From 670e1a87937b3cde11896c9d808af665e1538b57 Mon Sep 17 00:00:00 2001
From: weroperking <139503221+weroperking@users.noreply.github.com>
Date: Mon, 27 Apr 2026 02:07:41 +0300
Subject: [PATCH] Fix audit IP fallback and CLI typecheck errors

---
 packages/cli/src/commands/init.ts | 14 ++------------
 packages/cli/src/index.ts         | 19 +++++++++++--------
 packages/server/src/lib/audit.ts  |  9 +++++++--
 3 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/packages/cli/src/commands/init.ts b/packages/cli/src/commands/init.ts
index 419ace5..28fef29 100644
--- a/packages/cli/src/commands/init.ts
+++ b/packages/cli/src/commands/init.ts
@@ -1339,18 +1339,8 @@ export async function runInitCommand(rawOptions: InitCommandOptions): Promise<vo
 				}
 				// Clean up existing directory
 				try {
-					await Bun.write(projectPath + "/.keep", "");
-					const files = await Bun.file(projectPath).ls();
-					await Promise.all(
-						files.map(async (f) => {
-							const fullPath = path.resolve(projectPath, f.name);
-							await Bun.write(fullPath, "");
-						}),
-					);
-					await Bun.file(projectPath)
-						.delete()
-						.catch(() => {});
-					await Bun.mkdir(projectPath, { recursive: true }).catch(() => {});
+					await rm(projectPath, { recursive: true, force: true });
+					await mkdir(projectPath, { recursive: true });
 				} catch (err) {
 					logger.error(`Failed to clean directory: ${err}`);
 				}
diff --git a/packages/cli/src/index.ts b/packages/cli/src/index.ts
index 2ac3682..fd053ce 100644
--- a/packages/cli/src/index.ts
+++ b/packages/cli/src/index.ts
@@ -568,16 +568,19 @@ export function createProgram(): Command {
 				const { runApiKeyLogin } = await import("./commands/login");
 				let password = process.env.ADMIN_PASSWORD;
 				if (!password) {
-					const { default: prompts } = await import("prompts");
-					const result = await prompts({
-						type: "password",
-						name: "password",
-						message: "Admin password:",
-						validate: (p: string) => p.length >= 1,
-					});
+					const { default: inquirer } = await import("inquirer");
+					const result = await inquirer.prompt<{ password: string }>([
+						{
+							type: "password",
+							name: "password",
+							message: "Admin password:",
+							mask: "*",
+							validate: (value: string) => value.length >= 1 || "Password is required",
+						},
+					]);
 					password = result.password;
 				}
-				await runApiKeyLogin({ serverUrl: opts.url, email: opts.email, password });
+				await runApiKeyLogin({ serverUrl: opts.url, email: opts.email, password: password ?? "" });
 			} else {
 				await runLoginCommand({ serverUrl: opts.url });
 			}
diff --git a/packages/server/src/lib/audit.ts b/packages/server/src/lib/audit.ts
index 32dcf20..42240c8 100644
--- a/packages/server/src/lib/audit.ts
+++ b/packages/server/src/lib/audit.ts
@@ -73,9 +73,14 @@ export async function writeAuditLog(entry: AuditEntry): Promise<void> {
 
 // Helper: extract IP from Hono context
 export function getClientIp(headers: Headers): string {
-	const fromProxy = headers.get("x-real-ip") ?? headers.get("x-forwarded-for")?.split(",")[0]?.trim();
-	if (fromProxy) return fromProxy;
+	const fromForwardedFor = headers.get("x-forwarded-for")?.split(",")[0]?.trim();
+	if (fromForwardedFor) return fromForwardedFor;
+
+	const fromRealIp = headers.get("x-real-ip")?.trim();
+	if (fromRealIp) return fromRealIp;
+
 	const ua = headers.get("user-agent") ?? "";
+	if (!ua) return "unknown";
 	const fp = createHash("sha256").update(ua).digest("hex").slice(0, 16);
 	return `ua:${fp}`;
 }