nsa-sheets-db-builder 4.0.0

package/scripts/setup.mjs

@@ -0,0 +1,677 @@
+#!/usr/bin/env node
+
+/**
+ * Automated full deployment for nsa-sheets-db-builder.
+ *
+ * Prerequisite: `init` + `login` (both require interactive input — can't automate)
+ *
+ * Steps:
+ *   1.  Pre-flight — validate config, check auth, load features
+ *   2.  DDL Handler (per-account, shared) — create/skip, build, push, deploy
+ *   3.  Create DB GAS projects — `clasp create` for each placeholder instance
+ *   4.  Build DB instances
+ *   5.  Push DB instances
+ *   6.  Deploy DB instances → saves deploymentId to project.json
+ *   7.  Create Drive resources (HTTP → DDL handler web app)
+ *   8.  Re-build + re-push + re-deploy DB instances (with real IDs)
+ *   9.  Provision tables (HTTP → DDL handler web app)
+ *  10.  Rotate API keys (HTTP → DB script web app)
+ *  11.  Summary
+ *
+ * Usage:
+ *   node scripts/setup.mjs --db <name> [--env <env>] [--force]
+ */
+
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import crypto from 'crypto';
+import https from 'https';
+import { execSync } from 'child_process';
+import {
+  parseArgs, requireDb, loadDbConfig, getEnvConfig,
+  getAllInstances, getDistDirForInstance,
+  loadTables, saveTables, saveProjectConfig,
+  loadRbacConfig, loadViewsConfig, loadCustomMethodsConfig,
+  getFeatures, validateRbacRequirements,
+  ensureAuthenticated, isPlaceholderScriptId,
+  getDataSpreadsheetIds,
+  loadRootConfig, saveRootConfig, resolveAccount,
+  getDdlHandlerDistDir
+} from './lib/utils.mjs';
+import { buildInstance, buildDdlHandler, getDeploymentDescription } from './build.mjs';
+
+// ────────────────────────────────────────
+// Helpers
+// ────────────────────────────────────────
+
+function parseDeploymentId(output) {
+  // clasp deploy outputs: "Deployed AKfyc... @1"
+  // clasp deployments lists: "- AKfyc... @1"
+  const match = output.match(/(?:^Deployed |^- )(\S+) @/m);
+  return match ? match[1] : null;
+}
+
+/** Build the --user flag string (empty when using default credentials). */
+function userFlag(profile) {
+  return profile ? ` --user ${profile}` : '';
+}
+
+function step(n, label) {
+  console.log(`\n${'─'.repeat(50)}`);
+  console.log(`  Step ${n}: ${label}`);
+  console.log('─'.repeat(50));
+}
+
+/** Generate a random admin key for DDL operations. */
+function generateAdminKey() {
+  return crypto.randomBytes(24).toString('hex');
+}
+
+/**
+ * Call a DDL function on a deployed web app via HTTP POST.
+ * Uses the ddlAdminKey for authentication.
+ */
+function callWebApp(deploymentId, ddlAction, params, ddlAdminKey) {
+  const url = `https://script.google.com/macros/s/${deploymentId}/exec`;
+  const body = JSON.stringify({ ddlAction, ddlKey: ddlAdminKey, params });
+
+  console.log(`  → POST ${ddlAction} to web app`);
+
+  return new Promise((resolve, reject) => {
+    function doRequest(requestUrl, redirectCount) {
+      if (redirectCount > 5) {
+        reject(new Error('Too many redirects'));
+        return;
+      }
+
+      const parsed = new URL(requestUrl);
+      const options = {
+        hostname: parsed.hostname,
+        path: parsed.pathname + parsed.search,
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Content-Length': Buffer.byteLength(body)
+        }
+      };
+
+      const req = https.request(options, (res) => {
+        // Follow redirects (GAS web apps redirect 302)
+        if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+          doRequest(res.headers.location, redirectCount + 1);
+          res.resume();
+          return;
+        }
+
+        let data = '';
+        res.on('data', chunk => data += chunk);
+        res.on('end', () => {
+          if (res.statusCode !== 200) {
+            reject(new Error(`HTTP ${res.statusCode}: ${data}`));
+            return;
+          }
+          try {
+            resolve(JSON.parse(data));
+          } catch {
+            reject(new Error(`Non-JSON response: ${data.substring(0, 200)}`));
+          }
+        });
+      });
+
+      req.on('error', reject);
+      req.setTimeout(120000, () => {
+        req.destroy(new Error('Request timed out (120s)'));
+      });
+      req.write(body);
+      req.end();
+    }
+
+    doRequest(url, 0);
+  });
+}
+
+/**
+ * Deploy (or update) a single instance. Saves deploymentId to config.
+ * Returns the deploymentId.
+ */
+function deployInstance(inst, dbName, env, envConfig, userProfile, config) {
+  const distDir = getDistDirForInstance(dbName, inst.type);
+  const desc = getDeploymentDescription(dbName, inst.type, env);
+
+  if (inst.deploymentId) {
+    console.log(`\n  Updating deployment for ${inst.type}: ${inst.deploymentId}`);
+    execSync(
+      `npx --prefer-offline @google/clasp update-deployment ${inst.deploymentId} --description '${desc}'${userFlag(userProfile)}`,
+      { cwd: distDir, stdio: 'inherit' }
+    );
+    return inst.deploymentId;
+  }
+
+  console.log(`\n  Creating new deployment for ${inst.type}: "${desc}"`);
+  const output = execSync(
+    `npx --prefer-offline @google/clasp deploy --description '${desc}'${userFlag(userProfile)}`,
+    { cwd: distDir, encoding: 'utf8' }
+  );
+
+  const deploymentId = parseDeploymentId(output);
+  if (deploymentId) {
+    console.log(`  Deployment ID: ${deploymentId}`);
+    envConfig.instances[inst.scriptId].deploymentId = deploymentId;
+    saveProjectConfig(dbName, config);
+  } else {
+    console.error(`  ERROR: could not parse deployment ID from clasp output:`);
+    console.error(output);
+    process.exit(1);
+  }
+  return deploymentId;
+}
+
+// ────────────────────────────────────────
+// Main
+// ────────────────────────────────────────
+
+async function setup() {
+  // 0. Parse args
+  const args = parseArgs();
+  const dbName = requireDb(args, 'setup.mjs');
+
+  let config = loadDbConfig(dbName);
+  const { env, envConfig } = getEnvConfig(config, args.env);
+  const features = getFeatures(config);
+
+  console.log(`\nnsa-sheets-db-builder setup — ${dbName} (${env})`);
+  console.log('='.repeat(50));
+
+  // ── Step 1: Pre-flight ──────────────────
+
+  step(1, 'Pre-flight checks');
+
+  let instances = getAllInstances(envConfig);
+  if (instances.length === 0) {
+    console.error('No instances configured for this environment.');
+    console.error(`Check dbs/${dbName}/project.json → environments.${env}.instances`);
+    process.exit(1);
+  }
+  console.log(`  Instances: ${instances.map(i => i.type).join(', ')}`);
+
+  const userProfile = await ensureAuthenticated(dbName, args, envConfig, env);
+
+  // Generate per-instance DDL admin key if not set
+  if (!envConfig.ddlAdminKey) {
+    envConfig.ddlAdminKey = generateAdminKey();
+    saveProjectConfig(dbName, config);
+    console.log('  Generated DDL admin key (per-instance).');
+  } else {
+    console.log('  DDL admin key (per-instance): already set.');
+  }
+
+  // Load feature configs
+  let rbacConfig = null;
+  let viewsConfig = null;
+  const customMethodsConfig = loadCustomMethodsConfig(dbName);
+
+  if (features.rbac.enabled) {
+    rbacConfig = loadRbacConfig(dbName);
+    if (!rbacConfig) {
+      console.error('RBAC enabled in project.json but rbac.json not found.');
+      process.exit(1);
+    }
+    const tables = loadTables(dbName);
+    const errors = validateRbacRequirements(tables, rbacConfig);
+    if (errors.length > 0) {
+      console.error('RBAC validation failed:');
+      for (const err of errors) console.error(`  - ${err}`);
+      process.exit(1);
+    }
+    console.log(`  RBAC: enabled (${features.authMode} auth)`);
+  }
+
+  if (features.views.enabled) {
+    viewsConfig = loadViewsConfig(dbName);
+    if (!viewsConfig) {
+      console.error('Views enabled in project.json but views.json not found.');
+      process.exit(1);
+    }
+    console.log(`  Views: enabled (${Object.keys(viewsConfig).length} view(s))`);
+  }
+
+  console.log('  Pre-flight passed.');
+
+  // ── Step 2: DDL Handler (per-account, shared) ──
+
+  step(2, 'DDL Handler (per-account)');
+
+  const account = resolveAccount(envConfig, env);
+  if (!account) {
+    console.error('  ERROR: account not set.');
+    console.error('  Set "account" in .nsaproject.json → environments.' + env);
+    console.error('  Or run login first to auto-detect.');
+    process.exit(1);
+  }
+
+  // Resolve DDL handler from root config (.nsaproject.json)
+  let rootConfig = loadRootConfig();
+  let rootEnv = rootConfig.environments?.[env] || {};
+  let ddlHandler = rootEnv.ddlHandler || {};
+
+  if (ddlHandler.scriptId && ddlHandler.deploymentId) {
+    console.log(`  DDL handler already deployed for ${account}`);
+    console.log(`  scriptId: ${ddlHandler.scriptId}`);
+    console.log(`  deploymentId: ${ddlHandler.deploymentId}`);
+    console.log('  Skipping DDL handler creation.');
+  } else {
+    console.log(`  No DDL handler for ${account} — creating...`);
+
+    // a. Generate ddlAdminKey for the handler
+    const handlerAdminKey = ddlHandler.ddlAdminKey || generateAdminKey();
+
+    // b. clasp create → get scriptId
+    let handlerScriptId = ddlHandler.scriptId || '';
+    if (!handlerScriptId) {
+      const title = `ddl-handler-${account.split('@')[0]}`;
+      console.log(`\n  Creating GAS project: ${title}`);
+
+      const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'nsa-sheets-db-builder-ddl-'));
+      try {
+        execSync(
+          `npx --prefer-offline @google/clasp create --type webapp --title "${title}" --rootDir .${userFlag(userProfile)}`,
+          { cwd: tmpDir, stdio: 'pipe' }
+        );
+
+        const claspJson = JSON.parse(fs.readFileSync(path.join(tmpDir, '.clasp.json'), 'utf8'));
+        handlerScriptId = claspJson.scriptId;
+
+        if (!handlerScriptId) {
+          console.error('  ERROR: clasp create succeeded but no scriptId found.');
+          process.exit(1);
+        }
+
+        console.log(`  scriptId: ${handlerScriptId}`);
+      } catch (err) {
+        const stderr = err.stderr?.toString() || '';
+        const stdout = err.stdout?.toString() || '';
+        console.error('\n  clasp create failed for DDL handler:');
+        if (stderr) console.error(stderr);
+        if (stdout) console.error(stdout);
+        process.exit(1);
+      } finally {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+      }
+    }
+
+    // c. Build DDL handler
+    const loggingVerbosity = config.settings?.loggingVerbosity ?? 2;
+    const projectId = rootEnv.projectId || '';
+    buildDdlHandler(handlerAdminKey, loggingVerbosity, handlerScriptId, projectId);
+
+    // d. clasp push
+    const ddlDistDir = getDdlHandlerDistDir();
+    console.log('\n  Pushing DDL handler...');
+    try {
+      execSync(`npx --prefer-offline @google/clasp push --force${userFlag(userProfile)}`, {
+        cwd: ddlDistDir,
+        stdio: 'inherit'
+      });
+    } catch {
+      console.error('  clasp push failed for DDL handler.');
+      process.exit(1);
+    }
+
+    // e. clasp deploy → get deploymentId
+    let handlerDeploymentId = ddlHandler.deploymentId || '';
+    if (handlerDeploymentId) {
+      console.log(`\n  Updating DDL handler deployment: ${handlerDeploymentId}`);
+      execSync(
+        `npx --prefer-offline @google/clasp update-deployment ${handlerDeploymentId} --description 'DDL Handler'${userFlag(userProfile)}`,
+        { cwd: ddlDistDir, stdio: 'inherit' }
+      );
+    } else {
+      console.log('\n  Creating DDL handler deployment...');
+      const output = execSync(
+        `npx --prefer-offline @google/clasp deploy --description 'DDL Handler'${userFlag(userProfile)}`,
+        { cwd: ddlDistDir, encoding: 'utf8' }
+      );
+      handlerDeploymentId = parseDeploymentId(output);
+      if (!handlerDeploymentId) {
+        console.error('  ERROR: could not parse deployment ID from clasp output:');
+        console.error(output);
+        process.exit(1);
+      }
+      console.log(`  deploymentId: ${handlerDeploymentId}`);
+    }
+
+    // f. Save to .nsaproject.json
+    if (!rootConfig.environments) rootConfig.environments = {};
+    if (!rootConfig.environments[env]) rootConfig.environments[env] = {};
+    rootConfig.environments[env].ddlHandler = {
+      scriptId: handlerScriptId,
+      deploymentId: handlerDeploymentId,
+      ddlAdminKey: handlerAdminKey
+    };
+    saveRootConfig(rootConfig);
+    ddlHandler = rootConfig.environments[env].ddlHandler;
+
+    console.log(`\n  DDL handler saved to .nsaproject.json`);
+
+    // g. Print authorization reminder
+    console.log(`\n  IMPORTANT: Authorize the DDL handler in the Apps Script editor:`);
+    console.log(`    https://script.google.com/d/${handlerScriptId}/edit`);
+    console.log(`    Open the editor → Run any function → Approve permissions.`);
+    console.log(`    This only needs to be done ONCE per Google account.`);
+  }
+
+  const ddlDeploymentId = ddlHandler.deploymentId;
+  const ddlAdminKey = ddlHandler.ddlAdminKey;
+
+  // ── Step 3: Create DB GAS projects for placeholders ──
+
+  step(3, 'Create DB GAS projects');
+
+  const placeholders = instances.filter(i => isPlaceholderScriptId(i.scriptId));
+  if (placeholders.length === 0) {
+    console.log('  All instances already have real scriptIds — skipping.');
+  } else {
+    console.log(`  ${placeholders.length} placeholder(s) to create...`);
+
+    for (const inst of placeholders) {
+      const title = `${config.name}-${env}-${inst.type}`;
+      console.log(`\n  Creating GAS project: ${title}`);
+
+      const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'nsa-sheets-db-builder-'));
+      try {
+        execSync(
+          `npx --prefer-offline @google/clasp create --type webapp --title "${title}" --rootDir .${userFlag(userProfile)}`,
+          { cwd: tmpDir, stdio: 'pipe' }
+        );
+
+        const claspJson = JSON.parse(fs.readFileSync(path.join(tmpDir, '.clasp.json'), 'utf8'));
+        const newScriptId = claspJson.scriptId;
+
+        if (!newScriptId) {
+          console.error('  ERROR: clasp create succeeded but no scriptId found.');
+          process.exit(1);
+        }
+
+        console.log(`  scriptId: ${newScriptId}`);
+
+        const oldEntry = envConfig.instances[inst.scriptId];
+        delete envConfig.instances[inst.scriptId];
+        envConfig.instances[newScriptId] = oldEntry;
+
+        saveProjectConfig(dbName, config);
+        console.log(`  Saved to project.json`);
+      } catch (err) {
+        const stderr = err.stderr?.toString() || '';
+        const stdout = err.stdout?.toString() || '';
+        console.error(`\n  clasp create failed for ${inst.type}:`);
+        if (stderr) console.error(stderr);
+        if (stdout) console.error(stdout);
+        process.exit(1);
+      } finally {
+        fs.rmSync(tmpDir, { recursive: true, force: true });
+      }
+    }
+  }
+
+  // ── Step 4: Build DB instances ──
+
+  step(4, 'Build DB instances');
+
+  instances = getAllInstances(envConfig);
+
+  for (const inst of instances) {
+    buildInstance(dbName, config, env, envConfig, inst, features, rbacConfig, viewsConfig, customMethodsConfig);
+  }
+  console.log('\n  Build complete.');
+
+  // ── Step 5: Push DB instances ──
+
+  step(5, 'Push DB instances');
+
+  for (const inst of instances) {
+    const distDir = getDistDirForInstance(dbName, inst.type);
+    console.log(`\n  Pushing ${inst.type}...`);
+    try {
+      execSync(`npx --prefer-offline @google/clasp push --force${userFlag(userProfile)}`, {
+        cwd: distDir,
+        stdio: 'inherit'
+      });
+    } catch {
+      console.error(`  clasp push failed for ${inst.type}.`);
+      process.exit(1);
+    }
+  }
+  console.log('\n  Push complete.');
+
+  // ── Step 6: Deploy DB instances ──
+
+  step(6, 'Deploy DB instances');
+
+  for (const inst of instances) {
+    try {
+      deployInstance(inst, dbName, env, envConfig, userProfile, config);
+    } catch {
+      console.error(`  Deploy failed for ${inst.type}.`);
+      process.exit(1);
+    }
+  }
+
+  // Refresh instances to get deploymentIds
+  config = loadDbConfig(dbName);
+  const { envConfig: deployedEnvConfig } = getEnvConfig(config, args.env);
+  instances = getAllInstances(deployedEnvConfig);
+
+  const primaryDeploymentId = instances[0].deploymentId;
+  if (!primaryDeploymentId) {
+    console.error('  ERROR: primary instance has no deploymentId after deploy.');
+    process.exit(1);
+  }
+  console.log(`\n  Primary web app: https://script.google.com/macros/s/${primaryDeploymentId}/exec`);
+  console.log('  Deploy complete.');
+
+  // ── Step 7: Create Drive resources (via DDL handler) ──
+
+  step(7, 'Create Drive resources (via DDL handler)');
+
+  if (deployedEnvConfig.systemSpreadsheetId) {
+    console.log(`  Already set up — systemSpreadsheetId: ${deployedEnvConfig.systemSpreadsheetId}`);
+    console.log('  Skipping Drive resource creation.');
+  } else {
+    const folderName = `${config.name}-${env}`;
+    console.log(`  Creating system resources via DDL handler web app...`);
+
+    const setupResult = await callWebApp(ddlDeploymentId, 'ddlSetup', {
+      name: folderName,
+      driveFolderId: deployedEnvConfig.driveFolderId || undefined
+    }, ddlAdminKey);
+
+    if (setupResult?.error) {
+      console.error('\n  ddlSetup error:', setupResult.error);
+      process.exit(1);
+    }
+    if (!setupResult?.systemSpreadsheetId) {
+      console.error('\n  ddlSetup failed — no systemSpreadsheetId:', JSON.stringify(setupResult, null, 2));
+      process.exit(1);
+    }
+
+    deployedEnvConfig.driveFolderId = setupResult.folderId;
+    deployedEnvConfig.systemSpreadsheetId = setupResult.systemSpreadsheetId;
+    saveProjectConfig(dbName, config);
+
+    console.log(`  Drive folder: ${setupResult.folderUrl}`);
+    console.log(`  System spreadsheet: ${setupResult.systemSpreadsheetId}`);
+
+    // Create data spreadsheet for __new__ tables
+    const tables = loadTables(dbName);
+    const needsNew = Object.entries(tables).filter(([, t]) => t.spreadsheetId === '__new__');
+
+    if (needsNew.length > 0) {
+      const dataName = `${config.name}-data`;
+      console.log(`\n  Creating data spreadsheet: ${dataName}`);
+
+      const dataResult = await callWebApp(ddlDeploymentId, 'ddlCreateDataSpreadsheet', {
+        name: dataName,
+        folderId: setupResult.folderId
+      }, ddlAdminKey);
+
+      if (dataResult?.error) {
+        console.error('  ddlCreateDataSpreadsheet error:', dataResult.error);
+        process.exit(1);
+      }
+
+      if (dataResult?.spreadsheetId) {
+        console.log(`  Data spreadsheet: ${dataResult.spreadsheetId}`);
+
+        for (const [, table] of Object.entries(tables)) {
+          if (table.spreadsheetId === '__new__') {
+            table.spreadsheetId = dataResult.spreadsheetId;
+          }
+        }
+        saveTables(dbName, tables);
+        console.log(`  Updated tables.json with real spreadsheet ID`);
+      } else {
+        console.error('  Data spreadsheet creation failed:', JSON.stringify(dataResult, null, 2));
+        process.exit(1);
+      }
+    }
+
+    // ── Step 8: Re-build + re-push + re-deploy ──
+
+    step(8, 'Re-build + re-push + re-deploy (config updated with Drive IDs)');
+
+    config = loadDbConfig(dbName);
+    const { envConfig: freshEnvConfig } = getEnvConfig(config, args.env);
+    instances = getAllInstances(freshEnvConfig);
+
+    for (const inst of instances) {
+      buildInstance(dbName, config, env, freshEnvConfig, inst, features, rbacConfig, viewsConfig, customMethodsConfig);
+    }
+
+    for (const inst of instances) {
+      const distDir = getDistDirForInstance(dbName, inst.type);
+      console.log(`\n  Re-pushing ${inst.type}...`);
+      try {
+        execSync(`npx --prefer-offline @google/clasp push --force${userFlag(userProfile)}`, {
+          cwd: distDir,
+          stdio: 'inherit'
+        });
+      } catch {
+        console.error(`  clasp push failed for ${inst.type} (re-push).`);
+        process.exit(1);
+      }
+    }
+
+    // Update deployments with new code
+    for (const inst of instances) {
+      try {
+        deployInstance(inst, dbName, env, freshEnvConfig, userProfile, config);
+      } catch {
+        console.error(`  Re-deploy failed for ${inst.type}.`);
+        process.exit(1);
+      }
+    }
+    console.log('\n  Re-build + re-push + re-deploy complete.');
+  }
+
+  // ── Step 9: Provision tables (via DDL handler) ──
+
+  step(9, 'Provision tables (via DDL handler)');
+
+  const tables = loadTables(dbName);
+  const spreadsheetIds = getDataSpreadsheetIds(tables);
+
+  if (spreadsheetIds.length === 0) {
+    console.error('  No data spreadsheets found in tables.json.');
+    console.error('  Drive resource creation may have failed.');
+    process.exit(1);
+  }
+
+  const spreadsheetId = spreadsheetIds[0];
+  const tableNames = Object.keys(tables);
+
+  console.log(`  Provisioning ${tableNames.length} table(s): ${tableNames.join(', ')}`);
+  console.log(`  Data spreadsheet: ${spreadsheetId}`);
+
+  const provisionResult = await callWebApp(ddlDeploymentId, 'ddlProvisionTables', {
+    spreadsheetId,
+    tables
+  }, ddlAdminKey);
+
+  if (provisionResult?.error) {
+    console.error('  Provision error:', provisionResult.error);
+    process.exit(1);
+  }
+  console.log('  Provision result:', JSON.stringify(provisionResult, null, 2));
+
+  // ── Step 10: Rotate API keys (via DB script web app) ──
+
+  step(10, 'Rotate API keys');
+
+  const apiKeys = {};
+
+  config = loadDbConfig(dbName);
+  const { envConfig: keyEnvConfig } = getEnvConfig(config, args.env);
+  instances = getAllInstances(keyEnvConfig);
+
+  const instanceDdlAdminKey = keyEnvConfig.ddlAdminKey;
+
+  for (const inst of instances) {
+    if (!inst.deploymentId) {
+      console.warn(`  Skipping ${inst.type} — no deploymentId.`);
+      continue;
+    }
+    console.log(`\n  Rotating API key for ${inst.type}...`);
+
+    const result = await callWebApp(inst.deploymentId, 'ddlRotateApiKey', {}, instanceDdlAdminKey);
+
+    if (result?.error) {
+      console.error(`  ddlRotateApiKey error for ${inst.type}:`, result.error);
+      process.exit(1);
+    }
+    if (result?.key) {
+      apiKeys[inst.type] = result.key;
+      console.log(`  Key set for ${inst.type}.`);
+    } else {
+      console.warn(`  Warning: ddlRotateApiKey result:`, JSON.stringify(result, null, 2));
+    }
+  }
+
+  // ── Step 11: Summary ──
+
+  step(11, 'Summary');
+
+  config = loadDbConfig(dbName);
+  const { envConfig: finalEnvConfig } = getEnvConfig(config, args.env);
+
+  console.log(`\n  Project: ${dbName}`);
+  console.log(`  Environment: ${env}`);
+
+  // DDL handler info
+  console.log(`\n  DDL Handler (${account}):`);
+  console.log(`    Script: https://script.google.com/d/${ddlHandler.scriptId}/edit`);
+  console.log(`    Web app: https://script.google.com/macros/s/${ddlHandler.deploymentId}/exec`);
+
+  if (finalEnvConfig.driveFolderId) {
+    console.log(`\n  Drive folder: https://drive.google.com/drive/folders/${finalEnvConfig.driveFolderId}`);
+  }
+
+  console.log('\n  Instances:');
+  for (const inst of getAllInstances(finalEnvConfig)) {
+    console.log(`    ${inst.type}:`);
+    console.log(`      Script: https://script.google.com/d/${inst.scriptId}/edit`);
+    if (inst.deploymentId) {
+      console.log(`      Web app: https://script.google.com/macros/s/${inst.deploymentId}/exec`);
+    }
+    if (apiKeys[inst.type]) {
+      console.log(`      API key: ${apiKeys[inst.type]}`);
+    }
+  }
+
+  console.log('\n  API keys are shown above — store them securely.');
+  console.log('  They will not be shown again.\n');
+
+  console.log('Setup complete!');
+}
+
+setup();