scaffoldry 1.0.1

package/dist/chunk-AA2UXYNR.js

@@ -0,0 +1,1952 @@
+import {
+  checkEnvVar,
+  checkNodeVersion,
+  checkPnpmVersion,
+  checkStripeCli,
+  clearLicense,
+  createTemplateContext,
+  getStoredLicense,
+  isValidLicenseKeyFormat,
+  logger,
+  printBox,
+  printError,
+  printInfo,
+  printSuccess,
+  printWarning,
+  readEnvLocal,
+  runConfigurationChecks,
+  runEnvironmentChecks,
+  runServiceChecks,
+  saveProjectData,
+  storeLicense,
+  toKebabCase,
+  toPascalCase,
+  validateLicense,
+  writeEnvLocal
+} from "./chunk-XIP7YNKZ.js";
+import {
+  copyToClipboard,
+  getKillSignal,
+  getPlatformDisplayName,
+  getSpawnOptions,
+  getTermSignal,
+  setupShutdownHandlers
+} from "./chunk-WOS3F5LR.js";
+
+// src/templates/index.ts
+function generateProjectFiles(context) {
+  const files = [];
+  files.push(generatePackageJson(context));
+  files.push(generateTsConfig(context));
+  files.push(generateEnvExample(context));
+  files.push(generateEnvLocal(context));
+  files.push(generateMainEntry(context));
+  files.push(generatePlatformConfig(context));
+  files.push(generateGitignore());
+  return files;
+}
+function generatePackageJson(context) {
+  const kebabName = toKebabCase(context.projectName);
+  const dependencies = {
+    "scaffoldry-platform": "^1.0.0",
+    "scaffoldry-db": "^1.0.0",
+    "scaffoldry-core": "^1.0.0",
+    "dotenv": "^16.5.0"
+  };
+  if (context.hasAuth) {
+    dependencies["scaffoldry-auth"] = "^1.0.0";
+  }
+  if (context.hasBilling) {
+    dependencies["scaffoldry-billing"] = "^1.0.0";
+  }
+  if (context.hasEmail) {
+    dependencies["scaffoldry-notify"] = "^1.0.0";
+  }
+  if (context.hasStorage) {
+    dependencies["scaffoldry-storage"] = "^1.0.0";
+  }
+  if (context.hasJobs) {
+    dependencies["scaffoldry-jobs"] = "^1.0.0";
+  }
+  if (context.hasWebhooks) {
+    dependencies["scaffoldry-webhooks"] = "^1.0.0";
+  }
+  const pkg = {
+    name: kebabName,
+    version: "0.1.0",
+    description: context.projectDescription,
+    type: "module",
+    scripts: {
+      dev: "tsx watch src/index.ts",
+      build: "tsc",
+      start: "node dist/index.js",
+      typecheck: "tsc --noEmit"
+    },
+    dependencies,
+    devDependencies: {
+      "@types/node": "^20.17.57",
+      tsx: "^4.20.3",
+      typescript: "^5.8.3"
+    }
+  };
+  return {
+    path: "package.json",
+    content: JSON.stringify(pkg, null, 2) + "\n"
+  };
+}
+function generateTsConfig(_context) {
+  const config = {
+    compilerOptions: {
+      target: "ES2022",
+      module: "ESNext",
+      moduleResolution: "bundler",
+      esModuleInterop: true,
+      strict: true,
+      skipLibCheck: true,
+      outDir: "./dist",
+      rootDir: "./src",
+      declaration: true
+    },
+    include: ["src/**/*"],
+    exclude: ["node_modules", "dist"]
+  };
+  return {
+    path: "tsconfig.json",
+    content: JSON.stringify(config, null, 2) + "\n"
+  };
+}
+function generateEnvExample(context) {
+  const lines = [
+    "# Database",
+    "DATABASE_URL=postgresql://localhost:5432/my_app",
+    ""
+  ];
+  if (context.hasBilling) {
+    lines.push(
+      "# Stripe",
+      "STRIPE_SECRET_KEY=sk_test_...",
+      "STRIPE_WEBHOOK_SECRET=whsec_...",
+      "STRIPE_PRICE_ID_STARTER=price_...",
+      "STRIPE_PRICE_ID_PRO=price_...",
+      ""
+    );
+  }
+  if (context.hasEmail) {
+    lines.push(
+      "# Resend",
+      "RESEND_API_KEY=re_...",
+      "RESEND_FROM_EMAIL=noreply@example.com",
+      ""
+    );
+  }
+  if (context.hasStorage) {
+    lines.push(
+      "# S3",
+      "S3_BUCKET=my-bucket",
+      "S3_REGION=us-east-1",
+      "S3_ACCESS_KEY_ID=AKIA...",
+      "S3_SECRET_ACCESS_KEY=...",
+      ""
+    );
+  }
+  return {
+    path: ".env.example",
+    content: lines.join("\n")
+  };
+}
+function generateEnvLocal(_context) {
+  return {
+    path: ".env.local",
+    content: "# Local environment overrides\n"
+  };
+}
+function generateMainEntry(context) {
+  const imports = ['import "dotenv/config";', 'import { createPlatform } from "./platform.js";'];
+  const content = `${imports.join("\n")}
+
+async function main() {
+  const platform = createPlatform();
+
+  console.log("Platform initialized successfully!");
+  console.log("Available services:");
+  console.log("  - Database:", !!platform.db);
+  console.log("  - Logger:", !!platform.logger);
+  console.log("  - Audit:", !!platform.audit);
+${context.hasAuth ? '  console.log("  - Auth:", !!platform.auth);' : ""}
+${context.hasBilling ? '  console.log("  - Billing:", !!platform.billing);' : ""}
+${context.hasEmail ? '  console.log("  - Email:", !!platform.email);' : ""}
+${context.hasStorage ? '  console.log("  - Storage:", !!platform.storage);' : ""}
+${context.hasJobs ? '  console.log("  - Jobs:", !!platform.jobs);' : ""}
+${context.hasWebhooks ? '  console.log("  - Webhook Inbox:", !!platform.webhookInbox);' : ""}
+}
+
+main().catch(console.error);
+`;
+  return {
+    path: "src/index.ts",
+    content
+  };
+}
+function generatePlatformConfig(context) {
+  const content = `import { createPlatform as createScaffoldryPlatform } from "@scaffoldry/platform";
+
+export function createPlatform() {
+  return createScaffoldryPlatform({
+    database: {
+      url: process.env.DATABASE_URL!,
+    },
+${context.hasBilling ? `    stripe: {
+      secretKey: process.env.STRIPE_SECRET_KEY!,
+      webhookSecret: process.env.STRIPE_WEBHOOK_SECRET!,
+      priceIdStarter: process.env.STRIPE_PRICE_ID_STARTER!,
+      priceIdPro: process.env.STRIPE_PRICE_ID_PRO!,
+    },` : ""}
+${context.hasEmail ? `    resend: {
+      apiKey: process.env.RESEND_API_KEY!,
+      fromEmail: process.env.RESEND_FROM_EMAIL!,
+    },` : ""}
+${context.hasStorage ? `    s3: {
+      bucket: process.env.S3_BUCKET!,
+      region: process.env.S3_REGION!,
+      accessKeyId: process.env.S3_ACCESS_KEY_ID!,
+      secretAccessKey: process.env.S3_SECRET_ACCESS_KEY!,
+    },` : ""}
+  });
+}
+
+export type Platform = ReturnType<typeof createPlatform>;
+`;
+  return {
+    path: "src/platform.ts",
+    content
+  };
+}
+function generateGitignore() {
+  return {
+    path: ".gitignore",
+    content: `# Dependencies
+node_modules/
+
+# Build output
+dist/
+
+# Environment files
+.env
+.env.local
+.env.*.local
+
+# IDE
+.vscode/
+.idea/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+npm-debug.log*
+
+# Test coverage
+coverage/
+`
+  };
+}
+
+// src/commands/init.ts
+import path from "path";
+import fs from "fs-extra";
+import prompts from "prompts";
+import ora from "ora";
+async function loadConfigFile(configPath) {
+  const absolutePath = path.resolve(process.cwd(), configPath);
+  if (!await fs.pathExists(absolutePath)) {
+    throw new Error(`Config file not found: ${absolutePath}`);
+  }
+  const content = await fs.readFile(absolutePath, "utf-8");
+  const config = JSON.parse(content);
+  if (!config.name || typeof config.name !== "string") {
+    throw new Error("Config file must contain a 'name' field");
+  }
+  return config;
+}
+async function initCommand(targetDir, options = {}) {
+  const { configFile, skipPrompts } = options;
+  let fileConfig = null;
+  if (configFile) {
+    try {
+      fileConfig = await loadConfigFile(configFile);
+      logger.log(`Using config file: ${configFile}`);
+      logger.newLine();
+    } catch (error) {
+      logger.error(error instanceof Error ? error.message : "Failed to load config file");
+      return;
+    }
+  }
+  if (!skipPrompts) {
+    logger.newLine();
+    printBox("Welcome to Scaffoldry!", [
+      "Let's build your SaaS in minutes.",
+      "",
+      "You're getting our production-ready stack:",
+      "\u2022 Neon (serverless PostgreSQL) + Drizzle ORM",
+      "\u2022 Password + Magic Link authentication",
+      "\u2022 Stripe billing",
+      "\u2022 Resend transactional email",
+      "\u2022 AWS S3 file storage"
+    ]);
+    logger.newLine();
+  }
+  const license = await ensureLicense(fileConfig?.licenseKey, skipPrompts);
+  if (!license) {
+    logger.error("A valid license is required to use Scaffoldry.");
+    logger.log("Purchase a license at: https://scaffoldry.com");
+    return;
+  }
+  let config;
+  if (fileConfig) {
+    config = {
+      name: fileConfig.name,
+      description: fileConfig.description || "A SaaS application built with Scaffoldry",
+      features: ["auth", "billing", "email", "storage", "jobs", "webhooks", "admin"],
+      database: "neon",
+      packageManager: "pnpm"
+    };
+    logger.log(`Project name: ${config.name}`);
+    logger.log(`Description: ${config.description}`);
+    logger.newLine();
+  } else {
+    config = await promptForConfig();
+  }
+  if (!config) {
+    logger.error("Project setup cancelled.");
+    return;
+  }
+  const projectDir = targetDir ? path.resolve(process.cwd(), targetDir) : path.resolve(process.cwd(), toKebabCase(config.name));
+  if (await fs.pathExists(projectDir)) {
+    if (skipPrompts) {
+      logger.log(`Removing existing directory: ${projectDir}`);
+      await fs.remove(projectDir);
+    } else {
+      const { overwrite } = await prompts({
+        type: "confirm",
+        name: "overwrite",
+        message: `Directory ${projectDir} already exists. Overwrite?`,
+        initial: false
+      });
+      if (!overwrite) {
+        logger.error("Project setup cancelled.");
+        return;
+      }
+      await fs.remove(projectDir);
+    }
+  }
+  const spinner = ora("Creating project files...").start();
+  try {
+    const context = createTemplateContext(config);
+    const files = generateProjectFiles(context);
+    for (const file of files) {
+      const filePath = path.join(projectDir, file.path);
+      await fs.ensureDir(path.dirname(filePath));
+      await fs.writeFile(filePath, file.content);
+    }
+    if (fileConfig?.env && Object.keys(fileConfig.env).length > 0) {
+      const envPath = path.join(projectDir, ".env.local");
+      const envContent = Object.entries(fileConfig.env).map(([key, value]) => `${key}=${value}`).join("\n");
+      await fs.writeFile(envPath, envContent + "\n");
+    }
+    spinner.succeed("Project files created!");
+    logger.newLine();
+    logger.success(`Project "${config.name}" created successfully!`);
+    let shouldRunSetup = false;
+    if (skipPrompts) {
+      shouldRunSetup = fileConfig?.runSetup ?? false;
+      if (!shouldRunSetup) {
+        logger.newLine();
+        logger.log("To configure your services:");
+        logger.log(`  cd ${toKebabCase(config.name)}`);
+        logger.log("  pnpm install");
+        logger.log("  scaffoldry setup all");
+      }
+    } else {
+      logger.newLine();
+      printBox("Next: Configure Your Services", [
+        "Your project needs API keys for:",
+        "\u2022 Neon Database (required)",
+        "\u2022 Stripe Billing (required for billing)",
+        "\u2022 Resend Email (required for auth emails)",
+        "\u2022 AWS S3 Storage (optional)"
+      ]);
+      logger.newLine();
+      const response = await prompts({
+        type: "confirm",
+        name: "runSetup",
+        message: "Run setup wizard now?",
+        initial: true
+      });
+      shouldRunSetup = response.runSetup;
+      if (!shouldRunSetup) {
+        logger.newLine();
+        logger.log("To configure your services later:");
+        logger.log(`  cd ${toKebabCase(config.name)}`);
+        logger.log("  pnpm install");
+        logger.log("  scaffoldry setup all");
+        logger.newLine();
+        logger.log("Or configure individually:");
+        logger.log("  scaffoldry setup database");
+        logger.log("  scaffoldry setup stripe");
+        logger.log("  scaffoldry setup email");
+        logger.log("  scaffoldry setup storage");
+      }
+    }
+    if (shouldRunSetup) {
+      process.chdir(projectDir);
+      const { setupAllCommand: setupAllCommand2 } = await import("./setup-L2PO5OVZ.js");
+      await setupAllCommand2();
+    }
+    logger.newLine();
+  } catch (error) {
+    spinner.fail("Failed to create project files.");
+    throw error;
+  }
+}
+async function promptForConfig() {
+  const response = await prompts([
+    {
+      type: "text",
+      name: "name",
+      message: "Project name:",
+      initial: "my-saas-app",
+      validate: (value) => value.length > 0 ? true : "Project name is required"
+    },
+    {
+      type: "text",
+      name: "description",
+      message: "What are you building? (one sentence)",
+      initial: "A SaaS application built with Scaffoldry"
+    }
+  ]);
+  if (!response.name) {
+    return null;
+  }
+  return {
+    name: response.name,
+    description: response.description,
+    // All features enabled by default in v1
+    features: ["auth", "billing", "email", "storage", "jobs", "webhooks", "admin"],
+    database: "neon",
+    // Neon is the v1 choice
+    packageManager: "pnpm"
+    // pnpm is the v1 choice
+  };
+}
+async function ensureLicense(providedKey, skipPrompts) {
+  if (providedKey) {
+    const normalizedKey = providedKey.trim().toUpperCase();
+    if (!isValidLicenseKeyFormat(normalizedKey)) {
+      logger.error("Invalid license key format in config. Expected: SCAF-XXXX-XXXX-XXXX-XXXX");
+      return null;
+    }
+    const spinner2 = ora("Validating license...").start();
+    const validation2 = await validateLicense(normalizedKey);
+    if (!validation2.valid) {
+      spinner2.fail(validation2.error || "License validation failed");
+      return null;
+    }
+    spinner2.succeed(`License validated for ${validation2.email || "licensed user"}`);
+    await storeLicense({
+      key: normalizedKey,
+      ...validation2.email && { email: validation2.email },
+      validatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    logger.newLine();
+    return { key: normalizedKey, email: validation2.email };
+  }
+  const stored = await getStoredLicense();
+  if (stored) {
+    logger.log(`Authenticated as ${stored.email || "licensed user"}`);
+    logger.newLine();
+    const validation2 = await validateLicense(stored.key);
+    if (validation2.valid) {
+      return { key: stored.key, email: validation2.email || stored.email };
+    }
+    logger.warn("Your stored license is no longer valid.");
+    logger.newLine();
+  }
+  if (skipPrompts) {
+    logger.error("No valid license found. Provide licenseKey in config file or run 'scaffoldry login' first.");
+    return null;
+  }
+  logger.log("Please enter your Scaffoldry license key.");
+  logger.log("Purchase at: https://scaffoldry.com");
+  logger.newLine();
+  const { licenseKey } = await prompts({
+    type: "text",
+    name: "licenseKey",
+    message: "License key:",
+    validate: (value) => {
+      if (!value.trim()) {
+        return "License key is required";
+      }
+      if (!isValidLicenseKeyFormat(value.trim().toUpperCase())) {
+        return "Invalid license key format. Expected: SCAF-XXXX-XXXX-XXXX-XXXX";
+      }
+      return true;
+    },
+    format: (value) => value.trim().toUpperCase()
+  });
+  if (!licenseKey) {
+    return null;
+  }
+  const spinner = ora("Validating license...").start();
+  const validation = await validateLicense(licenseKey);
+  if (!validation.valid) {
+    spinner.fail(validation.error || "License validation failed");
+    return null;
+  }
+  spinner.succeed(`License validated for ${validation.email || "licensed user"}`);
+  await storeLicense({
+    key: licenseKey,
+    ...validation.email && { email: validation.email },
+    validatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  logger.newLine();
+  return { key: licenseKey, email: validation.email };
+}
+
+// src/commands/login.ts
+import prompts2 from "prompts";
+import ora2 from "ora";
+import fs2 from "fs/promises";
+import path2 from "path";
+import os from "os";
+async function configureNpmrc(licenseKey) {
+  const npmrcPath = path2.join(os.homedir(), ".npmrc");
+  let content = "";
+  try {
+    content = await fs2.readFile(npmrcPath, "utf-8");
+  } catch {
+  }
+  const lines = content.split("\n");
+  const registryUrl = "https://scaffoldry.com/api/registry";
+  const registryKey = "@scaffoldry:registry";
+  const authKey = "//scaffoldry.com/api/registry/:_authToken";
+  let registryFound = false;
+  let authFound = false;
+  const newLines = lines.map((line) => {
+    if (line.trim().startsWith(registryKey)) {
+      registryFound = true;
+      return `${registryKey}=${registryUrl}`;
+    }
+    if (line.trim().startsWith(authKey)) {
+      authFound = true;
+      return `${authKey}=${licenseKey}`;
+    }
+    return line;
+  });
+  if (!registryFound) {
+    newLines.push(`${registryKey}=${registryUrl}`);
+  }
+  if (!authFound) {
+    newLines.push(`${authKey}=${licenseKey}`);
+  }
+  const cleanContent = newLines.join("\n").replace(/\n+$/, "") + "\n";
+  await fs2.writeFile(npmrcPath, cleanContent, "utf-8");
+}
+async function loginCommand() {
+  logger.log("");
+  logger.info("Scaffoldry Login");
+  logger.newLine();
+  const stored = await getStoredLicense();
+  if (stored) {
+    logger.log(`You are already logged in as ${stored.email || "licensed user"}`);
+    logger.newLine();
+    const { reauth } = await prompts2({
+      type: "confirm",
+      name: "reauth",
+      message: "Do you want to login with a different license key?",
+      initial: false
+    });
+    if (!reauth) {
+      return;
+    }
+  }
+  logger.log("Enter your Scaffoldry license key.");
+  logger.log("Purchase at: https://scaffoldry.com");
+  logger.newLine();
+  const { licenseKey } = await prompts2({
+    type: "text",
+    name: "licenseKey",
+    message: "License key:",
+    validate: (value) => {
+      if (!value.trim()) {
+        return "License key is required";
+      }
+      if (!isValidLicenseKeyFormat(value.trim().toUpperCase())) {
+        return "Invalid license key format. Expected: SCAF-XXXX-XXXX-XXXX-XXXX";
+      }
+      return true;
+    },
+    format: (value) => value.trim().toUpperCase()
+  });
+  if (!licenseKey) {
+    logger.error("Login cancelled.");
+    return;
+  }
+  const spinner = ora2("Validating license...").start();
+  const validation = await validateLicense(licenseKey);
+  if (!validation.valid) {
+    spinner.fail(validation.error || "License validation failed");
+    return;
+  }
+  spinner.succeed(`License validated!`);
+  await storeLicense({
+    key: licenseKey,
+    ...validation.email && { email: validation.email },
+    validatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  await configureNpmrc(licenseKey);
+  logger.success("Configured .npmrc for private registry access.");
+  logger.newLine();
+  logger.success(`Logged in as ${validation.email || "licensed user"}`);
+  logger.newLine();
+  logger.log("You can now use all Scaffoldry features.");
+  logger.log("Run 'scaffoldry init' to create a new project.");
+  logger.newLine();
+}
+
+// src/commands/logout.ts
+import prompts3 from "prompts";
+async function logoutCommand() {
+  logger.log("");
+  logger.info("Scaffoldry Logout");
+  logger.newLine();
+  const stored = await getStoredLicense();
+  if (!stored) {
+    logger.log("You are not logged in.");
+    return;
+  }
+  const { confirm } = await prompts3({
+    type: "confirm",
+    name: "confirm",
+    message: `Log out from ${stored.email || "licensed user"}?`,
+    initial: true
+  });
+  if (!confirm) {
+    logger.log("Logout cancelled.");
+    return;
+  }
+  await clearLicense();
+  logger.success("Logged out successfully.");
+  logger.newLine();
+}
+
+// src/commands/rename.ts
+import path3 from "path";
+import fs3 from "fs-extra";
+import { glob } from "glob";
+import ora3 from "ora";
+var SCAFFOLDRY_MARKERS = {
+  productName: ["Scaffoldry", "scaffoldry"],
+  productSlug: ["scaffoldry"],
+  npmScope: ["@scaffoldry"]
+};
+async function renameCommand(options) {
+  const {
+    productName,
+    productSlug = toKebabCase(productName),
+    primaryDomain = `${productSlug}.com`,
+    npmScope = `@${productSlug}`,
+    dryRun = false
+  } = options;
+  logger.info(`Renaming project to "${productName}"...`);
+  if (dryRun) {
+    logger.warn("DRY RUN - no files will be modified");
+  }
+  logger.newLine();
+  const projectDir = process.cwd();
+  const files = await glob("**/*.{ts,tsx,js,jsx,json,md,yml,yaml,env,env.*}", {
+    cwd: projectDir,
+    ignore: ["**/node_modules/**", "**/dist/**", "**/.git/**", "**/pnpm-lock.yaml"],
+    dot: true
+  });
+  const spinner = ora3("Scanning files...").start();
+  const replacements = [];
+  for (const file of files) {
+    const filePath = path3.join(projectDir, file);
+    const content = await fs3.readFile(filePath, "utf-8");
+    const changes = [];
+    if (SCAFFOLDRY_MARKERS.productName.some((m) => content.includes(m))) {
+      changes.push({ from: "Scaffoldry", to: toPascalCase(productName) });
+      changes.push({ from: "scaffoldry", to: productSlug });
+    }
+    if (content.includes("@scaffoldry/")) {
+      changes.push({ from: "@scaffoldry/", to: `${npmScope}/` });
+    }
+    if (content.includes('@scaffoldry"')) {
+      changes.push({ from: '@scaffoldry"', to: `${npmScope}"` });
+    }
+    if (content.includes("scaffoldry.com")) {
+      changes.push({ from: "scaffoldry.com", to: primaryDomain });
+    }
+    if (changes.length > 0) {
+      replacements.push({ file, changes });
+    }
+  }
+  spinner.succeed(`Found ${replacements.length} files to update`);
+  if (replacements.length === 0) {
+    logger.info("No Scaffoldry markers found. Is this a Scaffoldry project?");
+    return;
+  }
+  logger.newLine();
+  logger.log("Changes to apply:");
+  for (const { file, changes } of replacements) {
+    logger.log(`  ${file}:`);
+    for (const { from, to } of changes) {
+      logger.log(`    "${from}" -> "${to}"`);
+    }
+  }
+  logger.newLine();
+  if (dryRun) {
+    logger.warn("DRY RUN complete - no files were modified");
+    return;
+  }
+  const applySpinner = ora3("Applying changes...").start();
+  for (const { file, changes } of replacements) {
+    const filePath = path3.join(projectDir, file);
+    let content = await fs3.readFile(filePath, "utf-8");
+    for (const { from, to } of changes) {
+      content = content.split(from).join(to);
+    }
+    await fs3.writeFile(filePath, content);
+  }
+  applySpinner.succeed("Changes applied successfully");
+  logger.newLine();
+  logger.success(`Project renamed to "${productName}"!`);
+  logger.newLine();
+  logger.log("Next steps:");
+  logger.log("  1. Review the changes");
+  logger.log("  2. Run `pnpm install` to update dependencies");
+  logger.log("  3. Commit the changes");
+}
+
+// src/commands/create-app.ts
+import path4 from "path";
+import fs4 from "fs-extra";
+import ora4 from "ora";
+async function createAppCommand(options) {
+  const { slug, name } = options;
+  const kebabSlug = toKebabCase(slug);
+  const pascalName = toPascalCase(name);
+  logger.info(`Creating new app "${name}" (${kebabSlug})...`);
+  logger.newLine();
+  const projectDir = process.cwd();
+  const appsDir = path4.join(projectDir, "apps");
+  const appDir = path4.join(appsDir, kebabSlug);
+  if (!await fs4.pathExists(appsDir)) {
+    logger.error("No 'apps' directory found. Are you in a Scaffoldry project root?");
+    return;
+  }
+  if (await fs4.pathExists(appDir)) {
+    logger.error(`App "${kebabSlug}" already exists at ${appDir}`);
+    return;
+  }
+  const spinner = ora4("Creating app files...").start();
+  try {
+    await fs4.ensureDir(appDir);
+    await fs4.writeJSON(
+      path4.join(appDir, "package.json"),
+      {
+        name: kebabSlug,
+        version: "0.0.0",
+        private: true,
+        scripts: {
+          dev: "next dev",
+          build: "next build",
+          start: "next start",
+          lint: "next lint",
+          typecheck: "tsc --noEmit"
+        },
+        dependencies: {
+          next: "^14.0.0",
+          react: "^18.2.0",
+          "react-dom": "^18.2.0",
+          "scaffoldry-platform": "workspace:*",
+          "scaffoldry-ui": "workspace:*"
+        },
+        devDependencies: {
+          "@types/node": "^20.10.0",
+          "@types/react": "^18.2.0",
+          "@types/react-dom": "^18.2.0",
+          typescript: "^5.3.0"
+        }
+      },
+      { spaces: 2 }
+    );
+    await fs4.writeJSON(
+      path4.join(appDir, "tsconfig.json"),
+      {
+        extends: "../../tsconfig.json",
+        compilerOptions: {
+          outDir: "./dist",
+          rootDir: "./src",
+          noEmit: false,
+          jsx: "preserve",
+          module: "ESNext",
+          moduleResolution: "bundler",
+          allowJs: true,
+          resolveJsonModule: true,
+          isolatedModules: true,
+          incremental: true,
+          plugins: [{ name: "next" }],
+          paths: {
+            "@/*": ["./src/*"]
+          }
+        },
+        include: ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
+        exclude: ["node_modules", "dist"]
+      },
+      { spaces: 2 }
+    );
+    await fs4.writeFile(
+      path4.join(appDir, "next.config.js"),
+      `/** @type {import('next').NextConfig} */
+const nextConfig = {
+  transpilePackages: ["scaffoldry-platform", "scaffoldry-ui"],
+};
+
+module.exports = nextConfig;
+`
+    );
+    await fs4.ensureDir(path4.join(appDir, "src", "app"));
+    await fs4.writeFile(
+      path4.join(appDir, "src", "app", "layout.tsx"),
+      `import type { Metadata } from "next";
+
+export const metadata: Metadata = {
+  title: "${name}",
+  description: "Built with Scaffoldry",
+};
+
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return (
+    <html lang="en">
+      <body>{children}</body>
+    </html>
+  );
+}
+`
+    );
+    await fs4.writeFile(
+      path4.join(appDir, "src", "app", "page.tsx"),
+      `export default function Home() {
+  return (
+    <main className="flex min-h-screen flex-col items-center justify-center p-24">
+      <h1 className="text-4xl font-bold">${pascalName}</h1>
+      <p className="mt-4 text-lg text-gray-600">
+        Welcome to your new Scaffoldry app!
+      </p>
+    </main>
+  );
+}
+`
+    );
+    await fs4.writeFile(
+      path4.join(appDir, "next-env.d.ts"),
+      `/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/basic-features/typescript for more information.
+`
+    );
+    spinner.succeed("App files created!");
+    logger.newLine();
+    logger.success(`App "${name}" created successfully at apps/${kebabSlug}!`);
+    logger.newLine();
+    logger.log("Next steps:");
+    logger.log(`  pnpm install`);
+    logger.log(`  pnpm --filter ${kebabSlug} dev`);
+    logger.newLine();
+  } catch (error) {
+    spinner.fail("Failed to create app files.");
+    throw error;
+  }
+}
+
+// src/commands/upgrade.ts
+import path5 from "path";
+import fs5 from "fs-extra";
+import ora5 from "ora";
+var SCAFFOLDRY_PACKAGES = [
+  "scaffoldry-db",
+  "scaffoldry-core",
+  "scaffoldry-auth",
+  "scaffoldry-webhooks",
+  "scaffoldry-billing",
+  "scaffoldry-jobs",
+  "scaffoldry-notify",
+  "scaffoldry-storage",
+  "scaffoldry-platform",
+  "scaffoldry-ui",
+  "scaffoldry-admin",
+  "scaffoldry-cli"
+];
+async function upgradeCommand(options) {
+  const { check = false, dryRun = false, breaking = false } = options;
+  logger.info("Checking for Scaffoldry updates...");
+  if (dryRun) {
+    logger.warn("DRY RUN - no packages will be modified");
+  }
+  logger.newLine();
+  const projectDir = process.cwd();
+  const packageJsonPath = path5.join(projectDir, "package.json");
+  if (!await fs5.pathExists(packageJsonPath)) {
+    logger.error("No package.json found. Are you in a project root?");
+    return;
+  }
+  const spinner = ora5("Fetching version information...").start();
+  try {
+    const packageJson = await fs5.readJSON(packageJsonPath);
+    const dependencies = {
+      ...packageJson.dependencies,
+      ...packageJson.devDependencies
+    };
+    const updates = [];
+    for (const pkgName of SCAFFOLDRY_PACKAGES) {
+      const currentVersion = dependencies[pkgName];
+      if (!currentVersion) continue;
+      const latestVersion = await getLatestVersion(pkgName);
+      if (latestVersion && currentVersion !== latestVersion) {
+        const isBreaking = isBreakingChange(currentVersion, latestVersion);
+        updates.push({
+          name: pkgName,
+          current: currentVersion,
+          latest: latestVersion,
+          isBreaking
+        });
+      }
+    }
+    spinner.succeed("Version check complete");
+    if (updates.length === 0) {
+      logger.success("All Scaffoldry packages are up to date!");
+      return;
+    }
+    const filteredUpdates = breaking ? updates : updates.filter((u) => !u.isBreaking);
+    logger.newLine();
+    logger.log("Available updates:");
+    logger.newLine();
+    for (const update of filteredUpdates) {
+      const breakingIndicator = update.isBreaking ? " (BREAKING)" : "";
+      logger.log(
+        `  ${update.name}: ${update.current} -> ${update.latest}${breakingIndicator}`
+      );
+    }
+    if (!breaking && updates.some((u) => u.isBreaking)) {
+      logger.newLine();
+      logger.warn(
+        `${updates.filter((u) => u.isBreaking).length} breaking updates available. Use --breaking to include them.`
+      );
+    }
+    if (check) {
+      logger.newLine();
+      logger.info("Run without --check to apply updates.");
+      return;
+    }
+    if (dryRun) {
+      logger.newLine();
+      logger.warn("DRY RUN complete - no packages were modified");
+      return;
+    }
+    logger.newLine();
+    const applySpinner = ora5("Applying updates...").start();
+    for (const update of filteredUpdates) {
+      if (packageJson.dependencies?.[update.name]) {
+        packageJson.dependencies[update.name] = update.latest;
+      }
+      if (packageJson.devDependencies?.[update.name]) {
+        packageJson.devDependencies[update.name] = update.latest;
+      }
+    }
+    await fs5.writeJSON(packageJsonPath, packageJson, { spaces: 2 });
+    applySpinner.succeed("Updates applied to package.json");
+    logger.newLine();
+    logger.success("Scaffoldry packages updated!");
+    logger.newLine();
+    logger.log("Next steps:");
+    logger.log("  1. Run `pnpm install` to install updated packages");
+    logger.log("  2. Run `scaffoldry migrate` to apply any new migrations");
+    logger.log("  3. Review the CHANGELOG for breaking changes");
+    logger.newLine();
+  } catch (error) {
+    spinner.fail("Failed to check for updates");
+    throw error;
+  }
+}
+async function getLatestVersion(packageName) {
+  try {
+    const pkgPath = path5.join(
+      process.cwd(),
+      "packages",
+      packageName,
+      "package.json"
+    );
+    if (await fs5.pathExists(pkgPath)) {
+      const pkg = await fs5.readJSON(pkgPath);
+      return pkg.version || "workspace:*";
+    }
+  } catch {
+  }
+  return null;
+}
+function isBreakingChange(current, latest) {
+  const currentParts = current.replace(/[^\d.]/g, "").split(".");
+  const latestParts = latest.replace(/[^\d.]/g, "").split(".");
+  const currentMajor = parseInt(currentParts[0] ?? "0", 10);
+  const latestMajor = parseInt(latestParts[0] ?? "0", 10);
+  return !isNaN(currentMajor) && !isNaN(latestMajor) && latestMajor > currentMajor;
+}
+
+// src/commands/migrate.ts
+import path6 from "path";
+import fs6 from "fs-extra";
+import { glob as glob2 } from "glob";
+import ora6 from "ora";
+import { neon } from "@neondatabase/serverless";
+import { drizzle } from "drizzle-orm/neon-http";
+import { migrate } from "drizzle-orm/neon-http/migrator";
+import postgres from "postgres";
+import { drizzle as drizzlePostgres } from "drizzle-orm/postgres-js";
+import { migrate as migratePostgres } from "drizzle-orm/postgres-js/migrator";
+async function migrateCommand(options = {}) {
+  const { dryRun = false } = options;
+  logger.info("Running migrations...");
+  logger.newLine();
+  const projectDir = process.cwd();
+  const databaseUrl = process.env.DATABASE_URL;
+  if (!databaseUrl) {
+    logger.error("DATABASE_URL environment variable is not set.");
+    logger.log("Set it in your .env file or export it in your shell.");
+    return;
+  }
+  const migrationDirs = [
+    path6.join(projectDir, "packages", "scaffoldry-db", "drizzle"),
+    path6.join(projectDir, "drizzle")
+  ];
+  let migrationsDir = null;
+  for (const dir of migrationDirs) {
+    if (await fs6.pathExists(dir)) {
+      migrationsDir = dir;
+      break;
+    }
+  }
+  if (!migrationsDir) {
+    logger.error("No migrations directory found.");
+    logger.log("Expected one of:");
+    for (const dir of migrationDirs) {
+      logger.log(`  - ${dir}`);
+    }
+    logger.newLine();
+    logger.log("Run 'pnpm --filter scaffoldry-db generate' to create migrations.");
+    return;
+  }
+  const migrations = await glob2("*.sql", { cwd: migrationsDir });
+  if (migrations.length === 0) {
+    logger.warn("No migration files found.");
+    logger.log("Run 'pnpm --filter scaffoldry-db generate' to create migrations.");
+    return;
+  }
+  logger.info(`Found ${migrations.length} migration file(s) in ${migrationsDir}`);
+  for (const migration of migrations.sort()) {
+    logger.log(`  - ${migration}`);
+  }
+  logger.newLine();
+  if (dryRun) {
+    logger.info("Dry run mode - no migrations will be applied.");
+    return;
+  }
+  const spinner = ora6("Applying migrations...").start();
+  try {
+    const isNeon = databaseUrl.includes("neon.tech") || databaseUrl.includes("neon-");
+    if (isNeon) {
+      const sql = neon(databaseUrl);
+      const db = drizzle(sql);
+      await migrate(db, { migrationsFolder: migrationsDir });
+    } else {
+      const sql = postgres(databaseUrl, { max: 1 });
+      const db = drizzlePostgres(sql);
+      await migratePostgres(db, { migrationsFolder: migrationsDir });
+      await sql.end();
+    }
+    spinner.succeed("Migrations applied successfully!");
+    logger.newLine();
+    logger.success(`Applied ${migrations.length} migration(s).`);
+    logger.newLine();
+  } catch (error) {
+    spinner.fail("Migration failed");
+    if (error instanceof Error) {
+      logger.error(error.message);
+      if (error.message.includes("already exists")) {
+        logger.newLine();
+        logger.log("This usually means the migration was partially applied.");
+        logger.log("Check your database state and consider resetting if in development.");
+      }
+    }
+    throw error;
+  }
+}
+async function migrateCreateCommand(options) {
+  const { name } = options;
+  if (!/^[a-z][a-z0-9_]*$/.test(name)) {
+    logger.error("Migration name must be snake_case (e.g., add_user_preferences)");
+    return;
+  }
+  logger.info(`Creating migration "${name}"...`);
+  logger.newLine();
+  const projectDir = process.cwd();
+  const migrationsDir = path6.join(projectDir, "drizzle");
+  await fs6.ensureDir(migrationsDir);
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[-:T]/g, "").slice(0, 14);
+  const fileName = `${timestamp}_${name}.sql`;
+  const filePath = path6.join(migrationsDir, fileName);
+  if (await fs6.pathExists(filePath)) {
+    logger.error(`Migration file already exists: ${fileName}`);
+    return;
+  }
+  const template = `-- Migration: ${name}
+-- Created at: ${(/* @__PURE__ */ new Date()).toISOString()}
+
+-- Write your migration SQL here
+
+-- Example:
+-- CREATE TABLE user_preferences (
+--   id TEXT PRIMARY KEY,
+--   user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+--   theme TEXT NOT NULL DEFAULT 'light',
+--   notifications_enabled BOOLEAN NOT NULL DEFAULT true,
+--   created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
+--   updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW()
+-- );
+
+-- CREATE INDEX idx_user_preferences_user_id ON user_preferences(user_id);
+`;
+  await fs6.writeFile(filePath, template);
+  logger.success(`Migration created: ${fileName}`);
+  logger.newLine();
+  logger.log(`Edit the file at: ${filePath}`);
+  logger.newLine();
+  logger.log("After editing, run:");
+  logger.log("  scaffoldry migrate");
+  logger.newLine();
+}
+
+// src/commands/dev.ts
+import { spawn } from "child_process";
+import chalk from "chalk";
+var colors = [
+  chalk.cyan,
+  chalk.magenta,
+  chalk.yellow,
+  chalk.green,
+  chalk.blue
+];
+function prefixLog(prefix, color, message) {
+  const lines = message.split("\n").filter(Boolean);
+  for (const line of lines) {
+    console.log(color(`[${prefix}]`) + " " + line);
+  }
+}
+async function checkPrerequisites(projectDir, options) {
+  console.log();
+  printBox("Starting Development Environment", [
+    "Checking prerequisites..."
+  ]);
+  const checks = [];
+  checks.push({ result: await checkNodeVersion(), required: true });
+  checks.push({ result: await checkPnpmVersion(), required: true });
+  const stripeCli = await checkStripeCli();
+  const env = await readEnvLocal(projectDir);
+  const hasStripeKey = Boolean(env.STRIPE_SECRET_KEY);
+  checks.push({ result: stripeCli, required: !options.skipStripe && hasStripeKey });
+  checks.push({ result: await checkEnvVar(projectDir, "DATABASE_URL"), required: true });
+  if (!options.skipStripe) {
+    checks.push({ result: await checkEnvVar(projectDir, "STRIPE_SECRET_KEY", { required: false }), required: false });
+  }
+  let allPassed = true;
+  const stripeCliAvailable = stripeCli.status === "pass";
+  for (const { result, required } of checks) {
+    const icon = result.status === "pass" ? chalk.green("\u2713") : result.status === "warn" ? chalk.yellow("\u26A0") : chalk.red("\u2717");
+    let line = `  ${icon} ${result.label}`;
+    if (result.message) {
+      line += chalk.gray(` (${result.message})`);
+    }
+    console.log(line);
+    if (required && result.status === "fail") {
+      allPassed = false;
+    }
+  }
+  if (!allPassed) {
+    console.log();
+    printError("Some required prerequisites are missing");
+    printInfo("Run `scaffoldry doctor` for more details");
+    return { pass: false, stripeCli: stripeCliAvailable };
+  }
+  return { pass: true, stripeCli: stripeCliAvailable };
+}
+async function devCommand(options = {}) {
+  const projectDir = process.cwd();
+  const port = options.port || 3e3;
+  const prereqs = await checkPrerequisites(projectDir, options);
+  if (!prereqs.pass) {
+    process.exit(1);
+  }
+  const processes = [];
+  let colorIndex = 0;
+  const getNextColor = () => {
+    const color = colors[colorIndex++ % colors.length];
+    return color ?? chalk.white;
+  };
+  console.log();
+  console.log("Starting services...");
+  const nextProcess = spawn("pnpm", ["run", "dev", "--", "--port", String(port)], {
+    ...getSpawnOptions({
+      cwd: projectDir,
+      stdio: ["inherit", "pipe", "pipe"]
+    })
+  });
+  const nextInfo = {
+    name: "next",
+    process: nextProcess,
+    color: getNextColor()
+  };
+  processes.push(nextInfo);
+  nextProcess.stdout?.on("data", (data) => {
+    prefixLog("next", nextInfo.color, data.toString());
+  });
+  nextProcess.stderr?.on("data", (data) => {
+    prefixLog("next", nextInfo.color, data.toString());
+  });
+  printSuccess(`Next.js dev server starting on http://localhost:${port}`);
+  const env = await readEnvLocal(projectDir);
+  if (!options.skipStripe && prereqs.stripeCli && env.STRIPE_SECRET_KEY) {
+    const stripeProcess = spawn(
+      "stripe",
+      ["listen", "--forward-to", `localhost:${port}/api/webhooks/stripe`],
+      {
+        ...getSpawnOptions({
+          cwd: projectDir,
+          stdio: ["inherit", "pipe", "pipe"]
+        })
+      }
+    );
+    const stripeInfo = {
+      name: "stripe",
+      process: stripeProcess,
+      color: getNextColor()
+    };
+    processes.push(stripeInfo);
+    stripeProcess.stdout?.on("data", (data) => {
+      const output = data.toString();
+      prefixLog("stripe", stripeInfo.color, output);
+      const secretMatch = output.match(/whsec_[A-Za-z0-9]+/);
+      if (secretMatch) {
+        console.log();
+        printInfo(`Webhook secret: ${secretMatch[0]}`);
+        printInfo("Update STRIPE_WEBHOOK_SECRET in .env.local if needed");
+      }
+    });
+    stripeProcess.stderr?.on("data", (data) => {
+      prefixLog("stripe", stripeInfo.color, data.toString());
+    });
+    printSuccess("Stripe CLI listening for webhooks");
+  } else if (!options.skipStripe && !prereqs.stripeCli && env.STRIPE_SECRET_KEY) {
+    printWarning("Stripe CLI not installed - webhook forwarding disabled");
+    const { getInstallInstructions } = await import("./platform-Z35MB2P5.js");
+    printInfo(getInstallInstructions("stripe-cli"));
+  }
+  console.log();
+  printBox("Development Server Ready", [
+    `App:      http://localhost:${port}`,
+    "",
+    "Press Ctrl+C to stop all services."
+  ]);
+  console.log();
+  const cleanup = () => {
+    console.log();
+    console.log("Shutting down...");
+    const termSignal = getTermSignal();
+    const killSignal = getKillSignal();
+    for (const { name, process: proc, color } of processes) {
+      prefixLog(name, color, "Stopping...");
+      proc.kill(termSignal);
+    }
+    setTimeout(() => {
+      for (const { process: proc } of processes) {
+        if (!proc.killed) {
+          proc.kill(killSignal);
+        }
+      }
+      process.exit(0);
+    }, 3e3);
+  };
+  setupShutdownHandlers(cleanup);
+  for (const { name, process: proc, color } of processes) {
+    proc.on("exit", (code) => {
+      prefixLog(name, color, `Exited with code ${code}`);
+    });
+    proc.on("error", (error) => {
+      prefixLog(name, color, `Error: ${error.message}`);
+    });
+  }
+}
+
+// src/commands/doctor.ts
+import chalk2 from "chalk";
+import prompts4 from "prompts";
+function printCheckResults(results) {
+  for (const result of results) {
+    const icon = result.status === "pass" ? chalk2.green("\u2713") : result.status === "warn" ? chalk2.yellow("\u26A0") : chalk2.red("\u2717");
+    let line = `  ${icon} ${result.label}`;
+    if (result.message) {
+      line += chalk2.gray(` (${result.message})`);
+    }
+    console.log(line);
+  }
+}
+function collectIssues(results) {
+  const issues = [];
+  for (const result of results) {
+    if (result.status === "fail" || result.status === "warn") {
+      const issue = {
+        label: result.label,
+        message: result.message || "Issue detected"
+      };
+      if (result.fix) {
+        issue.fix = result.fix;
+      }
+      issues.push(issue);
+    }
+  }
+  return issues;
+}
+async function checkLicense() {
+  const stored = await getStoredLicense();
+  if (!stored) {
+    return {
+      status: "fail",
+      label: "Scaffoldry license",
+      message: "Not authenticated",
+      fix: "Run: scaffoldry login"
+    };
+  }
+  const validation = await validateLicense(stored.key);
+  if (validation.valid) {
+    return {
+      status: "pass",
+      label: "Scaffoldry license",
+      message: stored.email || "Valid"
+    };
+  }
+  return {
+    status: "fail",
+    label: "Scaffoldry license",
+    message: validation.error || "Invalid",
+    fix: "Run: scaffoldry login"
+  };
+}
+async function doctorCommand() {
+  const projectDir = process.cwd();
+  console.log();
+  printBox("Scaffoldry Doctor", [
+    "Checking your project configuration..."
+  ]);
+  console.log();
+  console.log(chalk2.bold("Platform:"), getPlatformDisplayName());
+  console.log();
+  console.log(chalk2.bold("Checking environment..."));
+  const envResults = await runEnvironmentChecks();
+  printCheckResults(envResults);
+  console.log();
+  console.log(chalk2.bold("Checking license..."));
+  const licenseResult = await checkLicense();
+  printCheckResults([licenseResult]);
+  console.log();
+  console.log(chalk2.bold("Checking configuration..."));
+  const configResults = await runConfigurationChecks(projectDir);
+  printCheckResults(configResults);
+  console.log();
+  console.log(chalk2.bold("Checking services..."));
+  const serviceResults = await runServiceChecks(projectDir);
+  printCheckResults(serviceResults);
+  const licenseIssue = licenseResult.status !== "pass" ? {
+    label: licenseResult.label,
+    message: licenseResult.message || "Issue",
+    ...licenseResult.fix ? { fix: licenseResult.fix } : {}
+  } : null;
+  const allIssues = [
+    ...collectIssues(envResults),
+    ...licenseIssue ? [licenseIssue] : [],
+    ...collectIssues(configResults),
+    ...collectIssues(serviceResults)
+  ];
+  const criticalIssues = allIssues.filter(
+    (issue) => !issue.message.includes("optional") && !issue.message.includes("network error")
+  );
+  console.log();
+  if (criticalIssues.length === 0) {
+    console.log(chalk2.green.bold("\u2713 All checks passed!"));
+    console.log();
+    printInfo("Your project is configured correctly.");
+    printInfo("Run `scaffoldry dev` to start development.");
+    return;
+  }
+  const borderTop = "\u250C" + "\u2500".repeat(61) + "\u2510";
+  const borderBottom = "\u2514" + "\u2500".repeat(61) + "\u2518";
+  console.log(chalk2.yellow(borderTop));
+  console.log(chalk2.yellow("\u2502") + " ".repeat(61) + chalk2.yellow("\u2502"));
+  console.log(chalk2.yellow("\u2502") + chalk2.bold(`  ${criticalIssues.length} issue${criticalIssues.length === 1 ? "" : "s"} need attention:`).padEnd(64) + chalk2.yellow("\u2502"));
+  console.log(chalk2.yellow("\u2502") + " ".repeat(61) + chalk2.yellow("\u2502"));
+  criticalIssues.forEach((issue, i) => {
+    console.log(chalk2.yellow("\u2502") + `  ${i + 1}. ${issue.label}`.padEnd(61) + chalk2.yellow("\u2502"));
+    console.log(chalk2.yellow("\u2502") + chalk2.gray(`     ${issue.message}`).padEnd(70) + chalk2.yellow("\u2502"));
+    if (issue.fix) {
+      console.log(chalk2.yellow("\u2502") + chalk2.cyan(`     \u2192 ${issue.fix}`).padEnd(70) + chalk2.yellow("\u2502"));
+    }
+    console.log(chalk2.yellow("\u2502") + " ".repeat(61) + chalk2.yellow("\u2502"));
+  });
+  console.log(chalk2.yellow(borderBottom));
+  const fixableIssues = criticalIssues.filter((issue) => issue.fix?.startsWith("Run: scaffoldry setup"));
+  if (fixableIssues.length > 0) {
+    console.log();
+    const { autoFix } = await prompts4({
+      type: "confirm",
+      name: "autoFix",
+      message: "Run setup wizards to fix issues?",
+      initial: true
+    });
+    if (autoFix) {
+      const { setupCommand: setupCommand2 } = await import("./setup-L2PO5OVZ.js");
+      const services = /* @__PURE__ */ new Set();
+      for (const issue of fixableIssues) {
+        if (issue.fix?.includes("setup stripe")) services.add("stripe");
+        if (issue.fix?.includes("setup database")) services.add("database");
+        if (issue.fix?.includes("setup email")) services.add("email");
+        if (issue.fix?.includes("setup storage")) services.add("storage");
+        if (issue.fix?.includes("setup all")) {
+          services.add("database");
+          services.add("stripe");
+          services.add("email");
+        }
+      }
+      for (const service of services) {
+        await setupCommand2({ service });
+      }
+      console.log();
+      printInfo("Run `scaffoldry doctor` again to verify fixes");
+    }
+  }
+}
+
+// src/commands/secret.ts
+import crypto from "crypto";
+import prompts5 from "prompts";
+function generateSecureSecret(bytes = 32) {
+  return crypto.randomBytes(bytes).toString("base64url");
+}
+async function secretSetCommand(options) {
+  const projectDir = process.cwd();
+  if (!options.key || !options.value) {
+    printError("Both key and value are required");
+    printInfo("Usage: scaffoldry secret set <KEY> <VALUE>");
+    return;
+  }
+  if (!/^[A-Z_][A-Z0-9_]*$/.test(options.key)) {
+    printError("Invalid key format. Use UPPERCASE_WITH_UNDERSCORES");
+    return;
+  }
+  await writeEnvLocal(projectDir, { [options.key]: options.value });
+  logger.newLine();
+  printSuccess(`Set ${options.key} in .env.local`);
+}
+async function secretRotateCommand(options) {
+  const projectDir = process.cwd();
+  switch (options.type) {
+    case "auth":
+      await rotateAuthSecret(projectDir);
+      break;
+    case "db":
+      await rotateDatabaseCredentials(projectDir);
+      break;
+    default:
+      printError(`Unknown secret type: ${options.type}`);
+      printInfo("Supported types: auth, db");
+  }
+}
+async function rotateAuthSecret(projectDir) {
+  console.log();
+  printBox("Rotating AUTH_SECRET", [
+    "Per Section 32 rotation rules:",
+    "1. Current AUTH_SECRET \u2192 AUTH_SECRET_PREVIOUS",
+    "2. Generate new 32-byte random AUTH_SECRET",
+    "3. Both keys valid during rotation window"
+  ]);
+  const env = await readEnvLocal(projectDir);
+  const currentSecret = env.AUTH_SECRET;
+  if (!currentSecret) {
+    printWarning("No AUTH_SECRET found in .env.local");
+    console.log();
+    const { generate } = await prompts5({
+      type: "confirm",
+      name: "generate",
+      message: "Generate a new AUTH_SECRET?",
+      initial: true
+    });
+    if (generate) {
+      const newSecret2 = generateSecureSecret(32);
+      await writeEnvLocal(projectDir, { AUTH_SECRET: newSecret2 });
+      printSuccess("Generated new AUTH_SECRET");
+    }
+    return;
+  }
+  console.log();
+  const { proceed } = await prompts5({
+    type: "confirm",
+    name: "proceed",
+    message: "Proceed with rotation?",
+    initial: true
+  });
+  if (!proceed) {
+    printInfo("Rotation cancelled");
+    return;
+  }
+  console.log();
+  console.log("Rotating...");
+  const newSecret = generateSecureSecret(32);
+  await writeEnvLocal(projectDir, {
+    AUTH_SECRET: newSecret,
+    AUTH_SECRET_PREVIOUS: currentSecret
+  });
+  printSuccess("Moved current key to AUTH_SECRET_PREVIOUS");
+  printSuccess("Generated new AUTH_SECRET");
+  printSuccess("Updated .env.local");
+  console.log();
+  printWarning("Important: Restart your server to apply changes.");
+  printInfo("Sessions signed with old key will remain valid");
+  printInfo("during the rotation window (AUTH_SECRET_PREVIOUS).");
+}
+async function rotateDatabaseCredentials(projectDir) {
+  console.log();
+  printBox("Database Credential Rotation", [
+    "Database credentials require careful rotation to avoid downtime.",
+    "",
+    "Steps for Neon PostgreSQL:",
+    "1. Create new role in Neon dashboard",
+    "2. Grant same permissions as current role",
+    "3. Update DATABASE_URL with new credentials",
+    "4. Verify connection works",
+    "5. Revoke old credentials"
+  ]);
+  const env = await readEnvLocal(projectDir);
+  const currentUrl = env.DATABASE_URL;
+  if (!currentUrl) {
+    printError("No DATABASE_URL found in .env.local");
+    printInfo("Run: scaffoldry setup database");
+    return;
+  }
+  console.log();
+  printInfo("Current database host:");
+  try {
+    const url = new URL(currentUrl);
+    console.log(`  ${url.hostname}`);
+  } catch {
+    console.log("  (unable to parse URL)");
+  }
+  console.log();
+  printInfo("To rotate database credentials:");
+  console.log("  1. Go to https://console.neon.tech");
+  console.log("  2. Navigate to your project > Settings > Roles");
+  console.log("  3. Create a new role");
+  console.log("  4. Update the connection string");
+  console.log("  5. Run: scaffoldry setup database");
+  console.log();
+  const { openDocs } = await prompts5({
+    type: "confirm",
+    name: "openDocs",
+    message: "Open Neon documentation for credential rotation?",
+    initial: true
+  });
+  if (openDocs) {
+    const { exec } = await import("child_process");
+    const { promisify } = await import("util");
+    const execAsync = promisify(exec);
+    const os2 = await import("os");
+    const url = "https://neon.tech/docs/manage/roles";
+    const platform = os2.platform();
+    try {
+      if (platform === "darwin") {
+        await execAsync(`open "${url}"`);
+      } else if (platform === "win32") {
+        await execAsync(`start "${url}"`);
+      } else {
+        await execAsync(`xdg-open "${url}"`);
+      }
+      printInfo("Opened Neon documentation");
+    } catch {
+      printInfo(`Visit: ${url}`);
+    }
+  }
+}
+
+// src/commands/plan.ts
+import fs7 from "fs-extra";
+import path7 from "path";
+import prompts6 from "prompts";
+var MASTER_SPEC_INVARIANTS = `
+## Scaffoldry v1 Invariants (MUST FOLLOW)
+
+These are non-negotiable constraints that all generated code MUST follow:
+
+### Authentication
+- Use Argon2id for password hashing (NOT bcrypt)
+- Implement Pwned Passwords check on registration
+- Magic link tokens: 32-byte random, 15-minute expiry
+- Session cookies: HttpOnly, Secure, SameSite=Lax
+
+### Database
+- All tables MUST have tenant_id column for multi-tenancy
+- Use Row-Level Security (RLS) policies
+- Soft-delete with deleted_at timestamp (NOT hard delete)
+- All timestamps in UTC
+
+### API Design
+- All endpoints MUST be rate-limited
+- Input validation with Zod schemas
+- Return consistent error format: { error: string, code?: string }
+- Use POST for mutations, GET for queries
+
+### Security
+- No secrets in client-side code (NEXT_PUBLIC_ prefix rules)
+- CSRF protection on state-changing operations
+- Validate webhook signatures before processing
+- Log all authentication events to audit table
+`;
+var MASTER_SPEC_SECURITY = `
+## Security Hardening Requirements
+
+### Password Security
+- Minimum 8 characters, check against Pwned Passwords API
+- Hash with Argon2id: memoryCost=65536, timeCost=3, parallelism=4
+- Never store plaintext passwords
+- Never log passwords or password hashes
+
+### Session Security
+- Rotate session ID on privilege escalation
+- 24-hour session expiry, refresh on activity
+- Store sessions in database with user_agent and ip_hash
+- Invalidate all sessions on password change
+
+### Rate Limiting
+- Login: 5 attempts per 15 minutes per IP
+- API: 100 requests per minute per user
+- Webhook: 1000 requests per minute per endpoint
+
+### Input Validation
+- Validate ALL user input server-side
+- Sanitize HTML output to prevent XSS
+- Use parameterized queries (Drizzle handles this)
+- Validate file uploads: type, size, content
+
+### Audit Logging
+- Log: login, logout, password_change, role_change, data_export
+- Include: user_id, action, ip_hash, timestamp, metadata
+- IP addresses MUST be hashed with salt (privacy compliance)
+`;
+var TECHNICAL_STACK = `
+## Technical Stack (v1 - Locked)
+
+This is the production-ready stack used by Scaffoldry:
+
+- **Framework**: Next.js 14+ with App Router
+- **Language**: TypeScript (strict mode)
+- **Database**: PostgreSQL via Neon (serverless)
+- **ORM**: Drizzle ORM with migrations
+- **Auth**: Custom implementation (password + magic link)
+- **Payments**: Stripe (subscriptions + one-time)
+- **Email**: Resend (transactional emails)
+- **Storage**: AWS S3 (file uploads)
+- **Styling**: Tailwind CSS
+- **Validation**: Zod
+- **Testing**: Vitest
+
+### File Structure
+\`\`\`
+apps/web/
+\u251C\u2500\u2500 src/
+\u2502   \u251C\u2500\u2500 app/              # Next.js App Router pages
+\u2502   \u251C\u2500\u2500 components/       # React components
+\u2502   \u2514\u2500\u2500 lib/              # Utilities and helpers
+packages/
+\u251C\u2500\u2500 database/             # Drizzle schema and migrations
+\u251C\u2500\u2500 auth/                 # Authentication logic
+\u251C\u2500\u2500 billing/              # Stripe integration
+\u251C\u2500\u2500 email/                # Email templates and sending
+\u2514\u2500\u2500 shared/               # Shared types and utilities
+\`\`\`
+`;
+function generateDevelopmentPlan(projectName, description, features) {
+  return `# Project: ${projectName}
+
+## Executive Summary
+${description}
+
+## Technical Stack
+- **Frontend**: Next.js 14 with App Router, TypeScript, Tailwind CSS
+- **Backend**: Next.js API Routes, PostgreSQL (Neon)
+- **Authentication**: Email/password + Magic links
+- **Payments**: Stripe subscriptions
+- **Email**: Transactional emails via Resend
+- **Database**: Neon (serverless PostgreSQL) + Drizzle ORM
+
+## Core Features
+${features.map((f) => `- ${f}`).join("\n")}
+
+## Implementation Phases
+
+### Phase 1: Foundation
+- [ ] Project setup and configuration
+- [ ] Database schema design
+- [ ] User authentication flows
+- [ ] Basic CRUD operations
+
+### Phase 2: Core Features
+- [ ] Implement primary features
+- [ ] API endpoints
+- [ ] Frontend components
+- [ ] Email notifications
+
+### Phase 3: Polish
+- [ ] Error handling
+- [ ] Loading states
+- [ ] Testing
+- [ ] Documentation
+
+## Security Considerations
+- Row-level security for multi-tenancy
+- Rate limiting on all endpoints
+- Input validation with Zod
+- Audit logging for sensitive operations
+
+## Deployment
+- Vercel (recommended) or any Node.js host
+- Neon for database
+- Environment variables configured via \`scaffoldry setup\`
+`;
+}
+function generateAIPrompt(projectName, description, features) {
+  return `# AI Implementation Prompt for ${projectName}
+
+## Project Description
+${description}
+
+## Features to Implement
+${features.map((f, i) => `${i + 1}. ${f}`).join("\n")}
+
+---
+
+# CRITICAL: Scaffoldry Framework Context
+
+You are implementing features for a Scaffoldry project. You MUST follow these constraints exactly.
+
+${MASTER_SPEC_INVARIANTS}
+
+${MASTER_SPEC_SECURITY}
+
+${TECHNICAL_STACK}
+
+---
+
+## Implementation Guidelines
+
+When generating code:
+
+1. **Use existing patterns** - Check existing code in the codebase for patterns
+2. **Follow the schema** - Database tables in packages/database/src/schema/
+3. **Type everything** - No \`any\` types, use Zod for runtime validation
+4. **Handle errors** - All API routes must have try/catch with proper error responses
+5. **Add audit logs** - Log sensitive operations to the audit table
+6. **Test critical paths** - Auth, payments, and data access MUST have tests
+
+## Example Patterns
+
+### API Route Pattern
+\`\`\`typescript
+// apps/web/src/app/api/example/route.ts
+import { NextRequest, NextResponse } from "next/server";
+import { z } from "zod";
+import { getSession } from "@scaffoldry/auth";
+import { db } from "@scaffoldry/database";
+
+const schema = z.object({
+  // Define your schema
+});
+
+export async function POST(req: NextRequest) {
+  try {
+    const session = await getSession();
+    if (!session) {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const body = await req.json();
+    const data = schema.parse(body);
+
+    // Implementation here
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: "Invalid input" }, { status: 400 });
+    }
+    console.error("API Error:", error);
+    return NextResponse.json({ error: "Internal error" }, { status: 500 });
+  }
+}
+\`\`\`
+
+### Database Query Pattern
+\`\`\`typescript
+import { db, eq, and } from "@scaffoldry/database";
+import { users } from "@scaffoldry/database/schema";
+
+// Always filter by tenant_id for multi-tenancy
+const user = await db.query.users.findFirst({
+  where: and(
+    eq(users.id, userId),
+    eq(users.tenantId, session.tenantId)
+  ),
+});
+\`\`\`
+
+---
+
+Now implement the features described above, following all constraints and patterns.
+`;
+}
+async function planCommand() {
+  console.log();
+  printBox("Project Planner", [
+    "Let's create a development plan for your SaaS.",
+    "",
+    "This will generate:",
+    "\u2022 DEVELOPMENT_PLAN.md - Share with your team",
+    "\u2022 AI_PROMPT.md - Paste into Claude, GPT, or Cursor"
+  ]);
+  const { description } = await prompts6({
+    type: "text",
+    name: "description",
+    message: "Describe what you want to build:",
+    validate: (value) => value.length > 10 ? true : "Please provide more detail"
+  });
+  if (!description) {
+    printInfo("Cancelled");
+    return;
+  }
+  console.log();
+  printInfo("Now list the key features (one per line, empty line to finish):");
+  console.log();
+  const features = [];
+  let collecting = true;
+  while (collecting) {
+    const { feature } = await prompts6({
+      type: "text",
+      name: "feature",
+      message: features.length === 0 ? "Feature 1:" : `Feature ${features.length + 1}:`
+    });
+    if (!feature || feature.trim() === "") {
+      if (features.length === 0) {
+        printInfo("Please add at least one feature");
+        continue;
+      }
+      collecting = false;
+    } else {
+      features.push(feature.trim());
+    }
+  }
+  const projectName = description.split(" ").slice(0, 3).map((w) => w.charAt(0).toUpperCase() + w.slice(1).toLowerCase()).join("");
+  console.log();
+  console.log("\u250C" + "\u2500".repeat(61) + "\u2510");
+  console.log("\u2502" + " ".repeat(61) + "\u2502");
+  console.log("\u2502   " + `Project: ${projectName}`.padEnd(58) + "\u2502");
+  console.log("\u2502" + " ".repeat(61) + "\u2502");
+  console.log("\u2502" + "   Features:".padEnd(58) + "\u2502");
+  for (const feature of features) {
+    console.log("\u2502" + `   \u2022 ${feature}`.slice(0, 58).padEnd(58) + "\u2502");
+  }
+  console.log("\u2502" + " ".repeat(61) + "\u2502");
+  console.log("\u2514" + "\u2500".repeat(61) + "\u2518");
+  const { confirm } = await prompts6({
+    type: "confirm",
+    name: "confirm",
+    message: "Generate plans?",
+    initial: true
+  });
+  if (!confirm) {
+    printInfo("Cancelled");
+    return;
+  }
+  console.log();
+  console.log("Generating implementation plan...");
+  const devPlan = generateDevelopmentPlan(projectName, description, features);
+  const aiPrompt = generateAIPrompt(projectName, description, features);
+  const projectDir = process.cwd();
+  await fs7.writeFile(path7.join(projectDir, "DEVELOPMENT_PLAN.md"), devPlan);
+  await fs7.writeFile(path7.join(projectDir, "AI_PROMPT.md"), aiPrompt);
+  await saveProjectData(projectName, "plan.md", devPlan);
+  await saveProjectData(projectName, "ai-prompt.md", aiPrompt);
+  printSuccess("Plan saved to: ./DEVELOPMENT_PLAN.md");
+  printSuccess("AI prompt saved to: ./AI_PROMPT.md");
+  console.log();
+  const { wantsCopy } = await prompts6({
+    type: "confirm",
+    name: "wantsCopy",
+    message: "Copy AI prompt to clipboard?",
+    initial: true
+  });
+  if (wantsCopy) {
+    const copied = await copyToClipboard(aiPrompt);
+    if (copied) {
+      printSuccess("Copied to clipboard!");
+    } else {
+      printInfo("Could not copy to clipboard. Open AI_PROMPT.md manually.");
+    }
+  }
+  console.log();
+  printBox("Next Steps", [
+    "1. Review DEVELOPMENT_PLAN.md with your team",
+    "2. Use AI_PROMPT.md with Claude, GPT, or Cursor",
+    "3. The AI prompt includes critical Scaffoldry",
+    "   constraints for compliant code generation"
+  ]);
+}
+
+export {
+  generateProjectFiles,
+  initCommand,
+  loginCommand,
+  logoutCommand,
+  renameCommand,
+  createAppCommand,
+  upgradeCommand,
+  migrateCommand,
+  migrateCreateCommand,
+  devCommand,
+  doctorCommand,
+  secretSetCommand,
+  secretRotateCommand,
+  planCommand
+};
+//# sourceMappingURL=chunk-AA2UXYNR.js.map