vibecarbon 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (495) hide show
  1. package/LICENSE +663 -0
  2. package/README.md +188 -0
  3. package/carbon/.claude/hooks/task-completed-gate.sh +19 -0
  4. package/carbon/.claude/hooks/teammate-idle-gate.sh +29 -0
  5. package/carbon/.claude/settings.json +29 -0
  6. package/carbon/.cursor/rules/vibecarbon.mdc +6 -0
  7. package/carbon/.dockerignore +57 -0
  8. package/carbon/.env.example +219 -0
  9. package/carbon/.github/copilot-instructions.md +3 -0
  10. package/carbon/.github/workflows/deploy.yml +346 -0
  11. package/carbon/.github/workflows/vibecarbon-build.yml +81 -0
  12. package/carbon/.windsurfrules +74 -0
  13. package/carbon/AGENTS.md +422 -0
  14. package/carbon/CLAUDE.md +3 -0
  15. package/carbon/DEVELOPMENT.md +187 -0
  16. package/carbon/Dockerfile +98 -0
  17. package/carbon/LICENSE +21 -0
  18. package/carbon/PRODUCTION.md +364 -0
  19. package/carbon/README.md +193 -0
  20. package/carbon/TESTING.md +138 -0
  21. package/carbon/backup/Dockerfile +75 -0
  22. package/carbon/backup/backup.sh +95 -0
  23. package/carbon/backup/compose-backup.sh +140 -0
  24. package/carbon/biome.json +83 -0
  25. package/carbon/cloud-init/docker-ce-setup.yaml +55 -0
  26. package/carbon/cloud-init/k3s/master-init.sh +215 -0
  27. package/carbon/cloud-init/k3s/supabase-init.sh +167 -0
  28. package/carbon/cloud-init/k3s/worker-init.sh +147 -0
  29. package/carbon/components.json +24 -0
  30. package/carbon/content/blog/authentication-guide.mdx +34 -0
  31. package/carbon/content/blog/getting-started.mdx +41 -0
  32. package/carbon/content/changelog/v0-1-0.mdx +40 -0
  33. package/carbon/content/docs/analytics.mdx +90 -0
  34. package/carbon/content/docs/authentication.mdx +231 -0
  35. package/carbon/content/docs/background-jobs.mdx +116 -0
  36. package/carbon/content/docs/cli.mdx +630 -0
  37. package/carbon/content/docs/database.mdx +236 -0
  38. package/carbon/content/docs/deployment.mdx +227 -0
  39. package/carbon/content/docs/development.mdx +238 -0
  40. package/carbon/content/docs/environments.mdx +84 -0
  41. package/carbon/content/docs/getting-started.mdx +112 -0
  42. package/carbon/content/docs/legal/privacy-policy.mdx +89 -0
  43. package/carbon/content/docs/legal/terms-of-service.mdx +99 -0
  44. package/carbon/content/docs/optional-services.mdx +160 -0
  45. package/carbon/db/Dockerfile +23 -0
  46. package/carbon/docker-compose.dev-init.yml +5 -0
  47. package/carbon/docker-compose.metabase.override.yml +14 -0
  48. package/carbon/docker-compose.metabase.prod.yml +28 -0
  49. package/carbon/docker-compose.metabase.yml +84 -0
  50. package/carbon/docker-compose.n8n.override.yml +14 -0
  51. package/carbon/docker-compose.n8n.prod.yml +31 -0
  52. package/carbon/docker-compose.n8n.yml +97 -0
  53. package/carbon/docker-compose.observability.override.yml +18 -0
  54. package/carbon/docker-compose.observability.prod.yml +28 -0
  55. package/carbon/docker-compose.observability.yml +125 -0
  56. package/carbon/docker-compose.override.yml +28 -0
  57. package/carbon/docker-compose.prod.yml +294 -0
  58. package/carbon/docker-compose.yml +508 -0
  59. package/carbon/docker-entrypoint.sh +12 -0
  60. package/carbon/ha/activate-standby.sh +52 -0
  61. package/carbon/ha/primary-init.sql +36 -0
  62. package/carbon/ha/standby-init.sh +74 -0
  63. package/carbon/k8s/LICENSE +99 -0
  64. package/carbon/k8s/README.md +272 -0
  65. package/carbon/k8s/base/app/deployment.yaml +130 -0
  66. package/carbon/k8s/base/app/hpa.yaml +44 -0
  67. package/carbon/k8s/base/app/kustomization.yaml +10 -0
  68. package/carbon/k8s/base/app/network-policy.yaml +124 -0
  69. package/carbon/k8s/base/app/pdb.yaml +14 -0
  70. package/carbon/k8s/base/app/rbac.yaml +36 -0
  71. package/carbon/k8s/base/app/service.yaml +16 -0
  72. package/carbon/k8s/base/backup/cronjob.yaml +120 -0
  73. package/carbon/k8s/base/backup/kustomization.yaml +7 -0
  74. package/carbon/k8s/base/backup/network-policy.yaml +31 -0
  75. package/carbon/k8s/base/backup/rbac.yaml +7 -0
  76. package/carbon/k8s/base/cluster-autoscaler/deployment.yaml +103 -0
  77. package/carbon/k8s/base/cluster-autoscaler/kustomization.yaml +17 -0
  78. package/carbon/k8s/base/cluster-autoscaler/rbac.yaml +109 -0
  79. package/carbon/k8s/base/config/configmap.yaml +48 -0
  80. package/carbon/k8s/base/config/kustomization.yaml +8 -0
  81. package/carbon/k8s/base/hetzner-ccm/kustomization.yaml +9 -0
  82. package/carbon/k8s/base/hetzner-csi/kustomization.yaml +9 -0
  83. package/carbon/k8s/base/kustomization.yaml +43 -0
  84. package/carbon/k8s/base/namespace.yaml +7 -0
  85. package/carbon/k8s/base/network-policies.yaml +95 -0
  86. package/carbon/k8s/base/registry/kustomization.yaml +5 -0
  87. package/carbon/k8s/base/registry/local-registry.yaml +193 -0
  88. package/carbon/k8s/base/traefik/certificate.yaml +21 -0
  89. package/carbon/k8s/base/traefik/configmap.yaml +13 -0
  90. package/carbon/k8s/base/traefik/deployment.yaml +165 -0
  91. package/carbon/k8s/base/traefik/ingressroute.yaml +141 -0
  92. package/carbon/k8s/base/traefik/kustomization.yaml +11 -0
  93. package/carbon/k8s/base/traefik/middleware.yaml +109 -0
  94. package/carbon/k8s/base/traefik/network-policy.yaml +92 -0
  95. package/carbon/k8s/base/traefik/service.yaml +38 -0
  96. package/carbon/k8s/flux/README.md +49 -0
  97. package/carbon/k8s/flux/clusters/primary/vibecarbon.yaml +128 -0
  98. package/carbon/k8s/flux/clusters/standby/vibecarbon.yaml +83 -0
  99. package/carbon/k8s/gitops/cert-manager-webhook-hetzner/helm-release.yaml +38 -0
  100. package/carbon/k8s/gitops/cert-manager-webhook-hetzner/helm-repository.yaml +16 -0
  101. package/carbon/k8s/gitops/cert-manager-webhook-hetzner/kustomization.yaml +10 -0
  102. package/carbon/k8s/gitops/supabase/helm-release.yaml +66 -0
  103. package/carbon/k8s/gitops/supabase/helm-repository.yaml +18 -0
  104. package/carbon/k8s/gitops/supabase/kustomization.yaml +33 -0
  105. package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-cloudflare.yaml +51 -0
  106. package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-hetzner.yaml +59 -0
  107. package/carbon/k8s/infra/cert-manager-resources/cluster-issuers-manual.yaml +43 -0
  108. package/carbon/k8s/infra/cert-manager-resources/kustomization.yaml +15 -0
  109. package/carbon/k8s/infra/kustomization.yaml +21 -0
  110. package/carbon/k8s/infra/traefik-crds/kustomization.yaml +10 -0
  111. package/carbon/k8s/overlays/local/configmap.yaml +23 -0
  112. package/carbon/k8s/overlays/local/ingressroute-studio.yaml +104 -0
  113. package/carbon/k8s/overlays/local/kustomization.yaml +215 -0
  114. package/carbon/k8s/overlays/local/namespace.yaml +8 -0
  115. package/carbon/k8s/overlays/local/secrets.yaml +32 -0
  116. package/carbon/k8s/overlays/production/kustomization.yaml +34 -0
  117. package/carbon/k8s/test-local.sh +318 -0
  118. package/carbon/k8s/values/supabase.values.yaml +133 -0
  119. package/carbon/package.json +154 -0
  120. package/carbon/runtime.Dockerfile +17 -0
  121. package/carbon/scripts/_dev-jwt.mjs +45 -0
  122. package/carbon/scripts/check-rls.ts +53 -0
  123. package/carbon/scripts/dev-init.js +191 -0
  124. package/carbon/scripts/dev.js +191 -0
  125. package/carbon/scripts/docker-down.js +63 -0
  126. package/carbon/scripts/docker-logs.js +59 -0
  127. package/carbon/scripts/docker-up.js +222 -0
  128. package/carbon/scripts/generate-dev-configs.sh +131 -0
  129. package/carbon/scripts/generate-rss.ts +116 -0
  130. package/carbon/scripts/generate-sitemap.ts +102 -0
  131. package/carbon/scripts/k8s-apply.js +71 -0
  132. package/carbon/scripts/k8s-delete.js +75 -0
  133. package/carbon/scripts/lib/manifest.js +176 -0
  134. package/carbon/scripts/secret-scan.mjs +278 -0
  135. package/carbon/scripts/validate-dev-configs.sh +101 -0
  136. package/carbon/src/client/App.tsx +202 -0
  137. package/carbon/src/client/assets/hyperformant-dark.svg +29 -0
  138. package/carbon/src/client/assets/hyperformant-light.svg +29 -0
  139. package/carbon/src/client/assets/logos/aider.svg +1 -0
  140. package/carbon/src/client/assets/logos/antigravity.svg +1 -0
  141. package/carbon/src/client/assets/logos/bolt.svg +1 -0
  142. package/carbon/src/client/assets/logos/claude-code.svg +1 -0
  143. package/carbon/src/client/assets/logos/copilot.svg +1 -0
  144. package/carbon/src/client/assets/logos/cursor.svg +1 -0
  145. package/carbon/src/client/assets/logos/gemini-cli.svg +1 -0
  146. package/carbon/src/client/assets/logos/lovable.svg +1 -0
  147. package/carbon/src/client/assets/logos/openai-codex.svg +1 -0
  148. package/carbon/src/client/assets/logos/v0.svg +1 -0
  149. package/carbon/src/client/assets/logos/windsurf.svg +1 -0
  150. package/carbon/src/client/assets/vibecarbon-icon.svg +19 -0
  151. package/carbon/src/client/assets/vibecarbon-logo-dark.svg +29 -0
  152. package/carbon/src/client/assets/vibecarbon-logo-light.svg +29 -0
  153. package/carbon/src/client/components/AIIntegrationSection.tsx +120 -0
  154. package/carbon/src/client/components/AppSidebar.tsx +760 -0
  155. package/carbon/src/client/components/ArchitectureSection.tsx +46 -0
  156. package/carbon/src/client/components/CTAFooter.tsx +59 -0
  157. package/carbon/src/client/components/ComparisonSection.tsx +132 -0
  158. package/carbon/src/client/components/ContentPanel.tsx +66 -0
  159. package/carbon/src/client/components/ContentSkeleton.tsx +21 -0
  160. package/carbon/src/client/components/ErrorBoundary.tsx +46 -0
  161. package/carbon/src/client/components/FAQSection.tsx +76 -0
  162. package/carbon/src/client/components/FileUpload.tsx +210 -0
  163. package/carbon/src/client/components/HeaderActions.tsx +17 -0
  164. package/carbon/src/client/components/Hero.tsx +608 -0
  165. package/carbon/src/client/components/ImpersonationBanner.tsx +31 -0
  166. package/carbon/src/client/components/LanguageSwitcher.tsx +67 -0
  167. package/carbon/src/client/components/Logo.tsx +87 -0
  168. package/carbon/src/client/components/LogoStrip.tsx +76 -0
  169. package/carbon/src/client/components/MetricsStrip.tsx +48 -0
  170. package/carbon/src/client/components/Nav.tsx +195 -0
  171. package/carbon/src/client/components/NewsletterSignup.tsx +147 -0
  172. package/carbon/src/client/components/NotificationDrawer.tsx +171 -0
  173. package/carbon/src/client/components/PageHeader.tsx +24 -0
  174. package/carbon/src/client/components/PlanGate.tsx +36 -0
  175. package/carbon/src/client/components/PricingSection.tsx +371 -0
  176. package/carbon/src/client/components/SEO.tsx +34 -0
  177. package/carbon/src/client/components/SmoothScroll.tsx +45 -0
  178. package/carbon/src/client/components/TechStackSection.tsx +165 -0
  179. package/carbon/src/client/components/WorkflowSection.tsx +604 -0
  180. package/carbon/src/client/components/admin/DockerLogs.tsx +276 -0
  181. package/carbon/src/client/components/admin/PerformanceMetrics.tsx +230 -0
  182. package/carbon/src/client/components/admin/ServiceCard.tsx +45 -0
  183. package/carbon/src/client/components/admin/ServicesStatus.tsx +296 -0
  184. package/carbon/src/client/components/architecture/ArchitectureDiagram.tsx +413 -0
  185. package/carbon/src/client/components/auth/AuthProvider.tsx +466 -0
  186. package/carbon/src/client/components/effects/FilmGrainOverlay.tsx +35 -0
  187. package/carbon/src/client/components/effects/FresnelEdge.tsx +49 -0
  188. package/carbon/src/client/components/effects/GlowTracker.tsx +46 -0
  189. package/carbon/src/client/components/effects/SparkBurst.tsx +145 -0
  190. package/carbon/src/client/components/effects/VGlowEffect.tsx +83 -0
  191. package/carbon/src/client/components/effects/index.ts +2 -0
  192. package/carbon/src/client/components/layouts/SidebarLayout.tsx +20 -0
  193. package/carbon/src/client/components/scroll/ScrollSection.tsx +76 -0
  194. package/carbon/src/client/components/scroll/ScrollytellingProvider.tsx +81 -0
  195. package/carbon/src/client/components/scroll/index.ts +2 -0
  196. package/carbon/src/client/components/ui/accordion.tsx +71 -0
  197. package/carbon/src/client/components/ui/alert-dialog.tsx +162 -0
  198. package/carbon/src/client/components/ui/alert.tsx +73 -0
  199. package/carbon/src/client/components/ui/aspect-ratio.tsx +22 -0
  200. package/carbon/src/client/components/ui/avatar.tsx +91 -0
  201. package/carbon/src/client/components/ui/badge.tsx +50 -0
  202. package/carbon/src/client/components/ui/breadcrumb.tsx +100 -0
  203. package/carbon/src/client/components/ui/button-group.tsx +78 -0
  204. package/carbon/src/client/components/ui/button.tsx +120 -0
  205. package/carbon/src/client/components/ui/calendar.tsx +182 -0
  206. package/carbon/src/client/components/ui/card.tsx +85 -0
  207. package/carbon/src/client/components/ui/carousel.tsx +227 -0
  208. package/carbon/src/client/components/ui/chart.tsx +357 -0
  209. package/carbon/src/client/components/ui/checkbox.tsx +27 -0
  210. package/carbon/src/client/components/ui/collapsible.tsx +15 -0
  211. package/carbon/src/client/components/ui/command.tsx +178 -0
  212. package/carbon/src/client/components/ui/context-menu.tsx +233 -0
  213. package/carbon/src/client/components/ui/dialog.tsx +132 -0
  214. package/carbon/src/client/components/ui/drawer.tsx +118 -0
  215. package/carbon/src/client/components/ui/dropdown-menu.tsx +242 -0
  216. package/carbon/src/client/components/ui/empty.tsx +94 -0
  217. package/carbon/src/client/components/ui/field.tsx +226 -0
  218. package/carbon/src/client/components/ui/hover-card.tsx +44 -0
  219. package/carbon/src/client/components/ui/input-group.tsx +146 -0
  220. package/carbon/src/client/components/ui/input-otp.tsx +83 -0
  221. package/carbon/src/client/components/ui/input.tsx +20 -0
  222. package/carbon/src/client/components/ui/item.tsx +188 -0
  223. package/carbon/src/client/components/ui/kbd.tsx +26 -0
  224. package/carbon/src/client/components/ui/label.tsx +21 -0
  225. package/carbon/src/client/components/ui/menubar.tsx +250 -0
  226. package/carbon/src/client/components/ui/navigation-menu.tsx +155 -0
  227. package/carbon/src/client/components/ui/pagination.tsx +102 -0
  228. package/carbon/src/client/components/ui/popover.tsx +75 -0
  229. package/carbon/src/client/components/ui/progress.tsx +66 -0
  230. package/carbon/src/client/components/ui/radio-group.tsx +36 -0
  231. package/carbon/src/client/components/ui/resizable.tsx +46 -0
  232. package/carbon/src/client/components/ui/scroll-area.tsx +48 -0
  233. package/carbon/src/client/components/ui/select.tsx +186 -0
  234. package/carbon/src/client/components/ui/separator.tsx +21 -0
  235. package/carbon/src/client/components/ui/sheet.tsx +124 -0
  236. package/carbon/src/client/components/ui/sidebar.tsx +702 -0
  237. package/carbon/src/client/components/ui/skeleton.tsx +13 -0
  238. package/carbon/src/client/components/ui/slider.tsx +57 -0
  239. package/carbon/src/client/components/ui/sonner.tsx +45 -0
  240. package/carbon/src/client/components/ui/spinner.tsx +15 -0
  241. package/carbon/src/client/components/ui/switch.tsx +30 -0
  242. package/carbon/src/client/components/ui/table.tsx +89 -0
  243. package/carbon/src/client/components/ui/tabs.tsx +73 -0
  244. package/carbon/src/client/components/ui/textarea.tsx +18 -0
  245. package/carbon/src/client/components/ui/toggle-group.tsx +87 -0
  246. package/carbon/src/client/components/ui/toggle.tsx +44 -0
  247. package/carbon/src/client/components/ui/tooltip.tsx +56 -0
  248. package/carbon/src/client/hooks/api/index.ts +14 -0
  249. package/carbon/src/client/hooks/api/useAuthSettings.ts +80 -0
  250. package/carbon/src/client/hooks/api/useSubscription.ts +87 -0
  251. package/carbon/src/client/hooks/use-mobile.ts +21 -0
  252. package/carbon/src/client/hooks/useMousePosition.ts +91 -0
  253. package/carbon/src/client/hooks/useNotifications.tsx +124 -0
  254. package/carbon/src/client/hooks/useOrganizationMembers.ts +127 -0
  255. package/carbon/src/client/hooks/useOrganizations.tsx +230 -0
  256. package/carbon/src/client/hooks/usePackageManager.ts +69 -0
  257. package/carbon/src/client/hooks/useReducedMotion.ts +20 -0
  258. package/carbon/src/client/hooks/useRunningServices.ts +114 -0
  259. package/carbon/src/client/hooks/useScrollProgress.ts +56 -0
  260. package/carbon/src/client/index.css +467 -0
  261. package/carbon/src/client/index.html +56 -0
  262. package/carbon/src/client/lib/admin-services.ts +151 -0
  263. package/carbon/src/client/lib/api.ts +32 -0
  264. package/carbon/src/client/lib/blog.ts +35 -0
  265. package/carbon/src/client/lib/changelog.ts +33 -0
  266. package/carbon/src/client/lib/docs-search.ts +101 -0
  267. package/carbon/src/client/lib/docs.ts +37 -0
  268. package/carbon/src/client/lib/i18n.ts +32 -0
  269. package/carbon/src/client/lib/supabase.ts +72 -0
  270. package/carbon/src/client/lib/tailwind-colors.ts +357 -0
  271. package/carbon/src/client/lib/theme.ts +117 -0
  272. package/carbon/src/client/lib/utils.ts +22 -0
  273. package/carbon/src/client/locales/de.json +529 -0
  274. package/carbon/src/client/locales/en.json +461 -0
  275. package/carbon/src/client/locales/es.json +529 -0
  276. package/carbon/src/client/locales/fr.json +529 -0
  277. package/carbon/src/client/locales/pt.json +529 -0
  278. package/carbon/src/client/main.tsx +56 -0
  279. package/carbon/src/client/mdx.d.ts +13 -0
  280. package/carbon/src/client/pages/ApiDocs.tsx +76 -0
  281. package/carbon/src/client/pages/AuthCallback.tsx +34 -0
  282. package/carbon/src/client/pages/Blog.tsx +167 -0
  283. package/carbon/src/client/pages/Changelog.tsx +171 -0
  284. package/carbon/src/client/pages/Charts.tsx +388 -0
  285. package/carbon/src/client/pages/Checkout.tsx +227 -0
  286. package/carbon/src/client/pages/Contact.tsx +174 -0
  287. package/carbon/src/client/pages/Dashboard.tsx +368 -0
  288. package/carbon/src/client/pages/Docs.tsx +372 -0
  289. package/carbon/src/client/pages/ForgotPassword.tsx +111 -0
  290. package/carbon/src/client/pages/Home.tsx +187 -0
  291. package/carbon/src/client/pages/Legal.tsx +100 -0
  292. package/carbon/src/client/pages/Login.tsx +408 -0
  293. package/carbon/src/client/pages/MFAVerify.tsx +156 -0
  294. package/carbon/src/client/pages/NotFound.tsx +21 -0
  295. package/carbon/src/client/pages/Onboarding.tsx +246 -0
  296. package/carbon/src/client/pages/ResetPassword.tsx +200 -0
  297. package/carbon/src/client/pages/UIComponents.tsx +390 -0
  298. package/carbon/src/client/pages/admin/ContactSubmissions.tsx +220 -0
  299. package/carbon/src/client/pages/admin/Dashboard.tsx +24 -0
  300. package/carbon/src/client/pages/admin/Infrastructure.tsx +257 -0
  301. package/carbon/src/client/pages/admin/Jobs.tsx +225 -0
  302. package/carbon/src/client/pages/admin/Logs.tsx +18 -0
  303. package/carbon/src/client/pages/admin/Newsletter.tsx +300 -0
  304. package/carbon/src/client/pages/admin/Notifications.tsx +603 -0
  305. package/carbon/src/client/pages/admin/Organizations.tsx +306 -0
  306. package/carbon/src/client/pages/admin/Settings.tsx +314 -0
  307. package/carbon/src/client/pages/admin/Theme.tsx +465 -0
  308. package/carbon/src/client/pages/admin/Users.tsx +365 -0
  309. package/carbon/src/client/pages/api-docs.css +156 -0
  310. package/carbon/src/client/pages/organizations/Details.tsx +200 -0
  311. package/carbon/src/client/pages/organizations/Members.tsx +402 -0
  312. package/carbon/src/client/pages/settings/Billing.tsx +473 -0
  313. package/carbon/src/client/pages/settings/Profile.tsx +160 -0
  314. package/carbon/src/client/pages/settings/Security.tsx +341 -0
  315. package/carbon/src/client/public/favicon.svg +19 -0
  316. package/carbon/src/client/public/robots.txt +8 -0
  317. package/carbon/src/server/billing/index.ts +104 -0
  318. package/carbon/src/server/billing/provider.ts +81 -0
  319. package/carbon/src/server/billing/providers/paddle.ts +314 -0
  320. package/carbon/src/server/billing/providers/polar.ts +325 -0
  321. package/carbon/src/server/billing/providers/stripe.ts +233 -0
  322. package/carbon/src/server/emails/templates.ts +116 -0
  323. package/carbon/src/server/index.ts +554 -0
  324. package/carbon/src/server/lib/auth.ts +6 -0
  325. package/carbon/src/server/lib/email.ts +64 -0
  326. package/carbon/src/server/lib/env.ts +112 -0
  327. package/carbon/src/server/lib/errors.ts +21 -0
  328. package/carbon/src/server/lib/logger.ts +17 -0
  329. package/carbon/src/server/lib/rate-limiter.ts +288 -0
  330. package/carbon/src/server/lib/request.ts +34 -0
  331. package/carbon/src/server/lib/stripe.ts +42 -0
  332. package/carbon/src/server/lib/supabase.ts +65 -0
  333. package/carbon/src/server/middleware/requirePlan.ts +80 -0
  334. package/carbon/src/server/routes/_internal/services-status.ts +958 -0
  335. package/carbon/src/server/routes/_internal/verify-role.ts +185 -0
  336. package/carbon/src/server/routes/health.ts +48 -0
  337. package/carbon/src/server/routes/v1/admin/contact.ts +128 -0
  338. package/carbon/src/server/routes/v1/admin/jobs.ts +171 -0
  339. package/carbon/src/server/routes/v1/admin/newsletter.ts +237 -0
  340. package/carbon/src/server/routes/v1/auth.ts +390 -0
  341. package/carbon/src/server/routes/v1/billing.ts +718 -0
  342. package/carbon/src/server/routes/v1/contact.ts +93 -0
  343. package/carbon/src/server/routes/v1/index.ts +1333 -0
  344. package/carbon/src/server/routes/v1/newsletter.ts +181 -0
  345. package/carbon/src/server/routes/v1/performance.ts +157 -0
  346. package/carbon/src/server/routes/v1/stats.ts +170 -0
  347. package/carbon/src/server/routes/v1/theme.ts +106 -0
  348. package/carbon/src/server/routes/webhooks/billing.ts +376 -0
  349. package/carbon/src/server/routes/webhooks/stripe.ts +276 -0
  350. package/carbon/src/server/types.ts +11 -0
  351. package/carbon/src/shared/pricing.ts +155 -0
  352. package/carbon/src/shared/types.ts +338 -0
  353. package/carbon/supabase/migrations/00001_init.sql +717 -0
  354. package/carbon/supabase/migrations/00002_theme_settings.sql +13 -0
  355. package/carbon/supabase/migrations/00003_pg_cron.sql +121 -0
  356. package/carbon/supabase/migrations/00004_contact_newsletter.sql +81 -0
  357. package/carbon/supabase/migrations/00005_localization_languages.sql +22 -0
  358. package/carbon/supabase/seed.sql +16 -0
  359. package/carbon/tests/_helpers/app.ts +45 -0
  360. package/carbon/tests/_helpers/env.ts +37 -0
  361. package/carbon/tests/_helpers/factories.ts +69 -0
  362. package/carbon/tests/_helpers/jwt.ts +23 -0
  363. package/carbon/tests/_helpers/setup-integration.ts +20 -0
  364. package/carbon/tests/_helpers/setup-rtl.ts +12 -0
  365. package/carbon/tests/component/ErrorBoundary.test.tsx +53 -0
  366. package/carbon/tests/component/use-auth-settings.test.tsx +119 -0
  367. package/carbon/tests/integration/server/routes/contact.test.ts +162 -0
  368. package/carbon/tests/integration/server/routes/health.test.ts +61 -0
  369. package/carbon/tests/structural/i18n-parity.test.ts +42 -0
  370. package/carbon/tests/unit/client/utils.test.ts +49 -0
  371. package/carbon/tests/unit/shared/pricing.test.ts +93 -0
  372. package/carbon/tsconfig.json +27 -0
  373. package/carbon/tsconfig.server.json +27 -0
  374. package/carbon/tsconfig.test.json +9 -0
  375. package/carbon/vite.config.ts +110 -0
  376. package/carbon/vitest.config.ts +74 -0
  377. package/carbon/volumes/db/jwt.sql +57 -0
  378. package/carbon/volumes/db/metabase-init.sh +29 -0
  379. package/carbon/volumes/db/n8n-init.sh +25 -0
  380. package/carbon/volumes/db/realtime.sql +33 -0
  381. package/carbon/volumes/db/roles.sql +93 -0
  382. package/carbon/volumes/db/set-passwords.sh +12 -0
  383. package/carbon/volumes/db/super-admin.dev.sql +113 -0
  384. package/carbon/volumes/db/super-admin.generated.sql +113 -0
  385. package/carbon/volumes/db/super-admin.sql +114 -0
  386. package/carbon/volumes/grafana/dashboards/logs.json +179 -0
  387. package/carbon/volumes/grafana/dashboards/overview.json +523 -0
  388. package/carbon/volumes/grafana/dashboards/postgresql.json +337 -0
  389. package/carbon/volumes/grafana/dashboards.dev/logs.json +179 -0
  390. package/carbon/volumes/grafana/dashboards.dev/overview.json +156 -0
  391. package/carbon/volumes/grafana/dashboards.dev/postgresql.json +337 -0
  392. package/carbon/volumes/grafana/provisioning/dashboards/dashboards.dev.yml +16 -0
  393. package/carbon/volumes/grafana/provisioning/dashboards/dashboards.yml +16 -0
  394. package/carbon/volumes/grafana/provisioning/datasources/datasources.yml +43 -0
  395. package/carbon/volumes/kong/docker-entrypoint.sh +9 -0
  396. package/carbon/volumes/kong/kong.yml +208 -0
  397. package/carbon/volumes/loki/loki-config.yml +58 -0
  398. package/carbon/volumes/n8n/hooks.js +131 -0
  399. package/carbon/volumes/n8n/scripts/setup.sh +66 -0
  400. package/carbon/volumes/prometheus/prometheus.yml +43 -0
  401. package/carbon/volumes/promtail/promtail-config.yml +64 -0
  402. package/carbon/volumes/traefik/middlewares.dev.yml +83 -0
  403. package/carbon/volumes/traefik/middlewares.yml +95 -0
  404. package/carbon/volumes/traefik/vite-dev.yml +20 -0
  405. package/package.json +95 -0
  406. package/src/access.js +354 -0
  407. package/src/activate.js +187 -0
  408. package/src/add.js +718 -0
  409. package/src/backup.js +786 -0
  410. package/src/cli.js +350 -0
  411. package/src/configure.js +967 -0
  412. package/src/console.js +155 -0
  413. package/src/create.js +1499 -0
  414. package/src/deploy.js +311 -0
  415. package/src/destroy.js +2033 -0
  416. package/src/diagnose.js +735 -0
  417. package/src/down.js +80 -0
  418. package/src/failover.js +1032 -0
  419. package/src/lib/backup-s3.js +179 -0
  420. package/src/lib/build.js +33 -0
  421. package/src/lib/checksum.js +28 -0
  422. package/src/lib/ci-setup.js +666 -0
  423. package/src/lib/cli/help.js +129 -0
  424. package/src/lib/cli/parse-flags.js +160 -0
  425. package/src/lib/cli/select-action.js +65 -0
  426. package/src/lib/cli/select-environment.js +108 -0
  427. package/src/lib/cli/tty-guard.js +75 -0
  428. package/src/lib/cloudflare.js +447 -0
  429. package/src/lib/colors.js +52 -0
  430. package/src/lib/command.js +361 -0
  431. package/src/lib/config.js +359 -0
  432. package/src/lib/cost.js +103 -0
  433. package/src/lib/deploy/bundle.js +231 -0
  434. package/src/lib/deploy/compose/acme-verify.js +121 -0
  435. package/src/lib/deploy/compose/build-args.js +78 -0
  436. package/src/lib/deploy/compose/ha.js +1874 -0
  437. package/src/lib/deploy/compose/index.js +1294 -0
  438. package/src/lib/deploy/compose/reconcile.js +74 -0
  439. package/src/lib/deploy/github.js +382 -0
  440. package/src/lib/deploy/image.js +191 -0
  441. package/src/lib/deploy/index.js +119 -0
  442. package/src/lib/deploy/k8s/LICENSE +99 -0
  443. package/src/lib/deploy/k8s/gitops-deploy.js +298 -0
  444. package/src/lib/deploy/k8s/ha/index.js +1000 -0
  445. package/src/lib/deploy/k8s/index.js +62 -0
  446. package/src/lib/deploy/k8s/k3s.js +2515 -0
  447. package/src/lib/deploy/orchestrator.js +1401 -0
  448. package/src/lib/deploy/prompts.js +545 -0
  449. package/src/lib/deploy/remote-build.js +130 -0
  450. package/src/lib/deploy/state.js +120 -0
  451. package/src/lib/deploy/utils.js +328 -0
  452. package/src/lib/deploy-logger.js +93 -0
  453. package/src/lib/dns-propagation.js +48 -0
  454. package/src/lib/environment.js +58 -0
  455. package/src/lib/fetch-retry.js +103 -0
  456. package/src/lib/github-environments.js +335 -0
  457. package/src/lib/hetzner-dns.js +377 -0
  458. package/src/lib/hetzner-guided-setup.js +275 -0
  459. package/src/lib/host-keys.js +37 -0
  460. package/src/lib/iac/cloud-init.js +52 -0
  461. package/src/lib/iac/index.js +325 -0
  462. package/src/lib/iac/programs/hetzner-compose.js +130 -0
  463. package/src/lib/iac/programs/hetzner-k8s.js +320 -0
  464. package/src/lib/kubectl.js +81 -0
  465. package/src/lib/licensing/index.js +259 -0
  466. package/src/lib/licensing/tiers.js +181 -0
  467. package/src/lib/licensing/validator.js +171 -0
  468. package/src/lib/merge-package-json.js +90 -0
  469. package/src/lib/operator-ip.js +381 -0
  470. package/src/lib/package-manager.js +111 -0
  471. package/src/lib/perf.js +71 -0
  472. package/src/lib/project-guard.js +39 -0
  473. package/src/lib/project.js +334 -0
  474. package/src/lib/providers/base.js +276 -0
  475. package/src/lib/providers/hetzner-s3.js +656 -0
  476. package/src/lib/providers/hetzner.js +755 -0
  477. package/src/lib/providers/index.js +164 -0
  478. package/src/lib/s3.js +510 -0
  479. package/src/lib/secret-scan.js +583 -0
  480. package/src/lib/secrets.js +63 -0
  481. package/src/lib/server-types.js +195 -0
  482. package/src/lib/shell.js +91 -0
  483. package/src/lib/ssh.js +241 -0
  484. package/src/lib/tracker.js +242 -0
  485. package/src/lib/upgrade-policy.js +170 -0
  486. package/src/lib/validators.js +105 -0
  487. package/src/lib/version.js +5 -0
  488. package/src/remove.js +292 -0
  489. package/src/reset.js +97 -0
  490. package/src/restore.js +871 -0
  491. package/src/scale.js +1734 -0
  492. package/src/shell.js +222 -0
  493. package/src/status.js +981 -0
  494. package/src/up.js +264 -0
  495. package/src/upgrade.js +721 -0
@@ -0,0 +1,57 @@
1
+ -- JWT Functions for Supabase
2
+ -- These functions are used by PostgREST and RLS policies
3
+
4
+ -- Create extensions schema if not exists
5
+ CREATE SCHEMA IF NOT EXISTS extensions;
6
+
7
+ -- Function to get current user ID from JWT
8
+ CREATE OR REPLACE FUNCTION auth.uid()
9
+ RETURNS uuid
10
+ LANGUAGE sql
11
+ STABLE
12
+ AS $$
13
+ SELECT NULLIF(
14
+ COALESCE(
15
+ current_setting('request.jwt.claim.sub', true),
16
+ current_setting('request.jwt.claims', true)::json->>'sub'
17
+ ),
18
+ ''
19
+ )::uuid
20
+ $$;
21
+
22
+ -- Function to get current user role from JWT
23
+ CREATE OR REPLACE FUNCTION auth.role()
24
+ RETURNS text
25
+ LANGUAGE sql
26
+ STABLE
27
+ AS $$
28
+ SELECT COALESCE(
29
+ current_setting('request.jwt.claim.role', true),
30
+ current_setting('request.jwt.claims', true)::json->>'role'
31
+ )::text
32
+ $$;
33
+
34
+ -- Function to get current user email from JWT
35
+ CREATE OR REPLACE FUNCTION auth.email()
36
+ RETURNS text
37
+ LANGUAGE sql
38
+ STABLE
39
+ AS $$
40
+ SELECT COALESCE(
41
+ current_setting('request.jwt.claim.email', true),
42
+ current_setting('request.jwt.claims', true)::json->>'email'
43
+ )::text
44
+ $$;
45
+
46
+ -- Note: auth.jwt() function is created by GoTrue during its migrations
47
+ -- We don't create it here to avoid ownership conflicts
48
+
49
+ -- Transfer ownership to supabase_auth_admin so GoTrue can manage these functions
50
+ ALTER FUNCTION auth.uid() OWNER TO supabase_auth_admin;
51
+ ALTER FUNCTION auth.role() OWNER TO supabase_auth_admin;
52
+ ALTER FUNCTION auth.email() OWNER TO supabase_auth_admin;
53
+
54
+ -- Grant execute permissions
55
+ GRANT EXECUTE ON FUNCTION auth.uid() TO anon, authenticated, service_role;
56
+ GRANT EXECUTE ON FUNCTION auth.role() TO anon, authenticated, service_role;
57
+ GRANT EXECUTE ON FUNCTION auth.email() TO anon, authenticated, service_role;
@@ -0,0 +1,29 @@
1
+ #!/bin/bash
2
+ set -e
3
+
4
+ # Metabase Database Initialization
5
+ # Creates the metabase database and user for analytics
6
+ # Password is injected from POSTGRES_PASSWORD env var at runtime (never hardcoded)
7
+
8
+ # Create metabase role if it doesn't exist (quoted heredoc — no variable expansion)
9
+ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<'EOSQL'
10
+ DO $$
11
+ BEGIN
12
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'metabase') THEN
13
+ CREATE ROLE metabase WITH LOGIN;
14
+ END IF;
15
+ END
16
+ $$;
17
+ EOSQL
18
+
19
+ # Set password and create database (unquoted heredoc — POSTGRES_PASSWORD is expanded)
20
+ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<EOSQL
21
+ ALTER ROLE metabase WITH PASSWORD '${POSTGRES_PASSWORD}';
22
+ SELECT 'CREATE DATABASE metabase WITH OWNER metabase ENCODING ''UTF8'' TEMPLATE template0'
23
+ WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'metabase')\gexec
24
+ GRANT ALL PRIVILEGES ON DATABASE metabase TO metabase;
25
+ GRANT CONNECT ON DATABASE postgres TO metabase;
26
+ GRANT USAGE ON SCHEMA public TO metabase;
27
+ GRANT SELECT ON ALL TABLES IN SCHEMA public TO metabase;
28
+ ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO metabase;
29
+ EOSQL
@@ -0,0 +1,25 @@
1
+ #!/bin/bash
2
+ set -e
3
+
4
+ # n8n Database Initialization
5
+ # Creates dedicated n8n user and database for workflow automation
6
+ # Password is injected from POSTGRES_PASSWORD env var at runtime (never hardcoded)
7
+
8
+ # Create n8n role if it doesn't exist (quoted heredoc — no variable expansion)
9
+ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<'EOSQL'
10
+ DO $$
11
+ BEGIN
12
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'n8n') THEN
13
+ CREATE ROLE n8n WITH LOGIN;
14
+ END IF;
15
+ END
16
+ $$;
17
+ EOSQL
18
+
19
+ # Set password and create database (unquoted heredoc — POSTGRES_PASSWORD is expanded)
20
+ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<EOSQL
21
+ ALTER ROLE n8n WITH PASSWORD '${POSTGRES_PASSWORD}';
22
+ SELECT 'CREATE DATABASE n8n WITH OWNER n8n ENCODING ''UTF8'' TEMPLATE template0'
23
+ WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'n8n')\gexec
24
+ GRANT ALL PRIVILEGES ON DATABASE n8n TO n8n;
25
+ EOSQL
@@ -0,0 +1,33 @@
1
+ -- Realtime Schema Setup
2
+ -- This sets up the required schema for Supabase Realtime
3
+
4
+ -- Create realtime schema
5
+ CREATE SCHEMA IF NOT EXISTS _realtime;
6
+
7
+ -- Grant permissions to postgres and supabase_admin (used by Realtime service)
8
+ GRANT USAGE ON SCHEMA _realtime TO postgres, supabase_admin;
9
+ GRANT ALL ON SCHEMA _realtime TO postgres, supabase_admin;
10
+
11
+ -- Create publication for realtime
12
+ DO $$
13
+ BEGIN
14
+ IF NOT EXISTS (SELECT 1 FROM pg_publication WHERE pubname = 'supabase_realtime') THEN
15
+ CREATE PUBLICATION supabase_realtime;
16
+ END IF;
17
+ END
18
+ $$;
19
+
20
+ -- Function to enable realtime for a table
21
+ CREATE OR REPLACE FUNCTION _realtime.enable_table(table_name text)
22
+ RETURNS void
23
+ LANGUAGE plpgsql
24
+ SECURITY DEFINER
25
+ SET search_path = ''
26
+ AS $$
27
+ BEGIN
28
+ EXECUTE format('ALTER PUBLICATION supabase_realtime ADD TABLE %I', table_name);
29
+ END;
30
+ $$;
31
+
32
+ -- Grant execute permission
33
+ GRANT EXECUTE ON FUNCTION _realtime.enable_table(text) TO postgres, supabase_admin;
@@ -0,0 +1,93 @@
1
+ -- Supabase Roles Setup
2
+ -- Creates required roles and grants for Supabase services
3
+ -- Passwords are set separately by set-passwords.sh (never hardcoded in SQL)
4
+
5
+ -- Drop auth.jwt() if it exists - GoTrue will recreate it with correct return type (jsonb)
6
+ DROP FUNCTION IF EXISTS auth.jwt();
7
+
8
+ -- Create roles if they don't exist (fallback for non-Supabase postgres images)
9
+ DO $$
10
+ BEGIN
11
+ -- anon role (for anonymous access)
12
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'anon') THEN
13
+ CREATE ROLE anon NOLOGIN NOINHERIT;
14
+ END IF;
15
+
16
+ -- authenticated role (for logged-in users)
17
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticated') THEN
18
+ CREATE ROLE authenticated NOLOGIN NOINHERIT;
19
+ END IF;
20
+
21
+ -- service_role (for server-side operations)
22
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'service_role') THEN
23
+ CREATE ROLE service_role NOLOGIN NOINHERIT BYPASSRLS;
24
+ END IF;
25
+
26
+ -- authenticator role (PostgREST uses this)
27
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticator') THEN
28
+ CREATE ROLE authenticator NOINHERIT LOGIN;
29
+ END IF;
30
+
31
+ -- supabase_admin role
32
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_admin') THEN
33
+ CREATE ROLE supabase_admin LOGIN;
34
+ END IF;
35
+
36
+ -- supabase_auth_admin role (for GoTrue)
37
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_auth_admin') THEN
38
+ CREATE ROLE supabase_auth_admin NOINHERIT CREATEROLE LOGIN;
39
+ END IF;
40
+
41
+ -- supabase_storage_admin role (for Storage)
42
+ IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_storage_admin') THEN
43
+ CREATE ROLE supabase_storage_admin NOINHERIT CREATEROLE LOGIN;
44
+ END IF;
45
+ END
46
+ $$;
47
+
48
+ -- Grant role memberships
49
+ GRANT anon TO authenticator;
50
+ GRANT authenticated TO authenticator;
51
+ GRANT service_role TO authenticator;
52
+ GRANT supabase_admin TO authenticator;
53
+
54
+ -- Grant schema permissions (principle of least privilege)
55
+ GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
56
+
57
+ -- anon role: must be granted access explicitly per table via RLS
58
+ GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO anon;
59
+
60
+ -- authenticated role: SELECT, INSERT, UPDATE, DELETE (controlled by RLS)
61
+ GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO authenticated;
62
+ GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO authenticated;
63
+
64
+ -- service_role: ALL (bypasses RLS - use carefully)
65
+ GRANT ALL ON ALL TABLES IN SCHEMA public TO service_role;
66
+ GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO service_role;
67
+ GRANT ALL ON ALL ROUTINES IN SCHEMA public TO service_role;
68
+
69
+ -- Default privileges for future objects
70
+ ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO authenticated;
71
+ ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO service_role;
72
+ ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON SEQUENCES TO authenticated;
73
+ ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO service_role;
74
+
75
+ -- Create auth schema for GoTrue (or fix ownership if it already exists)
76
+ CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_auth_admin;
77
+ ALTER SCHEMA auth OWNER TO supabase_auth_admin;
78
+ GRANT ALL ON SCHEMA auth TO supabase_auth_admin;
79
+ GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role;
80
+
81
+ -- Create storage schema for Storage (or fix ownership if it already exists)
82
+ CREATE SCHEMA IF NOT EXISTS storage AUTHORIZATION supabase_storage_admin;
83
+ ALTER SCHEMA storage OWNER TO supabase_storage_admin;
84
+ GRANT ALL ON SCHEMA storage TO supabase_storage_admin;
85
+ GRANT USAGE ON SCHEMA storage TO anon, authenticated, service_role;
86
+
87
+ -- Create extensions
88
+ CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA extensions;
89
+ CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions;
90
+ CREATE EXTENSION IF NOT EXISTS pgjwt WITH SCHEMA extensions;
91
+
92
+ -- Ensure service_role has BYPASSRLS
93
+ ALTER ROLE service_role WITH BYPASSRLS;
@@ -0,0 +1,12 @@
1
+ #!/bin/bash
2
+ set -e
3
+
4
+ # Set passwords for Supabase service roles from POSTGRES_PASSWORD env var.
5
+ # Mounted at /docker-entrypoint-initdb.d/zz-set-passwords.sh (top level)
6
+ # so the standard postgres entrypoint runs it AFTER migrate.sh creates the roles.
7
+
8
+ psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<EOSQL
9
+ ALTER ROLE authenticator WITH PASSWORD '${POSTGRES_PASSWORD}';
10
+ ALTER ROLE supabase_auth_admin WITH PASSWORD '${POSTGRES_PASSWORD}';
11
+ ALTER ROLE supabase_storage_admin WITH PASSWORD '${POSTGRES_PASSWORD}';
12
+ EOSQL
@@ -0,0 +1,113 @@
1
+ -- Create initial admin user in auth.users (Development Version)
2
+ -- Uses credentials provided during `vibecarbon create`
3
+
4
+ DO $$
5
+ DECLARE
6
+ admin_email TEXT := '{{ADMIN_EMAIL}}';
7
+ admin_password_hash TEXT := '{{ADMIN_PASSWORD_HASH}}';
8
+ new_user_id UUID;
9
+ BEGIN
10
+ -- Only create if admin email is provided and not empty
11
+ IF admin_email IS NOT NULL AND admin_email != '' THEN
12
+
13
+ -- Check if user already exists
14
+ IF NOT EXISTS (SELECT 1 FROM auth.users WHERE email = admin_email) THEN
15
+ -- Generate a new UUID for the user
16
+ new_user_id := gen_random_uuid();
17
+
18
+ -- Create admin user with bcrypt-hashed password
19
+ -- Note: GoTrue expects token columns to be empty strings, not NULL
20
+ INSERT INTO auth.users (
21
+ instance_id,
22
+ id,
23
+ aud,
24
+ role,
25
+ email,
26
+ encrypted_password,
27
+ email_confirmed_at,
28
+ confirmation_sent_at,
29
+ raw_app_meta_data,
30
+ raw_user_meta_data,
31
+ created_at,
32
+ updated_at,
33
+ confirmation_token,
34
+ recovery_token,
35
+ email_change_token_new,
36
+ email_change_token_current,
37
+ email_change,
38
+ phone,
39
+ phone_change,
40
+ phone_change_token,
41
+ reauthentication_token
42
+ ) VALUES (
43
+ '00000000-0000-0000-0000-000000000000',
44
+ new_user_id,
45
+ 'authenticated',
46
+ 'authenticated',
47
+ admin_email,
48
+ admin_password_hash,
49
+ NOW(),
50
+ NOW(),
51
+ jsonb_build_object(
52
+ 'provider', 'email',
53
+ 'providers', ARRAY['email'],
54
+ 'role', 'super_admin'
55
+ ),
56
+ '{"onboarding_completed": true}'::jsonb,
57
+ NOW(),
58
+ NOW(),
59
+ '',
60
+ '',
61
+ '',
62
+ '',
63
+ '',
64
+ '',
65
+ '',
66
+ '',
67
+ ''
68
+ );
69
+
70
+ -- Create identity record for email provider
71
+ INSERT INTO auth.identities (
72
+ id,
73
+ user_id,
74
+ identity_data,
75
+ provider,
76
+ provider_id,
77
+ last_sign_in_at,
78
+ created_at,
79
+ updated_at
80
+ ) VALUES (
81
+ gen_random_uuid(),
82
+ new_user_id,
83
+ jsonb_build_object(
84
+ 'sub', new_user_id::text,
85
+ 'email', admin_email,
86
+ 'email_verified', true
87
+ ),
88
+ 'email',
89
+ new_user_id::text,
90
+ NOW(),
91
+ NOW(),
92
+ NOW()
93
+ );
94
+
95
+ RAISE NOTICE 'Created dev admin user: % with id: %', admin_email, new_user_id;
96
+ ELSE
97
+ -- Update existing user to have super_admin role if they don't already
98
+ UPDATE auth.users
99
+ SET raw_app_meta_data = raw_app_meta_data || '{"role": "super_admin"}'::jsonb,
100
+ updated_at = NOW()
101
+ WHERE email = admin_email
102
+ AND (raw_app_meta_data->>'role' IS NULL OR raw_app_meta_data->>'role' != 'super_admin');
103
+
104
+ IF FOUND THEN
105
+ RAISE NOTICE 'Updated existing user % to admin role', admin_email;
106
+ ELSE
107
+ RAISE NOTICE 'User % already exists with admin role', admin_email;
108
+ END IF;
109
+ END IF;
110
+ ELSE
111
+ RAISE NOTICE 'Skipping admin user creation - no admin email configured';
112
+ END IF;
113
+ END $$;
@@ -0,0 +1,113 @@
1
+ -- Create initial admin user in auth.users (Development Version)
2
+ -- Uses credentials provided during `vibecarbon create`
3
+
4
+ DO $$
5
+ DECLARE
6
+ admin_email TEXT := 'admin@example.com';
7
+ admin_password_hash TEXT := '$2b$10$OWzZo/eSlFAb2S9oX4Ps5.prj7LzVfAWo7N1cFrL3N8Z3HLUZtvOm';
8
+ new_user_id UUID;
9
+ BEGIN
10
+ -- Only create if admin email is provided and not empty
11
+ IF admin_email IS NOT NULL AND admin_email != '' THEN
12
+
13
+ -- Check if user already exists
14
+ IF NOT EXISTS (SELECT 1 FROM auth.users WHERE email = admin_email) THEN
15
+ -- Generate a new UUID for the user
16
+ new_user_id := gen_random_uuid();
17
+
18
+ -- Create admin user with bcrypt-hashed password
19
+ -- Note: GoTrue expects token columns to be empty strings, not NULL
20
+ INSERT INTO auth.users (
21
+ instance_id,
22
+ id,
23
+ aud,
24
+ role,
25
+ email,
26
+ encrypted_password,
27
+ email_confirmed_at,
28
+ confirmation_sent_at,
29
+ raw_app_meta_data,
30
+ raw_user_meta_data,
31
+ created_at,
32
+ updated_at,
33
+ confirmation_token,
34
+ recovery_token,
35
+ email_change_token_new,
36
+ email_change_token_current,
37
+ email_change,
38
+ phone,
39
+ phone_change,
40
+ phone_change_token,
41
+ reauthentication_token
42
+ ) VALUES (
43
+ '00000000-0000-0000-0000-000000000000',
44
+ new_user_id,
45
+ 'authenticated',
46
+ 'authenticated',
47
+ admin_email,
48
+ admin_password_hash,
49
+ NOW(),
50
+ NOW(),
51
+ jsonb_build_object(
52
+ 'provider', 'email',
53
+ 'providers', ARRAY['email'],
54
+ 'role', 'super_admin'
55
+ ),
56
+ '{}'::jsonb,
57
+ NOW(),
58
+ NOW(),
59
+ '',
60
+ '',
61
+ '',
62
+ '',
63
+ '',
64
+ '',
65
+ '',
66
+ '',
67
+ ''
68
+ );
69
+
70
+ -- Create identity record for email provider
71
+ INSERT INTO auth.identities (
72
+ id,
73
+ user_id,
74
+ identity_data,
75
+ provider,
76
+ provider_id,
77
+ last_sign_in_at,
78
+ created_at,
79
+ updated_at
80
+ ) VALUES (
81
+ gen_random_uuid(),
82
+ new_user_id,
83
+ jsonb_build_object(
84
+ 'sub', new_user_id::text,
85
+ 'email', admin_email,
86
+ 'email_verified', true
87
+ ),
88
+ 'email',
89
+ new_user_id::text,
90
+ NOW(),
91
+ NOW(),
92
+ NOW()
93
+ );
94
+
95
+ RAISE NOTICE 'Created dev admin user: % with id: %', admin_email, new_user_id;
96
+ ELSE
97
+ -- Update existing user to have super_admin role if they don't already
98
+ UPDATE auth.users
99
+ SET raw_app_meta_data = raw_app_meta_data || '{"role": "super_admin"}'::jsonb,
100
+ updated_at = NOW()
101
+ WHERE email = admin_email
102
+ AND (raw_app_meta_data->>'role' IS NULL OR raw_app_meta_data->>'role' != 'super_admin');
103
+
104
+ IF FOUND THEN
105
+ RAISE NOTICE 'Updated existing user % to admin role', admin_email;
106
+ ELSE
107
+ RAISE NOTICE 'User % already exists with admin role', admin_email;
108
+ END IF;
109
+ END IF;
110
+ ELSE
111
+ RAISE NOTICE 'Skipping admin user creation - no admin email configured';
112
+ END IF;
113
+ END $$;
@@ -0,0 +1,114 @@
1
+ -- Create initial admin user in auth.users
2
+ -- This runs after Supabase GoTrue is initialized
3
+ -- Password hash is generated during project creation (plain password is never stored)
4
+
5
+ DO $$
6
+ DECLARE
7
+ admin_email TEXT := '{{ADMIN_EMAIL}}';
8
+ admin_password_hash TEXT := '{{ADMIN_PASSWORD_HASH}}';
9
+ new_user_id UUID;
10
+ BEGIN
11
+ -- Only create if admin email is provided and not empty
12
+ IF admin_email IS NOT NULL AND admin_email != '' THEN
13
+
14
+ -- Check if user already exists
15
+ IF NOT EXISTS (SELECT 1 FROM auth.users WHERE email = admin_email) THEN
16
+ -- Generate a new UUID for the user
17
+ new_user_id := gen_random_uuid();
18
+
19
+ -- Create admin user with bcrypt-hashed password
20
+ -- Note: GoTrue expects token columns to be empty strings, not NULL
21
+ INSERT INTO auth.users (
22
+ instance_id,
23
+ id,
24
+ aud,
25
+ role,
26
+ email,
27
+ encrypted_password,
28
+ email_confirmed_at,
29
+ confirmation_sent_at,
30
+ raw_app_meta_data,
31
+ raw_user_meta_data,
32
+ created_at,
33
+ updated_at,
34
+ confirmation_token,
35
+ recovery_token,
36
+ email_change_token_new,
37
+ email_change_token_current,
38
+ email_change,
39
+ phone,
40
+ phone_change,
41
+ phone_change_token,
42
+ reauthentication_token
43
+ ) VALUES (
44
+ '00000000-0000-0000-0000-000000000000',
45
+ new_user_id,
46
+ 'authenticated',
47
+ 'authenticated',
48
+ admin_email,
49
+ admin_password_hash,
50
+ NOW(),
51
+ NOW(),
52
+ jsonb_build_object(
53
+ 'provider', 'email',
54
+ 'providers', ARRAY['email'],
55
+ 'role', 'super_admin'
56
+ ),
57
+ '{"onboarding_completed": true}'::jsonb,
58
+ NOW(),
59
+ NOW(),
60
+ '',
61
+ '',
62
+ '',
63
+ '',
64
+ '',
65
+ '',
66
+ '',
67
+ '',
68
+ ''
69
+ );
70
+
71
+ -- Create identity record for email provider
72
+ INSERT INTO auth.identities (
73
+ id,
74
+ user_id,
75
+ identity_data,
76
+ provider,
77
+ provider_id,
78
+ last_sign_in_at,
79
+ created_at,
80
+ updated_at
81
+ ) VALUES (
82
+ gen_random_uuid(),
83
+ new_user_id,
84
+ jsonb_build_object(
85
+ 'sub', new_user_id::text,
86
+ 'email', admin_email,
87
+ 'email_verified', true
88
+ ),
89
+ 'email',
90
+ new_user_id::text,
91
+ NOW(),
92
+ NOW(),
93
+ NOW()
94
+ );
95
+
96
+ RAISE NOTICE 'Created admin user: % with id: %', admin_email, new_user_id;
97
+ ELSE
98
+ -- Update existing user to have super_admin role if they don't already
99
+ UPDATE auth.users
100
+ SET raw_app_meta_data = raw_app_meta_data || '{"role": "super_admin"}'::jsonb,
101
+ updated_at = NOW()
102
+ WHERE email = admin_email
103
+ AND (raw_app_meta_data->>'role' IS NULL OR raw_app_meta_data->>'role' != 'super_admin');
104
+
105
+ IF FOUND THEN
106
+ RAISE NOTICE 'Updated existing user % to admin role', admin_email;
107
+ ELSE
108
+ RAISE NOTICE 'User % already exists with admin role', admin_email;
109
+ END IF;
110
+ END IF;
111
+ ELSE
112
+ RAISE NOTICE 'Skipping admin user creation - no admin email configured';
113
+ END IF;
114
+ END $$;