@geekmidas/cli 1.3.0 → 1.5.0

package/src/deploy/__tests__/sniffer.spec.ts

@@ -31,8 +31,8 @@ describe('sniffAppEnvironment', () => {
 	});
 
 	describe('frontend apps', () => {
-		it('should return empty env vars for frontend apps', async () => {
-			const app = createApp({ type: 'frontend' });
+		it('should return empty env vars for frontend apps with no dependencies', async () => {
+			const app = createApp({ type: 'frontend', dependencies: [] });
 
 			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
@@ -40,51 +40,117 @@ describe('sniffAppEnvironment', () => {
 			expect(result.requiredEnvVars).toEqual([]);
 		});
 
-		it('should ignore requiredEnv for frontend apps', async () => {
+		it('should return NEXT_PUBLIC_{DEP}_URL for frontend dependencies', async () => {
 			const app = createApp({
 				type: 'frontend',
-				requiredEnv: ['API_KEY', 'SECRET'], // Should be ignored
+				dependencies: ['api', 'auth'],
 			});
 
 			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
-			expect(result.requiredEnvVars).toEqual([]);
+			expect(result.appName).toBe('web');
+			expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_API_URL');
+			expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_AUTH_URL');
+			expect(result.requiredEnvVars).toHaveLength(2);
 		});
-	});
 
-	describe('entry-based apps with requiredEnv', () => {
-		it('should return requiredEnv list for entry-based apps', async () => {
+		it('should generate uppercase dep names in NEXT_PUBLIC_{DEP}_URL', async () => {
 			const app = createApp({
-				entry: './src/index.ts',
-				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+				type: 'frontend',
+				dependencies: ['payments-service', 'notification_api'],
 			});
 
-			const result = await sniffAppEnvironment(app, 'auth', workspacePath);
+			const result = await sniffAppEnvironment(app, 'web', workspacePath);
 
-			expect(result.appName).toBe('auth');
-			expect(result.requiredEnvVars).toEqual([
-				'DATABASE_URL',
-				'BETTER_AUTH_SECRET',
-			]);
+			expect(result.requiredEnvVars).toContain(
+				'NEXT_PUBLIC_PAYMENTS-SERVICE_URL',
+			);
+			expect(result.requiredEnvVars).toContain(
+				'NEXT_PUBLIC_NOTIFICATION_API_URL',
+			);
 		});
 
-		it('should return copy of requiredEnv (not reference)', async () => {
-			const requiredEnv = ['DATABASE_URL'];
-			const app = createApp({ requiredEnv });
-
-			const result = await sniffAppEnvironment(app, 'api', workspacePath);
-
-			// Modify the result and verify original is unchanged
-			result.requiredEnvVars.push('MODIFIED');
-			expect(requiredEnv).toEqual(['DATABASE_URL']);
-		});
+		describe('config sniffing', () => {
+			it('should sniff env vars from config.client path', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						client: './simple-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				expect(result.requiredEnvVars).toContain('PORT');
+				expect(result.requiredEnvVars).toContain('DATABASE_URL');
+				expect(result.requiredEnvVars).toContain('REDIS_URL');
+			});
 
-		it('should return empty when requiredEnv is empty array', async () => {
-			const app = createApp({ requiredEnv: [] });
+			it('should sniff env vars from config.server path', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				expect(result.requiredEnvVars).toContain('PORT');
+				expect(result.requiredEnvVars).toContain('HOST');
+				expect(result.requiredEnvVars).toContain('DATABASE_URL');
+			});
 
-			const result = await sniffAppEnvironment(app, 'api', workspacePath);
+			it('should combine vars from both config.client and config.server', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: ['api'],
+					config: {
+						client: './simple-entry.ts',
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				// Dependency var
+				expect(result.requiredEnvVars).toContain('NEXT_PUBLIC_API_URL');
+				// From simple-entry.ts
+				expect(result.requiredEnvVars).toContain('REDIS_URL');
+				// From nested-config-entry.ts
+				expect(result.requiredEnvVars).toContain('HOST');
+				expect(result.requiredEnvVars).toContain('BETTER_AUTH_SECRET');
+			});
 
-			expect(result.requiredEnvVars).toEqual([]);
+			it('should deduplicate vars from both config files', async () => {
+				const app = createApp({
+					type: 'frontend',
+					path: fixturesPath,
+					dependencies: [],
+					config: {
+						client: './simple-entry.ts',
+						server: './nested-config-entry.ts',
+					},
+				});
+
+				const result = await sniffAppEnvironment(app, 'web', fixturesPath);
+
+				// Both files have PORT and DATABASE_URL, should only appear once
+				const portCount = result.requiredEnvVars.filter(
+					(v) => v === 'PORT',
+				).length;
+				const dbUrlCount = result.requiredEnvVars.filter(
+					(v) => v === 'DATABASE_URL',
+				).length;
+
+				expect(portCount).toBe(1);
+				expect(dbUrlCount).toBe(1);
+			});
 		});
 	});
 
@@ -119,9 +185,9 @@ describe('sniffAppEnvironment', () => {
 	});
 
 	describe('apps without env detection', () => {
-		it('should return empty when no envParser or requiredEnv', async () => {
+		it('should return empty when no envParser, entry, or routes', async () => {
 			const app = createApp({
-				// No envParser or requiredEnv
+				// No envParser, entry, or routes
 			});
 
 			const result = await sniffAppEnvironment(app, 'api', workspacePath);
@@ -142,7 +208,7 @@ describe('sniffAllApps', () => {
 				port: 3000,
 				dependencies: [],
 				resolvedDeployTarget: 'dokploy',
-				requiredEnv: ['DATABASE_URL', 'REDIS_URL'],
+				// No entry, routes, or envParser - will return empty
 			},
 			auth: {
 				type: 'backend',
@@ -150,7 +216,7 @@ describe('sniffAllApps', () => {
 				port: 3002,
 				dependencies: [],
 				resolvedDeployTarget: 'dokploy',
-				requiredEnv: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+				// No entry, routes, or envParser - will return empty
 			},
 			web: {
 				type: 'frontend',
@@ -167,17 +233,17 @@ describe('sniffAllApps', () => {
 
 		expect(results.get('api')).toEqual({
 			appName: 'api',
-			requiredEnvVars: ['DATABASE_URL', 'REDIS_URL'],
+			requiredEnvVars: [],
 		});
 
 		expect(results.get('auth')).toEqual({
 			appName: 'auth',
-			requiredEnvVars: ['DATABASE_URL', 'BETTER_AUTH_SECRET'],
+			requiredEnvVars: [],
 		});
 
 		expect(results.get('web')).toEqual({
 			appName: 'web',
-			requiredEnvVars: [], // Frontend - no secrets
+			requiredEnvVars: ['NEXT_PUBLIC_API_URL', 'NEXT_PUBLIC_AUTH_URL'],
 		});
 	});
 
@@ -324,7 +390,7 @@ describe('entry app sniffing via subprocess', () => {
 describe('sniffAppEnvironment with entry apps', () => {
 	// Integration tests for sniffAppEnvironment with entry-based apps
 
-	it('should use subprocess sniffing for entry apps without requiredEnv', async () => {
+	it('should use subprocess sniffing for entry apps', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
 			path: fixturesPath,
@@ -342,25 +408,6 @@ describe('sniffAppEnvironment with entry apps', () => {
 		expect(result.requiredEnvVars).toContain('REDIS_URL');
 	});
 
-	it('should prefer requiredEnv over sniffing for entry apps', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: fixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			entry: './simple-entry.ts',
-			requiredEnv: ['CUSTOM_VAR', 'ANOTHER_VAR'], // Should use this instead of sniffing
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', fixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR', 'ANOTHER_VAR']);
-		// Should NOT contain the sniffed vars since requiredEnv takes precedence
-		expect(result.requiredEnvVars).not.toContain('PORT');
-		expect(result.requiredEnvVars).not.toContain('DATABASE_URL');
-	});
-
 	it('should handle entry app that throws and still return captured env vars', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
@@ -499,24 +546,6 @@ describe('sniffAppEnvironment with envParser apps', () => {
 		expect(result.requiredEnvVars).toContain('DB_POOL_SIZE');
 	});
 
-	it('should prefer requiredEnv over envParser sniffing', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: envParserFixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			envParser: './valid-env-parser.ts#envParser',
-			requiredEnv: ['CUSTOM_VAR'], // Should use this instead
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', envParserFixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR']);
-		// Should NOT contain the sniffed vars
-		expect(result.requiredEnvVars).not.toContain('PORT');
-	});
-
 	it('should handle envParser that exports non-function gracefully', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',
@@ -663,24 +692,6 @@ describe('sniffAppEnvironment with route-based apps', () => {
 		expect(result.requiredEnvVars).toContain('AUTH_URL');
 	});
 
-	it('should prefer requiredEnv over route sniffing', async () => {
-		const app: NormalizedAppConfig = {
-			type: 'backend',
-			path: routeAppsFixturesPath,
-			port: 3000,
-			dependencies: [],
-			resolvedDeployTarget: 'dokploy',
-			routes: './endpoints/**/*.ts',
-			requiredEnv: ['CUSTOM_VAR'], // Should use this instead
-		};
-
-		const result = await sniffAppEnvironment(app, 'api', routeAppsFixturesPath);
-
-		expect(result.requiredEnvVars).toEqual(['CUSTOM_VAR']);
-		// Should NOT contain the sniffed vars
-		expect(result.requiredEnvVars).not.toContain('DATABASE_URL');
-	});
-
 	it('should handle route pattern that matches no files', async () => {
 		const app: NormalizedAppConfig = {
 			type: 'backend',

package/src/deploy/dns/Route53Provider.ts

@@ -45,8 +45,11 @@ export class Route53Provider implements DnsProvider {
 	private hostedZoneCache: Map<string, string> = new Map();
 
 	constructor(options: Route53ProviderOptions = {}) {
+		// Route53 is a global service, default to us-east-1 if no region specified
+		const region = options.region ?? process.env.AWS_REGION ?? 'us-east-1';
+
 		this.client = new Route53Client({
-			...(options.region && { region: options.region }),
+			region,
 			...(options.endpoint && { endpoint: options.endpoint }),
 			...(options.profile && {
 				credentials: fromIni({ profile: options.profile }),

package/src/deploy/env-resolver.ts

@@ -50,6 +50,8 @@ export interface EnvResolverContext {
 	userSecrets?: StageSecrets;
 	/** Master key for runtime decryption (optional) */
 	masterKey?: string;
+	/** URLs of deployed dependency apps (e.g., { auth: 'https://auth.example.com' }) */
+	dependencyUrls?: Record<string, string>;
 }
 
 /**
@@ -205,6 +207,24 @@ export function resolveEnvVar(
 			break;
 	}
 
+	// Check dependency URLs (e.g., AUTH_URL -> dependencyUrls.auth)
+	// Also supports NEXT_PUBLIC_ prefix for frontend apps (NEXT_PUBLIC_AUTH_URL -> dependencyUrls.auth)
+	if (context.dependencyUrls && varName.endsWith('_URL')) {
+		let depName: string;
+
+		if (varName.startsWith('NEXT_PUBLIC_')) {
+			// NEXT_PUBLIC_AUTH_URL -> auth
+			depName = varName.slice(12, -4).toLowerCase();
+		} else {
+			// AUTH_URL -> auth
+			depName = varName.slice(0, -4).toLowerCase();
+		}
+
+		if (context.dependencyUrls[depName]) {
+			return context.dependencyUrls[depName];
+		}
+	}
+
 	// Check user-provided secrets
 	if (context.userSecrets) {
 		// Check custom secrets first

package/src/deploy/index.ts

@@ -73,12 +73,7 @@ import {
 	type DokployPostgres,
 	type DokployRedis,
 } from './dokploy-api';
-import {
-	generatePublicUrlBuildArgs,
-	getPublicUrlArgNames,
-	isMainFrontendApp,
-	resolveHost,
-} from './domain.js';
+import { isMainFrontendApp, resolveHost } from './domain.js';
 import {
 	type EnvResolverContext,
 	formatMissingVarsError,
@@ -1375,6 +1370,16 @@ export async function workspaceDeployCommand(
 					false, // Backend apps are not main frontend
 				);
 
+				// Build dependency URLs from already-deployed apps
+				const dependencyUrls: Record<string, string> = {};
+				if (app.dependencies) {
+					for (const dep of app.dependencies) {
+						if (publicUrls[dep]) {
+							dependencyUrls[dep] = publicUrls[dep];
+						}
+					}
+				}
+
 				// Build env resolver context
 				const envContext: EnvResolverContext = {
 					app,
@@ -1400,6 +1405,7 @@ export async function workspaceDeployCommand(
 					frontendUrls,
 					userSecrets: stageSecrets ?? undefined,
 					masterKey: appSecrets?.masterKey,
+					dependencyUrls,
 				};
 
 				// Resolve all required environment variables
@@ -1565,13 +1571,71 @@ export async function workspaceDeployCommand(
 				// Store application ID in state
 				setApplicationId(state, appName, application.applicationId);
 
-				// Generate public URL build args from dependencies
-				const buildArgs = generatePublicUrlBuildArgs(app, publicUrls);
+				// Build dependency URLs for frontend (same pattern as backend)
+				const dependencyUrls: Record<string, string> = {};
+				if (app.dependencies) {
+					for (const dep of app.dependencies) {
+						if (publicUrls[dep]) {
+							dependencyUrls[dep] = publicUrls[dep];
+						}
+					}
+				}
+
+				// Compute hostname for this frontend app
+				const isMainFrontend = isMainFrontendApp(appName, app, workspace.apps);
+				const frontendHost = resolveHost(
+					appName,
+					app,
+					stage,
+					dokployConfig,
+					isMainFrontend,
+				);
+
+				// Build env context for frontend
+				const envContext: EnvResolverContext = {
+					app,
+					appName,
+					stage,
+					state,
+					appHostname: frontendHost,
+					frontendUrls: [],
+					userSecrets: stageSecrets ?? undefined,
+					dependencyUrls,
+				};
+
+				// Resolve all env vars BEFORE Docker build (NEXT_PUBLIC_* must be present at build time)
+				const sniffedVars = sniffedApps.get(appName)?.requiredEnvVars ?? [];
+				const { valid, missing, resolved } = validateEnvVars(
+					sniffedVars,
+					envContext,
+				);
+
+				if (!valid) {
+					throw new Error(formatMissingVarsError(appName, missing, stage));
+				}
+
+				if (Object.keys(resolved).length > 0) {
+					logger.log(
+						`      Resolved ${Object.keys(resolved).length} env vars: ${Object.keys(resolved).join(', ')}`,
+					);
+				}
+
+				// Build args: all NEXT_PUBLIC_* vars must be present at Next.js build time
+				const buildArgs: string[] = [];
+				const publicUrlArgNames: string[] = [];
+
+				for (const [key, value] of Object.entries(resolved)) {
+					if (key.startsWith('NEXT_PUBLIC_')) {
+						buildArgs.push(`${key}=${value}`);
+						publicUrlArgNames.push(key);
+					}
+				}
+
 				if (buildArgs.length > 0) {
-					logger.log(`      Public URLs: ${buildArgs.join(', ')}`);
+					logger.log(`      Build args: ${publicUrlArgNames.join(', ')}`);
 				}
 
-				// Build Docker image with public URLs
+				// Build Docker image with NEXT_PUBLIC_* vars as build args
 				const imageName = `${workspace.name}-${appName}`;
 				const imageRef = registry
 					? `${registry}/${imageName}:${imageTag}`
@@ -1589,17 +1653,22 @@ export async function workspaceDeployCommand(
 						appName,
 					},
 					buildArgs,
-					// Pass public URL arg names for Dockerfile generation
-					publicUrlArgs: getPublicUrlArgNames(app),
+					// Pass arg names for Dockerfile ARG generation
+					publicUrlArgs: publicUrlArgNames,
 				});
 
-				// Prepare environment variables - no secrets needed
+				// Prepare runtime environment variables
 				const envVars: string[] = [
 					`NODE_ENV=production`,
 					`PORT=${app.port}`,
 					`STAGE=${stage}`,
 				];
 
+				// Add all resolved vars as runtime env (for SSR and server components)
+				for (const [key, value] of Object.entries(resolved)) {
+					envVars.push(`${key}=${value}`);
+				}
+
 				// Configure and deploy application in Dokploy
 				await api.saveDockerProvider(application.applicationId, imageRef, {
 					registryId,
@@ -1613,17 +1682,7 @@ export async function workspaceDeployCommand(
 				logger.log(`      Deploying to Dokploy...`);
 				await api.deployApplication(application.applicationId);
 
-				// Create or find domain for this app
-				const isMainFrontend = isMainFrontendApp(appName, app, workspace.apps);
-				const frontendHost = resolveHost(
-					appName,
-					app,
-					stage,
-					dokployConfig,
-					isMainFrontend,
-				);
-
-				// Check if domain already exists
+				// Check if domain already exists (frontendHost computed earlier for env context)
 				const existingFrontendDomains = await api.getDomainsByApplicationId(
 					application.applicationId,
 				);

package/src/deploy/sniffer.ts

@@ -98,17 +98,49 @@ export async function sniffAppEnvironment(
 ): Promise<SniffedEnvironment> {
 	const { logWarnings = true } = options;
 
-	// 1. Frontend apps don't have server-side secrets
+	// 1. Frontend apps - handle dependencies and config sniffing
 	if (app.type === 'frontend') {
-		return { appName, requiredEnvVars: [] };
-	}
+		// Auto-generate NEXT_PUBLIC_{DEP}_URL from dependencies
+		const depVars = (app.dependencies ?? []).map(
+			(dep) => `NEXT_PUBLIC_${dep.toUpperCase()}_URL`,
+		);
+
+		// If config specified, sniff by importing the file(s)
+		// The file calls .parse() at module load, which triggers sniffer to capture vars
+		if (app.config) {
+			const sniffedVars: string[] = [];
+
+			// Collect config paths to sniff
+			const configPaths: string[] = [];
+			if (app.config.client) configPaths.push(app.config.client);
+			if (app.config.server) configPaths.push(app.config.server);
+
+			// Sniff each config file
+			for (const configPath of configPaths) {
+				const result = await sniffEntryFile(
+					configPath,
+					app.path,
+					workspacePath,
+				);
+
+				if (logWarnings && result.error) {
+					console.warn(
+						`[sniffer] ${appName}: Config file "${configPath}" threw error during sniffing (env vars still captured): ${result.error.message}`,
+					);
+				}
+
+				sniffedVars.push(...result.envVars);
+			}
+
+			// Combine: dependency vars + sniffed vars (deduplicated)
+			const allVars = [...new Set([...depVars, ...sniffedVars])];
+			return { appName, requiredEnvVars: allVars };
+		}
 
-	// 2. Entry-based apps with explicit env list
-	if (app.requiredEnv && app.requiredEnv.length > 0) {
-		return { appName, requiredEnvVars: [...app.requiredEnv] };
+		return { appName, requiredEnvVars: depVars };
 	}
 
-	// 3. Entry apps - import entry file in subprocess to trigger config.parse()
+	// 2. Entry apps - import entry file in subprocess to trigger config.parse()
 	if (app.entry) {
 		const result = await sniffEntryFile(app.entry, app.path, workspacePath);
 

package/src/init/generators/monorepo.ts

@@ -48,6 +48,7 @@ export function generateMonorepoFiles(
 			'@biomejs/biome': '~2.3.0',
 			'@geekmidas/cli': GEEKMIDAS_VERSIONS['@geekmidas/cli'],
 			esbuild: '~0.27.0',
+			tsx: '~4.20.0',
 			turbo: '~2.3.0',
 			typescript: '~5.8.2',
 			vitest: '~4.0.0',
@@ -342,7 +343,8 @@ export default defineWorkspace({
       port: 3000,
       routes: '${getRoutesGlob()}',
       envParser: './src/config/env#envParser',
-      logger: './src/config/logger#logger',`;
+      logger: './src/config/logger#logger',
+      dependencies: ['auth'],`;
 
 	if (telescope) {
 		config += `
@@ -371,6 +373,10 @@ export default defineWorkspace({
       path: 'apps/web',
       port: 3001,
       dependencies: ['api', 'auth'],
+      config: {
+        client: './src/config/client.ts',
+        server: './src/config/server.ts',
+      },
       client: {
         output: './src/api',
       },

package/src/init/generators/web.ts

@@ -133,12 +133,46 @@ export function getQueryClient() {
 }
 `;
 
+	// Client config - NEXT_PUBLIC_* vars (available in browser)
+	const clientConfigTs = `import { EnvironmentParser } from '@geekmidas/envkit';
+
+// Client config - only NEXT_PUBLIC_* vars (available in browser)
+// These values are inlined at build time by Next.js
+const envParser = new EnvironmentParser({
+  NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
+  NEXT_PUBLIC_AUTH_URL: process.env.NEXT_PUBLIC_AUTH_URL,
+});
+
+export const clientConfig = envParser
+  .create((get) => ({
+    apiUrl: get('NEXT_PUBLIC_API_URL').string(),
+    authUrl: get('NEXT_PUBLIC_AUTH_URL').string(),
+  }))
+  .parse();
+`;
+
+	// Server config - server-only vars (not available in browser)
+	const serverConfigTs = `import { EnvironmentParser } from '@geekmidas/envkit';
+
+// Server config - all env vars (server-side only, not exposed to browser)
+// Access these only in Server Components, Route Handlers, or Server Actions
+const envParser = new EnvironmentParser({ ...process.env });
+
+export const serverConfig = envParser
+  .create((get) => ({
+    // Add server-only secrets here
+    // Example: stripeSecretKey: get('STRIPE_SECRET_KEY').string(),
+  }))
+  .parse();
+`;
+
 	// Auth client for better-auth
 	const authClientTs = `import { createAuthClient } from 'better-auth/react';
 import { magicLinkClient } from 'better-auth/client/plugins';
+import { clientConfig } from '~/config/client';
 
 export const authClient = createAuthClient({
-  baseURL: process.env.NEXT_PUBLIC_AUTH_URL || 'http://localhost:3002',
+  baseURL: clientConfig.authUrl,
   plugins: [magicLinkClient()],
 });
 
@@ -163,9 +197,10 @@ export function Providers({ children }: { children: React.ReactNode }) {
 	// API client setup - uses createApi with shared QueryClient
 	const apiIndexTs = `import { createApi } from './openapi';
 import { getQueryClient } from '~/lib/query-client';
+import { clientConfig } from '~/config/client';
 
 export const api = createApi({
-  baseURL: process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3000',
+  baseURL: clientConfig.apiUrl,
   queryClient: getQueryClient(),
 });
 `;
@@ -295,6 +330,14 @@ node_modules/
 			path: 'apps/web/src/app/page.tsx',
 			content: pageTsx,
 		},
+		{
+			path: 'apps/web/src/config/client.ts',
+			content: clientConfigTs,
+		},
+		{
+			path: 'apps/web/src/config/server.ts',
+			content: serverConfigTs,
+		},
 		{
 			path: 'apps/web/src/lib/query-client.ts',
 			content: queryClientTs,

package/src/workspace/schema.ts

@@ -543,6 +543,14 @@ const AppConfigSchema = z
 		framework: FrameworkSchema.optional(),
 		client: ClientConfigSchema.optional(),
 
+		// Frontend-specific: config file paths for env sniffing (calls .parse() at import)
+		config: z
+			.object({
+				client: z.string().optional(),
+				server: z.string().optional(),
+			})
+			.optional(),
+
 		// Auth-specific
 		provider: AuthProviderSchema.optional(),
 	})