@geekmidas/cli 1.10.15 → 1.10.17

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/cli",
-  "version": "1.10.15",
+  "version": "1.10.17",
   "description": "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs",
   "private": false,
   "type": "module",
@@ -56,11 +56,11 @@
     "prompts": "~2.4.2",
     "tsx": "~4.20.3",
     "yaml": "~2.8.2",
-    "@geekmidas/envkit": "~1.0.3",
+    "@geekmidas/envkit": "~1.0.4",
     "@geekmidas/constructs": "~3.0.2",
-    "@geekmidas/schema": "~1.0.0",
     "@geekmidas/errors": "~1.0.0",
-    "@geekmidas/logger": "~1.0.0"
+    "@geekmidas/logger": "~1.0.0",
+    "@geekmidas/schema": "~1.0.0"
   },
   "devDependencies": {
     "@types/lodash.kebabcase": "^4.1.9",

package/src/dev/__tests__/entry.spec.ts

@@ -97,11 +97,9 @@ describe('createEntryWrapper', () => {
 
 		const content = await readFile(wrapperPath, 'utf-8');
 
-		expect(content).toContain(
-			"import { Credentials } from '@geekmidas/envkit/credentials'",
-		);
+		expect(content).toContain('globalThis.__gkm_credentials__');
 		expect(content).toContain(secretsPath);
-		expect(content).toContain('Object.assign(Credentials');
+		expect(content).toContain('Object.assign(process.env');
 		expect(content).toContain("await import('/path/to/entry.ts')");
 	});
 
@@ -114,7 +112,7 @@ describe('createEntryWrapper', () => {
 
 		const content = await readFile(wrapperPath, 'utf-8');
 
-		const credentialsIndex = content.indexOf('Credentials');
+		const credentialsIndex = content.indexOf('__gkm_credentials__');
 		const importIndex = content.indexOf("await import('/path/to/entry.ts')");
 
 		expect(credentialsIndex).toBeGreaterThan(-1);

package/src/dev/__tests__/index.spec.ts

@@ -1237,6 +1237,28 @@ describe('replacePortInUrl', () => {
 		// Only the :5432 before / should be replaced
 		expect(result).toBe('postgresql://app:pass5432@localhost:5433/db5432');
 	});
+
+	it('should replace port followed by query string', () => {
+		const url = 'pgboss://pgboss:pass@localhost:5432/mydb?schema=pgboss';
+		expect(replacePortInUrl(url, 5432, 5433)).toBe(
+			'pgboss://pgboss:pass@localhost:5433/mydb?schema=pgboss',
+		);
+	});
+
+	it('should replace port in SNS URL with query params and no path', () => {
+		const url = 'sns://key:secret@localhost:4566?region=us-east-1';
+		expect(replacePortInUrl(url, 4566, 4567)).toBe(
+			'sns://key:secret@localhost:4567?region=us-east-1',
+		);
+	});
+
+	it('should replace URL-encoded port in query params', () => {
+		const url =
+			'sns://key:secret@localhost:4566?region=us-east-1&endpoint=http%3A%2F%2Flocalhost%3A4566';
+		expect(replacePortInUrl(url, 4566, 4567)).toBe(
+			'sns://key:secret@localhost:4567?region=us-east-1&endpoint=http%3A%2F%2Flocalhost%3A4567',
+		);
+	});
 });
 
 describe('rewriteUrlsWithPorts', () => {
@@ -1384,6 +1406,52 @@ describe('rewriteUrlsWithPorts', () => {
 		expect(result.POSTGRES_HOST).toBe('localhost');
 	});
 
+	it('should rewrite EVENT_PUBLISHER_CONNECTION_STRING and EVENT_SUBSCRIBER_CONNECTION_STRING', () => {
+		const secrets = {
+			EVENT_PUBLISHER_CONNECTION_STRING:
+				'pgboss://pgboss:pass@localhost:5432/mydb?schema=pgboss',
+			EVENT_SUBSCRIBER_CONNECTION_STRING:
+				'pgboss://pgboss:pass@localhost:5432/mydb?schema=pgboss',
+		};
+		const result = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: { POSTGRES_HOST_PORT: '5433' },
+			ports: { POSTGRES_HOST_PORT: 5433 },
+			mappings: [pgMapping],
+		});
+		expect(result.EVENT_PUBLISHER_CONNECTION_STRING).toBe(
+			'pgboss://pgboss:pass@localhost:5433/mydb?schema=pgboss',
+		);
+		expect(result.EVENT_SUBSCRIBER_CONNECTION_STRING).toBe(
+			'pgboss://pgboss:pass@localhost:5433/mydb?schema=pgboss',
+		);
+	});
+
+	it('should rewrite SNS connection strings with encoded endpoint port', () => {
+		const localstackMapping = {
+			service: 'localstack',
+			envVar: 'LOCALSTACK_PORT',
+			defaultPort: 4566,
+			containerPort: 4566,
+		};
+		const secrets = {
+			EVENT_PUBLISHER_CONNECTION_STRING:
+				'sns://LSIAkey:secret@localhost:4566?region=us-east-1&endpoint=http%3A%2F%2Flocalhost%3A4566',
+			EVENT_SUBSCRIBER_CONNECTION_STRING:
+				'sqs://LSIAkey:secret@localhost:4566?region=us-east-1&endpoint=http%3A%2F%2Flocalhost%3A4566',
+		};
+		const result = rewriteUrlsWithPorts(secrets, {
+			dockerEnv: { LOCALSTACK_PORT: '4567' },
+			ports: { LOCALSTACK_PORT: 4567 },
+			mappings: [localstackMapping],
+		});
+		expect(result.EVENT_PUBLISHER_CONNECTION_STRING).toBe(
+			'sns://LSIAkey:secret@localhost:4567?region=us-east-1&endpoint=http%3A%2F%2Flocalhost%3A4567',
+		);
+		expect(result.EVENT_SUBSCRIBER_CONNECTION_STRING).toBe(
+			'sqs://LSIAkey:secret@localhost:4567?region=us-east-1&endpoint=http%3A%2F%2Flocalhost%3A4567',
+		);
+	});
+
 	it('should return empty for no mappings', () => {
 		const result = rewriteUrlsWithPorts(
 			{},
@@ -1799,23 +1867,23 @@ describe('generateServerEntryContent', () => {
 		expect(content).not.toMatch(/^import.*createApp/m);
 	});
 
-	it('should inject Credentials assignment before dynamic import', () => {
+	it('should inject credentials via globalThis before dynamic import', () => {
 		const content = generateServerEntryContent({
 			secretsJsonPath: '/tmp/dev-secrets.json',
 		});
 
-		const credentialsAssignIdx = content.indexOf('Object.assign(Credentials');
+		const credentialsIdx = content.indexOf('__gkm_credentials__');
 		const dynamicImportIdx = content.indexOf("await import('./app.js')");
 
-		expect(credentialsAssignIdx).toBeGreaterThan(-1);
+		expect(credentialsIdx).toBeGreaterThan(-1);
 		expect(dynamicImportIdx).toBeGreaterThan(-1);
-		expect(credentialsAssignIdx).toBeLessThan(dynamicImportIdx);
+		expect(credentialsIdx).toBeLessThan(dynamicImportIdx);
 	});
 
 	it('should not include credentials injection when no secrets path', () => {
 		const content = generateServerEntryContent({});
 
-		expect(content).not.toContain('Object.assign(Credentials');
+		expect(content).not.toContain('__gkm_credentials__');
 		expect(content).not.toContain('existsSync');
 	});
 

package/src/dev/index.ts

@@ -348,7 +348,17 @@ export function replacePortInUrl(
 	newPort: number,
 ): string {
 	if (oldPort === newPort) return url;
-	return url.replace(new RegExp(`:${oldPort}(?=/|$)`, 'g'), `:${newPort}`);
+	// Replace literal :port (in authority section)
+	let result = url.replace(
+		new RegExp(`:${oldPort}(?=[/?#]|$)`, 'g'),
+		`:${newPort}`,
+	);
+	// Replace URL-encoded :port (e.g., in query params like endpoint=http%3A%2F%2Flocalhost%3A4566)
+	result = result.replace(
+		new RegExp(`%3A${oldPort}(?=[%/?#&]|$)`, 'gi'),
+		`%3A${newPort}`,
+	);
+	return result;
 }
 
 /**
@@ -402,6 +412,7 @@ export function rewriteUrlsWithPorts(
 		if (
 			!key.endsWith('_URL') &&
 			!key.endsWith('_ENDPOINT') &&
+			!key.endsWith('_CONNECTION_STRING') &&
 			key !== 'DATABASE_URL'
 		)
 			continue;
@@ -1623,17 +1634,16 @@ export function findSecretsRoot(startDir: string): string {
  * @internal
  */
 function generateCredentialsInjection(secretsJsonPath: string): string {
-	return `import { Credentials } from '@geekmidas/envkit/credentials';
-import { existsSync, readFileSync } from 'node:fs';
+	return `import { existsSync, readFileSync } from 'node:fs';
 
-// Inject dev secrets into Credentials and process.env
+// Inject dev secrets via globalThis and process.env
+// Using globalThis.__gkm_credentials__ avoids CJS/ESM interop issues where
+// Object.assign on the Credentials export only mutates one module copy.
 const secretsPath = '${secretsJsonPath}';
 if (existsSync(secretsPath)) {
   const secrets = JSON.parse(readFileSync(secretsPath, 'utf-8'));
-  Object.assign(Credentials, secrets);
+  globalThis.__gkm_credentials__ = secrets;
   Object.assign(process.env, secrets);
-  // Debug: uncomment to verify preload is running
-  // console.log('[gkm preload] Injected', Object.keys(secrets).length, 'credentials');
 }
 `;
 }
@@ -1958,13 +1968,14 @@ export function generateServerEntryContent(options: {
 	} = options;
 
 	const credentialsInjection = secretsJsonPath
-		? `import { Credentials } from '@geekmidas/envkit/credentials';
-import { existsSync, readFileSync } from 'node:fs';
+		? `import { existsSync, readFileSync } from 'node:fs';
 
-// Inject dev secrets into Credentials (must happen before app import)
+// Inject dev secrets via globalThis (must happen before app import)
 const secretsPath = '${secretsJsonPath}';
 if (existsSync(secretsPath)) {
-  Object.assign(Credentials, JSON.parse(readFileSync(secretsPath, 'utf-8')));
+  const __secrets = JSON.parse(readFileSync(secretsPath, 'utf-8'));
+  globalThis.__gkm_credentials__ = __secrets;
+  Object.assign(process.env, __secrets);
 }
 
 `
@@ -2246,20 +2257,17 @@ export async function execCommand(
 		logger.log(`🔐 Loaded ${secretCount} secret(s)`);
 	}
 
-	// Rewrite URLs with resolved Docker ports (from gkm dev)
-	const composePath = join(secretsRoot, 'docker-compose.yml');
-	const mappings = parseComposePortMappings(composePath);
-	if (mappings.length > 0) {
-		const ports = await loadPortState(secretsRoot);
-		if (Object.keys(ports).length > 0) {
-			const rewritten = rewriteUrlsWithPorts(credentials, {
-				dockerEnv: {},
-				ports,
-				mappings,
-			});
-			Object.assign(credentials, rewritten);
-			logger.log(`🔌 Applied ${Object.keys(ports).length} port mapping(s)`);
-		}
+	// Resolve actual Docker ports from running containers (not just saved state)
+	const resolvedPorts = await resolveServicePorts(secretsRoot);
+	if (
+		resolvedPorts.mappings.length > 0 &&
+		Object.keys(resolvedPorts.ports).length > 0
+	) {
+		const rewritten = rewriteUrlsWithPorts(credentials, resolvedPorts);
+		Object.assign(credentials, rewritten);
+		logger.log(
+			`🔌 Applied ${Object.keys(resolvedPorts.ports).length} port mapping(s)`,
+		);
 	}
 
 	// Inject dependency URLs (works for both frontend and backend apps)

package/src/docker/compose.ts

@@ -15,6 +15,7 @@ export const DEFAULT_SERVICE_IMAGES: Record<ComposeServiceName, string> = {
 	rabbitmq: 'rabbitmq',
 	minio: 'minio/minio',
 	mailpit: 'axllent/mailpit',
+	localstack: 'localstack/localstack',
 };
 
 /** Default Docker image versions for services */
@@ -24,6 +25,7 @@ export const DEFAULT_SERVICE_VERSIONS: Record<ComposeServiceName, string> = {
 	rabbitmq: '3-management-alpine',
 	minio: 'latest',
 	mailpit: 'latest',
+	localstack: 'latest',
 };
 
 export interface ComposeOptions {
@@ -145,6 +147,14 @@ services:
 `;
 	}
 
+	if (serviceMap.has('localstack')) {
+		yaml += `      - AWS_ACCESS_KEY_ID=\${AWS_ACCESS_KEY_ID:-localstack}
+      - AWS_SECRET_ACCESS_KEY=\${AWS_SECRET_ACCESS_KEY:-localstack}
+      - AWS_REGION=\${AWS_REGION:-us-east-1}
+      - AWS_ENDPOINT_URL=\${AWS_ENDPOINT_URL:-http://localstack:4566}
+`;
+	}
+
 	yaml += `    healthcheck:
       test: ["CMD", "wget", "-q", "--spider", "http://localhost:${port}${healthCheckPath}"]
       interval: 30s
@@ -283,6 +293,32 @@ services:
 `;
 	}
 
+	const localstackImage = serviceMap.get('localstack');
+	if (localstackImage) {
+		yaml += `
+  localstack:
+    image: ${localstackImage}
+    container_name: localstack
+    restart: unless-stopped
+    environment:
+      SERVICES: sns,sqs
+      AWS_DEFAULT_REGION: \${AWS_REGION:-us-east-1}
+      AWS_ACCESS_KEY_ID: \${AWS_ACCESS_KEY_ID:-localstack}
+      AWS_SECRET_ACCESS_KEY: \${AWS_SECRET_ACCESS_KEY:-localstack}
+    ports:
+      - "\${LOCALSTACK_PORT:-4566}:4566"
+    volumes:
+      - localstack_data:/var/lib/localstack
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:4566/_localstack/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - app-network
+`;
+	}
+
 	// Add volumes
 	yaml += `
 volumes:
@@ -308,6 +344,11 @@ volumes:
 `;
 	}
 
+	if (serviceMap.has('localstack')) {
+		yaml += `  localstack_data:
+`;
+	}
+
 	// Add networks
 	yaml += `
 networks:
@@ -384,6 +425,11 @@ export function generateWorkspaceCompose(
 	const hasRedis = services.cache !== undefined && services.cache !== false;
 	const hasMail = services.mail !== undefined && services.mail !== false;
 	const hasMinio = services.storage !== undefined && services.storage !== false;
+	const eventsBackend = services.events;
+	const hasLocalStack = eventsBackend === 'sns';
+	const hasRabbitMQ =
+		eventsBackend === 'rabbitmq' ||
+		(services as Record<string, unknown>).rabbitmq !== undefined;
 
 	// Get image versions from config
 	const postgresImage = getInfraServiceImage('postgres', services.db);
@@ -406,6 +452,7 @@ services:
 			hasRedis,
 			hasMinio,
 			hasMail,
+			eventsBackend,
 		});
 	}
 
@@ -497,6 +544,55 @@ services:
 `;
 	}
 
+	if (hasLocalStack) {
+		yaml += `
+  localstack:
+    image: localstack/localstack:latest
+    container_name: ${workspace.name}-localstack
+    restart: unless-stopped
+    environment:
+      SERVICES: sns,sqs
+      AWS_DEFAULT_REGION: \${AWS_REGION:-us-east-1}
+      AWS_ACCESS_KEY_ID: \${AWS_ACCESS_KEY_ID:-localstack}
+      AWS_SECRET_ACCESS_KEY: \${AWS_SECRET_ACCESS_KEY:-localstack}
+    ports:
+      - "\${LOCALSTACK_PORT:-4566}:4566"
+    volumes:
+      - localstack_data:/var/lib/localstack
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:4566/_localstack/health"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - workspace-network
+`;
+	}
+
+	if (hasRabbitMQ) {
+		yaml += `
+  rabbitmq:
+    image: rabbitmq:3-management-alpine
+    container_name: ${workspace.name}-rabbitmq
+    restart: unless-stopped
+    environment:
+      RABBITMQ_DEFAULT_USER: \${RABBITMQ_USER:-guest}
+      RABBITMQ_DEFAULT_PASS: \${RABBITMQ_PASSWORD:-guest}
+    ports:
+      - "\${RABBITMQ_HOST_PORT:-5672}:5672"
+      - "\${RABBITMQ_MGMT_HOST_PORT:-15672}:15672"
+    volumes:
+      - rabbitmq_data:/var/lib/rabbitmq
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - workspace-network
+`;
+	}
+
 	// Add volumes section
 	yaml += `
 volumes:
@@ -517,6 +613,16 @@ volumes:
 `;
 	}
 
+	if (hasLocalStack) {
+		yaml += `  localstack_data:
+`;
+	}
+
+	if (hasRabbitMQ) {
+		yaml += `  rabbitmq_data:
+`;
+	}
+
 	// Add networks section
 	yaml += `
 networks:
@@ -575,10 +681,18 @@ function generateAppService(
 		hasRedis: boolean;
 		hasMinio: boolean;
 		hasMail: boolean;
+		eventsBackend?: import('../types').EventsBackend;
 	},
 ): string {
-	const { registry, projectName, hasPostgres, hasRedis, hasMinio, hasMail } =
-		options;
+	const {
+		registry,
+		projectName,
+		hasPostgres,
+		hasRedis,
+		hasMinio,
+		hasMail,
+		eventsBackend,
+	} = options;
 	const imageRef = registry ? `\${REGISTRY:-${registry}}/` : '';
 
 	// Health check path - frontends use /, backends use /health
@@ -640,6 +754,18 @@ function generateAppService(
       - MAIL_FROM=\${MAIL_FROM:-noreply@localhost}
 `;
 		}
+		if (eventsBackend) {
+			yaml += `      - EVENT_PUBLISHER_CONNECTION_STRING=\${EVENT_PUBLISHER_CONNECTION_STRING}
+      - EVENT_SUBSCRIBER_CONNECTION_STRING=\${EVENT_SUBSCRIBER_CONNECTION_STRING}
+`;
+			if (eventsBackend === 'sns') {
+				yaml += `      - AWS_ACCESS_KEY_ID=\${AWS_ACCESS_KEY_ID:-localstack}
+      - AWS_SECRET_ACCESS_KEY=\${AWS_SECRET_ACCESS_KEY:-localstack}
+      - AWS_REGION=\${AWS_REGION:-us-east-1}
+      - AWS_ENDPOINT_URL=\${AWS_ENDPOINT_URL:-http://localstack:4566}
+`;
+			}
+		}
 	}
 
 	yaml += `    healthcheck:
@@ -656,6 +782,8 @@ function generateAppService(
 		if (hasRedis) dependencies.push('redis');
 		if (hasMinio) dependencies.push('minio');
 		if (hasMail) dependencies.push('mailpit');
+		if (eventsBackend === 'sns') dependencies.push('localstack');
+		if (eventsBackend === 'rabbitmq') dependencies.push('rabbitmq');
 	}
 
 	if (dependencies.length > 0) {

package/src/init/__tests__/generators.spec.ts

@@ -295,6 +295,90 @@ describe('generateDockerFiles', () => {
 		expect(files[0].content).not.toContain('mailpit');
 		expect(files[0].content).not.toContain('minio');
 	});
+
+	it('should include localstack when events is sns', () => {
+		const options = {
+			...baseOptions,
+			services: {
+				db: true,
+				cache: true,
+				mail: false,
+				storage: false,
+				events: 'sns' as const,
+			},
+		};
+		const files = generateDockerFiles(options, minimalTemplate);
+		const compose = files[0].content;
+		expect(compose).toContain('localstack');
+		expect(compose).toContain('SERVICES: sns,sqs');
+		expect(compose).toContain('LOCALSTACK_PORT');
+	});
+
+	it('should include rabbitmq when events is rabbitmq', () => {
+		const options = {
+			...baseOptions,
+			services: {
+				db: true,
+				cache: true,
+				mail: false,
+				storage: false,
+				events: 'rabbitmq' as const,
+			},
+		};
+		const files = generateDockerFiles(options, minimalTemplate);
+		const compose = files[0].content;
+		expect(compose).toContain('rabbitmq');
+		expect(compose).toContain('RABBITMQ_HOST_PORT');
+	});
+
+	it('should not add extra container for pgboss events', () => {
+		const options = {
+			...baseOptions,
+			services: {
+				db: true,
+				cache: true,
+				mail: false,
+				storage: false,
+				events: 'pgboss' as const,
+			},
+		};
+		const files = generateDockerFiles(options, minimalTemplate);
+		const compose = files[0].content;
+		expect(compose).not.toContain('localstack');
+		// pgboss reuses postgres, no separate container
+	});
+
+	it('should generate idempotent postgres init script with pgboss', () => {
+		const options = {
+			...baseOptions,
+			template: 'fullstack' as const,
+			monorepo: true,
+			apiPath: 'apps/api',
+			services: {
+				db: true,
+				cache: true,
+				mail: false,
+				storage: false,
+				events: 'pgboss' as const,
+			},
+		};
+		const dbApps = [
+			{ name: 'api', password: 'api-pass' },
+			{ name: 'auth', password: 'auth-pass' },
+		];
+		const files = generateDockerFiles(options, apiTemplate, dbApps);
+		const initScript = files.find((f) => f.path === 'docker/postgres/init.sh');
+		expect(initScript).toBeDefined();
+		expect(initScript!.content).toContain('IF NOT EXISTS');
+		expect(initScript!.content).toContain('pgboss');
+		expect(initScript!.content).toContain('PGBOSS_DB_PASSWORD');
+		expect(initScript!.content).toContain('CREATE SCHEMA IF NOT EXISTS pgboss');
+
+		// Docker env should include pgboss password
+		const envFile = files.find((f) => f.path === 'docker/.env');
+		expect(envFile).toBeDefined();
+		expect(envFile!.content).toContain('PGBOSS_DB_PASSWORD');
+	});
 });
 
 describe('generateMonorepoFiles', () => {