKETPLACE_TOKEN was rejected by the marketplace.");
+				else {
+					removeMarketplaceCredential(registryUrl);
+					consola.error("Authentication expired. Please run `dineway plugin publish` again.");
+				}
+				process.exit(1);
+			}
+			if (uploadRes.status === 409) {
+				if (body.latestVersion) consola.error(`Version ${manifest.version} must be greater than ${body.latestVersion}`);
+				else consola.error(body.error ?? "Version conflict");
+				process.exit(1);
+			}
+			if (uploadRes.status === 422 && body.audit) {
+				consola.error("Plugin failed security audit:");
+				consola.error(`  Verdict: ${pc.red(body.audit.verdict)}`);
+				consola.error(`  Summary: ${body.audit.summary}`);
+				process.exit(1);
+			}
+			consola.error(`Publish failed: ${body.error ?? uploadRes.statusText}`);
+			process.exit(1);
+		}
+		const result = await uploadRes.json();
+		console.log();
+		consola.success(`Uploaded ${pc.bold(`${manifest.id}@${result.version}`)}`);
+		consola.info(`  Checksum: ${pc.dim(result.checksum)}`);
+		consola.info(`  Size: ${(result.bundleSize / 1024).toFixed(1)}KB`);
+		if (uploadRes.status === 202) {
+			consola.info(`  Status: ${pc.yellow("pending")} (audit running in background)`);
+			if (args["no-wait"]) {
+				consola.info("Skipping audit wait (--no-wait). Check status later.");
+				console.log();
+				return;
+			}
+			consola.start("Waiting for security audit to complete...");
+			const versionUrl = new URL(`/api/v1/plugins/${manifest.id}/versions/${manifest.version}`, registryUrl);
+			const finalStatus = await pollVersionStatus(versionUrl.toString(), token);
+			if (finalStatus) displayAuditResults(finalStatus);
+			else {
+				consola.warn("Audit did not complete within timeout. Check status later with:");
+				consola.info(`  ${pc.dim(`curl ${versionUrl.toString()}`)}`);
+			}
+		} else {
+			if (result.audit) displayInlineAuditResults(result.audit, result.imageAudit ?? null);
+			consola.info(`  Status: ${pc.green(result.status ?? "published")}`);
+		}
+		console.log();
+	}
+});
+const marketplaceLoginCommand = defineCommand({
+	meta: {
+		name: "login",
+		description: "Log in to the Dineway Marketplace via GitHub"
+	},
+	args: { registry: {
+		type: "string",
+		description: "Marketplace registry URL",
+		default: DEFAULT_REGISTRY
+	} },
+	async run({ args }) {
+		const registryUrl = args.registry;
+		const existing = getMarketplaceCredential(registryUrl);
+		if (existing) {
+			consola.info(`Already logged in as ${pc.bold(existing.author?.name ?? "unknown")}`);
+			consola.info("Use `dineway plugin logout` to log out first.");
+			return;
+		}
+		const result = await authenticateViaDeviceFlow(registryUrl);
+		saveMarketplaceCredential(registryUrl, {
+			token: result.token,
+			expiresAt: new Date(Date.now() + 30 * 86400 * 1e3).toISOString(),
+			author: {
+				id: result.author.id,
+				name: result.author.name
+			}
+		});
+		consola.success(`Logged in as ${pc.bold(result.author.name)}`);
+	}
+});
+const marketplaceLogoutCommand = defineCommand({
+	meta: {
+		name: "logout",
+		description: "Log out of the Dineway Marketplace"
+	},
+	args: { registry: {
+		type: "string",
+		description: "Marketplace registry URL",
+		default: DEFAULT_REGISTRY
+	} },
+	async run({ args }) {
+		if (removeMarketplaceCredential(args.registry)) consola.success("Logged out of marketplace.");
+		else consola.info("No marketplace credentials found.");
+	}
+});
+
+//#endregion
+//#region src/cli/commands/plugin.ts
+/**
+* dineway plugin
+*
+* Plugin management commands grouped under a single namespace.
+*
+* Subcommands:
+* - init: Scaffold a new plugin
+* - bundle: Bundle a plugin for marketplace distribution
+* - validate: Run bundle validation without producing a tarball
+* - publish: Publish a plugin to the marketplace
+* - login: Log in to the marketplace via GitHub
+* - logout: Log out of the marketplace
+*
+*/
+const pluginCommand = defineCommand({
+	meta: {
+		name: "plugin",
+		description: "Manage plugins"
+	},
+	subCommands: {
+		init: pluginInitCommand,
+		bundle: bundleCommand,
+		validate: pluginValidateCommand,
+		publish: publishCommand,
+		login: marketplaceLoginCommand,
+		logout: marketplaceLogoutCommand
+	}
+});
+
+//#endregion
+//#region src/cli/commands/schema.ts
+/**
+* dineway schema
+*
+* Manage collections and fields via the remote API
+*/
+const listCommand$1 = defineCommand({
+	meta: {
+		name: "list",
+		description: "List all collections"
+	},
+	args: { ...connectionArgs },
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).collections(), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const getCommand = defineCommand({
+	meta: {
+		name: "get",
+		description: "Get collection with fields"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).collection(args.collection), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const createCommand = defineCommand({
+	meta: {
+		name: "create",
+		description: "Create a collection"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		label: {
+			type: "string",
+			description: "Collection label",
+			required: true
+		},
+		"label-singular": {
+			type: "string",
+			description: "Singular label (defaults to label)"
+		},
+		description: {
+			type: "string",
+			description: "Collection description"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			const data = await createClientFromArgs(args).createCollection({
+				slug: args.collection,
+				label: args.label,
+				labelSingular: args["label-singular"] || args.label,
+				description: args.description
+			});
+			consola$1.success(`Created collection "${args.collection}"`);
+			output(data, args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const deleteCommand = defineCommand({
+	meta: {
+		name: "delete",
+		description: "Delete a collection"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		force: {
+			type: "boolean",
+			description: "Skip confirmation"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			if (!args.force) {
+				if (!await consola$1.prompt(`Delete collection "${args.collection}"?`, { type: "confirm" })) {
+					consola$1.info("Cancelled");
+					return;
+				}
+			}
+			await createClientFromArgs(args).deleteCollection(args.collection);
+			consola$1.success(`Deleted collection "${args.collection}"`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const addFieldCommand = defineCommand({
+	meta: {
+		name: "add-field",
+		description: "Add a field to a collection"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		field: {
+			type: "positional",
+			description: "Field slug",
+			required: true
+		},
+		type: {
+			type: "string",
+			description: "Field type (string, text, number, integer, boolean, datetime, image, reference, portableText, json)",
+			required: true
+		},
+		label: {
+			type: "string",
+			description: "Field label"
+		},
+		required: {
+			type: "boolean",
+			description: "Whether the field is required"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			const data = await createClientFromArgs(args).createField(args.collection, {
+				slug: args.field,
+				type: args.type,
+				label: args.label || args.field,
+				required: args.required
+			});
+			consola$1.success(`Added field "${args.field}" to "${args.collection}"`);
+			output(data, args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const removeFieldCommand = defineCommand({
+	meta: {
+		name: "remove-field",
+		description: "Remove a field from a collection"
+	},
+	args: {
+		collection: {
+			type: "positional",
+			description: "Collection slug",
+			required: true
+		},
+		field: {
+			type: "positional",
+			description: "Field slug",
+			required: true
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			await createClientFromArgs(args).deleteField(args.collection, args.field);
+			consola$1.success(`Removed field "${args.field}" from "${args.collection}"`);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const schemaCommand = defineCommand({
+	meta: {
+		name: "schema",
+		description: "Manage collections and fields"
+	},
+	subCommands: {
+		list: listCommand$1,
+		get: getCommand,
+		create: createCommand,
+		delete: deleteCommand,
+		"add-field": addFieldCommand,
+		"remove-field": removeFieldCommand
+	}
+});
+
+//#endregion
+//#region src/cli/commands/search-cmd.ts
+/**
+* dineway search
+*
+* Full-text search across content
+*/
+const searchCommand = defineCommand({
+	meta: {
+		name: "search",
+		description: "Full-text search across content"
+	},
+	args: {
+		query: {
+			type: "positional",
+			description: "Search query",
+			required: true
+		},
+		collection: {
+			type: "string",
+			alias: "c",
+			description: "Filter by collection"
+		},
+		locale: {
+			type: "string",
+			description: "Filter by locale"
+		},
+		limit: {
+			type: "string",
+			alias: "l",
+			description: "Maximum results to return"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).search(args.query, {
+				collection: args.collection,
+				locale: args.locale,
+				limit: args.limit ? parseInt(args.limit, 10) : void 0
+			}), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+
+//#endregion
+//#region src/cli/commands/seed.ts
+/**
+* dineway seed
+*
+* Apply a seed file to the database
+*/
+async function fileExists(path) {
+	try {
+		await access(path);
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function readPackageJson(cwd) {
+	const pkgPath = resolve(cwd, "package.json");
+	try {
+		const content = await readFile(pkgPath, "utf-8");
+		return JSON.parse(content);
+	} catch {
+		return null;
+	}
+}
+/**
+* Resolve seed file path from:
+* 1. Positional argument (if provided)
+* 2. .dineway/seed.json (convention)
+* 3. package.json dineway.seed (config)
+*/
+async function resolveSeedPath(cwd, positional) {
+	if (positional) {
+		const resolved = resolve(cwd, positional);
+		if (await fileExists(resolved)) return resolved;
+		consola.error(`Seed file not found: ${positional}`);
+		return null;
+	}
+	const conventionPath = resolve(cwd, ".dineway", "seed.json");
+	if (await fileExists(conventionPath)) return conventionPath;
+	const pkg = await readPackageJson(cwd);
+	if (pkg?.dineway?.seed) {
+		const pkgSeedPath = resolve(cwd, pkg.dineway.seed);
+		if (await fileExists(pkgSeedPath)) return pkgSeedPath;
+		consola.warn(`Seed file from package.json not found: ${pkg.dineway.seed}`);
+	}
+	return null;
+}
+const seedCommand = defineCommand({
+	meta: {
+		name: "seed",
+		description: "Apply a seed file to the database"
+	},
+	args: {
+		path: {
+			type: "positional",
+			description: "Path to seed file (default: .dineway/seed.json)",
+			required: false
+		},
+		database: {
+			type: "string",
+			alias: "d",
+			description: "Database path or URL",
+			default: "./data.db"
+		},
+		cwd: {
+			type: "string",
+			description: "Working directory",
+			default: process.cwd()
+		},
+		validate: {
+			type: "boolean",
+			description: "Validate only, don't apply",
+			default: false
+		},
+		"no-content": {
+			type: "boolean",
+			description: "Skip sample content",
+			default: false
+		},
+		"on-conflict": {
+			type: "string",
+			description: "Conflict handling: skip, update, error",
+			default: "skip"
+		},
+		"uploads-dir": {
+			type: "string",
+			description: "Directory for media uploads",
+			default: "./uploads"
+		},
+		"media-base-url": {
+			type: "string",
+			description: "Base URL for media files",
+			default: "/_dineway/api/media/file"
+		}
+	},
+	async run({ args }) {
+		const cwd = resolve(args.cwd);
+		consola.start("Loading seed file...");
+		const seedPath = await resolveSeedPath(cwd, args.path);
+		if (!seedPath) {
+			consola.error("No seed file found");
+			consola.info("Provide a path, create .dineway/seed.json, or set dineway.seed in package.json");
+			process.exit(1);
+		}
+		consola.info(`Seed file: ${seedPath}`);
+		let seed;
+		try {
+			const content = await readFile(seedPath, "utf-8");
+			seed = JSON.parse(content);
+		} catch (error) {
+			consola.error("Failed to parse seed file:", error);
+			process.exit(1);
+		}
+		consola.start("Validating seed file...");
+		const validation = validateSeed(seed);
+		if (validation.warnings.length > 0) for (const warning of validation.warnings) consola.warn(warning);
+		if (!validation.valid) {
+			consola.error("Seed validation failed:");
+			for (const error of validation.errors) consola.error(`  - ${error}`);
+			process.exit(1);
+		}
+		consola.success("Seed file is valid");
+		if (args.validate) {
+			consola.success("Validation complete");
+			return;
+		}
+		const database = resolveCliDatabaseTarget(cwd, args.database);
+		consola.info(`Database: ${database.display}`);
+		const db = createDatabase({ url: database.url });
+		consola.start("Running migrations...");
+		try {
+			const { applied } = await runMigrations(db);
+			if (applied.length > 0) consola.success(`Applied ${applied.length} migrations`);
+			else consola.info("Database up to date");
+		} catch (error) {
+			consola.error("Migration failed:", error);
+			await db.destroy();
+			process.exit(1);
+		}
+		const uploadsDir = resolve(cwd, args["uploads-dir"]);
+		await mkdir(uploadsDir, { recursive: true });
+		const storage = new LocalStorage({
+			directory: uploadsDir,
+			baseUrl: args["media-base-url"]
+		});
+		const onConflictRaw = args["on-conflict"];
+		if (onConflictRaw !== "skip" && onConflictRaw !== "update" && onConflictRaw !== "error") {
+			consola.error(`Invalid --on-conflict value: ${onConflictRaw}`);
+			consola.info("Use: skip, update, or error");
+			await db.destroy();
+			process.exit(1);
+		}
+		const options = {
+			includeContent: !args["no-content"],
+			onConflict: onConflictRaw,
+			storage
+		};
+		consola.start("Applying seed...");
+		try {
+			const result = await applySeed(db, seed, options);
+			consola.success("Seed applied successfully!");
+			consola.log("");
+			if (result.settings.applied > 0) consola.info(`Settings: ${result.settings.applied} applied`);
+			if (result.collections.created > 0 || result.collections.skipped > 0 || result.collections.updated > 0) consola.info(`Collections: ${result.collections.created} created, ${result.collections.skipped} skipped, ${result.collections.updated} updated`);
+			if (result.fields.created > 0 || result.fields.skipped > 0 || result.fields.updated > 0) consola.info(`Fields: ${result.fields.created} created, ${result.fields.skipped} skipped, ${result.fields.updated} updated`);
+			if (result.taxonomies.created > 0 || result.taxonomies.terms > 0) consola.info(`Taxonomies: ${result.taxonomies.created} created, ${result.taxonomies.terms} terms`);
+			if (result.bylines.created > 0 || result.bylines.skipped > 0 || result.bylines.updated > 0) consola.info(`Bylines: ${result.bylines.created} created, ${result.bylines.skipped} skipped, ${result.bylines.updated} updated`);
+			if (result.menus.created > 0 || result.menus.items > 0) consola.info(`Menus: ${result.menus.created} created, ${result.menus.items} items`);
+			if (result.widgetAreas.created > 0 || result.widgetAreas.widgets > 0) consola.info(`Widget Areas: ${result.widgetAreas.created} created, ${result.widgetAreas.widgets} widgets`);
+			if (result.content.created > 0 || result.content.skipped > 0 || result.content.updated > 0) consola.info(`Content: ${result.content.created} created, ${result.content.skipped} skipped, ${result.content.updated} updated`);
+			if (result.media.created > 0 || result.media.skipped > 0) consola.info(`Media: ${result.media.created} created, ${result.media.skipped} skipped`);
+		} catch (error) {
+			consola.error("Seed failed:", error instanceof Error ? error.message : error);
+			await db.destroy();
+			process.exit(1);
+		}
+		await db.destroy();
+		consola.success("Done!");
+	}
+});
+
+//#endregion
+//#region src/cli/commands/taxonomy.ts
+/**
+* dineway taxonomy
+*
+* Manage taxonomies and terms via the Dineway REST API.
+*/
+/** Pattern to replace whitespace with hyphens for slug generation */
+const WHITESPACE_PATTERN = /\s+/g;
+const listCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List all taxonomies"
+	},
+	args: { ...connectionArgs },
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).taxonomies(), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const termsCommand = defineCommand({
+	meta: {
+		name: "terms",
+		description: "List terms in a taxonomy"
+	},
+	args: {
+		name: {
+			type: "positional",
+			description: "Taxonomy name",
+			required: true
+		},
+		limit: {
+			type: "string",
+			alias: "l",
+			description: "Maximum terms to return"
+		},
+		cursor: {
+			type: "string",
+			description: "Pagination cursor"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			output(await createClientFromArgs(args).terms(args.name, {
+				limit: args.limit ? parseInt(args.limit, 10) : void 0,
+				cursor: args.cursor
+			}), args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const addTermCommand = defineCommand({
+	meta: {
+		name: "add-term",
+		description: "Create a term in a taxonomy"
+	},
+	args: {
+		taxonomy: {
+			type: "positional",
+			description: "Taxonomy name",
+			required: true
+		},
+		name: {
+			type: "string",
+			description: "Term label",
+			required: true
+		},
+		slug: {
+			type: "string",
+			description: "Term slug (defaults to slugified name)"
+		},
+		parent: {
+			type: "string",
+			description: "Parent term ID"
+		},
+		...connectionArgs
+	},
+	async run({ args }) {
+		configureOutputMode(args);
+		try {
+			const client = createClientFromArgs(args);
+			const label = args.name;
+			const slug = args.slug || label.toLowerCase().replace(WHITESPACE_PATTERN, "-");
+			const term = await client.createTerm(args.taxonomy, {
+				slug,
+				label,
+				parentId: args.parent
+			});
+			consola$1.success(`Created term "${label}" in ${args.taxonomy}`);
+			output(term, args);
+		} catch (error) {
+			consola$1.error(error instanceof Error ? error.message : "Unknown error");
+			process.exit(1);
+		}
+	}
+});
+const taxonomyCommand = defineCommand({
+	meta: {
+		name: "taxonomy",
+		description: "Manage taxonomies and terms"
+	},
+	subCommands: {
+		list: listCommand,
+		terms: termsCommand,
+		"add-term": addTermCommand
+	}
+});
+
+//#endregion
+//#region src/cli/commands/types.ts
+/**
+* dineway types
+*
+* Fetch schema from a Dineway instance and generate TypeScript types
+*/
+const typesCommand = defineCommand({
+	meta: {
+		name: "types",
+		description: "Generate TypeScript types from schema"
+	},
+	args: {
+		...connectionArgs,
+		output: {
+			type: "string",
+			alias: "o",
+			description: "Output path for generated types",
+			default: ".dineway/types.ts"
+		},
+		cwd: {
+			type: "string",
+			description: "Working directory",
+			default: process.cwd()
+		}
+	},
+	async run({ args }) {
+		const cwd = resolve(args.cwd);
+		consola.start("Fetching schema...");
+		try {
+			const client = createClientFromArgs(args);
+			const schema = await client.schemaExport();
+			consola.success(`Found ${schema.collections.length} collections`);
+			const types = await client.schemaTypes();
+			const outputPath = resolve(cwd, args.output);
+			await mkdir(dirname(outputPath), { recursive: true });
+			await writeFile(outputPath, types, "utf-8");
+			consola.success(`Generated ${args.output}`);
+			await writeFile(resolve(dirname(outputPath), "schema.json"), JSON.stringify(schema, null, 2), "utf-8");
+			consola.info(`Schema version: ${schema.version}`);
+			consola.box({
+				title: "Types generated",
+				message: `${schema.collections.length} collections\n\nTypes: ${args.output}\nSchema: .dineway/schema.json`
+			});
+		} catch (error) {
+			consola.error("Failed to fetch schema:", error instanceof Error ? error.message : error);
+			process.exit(1);
+		}
+	}
+});
+
+//#endregion
+//#region src/cli/index.ts
+/**
+* Dineway CLI
+*
+* Built with citty + clack (same stack as Nuxt CLI)
+*
+* Commands:
+* - init: Bootstrap database from template config, or interactive setup
+* - types: Generate TypeScript types from schema
+* - dev: Run dev server with a local or remote database
+* - seed: Apply a seed file to the database
+* - export-seed: Export database schema and content as a seed file
+* - auth: Authentication utilities (secret generation)
+* - login/logout/whoami: Session management
+* - content: Create, read, update, delete content
+* - schema: Manage collections and fields
+* - media: Upload and manage media
+* - search: Full-text search
+* - taxonomy: Manage taxonomies and terms
+* - menu: Manage navigation menus
+* - plugin: Plugin management (init, bundle, validate, publish, login, logout)
+*/
+runMain(defineCommand({
+	meta: {
+		name: "dineway",
+		version: "0.0.0",
+		description: "CLI for Dineway Agentic Web builder"
+	},
+	subCommands: {
+		init: initCommand,
+		types: typesCommand,
+		dev: devCommand,
+		doctor: doctorCommand,
+		seed: seedCommand,
+		"export-seed": exportSeedCommand,
+		auth: authCommand,
+		login: loginCommand,
+		logout: logoutCommand,
+		whoami: whoamiCommand,
+		content: contentCommand,
+		schema: schemaCommand,
+		media: mediaCommand,
+		search: searchCommand,
+		taxonomy: taxonomyCommand,
+		menu: menuCommand,
+		plugin: pluginCommand
+	}
+}));
+
+//#endregion
+export {  };