npm - @geekmidas/cli - Versions diffs - 1.10.15 → 1.10.17 - Mend

@geekmidas/cli 1.10.15 → 1.10.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/CHANGELOG.md +12 -0
package/dist/{bundler-BWsVDer6.mjs → bundler-B4AackW5.mjs} +2 -2
package/dist/{bundler-BWsVDer6.mjs.map → bundler-B4AackW5.mjs.map} +1 -1
package/dist/{bundler-Drh5KoN5.cjs → bundler-BhhfkI9T.cjs} +2 -2
package/dist/{bundler-Drh5KoN5.cjs.map → bundler-BhhfkI9T.cjs.map} +1 -1
package/dist/config.d.cts +2 -2
package/dist/config.d.mts +2 -2
package/dist/{fullstack-secrets-D9rjTNyx.cjs → fullstack-secrets-DOHBU4Rp.cjs} +110 -4
package/dist/fullstack-secrets-DOHBU4Rp.cjs.map +1 -0
package/dist/{fullstack-secrets-BIFFv4UZ.mjs → fullstack-secrets-x2Kffx7-.mjs} +99 -5
package/dist/fullstack-secrets-x2Kffx7-.mjs.map +1 -0
package/dist/{index-UCsZ_Vkw.d.cts → index-BkibYzso.d.cts} +15 -4
package/dist/index-BkibYzso.d.cts.map +1 -0
package/dist/{index-gXAGDSGu.d.mts → index-CY-ieuRp.d.mts} +15 -4
package/dist/index-CY-ieuRp.d.mts.map +1 -0
package/dist/index.cjs +332 -62
package/dist/index.cjs.map +1 -1
package/dist/index.mjs +332 -62
package/dist/index.mjs.map +1 -1
package/dist/openapi-BYxAWwok.cjs.map +1 -1
package/dist/openapi-DenF-okj.mjs.map +1 -1
package/dist/openapi.d.cts +1 -1
package/dist/openapi.d.mts +1 -1
package/dist/{reconcile-DxTEausy.mjs → reconcile-BLh6rswz.mjs} +2 -2
package/dist/{reconcile-DxTEausy.mjs.map → reconcile-BLh6rswz.mjs.map} +1 -1
package/dist/{reconcile-LaaJkFlO.cjs → reconcile-Ch7sIcf8.cjs} +2 -2
package/dist/{reconcile-LaaJkFlO.cjs.map → reconcile-Ch7sIcf8.cjs.map} +1 -1
package/dist/{storage-Bu44pwPJ.cjs → storage-B1wvztiJ.cjs} +11 -1
package/dist/{storage-clMAp4sc.mjs.map → storage-B1wvztiJ.cjs.map} +1 -1
package/dist/{storage-CauTheT9.mjs → storage-Cs4WBsc4.mjs} +1 -1
package/dist/{storage-DpqzcjQ5.cjs → storage-DOEtT2Hr.cjs} +1 -1
package/dist/{storage-clMAp4sc.mjs → storage-dbb9RyBl.mjs} +11 -1
package/dist/{storage-Bu44pwPJ.cjs.map → storage-dbb9RyBl.mjs.map} +1 -1
package/dist/{sync-BkalF65h.mjs → sync-COnAugP-.mjs} +1 -1
package/dist/sync-D1Pa30oV.cjs +4 -0
package/dist/{sync-BeiI5rFC.cjs → sync-DGXXSk2v.cjs} +2 -2
package/dist/{sync-BeiI5rFC.cjs.map → sync-DGXXSk2v.cjs.map} +1 -1
package/dist/{sync-CWJ6tL0s.mjs → sync-D_NowTkZ.mjs} +2 -2
package/dist/{sync-CWJ6tL0s.mjs.map → sync-D_NowTkZ.mjs.map} +1 -1
package/dist/{types-DiV9Mbvc.d.mts → types-DdHfUbxk.d.cts} +13 -3
package/dist/types-DdHfUbxk.d.cts.map +1 -0
package/dist/{types-JvWj5Ckc.d.cts → types-OszPdw9m.d.mts} +13 -3
package/dist/types-OszPdw9m.d.mts.map +1 -0
package/dist/workspace/index.d.cts +2 -2
package/dist/workspace/index.d.mts +2 -2
package/dist/workspace-4SP3Gx4Y.cjs.map +1 -1
package/dist/workspace-D4z4A4cq.mjs.map +1 -1
package/package.json +4 -4
package/src/dev/__tests__/entry.spec.ts +3 -5
package/src/dev/__tests__/index.spec.ts +73 -5
package/src/dev/index.ts +33 -25
package/src/docker/compose.ts +130 -2
package/src/init/__tests__/generators.spec.ts +84 -0
package/src/init/generators/docker.ts +128 -16
package/src/init/index.ts +26 -1
package/src/init/templates/index.ts +28 -0
package/src/init/versions.ts +1 -1
package/src/secrets/__tests__/generator.spec.ts +183 -0
package/src/secrets/generator.ts +116 -4
package/src/secrets/storage.ts +12 -0
package/src/secrets/types.ts +11 -1
package/src/setup/__tests__/reconcile-secrets.spec.ts +86 -0
package/src/setup/index.ts +64 -1
package/src/test/__tests__/index.spec.ts +1 -4
package/src/types.ts +13 -1
package/src/workspace/types.ts +13 -2
package/dist/fullstack-secrets-BIFFv4UZ.mjs.map +0 -1
package/dist/fullstack-secrets-D9rjTNyx.cjs.map +0 -1
package/dist/index-UCsZ_Vkw.d.cts.map +0 -1
package/dist/index-gXAGDSGu.d.mts.map +0 -1
package/dist/sync-Bp8xRcuQ.cjs +0 -4
package/dist/types-DiV9Mbvc.d.mts.map +0 -1
package/dist/types-JvWj5Ckc.d.cts.map +0 -1

package/src/init/generators/docker.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+import type { EventsBackend } from '../../types.js';
 import type {
 	GeneratedFile,
 	TemplateConfig,
@@ -64,13 +65,13 @@ export function generateDockerFiles(
 		if (isFullstack && dbApps?.length) {
 			files.push({
 				path: 'docker/postgres/init.sh',
-				content: generatePostgresInitScript(dbApps),
+				content: generatePostgresInitScript(dbApps, options.services?.events),
 			});
 			// Generate .env file for docker-compose (contains db passwords)
 			files.push({
 				path: 'docker/.env',
-				content: generateDockerEnv(dbApps),
+				content: generateDockerEnv(dbApps, options.services?.events),
 			});
 		}
 	}
@@ -183,6 +184,53 @@ export function generateDockerFiles(
 		volumes.push('  minio_data:');
 	}
+	// LocalStack for SNS events
+	if (options.services?.events === 'sns') {
+		services.push(`  localstack:
+    image: localstack/localstack:latest
+    container_name: ${options.name}-localstack
+    restart: unless-stopped
+    environment:
+      SERVICES: sns,sqs
+      AWS_DEFAULT_REGION: \${AWS_REGION:-us-east-1}
+      AWS_ACCESS_KEY_ID: \${AWS_ACCESS_KEY_ID:-localstack}
+      AWS_SECRET_ACCESS_KEY: \${AWS_SECRET_ACCESS_KEY:-localstack}
+    ports:
+      - '\${LOCALSTACK_PORT:-4566}:4566'
+    volumes:
+      - localstack_data:/var/lib/localstack
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:4566/_localstack/health']
+      interval: 10s
+      timeout: 5s
+      retries: 5`);
+		volumes.push('  localstack_data:');
+	}
+	// RabbitMQ for rabbitmq events (when not already added by worker template)
+	if (options.services?.events === 'rabbitmq' && !hasWorker) {
+		services.push(`  rabbitmq:
+    image: rabbitmq:3-management-alpine
+    container_name: ${options.name}-rabbitmq
+    restart: unless-stopped
+    ports:
+      - '\${RABBITMQ_HOST_PORT:-5672}:5672'
+      - '\${RABBITMQ_MGMT_HOST_PORT:-15672}:15672'
+    environment:
+      RABBITMQ_DEFAULT_USER: guest
+      RABBITMQ_DEFAULT_PASS: guest
+    volumes:
+      - rabbitmq_data:/var/lib/rabbitmq
+    healthcheck:
+      test: ['CMD', 'rabbitmq-diagnostics', 'check_running']
+      interval: 10s
+      timeout: 5s
+      retries: 5`);
+		if (!volumes.includes('  rabbitmq_data:')) {
+			volumes.push('  rabbitmq_data:');
+		}
+	}
 	// Build docker-compose.yml
 	let dockerCompose = `# Use "gkm dev" or "gkm test" to start services.
 # Running "docker compose up" directly will not inject secrets or resolve ports.
@@ -209,12 +257,20 @@ ${volumes.join('\n')}
 /**
  * Generate .env file for docker-compose with database passwords
  */
-function generateDockerEnv(apps: DatabaseAppConfig[]): string {
+function generateDockerEnv(
+	apps: DatabaseAppConfig[],
+	eventsBackend?: EventsBackend,
+): string {
 	const envVars = apps.map((app) => {
 		const envVar = `${app.name.toUpperCase()}_DB_PASSWORD`;
 		return `${envVar}=${app.password}`;
 	});
+	// Add pgboss password if events backend is pgboss
+	if (eventsBackend === 'pgboss') {
+		envVars.push(`PGBOSS_DB_PASSWORD=pgboss-dev-password`);
+	}
 	return `# Auto-generated docker environment file
 # Contains database passwords for docker-compose postgres init
 # This file is gitignored - do not commit to version control
@@ -223,12 +279,16 @@ ${envVars.join('\n')}
 }
 /**
- * Generate PostgreSQL init shell script that creates per-app users with separate schemas
- * Uses environment variables for passwords (more secure than hardcoded values)
+ * Generate PostgreSQL init shell script that creates per-app users with separate schemas.
+ * Uses idempotent DO blocks so the script can be re-run safely.
  * - api user: uses public schema
  * - auth user: uses auth schema with search_path=auth
+ * - pgboss user: uses pgboss schema (when events === 'pgboss')
  */
-function generatePostgresInitScript(apps: DatabaseAppConfig[]): string {
+function generatePostgresInitScript(
+	apps: DatabaseAppConfig[],
+	eventsBackend?: EventsBackend,
+): string {
 	const userCreations = apps.map((app) => {
 		const userName = app.name.replace(/-/g, '_');
 		const envVar = `${app.name.toUpperCase()}_DB_PASSWORD`;
@@ -236,25 +296,39 @@ function generatePostgresInitScript(apps: DatabaseAppConfig[]): string {
 		const schemaName = isApi ? 'public' : userName;
 		if (isApi) {
-			// API user uses public schema
 			return `
-# Create ${app.name} user (uses public schema)
+# Create ${app.name} user (uses public schema) - idempotent
 echo "Creating user ${userName}..."
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-    CREATE USER ${userName} WITH PASSWORD '$${envVar}';
+    DO \\$\\$
+    BEGIN
+        IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${userName}') THEN
+            CREATE USER ${userName} WITH PASSWORD '$${envVar}';
+        ELSE
+            ALTER USER ${userName} WITH PASSWORD '$${envVar}';
+        END IF;
+    END
+    \\$\\$;
     GRANT ALL ON SCHEMA public TO ${userName};
     ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ${userName};
     ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ${userName};
 EOSQL
 `;
 		}
-		// Other users get their own schema with search_path
 		return `
-# Create ${app.name} user with dedicated schema
+# Create ${app.name} user with dedicated schema - idempotent
 echo "Creating user ${userName} with schema ${schemaName}..."
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-    CREATE USER ${userName} WITH PASSWORD '$${envVar}';
-    CREATE SCHEMA ${schemaName} AUTHORIZATION ${userName};
+    DO \\$\\$
+    BEGIN
+        IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = '${userName}') THEN
+            CREATE USER ${userName} WITH PASSWORD '$${envVar}';
+        ELSE
+            ALTER USER ${userName} WITH PASSWORD '$${envVar}';
+        END IF;
+    END
+    \\$\\$;
+    CREATE SCHEMA IF NOT EXISTS ${schemaName} AUTHORIZATION ${userName};
     ALTER USER ${userName} SET search_path TO ${schemaName};
     GRANT USAGE ON SCHEMA ${schemaName} TO ${userName};
     GRANT ALL ON ALL TABLES IN SCHEMA ${schemaName} TO ${userName};
@@ -265,14 +339,52 @@ EOSQL
 `;
 	});
+	// Add pgboss user and schema if events backend is pgboss
+	let pgbossBlock = '';
+	if (eventsBackend === 'pgboss') {
+		pgbossBlock = `
+# Create pgboss user with dedicated schema - idempotent
+echo "Creating pgboss user and schema..."
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    DO \\$\\$
+    BEGIN
+        IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'pgboss') THEN
+            CREATE USER pgboss WITH PASSWORD '$PGBOSS_DB_PASSWORD';
+        ELSE
+            ALTER USER pgboss WITH PASSWORD '$PGBOSS_DB_PASSWORD';
+        END IF;
+    END
+    \\$\\$;
+    CREATE SCHEMA IF NOT EXISTS pgboss AUTHORIZATION pgboss;
+    ALTER USER pgboss SET search_path TO pgboss;
+    GRANT USAGE ON SCHEMA pgboss TO pgboss;
+    GRANT ALL ON ALL TABLES IN SCHEMA pgboss TO pgboss;
+    GRANT ALL ON ALL SEQUENCES IN SCHEMA pgboss TO pgboss;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA pgboss GRANT ALL ON TABLES TO pgboss;
+    ALTER DEFAULT PRIVILEGES IN SCHEMA pgboss GRANT ALL ON SEQUENCES TO pgboss;
+EOSQL
+`;
+	}
+	// Add extensions
+	const extensions = `
+# Create extensions
+echo "Creating extensions..."
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE EXTENSION IF NOT EXISTS pg_trgm;
+    CREATE EXTENSION IF NOT EXISTS citext;
+EOSQL
+`;
 	return `#!/bin/bash
 set -e
-# Auto-generated PostgreSQL init script
+# Auto-generated PostgreSQL init script (idempotent - safe to re-run)
 # Creates per-app users with separate schemas in a single database
 # - api: uses public schema
-# - auth: uses auth schema (search_path=auth)
-${userCreations.join('\n')}
+# - auth: uses auth schema (search_path=auth)${eventsBackend === 'pgboss' ? '\n# - pgboss: uses pgboss schema for event processing' : ''}
+${extensions}
+${userCreations.join('\n')}${pgbossBlock}
 echo "Database initialization complete!"
 `;
 }

package/src/init/index.ts CHANGED Viewed

@@ -9,7 +9,7 @@ import {
 	generateDbPassword,
 	generateDbUrl,
 } from '../setup/fullstack-secrets.js';
-import type { ComposeServiceName } from '../types.js';
+import type { ComposeServiceName, EventsBackend } from '../types.js';
 import { generateAuthAppFiles } from './generators/auth.js';
 import { generateConfigFiles } from './generators/config.js';
 import {
@@ -27,6 +27,7 @@ import { generateWebAppFiles } from './generators/web.js';
 import {
 	type DeployTarget,
 	deployTargetChoices,
+	eventsBackendChoices,
 	getTemplate,
 	isFullstackTemplate,
 	loggerTypeChoices,
@@ -110,6 +111,13 @@ export async function initCommand(
 				choices: servicesChoices.map((c) => ({ ...c, selected: true })),
 				hint: '- Space to select. Return to submit',
 			},
+			{
+				type: options.yes ? null : 'select',
+				name: 'eventsBackend',
+				message: 'Event backend:',
+				choices: eventsBackendChoices,
+				initial: 0,
+			},
 			{
 				type: options.yes ? null : 'select',
 				name: 'packageManager',
@@ -183,13 +191,27 @@ export async function initCommand(
 	const servicesArray: string[] = options.yes
 		? ['db', 'cache', 'mail', 'storage']
 		: answers.services || [];
+	// Determine events backend (default to pgboss for fullstack with --yes)
+	const eventsBackend: EventsBackend | undefined = options.yes
+		? isFullstack
+			? 'pgboss'
+			: undefined
+		: answers.eventsBackend;
 	const services: ServicesSelection = {
 		db: servicesArray.includes('db'),
 		cache: servicesArray.includes('cache'),
 		mail: servicesArray.includes('mail'),
 		storage: servicesArray.includes('storage'),
+		events: eventsBackend,
 	};
+	// pgboss requires postgres
+	if (services.events === 'pgboss') {
+		services.db = true;
+	}
 	const pkgManager: PackageManager = options.pm
 		? options.pm
 		: options.yes
@@ -333,9 +355,12 @@ export async function initCommand(
 	if (services.cache) secretServices.push('redis');
 	if (services.storage) secretServices.push('minio');
 	if (services.mail) secretServices.push('mailpit');
+	if (services.events === 'sns') secretServices.push('localstack');
+	if (services.events === 'rabbitmq') secretServices.push('rabbitmq');
 	const devSecrets = createStageSecrets('development', secretServices, {
 		projectName: name,
+		eventsBackend: services.events,
 	});
 	// Add common custom secrets

package/src/init/templates/index.ts CHANGED Viewed

@@ -39,6 +39,7 @@ export interface ServicesSelection {
 	cache: boolean;
 	mail: boolean;
 	storage: boolean;
+	events?: import('../../types.js').EventsBackend;
 }
 /**
@@ -255,6 +256,33 @@ export const servicesChoices = [
 	},
 ];
+/**
+ * Event backend choices for prompts
+ */
+export const eventsBackendChoices = [
+	{
+		title: 'pg-boss',
+		value: 'pgboss' as const,
+		description:
+			'PostgreSQL-based job queue (reuses postgres, no extra container)',
+	},
+	{
+		title: 'SNS/SQS',
+		value: 'sns' as const,
+		description: 'AWS SNS+SQS via LocalStack for local dev',
+	},
+	{
+		title: 'RabbitMQ',
+		value: 'rabbitmq' as const,
+		description: 'AMQP message broker',
+	},
+	{
+		title: 'None',
+		value: undefined,
+		description: 'Skip event backend',
+	},
+];
 /**
  * Get a template by name
  */

package/src/init/versions.ts CHANGED Viewed

@@ -35,7 +35,7 @@ export const GEEKMIDAS_VERSIONS = {
 	'@geekmidas/constructs': '~3.0.2',
 	'@geekmidas/db': '~1.0.0',
 	'@geekmidas/emailkit': '~1.0.0',
-	'@geekmidas/envkit': '~1.0.3',
+	'@geekmidas/envkit': '~1.0.4',
 	'@geekmidas/errors': '~1.0.0',
 	'@geekmidas/events': '~1.1.0',
 	'@geekmidas/logger': '~1.0.0',

package/src/secrets/__tests__/generator.spec.ts CHANGED Viewed

@@ -2,7 +2,11 @@ import { describe, expect, it } from 'vitest';
 import {
 	createStageSecrets,
 	generateConnectionUrls,
+	generateEventConnectionStrings,
+	generateLocalStackAccessKeyId,
+	generateLocalStackCredentials,
 	generateMinioEndpoint,
+	generatePgBossUrl,
 	generatePostgresUrl,
 	generateRabbitmqUrl,
 	generateRedisUrl,
@@ -385,3 +389,182 @@ describe('rotateServicePassword', () => {
 		expect(rotated.services.rabbitmq).toEqual(original.services.rabbitmq);
 	});
 });
+describe('generateLocalStackAccessKeyId', () => {
+	it('should start with LSIA prefix', () => {
+		const keyId = generateLocalStackAccessKeyId();
+		expect(keyId).toMatch(/^LSIA/);
+	});
+	it('should be at least 20 characters', () => {
+		const keyId = generateLocalStackAccessKeyId();
+		expect(keyId.length).toBeGreaterThanOrEqual(20);
+	});
+	it('should generate unique keys', () => {
+		const key1 = generateLocalStackAccessKeyId();
+		const key2 = generateLocalStackAccessKeyId();
+		expect(key1).not.toBe(key2);
+	});
+});
+describe('generatePgBossUrl', () => {
+	it('should generate pgboss connection URL', () => {
+		const creds: ServiceCredentials = {
+			host: 'localhost',
+			port: 5432,
+			username: 'pgboss',
+			password: 'secret',
+			database: 'myapp_dev',
+		};
+		const url = generatePgBossUrl(creds);
+		expect(url).toBe(
+			'pgboss://pgboss:secret@localhost:5432/myapp_dev?schema=pgboss',
+		);
+	});
+	it('should encode special characters in password', () => {
+		const creds: ServiceCredentials = {
+			host: 'localhost',
+			port: 5432,
+			username: 'pgboss',
+			password: 'p@ss/word',
+			database: 'app',
+		};
+		const url = generatePgBossUrl(creds);
+		expect(url).toContain('p%40ss%2Fword');
+	});
+});
+describe('generateLocalStackCredentials', () => {
+	it('should generate credentials with LSIA-prefixed access key', () => {
+		const creds = generateLocalStackCredentials();
+		expect(creds.accessKeyId).toMatch(/^LSIA/);
+		expect(creds.host).toBe('localhost');
+		expect(creds.port).toBe(4566);
+		expect(creds.region).toBe('us-east-1');
+		expect(creds.password).toHaveLength(32);
+	});
+});
+describe('generateEventConnectionStrings', () => {
+	it('should generate pgboss connection strings', () => {
+		const services: StageSecrets['services'] = {
+			pgboss: {
+				host: 'localhost',
+				port: 5432,
+				username: 'pgboss',
+				password: 'secret',
+				database: 'myapp_dev',
+			},
+		};
+		const result = generateEventConnectionStrings('pgboss', services);
+		expect(result.publisher).toContain('pgboss://');
+		expect(result.subscriber).toContain('pgboss://');
+		expect(result.publisher).toBe(result.subscriber);
+	});
+	it('should generate sns/sqs connection strings', () => {
+		const services: StageSecrets['services'] = {
+			localstack: {
+				host: 'localhost',
+				port: 4566,
+				username: 'localstack',
+				password: 'secret',
+				accessKeyId: 'LSIAtest1234567890xx',
+				region: 'us-east-1',
+			},
+		};
+		const result = generateEventConnectionStrings('sns', services);
+		expect(result.publisher).toContain('sns://');
+		expect(result.subscriber).toContain('sqs://');
+		expect(result.publisher).toContain('LSIAtest1234567890xx');
+	});
+	it('should generate rabbitmq connection strings', () => {
+		const services: StageSecrets['services'] = {
+			rabbitmq: {
+				host: 'localhost',
+				port: 5672,
+				username: 'app',
+				password: 'secret',
+				vhost: '/',
+			},
+		};
+		const result = generateEventConnectionStrings('rabbitmq', services);
+		expect(result.publisher).toContain('amqp://');
+		expect(result.subscriber).toContain('amqp://');
+		expect(result.publisher).toBe(result.subscriber);
+	});
+	it('should throw if pgboss credentials missing', () => {
+		expect(() => generateEventConnectionStrings('pgboss', {})).toThrow(
+			'pgboss credentials required',
+		);
+	});
+	it('should throw if localstack credentials missing', () => {
+		expect(() => generateEventConnectionStrings('sns', {})).toThrow(
+			'localstack credentials required',
+		);
+	});
+});
+describe('createStageSecrets with events', () => {
+	it('should create pgboss credentials when eventsBackend is pgboss', () => {
+		const secrets = createStageSecrets('development', ['postgres'], {
+			eventsBackend: 'pgboss',
+		});
+		expect(secrets.eventsBackend).toBe('pgboss');
+		expect(secrets.services.pgboss).toBeDefined();
+		expect(secrets.services.pgboss!.username).toBe('pgboss');
+		expect(secrets.services.pgboss!.host).toBe(secrets.services.postgres!.host);
+		expect(secrets.services.pgboss!.database).toBe(
+			secrets.services.postgres!.database,
+		);
+		expect(secrets.urls.EVENT_PUBLISHER_CONNECTION_STRING).toContain(
+			'pgboss://',
+		);
+		expect(secrets.urls.EVENT_SUBSCRIBER_CONNECTION_STRING).toContain(
+			'pgboss://',
+		);
+	});
+	it('should create localstack credentials when eventsBackend is sns', () => {
+		const secrets = createStageSecrets('development', [], {
+			eventsBackend: 'sns',
+		});
+		expect(secrets.eventsBackend).toBe('sns');
+		expect(secrets.services.localstack).toBeDefined();
+		expect(secrets.services.localstack!.accessKeyId).toMatch(/^LSIA/);
+		expect(secrets.urls.EVENT_PUBLISHER_CONNECTION_STRING).toContain('sns://');
+		expect(secrets.urls.EVENT_SUBSCRIBER_CONNECTION_STRING).toContain('sqs://');
+	});
+	it('should use rabbitmq credentials when eventsBackend is rabbitmq', () => {
+		const secrets = createStageSecrets('development', ['rabbitmq'], {
+			eventsBackend: 'rabbitmq',
+		});
+		expect(secrets.eventsBackend).toBe('rabbitmq');
+		expect(secrets.urls.EVENT_PUBLISHER_CONNECTION_STRING).toContain('amqp://');
+		expect(secrets.urls.EVENT_SUBSCRIBER_CONNECTION_STRING).toContain(
+			'amqp://',
+		);
+	});
+	it('should not create event URLs without eventsBackend', () => {
+		const secrets = createStageSecrets('development', ['postgres']);
+		expect(secrets.eventsBackend).toBeUndefined();
+		expect(secrets.urls.EVENT_PUBLISHER_CONNECTION_STRING).toBeUndefined();
+		expect(secrets.urls.EVENT_SUBSCRIBER_CONNECTION_STRING).toBeUndefined();
+	});
+});