import { IMPOSSIBLE, VersionInfo } from '@start9labs/start-sdk'

/**
 * v1.0.0:4 — eliminates the default-admin footgun.
 *
 * v1.0.0:1-3 shipped with `admin@local` / `workout123` baked into the
 * empty-schema fallback DB. Operators were SUPPOSED to rotate via
 * Settings or the StartOS Action immediately after install, but
 * "supposed to" is the kind of language that puts default credentials
 * into HaveIBeenPwned headlines.
 *
 * From v1.0.0:4 forward:
 *   - `prisma/seed.ts` only seeds the InstanceSettings singleton.
 *     No default admin, no UserPreferences, no curated exercises in
 *     the build-time fallback DB.
 *   - The StartOS Action `change-admin-credentials` (label: "Set
 *     admin credentials") now runs in CREATE mode when no admin
 *     exists — inserts the User row, inserts UserPreferences, and
 *     triggers ensureExerciseLibrary for the brand-new admin all in
 *     one shot. Operators run it once on install, then again only
 *     if they want to rotate.
 *   - The login page detects zero-admin state and shows a "needs
 *     setup" panel pointing at the StartOS Action. No more
 *     "I tried admin@local/workout123 and it failed, what's wrong"
 *     confusion for fresh installers.
 *
 * Backward compatible for upgrades from v1.0.0:1-3:
 *   - Your /data already has an admin user; the no-admin detection
 *     never triggers; login behaves identically to before.
 *   - The StartOS Action still works for rotation (UPDATE mode).
 */
export const v_1_0_0_4 = VersionInfo.of({
  version: '1.0.0:4',
  releaseNotes: {
    en_US:
      'Security: removes the default admin@local / workout123 credentials from fresh installs. The image now ships with no users; the operator must run the StartOS Action "Set admin credentials" to bootstrap the first admin before anyone can log in. Existing installs are unaffected — your admin row stays as-is and the action keeps working for rotation.',
  },
  migrations: {
    up: async () => {},
    down: IMPOSSIBLE,
  },
})