@forgeailab/create-spark 0.1.1 → 0.1.3

package/packs/ai-anthropic/tasks.yaml

@@ -0,0 +1,9 @@
+epic: AI
+
+tasks:
+  - id: AI-001
+    title: Add cost guardrails (token caps, rate limits)
+    status: Clarifying
+    acceptance:
+      - AI requests have server-side max token caps.
+      - Repeated requests are rate limited before calling Anthropic.

package/packs/ai-openai/files/app/api/ai-openai/route.ts

@@ -0,0 +1,55 @@
+import { getOpenAIClient, OPENAI_CHAT_MODEL, type OpenAIChatMessage } from "../../../lib/openai";
+
+export const runtime = "nodejs";
+
+type ChatRequest = {
+  messages?: OpenAIChatMessage[];
+  prompt?: string;
+};
+
+function normalizeMessages(body: ChatRequest): OpenAIChatMessage[] {
+  if (Array.isArray(body.messages) && body.messages.length > 0) {
+    return body.messages;
+  }
+
+  if (body.prompt) {
+    return [{ role: "user", content: body.prompt }];
+  }
+
+  throw new Error("Request body must include messages or prompt.");
+}
+
+export async function POST(request: Request): Promise<Response> {
+  const body = (await request.json()) as ChatRequest;
+  const messages = normalizeMessages(body);
+
+  const stream = await getOpenAIClient().chat.completions.create({
+    model: OPENAI_CHAT_MODEL,
+    messages,
+    stream: true,
+  });
+
+  const encoder = new TextEncoder();
+  const readable = new ReadableStream<Uint8Array>({
+    async start(controller) {
+      try {
+        for await (const chunk of stream) {
+          const content = chunk.choices[0]?.delta?.content;
+          if (content) {
+            controller.enqueue(encoder.encode(content));
+          }
+        }
+        controller.close();
+      } catch (error) {
+        controller.error(error);
+      }
+    },
+  });
+
+  return new Response(readable, {
+    headers: {
+      "Cache-Control": "no-cache",
+      "Content-Type": "text/plain; charset=utf-8",
+    },
+  });
+}

package/packs/ai-openai/files/lib/openai.ts

@@ -0,0 +1,21 @@
+import OpenAI from "openai";
+
+let client: OpenAI | undefined;
+
+export type OpenAIChatMessage = {
+  role: "developer" | "system" | "user" | "assistant";
+  content: string;
+};
+
+export const OPENAI_CHAT_MODEL = "gpt-5.2";
+
+export function getOpenAIClient(): OpenAI {
+  const apiKey = process.env.OPENAI_API_KEY;
+
+  if (!apiKey) {
+    throw new Error("OPENAI_API_KEY is required to use the OpenAI client.");
+  }
+
+  client ??= new OpenAI({ apiKey });
+  return client;
+}

package/packs/ai-openai/pack.toml

@@ -0,0 +1,30 @@
+name = "ai-openai"
+version = "1.0.0"
+category = "ai"
+description = "OpenAI SDK client wrapper and streaming chat endpoint."
+provides = ["ai-sdk"]
+requires = []
+conflicts = []
+requires_runtime = ["server"]
+compatible_scaffolds = []
+
+[dependencies]
+runtime = ["openai"]
+dev = []
+
+[env]
+required = ["OPENAI_API_KEY"]
+optional = []
+
+[[files]]
+mode = "create"
+from = "lib/openai.ts"
+to = "lib/openai.ts"
+
+[[files]]
+mode = "create"
+from = "app/api/ai-openai/route.ts"
+to = "app/api/ai-openai/route.ts"
+
+[tasks]
+file = "tasks.yaml"

package/packs/ai-openai/tasks.yaml

@@ -0,0 +1,9 @@
+epic: AI
+tasks:
+  - id: AI-101
+    title: Add usage tracking + cost guardrails
+    status: Clarifying
+    acceptance:
+      - OpenAI requests record model, token usage, and user or workspace context.
+      - The endpoint enforces a documented per-user or per-workspace usage limit.
+      - Over-limit requests return a clear non-200 response without calling OpenAI.

package/packs/analytics-posthog/files/components/PostHogProvider.tsx

@@ -0,0 +1,19 @@
+"use client";
+
+import type { ReactNode } from "react";
+import { useEffect } from "react";
+import posthog from "posthog-js";
+import { PostHogProvider as Provider } from "posthog-js/react";
+import { getPostHogClient } from "../lib/posthog/client";
+
+type PostHogProviderProps = {
+  children: ReactNode;
+};
+
+export function PostHogProvider({ children }: PostHogProviderProps) {
+  useEffect(() => {
+    getPostHogClient();
+  }, []);
+
+  return <Provider client={posthog}>{children}</Provider>;
+}

package/packs/analytics-posthog/files/lib/posthog/client.ts

@@ -0,0 +1,20 @@
+"use client";
+
+import posthog from "posthog-js";
+
+const DEFAULT_POSTHOG_HOST = "https://us.i.posthog.com";
+
+export function getPostHogClient(): typeof posthog {
+  const key = process.env.NEXT_PUBLIC_POSTHOG_KEY;
+  const host = process.env.NEXT_PUBLIC_POSTHOG_HOST ?? DEFAULT_POSTHOG_HOST;
+  const loaded = (posthog as typeof posthog & { __loaded?: boolean }).__loaded;
+
+  if (typeof window !== "undefined" && key && !loaded) {
+    posthog.init(key, {
+      api_host: host,
+      capture_pageview: false,
+    });
+  }
+
+  return posthog;
+}

package/packs/analytics-posthog/files/lib/posthog/server.ts

@@ -0,0 +1,24 @@
+import { PostHog } from "posthog-node";
+
+const DEFAULT_POSTHOG_HOST = "https://us.i.posthog.com";
+
+let client: PostHog | undefined;
+
+export function getPostHogServerClient(): PostHog | undefined {
+  const key = process.env.NEXT_PUBLIC_POSTHOG_KEY;
+
+  if (!key) {
+    return undefined;
+  }
+
+  client ??= new PostHog(key, {
+    host: process.env.NEXT_PUBLIC_POSTHOG_HOST ?? DEFAULT_POSTHOG_HOST,
+  });
+
+  return client;
+}
+
+export async function shutdownPostHogServerClient(): Promise<void> {
+  await client?.shutdown();
+  client = undefined;
+}

package/packs/analytics-posthog/pack.toml

@@ -0,0 +1,35 @@
+name = "analytics-posthog"
+version = "1.0.0"
+category = "analytics"
+description = "PostHog browser and server analytics helpers."
+provides = ["analytics"]
+requires = []
+conflicts = []
+requires_runtime = ["server"]
+compatible_scaffolds = []
+
+[dependencies]
+runtime = ["posthog-js", "posthog-node"]
+dev = []
+
+[env]
+required = ["NEXT_PUBLIC_POSTHOG_KEY"]
+optional = ["NEXT_PUBLIC_POSTHOG_HOST"]
+
+[[files]]
+mode = "create"
+from = "lib/posthog/client.ts"
+to = "lib/posthog/client.ts"
+
+[[files]]
+mode = "create"
+from = "lib/posthog/server.ts"
+to = "lib/posthog/server.ts"
+
+[[files]]
+mode = "create"
+from = "components/PostHogProvider.tsx"
+to = "components/PostHogProvider.tsx"
+
+[tasks]
+file = "tasks.yaml"

package/packs/analytics-posthog/tasks.yaml

@@ -0,0 +1,15 @@
+epic: Analytics
+tasks:
+  - id: ANALYTICS-001
+    title: Wire posthog provider into app root
+    status: Clarifying
+    acceptance:
+      - The app root wraps client routes with PostHogProvider.
+      - Page views are captured intentionally, either by router events or a documented manual call.
+  - id: ANALYTICS-002
+    title: Add consent banner
+    status: Clarifying
+    acceptance:
+      - Users can accept or decline analytics before tracking starts.
+      - The consent choice persists across reloads.
+      - PostHog capture is disabled when consent is declined.

package/packs/auth-better-auth/files/app/(auth)/login/page.tsx

@@ -0,0 +1,58 @@
+'use client';
+
+import { useState, useTransition } from 'react';
+import { createAuthClient } from 'better-auth/react';
+
+const authClient = createAuthClient();
+type SocialProvider = 'github' | 'google';
+
+export default function LoginPage() {
+  const [error, setError] = useState<string | null>(null);
+  const [isPending, startTransition] = useTransition();
+
+  function signIn(provider: SocialProvider) {
+    setError(null);
+    startTransition(() => {
+      void authClient.signIn
+        .social({
+          provider,
+          callbackURL: '/',
+        })
+        .then((result) => {
+          if (result.error) {
+            setError(result.error.message ?? 'Unable to sign in.');
+          }
+        });
+    });
+  }
+
+  return (
+    <main className="mx-auto flex min-h-screen w-full max-w-sm flex-col justify-center px-6">
+      <div className="space-y-2">
+        <h1 className="text-2xl font-semibold tracking-tight">Sign in</h1>
+        <p className="text-sm text-muted-foreground">Continue with a configured OAuth provider.</p>
+      </div>
+
+      <div className="mt-8 grid gap-3">
+        <button
+          className="inline-flex h-10 items-center justify-center rounded-md border border-input bg-background px-4 text-sm font-medium hover:bg-accent hover:text-accent-foreground disabled:opacity-50"
+          disabled={isPending}
+          onClick={() => signIn('github')}
+          type="button"
+        >
+          Continue with GitHub
+        </button>
+        <button
+          className="inline-flex h-10 items-center justify-center rounded-md border border-input bg-background px-4 text-sm font-medium hover:bg-accent hover:text-accent-foreground disabled:opacity-50"
+          disabled={isPending}
+          onClick={() => signIn('google')}
+          type="button"
+        >
+          Continue with Google
+        </button>
+      </div>
+
+      {error ? <p className="mt-4 text-sm text-destructive">{error}</p> : null}
+    </main>
+  );
+}

package/packs/auth-better-auth/files/app/api/auth/[...all]/route.ts

@@ -0,0 +1,4 @@
+import { createAuthHandler } from '@forgeailab/spark-auth-better-auth';
+import { auth } from '@/lib/auth';
+
+export const { GET, POST } = createAuthHandler(auth);

package/packs/auth-better-auth/files/lib/auth.ts

@@ -0,0 +1,21 @@
+import { createAuth as createBetterAuth } from '@forgeailab/spark-auth-better-auth';
+
+// Wire your database adapter here. Example (drizzle + sqlite):
+//
+//   import { drizzleAdapter } from '@better-auth/drizzle-adapter';
+//   import { db } from '@/lib/db';
+//   import * as schema from '@/lib/db/schema';
+//   const adapter = drizzleAdapter(db, { provider: 'sqlite', schema });
+//
+// Then pass the adapter into createAuth({ adapter, ... }).
+
+export const auth = createBetterAuth({
+  adapter: undefined as never, // TODO: replace with your drizzle adapter
+  secret: process.env.BETTER_AUTH_SECRET!,
+  baseURL: process.env.BETTER_AUTH_URL,
+  emailAndPassword: {
+    enabled: true,
+  },
+});
+
+export type Auth = typeof auth;

package/packs/auth-better-auth/pack.toml

@@ -0,0 +1,32 @@
+name = "auth-better-auth"
+version = "1.0.0"
+category = "auth"
+description = "Better Auth route handler, auth instance, and login page for Next.js."
+provides = ["auth"]
+requires = ["db"]
+conflicts = ["auth"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+[runtime_package]
+package = "@forgeailab/spark-auth-better-auth"
+version = "^0.1"
+
+[dependencies]
+runtime = ["@better-auth/drizzle-adapter"]
+
+[env]
+required = ["BETTER_AUTH_SECRET", "BETTER_AUTH_URL"]
+
+[[files]]
+mode = "create"
+from = "lib/auth.ts"
+to = "lib/auth.ts"
+
+[[files]]
+mode = "create"
+from = "app/api/auth/[...all]/route.ts"
+to = "app/api/auth/[...all]/route.ts"
+
+[tasks]
+file = "tasks.yaml"

package/packs/auth-better-auth/tasks.yaml

@@ -0,0 +1,10 @@
+epic: Auth
+tasks:
+  - id: AUTH-101
+    title: Wire auth instance to active db adapter
+    acceptance:
+      - Better Auth persists users, sessions, and accounts through the active db adapter
+  - id: AUTH-102
+    title: Configure OAuth providers (Google/GitHub)
+    acceptance:
+      - Google and GitHub OAuth providers can complete a sign-in flow

package/packs/auth-better-auth-pg/files/app/api/auth/[...all]/route.ts

@@ -0,0 +1,4 @@
+import { createAuthHandler } from '@forgeailab/spark-auth-better-auth';
+import { auth } from '@/lib/auth';
+
+export const { GET, POST } = createAuthHandler(auth);

package/packs/auth-better-auth-pg/files/lib/auth.ts

@@ -0,0 +1,86 @@
+import { drizzleAdapter } from '@better-auth/drizzle-adapter';
+import { createAuth as createBetterAuth } from '@forgeailab/spark-auth-better-auth';
+import { db } from '@/lib/db';
+import * as schema from '@/lib/db/schema';
+
+// Postgres-flavored Better Auth wiring. Pair this pack with `db-postgres`
+// (or `db-supabase`), and add the four Better Auth tables to your
+// `lib/db/schema.ts`: `user`, `session`, `account`, `verification`. Snake-case
+// column names are what Better Auth expects.
+
+const DEV_SECRET =
+  'reference-dev-secret-change-me-reference-dev-secret-change-me';
+
+function env(name: string, fallback: string): string {
+  return process.env[name] ?? fallback;
+}
+
+function resolveTrustedOrigins(baseURL: string): string[] {
+  const fromEnv = process.env.BETTER_AUTH_TRUSTED_ORIGINS;
+  if (fromEnv) {
+    return fromEnv
+      .split(',')
+      .map((s) => s.trim())
+      .filter(Boolean);
+  }
+
+  const origins = new Set<string>([baseURL]);
+
+  // In dev, Next.js auto-bumps the port when 3000 is busy. Trust common
+  // localhost ports so signup doesn't break with "Invalid origin" just because
+  // another server already owns 3000. Override via BETTER_AUTH_TRUSTED_ORIGINS
+  // for production lockdown.
+  if (process.env.NODE_ENV !== 'production') {
+    for (const port of [3000, 3001, 3002, 3003, 3010, 4000, 5173, 8080]) {
+      origins.add(`http://localhost:${port}`);
+      origins.add(`http://127.0.0.1:${port}`);
+    }
+  }
+
+  return [...origins];
+}
+
+export function createAuthDatabase() {
+  return drizzleAdapter(db, {
+    provider: 'pg',
+    schema: {
+      ...schema,
+      // Map your Drizzle table exports to the names Better Auth uses. Uncomment
+      // these once your schema has the matching tables (or use these names
+      // directly in your schema and drop the aliases).
+      // user: schema.users,
+      // session: schema.sessions,
+      // account: schema.accounts,
+      // verification: schema.verifications,
+    },
+  });
+}
+
+type CreateAuthOptions = {
+  database?: ReturnType<typeof createAuthDatabase>;
+};
+
+export function createAuth(options: CreateAuthOptions = {}) {
+  const baseURL = env('BETTER_AUTH_URL', 'http://localhost:3000');
+
+  return createBetterAuth({
+    adapter: options.database ?? createAuthDatabase(),
+    baseURL,
+    secret: env('BETTER_AUTH_SECRET', DEV_SECRET),
+    trustedOrigins: resolveTrustedOrigins(baseURL),
+    emailAndPassword: {
+      enabled: true,
+    },
+    // Uncomment to enable GitHub OAuth. Add env vars to your .env.local and
+    // register the OAuth app at https://github.com/settings/developers.
+    // socialProviders: {
+    //   github: {
+    //     clientId: env('GITHUB_CLIENT_ID', 'github-client-id'),
+    //     clientSecret: env('GITHUB_CLIENT_SECRET', 'github-client-secret'),
+    //   },
+    // },
+  });
+}
+
+export const auth = createAuth();
+export type Auth = typeof auth;

package/packs/auth-better-auth-pg/pack.toml

@@ -0,0 +1,32 @@
+name = "auth-better-auth-pg"
+version = "1.0.0"
+category = "auth"
+description = "Better Auth wired to Postgres via Drizzle. Pairs with db-postgres or db-supabase."
+provides = ["auth"]
+requires = ["db-pg"]
+conflicts = ["auth"]
+requires_runtime = ["server"]
+compatible_scaffolds = ["nextjs"]
+
+[runtime_package]
+package = "@forgeailab/spark-auth-better-auth"
+version = "^0.1"
+
+[dependencies]
+runtime = ["@better-auth/drizzle-adapter"]
+
+[env]
+required = ["BETTER_AUTH_SECRET", "BETTER_AUTH_URL"]
+
+[[files]]
+mode = "create"
+from = "lib/auth.ts"
+to = "lib/auth.ts"
+
+[[files]]
+mode = "create"
+from = "app/api/auth/[...all]/route.ts"
+to = "app/api/auth/[...all]/route.ts"
+
+[tasks]
+file = "tasks.yaml"

package/packs/auth-better-auth-pg/tasks.yaml

@@ -0,0 +1,17 @@
+epic: Auth
+tasks:
+  - id: AUTH-201
+    title: Add Better Auth tables to your Drizzle schema
+    acceptance:
+      - lib/db/schema.ts defines user, session, account, verification with pgTable
+      - Snake-case columns (email_verified, expires_at, user_id, etc.) match Better Auth contract
+      - `bun drizzle-kit push` applies the new tables to Postgres
+  - id: AUTH-202
+    title: Map schema exports in lib/auth.ts
+    acceptance:
+      - `createAuthDatabase()` passes drizzleAdapter the four required schema aliases
+      - `bunx tsc --noEmit` is clean
+  - id: AUTH-203
+    title: Configure OAuth providers (Google/GitHub) if needed
+    acceptance:
+      - `socialProviders` set in createAuth options with env-backed credentials

package/packs/auth-supabase/files/app/(auth)/login/page.tsx

@@ -0,0 +1,64 @@
+import type { Provider } from '@supabase/supabase-js';
+import { headers } from 'next/headers';
+import { redirect } from 'next/navigation';
+import { createSupabaseServerClient } from '@/lib/supabase/server';
+
+async function signInWithOAuth(formData: FormData) {
+  'use server';
+
+  const rawProvider = formData.get('provider');
+  if (rawProvider !== 'github' && rawProvider !== 'google') {
+    redirect('/login?error=unsupported-provider');
+  }
+
+  const provider: Provider = rawProvider;
+  const requestHeaders = await headers();
+  const origin = requestHeaders.get('origin') ?? 'http://localhost:3000';
+  const supabase = await createSupabaseServerClient();
+  const { data, error } = await supabase.auth.signInWithOAuth({
+    provider,
+    options: {
+      redirectTo: `${origin}/auth/callback`,
+    },
+  });
+
+  if (error) {
+    redirect(`/login?error=${encodeURIComponent(error.message)}`);
+  }
+
+  if (data.url) {
+    redirect(data.url);
+  }
+
+  redirect('/login?error=missing-redirect-url');
+}
+
+export default function LoginPage() {
+  return (
+    <main className="mx-auto flex min-h-screen w-full max-w-sm flex-col justify-center px-6">
+      <div className="space-y-2">
+        <h1 className="text-2xl font-semibold tracking-tight">Sign in</h1>
+        <p className="text-sm text-muted-foreground">Choose an OAuth provider to continue.</p>
+      </div>
+
+      <form action={signInWithOAuth} className="mt-8 grid gap-3">
+        <button
+          className="inline-flex h-10 items-center justify-center rounded-md border border-input bg-background px-4 text-sm font-medium hover:bg-accent hover:text-accent-foreground"
+          name="provider"
+          type="submit"
+          value="github"
+        >
+          Continue with GitHub
+        </button>
+        <button
+          className="inline-flex h-10 items-center justify-center rounded-md border border-input bg-background px-4 text-sm font-medium hover:bg-accent hover:text-accent-foreground"
+          name="provider"
+          type="submit"
+          value="google"
+        >
+          Continue with Google
+        </button>
+      </form>
+    </main>
+  );
+}

package/packs/auth-supabase/files/app/auth/callback/route.ts

@@ -0,0 +1,15 @@
+import { NextResponse, type NextRequest } from 'next/server';
+import { createSupabaseServerClient } from '@/lib/supabase/server';
+
+export async function GET(request: NextRequest) {
+  const requestUrl = new URL(request.url);
+  const code = requestUrl.searchParams.get('code');
+  const next = requestUrl.searchParams.get('next') ?? '/';
+
+  if (code) {
+    const supabase = await createSupabaseServerClient();
+    await supabase.auth.exchangeCodeForSession(code);
+  }
+
+  return NextResponse.redirect(new URL(next, requestUrl.origin));
+}

package/packs/auth-supabase/files/middleware.ts

@@ -0,0 +1,41 @@
+import { createServerClient } from '@supabase/ssr';
+import { NextResponse, type NextRequest } from 'next/server';
+
+export async function middleware(request: NextRequest) {
+  let response = NextResponse.next({
+    request,
+  });
+
+  const supabase = createServerClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    {
+      cookies: {
+        getAll() {
+          return request.cookies.getAll();
+        },
+        setAll(cookiesToSet) {
+          cookiesToSet.forEach(({ name, value }) => {
+            request.cookies.set(name, value);
+          });
+
+          response = NextResponse.next({
+            request,
+          });
+
+          cookiesToSet.forEach(({ name, value, options }) => {
+            response.cookies.set(name, value, options);
+          });
+        },
+      },
+    },
+  );
+
+  await supabase.auth.getUser();
+
+  return response;
+}
+
+export const config = {
+  matcher: ['/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)'],
+};