gmoonc 0.0.21 → 0.0.22

package/README.md

@@ -37,6 +37,44 @@ npx gmoonc --base /dashboard
 - `--skip-router-patch`: Skip automatic router integration (only copy files and inject CSS)
 - `--dry-run`: Show what would be done without making changes
 
+## Supabase Integration
+
+### Setup Supabase Auth + RBAC
+
+```bash
+npx gmoonc supabase --vite
+```
+
+This command:
+- Installs `@supabase/supabase-js` dependency
+- Generates Supabase client, env validation, and RBAC helpers
+- Creates/updates `.env.example` with Supabase variables
+- Automatically patches existing code to use Supabase provider
+
+### Seed Database
+
+After setting up Supabase integration, seed your database with the complete schema:
+
+```bash
+npx gmoonc supabase-seed --vite
+```
+
+**Prerequisites:**
+- `gmoonc` must be installed (`npx gmoonc`)
+- `supabase --vite` must have been executed
+- `.env.local` must contain `SUPABASE_DB_URL` (connection string from Supabase Dashboard → Settings → Database)
+
+**What it does:**
+- Executes SQL files in order: tables → functions/triggers → RLS → seed data
+- Creates marker file `.gmoonc/supabase-seed.json` to prevent duplicate execution
+- One-shot by default (delete marker to re-seed)
+
+**To get `SUPABASE_DB_URL`:**
+1. Go to your Supabase project dashboard
+2. Navigate to Settings → Database
+3. Copy the "Connection string (URI)"
+4. Add to `.env.local` as: `SUPABASE_DB_URL=postgresql://postgres:[PASSWORD]@[HOST]:5432/postgres`
+
 ## After installation
 
 Your dashboard is now available at:
@@ -63,6 +101,13 @@ The logo is installed at `src/gmoonc/assets/gmoonc-logo.png`. You can replace it
 
 ## Changelog
 
+### 0.0.22
+- Feature: New `supabase-seed --vite` command to seed Supabase database
+- Feature: Automatic SQL file execution (tables, functions, RLS, seed data)
+- Feature: One-shot protection with marker file
+- Feature: SQL files copied to project for transparency
+- Feature: SUPABASE_DB_URL added to .env.example
+
 ### 0.0.21
 - Fix: Navigate import now always added when route protection is present in GMooncAppLayout.tsx
 - Fix: Improved Navigate import detection - checks for route protection code, not just usage

package/assets/supabase/001_tables.sql

@@ -0,0 +1,117 @@
+-- ============================================
+-- 001_tables.sql: Definição de Tabelas (gmoonc)
+-- ============================================
+-- Contém apenas CREATE TABLE no formato final
+-- Sem ALTER TABLE redundantes
+-- Schema para gmoonc (Sicoop-app refatorado)
+
+-- ============================================
+-- profiles - Usuários do Sistema
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.profiles (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    email TEXT UNIQUE NOT NULL,
+    name TEXT NOT NULL,
+    role TEXT NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- ============================================
+-- roles - Papéis/Funções do Sistema
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.roles (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    name TEXT UNIQUE NOT NULL,
+    description TEXT,
+    is_system_role BOOLEAN DEFAULT true,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- ============================================
+-- modules - Módulos da Aplicação
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.modules (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    name TEXT UNIQUE NOT NULL,
+    display_name TEXT NOT NULL,
+    description TEXT,
+    is_active BOOLEAN DEFAULT true,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- ============================================
+-- permissions - Permissões por Role e Módulo
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.permissions (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    role_id UUID NOT NULL REFERENCES public.roles(id) ON DELETE CASCADE,
+    module_id UUID NOT NULL REFERENCES public.modules(id) ON DELETE CASCADE,
+    can_access BOOLEAN DEFAULT false,
+    can_create BOOLEAN DEFAULT false,
+    can_read BOOLEAN DEFAULT false,
+    can_update BOOLEAN DEFAULT false,
+    can_delete BOOLEAN DEFAULT false,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- ============================================
+-- messages - Sistema de Mensagens (renomeado de mensagens)
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.messages (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    user_id UUID REFERENCES public.profiles(id) ON DELETE CASCADE,
+    name TEXT NOT NULL,
+    email TEXT NOT NULL,
+    phone TEXT,
+    company_farm TEXT NOT NULL,
+    message TEXT NOT NULL,
+    status TEXT CHECK (status IS NULL OR status IN ('draft', 'pending', 'in_analysis', 'completed', 'cancelled')) DEFAULT 'pending',
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- ============================================
+-- notification_categories - Categorias de Notificação
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.notification_categories (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    name TEXT UNIQUE NOT NULL,
+    display_name TEXT NOT NULL,
+    description TEXT,
+    is_active BOOLEAN DEFAULT true,
+    email_template_subject TEXT,
+    email_template_body TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- ============================================
+-- notification_settings - Preferências de Notificação
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.notification_settings (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    user_id UUID NOT NULL REFERENCES public.profiles(id) ON DELETE CASCADE,
+    category_id UUID NOT NULL REFERENCES public.notification_categories(id) ON DELETE CASCADE,
+    is_enabled BOOLEAN DEFAULT true,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- ============================================
+-- notification_logs - Histórico de Notificações
+-- ============================================
+CREATE TABLE IF NOT EXISTS public.notification_logs (
+    id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+    category_id UUID NOT NULL REFERENCES public.notification_categories(id) ON DELETE CASCADE,
+    user_id UUID NOT NULL REFERENCES public.profiles(id) ON DELETE CASCADE,
+    entity_type TEXT NOT NULL,
+    entity_id TEXT NOT NULL,
+    email_sent BOOLEAN,
+    email_error TEXT,
+    sent_at TIMESTAMP WITH TIME ZONE,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);

package/assets/supabase/002_rls.sql

@@ -0,0 +1,223 @@
+-- ============================================
+-- 002_rls.sql: Row Level Security e Políticas (gmoonc)
+-- ============================================
+-- Habilita RLS e define políticas de acesso
+-- Políticas para gmoonc
+
+-- ============================================
+-- ENABLE RLS em todas as tabelas
+-- ============================================
+
+ALTER TABLE public.profiles ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.roles ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.modules ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.permissions ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.messages ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.notification_categories ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.notification_settings ENABLE ROW LEVEL SECURITY;
+ALTER TABLE public.notification_logs ENABLE ROW LEVEL SECURITY;
+
+-- ============================================
+-- POLÍTICAS: profiles
+-- ============================================
+
+-- Administradores podem ver todos os perfis
+CREATE POLICY "admin_can_read_all_profiles" ON public.profiles
+    FOR SELECT
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- Usuários podem ver seu próprio perfil
+CREATE POLICY "users_can_read_own_profile" ON public.profiles
+    FOR SELECT
+    USING (auth.uid() = id);
+
+-- Administradores podem atualizar qualquer perfil
+CREATE POLICY "admin_can_update_all_profiles" ON public.profiles
+    FOR UPDATE
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- Usuários podem atualizar seu próprio perfil
+CREATE POLICY "users_can_update_own_profile" ON public.profiles
+    FOR UPDATE
+    USING (auth.uid() = id);
+
+-- ============================================
+-- POLÍTICAS: roles
+-- ============================================
+
+-- Todos podem ler roles (necessário para aplicação)
+CREATE POLICY "all_can_read_roles" ON public.roles
+    FOR SELECT
+    USING (true);
+
+-- Apenas administradores podem criar/atualizar/deletar roles
+CREATE POLICY "admin_can_manage_roles" ON public.roles
+    FOR ALL
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- ============================================
+-- POLÍTICAS: modules
+-- ============================================
+
+-- Todos podem ler módulos
+CREATE POLICY "all_can_read_modules" ON public.modules
+    FOR SELECT
+    USING (true);
+
+-- Apenas administradores podem gerenciar módulos
+CREATE POLICY "admin_can_manage_modules" ON public.modules
+    FOR ALL
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- ============================================
+-- POLÍTICAS: permissions
+-- ============================================
+
+-- Todos podem ler permissões (necessário para verificar acesso)
+CREATE POLICY "all_can_read_permissions" ON public.permissions
+    FOR SELECT
+    USING (true);
+
+-- Apenas administradores podem gerenciar permissões
+CREATE POLICY "admin_can_manage_permissions" ON public.permissions
+    FOR ALL
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- ============================================
+-- POLÍTICAS: messages
+-- ============================================
+
+-- Administradores podem ver todas as mensagens
+CREATE POLICY "admin_can_read_all_messages" ON public.messages
+    FOR SELECT
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- Usuários podem ver suas próprias mensagens
+CREATE POLICY "users_can_read_own_messages" ON public.messages
+    FOR SELECT
+    USING (user_id = auth.uid() OR user_id IS NULL);
+
+-- Usuários podem criar mensagens
+CREATE POLICY "users_can_create_messages" ON public.messages
+    FOR INSERT
+    WITH CHECK (user_id = auth.uid() OR user_id IS NULL);
+
+-- Administradores podem atualizar qualquer mensagem
+CREATE POLICY "admin_can_update_all_messages" ON public.messages
+    FOR UPDATE
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- Usuários podem atualizar suas próprias mensagens
+CREATE POLICY "users_can_update_own_messages" ON public.messages
+    FOR UPDATE
+    USING (user_id = auth.uid());
+
+-- ============================================
+-- POLÍTICAS: notification_categories
+-- ============================================
+
+-- Todos podem ler categorias de notificação
+CREATE POLICY "all_can_read_notification_categories" ON public.notification_categories
+    FOR SELECT
+    USING (true);
+
+-- Apenas administradores podem gerenciar categorias
+CREATE POLICY "admin_can_manage_notification_categories" ON public.notification_categories
+    FOR ALL
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- ============================================
+-- POLÍTICAS: notification_settings
+-- ============================================
+
+-- Usuários podem ver suas próprias configurações
+CREATE POLICY "users_can_read_own_notification_settings" ON public.notification_settings
+    FOR SELECT
+    USING (user_id = auth.uid());
+
+-- Administradores podem ver todas as configurações
+CREATE POLICY "admin_can_read_all_notification_settings" ON public.notification_settings
+    FOR SELECT
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- Usuários podem criar suas próprias configurações
+CREATE POLICY "users_can_create_notification_settings" ON public.notification_settings
+    FOR INSERT
+    WITH CHECK (user_id = auth.uid());
+
+-- Usuários podem atualizar suas próprias configurações
+CREATE POLICY "users_can_update_own_notification_settings" ON public.notification_settings
+    FOR UPDATE
+    USING (user_id = auth.uid());
+
+-- Administradores podem gerenciar todas as configurações
+CREATE POLICY "admin_can_manage_all_notification_settings" ON public.notification_settings
+    FOR ALL
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- ============================================
+-- POLÍTICAS: notification_logs
+-- ============================================
+
+-- Usuários podem ver seus próprios logs
+CREATE POLICY "users_can_read_own_notification_logs" ON public.notification_logs
+    FOR SELECT
+    USING (user_id = auth.uid());
+
+-- Administradores podem ver todos os logs
+CREATE POLICY "admin_can_read_all_notification_logs" ON public.notification_logs
+    FOR SELECT
+    USING (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );
+
+-- Apenas administradores podem criar logs (via sistema)
+CREATE POLICY "admin_can_create_notification_logs" ON public.notification_logs
+    FOR INSERT
+    WITH CHECK (
+        auth.uid() IN (
+            SELECT id FROM public.profiles WHERE role = 'administrator'
+        )
+    );

package/assets/supabase/003_functions_triggers.sql

@@ -0,0 +1,244 @@
+-- ============================================
+-- 003_functions_triggers.sql: Funções e Triggers (gmoonc)
+-- ============================================
+-- Contém todas as funções PL/pgSQL e triggers
+-- Otimizadas para gmoonc
+
+-- ============================================
+-- FUNÇÃO: update_updated_at_column
+-- ============================================
+-- Atualiza o campo updated_at automaticamente
+CREATE OR REPLACE FUNCTION public.update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+    NEW.updated_at = NOW();
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- ============================================
+-- TRIGGERS: updated_at
+-- ============================================
+
+CREATE TRIGGER update_profiles_updated_at
+    BEFORE UPDATE ON public.profiles
+    FOR EACH ROW
+    EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_roles_updated_at
+    BEFORE UPDATE ON public.roles
+    FOR EACH ROW
+    EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_modules_updated_at
+    BEFORE UPDATE ON public.modules
+    FOR EACH ROW
+    EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_permissions_updated_at
+    BEFORE UPDATE ON public.permissions
+    FOR EACH ROW
+    EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_messages_updated_at
+    BEFORE UPDATE ON public.messages
+    FOR EACH ROW
+    EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_notification_categories_updated_at
+    BEFORE UPDATE ON public.notification_categories
+    FOR EACH ROW
+    EXECUTE FUNCTION public.update_updated_at_column();
+
+CREATE TRIGGER update_notification_settings_updated_at
+    BEFORE UPDATE ON public.notification_settings
+    FOR EACH ROW
+    EXECUTE FUNCTION public.update_updated_at_column();
+
+-- ============================================
+-- FUNÇÃO: get_user_permissions
+-- ============================================
+-- Retorna as permissões de um usuário
+CREATE OR REPLACE FUNCTION public.get_user_permissions(user_id UUID)
+RETURNS TABLE (
+    module_name TEXT,
+    can_access BOOLEAN,
+    can_create BOOLEAN,
+    can_read BOOLEAN,
+    can_update BOOLEAN,
+    can_delete BOOLEAN
+) AS $$
+BEGIN
+    RETURN QUERY
+    SELECT 
+        m.name,
+        p.can_access,
+        p.can_create,
+        p.can_read,
+        p.can_update,
+        p.can_delete
+    FROM public.permissions p
+    JOIN public.modules m ON p.module_id = m.id
+    JOIN public.roles r ON p.role_id = r.id
+    WHERE r.id = (
+        SELECT role FROM public.profiles WHERE id = user_id
+    )::UUID;
+END;
+$$ LANGUAGE plpgsql;
+
+-- ============================================
+-- FUNÇÃO: check_user_permission
+-- ============================================
+-- Verifica se um usuário tem permissão para uma ação
+CREATE OR REPLACE FUNCTION public.check_user_permission(
+    user_id UUID,
+    module_name TEXT,
+    action TEXT
+) RETURNS BOOLEAN AS $$
+DECLARE
+    user_role TEXT;
+    has_permission BOOLEAN;
+BEGIN
+    -- Obter role do usuário
+    SELECT role INTO user_role FROM public.profiles WHERE id = user_id;
+    
+    IF user_role IS NULL THEN
+        RETURN false;
+    END IF;
+    
+    -- Verificar permissão baseado na ação
+    CASE action
+        WHEN 'create' THEN
+            SELECT can_create INTO has_permission
+            FROM public.permissions p
+            JOIN public.roles r ON p.role_id = r.id
+            JOIN public.modules m ON p.module_id = m.id
+            WHERE r.name = user_role AND m.name = module_name;
+        WHEN 'read' THEN
+            SELECT can_read INTO has_permission
+            FROM public.permissions p
+            JOIN public.roles r ON p.role_id = r.id
+            JOIN public.modules m ON p.module_id = m.id
+            WHERE r.name = user_role AND m.name = module_name;
+        WHEN 'update' THEN
+            SELECT can_update INTO has_permission
+            FROM public.permissions p
+            JOIN public.roles r ON p.role_id = r.id
+            JOIN public.modules m ON p.module_id = m.id
+            WHERE r.name = user_role AND m.name = module_name;
+        WHEN 'delete' THEN
+            SELECT can_delete INTO has_permission
+            FROM public.permissions p
+            JOIN public.roles r ON p.role_id = r.id
+            JOIN public.modules m ON p.module_id = m.id
+            WHERE r.name = user_role AND m.name = module_name;
+        ELSE
+            RETURN false;
+    END CASE;
+    
+    RETURN COALESCE(has_permission, false);
+END;
+$$ LANGUAGE plpgsql;
+
+-- ============================================
+-- FUNÇÃO: log_notification
+-- ============================================
+-- Registra uma notificação no histórico
+CREATE OR REPLACE FUNCTION public.log_notification(
+    p_category_id UUID,
+    p_user_id UUID,
+    p_entity_type TEXT,
+    p_entity_id TEXT,
+    p_email_sent BOOLEAN DEFAULT false,
+    p_email_error TEXT DEFAULT NULL
+) RETURNS UUID AS $$
+DECLARE
+    log_id UUID;
+BEGIN
+    INSERT INTO public.notification_logs (
+        category_id,
+        user_id,
+        entity_type,
+        entity_id,
+        email_sent,
+        email_error,
+        sent_at,
+        created_at
+    ) VALUES (
+        p_category_id,
+        p_user_id,
+        p_entity_type,
+        p_entity_id,
+        p_email_sent,
+        p_email_error,
+        CASE WHEN p_email_sent THEN NOW() ELSE NULL END,
+        NOW()
+    ) RETURNING id INTO log_id;
+    
+    RETURN log_id;
+END;
+$$ LANGUAGE plpgsql;
+
+-- ============================================
+-- FUNÇÃO: is_user_admin
+-- ============================================
+-- Verifica se um usuário é administrador
+CREATE OR REPLACE FUNCTION public.is_user_admin(user_id UUID)
+RETURNS BOOLEAN AS $$
+BEGIN
+    RETURN EXISTS (
+        SELECT 1 FROM public.profiles
+        WHERE id = user_id AND role = 'administrator'
+    );
+END;
+$$ LANGUAGE plpgsql;
+
+-- ============================================
+-- FUNÇÃO: is_user_employee
+-- ============================================
+-- Verifica se um usuário é funcionário
+CREATE OR REPLACE FUNCTION public.is_user_employee(user_id UUID)
+RETURNS BOOLEAN AS $$
+BEGIN
+    RETURN EXISTS (
+        SELECT 1 FROM public.profiles
+        WHERE id = user_id AND role = 'employee'
+    );
+END;
+$$ LANGUAGE plpgsql;
+
+-- ============================================
+-- FUNÇÃO: is_user_customer
+-- ============================================
+-- Verifica se um usuário é cliente
+CREATE OR REPLACE FUNCTION public.is_user_customer(user_id UUID)
+RETURNS BOOLEAN AS $$
+BEGIN
+    RETURN EXISTS (
+        SELECT 1 FROM public.profiles
+        WHERE id = user_id AND role = 'customer'
+    );
+END;
+$$ LANGUAGE plpgsql;
+
+-- ============================================
+-- FUNÇÃO: get_notification_settings_for_user
+-- ============================================
+-- Retorna as configurações de notificação de um usuário
+CREATE OR REPLACE FUNCTION public.get_notification_settings_for_user(user_id UUID)
+RETURNS TABLE (
+    category_id UUID,
+    category_name TEXT,
+    is_enabled BOOLEAN
+) AS $$
+BEGIN
+    RETURN QUERY
+    SELECT 
+        ns.category_id,
+        nc.name,
+        ns.is_enabled
+    FROM public.notification_settings ns
+    JOIN public.notification_categories nc ON ns.category_id = nc.id
+    WHERE ns.user_id = user_id;
+END;
+$$ LANGUAGE plpgsql;

package/assets/supabase/004_seed.sql

@@ -0,0 +1,126 @@
+-- ============================================
+-- 004_seed.sql: Dados Iniciais (gmoonc - Fake Data)
+-- ============================================
+-- Dados fictícios 100% fake para desenvolvimento
+-- Todos em inglês conforme gmoonc
+-- Inspirado em Missão Apollo
+
+-- ============================================
+-- 1. ROLES (System Roles)
+-- ============================================
+
+INSERT INTO public.roles (id, name, description, is_system_role, created_at, updated_at) VALUES
+('550e8400-e29b-41d4-a716-446655440001'::uuid, 'administrator', 'System Administrator', true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440002'::uuid, 'employee', 'Employee/Collaborator', true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440003'::uuid, 'customer', 'Customer/End User', true, NOW(), NOW());
+
+-- ============================================
+-- 2. MODULES (Application Modules)
+-- ============================================
+
+INSERT INTO public.modules (id, name, display_name, description, is_active, created_at, updated_at) VALUES
+('550e8400-e29b-41d4-a716-446655440010'::uuid, 'admin', 'Administrative Module', 'Administrative functions and system management', true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440011'::uuid, 'financial', 'Financial Module', 'Financial management and reporting', true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440012'::uuid, 'technical', 'Technical Support Module', 'Technical support and help desk', true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440013'::uuid, 'customer', 'Customer Module', 'Customer portal and self-service', true, NOW(), NOW());
+
+-- ============================================
+-- 3. PERMISSIONS (Role-Based Access Control)
+-- ============================================
+
+INSERT INTO public.permissions (id, role_id, module_id, can_access, can_create, can_read, can_update, can_delete, created_at, updated_at) VALUES
+-- Administrator: Full access to all modules
+('550e8400-e29b-41d4-a716-446655440100'::uuid, '550e8400-e29b-41d4-a716-446655440001'::uuid, '550e8400-e29b-41d4-a716-446655440010'::uuid, true, true, true, true, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440101'::uuid, '550e8400-e29b-41d4-a716-446655440001'::uuid, '550e8400-e29b-41d4-a716-446655440011'::uuid, true, true, true, true, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440102'::uuid, '550e8400-e29b-41d4-a716-446655440001'::uuid, '550e8400-e29b-41d4-a716-446655440012'::uuid, true, true, true, true, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440103'::uuid, '550e8400-e29b-41d4-a716-446655440001'::uuid, '550e8400-e29b-41d4-a716-446655440013'::uuid, true, true, true, true, true, NOW(), NOW()),
+
+-- Employee: Read and update access (no delete)
+('550e8400-e29b-41d4-a716-446655440110'::uuid, '550e8400-e29b-41d4-a716-446655440002'::uuid, '550e8400-e29b-41d4-a716-446655440010'::uuid, true, false, true, true, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440111'::uuid, '550e8400-e29b-41d4-a716-446655440002'::uuid, '550e8400-e29b-41d4-a716-446655440011'::uuid, true, false, true, true, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440112'::uuid, '550e8400-e29b-41d4-a716-446655440002'::uuid, '550e8400-e29b-41d4-a716-446655440012'::uuid, true, true, true, true, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440113'::uuid, '550e8400-e29b-41d4-a716-446655440002'::uuid, '550e8400-e29b-41d4-a716-446655440013'::uuid, true, false, true, false, false, NOW(), NOW()),
+
+-- Customer: Read-only access (create messages)
+('550e8400-e29b-41d4-a716-446655440120'::uuid, '550e8400-e29b-41d4-a716-446655440003'::uuid, '550e8400-e29b-41d4-a716-446655440010'::uuid, false, false, false, false, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440121'::uuid, '550e8400-e29b-41d4-a716-446655440003'::uuid, '550e8400-e29b-41d4-a716-446655440011'::uuid, false, false, false, false, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440122'::uuid, '550e8400-e29b-41d4-a716-446655440003'::uuid, '550e8400-e29b-41d4-a716-446655440012'::uuid, true, true, true, false, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440123'::uuid, '550e8400-e29b-41d4-a716-446655440003'::uuid, '550e8400-e29b-41d4-a716-446655440013'::uuid, true, false, true, false, false, NOW(), NOW());
+
+-- ============================================
+-- 4. PROFILES (Users - Apollo Astronauts)
+-- ============================================
+
+INSERT INTO public.profiles (id, email, name, role, created_at, updated_at) VALUES
+-- Administrators
+('550e8400-e29b-41d4-a716-446655440200'::uuid, 'neil.armstrong@apollo.nasa.gov', 'Neil Armstrong', 'administrator', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440201'::uuid, 'buzz.aldrin@apollo.nasa.gov', 'Buzz Aldrin', 'administrator', NOW(), NOW()),
+
+-- Employees
+('550e8400-e29b-41d4-a716-446655440210'::uuid, 'michael.collins@apollo.nasa.gov', 'Michael Collins', 'employee', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440211'::uuid, 'alan.bean@apollo.nasa.gov', 'Alan Bean', 'employee', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440212'::uuid, 'pete.conrad@apollo.nasa.gov', 'Pete Conrad', 'employee', NOW(), NOW()),
+
+-- Customers
+('550e8400-e29b-41d4-a716-446655440220'::uuid, 'john.glenn@apollo.nasa.gov', 'John Glenn', 'customer', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440221'::uuid, 'alan.shepard@apollo.nasa.gov', 'Alan Shepard', 'customer', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440222'::uuid, 'gus.grissom@apollo.nasa.gov', 'Gus Grissom', 'customer', NOW(), NOW());
+
+-- ============================================
+-- 5. NOTIFICATION CATEGORIES
+-- ============================================
+
+INSERT INTO public.notification_categories (id, name, display_name, description, is_active, email_template_subject, email_template_body, created_at, updated_at) VALUES
+('550e8400-e29b-41d4-a716-446655440300'::uuid, 'message_received', 'Message Received', 'Notification when a new message is received', true, 'New message from {{sender}}', 'You have received a new message from {{sender}}: {{message}}', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440301'::uuid, 'message_updated', 'Message Updated', 'Notification when a message status is updated', true, 'Message status updated', 'Your message status has been updated to: {{status}}', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440302'::uuid, 'system_alert', 'System Alert', 'General system alerts and notifications', true, 'System Alert', 'System Alert: {{message}}', NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440303'::uuid, 'support_ticket', 'Support Ticket', 'Support ticket related notifications', true, 'Support Ticket {{ticket_id}}', 'Your support ticket {{ticket_id}} has been updated', NOW(), NOW());
+
+-- ============================================
+-- 6. NOTIFICATION SETTINGS (User Preferences)
+-- ============================================
+
+INSERT INTO public.notification_settings (id, user_id, category_id, is_enabled, created_at, updated_at) VALUES
+-- Neil Armstrong (Admin) - receives all notifications
+('550e8400-e29b-41d4-a716-446655440400'::uuid, '550e8400-e29b-41d4-a716-446655440200'::uuid, '550e8400-e29b-41d4-a716-446655440300'::uuid, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440401'::uuid, '550e8400-e29b-41d4-a716-446655440200'::uuid, '550e8400-e29b-41d4-a716-446655440301'::uuid, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440402'::uuid, '550e8400-e29b-41d4-a716-446655440200'::uuid, '550e8400-e29b-41d4-a716-446655440302'::uuid, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440403'::uuid, '550e8400-e29b-41d4-a716-446655440200'::uuid, '550e8400-e29b-41d4-a716-446655440303'::uuid, true, NOW(), NOW()),
+
+-- Michael Collins (Employee) - selective notifications
+('550e8400-e29b-41d4-a716-446655440410'::uuid, '550e8400-e29b-41d4-a716-446655440210'::uuid, '550e8400-e29b-41d4-a716-446655440300'::uuid, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440411'::uuid, '550e8400-e29b-41d4-a716-446655440210'::uuid, '550e8400-e29b-41d4-a716-446655440301'::uuid, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440412'::uuid, '550e8400-e29b-41d4-a716-446655440210'::uuid, '550e8400-e29b-41d4-a716-446655440302'::uuid, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440413'::uuid, '550e8400-e29b-41d4-a716-446655440210'::uuid, '550e8400-e29b-41d4-a716-446655440303'::uuid, true, NOW(), NOW()),
+
+-- John Glenn (Customer) - limited notifications
+('550e8400-e29b-41d4-a716-446655440420'::uuid, '550e8400-e29b-41d4-a716-446655440220'::uuid, '550e8400-e29b-41d4-a716-446655440300'::uuid, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440421'::uuid, '550e8400-e29b-41d4-a716-446655440220'::uuid, '550e8400-e29b-41d4-a716-446655440301'::uuid, true, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440422'::uuid, '550e8400-e29b-41d4-a716-446655440220'::uuid, '550e8400-e29b-41d4-a716-446655440302'::uuid, false, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440423'::uuid, '550e8400-e29b-41d4-a716-446655440220'::uuid, '550e8400-e29b-41d4-a716-446655440303'::uuid, true, NOW(), NOW());
+
+-- ============================================
+-- 7. MESSAGES (System Messages)
+-- ============================================
+
+INSERT INTO public.messages (id, user_id, name, email, phone, company_farm, message, status, created_at, updated_at) VALUES
+-- From Neil Armstrong
+('550e8400-e29b-41d4-a716-446655440600'::uuid, '550e8400-e29b-41d4-a716-446655440200'::uuid, 'Neil Armstrong', 'neil.armstrong@apollo.nasa.gov', '+55 11 98765-4321', 'NASA - Apollo Mission', 'Requesting analysis of lunar region coverage', 'completed', NOW(), NOW()),
+
+-- From John Glenn
+('550e8400-e29b-41d4-a716-446655440601'::uuid, '550e8400-e29b-41d4-a716-446655440220'::uuid, 'John Glenn', 'john.glenn@apollo.nasa.gov', '+55 21 99999-8888', 'NASA - Mercury Program', 'Question about coverage analysis', 'in_analysis', NOW(), NOW()),
+
+-- From Alan Shepard
+('550e8400-e29b-41d4-a716-446655440602'::uuid, '550e8400-e29b-41d4-a716-446655440221'::uuid, 'Alan Shepard', 'alan.shepard@apollo.nasa.gov', '+55 85 97777-6666', 'NASA - Gemini Program', 'Feedback on previous analysis', 'pending', NOW(), NOW()),
+
+-- Draft message
+('550e8400-e29b-41d4-a716-446655440603'::uuid, '550e8400-e29b-41d4-a716-446655440222'::uuid, 'Gus Grissom', 'gus.grissom@apollo.nasa.gov', '+55 31 98888-7777', 'NASA - Apollo Applications', 'Support request for system access', 'draft', NOW(), NOW());
+
+-- ============================================
+-- 8. NOTIFICATION LOGS (Notification History)
+-- ============================================
+
+INSERT INTO public.notification_logs (id, category_id, user_id, entity_type, entity_id, email_sent, email_error, sent_at, created_at) VALUES
+('550e8400-e29b-41d4-a716-446655440700'::uuid, '550e8400-e29b-41d4-a716-446655440300'::uuid, '550e8400-e29b-41d4-a716-446655440200'::uuid, 'messages', '550e8400-e29b-41d4-a716-446655440600'::uuid, true, null, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440701'::uuid, '550e8400-e29b-41d4-a716-446655440301'::uuid, '550e8400-e29b-41d4-a716-446655440200'::uuid, 'messages', '550e8400-e29b-41d4-a716-446655440600'::uuid, true, null, NOW(), NOW()),
+('550e8400-e29b-41d4-a716-446655440702'::uuid, '550e8400-e29b-41d4-a716-446655440300'::uuid, '550e8400-e29b-41d4-a716-446655440220'::uuid, 'messages', '550e8400-e29b-41d4-a716-446655440601'::uuid, false, 'User disabled email notifications', null, NOW());

package/dist/index.cjs

@@ -4,8 +4,8 @@
 // src/cli/index.ts
 var import_commander = require("commander");
 var import_process = require("process");
-var import_path7 = require("path");
-var import_fs11 = require("fs");
+var import_path8 = require("path");
+var import_fs13 = require("fs");
 
 // src/cli/lib/detect.ts
 var import_fs = require("fs");
@@ -1626,9 +1626,13 @@ export type { UserPermission } from './getUserPermissions';
 }
 function updateEnvExample(projectDir) {
   const envExamplePath = (0, import_path6.join)(projectDir, ".env.example");
-  const envExampleContent = `# Supabase Configuration
+  const envExampleContent = `# Supabase Configuration (Client-side)
 VITE_SUPABASE_URL=
 VITE_SUPABASE_ANON_KEY=
+
+# Supabase Database Connection (Server-only, for seeding)
+# Get this from Supabase Dashboard \u2192 Settings \u2192 Database \u2192 Connection string (URI)
+SUPABASE_DB_URL=
 `;
   if ((0, import_fs9.existsSync)(envExamplePath)) {
     const existing = (0, import_fs9.readFileSync)(envExamplePath, "utf-8");
@@ -1808,9 +1812,173 @@ function updateAllSessionImports(gmooncDir) {
   }
 }
 
+// src/cli/lib/supabaseSeedVite.ts
+var import_path7 = require("path");
+var import_fs11 = require("fs");
+var import_pg = require("pg");
+var import_dotenv = require("dotenv");
+function getPackageRoot() {
+  try {
+    const currentDir = typeof __dirname !== "undefined" ? __dirname : process.cwd();
+    return (0, import_path7.join)(currentDir, "../../..");
+  } catch {
+    return (0, import_path7.join)(process.cwd(), "node_modules", "gmoonc");
+  }
+}
+var PACKAGE_ROOT = getPackageRoot();
+async function seedSupabase(options) {
+  const { projectDir, dryRun } = options;
+  try {
+    (0, import_dotenv.config)({ path: (0, import_path7.join)(projectDir, ".env") });
+    (0, import_dotenv.config)({ path: (0, import_path7.join)(projectDir, ".env.local") });
+    const gmooncDir = (0, import_path7.join)(projectDir, "src/gmoonc");
+    if (!(0, import_fs11.existsSync)(gmooncDir)) {
+      logError('gmoonc is not installed. Run "npx gmoonc" first.');
+      return { success: false, message: "gmoonc not installed" };
+    }
+    const supabaseDir = (0, import_path7.join)(gmooncDir, "supabase");
+    if (!(0, import_fs11.existsSync)(supabaseDir)) {
+      logError('Supabase integration not found. Run "npx gmoonc supabase --vite" first.');
+      return { success: false, message: "Supabase not set up" };
+    }
+    const markerPath = (0, import_path7.join)(projectDir, ".gmoonc", "supabase-seed.json");
+    if ((0, import_fs11.existsSync)(markerPath)) {
+      logError("supabase-seed already executed in this project.");
+      logError("To re-seed, delete the marker file: .gmoonc/supabase-seed.json");
+      logError("Then manually clean the database in Supabase before re-running.");
+      return { success: false, message: "Already seeded" };
+    }
+    const dbUrl = process.env.SUPABASE_DB_URL;
+    if (!dbUrl) {
+      logError("SUPABASE_DB_URL is not set in .env or .env.local");
+      logError("");
+      logError("To get the connection string:");
+      logError("1. Go to your Supabase project dashboard");
+      logError("2. Navigate to Settings \u2192 Database");
+      logError('3. Copy the "Connection string (URI)"');
+      logError("4. Add it to .env.local as:");
+      logError("   SUPABASE_DB_URL=postgresql://postgres:[YOUR-PASSWORD]@[HOST]:5432/postgres");
+      logError("");
+      logError("\u26A0\uFE0F  This is a server-only variable (no VITE_ prefix)");
+      return { success: false, message: "SUPABASE_DB_URL not set" };
+    }
+    if (dryRun) {
+      logInfo("\u{1F50D} Dry run mode - would execute SQL files");
+      return { success: true };
+    }
+    const sqlFiles = [
+      { name: "001_tables.sql", order: 1 },
+      { name: "003_functions_triggers.sql", order: 2 },
+      { name: "002_rls.sql", order: 3 },
+      { name: "004_seed.sql", order: 4 }
+    ];
+    const projectSqlDir = (0, import_path7.join)(gmooncDir, "supabase", "sql");
+    const packageSqlDir = (0, import_path7.join)(PACKAGE_ROOT, "assets", "supabase");
+    if (!(0, import_fs11.existsSync)(projectSqlDir)) {
+      ensureDirectoryExists((0, import_path7.join)(projectSqlDir, "dummy"));
+      logInfo("\u{1F4CB} Copying SQL files to project...");
+      for (const sqlFile of sqlFiles) {
+        const packagePath = (0, import_path7.join)(packageSqlDir, sqlFile.name);
+        const projectPath = (0, import_path7.join)(projectSqlDir, sqlFile.name);
+        if ((0, import_fs11.existsSync)(packagePath)) {
+          const content = (0, import_fs11.readFileSync)(packagePath, "utf-8");
+          (0, import_fs11.writeFileSync)(projectPath, content, "utf-8");
+          logSuccess(`Copied ${sqlFile.name} to src/gmoonc/supabase/sql/`);
+        }
+      }
+    }
+    logInfo("\n\u{1F50C} Connecting to Supabase database...");
+    const client = new import_pg.Client({
+      connectionString: dbUrl,
+      ssl: { rejectUnauthorized: false }
+    });
+    await client.connect();
+    logSuccess("Connected to database");
+    const executedFiles = [];
+    for (const sqlFile of sqlFiles) {
+      logInfo(`
+\u{1F4DD} Applying ${sqlFile.name}...`);
+      let sqlPath = (0, import_path7.join)(projectSqlDir, sqlFile.name);
+      if (!(0, import_fs11.existsSync)(sqlPath)) {
+        sqlPath = (0, import_path7.join)(packageSqlDir, sqlFile.name);
+      }
+      if (!(0, import_fs11.existsSync)(sqlPath)) {
+        logError(`SQL file not found: ${sqlFile.name}`);
+        await client.end();
+        return { success: false, message: `SQL file not found: ${sqlFile.name}` };
+      }
+      const sql = (0, import_fs11.readFileSync)(sqlPath, "utf-8");
+      try {
+        await client.query("BEGIN");
+        await client.query(sql);
+        await client.query("COMMIT");
+        executedFiles.push(sqlFile.name);
+        logSuccess(`\u2713 Applied ${sqlFile.name}`);
+      } catch (error) {
+        await client.query("ROLLBACK");
+        const errorMessage = error.message || "Unknown error";
+        const errorPosition = error.position ? ` at position ${error.position}` : "";
+        logError(`\u2717 Failed to apply ${sqlFile.name}${errorPosition}`);
+        logError(`Error: ${errorMessage}`);
+        if (error.position && sql) {
+          const lines = sql.split("\n");
+          const charPos = error.position;
+          let currentPos = 0;
+          let errorLine = 0;
+          for (let i = 0; i < lines.length; i++) {
+            currentPos += lines[i].length + 1;
+            if (currentPos >= charPos) {
+              errorLine = i + 1;
+              break;
+            }
+          }
+          if (errorLine > 0) {
+            const start = Math.max(0, errorLine - 3);
+            const end = Math.min(lines.length, errorLine + 2);
+            logError("\nSQL context around error:");
+            for (let i = start; i < end; i++) {
+              const marker = i === errorLine - 1 ? ">>> " : "    ";
+              logError(`${marker}${i + 1}: ${lines[i]}`);
+            }
+          }
+        }
+        await client.end();
+        return { success: false, message: `SQL execution failed: ${sqlFile.name}` };
+      }
+    }
+    await client.end();
+    logSuccess("\n\u2705 All SQL files applied successfully");
+    const markerDir = (0, import_path7.join)(projectDir, ".gmoonc");
+    ensureDirectoryExists((0, import_path7.join)(markerDir, "dummy"));
+    const packageJsonPath = (0, import_path7.join)(PACKAGE_ROOT, "package.json");
+    let version = "0.0.22";
+    try {
+      if ((0, import_fs11.existsSync)(packageJsonPath)) {
+        const packageJson = JSON.parse((0, import_fs11.readFileSync)(packageJsonPath, "utf-8"));
+        version = packageJson.version || version;
+      }
+    } catch {
+    }
+    const markerContent = JSON.stringify({
+      version,
+      executedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      files: executedFiles
+    }, null, 2);
+    (0, import_fs11.writeFileSync)(markerPath, markerContent, "utf-8");
+    logSuccess("Created marker file: .gmoonc/supabase-seed.json");
+    return { success: true };
+  } catch (error) {
+    logError(`Error: ${error.message}`);
+    if (error.stack && process.env.DEBUG) {
+      console.error(error.stack);
+    }
+    return { success: false, message: error.message };
+  }
+}
+
 // src/cli/index.ts
 var program = new import_commander.Command();
-program.name("gmoonc").description("Goalmoon Ctrl (gmoonc): Install complete dashboard into your React project").version("0.0.21").option("--base <path>", "Base path for dashboard routes", "/app").option("--skip-router-patch", "Skip automatic router integration (only copy files and inject CSS)").option("--dry-run", "Show what would be done without making changes").action(async (options) => {
+program.name("gmoonc").description("Goalmoon Ctrl (gmoonc): Install complete dashboard into your React project").version("0.0.22").option("--base <path>", "Base path for dashboard routes", "/app").option("--skip-router-patch", "Skip automatic router integration (only copy files and inject CSS)").option("--dry-run", "Show what would be done without making changes").action(async (options) => {
   try {
     logInfo("\u{1F680} Starting gmoonc installer...");
     logInfo("\u{1F4E6} Installing complete dashboard into your React project\n");
@@ -1818,9 +1986,9 @@ program.name("gmoonc").description("Goalmoon Ctrl (gmoonc): Install complete das
     const basePath = options.base || "/app";
     const dryRun = options.dryRun || false;
     const skipRouterPatch = options.skipRouterPatch || false;
-    const gmooncDir = (0, import_path7.join)(projectDir, "src/gmoonc");
-    const markerFile = (0, import_path7.join)(gmooncDir, ".gmoonc-installed.json");
-    if ((0, import_fs11.existsSync)(gmooncDir) || (0, import_fs11.existsSync)(markerFile)) {
+    const gmooncDir = (0, import_path8.join)(projectDir, "src/gmoonc");
+    const markerFile = (0, import_path8.join)(gmooncDir, ".gmoonc-installed.json");
+    if ((0, import_fs13.existsSync)(gmooncDir) || (0, import_fs13.existsSync)(markerFile)) {
       logError("gmoonc already installed (src/gmoonc exists or marker file found).");
       logError("Remove src/gmoonc and restore backups to reinstall.");
       process.exit(1);
@@ -1861,7 +2029,7 @@ program.name("gmoonc").description("Goalmoon Ctrl (gmoonc): Install complete das
       process.exit(1);
     }
     logInfo("\n\u{1F4DD} Injecting CSS imports...");
-    const entrypointPath = (0, import_path7.join)(projectDir, project.entrypoint);
+    const entrypointPath = (0, import_path8.join)(projectDir, project.entrypoint);
     const cssResult = patchEntryCss(entrypointPath, dryRun);
     if (!cssResult.success && !dryRun) {
       logError("Failed to inject CSS");
@@ -1883,11 +2051,11 @@ program.name("gmoonc").description("Goalmoon Ctrl (gmoonc): Install complete das
     }
     if (!dryRun) {
       ensureDirectoryExists(markerFile);
-      const packageJsonPath = (0, import_path7.join)(projectDir, "package.json");
+      const packageJsonPath = (0, import_path8.join)(projectDir, "package.json");
       let version = "0.0.10";
       try {
-        if ((0, import_fs11.existsSync)(packageJsonPath)) {
-          const packageJson = JSON.parse((0, import_fs11.readFileSync)(packageJsonPath, "utf-8"));
+        if ((0, import_fs13.existsSync)(packageJsonPath)) {
+          const packageJson = JSON.parse((0, import_fs13.readFileSync)(packageJsonPath, "utf-8"));
           const gmooncVersion = packageJson.dependencies?.gmoonc || packageJson.devDependencies?.gmoonc;
           if (gmooncVersion) {
             version = gmooncVersion.replace(/^[\^~]/, "");
@@ -1899,7 +2067,7 @@ program.name("gmoonc").description("Goalmoon Ctrl (gmoonc): Install complete das
         version,
         installedAt: (/* @__PURE__ */ new Date()).toISOString()
       }, null, 2);
-      (0, import_fs11.writeFileSync)(markerFile, markerContent, "utf-8");
+      (0, import_fs13.writeFileSync)(markerFile, markerContent, "utf-8");
     }
     logSuccess("\n\u2705 Installation complete!");
     logInfo("\nYour dashboard is now available at:");
@@ -1945,4 +2113,34 @@ program.command("supabase").description("Setup Supabase integration (Auth + RBAC
     process.exit(1);
   }
 });
+program.command("supabase-seed").description("Seed Supabase database with schema, RLS, functions, and initial data").option("--vite", "Seed for Vite projects").action(async (options) => {
+  try {
+    logInfo("\u{1F331} Starting Supabase database seeding...");
+    const projectDir = (0, import_process.cwd)();
+    const dryRun = false;
+    if (!options.vite) {
+      logError("Missing platform flag. Use: gmoonc supabase-seed --vite (Next will be added later).");
+      process.exit(1);
+    }
+    const result = await seedSupabase({
+      projectDir,
+      dryRun
+    });
+    if (!result.success) {
+      process.exit(1);
+    }
+    logSuccess("\n\u2705 Database seeding complete!");
+    logInfo("\nYour Supabase database is now ready with:");
+    logInfo("  - Tables (profiles, roles, modules, permissions, etc.)");
+    logInfo("  - Functions and triggers");
+    logInfo("  - Row Level Security (RLS) policies");
+    logInfo("  - Initial seed data (Apollo user)");
+  } catch (error) {
+    logError(`Error: ${error.message}`);
+    if (error.stack && process.env.DEBUG) {
+      console.error(error.stack);
+    }
+    process.exit(1);
+  }
+});
 program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gmoonc",
-  "version": "0.0.21",
+  "version": "0.0.22",
   "description": "Goalmoon Ctrl (gmoonc): Complete dashboard installer for React projects",
   "license": "MIT",
   "homepage": "https://gmoonc.com",
@@ -19,6 +19,7 @@
   "files": [
     "dist",
     "src/templates",
+    "assets",
     "scripts",
     "README.md",
     "LICENSE"
@@ -32,10 +33,13 @@
     "postinstall": "node scripts/block-global-install.cjs"
   },
   "dependencies": {
-    "commander": "^12.0.0"
+    "commander": "^12.0.0",
+    "dotenv": "^16.4.5",
+    "pg": "^8.11.3"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",
+    "@types/pg": "^8.10.9",
     "rimraf": "^6.0.0",
     "tsup": "^8.0.0",
     "typescript": "^5.0.0"