@geekmidas/cli 0.52.0 → 0.54.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/cli",
-  "version": "0.52.0",
+  "version": "0.54.0",
   "description": "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs",
   "private": false,
   "type": "module",
@@ -49,7 +49,7 @@
     "openapi-typescript": "^7.4.2",
     "pg": "~8.17.1",
     "prompts": "~2.4.2",
-    "@geekmidas/constructs": "~0.8.0",
+    "@geekmidas/constructs": "~0.9.0",
     "@geekmidas/envkit": "~0.7.0",
     "@geekmidas/errors": "~0.1.0",
     "@geekmidas/schema": "~0.1.0",

package/src/deploy/__tests__/__fixtures__/route-apps/endpoints/auth.ts

@@ -0,0 +1,16 @@
+/**
+ * Test endpoint with multiple services.
+ * getEnvironment() should return ['AUTH_SECRET', 'AUTH_URL', 'DATABASE_URL', 'DB_POOL_SIZE'].
+ */
+import { e } from '@geekmidas/constructs/endpoints';
+import { z } from 'zod';
+import { authService, databaseService } from '../services';
+
+export const login = e
+	.services([databaseService, authService])
+	.post('/auth/login')
+	.body(z.object({ email: z.string(), password: z.string() }))
+	.output(z.object({ token: z.string() }))
+	.handle(async () => {
+		return { token: 'test-token' };
+	});

package/src/deploy/__tests__/__fixtures__/route-apps/endpoints/health.ts

@@ -0,0 +1,13 @@
+/**
+ * Test endpoint without any services.
+ * getEnvironment() should return [].
+ */
+import { e } from '@geekmidas/constructs/endpoints';
+import { z } from 'zod';
+
+export const healthCheck = e
+	.get('/health')
+	.output(z.object({ status: z.string() }))
+	.handle(async () => {
+		return { status: 'ok' };
+	});

package/src/deploy/__tests__/__fixtures__/route-apps/endpoints/users.ts

@@ -0,0 +1,15 @@
+/**
+ * Test endpoint with database service.
+ * getEnvironment() should return ['DATABASE_URL', 'DB_POOL_SIZE'].
+ */
+import { e } from '@geekmidas/constructs/endpoints';
+import { z } from 'zod';
+import { databaseService } from '../services';
+
+export const getUsers = e
+	.services([databaseService])
+	.get('/users')
+	.output(z.array(z.object({ id: z.string(), name: z.string() })))
+	.handle(async () => {
+		return [{ id: '1', name: 'Test User' }];
+	});

package/src/deploy/__tests__/__fixtures__/route-apps/services.ts

@@ -0,0 +1,46 @@
+/**
+ * Test services for route-based app sniffing fixtures.
+ * These services access environment variables via envParser.create().
+ */
+import type { Service } from '@geekmidas/services';
+
+// Database service - requires DATABASE_URL
+export const databaseService = {
+	serviceName: 'database' as const,
+	async register({ envParser }) {
+		const config = envParser
+			.create((get: any) => ({
+				url: get('DATABASE_URL').string(),
+				poolSize: get('DB_POOL_SIZE').string().transform(Number).optional(),
+			}))
+			.parse();
+		return { url: config.url };
+	},
+} satisfies Service<'database', { url: string }>;
+
+// Cache service - requires REDIS_URL
+export const cacheService = {
+	serviceName: 'cache' as const,
+	async register({ envParser }) {
+		const config = envParser
+			.create((get: any) => ({
+				url: get('REDIS_URL').string(),
+			}))
+			.parse();
+		return { url: config.url };
+	},
+} satisfies Service<'cache', { url: string }>;
+
+// Auth service - requires AUTH_SECRET and AUTH_URL
+export const authService = {
+	serviceName: 'auth' as const,
+	async register({ envParser }) {
+		const config = envParser
+			.create((get: any) => ({
+				secret: get('AUTH_SECRET').string(),
+				url: get('AUTH_URL').string(),
+			}))
+			.parse();
+		return { secret: config.secret, url: config.url };
+	},
+} satisfies Service<'auth', { secret: string; url: string }>;

package/src/deploy/__tests__/env-resolver.spec.ts

@@ -191,15 +191,17 @@ describe('resolveEnvVar', () => {
 		expect(resolveEnvVar('PORT', context)).toBe('8080');
 	});
 
-	it('should resolve NODE_ENV based on stage', () => {
+	it('should resolve NODE_ENV to production for all stages (deployed apps)', () => {
+		// NODE_ENV is always 'production' for deployed apps
+		// gkm dev handles development mode separately
 		expect(resolveEnvVar('NODE_ENV', createContext({ stage: 'production' }))).toBe(
 			'production',
 		);
 		expect(resolveEnvVar('NODE_ENV', createContext({ stage: 'staging' }))).toBe(
-			'development',
+			'production',
 		);
 		expect(resolveEnvVar('NODE_ENV', createContext({ stage: 'development' }))).toBe(
-			'development',
+			'production',
 		);
 	});
 

package/src/deploy/__tests__/sniffer.spec.ts

@@ -5,6 +5,7 @@ import type { NormalizedAppConfig } from '../../workspace/types';
 import {
 	_sniffEntryFile,
 	_sniffEnvParser,
+	_sniffRouteFiles,
 	sniffAllApps,
 	sniffAppEnvironment,
 } from '../sniffer';
@@ -13,6 +14,7 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const fixturesPath = resolve(__dirname, '__fixtures__/entry-apps');
 const envParserFixturesPath = resolve(__dirname, '__fixtures__/env-parsers');
+const routeAppsFixturesPath = resolve(__dirname, '__fixtures__/route-apps');
 
 describe('sniffAppEnvironment', () => {
 	const workspacePath = '/test/workspace';
@@ -544,3 +546,175 @@ describe('sniffAppEnvironment with envParser apps', () => {
 		expect(result.requiredEnvVars).toEqual([]);
 	});
 });
+
+describe('route files sniffing via _sniffRouteFiles', () => {
+	// These tests verify the route-based sniffing for apps with routes config.
+	// Each test uses fixture files that export endpoints with services.
+
+	it('should sniff environment variables from endpoint with single service', async () => {
+		const result = await _sniffRouteFiles(
+			'./endpoints/users.ts',
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		expect(result.envVars).toContain('DATABASE_URL');
+		// DB_POOL_SIZE is optional, may or may not be captured
+		expect(result.error).toBeUndefined();
+	});
+
+	it('should sniff environment variables from endpoint with multiple services', async () => {
+		const result = await _sniffRouteFiles(
+			'./endpoints/auth.ts',
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		expect(result.envVars).toContain('DATABASE_URL');
+		expect(result.envVars).toContain('AUTH_SECRET');
+		expect(result.envVars).toContain('AUTH_URL');
+		expect(result.error).toBeUndefined();
+	});
+
+	it('should return empty for endpoint without services', async () => {
+		const result = await _sniffRouteFiles(
+			'./endpoints/health.ts',
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		expect(result.envVars).toEqual([]);
+		expect(result.error).toBeUndefined();
+	});
+
+	it('should sniff all endpoints matching glob pattern', async () => {
+		const result = await _sniffRouteFiles(
+			'./endpoints/**/*.ts',
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		// Should capture env vars from all endpoints
+		expect(result.envVars).toContain('DATABASE_URL');
+		expect(result.envVars).toContain('AUTH_SECRET');
+		expect(result.envVars).toContain('AUTH_URL');
+		expect(result.error).toBeUndefined();
+	});
+
+	it('should return empty for non-existent pattern', async () => {
+		const result = await _sniffRouteFiles(
+			'./nonexistent/**/*.ts',
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		expect(result.envVars).toEqual([]);
+		expect(result.error).toBeUndefined();
+	});
+
+	it('should handle array of patterns', async () => {
+		const result = await _sniffRouteFiles(
+			['./endpoints/users.ts', './endpoints/health.ts'],
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		expect(result.envVars).toContain('DATABASE_URL');
+		expect(result.error).toBeUndefined();
+	});
+
+	it('should deduplicate env vars from multiple endpoints using same service', async () => {
+		const result = await _sniffRouteFiles(
+			['./endpoints/users.ts', './endpoints/auth.ts'],
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		// DATABASE_URL is used by both endpoints, should only appear once
+		const databaseUrlCount = result.envVars.filter(
+			(v) => v === 'DATABASE_URL',
+		).length;
+		expect(databaseUrlCount).toBe(1);
+	});
+
+	it('should return sorted env vars', async () => {
+		const result = await _sniffRouteFiles(
+			'./endpoints/**/*.ts',
+			routeAppsFixturesPath,
+			routeAppsFixturesPath,
+		);
+
+		const sorted = [...result.envVars].sort();
+		expect(result.envVars).toEqual(sorted);
+	});
+});
+
+describe('sniffAppEnvironment with route-based apps', () => {
+	// Integration tests for sniffAppEnvironment with route-based apps
+
+	it('should use route sniffing for apps with routes config', async () => {
+		const app: NormalizedAppConfig = {
+			type: 'backend',
+			path: routeAppsFixturesPath,
+			port: 3000,
+			dependencies: [],
+			resolvedDeployTarget: 'dokploy',
+			routes: './endpoints/**/*.ts',
+			envParser: './src/config/env#envParser', // Should be ignored when routes exist
+		};
+
+		const result = await sniffAppEnvironment(
+			app,
+			'api',
+			routeAppsFixturesPath,
+		);
+
+		expect(result.appName).toBe('api');
+		expect(result.requiredEnvVars).toContain('DATABASE_URL');
+		expect(result.requiredEnvVars).toContain('AUTH_SECRET');
+		expect(result.requiredEnvVars).toContain('AUTH_URL');
+	});
+
+	it('should prefer requiredEnv over route sniffing', async () => {
+		const app: NormalizedAppConfig = {
+			type: 'backend',
+			path: routeAppsFixturesPath,
+			port: 3000,
+			dependencies: [],
+			resolvedDeployTarget: 'dokploy',
+			routes: './endpoints/**/*.ts',
+			requiredEnv: ['CUSTOM_VAR'], // Should use this instead
+		};
+
+		const result = await sniffAppEnvironment(
+			app,
+			'api',
+			routeAppsFixturesPath,
+		);
+
+		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR']);
+		// Should NOT contain the sniffed vars
+		expect(result.requiredEnvVars).not.toContain('DATABASE_URL');
+	});
+
+	it('should handle route pattern that matches no files', async () => {
+		const app: NormalizedAppConfig = {
+			type: 'backend',
+			path: routeAppsFixturesPath,
+			port: 3000,
+			dependencies: [],
+			resolvedDeployTarget: 'dokploy',
+			routes: './nonexistent/**/*.ts',
+		};
+
+		const result = await sniffAppEnvironment(
+			app,
+			'api',
+			routeAppsFixturesPath,
+			{ logWarnings: false },
+		);
+
+		expect(result.appName).toBe('api');
+		expect(result.requiredEnvVars).toEqual([]);
+	});
+});

package/src/deploy/env-resolver.ts

@@ -68,6 +68,7 @@ export interface EnvResolutionResult {
 export const AUTO_SUPPORTED_VARS = [
 	'PORT',
 	'NODE_ENV',
+	'STAGE',
 	'DATABASE_URL',
 	'REDIS_URL',
 	'BETTER_AUTH_URL',
@@ -157,7 +158,11 @@ export function resolveEnvVar(
 			return String(context.app.port);
 
 		case 'NODE_ENV':
-			return context.stage === 'production' ? 'production' : 'development';
+			// Always 'production' for deployed apps (gkm dev handles development mode)
+			return 'production';
+
+		case 'STAGE':
+			return context.stage;
 
 		case 'DATABASE_URL':
 			if (context.appCredentials && context.postgres) {

package/src/deploy/index.ts

@@ -1395,8 +1395,12 @@ export async function workspaceDeployCommand(
 				};
 
 				// Resolve all required environment variables
+				// Always include PORT, NODE_ENV, STAGE even if not explicitly required
 				const appRequirements = sniffedApps.get(appName);
-				const requiredVars = appRequirements?.requiredEnvVars ?? [];
+				const sniffedVars = appRequirements?.requiredEnvVars ?? [];
+				const requiredVars = [
+					...new Set(['PORT', 'NODE_ENV', 'STAGE', ...sniffedVars]),
+				];
 				const { valid, missing, resolved } = validateEnvVars(
 					requiredVars,
 					envContext,
@@ -1582,7 +1586,11 @@ export async function workspaceDeployCommand(
 				});
 
 				// Prepare environment variables - no secrets needed
-				const envVars: string[] = [`NODE_ENV=production`, `PORT=${app.port}`];
+				const envVars: string[] = [
+					`NODE_ENV=production`,
+					`PORT=${app.port}`,
+					`STAGE=${stage}`,
+				];
 
 				// Configure and deploy application in Dokploy
 				await api.saveDockerProvider(application.applicationId, imageRef, {

package/src/deploy/sniffer.ts

@@ -2,12 +2,30 @@ import { existsSync } from 'node:fs';
 import { spawn } from 'node:child_process';
 import { dirname, resolve } from 'node:path';
 import { fileURLToPath, pathToFileURL } from 'node:url';
+import type { Construct } from '@geekmidas/constructs';
+import { Endpoint } from '@geekmidas/constructs/endpoints';
+import { Function as GkmFunction } from '@geekmidas/constructs/functions';
+import { Cron } from '@geekmidas/constructs/crons';
+import { Subscriber } from '@geekmidas/constructs/subscribers';
 import type { SniffResult } from '@geekmidas/envkit/sniffer';
+import fg from 'fast-glob';
 import type { NormalizedAppConfig } from '../workspace/types.js';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 
+/**
+ * Check if a value is a gkm construct (Endpoint, Function, Cron, or Subscriber).
+ */
+function isConstruct(value: unknown): value is Construct {
+	return (
+		Endpoint.isEndpoint(value) ||
+		GkmFunction.isFunction(value) ||
+		Cron.isCron(value) ||
+		Subscriber.isSubscriber(value)
+	);
+}
+
 /**
  * Resolve the path to a sniffer helper file.
  * Handles both dev (.ts with tsx) and production (.mjs from dist).
@@ -67,8 +85,9 @@ export interface SniffAppOptions {
  * 1. Frontend apps: Returns empty (no server secrets)
  * 2. Apps with `requiredEnv`: Uses explicit list from config
  * 3. Entry apps: Imports entry file in subprocess to capture config.parse() calls
- * 4. Apps with `envParser`: Runs SnifferEnvironmentParser to detect usage
- * 5. Apps with neither: Returns empty
+ * 4. Route-based apps: Loads route files and calls getEnvironment() on each construct
+ * 5. Apps with `envParser` (no routes): Runs SnifferEnvironmentParser to detect usage
+ * 6. Apps with neither: Returns empty
  *
  * This function handles "fire and forget" async operations gracefully,
  * capturing errors and unhandled rejections without failing the build.
@@ -110,7 +129,20 @@ export async function sniffAppEnvironment(
 		return { appName, requiredEnvVars: result.envVars };
 	}
 
-	// 4. Apps with envParser - run sniffer to detect env var usage
+	// 4. Route-based apps - load routes and call getEnvironment() on each construct
+	if (app.routes) {
+		const result = await sniffRouteFiles(app.routes, app.path, workspacePath);
+
+		if (logWarnings && result.error) {
+			console.warn(
+				`[sniffer] ${appName}: Route sniffing threw error (env vars still captured): ${result.error.message}`,
+			);
+		}
+
+		return { appName, requiredEnvVars: result.envVars };
+	}
+
+	// 5. Apps with envParser but no routes - run sniffer to detect env var usage
 	if (app.envParser) {
 		const result = await sniffEnvParser(app.envParser, app.path, workspacePath);
 
@@ -232,6 +264,73 @@ async function sniffEntryFile(
 	});
 }
 
+/**
+ * Sniff route files by loading constructs and calling getEnvironment().
+ *
+ * Route-based apps have endpoints, functions, crons, and subscribers that
+ * use services. Each service's register() method accesses environment variables.
+ * This function mimics what the bundler does during build to capture those vars.
+ *
+ * @param routes - Glob pattern(s) for route files
+ * @param appPath - The app's path relative to workspace (e.g., 'apps/api')
+ * @param workspacePath - Absolute path to workspace root
+ * @returns EntrySniffResult with env vars and optional error
+ */
+async function sniffRouteFiles(
+	routes: string | string[],
+	appPath: string,
+	workspacePath: string,
+): Promise<EntrySniffResult> {
+	const fullAppPath = resolve(workspacePath, appPath);
+	const patterns = Array.isArray(routes) ? routes : [routes];
+
+	const envVars = new Set<string>();
+	let error: Error | undefined;
+
+	try {
+		// Find all route files matching the patterns
+		const files = await fg(patterns, {
+			cwd: fullAppPath,
+			absolute: true,
+		});
+
+		// Import each file and find constructs
+		for (const file of files) {
+			try {
+				const module = await import(file);
+
+				// Check all exports for constructs
+				for (const [, exportValue] of Object.entries(module)) {
+					if (isConstruct(exportValue)) {
+						// Call getEnvironment() to capture env vars from services
+						try {
+							const constructEnvVars = await exportValue.getEnvironment();
+							constructEnvVars.forEach((v) => envVars.add(v));
+						} catch (e) {
+							// Individual construct may fail, continue with others
+							console.warn(
+								`[sniffer] Failed to get environment for construct in ${file}: ${e instanceof Error ? e.message : String(e)}`,
+							);
+						}
+					}
+				}
+			} catch (e) {
+				// Individual file import may fail, continue with others
+				console.warn(
+					`[sniffer] Failed to import ${file}: ${e instanceof Error ? e.message : String(e)}`,
+				);
+			}
+		}
+	} catch (e) {
+		error = e instanceof Error ? e : new Error(String(e));
+	}
+
+	return {
+		envVars: Array.from(envVars).sort(),
+		error,
+	};
+}
+
 /**
  * Run the SnifferEnvironmentParser on an envParser module to detect
  * which environment variables it accesses.
@@ -333,4 +432,8 @@ export async function sniffAllApps(
 }
 
 // Export for testing
-export { sniffEnvParser as _sniffEnvParser, sniffEntryFile as _sniffEntryFile };
+export {
+	sniffEnvParser as _sniffEnvParser,
+	sniffEntryFile as _sniffEntryFile,
+	sniffRouteFiles as _sniffRouteFiles,
+};

package/src/docker/templates.ts

@@ -293,7 +293,7 @@ WORKDIR /app
 COPY . .
 
 # Build production server using gkm
-RUN pnpm exec gkm build --provider server --production
+RUN ${pm.exec} gkm build --provider server --production
 
 # Stage 3: Production
 FROM ${baseImage} AS runner
@@ -384,7 +384,7 @@ WORKDIR /app
 COPY --from=pruner /app/out/full/ ./
 
 # Build production server using gkm
-RUN pnpm exec gkm build --provider server --production
+RUN ${pm.exec} gkm build --provider server --production
 
 # Stage 4: Production
 FROM ${baseImage} AS runner
@@ -756,7 +756,7 @@ RUN if [ -n "$GKM_ENCRYPTED_CREDENTIALS" ]; then \
     fi
 
 # Build production server using gkm
-RUN cd ${appPath} && pnpm exec gkm build --provider server --production
+RUN cd ${appPath} && ${pm.exec} gkm build --provider server --production
 
 # Stage 4: Production
 FROM ${baseImage} AS runner
@@ -811,7 +811,9 @@ export interface EntryDockerfileOptions {
  * This is used for apps that don't use gkm routes (e.g., Better Auth servers).
  * @internal Exported for testing
  */
-export function generateEntryDockerfile(options: EntryDockerfileOptions): string {
+export function generateEntryDockerfile(
+	options: EntryDockerfileOptions,
+): string {
 	const {
 		baseImage,
 		port,