@geekmidas/cli 1.10.9 → 1.10.10

package/dist/{reconcile-D6u4HSg8.cjs → reconcile-BZ8j_-0z.cjs}

@@ -1,4 +1,4 @@
-const require_fullstack_secrets = require('./fullstack-secrets-CtWIYuI0.cjs');
+const require_fullstack_secrets = require('./fullstack-secrets-BC9t9wWB.cjs');
 
 //#region src/secrets/reconcile.ts
 /**
@@ -33,4 +33,4 @@ function reconcileMissingSecrets(secrets, workspace) {
 
 //#endregion
 exports.reconcileMissingSecrets = reconcileMissingSecrets;
-//# sourceMappingURL=reconcile-D6u4HSg8.cjs.map
+//# sourceMappingURL=reconcile-BZ8j_-0z.cjs.map

package/dist/{reconcile-D6u4HSg8.cjs.map → reconcile-BZ8j_-0z.cjs.map}

@@ -1 +1 @@
-{"version":3,"file":"reconcile-D6u4HSg8.cjs","names":["secrets: StageSecrets","workspace: NormalizedWorkspace","addedKeys: string[]"],"sources":["../src/secrets/reconcile.ts"],"sourcesContent":["import { generateFullstackCustomSecrets } from '../setup/fullstack-secrets.js';\nimport type { NormalizedWorkspace } from '../workspace/types.js';\nimport type { StageSecrets } from './types.js';\n\nexport interface ReconcileResult {\n\t/** The updated secrets with missing keys backfilled */\n\tsecrets: StageSecrets;\n\t/** Keys that were added */\n\taddedKeys: string[];\n}\n\n/**\n * Reconcile missing custom secrets for a workspace.\n *\n * Compares current secrets against what generateFullstackCustomSecrets()\n * would produce and backfills any missing keys without overwriting\n * existing values.\n *\n * @returns ReconcileResult if keys were added, null if secrets are up-to-date\n */\nexport function reconcileMissingSecrets(\n\tsecrets: StageSecrets,\n\tworkspace: NormalizedWorkspace,\n): ReconcileResult | null {\n\tconst isMultiApp = Object.keys(workspace.apps).length > 1;\n\tif (!isMultiApp) {\n\t\treturn null;\n\t}\n\n\tconst expectedCustom = generateFullstackCustomSecrets(workspace);\n\tconst addedKeys: string[] = [];\n\tconst mergedCustom = { ...secrets.custom };\n\n\tfor (const [key, value] of Object.entries(expectedCustom)) {\n\t\tif (!(key in mergedCustom)) {\n\t\t\tmergedCustom[key] = value;\n\t\t\taddedKeys.push(key);\n\t\t}\n\t}\n\n\tif (addedKeys.length === 0) {\n\t\treturn null;\n\t}\n\n\treturn {\n\t\tsecrets: {\n\t\t\t...secrets,\n\t\t\tupdatedAt: new Date().toISOString(),\n\t\t\tcustom: mergedCustom,\n\t\t},\n\t\taddedKeys,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;AAoBA,SAAgB,wBACfA,SACAC,WACyB;CACzB,MAAM,aAAa,OAAO,KAAK,UAAU,KAAK,CAAC,SAAS;AACxD,MAAK,WACJ,QAAO;CAGR,MAAM,iBAAiB,yDAA+B,UAAU;CAChE,MAAMC,YAAsB,CAAE;CAC9B,MAAM,eAAe,EAAE,GAAG,QAAQ,OAAQ;AAE1C,MAAK,MAAM,CAAC,KAAK,MAAM,IAAI,OAAO,QAAQ,eAAe,CACxD,OAAM,OAAO,eAAe;AAC3B,eAAa,OAAO;AACpB,YAAU,KAAK,IAAI;CACnB;AAGF,KAAI,UAAU,WAAW,EACxB,QAAO;AAGR,QAAO;EACN,SAAS;GACR,GAAG;GACH,WAAW,qBAAI,QAAO,aAAa;GACnC,QAAQ;EACR;EACD;CACA;AACD"}
+{"version":3,"file":"reconcile-BZ8j_-0z.cjs","names":["secrets: StageSecrets","workspace: NormalizedWorkspace","addedKeys: string[]"],"sources":["../src/secrets/reconcile.ts"],"sourcesContent":["import { generateFullstackCustomSecrets } from '../setup/fullstack-secrets.js';\nimport type { NormalizedWorkspace } from '../workspace/types.js';\nimport type { StageSecrets } from './types.js';\n\nexport interface ReconcileResult {\n\t/** The updated secrets with missing keys backfilled */\n\tsecrets: StageSecrets;\n\t/** Keys that were added */\n\taddedKeys: string[];\n}\n\n/**\n * Reconcile missing custom secrets for a workspace.\n *\n * Compares current secrets against what generateFullstackCustomSecrets()\n * would produce and backfills any missing keys without overwriting\n * existing values.\n *\n * @returns ReconcileResult if keys were added, null if secrets are up-to-date\n */\nexport function reconcileMissingSecrets(\n\tsecrets: StageSecrets,\n\tworkspace: NormalizedWorkspace,\n): ReconcileResult | null {\n\tconst isMultiApp = Object.keys(workspace.apps).length > 1;\n\tif (!isMultiApp) {\n\t\treturn null;\n\t}\n\n\tconst expectedCustom = generateFullstackCustomSecrets(workspace);\n\tconst addedKeys: string[] = [];\n\tconst mergedCustom = { ...secrets.custom };\n\n\tfor (const [key, value] of Object.entries(expectedCustom)) {\n\t\tif (!(key in mergedCustom)) {\n\t\t\tmergedCustom[key] = value;\n\t\t\taddedKeys.push(key);\n\t\t}\n\t}\n\n\tif (addedKeys.length === 0) {\n\t\treturn null;\n\t}\n\n\treturn {\n\t\tsecrets: {\n\t\t\t...secrets,\n\t\t\tupdatedAt: new Date().toISOString(),\n\t\t\tcustom: mergedCustom,\n\t\t},\n\t\taddedKeys,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;AAoBA,SAAgB,wBACfA,SACAC,WACyB;CACzB,MAAM,aAAa,OAAO,KAAK,UAAU,KAAK,CAAC,SAAS;AACxD,MAAK,WACJ,QAAO;CAGR,MAAM,iBAAiB,yDAA+B,UAAU;CAChE,MAAMC,YAAsB,CAAE;CAC9B,MAAM,eAAe,EAAE,GAAG,QAAQ,OAAQ;AAE1C,MAAK,MAAM,CAAC,KAAK,MAAM,IAAI,OAAO,QAAQ,eAAe,CACxD,OAAM,OAAO,eAAe;AAC3B,eAAa,OAAO;AACpB,YAAU,KAAK,IAAI;CACnB;AAGF,KAAI,UAAU,WAAW,EACxB,QAAO;AAGR,QAAO;EACN,SAAS;GACR,GAAG;GACH,WAAW,qBAAI,QAAO,aAAa;GACnC,QAAQ;EACR;EACD;CACA;AACD"}

package/dist/{reconcile-BnM6FA6g.mjs → reconcile-C0dsg-Gq.mjs}

@@ -1,4 +1,4 @@
-import { generateFullstackCustomSecrets } from "./fullstack-secrets-C2lbdbLZ.mjs";
+import { generateFullstackCustomSecrets } from "./fullstack-secrets-DmUOfLeX.mjs";
 
 //#region src/secrets/reconcile.ts
 /**
@@ -33,4 +33,4 @@ function reconcileMissingSecrets(secrets, workspace) {
 
 //#endregion
 export { reconcileMissingSecrets };
-//# sourceMappingURL=reconcile-BnM6FA6g.mjs.map
+//# sourceMappingURL=reconcile-C0dsg-Gq.mjs.map

package/dist/{reconcile-BnM6FA6g.mjs.map → reconcile-C0dsg-Gq.mjs.map}

@@ -1 +1 @@
-{"version":3,"file":"reconcile-BnM6FA6g.mjs","names":["secrets: StageSecrets","workspace: NormalizedWorkspace","addedKeys: string[]"],"sources":["../src/secrets/reconcile.ts"],"sourcesContent":["import { generateFullstackCustomSecrets } from '../setup/fullstack-secrets.js';\nimport type { NormalizedWorkspace } from '../workspace/types.js';\nimport type { StageSecrets } from './types.js';\n\nexport interface ReconcileResult {\n\t/** The updated secrets with missing keys backfilled */\n\tsecrets: StageSecrets;\n\t/** Keys that were added */\n\taddedKeys: string[];\n}\n\n/**\n * Reconcile missing custom secrets for a workspace.\n *\n * Compares current secrets against what generateFullstackCustomSecrets()\n * would produce and backfills any missing keys without overwriting\n * existing values.\n *\n * @returns ReconcileResult if keys were added, null if secrets are up-to-date\n */\nexport function reconcileMissingSecrets(\n\tsecrets: StageSecrets,\n\tworkspace: NormalizedWorkspace,\n): ReconcileResult | null {\n\tconst isMultiApp = Object.keys(workspace.apps).length > 1;\n\tif (!isMultiApp) {\n\t\treturn null;\n\t}\n\n\tconst expectedCustom = generateFullstackCustomSecrets(workspace);\n\tconst addedKeys: string[] = [];\n\tconst mergedCustom = { ...secrets.custom };\n\n\tfor (const [key, value] of Object.entries(expectedCustom)) {\n\t\tif (!(key in mergedCustom)) {\n\t\t\tmergedCustom[key] = value;\n\t\t\taddedKeys.push(key);\n\t\t}\n\t}\n\n\tif (addedKeys.length === 0) {\n\t\treturn null;\n\t}\n\n\treturn {\n\t\tsecrets: {\n\t\t\t...secrets,\n\t\t\tupdatedAt: new Date().toISOString(),\n\t\t\tcustom: mergedCustom,\n\t\t},\n\t\taddedKeys,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;AAoBA,SAAgB,wBACfA,SACAC,WACyB;CACzB,MAAM,aAAa,OAAO,KAAK,UAAU,KAAK,CAAC,SAAS;AACxD,MAAK,WACJ,QAAO;CAGR,MAAM,iBAAiB,+BAA+B,UAAU;CAChE,MAAMC,YAAsB,CAAE;CAC9B,MAAM,eAAe,EAAE,GAAG,QAAQ,OAAQ;AAE1C,MAAK,MAAM,CAAC,KAAK,MAAM,IAAI,OAAO,QAAQ,eAAe,CACxD,OAAM,OAAO,eAAe;AAC3B,eAAa,OAAO;AACpB,YAAU,KAAK,IAAI;CACnB;AAGF,KAAI,UAAU,WAAW,EACxB,QAAO;AAGR,QAAO;EACN,SAAS;GACR,GAAG;GACH,WAAW,qBAAI,QAAO,aAAa;GACnC,QAAQ;EACR;EACD;CACA;AACD"}
+{"version":3,"file":"reconcile-C0dsg-Gq.mjs","names":["secrets: StageSecrets","workspace: NormalizedWorkspace","addedKeys: string[]"],"sources":["../src/secrets/reconcile.ts"],"sourcesContent":["import { generateFullstackCustomSecrets } from '../setup/fullstack-secrets.js';\nimport type { NormalizedWorkspace } from '../workspace/types.js';\nimport type { StageSecrets } from './types.js';\n\nexport interface ReconcileResult {\n\t/** The updated secrets with missing keys backfilled */\n\tsecrets: StageSecrets;\n\t/** Keys that were added */\n\taddedKeys: string[];\n}\n\n/**\n * Reconcile missing custom secrets for a workspace.\n *\n * Compares current secrets against what generateFullstackCustomSecrets()\n * would produce and backfills any missing keys without overwriting\n * existing values.\n *\n * @returns ReconcileResult if keys were added, null if secrets are up-to-date\n */\nexport function reconcileMissingSecrets(\n\tsecrets: StageSecrets,\n\tworkspace: NormalizedWorkspace,\n): ReconcileResult | null {\n\tconst isMultiApp = Object.keys(workspace.apps).length > 1;\n\tif (!isMultiApp) {\n\t\treturn null;\n\t}\n\n\tconst expectedCustom = generateFullstackCustomSecrets(workspace);\n\tconst addedKeys: string[] = [];\n\tconst mergedCustom = { ...secrets.custom };\n\n\tfor (const [key, value] of Object.entries(expectedCustom)) {\n\t\tif (!(key in mergedCustom)) {\n\t\t\tmergedCustom[key] = value;\n\t\t\taddedKeys.push(key);\n\t\t}\n\t}\n\n\tif (addedKeys.length === 0) {\n\t\treturn null;\n\t}\n\n\treturn {\n\t\tsecrets: {\n\t\t\t...secrets,\n\t\t\tupdatedAt: new Date().toISOString(),\n\t\t\tcustom: mergedCustom,\n\t\t},\n\t\taddedKeys,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;AAoBA,SAAgB,wBACfA,SACAC,WACyB;CACzB,MAAM,aAAa,OAAO,KAAK,UAAU,KAAK,CAAC,SAAS;AACxD,MAAK,WACJ,QAAO;CAGR,MAAM,iBAAiB,+BAA+B,UAAU;CAChE,MAAMC,YAAsB,CAAE;CAC9B,MAAM,eAAe,EAAE,GAAG,QAAQ,OAAQ;AAE1C,MAAK,MAAM,CAAC,KAAK,MAAM,IAAI,OAAO,QAAQ,eAAe,CACxD,OAAM,OAAO,eAAe;AAC3B,eAAa,OAAO;AACpB,YAAU,KAAK,IAAI;CACnB;AAGF,KAAI,UAAU,WAAW,EACxB,QAAO;AAGR,QAAO;EACN,SAAS;GACR,GAAG;GACH,WAAW,qBAAI,QAAO,aAAa;GACnC,QAAQ;EACR;EACD;CACA;AACD"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/cli",
-  "version": "1.10.9",
+  "version": "1.10.10",
   "description": "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs",
   "private": false,
   "type": "module",
@@ -56,11 +56,11 @@
     "prompts": "~2.4.2",
     "tsx": "~4.20.3",
     "yaml": "~2.8.2",
-    "@geekmidas/logger": "~1.0.0",
-    "@geekmidas/envkit": "~1.0.3",
+    "@geekmidas/errors": "~1.0.0",
     "@geekmidas/constructs": "~3.0.2",
-    "@geekmidas/schema": "~1.0.0",
-    "@geekmidas/errors": "~1.0.0"
+    "@geekmidas/envkit": "~1.0.3",
+    "@geekmidas/logger": "~1.0.0",
+    "@geekmidas/schema": "~1.0.0"
   },
   "devDependencies": {
     "@types/lodash.kebabcase": "^4.1.9",

package/src/setup/__tests__/reconcile-secrets.spec.ts

@@ -124,6 +124,65 @@ describe('reconcileSecrets', () => {
 		expect(result).toBeNull();
 	});
 
+	it('should add missing service credentials when workspace config adds a new service', () => {
+		const workspace = createWorkspace({
+			services: { db: true, storage: true },
+		});
+		// Secrets only have postgres, not minio
+		const secrets = createSecrets({
+			NODE_ENV: 'development',
+			PORT: '3000',
+			API_DATABASE_URL: 'postgresql://api:pass@localhost:5432/test_dev',
+			API_DB_PASSWORD: 'pass',
+			AUTH_DATABASE_URL: 'postgresql://auth:pass@localhost:5432/test_dev',
+			AUTH_DB_PASSWORD: 'pass',
+			WEB_URL: 'http://localhost:3002',
+			BETTER_AUTH_SECRET: 'existing',
+			BETTER_AUTH_URL: 'http://localhost:3001',
+			BETTER_AUTH_TRUSTED_ORIGINS:
+				'http://localhost:3000,http://localhost:3001,http://localhost:3002',
+			AUTH_PORT: '3001',
+			AUTH_URL: 'http://localhost:3001',
+		});
+
+		const result = reconcileSecrets(secrets, workspace);
+
+		expect(result).not.toBeNull();
+		expect(result!.services.minio).toBeDefined();
+		expect(result!.services.minio!.host).toBe('localhost');
+		expect(result!.services.minio!.port).toBe(9000);
+		expect(result!.services.minio!.bucket).toBe('app');
+		expect(result!.services.minio!.password).toHaveLength(32);
+		expect(result!.urls.S3_ENDPOINT).toBe('http://localhost:9000');
+		// Existing postgres should be preserved
+		expect(result!.services.postgres).toEqual(secrets.services.postgres);
+	});
+
+	it('should not regenerate credentials for existing services', () => {
+		const workspace = createWorkspace({
+			services: { db: true, storage: true },
+		});
+		// Include ALL expected custom keys so reconcile has nothing to add
+		const expected = generateFullstackCustomSecrets(
+			createWorkspace({ services: { db: true, storage: true } }),
+		);
+		const secrets = createSecrets(expected);
+		// Add existing minio creds
+		secrets.services.minio = {
+			host: 'localhost',
+			port: 9000,
+			username: 'mykey',
+			password: 'mysecret',
+			bucket: 'my-bucket',
+		};
+		secrets.urls.S3_ENDPOINT = 'http://localhost:9000';
+
+		const result = reconcileSecrets(secrets, workspace);
+
+		// No changes needed — all services and custom keys present
+		expect(result).toBeNull();
+	});
+
 	it('should return null for single-app workspaces', () => {
 		const workspace = createWorkspace({
 			apps: {

package/src/setup/index.ts

@@ -3,7 +3,11 @@ import { join } from 'node:path';
 import prompts from 'prompts';
 import { loadWorkspaceConfig } from '../config.js';
 import { resolveServicePorts, startWorkspaceServices } from '../dev/index.js';
-import { createStageSecrets } from '../secrets/generator.js';
+import {
+	createStageSecrets,
+	generateConnectionUrls,
+	generateServiceCredentials,
+} from '../secrets/generator.js';
 import {
 	readStageSecrets,
 	secretsExist,
@@ -153,32 +157,63 @@ export function reconcileSecrets(
 	secrets: StageSecrets,
 	workspace: NormalizedWorkspace,
 ): StageSecrets | null {
-	const isMultiApp = Object.keys(workspace.apps).length > 1;
-	if (!isMultiApp) {
-		return null;
+	let changed = false;
+	let result = { ...secrets };
+
+	// Reconcile service credentials: add missing services
+	const serviceMap: {
+		key: keyof typeof workspace.services;
+		name: ComposeServiceName;
+	}[] = [
+		{ key: 'db', name: 'postgres' },
+		{ key: 'cache', name: 'redis' },
+		{ key: 'storage', name: 'minio' },
+	];
+
+	for (const { key, name } of serviceMap) {
+		if (workspace.services[key] && !result.services[name]) {
+			const creds = generateServiceCredentials(name);
+			result = {
+				...result,
+				services: { ...result.services, [name]: creds },
+			};
+			result.urls = generateConnectionUrls(result.services);
+			logger.log(`   🔄 Adding missing service credentials: ${name}`);
+			changed = true;
+		}
 	}
 
-	const expected = generateFullstackCustomSecrets(workspace);
-	const missing: Record<string, string> = {};
+	// Reconcile custom secrets for multi-app workspaces
+	const isMultiApp = Object.keys(workspace.apps).length > 1;
+	if (isMultiApp) {
+		const expected = generateFullstackCustomSecrets(workspace);
+		const missing: Record<string, string> = {};
+
+		for (const [key, value] of Object.entries(expected)) {
+			if (!(key in result.custom)) {
+				missing[key] = value;
+			}
+		}
 
-	for (const [key, value] of Object.entries(expected)) {
-		if (!(key in secrets.custom)) {
-			missing[key] = value;
+		if (Object.keys(missing).length > 0) {
+			logger.log(
+				`   🔄 Adding missing secrets: ${Object.keys(missing).join(', ')}`,
+			);
+			result = {
+				...result,
+				custom: { ...result.custom, ...missing },
+			};
+			changed = true;
 		}
 	}
 
-	if (Object.keys(missing).length === 0) {
+	if (!changed) {
 		return null;
 	}
 
-	logger.log(
-		`   🔄 Adding missing secrets: ${Object.keys(missing).join(', ')}`,
-	);
-
 	return {
-		...secrets,
+		...result,
 		updatedAt: new Date().toISOString(),
-		custom: { ...secrets.custom, ...missing },
 	};
 }