feat: migrate website-creator from Next.js+Payload to Astro+Tina CMS

Major changes:
- Replace Payload CMS with Tina CMS (self-hosted)
- Add Astro DB for consent logging (PDPA compliant)
- Update Tailwind v3 to v4 (@tailwindcss/vite plugin)
- Add astro-tina-starter template
- Rewrite consent template for Astro (ConsentBanner.astro, Astro DB, Nano Stores)
- Add install-tina-backend.sh for self-hosted Tina per customer
- Rename convert-astro.sh to migrate-tina.sh
- Add AGENTS.md template for generated websites
- Delete all Payload/Next.js files

Technical updates:
- Astro DB using defineDb with eq operators for queries
- Tailwind v4 with @theme block
- Tina CMS local development mode
- Proper Astro API routes for consent

Research-verified with official documentation (April 2026)

skills/website-creator/templates/consent/api/consent.ts

@@ -0,0 +1,120 @@
+import type { APIRoute } from 'astro';
+import { db, eq } from 'astro:db';
+import { ConsentLog } from '../db/config';
+
+export const POST: APIRoute = async ({ request, clientAddress }) => {
+  try {
+    const body = await request.json();
+
+    const {
+      action = 'accept',
+      purpose = 'all',
+      analytics = false,
+      marketing = false,
+      functional = false,
+    } = body;
+
+    const ip = clientAddress || 'unknown';
+    const userAgent = request.headers.get('user-agent') || 'unknown';
+
+    const doc = await db.insert(ConsentLog).values({
+      action,
+      purpose,
+      analytics,
+      marketing,
+      functional,
+      ip,
+      userAgent,
+      timestamp: new Date(),
+    });
+
+    return new Response(JSON.stringify({
+      success: true,
+      doc,
+    }), {
+      status: 200,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    console.error('Consent API error:', error);
+    return new Response(JSON.stringify({
+      success: false,
+      error: 'Failed to log consent',
+    }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};
+
+export const GET: APIRoute = async ({ request }) => {
+  try {
+    const url = new URL(request.url);
+    const sessionId = url.searchParams.get('sessionId');
+
+    let docs;
+    if (sessionId) {
+      docs = await db.select().from(ConsentLog).where(
+        eq(ConsentLog.sessionId, sessionId)
+      );
+    } else {
+      docs = await db.select().from(ConsentLog);
+    }
+
+    return new Response(JSON.stringify({
+      success: true,
+      docs,
+    }), {
+      status: 200,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    console.error('Consent GET error:', error);
+    return new Response(JSON.stringify({
+      success: false,
+      error: 'Failed to retrieve consent logs',
+    }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};
+
+export const DELETE: APIRoute = async ({ request }) => {
+  try {
+    const url = new URL(request.url);
+    const sessionId = url.searchParams.get('sessionId');
+
+    if (!sessionId) {
+      return new Response(JSON.stringify({
+        success: false,
+        error: 'sessionId is required',
+      }), {
+        status: 400,
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }
+
+    const deleted = await db.delete(ConsentLog).where(
+      eq(ConsentLog.sessionId, sessionId)
+    );
+
+    return new Response(JSON.stringify({
+      success: true,
+      deleted,
+      message: 'All consent records for this session have been deleted',
+    }), {
+      status: 200,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  } catch (error) {
+    console.error('Right to be forgotten error:', error);
+    return new Response(JSON.stringify({
+      success: false,
+      error: 'Failed to delete consent records',
+    }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    });
+  }
+};