@crossdelta/platform-sdk 0.19.0 → 0.19.3

package/bin/config-CKQHYOF4.mjs

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import{A as g,B as h,C as i,D as j,E as k,F as l,G as m,H as n,u as a,v as b,w as c,x as d,y as e,z as f}from"./chunk-634PL24Z.mjs";export{n as discoverAvailableServices,b as findWorkspaceRoot,f as getContractsConfig,m as getGeneratorConfig,h as getPackageJsonField,e as getPfConfig,k as getPkgJson,g as getRootPackageScope,c as getWorkspacePackageJson,d as getWorkspacePathsConfig,a as isInWorkspace,l as pkgJson,j as readPackageConfig,i as updatePackageJsonField};

package/bin/docs/generators/code-style.md

@@ -94,3 +94,82 @@ z.string().datetime()
 // ❌ Deprecated
 z.string().email('Invalid')
 ```
+
+---
+
+## Type-Safe External Package Integration
+
+**NEVER use `any` types** - always create explicit type definitions for packages without TypeScript support.
+
+### Guidelines
+
+- ✅ Create type definitions based on API documentation
+- ✅ Prefer `type` over `interface` for simple object shapes
+- ✅ Use `const` with direct initialization
+- ✅ Use type assertions (`as Type`) only after explicit types
+- ❌ Never use `any`
+- ❌ Never use `let` + null + conditional initialization
+
+### Example (Pusher Beams)
+
+```ts
+// ❌ WRONG - Using any
+let client: any = new PushNotifications({ ... })
+
+// ❌ WRONG - let + null + conditional
+let client: BeamsClient | null = null
+if (!client) {
+  client = new PushNotifications({ ... }) as BeamsClient
+}
+
+// ✅ CORRECT - Explicit types + const + direct initialization
+type BeamsClient = {
+  publishToUsers: (userIds: string[], request: BeamsPublishRequest) => Promise<PublishResponse>
+}
+
+type BeamsPublishRequest = {
+  web?: {
+    notification?: {
+      title: string
+      body: string
+      deep_link?: string
+    }
+  }
+}
+
+type PublishResponse = {
+  publishId: string
+}
+
+const getBeamsClient = (): BeamsClient => {
+  if (!env.PUSHER_INSTANCE_ID || !env.PUSHER_SECRET_KEY) {
+    throw new Error('Missing Pusher Beams credentials')
+  }
+
+  return new PushNotifications({
+    instanceId: env.PUSHER_INSTANCE_ID,
+    secretKey: env.PUSHER_SECRET_KEY,
+  }) as BeamsClient
+}
+```
+
+### Why `type` over `interface`?
+
+- More flexible (unions, intersections, mapped types)
+- More concise for simple object shapes
+- Better for functional programming patterns
+- Standard in modern TypeScript codebases
+
+```ts
+// ✅ CORRECT - type
+type User = {
+  id: string
+  name: string
+}
+
+// ❌ AVOID - interface (only use for extensible APIs)
+interface User {
+  id: string
+  name: string
+}
+```

package/bin/docs/generators/natural-language.md

@@ -0,0 +1,117 @@
+# Natural Language Service Generation
+
+Generate services from natural language prompts using the capabilities system.
+
+## Quick Examples
+
+### 1. Freeform German
+```
+Erstelle notification-service, hört auf order.created, sendet Push via Pusher Beams an interest order-updates.
+```
+
+### 2. Semi-Structured
+```
+Service: notification-service | When: order.created | Do: push via pusher beams | Target: interest order-updates
+```
+
+### 3. HTTP Integration
+```
+Erstelle shipping-service, hört auf order.paid, ruft HTTP POST /shipments bei https://api.example.com auf.
+```
+
+## How It Works
+
+The capabilities pipeline parses your prompt:
+
+```
+NL Prompt
+    │
+    ▼ parseServicePrompt()
+ServiceSpec { serviceName, triggers, actions }
+    │
+    ▼ lowerSpecToCapabilities()
+CapabilityInvocation[]
+    │
+    ▼ registry.planAll()
+GenerationPlan (deterministic paths from policy)
+    │
+    ▼ generateFileContents()
+Generated Files
+```
+
+**Key:** AI extracts intent, but paths and structure come from policy—not AI.
+
+## Optional Defaults via package.json
+
+Configure workspace defaults in `package.json`:
+
+```json
+{
+  "pf": {
+    "capabilities": {
+      "notifier": {
+        "defaults": {
+          "push": "pusher-beams",
+          "email": "resend"
+        },
+        "providers": {
+          "push": {
+            "custom-provider": {
+              "dependencies": { "custom-sdk": "^1.0.0" },
+              "envVars": [
+                { "key": "CUSTOM_API_KEY", "description": "API key", "required": true }
+              ]
+            }
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+**Important:** Defaults are only applied when the prompt doesn't specify a provider. Explicit mentions in the prompt always win.
+
+## Supported Capabilities
+
+| Capability | Trigger/Action | Example |
+|------------|----------------|---------|
+| `event-consumer` | Trigger | "listens to order.created" |
+| `event-publisher` | Action | "emits order.shipped event" |
+| `notifier` | Action | "sends push via pusher beams" |
+| `http-endpoint` | Trigger | "POST /webhooks" |
+
+## Built-in Providers
+
+### Push Notifications
+- `pusher-beams` - Pusher Beams
+- `firebase` - Firebase Cloud Messaging
+- `onesignal` - OneSignal
+- `expo` - Expo Push Notifications
+
+### Email
+- `resend` - Resend
+- `sendgrid` - SendGrid
+- `ses` - AWS SES
+- `postmark` - Postmark
+
+### Slack
+- `slack-webhook` - Slack Webhook
+- `slack-api` - Slack Web API
+
+### SMS
+- `twilio` - Twilio
+- `vonage` - Vonage
+
+## Provider Detection
+
+The parser detects providers from your prompt:
+
+```typescript
+// These all detect "pusher-beams":
+"send push via Pusher Beams"
+"push notification using pusher-beams"
+"notify with PusherBeams"
+```
+
+If no provider is detected and no default is configured, elicitation prompts for selection.

package/bin/docs/generators/service.md

@@ -7,6 +7,45 @@
 
 ---
 
+## 🚨 pf MCP Flow (VERBINDLICH)
+
+### Architektur-Entscheidung
+
+Der `pf` MCP-Server ist ein **Planner**, nicht ein Code-Generator. Die AI (Copilot) generiert den Code.
+
+### Korrekter Flow
+
+```
+1. AI sammelt Kontext     →  mcp_pf_scan_workspace()
+2. AI ruft Generate auf   →  mcp_pf_generate_service(dryRun: true, prompt: "...")
+3. pf liefert Plan        →  { files: [...], postCommands: ["pf cloudevents add ..."], ... }
+4. 🆕 MCP verifiziert NPM  →  Automatisch via npm registry API
+5. 🆕 Falls Korrekturen   →  In diagnostics: "📦 Corrected pkg: ^1.3.3 → ^1.2.7"
+6. AI führt postCommands aus → `pf cloudevents add order.created --service services/my-service`
+7. AI generiert Code      →  NUR für adapters/use-cases, NICHT für handlers!
+8. User OK Gate           →  User bestätigt Plan mit korrekten Versionen
+9. AI ruft Apply auf      →  mcp_pf_apply_changes(changes: [...])
+```
+
+### ✅ DO (korrekt)
+
+- `mcp_pf_generate_service(dryRun: true)` → Plan holen
+- **`postCommands` ausführen** → `pf cloudevents add` erstellt Handler automatisch!
+- AI generiert nur adapters/use-cases basierend auf `files[].intent`
+- `mcp_pf_apply_changes()` nur nach User-OK
+- `expectedPlanHash` für Drift-Detection nutzen
+
+### ❌ DON'T (verboten)
+
+- **KEINE Handler selbst schreiben!** → `pf cloudevents add` benutzen
+- Kein `dryRun: false` ohne vorherige Preview
+- Kein Code in Capabilities einbauen (nur `intent` + `inputs`)
+- Kein "builtin provider catalogue" mit Templates
+- Keine direkten File-Writes während Generate
+- Kein Package.json direkt editieren wenn `deps:add` Effect existiert
+
+---
+
 ## 🚨 CRITICAL: Port Configuration
 
 Services MUST read their port from environment variables using this pattern:
@@ -106,10 +145,10 @@ pf new hono-micro services/order-processing -y
 ```
 
 ```post-commands
-pf event add order.created --service services/order-processing
+pf cloudevents add order.created --service services/order-processing
 ```
 
-**What `pf event add` does:**
+**What `pf cloudevents add` does:**
 - Creates `packages/contracts/src/events/orders/created.mock.json` (test mock)
 - Adds export to `packages/contracts/src/index.ts`
 - Skips contract creation if already exists (AI's schema is preserved!)
@@ -119,10 +158,10 @@ pf event add order.created --service services/order-processing
 **Step 1: Create contract with CLI**
 ```bash
 # Create contract with schema
-pf event add order.created --fields "orderId:string,total:number,customerId:string"
+pf cloudevents add order.created --fields "orderId:string,total:number,customerId:string"
 
 # Or with JSON schema
-pf event add order.created --schema '{"orderId":"string","total":"number"}'
+pf cloudevents add order.created --schema '{"orderId":"string","total":"number"}'
 ```
 
 **Step 2: Scaffold service**
@@ -132,7 +171,7 @@ pf new hono-micro services/order-processing
 
 **Step 3: Register event and create handler**
 ```bash
-pf event add order.created --service services/order-processing
+pf cloudevents add order.created --service services/order-processing
 # Creates: src/events/order-created.handler.ts (singular!)
 ```
 
@@ -172,6 +211,57 @@ pf dev  # Starts NATS + creates ephemeral streams from contracts + all services
 
 **Stream Creation:** `pf dev` scans `packages/contracts/src/index.ts` for contracts with `channel.stream` metadata and creates ephemeral streams automatically. No manual stream creation needed!
 
+---
+
+## 🚨 CRITICAL: Package Version Verification
+
+**Package versions are automatically verified and corrected by the MCP server.**
+
+### The Problem
+
+AI training data is outdated → may suggest versions that don't exist:
+
+```bash
+❌ "@pusher/push-notifications-server": "^1.3.3"  # Doesn't exist!
+✅ "@pusher/push-notifications-server": "^1.2.7"  # Actual latest
+```
+
+### The Solution
+
+The pf MCP server automatically:
+1. Detects package.json in generated files
+2. Fetches latest versions from npm registry
+3. Corrects mismatched versions
+4. Reports corrections in diagnostics
+
+**Example Output:**
+```
+📦 Corrected @pusher/push-notifications-server: ^1.3.3 → ^1.2.7
+```
+
+### Implementation
+
+Located in `packages/pf-mcp/src/tools/services-generate/npm-verifier.ts`:
+
+- **Pure functions**: parsePackageJson, extractNpmPackages
+- **IO adapter**: fetchNpmVersion (npm registry API)
+- **Higher-order**: verifyAndCorrectVersions
+
+**Integration point**: `mode-nl.ts` after scaffold generation, before returning plan
+
+### What Gets Verified
+
+- ✅ All external npm packages
+- ❌ Skips `workspace:*` packages (internal monorepo)
+- ❌ Skips `@crossdelta/*` packages (platform packages)
+- ❌ Skips `@orderboss/*` packages (workspace packages)
+
+### No AI Action Required
+
+This is handled entirely by the MCP server - AI does not need to verify packages manually.
+
+---
+
 ### 4️⃣ **Deploy to Production**
 
 ```bash
@@ -249,15 +339,19 @@ The exact command depends on the framework - see the framework-specific docs:
 **For Event Consumer services, include a `post-commands` block with ALL events:**
 
 ```post-commands
-pf event add order.created --service services/my-service
-pf event add customer.updated --service services/my-service
+pf cloudevents add order.created --service services/my-service --fields "id:string"
+pf cloudevents add customer.updated --service services/my-service --fields "id:string"
 ```
 
-**What `pf event add` creates:**
-- `packages/contracts/src/events/<event>.mock.json` - Test mock data
+**⚠️ CRITICAL: Always include `--fields` to skip interactive prompts!**
+
+**What `pf cloudevents add` creates:**
+- `packages/contracts/src/events/<domain>/<event>.ts` - Contract with schema
+- `packages/contracts/src/events/<domain>/<event>.mock.json` - Test mock data
+- `services/<service>/src/events/<event>.handler.ts` - Event handler
 - Adds export to `packages/contracts/src/index.ts`
 
-**⚠️ IMPORTANT:** `pf event add` skips contract creation if it already exists - so YOUR contract with the correct schema is preserved!
+**⚠️ IMPORTANT:** `pf cloudevents add` skips contract creation if it already exists - so YOUR contract with the correct schema is preserved!
 
 ---
 
@@ -285,49 +379,33 @@ Export named 'OrderCreatedContract' not found in module 'packages/contracts/src/
 
 1. **`packages/contracts/src/events/<domain>/<event>.ts`** - Contract with correct schema fields in domain-grouped structure (e.g., `events/orders/created.ts`)
 2. **`packages/contracts/src/index.ts`** - ⚠️ **ADD EXPORT** for the contract (CRITICAL!)
-3. **`src/events/<event>.handler.ts`** - Event handler that calls the use-case
-4. **`src/use-cases/*.use-case.ts`** - Business logic (called by handlers)
-5. **`src/use-cases/*.test.ts`** - Tests for use-cases
+3. **`src/use-cases/*.use-case.ts`** - Business logic (called by handlers)
+4. **`src/use-cases/*.test.ts`** - Tests for use-cases
+5. **`src/adapters/*.adapter.ts`** - External service integrations (if needed)
 6. **`README.md`** - Documentation
 
-**⚠️ DO NOT generate `src/index.ts` or `src/main.ts`** - These are created by `pf new` with correct port config!
-
-### Handler Location (CRITICAL!)
-
-**⚠️ MUST be in `src/events/*.handler.ts` - NEVER in `handlers/` subdirectory**
-
-```
-✅ CORRECT:
-services/my-service/src/events/
-├── order-created.handler.ts
-└── customer-updated.handler.ts
-
-❌ WRONG:
-services/my-service/src/events/handlers/  # NEVER create!
-```
-
-### Handler Export Pattern
+**⚠️ DO NOT generate these files** - They are created by CLI commands:
+- `src/index.ts` or `src/main.ts` - Created by `pf new`
+- `src/events/*.handler.ts` - Created by `pf cloudevents add`
 
-```ts
-// ✅ CORRECT: Default export
-export default handleEvent(OrdersCreatedContract, async (data) => { ... })
+### Handler Creation (CRITICAL!)
 
-// ❌ WRONG: Named export
-export const OrdersCreatedHandler = handleEvent(...)
-```
+**Handlers are created by `pf cloudevents add`, NOT by AI!**
 
-### Handler Logging
-
-**Handlers must be thin** - use `console.log` for logging, then delegate to use-case/service:
-
-```ts
-export default handleEvent(OrdersCreatedContract, async (data) => {
-  console.log(`[order.created] Processing orderId=${data.orderId}`)  // ✅ console.log
-  await processOrder(data)
-})
+```bash
+# This command creates the handler automatically:
+pf cloudevents add order.created --service services/my-service --fields "id:string"
+# → Creates: src/events/order-created.handler.ts
+# → Creates: packages/contracts/src/events/orders/created.mock.json
+# → Updates: packages/contracts/src/index.ts (adds export)
 ```
 
-**Services/use-cases** can use structured logging (NestJS: `new Logger(ServiceName.name)`).
+**Why `pf cloudevents add` instead of AI generation?**
+- ✅ Consistent handler structure
+- ✅ Correct imports from contracts
+- ✅ Proper mock file generation
+- ✅ Contract export management
+- ✅ No hallucinated code
 
 ---
 
@@ -362,18 +440,6 @@ export const OrdersCreatedContract = createContract({
 export * from './events/orders/created'
 ```
 
-#### `src/events/order-created.handler.ts`
-```ts
-import { handleEvent } from '@crossdelta/cloudevents'
-import { OrdersCreatedContract, type OrderCreatedData } from '{workspaceScope}/contracts'
-import { processOrder } from '../use-cases/process-order.use-case'
-
-export default handleEvent(OrdersCreatedContract, async (data: OrderCreatedData) => {
-  console.log('📦 Processing order:', data.orderId)
-  await processOrder(data)
-})
-```
-
 #### `src/use-cases/process-order.use-case.ts`
 ```ts
 import type { OrderCreatedData } from '{workspaceScope}/contracts'
@@ -384,7 +450,7 @@ export const processOrder = async (data: OrderCreatedData): Promise<void> => {
 ```
 
 ```post-commands
-pf event add order.created --service services/my-service
+pf cloudevents add order.created --service services/my-service --fields "id:string"
 ```
 
 ```dependencies
@@ -581,7 +647,7 @@ consumeJetStreams({
 | Block | Purpose |
 |-------|---------|
 | `commands` | Scaffolds service (REQUIRED FIRST) |
-| `post-commands` | Runs after files created (e.g., `pf event add`) |
+| `post-commands` | Runs after files created (e.g., `pf cloudevents add`) |
 | `dependencies` | Extra npm packages (NOT `@crossdelta/*`) |
 
 **When adding dependencies:**
@@ -591,6 +657,7 @@ consumeJetStreams({
 - ✅ Prefer packages with TypeScript definitions (`@types/*` or built-in)
 - ✅ Check GitHub for recent activity and TypeScript support
 - ⚠️ If using an unfamiliar package, mention: "Check official docs for latest API"
+- ⚠️ **For packages without TS support, see [code-style.md](code-style.md#type-safe-external-package-integration)**
 
 ---
 
@@ -637,6 +704,7 @@ packages/contracts/src/events/
 - ❌ Insert semicolons
 - ❌ Create contracts without adding exports to `packages/contracts/src/index.ts`
 - ❌ Create `use-cases/` folder in NestJS (use Services instead)
+- ❌ **Use `any` types** - see [code-style.md](code-style.md#type-safe-external-package-integration)
 
 **DO:**
 - ✅ Contracts in `packages/contracts/src/events/`
@@ -649,3 +717,4 @@ packages/contracts/src/events/
 - ✅ Use current, non-deprecated APIs - check package documentation
 - ✅ Prefer TypeScript-first packages with good type definitions
 - ✅ Check npm for latest package versions and breaking changes
+- ✅ **Follow [code-style.md](code-style.md) for type-safe patterns**

package/bin/templates/hono-microservice/Dockerfile.hbs

@@ -5,9 +5,11 @@ FROM oven/bun:${BUN_VERSION}-alpine AS production
 WORKDIR /app
 
 COPY bunfig.toml package.json ./
+COPY packages ./packages
 COPY src ./src
 
-RUN --mount=type=secret,id=NPM_TOKEN \
+RUN --mount=type=cache,target=/root/.bun/install/cache \
+    --mount=type=secret,id=NPM_TOKEN \
   export NPM_TOKEN="$(cat /run/secrets/NPM_TOKEN)" && \
   bun install --production --omit=optional
 

package/bin/templates/hono-microservice/src/config/env.ts.hbs

@@ -2,6 +2,9 @@ import { z } from 'zod'
 
 const envSchema = z.object({
   {{envKey}}_PORT: z.string().optional(),
+{{#each envVars}}
+  {{key}}: z.string().min(1, '{{key}} is required'),
+{{/each}}
 })
 
 const result = envSchema.safeParse(process.env)

package/bin/templates/nest-microservice/Dockerfile.hbs

@@ -6,9 +6,11 @@ FROM oven/bun:${BUN_VERSION}-alpine AS builder
 WORKDIR /app
 
 COPY package.json tsconfig*.json nest-cli.json ./
+COPY packages ./packages
 COPY src ./src
 
-RUN --mount=type=secret,id=NPM_TOKEN \
+RUN --mount=type=cache,target=/root/.bun/install/cache \
+    --mount=type=secret,id=NPM_TOKEN \
   export NPM_TOKEN="$(cat /run/secrets/NPM_TOKEN)" && \
   bun install
 
@@ -19,8 +21,10 @@ FROM oven/bun:${BUN_VERSION}-alpine AS deps
 WORKDIR /app
 
 COPY package.json ./
+COPY packages ./packages
 
-RUN --mount=type=secret,id=NPM_TOKEN \
+RUN --mount=type=cache,target=/root/.bun/install/cache \
+    --mount=type=secret,id=NPM_TOKEN \
   export NPM_TOKEN="$(cat /run/secrets/NPM_TOKEN)" && \
   bun install --production --omit=optional
 

package/bin/templates/nest-microservice/src/config/env.ts.hbs

@@ -0,0 +1,17 @@
+import { z } from 'zod'
+
+const envSchema = z.object({
+  {{envKey}}_PORT: z.string().optional(),
+{{#each envVars}}
+  {{key}}: z.string().min(1, '{{key}} is required'),
+{{/each}}
+})
+
+const result = envSchema.safeParse(process.env)
+if (!result.success) {
+  console.error('❌ Environment validation failed:')
+  console.error(result.error.format())
+  process.exit(1)
+}
+
+export const env = result.data

package/bin/templates/nest-microservice/src/main.ts.hbs

@@ -1,4 +1,5 @@
-// IMPORTANT: telemetry must be imported first to patch modules before they're loaded
+// IMPORTANT: env validation must be first to fail fast on missing config
+import './config/env'
 import '@crossdelta/telemetry'
 
 import { env } from 'node:process'

package/bin/templates/workspace/.github/actions/prepare-build-context/action.yml

@@ -29,7 +29,7 @@ runs:
         # Copy bun.lock from json folder
         cp "out/${{ inputs.scope-short-name }}/json/bun.lock" "$CONTEXT_DIR/"
         
-        # Flatten: move service/app files to root of contexti
+        # Flatten: move service/app files to root of context
         if [ -d "$CONTEXT_DIR/$SCOPE_DIR" ]; then
           # Copy all files and directories from the scope dir to context root
           cp -r "$CONTEXT_DIR/$SCOPE_DIR"/. "$CONTEXT_DIR/"
@@ -38,12 +38,64 @@ runs:
           rm -rf "$CONTEXT_DIR/$SCOPE_DIR"
         fi
         
-        # Remove packages and apps/services dirs (dependencies come from registry)
-        rm -rf "$CONTEXT_DIR/packages" "$CONTEXT_DIR/apps" "$CONTEXT_DIR/services"
+        # Remove apps and services dirs (flattened above)
+        rm -rf "$CONTEXT_DIR/apps" "$CONTEXT_DIR/services"
         
-        # Clean up root package.json workspaces
         cd "$CONTEXT_DIR"
-        jq 'del(.workspaces)' package.json > package.json.tmp
-        mv package.json.tmp package.json
+        
+        # Replace workspace:* with npm versions for published packages
+        # so bun install fetches pre-built packages from registry (with dist/)
+        # Private packages stay as workspace deps (Bun resolves their .ts source)
+        if [ -d "packages" ]; then
+          for pkg_dir in packages/*/; do
+            [ -f "$pkg_dir/package.json" ] || continue
+            
+            pkg_name=$(jq -r '.name' "$pkg_dir/package.json")
+            is_private=$(jq -r '.private // false' "$pkg_dir/package.json")
+            pkg_version=$(jq -r '.version // empty' "$pkg_dir/package.json")
+            
+            if [ "$is_private" = "true" ] || [ -z "$pkg_version" ]; then
+              echo "  keeping workspace dep: $pkg_name (private)"
+              continue
+            fi
+            
+            echo "  replacing workspace:* → ^$pkg_version for $pkg_name"
+            
+            # Replace in dependencies and devDependencies
+            for field in dependencies devDependencies; do
+              if jq -e ".${field}[\"${pkg_name}\"]" package.json > /dev/null 2>&1; then
+                jq ".${field}[\"${pkg_name}\"] = \"^${pkg_version}\"" package.json > package.json.tmp
+                mv package.json.tmp package.json
+              fi
+            done
+            
+            # Also update private packages that depend on this published package
+            for other_pkg in packages/*/; do
+              [ -f "$other_pkg/package.json" ] || continue
+              for field in dependencies devDependencies; do
+                if jq -e ".${field}[\"${pkg_name}\"]" "$other_pkg/package.json" > /dev/null 2>&1; then
+                  jq ".${field}[\"${pkg_name}\"] = \"^${pkg_version}\"" "$other_pkg/package.json" > "$other_pkg/package.json.tmp"
+                  mv "$other_pkg/package.json.tmp" "$other_pkg/package.json"
+                fi
+              done
+            done
+            
+            # Remove published package dir (will be installed from npm)
+            rm -rf "$pkg_dir"
+          done
+        fi
+        
+        # Set workspace config for remaining private packages, or remove it
+        if [ -d "packages" ] && [ -n "$(ls -A packages/ 2>/dev/null)" ]; then
+          jq '.workspaces = ["packages/*"]' package.json > package.json.tmp
+          mv package.json.tmp package.json
+        else
+          rm -rf packages
+          jq 'del(.workspaces)' package.json > package.json.tmp
+          mv package.json.tmp package.json
+        fi
+        
+        # Ensure packages/ dir exists (Dockerfiles COPY it even when empty)
+        mkdir -p packages
         
         echo "context-dir=$CONTEXT_DIR" >> "$GITHUB_OUTPUT"