@geekmidas/cli 1.10.10 → 1.10.12

package/src/docker/__tests__/compose.spec.ts

@@ -352,12 +352,18 @@ describe('generateDockerCompose', () => {
 				services: { minio: true },
 			});
 
-			expect(yaml).toContain('- S3_ENDPOINT=${S3_ENDPOINT:-http://minio:9000}');
-			expect(yaml).toContain('- S3_ACCESS_KEY_ID=${MINIO_ACCESS_KEY:-app}');
-			expect(yaml).toContain('- S3_SECRET_ACCESS_KEY=${MINIO_SECRET_KEY:-app}');
-			expect(yaml).toContain('- S3_BUCKET=${MINIO_BUCKET:-app}');
-			expect(yaml).toContain('- S3_REGION=${S3_REGION:-eu-west-1}');
-			expect(yaml).toContain('- S3_FORCE_PATH_STYLE=true');
+			expect(yaml).toContain(
+				'- STORAGE_ENDPOINT=${STORAGE_ENDPOINT:-http://minio:9000}',
+			);
+			expect(yaml).toContain(
+				'- STORAGE_ACCESS_KEY_ID=${STORAGE_ACCESS_KEY_ID:-my-api}',
+			);
+			expect(yaml).toContain(
+				'- STORAGE_SECRET_ACCESS_KEY=${STORAGE_SECRET_ACCESS_KEY:-my-api}',
+			);
+			expect(yaml).toContain('- STORAGE_BUCKET=${STORAGE_BUCKET:-my-api}');
+			expect(yaml).toContain('- STORAGE_REGION=${STORAGE_REGION:-eu-west-1}');
+			expect(yaml).toContain('- STORAGE_FORCE_PATH_STYLE=true');
 		});
 
 		it('should add minio service definition with default image', () => {
@@ -386,8 +392,12 @@ describe('generateDockerCompose', () => {
 				services: { minio: true },
 			});
 
-			expect(yaml).toContain('MINIO_ROOT_USER: ${MINIO_ACCESS_KEY:-app}');
-			expect(yaml).toContain('MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY:-app}');
+			expect(yaml).toContain(
+				'MINIO_ROOT_USER: ${STORAGE_ACCESS_KEY_ID:-my-api}',
+			);
+			expect(yaml).toContain(
+				'MINIO_ROOT_PASSWORD: ${STORAGE_SECRET_ACCESS_KEY:-my-api}',
+			);
 		});
 
 		it('should expose console UI port', () => {
@@ -396,7 +406,8 @@ describe('generateDockerCompose', () => {
 				services: { minio: true },
 			});
 
-			expect(yaml).toContain('- "9001:9001"');
+			expect(yaml).toContain('- "${MINIO_API_PORT:-9000}:9000"');
+			expect(yaml).toContain('- "${MINIO_CONSOLE_PORT:-9001}:9001"');
 		});
 
 		it('should add minio volume', () => {
@@ -934,8 +945,30 @@ describe('generateWorkspaceCompose', () => {
 
 			expect(yaml).toContain('mailpit:');
 			expect(yaml).toContain('image: axllent/mailpit:latest');
-			expect(yaml).toContain('- "8025:8025"'); // Web UI
-			expect(yaml).toContain('- "1025:1025"'); // SMTP
+			expect(yaml).toContain('MP_SMTP_AUTH:');
+			expect(yaml).toContain('${MAILPIT_UI_PORT:-8025}:8025'); // Web UI
+			expect(yaml).toContain('${MAILPIT_SMTP_PORT:-1025}:1025'); // SMTP
+		});
+
+		it('should add SMTP env vars for backend apps when mail is enabled', () => {
+			const workspace = createWorkspace({
+				services: { mail: true },
+			});
+			const yaml = generateWorkspaceCompose(workspace);
+
+			expect(yaml).toContain('SMTP_HOST=${SMTP_HOST:-mailpit}');
+			expect(yaml).toContain('SMTP_PORT=${SMTP_PORT:-1025}');
+			expect(yaml).toContain('SMTP_USER=');
+			expect(yaml).toContain('SMTP_PASS=');
+		});
+
+		it('should add mailpit to depends_on for backend apps', () => {
+			const workspace = createWorkspace({
+				services: { mail: true },
+			});
+			const yaml = generateWorkspaceCompose(workspace);
+
+			expect(yaml).toMatch(/mailpit:\s+condition: service_healthy/);
 		});
 
 		it('should add postgres_data volume when postgres is enabled', () => {
@@ -1044,8 +1077,10 @@ describe('generateWorkspaceCompose', () => {
 			});
 			const yaml = generateWorkspaceCompose(workspace);
 
-			expect(yaml).toContain('S3_ENDPOINT=${S3_ENDPOINT:-http://minio:9000}');
-			expect(yaml).toContain('S3_FORCE_PATH_STYLE=true');
+			expect(yaml).toContain(
+				'STORAGE_ENDPOINT=${STORAGE_ENDPOINT:-http://minio:9000}',
+			);
+			expect(yaml).toContain('STORAGE_FORCE_PATH_STYLE=true');
 		});
 
 		it('should add minio_data volume when minio is enabled', () => {

package/src/docker/compose.ts

@@ -14,6 +14,7 @@ export const DEFAULT_SERVICE_IMAGES: Record<ComposeServiceName, string> = {
 	redis: 'redis',
 	rabbitmq: 'rabbitmq',
 	minio: 'minio/minio',
+	mailpit: 'axllent/mailpit',
 };
 
 /** Default Docker image versions for services */
@@ -22,6 +23,7 @@ export const DEFAULT_SERVICE_VERSIONS: Record<ComposeServiceName, string> = {
 	redis: '7-alpine',
 	rabbitmq: '3-management-alpine',
 	minio: 'latest',
+	mailpit: 'latest',
 };
 
 export interface ComposeOptions {
@@ -124,12 +126,20 @@ services:
 	}
 
 	if (serviceMap.has('minio')) {
-		yaml += `      - S3_ENDPOINT=\${S3_ENDPOINT:-http://minio:9000}
-      - S3_ACCESS_KEY_ID=\${MINIO_ACCESS_KEY:-app}
-      - S3_SECRET_ACCESS_KEY=\${MINIO_SECRET_KEY:-app}
-      - S3_BUCKET=\${MINIO_BUCKET:-app}
-      - S3_REGION=\${S3_REGION:-eu-west-1}
-      - S3_FORCE_PATH_STYLE=true
+		yaml += `      - STORAGE_ENDPOINT=\${STORAGE_ENDPOINT:-http://minio:9000}
+      - STORAGE_ACCESS_KEY_ID=\${STORAGE_ACCESS_KEY_ID:-${imageName}}
+      - STORAGE_SECRET_ACCESS_KEY=\${STORAGE_SECRET_ACCESS_KEY:-${imageName}}
+      - STORAGE_BUCKET=\${STORAGE_BUCKET:-${imageName}}
+      - STORAGE_REGION=\${STORAGE_REGION:-eu-west-1}
+      - STORAGE_FORCE_PATH_STYLE=true
+`;
+	}
+
+	if (serviceMap.has('mailpit')) {
+		yaml += `      - SMTP_HOST=\${SMTP_HOST:-mailpit}
+      - SMTP_PORT=\${SMTP_PORT:-1025}
+      - SMTP_USER=\${SMTP_USER:-${imageName}}
+      - SMTP_PASS=\${SMTP_PASS:-${imageName}}
 `;
 	}
 
@@ -230,12 +240,13 @@ services:
     container_name: minio
     restart: unless-stopped
     entrypoint: sh
-    command: -c 'mkdir -p /data/\${MINIO_BUCKET:-app} && /usr/bin/docker-entrypoint.sh server --console-address ":9001" /data'
+    command: -c 'mkdir -p /data/\${STORAGE_BUCKET:-${imageName}} && /usr/bin/docker-entrypoint.sh server --console-address ":9001" /data'
     environment:
-      MINIO_ROOT_USER: \${MINIO_ACCESS_KEY:-app}
-      MINIO_ROOT_PASSWORD: \${MINIO_SECRET_KEY:-app}
+      MINIO_ROOT_USER: \${STORAGE_ACCESS_KEY_ID:-${imageName}}
+      MINIO_ROOT_PASSWORD: \${STORAGE_SECRET_ACCESS_KEY:-${imageName}}
     ports:
-      - "9001:9001"  # Console UI
+      - "\${MINIO_API_PORT:-9000}:9000"
+      - "\${MINIO_CONSOLE_PORT:-9001}:9001"
     volumes:
       - minio_data:/data
     healthcheck:
@@ -248,6 +259,28 @@ services:
 `;
 	}
 
+	const mailpitImage = serviceMap.get('mailpit');
+	if (mailpitImage) {
+		yaml += `
+  mailpit:
+    image: ${mailpitImage}
+    container_name: mailpit
+    restart: unless-stopped
+    environment:
+      MP_SMTP_AUTH: \${SMTP_USER:-${imageName}}:\${SMTP_PASS:-${imageName}}
+    ports:
+      - "\${MAILPIT_UI_PORT:-8025}:8025"  # Web UI
+      - "\${MAILPIT_SMTP_PORT:-1025}:1025"  # SMTP
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:8025"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    networks:
+      - app-network
+`;
+	}
+
 	// Add volumes
 	yaml += `
 volumes:
@@ -366,9 +399,11 @@ services:
 	for (const [appName, app] of apps) {
 		yaml += generateAppService(appName, app, apps, {
 			registry,
+			projectName: workspace.name,
 			hasPostgres,
 			hasRedis,
 			hasMinio,
+			hasMail,
 		});
 	}
 
@@ -419,9 +454,16 @@ services:
     image: axllent/mailpit:latest
     container_name: ${workspace.name}-mailpit
     restart: unless-stopped
+    environment:
+      MP_SMTP_AUTH: \${SMTP_USER:-${workspace.name}}:\${SMTP_PASS:-${workspace.name}}
     ports:
-      - "8025:8025"  # Web UI
-      - "1025:1025"  # SMTP
+      - "\${MAILPIT_UI_PORT:-8025}:8025"  # Web UI
+      - "\${MAILPIT_SMTP_PORT:-1025}:1025"  # SMTP
+    healthcheck:
+      test: ["CMD", "wget", "-q", "--spider", "http://localhost:8025"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
     networks:
       - workspace-network
 `;
@@ -434,12 +476,13 @@ services:
     container_name: ${workspace.name}-minio
     restart: unless-stopped
     entrypoint: sh
-    command: -c 'mkdir -p /data/\${MINIO_BUCKET:-app} && /usr/bin/docker-entrypoint.sh server --console-address ":9001" /data'
+    command: -c 'mkdir -p /data/\${STORAGE_BUCKET:-${workspace.name}} && /usr/bin/docker-entrypoint.sh server --console-address ":9001" /data'
     environment:
-      MINIO_ROOT_USER: \${MINIO_ACCESS_KEY:-app}
-      MINIO_ROOT_PASSWORD: \${MINIO_SECRET_KEY:-app}
+      MINIO_ROOT_USER: \${STORAGE_ACCESS_KEY_ID:-${workspace.name}}
+      MINIO_ROOT_PASSWORD: \${STORAGE_SECRET_ACCESS_KEY:-${workspace.name}}
     ports:
-      - "9001:9001"  # Console UI
+      - "\${MINIO_API_PORT:-9000}:9000"
+      - "\${MINIO_CONSOLE_PORT:-9001}:9001"
     volumes:
       - minio_data:/data
     healthcheck:
@@ -525,12 +568,15 @@ function generateAppService(
 	allApps: [string, NormalizedAppConfig][],
 	options: {
 		registry?: string;
+		projectName: string;
 		hasPostgres: boolean;
 		hasRedis: boolean;
 		hasMinio: boolean;
+		hasMail: boolean;
 	},
 ): string {
-	const { registry, hasPostgres, hasRedis, hasMinio } = options;
+	const { registry, projectName, hasPostgres, hasRedis, hasMinio, hasMail } =
+		options;
 	const imageRef = registry ? `\${REGISTRY:-${registry}}/` : '';
 
 	// Health check path - frontends use /, backends use /health
@@ -575,12 +621,19 @@ function generateAppService(
 `;
 		}
 		if (hasMinio) {
-			yaml += `      - S3_ENDPOINT=\${S3_ENDPOINT:-http://minio:9000}
-      - S3_ACCESS_KEY_ID=\${MINIO_ACCESS_KEY:-app}
-      - S3_SECRET_ACCESS_KEY=\${MINIO_SECRET_KEY:-app}
-      - S3_BUCKET=\${MINIO_BUCKET:-app}
-      - S3_REGION=\${S3_REGION:-eu-west-1}
-      - S3_FORCE_PATH_STYLE=true
+			yaml += `      - STORAGE_ENDPOINT=\${STORAGE_ENDPOINT:-http://minio:9000}
+      - STORAGE_ACCESS_KEY_ID=\${STORAGE_ACCESS_KEY_ID:-${projectName}}
+      - STORAGE_SECRET_ACCESS_KEY=\${STORAGE_SECRET_ACCESS_KEY:-${projectName}}
+      - STORAGE_BUCKET=\${STORAGE_BUCKET:-${projectName}}
+      - STORAGE_REGION=\${STORAGE_REGION:-eu-west-1}
+      - STORAGE_FORCE_PATH_STYLE=true
+`;
+		}
+		if (hasMail) {
+			yaml += `      - SMTP_HOST=\${SMTP_HOST:-mailpit}
+      - SMTP_PORT=\${SMTP_PORT:-1025}
+      - SMTP_USER=\${SMTP_USER:-${projectName}}
+      - SMTP_PASS=\${SMTP_PASS:-${projectName}}
 `;
 		}
 	}
@@ -598,6 +651,7 @@ function generateAppService(
 		if (hasPostgres) dependencies.push('postgres');
 		if (hasRedis) dependencies.push('redis');
 		if (hasMinio) dependencies.push('minio');
+		if (hasMail) dependencies.push('mailpit');
 	}
 
 	if (dependencies.length > 0) {

package/src/init/__tests__/generators.spec.ts

@@ -253,6 +253,7 @@ describe('generateDockerFiles', () => {
 			"'${MAILPIT_SMTP_HOST_PORT:-1025}:1025'",
 		);
 		expect(files[0].content).toContain("'${MAILPIT_UI_HOST_PORT:-8025}:8025'");
+		expect(files[0].content).toContain('MP_SMTP_AUTH:');
 	});
 });
 

package/src/init/generators/docker.ts

@@ -156,8 +156,7 @@ export function generateDockerFiles(
       - '\${MAILPIT_SMTP_HOST_PORT:-1025}:1025'
       - '\${MAILPIT_UI_HOST_PORT:-8025}:8025'
     environment:
-      MP_SMTP_AUTH_ACCEPT_ANY: 1
-      MP_SMTP_AUTH_ALLOW_INSECURE: 1`);
+      MP_SMTP_AUTH: \${SMTP_USER:-${options.name}}:\${SMTP_PASS:-${options.name}}`);
 	}
 
 	// Build docker-compose.yml

package/src/init/index.ts

@@ -331,6 +331,7 @@ export async function initCommand(
 	if (services.db) secretServices.push('postgres');
 	if (services.cache) secretServices.push('redis');
 	if (services.storage) secretServices.push('minio');
+	if (services.mail) secretServices.push('mailpit');
 
 	const devSecrets = createStageSecrets('development', secretServices, {
 		projectName: name,

package/src/init/versions.ts

@@ -42,7 +42,7 @@ export const GEEKMIDAS_VERSIONS = {
 	'@geekmidas/rate-limit': '~2.0.0',
 	'@geekmidas/schema': '~1.0.0',
 	'@geekmidas/services': '~1.0.1',
-	'@geekmidas/storage': '~2.0.0',
+	'@geekmidas/storage': '~2.0.1',
 	'@geekmidas/studio': '~1.0.0',
 	'@geekmidas/telescope': '~1.0.0',
 	'@geekmidas/testkit': '~1.0.5',

package/src/secrets/__tests__/generator.spec.ts

@@ -259,10 +259,10 @@ describe('generateConnectionUrls', () => {
 		expect(urls.DATABASE_URL).toBeDefined();
 		expect(urls.REDIS_URL).toBeDefined();
 		expect(urls.RABBITMQ_URL).toBeDefined();
-		expect(urls.S3_ENDPOINT).toBe('http://minio:9000');
+		expect(urls.STORAGE_ENDPOINT).toBe('http://minio:9000');
 	});
 
-	it('should generate S3_ENDPOINT for minio', () => {
+	it('should generate STORAGE_ENDPOINT for minio', () => {
 		const urls = generateConnectionUrls({
 			minio: {
 				host: 'localhost',
@@ -273,7 +273,7 @@ describe('generateConnectionUrls', () => {
 			},
 		});
 
-		expect(urls.S3_ENDPOINT).toBe('http://localhost:9000');
+		expect(urls.STORAGE_ENDPOINT).toBe('http://localhost:9000');
 		expect(urls.DATABASE_URL).toBeUndefined();
 	});
 });
@@ -308,11 +308,11 @@ describe('createStageSecrets', () => {
 		expect(secrets.urls.RABBITMQ_URL).toBeDefined();
 	});
 
-	it('should generate S3_ENDPOINT for minio', () => {
+	it('should generate STORAGE_ENDPOINT for minio', () => {
 		const secrets = createStageSecrets('production', ['minio']);
 
 		expect(secrets.services.minio).toBeDefined();
-		expect(secrets.urls.S3_ENDPOINT).toBe('http://localhost:9000');
+		expect(secrets.urls.STORAGE_ENDPOINT).toBe('http://localhost:9000');
 	});
 });
 

package/src/secrets/__tests__/storage.spec.ts

@@ -353,19 +353,19 @@ describe('toEmbeddableSecrets', () => {
 				},
 			},
 			urls: {
-				S3_ENDPOINT: 'http://localhost:9000',
+				STORAGE_ENDPOINT: 'http://localhost:9000',
 			},
 			custom: {},
 		};
 
 		const embeddable = toEmbeddableSecrets(secrets);
 
-		expect(embeddable.S3_ENDPOINT).toBe('http://localhost:9000');
-		expect(embeddable.S3_ACCESS_KEY_ID).toBe('myaccesskey');
-		expect(embeddable.S3_SECRET_ACCESS_KEY).toBe('mysecretkey');
-		expect(embeddable.S3_BUCKET).toBe('my-bucket');
-		expect(embeddable.S3_REGION).toBe('eu-west-1');
-		expect(embeddable.S3_FORCE_PATH_STYLE).toBe('true');
+		expect(embeddable.STORAGE_ENDPOINT).toBe('http://localhost:9000');
+		expect(embeddable.STORAGE_ACCESS_KEY_ID).toBe('myaccesskey');
+		expect(embeddable.STORAGE_SECRET_ACCESS_KEY).toBe('mysecretkey');
+		expect(embeddable.STORAGE_BUCKET).toBe('my-bucket');
+		expect(embeddable.STORAGE_REGION).toBe('eu-west-1');
+		expect(embeddable.STORAGE_FORCE_PATH_STYLE).toBe('true');
 	});
 
 	it('should handle all services and custom secrets together', () => {

package/src/secrets/generator.ts

@@ -40,6 +40,11 @@ const SERVICE_DEFAULTS: Record<
 		username: 'app',
 		bucket: 'app',
 	},
+	mailpit: {
+		host: 'localhost',
+		port: 1025,
+		username: 'app',
+	},
 };
 
 /**
@@ -124,7 +129,12 @@ export function generateConnectionUrls(
 	}
 
 	if (services.minio) {
-		urls.S3_ENDPOINT = generateMinioEndpoint(services.minio);
+		urls.STORAGE_ENDPOINT = generateMinioEndpoint(services.minio);
+	}
+
+	if (services.mailpit) {
+		urls.SMTP_HOST = services.mailpit.host;
+		urls.SMTP_PORT = String(services.mailpit.port);
 	}
 
 	return urls;
@@ -145,9 +155,15 @@ export function createStageSecrets(
 	const now = new Date().toISOString();
 	const serviceCredentials = generateServicesCredentials(services);
 
-	// Override postgres database name with project-derived name if provided
-	if (options?.projectName && serviceCredentials.postgres) {
-		serviceCredentials.postgres.database = `${options.projectName.replace(/-/g, '_')}_dev`;
+	// Override service defaults with project-derived names if provided
+	if (options?.projectName) {
+		if (serviceCredentials.postgres) {
+			serviceCredentials.postgres.database = `${options.projectName.replace(/-/g, '_')}_dev`;
+		}
+		if (serviceCredentials.minio) {
+			serviceCredentials.minio.bucket = options.projectName;
+			serviceCredentials.minio.username = options.projectName;
+		}
 	}
 
 	const urls = generateConnectionUrls(serviceCredentials);

package/src/secrets/index.ts

@@ -129,8 +129,8 @@ export async function secretsInitCommand(
 	if (secrets.urls.RABBITMQ_URL) {
 		logger.log(`  RABBITMQ_URL: ${maskUrl(secrets.urls.RABBITMQ_URL)}`);
 	}
-	if (secrets.urls.S3_ENDPOINT) {
-		logger.log(`  S3_ENDPOINT: ${secrets.urls.S3_ENDPOINT}`);
+	if (secrets.urls.STORAGE_ENDPOINT) {
+		logger.log(`  STORAGE_ENDPOINT: ${secrets.urls.STORAGE_ENDPOINT}`);
 	}
 
 	if (Object.keys(secrets.custom).length > 0) {
@@ -260,8 +260,8 @@ export async function secretsShowCommand(
 			`  RABBITMQ_URL: ${reveal ? secrets.urls.RABBITMQ_URL : maskUrl(secrets.urls.RABBITMQ_URL)}`,
 		);
 	}
-	if (secrets.urls.S3_ENDPOINT) {
-		logger.log(`  S3_ENDPOINT: ${secrets.urls.S3_ENDPOINT}`);
+	if (secrets.urls.STORAGE_ENDPOINT) {
+		logger.log(`  STORAGE_ENDPOINT: ${secrets.urls.STORAGE_ENDPOINT}`);
 	}
 
 	// Show custom secrets

package/src/secrets/storage.ts

@@ -209,11 +209,17 @@ export function toEmbeddableSecrets(secrets: StageSecrets): EmbeddableSecrets {
 			RABBITMQ_VHOST: secrets.services.rabbitmq.vhost ?? '/',
 		}),
 		...(secrets.services.minio && {
-			S3_ACCESS_KEY_ID: secrets.services.minio.username,
-			S3_SECRET_ACCESS_KEY: secrets.services.minio.password,
-			S3_BUCKET: secrets.services.minio.bucket ?? 'app',
-			S3_REGION: 'eu-west-1',
-			S3_FORCE_PATH_STYLE: 'true',
+			STORAGE_ACCESS_KEY_ID: secrets.services.minio.username,
+			STORAGE_SECRET_ACCESS_KEY: secrets.services.minio.password,
+			STORAGE_BUCKET: secrets.services.minio.bucket ?? 'app',
+			STORAGE_REGION: 'eu-west-1',
+			STORAGE_FORCE_PATH_STYLE: 'true',
+		}),
+		...(secrets.services.mailpit && {
+			SMTP_HOST: secrets.services.mailpit.host,
+			SMTP_PORT: String(secrets.services.mailpit.port),
+			SMTP_USER: secrets.services.mailpit.username,
+			SMTP_PASS: secrets.services.mailpit.password,
 		}),
 	};
 }

package/src/secrets/types.ts

@@ -28,13 +28,16 @@ export interface StageSecrets {
 		redis?: ServiceCredentials;
 		rabbitmq?: ServiceCredentials;
 		minio?: ServiceCredentials;
+		mailpit?: ServiceCredentials;
 	};
 	/** Generated connection URLs */
 	urls: {
 		DATABASE_URL?: string;
 		REDIS_URL?: string;
 		RABBITMQ_URL?: string;
-		S3_ENDPOINT?: string;
+		STORAGE_ENDPOINT?: string;
+		SMTP_HOST?: string;
+		SMTP_PORT?: string;
 	};
 	/** Custom user-defined secrets */
 	custom: Record<string, string>;

package/src/setup/__tests__/reconcile-secrets.spec.ts

@@ -151,9 +151,9 @@ describe('reconcileSecrets', () => {
 		expect(result!.services.minio).toBeDefined();
 		expect(result!.services.minio!.host).toBe('localhost');
 		expect(result!.services.minio!.port).toBe(9000);
-		expect(result!.services.minio!.bucket).toBe('app');
+		expect(result!.services.minio!.bucket).toBe('test-project');
 		expect(result!.services.minio!.password).toHaveLength(32);
-		expect(result!.urls.S3_ENDPOINT).toBe('http://localhost:9000');
+		expect(result!.urls.STORAGE_ENDPOINT).toBe('http://localhost:9000');
 		// Existing postgres should be preserved
 		expect(result!.services.postgres).toEqual(secrets.services.postgres);
 	});
@@ -175,7 +175,7 @@ describe('reconcileSecrets', () => {
 			password: 'mysecret',
 			bucket: 'my-bucket',
 		};
-		secrets.urls.S3_ENDPOINT = 'http://localhost:9000';
+		secrets.urls.STORAGE_ENDPOINT = 'http://localhost:9000';
 
 		const result = reconcileSecrets(secrets, workspace);
 

package/src/setup/index.ts

@@ -173,6 +173,11 @@ export function reconcileSecrets(
 	for (const { key, name } of serviceMap) {
 		if (workspace.services[key] && !result.services[name]) {
 			const creds = generateServiceCredentials(name);
+			// Override defaults with project-derived names
+			if (name === 'minio') {
+				creds.bucket = workspace.name;
+				creds.username = workspace.name;
+			}
 			result = {
 				...result,
 				services: { ...result.services, [name]: creds },

package/src/test/index.ts

@@ -6,10 +6,10 @@ import { sniffAppEnvironment } from '../deploy/sniffer';
 import {
 	createCredentialsPreload,
 	loadEnvFiles,
-	loadPortState,
 	parseComposePortMappings,
 	resolveServicePorts,
 	rewriteUrlsWithPorts,
+	startComposeServices,
 	startWorkspaceServices,
 } from '../dev/index';
 import { readStageSecrets, toEmbeddableSecrets } from '../secrets/storage';
@@ -121,19 +121,17 @@ export async function testCommand(options: TestOptions = {}): Promise<void> {
 			);
 		}
 	} catch {
-		// Not in a workspace — fall back to port state file
+		// Not in a workspace — start Docker services from local docker-compose.yml
 		const composePath = join(cwd, 'docker-compose.yml');
 		const mappings = parseComposePortMappings(composePath);
 		if (mappings.length > 0) {
-			const ports = await loadPortState(cwd);
-			if (Object.keys(ports).length > 0) {
-				secretsEnv = rewriteUrlsWithPorts(secretsEnv, {
-					dockerEnv: {},
-					ports,
-					mappings,
-				});
+			const resolvedPorts = await resolveServicePorts(cwd);
+			await startComposeServices(cwd, resolvedPorts.dockerEnv, secretsEnv);
+
+			if (resolvedPorts.mappings.length > 0) {
+				secretsEnv = rewriteUrlsWithPorts(secretsEnv, resolvedPorts);
 				console.log(
-					`  🔌 Applied ${Object.keys(ports).length} port mapping(s)`,
+					`  🔌 Applied ${Object.keys(resolvedPorts.ports).length} port mapping(s)`,
 				);
 			}
 		}

package/src/types.ts

@@ -78,7 +78,12 @@ export interface ServiceConfig {
 }
 
 /** Supported docker-compose service names */
-export type ComposeServiceName = 'postgres' | 'redis' | 'rabbitmq' | 'minio';
+export type ComposeServiceName =
+	| 'postgres'
+	| 'redis'
+	| 'rabbitmq'
+	| 'minio'
+	| 'mailpit';
 
 /** Services configuration - can be boolean (use defaults) or object with version */
 export type ComposeServicesConfig = {

package/dist/fullstack-secrets-BC9t9wWB.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"fullstack-secrets-BC9t9wWB.cjs","names":["SERVICE_DEFAULTS: Record<\n\tComposeServiceName,\n\tOmit<ServiceCredentials, 'password'>\n>","service: ComposeServiceName","services: ComposeServiceName[]","result: StageSecrets['services']","creds: ServiceCredentials","services: StageSecrets['services']","urls: StageSecrets['urls']","stage: string","options?: { projectName?: string }","secrets: StageSecrets","newCreds: ServiceCredentials","appName: string","password: string","projectName: string","workspace: NormalizedWorkspace","customs: Record<string, string>","frontendPorts: number[]","upperName","secrets: StageSecrets","workspaceRoot: string"],"sources":["../src/secrets/generator.ts","../src/setup/fullstack-secrets.ts"],"sourcesContent":["import { randomBytes } from 'node:crypto';\nimport type { ComposeServiceName } from '../types';\nimport type { ServiceCredentials, StageSecrets } from './types';\n\n/**\n * Generate a secure random password using URL-safe base64 characters.\n * @param length Password length (default: 32)\n */\nexport function generateSecurePassword(length = 32): string {\n\treturn randomBytes(Math.ceil((length * 3) / 4))\n\t\t.toString('base64url')\n\t\t.slice(0, length);\n}\n\n/** Default service configurations (localhost for local dev via Docker port mapping) */\nconst SERVICE_DEFAULTS: Record<\n\tComposeServiceName,\n\tOmit<ServiceCredentials, 'password'>\n> = {\n\tpostgres: {\n\t\thost: 'localhost',\n\t\tport: 5432,\n\t\tusername: 'app',\n\t\tdatabase: 'app',\n\t},\n\tredis: {\n\t\thost: 'localhost',\n\t\tport: 6379,\n\t\tusername: 'default',\n\t},\n\trabbitmq: {\n\t\thost: 'localhost',\n\t\tport: 5672,\n\t\tusername: 'app',\n\t\tvhost: '/',\n\t},\n\tminio: {\n\t\thost: 'localhost',\n\t\tport: 9000,\n\t\tusername: 'app',\n\t\tbucket: 'app',\n\t},\n};\n\n/**\n * Generate credentials for a specific service.\n */\nexport function generateServiceCredentials(\n\tservice: ComposeServiceName,\n): ServiceCredentials {\n\tconst defaults = SERVICE_DEFAULTS[service];\n\treturn {\n\t\t...defaults,\n\t\tpassword: generateSecurePassword(),\n\t};\n}\n\n/**\n * Generate credentials for multiple services.\n */\nexport function generateServicesCredentials(\n\tservices: ComposeServiceName[],\n): StageSecrets['services'] {\n\tconst result: StageSecrets['services'] = {};\n\n\tfor (const service of services) {\n\t\tresult[service] = generateServiceCredentials(service);\n\t}\n\n\treturn result;\n}\n\n/**\n * Generate connection URL for PostgreSQL.\n */\nexport function generatePostgresUrl(creds: ServiceCredentials): string {\n\tconst { username, password, host, port, database } = creds;\n\treturn `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${database}`;\n}\n\n/**\n * Generate connection URL for Redis.\n */\nexport function generateRedisUrl(creds: ServiceCredentials): string {\n\tconst { password, host, port } = creds;\n\treturn `redis://:${encodeURIComponent(password)}@${host}:${port}`;\n}\n\n/**\n * Generate connection URL for RabbitMQ.\n */\nexport function generateRabbitmqUrl(creds: ServiceCredentials): string {\n\tconst { username, password, host, port, vhost } = creds;\n\tconst encodedVhost = encodeURIComponent(vhost ?? '/');\n\treturn `amqp://${username}:${encodeURIComponent(password)}@${host}:${port}/${encodedVhost}`;\n}\n\n/**\n * Generate endpoint URL for MinIO (S3-compatible).\n */\nexport function generateMinioEndpoint(creds: ServiceCredentials): string {\n\tconst { host, port } = creds;\n\treturn `http://${host}:${port}`;\n}\n\n/**\n * Generate connection URLs from service credentials.\n */\nexport function generateConnectionUrls(\n\tservices: StageSecrets['services'],\n): StageSecrets['urls'] {\n\tconst urls: StageSecrets['urls'] = {};\n\n\tif (services.postgres) {\n\t\turls.DATABASE_URL = generatePostgresUrl(services.postgres);\n\t}\n\n\tif (services.redis) {\n\t\turls.REDIS_URL = generateRedisUrl(services.redis);\n\t}\n\n\tif (services.rabbitmq) {\n\t\turls.RABBITMQ_URL = generateRabbitmqUrl(services.rabbitmq);\n\t}\n\n\tif (services.minio) {\n\t\turls.S3_ENDPOINT = generateMinioEndpoint(services.minio);\n\t}\n\n\treturn urls;\n}\n\n/**\n * Create a new StageSecrets object with generated credentials.\n * @param stage - The deployment stage (e.g., 'development', 'production')\n * @param services - List of services to generate credentials for\n * @param options - Optional configuration\n * @param options.projectName - Project name used to derive the database name (e.g., 'myapp' → 'myapp_dev')\n */\nexport function createStageSecrets(\n\tstage: string,\n\tservices: ComposeServiceName[],\n\toptions?: { projectName?: string },\n): StageSecrets {\n\tconst now = new Date().toISOString();\n\tconst serviceCredentials = generateServicesCredentials(services);\n\n\t// Override postgres database name with project-derived name if provided\n\tif (options?.projectName && serviceCredentials.postgres) {\n\t\tserviceCredentials.postgres.database = `${options.projectName.replace(/-/g, '_')}_dev`;\n\t}\n\n\tconst urls = generateConnectionUrls(serviceCredentials);\n\n\treturn {\n\t\tstage,\n\t\tcreatedAt: now,\n\t\tupdatedAt: now,\n\t\tservices: serviceCredentials,\n\t\turls,\n\t\tcustom: {},\n\t};\n}\n\n/**\n * Rotate password for a specific service.\n */\nexport function rotateServicePassword(\n\tsecrets: StageSecrets,\n\tservice: ComposeServiceName,\n): StageSecrets {\n\tconst currentCreds = secrets.services[service];\n\tif (!currentCreds) {\n\t\tthrow new Error(`Service \"${service}\" not configured in secrets`);\n\t}\n\n\tconst newCreds: ServiceCredentials = {\n\t\t...currentCreds,\n\t\tpassword: generateSecurePassword(),\n\t};\n\n\tconst newServices = {\n\t\t...secrets.services,\n\t\t[service]: newCreds,\n\t};\n\n\treturn {\n\t\t...secrets,\n\t\tupdatedAt: new Date().toISOString(),\n\t\tservices: newServices,\n\t\turls: generateConnectionUrls(newServices),\n\t};\n}\n","import { mkdir, writeFile } from 'node:fs/promises';\nimport { dirname, join } from 'node:path';\nimport { generateSecurePassword } from '../secrets/generator.js';\nimport type { StageSecrets } from '../secrets/types.js';\nimport type { NormalizedWorkspace } from '../workspace/types.js';\n\n/**\n * Generate a secure random password for database users.\n * Uses a combination of timestamp and random bytes for uniqueness.\n */\nexport function generateDbPassword(): string {\n\treturn `${Date.now().toString(36)}${Math.random().toString(36).slice(2)}${Math.random().toString(36).slice(2)}`;\n}\n\n/**\n * Generate database URL for an app.\n * All apps connect to the same database, but use different users/schemas.\n */\nexport function generateDbUrl(\n\tappName: string,\n\tpassword: string,\n\tprojectName: string,\n\thost = 'localhost',\n\tport = 5432,\n): string {\n\tconst userName = appName.replace(/-/g, '_');\n\tconst dbName = `${projectName.replace(/-/g, '_')}_dev`;\n\treturn `postgresql://${userName}:${password}@${host}:${port}/${dbName}`;\n}\n\n/**\n * Generate fullstack-aware custom secrets for a workspace.\n *\n * Generates:\n * - Common secrets: NODE_ENV, PORT, LOG_LEVEL, JWT_SECRET\n * - Per-app database passwords and URLs for backend apps with db service\n * - Better-auth secrets for apps using the better-auth framework\n */\nexport function generateFullstackCustomSecrets(\n\tworkspace: NormalizedWorkspace,\n): Record<string, string> {\n\tconst hasDb = !!workspace.services.db;\n\tconst customs: Record<string, string> = {\n\t\tNODE_ENV: 'development',\n\t\tPORT: '3000',\n\t\tLOG_LEVEL: 'debug',\n\t\tJWT_SECRET: `dev-${Date.now()}-${Math.random().toString(36).slice(2)}`,\n\t};\n\n\tif (!hasDb) {\n\t\treturn customs;\n\t}\n\n\t// Collect all frontend ports for trusted origins\n\tconst frontendPorts: number[] = [];\n\n\tfor (const [appName, appConfig] of Object.entries(workspace.apps)) {\n\t\tif (appConfig.type === 'frontend') {\n\t\t\tfrontendPorts.push(appConfig.port);\n\t\t\tconst upperName = appName.toUpperCase();\n\t\t\tcustoms[`${upperName}_URL`] = `http://localhost:${appConfig.port}`;\n\t\t\tcontinue;\n\t\t}\n\n\t\t// Backend apps with database: generate per-app DB passwords and URLs\n\t\tconst password = generateDbPassword();\n\t\tconst upperName = appName.toUpperCase();\n\n\t\tcustoms[`${upperName}_DATABASE_URL`] = generateDbUrl(\n\t\t\tappName,\n\t\t\tpassword,\n\t\t\tworkspace.name,\n\t\t);\n\t\tcustoms[`${upperName}_DB_PASSWORD`] = password;\n\n\t\t// Better-auth framework secrets\n\t\tif (appConfig.framework === 'better-auth') {\n\t\t\tcustoms.AUTH_PORT = String(appConfig.port);\n\t\t\tcustoms.AUTH_URL = `http://localhost:${appConfig.port}`;\n\t\t\tcustoms.BETTER_AUTH_SECRET = `better-auth-${Date.now()}-${generateSecurePassword(16)}`;\n\t\t\tcustoms.BETTER_AUTH_URL = `http://localhost:${appConfig.port}`;\n\t\t}\n\t}\n\n\t// Generate trusted origins for better-auth (all app ports)\n\tif (customs.BETTER_AUTH_SECRET) {\n\t\tconst allPorts = Object.values(workspace.apps).map((a) => a.port);\n\t\tcustoms.BETTER_AUTH_TRUSTED_ORIGINS = allPorts\n\t\t\t.map((p) => `http://localhost:${p}`)\n\t\t\t.join(',');\n\t}\n\n\treturn customs;\n}\n\n/**\n * Extract *_DB_PASSWORD keys from secrets and write docker/.env.\n *\n * The docker/.env file contains database passwords that the PostgreSQL\n * init script reads to create per-app database users.\n */\nexport async function writeDockerEnvFromSecrets(\n\tsecrets: StageSecrets,\n\tworkspaceRoot: string,\n): Promise<void> {\n\tconst dbPasswordEntries = Object.entries(secrets.custom).filter(([key]) =>\n\t\tkey.endsWith('_DB_PASSWORD'),\n\t);\n\n\tif (dbPasswordEntries.length === 0) {\n\t\treturn;\n\t}\n\n\tconst envContent = `# Auto-generated docker environment file\n# Contains database passwords for docker-compose postgres init\n# This file is gitignored - do not commit to version control\n${dbPasswordEntries.map(([key, value]) => `${key}=${value}`).join('\\n')}\n`;\n\n\tconst envPath = join(workspaceRoot, 'docker', '.env');\n\tawait mkdir(dirname(envPath), { recursive: true });\n\tawait writeFile(envPath, envContent);\n}\n"],"mappings":";;;;;;;;;;AAQA,SAAgB,uBAAuB,SAAS,IAAY;AAC3D,QAAO,6BAAY,KAAK,KAAM,SAAS,IAAK,EAAE,CAAC,CAC7C,SAAS,YAAY,CACrB,MAAM,GAAG,OAAO;AAClB;;AAGD,MAAMA,mBAGF;CACH,UAAU;EACT,MAAM;EACN,MAAM;EACN,UAAU;EACV,UAAU;CACV;CACD,OAAO;EACN,MAAM;EACN,MAAM;EACN,UAAU;CACV;CACD,UAAU;EACT,MAAM;EACN,MAAM;EACN,UAAU;EACV,OAAO;CACP;CACD,OAAO;EACN,MAAM;EACN,MAAM;EACN,UAAU;EACV,QAAQ;CACR;AACD;;;;AAKD,SAAgB,2BACfC,SACqB;CACrB,MAAM,WAAW,iBAAiB;AAClC,QAAO;EACN,GAAG;EACH,UAAU,wBAAwB;CAClC;AACD;;;;AAKD,SAAgB,4BACfC,UAC2B;CAC3B,MAAMC,SAAmC,CAAE;AAE3C,MAAK,MAAM,WAAW,SACrB,QAAO,WAAW,2BAA2B,QAAQ;AAGtD,QAAO;AACP;;;;AAKD,SAAgB,oBAAoBC,OAAmC;CACtE,MAAM,EAAE,UAAU,UAAU,MAAM,MAAM,UAAU,GAAG;AACrD,SAAQ,eAAe,SAAS,GAAG,mBAAmB,SAAS,CAAC,GAAG,KAAK,GAAG,KAAK,GAAG,SAAS;AAC5F;;;;AAKD,SAAgB,iBAAiBA,OAAmC;CACnE,MAAM,EAAE,UAAU,MAAM,MAAM,GAAG;AACjC,SAAQ,WAAW,mBAAmB,SAAS,CAAC,GAAG,KAAK,GAAG,KAAK;AAChE;;;;AAKD,SAAgB,oBAAoBA,OAAmC;CACtE,MAAM,EAAE,UAAU,UAAU,MAAM,MAAM,OAAO,GAAG;CAClD,MAAM,eAAe,mBAAmB,SAAS,IAAI;AACrD,SAAQ,SAAS,SAAS,GAAG,mBAAmB,SAAS,CAAC,GAAG,KAAK,GAAG,KAAK,GAAG,aAAa;AAC1F;;;;AAKD,SAAgB,sBAAsBA,OAAmC;CACxE,MAAM,EAAE,MAAM,MAAM,GAAG;AACvB,SAAQ,SAAS,KAAK,GAAG,KAAK;AAC9B;;;;AAKD,SAAgB,uBACfC,UACuB;CACvB,MAAMC,OAA6B,CAAE;AAErC,KAAI,SAAS,SACZ,MAAK,eAAe,oBAAoB,SAAS,SAAS;AAG3D,KAAI,SAAS,MACZ,MAAK,YAAY,iBAAiB,SAAS,MAAM;AAGlD,KAAI,SAAS,SACZ,MAAK,eAAe,oBAAoB,SAAS,SAAS;AAG3D,KAAI,SAAS,MACZ,MAAK,cAAc,sBAAsB,SAAS,MAAM;AAGzD,QAAO;AACP;;;;;;;;AASD,SAAgB,mBACfC,OACAL,UACAM,SACe;CACf,MAAM,MAAM,qBAAI,QAAO,aAAa;CACpC,MAAM,qBAAqB,4BAA4B,SAAS;AAGhE,KAAI,SAAS,eAAe,mBAAmB,SAC9C,oBAAmB,SAAS,YAAY,EAAE,QAAQ,YAAY,QAAQ,MAAM,IAAI,CAAC;CAGlF,MAAM,OAAO,uBAAuB,mBAAmB;AAEvD,QAAO;EACN;EACA,WAAW;EACX,WAAW;EACX,UAAU;EACV;EACA,QAAQ,CAAE;CACV;AACD;;;;AAKD,SAAgB,sBACfC,SACAR,SACe;CACf,MAAM,eAAe,QAAQ,SAAS;AACtC,MAAK,aACJ,OAAM,IAAI,OAAO,WAAW,QAAQ;CAGrC,MAAMS,WAA+B;EACpC,GAAG;EACH,UAAU,wBAAwB;CAClC;CAED,MAAM,cAAc;EACnB,GAAG,QAAQ;GACV,UAAU;CACX;AAED,QAAO;EACN,GAAG;EACH,WAAW,qBAAI,QAAO,aAAa;EACnC,UAAU;EACV,MAAM,uBAAuB,YAAY;CACzC;AACD;;;;;;;;ACtLD,SAAgB,qBAA6B;AAC5C,SAAQ,EAAE,KAAK,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,MAAM,EAAE,CAAC;AAC9G;;;;;AAMD,SAAgB,cACfC,SACAC,UACAC,aACA,OAAO,aACP,OAAO,MACE;CACT,MAAM,WAAW,QAAQ,QAAQ,MAAM,IAAI;CAC3C,MAAM,UAAU,EAAE,YAAY,QAAQ,MAAM,IAAI,CAAC;AACjD,SAAQ,eAAe,SAAS,GAAG,SAAS,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO;AACtE;;;;;;;;;AAUD,SAAgB,+BACfC,WACyB;CACzB,MAAM,UAAU,UAAU,SAAS;CACnC,MAAMC,UAAkC;EACvC,UAAU;EACV,MAAM;EACN,WAAW;EACX,aAAa,MAAM,KAAK,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,MAAM,EAAE,CAAC;CACrE;AAED,MAAK,MACJ,QAAO;CAIR,MAAMC,gBAA0B,CAAE;AAElC,MAAK,MAAM,CAAC,SAAS,UAAU,IAAI,OAAO,QAAQ,UAAU,KAAK,EAAE;AAClE,MAAI,UAAU,SAAS,YAAY;AAClC,iBAAc,KAAK,UAAU,KAAK;GAClC,MAAMC,cAAY,QAAQ,aAAa;AACvC,YAAS,EAAEA,YAAU,UAAU,mBAAmB,UAAU,KAAK;AACjE;EACA;EAGD,MAAM,WAAW,oBAAoB;EACrC,MAAM,YAAY,QAAQ,aAAa;AAEvC,WAAS,EAAE,UAAU,kBAAkB,cACtC,SACA,UACA,UAAU,KACV;AACD,WAAS,EAAE,UAAU,iBAAiB;AAGtC,MAAI,UAAU,cAAc,eAAe;AAC1C,WAAQ,YAAY,OAAO,UAAU,KAAK;AAC1C,WAAQ,YAAY,mBAAmB,UAAU,KAAK;AACtD,WAAQ,sBAAsB,cAAc,KAAK,KAAK,CAAC,GAAG,uBAAuB,GAAG,CAAC;AACrF,WAAQ,mBAAmB,mBAAmB,UAAU,KAAK;EAC7D;CACD;AAGD,KAAI,QAAQ,oBAAoB;EAC/B,MAAM,WAAW,OAAO,OAAO,UAAU,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK;AACjE,UAAQ,8BAA8B,SACpC,IAAI,CAAC,OAAO,mBAAmB,EAAE,EAAE,CACnC,KAAK,IAAI;CACX;AAED,QAAO;AACP;;;;;;;AAQD,eAAsB,0BACrBC,SACAC,eACgB;CAChB,MAAM,oBAAoB,OAAO,QAAQ,QAAQ,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,KACrE,IAAI,SAAS,eAAe,CAC5B;AAED,KAAI,kBAAkB,WAAW,EAChC;CAGD,MAAM,cAAc;;;EAGnB,kBAAkB,IAAI,CAAC,CAAC,KAAK,MAAM,MAAM,EAAE,IAAI,GAAG,MAAM,EAAE,CAAC,KAAK,KAAK,CAAC;;CAGvE,MAAM,UAAU,oBAAK,eAAe,UAAU,OAAO;AACrD,OAAM,4BAAM,uBAAQ,QAAQ,EAAE,EAAE,WAAW,KAAM,EAAC;AAClD,OAAM,gCAAU,SAAS,WAAW;AACpC"}