mpb-localkit 1.3.5 → 1.4.1

package/README.md

@@ -108,7 +108,7 @@ Passwords are hashed client-side (PBKDF2) before transmission. Sessions are JWTs
 
 ## Sync
 
-Sync happens automatically when configured with an `endpoint`. MPB LocalKit uses a Last-Write-Wins (LWW) protocol — the document with the highest `_updatedAt` timestamp wins conflicts.
+Sync happens automatically when configured with an `endpoint`. LocalKit uses a Last-Write-Wins (LWW) protocol — the document with the highest `_updatedAt` timestamp wins conflicts.
 
 ```ts
 // Manual sync
@@ -226,7 +226,7 @@ Done! Your project is ready.
 
 ## Transport Configuration
 
-MPB LocalKit supports three sync transports, configurable at `createApp` time:
+LocalKit supports three sync transports, configurable at `createApp` time:
 
 ### HTTP Transport (default)
 
@@ -271,11 +271,11 @@ const app = createApp({
 })
 ```
 
-With `auto`, MPB LocalKit upgrades to WebSocket when the server supports it and degrades gracefully on restricted networks.
+With `auto`, LocalKit upgrades to WebSocket when the server supports it and degrades gracefully on restricted networks.
 
 ## WebSocket Sync
 
-When using `transport: 'websocket'` or `transport: 'auto'`, MPB LocalKit maintains a persistent WebSocket connection to your sync Worker. The Worker sends change events as they occur — no polling delay.
+When using `transport: 'websocket'` or `transport: 'auto'`, LocalKit maintains a persistent WebSocket connection to your sync Worker. The Worker sends change events as they occur — no polling delay.
 
 ```ts
 import { createApp, collection, z } from 'mpb-localkit'
@@ -307,7 +307,7 @@ The WebSocket connection is managed automatically:
 
 ## Better Auth Integration
 
-MPB LocalKit integrates with [Better Auth](https://better-auth.com) for full-featured server-side authentication.
+LocalKit integrates with [Better Auth](https://better-auth.com) for full-featured server-side authentication.
 
 ### Setup
 

package/dist/cli/index.js

@@ -1,9 +1,10 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
 import { createRequire } from 'module';
-import { existsSync, mkdirSync, writeFileSync } from 'fs';
-import { resolve, join } from 'path';
-import { spawnSync, execSync } from 'child_process';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { resolve, join, dirname } from 'path';
+import { execSync, spawnSync } from 'child_process';
+import { randomBytes } from 'crypto';
 
 var colors = {
   green: (s) => `\x1B[32m${s}\x1B[0m`,
@@ -21,29 +22,12 @@ var log = {
   bold: (msg) => console.log(colors.bold(msg)),
   dim: (msg) => console.log(colors.dim(msg))
 };
-var CONFIG_CANDIDATES = [
-  "offlinekit.config.ts",
-  "offlinekit.config.js",
-  "offlinekit.schema.ts",
-  "offlinekit.schema.js"
-];
-function findSchemaFile(cwd = process.cwd()) {
-  for (const candidate of CONFIG_CANDIDATES) {
-    const p = resolve(cwd, candidate);
-    if (existsSync(p)) return p;
-  }
-  return null;
-}
-async function loadSchema(filePath) {
-  const mod = await import(filePath);
-  return mod.default ?? mod;
-}
 
 // src/cli/commands/dev.ts
 function registerDev(program2) {
-  program2.command("dev").description("Start OfflineKit in local-only mode (no cloud sync)").action(() => {
+  program2.command("dev").description("Start LocalKit in local-only mode (no cloud sync)").action(() => {
     process.env["OFFLINEKIT_MODE"] = "local";
-    log.bold("OfflineKit Dev Mode");
+    log.bold("LocalKit Dev Mode");
     log.info("Running in local-only mode (no cloud sync)");
     log.dim("All data is stored locally. Sync is disabled.");
   });
@@ -114,7 +98,7 @@ export async function authMiddleware(c: any, next: () => Promise<void>) {
   const token = header.startsWith('Bearer ') ? header.slice(7) : null
   if (!token) return c.json({ error: 'Unauthorized' }, 401)
   try {
-    const payload = await verify(token, c.env.JWT_SECRET) as { sub: string }
+    const payload = await verify(token, c.env.JWT_SECRET, 'HS256') as { sub: string }
     c.set('userId', payload.sub)
   } catch {
     return c.json({ error: 'Invalid token' }, 401)
@@ -133,7 +117,7 @@ auth.post('/signup', async (c) => {
   const user: StoredUser = { userId, email, passwordHash }
   await c.env.KV.put(AUTH_KEY(email), JSON.stringify(user))
 
-  const token = await sign({ sub: userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET)
+  const token = await sign({ sub: userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET, 'HS256')
   return c.json({ user: { id: userId, email }, token }, 201)
 })
 
@@ -147,7 +131,7 @@ auth.post('/signin', async (c) => {
   const user = JSON.parse(raw) as StoredUser
   if (!timingSafeEqual(user.passwordHash, passwordHash)) return c.json({ error: 'Invalid credentials' }, 401)
 
-  const token = await sign({ sub: user.userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET)
+  const token = await sign({ sub: user.userId, email, exp: Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 30 }, c.env.JWT_SECRET, 'HS256')
   return c.json({ user: { id: user.userId, email }, token })
 })
 
@@ -299,7 +283,7 @@ export class WsSessions {
   private async handle(ws: WebSocket, session: { userId: string | null }, msg: WsMsg): Promise<void> {
     if (msg.type === 'auth') {
       try {
-        const payload = await verify(msg.token ?? '', this.env.JWT_SECRET) as { sub?: string }
+        const payload = await verify(msg.token ?? '', this.env.JWT_SECRET, 'HS256') as { sub?: string }
         if (!payload.sub) throw new Error('Missing sub')
         session.userId = payload.sub
         ws.send(JSON.stringify({ type: 'auth_ack', id: msg.id }))
@@ -440,7 +424,7 @@ export interface StoredSession {
 }
 
 // src/cli/generator/templates/wrangler.ts
-function wranglerTemplate(appName) {
+function wranglerTemplate(appName, kvNamespaceId) {
   const name = appName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
   return `name = "${name}-worker"
 main = "src/index.ts"
@@ -453,7 +437,7 @@ bucket_name = "${name}-storage"
 
 [[kv_namespaces]]
 binding = "KV"
-id = "REPLACE_WITH_KV_NAMESPACE_ID"
+id = "${kvNamespaceId ?? "REPLACE_WITH_KV_NAMESPACE_ID"}"
 
 [[durable_objects.bindings]]
 name = "WS_SESSIONS"
@@ -470,7 +454,7 @@ new_sqlite_classes = ["WsSessions"]
 
 // src/cli/generator/index.ts
 function generateWorker(options) {
-  const { appName, outDir } = options;
+  const { appName, outDir, kvNamespaceId } = options;
   const dirs = [
     outDir,
     join(outDir, "src"),
@@ -479,7 +463,7 @@ function generateWorker(options) {
   ];
   for (const dir of dirs) mkdirSync(dir, { recursive: true });
   const files = [
-    [join(outDir, "wrangler.toml"), wranglerTemplate(appName)],
+    [join(outDir, "wrangler.toml"), wranglerTemplate(appName, kvNamespaceId)],
     [join(outDir, "src", "index.ts"), workerIndexTemplate()],
     [join(outDir, "src", "routes", "auth.ts"), authTemplate()],
     [join(outDir, "src", "routes", "sync.ts"), syncTemplate()],
@@ -494,8 +478,9 @@ function generateWorker(options) {
   for (const [path, content] of files) {
     writeFileSync(path, content, "utf8");
   }
+  const kvWarning = kvNamespaceId ? "" : "   - KV namespace id                     \u2192  set your actual KV namespace ID\n";
   console.warn(
-    '\n\u26A0  Remember to replace placeholder values in wrangler.toml before deploying:\n   - JWT_SECRET = "REPLACE_WITH_SECRET"  \u2192  set a strong random secret\n   - KV namespace id                     \u2192  set your actual KV namespace ID\n'
+    '\n\u26A0  Remember to replace placeholder values in wrangler.toml before deploying:\n   - JWT_SECRET = "REPLACE_WITH_SECRET"  \u2192  set a strong random secret\n' + kvWarning
   );
 }
 function workerPackageJson(appName) {
@@ -545,8 +530,8 @@ function workerTsConfig() {
 // src/cli/targets/cloudflare.ts
 var cloudflareTarget = {
   name: "cloudflare",
-  generate({ appName, outDir }) {
-    generateWorker({ appName, outDir });
+  generate({ appName, outDir, kvNamespaceId }) {
+    generateWorker({ appName, outDir, kvNamespaceId });
   }
 };
 var nodeTarget = {
@@ -693,26 +678,13 @@ function nodeTsConfig() {
 // src/cli/commands/build.ts
 var targets = { cloudflare: cloudflareTarget, node: nodeTarget };
 function registerBuild(program2) {
-  program2.command("build").description("Build the OfflineKit backend bundle").option("-o, --out <dir>", "Output directory", ".offlinekit/worker").option("-n, --name <name>", "App name for the worker", "offlinekit-app").option("-t, --target <target>", "Deploy target: cloudflare or node", "cloudflare").action(async (opts) => {
-    log.bold("OfflineKit Build");
+  program2.command("build").description("Build the LocalKit backend bundle").option("-o, --out <dir>", "Output directory", ".offlinekit/worker").option("-n, --name <name>", "App name for the worker", "localkit-app").option("-t, --target <target>", "Deploy target: cloudflare or node", "cloudflare").action(async (opts) => {
+    log.bold("LocalKit Build");
     const target = targets[opts.target];
     if (!target) {
       log.error(`Unknown target: ${opts.target}. Valid targets: ${Object.keys(targets).join(", ")}`);
       process.exit(1);
     }
-    const schemaFile = findSchemaFile();
-    if (!schemaFile) {
-      log.error("No schema file found. Create offlinekit.config.ts in your project root.");
-      process.exit(1);
-    }
-    log.info(`Found schema: ${schemaFile}`);
-    try {
-      await loadSchema(schemaFile);
-      log.success("Schema loaded successfully");
-    } catch (err) {
-      log.error(`Schema load failed: ${err instanceof Error ? err.message : String(err)}`);
-      process.exit(1);
-    }
     const outDir = resolve(process.cwd(), opts.out);
     log.info(`Generating ${target.name} backend to: ${outDir}`);
     try {
@@ -729,74 +701,313 @@ function registerBuild(program2) {
     }
   });
 }
+function runWrangler(args, options) {
+  const result = spawnSync("wrangler", args, {
+    encoding: "utf8",
+    stdio: ["pipe", "pipe", "pipe"],
+    ...options
+  });
+  return {
+    stdout: result.stdout ?? "",
+    stderr: result.stderr ?? "",
+    status: result.status
+  };
+}
 function checkWrangler() {
   try {
-    const result = execSync("wrangler --version", { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] });
+    const result = execSync("wrangler --version", {
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "ignore"]
+    });
     return result.trim();
   } catch {
     return null;
   }
 }
-function registerDeploy(program2) {
-  program2.command("deploy").description("Deploy the OfflineKit Worker to Cloudflare via Wrangler").option("-d, --dir <dir>", "Worker output directory", ".offlinekit/worker").option("-e, --env <env>", "Wrangler environment (e.g. production, staging)").option("-t, --target <target>", "Deploy target (default: cloudflare)", "cloudflare").option("--dry-run", "Print the wrangler command without running it").action((opts) => {
-    log.bold("OfflineKit Deploy");
-    const serverDir = resolve(process.cwd(), "server");
-    if (existsSync(serverDir)) {
-      log.info("Warning: This project has been ejected (./server/ exists).");
-      log.dim("You can deploy the ejected code directly with `cd server && wrangler deploy`.");
-    }
-    if (opts.target !== "cloudflare") {
-      log.error(`Deploy target "${opts.target}" is not supported yet. Only "cloudflare" is deployable.`);
-      log.dim("For Node.js targets, run `offlinekit build --target node` then deploy the output manually.");
-      process.exit(1);
-    }
-    const version = checkWrangler();
-    if (!version) {
-      log.error("wrangler is not installed or not in PATH.");
-      log.dim("Install it with: npm install -g wrangler");
-      process.exit(1);
+function checkAuth() {
+  const result = runWrangler(["whoami"]);
+  return result.status === 0;
+}
+function createR2Bucket(name) {
+  log.info(`Creating R2 bucket: ${name}`);
+  const result = runWrangler(["r2", "bucket", "create", name]);
+  if (result.status !== 0) {
+    if (result.stderr.includes("already exists")) {
+      log.info(`R2 bucket "${name}" already exists, continuing`);
+      return;
     }
-    log.success(`wrangler ${version}`);
-    const outDir = resolve(process.cwd(), opts.dir);
-    if (!existsSync(outDir)) {
-      log.error(`Worker directory not found: ${outDir}`);
-      log.dim("Run `offlinekit build` first to generate the worker.");
-      process.exit(1);
+    if (result.stderr.includes("R2") || result.stderr.includes("not allowed") || result.stderr.includes("not enabled")) {
+      throw new Error(
+        `Failed to create R2 bucket: ${result.stderr}
+Hint: Enable R2 in your Cloudflare dashboard at https://dash.cloudflare.com \u2192 R2 Object Storage before deploying.`
+      );
     }
-    const tomlPath = resolve(outDir, "wrangler.toml");
-    if (!existsSync(tomlPath)) {
-      log.error(`wrangler.toml not found in ${outDir}`);
-      log.dim("Run `offlinekit build` to regenerate the worker.");
-      process.exit(1);
+    throw new Error(`Failed to create R2 bucket: ${result.stderr}`);
+  }
+  log.success(`R2 bucket "${name}" created`);
+}
+function kvNamespaceExists(id) {
+  const result = runWrangler(["kv", "namespace", "list", "--json"]);
+  if (result.status !== 0) return false;
+  try {
+    const namespaces = JSON.parse(result.stdout);
+    return namespaces.some((ns) => ns.id === id);
+  } catch {
+    return false;
+  }
+}
+function createKvNamespace(name) {
+  log.info(`Creating KV namespace: ${name}`);
+  const result = runWrangler(["kv", "namespace", "create", name]);
+  if (result.status === 0) {
+    const match = result.stdout.match(/id\s*=\s*"([a-f0-9]+)"/);
+    if (match) {
+      log.success(`KV namespace "${name}" created with ID: ${match[1]}`);
+      return match[1];
     }
-    const args = ["deploy"];
-    if (opts.env) args.push("--env", opts.env);
-    log.info(`Deploying from: ${outDir}`);
-    if (opts.env) log.info(`Environment: ${opts.env}`);
-    if (opts.dryRun) {
-      log.dim(`[dry-run] wrangler ${args.join(" ")}`);
-      log.dim(`[dry-run] cwd: ${outDir}`);
-      return;
+    try {
+      const parsed = JSON.parse(result.stdout);
+      if (parsed.id) return parsed.id;
+    } catch {
     }
-    const result = spawnSync("wrangler", args, {
-      cwd: outDir,
-      stdio: "inherit",
-      encoding: "utf8"
-    });
-    if (result.status !== 0) {
-      log.error(`wrangler deploy failed (exit ${result.status ?? "unknown"})`);
-      process.exit(result.status ?? 1);
+  }
+  if (result.stderr.includes("already exists") || result.status !== 0) {
+    log.info(`KV namespace "${name}" may already exist, looking up ID...`);
+    const listResult = runWrangler(["kv", "namespace", "list", "--json"]);
+    if (listResult.status === 0) {
+      try {
+        const namespaces = JSON.parse(listResult.stdout);
+        const found = namespaces.find((ns) => ns.title === name);
+        if (found) {
+          log.success(`Found existing KV namespace "${name}" with ID: ${found.id}`);
+          return found.id;
+        }
+      } catch {
+        log.warn("Failed to parse KV namespace list JSON, falling back to regex");
+      }
+      const idMatch = listResult.stdout.match(/id\s*=\s*"([a-f0-9]+)"/);
+      if (idMatch) return idMatch[1];
     }
-    log.success("Deployed successfully!");
+  }
+  throw new Error(
+    `Failed to create or find KV namespace "${name}". stdout: ${result.stdout}, stderr: ${result.stderr}`
+  );
+}
+function setSecret(name, value, cwd) {
+  log.info(`Setting secret: ${name}`);
+  const result = runWrangler(["secret", "put", name], { cwd, input: value });
+  if (result.status !== 0) {
+    throw new Error(`Failed to set secret ${name}: ${result.stderr}`);
+  }
+  log.success(`Secret "${name}" set`);
+}
+function readDeployState(outDir) {
+  const statePath = resolve(outDir, "..", "deploy-state.json");
+  if (!existsSync(statePath)) return null;
+  try {
+    return JSON.parse(readFileSync(statePath, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function writeDeployState(outDir, state) {
+  const statePath = resolve(outDir, "..", "deploy-state.json");
+  mkdirSync(dirname(statePath), { recursive: true });
+  writeFileSync(statePath, JSON.stringify(state, null, 2), "utf8");
+}
+function provisionCloudflare(appName, _outDir, dryRun) {
+  const name = appName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+  const r2BucketName = `${name}-storage`;
+  const kvTitle = `${name}-kv`;
+  const workerName = `${name}-worker`;
+  if (dryRun) {
+    log.dim("[dry-run] Would check wrangler auth (wrangler whoami)");
+    log.dim(`[dry-run] Would create R2 bucket: ${r2BucketName}`);
+    log.dim(`[dry-run] Would create KV namespace: ${kvTitle}`);
+    log.dim("[dry-run] Would set JWT_SECRET");
+    return { kvNamespaceId: "DRY_RUN_PLACEHOLDER", r2BucketName, workerName };
+  }
+  if (!checkAuth()) {
+    log.error("Not authenticated with Cloudflare.");
+    log.dim("Run `wrangler login` to authenticate, then try again.");
+    process.exit(1);
+  }
+  log.success("Authenticated with Cloudflare");
+  createR2Bucket(r2BucketName);
+  const kvNamespaceId = createKvNamespace(kvTitle);
+  return { kvNamespaceId, r2BucketName, workerName };
+}
+function generateAndDeploy(appName, outDir, kvNamespaceId, env, dryRun) {
+  if (dryRun) {
+    log.dim(`[dry-run] Would generate worker code to: ${outDir}`);
+    log.dim(`[dry-run] Would run: npm install (in ${outDir})`);
+    log.dim(`[dry-run] Would run: wrangler deploy${env ? ` --env ${env}` : ""}`);
+    return void 0;
+  }
+  log.info("Generating worker code...");
+  cloudflareTarget.generate({ appName, outDir, kvNamespaceId });
+  log.success("Worker code generated");
+  log.info("Installing dependencies...");
+  const installResult = spawnSync("npm", ["install"], {
+    cwd: outDir,
+    encoding: "utf8",
+    stdio: ["pipe", "pipe", "pipe"]
+  });
+  if (installResult.status !== 0) {
+    throw new Error(`npm install failed: ${installResult.stderr}`);
+  }
+  log.success("Dependencies installed");
+  log.info("Deploying to Cloudflare...");
+  const deployArgs = ["deploy"];
+  if (env) deployArgs.push("--env", env);
+  const deployResult = spawnSync("wrangler", deployArgs, {
+    cwd: outDir,
+    encoding: "utf8",
+    stdio: ["pipe", "pipe", "pipe"]
   });
+  if (deployResult.status !== 0) {
+    throw new Error(
+      `wrangler deploy failed (exit ${deployResult.status}): ${deployResult.stderr}`
+    );
+  }
+  const urlMatch = deployResult.stdout.match(/https:\/\/[^\s]+\.workers\.dev/);
+  const workerUrl = urlMatch ? urlMatch[0] : void 0;
+  if (workerUrl) {
+    log.success(`Deployed to: ${workerUrl}`);
+  } else {
+    log.success("Deployed successfully!");
+  }
+  return workerUrl;
+}
+function registerDeploy(program2) {
+  program2.command("deploy").description("Deploy the LocalKit Worker to Cloudflare via Wrangler").option("-d, --dir <dir>", "Worker output directory", ".offlinekit/worker").option("-n, --name <name>", "App name for the worker", "localkit-app").option("-e, --env <env>", "Wrangler environment (e.g. production, staging)").option("-t, --target <target>", "Deploy target (default: cloudflare)", "cloudflare").option("--dry-run", "Show what would happen without executing").action(
+    (opts) => {
+      log.bold("LocalKit Deploy");
+      const dryRun = opts.dryRun ?? false;
+      const serverDir = resolve(process.cwd(), "server");
+      if (existsSync(serverDir)) {
+        log.info(
+          "Warning: This project has been ejected (./server/ exists)."
+        );
+        log.dim(
+          "You can deploy the ejected code directly with `cd server && wrangler deploy`."
+        );
+      }
+      if (opts.target !== "cloudflare") {
+        log.error(
+          `Deploy target "${opts.target}" is not supported yet. Only "cloudflare" is deployable.`
+        );
+        log.dim(
+          "For Node.js targets, run `npx mpb-localkit build --target node` then deploy the output manually."
+        );
+        process.exit(1);
+      }
+      const version = checkWrangler();
+      if (!version) {
+        log.error("wrangler is not installed or not in PATH.");
+        log.dim("Install it with: npm install -g wrangler");
+        process.exit(1);
+      }
+      log.success(`wrangler ${version}`);
+      const outDir = resolve(process.cwd(), opts.dir);
+      const appName = opts.name;
+      const existingState = readDeployState(outDir);
+      let kvNamespaceId;
+      let r2BucketName;
+      let workerName;
+      if (existingState?.kvNamespaceId && existingState?.r2BucketName) {
+        log.info("Found existing deploy state, validating resources...");
+        r2BucketName = existingState.r2BucketName;
+        workerName = existingState.workerName;
+        if (dryRun) {
+          log.dim("[dry-run] Would validate KV namespace exists");
+          kvNamespaceId = existingState.kvNamespaceId;
+        } else if (kvNamespaceExists(existingState.kvNamespaceId)) {
+          log.success("KV namespace validated");
+          kvNamespaceId = existingState.kvNamespaceId;
+        } else {
+          log.warn("KV namespace no longer exists, re-creating...");
+          const name = appName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+          kvNamespaceId = createKvNamespace(`${name}-kv`);
+          writeDeployState(outDir, {
+            ...existingState,
+            kvNamespaceId
+          });
+          log.success("Deploy state updated with new KV namespace ID");
+        }
+      } else {
+        const provisioned = provisionCloudflare(appName, outDir, dryRun);
+        kvNamespaceId = provisioned.kvNamespaceId;
+        r2BucketName = provisioned.r2BucketName;
+        workerName = provisioned.workerName;
+        if (!dryRun) {
+          writeDeployState(outDir, {
+            kvNamespaceId,
+            r2BucketName,
+            workerName,
+            jwtSecretSet: false
+          });
+          log.success("Deploy state saved to .offlinekit/deploy-state.json");
+        }
+      }
+      if (kvNamespaceId === "REPLACE_WITH_KV_NAMESPACE_ID" || !kvNamespaceId) {
+        log.error(
+          "KV namespace ID is missing or still a placeholder. Run `mpb-localkit deploy` (not `wrangler deploy` directly) to auto-provision resources, or create one manually: wrangler kv namespace create KV"
+        );
+        process.exit(1);
+      }
+      const alreadyHasSecret = existingState?.jwtSecretSet ?? false;
+      let workerUrl;
+      try {
+        workerUrl = generateAndDeploy(appName, outDir, kvNamespaceId, opts.env, dryRun);
+      } catch (err) {
+        log.error(`Deploy failed: ${err instanceof Error ? err.message : String(err)}`);
+        process.exit(1);
+      }
+      if (dryRun) {
+        if (!alreadyHasSecret) {
+          log.dim("[dry-run] Would set JWT_SECRET (first deploy only)");
+        }
+        log.bold("Dry run complete. No changes were made.");
+        return;
+      }
+      let jwtSecretSet = alreadyHasSecret;
+      if (!jwtSecretSet) {
+        try {
+          setSecret("JWT_SECRET", randomBytes(32).toString("hex"), outDir);
+          log.success("JWT_SECRET set");
+          jwtSecretSet = true;
+        } catch (err) {
+          log.warn(`Could not set JWT_SECRET: ${err instanceof Error ? err.message : String(err)}`);
+          log.dim("Set it manually: wrangler secret put JWT_SECRET");
+        }
+      }
+      writeDeployState(outDir, { kvNamespaceId, r2BucketName, workerName, workerUrl, jwtSecretSet });
+      if (workerUrl) {
+        const envPath = resolve(process.cwd(), ".env");
+        if (existsSync(envPath)) {
+          let envContent = readFileSync(envPath, "utf8");
+          if (envContent.includes("VITE_SYNC_URL=")) {
+            envContent = envContent.replace(/VITE_SYNC_URL=.*/, `VITE_SYNC_URL=${workerUrl}`);
+          } else {
+            envContent += `
+VITE_SYNC_URL=${workerUrl}
+`;
+          }
+          writeFileSync(envPath, envContent, "utf8");
+          log.info(`Updated .env with VITE_SYNC_URL=${workerUrl}`);
+        }
+      }
+    }
+  );
 }
 var targets2 = {
   cloudflare: cloudflareTarget,
   node: nodeTarget
 };
 function registerEject(program2) {
-  program2.command("eject").description("Eject generated Worker code into ./server/ for manual customization").option("-o, --out <dir>", "Output directory for ejected code", "server").option("-n, --name <name>", "App name", "offlinekit-app").option("-t, --target <target>", "Deploy target (cloudflare, node)", "cloudflare").action((opts) => {
-    log.bold("OfflineKit Eject");
+  program2.command("eject").description("Eject generated Worker code into ./server/ for manual customization").option("-o, --out <dir>", "Output directory for ejected code", "server").option("-n, --name <name>", "App name", "localkit-app").option("-t, --target <target>", "Deploy target (cloudflare, node)", "cloudflare").action((opts) => {
+    log.bold("LocalKit Eject");
     const target = targets2[opts.target];
     if (!target) {
       log.error(`Unknown target: "${opts.target}"`);
@@ -830,7 +1041,7 @@ function registerEject(program2) {
         log.dim("  npm install");
         log.dim("  wrangler deploy");
         log.dim("");
-        log.dim("Note: Running `offlinekit deploy` will warn that code has been ejected.");
+        log.dim("Note: Running `npx mpb-localkit deploy` will warn that code has been ejected.");
       }
     } catch (err) {
       log.error(`Eject failed: ${err instanceof Error ? err.message : String(err)}`);
@@ -843,7 +1054,7 @@ function registerEject(program2) {
 var require2 = createRequire(import.meta.url);
 var pkg = require2("../../package.json");
 var program = new Command();
-program.name("offlinekit").description(pkg.description).version(pkg.version, "-v, --version", "Print the current version");
+program.name("mpb-localkit").description(pkg.description).version(pkg.version, "-v, --version", "Print the current version");
 registerDev(program);
 registerBuild(program);
 registerDeploy(program);