@forgeailab/create-spark 0.1.0 → 0.1.2

package/packs/auth-better-auth/files/lib/auth.ts

@@ -0,0 +1,21 @@
+import { createAuth as createBetterAuth } from '@forgeailab/spark-auth-better-auth';
+
+// Wire your database adapter here. Example (drizzle + sqlite):
+//
+//   import { drizzleAdapter } from '@better-auth/drizzle-adapter';
+//   import { db } from '@/lib/db';
+//   import * as schema from '@/lib/db/schema';
+//   const adapter = drizzleAdapter(db, { provider: 'sqlite', schema });
+//
+// Then pass the adapter into createAuth({ adapter, ... }).
+
+export const auth = createBetterAuth({
+  adapter: undefined as never, // TODO: replace with your drizzle adapter
+  secret: process.env.BETTER_AUTH_SECRET!,
+  baseURL: process.env.BETTER_AUTH_URL,
+  emailAndPassword: {
+    enabled: true,
+  },
+});
+
+export type Auth = typeof auth;

package/packs/auth-better-auth/pack.toml

@@ -0,0 +1,32 @@
+name = "auth-better-auth"
+version = "1.0.0"
+category = "auth"
+description = "Better Auth route handler, auth instance, and login page for Next.js."
+provides = ["auth"]
+requires = ["db"]
+conflicts = ["auth"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+[runtime_package]
+package = "@forgeailab/spark-auth-better-auth"
+version = "^0.1"
+
+[dependencies]
+runtime = ["@better-auth/drizzle-adapter"]
+
+[env]
+required = ["BETTER_AUTH_SECRET", "BETTER_AUTH_URL"]
+
+[[files]]
+mode = "create"
+from = "lib/auth.ts"
+to = "lib/auth.ts"
+
+[[files]]
+mode = "create"
+from = "app/api/auth/[...all]/route.ts"
+to = "app/api/auth/[...all]/route.ts"
+
+[tasks]
+file = "tasks.yaml"

package/packs/auth-better-auth/tasks.yaml

@@ -0,0 +1,10 @@
+epic: Auth
+tasks:
+  - id: AUTH-101
+    title: Wire auth instance to active db adapter
+    acceptance:
+      - Better Auth persists users, sessions, and accounts through the active db adapter
+  - id: AUTH-102
+    title: Configure OAuth providers (Google/GitHub)
+    acceptance:
+      - Google and GitHub OAuth providers can complete a sign-in flow

package/packs/auth-better-auth-pg/files/app/api/auth/[...all]/route.ts

@@ -0,0 +1,4 @@
+import { createAuthHandler } from '@forgeailab/spark-auth-better-auth';
+import { auth } from '@/lib/auth';
+
+export const { GET, POST } = createAuthHandler(auth);

package/packs/auth-better-auth-pg/files/lib/auth.ts

@@ -0,0 +1,86 @@
+import { drizzleAdapter } from '@better-auth/drizzle-adapter';
+import { createAuth as createBetterAuth } from '@forgeailab/spark-auth-better-auth';
+import { db } from '@/lib/db';
+import * as schema from '@/lib/db/schema';
+
+// Postgres-flavored Better Auth wiring. Pair this pack with `db-postgres`
+// (or `db-supabase`), and add the four Better Auth tables to your
+// `lib/db/schema.ts`: `user`, `session`, `account`, `verification`. Snake-case
+// column names are what Better Auth expects.
+
+const DEV_SECRET =
+  'reference-dev-secret-change-me-reference-dev-secret-change-me';
+
+function env(name: string, fallback: string): string {
+  return process.env[name] ?? fallback;
+}
+
+function resolveTrustedOrigins(baseURL: string): string[] {
+  const fromEnv = process.env.BETTER_AUTH_TRUSTED_ORIGINS;
+  if (fromEnv) {
+    return fromEnv
+      .split(',')
+      .map((s) => s.trim())
+      .filter(Boolean);
+  }
+
+  const origins = new Set<string>([baseURL]);
+
+  // In dev, Next.js auto-bumps the port when 3000 is busy. Trust common
+  // localhost ports so signup doesn't break with "Invalid origin" just because
+  // another server already owns 3000. Override via BETTER_AUTH_TRUSTED_ORIGINS
+  // for production lockdown.
+  if (process.env.NODE_ENV !== 'production') {
+    for (const port of [3000, 3001, 3002, 3003, 3010, 4000, 5173, 8080]) {
+      origins.add(`http://localhost:${port}`);
+      origins.add(`http://127.0.0.1:${port}`);
+    }
+  }
+
+  return [...origins];
+}
+
+export function createAuthDatabase() {
+  return drizzleAdapter(db, {
+    provider: 'pg',
+    schema: {
+      ...schema,
+      // Map your Drizzle table exports to the names Better Auth uses. Uncomment
+      // these once your schema has the matching tables (or use these names
+      // directly in your schema and drop the aliases).
+      // user: schema.users,
+      // session: schema.sessions,
+      // account: schema.accounts,
+      // verification: schema.verifications,
+    },
+  });
+}
+
+type CreateAuthOptions = {
+  database?: ReturnType<typeof createAuthDatabase>;
+};
+
+export function createAuth(options: CreateAuthOptions = {}) {
+  const baseURL = env('BETTER_AUTH_URL', 'http://localhost:3000');
+
+  return createBetterAuth({
+    adapter: options.database ?? createAuthDatabase(),
+    baseURL,
+    secret: env('BETTER_AUTH_SECRET', DEV_SECRET),
+    trustedOrigins: resolveTrustedOrigins(baseURL),
+    emailAndPassword: {
+      enabled: true,
+    },
+    // Uncomment to enable GitHub OAuth. Add env vars to your .env.local and
+    // register the OAuth app at https://github.com/settings/developers.
+    // socialProviders: {
+    //   github: {
+    //     clientId: env('GITHUB_CLIENT_ID', 'github-client-id'),
+    //     clientSecret: env('GITHUB_CLIENT_SECRET', 'github-client-secret'),
+    //   },
+    // },
+  });
+}
+
+export const auth = createAuth();
+export type Auth = typeof auth;

package/packs/auth-better-auth-pg/pack.toml

@@ -0,0 +1,32 @@
+name = "auth-better-auth-pg"
+version = "1.0.0"
+category = "auth"
+description = "Better Auth wired to Postgres via Drizzle. Pairs with db-postgres or db-supabase."
+provides = ["auth"]
+requires = ["db-pg"]
+conflicts = ["auth"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+[runtime_package]
+package = "@forgeailab/spark-auth-better-auth"
+version = "^0.1"
+
+[dependencies]
+runtime = ["@better-auth/drizzle-adapter"]
+
+[env]
+required = ["BETTER_AUTH_SECRET", "BETTER_AUTH_URL"]
+
+[[files]]
+mode = "create"
+from = "lib/auth.ts"
+to = "lib/auth.ts"
+
+[[files]]
+mode = "create"
+from = "app/api/auth/[...all]/route.ts"
+to = "app/api/auth/[...all]/route.ts"
+
+[tasks]
+file = "tasks.yaml"

package/packs/auth-better-auth-pg/tasks.yaml

@@ -0,0 +1,17 @@
+epic: Auth
+tasks:
+  - id: AUTH-201
+    title: Add Better Auth tables to your Drizzle schema
+    acceptance:
+      - lib/db/schema.ts defines user, session, account, verification with pgTable
+      - Snake-case columns (email_verified, expires_at, user_id, etc.) match Better Auth contract
+      - `bun drizzle-kit push` applies the new tables to Postgres
+  - id: AUTH-202
+    title: Map schema exports in lib/auth.ts
+    acceptance:
+      - `createAuthDatabase()` passes drizzleAdapter the four required schema aliases
+      - `bunx tsc --noEmit` is clean
+  - id: AUTH-203
+    title: Configure OAuth providers (Google/GitHub) if needed
+    acceptance:
+      - `socialProviders` set in createAuth options with env-backed credentials

package/packs/auth-supabase/files/app/(auth)/login/page.tsx

@@ -0,0 +1,64 @@
+import type { Provider } from '@supabase/supabase-js';
+import { headers } from 'next/headers';
+import { redirect } from 'next/navigation';
+import { createSupabaseServerClient } from '@/lib/supabase/server';
+
+async function signInWithOAuth(formData: FormData) {
+  'use server';
+
+  const rawProvider = formData.get('provider');
+  if (rawProvider !== 'github' && rawProvider !== 'google') {
+    redirect('/login?error=unsupported-provider');
+  }
+
+  const provider: Provider = rawProvider;
+  const requestHeaders = await headers();
+  const origin = requestHeaders.get('origin') ?? 'http://localhost:3000';
+  const supabase = await createSupabaseServerClient();
+  const { data, error } = await supabase.auth.signInWithOAuth({
+    provider,
+    options: {
+      redirectTo: `${origin}/auth/callback`,
+    },
+  });
+
+  if (error) {
+    redirect(`/login?error=${encodeURIComponent(error.message)}`);
+  }
+
+  if (data.url) {
+    redirect(data.url);
+  }
+
+  redirect('/login?error=missing-redirect-url');
+}
+
+export default function LoginPage() {
+  return (
+    <main className="mx-auto flex min-h-screen w-full max-w-sm flex-col justify-center px-6">
+      <div className="space-y-2">
+        <h1 className="text-2xl font-semibold tracking-tight">Sign in</h1>
+        <p className="text-sm text-muted-foreground">Choose an OAuth provider to continue.</p>
+      </div>
+
+      <form action={signInWithOAuth} className="mt-8 grid gap-3">
+        <button
+          className="inline-flex h-10 items-center justify-center rounded-md border border-input bg-background px-4 text-sm font-medium hover:bg-accent hover:text-accent-foreground"
+          name="provider"
+          type="submit"
+          value="github"
+        >
+          Continue with GitHub
+        </button>
+        <button
+          className="inline-flex h-10 items-center justify-center rounded-md border border-input bg-background px-4 text-sm font-medium hover:bg-accent hover:text-accent-foreground"
+          name="provider"
+          type="submit"
+          value="google"
+        >
+          Continue with Google
+        </button>
+      </form>
+    </main>
+  );
+}

package/packs/auth-supabase/files/app/auth/callback/route.ts

@@ -0,0 +1,15 @@
+import { NextResponse, type NextRequest } from 'next/server';
+import { createSupabaseServerClient } from '@/lib/supabase/server';
+
+export async function GET(request: NextRequest) {
+  const requestUrl = new URL(request.url);
+  const code = requestUrl.searchParams.get('code');
+  const next = requestUrl.searchParams.get('next') ?? '/';
+
+  if (code) {
+    const supabase = await createSupabaseServerClient();
+    await supabase.auth.exchangeCodeForSession(code);
+  }
+
+  return NextResponse.redirect(new URL(next, requestUrl.origin));
+}

package/packs/auth-supabase/files/middleware.ts

@@ -0,0 +1,41 @@
+import { createServerClient } from '@supabase/ssr';
+import { NextResponse, type NextRequest } from 'next/server';
+
+export async function middleware(request: NextRequest) {
+  let response = NextResponse.next({
+    request,
+  });
+
+  const supabase = createServerClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll() {
+          return request.cookies.getAll();
+        },
+        setAll(cookiesToSet) {
+          cookiesToSet.forEach(({ name, value }) => {
+            request.cookies.set(name, value);
+          });
+
+          response = NextResponse.next({
+            request,
+          });
+
+          cookiesToSet.forEach(({ name, value, options }) => {
+            response.cookies.set(name, value, options);
+          });
+        },
+      },
+    },
+  );
+
+  await supabase.auth.getUser();
+
+  return response;
+}
+
+export const config = {
+  matcher: ['/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)'],
+};

package/packs/auth-supabase/pack.toml

@@ -0,0 +1,34 @@
+name = "auth-supabase"
+version = "1.0.0"
+category = "auth"
+description = "Supabase Auth routes, login page, and session middleware for Next.js."
+provides = ["auth"]
+requires = ["db-pg"]
+conflicts = ["auth"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+# NOTE: This pack is meaningfully compatible only when db-supabase is the installed db provider.
+
+[dependencies]
+runtime = ["@supabase/supabase-js", "@supabase/ssr"]
+
+[env]
+required = ["NEXT_PUBLIC_SUPABASE_URL", "NEXT_PUBLIC_SUPABASE_ANON_KEY"]
+
+[[files]]
+mode = "create"
+from = "app/auth/callback/route.ts"
+to = "app/auth/callback/route.ts"
+
+# The nextjs template ships app/(auth)/login/page.tsx as a placeholder;
+# Supabase users wire the supabase client into that template-owned file rather
+# than overwriting it from the pack.
+
+[[files]]
+mode = "create"
+from = "middleware.ts"
+to = "middleware.ts"
+
+[tasks]
+file = "tasks.yaml"

package/packs/auth-supabase/tasks.yaml

@@ -0,0 +1,10 @@
+epic: Auth
+tasks:
+  - id: AUTH-001
+    title: Configure OAuth provider in Supabase dashboard
+    acceptance:
+      - Supabase OAuth provider completes sign-in through /auth/callback
+  - id: AUTH-002
+    title: Add protected route example
+    acceptance:
+      - Anonymous users are redirected away from the protected route example

package/packs/db-postgres/files/compose/postgres.yml

@@ -0,0 +1,28 @@
+services:
+  postgres:
+    image: postgres:16
+    restart: unless-stopped
+    command:
+      - postgres
+      - -c
+      - wal_level=logical
+      - -c
+      - max_wal_senders=10
+      - -c
+      - max_replication_slots=10
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-app}
+      POSTGRES_USER: ${POSTGRES_USER:-app}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-app}
+    ports:
+      - "${POSTGRES_PORT:-5432}:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-app} -d ${POSTGRES_DB:-app}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  postgres_data:

package/packs/db-postgres/files/docker-compose.include.yml

@@ -0,0 +1 @@
+  - compose/postgres.yml

package/packs/db-postgres/files/docker-compose.yml

@@ -0,0 +1,6 @@
+# Spark-managed Docker Compose root.
+#
+# Each infra-providing pack appends an entry below. Service definitions live
+# in compose/*.yml fragments. Run with `docker compose up -d` — Compose 2.20+
+# resolves `include:` for you.
+include:

package/packs/db-postgres/files/drizzle.config.ts

@@ -0,0 +1,10 @@
+import { defineConfig } from 'drizzle-kit';
+
+export default defineConfig({
+  schema: './lib/db/schema.ts',
+  out: './drizzle',
+  dialect: 'postgresql',
+  dbCredentials: {
+    url: process.env.DATABASE_URL ?? 'postgres://postgres:postgres@localhost:5432/postgres',
+  },
+});

package/packs/db-postgres/files/lib/db/index.ts

@@ -0,0 +1,10 @@
+import postgres from 'postgres';
+import { drizzle } from 'drizzle-orm/postgres-js';
+import * as schema from './schema';
+
+const DEFAULT_URL = 'postgres://postgres:postgres@localhost:5432/postgres';
+const url = process.env.DATABASE_URL ?? DEFAULT_URL;
+
+export const sql = postgres(url, { max: 10 });
+export const db = drizzle(sql, { schema });
+export type Db = typeof db;

package/packs/db-postgres/files/lib/db/schema.ts

@@ -0,0 +1,11 @@
+import { pgTable, text, timestamp } from 'drizzle-orm/pg-core';
+
+export const users = pgTable('users', {
+  id: text('id').primaryKey(),
+  email: text('email').notNull().unique(),
+  name: text('name'),
+  createdAt: timestamp('created_at').defaultNow().notNull(),
+});
+
+export type User = typeof users.$inferSelect;
+export type NewUser = typeof users.$inferInsert;

package/packs/db-postgres/pack.toml

@@ -0,0 +1,53 @@
+name = "db-postgres"
+version = "1.0.0"
+category = "db"
+description = "Postgres database setup with Drizzle ORM and postgres-js (Bun-compatible)."
+provides = ["db", "db-pg"]
+requires = []
+conflicts = ["db"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+[dependencies]
+runtime = ["drizzle-orm", "postgres"]
+dev = ["drizzle-kit"]
+
+[env]
+required = ["DATABASE_URL"]
+
+[[files]]
+mode = "create"
+from = "lib/db/index.ts"
+to = "lib/db/index.ts"
+
+[[files]]
+mode = "create"
+from = "lib/db/schema.ts"
+to = "lib/db/schema.ts"
+
+[[files]]
+mode = "create"
+from = "drizzle.config.ts"
+to = "drizzle.config.ts"
+
+# Compose root + postgres fragment. Multiple packs (db-postgres, sync-zero,
+# docker-compose-dev) each ship the same root file with `create-or-skip` —
+# whichever installs first creates it, the rest no-op. Each pack then appends
+# its own include line under a marker.
+[[files]]
+mode = "create-or-skip"
+from = "docker-compose.yml"
+to = "docker-compose.yml"
+
+[[files]]
+mode = "create"
+from = "compose/postgres.yml"
+to = "compose/postgres.yml"
+
+[[files]]
+mode = "append"
+from = "docker-compose.include.yml"
+to = "docker-compose.yml"
+
+[tasks]
+file = "tasks.yaml"

package/packs/db-postgres/tasks.yaml

@@ -0,0 +1,11 @@
+epic: Database
+tasks:
+  - id: DB-001
+    title: Run initial migration
+    acceptance:
+      - Schema applied to Postgres via `bun drizzle-kit push`
+  - id: DB-002
+    title: Provision local Postgres
+    acceptance:
+      - Postgres reachable at DATABASE_URL (docker-compose, Homebrew, or hosted)
+      - wal_level=logical set if pairing with sync-zero

package/packs/db-sqlite/files/drizzle.config.ts

@@ -0,0 +1,10 @@
+import { defineConfig } from 'drizzle-kit';
+
+export default defineConfig({
+  schema: './lib/schema.ts',
+  out: './drizzle',
+  dialect: 'sqlite',
+  dbCredentials: {
+    url: process.env.DATABASE_URL ?? 'local.db',
+  },
+});

package/packs/db-sqlite/files/lib/db.ts

@@ -0,0 +1,8 @@
+import { Database } from 'bun:sqlite';
+import { drizzle } from 'drizzle-orm/bun-sqlite';
+import * as schema from './schema';
+
+const databaseUrl = process.env.DATABASE_URL ?? 'local.db';
+const sqlite = new Database(databaseUrl.replace(/^file:/u, ''));
+
+export const db = drizzle(sqlite, { schema });

package/packs/db-sqlite/files/lib/schema.ts

@@ -0,0 +1,13 @@
+import { integer, sqliteTable, text } from 'drizzle-orm/sqlite-core';
+
+export const users = sqliteTable('users', {
+  id: integer('id').primaryKey({ autoIncrement: true }),
+  email: text('email').notNull().unique(),
+  name: text('name'),
+  createdAt: integer('created_at', { mode: 'timestamp' })
+    .notNull()
+    .$defaultFn(() => new Date()),
+});
+
+export type User = typeof users.$inferSelect;
+export type NewUser = typeof users.$inferInsert;

package/packs/db-sqlite/pack.toml

@@ -0,0 +1,34 @@
+name = "db-sqlite"
+version = "1.0.0"
+category = "db"
+description = "SQLite database setup with Drizzle ORM and Bun."
+provides = ["db"]
+requires = []
+conflicts = ["db"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+[dependencies]
+runtime = ["drizzle-orm"]
+dev = ["drizzle-kit"]
+
+[env]
+required = ["DATABASE_URL"]
+
+[[files]]
+mode = "create"
+from = "lib/db.ts"
+to = "lib/db.ts"
+
+[[files]]
+mode = "create"
+from = "lib/schema.ts"
+to = "lib/schema.ts"
+
+[[files]]
+mode = "create"
+from = "drizzle.config.ts"
+to = "drizzle.config.ts"
+
+[tasks]
+file = "tasks.yaml"

package/packs/db-sqlite/tasks.yaml

@@ -0,0 +1,6 @@
+epic: Database
+tasks:
+  - id: DB-001
+    title: Run initial migration
+    acceptance:
+      - Schema applied to local sqlite file

package/packs/db-supabase/files/lib/supabase/client.ts

@@ -0,0 +1,8 @@
+import { createBrowserClient } from '@supabase/ssr';
+
+export function createSupabaseBrowserClient() {
+  return createBrowserClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+  );
+}

package/packs/db-supabase/files/lib/supabase/server.ts

@@ -0,0 +1,27 @@
+import { createServerClient } from '@supabase/ssr';
+import { cookies } from 'next/headers';
+
+export async function createSupabaseServerClient() {
+  const cookieStore = await cookies();
+
+  return createServerClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll() {
+          return cookieStore.getAll();
+        },
+        setAll(cookiesToSet) {
+          try {
+            cookiesToSet.forEach(({ name, value, options }) => {
+              cookieStore.set(name, value, options);
+            });
+          } catch {
+            // Server Components cannot write cookies. Middleware refreshes sessions.
+          }
+        },
+      },
+    },
+  );
+}

package/packs/db-supabase/pack.toml

@@ -0,0 +1,32 @@
+name = "db-supabase"
+version = "1.0.0"
+category = "db"
+description = "Supabase browser and server clients for Next.js."
+provides = ["db", "db-pg"]
+requires = []
+conflicts = ["db"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+[dependencies]
+runtime = ["@supabase/supabase-js", "@supabase/ssr"]
+
+[env]
+required = ["NEXT_PUBLIC_SUPABASE_URL", "NEXT_PUBLIC_SUPABASE_ANON_KEY"]
+optional = ["SUPABASE_SERVICE_ROLE_KEY"]
+
+[[files]]
+mode = "create"
+from = "lib/supabase/server.ts"
+to = "lib/supabase/server.ts"
+
+[[files]]
+mode = "create"
+from = "lib/supabase/client.ts"
+to = "lib/supabase/client.ts"
+
+[skills]
+copy = ["skills/supabase-patterns"]
+
+[tasks]
+file = "tasks.yaml"